Cortex-Analyzers/responders/QRadarAutoClose/QRadarAutoClose.json

35 lines
1.1 KiB
JSON
Raw Normal View History

2019-04-15 12:34:54 +00:00
{
"name": "QRadar_Auto_Closing_Offense",
2019-04-15 12:34:54 +00:00
"version": "1.0",
"author": "Florian Perret",
"url": "https://github.com/TheHive-Project/Cortex-Analyzers",
"license": "AGPL-V3",
"description": "Closing the QRadar Offense associated to your case in one clic !",
"dataTypeList": ["thehive:case"],
"command": "QRadarAutoClose/QRadarAutoClose.py",
"baseConfig": "QRadarAutoClose",
"configurationItems": [
{
"name": "QRadar_API_Key",
"description": "A QRadar API key with sufficent rights to close an offense",
"type": "string",
"multi": false,
"required": true
},
{
"name": "QRadar_Url",
"description": "URL of your QRadar API, must be accessible from Cortex server. eg: myqradar.myorg.com/api/siem/offenses",
"type": "string",
"multi": false,
"required": true
},
{
"name": "Cert_Path",
"description": "If you need a certificate to authentificate to your QRadar API, please provide the path here",
"type": "string",
"multi": false,
"required": false
}
]
}