IronDefense Classifier
IronNet
- Details
- Content
- Dependencies
- Version History
The IronDefense Integration allows users to interact with IronDefense alerts within Demisto. The Integration provides the ability to rate alerts, update alert statuses, add comments to alerts, and to report observed bad activity.
Classifiers
| Name | Description |
|---|---|
IronDefense - Classifier | |
IronDefense - Incoming Mapper | IronDefense Mapper |
Incident Fields
| Name | Description |
|---|---|
IronDefense Analyst Expectation | |
IronDefense VUE URL | |
IronDefense Severity Malicious Details | |
IronDefense Dome Shared Time | |
IronDefense Is Blacklisted | |
IronDefense Last event Created | |
IronDefense Primary App Protocol | |
IronDefense Dst Entity Attribute Type | |
IronDefense Alert IDs | |
IronDefense Dst Entity Attribute | |
IronDefense End Time | |
IronDefense Src Entity Attribute | |
IronDefense Aggregation Criteria | |
IronDefense Category | |
IronDefense Is Whitelisted | |
IronDefense Status | |
IronDefense Start Time | |
IronDefense High Cognitive System Details | |
IronDefense Severity Suspicious Details | |
IronDefense Dst Network ID | |
IronDefense Comment Details | |
IronDefense Event ID | |
IronDefense First Event Created | |
IronDefense App Domains | |
IronDefense Total Bytes | |
IronDefense Src Entity Attribute Type | |
IronDefense IronDome Category | |
IronDefense Mismatch Details | |
IronDefense Analyst Severity | |
IronDefense Created | |
IronDefense Raw Data Format | |
IronDefense Dst IP | |
IronDefense Alert ID | |
IronDefense SubCategory | |
IronDefense Secondary App Protocol | |
IronDefense IronDome ID | |
IronDefense Bytes Out | |
IronDefense Bytes In | |
IronDefense Event Count | |
IronDefense Src Network ID | |
IronDefense Dst Port | |
IronDefense Updated | |
IronDefense Severity | |
IronDefense Severity Details | |
IronDefense Confidence | |
IronDefense Dome Tags | |
IronDefense Src IP |
Incident Types
| Name | Description |
|---|---|
IronDefense Event Notification | |
IronDefense IronDome Notification | |
IronDefense Alert Notification |
Integrations
| Name | Description |
|---|---|
| IronDefense (Partner Contribution) | The IronDefense Integration for Cortex XSOAR allows users to interact with IronDefense alerts within Cortex XSOAR. The Integration provides the ability to rate alerts, update alert statuses, add comments to alerts, to report observed bad activity, get alerts, get events, and get IronDome information. |
Layouts
| Name | Description |
|---|---|
IronDefense Event Notification | IronDefense Event Notification Layout |
IronDefense IronDome Notification | IronDefense IronDome Notification Layout |
IronDefense Alert Notification | IronDefense Alert Notification Layout |
Classifiers
| Name | Description |
|---|---|
IronDefense - Classifier | IronDefense Classifier |
IronDefense - Incoming Mapper | IronDefense Mapper |
Incident Fields
| Name | Description |
|---|---|
IronDefense Is Blacklisted | |
IronDefense Comment Details | |
IronDefense Dome Tags | |
IronDefense Updated | |
IronDefense Alert ID | |
IronDefense Is Whitelisted | |
IronDefense Total Bytes | |
IronDefense Event ID | |
IronDefense Dst Entity Attribute Type | |
IronDefense Analyst Severity | |
IronDefense Start Time | |
IronDefense Severity Suspicious Details | |
IronDefense Analyst Expectation | |
IronDefense Secondary App Protocol | |
IronDefense VUE URL | |
IronDefense Alert IDs | |
IronDefense Dst Entity Attribute | |
IronDefense Confidence | |
IronDefense High Cognitive System Details | |
IronDefense Bytes In | |
IronDefense Severity Malicious Details | |
IronDefense SubCategory | |
IronDefense Created | |
IronDefense App Domains | |
IronDefense Last event Created | |
IronDefense Raw Data Format | |
IronDefense Src Entity Attribute | |
IronDefense Src Entity Attribute Type | |
IronDefense IronDome ID | |
IronDefense Mismatch Details | |
IronDefense End Time | |
IronDefense Severity Details | |
IronDefense Severity | |
IronDefense Aggregation Criteria | |
IronDefense Dome Shared Time | |
IronDefense Bytes Out | |
IronDefense Event Count | |
IronDefense Status |
Incident Types
| Name | Description |
|---|---|
IronDefense Event Notification | |
IronDefense IronDome Notification | |
IronDefense Alert Notification |
Integrations
| Name | Description |
|---|---|
| IronDefense (Partner Contribution) | The IronDefense Integration for Cortex XSIAM allows users to interact with IronDefense alerts within Cortex XSIAM. The Integration provides the ability to rate alerts, update alert statuses, add comments to alerts, to report observed bad activity, get alerts, get events, and get IronDome information. |
Layoutrule
| Name | Description |
|---|---|
IronDefense Event Notification Layout Rule | |
IronDefense Alert Notification Layout Rule | |
IronDome Notification Layout Rule |
Layouts
| Name | Description |
|---|---|
IronDefense Event Notification | IronDefense Event Notification Layout |
IronDefense IronDome Notification | IronDefense IronDome Notification Layout |
IronDefense Alert Notification | IronDefense Alert Notification Layout |
Required Content Packs (1)
| Pack Name | Pack By |
|---|---|
| Base | By: Cortex XSOAR |
Optional Content Packs (1)
| Pack Name | Pack By |
|---|---|
| Common Types | By: Cortex XSOAR |
All level dependencies (1)
| Pack Name | Pack By |
|---|---|
| Base | By: Cortex XSOAR |
1.1.13 - 2380698 (February 8, 2022)
Incident Fields
- IronDefense Category
- IronDefense IronDome Category
1.1.12 - 2355875 (February 3, 2022)
Incident Fields
- IronDefense Category
- IronDefense Dst Network ID
- IronDefense IronDome Category
- IronDefense Primary App Protocol
1.1.11 - 2353377 (February 3, 2022)
Incident Fields
- IronDefense First Event Created
- IronDefense Src Network ID
1.1.10 - 2303329 (January 25, 2022)
Incident Fields
Maintenance and stability enhancements for the following fields:
- IronDefense Src IP
- IronDefense Dst Port
- IronDefense Dst IP
1.1.9 - R2146019 (December 21, 2021)
Integrations
IronDefense
- Updated the Docker image to: demisto/python3:3.9.8.24399.
1.1.8 - 1959372 (November 16, 2021)
Incident Fields
- IronDefense IronDome Category
- Maintenance and stability enhancements.
1.1.7 - 7561139 (September 12, 2021)
Integrations
IronDefense
- Updated the Docker image to: demisto/python3:3.9.7.24076.
1.1.6 - R400461 (July 20, 2021)
Integrations
IronDefense
- Upgraded the Docker image to: demisto/python3:3.9.5.21272.
1.1.5 - 379915 (June 7, 2021)
Integrations
IronDefense
- Upgraded the Docker image to: demisto/python3:3.9.5.20958.
1.1.4 - R264879 (January 10, 2021)
Layouts
- layout-details-IronDefense_Event_Notification.json
Maintenance and stability enhancements.
1.1.3 - R229790 (December 22, 2020)
Integrations
IronDefense
- Upgraded the Docker image to demisto/python3:3.8.6.13358.
1.1.2 - R180529 (November 9, 2020)
Integrations
IronDefense
- Updated the pack support information.
1.1.1 - 95977 (August 26, 2020)
Integrations
IronDefense
- Updated the pack support information.
1.1.0 - 95316 (August 26, 2020)
Integrations
IronDefense
- Added ability to retrieve IronDefense alerts and events.
- Improving descriptions.
Layouts
layout-details-IronDefense_IronDome_Notification.json
- Create layout for notificationtype
layout-details-IronDefense_Event_Notification.json
- Create layout for notificationtype
layout-details-IronDefense_Alert_Notification.json
- Create layout for notificationtype
Incident Fields
IronDefense VUE URL
- Add field
IronDefense Updated
- Add field
IronDefense Total Bytes
- Add field
IronDefense SubCategory
- Add field
IronDefense Status
- Add field
IronDefense Start Time
- Add field
IronDefense Src Network ID
- Add field
IronDefense Src IP
- Add field
IronDefense Src Entity Attribute Type
- Add field
IronDefense Src Entity Attribute
- Add field
IronDefense Severity Suspicious Details
- Add field
IronDefense Severity Malicious Details
- Add field
IronDefense Severity Details
- Add field
IronDefense Severity
- Add field
IronDefense Secondary App Protocol
- Add field
IronDefense Raw Data Format
- Add field
IronDefense Primary App Protocol
- Add field
IronDefense Mismatch Details
- Add field
IronDefense Last event Created
- Add field
IronDefense Is Whitelisted
- Add field
IronDefense Is Blacklisted
- Add field
Incident Types
IronDefense IronDome Notification
- add incident type
IronDefense IronDome ID
- Add field
IronDefense IronDome Category
- Add field
IronDefense High Cognitive System Details
- Add field
IronDefense First Event Created
- Add field
IronDefense Event Notification
- %add incident type
IronDefense Event ID
- Add field
IronDefense Event Count
- Add field
IronDefense End Time
- Add field
IronDefense Dst Port
- Add field
IronDefense Dst Network ID
- Add field
IronDefense Dst IP
- Add field
IronDefense Dst Entity Attribute Type
- Add field
IronDefense Dst Entity Attribute
- Add field
IronDefense Dome Tags
- Add field
IronDefense Dome Shared Time
- Add field
IronDefense Created
- Add field
IronDefense Confidence
- Add field
IronDefense Comment Details
- Add field
IronDefense Category
- Add field
IronDefense Bytes Out
- Add field
IronDefense Bytes In
- Add field
IronDefense App Domains
- Add field
IronDefense Analyst Severity
- Add field
IronDefense Analyst Expectation
- Add field
IronDefense Alert Notification
- add incident type
IronDefense Alert IDs
- Add field
IronDefense Alert ID
- Add field
IronDefense Aggregation Criteria
- Add field
Classifiers
IronDefense
Added new Classifier
IronDefense - Incoming Mapper
Added new incoming mapper
IronDefense - Classifier
Added new Classifier
1.0.0 - 60526 (June 30, 2020)
The IronDefense Integration allows users to interact with IronDefense alerts within Demisto. The Integration provides the ability to rate alerts, update alert statuses, add comments to alerts, and to report observed bad activity.
PUBLISHER
PLATFORMS
Cortex XSOARCortex XSIAM
INFO
| Certification | Certified | Read more |
| Supported By | Partner | |
| Created | June 30, 2020 | |
| Last Release | December 4, 2024 |
WORKS WITH THE FOLLOWING INTEGRATIONS:
