Gurucul Risk Analytics

Details
Content
Dependencies
Version History

Gurucul Risk Analytics (GRA) is a Unified Security and Risk Analytics platform.

Gurucul Unified Security Analytics is a data science backed cloud native platform that predicts, detects and prevents breaches. It ingests and analyzes massive amounts of data from the network, IT systems, cloud platforms, EDR, applications, IoT, HR and much more to give you a comprehensive contextual view of user and entity behaviors

This Content Pack facilitates retrieval of High Risk Entities identified by GRA by creating a case for each entity within GRA.
These high risk entities are fetched in XSOAR and a corresponding incident is created for each entity in XSOAR.
As a part of this integration, workflows can be configured at XSOAR based on different commands provided by GRA. These will define the actions to be taken on a particular high risk entity based on the Risk Score.

Pack Contributors:

Jignesh Patil
Kiran Gore

Contributions are welcome and appreciated. For more info, visit our Contribution Guide.

Pack Contributors:

Jignesh Patil
Kiran Gore

Contributions are welcome and appreciated. For more info, visit our Contribution Guide.

Automations

Name	Description
GRAAnalyticalFeatureDisplay	Display GRA analytical feature on the layout.
GRAUpdateCaseStatus	GRA Update Case Status.
GRAAnomaliesDisplay	Retrieve anomalies for specified case id from GRA and update in XSOAR.

Classifiers

Name	Description
GRACase-Classifier	Classifies Gurucul GRA Case Incident.
GRACase-Mapper

Incident Fields

Name	Description
GRA Case	GRA Case
GRA Case Open Date	GRA Case Open Date
GRA Case Risk Date	GRA Case Risk Date
GRA Case Entity	GRA Case Entity
GRA Case Owner Name	GRA Case Owner Name
GRA Case Owner Type	GRA Case Owner Type
GRA Case Anomaly Details	GRA Case Anomaly Details
GRA Case Status	GRA Case Status
GRA Case Entity Id	GRA Case Entity Id
GRA Case Owner Id	GRA Case Owner Id
GRA Case Entity Type Id	GRA Case Entity Type Id
GRA Case Risk Score	GRA Case Risk Score
GRA Case Weblink	GRA Case Weblink

Incident Types

Name	Description
GRACase

Integrations

Name	Description
Gurucul-GRA (Partner Contribution)	Gurucul Risk Analytics (GRA) is a Unified Security and Risk Analytics platform.

Layouts

Name	Description
GRACaseLayout	GRA Case Layout

Playbooks

Name	Description
GRACase	Playbook for fetching cases assosiated to high risk users.

Automations

Name	Description
GRAAnomaliesDisplay	Retrieve anomalies for specified case id from GRA and update in XSOAR.
GRAUpdateCaseStatus	GRA Update Case Status.
GRAAnalyticalFeatureDisplay	Display GRA analytical feature on the layout.

Classifiers

Name	Description
GRACase-Classifier	Classifies Gurucul GRA Case Incident.
GRACase-Mapper

Incident Fields

Name	Description
GRA Case Risk Date	GRA Case Risk Date
GRA Case Entity Id	GRA Case Entity Id
GRA Case Status	GRA Case Status
GRA Case Owner Id	GRA Case Owner Id
GRA Case Weblink	GRA Case Weblink
GRA Case Owner Name	GRA Case Owner Name
GRA Case Anomaly Details	GRA Case Anomaly Details
GRA Case	GRA Case
GRA Case Owner Type	GRA Case Owner Type
GRA Case Risk Score	GRA Case Risk Score
GRA Case Entity Type Id	GRA Case Entity Type Id
GRA Case Entity	GRA Case Entity

Incident Types

Name	Description
GRACase

Integrations

Name	Description
Gurucul-GRA (Partner Contribution)	Gurucul Risk Analytics (GRA) is a Unified Security and Risk Analytics platform.

Playbooks

Name	Description
GRACase	Playbook for fetching cases assosiated to high risk users.

Required Content Packs (4)

Pack Name	Pack By
Base	By: Cortex XSOAR
Common Playbooks	By: Cortex XSOAR
Common Scripts	By: Cortex XSOAR
Filters And Transformers	By: Cortex XSOAR

Optional Content Packs (2)

Pack Name	Pack By
Common Types	By: Cortex XSOAR
Phishing	By: Cortex XSOAR

All level dependencies (6)

Pack Name	Pack By
Filters And Transformers	By: Cortex XSOAR
Base	By: Cortex XSOAR
Cortex REST API	By: Cortex XSOAR
Common Playbooks	By: Cortex XSOAR
Rasterize	By: Cortex XSOAR
Common Scripts	By: Cortex XSOAR

2.0.5 - 1263466 (August 12, 2024)

Integrations

Gurucul-GRA

Bug Fixes:
- Resolved an issue with incident closing.
- Fixed a problem related to fetching the analytical attribute.
Updated the Docker image to: demisto/python3:3.11.9.106008.

Scripts

GRAAnalyticalFeatureDisplay

Updated the Docker image to: demisto/python3:3.11.9.106008.

GRAAnomaliesDisplay

Updated the Docker image to: demisto/python3:3.11.9.106008.

GRAUpdateCaseStatus

Updated the Docker image to: demisto/python3:3.11.9.106008.

Related pull requests:
- 35754
- 35833

Download

2.0.4 - 1061293 (June 2, 2024)

Integrations

Gurucul-GRA

Updated the Docker image to: demisto/python3:3.10.14.95956.

Scripts

GRAAnomaliesDisplay

Updated the Docker image to: demisto/python3:3.10.14.95956.

Related pull requests:
- 34631
- 34076
- 34074
- 34075
- 34071
- 34072
- 34073

Download

2.0.3 - 938811 (April 7, 2024)

Scripts

GRAAnalyticalFeatureDisplay

Updated the Docker image to: demisto/python3:3.10.14.90585.

GRAUpdateCaseStatus

Updated the Docker image to: demisto/python3:3.10.14.90585.

Related pull requests:
- 33641
- 33516
- 33519
- 33515
- 33329
- 33314
- 33318
- 33328
- 33357
- 33344
- 33359
- 33458
- 33535
- 33534
- 33537
- 33552
- 33580
- 33553
- 33418
- 33583
- 33555
- 33556
- 33559
- 33560
- 33619
- 33591
- 33602
- 33600
- 33314
- 33318
- 33328
- 33357
- 33344
- 33359
- 33458

Download

2.0.2 - R828628 (February 14, 2024)

Scripts

GRAAnomaliesDisplay

Updated the Docker image to: demisto/python3:3.10.12.63474.

GRAAnalyticalFeatureDisplay

Updated the Docker image to: demisto/python3:3.10.12.63474.

GRAUpdateCaseStatus

Updated the Docker image to: demisto/python3:3.10.12.63474.

Related pull requests:
- 28221

Download

2.0.1 - R5692327 (July 5, 2023)

Integrations

Gurucul-GRA

Updated the Docker image to: demisto/python3:3.10.12.63474.

Related pull requests:
- 27877

Download

2.0.0 - R5170573 (May 2, 2023)

Integrations

Gurucul-GRA

Updated the Docker image to: demisto/python3:3.10.10.47713.
Changed the Gurucul-GRA logo
Changed the description of all commands

Layouts

GRACaseLayout
Added new dynamic section to incident layout
This section uses the new automation script GRAAnomaliesDisplay
With this change, XSOAR will be able to get the newly added/modified anomalies for a particular case/incident from GRA
The new anomalies will then be synced with XSOAR

Scripts

New: GRAAnomaliesDisplay

Retrieve anomalies for specified case id from GRA and update in XSOAR

GRAAnalyticalFeatureDisplay

Updated the Docker image to: demisto/python3:3.10.10.47713.

GRAUpdateCaseStatus

Updated the Docker image to: demisto/python3:3.10.10.47713.

Related pull requests:
- 24640

Download

1.2.1 - R4618697 (February 15, 2023)

Layouts

GRACaseLayout
This item is no longer supported in XSIAM.

Related pull requests:
- 24221

Download

PUBLISHER

PLATFORMS

Cortex XSOARCortex XSIAM

INFO

Certification	Certified	Read more
Supported By	Partner
Created	January 10, 2021
Last Release	August 12, 2024

WORKS WITH THE FOLLOWING INTEGRATIONS:

DISCLAIMER

Content packs are licensed by the Publisher identified above and subject to the Publisher’s own licensing terms. Palo Alto Networks is not liable for and does not warrant or support any content pack produced by a third-party Publisher, whether or not such packs are designated as “Palo Alto Networks-certified” or otherwise. For more information, see the Marketplace documentation.