Darkmon Pack — 1.0.0 (new pack)

Packs/Darkmon/CONTRIBUTORS.json

@@ -0,0 +1,3 @@
+[
+    "Darkmon"
+]

Packs/Darkmon/IncidentFields/incidentfield-darkmonaccountid.json

@@ -0,0 +1,36 @@
+{
+    "id": "incident_darkmonaccountid",
+    "version": -1,
+    "modified": "2026-05-04T00:00:00Z",
+    "fromVersion": "6.5.0",
+    "name": "Darkmon Account ID",
+    "ownerOnly": false,
+    "cliName": "darkmonaccountid",
+    "type": "shortText",
+    "closeForm": false,
+    "editForm": true,
+    "required": false,
+    "neverSetAsRequired": false,
+    "isReadOnly": false,
+    "useAsKpi": false,
+    "locked": false,
+    "system": false,
+    "content": true,
+    "group": 0,
+    "hidden": false,
+    "openEnded": false,
+    "associatedTypes": [
+        "Darkmon Compromised Credential"
+    ],
+    "associatedToAll": false,
+    "unmapped": false,
+    "unsearchable": false,
+    "caseInsensitive": true,
+    "sla": 0,
+    "threshold": 72,
+    "description": "The Darkmon record ID for the leaked account.",
+    "marketplaces": [
+        "xsoar",
+        "marketplacev2"
+    ]
+}

Packs/Darkmon/IncidentFields/incidentfield-darkmonactiontaken.json

@@ -0,0 +1,36 @@
+{
+    "id": "incident_darkmonactiontaken",
+    "version": -1,
+    "modified": "2026-05-04T00:00:00Z",
+    "fromVersion": "6.5.0",
+    "name": "Darkmon Action Taken",
+    "ownerOnly": false,
+    "cliName": "darkmonactiontaken",
+    "type": "shortText",
+    "closeForm": false,
+    "editForm": true,
+    "required": false,
+    "neverSetAsRequired": false,
+    "isReadOnly": false,
+    "useAsKpi": false,
+    "locked": false,
+    "system": false,
+    "content": true,
+    "group": 0,
+    "hidden": false,
+    "openEnded": false,
+    "associatedTypes": [
+        "Darkmon Compromised Employee"
+    ],
+    "associatedToAll": false,
+    "unmapped": false,
+    "unsearchable": false,
+    "caseInsensitive": true,
+    "sla": 0,
+    "threshold": 72,
+    "description": "Action that was performed (disabled, reset, revoked, none).",
+    "marketplaces": [
+        "xsoar",
+        "marketplacev2"
+    ]
+}

Packs/Darkmon/IncidentFields/incidentfield-darkmonaffectedcomponents.json

@@ -0,0 +1,36 @@
+{
+    "id": "incident_darkmonaffectedcomponents",
+    "version": -1,
+    "modified": "2026-05-04T00:00:00Z",
+    "fromVersion": "6.5.0",
+    "name": "Darkmon Affected Components",
+    "ownerOnly": false,
+    "cliName": "darkmonaffectedcomponents",
+    "type": "multiSelect",
+    "closeForm": false,
+    "editForm": true,
+    "required": false,
+    "neverSetAsRequired": false,
+    "isReadOnly": false,
+    "useAsKpi": false,
+    "locked": false,
+    "system": false,
+    "content": true,
+    "group": 0,
+    "hidden": false,
+    "openEnded": false,
+    "associatedTypes": [
+        "Darkmon Critical CVE"
+    ],
+    "associatedToAll": false,
+    "unmapped": false,
+    "unsearchable": false,
+    "caseInsensitive": true,
+    "sla": 0,
+    "threshold": 72,
+    "description": "Customer tech-stack tags that intersect this CVE.",
+    "marketplaces": [
+        "xsoar",
+        "marketplacev2"
+    ]
+}

Packs/Darkmon/IncidentFields/incidentfield-darkmonbrand.json

@@ -0,0 +1,36 @@
+{
+    "id": "incident_darkmonbrand",
+    "version": -1,
+    "modified": "2026-05-04T00:00:00Z",
+    "fromVersion": "6.5.0",
+    "name": "Darkmon Brand",
+    "ownerOnly": false,
+    "cliName": "darkmonbrand",
+    "type": "shortText",
+    "closeForm": false,
+    "editForm": true,
+    "required": false,
+    "neverSetAsRequired": false,
+    "isReadOnly": false,
+    "useAsKpi": false,
+    "locked": false,
+    "system": false,
+    "content": true,
+    "group": 0,
+    "hidden": false,
+    "openEnded": false,
+    "associatedTypes": [
+        "Darkmon Typosquatting Threat"
+    ],
+    "associatedToAll": false,
+    "unmapped": false,
+    "unsearchable": false,
+    "caseInsensitive": true,
+    "sla": 0,
+    "threshold": 72,
+    "description": "The protected brand the domain typosquats.",
+    "marketplaces": [
+        "xsoar",
+        "marketplacev2"
+    ]
+}

Packs/Darkmon/IncidentFields/incidentfield-darkmoncountry.json

@@ -0,0 +1,37 @@
+{
+    "id": "incident_darkmoncountry",
+    "version": -1,
+    "modified": "2026-05-04T00:00:00Z",
+    "fromVersion": "6.5.0",
+    "name": "Darkmon Country",
+    "ownerOnly": false,
+    "cliName": "darkmoncountry",
+    "type": "shortText",
+    "closeForm": false,
+    "editForm": true,
+    "required": false,
+    "neverSetAsRequired": false,
+    "isReadOnly": false,
+    "useAsKpi": false,
+    "locked": false,
+    "system": false,
+    "content": true,
+    "group": 0,
+    "hidden": false,
+    "openEnded": false,
+    "associatedTypes": [
+        "Darkmon Compromised Credential",
+        "Darkmon Compromised Employee"
+    ],
+    "associatedToAll": false,
+    "unmapped": false,
+    "unsearchable": false,
+    "caseInsensitive": true,
+    "sla": 0,
+    "threshold": 72,
+    "description": "Country code of the compromised machine.",
+    "marketplaces": [
+        "xsoar",
+        "marketplacev2"
+    ]
+}

Packs/Darkmon/IncidentFields/incidentfield-darkmoncveid.json

@@ -0,0 +1,36 @@
+{
+    "id": "incident_darkmoncveid",
+    "version": -1,
+    "modified": "2026-05-04T00:00:00Z",
+    "fromVersion": "6.5.0",
+    "name": "Darkmon CVE ID",
+    "ownerOnly": false,
+    "cliName": "darkmoncveid",
+    "type": "shortText",
+    "closeForm": false,
+    "editForm": true,
+    "required": false,
+    "neverSetAsRequired": false,
+    "isReadOnly": false,
+    "useAsKpi": false,
+    "locked": false,
+    "system": false,
+    "content": true,
+    "group": 0,
+    "hidden": false,
+    "openEnded": false,
+    "associatedTypes": [
+        "Darkmon Critical CVE"
+    ],
+    "associatedToAll": false,
+    "unmapped": false,
+    "unsearchable": false,
+    "caseInsensitive": true,
+    "sla": 0,
+    "threshold": 72,
+    "description": "The CVE identifier (e.g. CVE-2026-0001).",
+    "marketplaces": [
+        "xsoar",
+        "marketplacev2"
+    ]
+}

Packs/Darkmon/IncidentFields/incidentfield-darkmoncveseverity.json

@@ -0,0 +1,36 @@
+{
+    "id": "incident_darkmoncveseverity",
+    "version": -1,
+    "modified": "2026-05-04T00:00:00Z",
+    "fromVersion": "6.5.0",
+    "name": "Darkmon CVE Severity",
+    "ownerOnly": false,
+    "cliName": "darkmoncveseverity",
+    "type": "shortText",
+    "closeForm": false,
+    "editForm": true,
+    "required": false,
+    "neverSetAsRequired": false,
+    "isReadOnly": false,
+    "useAsKpi": false,
+    "locked": false,
+    "system": false,
+    "content": true,
+    "group": 0,
+    "hidden": false,
+    "openEnded": false,
+    "associatedTypes": [
+        "Darkmon Critical CVE"
+    ],
+    "associatedToAll": false,
+    "unmapped": false,
+    "unsearchable": false,
+    "caseInsensitive": true,
+    "sla": 0,
+    "threshold": 72,
+    "description": "Severity label (critical, high, medium, low).",
+    "marketplaces": [
+        "xsoar",
+        "marketplacev2"
+    ]
+}

Packs/Darkmon/IncidentFields/incidentfield-darkmoncvssscore.json

@@ -0,0 +1,36 @@
+{
+    "id": "incident_darkmoncvssscore",
+    "version": -1,
+    "modified": "2026-05-04T00:00:00Z",
+    "fromVersion": "6.5.0",
+    "name": "Darkmon CVSS Score",
+    "ownerOnly": false,
+    "cliName": "darkmoncvssscore",
+    "type": "number",
+    "closeForm": false,
+    "editForm": true,
+    "required": false,
+    "neverSetAsRequired": false,
+    "isReadOnly": false,
+    "useAsKpi": false,
+    "locked": false,
+    "system": false,
+    "content": true,
+    "group": 0,
+    "hidden": false,
+    "openEnded": false,
+    "associatedTypes": [
+        "Darkmon Critical CVE"
+    ],
+    "associatedToAll": false,
+    "unmapped": false,
+    "unsearchable": false,
+    "caseInsensitive": true,
+    "sla": 0,
+    "threshold": 72,
+    "description": "Base CVSS v3 score.",
+    "marketplaces": [
+        "xsoar",
+        "marketplacev2"
+    ]
+}

Packs/Darkmon/IncidentFields/incidentfield-darkmondirectoryuser.json

@@ -0,0 +1,36 @@
+{
+    "id": "incident_darkmondirectoryuser",
+    "version": -1,
+    "modified": "2026-05-04T00:00:00Z",
+    "fromVersion": "6.5.0",
+    "name": "Darkmon Directory User",
+    "ownerOnly": false,
+    "cliName": "darkmondirectoryuser",
+    "type": "shortText",
+    "closeForm": false,
+    "editForm": true,
+    "required": false,
+    "neverSetAsRequired": false,
+    "isReadOnly": false,
+    "useAsKpi": false,
+    "locked": false,
+    "system": false,
+    "content": true,
+    "group": 0,
+    "hidden": false,
+    "openEnded": false,
+    "associatedTypes": [
+        "Darkmon Compromised Employee"
+    ],
+    "associatedToAll": false,
+    "unmapped": false,
+    "unsearchable": false,
+    "caseInsensitive": true,
+    "sla": 0,
+    "threshold": 72,
+    "description": "Resolved directory username (sAMAccountName / UPN / login).",
+    "marketplaces": [
+        "xsoar",
+        "marketplacev2"
+    ]
+}

Packs/Darkmon/IncidentFields/incidentfield-darkmondistance.json

@@ -0,0 +1,36 @@
+{
+    "id": "incident_darkmondistance",
+    "version": -1,
+    "modified": "2026-05-04T00:00:00Z",
+    "fromVersion": "6.5.0",
+    "name": "Darkmon Distance",
+    "ownerOnly": false,
+    "cliName": "darkmondistance",
+    "type": "number",
+    "closeForm": false,
+    "editForm": true,
+    "required": false,
+    "neverSetAsRequired": false,
+    "isReadOnly": false,
+    "useAsKpi": false,
+    "locked": false,
+    "system": false,
+    "content": true,
+    "group": 0,
+    "hidden": false,
+    "openEnded": false,
+    "associatedTypes": [
+        "Darkmon Typosquatting Threat"
+    ],
+    "associatedToAll": false,
+    "unmapped": false,
+    "unsearchable": false,
+    "caseInsensitive": true,
+    "sla": 0,
+    "threshold": 72,
+    "description": "Levenshtein distance between the domain and the brand.",
+    "marketplaces": [
+        "xsoar",
+        "marketplacev2"
+    ]
+}