├── .gitignore ├── src ├── main │ └── resources │ │ └── mappings │ │ └── xdr │ │ ├── v3 │ │ ├── .DS_Store │ │ ├── email │ │ │ ├── .DS_Store │ │ │ ├── delete_400_invalid_format.json │ │ │ ├── delete_403_access_denied.json │ │ │ ├── restore_400_invalid_format.json │ │ │ ├── restore_403_access_denied.json │ │ │ ├── delete_500_server_error.json │ │ │ ├── quarantine_400_invalid_format.json │ │ │ ├── quarantine_403_access_denied.json │ │ │ ├── restore_500_server_error.json │ │ │ ├── quarantine_500_server_error.json │ │ │ ├── delete_207_400_target_not_found.json │ │ │ ├── delete_207_403_feature_disabled.json │ │ │ ├── restore_207_400_target_not_found.json │ │ │ ├── restore_207_403_feature_disabled.json │ │ │ ├── delete_207_202.json │ │ │ ├── quarantine_207_400_target_not_found.json │ │ │ ├── quarantine_207_403_feature_disabled.json │ │ │ ├── restore_207_202.json │ │ │ ├── quarantine_207_202.json │ │ │ ├── delete_207_403_insufficient_permissions.json │ │ │ ├── delete_207_500_internal_server_error.json │ │ │ ├── restore_207_500_internal_server_error.json │ │ │ ├── quarantine_207_500_internal_server_error.json │ │ │ ├── restore_207_403_insufficient_permissions.json │ │ │ ├── delete_207_400_fields_not_found.json │ │ │ ├── delete_207_403_unsupported_response.json │ │ │ ├── quarantine_207_403_insufficient_permissions.json │ │ │ ├── delete_207_400_invalid_field_format.json │ │ │ ├── restore_207_400_fields_not_found.json │ │ │ ├── restore_207_400_invalid_field_format.json │ │ │ ├── restore_207_403_unsupported_response.json │ │ │ ├── quarantine_207_400_fields_not_found.json │ │ │ ├── quarantine_207_400_invalid_field_format.json │ │ │ ├── quarantine_207_403_unsupported_response.json │ │ │ ├── delete_207_403_access_denied_no_scope.json │ │ │ ├── restore_207_403_access_denied_no_scope.json │ │ │ ├── quarantine_207_403_access_denied_no_scope.json │ │ │ └── delete_207_400_action_not_supported.json │ │ ├── account │ │ │ ├── .DS_Store │ │ │ ├── enable_400_invalid_format.json │ │ │ ├── disable_400_invalid_format.json │ │ │ ├── disable_403_access_denied.json │ │ │ ├── enable_403_access_denied.json │ │ │ ├── sign_out_400_invalid_format.json │ │ │ ├── sign_out_403_access_denied.json │ │ │ ├── disable_500_server_error.json │ │ │ ├── enable_500_server_error.json │ │ │ ├── reset_password_400_invalid_format.json │ │ │ ├── sign_out_500_server_error.json │ │ │ ├── reset_password_403_access_denied.json │ │ │ ├── reset_password_500_server_error.json │ │ │ ├── disable_207_202.json │ │ │ ├── enable_207_202.json │ │ │ ├── sign_out_207_202.json │ │ │ ├── enable_207_400_target_not_found.json │ │ │ ├── disable_207_400_target_not_found.json │ │ │ ├── disable_207_403_feature_disabled.json │ │ │ ├── enable_207_403_feature_disabled.json │ │ │ ├── sign_out_207_400_target_not_found.json │ │ │ ├── sign_out_207_403_feature_disabled.json │ │ │ ├── reset_password_207_202.json │ │ │ ├── reset_password_207_400_target_not_found.json │ │ │ ├── reset_password_207_403_feature_disabled.json │ │ │ ├── enable_207_500_internal_server_error.json │ │ │ ├── disable_207_403_insufficient_permissions.json │ │ │ ├── disable_207_500_internal_server_error.json │ │ │ ├── enable_207_403_insufficient_permissions.json │ │ │ ├── sign_out_207_403_insufficient_permissions.json │ │ │ ├── sign_out_207_500_internal_server_error.json │ │ │ ├── disable_207_400_fields_not_found.json │ │ │ ├── disable_207_403_unsupported_response.json │ │ │ ├── enable_207_400_fields_not_found.json │ │ │ ├── enable_207_400_invalid_field_format.json │ │ │ ├── enable_207_403_unsupported_response.json │ │ │ ├── reset_password_207_500_internal_server_error.json │ │ │ ├── sign_out_207_400_fields_not_found.json │ │ │ ├── sign_out_207_403_unsupported_response.json │ │ │ ├── disable_207_400_invalid_field_format.json │ │ │ ├── reset_password_207_403_insufficient_permissions.json │ │ │ ├── sign_out_207_400_invalid_field_format.json │ │ │ ├── reset_password_207_400_fields_not_found.json │ │ │ ├── reset_password_207_400_invalid_field_format.json │ │ │ ├── reset_password_207_403_unsupported_response.json │ │ │ ├── disable_207_403_access_denied_no_scope.json │ │ │ ├── enable_207_403_access_denied_no_scope.json │ │ │ └── sign_out_207_403_access_denied_no_scope.json │ │ ├── common │ │ │ ├── .DS_Store │ │ │ ├── get_task_404_not_found.json │ │ │ ├── get_task_403_access_denied.json │ │ │ ├── get_task_400_bad_request.json │ │ │ ├── get_task_500_internal_error.json │ │ │ └── get_task_200.json │ │ ├── object │ │ │ ├── .DS_Store │ │ │ ├── get_suspicious_list_400_bad_request.json │ │ │ ├── get_exception_list_400_bad_request.json │ │ │ ├── get_suspicious_list_403_access_denied.json │ │ │ ├── get_exception_list_403_access_denied.json │ │ │ ├── get_suspicious_list_500_server_error.json │ │ │ ├── get_suspicious_list_429_too_many_requests.json │ │ │ ├── get_exception_list_429_too_many_requests.json │ │ │ ├── get_exception_list_500_server_error.json │ │ │ ├── add_suspicious_207_201.json │ │ │ ├── add_exception_207_201.json │ │ │ ├── delete_suspicious_207_204.json │ │ │ ├── delete_exception_207_204.json │ │ │ ├── get_exception_list_200.json │ │ │ ├── add_block_list_400_invalid_format.json │ │ │ ├── add_block_list_403_access_denied.json │ │ │ ├── add_suspicious_400_invalid_format.json │ │ │ ├── add_suspicious_403_access_denied.json │ │ │ ├── add_suspicious_429_too_many_requests.json │ │ │ ├── delete_block_list_400_invalid_format.json │ │ │ ├── add_block_list_500_server_error.json │ │ │ ├── add_exception_400_invalid_format.json │ │ │ ├── add_exception_403_access_denied.json │ │ │ ├── add_suspicious_500_server_error.json │ │ │ ├── delete_block_list_403_access_denied.json │ │ │ ├── delete_suspicious_400_invalid_format.json │ │ │ ├── delete_suspicious_403_access_denied.json │ │ │ ├── add_exception_429_too_many_requests.json │ │ │ ├── delete_suspicious_429_too_many_requests.json │ │ │ ├── add_exception_500_server_error.json │ │ │ ├── delete_block_list_500_server_error.json │ │ │ ├── delete_exception_400_invalid_format.json │ │ │ ├── delete_exception_403_access_denied.json │ │ │ ├── delete_suspicious_500_server_error.json │ │ │ ├── delete_exception_429_too_many_requests.json │ │ │ ├── delete_exception_500_server_error.json │ │ │ ├── add_suspicious_207_400_bad_request.json │ │ │ ├── delete_suspicious_207_404_not_found.json │ │ │ ├── add_exception_207_400_bad_request.json │ │ │ ├── add_block_list_207_400_target_not_found.json │ │ │ ├── delete_exception_207_404_not_found.json │ │ │ ├── delete_suspicious_207_400_bad_request.json │ │ │ ├── add_block_list_207_403_feature_disabled.json │ │ │ ├── delete_exception_207_400_bad_request.json │ │ │ ├── delete_block_list_207_400_target_not_found.json │ │ │ ├── delete_block_list_207_403_feature_disabled.json │ │ │ ├── add_block_list_207_500_internal_server_error.json │ │ │ ├── add_block_list_207_403_insufficient_permissions.json │ │ │ ├── add_suspicious_207_500_internal_server_error.json │ │ │ ├── add_exception_207_500_internal_server_error.json │ │ │ ├── delete_block_list_207_500_internal_server_error.json │ │ │ ├── add_block_list_207_400_fields_not_found.json │ │ │ ├── add_block_list_207_400_invalid_field_format.json │ │ │ ├── add_block_list_207_403_unsupported_response.json │ │ │ ├── delete_block_list_207_403_insufficient_permissions.json │ │ │ ├── delete_suspicious_207_500_internal_server_error.json │ │ │ ├── delete_exception_207_500_internal_server_error.json │ │ │ ├── delete_block_list_207_400_fields_not_found.json │ │ │ ├── delete_block_list_207_400_invalid_field_format.json │ │ │ ├── delete_block_list_207_403_unsupported_response.json │ │ │ ├── add_block_list_207_202.json │ │ │ ├── add_block_list_207_403_access_denied_no_scope.json │ │ │ └── delete_block_list_207_202.json │ │ ├── sandbox │ │ │ ├── .DS_Store │ │ │ ├── analysis │ │ │ │ ├── .DS_Store │ │ │ │ ├── get_sandbox_submission_status_404_not_found.json │ │ │ │ ├── get_sandbox_analysis_results_404_not_found.json │ │ │ │ ├── get_sandbox_submission_status_500_server_error.json │ │ │ │ └── get_sandbox_analysis_results_500_server_error.json │ │ │ └── report │ │ │ │ ├── investigation_package_200.json │ │ │ │ ├── download_sandbox_analysis_results_404_not_found.json │ │ │ │ ├── investigation_package_404_not_found.json │ │ │ │ ├── get_sandbox_suspicious_list_404_not_found.json │ │ │ │ ├── download_sandbox_analysis_results_500_server_error.json │ │ │ │ ├── investigation_package_500_server_error.json │ │ │ │ ├── get_sandbox_suspicious_list_500_server_error.json │ │ │ │ └── get_sandbox_suspicious_list_200.json │ │ ├── workbench │ │ │ ├── .DS_Store │ │ │ └── alert │ │ │ │ ├── .DS_Store │ │ │ │ ├── edit_status_204.json │ │ │ │ ├── add_note_201.json │ │ │ │ ├── get_alert_details_500_server_error.json │ │ │ │ ├── get_alert_details_400_bad_request.json │ │ │ │ ├── get_alert_list_500_server_error.json │ │ │ │ ├── add_note_400_bad_request.json │ │ │ │ ├── add_note_500_server_error.json │ │ │ │ ├── edit_status_412_precondition_failed.json │ │ │ │ └── add_note_404_not_found.json │ │ ├── connectivity │ │ │ ├── .DS_Store │ │ │ ├── check_availability_200.json │ │ │ └── check_availability_500.json │ │ ├── scripts │ │ │ ├── delete_custom_script_200.json │ │ │ ├── download_custom_script_200.json │ │ │ ├── update_custom_script_200.json │ │ │ ├── add_custom_script_200.json │ │ │ └── list_custom_script_200.json │ │ ├── api_keys │ │ │ ├── update_api_key_200.json │ │ │ ├── delete_api_keys_207_202.json │ │ │ ├── get_api_key_200.json │ │ │ └── get_api_key_list_200.json │ │ ├── search │ │ │ ├── get_email_activity_data_400_bad_request.json │ │ │ ├── get_endpoint_data_500_server_error.json │ │ │ ├── get_endpoint_data_400_bad_request.json │ │ │ ├── get_email_activity_data_408_request_timeout.json │ │ │ ├── get_endpoint_activity_data_400_bad_request.json │ │ │ ├── get_email_activity_data_count_200.json │ │ │ ├── get_endpoint_activity_data_408_request_timeout.json │ │ │ ├── get_email_activity_data_500_server_error.json │ │ │ ├── get_endpoint_activity_data_count_200.json │ │ │ └── get_endpoint_activity_data_500_server_error.json │ │ └── endpoint │ │ │ ├── isolate_400_invalid_format.json │ │ │ ├── restore_400_invalid_format.json │ │ │ ├── isolate_403_access_denied.json │ │ │ ├── restore_403_access_denied.json │ │ │ ├── collect_file_400_invalid_format.json │ │ │ ├── collect_file_403_access_denied.json │ │ │ ├── isolate_500_server_error.json │ │ │ ├── restore_500_server_error.json │ │ │ ├── collect_file_500_server_error.json │ │ │ ├── terminate_process_400_invalid_format.json │ │ │ ├── terminate_process_403_access_denied.json │ │ │ ├── terminate_process_500_server_error.json │ │ │ ├── isolate_207_400_target_not_found.json │ │ │ ├── restore_207_400_target_not_found.json │ │ │ ├── isolate_207_403_feature_disabled.json │ │ │ ├── restore_207_403_feature_disabled.json │ │ │ ├── collect_file_207_400_target_not_found.json │ │ │ ├── collect_file_207_403_feature_disabled.json │ │ │ ├── isolate_207_202.json │ │ │ ├── restore_207_202.json │ │ │ ├── terminate_process_207_400_target_not_found.json │ │ │ ├── terminate_process_207_403_feature_disabled.json │ │ │ ├── isolate_207_403_insufficient_permissions.json │ │ │ ├── isolate_207_500_internal_server_error.json │ │ │ ├── restore_207_403_insufficient_permissions.json │ │ │ ├── restore_207_500_internal_server_error.json │ │ │ ├── collect_file_207_403_insufficient_permissions.json │ │ │ ├── collect_file_207_500_internal_server_error.json │ │ │ ├── isolate_207_400_fields_not_found.json │ │ │ ├── isolate_207_403_unsupported_response.json │ │ │ ├── restore_207_400_fields_not_found.json │ │ │ ├── restore_207_403_unsupported_response.json │ │ │ ├── isolate_207_400_invalid_field_format.json │ │ │ ├── restore_207_400_invalid_field_format.json │ │ │ ├── collect_file_207_400_fields_not_found.json │ │ │ ├── collect_file_207_403_unsupported_response.json │ │ │ ├── terminate_process_207_403_insufficient_permissions.json │ │ │ ├── terminate_process_207_500_internal_server_error.json │ │ │ ├── collect_file_207_400_invalid_field_format.json │ │ │ ├── terminate_process_207_400_fields_not_found.json │ │ │ ├── terminate_process_207_403_unsupported_response.json │ │ │ ├── isolate_207_403_access_denied_no_scope.json │ │ │ ├── restore_207_403_access_denied_no_scope.json │ │ │ └── terminate_process_207_400_invalid_field_format.json │ │ └── v2 │ │ ├── endpoint │ │ ├── isolate.json │ │ ├── restore.json │ │ ├── terminate_process.json │ │ ├── collected_file_download_info.json │ │ └── collect_file.json │ │ ├── common │ │ ├── add_block_list.json │ │ ├── get_task.json │ │ └── delete_block_list.json │ │ ├── object │ │ ├── add_suspicious.json │ │ ├── add_exception.json │ │ ├── delete_suspicious.json │ │ ├── delete_exception.json │ │ └── get_exception_list.json │ │ ├── email │ │ ├── delete.json │ │ └── quarantine.json │ │ └── alerts │ │ ├── edit_status.json │ │ └── add_note.json └── assembly │ └── v1mock.xml └── deploy.sh /.gitignore: -------------------------------------------------------------------------------- 1 | .idea/ 2 | target/ -------------------------------------------------------------------------------- /src/main/resources/mappings/xdr/v3/.DS_Store: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/trendmicro/tm-v1-api-mockup/main/src/main/resources/mappings/xdr/v3/.DS_Store -------------------------------------------------------------------------------- /src/main/resources/mappings/xdr/v3/email/.DS_Store: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/trendmicro/tm-v1-api-mockup/main/src/main/resources/mappings/xdr/v3/email/.DS_Store -------------------------------------------------------------------------------- /src/main/resources/mappings/xdr/v3/account/.DS_Store: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/trendmicro/tm-v1-api-mockup/main/src/main/resources/mappings/xdr/v3/account/.DS_Store -------------------------------------------------------------------------------- /src/main/resources/mappings/xdr/v3/common/.DS_Store: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/trendmicro/tm-v1-api-mockup/main/src/main/resources/mappings/xdr/v3/common/.DS_Store -------------------------------------------------------------------------------- /src/main/resources/mappings/xdr/v3/object/.DS_Store: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/trendmicro/tm-v1-api-mockup/main/src/main/resources/mappings/xdr/v3/object/.DS_Store -------------------------------------------------------------------------------- /src/main/resources/mappings/xdr/v3/sandbox/.DS_Store: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/trendmicro/tm-v1-api-mockup/main/src/main/resources/mappings/xdr/v3/sandbox/.DS_Store -------------------------------------------------------------------------------- /src/main/resources/mappings/xdr/v3/workbench/.DS_Store: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/trendmicro/tm-v1-api-mockup/main/src/main/resources/mappings/xdr/v3/workbench/.DS_Store -------------------------------------------------------------------------------- /src/main/resources/mappings/xdr/v3/connectivity/.DS_Store: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/trendmicro/tm-v1-api-mockup/main/src/main/resources/mappings/xdr/v3/connectivity/.DS_Store -------------------------------------------------------------------------------- /src/main/resources/mappings/xdr/v3/workbench/alert/.DS_Store: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/trendmicro/tm-v1-api-mockup/main/src/main/resources/mappings/xdr/v3/workbench/alert/.DS_Store -------------------------------------------------------------------------------- /src/main/resources/mappings/xdr/v3/sandbox/analysis/.DS_Store: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/trendmicro/tm-v1-api-mockup/main/src/main/resources/mappings/xdr/v3/sandbox/analysis/.DS_Store -------------------------------------------------------------------------------- /deploy.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | mvn clean package 3 | scp -i ~/Downloads/PRO-Devs-Tools.pem target/v1mock-1.0.tar.gz toolsmgr@10.103.143.84:~/v1mock/. 4 | ssh -i ~/Downloads/PRO-Devs-Tools.pem toolsmgr@10.103.143.84 /home/toolsmgr/v1mock/deploy.sh -------------------------------------------------------------------------------- /src/main/resources/mappings/xdr/v3/scripts/delete_custom_script_200.json: -------------------------------------------------------------------------------- 1 | { 2 | "request": { 3 | "urlPathPattern": "/v3.0/response/customScripts/.*", 4 | "method": "DELETE" 5 | }, 6 | "response": { 7 | "status": 204 8 | } 9 | } -------------------------------------------------------------------------------- /src/main/resources/mappings/xdr/v3/api_keys/update_api_key_200.json: -------------------------------------------------------------------------------- 1 | { 2 | "request": { 3 | "urlPathPattern": "/v3.0/iam/apiKeys/.*", 4 | "method": "PATCH", 5 | "headers": { 6 | "If-Match": { 7 | "matches": ".+" 8 | } 9 | } 10 | }, 11 | "response": { 12 | "status": 204 13 | } 14 | } -------------------------------------------------------------------------------- /src/main/resources/mappings/xdr/v3/scripts/download_custom_script_200.json: -------------------------------------------------------------------------------- 1 | { 2 | "request": { 3 | "urlPathPattern": "/v3.0/response/customScripts/.*", 4 | "method": "GET" 5 | }, 6 | "response": { 7 | "status": 200, 8 | "body": "#!/bin/sh Download Script", 9 | "headers": { 10 | "Content-Type": "text/plain" 11 | } 12 | } 13 | } -------------------------------------------------------------------------------- /src/main/resources/mappings/xdr/v3/sandbox/report/investigation_package_200.json: -------------------------------------------------------------------------------- 1 | { 2 | "priority": 1, 3 | "request": { 4 | "urlPathPattern": "/v3.0/sandbox/analysisResults/.*/investigationPackage", 5 | "method": "GET" 6 | }, 7 | "response": { 8 | "status": 200, 9 | "base64Body": "UEsFBgAAAAAAAAAAAAAAAAAAAAAAAA==", 10 | "headers": { 11 | "Content-Type": "application/zip" 12 | } 13 | } 14 | } -------------------------------------------------------------------------------- /src/main/resources/mappings/xdr/v3/connectivity/check_availability_200.json: -------------------------------------------------------------------------------- 1 | { 2 | "priority": 99, 3 | "request": { 4 | "urlPath": "/v3.0/healthcheck/connectivity", 5 | "method": "GET" 6 | }, 7 | "response": { 8 | "status": 200, 9 | "transformers": [ 10 | "response-template" 11 | ], 12 | "jsonBody": { 13 | "status": "available" 14 | }, 15 | "headers": { 16 | "Content-Type": "application/json" 17 | } 18 | } 19 | } -------------------------------------------------------------------------------- /src/main/resources/mappings/xdr/v3/workbench/alert/edit_status_204.json: -------------------------------------------------------------------------------- 1 | { 2 | "priority": 99, 3 | "request": { 4 | "urlPathPattern": "/v3.0/workbench/alerts/.*", 5 | "method": "PATCH", 6 | "headers": { 7 | "If-Match": { 8 | "matches": ".+" 9 | } 10 | }, 11 | "bodyPatterns": [ 12 | { 13 | "matchesJsonPath": "$.investigationStatus" 14 | } 15 | ] 16 | }, 17 | "response": { 18 | "status": 204 19 | } 20 | } -------------------------------------------------------------------------------- /src/main/resources/mappings/xdr/v3/common/get_task_404_not_found.json: -------------------------------------------------------------------------------- 1 | { 2 | "priority": 1, 3 | "request": { 4 | "urlPath": "/v3.0/response/tasks/not_found", 5 | "method": "GET" 6 | }, 7 | "response": { 8 | "status": 404, 9 | "transformers": [ 10 | "response-template" 11 | ], 12 | "jsonBody": { 13 | "error": { 14 | "code": "NotFound", 15 | "message": "Not found." 16 | } 17 | }, 18 | "headers": { 19 | "Content-Type": "application/json" 20 | } 21 | } 22 | } -------------------------------------------------------------------------------- /src/main/resources/mappings/xdr/v2/endpoint/isolate.json: -------------------------------------------------------------------------------- 1 | { 2 | "request": { 3 | "urlPath": "/v2.0/xdr/response/isolate", 4 | "method": "POST", 5 | "bodyPatterns": [ 6 | { 7 | "matchesJsonPath": "$.computerId" 8 | }, 9 | { 10 | "matchesJsonPath": "$.productId" 11 | } 12 | ] 13 | }, 14 | "response": { 15 | "status": 200, 16 | "jsonBody": { "actionId": 88139521, "taskStatus": "pending" }, 17 | "headers": { 18 | "Content-Type": "application/json" 19 | } 20 | } 21 | } -------------------------------------------------------------------------------- /src/main/resources/mappings/xdr/v2/common/add_block_list.json: -------------------------------------------------------------------------------- 1 | { 2 | "request": { 3 | "urlPath": "/v2.0/xdr/response/block", 4 | "method": "POST", 5 | "bodyPatterns": [ 6 | { 7 | "matchesJsonPath": "$.valueType" 8 | }, 9 | { 10 | "matchesJsonPath": "$.targetValue" 11 | } 12 | ] 13 | }, 14 | "response": { 15 | "status": 200, 16 | "jsonBody": { "actionId": 88139521, "taskStatus": "pending" }, 17 | "headers": { 18 | "Content-Type": "application/json" 19 | } 20 | } 21 | } -------------------------------------------------------------------------------- /src/main/resources/mappings/xdr/v2/common/get_task.json: -------------------------------------------------------------------------------- 1 | { 2 | "request": { 3 | "urlPath": "/v2.0/xdr/response/getTask", 4 | "method": "GET", 5 | "queryParameters": { 6 | "actionId": { 7 | "matches": ".*" 8 | } 9 | } 10 | }, 11 | "response": { 12 | "status": 200, 13 | "jsonBody": { "data": { "createdTime": 1589525651, "executedTime": 1589525725, "finishedTime": 1589525725, "taskStatus": "timeout", "error": {} } }, 14 | "headers": { 15 | "Content-Type": "application/json" 16 | } 17 | } 18 | } -------------------------------------------------------------------------------- /src/main/resources/mappings/xdr/v2/endpoint/restore.json: -------------------------------------------------------------------------------- 1 | { 2 | "request": { 3 | "urlPath": "/v2.0/xdr/response/restoreIsolate", 4 | "method": "POST", 5 | "bodyPatterns": [ 6 | { 7 | "matchesJsonPath": "$.computerId" 8 | }, 9 | { 10 | "matchesJsonPath": "$.productId" 11 | } 12 | ] 13 | }, 14 | "response": { 15 | "status": 200, 16 | "jsonBody": { "actionId": 88139521, "taskStatus": "pending" }, 17 | "headers": { 18 | "Content-Type": "application/json" 19 | } 20 | } 21 | } -------------------------------------------------------------------------------- /src/main/resources/mappings/xdr/v2/common/delete_block_list.json: -------------------------------------------------------------------------------- 1 | { 2 | "request": { 3 | "urlPath": "/v2.0/xdr/response/restoreBlock", 4 | "method": "POST", 5 | "bodyPatterns": [ 6 | { 7 | "matchesJsonPath": "$.valueType" 8 | }, 9 | { 10 | "matchesJsonPath": "$.targetValue" 11 | } 12 | ] 13 | }, 14 | "response": { 15 | "status": 200, 16 | "jsonBody": { "actionId": 88139521, "taskStatus": "pending" }, 17 | "headers": { 18 | "Content-Type": "application/json" 19 | } 20 | } 21 | } -------------------------------------------------------------------------------- /src/assembly/v1mock.xml: -------------------------------------------------------------------------------- 1 | 4 | apimock 5 | 6 | tar.gz 7 | 8 | 9 | 10 | ${project.build.outputDirectory} 11 | 12 | 13 | 14 | -------------------------------------------------------------------------------- /src/main/resources/mappings/xdr/v2/endpoint/terminate_process.json: -------------------------------------------------------------------------------- 1 | { 2 | "request": { 3 | "urlPath": "/v2.0/xdr/response/terminateProcess", 4 | "method": "POST", 5 | "bodyPatterns": [ 6 | { 7 | "matchesJsonPath": "$.computerId" 8 | }, 9 | { 10 | "matchesJsonPath": "$.fileSha1" 11 | } 12 | ] 13 | }, 14 | "response": { 15 | "status": 200, 16 | "jsonBody": { "actionId": 88139521, "taskStatus": "pending" }, 17 | "headers": { 18 | "Content-Type": "application/json" 19 | } 20 | } 21 | } -------------------------------------------------------------------------------- /src/main/resources/mappings/xdr/v3/common/get_task_403_access_denied.json: -------------------------------------------------------------------------------- 1 | { 2 | "priority": 1, 3 | "request": { 4 | "urlPath": "/v3.0/response/tasks/access_denied", 5 | "method": "GET" 6 | }, 7 | "response": { 8 | "status": 403, 9 | "transformers": [ 10 | "response-template" 11 | ], 12 | "jsonBody": { 13 | "error": { 14 | "code": "AccessDenied", 15 | "message": "Insufficient permissions." 16 | } 17 | }, 18 | "headers": { 19 | "Content-Type": "application/json" 20 | } 21 | } 22 | } -------------------------------------------------------------------------------- /src/main/resources/mappings/xdr/v3/sandbox/analysis/get_sandbox_submission_status_404_not_found.json: -------------------------------------------------------------------------------- 1 | { 2 | "priority": 1, 3 | "request": { 4 | "urlPath": "/v3.0/sandbox/tasks/not_found", 5 | "method": "GET" 6 | }, 7 | "response": { 8 | "status": 404, 9 | "transformers": [ 10 | "response-template" 11 | ], 12 | "jsonBody": { 13 | "error": { 14 | "code": "NotFound", 15 | "message": "Not Found" 16 | } 17 | }, 18 | "headers": { 19 | "Content-Type": "application/json" 20 | } 21 | } 22 | } -------------------------------------------------------------------------------- /src/main/resources/mappings/xdr/v3/scripts/update_custom_script_200.json: -------------------------------------------------------------------------------- 1 | { 2 | "request": { 3 | "urlPathPattern": "/v3.0/response/customScripts/.*/update", 4 | "method": "POST", 5 | "multipartPatterns": [ 6 | { 7 | "matchingType": "ANY", 8 | "headers": { 9 | "Content-Disposition": { 10 | "contains": "update_script.sh" 11 | }, 12 | "Content-Type": { 13 | "contains": "text/plain" 14 | } 15 | } 16 | } 17 | ] 18 | }, 19 | "response": { 20 | "status": 204 21 | } 22 | } -------------------------------------------------------------------------------- /src/main/resources/mappings/xdr/v3/workbench/alert/add_note_201.json: -------------------------------------------------------------------------------- 1 | { 2 | "priority": 99, 3 | "request": { 4 | "urlPathPattern": "/v3.0/workbench/alerts/.*/notes", 5 | "method": "POST", 6 | "bodyPatterns": [ 7 | { 8 | "matchesJsonPath": "$.content" 9 | } 10 | ] 11 | }, 12 | "response": { 13 | "status": 201, 14 | "transformers": [ 15 | "response-template" 16 | ], 17 | "headers": { 18 | "Location": "{{request.baseUrl}}/v3.0/workbench/alerts/{{request.pathSegments.[3]}}/notes/1" 19 | } 20 | } 21 | } -------------------------------------------------------------------------------- /src/main/resources/mappings/xdr/v3/api_keys/delete_api_keys_207_202.json: -------------------------------------------------------------------------------- 1 | { 2 | "request": { 3 | "urlPath": "/v3.0/iam/apiKeys/delete", 4 | "method": "POST", 5 | "bodyPatterns": [ 6 | { 7 | "matchesJsonPath": "$[?(@.id)]" 8 | } 9 | ] 10 | }, 11 | "response": { 12 | "status": 207, 13 | "transformers": [ 14 | "response-template" 15 | ], 16 | "jsonBody": [ 17 | { 18 | "status": 204 19 | } 20 | ], 21 | "headers": { 22 | "Content-Type": "application/json" 23 | } 24 | } 25 | } -------------------------------------------------------------------------------- /src/main/resources/mappings/xdr/v3/sandbox/analysis/get_sandbox_analysis_results_404_not_found.json: -------------------------------------------------------------------------------- 1 | { 2 | "priority": 1, 3 | "request": { 4 | "urlPath": "/v3.0/sandbox/analysisResults/not_found", 5 | "method": "GET" 6 | }, 7 | "response": { 8 | "status": 404, 9 | "transformers": [ 10 | "response-template" 11 | ], 12 | "jsonBody": { 13 | "error": { 14 | "code": "NotFound", 15 | "message": "Not Found" 16 | } 17 | }, 18 | "headers": { 19 | "Content-Type": "application/json" 20 | } 21 | } 22 | } -------------------------------------------------------------------------------- /src/main/resources/mappings/xdr/v3/sandbox/report/download_sandbox_analysis_results_404_not_found.json: -------------------------------------------------------------------------------- 1 | { 2 | "priority": 1, 3 | "request": { 4 | "urlPath": "/v3.0/sandbox/analysisResults/not_found/report", 5 | "method": "GET" 6 | }, 7 | "response": { 8 | "status": 404, 9 | "transformers": [ 10 | "response-template" 11 | ], 12 | "jsonBody": { 13 | "error": { 14 | "code": "NotFound", 15 | "message": "Not Found" 16 | } 17 | }, 18 | "headers": { 19 | "Content-Type": "application/json" 20 | } 21 | } 22 | } -------------------------------------------------------------------------------- /src/main/resources/mappings/xdr/v3/sandbox/report/investigation_package_404_not_found.json: -------------------------------------------------------------------------------- 1 | { 2 | "priority": 1, 3 | "request": { 4 | "urlPath": "/v3.0/sandbox/analysisResults/not_found/investigationPackage", 5 | "method": "GET" 6 | }, 7 | "response": { 8 | "status": 404, 9 | "transformers": [ 10 | "response-template" 11 | ], 12 | "jsonBody": { 13 | "error": { 14 | "code": "NotFound", 15 | "message": "Not Found" 16 | } 17 | }, 18 | "headers": { 19 | "Content-Type": "application/json" 20 | } 21 | } 22 | } -------------------------------------------------------------------------------- /src/main/resources/mappings/xdr/v3/workbench/alert/get_alert_details_500_server_error.json: -------------------------------------------------------------------------------- 1 | { 2 | "priority": 1, 3 | "request": { 4 | "urlPath": "/v3.0/workbench/alerts/server_error", 5 | "method": "GET" 6 | }, 7 | "response": { 8 | "status": 500, 9 | "transformers": [ 10 | "response-template" 11 | ], 12 | "jsonBody": { 13 | "error": { 14 | "code": "InternalServerError", 15 | "message": "Internal Server Error" 16 | } 17 | }, 18 | "headers": { 19 | "Content-Type": "application/json" 20 | } 21 | } 22 | } -------------------------------------------------------------------------------- /src/main/resources/mappings/xdr/v3/sandbox/report/get_sandbox_suspicious_list_404_not_found.json: -------------------------------------------------------------------------------- 1 | { 2 | "priority": 1, 3 | "request": { 4 | "urlPath": "/v3.0/sandbox/analysisResults/not_found/suspiciousObjects", 5 | "method": "GET" 6 | }, 7 | "response": { 8 | "status": 404, 9 | "transformers": [ 10 | "response-template" 11 | ], 12 | "jsonBody": { 13 | "error": { 14 | "code": "NotFound", 15 | "message": "Not Found" 16 | } 17 | }, 18 | "headers": { 19 | "Content-Type": "application/json" 20 | } 21 | } 22 | } -------------------------------------------------------------------------------- /src/main/resources/mappings/xdr/v3/sandbox/analysis/get_sandbox_submission_status_500_server_error.json: -------------------------------------------------------------------------------- 1 | { 2 | "priority": 1, 3 | "request": { 4 | "urlPath": "/v3.0/sandbox/tasks/server_error", 5 | "method": "GET" 6 | }, 7 | "response": { 8 | "status": 500, 9 | "transformers": [ 10 | "response-template" 11 | ], 12 | "jsonBody": { 13 | "error": { 14 | "code": "InternalServerError", 15 | "message": "Internal Server Error" 16 | } 17 | }, 18 | "headers": { 19 | "Content-Type": "application/json" 20 | } 21 | } 22 | } -------------------------------------------------------------------------------- /src/main/resources/mappings/xdr/v2/object/add_suspicious.json: -------------------------------------------------------------------------------- 1 | { 2 | "request": { 3 | "urlPath": "/v2.0/xdr/threatintel/suspiciousObjects", 4 | "method": "POST", 5 | "bodyPatterns": [ 6 | { 7 | "matchesJsonPath": "$.data" 8 | }, 9 | { 10 | "matchesJsonPath": "$.data.type" 11 | }, 12 | { 13 | "matchesJsonPath": "$.data.value" 14 | } 15 | ] 16 | }, 17 | "response": { 18 | "status": 200, 19 | "jsonBody": { "data": { } }, 20 | "headers": { 21 | "Content-Type": "application/json" 22 | } 23 | } 24 | } -------------------------------------------------------------------------------- /src/main/resources/mappings/xdr/v3/sandbox/analysis/get_sandbox_analysis_results_500_server_error.json: -------------------------------------------------------------------------------- 1 | { 2 | "priority": 1, 3 | "request": { 4 | "urlPath": "/v3.0/sandbox/analysisResults/server_error", 5 | "method": "GET" 6 | }, 7 | "response": { 8 | "status": 500, 9 | "transformers": [ 10 | "response-template" 11 | ], 12 | "jsonBody": { 13 | "error": { 14 | "code": "InternalServerError", 15 | "message": "Internal Server Error" 16 | } 17 | }, 18 | "headers": { 19 | "Content-Type": "application/json" 20 | } 21 | } 22 | } -------------------------------------------------------------------------------- /src/main/resources/mappings/xdr/v2/object/add_exception.json: -------------------------------------------------------------------------------- 1 | { 2 | "request": { 3 | "urlPath": "/v2.0/xdr/threatintel/suspiciousObjects/exceptions", 4 | "method": "POST", 5 | "bodyPatterns": [ 6 | { 7 | "matchesJsonPath": "$.data" 8 | }, 9 | { 10 | "matchesJsonPath": "$.data.type" 11 | }, 12 | { 13 | "matchesJsonPath": "$.data.value" 14 | } 15 | ] 16 | }, 17 | "response": { 18 | "status": 200, 19 | "jsonBody": { "data": { } }, 20 | "headers": { 21 | "Content-Type": "application/json" 22 | } 23 | } 24 | } -------------------------------------------------------------------------------- /src/main/resources/mappings/xdr/v2/object/delete_suspicious.json: -------------------------------------------------------------------------------- 1 | { 2 | "request": { 3 | "urlPath": "/v2.0/xdr/threatintel/suspiciousObjects/delete", 4 | "method": "POST", 5 | "bodyPatterns": [ 6 | { 7 | "matchesJsonPath": "$.data" 8 | }, 9 | { 10 | "matchesJsonPath": "$.data.type" 11 | }, 12 | { 13 | "matchesJsonPath": "$.data.value" 14 | } 15 | ] 16 | }, 17 | "response": { 18 | "status": 200, 19 | "jsonBody": { "data": { } }, 20 | "headers": { 21 | "Content-Type": "application/json" 22 | } 23 | } 24 | } -------------------------------------------------------------------------------- /src/main/resources/mappings/xdr/v3/object/get_suspicious_list_400_bad_request.json: -------------------------------------------------------------------------------- 1 | { 2 | "request": { 3 | "urlPath": "/v3.0/threatintel/suspiciousObjects", 4 | "method": "GET", 5 | "headers": { 6 | "Authorization": { 7 | "contains": "BAD_REQUEST" 8 | } 9 | } 10 | }, 11 | "response": { 12 | "status": 400, 13 | "transformers": [ 14 | "response-template" 15 | ], 16 | "jsonBody": { 17 | "code": "BadRequest", 18 | "message": "Bad request" 19 | }, 20 | "headers": { 21 | "Content-Type": "application/json" 22 | } 23 | } 24 | } -------------------------------------------------------------------------------- /src/main/resources/mappings/xdr/v3/sandbox/report/download_sandbox_analysis_results_500_server_error.json: -------------------------------------------------------------------------------- 1 | { 2 | "priority": 1, 3 | "request": { 4 | "urlPath": "/v3.0/sandbox/analysisResults/server_error/report", 5 | "method": "GET" 6 | }, 7 | "response": { 8 | "status": 500, 9 | "transformers": [ 10 | "response-template" 11 | ], 12 | "jsonBody": { 13 | "error": { 14 | "code": "InternalServerError", 15 | "message": "Internal Server Error" 16 | } 17 | }, 18 | "headers": { 19 | "Content-Type": "application/json" 20 | } 21 | } 22 | } -------------------------------------------------------------------------------- /src/main/resources/mappings/xdr/v3/sandbox/report/investigation_package_500_server_error.json: -------------------------------------------------------------------------------- 1 | { 2 | "priority": 1, 3 | "request": { 4 | "urlPath": "/v3.0/sandbox/analysisResults/server_error/investigationPackage", 5 | "method": "GET" 6 | }, 7 | "response": { 8 | "status": 500, 9 | "transformers": [ 10 | "response-template" 11 | ], 12 | "jsonBody": { 13 | "error": { 14 | "code": "InternalServerError", 15 | "message": "Internal Server Error" 16 | } 17 | }, 18 | "headers": { 19 | "Content-Type": "application/json" 20 | } 21 | } 22 | } -------------------------------------------------------------------------------- /src/main/resources/mappings/xdr/v2/object/delete_exception.json: -------------------------------------------------------------------------------- 1 | { 2 | "request": { 3 | "urlPath": "/v2.0/xdr/threatintel/suspiciousObjects/exceptions/delete", 4 | "method": "POST", 5 | "bodyPatterns": [ 6 | { 7 | "matchesJsonPath": "$.data" 8 | }, 9 | { 10 | "matchesJsonPath": "$.data.type" 11 | }, 12 | { 13 | "matchesJsonPath": "$.data.value" 14 | } 15 | ] 16 | }, 17 | "response": { 18 | "status": 200, 19 | "jsonBody": { "data": { } }, 20 | "headers": { 21 | "Content-Type": "application/json" 22 | } 23 | } 24 | } -------------------------------------------------------------------------------- /src/main/resources/mappings/xdr/v3/sandbox/report/get_sandbox_suspicious_list_500_server_error.json: -------------------------------------------------------------------------------- 1 | { 2 | "priority": 1, 3 | "request": { 4 | "urlPath": "/v3.0/sandbox/analysisResults/server_error/suspiciousObjects", 5 | "method": "GET" 6 | }, 7 | "response": { 8 | "status": 500, 9 | "transformers": [ 10 | "response-template" 11 | ], 12 | "jsonBody": { 13 | "error": { 14 | "code": "InternalServerError", 15 | "message": "Internal Server Error" 16 | } 17 | }, 18 | "headers": { 19 | "Content-Type": "application/json" 20 | } 21 | } 22 | } -------------------------------------------------------------------------------- /src/main/resources/mappings/xdr/v3/object/get_exception_list_400_bad_request.json: -------------------------------------------------------------------------------- 1 | { 2 | "request": { 3 | "urlPath": "/v3.0/threatintel/suspiciousObjectExceptions", 4 | "method": "GET", 5 | "headers": { 6 | "Authorization": { 7 | "contains": "BAD_REQUEST" 8 | } 9 | } 10 | }, 11 | "response": { 12 | "status": 400, 13 | "transformers": [ 14 | "response-template" 15 | ], 16 | "jsonBody": { 17 | "code": "BadRequest", 18 | "message": "Bad request" 19 | }, 20 | "headers": { 21 | "Content-Type": "application/json" 22 | } 23 | } 24 | } -------------------------------------------------------------------------------- /src/main/resources/mappings/xdr/v3/object/get_suspicious_list_403_access_denied.json: -------------------------------------------------------------------------------- 1 | { 2 | "request": { 3 | "urlPath": "/v3.0/threatintel/suspiciousObjects", 4 | "method": "GET", 5 | "headers": { 6 | "Authorization": { 7 | "contains": "ACCESS_DENIED" 8 | } 9 | } 10 | }, 11 | "response": { 12 | "status": 403, 13 | "transformers": [ 14 | "response-template" 15 | ], 16 | "jsonBody": { 17 | "code": "AccessDenied", 18 | "message": "Access denied" 19 | }, 20 | "headers": { 21 | "Content-Type": "application/json" 22 | } 23 | } 24 | } -------------------------------------------------------------------------------- /src/main/resources/mappings/xdr/v2/email/delete.json: -------------------------------------------------------------------------------- 1 | { 2 | "request": { 3 | "urlPath": "/v2.0/xdr/response/deleteMessage", 4 | "method": "POST", 5 | "bodyPatterns": [ 6 | { 7 | "matchesJsonPath": "$.messageId" 8 | }, 9 | { 10 | "matchesJsonPath": "$.mailBox" 11 | }, 12 | { 13 | "matchesJsonPath": "$.messageDeliveryTime" 14 | } 15 | ] 16 | }, 17 | "response": { 18 | "status": 200, 19 | "jsonBody": { "actionId": 88139521, "taskStatus": "pending" }, 20 | "headers": { 21 | "Content-Type": "application/json" 22 | } 23 | } 24 | } -------------------------------------------------------------------------------- /src/main/resources/mappings/xdr/v3/object/get_exception_list_403_access_denied.json: -------------------------------------------------------------------------------- 1 | { 2 | "request": { 3 | "urlPath": "/v3.0/threatintel/suspiciousObjectExceptions", 4 | "method": "GET", 5 | "headers": { 6 | "Authorization": { 7 | "contains": "ACCESS_DENIED" 8 | } 9 | } 10 | }, 11 | "response": { 12 | "status": 403, 13 | "transformers": [ 14 | "response-template" 15 | ], 16 | "jsonBody": { 17 | "code": "AccessDenied", 18 | "message": "Access denied" 19 | }, 20 | "headers": { 21 | "Content-Type": "application/json" 22 | } 23 | } 24 | } -------------------------------------------------------------------------------- /src/main/resources/mappings/xdr/v2/alerts/edit_status.json: -------------------------------------------------------------------------------- 1 | { 2 | "priority": 99, 3 | "request": { 4 | "urlPathPattern": "/v2.0/xdr/workbench/workbenches/(.*)", 5 | "method": "PUT", 6 | "bodyPatterns": [ 7 | { 8 | "matchesJsonPath": "$.investigationStatus" 9 | } 10 | ] 11 | }, 12 | "response": { 13 | "status": 200, 14 | "jsonBody": { 15 | "info": { 16 | "code": 3006000, 17 | "msg": "Alert status changed successfully." 18 | }, 19 | "data": null 20 | }, 21 | "headers": { 22 | "Content-Type": "application/json" 23 | } 24 | } 25 | } -------------------------------------------------------------------------------- /src/main/resources/mappings/xdr/v3/object/get_suspicious_list_500_server_error.json: -------------------------------------------------------------------------------- 1 | { 2 | "request": { 3 | "urlPath": "/v3.0/threatintel/suspiciousObjects", 4 | "method": "GET", 5 | "headers": { 6 | "Authorization": { 7 | "contains": "SERVER_ERROR" 8 | } 9 | } 10 | }, 11 | "response": { 12 | "status": 500, 13 | "transformers": [ 14 | "response-template" 15 | ], 16 | "jsonBody": { 17 | "code": "InternalServerError", 18 | "message": "Internal server error" 19 | }, 20 | "headers": { 21 | "Content-Type": "application/json" 22 | } 23 | } 24 | } -------------------------------------------------------------------------------- /src/main/resources/mappings/xdr/v2/email/quarantine.json: -------------------------------------------------------------------------------- 1 | { 2 | "request": { 3 | "urlPath": "/v2.0/xdr/response/quarantineMessage", 4 | "method": "POST", 5 | "bodyPatterns": [ 6 | { 7 | "matchesJsonPath": "$.messageId" 8 | }, 9 | { 10 | "matchesJsonPath": "$.mailBox" 11 | }, 12 | { 13 | "matchesJsonPath": "$.messageDeliveryTime" 14 | } 15 | ] 16 | }, 17 | "response": { 18 | "status": 200, 19 | "jsonBody": { "actionId": 88139521, "taskStatus": "pending" }, 20 | "headers": { 21 | "Content-Type": "application/json" 22 | } 23 | } 24 | } -------------------------------------------------------------------------------- /src/main/resources/mappings/xdr/v3/object/get_suspicious_list_429_too_many_requests.json: -------------------------------------------------------------------------------- 1 | { 2 | "request": { 3 | "urlPath": "/v3.0/threatintel/suspiciousObjects", 4 | "method": "GET", 5 | "headers": { 6 | "Authorization": { 7 | "contains": "TOO_MANY_REQUESTS" 8 | } 9 | } 10 | }, 11 | "response": { 12 | "status": 429, 13 | "transformers": [ 14 | "response-template" 15 | ], 16 | "jsonBody": { 17 | "code": "TooManyRequests", 18 | "message": "Too many requests" 19 | }, 20 | "headers": { 21 | "Content-Type": "application/json" 22 | } 23 | } 24 | } -------------------------------------------------------------------------------- /src/main/resources/mappings/xdr/v3/object/get_exception_list_429_too_many_requests.json: -------------------------------------------------------------------------------- 1 | { 2 | "request": { 3 | "urlPath": "/v3.0/threatintel/suspiciousObjectExceptions", 4 | "method": "GET", 5 | "headers": { 6 | "Authorization": { 7 | "contains": "TOO_MANY_REQUESTS" 8 | } 9 | } 10 | }, 11 | "response": { 12 | "status": 429, 13 | "transformers": [ 14 | "response-template" 15 | ], 16 | "jsonBody": { 17 | "code": "TooManyRequests", 18 | "message": "Too many requests" 19 | }, 20 | "headers": { 21 | "Content-Type": "application/json" 22 | } 23 | } 24 | } -------------------------------------------------------------------------------- /src/main/resources/mappings/xdr/v3/object/get_exception_list_500_server_error.json: -------------------------------------------------------------------------------- 1 | { 2 | "request": { 3 | "urlPath": "/v3.0/threatintel/suspiciousObjectExceptions", 4 | "method": "GET", 5 | "headers": { 6 | "Authorization": { 7 | "contains": "SERVER_ERROR" 8 | } 9 | } 10 | }, 11 | "response": { 12 | "status": 500, 13 | "transformers": [ 14 | "response-template" 15 | ], 16 | "jsonBody": { 17 | "code": "InternalServerError", 18 | "message": "Internal server error" 19 | }, 20 | "headers": { 21 | "Content-Type": "application/json" 22 | } 23 | } 24 | } -------------------------------------------------------------------------------- /src/main/resources/mappings/xdr/v2/endpoint/collected_file_download_info.json: -------------------------------------------------------------------------------- 1 | { 2 | "request": { 3 | "urlPathPattern": "/v2.0/xdr/response/downloadInfo", 4 | "method": "GET", 5 | "bodyPatterns": [ 6 | { 7 | "matchesJsonPath": "$.actionId" 8 | } 9 | ] 10 | }, 11 | "response": { 12 | "status": 200, 13 | "jsonBody": { 14 | "data": { 15 | "url": "string", 16 | "expires": "2011-10-05T14:48:00.000Z", 17 | "password": "string", 18 | "filename": "string" 19 | } 20 | }, 21 | "headers": { 22 | "Content-Type": "application/json" 23 | } 24 | } 25 | } -------------------------------------------------------------------------------- /src/main/resources/mappings/xdr/v3/scripts/add_custom_script_200.json: -------------------------------------------------------------------------------- 1 | { 2 | "request": { 3 | "urlPath": "/v3.0/response/customScripts", 4 | "method": "POST", 5 | "multipartPatterns": [ 6 | { 7 | "matchingType": "ANY", 8 | "headers": { 9 | "Content-Disposition": { 10 | "contains": "add_script.sh" 11 | }, 12 | "Content-Type": { 13 | "contains": "text/plain" 14 | } 15 | } 16 | } 17 | ] 18 | }, 19 | "response": { 20 | "status": 201, 21 | "headers": { 22 | "Location": "{{request.baseUrl}}/v3.0/response/customScripts/1" 23 | } 24 | } 25 | } -------------------------------------------------------------------------------- /src/main/resources/mappings/xdr/v2/alerts/add_note.json: -------------------------------------------------------------------------------- 1 | { 2 | "priority": 1, 3 | "request": { 4 | "urlPathPattern": "/v2.0/xdr/workbench/workbenches/(.*)/notes", 5 | "method": "POST", 6 | "bodyPatterns": [ 7 | { 8 | "matchesJsonPath": "$.content" 9 | } 10 | ] 11 | }, 12 | "response": { 13 | "status": 500, 14 | "jsonBody": { 15 | "info": { 16 | "code": 3021000, 17 | "msg": "Alert notes added successfully." 18 | }, 19 | "data": { 20 | "id": 123 21 | } 22 | }, 23 | "headers": { 24 | "Content-Type": "application/json" 25 | } 26 | } 27 | } -------------------------------------------------------------------------------- /src/main/resources/mappings/xdr/v3/object/add_suspicious_207_201.json: -------------------------------------------------------------------------------- 1 | { 2 | "priority": 9, 3 | "request": { 4 | "urlPath": "/v3.0/threatintel/suspiciousObjects", 5 | "method": "POST", 6 | "bodyPatterns": [ 7 | { 8 | "matchesJsonPath": "$[?(@.url || @.domain || @.fileSha1 || @.senderMailAddress || @.ip)]" 9 | } 10 | ] 11 | }, 12 | "response": { 13 | "status": 207, 14 | "transformers": [ 15 | "response-template" 16 | ], 17 | "jsonBody": [ 18 | { 19 | "status": 201 20 | } 21 | ], 22 | "headers": { 23 | "Content-Type": "application/json" 24 | } 25 | } 26 | } -------------------------------------------------------------------------------- /src/main/resources/mappings/xdr/v3/object/add_exception_207_201.json: -------------------------------------------------------------------------------- 1 | { 2 | "priority": 9, 3 | "request": { 4 | "urlPath": "/v3.0/threatintel/suspiciousObjectExceptions", 5 | "method": "POST", 6 | "bodyPatterns": [ 7 | { 8 | "matchesJsonPath": "$[?(@.url || @.domain || @.fileSha1 || @.senderMailAddress || @.ip)]" 9 | } 10 | ] 11 | }, 12 | "response": { 13 | "status": 207, 14 | "transformers": [ 15 | "response-template" 16 | ], 17 | "jsonBody": [ 18 | { 19 | "status": 201 20 | } 21 | ], 22 | "headers": { 23 | "Content-Type": "application/json" 24 | } 25 | } 26 | } -------------------------------------------------------------------------------- /src/main/resources/mappings/xdr/v3/object/delete_suspicious_207_204.json: -------------------------------------------------------------------------------- 1 | { 2 | "priority": 9, 3 | "request": { 4 | "urlPath": "/v3.0/threatintel/suspiciousObjects/delete", 5 | "method": "POST", 6 | "bodyPatterns": [ 7 | { 8 | "matchesJsonPath": "$[?(@.url || @.domain || @.fileSha1 || @.senderMailAddress || @.ip)]" 9 | } 10 | ] 11 | }, 12 | "response": { 13 | "status": 207, 14 | "transformers": [ 15 | "response-template" 16 | ], 17 | "jsonBody": [ 18 | { 19 | "status": 204 20 | } 21 | ], 22 | "headers": { 23 | "Content-Type": "application/json" 24 | } 25 | } 26 | } -------------------------------------------------------------------------------- /src/main/resources/mappings/xdr/v3/common/get_task_400_bad_request.json: -------------------------------------------------------------------------------- 1 | { 2 | "priority": 1, 3 | "request": { 4 | "urlPath": "/v3.0/response/tasks/bad_request", 5 | "method": "GET" 6 | }, 7 | "response": { 8 | "status": 400, 9 | "transformers": [ 10 | "response-template" 11 | ], 12 | "jsonBody": { 13 | "error": { 14 | "code": "BadRequest", 15 | "message": "Unable to process the request. Verify that the request is properly formatted and try again. (Error code: 3090003)", 16 | "number": 3090003 17 | } 18 | }, 19 | "headers": { 20 | "Content-Type": "application/json" 21 | } 22 | } 23 | } -------------------------------------------------------------------------------- /src/main/resources/mappings/xdr/v3/object/delete_exception_207_204.json: -------------------------------------------------------------------------------- 1 | { 2 | "priority": 9, 3 | "request": { 4 | "urlPath": "/v3.0/threatintel/suspiciousObjectExceptions/delete", 5 | "method": "POST", 6 | "bodyPatterns": [ 7 | { 8 | "matchesJsonPath": "$[?(@.url || @.domain || @.fileSha1 || @.senderMailAddress || @.ip)]" 9 | } 10 | ] 11 | }, 12 | "response": { 13 | "status": 207, 14 | "transformers": [ 15 | "response-template" 16 | ], 17 | "jsonBody": [ 18 | { 19 | "status": 204 20 | } 21 | ], 22 | "headers": { 23 | "Content-Type": "application/json" 24 | } 25 | } 26 | } -------------------------------------------------------------------------------- /src/main/resources/mappings/xdr/v3/search/get_email_activity_data_400_bad_request.json: -------------------------------------------------------------------------------- 1 | { 2 | "priority": 1, 3 | "request": { 4 | "urlPath": "/v3.0/search/emailActivities", 5 | "method": "GET", 6 | "headers": { 7 | "TMV1-Query": { 8 | "contains": "bad_request" 9 | } 10 | } 11 | }, 12 | "response": { 13 | "status": 400, 14 | "transformers": [ 15 | "response-template" 16 | ], 17 | "jsonBody": { 18 | "error": { 19 | "code": "BadRequest", 20 | "message": "Invalid HTTP Request" 21 | } 22 | }, 23 | "headers": { 24 | "Content-Type": "application/json" 25 | } 26 | } 27 | } -------------------------------------------------------------------------------- /src/main/resources/mappings/xdr/v3/search/get_endpoint_data_500_server_error.json: -------------------------------------------------------------------------------- 1 | { 2 | "priority": 1, 3 | "request": { 4 | "urlPath": "/v3.0/eiqs/endpoints", 5 | "method": "GET", 6 | "headers": { 7 | "TMV1-Query": { 8 | "contains": "server_error" 9 | } 10 | } 11 | }, 12 | "response": { 13 | "status": 500, 14 | "transformers": [ 15 | "response-template" 16 | ], 17 | "jsonBody": { 18 | "error": { 19 | "code": "InternalServerError", 20 | "message": "Internal Server Error" 21 | } 22 | }, 23 | "headers": { 24 | "Content-Type": "application/json" 25 | } 26 | } 27 | } -------------------------------------------------------------------------------- /src/main/resources/mappings/xdr/v3/search/get_endpoint_data_400_bad_request.json: -------------------------------------------------------------------------------- 1 | { 2 | "priority": 1, 3 | "request": { 4 | "urlPath": "/v3.0/eiqs/endpoints", 5 | "method": "GET", 6 | "headers": { 7 | "TMV1-Query": { 8 | "contains": "bad_request" 9 | } 10 | } 11 | }, 12 | "response": { 13 | "status": 400, 14 | "transformers": [ 15 | "response-template" 16 | ], 17 | "jsonBody": { 18 | "error": { 19 | "code": "BadRequest", 20 | "message": "Invalid query endpoint info request" 21 | } 22 | }, 23 | "headers": { 24 | "Content-Type": "application/json" 25 | } 26 | } 27 | } -------------------------------------------------------------------------------- /src/main/resources/mappings/xdr/v3/search/get_email_activity_data_408_request_timeout.json: -------------------------------------------------------------------------------- 1 | { 2 | "priority": 1, 3 | "request": { 4 | "urlPath": "/v3.0/search/emailActivities", 5 | "method": "GET", 6 | "headers": { 7 | "TMV1-Query": { 8 | "contains": "request_timeout" 9 | } 10 | } 11 | }, 12 | "response": { 13 | "status": 400, 14 | "transformers": [ 15 | "response-template" 16 | ], 17 | "jsonBody": { 18 | "error": { 19 | "code": "RequestTimeout", 20 | "message": "Request Timeout" 21 | } 22 | }, 23 | "headers": { 24 | "Content-Type": "application/json" 25 | } 26 | } 27 | } -------------------------------------------------------------------------------- /src/main/resources/mappings/xdr/v3/search/get_endpoint_activity_data_400_bad_request.json: -------------------------------------------------------------------------------- 1 | { 2 | "priority": 1, 3 | "request": { 4 | "urlPath": "/v3.0/search/endpointActivities", 5 | "method": "GET", 6 | "headers": { 7 | "TMV1-Query": { 8 | "contains": "bad_request" 9 | } 10 | } 11 | }, 12 | "response": { 13 | "status": 400, 14 | "transformers": [ 15 | "response-template" 16 | ], 17 | "jsonBody": { 18 | "error": { 19 | "code": "BadRequest", 20 | "message": "Invalid HTTP Request" 21 | } 22 | }, 23 | "headers": { 24 | "Content-Type": "application/json" 25 | } 26 | } 27 | } -------------------------------------------------------------------------------- /src/main/resources/mappings/xdr/v3/email/delete_400_invalid_format.json: -------------------------------------------------------------------------------- 1 | { 2 | "priority": 1, 3 | "request": { 4 | "urlPath": "/v3.0/response/emails/delete", 5 | "method": "POST", 6 | "bodyPatterns": [ 7 | { 8 | "matchesJsonPath": "$[?(@.messageId == 'invalid_format')]" 9 | } 10 | ] 11 | }, 12 | "response": { 13 | "status": 400, 14 | "transformers": [ 15 | "response-template" 16 | ], 17 | "jsonBody": { 18 | "error": { 19 | "code": "BadRequest", 20 | "message": "Invalid request format." 21 | } 22 | }, 23 | "headers": { 24 | "Content-Type": "application/json" 25 | } 26 | } 27 | } -------------------------------------------------------------------------------- /src/main/resources/mappings/xdr/v3/email/delete_403_access_denied.json: -------------------------------------------------------------------------------- 1 | { 2 | "priority": 1, 3 | "request": { 4 | "urlPath": "/v3.0/response/emails/delete", 5 | "method": "POST", 6 | "bodyPatterns": [ 7 | { 8 | "matchesJsonPath": "$[?(@.messageId == 'access_denied')]" 9 | } 10 | ] 11 | }, 12 | "response": { 13 | "status": 403, 14 | "transformers": [ 15 | "response-template" 16 | ], 17 | "jsonBody": { 18 | "error": { 19 | "code": "AccessDenied", 20 | "message": "Insufficient permissions." 21 | } 22 | }, 23 | "headers": { 24 | "Content-Type": "application/json" 25 | } 26 | } 27 | } -------------------------------------------------------------------------------- /src/main/resources/mappings/xdr/v3/email/restore_400_invalid_format.json: -------------------------------------------------------------------------------- 1 | { 2 | "priority": 1, 3 | "request": { 4 | "urlPath": "/v3.0/response/emails/restore", 5 | "method": "POST", 6 | "bodyPatterns": [ 7 | { 8 | "matchesJsonPath": "$[?(@.messageId == 'invalid_format')]" 9 | } 10 | ] 11 | }, 12 | "response": { 13 | "status": 400, 14 | "transformers": [ 15 | "response-template" 16 | ], 17 | "jsonBody": { 18 | "error": { 19 | "code": "BadRequest", 20 | "message": "Invalid request format." 21 | } 22 | }, 23 | "headers": { 24 | "Content-Type": "application/json" 25 | } 26 | } 27 | } -------------------------------------------------------------------------------- /src/main/resources/mappings/xdr/v3/object/get_exception_list_200.json: -------------------------------------------------------------------------------- 1 | { 2 | "request": { 3 | "urlPath": "/v3.0/threatintel/suspiciousObjectExceptions", 4 | "method": "GET" 5 | }, 6 | "response": { 7 | "status": 200, 8 | "transformers": [ 9 | "response-template" 10 | ], 11 | "jsonBody": { 12 | "items": [ 13 | { 14 | "url": "https://*.example.com/path1/*", 15 | "type": "url", 16 | "description": "object description", 17 | "lastModifiedDateTime": "{{now offset='-1 days'}}" 18 | } 19 | ] 20 | }, 21 | "headers": { 22 | "Content-Type": "application/json" 23 | } 24 | } 25 | } -------------------------------------------------------------------------------- /src/main/resources/mappings/xdr/v3/search/get_email_activity_data_count_200.json: -------------------------------------------------------------------------------- 1 | { 2 | "priority": 99, 3 | "request": { 4 | "urlPath": "/v3.0/search/emailActivities", 5 | "method": "GET", 6 | "headers": { 7 | "TMV1-Query": { 8 | "matches": ".+" 9 | } 10 | }, 11 | "queryParameters": { 12 | "mode": { 13 | "equalTo": "countOnly" 14 | } 15 | } 16 | }, 17 | "response": { 18 | "status": 200, 19 | "transformers": [ 20 | "response-template" 21 | ], 22 | "jsonBody": { 23 | "totalCount": 3123 24 | }, 25 | "headers": { 26 | "Content-Type": "application/json" 27 | } 28 | } 29 | } -------------------------------------------------------------------------------- /src/main/resources/mappings/xdr/v3/search/get_endpoint_activity_data_408_request_timeout.json: -------------------------------------------------------------------------------- 1 | { 2 | "priority": 1, 3 | "request": { 4 | "urlPath": "/v3.0/search/endpointActivities", 5 | "method": "GET", 6 | "headers": { 7 | "TMV1-Query": { 8 | "contains": "request_timeout" 9 | } 10 | } 11 | }, 12 | "response": { 13 | "status": 400, 14 | "transformers": [ 15 | "response-template" 16 | ], 17 | "jsonBody": { 18 | "error": { 19 | "code": "RequestTimeout", 20 | "message": "Request Timeout" 21 | } 22 | }, 23 | "headers": { 24 | "Content-Type": "application/json" 25 | } 26 | } 27 | } -------------------------------------------------------------------------------- /src/main/resources/mappings/xdr/v3/email/restore_403_access_denied.json: -------------------------------------------------------------------------------- 1 | { 2 | "priority": 1, 3 | "request": { 4 | "urlPath": "/v3.0/response/emails/restore", 5 | "method": "POST", 6 | "bodyPatterns": [ 7 | { 8 | "matchesJsonPath": "$[?(@.messageId == 'access_denied')]" 9 | } 10 | ] 11 | }, 12 | "response": { 13 | "status": 403, 14 | "transformers": [ 15 | "response-template" 16 | ], 17 | "jsonBody": { 18 | "error": { 19 | "code": "AccessDenied", 20 | "message": "Insufficient permissions." 21 | } 22 | }, 23 | "headers": { 24 | "Content-Type": "application/json" 25 | } 26 | } 27 | } -------------------------------------------------------------------------------- /src/main/resources/mappings/xdr/v3/object/add_block_list_400_invalid_format.json: -------------------------------------------------------------------------------- 1 | { 2 | "priority": 1, 3 | "request": { 4 | "urlPath": "/v3.0/response/suspiciousObjects", 5 | "method": "POST", 6 | "bodyPatterns": [ 7 | { 8 | "matchesJsonPath": "$[?(@.url == 'invalid_format')]" 9 | } 10 | ] 11 | }, 12 | "response": { 13 | "status": 400, 14 | "transformers": [ 15 | "response-template" 16 | ], 17 | "jsonBody": { 18 | "error": { 19 | "code": "BadRequest", 20 | "message": "Invalid request format." 21 | } 22 | }, 23 | "headers": { 24 | "Content-Type": "application/json" 25 | } 26 | } 27 | } -------------------------------------------------------------------------------- /src/main/resources/mappings/xdr/v3/search/get_email_activity_data_500_server_error.json: -------------------------------------------------------------------------------- 1 | { 2 | "priority": 1, 3 | "request": { 4 | "urlPath": "/v3.0/search/emailActivities", 5 | "method": "GET", 6 | "headers": { 7 | "TMV1-Query": { 8 | "contains": "server_error" 9 | } 10 | } 11 | }, 12 | "response": { 13 | "status": 500, 14 | "transformers": [ 15 | "response-template" 16 | ], 17 | "jsonBody": { 18 | "error": { 19 | "code": "InternalServerError", 20 | "message": "content returned by service" 21 | } 22 | }, 23 | "headers": { 24 | "Content-Type": "application/json" 25 | } 26 | } 27 | } -------------------------------------------------------------------------------- /src/main/resources/mappings/xdr/v3/search/get_endpoint_activity_data_count_200.json: -------------------------------------------------------------------------------- 1 | { 2 | "priority": 99, 3 | "request": { 4 | "urlPath": "/v3.0/search/endpointActivities", 5 | "method": "GET", 6 | "headers": { 7 | "TMV1-Query": { 8 | "matches": ".+" 9 | } 10 | }, 11 | "queryParameters": { 12 | "mode": { 13 | "equalTo": "countOnly" 14 | } 15 | } 16 | }, 17 | "response": { 18 | "status": 200, 19 | "transformers": [ 20 | "response-template" 21 | ], 22 | "jsonBody": { 23 | "totalCount": 2496 24 | }, 25 | "headers": { 26 | "Content-Type": "application/json" 27 | } 28 | } 29 | } -------------------------------------------------------------------------------- /src/main/resources/mappings/xdr/v3/workbench/alert/get_alert_details_400_bad_request.json: -------------------------------------------------------------------------------- 1 | { 2 | "priority": 1, 3 | "request": { 4 | "urlPath": "/v3.0/workbench/alerts/bad_request", 5 | "method": "GET" 6 | }, 7 | "response": { 8 | "status": 400, 9 | "transformers": [ 10 | "response-template" 11 | ], 12 | "jsonBody": { 13 | "error": { 14 | "code": "BadRequest", 15 | "message": "Unable to process the request. Verify that the request is properly formatted and try again. (Error code: 3090003)", 16 | "number": 3090003 17 | } 18 | }, 19 | "headers": { 20 | "Content-Type": "application/json" 21 | } 22 | } 23 | } -------------------------------------------------------------------------------- /src/main/resources/mappings/xdr/v3/account/enable_400_invalid_format.json: -------------------------------------------------------------------------------- 1 | { 2 | "priority": 1, 3 | "request": { 4 | "urlPath": "/v3.0/response/domainAccounts/enable", 5 | "method": "POST", 6 | "bodyPatterns": [ 7 | { 8 | "matchesJsonPath": "$[?(@.accountName == 'invalid_format')]" 9 | } 10 | ] 11 | }, 12 | "response": { 13 | "status": 400, 14 | "transformers": [ 15 | "response-template" 16 | ], 17 | "jsonBody": { 18 | "error": { 19 | "code": "BadRequest", 20 | "message": "Invalid request format." 21 | } 22 | }, 23 | "headers": { 24 | "Content-Type": "application/json" 25 | } 26 | } 27 | } -------------------------------------------------------------------------------- /src/main/resources/mappings/xdr/v3/email/delete_500_server_error.json: -------------------------------------------------------------------------------- 1 | { 2 | "priority": 1, 3 | "request": { 4 | "urlPath": "/v3.0/response/emails/delete", 5 | "method": "POST", 6 | "bodyPatterns": [ 7 | { 8 | "matchesJsonPath": "$[?(@.messageId == 'server_error')]" 9 | } 10 | ] 11 | }, 12 | "response": { 13 | "status": 500, 14 | "transformers": [ 15 | "response-template" 16 | ], 17 | "jsonBody": { 18 | "error": { 19 | "code": "InternalServerError", 20 | "message": "Internal server error." 21 | } 22 | }, 23 | "headers": { 24 | "Content-Type": "application/json" 25 | } 26 | } 27 | } 28 | -------------------------------------------------------------------------------- /src/main/resources/mappings/xdr/v3/email/quarantine_400_invalid_format.json: -------------------------------------------------------------------------------- 1 | { 2 | "priority": 1, 3 | "request": { 4 | "urlPath": "/v3.0/response/emails/quarantine", 5 | "method": "POST", 6 | "bodyPatterns": [ 7 | { 8 | "matchesJsonPath": "$[?(@.messageId == 'invalid_format')]" 9 | } 10 | ] 11 | }, 12 | "response": { 13 | "status": 400, 14 | "transformers": [ 15 | "response-template" 16 | ], 17 | "jsonBody": { 18 | "error": { 19 | "code": "BadRequest", 20 | "message": "Invalid request format." 21 | } 22 | }, 23 | "headers": { 24 | "Content-Type": "application/json" 25 | } 26 | } 27 | } -------------------------------------------------------------------------------- /src/main/resources/mappings/xdr/v3/email/quarantine_403_access_denied.json: -------------------------------------------------------------------------------- 1 | { 2 | "priority": 1, 3 | "request": { 4 | "urlPath": "/v3.0/response/emails/quarantine", 5 | "method": "POST", 6 | "bodyPatterns": [ 7 | { 8 | "matchesJsonPath": "$[?(@.messageId == 'access_denied')]" 9 | } 10 | ] 11 | }, 12 | "response": { 13 | "status": 403, 14 | "transformers": [ 15 | "response-template" 16 | ], 17 | "jsonBody": { 18 | "error": { 19 | "code": "AccessDenied", 20 | "message": "Insufficient permissions." 21 | } 22 | }, 23 | "headers": { 24 | "Content-Type": "application/json" 25 | } 26 | } 27 | } -------------------------------------------------------------------------------- /src/main/resources/mappings/xdr/v3/endpoint/isolate_400_invalid_format.json: -------------------------------------------------------------------------------- 1 | { 2 | "priority": 1, 3 | "request": { 4 | "urlPath": "/v3.0/response/endpoints/isolate", 5 | "method": "POST", 6 | "bodyPatterns": [ 7 | { 8 | "matchesJsonPath": "$[?(@.endpointName == 'invalid_format')]" 9 | } 10 | ] 11 | }, 12 | "response": { 13 | "status": 400, 14 | "transformers": [ 15 | "response-template" 16 | ], 17 | "jsonBody": { 18 | "error": { 19 | "code": "BadRequest", 20 | "message": "Invalid request format." 21 | } 22 | }, 23 | "headers": { 24 | "Content-Type": "application/json" 25 | } 26 | } 27 | } -------------------------------------------------------------------------------- /src/main/resources/mappings/xdr/v3/endpoint/restore_400_invalid_format.json: -------------------------------------------------------------------------------- 1 | { 2 | "priority": 1, 3 | "request": { 4 | "urlPath": "/v3.0/response/endpoints/restore", 5 | "method": "POST", 6 | "bodyPatterns": [ 7 | { 8 | "matchesJsonPath": "$[?(@.endpointName == 'invalid_format')]" 9 | } 10 | ] 11 | }, 12 | "response": { 13 | "status": 400, 14 | "transformers": [ 15 | "response-template" 16 | ], 17 | "jsonBody": { 18 | "error": { 19 | "code": "BadRequest", 20 | "message": "Invalid request format." 21 | } 22 | }, 23 | "headers": { 24 | "Content-Type": "application/json" 25 | } 26 | } 27 | } -------------------------------------------------------------------------------- /src/main/resources/mappings/xdr/v3/object/add_block_list_403_access_denied.json: -------------------------------------------------------------------------------- 1 | { 2 | "priority": 1, 3 | "request": { 4 | "urlPath": "/v3.0/response/suspiciousObjects", 5 | "method": "POST", 6 | "bodyPatterns": [ 7 | { 8 | "matchesJsonPath": "$[?(@.url == 'access_denied')]" 9 | } 10 | ] 11 | }, 12 | "response": { 13 | "status": 403, 14 | "transformers": [ 15 | "response-template" 16 | ], 17 | "jsonBody": { 18 | "error": { 19 | "code": "AccessDenied", 20 | "message": "Insufficient permissions." 21 | } 22 | }, 23 | "headers": { 24 | "Content-Type": "application/json" 25 | } 26 | } 27 | } -------------------------------------------------------------------------------- /src/main/resources/mappings/xdr/v3/object/add_suspicious_400_invalid_format.json: -------------------------------------------------------------------------------- 1 | { 2 | "priority": 1, 3 | "request": { 4 | "urlPath": "/v3.0/threatintel/suspiciousObjects", 5 | "method": "POST", 6 | "bodyPatterns": [ 7 | { 8 | "matchesJsonPath": "$[?(@.url == 'invalid_format')]" 9 | } 10 | ] 11 | }, 12 | "response": { 13 | "status": 400, 14 | "transformers": [ 15 | "response-template" 16 | ], 17 | "jsonBody": { 18 | "error": { 19 | "code": "BadRequest", 20 | "message": "Invalid request format." 21 | } 22 | }, 23 | "headers": { 24 | "Content-Type": "application/json" 25 | } 26 | } 27 | } -------------------------------------------------------------------------------- /src/main/resources/mappings/xdr/v3/object/add_suspicious_403_access_denied.json: -------------------------------------------------------------------------------- 1 | { 2 | "priority": 1, 3 | "request": { 4 | "urlPath": "/v3.0/threatintel/suspiciousObjects", 5 | "method": "POST", 6 | "bodyPatterns": [ 7 | { 8 | "matchesJsonPath": "$[?(@.url == 'access_denied')]" 9 | } 10 | ] 11 | }, 12 | "response": { 13 | "status": 403, 14 | "transformers": [ 15 | "response-template" 16 | ], 17 | "jsonBody": { 18 | "error": { 19 | "code": "AccessDenied", 20 | "message": "Insufficient permissions." 21 | } 22 | }, 23 | "headers": { 24 | "Content-Type": "application/json" 25 | } 26 | } 27 | } -------------------------------------------------------------------------------- /src/main/resources/mappings/xdr/v3/search/get_endpoint_activity_data_500_server_error.json: -------------------------------------------------------------------------------- 1 | { 2 | "priority": 1, 3 | "request": { 4 | "urlPath": "/v3.0/search/endpointActivities", 5 | "method": "GET", 6 | "headers": { 7 | "TMV1-Query": { 8 | "contains": "server_error" 9 | } 10 | } 11 | }, 12 | "response": { 13 | "status": 500, 14 | "transformers": [ 15 | "response-template" 16 | ], 17 | "jsonBody": { 18 | "error": { 19 | "code": "InternalServerError", 20 | "message": "content returned by service" 21 | } 22 | }, 23 | "headers": { 24 | "Content-Type": "application/json" 25 | } 26 | } 27 | } -------------------------------------------------------------------------------- /src/main/resources/mappings/xdr/v3/account/disable_400_invalid_format.json: -------------------------------------------------------------------------------- 1 | { 2 | "priority": 1, 3 | "request": { 4 | "urlPath": "/v3.0/response/domainAccounts/disable", 5 | "method": "POST", 6 | "bodyPatterns": [ 7 | { 8 | "matchesJsonPath": "$[?(@.accountName == 'invalid_format')]" 9 | } 10 | ] 11 | }, 12 | "response": { 13 | "status": 400, 14 | "transformers": [ 15 | "response-template" 16 | ], 17 | "jsonBody": { 18 | "error": { 19 | "code": "BadRequest", 20 | "message": "Invalid request format." 21 | } 22 | }, 23 | "headers": { 24 | "Content-Type": "application/json" 25 | } 26 | } 27 | } -------------------------------------------------------------------------------- /src/main/resources/mappings/xdr/v3/account/disable_403_access_denied.json: -------------------------------------------------------------------------------- 1 | { 2 | "priority": 1, 3 | "request": { 4 | "urlPath": "/v3.0/response/domainAccounts/disable", 5 | "method": "POST", 6 | "bodyPatterns": [ 7 | { 8 | "matchesJsonPath": "$[?(@.accountName == 'access_denied')]" 9 | } 10 | ] 11 | }, 12 | "response": { 13 | "status": 403, 14 | "transformers": [ 15 | "response-template" 16 | ], 17 | "jsonBody": { 18 | "error": { 19 | "code": "AccessDenied", 20 | "message": "Insufficient permissions." 21 | } 22 | }, 23 | "headers": { 24 | "Content-Type": "application/json" 25 | } 26 | } 27 | } -------------------------------------------------------------------------------- /src/main/resources/mappings/xdr/v3/account/enable_403_access_denied.json: -------------------------------------------------------------------------------- 1 | { 2 | "priority": 1, 3 | "request": { 4 | "urlPath": "/v3.0/response/domainAccounts/enable", 5 | "method": "POST", 6 | "bodyPatterns": [ 7 | { 8 | "matchesJsonPath": "$[?(@.accountName == 'access_denied')]" 9 | } 10 | ] 11 | }, 12 | "response": { 13 | "status": 403, 14 | "transformers": [ 15 | "response-template" 16 | ], 17 | "jsonBody": { 18 | "error": { 19 | "code": "AccessDenied", 20 | "message": "Insufficient permissions." 21 | } 22 | }, 23 | "headers": { 24 | "Content-Type": "application/json" 25 | } 26 | } 27 | } -------------------------------------------------------------------------------- /src/main/resources/mappings/xdr/v3/account/sign_out_400_invalid_format.json: -------------------------------------------------------------------------------- 1 | { 2 | "priority": 1, 3 | "request": { 4 | "urlPath": "/v3.0/response/domainAccounts/signOut", 5 | "method": "POST", 6 | "bodyPatterns": [ 7 | { 8 | "matchesJsonPath": "$[?(@.accountName == 'invalid_format')]" 9 | } 10 | ] 11 | }, 12 | "response": { 13 | "status": 400, 14 | "transformers": [ 15 | "response-template" 16 | ], 17 | "jsonBody": { 18 | "error": { 19 | "code": "BadRequest", 20 | "message": "Invalid request format." 21 | } 22 | }, 23 | "headers": { 24 | "Content-Type": "application/json" 25 | } 26 | } 27 | } -------------------------------------------------------------------------------- /src/main/resources/mappings/xdr/v3/account/sign_out_403_access_denied.json: -------------------------------------------------------------------------------- 1 | { 2 | "priority": 1, 3 | "request": { 4 | "urlPath": "/v3.0/response/domainAccounts/signOut", 5 | "method": "POST", 6 | "bodyPatterns": [ 7 | { 8 | "matchesJsonPath": "$[?(@.accountName == 'access_denied')]" 9 | } 10 | ] 11 | }, 12 | "response": { 13 | "status": 403, 14 | "transformers": [ 15 | "response-template" 16 | ], 17 | "jsonBody": { 18 | "error": { 19 | "code": "AccessDenied", 20 | "message": "Insufficient permissions." 21 | } 22 | }, 23 | "headers": { 24 | "Content-Type": "application/json" 25 | } 26 | } 27 | } -------------------------------------------------------------------------------- /src/main/resources/mappings/xdr/v3/common/get_task_500_internal_error.json: -------------------------------------------------------------------------------- 1 | { 2 | "priority": 1, 3 | "request": { 4 | "urlPath": "/v3.0/response/tasks/internal_error", 5 | "method": "GET" 6 | }, 7 | "response": { 8 | "status": 500, 9 | "transformers": [ 10 | "response-template" 11 | ], 12 | "jsonBody": { 13 | "error": { 14 | "code": "InternalServerError", 15 | "message": "An internal error has occurred. Please try again later. If the issue persists, contact your support provider. (Error code: 3090999)", 16 | "number": 3090999 17 | } 18 | }, 19 | "headers": { 20 | "Content-Type": "application/json" 21 | } 22 | } 23 | } -------------------------------------------------------------------------------- /src/main/resources/mappings/xdr/v3/email/restore_500_server_error.json: -------------------------------------------------------------------------------- 1 | { 2 | "priority": 1, 3 | "request": { 4 | "urlPath": "/v3.0/response/emails/restore", 5 | "method": "POST", 6 | "bodyPatterns": [ 7 | { 8 | "matchesJsonPath": "$[?(@.messageId == 'server_error')]" 9 | } 10 | ] 11 | }, 12 | "response": { 13 | "status": 500, 14 | "transformers": [ 15 | "response-template" 16 | ], 17 | "jsonBody": { 18 | "error": { 19 | "code": "InternalServerError", 20 | "message": "Internal server error." 21 | } 22 | }, 23 | "headers": { 24 | "Content-Type": "application/json" 25 | } 26 | } 27 | } 28 | -------------------------------------------------------------------------------- /src/main/resources/mappings/xdr/v3/endpoint/isolate_403_access_denied.json: -------------------------------------------------------------------------------- 1 | { 2 | "priority": 1, 3 | "request": { 4 | "urlPath": "/v3.0/response/endpoints/isolate", 5 | "method": "POST", 6 | "bodyPatterns": [ 7 | { 8 | "matchesJsonPath": "$[?(@.endpointName == 'access_denied')]" 9 | } 10 | ] 11 | }, 12 | "response": { 13 | "status": 403, 14 | "transformers": [ 15 | "response-template" 16 | ], 17 | "jsonBody": { 18 | "error": { 19 | "code": "AccessDenied", 20 | "message": "Insufficient permissions." 21 | } 22 | }, 23 | "headers": { 24 | "Content-Type": "application/json" 25 | } 26 | } 27 | } -------------------------------------------------------------------------------- /src/main/resources/mappings/xdr/v3/endpoint/restore_403_access_denied.json: -------------------------------------------------------------------------------- 1 | { 2 | "priority": 1, 3 | "request": { 4 | "urlPath": "/v3.0/response/endpoints/restore", 5 | "method": "POST", 6 | "bodyPatterns": [ 7 | { 8 | "matchesJsonPath": "$[?(@.endpointName == 'access_denied')]" 9 | } 10 | ] 11 | }, 12 | "response": { 13 | "status": 403, 14 | "transformers": [ 15 | "response-template" 16 | ], 17 | "jsonBody": { 18 | "error": { 19 | "code": "AccessDenied", 20 | "message": "Insufficient permissions." 21 | } 22 | }, 23 | "headers": { 24 | "Content-Type": "application/json" 25 | } 26 | } 27 | } -------------------------------------------------------------------------------- /src/main/resources/mappings/xdr/v3/object/add_suspicious_429_too_many_requests.json: -------------------------------------------------------------------------------- 1 | { 2 | "priority": 1, 3 | "request": { 4 | "urlPath": "/v3.0/threatintel/suspiciousObjects", 5 | "method": "POST", 6 | "bodyPatterns": [ 7 | { 8 | "matchesJsonPath": "$[?(@.url == 'too_many_requests')]" 9 | } 10 | ] 11 | }, 12 | "response": { 13 | "status": 429, 14 | "transformers": [ 15 | "response-template" 16 | ], 17 | "jsonBody": { 18 | "error": { 19 | "code": "TooManyRequests", 20 | "message": "Too many requests" 21 | } 22 | }, 23 | "headers": { 24 | "Content-Type": "application/json" 25 | } 26 | } 27 | } -------------------------------------------------------------------------------- /src/main/resources/mappings/xdr/v3/object/delete_block_list_400_invalid_format.json: -------------------------------------------------------------------------------- 1 | { 2 | "priority": 1, 3 | "request": { 4 | "urlPath": "/v3.0/response/suspiciousObjects/delete", 5 | "method": "POST", 6 | "bodyPatterns": [ 7 | { 8 | "matchesJsonPath": "$[?(@.url == 'invalid_format')]" 9 | } 10 | ] 11 | }, 12 | "response": { 13 | "status": 400, 14 | "transformers": [ 15 | "response-template" 16 | ], 17 | "jsonBody": { 18 | "error": { 19 | "code": "BadRequest", 20 | "message": "Invalid request format." 21 | } 22 | }, 23 | "headers": { 24 | "Content-Type": "application/json" 25 | } 26 | } 27 | } -------------------------------------------------------------------------------- /src/main/resources/mappings/xdr/v3/email/quarantine_500_server_error.json: -------------------------------------------------------------------------------- 1 | { 2 | "priority": 1, 3 | "request": { 4 | "urlPath": "/v3.0/response/emails/quarantine", 5 | "method": "POST", 6 | "bodyPatterns": [ 7 | { 8 | "matchesJsonPath": "$[?(@.messageId == 'server_error')]" 9 | } 10 | ] 11 | }, 12 | "response": { 13 | "status": 500, 14 | "transformers": [ 15 | "response-template" 16 | ], 17 | "jsonBody": { 18 | "error": { 19 | "code": "InternalServerError", 20 | "message": "Internal server error." 21 | } 22 | }, 23 | "headers": { 24 | "Content-Type": "application/json" 25 | } 26 | } 27 | } 28 | -------------------------------------------------------------------------------- /src/main/resources/mappings/xdr/v3/endpoint/collect_file_400_invalid_format.json: -------------------------------------------------------------------------------- 1 | { 2 | "priority": 1, 3 | "request": { 4 | "urlPath": "/v3.0/response/endpoints/collectFile", 5 | "method": "POST", 6 | "bodyPatterns": [ 7 | { 8 | "matchesJsonPath": "$[?(@.endpointName == 'invalid_format')]" 9 | } 10 | ] 11 | }, 12 | "response": { 13 | "status": 400, 14 | "transformers": [ 15 | "response-template" 16 | ], 17 | "jsonBody": { 18 | "error": { 19 | "code": "BadRequest", 20 | "message": "Invalid request format." 21 | } 22 | }, 23 | "headers": { 24 | "Content-Type": "application/json" 25 | } 26 | } 27 | } -------------------------------------------------------------------------------- /src/main/resources/mappings/xdr/v3/endpoint/collect_file_403_access_denied.json: -------------------------------------------------------------------------------- 1 | { 2 | "priority": 1, 3 | "request": { 4 | "urlPath": "/v3.0/response/endpoints/collectFile", 5 | "method": "POST", 6 | "bodyPatterns": [ 7 | { 8 | "matchesJsonPath": "$[?(@.endpointName == 'access_denied')]" 9 | } 10 | ] 11 | }, 12 | "response": { 13 | "status": 403, 14 | "transformers": [ 15 | "response-template" 16 | ], 17 | "jsonBody": { 18 | "error": { 19 | "code": "AccessDenied", 20 | "message": "Insufficient permissions." 21 | } 22 | }, 23 | "headers": { 24 | "Content-Type": "application/json" 25 | } 26 | } 27 | } -------------------------------------------------------------------------------- /src/main/resources/mappings/xdr/v3/endpoint/isolate_500_server_error.json: -------------------------------------------------------------------------------- 1 | { 2 | "priority": 1, 3 | "request": { 4 | "urlPath": "/v3.0/response/endpoints/isolate", 5 | "method": "POST", 6 | "bodyPatterns": [ 7 | { 8 | "matchesJsonPath": "$[?(@.endpointName == 'server_error')]" 9 | } 10 | ] 11 | }, 12 | "response": { 13 | "status": 500, 14 | "transformers": [ 15 | "response-template" 16 | ], 17 | "jsonBody": { 18 | "error": { 19 | "code": "InternalServerError", 20 | "message": "Internal server error." 21 | } 22 | }, 23 | "headers": { 24 | "Content-Type": "application/json" 25 | } 26 | } 27 | } 28 | -------------------------------------------------------------------------------- /src/main/resources/mappings/xdr/v3/endpoint/restore_500_server_error.json: -------------------------------------------------------------------------------- 1 | { 2 | "priority": 1, 3 | "request": { 4 | "urlPath": "/v3.0/response/endpoints/restore", 5 | "method": "POST", 6 | "bodyPatterns": [ 7 | { 8 | "matchesJsonPath": "$[?(@.endpointName == 'server_error')]" 9 | } 10 | ] 11 | }, 12 | "response": { 13 | "status": 500, 14 | "transformers": [ 15 | "response-template" 16 | ], 17 | "jsonBody": { 18 | "error": { 19 | "code": "InternalServerError", 20 | "message": "Internal server error." 21 | } 22 | }, 23 | "headers": { 24 | "Content-Type": "application/json" 25 | } 26 | } 27 | } 28 | -------------------------------------------------------------------------------- /src/main/resources/mappings/xdr/v3/object/add_block_list_500_server_error.json: -------------------------------------------------------------------------------- 1 | { 2 | "priority": 1, 3 | "request": { 4 | "urlPath": "/v3.0/response/suspiciousObjects", 5 | "method": "POST", 6 | "bodyPatterns": [ 7 | { 8 | "matchesJsonPath": "$[?(@.url == 'server_error')]" 9 | } 10 | ] 11 | }, 12 | "response": { 13 | "status": 500, 14 | "transformers": [ 15 | "response-template" 16 | ], 17 | "jsonBody": { 18 | "error": { 19 | "code": "InternalServerError", 20 | "message": "Internal server error." 21 | } 22 | }, 23 | "headers": { 24 | "Content-Type": "application/json" 25 | } 26 | } 27 | } 28 | -------------------------------------------------------------------------------- /src/main/resources/mappings/xdr/v3/object/add_exception_400_invalid_format.json: -------------------------------------------------------------------------------- 1 | { 2 | "priority": 1, 3 | "request": { 4 | "urlPath": "/v3.0/threatintel/suspiciousObjectExceptions", 5 | "method": "POST", 6 | "bodyPatterns": [ 7 | { 8 | "matchesJsonPath": "$[?(@.url == 'invalid_format')]" 9 | } 10 | ] 11 | }, 12 | "response": { 13 | "status": 400, 14 | "transformers": [ 15 | "response-template" 16 | ], 17 | "jsonBody": { 18 | "error": { 19 | "code": "BadRequest", 20 | "message": "Invalid request format." 21 | } 22 | }, 23 | "headers": { 24 | "Content-Type": "application/json" 25 | } 26 | } 27 | } -------------------------------------------------------------------------------- /src/main/resources/mappings/xdr/v3/object/add_exception_403_access_denied.json: -------------------------------------------------------------------------------- 1 | { 2 | "priority": 1, 3 | "request": { 4 | "urlPath": "/v3.0/threatintel/suspiciousObjectExceptions", 5 | "method": "POST", 6 | "bodyPatterns": [ 7 | { 8 | "matchesJsonPath": "$[?(@.url == 'access_denied')]" 9 | } 10 | ] 11 | }, 12 | "response": { 13 | "status": 403, 14 | "transformers": [ 15 | "response-template" 16 | ], 17 | "jsonBody": { 18 | "error": { 19 | "code": "AccessDenied", 20 | "message": "Insufficient permissions." 21 | } 22 | }, 23 | "headers": { 24 | "Content-Type": "application/json" 25 | } 26 | } 27 | } -------------------------------------------------------------------------------- /src/main/resources/mappings/xdr/v3/object/add_suspicious_500_server_error.json: -------------------------------------------------------------------------------- 1 | { 2 | "priority": 1, 3 | "request": { 4 | "urlPath": "/v3.0/threatintel/suspiciousObjects", 5 | "method": "POST", 6 | "bodyPatterns": [ 7 | { 8 | "matchesJsonPath": "$[?(@.url == 'server_error')]" 9 | } 10 | ] 11 | }, 12 | "response": { 13 | "status": 500, 14 | "transformers": [ 15 | "response-template" 16 | ], 17 | "jsonBody": { 18 | "error": { 19 | "code": "InternalServerError", 20 | "message": "Internal server error." 21 | } 22 | }, 23 | "headers": { 24 | "Content-Type": "application/json" 25 | } 26 | } 27 | } 28 | -------------------------------------------------------------------------------- /src/main/resources/mappings/xdr/v3/object/delete_block_list_403_access_denied.json: -------------------------------------------------------------------------------- 1 | { 2 | "priority": 1, 3 | "request": { 4 | "urlPath": "/v3.0/response/suspiciousObjects/delete", 5 | "method": "POST", 6 | "bodyPatterns": [ 7 | { 8 | "matchesJsonPath": "$[?(@.url == 'access_denied')]" 9 | } 10 | ] 11 | }, 12 | "response": { 13 | "status": 403, 14 | "transformers": [ 15 | "response-template" 16 | ], 17 | "jsonBody": { 18 | "error": { 19 | "code": "AccessDenied", 20 | "message": "Insufficient permissions." 21 | } 22 | }, 23 | "headers": { 24 | "Content-Type": "application/json" 25 | } 26 | } 27 | } -------------------------------------------------------------------------------- /src/main/resources/mappings/xdr/v3/object/delete_suspicious_400_invalid_format.json: -------------------------------------------------------------------------------- 1 | { 2 | "priority": 1, 3 | "request": { 4 | "urlPath": "/v3.0/threatintel/suspiciousObjects/delete", 5 | "method": "POST", 6 | "bodyPatterns": [ 7 | { 8 | "matchesJsonPath": "$[?(@.url == 'invalid_format')]" 9 | } 10 | ] 11 | }, 12 | "response": { 13 | "status": 400, 14 | "transformers": [ 15 | "response-template" 16 | ], 17 | "jsonBody": { 18 | "error": { 19 | "code": "BadRequest", 20 | "message": "Invalid request format." 21 | } 22 | }, 23 | "headers": { 24 | "Content-Type": "application/json" 25 | } 26 | } 27 | } -------------------------------------------------------------------------------- /src/main/resources/mappings/xdr/v3/object/delete_suspicious_403_access_denied.json: -------------------------------------------------------------------------------- 1 | { 2 | "priority": 1, 3 | "request": { 4 | "urlPath": "/v3.0/threatintel/suspiciousObjects/delete", 5 | "method": "POST", 6 | "bodyPatterns": [ 7 | { 8 | "matchesJsonPath": "$[?(@.url == 'access_denied')]" 9 | } 10 | ] 11 | }, 12 | "response": { 13 | "status": 403, 14 | "transformers": [ 15 | "response-template" 16 | ], 17 | "jsonBody": { 18 | "error": { 19 | "code": "AccessDenied", 20 | "message": "Insufficient permissions." 21 | } 22 | }, 23 | "headers": { 24 | "Content-Type": "application/json" 25 | } 26 | } 27 | } -------------------------------------------------------------------------------- /src/main/resources/mappings/xdr/v3/account/disable_500_server_error.json: -------------------------------------------------------------------------------- 1 | { 2 | "priority": 1, 3 | "request": { 4 | "urlPath": "/v3.0/response/domainAccounts/disable", 5 | "method": "POST", 6 | "bodyPatterns": [ 7 | { 8 | "matchesJsonPath": "$[?(@.accountName == 'server_error')]" 9 | } 10 | ] 11 | }, 12 | "response": { 13 | "status": 500, 14 | "transformers": [ 15 | "response-template" 16 | ], 17 | "jsonBody": { 18 | "error": { 19 | "code": "InternalServerError", 20 | "message": "Internal server error." 21 | } 22 | }, 23 | "headers": { 24 | "Content-Type": "application/json" 25 | } 26 | } 27 | } 28 | -------------------------------------------------------------------------------- /src/main/resources/mappings/xdr/v3/account/enable_500_server_error.json: -------------------------------------------------------------------------------- 1 | { 2 | "priority": 1, 3 | "request": { 4 | "urlPath": "/v3.0/response/domainAccounts/enable", 5 | "method": "POST", 6 | "bodyPatterns": [ 7 | { 8 | "matchesJsonPath": "$[?(@.accountName == 'server_error')]" 9 | } 10 | ] 11 | }, 12 | "response": { 13 | "status": 500, 14 | "transformers": [ 15 | "response-template" 16 | ], 17 | "jsonBody": { 18 | "error": { 19 | "code": "InternalServerError", 20 | "message": "Internal server error." 21 | } 22 | }, 23 | "headers": { 24 | "Content-Type": "application/json" 25 | } 26 | } 27 | } 28 | -------------------------------------------------------------------------------- /src/main/resources/mappings/xdr/v3/account/reset_password_400_invalid_format.json: -------------------------------------------------------------------------------- 1 | { 2 | "priority": 1, 3 | "request": { 4 | "urlPath": "/v3.0/response/domainAccounts/resetPassword", 5 | "method": "POST", 6 | "bodyPatterns": [ 7 | { 8 | "matchesJsonPath": "$[?(@.accountName == 'invalid_format')]" 9 | } 10 | ] 11 | }, 12 | "response": { 13 | "status": 400, 14 | "transformers": [ 15 | "response-template" 16 | ], 17 | "jsonBody": { 18 | "error": { 19 | "code": "BadRequest", 20 | "message": "Invalid request format." 21 | } 22 | }, 23 | "headers": { 24 | "Content-Type": "application/json" 25 | } 26 | } 27 | } -------------------------------------------------------------------------------- /src/main/resources/mappings/xdr/v3/account/sign_out_500_server_error.json: -------------------------------------------------------------------------------- 1 | { 2 | "priority": 1, 3 | "request": { 4 | "urlPath": "/v3.0/response/domainAccounts/signOut", 5 | "method": "POST", 6 | "bodyPatterns": [ 7 | { 8 | "matchesJsonPath": "$[?(@.accountName == 'server_error')]" 9 | } 10 | ] 11 | }, 12 | "response": { 13 | "status": 500, 14 | "transformers": [ 15 | "response-template" 16 | ], 17 | "jsonBody": { 18 | "error": { 19 | "code": "InternalServerError", 20 | "message": "Internal server error." 21 | } 22 | }, 23 | "headers": { 24 | "Content-Type": "application/json" 25 | } 26 | } 27 | } 28 | -------------------------------------------------------------------------------- /src/main/resources/mappings/xdr/v3/object/add_exception_429_too_many_requests.json: -------------------------------------------------------------------------------- 1 | { 2 | "priority": 1, 3 | "request": { 4 | "urlPath": "/v3.0/threatintel/suspiciousObjectExceptions", 5 | "method": "POST", 6 | "bodyPatterns": [ 7 | { 8 | "matchesJsonPath": "$[?(@.url == 'too_many_requests')]" 9 | } 10 | ] 11 | }, 12 | "response": { 13 | "status": 429, 14 | "transformers": [ 15 | "response-template" 16 | ], 17 | "jsonBody": { 18 | "error": { 19 | "code": "TooManyRequests", 20 | "message": "Too many requests" 21 | } 22 | }, 23 | "headers": { 24 | "Content-Type": "application/json" 25 | } 26 | } 27 | } -------------------------------------------------------------------------------- /src/main/resources/mappings/xdr/v3/object/delete_suspicious_429_too_many_requests.json: -------------------------------------------------------------------------------- 1 | { 2 | "priority": 1, 3 | "request": { 4 | "urlPath": "/v3.0/threatintel/suspiciousObjects/delete", 5 | "method": "POST", 6 | "bodyPatterns": [ 7 | { 8 | "matchesJsonPath": "$[?(@.url == 'too_many_requests')]" 9 | } 10 | ] 11 | }, 12 | "response": { 13 | "status": 429, 14 | "transformers": [ 15 | "response-template" 16 | ], 17 | "jsonBody": { 18 | "error": { 19 | "code": "TooManyRequests", 20 | "message": "Too many requests" 21 | } 22 | }, 23 | "headers": { 24 | "Content-Type": "application/json" 25 | } 26 | } 27 | } -------------------------------------------------------------------------------- /src/main/resources/mappings/xdr/v3/account/reset_password_403_access_denied.json: -------------------------------------------------------------------------------- 1 | { 2 | "priority": 1, 3 | "request": { 4 | "urlPath": "/v3.0/response/domainAccounts/resetPassword", 5 | "method": "POST", 6 | "bodyPatterns": [ 7 | { 8 | "matchesJsonPath": "$[?(@.accountName == 'access_denied')]" 9 | } 10 | ] 11 | }, 12 | "response": { 13 | "status": 403, 14 | "transformers": [ 15 | "response-template" 16 | ], 17 | "jsonBody": { 18 | "error": { 19 | "code": "AccessDenied", 20 | "message": "Insufficient permissions." 