Created
June 6, 2019 12:28
-
-
Save fhightower/00b31622e919dbe285ea97037607eeae to your computer and use it in GitHub Desktop.
Playbook using indicator status updater component
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| { | |
| "name" : "Indicator status example", | |
| "type" : "Standard", | |
| "panX" : 20.0, | |
| "panY" : 20.0, | |
| "logLevel" : "DEBUG", | |
| "description" : "", | |
| "version" : "1.2", | |
| "comment" : "Auto-Saved on Thu Jun 06 12:08:18 UTC 2019", | |
| "jobList" : [ { | |
| "id" : 35114, | |
| "appCatalogItem" : { | |
| "programName" : "13ed348659b196c37cb962028c36bb92", | |
| "displayName" : "Indicator Status", | |
| "programVersion" : "1.0.0", | |
| "pipeRunLevel" : true | |
| }, | |
| "name" : "Indicator Status 1", | |
| "jobParameterList" : [ { | |
| "appCatalogItemParameter" : { | |
| "paramName" : "active" | |
| } | |
| }, { | |
| "appCatalogItemParameter" : { | |
| "paramName" : "owner" | |
| }, | |
| "value" : "Foobar Labs" | |
| }, { | |
| "appCatalogItemParameter" : { | |
| "paramName" : "indicatorType" | |
| }, | |
| "value" : "addresses" | |
| }, { | |
| "appCatalogItemParameter" : { | |
| "paramName" : "indicator" | |
| }, | |
| "value" : "1.2.3.4" | |
| } ], | |
| "locationLeft" : 760.0, | |
| "locationTop" : 360.0 | |
| } ], | |
| "playbookConnectionList" : [ { | |
| "type" : "Pass", | |
| "isCircularOnTarget" : false, | |
| "targetJobId" : 35114, | |
| "sourceTriggerId" : 3969 | |
| } ], | |
| "playbookTriggerList" : [ { | |
| "id" : 3969, | |
| "name" : "HttpLink Trigger 1", | |
| "type" : "HttpLink", | |
| "eventType" : "External", | |
| "locationLeft" : 550.0, | |
| "locationTop" : 360.0, | |
| "anyOrg" : true, | |
| "playbookTriggerFilterList" : [ ] | |
| } ], | |
| "playbookLabels" : [ ], | |
| "exportablePipes" : [ { | |
| "definitionVersion" : "13ed348659b196c37cb962028c36bb92", | |
| "name" : "Indicator Status", | |
| "type" : "Pipe", | |
| "panX" : 20.0, | |
| "panY" : 20.0, | |
| "logLevel" : "WARN", | |
| "description" : "", | |
| "version" : "1.1", | |
| "comment" : "Auto-Saved on Thu Jun 06 12:06:10 UTC 2019", | |
| "jobList" : [ { | |
| "id" : 35112, | |
| "appCatalogItem" : { | |
| "programName" : "TCPB - TC Api v1.0", | |
| "displayName" : "ThreatConnect API", | |
| "programVersion" : "1.0.6" | |
| }, | |
| "name" : "ThreatConnect API 1", | |
| "jobParameterList" : [ { | |
| "appCatalogItemParameter" : { | |
| "paramName" : "headers" | |
| }, | |
| "value" : "[]" | |
| }, { | |
| "appCatalogItemParameter" : { | |
| "paramName" : "query_params" | |
| }, | |
| "value" : "[{\"key\":\"owner\",\"value\":\"#Trigger:3967:owner!String\"}]" | |
| }, { | |
| "appCatalogItemParameter" : { | |
| "paramName" : "body" | |
| }, | |
| "value" : "{\n\"active\": #Trigger:3967:active!String\n}" | |
| }, { | |
| "appCatalogItemParameter" : { | |
| "paramName" : "path" | |
| }, | |
| "value" : "/v2/indicators/#Trigger:3967:indicatorType!String/#Trigger:3967:indicator!String" | |
| }, { | |
| "appCatalogItemParameter" : { | |
| "paramName" : "method" | |
| }, | |
| "value" : "PUT" | |
| } ], | |
| "locationLeft" : 320.0, | |
| "locationTop" : 430.0 | |
| } ], | |
| "playbookConnectionList" : [ { | |
| "type" : "Pass", | |
| "isCircularOnTarget" : false, | |
| "targetJobId" : 35112, | |
| "sourceTriggerId" : 3967 | |
| } ], | |
| "playbookTriggerList" : [ { | |
| "id" : 3967, | |
| "name" : "Component Trigger", | |
| "type" : "PipeConfig", | |
| "eventType" : "External", | |
| "locationLeft" : 100.0, | |
| "locationTop" : 430.0, | |
| "anyOrg" : true, | |
| "playbookTriggerFilterList" : [ ], | |
| "outputVariables" : "[{\"name\":\"active\",\"type\":\"String\",\"loopVariables\":false},{\"name\":\"indicator\",\"type\":\"String\",\"loopVariables\":false},{\"name\":\"owner\",\"type\":\"String\",\"loopVariables\":false},{\"name\":\"indicatorType\",\"type\":\"String\",\"loopVariables\":false}]", | |
| "pipeInputParams" : "[{\"label\":\"Indicator\",\"dataType\":\"String\",\"playbookDataType\":\"String\",\"required\":true,\"name\":\"indicator\",\"encrypted\":false,\"hidden\":false,\"hasDollarVariables\":false,\"playbookVariable\":false,\"validValuesList\":[\"${TEXT}\"]},{\"label\":\"Owner\",\"dataType\":\"String\",\"playbookDataType\":\"String\",\"required\":true,\"name\":\"owner\",\"encrypted\":false,\"hidden\":false,\"hasDollarVariables\":false,\"playbookVariable\":false,\"validValuesList\":[\"${TEXT}\"]},{\"label\":\"Indicator Type (must be one of the indicator types listed here: https://docs.threatconnect.com/en/latest/rest_api/overview.html#indicator-endpoints)\",\"dataType\":\"String\",\"playbookDataType\":\"String\",\"required\":true,\"name\":\"indicatorType\",\"encrypted\":false,\"hidden\":false,\"hasDollarVariables\":false,\"playbookVariable\":false,\"validValuesList\":[\"${TEXT}\"]},{\"label\":\"Indicator active? (Check the box to set the indicator's status to active)\",\"dataType\":\"Boolean\",\"playbookDataType\":\"String\",\"required\":false,\"name\":\"active\",\"encrypted\":true,\"hidden\":false,\"hasDollarVariables\":false,\"playbookVariable\":false,\"validValuesList\":[\"${TEXT}\",\"${KEYCHAIN}\"]}]", | |
| "pipeOutputParams" : "[]" | |
| } ], | |
| "playbookLabels" : [ ] | |
| } ] | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment