IronDefense Classifier
IronNet
- Details
- Content
- Dependencies
- Version History
The IronDefense Integration allows users to interact with IronDefense alerts within Demisto. The Integration provides the ability to rate alerts, update alert statuses, add comments to alerts, and to report observed bad activity.
Classifiers
| Name | Description |
|---|---|
IronDefense - Classifier | |
IronDefense - Incoming Mapper | IronDefense Mapper |
Incident Fields
| Name | Description |
|---|---|
IronDefense Primary App Protocol | |
IronDefense Dst Entity Attribute Type | |
IronDefense High Cognitive System Details | |
IronDefense Start Time | |
IronDefense Dst Port | |
IronDefense Src Entity Attribute | |
IronDefense Total Bytes | |
IronDefense Secondary App Protocol | |
IronDefense Src Network ID | |
IronDefense Src IP | |
IronDefense First Event Created | |
IronDefense Analyst Severity | |
IronDefense Bytes Out | |
IronDefense Src Entity Attribute Type | |
IronDefense Is Whitelisted | |
IronDefense Bytes In | |
IronDefense Dome Tags | |
IronDefense Confidence | |
IronDefense Comment Details | |
IronDefense Alert ID | |
IronDefense VUE URL | |
IronDefense Created | |
IronDefense Updated | |
IronDefense End Time | |
IronDefense Dome Shared Time | |
IronDefense Mismatch Details | |
IronDefense Dst Network ID | |
IronDefense Alert IDs | |
IronDefense Severity | |
IronDefense IronDome Category | |
IronDefense Dst IP | |
IronDefense Analyst Expectation | |
IronDefense App Domains | |
IronDefense SubCategory | |
IronDefense Event ID | |
IronDefense Is Blacklisted | |
IronDefense Severity Suspicious Details | |
IronDefense Status | |
IronDefense Severity Details | |
IronDefense Category | |
IronDefense IronDome ID | |
IronDefense Event Count | |
IronDefense Last event Created | |
IronDefense Dst Entity Attribute | |
IronDefense Aggregation Criteria | |
IronDefense Raw Data Format | |
IronDefense Severity Malicious Details |
Incident Types
| Name | Description |
|---|---|
IronDefense IronDome Notification | |
IronDefense Event Notification | |
IronDefense Alert Notification |
Integrations
| Name | Description |
|---|---|
| IronDefense (Partner Contribution) | The IronDefense Integration for Cortex XSOAR allows users to interact with IronDefense alerts within Cortex XSOAR. The Integration provides the ability to rate alerts, update alert statuses, add comments to alerts, to report observed bad activity, get alerts, get events, and get IronDome information. |
Layouts
| Name | Description |
|---|---|
IronDefense Alert Notification | IronDefense Alert Notification Layout |
IronDefense IronDome Notification | IronDefense IronDome Notification Layout |
IronDefense Event Notification | IronDefense Event Notification Layout |
Classifiers
| Name | Description |
|---|---|
IronDefense - Classifier | IronDefense Classifier |
IronDefense - Incoming Mapper | IronDefense Mapper |
Incident Fields
| Name | Description |
|---|---|
IronDefense Raw Data Format | |
IronDefense Bytes Out | |
IronDefense Severity Malicious Details | |
IronDefense Comment Details | |
IronDefense Is Whitelisted | |
IronDefense Dome Shared Time | |
IronDefense IronDome ID | |
IronDefense Created | |
IronDefense Dst Entity Attribute Type | |
IronDefense Event ID | |
IronDefense Analyst Severity | |
IronDefense SubCategory | |
IronDefense Start Time | |
IronDefense High Cognitive System Details | |
IronDefense End Time | |
IronDefense Alert ID | |
IronDefense Event Count | |
IronDefense App Domains | |
IronDefense Src Entity Attribute Type | |
IronDefense Last event Created | |
IronDefense Aggregation Criteria | |
IronDefense Src Entity Attribute | |
IronDefense Severity Suspicious Details | |
IronDefense Severity | |
IronDefense Total Bytes | |
IronDefense Dome Tags | |
IronDefense Analyst Expectation | |
IronDefense Updated | |
IronDefense Alert IDs | |
IronDefense VUE URL | |
IronDefense Dst Entity Attribute | |
IronDefense Mismatch Details | |
IronDefense Bytes In | |
IronDefense Severity Details | |
IronDefense Is Blacklisted | |
IronDefense Confidence | |
IronDefense Secondary App Protocol | |
IronDefense Status |
Incident Types
| Name | Description |
|---|---|
IronDefense Event Notification | |
IronDefense Alert Notification | |
IronDefense IronDome Notification |
Integrations
| Name | Description |
|---|---|
| IronDefense (Partner Contribution) | The IronDefense Integration for Cortex XSIAM allows users to interact with IronDefense alerts within Cortex XSIAM. The Integration provides the ability to rate alerts, update alert statuses, add comments to alerts, to report observed bad activity, get alerts, get events, and get IronDome information. |
Layoutrule
| Name | Description |
|---|---|
IronDefense Alert Notification Layout Rule | |
IronDome Notification Layout Rule | |
IronDefense Event Notification Layout Rule |
Layouts
| Name | Description |
|---|---|
IronDefense IronDome Notification | IronDefense IronDome Notification Layout |
IronDefense Event Notification | IronDefense Event Notification Layout |
IronDefense Alert Notification | IronDefense Alert Notification Layout |
Required Content Packs (1)
| Pack Name | Pack By |
|---|---|
| Base | By: Cortex XSOAR |
Optional Content Packs (1)
| Pack Name | Pack By |
|---|---|
| Common Types | By: Cortex XSOAR |
All level dependencies (1)
| Pack Name | Pack By |
|---|---|
| Base | By: Cortex XSOAR |
1.1.13 - 2380698 (February 8, 2022)
Incident Fields
- IronDefense Category
- IronDefense IronDome Category
1.1.12 - 2355875 (February 3, 2022)
Incident Fields
- IronDefense Category
- IronDefense Dst Network ID
- IronDefense IronDome Category
- IronDefense Primary App Protocol
1.1.11 - 2353377 (February 3, 2022)
Incident Fields
- IronDefense First Event Created
- IronDefense Src Network ID
1.1.10 - 2303329 (January 25, 2022)
Incident Fields
Maintenance and stability enhancements for the following fields:
- IronDefense Src IP
- IronDefense Dst Port
- IronDefense Dst IP
1.1.9 - R2146019 (December 21, 2021)
Integrations
IronDefense
- Updated the Docker image to: demisto/python3:3.9.8.24399.
