Gem-Security · liormgem · Feb 18, 2024 · Feb 18, 2024 · Feb 22, 2024 · Feb 22, 2024
diff --git a/Packs/Gem/.pack-ignore b/Packs/Gem/.pack-ignore
diff --git a/Packs/Gem/.secrets-ignore b/Packs/Gem/.secrets-ignore
diff --git a/Packs/Gem/Author_image.png b/Packs/Gem/Author_image.png
diff --git a/Packs/Gem/Classifiers/classifier-GemAlert.json b/Packs/Gem/Classifiers/classifier-GemAlert.json
@@ -0,0 +1,18 @@
+{
+    "id": "Gem Classifier",
+    "name": "Gem Classifier",
+    "type": "classification",
+    "defaultIncidentType": "Gem Alert",
+    "description": "Classifies Gem Alerts.",
+    "fromVersion": "6.10.0",
+    "keyTypeMap": {},
+    "transformer": {
+        "complex": null,
+        "simple": ""
+    },
+    "version": -1,
+    "feed": false,
+    "propagationLabels": [
+        "all"
+    ]
+}
diff --git a/Packs/Gem/Classifiers/classifier-mapper-incoming-Gem-webhook.json b/Packs/Gem/Classifiers/classifier-mapper-incoming-Gem-webhook.json
@@ -0,0 +1,123 @@
+{
+    "feed": false,
+    "fromVersion": "6.10.0",
+    "mapping": {
+        "Gem Alert": {
+            "dontMapEventToLabels": false,
+            "internalMapping": {
+                "Gem Account ID": {
+                    "simple": "account.name"
+                },
+                "Gem Account Name": {
+                    "simple": "account.display_name"
+                },
+                "Gem Account Provider": {
+                    "simple": "account.cloud_provider"
+                },
+                "Gem Alert ID": {
+                    "simple": "event.alert_id"
+                },
+                "Gem Alert Source": {
+                    "simple": "event.alert_source"
+                },
+                "occurred": {
+                    "simple": "event_datetime"
+                },
+                "Description": {
+                    "simple": "description"
+                },
+                "Gem Events Count": {
+                    "simple": "event.events_total_count"
+                },
+                "Gem Url": {
+                    "complex": {
+                        "accessor": "threat_id",
+                        "filters": [],
+                        "root": "event",
+                        "transformers": [
+                            {
+                                "args": {
+                                    "prefix": {
+                                        "isContext": false,
+                                        "value": {
+                                            "simple": "https://app.gem.security/threats/"
+                                        }
+                                    },
+                                    "suffix": {
+                                        "isContext": false
+                                    }
+                                },
+                                "operator": "concat"
+                            }
+                        ]
+                    }
+                },
+                "Gem Main Entity ID": {
+                    "simple": "event.main_entity.id"
+                },
+                "Gem Main Entity Name": {
+                    "simple": "event.main_entity.name"
+                },
+                "Gem Main Entity Region": {
+                    "simple": "event.main_entity.metadata.region"
+                },
+                "Gem Main Entity Type": {
+                    "simple": "event.main_entity.type"
+                },
+                "Gem Threat ID": {
+                    "simple": "event.threat_id"
+                },
+                "Gem Title": {
+                    "simple": "title"
+                },
+                "Gem TTP ID": {
+                    "simple": "event.ttp_id"
+                },
+                "name": {
+                    "simple": "title"
+                },
+                "severity": {
+                    "complex": {
+                        "filters": [],
+                        "root": "severity",
+                        "transformers": [
+                            {
+                                "args": {
+                                    "input_values": {
+                                        "isContext": false,
+                                        "value": {
+                                            "simple": "1,2,3,4,5,6,7,8,9,10"
+                                        }
+                                    },
+                                    "mapped_values": {
+                                        "isContext": false,
