diff --git a/content/playbooks/third_party/community/crowd_strike_falcon_enrichment/definition.yaml b/content/playbooks/third_party/community/crowd_strike_falcon_enrichment/definition.yaml new file mode 100644 index 000000000..0b174a3ef --- /dev/null +++ b/content/playbooks/third_party/community/crowd_strike_falcon_enrichment/definition.yaml @@ -0,0 +1,28 @@ +identifier: ea843f06-858d-44de-a1ac-936a2835f782 +is_enable: true +version: 0.0 +name: CrowdStrike Falcon Enrichment +description: This block enriches case entities using CrowdStrike Falcon host data. + It evaluates whether IP address or hostname entities are present, conditionally + retrieves host information from CrowdStrike Falcon, and returns the enrichment + results to the parent playbook for downstream decision\u2011making. +debug_alert_identifier: null +debug_base_alert_identifier: null +is_debug_mode: false +type: block +template_name: null +original_workflow_identifier: f1b7c3ff-c065-48a2-a7a3-36a64a7b2d06 +version_comment: null +version_creator: null +creator: d568db8f-d0ec-42fb-af6c-6d2d2906520c +priority: 2 +category: 243 +is_automatic: false +is_archived: false +last_editor: null +default_access_level: edit +creation_source: ai_generated_from_alert +simulation_clone: false +permissions: [] +environments: +- '*' diff --git a/content/playbooks/third_party/community/crowd_strike_falcon_enrichment/display_info.yaml b/content/playbooks/third_party/community/crowd_strike_falcon_enrichment/display_info.yaml new file mode 100644 index 000000000..19ccd8f7a --- /dev/null +++ b/content/playbooks/third_party/community/crowd_strike_falcon_enrichment/display_info.yaml @@ -0,0 +1,8 @@ +type: block # The content type playbook or block +content_hub_display_name: 'CrowdStrike Falcon Enrichment' # The name that will appear in the Content Hub +author: 'Accenture' # Author name, appearing on the playbook / block card in the Content Hub +contact_email: '' # In case support is needed, this email will be used by secops customers to open support queries (required for partner contributed content) +tags: [ 'CrowdStrike', 'EDR Enrichment', 'Host Enrichment', 'Accenture'] # A list of tags that will be associated with the content in the Content Hub. - List of string value +should_display_in_content_hub: true # Defines whether this item should have its own card in the Content Hub. - Boolean value +contribution_type: third_party # Options: google, partner, or third_party +acknowledge_debug_data_included: true diff --git a/content/playbooks/third_party/community/crowd_strike_falcon_enrichment/overviews.yaml b/content/playbooks/third_party/community/crowd_strike_falcon_enrichment/overviews.yaml new file mode 100644 index 000000000..60b074253 --- /dev/null +++ b/content/playbooks/third_party/community/crowd_strike_falcon_enrichment/overviews.yaml @@ -0,0 +1 @@ +[] diff --git a/content/playbooks/third_party/community/crowd_strike_falcon_enrichment/release_notes.yaml b/content/playbooks/third_party/community/crowd_strike_falcon_enrichment/release_notes.yaml new file mode 100644 index 000000000..254a3a0ec --- /dev/null +++ b/content/playbooks/third_party/community/crowd_strike_falcon_enrichment/release_notes.yaml @@ -0,0 +1,9 @@ +- description: Initial release of CrowdStrike Falcon Enrichment playbook for enriching indicators with CrowdStrike Falcon data + integration_version: 1.0 + item_name: CrowdStrike Falcon Enrichment + item_type: Block + publish_time: '2026-04-22' + new: true + regressive: false + deprecated: false + removed: false diff --git a/content/playbooks/third_party/community/crowd_strike_falcon_enrichment/steps/enrich_host_10af1.yaml b/content/playbooks/third_party/community/crowd_strike_falcon_enrichment/steps/enrich_host_10af1.yaml new file mode 100644 index 000000000..1d091c505 --- /dev/null +++ b/content/playbooks/third_party/community/crowd_strike_falcon_enrichment/steps/enrich_host_10af1.yaml @@ -0,0 +1,76 @@ +name: CrowdStrikeFalcon_Get Host Information +description: This action retrieves host details from CrowdStrike using hostnames. +identifier: 10af137c-db21-482e-b293-c35307d7e6af +original_step_id: 969feb34-0b26-4d6b-8a0c-99fb8b83b964 +playbook_id: ea843f06-858d-44de-a1ac-936a2835f782 +parent_step_ids: +- 17b75c57-7d8f-4612-8549-b7c99754601b +parent_step_id: 17b75c57-7d8f-4612-8549-b7c99754601b +instance_name: Enrich Host +is_automatic: true +is_skippable: false +action_provider: Scripts +start_loop_step_id: null +parameters: +- step_id: 10af137c-db21-482e-b293-c35307d7e6af + playbook_id: ea843f06-858d-44de-a1ac-936a2835f782 + name: AssignedUsers + value: null +- step_id: 10af137c-db21-482e-b293-c35307d7e6af + playbook_id: ea843f06-858d-44de-a1ac-936a2835f782 + name: DynamicInjectionInstancePlaceholder + value: '' +- step_id: 10af137c-db21-482e-b293-c35307d7e6af + playbook_id: ea843f06-858d-44de-a1ac-936a2835f782 + name: FallbackIntegrationInstance + value: null +- step_id: 10af137c-db21-482e-b293-c35307d7e6af + playbook_id: ea843f06-858d-44de-a1ac-936a2835f782 + name: FetchInstanceByName + value: 'false' +- step_id: 10af137c-db21-482e-b293-c35307d7e6af + playbook_id: ea843f06-858d-44de-a1ac-936a2835f782 + name: HasApprovalLink + value: null +- step_id: 10af137c-db21-482e-b293-c35307d7e6af + playbook_id: ea843f06-858d-44de-a1ac-936a2835f782 + name: IntegrationInstance + value: 805ec514-3ef5-46c6-9b2b-059314f2fdd0 +- step_id: 10af137c-db21-482e-b293-c35307d7e6af + playbook_id: ea843f06-858d-44de-a1ac-936a2835f782 + name: MessageToAssignee + value: null +- step_id: 10af137c-db21-482e-b293-c35307d7e6af + playbook_id: ea843f06-858d-44de-a1ac-936a2835f782 + name: PendingActionTimeout + value: null +- step_id: 10af137c-db21-482e-b293-c35307d7e6af + playbook_id: ea843f06-858d-44de-a1ac-936a2835f782 + name: RetryConfiguration + value: '{"Enabled":false,"IntervalInSeconds":30,"NumberOfRetries":1}' +- step_id: 10af137c-db21-482e-b293-c35307d7e6af + playbook_id: ea843f06-858d-44de-a1ac-936a2835f782 + name: ScriptName + value: CrowdStrikeFalcon_Get Host Information +- step_id: 10af137c-db21-482e-b293-c35307d7e6af + playbook_id: ea843f06-858d-44de-a1ac-936a2835f782 + name: ScriptParametersEntityFields + value: '{"Customer ID":"\n","Create Insight":true}' +- step_id: 10af137c-db21-482e-b293-c35307d7e6af + playbook_id: ea843f06-858d-44de-a1ac-936a2835f782 + name: SelectedScopeName + value: Entity Select Hosts.SelectedEntities +- step_id: 10af137c-db21-482e-b293-c35307d7e6af + playbook_id: ea843f06-858d-44de-a1ac-936a2835f782 + name: UseEntitiesLoopScope + value: null +action_name: CrowdStrikeFalcon_Get Host Information +parallel_actions: [] +integration: CrowdStrikeFalcon +parent_container_id: null +is_touched_by_ai: false +is_debug_mock_data: false +step_debug_data: null +auto_skip_on_failure: true +previous_result_condition: '{"17b75c57-7d8f-4612-8549-b7c99754601b":"1"}' +type: action diff --git a/content/playbooks/third_party/community/crowd_strike_falcon_enrichment/steps/enrich_ip_address_d4418.yaml b/content/playbooks/third_party/community/crowd_strike_falcon_enrichment/steps/enrich_ip_address_d4418.yaml new file mode 100644 index 000000000..318bb8f24 --- /dev/null +++ b/content/playbooks/third_party/community/crowd_strike_falcon_enrichment/steps/enrich_ip_address_d4418.yaml @@ -0,0 +1,76 @@ +name: CrowdStrikeFalcon_Get Host Information +description: This action retrieves host details from CrowdStrike using IP addresses. +identifier: d4418310-c3fb-448c-a01c-d7f37924281a +original_step_id: 4cf17f0b-10fa-42f6-a9f3-b5c5a5d3b53c +playbook_id: ea843f06-858d-44de-a1ac-936a2835f782 +parent_step_ids: +- 1539101a-09a1-4c57-b9ee-9aa44afa289d +parent_step_id: 1539101a-09a1-4c57-b9ee-9aa44afa289d +instance_name: Enrich IP Address +is_automatic: true +is_skippable: false +action_provider: Scripts +start_loop_step_id: null +parameters: +- step_id: d4418310-c3fb-448c-a01c-d7f37924281a + playbook_id: ea843f06-858d-44de-a1ac-936a2835f782 + name: AssignedUsers + value: null +- step_id: d4418310-c3fb-448c-a01c-d7f37924281a + playbook_id: ea843f06-858d-44de-a1ac-936a2835f782 + name: DynamicInjectionInstancePlaceholder + value: '' +- step_id: d4418310-c3fb-448c-a01c-d7f37924281a + playbook_id: ea843f06-858d-44de-a1ac-936a2835f782 + name: FallbackIntegrationInstance + value: null +- step_id: d4418310-c3fb-448c-a01c-d7f37924281a + playbook_id: ea843f06-858d-44de-a1ac-936a2835f782 + name: FetchInstanceByName + value: 'false' +- step_id: d4418310-c3fb-448c-a01c-d7f37924281a + playbook_id: ea843f06-858d-44de-a1ac-936a2835f782 + name: HasApprovalLink + value: null +- step_id: d4418310-c3fb-448c-a01c-d7f37924281a + playbook_id: ea843f06-858d-44de-a1ac-936a2835f782 + name: IntegrationInstance + value: 805ec514-3ef5-46c6-9b2b-059314f2fdd0 +- step_id: d4418310-c3fb-448c-a01c-d7f37924281a + playbook_id: ea843f06-858d-44de-a1ac-936a2835f782 + name: MessageToAssignee + value: null +- step_id: d4418310-c3fb-448c-a01c-d7f37924281a + playbook_id: ea843f06-858d-44de-a1ac-936a2835f782 + name: PendingActionTimeout + value: null +- step_id: d4418310-c3fb-448c-a01c-d7f37924281a + playbook_id: ea843f06-858d-44de-a1ac-936a2835f782 + name: RetryConfiguration + value: '{"Enabled":false,"IntervalInSeconds":30,"NumberOfRetries":1}' +- step_id: d4418310-c3fb-448c-a01c-d7f37924281a + playbook_id: ea843f06-858d-44de-a1ac-936a2835f782 + name: ScriptName + value: CrowdStrikeFalcon_Get Host Information +- step_id: d4418310-c3fb-448c-a01c-d7f37924281a + playbook_id: ea843f06-858d-44de-a1ac-936a2835f782 + name: ScriptParametersEntityFields + value: '{"Customer ID":"\n","Create Insight":true}' +- step_id: d4418310-c3fb-448c-a01c-d7f37924281a + playbook_id: ea843f06-858d-44de-a1ac-936a2835f782 + name: SelectedScopeName + value: Entity Select IPs.SelectedEntities +- step_id: d4418310-c3fb-448c-a01c-d7f37924281a + playbook_id: ea843f06-858d-44de-a1ac-936a2835f782 + name: UseEntitiesLoopScope + value: null +action_name: CrowdStrikeFalcon_Get Host Information +parallel_actions: [] +integration: CrowdStrikeFalcon +parent_container_id: null +is_touched_by_ai: false +is_debug_mock_data: false +step_debug_data: null +auto_skip_on_failure: true +previous_result_condition: '{"1539101a-09a1-4c57-b9ee-9aa44afa289d":"1"}' +type: action diff --git a/content/playbooks/third_party/community/crowd_strike_falcon_enrichment/steps/enriched_host_&_ip_result_f91c4.yaml b/content/playbooks/third_party/community/crowd_strike_falcon_enrichment/steps/enriched_host_&_ip_result_f91c4.yaml new file mode 100644 index 000000000..062d14aed --- /dev/null +++ b/content/playbooks/third_party/community/crowd_strike_falcon_enrichment/steps/enriched_host_&_ip_result_f91c4.yaml @@ -0,0 +1,82 @@ +name: Siemplify_Case Comment +description: Add a comment to the case the current alert has been grouped to +identifier: f91c472f-2cfc-4c5d-a469-3708ff3c0f85 +original_step_id: ed51a970-9056-4bd2-b18d-f3a3efbc3702 +playbook_id: ea843f06-858d-44de-a1ac-936a2835f782 +parent_step_ids: +- ad8f3858-56e3-4a0b-9ed3-9f8211ce7c68 +- 40e85cd1-d981-4cd7-8a62-1b9abd94f6f5 +- b07796b5-a620-42cd-8622-783415eb81ae +parent_step_id: ad8f3858-56e3-4a0b-9ed3-9f8211ce7c68;40e85cd1-d981-4cd7-8a62-1b9abd94f6f5;b07796b5-a620-42cd-8622-783415eb81ae +instance_name: Enriched Host & IP Result +is_automatic: true +is_skippable: false +action_provider: Scripts +start_loop_step_id: null +parameters: +- step_id: f91c472f-2cfc-4c5d-a469-3708ff3c0f85 + playbook_id: ea843f06-858d-44de-a1ac-936a2835f782 + name: AssignedUsers + value: null +- step_id: f91c472f-2cfc-4c5d-a469-3708ff3c0f85 + playbook_id: ea843f06-858d-44de-a1ac-936a2835f782 + name: DistinctDuplicateEntities + value: null +- step_id: f91c472f-2cfc-4c5d-a469-3708ff3c0f85 + playbook_id: ea843f06-858d-44de-a1ac-936a2835f782 + name: DynamicInjectionInstancePlaceholder + value: '' +- step_id: f91c472f-2cfc-4c5d-a469-3708ff3c0f85 + playbook_id: ea843f06-858d-44de-a1ac-936a2835f782 + name: FallbackIntegrationInstance + value: null +- step_id: f91c472f-2cfc-4c5d-a469-3708ff3c0f85 + playbook_id: ea843f06-858d-44de-a1ac-936a2835f782 + name: FetchInstanceByName + value: 'false' +- step_id: f91c472f-2cfc-4c5d-a469-3708ff3c0f85 + playbook_id: ea843f06-858d-44de-a1ac-936a2835f782 + name: HasApprovalLink + value: null +- step_id: f91c472f-2cfc-4c5d-a469-3708ff3c0f85 + playbook_id: ea843f06-858d-44de-a1ac-936a2835f782 + name: IntegrationInstance + value: a4e2b09e-9972-4a54-b726-7fc459c31ba5 +- step_id: f91c472f-2cfc-4c5d-a469-3708ff3c0f85 + playbook_id: ea843f06-858d-44de-a1ac-936a2835f782 + name: MessageToAssignee + value: null +- step_id: f91c472f-2cfc-4c5d-a469-3708ff3c0f85 + playbook_id: ea843f06-858d-44de-a1ac-936a2835f782 + name: PendingActionTimeout + value: null +- step_id: f91c472f-2cfc-4c5d-a469-3708ff3c0f85 + playbook_id: ea843f06-858d-44de-a1ac-936a2835f782 + name: RetryConfiguration + value: '{"Enabled":false,"IntervalInSeconds":30,"NumberOfRetries":1}' +- step_id: f91c472f-2cfc-4c5d-a469-3708ff3c0f85 + playbook_id: ea843f06-858d-44de-a1ac-936a2835f782 + name: ScriptName + value: Siemplify_Case Comment +- step_id: f91c472f-2cfc-4c5d-a469-3708ff3c0f85 + playbook_id: ea843f06-858d-44de-a1ac-936a2835f782 + name: ScriptParametersEntityFields + value: '{"Comment":"[Alert.host_result]\n\n[Alert.ip_result]\n"}' +- step_id: f91c472f-2cfc-4c5d-a469-3708ff3c0f85 + playbook_id: ea843f06-858d-44de-a1ac-936a2835f782 + name: SelectedScopeName + value: All entities +- step_id: f91c472f-2cfc-4c5d-a469-3708ff3c0f85 + playbook_id: ea843f06-858d-44de-a1ac-936a2835f782 + name: UseEntitiesLoopScope + value: null +action_name: Siemplify_Case Comment +parallel_actions: [] +integration: Siemplify +parent_container_id: null +is_touched_by_ai: false +is_debug_mock_data: false +step_debug_data: null +auto_skip_on_failure: false +previous_result_condition: '{}' +type: action diff --git a/content/playbooks/third_party/community/crowd_strike_falcon_enrichment/steps/enrichment_result_fba4d.yaml b/content/playbooks/third_party/community/crowd_strike_falcon_enrichment/steps/enrichment_result_fba4d.yaml new file mode 100644 index 000000000..509aa2dd8 --- /dev/null +++ b/content/playbooks/third_party/community/crowd_strike_falcon_enrichment/steps/enrichment_result_fba4d.yaml @@ -0,0 +1,74 @@ +name: Condition +description: This condition determines the progress of the playbook. Conditions are + built based on cases data (cases, alerts, vents, entities and environment properties) + as-well as data that comes back from previous playbook steps. +identifier: fba4d15a-6764-40ae-90b0-93eeca82ef8d +original_step_id: 57f31a52-88bd-4e49-a697-2c8b82e90520 +playbook_id: ea843f06-858d-44de-a1ac-936a2835f782 +parent_step_ids: +- f91c472f-2cfc-4c5d-a469-3708ff3c0f85 +parent_step_id: f91c472f-2cfc-4c5d-a469-3708ff3c0f85 +instance_name: Enrichment Result +is_automatic: true +is_skippable: false +action_provider: Flow +start_loop_step_id: null +parameters: +- step_id: fba4d15a-6764-40ae-90b0-93eeca82ef8d + playbook_id: ea843f06-858d-44de-a1ac-936a2835f782 + name: AssignedUsers + value: null +- step_id: fba4d15a-6764-40ae-90b0-93eeca82ef8d + playbook_id: ea843f06-858d-44de-a1ac-936a2835f782 + name: Branches + value: '[{"LogicalOperator":0,"Conditions":[{"Operator":1,"FieldName":"[Alert.ip_result]","Type":7,"Value":"no + enrichment","CustomOperatorName":"Core Functions.Contains"},{"Operator":1,"FieldName":"[Alert.host_result]","Type":7,"Value":"no + enrichment","CustomOperatorName":"Core Functions.Contains"}],"Order":1,"IsDefaultBranch":false,"Name":"IP + & Host Fail"},{"LogicalOperator":0,"Conditions":[],"Order":5,"IsDefaultBranch":true,"Name":"Branch"},{"LogicalOperator":0,"Conditions":[{"Operator":1,"FieldName":"[Alert.ip_result]","Type":7,"Value":"List + of IP","CustomOperatorName":"Core Functions.Contains"},{"Operator":1,"FieldName":"[Alert.host_result]","Type":7,"Value":"List + of Host","CustomOperatorName":"Core Functions.Contains"}],"Order":2,"IsDefaultBranch":false,"Name":"IP + & Host Success"},{"LogicalOperator":0,"Conditions":[{"Operator":1,"FieldName":"[Alert.ip_result]","Type":7,"Value":"List + of IP","CustomOperatorName":"Core Functions.Contains"},{"Operator":1,"FieldName":"[Alert.host_result]","Type":7,"Value":"no + enrichment","CustomOperatorName":"Core Functions.Contains"}],"Order":3,"IsDefaultBranch":false,"Name":"IP + Success"},{"LogicalOperator":0,"Conditions":[{"Operator":1,"FieldName":"[Alert.ip_result]","Type":7,"Value":"no + enrichment","CustomOperatorName":"Core Functions.Contains"},{"Operator":1,"FieldName":"[Alert.host_result]","Type":7,"Value":"List + of Host","CustomOperatorName":"Core Functions.Contains"}],"Order":4,"IsDefaultBranch":false,"Name":"Host + Success"}]' +- step_id: fba4d15a-6764-40ae-90b0-93eeca82ef8d + playbook_id: ea843f06-858d-44de-a1ac-936a2835f782 + name: DistinctDuplicateEntities + value: 'true' +- step_id: fba4d15a-6764-40ae-90b0-93eeca82ef8d + playbook_id: ea843f06-858d-44de-a1ac-936a2835f782 + name: ErrorFallbackBranch + value: null +- step_id: fba4d15a-6764-40ae-90b0-93eeca82ef8d + playbook_id: ea843f06-858d-44de-a1ac-936a2835f782 + name: HasApprovalLink + value: null +- step_id: fba4d15a-6764-40ae-90b0-93eeca82ef8d + playbook_id: ea843f06-858d-44de-a1ac-936a2835f782 + name: MessageToAssignee + value: null +- step_id: fba4d15a-6764-40ae-90b0-93eeca82ef8d + playbook_id: ea843f06-858d-44de-a1ac-936a2835f782 + name: PendingActionTimeout + value: null +- step_id: fba4d15a-6764-40ae-90b0-93eeca82ef8d + playbook_id: ea843f06-858d-44de-a1ac-936a2835f782 + name: SelectedScopeName + value: All entities +- step_id: fba4d15a-6764-40ae-90b0-93eeca82ef8d + playbook_id: ea843f06-858d-44de-a1ac-936a2835f782 + name: UseEntitiesLoopScope + value: 'true' +action_name: IfFlowCondition +parallel_actions: [] +integration: Flow +parent_container_id: null +is_touched_by_ai: false +is_debug_mock_data: false +step_debug_data: null +auto_skip_on_failure: false +previous_result_condition: '{}' +type: condition diff --git a/content/playbooks/third_party/community/crowd_strike_falcon_enrichment/steps/entity_select_hosts_75801.yaml b/content/playbooks/third_party/community/crowd_strike_falcon_enrichment/steps/entity_select_hosts_75801.yaml new file mode 100644 index 000000000..1c170dee0 --- /dev/null +++ b/content/playbooks/third_party/community/crowd_strike_falcon_enrichment/steps/entity_select_hosts_75801.yaml @@ -0,0 +1,56 @@ +name: Entity Selection +description: This action selects hostname entities for enrichment. +identifier: 75801b0a-cc94-4a32-8370-082cbe8e59f3 +original_step_id: d1029000-0743-4e8b-8179-a6ab119d4d1c +playbook_id: ea843f06-858d-44de-a1ac-936a2835f782 +parent_step_ids: [] +parent_step_id: '' +instance_name: Entity Select Hosts +is_automatic: true +is_skippable: false +action_provider: Flow +start_loop_step_id: null +parameters: +- step_id: 75801b0a-cc94-4a32-8370-082cbe8e59f3 + playbook_id: ea843f06-858d-44de-a1ac-936a2835f782 + name: AssignedUsers + value: null +- step_id: 75801b0a-cc94-4a32-8370-082cbe8e59f3 + playbook_id: ea843f06-858d-44de-a1ac-936a2835f782 + name: ConditionOperator + value: '0' +- step_id: 75801b0a-cc94-4a32-8370-082cbe8e59f3 + playbook_id: ea843f06-858d-44de-a1ac-936a2835f782 + name: Conditions + value: '[{"FieldName":"Entity.Type","Operator":0,"Value":"HOSTNAME","Type":2,"CustomOperatorName":"Core + Functions.Equal"}]' +- step_id: 75801b0a-cc94-4a32-8370-082cbe8e59f3 + playbook_id: ea843f06-858d-44de-a1ac-936a2835f782 + name: HasApprovalLink + value: null +- step_id: 75801b0a-cc94-4a32-8370-082cbe8e59f3 + playbook_id: ea843f06-858d-44de-a1ac-936a2835f782 + name: MessageToAssignee + value: null +- step_id: 75801b0a-cc94-4a32-8370-082cbe8e59f3 + playbook_id: ea843f06-858d-44de-a1ac-936a2835f782 + name: PendingActionTimeout + value: null +- step_id: 75801b0a-cc94-4a32-8370-082cbe8e59f3 + playbook_id: ea843f06-858d-44de-a1ac-936a2835f782 + name: SelectedScopeName + value: All entities +- step_id: 75801b0a-cc94-4a32-8370-082cbe8e59f3 + playbook_id: ea843f06-858d-44de-a1ac-936a2835f782 + name: UseEntitiesLoopScope + value: 'true' +action_name: EntitySelection +parallel_actions: [] +integration: Flow +parent_container_id: null +is_touched_by_ai: false +is_debug_mock_data: false +step_debug_data: null +auto_skip_on_failure: false +previous_result_condition: '{}' +type: action diff --git a/content/playbooks/third_party/community/crowd_strike_falcon_enrichment/steps/entity_select_ips_7f434.yaml b/content/playbooks/third_party/community/crowd_strike_falcon_enrichment/steps/entity_select_ips_7f434.yaml new file mode 100644 index 000000000..c673523ca --- /dev/null +++ b/content/playbooks/third_party/community/crowd_strike_falcon_enrichment/steps/entity_select_ips_7f434.yaml @@ -0,0 +1,57 @@ +name: Entity Selection +description: This action selects IP address entities for enrichment. +identifier: 7f43429a-880d-45b9-a8bc-dbe3e64e57d0 +original_step_id: 641174a2-48d7-4d74-ad06-32daf83dc010 +playbook_id: ea843f06-858d-44de-a1ac-936a2835f782 +parent_step_ids: +- 75801b0a-cc94-4a32-8370-082cbe8e59f3 +parent_step_id: 75801b0a-cc94-4a32-8370-082cbe8e59f3 +instance_name: Entity Select IPs +is_automatic: true +is_skippable: false +action_provider: Flow +start_loop_step_id: null +parameters: +- step_id: 7f43429a-880d-45b9-a8bc-dbe3e64e57d0 + playbook_id: ea843f06-858d-44de-a1ac-936a2835f782 + name: AssignedUsers + value: null +- step_id: 7f43429a-880d-45b9-a8bc-dbe3e64e57d0 + playbook_id: ea843f06-858d-44de-a1ac-936a2835f782 + name: ConditionOperator + value: '0' +- step_id: 7f43429a-880d-45b9-a8bc-dbe3e64e57d0 + playbook_id: ea843f06-858d-44de-a1ac-936a2835f782 + name: Conditions + value: '[{"FieldName":"Entity.Type","Operator":0,"Value":"ADDRESS","Type":2,"CustomOperatorName":"Core + Functions.Equal"}]' +- step_id: 7f43429a-880d-45b9-a8bc-dbe3e64e57d0 + playbook_id: ea843f06-858d-44de-a1ac-936a2835f782 + name: HasApprovalLink + value: null +- step_id: 7f43429a-880d-45b9-a8bc-dbe3e64e57d0 + playbook_id: ea843f06-858d-44de-a1ac-936a2835f782 + name: MessageToAssignee + value: null +- step_id: 7f43429a-880d-45b9-a8bc-dbe3e64e57d0 + playbook_id: ea843f06-858d-44de-a1ac-936a2835f782 + name: PendingActionTimeout + value: null +- step_id: 7f43429a-880d-45b9-a8bc-dbe3e64e57d0 + playbook_id: ea843f06-858d-44de-a1ac-936a2835f782 + name: SelectedScopeName + value: All entities +- step_id: 7f43429a-880d-45b9-a8bc-dbe3e64e57d0 + playbook_id: ea843f06-858d-44de-a1ac-936a2835f782 + name: UseEntitiesLoopScope + value: 'true' +action_name: EntitySelection +parallel_actions: [] +integration: Flow +parent_container_id: null +is_touched_by_ai: false +is_debug_mock_data: false +step_debug_data: null +auto_skip_on_failure: false +previous_result_condition: '{}' +type: action diff --git a/content/playbooks/third_party/community/crowd_strike_falcon_enrichment/steps/host_enriched_bf2a7.yaml b/content/playbooks/third_party/community/crowd_strike_falcon_enrichment/steps/host_enriched_bf2a7.yaml new file mode 100644 index 000000000..7cee1ea00 --- /dev/null +++ b/content/playbooks/third_party/community/crowd_strike_falcon_enrichment/steps/host_enriched_bf2a7.yaml @@ -0,0 +1,60 @@ +name: Condition +description: This condition determines the progress of the playbook. Conditions are + built based on cases data (cases, alerts, vents, entities and environment properties) + as-well as data that comes back from previous playbook steps. +identifier: bf2a7059-cc51-43a3-b10d-95f483c296fe +original_step_id: a96931ea-25ef-48ce-98f2-4930ad3afed7 +playbook_id: ea843f06-858d-44de-a1ac-936a2835f782 +parent_step_ids: +- 10af137c-db21-482e-b293-c35307d7e6af +parent_step_id: 10af137c-db21-482e-b293-c35307d7e6af +instance_name: Host Enriched? +is_automatic: true +is_skippable: false +action_provider: Flow +start_loop_step_id: null +parameters: +- step_id: bf2a7059-cc51-43a3-b10d-95f483c296fe + playbook_id: ea843f06-858d-44de-a1ac-936a2835f782 + name: AssignedUsers + value: null +- step_id: bf2a7059-cc51-43a3-b10d-95f483c296fe + playbook_id: ea843f06-858d-44de-a1ac-936a2835f782 + name: Branches + value: '[{"LogicalOperator":0,"Conditions":[{"Operator":6,"FieldName":"[Enrich + Host.JsonResult]","Type":7,"Value":".JsonResult]","CustomOperatorName":"Core + Functions.Not Contains"}],"Order":1,"IsDefaultBranch":false,"Name":"Yes"},{"LogicalOperator":0,"Conditions":[],"Order":2,"IsDefaultBranch":true,"Name":"Branch"}]' +- step_id: bf2a7059-cc51-43a3-b10d-95f483c296fe + playbook_id: ea843f06-858d-44de-a1ac-936a2835f782 + name: ErrorFallbackBranch + value: null +- step_id: bf2a7059-cc51-43a3-b10d-95f483c296fe + playbook_id: ea843f06-858d-44de-a1ac-936a2835f782 + name: HasApprovalLink + value: null +- step_id: bf2a7059-cc51-43a3-b10d-95f483c296fe + playbook_id: ea843f06-858d-44de-a1ac-936a2835f782 + name: MessageToAssignee + value: null +- step_id: bf2a7059-cc51-43a3-b10d-95f483c296fe + playbook_id: ea843f06-858d-44de-a1ac-936a2835f782 + name: PendingActionTimeout + value: null +- step_id: bf2a7059-cc51-43a3-b10d-95f483c296fe + playbook_id: ea843f06-858d-44de-a1ac-936a2835f782 + name: SelectedScopeName + value: All entities +- step_id: bf2a7059-cc51-43a3-b10d-95f483c296fe + playbook_id: ea843f06-858d-44de-a1ac-936a2835f782 + name: UseEntitiesLoopScope + value: 'true' +action_name: IfFlowCondition +parallel_actions: [] +integration: Flow +parent_container_id: null +is_touched_by_ai: false +is_debug_mock_data: false +step_debug_data: null +auto_skip_on_failure: false +previous_result_condition: '{}' +type: condition diff --git a/content/playbooks/third_party/community/crowd_strike_falcon_enrichment/steps/ip_address_enriched_f3bf4.yaml b/content/playbooks/third_party/community/crowd_strike_falcon_enrichment/steps/ip_address_enriched_f3bf4.yaml new file mode 100644 index 000000000..755e51516 --- /dev/null +++ b/content/playbooks/third_party/community/crowd_strike_falcon_enrichment/steps/ip_address_enriched_f3bf4.yaml @@ -0,0 +1,60 @@ +name: Condition +description: This condition determines the progress of the playbook. Conditions are + built based on cases data (cases, alerts, vents, entities and environment properties) + as-well as data that comes back from previous playbook steps. +identifier: f3bf4bde-bbbc-447f-9916-8a80ca3c6d49 +original_step_id: 07a048fe-aef7-4817-8de0-c12d2d4b7c80 +playbook_id: ea843f06-858d-44de-a1ac-936a2835f782 +parent_step_ids: +- d4418310-c3fb-448c-a01c-d7f37924281a +parent_step_id: d4418310-c3fb-448c-a01c-d7f37924281a +instance_name: IP Address Enriched? +is_automatic: true +is_skippable: false +action_provider: Flow +start_loop_step_id: null +parameters: +- step_id: f3bf4bde-bbbc-447f-9916-8a80ca3c6d49 + playbook_id: ea843f06-858d-44de-a1ac-936a2835f782 + name: AssignedUsers + value: null +- step_id: f3bf4bde-bbbc-447f-9916-8a80ca3c6d49 + playbook_id: ea843f06-858d-44de-a1ac-936a2835f782 + name: Branches + value: '[{"LogicalOperator":0,"Conditions":[{"Operator":6,"FieldName":"[Enrich + IP Address.JsonResult]","Type":7,"Value":".JsonResult]","CustomOperatorName":"Core + Functions.Not Contains"}],"Order":1,"IsDefaultBranch":false,"Name":"Yes"},{"LogicalOperator":0,"Conditions":[],"Order":2,"IsDefaultBranch":true,"Name":"Branch"}]' +- step_id: f3bf4bde-bbbc-447f-9916-8a80ca3c6d49 + playbook_id: ea843f06-858d-44de-a1ac-936a2835f782 + name: ErrorFallbackBranch + value: null +- step_id: f3bf4bde-bbbc-447f-9916-8a80ca3c6d49 + playbook_id: ea843f06-858d-44de-a1ac-936a2835f782 + name: HasApprovalLink + value: null +- step_id: f3bf4bde-bbbc-447f-9916-8a80ca3c6d49 + playbook_id: ea843f06-858d-44de-a1ac-936a2835f782 + name: MessageToAssignee + value: null +- step_id: f3bf4bde-bbbc-447f-9916-8a80ca3c6d49 + playbook_id: ea843f06-858d-44de-a1ac-936a2835f782 + name: PendingActionTimeout + value: null +- step_id: f3bf4bde-bbbc-447f-9916-8a80ca3c6d49 + playbook_id: ea843f06-858d-44de-a1ac-936a2835f782 + name: SelectedScopeName + value: All entities +- step_id: f3bf4bde-bbbc-447f-9916-8a80ca3c6d49 + playbook_id: ea843f06-858d-44de-a1ac-936a2835f782 + name: UseEntitiesLoopScope + value: 'true' +action_name: IfFlowCondition +parallel_actions: [] +integration: Flow +parent_container_id: null +is_touched_by_ai: false +is_debug_mock_data: false +step_debug_data: null +auto_skip_on_failure: false +previous_result_condition: '{}' +type: condition diff --git a/content/playbooks/third_party/community/crowd_strike_falcon_enrichment/steps/is_host_entity_present_17b75.yaml b/content/playbooks/third_party/community/crowd_strike_falcon_enrichment/steps/is_host_entity_present_17b75.yaml new file mode 100644 index 000000000..7fb861a44 --- /dev/null +++ b/content/playbooks/third_party/community/crowd_strike_falcon_enrichment/steps/is_host_entity_present_17b75.yaml @@ -0,0 +1,58 @@ +name: Condition +description: This condition checks if hostname entities exist before enrichment. +identifier: 17b75c57-7d8f-4612-8549-b7c99754601b +original_step_id: 786ec2fd-988a-46f5-8623-3dfddbbeb58c +playbook_id: ea843f06-858d-44de-a1ac-936a2835f782 +parent_step_ids: +- 7f43429a-880d-45b9-a8bc-dbe3e64e57d0 +parent_step_id: 7f43429a-880d-45b9-a8bc-dbe3e64e57d0 +instance_name: Is Host Entity Present? +is_automatic: true +is_skippable: false +action_provider: Flow +start_loop_step_id: null +parameters: +- step_id: 17b75c57-7d8f-4612-8549-b7c99754601b + playbook_id: ea843f06-858d-44de-a1ac-936a2835f782 + name: AssignedUsers + value: null +- step_id: 17b75c57-7d8f-4612-8549-b7c99754601b + playbook_id: ea843f06-858d-44de-a1ac-936a2835f782 + name: Branches + value: '[{"LogicalOperator":0,"Conditions":[{"Operator":8,"FieldName":"[Entity + Select Hosts.SelectedEntities]","Type":7,"Value":"","CustomOperatorName":"Core + Functions.Not Empty"}],"Order":1,"IsDefaultBranch":false,"Name":"Yes"},{"LogicalOperator":0,"Conditions":[],"Order":2,"IsDefaultBranch":true,"Name":"Branch"}]' +- step_id: 17b75c57-7d8f-4612-8549-b7c99754601b + playbook_id: ea843f06-858d-44de-a1ac-936a2835f782 + name: ErrorFallbackBranch + value: null +- step_id: 17b75c57-7d8f-4612-8549-b7c99754601b + playbook_id: ea843f06-858d-44de-a1ac-936a2835f782 + name: HasApprovalLink + value: null +- step_id: 17b75c57-7d8f-4612-8549-b7c99754601b + playbook_id: ea843f06-858d-44de-a1ac-936a2835f782 + name: MessageToAssignee + value: null +- step_id: 17b75c57-7d8f-4612-8549-b7c99754601b + playbook_id: ea843f06-858d-44de-a1ac-936a2835f782 + name: PendingActionTimeout + value: null +- step_id: 17b75c57-7d8f-4612-8549-b7c99754601b + playbook_id: ea843f06-858d-44de-a1ac-936a2835f782 + name: SelectedScopeName + value: All entities +- step_id: 17b75c57-7d8f-4612-8549-b7c99754601b + playbook_id: ea843f06-858d-44de-a1ac-936a2835f782 + name: UseEntitiesLoopScope + value: 'true' +action_name: IfFlowCondition +parallel_actions: [] +integration: Flow +parent_container_id: null +is_touched_by_ai: false +is_debug_mock_data: false +step_debug_data: null +auto_skip_on_failure: false +previous_result_condition: '{}' +type: condition diff --git a/content/playbooks/third_party/community/crowd_strike_falcon_enrichment/steps/is_ip_address_entity_present_15391.yaml b/content/playbooks/third_party/community/crowd_strike_falcon_enrichment/steps/is_ip_address_entity_present_15391.yaml new file mode 100644 index 000000000..6d9d7b097 --- /dev/null +++ b/content/playbooks/third_party/community/crowd_strike_falcon_enrichment/steps/is_ip_address_entity_present_15391.yaml @@ -0,0 +1,60 @@ +name: Condition +description: This condition checks if IP address entities exist before enrichment. +identifier: 1539101a-09a1-4c57-b9ee-9aa44afa289d +original_step_id: 94b71511-5d1a-44df-88d3-74fb53eafe63 +playbook_id: ea843f06-858d-44de-a1ac-936a2835f782 +parent_step_ids: +- 637d720b-ef52-48b5-9478-17a3e4456bf1 +- 0b4da1f8-d929-4ef2-8740-4e41d83ed775 +- 344f407c-18d0-4577-9c2b-1762641808e1 +parent_step_id: 637d720b-ef52-48b5-9478-17a3e4456bf1;0b4da1f8-d929-4ef2-8740-4e41d83ed775;344f407c-18d0-4577-9c2b-1762641808e1 +instance_name: Is IP Address Entity Present? +is_automatic: true +is_skippable: false +action_provider: Flow +start_loop_step_id: null +parameters: +- step_id: 1539101a-09a1-4c57-b9ee-9aa44afa289d + playbook_id: ea843f06-858d-44de-a1ac-936a2835f782 + name: AssignedUsers + value: null +- step_id: 1539101a-09a1-4c57-b9ee-9aa44afa289d + playbook_id: ea843f06-858d-44de-a1ac-936a2835f782 + name: Branches + value: '[{"LogicalOperator":0,"Conditions":[{"Operator":8,"FieldName":"[Entity + Select IPs.SelectedEntities]","Type":7,"Value":"","CustomOperatorName":"Core + Functions.Not Empty"}],"Order":1,"IsDefaultBranch":false,"Name":"Yes"},{"LogicalOperator":0,"Conditions":[],"Order":2,"IsDefaultBranch":true,"Name":"Branch"}]' +- step_id: 1539101a-09a1-4c57-b9ee-9aa44afa289d + playbook_id: ea843f06-858d-44de-a1ac-936a2835f782 + name: ErrorFallbackBranch + value: null +- step_id: 1539101a-09a1-4c57-b9ee-9aa44afa289d + playbook_id: ea843f06-858d-44de-a1ac-936a2835f782 + name: HasApprovalLink + value: null +- step_id: 1539101a-09a1-4c57-b9ee-9aa44afa289d + playbook_id: ea843f06-858d-44de-a1ac-936a2835f782 + name: MessageToAssignee + value: null +- step_id: 1539101a-09a1-4c57-b9ee-9aa44afa289d + playbook_id: ea843f06-858d-44de-a1ac-936a2835f782 + name: PendingActionTimeout + value: null +- step_id: 1539101a-09a1-4c57-b9ee-9aa44afa289d + playbook_id: ea843f06-858d-44de-a1ac-936a2835f782 + name: SelectedScopeName + value: All entities +- step_id: 1539101a-09a1-4c57-b9ee-9aa44afa289d + playbook_id: ea843f06-858d-44de-a1ac-936a2835f782 + name: UseEntitiesLoopScope + value: 'true' +action_name: IfFlowCondition +parallel_actions: [] +integration: Flow +parent_container_id: null +is_touched_by_ai: false +is_debug_mock_data: false +step_debug_data: null +auto_skip_on_failure: false +previous_result_condition: '{}' +type: condition diff --git a/content/playbooks/third_party/community/crowd_strike_falcon_enrichment/steps/output_1_b2216.yaml b/content/playbooks/third_party/community/crowd_strike_falcon_enrichment/steps/output_1_b2216.yaml new file mode 100644 index 000000000..9dd816baf --- /dev/null +++ b/content/playbooks/third_party/community/crowd_strike_falcon_enrichment/steps/output_1_b2216.yaml @@ -0,0 +1,28 @@ +name: Output +description: '' +identifier: b2216d26-b707-4972-a59f-0c998f6d7fda +original_step_id: 98e66a96-8b54-4f6f-87e3-9e52e4f6e3bd +playbook_id: ea843f06-858d-44de-a1ac-936a2835f782 +parent_step_ids: +- fba4d15a-6764-40ae-90b0-93eeca82ef8d +parent_step_id: fba4d15a-6764-40ae-90b0-93eeca82ef8d +instance_name: Output_1 +is_automatic: true +is_skippable: false +action_provider: Flow +start_loop_step_id: null +parameters: +- step_id: b2216d26-b707-4972-a59f-0c998f6d7fda + playbook_id: ea843f06-858d-44de-a1ac-936a2835f782 + name: NestedWorkflowOutput + value: null +action_name: OutputAction +parallel_actions: [] +integration: Flow +parent_container_id: null +is_touched_by_ai: false +is_debug_mock_data: false +step_debug_data: null +auto_skip_on_failure: false +previous_result_condition: '{"fba4d15a-6764-40ae-90b0-93eeca82ef8d":"5"}' +type: output diff --git a/content/playbooks/third_party/community/crowd_strike_falcon_enrichment/steps/output_2_076ec.yaml b/content/playbooks/third_party/community/crowd_strike_falcon_enrichment/steps/output_2_076ec.yaml new file mode 100644 index 000000000..d8b2843cd --- /dev/null +++ b/content/playbooks/third_party/community/crowd_strike_falcon_enrichment/steps/output_2_076ec.yaml @@ -0,0 +1,28 @@ +name: Output +description: '' +identifier: 076ecf25-b9a1-4025-8cb4-73c368add0f2 +original_step_id: 9e64799f-aa98-4842-a078-c8ba97d96729 +playbook_id: ea843f06-858d-44de-a1ac-936a2835f782 +parent_step_ids: +- fba4d15a-6764-40ae-90b0-93eeca82ef8d +parent_step_id: fba4d15a-6764-40ae-90b0-93eeca82ef8d +instance_name: Output_2 +is_automatic: true +is_skippable: false +action_provider: Flow +start_loop_step_id: null +parameters: +- step_id: 076ecf25-b9a1-4025-8cb4-73c368add0f2 + playbook_id: ea843f06-858d-44de-a1ac-936a2835f782 + name: NestedWorkflowOutput + value: EntitiesEnriched = All +action_name: OutputAction +parallel_actions: [] +integration: Flow +parent_container_id: null +is_touched_by_ai: false +is_debug_mock_data: false +step_debug_data: null +auto_skip_on_failure: false +previous_result_condition: '{"fba4d15a-6764-40ae-90b0-93eeca82ef8d":"2"}' +type: output diff --git a/content/playbooks/third_party/community/crowd_strike_falcon_enrichment/steps/output_3_b8980.yaml b/content/playbooks/third_party/community/crowd_strike_falcon_enrichment/steps/output_3_b8980.yaml new file mode 100644 index 000000000..611190b6a --- /dev/null +++ b/content/playbooks/third_party/community/crowd_strike_falcon_enrichment/steps/output_3_b8980.yaml @@ -0,0 +1,28 @@ +name: Output +description: '' +identifier: b8980f6d-4d5f-467d-a968-d21b4dec8811 +original_step_id: 464b1209-6fb8-4caf-8f55-36b6c9b6b5eb +playbook_id: ea843f06-858d-44de-a1ac-936a2835f782 +parent_step_ids: +- fba4d15a-6764-40ae-90b0-93eeca82ef8d +parent_step_id: fba4d15a-6764-40ae-90b0-93eeca82ef8d +instance_name: Output_3 +is_automatic: true +is_skippable: false +action_provider: Flow +start_loop_step_id: null +parameters: +- step_id: b8980f6d-4d5f-467d-a968-d21b4dec8811 + playbook_id: ea843f06-858d-44de-a1ac-936a2835f782 + name: NestedWorkflowOutput + value: EntitiesEnriched = Address +action_name: OutputAction +parallel_actions: [] +integration: Flow +parent_container_id: null +is_touched_by_ai: false +is_debug_mock_data: false +step_debug_data: null +auto_skip_on_failure: false +previous_result_condition: '{"fba4d15a-6764-40ae-90b0-93eeca82ef8d":"3"}' +type: output diff --git a/content/playbooks/third_party/community/crowd_strike_falcon_enrichment/steps/output_4_b668b.yaml b/content/playbooks/third_party/community/crowd_strike_falcon_enrichment/steps/output_4_b668b.yaml new file mode 100644 index 000000000..f2c7cc6ba --- /dev/null +++ b/content/playbooks/third_party/community/crowd_strike_falcon_enrichment/steps/output_4_b668b.yaml @@ -0,0 +1,28 @@ +name: Output +description: '' +identifier: b668b474-2b57-40a3-aa20-a4bfbc53c130 +original_step_id: 3dab63c4-9118-405f-9acc-25a7e0f36f35 +playbook_id: ea843f06-858d-44de-a1ac-936a2835f782 +parent_step_ids: +- fba4d15a-6764-40ae-90b0-93eeca82ef8d +parent_step_id: fba4d15a-6764-40ae-90b0-93eeca82ef8d +instance_name: Output_4 +is_automatic: true +is_skippable: false +action_provider: Flow +start_loop_step_id: null +parameters: +- step_id: b668b474-2b57-40a3-aa20-a4bfbc53c130 + playbook_id: ea843f06-858d-44de-a1ac-936a2835f782 + name: NestedWorkflowOutput + value: EntitiesEnriched = None +action_name: OutputAction +parallel_actions: [] +integration: Flow +parent_container_id: null +is_touched_by_ai: false +is_debug_mock_data: false +step_debug_data: null +auto_skip_on_failure: false +previous_result_condition: '{"fba4d15a-6764-40ae-90b0-93eeca82ef8d":"1"}' +type: output diff --git a/content/playbooks/third_party/community/crowd_strike_falcon_enrichment/steps/output_5_f38b9.yaml b/content/playbooks/third_party/community/crowd_strike_falcon_enrichment/steps/output_5_f38b9.yaml new file mode 100644 index 000000000..63d633d38 --- /dev/null +++ b/content/playbooks/third_party/community/crowd_strike_falcon_enrichment/steps/output_5_f38b9.yaml @@ -0,0 +1,28 @@ +name: Output +description: '' +identifier: f38b9d49-e7b9-4f5e-b8ff-3cf68a453566 +original_step_id: 9eb1a6b1-a240-49ad-bd5f-ff84a6b7d35b +playbook_id: ea843f06-858d-44de-a1ac-936a2835f782 +parent_step_ids: +- fba4d15a-6764-40ae-90b0-93eeca82ef8d +parent_step_id: fba4d15a-6764-40ae-90b0-93eeca82ef8d +instance_name: Output_5 +is_automatic: true +is_skippable: false +action_provider: Flow +start_loop_step_id: null +parameters: +- step_id: f38b9d49-e7b9-4f5e-b8ff-3cf68a453566 + playbook_id: ea843f06-858d-44de-a1ac-936a2835f782 + name: NestedWorkflowOutput + value: EntitiesEnriched = Hostname +action_name: OutputAction +parallel_actions: [] +integration: Flow +parent_container_id: null +is_touched_by_ai: false +is_debug_mock_data: false +step_debug_data: null +auto_skip_on_failure: false +previous_result_condition: '{"fba4d15a-6764-40ae-90b0-93eeca82ef8d":"4"}' +type: output diff --git a/content/playbooks/third_party/community/crowd_strike_falcon_enrichment/steps/set_host_enriched_successfully_context_value_344f4.yaml b/content/playbooks/third_party/community/crowd_strike_falcon_enrichment/steps/set_host_enriched_successfully_context_value_344f4.yaml new file mode 100644 index 000000000..5020042a0 --- /dev/null +++ b/content/playbooks/third_party/community/crowd_strike_falcon_enrichment/steps/set_host_enriched_successfully_context_value_344f4.yaml @@ -0,0 +1,83 @@ +name: Siemplify_Set Scope Context Value +description: 'Action sets a value for a key specified that is stored in the Siemplify + database. Available scopes to get context values for: Alert, Case, Global. Action + is not working on Siemplify entities. Note: Key Name parameter is case insensitive.' +identifier: 344f407c-18d0-4577-9c2b-1762641808e1 +original_step_id: 7db8976e-6fa3-4ad5-99c3-c3776e837d09 +playbook_id: ea843f06-858d-44de-a1ac-936a2835f782 +parent_step_ids: +- bf2a7059-cc51-43a3-b10d-95f483c296fe +parent_step_id: bf2a7059-cc51-43a3-b10d-95f483c296fe +instance_name: Set Host Enriched Successfully Context Value +is_automatic: true +is_skippable: false +action_provider: Scripts +start_loop_step_id: null +parameters: +- step_id: 344f407c-18d0-4577-9c2b-1762641808e1 + playbook_id: ea843f06-858d-44de-a1ac-936a2835f782 + name: AssignedUsers + value: null +- step_id: 344f407c-18d0-4577-9c2b-1762641808e1 + playbook_id: ea843f06-858d-44de-a1ac-936a2835f782 + name: DistinctDuplicateEntities + value: null +- step_id: 344f407c-18d0-4577-9c2b-1762641808e1 + playbook_id: ea843f06-858d-44de-a1ac-936a2835f782 + name: DynamicInjectionInstancePlaceholder + value: '' +- step_id: 344f407c-18d0-4577-9c2b-1762641808e1 + playbook_id: ea843f06-858d-44de-a1ac-936a2835f782 + name: FallbackIntegrationInstance + value: null +- step_id: 344f407c-18d0-4577-9c2b-1762641808e1 + playbook_id: ea843f06-858d-44de-a1ac-936a2835f782 + name: FetchInstanceByName + value: 'false' +- step_id: 344f407c-18d0-4577-9c2b-1762641808e1 + playbook_id: ea843f06-858d-44de-a1ac-936a2835f782 + name: HasApprovalLink + value: null +- step_id: 344f407c-18d0-4577-9c2b-1762641808e1 + playbook_id: ea843f06-858d-44de-a1ac-936a2835f782 + name: IntegrationInstance + value: a4e2b09e-9972-4a54-b726-7fc459c31ba5 +- step_id: 344f407c-18d0-4577-9c2b-1762641808e1 + playbook_id: ea843f06-858d-44de-a1ac-936a2835f782 + name: MessageToAssignee + value: null +- step_id: 344f407c-18d0-4577-9c2b-1762641808e1 + playbook_id: ea843f06-858d-44de-a1ac-936a2835f782 + name: PendingActionTimeout + value: null +- step_id: 344f407c-18d0-4577-9c2b-1762641808e1 + playbook_id: ea843f06-858d-44de-a1ac-936a2835f782 + name: RetryConfiguration + value: '{"Enabled":false,"IntervalInSeconds":30,"NumberOfRetries":1}' +- step_id: 344f407c-18d0-4577-9c2b-1762641808e1 + playbook_id: ea843f06-858d-44de-a1ac-936a2835f782 + name: ScriptName + value: Siemplify_Set Scope Context Value +- step_id: 344f407c-18d0-4577-9c2b-1762641808e1 + playbook_id: ea843f06-858d-44de-a1ac-936a2835f782 + name: ScriptParametersEntityFields + value: '{"Context Scope":"Alert","Key Name":"host_result","Key Value":"List of + Host Enriched:\n[Enrich Host.JsonResult| \"Entity\"]"}' +- step_id: 344f407c-18d0-4577-9c2b-1762641808e1 + playbook_id: ea843f06-858d-44de-a1ac-936a2835f782 + name: SelectedScopeName + value: All entities +- step_id: 344f407c-18d0-4577-9c2b-1762641808e1 + playbook_id: ea843f06-858d-44de-a1ac-936a2835f782 + name: UseEntitiesLoopScope + value: null +action_name: Siemplify_Set Scope Context Value +parallel_actions: [] +integration: Siemplify +parent_container_id: null +is_touched_by_ai: false +is_debug_mock_data: false +step_debug_data: null +auto_skip_on_failure: false +previous_result_condition: '{"bf2a7059-cc51-43a3-b10d-95f483c296fe":"1"}' +type: action diff --git a/content/playbooks/third_party/community/crowd_strike_falcon_enrichment/steps/set_host_entity_not_found_context_value_637d7.yaml b/content/playbooks/third_party/community/crowd_strike_falcon_enrichment/steps/set_host_entity_not_found_context_value_637d7.yaml new file mode 100644 index 000000000..719227b25 --- /dev/null +++ b/content/playbooks/third_party/community/crowd_strike_falcon_enrichment/steps/set_host_entity_not_found_context_value_637d7.yaml @@ -0,0 +1,83 @@ +name: Siemplify_Set Scope Context Value +description: 'Action sets a value for a key specified that is stored in the Siemplify + database. Available scopes to get context values for: Alert, Case, Global. Action + is not working on Siemplify entities. Note: Key Name parameter is case insensitive.' +identifier: 637d720b-ef52-48b5-9478-17a3e4456bf1 +original_step_id: a7dc94e6-1f65-40c9-af37-285c7b867d0d +playbook_id: ea843f06-858d-44de-a1ac-936a2835f782 +parent_step_ids: +- 17b75c57-7d8f-4612-8549-b7c99754601b +parent_step_id: 17b75c57-7d8f-4612-8549-b7c99754601b +instance_name: Set Host Entity Not Found Context Value +is_automatic: true +is_skippable: false +action_provider: Scripts +start_loop_step_id: null +parameters: +- step_id: 637d720b-ef52-48b5-9478-17a3e4456bf1 + playbook_id: ea843f06-858d-44de-a1ac-936a2835f782 + name: AssignedUsers + value: null +- step_id: 637d720b-ef52-48b5-9478-17a3e4456bf1 + playbook_id: ea843f06-858d-44de-a1ac-936a2835f782 + name: DistinctDuplicateEntities + value: null +- step_id: 637d720b-ef52-48b5-9478-17a3e4456bf1 + playbook_id: ea843f06-858d-44de-a1ac-936a2835f782 + name: DynamicInjectionInstancePlaceholder + value: '' +- step_id: 637d720b-ef52-48b5-9478-17a3e4456bf1 + playbook_id: ea843f06-858d-44de-a1ac-936a2835f782 + name: FallbackIntegrationInstance + value: null +- step_id: 637d720b-ef52-48b5-9478-17a3e4456bf1 + playbook_id: ea843f06-858d-44de-a1ac-936a2835f782 + name: FetchInstanceByName + value: 'false' +- step_id: 637d720b-ef52-48b5-9478-17a3e4456bf1 + playbook_id: ea843f06-858d-44de-a1ac-936a2835f782 + name: HasApprovalLink + value: null +- step_id: 637d720b-ef52-48b5-9478-17a3e4456bf1 + playbook_id: ea843f06-858d-44de-a1ac-936a2835f782 + name: IntegrationInstance + value: a4e2b09e-9972-4a54-b726-7fc459c31ba5 +- step_id: 637d720b-ef52-48b5-9478-17a3e4456bf1 + playbook_id: ea843f06-858d-44de-a1ac-936a2835f782 + name: MessageToAssignee + value: null +- step_id: 637d720b-ef52-48b5-9478-17a3e4456bf1 + playbook_id: ea843f06-858d-44de-a1ac-936a2835f782 + name: PendingActionTimeout + value: null +- step_id: 637d720b-ef52-48b5-9478-17a3e4456bf1 + playbook_id: ea843f06-858d-44de-a1ac-936a2835f782 + name: RetryConfiguration + value: '{"Enabled":false,"IntervalInSeconds":30,"NumberOfRetries":1}' +- step_id: 637d720b-ef52-48b5-9478-17a3e4456bf1 + playbook_id: ea843f06-858d-44de-a1ac-936a2835f782 + name: ScriptName + value: Siemplify_Set Scope Context Value +- step_id: 637d720b-ef52-48b5-9478-17a3e4456bf1 + playbook_id: ea843f06-858d-44de-a1ac-936a2835f782 + name: ScriptParametersEntityFields + value: '{"Context Scope":"Alert","Key Name":"host_result","Key Value":"No Host + entity present for enrichment. (no enrichment)"}' +- step_id: 637d720b-ef52-48b5-9478-17a3e4456bf1 + playbook_id: ea843f06-858d-44de-a1ac-936a2835f782 + name: SelectedScopeName + value: All entities +- step_id: 637d720b-ef52-48b5-9478-17a3e4456bf1 + playbook_id: ea843f06-858d-44de-a1ac-936a2835f782 + name: UseEntitiesLoopScope + value: null +action_name: Siemplify_Set Scope Context Value +parallel_actions: [] +integration: Siemplify +parent_container_id: null +is_touched_by_ai: false +is_debug_mock_data: false +step_debug_data: null +auto_skip_on_failure: false +previous_result_condition: '{"17b75c57-7d8f-4612-8549-b7c99754601b":"2"}' +type: action diff --git a/content/playbooks/third_party/community/crowd_strike_falcon_enrichment/steps/set_host_entity_not_present_on_crowdstrike_falcon_context_value_0b4da.yaml b/content/playbooks/third_party/community/crowd_strike_falcon_enrichment/steps/set_host_entity_not_present_on_crowdstrike_falcon_context_value_0b4da.yaml new file mode 100644 index 000000000..0dc67d763 --- /dev/null +++ b/content/playbooks/third_party/community/crowd_strike_falcon_enrichment/steps/set_host_entity_not_present_on_crowdstrike_falcon_context_value_0b4da.yaml @@ -0,0 +1,83 @@ +name: Siemplify_Set Scope Context Value +description: 'Action sets a value for a key specified that is stored in the Siemplify + database. Available scopes to get context values for: Alert, Case, Global. Action + is not working on Siemplify entities. Note: Key Name parameter is case insensitive.' +identifier: 0b4da1f8-d929-4ef2-8740-4e41d83ed775 +original_step_id: 7ae2659b-9faa-4c9d-bac5-2ca89d62ee16 +playbook_id: ea843f06-858d-44de-a1ac-936a2835f782 +parent_step_ids: +- bf2a7059-cc51-43a3-b10d-95f483c296fe +parent_step_id: bf2a7059-cc51-43a3-b10d-95f483c296fe +instance_name: Set Host Entity Not Present on CrowdStrike Falcon Context Value +is_automatic: true +is_skippable: false +action_provider: Scripts +start_loop_step_id: null +parameters: +- step_id: 0b4da1f8-d929-4ef2-8740-4e41d83ed775 + playbook_id: ea843f06-858d-44de-a1ac-936a2835f782 + name: AssignedUsers + value: null +- step_id: 0b4da1f8-d929-4ef2-8740-4e41d83ed775 + playbook_id: ea843f06-858d-44de-a1ac-936a2835f782 + name: DistinctDuplicateEntities + value: null +- step_id: 0b4da1f8-d929-4ef2-8740-4e41d83ed775 + playbook_id: ea843f06-858d-44de-a1ac-936a2835f782 + name: DynamicInjectionInstancePlaceholder + value: '' +- step_id: 0b4da1f8-d929-4ef2-8740-4e41d83ed775 + playbook_id: ea843f06-858d-44de-a1ac-936a2835f782 + name: FallbackIntegrationInstance + value: null +- step_id: 0b4da1f8-d929-4ef2-8740-4e41d83ed775 + playbook_id: ea843f06-858d-44de-a1ac-936a2835f782 + name: FetchInstanceByName + value: 'false' +- step_id: 0b4da1f8-d929-4ef2-8740-4e41d83ed775 + playbook_id: ea843f06-858d-44de-a1ac-936a2835f782 + name: HasApprovalLink + value: null +- step_id: 0b4da1f8-d929-4ef2-8740-4e41d83ed775 + playbook_id: ea843f06-858d-44de-a1ac-936a2835f782 + name: IntegrationInstance + value: a4e2b09e-9972-4a54-b726-7fc459c31ba5 +- step_id: 0b4da1f8-d929-4ef2-8740-4e41d83ed775 + playbook_id: ea843f06-858d-44de-a1ac-936a2835f782 + name: MessageToAssignee + value: null +- step_id: 0b4da1f8-d929-4ef2-8740-4e41d83ed775 + playbook_id: ea843f06-858d-44de-a1ac-936a2835f782 + name: PendingActionTimeout + value: null +- step_id: 0b4da1f8-d929-4ef2-8740-4e41d83ed775 + playbook_id: ea843f06-858d-44de-a1ac-936a2835f782 + name: RetryConfiguration + value: '{"Enabled":false,"IntervalInSeconds":30,"NumberOfRetries":1}' +- step_id: 0b4da1f8-d929-4ef2-8740-4e41d83ed775 + playbook_id: ea843f06-858d-44de-a1ac-936a2835f782 + name: ScriptName + value: Siemplify_Set Scope Context Value +- step_id: 0b4da1f8-d929-4ef2-8740-4e41d83ed775 + playbook_id: ea843f06-858d-44de-a1ac-936a2835f782 + name: ScriptParametersEntityFields + value: '{"Context Scope":"Alert","Key Name":"host_result","Key Value":"Host is + not present on CrowdStrike Falcon (no enrichment)"}' +- step_id: 0b4da1f8-d929-4ef2-8740-4e41d83ed775 + playbook_id: ea843f06-858d-44de-a1ac-936a2835f782 + name: SelectedScopeName + value: All entities +- step_id: 0b4da1f8-d929-4ef2-8740-4e41d83ed775 + playbook_id: ea843f06-858d-44de-a1ac-936a2835f782 + name: UseEntitiesLoopScope + value: null +action_name: Siemplify_Set Scope Context Value +parallel_actions: [] +integration: Siemplify +parent_container_id: null +is_touched_by_ai: false +is_debug_mock_data: false +step_debug_data: null +auto_skip_on_failure: false +previous_result_condition: '{"bf2a7059-cc51-43a3-b10d-95f483c296fe":"2"}' +type: action diff --git a/content/playbooks/third_party/community/crowd_strike_falcon_enrichment/steps/set_ip_address_enriched_successfully_context_value_ad8f3.yaml b/content/playbooks/third_party/community/crowd_strike_falcon_enrichment/steps/set_ip_address_enriched_successfully_context_value_ad8f3.yaml new file mode 100644 index 000000000..8b09aa43e --- /dev/null +++ b/content/playbooks/third_party/community/crowd_strike_falcon_enrichment/steps/set_ip_address_enriched_successfully_context_value_ad8f3.yaml @@ -0,0 +1,83 @@ +name: Siemplify_Set Scope Context Value +description: 'Action sets a value for a key specified that is stored in the Siemplify + database. Available scopes to get context values for: Alert, Case, Global. Action + is not working on Siemplify entities. Note: Key Name parameter is case insensitive.' +identifier: ad8f3858-56e3-4a0b-9ed3-9f8211ce7c68 +original_step_id: 8dec26dd-e7dd-43a3-b9d4-a54ebf53e233 +playbook_id: ea843f06-858d-44de-a1ac-936a2835f782 +parent_step_ids: +- f3bf4bde-bbbc-447f-9916-8a80ca3c6d49 +parent_step_id: f3bf4bde-bbbc-447f-9916-8a80ca3c6d49 +instance_name: Set IP Address Enriched Successfully Context Value +is_automatic: true +is_skippable: false +action_provider: Scripts +start_loop_step_id: null +parameters: +- step_id: ad8f3858-56e3-4a0b-9ed3-9f8211ce7c68 + playbook_id: ea843f06-858d-44de-a1ac-936a2835f782 + name: AssignedUsers + value: null +- step_id: ad8f3858-56e3-4a0b-9ed3-9f8211ce7c68 + playbook_id: ea843f06-858d-44de-a1ac-936a2835f782 + name: DistinctDuplicateEntities + value: null +- step_id: ad8f3858-56e3-4a0b-9ed3-9f8211ce7c68 + playbook_id: ea843f06-858d-44de-a1ac-936a2835f782 + name: DynamicInjectionInstancePlaceholder + value: '' +- step_id: ad8f3858-56e3-4a0b-9ed3-9f8211ce7c68 + playbook_id: ea843f06-858d-44de-a1ac-936a2835f782 + name: FallbackIntegrationInstance + value: null +- step_id: ad8f3858-56e3-4a0b-9ed3-9f8211ce7c68 + playbook_id: ea843f06-858d-44de-a1ac-936a2835f782 + name: FetchInstanceByName + value: 'false' +- step_id: ad8f3858-56e3-4a0b-9ed3-9f8211ce7c68 + playbook_id: ea843f06-858d-44de-a1ac-936a2835f782 + name: HasApprovalLink + value: null +- step_id: ad8f3858-56e3-4a0b-9ed3-9f8211ce7c68 + playbook_id: ea843f06-858d-44de-a1ac-936a2835f782 + name: IntegrationInstance + value: a4e2b09e-9972-4a54-b726-7fc459c31ba5 +- step_id: ad8f3858-56e3-4a0b-9ed3-9f8211ce7c68 + playbook_id: ea843f06-858d-44de-a1ac-936a2835f782 + name: MessageToAssignee + value: null +- step_id: ad8f3858-56e3-4a0b-9ed3-9f8211ce7c68 + playbook_id: ea843f06-858d-44de-a1ac-936a2835f782 + name: PendingActionTimeout + value: null +- step_id: ad8f3858-56e3-4a0b-9ed3-9f8211ce7c68 + playbook_id: ea843f06-858d-44de-a1ac-936a2835f782 + name: RetryConfiguration + value: '{"Enabled":false,"IntervalInSeconds":30,"NumberOfRetries":1}' +- step_id: ad8f3858-56e3-4a0b-9ed3-9f8211ce7c68 + playbook_id: ea843f06-858d-44de-a1ac-936a2835f782 + name: ScriptName + value: Siemplify_Set Scope Context Value +- step_id: ad8f3858-56e3-4a0b-9ed3-9f8211ce7c68 + playbook_id: ea843f06-858d-44de-a1ac-936a2835f782 + name: ScriptParametersEntityFields + value: '{"Context Scope":"Alert","Key Name":"ip_result","Key Value":"\rList of + IP Address Enriched:\n[Enrich IP Address.JsonResult| \"Entity\"]"}' +- step_id: ad8f3858-56e3-4a0b-9ed3-9f8211ce7c68 + playbook_id: ea843f06-858d-44de-a1ac-936a2835f782 + name: SelectedScopeName + value: All entities +- step_id: ad8f3858-56e3-4a0b-9ed3-9f8211ce7c68 + playbook_id: ea843f06-858d-44de-a1ac-936a2835f782 + name: UseEntitiesLoopScope + value: null +action_name: Siemplify_Set Scope Context Value +parallel_actions: [] +integration: Siemplify +parent_container_id: null +is_touched_by_ai: false +is_debug_mock_data: false +step_debug_data: null +auto_skip_on_failure: false +previous_result_condition: '{"f3bf4bde-bbbc-447f-9916-8a80ca3c6d49":"1"}' +type: action diff --git a/content/playbooks/third_party/community/crowd_strike_falcon_enrichment/steps/set_ip_address_entity_not_found_context_value_b0779.yaml b/content/playbooks/third_party/community/crowd_strike_falcon_enrichment/steps/set_ip_address_entity_not_found_context_value_b0779.yaml new file mode 100644 index 000000000..d7247d57a --- /dev/null +++ b/content/playbooks/third_party/community/crowd_strike_falcon_enrichment/steps/set_ip_address_entity_not_found_context_value_b0779.yaml @@ -0,0 +1,83 @@ +name: Siemplify_Set Scope Context Value +description: 'Action sets a value for a key specified that is stored in the Siemplify + database. Available scopes to get context values for: Alert, Case, Global. Action + is not working on Siemplify entities. Note: Key Name parameter is case insensitive.' +identifier: b07796b5-a620-42cd-8622-783415eb81ae +original_step_id: accabcc5-9d17-402a-8e8f-aef9d2bab275 +playbook_id: ea843f06-858d-44de-a1ac-936a2835f782 +parent_step_ids: +- 1539101a-09a1-4c57-b9ee-9aa44afa289d +parent_step_id: 1539101a-09a1-4c57-b9ee-9aa44afa289d +instance_name: Set IP Address Entity Not Found Context Value +is_automatic: true +is_skippable: false +action_provider: Scripts +start_loop_step_id: null +parameters: +- step_id: b07796b5-a620-42cd-8622-783415eb81ae + playbook_id: ea843f06-858d-44de-a1ac-936a2835f782 + name: AssignedUsers + value: null +- step_id: b07796b5-a620-42cd-8622-783415eb81ae + playbook_id: ea843f06-858d-44de-a1ac-936a2835f782 + name: DistinctDuplicateEntities + value: null +- step_id: b07796b5-a620-42cd-8622-783415eb81ae + playbook_id: ea843f06-858d-44de-a1ac-936a2835f782 + name: DynamicInjectionInstancePlaceholder + value: '' +- step_id: b07796b5-a620-42cd-8622-783415eb81ae + playbook_id: ea843f06-858d-44de-a1ac-936a2835f782 + name: FallbackIntegrationInstance + value: null +- step_id: b07796b5-a620-42cd-8622-783415eb81ae + playbook_id: ea843f06-858d-44de-a1ac-936a2835f782 + name: FetchInstanceByName + value: 'false' +- step_id: b07796b5-a620-42cd-8622-783415eb81ae + playbook_id: ea843f06-858d-44de-a1ac-936a2835f782 + name: HasApprovalLink + value: null +- step_id: b07796b5-a620-42cd-8622-783415eb81ae + playbook_id: ea843f06-858d-44de-a1ac-936a2835f782 + name: IntegrationInstance + value: a4e2b09e-9972-4a54-b726-7fc459c31ba5 +- step_id: b07796b5-a620-42cd-8622-783415eb81ae + playbook_id: ea843f06-858d-44de-a1ac-936a2835f782 + name: MessageToAssignee + value: null +- step_id: b07796b5-a620-42cd-8622-783415eb81ae + playbook_id: ea843f06-858d-44de-a1ac-936a2835f782 + name: PendingActionTimeout + value: null +- step_id: b07796b5-a620-42cd-8622-783415eb81ae + playbook_id: ea843f06-858d-44de-a1ac-936a2835f782 + name: RetryConfiguration + value: '{"Enabled":false,"IntervalInSeconds":30,"NumberOfRetries":1}' +- step_id: b07796b5-a620-42cd-8622-783415eb81ae + playbook_id: ea843f06-858d-44de-a1ac-936a2835f782 + name: ScriptName + value: Siemplify_Set Scope Context Value +- step_id: b07796b5-a620-42cd-8622-783415eb81ae + playbook_id: ea843f06-858d-44de-a1ac-936a2835f782 + name: ScriptParametersEntityFields + value: '{"Context Scope":"Alert","Key Name":"ip_result","Key Value":"No IP Address + entity present for enrichment. (no enrichment)"}' +- step_id: b07796b5-a620-42cd-8622-783415eb81ae + playbook_id: ea843f06-858d-44de-a1ac-936a2835f782 + name: SelectedScopeName + value: All entities +- step_id: b07796b5-a620-42cd-8622-783415eb81ae + playbook_id: ea843f06-858d-44de-a1ac-936a2835f782 + name: UseEntitiesLoopScope + value: null +action_name: Siemplify_Set Scope Context Value +parallel_actions: [] +integration: Siemplify +parent_container_id: null +is_touched_by_ai: false +is_debug_mock_data: false +step_debug_data: null +auto_skip_on_failure: false +previous_result_condition: '{"1539101a-09a1-4c57-b9ee-9aa44afa289d":"2"}' +type: action diff --git a/content/playbooks/third_party/community/crowd_strike_falcon_enrichment/steps/set_ip_address_entity_not_present_on_crowdstrike_falcon_context_value_40e85.yaml b/content/playbooks/third_party/community/crowd_strike_falcon_enrichment/steps/set_ip_address_entity_not_present_on_crowdstrike_falcon_context_value_40e85.yaml new file mode 100644 index 000000000..c773e5984 --- /dev/null +++ b/content/playbooks/third_party/community/crowd_strike_falcon_enrichment/steps/set_ip_address_entity_not_present_on_crowdstrike_falcon_context_value_40e85.yaml @@ -0,0 +1,83 @@ +name: Siemplify_Set Scope Context Value +description: 'Action sets a value for a key specified that is stored in the Siemplify + database. Available scopes to get context values for: Alert, Case, Global. Action + is not working on Siemplify entities. Note: Key Name parameter is case insensitive.' +identifier: 40e85cd1-d981-4cd7-8a62-1b9abd94f6f5 +original_step_id: 8a6717b4-365a-4da6-972e-5decebfa74a8 +playbook_id: ea843f06-858d-44de-a1ac-936a2835f782 +parent_step_ids: +- f3bf4bde-bbbc-447f-9916-8a80ca3c6d49 +parent_step_id: f3bf4bde-bbbc-447f-9916-8a80ca3c6d49 +instance_name: Set IP Address Entity Not Present on CrowdStrike Falcon Context Value +is_automatic: true +is_skippable: false +action_provider: Scripts +start_loop_step_id: null +parameters: +- step_id: 40e85cd1-d981-4cd7-8a62-1b9abd94f6f5 + playbook_id: ea843f06-858d-44de-a1ac-936a2835f782 + name: AssignedUsers + value: null +- step_id: 40e85cd1-d981-4cd7-8a62-1b9abd94f6f5 + playbook_id: ea843f06-858d-44de-a1ac-936a2835f782 + name: DistinctDuplicateEntities + value: null +- step_id: 40e85cd1-d981-4cd7-8a62-1b9abd94f6f5 + playbook_id: ea843f06-858d-44de-a1ac-936a2835f782 + name: DynamicInjectionInstancePlaceholder + value: '' +- step_id: 40e85cd1-d981-4cd7-8a62-1b9abd94f6f5 + playbook_id: ea843f06-858d-44de-a1ac-936a2835f782 + name: FallbackIntegrationInstance + value: null +- step_id: 40e85cd1-d981-4cd7-8a62-1b9abd94f6f5 + playbook_id: ea843f06-858d-44de-a1ac-936a2835f782 + name: FetchInstanceByName + value: 'false' +- step_id: 40e85cd1-d981-4cd7-8a62-1b9abd94f6f5 + playbook_id: ea843f06-858d-44de-a1ac-936a2835f782 + name: HasApprovalLink + value: null +- step_id: 40e85cd1-d981-4cd7-8a62-1b9abd94f6f5 + playbook_id: ea843f06-858d-44de-a1ac-936a2835f782 + name: IntegrationInstance + value: a4e2b09e-9972-4a54-b726-7fc459c31ba5 +- step_id: 40e85cd1-d981-4cd7-8a62-1b9abd94f6f5 + playbook_id: ea843f06-858d-44de-a1ac-936a2835f782 + name: MessageToAssignee + value: null +- step_id: 40e85cd1-d981-4cd7-8a62-1b9abd94f6f5 + playbook_id: ea843f06-858d-44de-a1ac-936a2835f782 + name: PendingActionTimeout + value: null +- step_id: 40e85cd1-d981-4cd7-8a62-1b9abd94f6f5 + playbook_id: ea843f06-858d-44de-a1ac-936a2835f782 + name: RetryConfiguration + value: '{"Enabled":false,"IntervalInSeconds":30,"NumberOfRetries":1}' +- step_id: 40e85cd1-d981-4cd7-8a62-1b9abd94f6f5 + playbook_id: ea843f06-858d-44de-a1ac-936a2835f782 + name: ScriptName + value: Siemplify_Set Scope Context Value +- step_id: 40e85cd1-d981-4cd7-8a62-1b9abd94f6f5 + playbook_id: ea843f06-858d-44de-a1ac-936a2835f782 + name: ScriptParametersEntityFields + value: '{"Context Scope":"Alert","Key Name":"ip_result","Key Value":"IP Address + is not present on CrowdStrike Falcon (no enrichment)"}' +- step_id: 40e85cd1-d981-4cd7-8a62-1b9abd94f6f5 + playbook_id: ea843f06-858d-44de-a1ac-936a2835f782 + name: SelectedScopeName + value: All entities +- step_id: 40e85cd1-d981-4cd7-8a62-1b9abd94f6f5 + playbook_id: ea843f06-858d-44de-a1ac-936a2835f782 + name: UseEntitiesLoopScope + value: null +action_name: Siemplify_Set Scope Context Value +parallel_actions: [] +integration: Siemplify +parent_container_id: null +is_touched_by_ai: false +is_debug_mock_data: false +step_debug_data: null +auto_skip_on_failure: false +previous_result_condition: '{"f3bf4bde-bbbc-447f-9916-8a80ca3c6d49":"2"}' +type: action diff --git a/content/playbooks/third_party/community/crowd_strike_falcon_enrichment/trigger.yaml b/content/playbooks/third_party/community/crowd_strike_falcon_enrichment/trigger.yaml new file mode 100644 index 000000000..75cc9779b --- /dev/null +++ b/content/playbooks/third_party/community/crowd_strike_falcon_enrichment/trigger.yaml @@ -0,0 +1,9 @@ +identifier: a395f776-0404-409b-9841-c9f3005a0dea +is_enabled: true +playbook_id: ea843f06-858d-44de-a1ac-936a2835f782 +type_: get_inputs +conditions: [] +logical_operator: and +environments: +- '*' +playbook_name: null