Updated the Doppel Package with Additional Requirements

metron-labs · Dec 31, 2024 · c14ae2c · c14ae2c
1 parent cde9dfd
commit c14ae2c
Show file tree

Hide file tree

Showing 31 changed files with 3,343 additions and 174 deletions.
diff --git a/Packs/Doppel/Integrations/Doppel/Doppel.py b/Packs/Doppel/Integrations/Doppel/Doppel.py
diff --git a/Packs/Doppel/Integrations/Doppel/Doppel.yml b/Packs/Doppel/Integrations/Doppel/Doppel.yml
diff --git a/Packs/Doppel/Integrations/Doppel/Doppel_test.py b/Packs/Doppel/Integrations/Doppel/Doppel_test.py
@@ -19,7 +19,7 @@ def util_load_json(path):
 
 @pytest.mark.parametrize("command, args, api_path, api_response",
                          [
-                             ("get-alert",
+                             ("doppel-get-alert",
                               {"id": "TST-31222"},
                               "https://api.doppel.com/v1/alert?id=TST-31222",
                               util_load_json('test_data/get-alert-success-200.json'))
@@ -46,12 +46,12 @@ def test_command_success(mocker, requests_mock, command, args, api_path, api_res
 
 @pytest.mark.parametrize("command, args, api_path, status_code, api_response",
                          [
-                             ("get-alert",
+                             ("doppel-get-alert",
                               {"entity": "123"},
                               "https://api.doppel.com/v1/alert?entity=123",
                               400,
                               util_load_json('test_data/get-alert-failure-400-invalid-entity.json')),
-                             ("get-alert",
+                             ("doppel-get-alert",
                               {"id": "1234"},
                               "https://api.doppel.com/v1/alert?id=1234",
                               400,
@@ -81,12 +81,12 @@ def test_command_failure(mocker, requests_mock, command, args, api_path, status_
 
 @pytest.mark.parametrize("command, args, api_path, status_code, exception_message",
                          [
-                             ("get-alert",
+                             ("doppel-get-alert",
                               {"id": "TST-31",
                                "entity": "http://dummyrul.com"},
                               "https://api.doppel.com/v1/alert?id=TST-31&entity=http://dummyrul.com",
                               400,
-                              "Failed to execute get-alert command.\nError:\nBoth id and entity is specified. We need exactly single input for this command")
+                              "Failed to execute doppel-get-alert command.\nError:\nBoth id and entity is specified. We need exactly single input for this command")
                          ]
                          )
 def test_command_exception(mocker, requests_mock, command, args, api_path, status_code, exception_message):
@@ -108,4 +108,4 @@ def test_command_exception(mocker, requests_mock, command, args, api_path, statu
     # Notice that the API was not called, but the app itself has raised an exception before making the API call
     assert adapter.call_count == 0
     assert results_checker.call_args.args[0].get('Contents') == exception_message
-
+
diff --git a/Packs/Doppel/Integrations/Doppel/README.md b/Packs/Doppel/Integrations/Doppel/README.md
@@ -1,13 +1,10 @@
-# Doppel XSOAR Pack
+### Get Started
 
-## Overview
-Doppel is a Modern Digital Risk Protection Solution, that detects the phishing and brand cyber attacks on the emerging channels. Doppel scans millions of channels online which includes, social media, domains, paid ads, dark web, emerging channels, etc. Doppel can identify the malicious content and cyber threats, and enables their customers to take down the digital risks proactively.
+To use the app you need the following:
 
-## Features supported by the Doppel XSOAR pack
+1. Doppel Tenant URL that you can use for calling the [Doppel APIs](https://doppel.readme.io/reference/create_alert). eg. *https://api.doppel.com/*
+2. API Key for calling Doppel
 
-1. Mirror Incidents : Alerts from Doppel are mirrored as per the configured schedule.
-2. Command: create-alert : Command to create an alert in Doppel.
-3. Command: get-alert : Command to fetch alert details from Doppel.
-4. Command: get-alerts : Command to fetch list of alerts from Doppel.
-5. Command: update-alert : Command to update alert details from Doppel.
-6. Command: create-abuse-alert : Command to create abuse alert details from Doppel.
+Please reach out to Doppel to get access to above.
+
+Once you have the URL and API Key, use the same for configuring the Doppel-XSOAR integration instance.
diff --git a/Packs/Doppel/classifier/classifier-Doppel_Incident_Classifier.json b/Packs/Doppel/classifier/classifier-Doppel_Incident_Classifier.json
@@ -0,0 +1,42 @@
+{
+	"brands": null,
+	"cacheVersn": 0,
+	"defaultIncidentType": "",
+	"definitionId": "",
+	"description": "Doppel-XSOAR integration classifier to classify the fetched incidents to Doppel_Incident_Test.",
+	"feed": false,
+	"fromServerVersion": "",
+	"id": "607dc952-f37f-44d9-899f-16b0946230dd",
+	"incidentSamples": null,
+	"indicatorSamples": null,
+	"instanceIds": null,
+	"itemVersion": "",
+	"keyTypeMap": {
+		"crypto": "Doppel Alert Crypto",
+		"domains": "Doppel Alert Domains",
+		"ecommerce": "Doppel Alert Ecommerce",
+		"email": "Doppel Alert Email",
+		"mobile_apps": "Doppel Alert Mobile_Apps",
+		"paid_ads": "Doppel Alert Paid_Ads",
+		"social_media": "Doppel Alert Social_Media"
+	},
+	"locked": false,
+	"logicalVersion": 6,
+	"mapping": null,
+	"name": "Doppel_Incident_Classifier",
+	"nameRaw": "Doppel_Incident_Classifier",
+	"packID": "",
+	"packName": "",
+	"propagationLabels": [
+		"all"
+	],
+	"sourceClassifierId": "",
+	"system": false,
+	"toServerVersion": "",
+	"transformer": {
+		"simple": "product"
+	},
+	"type": "classification",
+	"unclassifiedCases": null,
+	"version": -1
+}