+                                        "value": {
+                                            "simple": "1,1,1,2,2,2,2,3,3,3"
+                                        }
+                                    }
+                                },
+                                "operator": "MapValuesTransformer"
+                            }
+                        ]
+                    }
+                },
+                "Gem Severity": {
+                    "simple": "severity"
+                }
+            }
+        },
+        "dbot_classification_incident_type_all": {
+            "dontMapEventToLabels": false,
+            "internalMapping": {
+                "occurred": {
+                    "simple": "event_datetime"
+                }
+            }
+        }
+    },
+    "id": "Gem Mapper Webhook",
+    "name": "Gem Mapper Webhook",
+    "type": "mapping-incoming",
+    "description": "Maps incoming Gem Alert fields when received via webhook.",
+    "version": -1
+}
diff --git a/Packs/Gem/Classifiers/classifier-mapper-incoming-Gem.json b/Packs/Gem/Classifiers/classifier-mapper-incoming-Gem.json
@@ -0,0 +1,123 @@
+{
+    "id": "Gem Mapper",
+    "name": "Gem Mapper",
+    "type": "mapping-incoming",
+    "description": "Maps incoming Gem Alert fields.",
+    "fromVersion": "6.10.0",
+    "defaultIncidentType": "Gem Alert",
+    "mapping": {
+        "Gem Alert": {
+            "dontMapEventToLabels": false,
+            "internalMapping": {
+                "Description": {
+                    "simple": "description"
+                },
+                "Gem Account ID": {
+                    "simple": "account.name"
+                },
+                "Gem Account Name": {
+                    "simple": "account.display_name"
+                },
+                "Gem Account Provider": {
+                    "simple": "account.cloud_provider"
+                },
+                "Gem Alert ID": {
+                    "simple": "metadata.alert_id"
+                },
+                "Gem Alert Source": {
+                    "simple": "metadata.alert_source"
+                },
+                "Gem Events Count": {
+                    "simple": "metadata.events_total_count"
+                },
+                "Gem Main Entity ID": {
+                    "simple": "metadata.main_entity.id"
+                },
+                "Gem Main Entity Name": {
+                    "simple": "metadata.main_entity.name"
+                },
+                "Gem Main Entity Region": {
+                    "simple": "metadata.main_entity.metadata.region"
+                },
+                "Gem Main Entity Type": {
+                    "simple": "metadata.main_entity.type"
+                },
+                "Gem Severity": {
+                    "simple": "severity"
+                },
+                "Gem TTP ID": {
+                    "simple": "metadata.ttp_id"
+                },
+                "Gem Threat ID": {
+                    "simple": "metadata.threat_id"
+                },
+                "Gem Title": {
+                    "simple": "title"
+                },
+                "Gem Url": {
+                    "complex": {
+                        "accessor": "threat_id",
+                        "filters": [],
+                        "root": "metadata",
+                        "transformers": [
+                            {
+                                "args": {
+                                    "prefix": {
+                                        "isContext": false,
+                                        "value": {
+                                            "simple": "https://app.gem.security/threats/"
+                                        }
+                                    },
+                                    "suffix": {
+                                        "isContext": false
+                                    }
+                                },
+                                "operator": "concat"
+                            }
+                        ]
+                    }
+                },
+                "name": {
+                    "simple": "title"
+                },
+                "occurred": {
+                    "simple": "event_datetime"
+                },
+                "severity": {
+                    "complex": {
+                        "filters": [],
+                        "root": "severity",
+                        "transformers": [
+                            {
+                                "args": {
