IronDefense Classifier
IronNet
- Details
- Content
- Dependencies
- Version History
The IronDefense Integration allows users to interact with IronDefense alerts within Demisto. The Integration provides the ability to rate alerts, update alert statuses, add comments to alerts, and to report observed bad activity.
Classifiers
| Name | Description |
|---|---|
IronDefense - Classifier | |
IronDefense - Incoming Mapper | IronDefense Mapper |
Incident Fields
| Name | Description |
|---|---|
IronDefense Src IP | |
IronDefense IronDome ID | |
IronDefense Aggregation Criteria | |
IronDefense Alert IDs | |
IronDefense Bytes Out | |
IronDefense Is Whitelisted | |
IronDefense Dst Network ID | |
IronDefense Analyst Severity | |
IronDefense Secondary App Protocol | |
IronDefense Dome Shared Time | |
IronDefense App Domains | |
IronDefense Event Count | |
IronDefense Status | |
IronDefense Raw Data Format | |
IronDefense Bytes In | |
IronDefense Mismatch Details | |
IronDefense Dst IP | |
IronDefense Dst Entity Attribute | |
IronDefense Start Time | |
IronDefense Dome Tags | |
IronDefense Primary App Protocol | |
IronDefense Updated | |
IronDefense Alert ID | |
IronDefense Confidence | |
IronDefense Total Bytes | |
IronDefense Last event Created | |
IronDefense Severity Malicious Details | |
IronDefense Severity Details | |
IronDefense Is Blacklisted | |
IronDefense Analyst Expectation | |
IronDefense End Time | |
IronDefense Src Entity Attribute | |
IronDefense Severity Suspicious Details | |
IronDefense Comment Details | |
IronDefense VUE URL | |
IronDefense Severity | |
IronDefense Src Entity Attribute Type | |
IronDefense SubCategory | |
IronDefense Created | |
IronDefense First Event Created | |
IronDefense Src Network ID | |
IronDefense Dst Port | |
IronDefense IronDome Category | |
IronDefense High Cognitive System Details | |
IronDefense Event ID | |
IronDefense Dst Entity Attribute Type | |
IronDefense Category |
Incident Types
| Name | Description |
|---|---|
IronDefense IronDome Notification | |
IronDefense Alert Notification | |
IronDefense Event Notification |
Integrations
| Name | Description |
|---|---|
| IronDefense (Partner Contribution) | The IronDefense Integration for Cortex XSOAR allows users to interact with IronDefense alerts within Cortex XSOAR. The Integration provides the ability to rate alerts, update alert statuses, add comments to alerts, to report observed bad activity, get alerts, get events, and get IronDome information. |
Layouts
| Name | Description |
|---|---|
IronDefense Alert Notification | IronDefense Alert Notification Layout |
IronDefense IronDome Notification | IronDefense IronDome Notification Layout |
IronDefense Event Notification | IronDefense Event Notification Layout |
Classifiers
| Name | Description |
|---|---|
IronDefense - Classifier | IronDefense Classifier |
IronDefense - Incoming Mapper | IronDefense Mapper |
Incident Fields
| Name | Description |
|---|---|
IronDefense IronDome ID | |
IronDefense Bytes In | |
IronDefense Src Entity Attribute | |
IronDefense Alert ID | |
IronDefense Updated | |
IronDefense Severity Malicious Details | |
IronDefense Comment Details | |
IronDefense Confidence | |
IronDefense Severity Suspicious Details | |
IronDefense Analyst Expectation | |
IronDefense Src Entity Attribute Type | |
IronDefense Severity Details | |
IronDefense Created | |
IronDefense High Cognitive System Details | |
IronDefense Analyst Severity | |
IronDefense Dome Tags | |
IronDefense Alert IDs | |
IronDefense Mismatch Details | |
IronDefense Start Time | |
IronDefense End Time | |
IronDefense Severity | |
IronDefense Last event Created | |
IronDefense Secondary App Protocol | |
IronDefense Is Blacklisted | |
IronDefense App Domains | |
IronDefense SubCategory | |
IronDefense VUE URL | |
IronDefense Dst Entity Attribute | |
IronDefense Event ID | |
IronDefense Bytes Out | |
IronDefense Event Count | |
IronDefense Dst Entity Attribute Type | |
IronDefense Status | |
IronDefense Aggregation Criteria | |
IronDefense Total Bytes | |
IronDefense Dome Shared Time | |
IronDefense Raw Data Format | |
IronDefense Is Whitelisted |
Incident Types
| Name | Description |
|---|---|
IronDefense Event Notification | |
IronDefense Alert Notification | |
IronDefense IronDome Notification |
Integrations
| Name | Description |
|---|---|
| IronDefense (Partner Contribution) | The IronDefense Integration for Cortex allows users to interact with IronDefense alerts within Cortex. The Integration provides the ability to rate alerts, update alert statuses, add comments to alerts, to report observed bad activity, get alerts, get events, and get IronDome information. |
Layoutrule
| Name | Description |
|---|---|
IronDome Notification Layout Rule | |
IronDefense Event Notification Layout Rule | |
IronDefense Alert Notification Layout Rule |
Layouts
| Name | Description |
|---|---|
IronDefense IronDome Notification | IronDefense IronDome Notification Layout |
IronDefense Alert Notification | IronDefense Alert Notification Layout |
IronDefense Event Notification | IronDefense Event Notification Layout |
Required Content Packs (1)
| Pack Name | Pack By |
|---|---|
| Base | By: Cortex XSOAR |
Optional Content Packs (1)
| Pack Name | Pack By |
|---|---|
| Common Types | By: Cortex XSOAR |
All level dependencies (1)
| Pack Name | Pack By |
|---|---|
| Base | By: Cortex XSOAR |
1.1.13 - 2380698 (February 8, 2022)
Incident Fields
- IronDefense Category
- IronDefense IronDome Category
1.1.12 - 2355875 (February 3, 2022)
Incident Fields
- IronDefense Category
- IronDefense Dst Network ID
- IronDefense IronDome Category
- IronDefense Primary App Protocol
1.1.11 - 2353377 (February 3, 2022)
Incident Fields
- IronDefense First Event Created
- IronDefense Src Network ID
1.1.10 - 2303329 (January 25, 2022)
Incident Fields
Maintenance and stability enhancements for the following fields:
- IronDefense Src IP
- IronDefense Dst Port
- IronDefense Dst IP
1.1.9 - R2146019 (December 21, 2021)
Integrations
IronDefense
- Updated the Docker image to: demisto/python3:3.9.8.24399.
1.1.8 - 1959372 (November 16, 2021)
Incident Fields
- IronDefense IronDome Category
- Maintenance and stability enhancements.
1.1.7 - 7561139 (September 12, 2021)
Integrations
IronDefense
- Updated the Docker image to: demisto/python3:3.9.7.24076.
1.1.6 - R400461 (July 20, 2021)
Integrations
IronDefense
- Upgraded the Docker image to: demisto/python3:3.9.5.21272.
1.1.5 - 379915 (June 7, 2021)
Integrations
IronDefense
- Upgraded the Docker image to: demisto/python3:3.9.5.20958.
1.1.4 - R264879 (January 10, 2021)
Layouts
- layout-details-IronDefense_Event_Notification.json
Maintenance and stability enhancements.
1.1.3 - R229790 (December 22, 2020)
Integrations
IronDefense
- Upgraded the Docker image to demisto/python3:3.8.6.13358.
1.1.2 - R180529 (November 9, 2020)
Integrations
IronDefense
- Updated the pack support information.
1.1.1 - 95977 (August 26, 2020)
Integrations
IronDefense
- Updated the pack support information.
1.1.0 - 95316 (August 26, 2020)
Integrations
IronDefense
- Added ability to retrieve IronDefense alerts and events.
- Improving descriptions.
Layouts
layout-details-IronDefense_IronDome_Notification.json
- Create layout for notificationtype
layout-details-IronDefense_Event_Notification.json
- Create layout for notificationtype
layout-details-IronDefense_Alert_Notification.json
- Create layout for notificationtype
Incident Fields
IronDefense VUE URL
- Add field
IronDefense Updated
- Add field
IronDefense Total Bytes
- Add field
IronDefense SubCategory
- Add field
IronDefense Status
- Add field
IronDefense Start Time
- Add field
IronDefense Src Network ID
- Add field
IronDefense Src IP
- Add field
IronDefense Src Entity Attribute Type
- Add field
IronDefense Src Entity Attribute
- Add field
IronDefense Severity Suspicious Details
- Add field
IronDefense Severity Malicious Details
- Add field
IronDefense Severity Details
- Add field
IronDefense Severity
- Add field
IronDefense Secondary App Protocol
- Add field
IronDefense Raw Data Format
- Add field
IronDefense Primary App Protocol
- Add field
IronDefense Mismatch Details
- Add field
IronDefense Last event Created
- Add field
IronDefense Is Whitelisted
- Add field
IronDefense Is Blacklisted
- Add field
Incident Types
IronDefense IronDome Notification
- add incident type
IronDefense IronDome ID
- Add field
IronDefense IronDome Category
- Add field
IronDefense High Cognitive System Details
- Add field
IronDefense First Event Created
- Add field
IronDefense Event Notification
- %add incident type
IronDefense Event ID
- Add field
IronDefense Event Count
- Add field
IronDefense End Time
- Add field
IronDefense Dst Port
- Add field
IronDefense Dst Network ID
- Add field
IronDefense Dst IP
- Add field
IronDefense Dst Entity Attribute Type
- Add field
IronDefense Dst Entity Attribute
- Add field
IronDefense Dome Tags
- Add field
IronDefense Dome Shared Time
- Add field
IronDefense Created
- Add field
IronDefense Confidence
- Add field
IronDefense Comment Details
- Add field
IronDefense Category
- Add field
IronDefense Bytes Out
- Add field
IronDefense Bytes In
- Add field
IronDefense App Domains
- Add field
IronDefense Analyst Severity
- Add field
IronDefense Analyst Expectation
- Add field
IronDefense Alert Notification
- add incident type
IronDefense Alert IDs
- Add field
IronDefense Alert ID
- Add field
IronDefense Aggregation Criteria
- Add field
Classifiers
IronDefense
Added new Classifier
IronDefense - Incoming Mapper
Added new incoming mapper
IronDefense - Classifier
Added new Classifier
1.0.0 - 60526 (June 30, 2020)
The IronDefense Integration allows users to interact with IronDefense alerts within Demisto. The Integration provides the ability to rate alerts, update alert statuses, add comments to alerts, and to report observed bad activity.
PUBLISHER
PLATFORMS
Cortex XSOARCortex XSIAM
INFO
| Certification | Certified | Read more |
| Supported By | Partner | |
| Created | June 30, 2020 | |
| Last Release | January 9, 2025 |
WORKS WITH THE FOLLOWING INTEGRATIONS:
