Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Formats: add automation modules #1408

Merged
merged 4 commits into from
Jan 2, 2025
Merged

Formats: add automation modules #1408

merged 4 commits into from
Jan 2, 2025

Conversation

squioc
Copy link
Collaborator

@squioc squioc commented Dec 19, 2024

Add the missing identifiers of the automation module related to the formats

@squioc squioc added the enhancement New feature or request label Dec 19, 2024
@squioc squioc requested a review from a team December 19, 2024 08:12
@github-actions GitHub Actions
Copy link

github-actions bot commented Dec 19, 2024
edited
Loading

Smart descriptions generated from the latest tests at 2025-01-02 08:51:55:

Test File Smart Description
Bitdefender/gravityzone/tests/antimalware_1.json New file threat EICAR-Test-File (not a virus) with severity 9 from jdoe on C:\\\\Users\\\\jdoe\\\\Downloads\\\\b93ef2d1-160c-4bd9-9cbb-cb59ca59939e.tmp
Bitdefender/gravityzone/tests/antimalware_2.json New file threat EICAR-Test-File (not a virus) with severity 9 from jdoe on C:\\\\Users\\\\jdoe\\\\Downloads\\\\b93ef2d1-160c-4bd9-9cbb-cb59ca59939e.tmp
Bitdefender/gravityzone/tests/login_1.json authentication event on 1.2.3.4 from jdoe
GateWatcher/aioniq_ecs/tests/beacon_event.json beacon_detect : not_analyzed on tls (10.0.0.60:NULL -> 157.230.93.100:443)
GateWatcher/aioniq_ecs/tests/codebreaker_powershell_alert.json malicious_powershell_detect with 1890 obfuscated chars (10.127.0.111:35444 -> 10.127.0.222:4242)
GateWatcher/aioniq_ecs/tests/codebreaker_shellcode_alert.json shellcode_detect of type Windows_x86_32 detected (80.15.17.183:60078 -> 178.160.128.2:6666)
GateWatcher/aioniq_ecs/tests/dga_event.json dga_detect : 27.0.0.227:NULL -> 202.129.215.23:53
GateWatcher/aioniq_ecs/tests/history.json history : user pierre.pocry POST /gum/configuration
GateWatcher/aioniq_ecs/tests/ioc.json ioc : SHA256 - malware/trojan - PLEAD - BlackTech - 3713d994-1db4-40ff-abe9-2f43bac7b5fa
GateWatcher/aioniq_ecs/tests/malcore_event.json malcore checker: Infected file: / hosted on chunky.enchantingweddingsandevents.co.uk (202.129.215.251:80 -> 27.0.0.144:47858)
GateWatcher/aioniq_ecs/tests/metadata.json Metadata http: (10.2.19.131:56098 -> 10.2.10.205:80)
GateWatcher/aioniq_ecs/tests/metadata_fileinfo.json Metadata http: (56.53.117.115:80 -> 65.100.113.120:62832)
GateWatcher/aioniq_ecs/tests/nba.json NULL network_behavior_analytics : NBA C&C tracker : cobalt strike tcp initialization 10.2.6.250:50886 -> 13.107.4.52:80
GateWatcher/aioniq_ecs/tests/ransomware.json ransomware_detect : 172.31.47.105:50066 -> 172.31.33.0:445
GateWatcher/aioniq_ecs/tests/retrohunt.json retrohunt : NULL (127.0.0.1:80 -> 127.0.0.1:8080)
GateWatcher/aioniq_ecs/tests/sigflow_alert.json sigflow_alert: ET INFO Dotted Quad Host PDF Request (sid:2027265) NULL on http (65.100.113.120:62832 -> 56.53.117.115:80)
GateWatcher/aioniq_ecs/tests/sigflow_stats.json GCenter sigflow_stats
Palo Alto Networks/paloalto-prisma-access/tests/User_id_1_csv.json login:start for user1 from 1.2.3.4
Palo Alto Networks/paloalto-prisma-access/tests/User_id_2_csv.json login:start for user1 from 10.0.0.2
Palo Alto Networks/paloalto-prisma-access/tests/auth_cef.json src_mac_list-2 connected with xxxxx
Palo Alto Networks/paloalto-prisma-access/tests/decryption_cef.json Encrypted connection from 1.1.1.1 to 1.1.1.1
Palo Alto Networks/paloalto-prisma-access/tests/file_cef.json alert threat between 1.1.1.1 and 1.1.1.1
Palo Alto Networks/paloalto-prisma-access/tests/fix_bug_with_int.json Session ended between 1.2.3.4:51413 and 5.6.7.8:5985
Palo Alto Networks/paloalto-prisma-access/tests/fix_bug_without_int.json Session ended between 1.2.3.4:51413 and 5.6.7.8:5985
Palo Alto Networks/paloalto-prisma-access/tests/globalprotect_cef.json Client cert not present
Palo Alto Networks/paloalto-prisma-access/tests/globalprotect_csv.json user from 1.2.3.4 connected
Palo Alto Networks/paloalto-prisma-access/tests/globalprotect_csv_2.json example.org from 88.120.236.74 connected
Palo Alto Networks/paloalto-prisma-access/tests/hip_match_cef.json Host Information Profile from 1.1.1.1
Palo Alto Networks/paloalto-prisma-access/tests/icmp_allow_csv.json Session started between 1.2.3.4 and 4.3.2.1
Palo Alto Networks/paloalto-prisma-access/tests/iptag_cef.json Connection from 1.1.1.1 to 1.1.1.1
Palo Alto Networks/paloalto-prisma-access/tests/network_threat_alert_1.json alert threat between 1.2.3.4 and 5.6.7.8
Palo Alto Networks/paloalto-prisma-access/tests/network_threat_alert_2.json alert threat between 1.2.3.4 and 5.6.7.8
Palo Alto Networks/paloalto-prisma-access/tests/sctp_cef.json Connection from 1.1.1.1 to 1.1.1.1
Palo Alto Networks/paloalto-prisma-access/tests/system_csv.json authenticated for user 'user1'. auth profile 'GP', vsys 'vsys123', server profile 'LDAP', server address 'srv01.entreprise.local', From: 1.2.3.4.
Palo Alto Networks/paloalto-prisma-access/tests/tcp_allow_csv.json Session started between 1.2.3.4:61000 and 4.3.2.1:80
Palo Alto Networks/paloalto-prisma-access/tests/test_cloud_election_json.json CLOUD ELECTION: serverlist2.urlcloud.paloaltonetworks.com IP: 35.244.229.101 was elected, measured alive test 143294.
Palo Alto Networks/paloalto-prisma-access/tests/test_decryption_csv.json Encrypted connection from 1.2.3.4 to 5.6.7.8
Palo Alto Networks/paloalto-prisma-access/tests/test_decryption_json.json Encrypted connection from 1.2.3.4 to 5.6.7.8
Palo Alto Networks/paloalto-prisma-access/tests/test_dhcp_renew_json.json Connection from 1.2.3.4 to 1.2.3.1
Palo Alto Networks/paloalto-prisma-access/tests/test_dns_proxy_json.json DNS Proxy object: mgmt-obj inherited following values from dynamic interface: mgmt-if: Primary DNS: 1.2.3.1 Secondary DNS: ::
Palo Alto Networks/paloalto-prisma-access/tests/test_dns_response.json 5.6.7.8 send DNS query a. Resolution: 8.9.1.2. Category: benign
Palo Alto Networks/paloalto-prisma-access/tests/test_file_alert_json.json alert threat between 1.2.3.4 and 5.6.7.8
Palo Alto Networks/paloalto-prisma-access/tests/test_globalprotect.json test.fr from 1.2.3.4 connected through SSLVPN
Palo Alto Networks/paloalto-prisma-access/tests/test_hipmatch_csv.json Host Information Profile from 1.2.3.4
Palo Alto Networks/paloalto-prisma-access/tests/test_hipmatch_json.json Host Information Profile from 1.2.3.4
Palo Alto Networks/paloalto-prisma-access/tests/test_installed_package_json.json Installed contents package: panupv2-all-contents-8676-7858.tgz
Palo Alto Networks/paloalto-prisma-access/tests/test_ldap_brute_force.json alert threat between 5.6.7.8 and 1.2.3.4
Palo Alto Networks/paloalto-prisma-access/tests/test_new_file_type.json alert threat between 4.3.2.1 and 5.2.1.8
Palo Alto Networks/paloalto-prisma-access/tests/test_new_globalprotect.json client logout
Palo Alto Networks/paloalto-prisma-access/tests/test_new_threat_type.json reset-both threat between 1.2.1.3 and 2.2.1.4
Palo Alto Networks/paloalto-prisma-access/tests/test_new_url_type.json alert threat between 19.16.1.6 and 17.25.11.9
Palo Alto Networks/paloalto-prisma-access/tests/test_ntp_sync_json.json NTP sync to server de.pool.ntp.org
Palo Alto Networks/paloalto-prisma-access/tests/test_port_up_json.json Port ethernet1/2: Up 10Gb/s-full duplex
Palo Alto Networks/paloalto-prisma-access/tests/test_registration_succeed_json.json Successfully registered to Public Cloud wildfire.paloaltonetworks.com
Palo Alto Networks/paloalto-prisma-access/tests/test_system.json unknown test peer
Palo Alto Networks/paloalto-prisma-access/tests/test_system_event_10_json.json Successfully connect to address: 5.6.7.8 port: 3978, conn id: triallr-5.6.7.8-2-def
Palo Alto Networks/paloalto-prisma-access/tests/test_system_event_11_json.json PAN-DB was upgraded to version 20230203.20250.
Palo Alto Networks/paloalto-prisma-access/tests/test_system_event_12_json.json Connection from 1.2.3.4 to 1.2.3.1
Palo Alto Networks/paloalto-prisma-access/tests/test_system_event_1_json.json Installed WildFire package: panupv3-all-wildfire-739610-742990.tgz
Palo Alto Networks/paloalto-prisma-access/tests/test_system_event_2_json.json WildFire update job succeeded for user Auto update agent
Palo Alto Networks/paloalto-prisma-access/tests/test_system_event_3_json.json Connection to Update server: completed successfully, initiated by 1.2.3.4
Palo Alto Networks/paloalto-prisma-access/tests/test_system_event_4_json.json WildFire job started processing. Dequeue time=2023/02/03 17:45:52. Job Id=72.
Palo Alto Networks/paloalto-prisma-access/tests/test_system_event_5_json.json WildFire package upgraded from version 739610-742990 to 739613-742993 by Auto update agent
Palo Alto Networks/paloalto-prisma-access/tests/test_system_event_6_json.json WildFire job enqueued. Enqueue time=2023/02/03 17:45:52. JobId=72. . Type: Full
Palo Alto Networks/paloalto-prisma-access/tests/test_system_event_7_json.json Connection from 1.2.3.4 to updates.paloaltonetworks.com
Palo Alto Networks/paloalto-prisma-access/tests/test_system_event_8_json.json Installed WildFire package: panupv3-all-wildfire-739613-742993.tgz
Palo Alto Networks/paloalto-prisma-access/tests/test_system_event_9_json.json WildFire version 739613-742993 downloaded by Auto update agent
Palo Alto Networks/paloalto-prisma-access/tests/test_threat.json alert threat between 1.2.3.4 and 5.6.7.8
Palo Alto Networks/paloalto-prisma-access/tests/test_threat_02.json reset-both threat between 1.2.3.4 and 5.6.7.8
Palo Alto Networks/paloalto-prisma-access/tests/test_timestamp_palo.json Request made to server "server_test.com" is successful .
Palo Alto Networks/paloalto-prisma-access/tests/test_traffic_event_1_json.json Session ended between 1.2.3.4 and 5.6.7.8
Palo Alto Networks/paloalto-prisma-access/tests/test_traffic_event_2_json.json Session ended between 1.2.3.4 and 5.6.7.8
Palo Alto Networks/paloalto-prisma-access/tests/test_update_content_json.json Content update job succeeded for user admin
Palo Alto Networks/paloalto-prisma-access/tests/test_upgrade_package_json.json Content package upgraded from version 8671-7826 to 8676-7858 by admin
Palo Alto Networks/paloalto-prisma-access/tests/test_user_authentication_json.json authenticated for user 'admin'. From: 1.2.3.4.
Palo Alto Networks/paloalto-prisma-access/tests/test_userid.json login:start for test.fr from 1.2.3.4
Palo Alto Networks/paloalto-prisma-access/tests/test_web_authentication_json.json User admin logged in via Web from 1.2.3.4 using https
Palo Alto Networks/paloalto-prisma-access/tests/test_wildfire_failure_json.json Failed to perform task resulting in connection timeout with WildFire Cloud wildfire.paloaltonetworks.com
Palo Alto Networks/paloalto-prisma-access/tests/threat-url-xff.json alert threat between 10.0.0.2 and 192.168.0.1
Palo Alto Networks/paloalto-prisma-access/tests/threat_cef.json drop-all threat between 1.1.1.1 and 1.1.1.1
Palo Alto Networks/paloalto-prisma-access/tests/threat_csv.json alert threat between 10.0.0.2 and 10.2.0.1
Palo Alto Networks/paloalto-prisma-access/tests/traffic1_csv.json Connection from 1.2.3.4 to host LF-5698-NR 5.6.7.8:443 matched the rule SO Access
Palo Alto Networks/paloalto-prisma-access/tests/traffic2_csv.json Session ended between NULL:63516 and 1.1.1.1:443
Palo Alto Networks/paloalto-prisma-access/tests/traffic_cef.json Connection from 1.1.1.1 to host xxxxx 1.1.1.1:27092 matched the rule deny-attackers
Palo Alto Networks/paloalto-prisma-access/tests/traffic_with_resotimestamp.json Session ended between 1.2.3.4:60975 and 5.6.7.8:443
Palo Alto Networks/paloalto-prisma-access/tests/udp_deny_csv.json Session denied between 10.0.0.2:130000 and 1.2.3.4:53
Palo Alto Networks/paloalto-prisma-access/tests/url_cef.json block-url threat between 1.1.1.1 and 1.1.1.1
Palo Alto Networks/paloalto-prisma-access/tests/userid_cef.json 1.1.1.1 logout from xxxxx on 1.1.1.1
Palo Alto Networks/paloalto-prisma-access/tests/wildfire1_json.json block threat between 1.2.3.4 and 5.6.7.8

@squioc squioc merged commit 1922672 into main Jan 2, 2025
7 checks passed
@squioc squioc deleted the fix/AddAutomationModulesToFormats branch January 2, 2025 08:54
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@TOUFIKIzakarya TOUFIKIzakarya TOUFIKIzakarya approved these changes

Assignees
No one assigned
Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@squioc @TOUFIKIzakarya