+                                    "input_values": {
+                                        "isContext": false,
+                                        "value": {
+                                            "simple": "1,2,3,4,5,6,7,8,9,10"
+                                        }
+                                    },
+                                    "mapped_values": {
+                                        "isContext": false,
+                                        "value": {
+                                            "simple": "1,1,1,2,2,2,2,3,3,3"
+                                        }
+                                    }
+                                },
+                                "operator": "MapValuesTransformer"
+                            }
+                        ]
+                    }
+                }
+            }
+        },
+        "dbot_classification_incident_type_all": {
+            "dontMapEventToLabels": false,
+            "internalMapping": {
+                "occurred": {
+                    "simple": "event_datetime"
+                }
+            }
+        }
+    },
+    "version": -1
+}
diff --git a/Packs/Gem/IncidentFields/incidentfield-Gem_Account_ID.json b/Packs/Gem/IncidentFields/incidentfield-Gem_Account_ID.json
@@ -0,0 +1,30 @@
+{
+    "associatedToAll": false,
+    "associatedTypes": [
+        "Gem Alert"
+    ],
+    "caseInsensitive": true,
+    "cliName": "gemaccountid",
+    "closeForm": true,
+    "content": true,
+    "editForm": true,
+    "group": 0,
+    "hidden": false,
+    "id": "incident_gemaccountid",
+    "isReadOnly": true,
+    "locked": false,
+    "name": "Gem Account ID",
+    "neverSetAsRequired": false,
+    "openEnded": false,
+    "ownerOnly": false,
+    "required": false,
+    "sla": 0,
+    "system": false,
+    "threshold": 72,
+    "type": "shortText",
+    "unmapped": false,
+    "unsearchable": false,
+    "useAsKpi": false,
+    "version": -1,
+    "fromVersion": "6.10.0"
+}
diff --git a/Packs/Gem/IncidentFields/incidentfield-Gem_Account_Name.json b/Packs/Gem/IncidentFields/incidentfield-Gem_Account_Name.json
@@ -0,0 +1,30 @@
+{
+    "associatedToAll": false,
+    "associatedTypes": [
+        "Gem Alert"
+    ],
+    "caseInsensitive": true,
+    "cliName": "gemaccountname",
+    "closeForm": true,
+    "content": true,
+    "editForm": true,
+    "group": 0,
+    "hidden": false,
+    "id": "incident_gemaccountname",
+    "isReadOnly": true,
+    "locked": false,
+    "name": "Gem Account Name",
+    "neverSetAsRequired": false,
+    "openEnded": false,
+    "ownerOnly": false,
+    "required": false,
+    "sla": 0,
+    "system": false,
+    "threshold": 72,
+    "type": "shortText",
+    "unmapped": false,
+    "unsearchable": false,
+    "useAsKpi": false,
+    "version": -1,
+    "fromVersion": "6.10.0"
+}
diff --git a/Packs/Gem/IncidentFields/incidentfield-Gem_Account_Provider.json b/Packs/Gem/IncidentFields/incidentfield-Gem_Account_Provider.json
@@ -0,0 +1,30 @@
+{
+    "associatedToAll": false,
+    "associatedTypes": [
+        "Gem Alert"
+    ],
+    "caseInsensitive": true,
+    "cliName": "gemaccountprovider",
+    "closeForm": true,
+    "content": true,
+    "editForm": true,
+    "group": 0,
+    "hidden": false,
+    "id": "incident_gemaccountprovider",
+    "isReadOnly": true,
+    "locked": false,
+    "name": "Gem Account Provider",
+    "neverSetAsRequired": false,
+    "openEnded": false,
+    "ownerOnly": false,
+    "required": false,
+    "sla": 0,
+    "system": false,
+    "threshold": 72,
+    "type": "shortText",
+    "unmapped": false,
+    "unsearchable": false,
+    "useAsKpi": false,
+    "version": -1,
+    "fromVersion": "6.10.0"
+}
diff --git a/Packs/Gem/IncidentFields/incidentfield-Gem_Alert_ID.json b/Packs/Gem/IncidentFields/incidentfield-Gem_Alert_ID.json
@@ -0,0 +1,30 @@
+{
+    "associatedToAll": false,
+    "associatedTypes": [
+        "Gem Alert"
+    ],
+    "caseInsensitive": true,
+    "cliName": "gemalertid",
+    "closeForm": true,
+    "content": true,
+    "editForm": true,
+    "group": 0,
+    "hidden": false,
+    "id": "incident_gemalertid",
+    "isReadOnly": true,
+    "locked": false,
+    "name": "Gem Alert ID",
+    "neverSetAsRequired": false,
+    "openEnded": false,
+    "ownerOnly": false,
+    "required": false,
+    "sla": 0,
+    "system": false,
+    "threshold": 72,
+    "type": "shortText",
+    "unmapped": false,
+    "unsearchable": false,
+    "useAsKpi": false,
+    "version": -1,
+    "fromVersion": "6.10.0"
+}