1.1.8 - 1959372 (November 16, 2021)
Incident Fields
- IronDefense IronDome Category
- Maintenance and stability enhancements.
1.1.7 - 7561139 (September 12, 2021)
Integrations
IronDefense
- Updated the Docker image to: demisto/python3:3.9.7.24076.
1.1.6 - R400461 (July 20, 2021)
Integrations
IronDefense
- Upgraded the Docker image to: demisto/python3:3.9.5.21272.
1.1.5 - 379915 (June 7, 2021)
Integrations
IronDefense
- Upgraded the Docker image to: demisto/python3:3.9.5.20958.
1.1.4 - R264879 (January 10, 2021)
Layouts
- layout-details-IronDefense_Event_Notification.json
Maintenance and stability enhancements.
1.1.3 - R229790 (December 22, 2020)
Integrations
IronDefense
- Upgraded the Docker image to demisto/python3:3.8.6.13358.
1.1.2 - R180529 (November 9, 2020)
Integrations
IronDefense
- Updated the pack support information.
1.1.1 - 95977 (August 26, 2020)
Integrations
IronDefense
- Updated the pack support information.
1.1.0 - 95316 (August 26, 2020)
Integrations
IronDefense
- Added ability to retrieve IronDefense alerts and events.
- Improving descriptions.
Layouts
layout-details-IronDefense_IronDome_Notification.json
- Create layout for notificationtype
layout-details-IronDefense_Event_Notification.json
- Create layout for notificationtype
layout-details-IronDefense_Alert_Notification.json
- Create layout for notificationtype
Incident Fields
IronDefense VUE URL
- Add field
IronDefense Updated
- Add field
IronDefense Total Bytes
- Add field
IronDefense SubCategory
- Add field
IronDefense Status
- Add field
IronDefense Start Time
- Add field
IronDefense Src Network ID
- Add field
IronDefense Src IP
- Add field
IronDefense Src Entity Attribute Type
- Add field
IronDefense Src Entity Attribute
- Add field
IronDefense Severity Suspicious Details
- Add field
IronDefense Severity Malicious Details
- Add field
IronDefense Severity Details
- Add field
IronDefense Severity
- Add field
IronDefense Secondary App Protocol
- Add field
IronDefense Raw Data Format
- Add field
IronDefense Primary App Protocol
- Add field
IronDefense Mismatch Details
- Add field
IronDefense Last event Created
- Add field
IronDefense Is Whitelisted
- Add field
IronDefense Is Blacklisted
- Add field
Incident Types
IronDefense IronDome Notification
- add incident type
IronDefense IronDome ID
- Add field
IronDefense IronDome Category
- Add field
IronDefense High Cognitive System Details
- Add field
IronDefense First Event Created
- Add field
IronDefense Event Notification
- %add incident type
IronDefense Event ID
- Add field
IronDefense Event Count
- Add field
IronDefense End Time
- Add field
IronDefense Dst Port
- Add field
IronDefense Dst Network ID
- Add field
IronDefense Dst IP
- Add field
IronDefense Dst Entity Attribute Type
- Add field
IronDefense Dst Entity Attribute
- Add field
IronDefense Dome Tags
- Add field
IronDefense Dome Shared Time
- Add field
IronDefense Created
- Add field
IronDefense Confidence
- Add field
IronDefense Comment Details
- Add field
IronDefense Category
- Add field
IronDefense Bytes Out
- Add field
IronDefense Bytes In
- Add field
IronDefense App Domains
- Add field
IronDefense Analyst Severity
- Add field
IronDefense Analyst Expectation
- Add field
IronDefense Alert Notification
- add incident type
IronDefense Alert IDs
- Add field
IronDefense Alert ID
- Add field
IronDefense Aggregation Criteria
- Add field
Classifiers
IronDefense
Added new Classifier
IronDefense - Incoming Mapper
Added new incoming mapper
IronDefense - Classifier
Added new Classifier
1.0.0 - 60526 (June 30, 2020)
The IronDefense Integration allows users to interact with IronDefense alerts within Demisto. The Integration provides the ability to rate alerts, update alert statuses, add comments to alerts, and to report observed bad activity.
PUBLISHER
PLATFORMS
Cortex XSOARCortex XSIAM
INFO
| Certification | Certified | Read more |
| Supported By | Partner | |
| Created | June 30, 2020 | |
| Last Release | February 14, 2024 |
WORKS WITH THE FOLLOWING INTEGRATIONS:
