content/Packs/knowbe4Phisher/Integrations/knowbe4Phisher/knowbe4Phisher.yml at 8ffdf3e7da91bfe61984c315f54c5fd45a5c3676 · demisto/content · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
category: Network Security
provider: Vista Equity Partners
sectionorder:
- Connect
- Collect
commonfields:
  id: Phisher
  version: -1
configuration:
- display: Your server URL
  name: url
  required: true
  type: 0
  section: Connect
  defaultvalue: 'https://eu.knowbe4.com'
  additionalinfo: URL of the API endpoint, only FQDN is required, e.g. https://eu.knowbe4.com
- name: apikey
  displaypassword: API Key
  hiddenusername: true
  type: 9
  required: false
  section: Connect
- additionalinfo: First fetch timestamp (<number> <time unit>, e.g., 12 hours, 7 days, 3 months, 1 year)
  defaultvalue: 7 days
  display: First Fetch Time
  name: first_fetch
  type: 0
  required: false
  section: Collect
- display: Fetch incidents
  name: isFetch
  type: 8
  required: false
  section: Collect
- additionalinfo: Maximum number of alerts per fetch. Default and recommended is 50
  defaultvalue: '50'
  display: Fetch Limit
  name: max_fetch
  type: 0
  required: false
  section: Collect
- display: 'Advanced: Minutes to look back when fetching'
  defaultvalue: '15'
  name: look_back
  type: 0
  required: false
  section: Collect
  additionalinfo: How far back in minutes to look for messages on each fetch. Use this to recover PhishER messages that were reported earlier but indexed late. Duplicates within the overlap window are filtered automatically.
- display: Incident type
  name: incidentType
  type: 13
  required: false
  section: Collect
  defaultvalue: PhishER
- display: Trust any certificate (not secure)
  name: insecure
  type: 8
  required: false
  section: Connect
- display: Use system proxy settings
  name: proxy
  type: 8
  required: false
  section: Connect
description: KnowBE4 PhishER integration allows to pull events from PhishER system and do mutations.
display: PhishER
name: Phisher
defaultmapperin: PhishER-mapper
script:
  commands:
  - arguments:
    - defaultValue: '50'
      description: The maximum number of messages to fetch.
      name: limit
    - description: The Lucene query to search against.
      name: query
    - description: ID of specific message to retrieve. If ID is given query will be ignored.
      name: id
    - auto: PREDEFINED
      defaultValue: 'False'
      name: include_events
      predefined:
      - 'False'
      - 'True'
      description: Whether to include all message events in the result.
    description: Command to get messages from PhishER.
    name: phisher-message-list
    outputs:
    - contextPath: Phisher.Message.actionStatus
      description: Action Status.
      type: String
    - contextPath: Phisher.Message.attachments
      description: A collection of attachments associated with this message.
      type: String
    - contextPath: Phisher.Message.category
      description: The message's category.
      type: String
    - contextPath: Phisher.Message.comments
      description: A collection of comments associated with this message.
      type: String
    - contextPath: Phisher.Message.events
      description: A collection of events associated with this message.
      type: String
    - contextPath: Phisher.Message.from
      description: Sender's email.
      type: String
    - contextPath: Phisher.Message.id
      description: Unique identifier for the message.
      type: String
    - contextPath: Phisher.Message.links
      description: A collection of links that were found in the message.
      type: String
    - contextPath: Phisher.Message.phishmlReport
      description: The PhishML report associated with this message.
      type: String
    - contextPath: Phisher.Message.pipelineStatus
      description: Pipeline Status.
      type: String
    - contextPath: Phisher.Message.reportedBy
      description: The person who reported the message.
      type: String
    - contextPath: Phisher.Message.rawUrl
      description: URL where to download the raw message.
      type: String
    - contextPath: Phisher.Message.rules
      description: A collection of rules associated with this message.
      type: String
    - contextPath: Phisher.Message.severity
      description: The message's severity.
      type: String
    - contextPath: Phisher.Message.subject
      description: Subject of the message.
      type: String
    - contextPath: Phisher.Message.tags
      description: A collection of tags associated with this message.
      type: String
  - arguments:
    - description: Message ID.
      name: id
      required: true
    - description: The comment to add.
      name: comment
      required: true
    description: Adds a comment to a PhishER message.
    name: phisher-create-comment
  - arguments:
    - auto: PREDEFINED
      description: "Message Category, can be: UNKNOWN,CLEAN,SPAM,THREAT\t\t."
      name: category
      predefined:
      - UNKNOWN
      - CLEAN
      - SPAM
      - THREAT
    - auto: PREDEFINED
      description: 'Message Status, can be: RECEIVED,IN_REVIEW,RESOLVED.'
      name: status
      predefined:
      - RECEIVED
      - IN_REVIEW
      - RESOLVED
    - auto: PREDEFINED
      description: 'Message Severity, can be: UNKNOWN,LOW,MEDIUM,HIGH,CRITICAL.'
      name: severity
      predefined:
      - UNKNOWN
      - LOW
      - MEDIUM
      - HIGH
      - CRITICAL
    - description: Message ID.
      name: id
      required: true
    description: Updates a PhishER message status. User must provide at least one argument.
    name: phisher-update-message
  - arguments:
    - description: Message ID.
      name: id
      required: true
    - description: Comma separated list of tags to add.
      name: tags
      required: true
    description: Add tags to a given message. If you have existing PhishER actions that would trigger for the tag that you're adding, you'll need to manually run the actions.
    name: phisher-tags-create
  - arguments:
    - description: Message ID.
      name: id
      required: true
    - description: Comma separated list of tags to remove.
      name: tags
      required: true
    description: Removes tags from a given message.
    name: phisher-tags-delete
  dockerimage: demisto/python3:3.12.13.7444307
  isfetch: true
  runonce: false
  script: '-'
  subtype: python3
  type: python
tests:
- No tests (auto formatted)
fromversion: 5.5.0