21 | } 22 | }, 23 | "headers": { 24 | "Content-Type": "application/json" 25 | } 26 | } 27 | } -------------------------------------------------------------------------------- /src/main/resources/mappings/xdr/v3/endpoint/collect_file_500_server_error.json: -------------------------------------------------------------------------------- 1 | { 2 | "priority": 1, 3 | "request": { 4 | "urlPath": "/v3.0/response/endpoints/collectFile", 5 | "method": "POST", 6 | "bodyPatterns": [ 7 | { 8 | "matchesJsonPath": "$[?(@.endpointName == 'server_error')]" 9 | } 10 | ] 11 | }, 12 | "response": { 13 | "status": 500, 14 | "transformers": [ 15 | "response-template" 16 | ], 17 | "jsonBody": { 18 | "error": { 19 | "code": "InternalServerError", 20 | "message": "Internal server error." 21 | } 22 | }, 23 | "headers": { 24 | "Content-Type": "application/json" 25 | } 26 | } 27 | } 28 | -------------------------------------------------------------------------------- /src/main/resources/mappings/xdr/v3/endpoint/terminate_process_400_invalid_format.json: -------------------------------------------------------------------------------- 1 | { 2 | "priority": 1, 3 | "request": { 4 | "urlPath": "/v3.0/response/endpoints/terminateProcess", 5 | "method": "POST", 6 | "bodyPatterns": [ 7 | { 8 | "matchesJsonPath": "$[?(@.endpointName == 'invalid_format')]" 9 | } 10 | ] 11 | }, 12 | "response": { 13 | "status": 400, 14 | "transformers": [ 15 | "response-template" 16 | ], 17 | "jsonBody": { 18 | "error": { 19 | "code": "BadRequest", 20 | "message": "Invalid request format." 21 | } 22 | }, 23 | "headers": { 24 | "Content-Type": "application/json" 25 | } 26 | } 27 | } -------------------------------------------------------------------------------- /src/main/resources/mappings/xdr/v3/endpoint/terminate_process_403_access_denied.json: -------------------------------------------------------------------------------- 1 | { 2 | "priority": 1, 3 | "request": { 4 | "urlPath": "/v3.0/response/endpoints/terminateProcess", 5 | "method": "POST", 6 | "bodyPatterns": [ 7 | { 8 | "matchesJsonPath": "$[?(@.endpointName == 'access_denied')]" 9 | } 10 | ] 11 | }, 12 | "response": { 13 | "status": 403, 14 | "transformers": [ 15 | "response-template" 16 | ], 17 | "jsonBody": { 18 | "error": { 19 | "code": "AccessDenied", 20 | "message": "Insufficient permissions." 21 | } 22 | }, 23 | "headers": { 24 | "Content-Type": "application/json" 25 | } 26 | } 27 | } -------------------------------------------------------------------------------- /src/main/resources/mappings/xdr/v3/object/add_exception_500_server_error.json: -------------------------------------------------------------------------------- 1 | { 2 | "priority": 1, 3 | "request": { 4 | "urlPath": "/v3.0/threatintel/suspiciousObjectExceptions", 5 | "method": "POST", 6 | "bodyPatterns": [ 7 | { 8 | "matchesJsonPath": "$[?(@.url == 'server_error')]" 9 | } 10 | ] 11 | }, 12 | "response": { 13 | "status": 500, 14 | "transformers": [ 15 | "response-template" 16 | ], 17 | "jsonBody": { 18 | "error": { 19 | "code": "InternalServerError", 20 | "message": "Internal server error." 21 | } 22 | }, 23 | "headers": { 24 | "Content-Type": "application/json" 25 | } 26 | } 27 | } 28 | -------------------------------------------------------------------------------- /src/main/resources/mappings/xdr/v3/object/delete_block_list_500_server_error.json: -------------------------------------------------------------------------------- 1 | { 2 | "priority": 1, 3 | "request": { 4 | "urlPath": "/v3.0/response/suspiciousObjects/delete", 5 | "method": "POST", 6 | "bodyPatterns": [ 7 | { 8 | "matchesJsonPath": "$[?(@.url == 'server_error')]" 9 | } 10 | ] 11 | }, 12 | "response": { 13 | "status": 500, 14 | "transformers": [ 15 | "response-template" 16 | ], 17 | "jsonBody": { 18 | "error": { 19 | "code": "InternalServerError", 20 | "message": "Internal server error." 21 | } 22 | }, 23 | "headers": { 24 | "Content-Type": "application/json" 25 | } 26 | } 27 | } 28 | -------------------------------------------------------------------------------- /src/main/resources/mappings/xdr/v3/object/delete_exception_400_invalid_format.json: -------------------------------------------------------------------------------- 1 | { 2 | "priority": 1, 3 | "request": { 4 | "urlPath": "/v3.0/threatintel/suspiciousObjectExceptions/delete", 5 | "method": "POST", 6 | "bodyPatterns": [ 7 | { 8 | "matchesJsonPath": "$[?(@.url == 'invalid_format')]" 9 | } 10 | ] 11 | }, 12 | "response": { 13 | "status": 400, 14 | "transformers": [ 15 | "response-template" 16 | ], 17 | "jsonBody": { 18 | "error": { 19 | "code": "BadRequest", 20 | "message": "Invalid request format." 21 | } 22 | }, 23 | "headers": { 24 | "Content-Type": "application/json" 25 | } 26 | } 27 | } -------------------------------------------------------------------------------- /src/main/resources/mappings/xdr/v3/object/delete_exception_403_access_denied.json: -------------------------------------------------------------------------------- 1 | { 2 | "priority": 1, 3 | "request": { 4 | "urlPath": "/v3.0/threatintel/suspiciousObjectExceptions/delete", 5 | "method": "POST", 6 | "bodyPatterns": [ 7 | { 8 | "matchesJsonPath": "$[?(@.url == 'access_denied')]" 9 | } 10 | ] 11 | }, 12 | "response": { 13 | "status": 403, 14 | "transformers": [ 15 | "response-template" 16 | ], 17 | "jsonBody": { 18 | "error": { 19 | "code": "AccessDenied", 20 | "message": "Insufficient permissions." 21 | } 22 | }, 23 | "headers": { 24 | "Content-Type": "application/json" 25 | } 26 | } 27 | } -------------------------------------------------------------------------------- /src/main/resources/mappings/xdr/v3/object/delete_suspicious_500_server_error.json: -------------------------------------------------------------------------------- 1 | { 2 | "priority": 1, 3 | "request": { 4 | "urlPath": "/v3.0/threatintel/suspiciousObjects/delete", 5 | "method": "POST", 6 | "bodyPatterns": [ 7 | { 8 | "matchesJsonPath": "$[?(@.url == 'server_error')]" 9 | } 10 | ] 11 | }, 12 | "response": { 13 | "status": 500, 14 | "transformers": [ 15 | "response-template" 16 | ], 17 | "jsonBody": { 18 | "error": { 19 | "code": "InternalServerError", 20 | "message": "Internal server error." 21 | } 22 | }, 23 | "headers": { 24 | "Content-Type": "application/json" 25 | } 26 | } 27 | } 28 | -------------------------------------------------------------------------------- /src/main/resources/mappings/xdr/v3/object/delete_exception_429_too_many_requests.json: -------------------------------------------------------------------------------- 1 | { 2 | "priority": 1, 3 | "request": { 4 | "urlPath": "/v3.0/threatintel/suspiciousObjectExceptions/delete", 5 | "method": "POST", 6 | "bodyPatterns": [ 7 | { 8 | "matchesJsonPath": "$[?(@.url == 'too_many_requests')]" 9 | } 10 | ] 11 | }, 12 | "response": { 13 | "status": 429, 14 | "transformers": [ 15 | "response-template" 16 | ], 17 | "jsonBody": { 18 | "error": { 19 | "code": "TooManyRequests", 20 | "message": "Too many requests" 21 | } 22 | }, 23 | "headers": { 24 | "Content-Type": "application/json" 25 | } 26 | } 27 | } -------------------------------------------------------------------------------- /src/main/resources/mappings/xdr/v3/account/reset_password_500_server_error.json: -------------------------------------------------------------------------------- 1 | { 2 | "priority": 1, 3 | "request": { 4 | "urlPath": "/v3.0/response/domainAccounts/resetPassword", 5 | "method": "POST", 6 | "bodyPatterns": [ 7 | { 8 | "matchesJsonPath": "$[?(@.accountName == 'server_error')]" 9 | } 10 | ] 11 | }, 12 | "response": { 13 | "status": 500, 14 | "transformers": [ 15 | "response-template" 16 | ], 17 | "jsonBody": { 18 | "error": { 19 | "code": "InternalServerError", 20 | "message": "Internal server error." 21 | } 22 | }, 23 | "headers": { 24 | "Content-Type": "application/json" 25 | } 26 | } 27 | } 28 | -------------------------------------------------------------------------------- /src/main/resources/mappings/xdr/v3/endpoint/terminate_process_500_server_error.json: -------------------------------------------------------------------------------- 1 | { 2 | "priority": 1, 3 | "request": { 4 | "urlPath": "/v3.0/response/endpoints/terminateProcess", 5 | "method": "POST", 6 | "bodyPatterns": [ 7 | { 8 | "matchesJsonPath": "$[?(@.endpointName == 'server_error')]" 9 | } 10 | ] 11 | }, 12 | "response": { 13 | "status": 500, 14 | "transformers": [ 15 | "response-template" 16 | ], 17 | "jsonBody": { 18 | "error": { 19 | "code": "InternalServerError", 20 | "message": "Internal server error." 21 | } 22 | }, 23 | "headers": { 24 | "Content-Type": "application/json" 25 | } 26 | } 27 | } 28 | -------------------------------------------------------------------------------- /src/main/resources/mappings/xdr/v3/object/delete_exception_500_server_error.json: -------------------------------------------------------------------------------- 1 | { 2 | "priority": 1, 3 | "request": { 4 | "urlPath": "/v3.0/threatintel/suspiciousObjectExceptions/delete", 5 | "method": "POST", 6 | "bodyPatterns": [ 7 | { 8 | "matchesJsonPath": "$[?(@.url == 'server_error')]" 9 | } 10 | ] 11 | }, 12 | "response": { 13 | "status": 500, 14 | "transformers": [ 15 | "response-template" 16 | ], 17 | "jsonBody": { 18 | "error": { 19 | "code": "InternalServerError", 20 | "message": "Internal server error." 21 | } 22 | }, 23 | "headers": { 24 | "Content-Type": "application/json" 25 | } 26 | } 27 | } 28 | -------------------------------------------------------------------------------- /src/main/resources/mappings/xdr/v2/endpoint/collect_file.json: -------------------------------------------------------------------------------- 1 | { 2 | "request": { 3 | "urlPathPattern": "/v2.0/xdr/response/collectFile", 4 | "method": "POST", 5 | "bodyPatterns": [ 6 | { 7 | "matchesJsonPath": "$.productId" 8 | }, 9 | { 10 | "matchesJsonPath": "$.computerId" 11 | }, 12 | { 13 | "matchesJsonPath": "$.filePath" 14 | }, 15 | { 16 | "matchesJsonPath": "$.os" 17 | } 18 | ] 19 | }, 20 | "response": { 21 | "status": 200, 22 | "jsonBody": { 23 | "actionId": 88139521, 24 | "taskStatus": "pending" 25 | }, 26 | "headers": { 27 | "Content-Type": "application/json" 28 | } 29 | } 30 | } -------------------------------------------------------------------------------- /src/main/resources/mappings/xdr/v3/scripts/list_custom_script_200.json: -------------------------------------------------------------------------------- 1 | { 2 | "request": { 3 | "urlPath": "/v3.0/response/customScripts", 4 | "method": "GET", 5 | "queryParameters": { 6 | "filter": { 7 | "matches": ".*" 8 | } 9 | } 10 | }, 11 | "response": { 12 | "status": 200, 13 | "transformers": [ 14 | "response-template" 15 | ], 16 | "jsonBody": { 17 | "items": [ 18 | { 19 | "id": "44c99cb0-8c5f-4182-af55-62135dbe32f1", 20 | "fileName": "random_script.ps1", 21 | "fileType": "powershell", 22 | "description": "string" 23 | } 24 | ] 25 | }, 26 | "headers": { 27 | "Content-Type": "application/json" 28 | } 29 | } 30 | } -------------------------------------------------------------------------------- /src/main/resources/mappings/xdr/v3/workbench/alert/get_alert_list_500_server_error.json: -------------------------------------------------------------------------------- 1 | { 2 | "priority": 1, 3 | "request": { 4 | "urlPath": "/v3.0/workbench/alerts", 5 | "method": "GET", 6 | "queryParameters": { 7 | "startDateTime": { 8 | "matches": "server_error" 9 | }, 10 | "endDateTime": { 11 | "matches": ".*" 12 | } 13 | } 14 | }, 15 | "response": { 16 | "status": 500, 17 | "transformers": [ 18 | "response-template" 19 | ], 20 | "jsonBody": { 21 | "error": { 22 | "code": "InternalServerError", 23 | "message": "Internal Server Error" 24 | } 25 | }, 26 | "headers": { 27 | "Content-Type": "application/json" 28 | } 29 | } 30 | } -------------------------------------------------------------------------------- /src/main/resources/mappings/xdr/v3/api_keys/get_api_key_200.json: -------------------------------------------------------------------------------- 1 | { 2 | "request": { 3 | "urlPathPattern": "/v3.0/iam/apiKeys/.*", 4 | "method": "GET" 5 | }, 6 | "response": { 7 | "status": 200, 8 | "transformers": [ 9 | "response-template" 10 | ], 11 | "jsonBody": { 12 | "id": "d367abdd-7739-4129-a36a-862c4ec018b4", 13 | "name": "test", 14 | "status": "enabled", 15 | "role": "Master Administrator", 16 | "description": "this is a test apikey", 17 | "lastUsedDateTime": "2023-02-06T10:00:00Z", 18 | "expiredDateTime": "2025-02-06T10:00:00Z" 19 | }, 20 | "headers": { 21 | "Content-Type": "application/json", 22 | "ETag": "d41d8cd98f00b204e9800998ecf8427e" 23 | } 24 | } 25 | } -------------------------------------------------------------------------------- /src/main/resources/mappings/xdr/v3/connectivity/check_availability_500.json: -------------------------------------------------------------------------------- 1 | { 2 | "priority": 1, 3 | "request": { 4 | "urlPath": "/v3.0/healthcheck/connectivity", 5 | "method": "GET", 6 | "headers": { 7 | "Authorization": { 8 | "contains": "SERVER_ERROR" 9 | } 10 | } 11 | }, 12 | "response": { 13 | "status": 500, 14 | "transformers": [ 15 | "response-template" 16 | ], 17 | "jsonBody": { 18 | "error": { 19 | "code": "InternalServerError", 20 | "message": "Internal error", 21 | "innererror": { 22 | "code": "InternalServerError", 23 | "service": "svp" 24 | } 25 | } 26 | }, 27 | "headers": { 28 | "Content-Type": "application/json" 29 | } 30 | } 31 | } -------------------------------------------------------------------------------- /src/main/resources/mappings/xdr/v3/object/add_suspicious_207_400_bad_request.json: -------------------------------------------------------------------------------- 1 | { 2 | "priority": 1, 3 | "request": { 4 | "urlPath": "/v3.0/threatintel/suspiciousObjects", 5 | "method": "POST", 6 | "bodyPatterns": [ 7 | { 8 | "matchesJsonPath": "$[?(@.url == 'bad_request')]" 9 | } 10 | ] 11 | }, 12 | "response": { 13 | "status": 207, 14 | "transformers": [ 15 | "response-template" 16 | ], 17 | "jsonBody": [ 18 | { 19 | "status": 400, 20 | "body": { 21 | "error": { 22 | "code": "BadRequest", 23 | "message": "Bad request" 24 | } 25 | } 26 | } 27 | ], 28 | "headers": { 29 | "Content-Type": "application/json" 30 | } 31 | } 32 | } -------------------------------------------------------------------------------- /src/main/resources/mappings/xdr/v3/object/delete_suspicious_207_404_not_found.json: -------------------------------------------------------------------------------- 1 | { 2 | "priority": 1, 3 | "request": { 4 | "urlPath": "/v3.0/threatintel/suspiciousObjects/delete", 5 | "method": "POST", 6 | "bodyPatterns": [ 7 | { 8 | "matchesJsonPath": "$[?(@.url == 'not_found')]" 9 | } 10 | ] 11 | }, 12 | "response": { 13 | "status": 207, 14 | "transformers": [ 15 | "response-template" 16 | ], 17 | "jsonBody": [ 18 | { 19 | "status": 404, 20 | "body": { 21 | "error": { 22 | "code": "NotFound", 23 | "message": "Not found" 24 | } 25 | } 26 | } 27 | ], 28 | "headers": { 29 | "Content-Type": "application/json" 30 | } 31 | } 32 | } -------------------------------------------------------------------------------- /src/main/resources/mappings/xdr/v3/email/delete_207_400_target_not_found.json: -------------------------------------------------------------------------------- 1 | { 2 | "priority": 1, 3 | "request": { 4 | "urlPath": "/v3.0/response/emails/delete", 5 | "method": "POST", 6 | "bodyPatterns": [ 7 | { 8 | "matchesJsonPath": "$[?(@.messageId == 'target_not_found')]" 9 | } 10 | ] 11 | }, 12 | "response": { 13 | "status": 207, 14 | "transformers": [ 15 | "response-template" 16 | ], 17 | "jsonBody": [ 18 | { 19 | "status": 400, 20 | "body": { 21 | "error": { 22 | "code": "BadRequest", 23 | "message": "Target not found." 24 | } 25 | } 26 | } 27 | ], 28 | "headers": { 29 | "Content-Type": "application/json" 30 | } 31 | } 32 | } -------------------------------------------------------------------------------- /src/main/resources/mappings/xdr/v3/email/delete_207_403_feature_disabled.json: -------------------------------------------------------------------------------- 1 | { 2 | "priority": 1, 3 | "request": { 4 | "urlPath": "/v3.0/response/emails/delete", 5 | "method": "POST", 6 | "bodyPatterns": [ 7 | { 8 | "matchesJsonPath": "$[?(@.messageId == 'feature_disabled')]" 9 | } 10 | ] 11 | }, 12 | "response": { 13 | "status": 207, 14 | "transformers": [ 15 | "response-template" 16 | ], 17 | "jsonBody": [ 18 | { 19 | "status": 403, 20 | "body": { 21 | "error": { 22 | "code": "AccessDenied", 23 | "message": "Feature disabled." 24 | } 25 | } 26 | } 27 | ], 28 | "headers": { 29 | "Content-Type": "application/json" 30 | } 31 | } 32 | } -------------------------------------------------------------------------------- /src/main/resources/mappings/xdr/v3/email/restore_207_400_target_not_found.json: -------------------------------------------------------------------------------- 1 | { 2 | "priority": 1, 3 | "request": { 4 | "urlPath": "/v3.0/response/emails/restore", 5 | "method": "POST", 6 | "bodyPatterns": [ 7 | { 8 | "matchesJsonPath": "$[?(@.messageId == 'target_not_found')]" 9 | } 10 | ] 11 | }, 12 | "response": { 13 | "status": 207, 14 | "transformers": [ 15 | "response-template" 16 | ], 17 | "jsonBody": [ 18 | { 19 | "status": 400, 20 | "body": { 21 | "error": { 22 | "code": "BadRequest", 23 | "message": "Target not found." 24 | } 25 | } 26 | } 27 | ], 28 | "headers": { 29 | "Content-Type": "application/json" 30 | } 31 | } 32 | } -------------------------------------------------------------------------------- /src/main/resources/mappings/xdr/v3/object/add_exception_207_400_bad_request.json: -------------------------------------------------------------------------------- 1 | { 2 | "priority": 1, 3 | "request": { 4 | "urlPath": "/v3.0/threatintel/suspiciousObjectExceptions", 5 | "method": "POST", 6 | "bodyPatterns": [ 7 | { 8 | "matchesJsonPath": "$[?(@.url == 'bad_request')]" 9 | } 10 | ] 11 | }, 12 | "response": { 13 | "status": 207, 14 | "transformers": [ 15 | "response-template" 16 | ], 17 | "jsonBody": [ 18 | { 19 | "status": 400, 20 | "body": { 21 | "error": { 22 | "code": "BadRequest", 23 | "message": "Bad request" 24 | } 25 | } 26 | } 27 | ], 28 | "headers": { 29 | "Content-Type": "application/json" 30 | } 31 | } 32 | } -------------------------------------------------------------------------------- /src/main/resources/mappings/xdr/v3/account/disable_207_202.json: -------------------------------------------------------------------------------- 1 | { 2 | "priority": 9, 3 | "request": { 4 | "urlPath": "/v3.0/response/domainAccounts/disable", 5 | "method": "POST", 6 | "bodyPatterns": [ 7 | { 8 | "matchesJsonPath": "$..accountName" 9 | } 10 | ] 11 | }, 12 | "response": { 13 | "status": 207, 14 | "transformers": [ 15 | "response-template" 16 | ], 17 | "jsonBody": [ 18 | { 19 | "status": 202, 20 | "headers": [ 21 | { 22 | "name": "Operation-Location", 23 | "value": "{{request.baseUrl}}/v3.0/xdr/response/tasks/00000009" 24 | } 25 | ] 26 | } 27 | ], 28 | "headers": { 29 | "Content-Type": "application/json" 30 | } 31 | } 32 | } -------------------------------------------------------------------------------- /src/main/resources/mappings/xdr/v3/account/enable_207_202.json: -------------------------------------------------------------------------------- 1 | { 2 | "priority": 9, 3 | "request": { 4 | "urlPath": "/v3.0/response/domainAccounts/enable", 5 | "method": "POST", 6 | "bodyPatterns": [ 7 | { 8 | "matchesJsonPath": "$..accountName" 9 | } 10 | ] 11 | }, 12 | "response": { 13 | "status": 207, 14 | "transformers": [ 15 | "response-template" 16 | ], 17 | "jsonBody": [ 18 | { 19 | "status": 202, 20 | "headers": [ 21 | { 22 | "name": "Operation-Location", 23 | "value": "{{request.baseUrl}}/v3.0/xdr/response/tasks/00000010" 24 | } 25 | ] 26 | } 27 | ], 28 | "headers": { 29 | "Content-Type": "application/json" 30 | } 31 | } 32 | } -------------------------------------------------------------------------------- /src/main/resources/mappings/xdr/v3/account/sign_out_207_202.json: -------------------------------------------------------------------------------- 1 | { 2 | "priority": 9, 3 | "request": { 4 | "urlPath": "/v3.0/response/domainAccounts/signOut", 5 | "method": "POST", 6 | "bodyPatterns": [ 7 | { 8 | "matchesJsonPath": "$..accountName" 9 | } 10 | ] 11 | }, 12 | "response": { 13 | "status": 207, 14 | "transformers": [ 15 | "response-template" 16 | ], 17 | "jsonBody": [ 18 | { 19 | "status": 202, 20 | "headers": [ 21 | { 22 | "name": "Operation-Location", 23 | "value": "{{request.baseUrl}}/v3.0/xdr/response/tasks/00000012" 24 | } 25 | ] 26 | } 27 | ], 28 | "headers": { 29 | "Content-Type": "application/json" 30 | } 31 | } 32 | } -------------------------------------------------------------------------------- /src/main/resources/mappings/xdr/v3/email/restore_207_403_feature_disabled.json: -------------------------------------------------------------------------------- 1 | { 2 | "priority": 1, 3 | "request": { 4 | "urlPath": "/v3.0/response/emails/restore", 5 | "method": "POST", 6 | "bodyPatterns": [ 7 | { 8 | "matchesJsonPath": "$[?(@.messageId == 'feature_disabled')]" 9 | } 10 | ] 11 | }, 12 | "response": { 13 | "status": 207, 14 | "transformers": [ 15 | "response-template" 16 | ], 17 | "jsonBody": [ 18 | { 19 | "status": 403, 20 | "body": { 21 | "error": { 22 | "code": "AccessDenied", 23 | "message": "Feature disabled." 24 | } 25 | } 26 | } 27 | ], 28 | "headers": { 29 | "Content-Type": "application/json" 30 | } 31 | } 32 | } -------------------------------------------------------------------------------- /src/main/resources/mappings/xdr/v3/object/add_block_list_207_400_target_not_found.json: -------------------------------------------------------------------------------- 1 | { 2 | "priority": 1, 3 | "request": { 4 | "urlPath": "/v3.0/response/suspiciousObjects", 5 | "method": "POST", 6 | "bodyPatterns": [ 7 | { 8 | "matchesJsonPath": "$[?(@.url == 'target_not_found')]" 9 | } 10 | ] 11 | }, 12 | "response": { 13 | "status": 207, 14 | "transformers": [ 15 | "response-template" 16 | ], 17 | "jsonBody": [ 18 | { 19 | "status": 400, 20 | "body": { 21 | "error": { 22 | "code": "BadRequest", 23 | "message": "Target not found." 24 | } 25 | } 26 | } 27 | ], 28 | "headers": { 29 | "Content-Type": "application/json" 30 | } 31 | } 32 | } -------------------------------------------------------------------------------- /src/main/resources/mappings/xdr/v3/object/delete_exception_207_404_not_found.json: -------------------------------------------------------------------------------- 1 | { 2 | "priority": 1, 3 | "request": { 4 | "urlPath": "/v3.0/threatintel/suspiciousObjectExceptions/delete", 5 | "method": "POST", 6 | "bodyPatterns": [ 7 | { 8 | "matchesJsonPath": "$[?(@.url == 'not_found')]" 9 | } 10 | ] 11 | }, 12 | "response": { 13 | "status": 207, 14 | "transformers": [ 15 | "response-template" 16 | ], 17 | "jsonBody": [ 18 | { 19 | "status": 404, 20 | "body": { 21 | "error": { 22 | "code": "NotFound", 23 | "message": "Not found" 24 | } 25 | } 26 | } 27 | ], 28 | "headers": { 29 | "Content-Type": "application/json" 30 | } 31 | } 32 | } -------------------------------------------------------------------------------- /src/main/resources/mappings/xdr/v3/object/delete_suspicious_207_400_bad_request.json: -------------------------------------------------------------------------------- 1 | { 2 | "priority": 1, 3 | "request": { 4 | "urlPath": "/v3.0/threatintel/suspiciousObjects/delete", 5 | "method": "POST", 6 | "bodyPatterns": [ 7 | { 8 | "matchesJsonPath": "$[?(@.url == 'bad_request')]" 9 | } 10 | ] 11 | }, 12 | "response": { 13 | "status": 207, 14 | "transformers": [ 15 | "response-template" 16 | ], 17 | "jsonBody": [ 18 | { 19 | "status": 400, 20 | "body": { 21 | "error": { 22 | "code": "BadRequest", 23 | "message": "Bad request" 24 | } 25 | } 26 | } 27 | ], 28 | "headers": { 29 | "Content-Type": "application/json" 30 | } 31 | } 32 | } -------------------------------------------------------------------------------- /src/main/resources/mappings/xdr/v3/account/enable_207_400_target_not_found.json: -------------------------------------------------------------------------------- 1 | { 2 | "priority": 1, 3 | "request": { 4 | "urlPath": "/v3.0/response/domainAccounts/enable", 5 | "method": "POST", 6 | "bodyPatterns": [ 7 | { 8 | "matchesJsonPath": "$[?(@.accountName == 'target_not_found')]" 9 | } 10 | ] 11 | }, 12 | "response": { 13 | "status": 207, 14 | "transformers": [ 15 | "response-template" 16 | ], 17 | "jsonBody": [ 18 | { 19 | "status": 400, 20 | "body": { 21 | "error": { 22 | "code": "BadRequest", 23 | "message": "Target not found." 24 | } 25 | } 26 | } 27 | ], 28 | "headers": { 29 | "Content-Type": "application/json" 30 | } 31 | } 32 | } -------------------------------------------------------------------------------- /src/main/resources/mappings/xdr/v3/email/delete_207_202.json: -------------------------------------------------------------------------------- 1 | { 2 | "priority": 9, 3 | "request": { 4 | "urlPath": "/v3.0/response/emails/delete", 5 | "method": "POST", 6 | "bodyPatterns": [ 7 | { 8 | "matchesJsonPath": "$[?(@.messageId || @.uniqueId)]" 9 | } 10 | ] 11 | }, 12 | "response": { 13 | "status": 207, 14 | "transformers": [ 15 | "response-template" 16 | ], 17 | "jsonBody": [ 18 | { 19 | "status": 202, 20 | "headers": [ 21 | { 22 | "name": "Operation-Location", 23 | "value": "{{request.baseUrl}}/v3.0/xdr/response/tasks/00000001" 24 | } 25 | ] 26 | } 27 | ], 28 | "headers": { 29 | "Content-Type": "application/json" 30 | } 31 | } 32 | } -------------------------------------------------------------------------------- /src/main/resources/mappings/xdr/v3/email/quarantine_207_400_target_not_found.json: -------------------------------------------------------------------------------- 1 | { 2 | "priority": 1, 3 | "request": { 4 | "urlPath": "/v3.0/response/emails/quarantine", 5 | "method": "POST", 6 | "bodyPatterns": [ 7 | { 8 | "matchesJsonPath": "$[?(@.messageId == 'target_not_found')]" 9 | } 10 | ] 11 | }, 12 | "response": { 13 | "status": 207, 14 | "transformers": [ 15 | "response-template" 16 | ], 17 | "jsonBody": [ 18 | { 19 | "status": 400, 20 | "body": { 21 | "error": { 22 | "code": "BadRequest", 23 | "message": "Target not found." 24 | } 25 | } 26 | } 27 | ], 28 | "headers": { 29 | "Content-Type": "application/json" 30 | } 31 | } 32 | } -------------------------------------------------------------------------------- /src/main/resources/mappings/xdr/v3/email/quarantine_207_403_feature_disabled.json: -------------------------------------------------------------------------------- 1 | { 2 | "priority": 1, 3 | "request": { 4 | "urlPath": "/v3.0/response/emails/quarantine", 5 | "method": "POST", 6 | "bodyPatterns": [ 7 | { 8 | "matchesJsonPath": "$[?(@.messageId == 'feature_disabled')]" 9 | } 10 | ] 11 | }, 12 | "response": { 13 | "status": 207, 14 | "transformers": [ 15 | "response-template" 16 | ], 17 | "jsonBody": [ 18 | { 19 | "status": 403, 20 | "body": { 21 | "error": { 22 | "code": "AccessDenied", 23 | "message": "Feature disabled." 24 | } 25 | } 26 | } 27 | ], 28 | "headers": { 29 | "Content-Type": "application/json" 30 | } 31 | } 32 | } -------------------------------------------------------------------------------- /src/main/resources/mappings/xdr/v3/email/restore_207_202.json: -------------------------------------------------------------------------------- 1 | { 2 | "priority": 9, 3 | "request": { 4 | "urlPath": "/v3.0/response/emails/restore", 5 | "method": "POST", 6 | "bodyPatterns": [ 7 | { 8 | "matchesJsonPath": "$[?(@.messageId || @.uniqueId)]" 9 | } 10 | ] 11 | }, 12 | "response": { 13 | "status": 207, 14 | "transformers": [ 15 | "response-template" 16 | ], 17 | "jsonBody": [ 18 | { 19 | "status": 202, 20 | "headers": [ 21 | { 22 | "name": "Operation-Location", 23 | "value": "{{request.baseUrl}}/v3.0/xdr/response/tasks/00000003" 24 | } 25 | ] 26 | } 27 | ], 28 | "headers": { 29 | "Content-Type": "application/json" 30 | } 31 | } 32 | } -------------------------------------------------------------------------------- /src/main/resources/mappings/xdr/v3/endpoint/isolate_207_400_target_not_found.json: -------------------------------------------------------------------------------- 1 | { 2 | "priority": 1, 3 | "request": { 4 | "urlPath": "/v3.0/response/endpoints/isolate", 5 | "method": "POST", 6 | "bodyPatterns": [ 7 | { 8 | "matchesJsonPath": "$[?(@.endpointName == 'target_not_found')]" 9 | } 10 | ] 11 | }, 12 | "response": { 13 | "status": 207, 14 | "transformers": [ 15 | "response-template" 16 | ], 17 | "jsonBody": [ 18 | { 19 | "status": 400, 20 | "body": { 21 | "error": { 22 | "code": "BadRequest", 23 | "message": "Target not found." 24 | } 25 | } 26 | } 27 | ], 28 | "headers": { 29 | "Content-Type": "application/json" 30 | } 31 | } 32 | } -------------------------------------------------------------------------------- /src/main/resources/mappings/xdr/v3/endpoint/restore_207_400_target_not_found.json: -------------------------------------------------------------------------------- 1 | { 2 | "priority": 1, 3 | "request": { 4 | "urlPath": "/v3.0/response/endpoints/restore", 5 | "method": "POST", 6 | "bodyPatterns": [ 7 | { 8 | "matchesJsonPath": "$[?(@.endpointName == 'target_not_found')]" 9 | } 10 | ] 11 | }, 12 | "response": { 13 | "status": 207, 14 | "transformers": [ 15 | "response-template" 16 | ], 17 | "jsonBody": [ 18 | { 19 | "status": 400, 20 | "body": { 21 | "error": { 22 | "code": "BadRequest", 23 | "message": "Target not found." 24 | } 25 | } 26 | } 27 | ], 28 | "headers": { 29 | "Content-Type": "application/json" 30 | } 31 | } 32 | } -------------------------------------------------------------------------------- /src/main/resources/mappings/xdr/v3/object/add_block_list_207_403_feature_disabled.json: -------------------------------------------------------------------------------- 1 | { 2 | "priority": 1, 3 | "request": { 4 | "urlPath": "/v3.0/response/suspiciousObjects", 5 | "method": "POST", 6 | "bodyPatterns": [ 7 | { 8 | "matchesJsonPath": "$[?(@.url == 'feature_disabled')]" 9 | } 10 | ] 11 | }, 12 | "response": { 13 | "status": 207, 14 | "transformers": [ 15 | "response-template" 16 | ], 17 | "jsonBody": [ 18 | { 19 | "status": 403, 20 | "body": { 21 | "error": { 22 | "code": "AccessDenied", 23 | "message": "Feature disabled." 24 | } 25 | } 26 | } 27 | ], 28 | "headers": { 29 | "Content-Type": "application/json" 30 | } 31 | } 32 | } -------------------------------------------------------------------------------- /src/main/resources/mappings/xdr/v3/object/delete_exception_207_400_bad_request.json: -------------------------------------------------------------------------------- 1 | { 2 | "priority": 1, 3 | "request": { 4 | "urlPath": "/v3.0/threatintel/suspiciousObjectExceptions/delete", 5 | "method": "POST", 6 | "bodyPatterns": [ 7 | { 8 | "matchesJsonPath": "$[?(@.url == 'bad_request')]" 9 | } 10 | ] 11 | }, 12 | "response": { 13 | "status": 207, 14 | "transformers": [ 15 | "response-template" 16 | ], 17 | "jsonBody": [ 18 | { 19 | "status": 400, 20 | "body": { 21 | "error": { 22 | "code": "BadRequest", 23 | "message": "Bad request" 24 | } 25 | } 26 | } 27 | ], 28 | "headers": { 29 | "Content-Type": "application/json" 30 | } 31 | } 32 | } -------------------------------------------------------------------------------- /src/main/resources/mappings/xdr/v3/sandbox/report/get_sandbox_suspicious_list_200.json: -------------------------------------------------------------------------------- 1 | { 2 | "priority": 1, 3 | "request": { 4 | "urlPathPattern": "/v3.0/sandbox/analysisResults/.*/suspiciousObjects", 5 | "method": "GET" 6 | }, 7 | "response": { 8 | "status": 200, 9 | "transformers": [ 10 | "response-template" 11 | ], 12 | "jsonBody": { 13 | "items": [ 14 | { 15 | "riskLevel": "high", 16 | "analysisCompletionDateTime": "{{now offset='-10 seconds'}}", 17 | "expiredDateTime": "{{now offset='1 days'}}", 18 | "rootSha1": "fb5608fa03de204a12fe1e9e5275e4a682107471", 19 | "ip": "6.6.6.6" 20 | } 21 | ] 22 | }, 23 | "headers": { 24 | "Content-Type": "application/json" 25 | } 26 | } 27 | } -------------------------------------------------------------------------------- /src/main/resources/mappings/xdr/v2/object/get_exception_list.json: -------------------------------------------------------------------------------- 1 | { 2 | "request": { 3 | "urlPath": "/v2.0/xdr/threatintel/suspiciousObjects/exceptions", 4 | "method": "GET" 5 | }, 6 | "response": { 7 | "status": 200, 8 | "jsonBody": { 9 | "data": { 10 | "nextLink": "https://api.xdr.trendmicro.com/v2.0/xdr/threatintel/suspiciousObjects/exceptions?limit=20&skipToken=eyJpZCI6IjI1MGQxMmE3ZDQyMmVhM", 11 | "exceptionList": [ 12 | { 13 | "type": "domain", 14 | "value": "1.alisiosanguera.com.cn", 15 | "description": "Example object.", 16 | "lastModified": "2021-03-22T03:08:40Z" 17 | } 18 | ] 19 | } 20 | }, 21 | "headers": { 22 | "Content-Type": "application/json" 23 | } 24 | } 25 | } -------------------------------------------------------------------------------- /src/main/resources/mappings/xdr/v3/account/disable_207_400_target_not_found.json: -------------------------------------------------------------------------------- 1 | { 2 | "priority": 1, 3 | "request": { 4 | "urlPath": "/v3.0/response/domainAccounts/disable", 5 | "method": "POST", 6 | "bodyPatterns": [ 7 | { 8 | "matchesJsonPath": "$[?(@.accountName == 'target_not_found')]" 9 | } 10 | ] 11 | }, 12 | "response": { 13 | "status": 207, 14 | "transformers": [ 15 | "response-template" 16 | ], 17 | "jsonBody": [ 18 | { 19 | "status": 400, 20 | "body": { 21 | "error": { 22 | "code": "BadRequest", 23 | "message": "Target not found." 24 | } 25 | } 26 | } 27 | ], 28 | "headers": { 29 | "Content-Type": "application/json" 30 | } 31 | } 32 | } -------------------------------------------------------------------------------- /src/main/resources/mappings/xdr/v3/account/disable_207_403_feature_disabled.json: -------------------------------------------------------------------------------- 1 | { 2 | "priority": 1, 3 | "request": { 4 | "urlPath": "/v3.0/response/domainAccounts/disable", 5 | "method": "POST", 6 | "bodyPatterns": [ 7 | { 8 | "matchesJsonPath": "$[?(@.accountName == 'feature_disabled')]" 9 | } 10 | ] 11 | }, 12 | "response": { 13 | "status": 207, 14 | "transformers": [ 15 | "response-template" 16 | ], 17 | "jsonBody": [ 18 | { 19 | "status": 403, 20 | "body": { 21 | "error": { 22 | "code": "AccessDenied", 23 | "message": "Feature disabled." 24 | } 25 | } 26 | } 27 | ], 28 | "headers": { 29 | "Content-Type": "application/json" 30 | } 31 | } 32 | } -------------------------------------------------------------------------------- /src/main/resources/mappings/xdr/v3/account/enable_207_403_feature_disabled.json: -------------------------------------------------------------------------------- 1 | { 2 | "priority": 1, 3 | "request": { 4 | "urlPath": "/v3.0/response/domainAccounts/enable", 5 | "method": "POST", 6 | "bodyPatterns": [ 7 | { 8 | "matchesJsonPath": "$[?(@.accountName == 'feature_disabled')]" 9 | } 10 | ] 11 | }, 12 | "response": { 13 | "status": 207, 14 | "transformers": [ 15 | "response-template" 16 | ], 17 | "jsonBody": [ 18 | { 19 | "status": 403, 20 | "body": { 21 | "error": { 22 | "code": "AccessDenied", 23 | "message": "Feature disabled." 24 | } 25 | } 26 | } 27 | ], 28 | "headers": { 29 | "Content-Type": "application/json" 30 | } 31 | } 32 | } -------------------------------------------------------------------------------- /src/main/resources/mappings/xdr/v3/account/sign_out_207_400_target_not_found.json: -------------------------------------------------------------------------------- 1 | { 2 | "priority": 1, 3 | "request": { 4 | "urlPath": "/v3.0/response/domainAccounts/signOut", 5 | "method": "POST", 6 | "bodyPatterns": [ 7 | { 8 | "matchesJsonPath": "$[?(@.accountName == 'target_not_found')]" 9 | } 10 | ] 11 | }, 12 | "response": { 13 | "status": 207, 14 | "transformers": [ 15 | "response-template" 16 | ], 17 | "jsonBody": [ 18 | { 19 | "status": 400, 20 | "body": { 21 | "error": { 22 | "code": "BadRequest", 23 | "message": "Target not found." 24 | } 25 | } 26 | } 27 | ], 28 | "headers": { 29 | "Content-Type": "application/json" 30 | } 31 | } 32 | } -------------------------------------------------------------------------------- /src/main/resources/mappings/xdr/v3/account/sign_out_207_403_feature_disabled.json: -------------------------------------------------------------------------------- 1 | { 2 | "priority": 1, 3 | "request": { 4 | "urlPath": "/v3.0/response/domainAccounts/signOut", 5 | "method": "POST", 6 | "bodyPatterns": [ 7 | { 8 | "matchesJsonPath": "$[?(@.accountName == 'feature_disabled')]" 9 | } 10 | ] 11 | }, 12 | "response": { 13 | "status": 207, 14 | "transformers": [ 15 | "response-template" 16 | ], 17 | "jsonBody": [ 18 | { 19 | "status": 403, 20 | "body": { 21 | "error": { 22 | "code": "AccessDenied", 23 | "message": "Feature disabled." 24 | } 25 | } 26 | } 27 | ], 28 | "headers": { 29 | "Content-Type": "application/json" 30 | } 31 | } 32 | } -------------------------------------------------------------------------------- /src/main/resources/mappings/xdr/v3/endpoint/isolate_207_403_feature_disabled.json: -------------------------------------------------------------------------------- 1 | { 2 | "priority": 1, 3 | "request": { 4 | "urlPath": "/v3.0/response/endpoints/isolate", 5 | "method": "POST", 6 | "bodyPatterns": [ 7 | { 8 | "matchesJsonPath": "$[?(@.endpointName == 'feature_disabled')]" 9 | } 10 | ] 11 | }, 12 | "response": { 13 | "status": 207, 14 | "transformers": [ 15 | "response-template" 16 | ], 17 | "jsonBody": [ 18 | { 19 | "status": 403, 20 | "body": { 21 | "error": { 22 | "code": "AccessDenied", 23 | "message": "Feature disabled." 24 | } 25 | } 26 | } 27 | ], 28 | "headers": { 29 | "Content-Type": "application/json" 30 | } 31 | } 32 | } -------------------------------------------------------------------------------- /src/main/resources/mappings/xdr/v3/endpoint/restore_207_403_feature_disabled.json: -------------------------------------------------------------------------------- 1 | { 2 | "priority": 1, 3 | "request": { 4 | "urlPath": "/v3.0/response/endpoints/restore", 5 | "method": "POST", 6 | "bodyPatterns": [ 7 | { 8 | "matchesJsonPath": "$[?(@.endpointName == 'feature_disabled')]" 9 | } 10 | ] 11 | }, 12 | "response": { 13 | "status": 207, 14 | "transformers": [ 15 | "response-template" 16 | ], 17 | "jsonBody": [ 18 | { 19 | "status": 403, 20 | "body": { 21 | "error": { 22 | "code": "AccessDenied", 23 | "message": "Feature disabled." 24 | } 25 | } 26 | } 27 | ], 28 | "headers": { 29 | "Content-Type": "application/json" 30 | } 31 | } 32 | } -------------------------------------------------------------------------------- /src/main/resources/mappings/xdr/v3/object/delete_block_list_207_400_target_not_found.json: -------------------------------------------------------------------------------- 1 | { 2 | "priority": 1, 3 | "request": { 4 | "urlPath": "/v3.0/response/suspiciousObjects/delete", 5 | "method": "POST", 6 | "bodyPatterns": [ 7 | { 8 | "matchesJsonPath": "$[?(@.url == 'target_not_found')]" 9 | } 10 | ] 11 | }, 12 | "response": { 13 | "status": 207, 14 | "transformers": [ 15 | "response-template" 16 | ], 17 | "jsonBody": [ 18 | { 19 | "status": 400, 20 | "body": { 21 | "error": { 22 | "code": "BadRequest", 23 | "message": "Target not found." 24 | } 25 | } 26 | } 27 | ], 28 | "headers": { 29 | "Content-Type": "application/json" 30 | } 31 | } 32 | } -------------------------------------------------------------------------------- /src/main/resources/mappings/xdr/v3/account/reset_password_207_202.json: -------------------------------------------------------------------------------- 1 | { 2 | "priority": 9, 3 | "request": { 4 | "urlPath": "/v3.0/response/domainAccounts/resetPassword", 5 | "method": "POST", 6 | "bodyPatterns": [ 7 | { 8 | "matchesJsonPath": "$..accountName" 9 | } 10 | ] 11 | }, 12 | "response": { 13 | "status": 207, 14 | "transformers": [ 15 | "response-template" 16 | ], 17 | "jsonBody": [ 18 | { 19 | "status": 202, 20 | "headers": [ 21 | { 22 | "name": "Operation-Location", 23 | "value": "{{request.baseUrl}}/v3.0/xdr/response/tasks/00000011" 24 | } 25 | ] 26 | } 27 | ], 28 | "headers": { 29 | "Content-Type": "application/json" 30 | } 31 | } 32 | } -------------------------------------------------------------------------------- /src/main/resources/mappings/xdr/v3/common/get_task_200.json: -------------------------------------------------------------------------------- 1 | { 2 | "priority": 99, 3 | "request": { 4 | "urlPathPattern": "/v3.0/response/tasks/.*", 5 | "method": "GET" 6 | }, 7 | "response": { 8 | "status": 200, 9 | "transformers": [ 10 | "response-template" 11 | ], 12 | "jsonBody": { 13 | "id": "00000004", 14 | "status": "succeeded", 15 | "createdDateTime": "{{now offset='-1 minutes'}}", 16 | "lastActionDateTime": "{{now offset='-1 minutes'}}", 17 | "description": "task description", 18 | "action": "isolate", 19 | "account": "test", 20 | "agentGuid": "cb9c8412-1f64-4fa0-a36b-76bf41a07ede", 21 | "endpointName": "trend-host-1" 22 | }, 23 | "headers": { 24 | "Content-Type": "application/json" 25 | } 26 | } 27 | } -------------------------------------------------------------------------------- /src/main/resources/mappings/xdr/v3/email/quarantine_207_202.json: -------------------------------------------------------------------------------- 1 | { 2 | "priority": 9, 3 | "request": { 4 | "urlPath": "/v3.0/response/emails/quarantine", 5 | "method": "POST", 6 | "bodyPatterns": [ 7 | { 8 | "matchesJsonPath": "$[?(@.messageId || @.uniqueId)]" 9 | } 10 | ] 11 | }, 12 | "response": { 13 | "status": 207, 14 | "transformers": [ 15 | "response-template" 16 | ], 17 | "jsonBody": [ 18 | { 19 | "status": 202, 20 | "headers": [ 21 | { 22 | "name": "Operation-Location", 23 | "value": "{{request.baseUrl}}/v3.0/xdr/response/tasks/00000002" 24 | } 25 | ] 26 | } 27 | ], 28 | "headers": { 29 | "Content-Type": "application/json" 30 | } 31 | } 32 | } -------------------------------------------------------------------------------- /src/main/resources/mappings/xdr/v3/endpoint/collect_file_207_400_target_not_found.json: -------------------------------------------------------------------------------- 1 | { 2 | "priority": 1, 3 | "request": { 4 | "urlPath": "/v3.0/response/endpoints/collectFile", 5 | "method": "POST", 6 | "bodyPatterns": [ 7 | { 8 | "matchesJsonPath": "$[?(@.endpointName == 'target_not_found')]" 9 | } 10 | ] 11 | }, 12 | "response": { 13 | "status": 207, 14 | "transformers": [ 15 | "response-template" 16 | ], 17 | "jsonBody": [ 18 | { 19 | "status": 400, 20 | "body": { 21 | "error": { 22 | "code": "BadRequest", 23 | "message": "Target not found." 24 | } 25 | } 26 | } 27 | ], 28 | "headers": { 29 | "Content-Type": "application/json" 30 | } 31 | } 32 | } -------------------------------------------------------------------------------- /src/main/resources/mappings/xdr/v3/endpoint/collect_file_207_403_feature_disabled.json: -------------------------------------------------------------------------------- 1 | { 2 | "priority": 1, 3 | "request": { 4 | "urlPath": "/v3.0/response/endpoints/collectFile", 5 | "method": "POST", 6 | "bodyPatterns": [ 7 | { 8 | "matchesJsonPath": "$[?(@.endpointName == 'feature_disabled')]" 9 | } 10 | ] 11 | }, 12 | "response": { 13 | "status": 207, 14 | "transformers": [ 15 | "response-template" 16 | ], 17 | "jsonBody": [ 18 | { 19 | "status": 403, 20 | "body": { 21 | "error": { 22 | "code": "AccessDenied", 23 | "message": "Feature disabled." 24 | } 25 | } 26 | } 27 | ], 28 | "headers": { 29 | "Content-Type": "application/json" 30 | } 31 | } 32 | } -------------------------------------------------------------------------------- /src/main/resources/mappings/xdr/v3/endpoint/isolate_207_202.json: -------------------------------------------------------------------------------- 1 | { 2 | "priority": 9, 3 | "request": { 4 | "urlPath": "/v3.0/response/endpoints/isolate", 5 | "method": "POST", 6 | "bodyPatterns": [ 7 | { 8 | "matchesJsonPath": "$[?(@.agentGuid || @.endpointName)]" 9 | } 10 | ] 11 | }, 12 | "response": { 13 | "status": 207, 14 | "transformers": [ 15 | "response-template" 16 | ], 17 | "jsonBody": [ 18 | { 19 | "status": 202, 20 | "headers": [ 21 | { 22 | "name": "Operation-Location", 23 | "value": "{{request.baseUrl}}/v3.0/xdr/response/tasks/00000004" 24 | } 25 | ] 26 | } 27 | ], 28 | "headers": { 29 | "Content-Type": "application/json" 30 | } 31 | } 32 | } -------------------------------------------------------------------------------- /src/main/resources/mappings/xdr/v3/endpoint/restore_207_202.json: -------------------------------------------------------------------------------- 1 | { 2 | "priority": 9, 3 | "request": { 4 | "urlPath": "/v3.0/response/endpoints/restore", 5 | "method": "POST", 6 | "bodyPatterns": [ 7 | { 8 | "matchesJsonPath": "$[?(@.agentGuid || @.endpointName)]" 9 | } 10 | ] 11 | }, 12 | "response": { 13 | "status": 207, 14 | "transformers": [ 15 | "response-template" 16 | ], 17 | "jsonBody": [ 18 | { 19 | "status": 202, 20 | "headers": [ 21 | { 22 | "name": "Operation-Location", 23 | "value": "{{request.baseUrl}}/v3.0/xdr/response/tasks/00000005" 24 | } 25 | ] 26 | } 27 | ], 28 | "headers": { 29 | "Content-Type": "application/json" 30 | } 31 | } 32 | } -------------------------------------------------------------------------------- /src/main/resources/mappings/xdr/v3/object/delete_block_list_207_403_feature_disabled.json: -------------------------------------------------------------------------------- 1 | { 2 | "priority": 1, 3 | "request": { 4 | "urlPath": "/v3.0/response/suspiciousObjects/delete", 5 | "method": "POST", 6 | "bodyPatterns": [ 7 | { 8 | "matchesJsonPath": "$[?(@.url == 'feature_disabled')]" 9 | } 10 | ] 11 | }, 12 | "response": { 13 | "status": 207, 14 | "transformers": [ 15 | "response-template" 16 | ], 17 | "jsonBody": [ 18 | { 19 | "status": 403, 20 | "body": { 21 | "error": { 22 | "code": "AccessDenied", 23 | "message": "Feature disabled." 24 | } 25 | } 26 | } 27 | ], 28 | "headers": { 29 | "Content-Type": "application/json" 30 | } 31 | } 32 | } -------------------------------------------------------------------------------- /src/main/resources/mappings/xdr/v3/workbench/alert/add_note_400_bad_request.json: -------------------------------------------------------------------------------- 1 | { 2 | "priority": 1, 3 | "request": { 4 | "urlPathPattern": "/v3.0/workbench/alerts/.*/notes", 5 | "method": "POST", 6 | "bodyPatterns": [ 7 | { 8 | "matchesJsonPath": "$[?(@.content == 'bad_request')]" 9 | } 10 | ] 11 | }, 12 | "response": { 13 | "status": 400, 14 | "transformers": [ 15 | "response-template" 16 | ], 17 | "jsonBody": { 18 | "error": { 19 | "code": "BadRequest", 20 | "message": "Unable to process the request. Verify that the request is properly formatted and try again. (Error code: 3090003)", 21 | "number": 3090003 22 | } 23 | }, 24 | "headers": { 25 | "Content-Type": "application/json" 26 | } 27 | } 28 | } -------------------------------------------------------------------------------- /src/main/resources/mappings/xdr/v3/account/reset_password_207_400_target_not_found.json: -------------------------------------------------------------------------------- 1 | { 2 | "priority": 1, 3 | "request": { 4 | "urlPath": "/v3.0/response/domainAccounts/resetPassword", 5 | "method": "POST", 6 | "bodyPatterns": [ 7 | { 8 | "matchesJsonPath": "$[?(@.accountName == 'target_not_found')]" 9 | } 10 | ] 11 | }, 12 | "response": { 13 | "status": 207, 14 | "transformers": [ 15 | "response-template" 16 | ], 17 | "jsonBody": [ 18 | { 19 | "status": 400, 20 | "body": { 21 | "error": { 22 | "code": "BadRequest", 23 | "message": "Target not found." 24 | } 25 | } 26 | } 27 | ], 28 | "headers": { 29 | "Content-Type": "application/json" 30 | } 31 | } 32 | } -------------------------------------------------------------------------------- /src/main/resources/mappings/xdr/v3/email/delete_207_403_insufficient_permissions.json: -------------------------------------------------------------------------------- 1 | { 2 | "priority": 1, 3 | "request": { 4 | "urlPath": "/v3.0/response/emails/delete", 5 | "method": "POST", 6 | "bodyPatterns": [ 7 | { 8 | "matchesJsonPath": "$[?(@.messageId == 'insufficient_permissions')]" 9 | } 10 | ] 11 | }, 12 | "response": { 13 | "status": 207, 14 | "transformers": [ 15 | "response-template" 16 | ], 17 | "jsonBody": [ 18 | { 19 | "status": 403, 20 | "body": { 21 | "error": { 22 | "code": "AccessDenied", 23 | "message": "Insufficient permissions." 24 | } 25 | } 26 | } 27 | ], 28 | "headers": { 29 | "Content-Type": "application/json" 30 | } 31 | } 32 | } -------------------------------------------------------------------------------- /src/main/resources/mappings/xdr/v3/email/delete_207_500_internal_server_error.json: -------------------------------------------------------------------------------- 1 | { 2 | "priority": 1, 3 | "request": { 4 | "urlPath": "/v3.0/response/emails/delete", 5 | "method": "POST", 6 | "bodyPatterns": [ 7 | { 8 | "matchesJsonPath": "$[?(@.messageId == 'internal_server_error')]" 9 | } 10 | ] 11 | }, 12 | "response": { 13 | "status": 207, 14 | "transformers": [ 15 | "response-template" 16 | ], 17 | "jsonBody": [ 18 | { 19 | "status": 500, 20 | "body": { 21 | "error": { 22 | "code": "InternalServerError", 23 | "message": "Internal server error." 24 | } 25 | } 26 | } 27 | ], 28 | "headers": { 29 | "Content-Type": "application/json" 30 | } 31 | } 32 | } -------------------------------------------------------------------------------- /src/main/resources/mappings/xdr/v3/email/restore_207_500_internal_server_error.json: -------------------------------------------------------------------------------- 1 | { 2 | "priority": 1, 3 | "request": { 4 | "urlPath": "/v3.0/response/emails/restore", 5 | "method": "POST", 6 | "bodyPatterns": [ 7 | { 8 | "matchesJsonPath": "$[?(@.messageId == 'internal_server_error')]" 9 | } 10 | ] 11 | }, 12 | "response": { 13 | "status": 207, 14 | "transformers": [ 15 | "response-template" 16 | ], 17 | "jsonBody": [ 18 | { 19 | "status": 500, 20 | "body": { 21 | "error": { 22 | "code": "InternalServerError", 23 | "message": "Internal server error." 24 | } 25 | } 26 | } 27 | ], 28 | "headers": { 29 | "Content-Type": "application/json" 30 | } 31 | } 32 | } -------------------------------------------------------------------------------- /src/main/resources/mappings/xdr/v3/account/reset_password_207_403_feature_disabled.json: -------------------------------------------------------------------------------- 1 | { 2 | "priority": 1, 3 | "request": { 4 | "urlPath": "/v3.0/response/domainAccounts/resetPassword", 5 | "method": "POST", 6 | "bodyPatterns": [ 7 | { 8 | "matchesJsonPath": "$[?(@.accountName == 'feature_disabled')]" 9 | } 10 | ] 11 | }, 12 | "response": { 13 | "status": 207, 14 | "transformers": [ 15 | "response-template" 16 | ], 17 | "jsonBody": [ 18 | { 19 | "status": 403, 20 | "body": { 21 | "error": { 22 | "code": "AccessDenied", 23 | "message": "Feature disabled." 24 | } 25 | } 26 | } 27 | ], 28 | "headers": { 29 | "Content-Type": "application/json" 30 | } 31 | } 32 | } -------------------------------------------------------------------------------- /src/main/resources/mappings/xdr/v3/email/quarantine_207_500_internal_server_error.json: -------------------------------------------------------------------------------- 1 | { 2 | "priority": 1, 3 | "request": { 4 | "urlPath": "/v3.0/response/emails/quarantine", 5 | "method": "POST", 6 | "bodyPatterns": [ 7 | { 8 | "matchesJsonPath": "$[?(@.messageId == 'internal_server_error')]" 9 | } 10 | ] 11 | }, 12 | "response": { 13 | "status": 207, 14 | "transformers": [ 15 | "response-template" 16 | ], 17 | "jsonBody": [ 18 | { 19 | "status": 500, 20 | "body": { 21 | "error": { 22 | "code": "InternalServerError", 23 | "message": "Internal server error." 24 | } 25 | } 26 | } 27 | ], 28 | "headers": { 29 | "Content-Type": "application/json" 30 | } 31 | } 32 | } -------------------------------------------------------------------------------- /src/main/resources/mappings/xdr/v3/email/restore_207_403_insufficient_permissions.json: -------------------------------------------------------------------------------- 1 | { 2 | "priority": 1, 3 | "request": { 4 | "urlPath": "/v3.0/response/emails/restore", 5 | "method": "POST", 6 | "bodyPatterns": [ 7 | { 8 | "matchesJsonPath": "$[?(@.messageId == 'insufficient_permissions')]" 9 | } 10 | ] 11 | }, 12 | "response": { 13 | "status": 207, 14 | "transformers": [ 15 | "response-template" 16 | ], 17 | "jsonBody": [ 18 | { 19 | "status": 403, 20 | "body": { 21 | "error": { 22 | "code": "AccessDenied", 23 | "message": "Insufficient permissions." 24 | } 25 | } 26 | } 27 | ], 28 | "headers": { 29 | "Content-Type": "application/json" 30 | } 31 | } 32 | } -------------------------------------------------------------------------------- /src/main/resources/mappings/xdr/v3/endpoint/terminate_process_207_400_target_not_found.json: -------------------------------------------------------------------------------- 1 | { 2 | "priority": 1, 3 | "request": { 4 | "urlPath": "/v3.0/response/endpoints/terminateProcess", 5 | "method": "POST", 6 | "bodyPatterns": [ 7 | { 8 | "matchesJsonPath": "$[?(@.endpointName == 'target_not_found')]" 9 | } 10 | ] 11 | }, 12 | "response": { 13 | "status": 207, 14 | "transformers": [ 15 | "response-template" 16 | ], 17 | "jsonBody": [ 18 | { 19 | "status": 400, 20 | "body": { 21 | "error": { 22 | "code": "BadRequest", 23 | "message": "Target not found." 24 | } 25 | } 26 | } 27 | ], 28 | "headers": { 29 | "Content-Type": "application/json" 30 | } 31 | } 32 | } -------------------------------------------------------------------------------- /src/main/resources/mappings/xdr/v3/endpoint/terminate_process_207_403_feature_disabled.json: -------------------------------------------------------------------------------- 1 | { 2 | "priority": 1, 3 | "request": { 4 | "urlPath": "/v3.0/response/endpoints/terminateProcess", 5 | "method": "POST", 6 | "bodyPatterns": [ 7 | { 8 | "matchesJsonPath": "$[?(@.endpointName == 'feature_disabled')]" 9 | } 10 | ] 11 | }, 12 | "response": { 13 | "status": 207, 14 | "transformers": [ 15 | "response-template" 16 | ], 17 | "jsonBody": [ 18 | { 19 | "status": 403, 20 | "body": { 21 | "error": { 22 | "code": "AccessDenied", 23 | "message": "Feature disabled." 24 | } 25 | } 26 | } 27 | ], 28 | "headers": { 29 | "Content-Type": "application/json" 30 | } 31 | } 32 | } -------------------------------------------------------------------------------- /src/main/resources/mappings/xdr/v3/object/add_block_list_207_500_internal_server_error.json: -------------------------------------------------------------------------------- 1 | { 2 | "priority": 1, 3 | "request": { 4 | "urlPath": "/v3.0/response/suspiciousObjects", 5 | "method": "POST", 6 | "bodyPatterns": [ 7 | { 8 | "matchesJsonPath": "$[?(@.url == 'internal_server_error')]" 9 | } 10 | ] 11 | }, 12 | "response": { 13 | "status": 207, 14 | "transformers": [ 15 | "response-template" 16 | ], 17 | "jsonBody": [ 18 | { 19 | "status": 500, 20 | "body": { 21 | "error": { 22 | "code": "InternalServerError", 23 | "message": "Internal server error." 24 | } 25 | } 26 | } 27 | ], 28 | "headers": { 29 | "Content-Type": "application/json" 30 | } 31 | } 32 | } -------------------------------------------------------------------------------- /src/main/resources/mappings/xdr/v3/workbench/alert/add_note_500_server_error.json: -------------------------------------------------------------------------------- 1 | { 2 | "request": { 3 | "urlPathPattern": "/v3.0/workbench/alerts/.*/notes", 4 | "method": "POST", 5 | "bodyPatterns": [ 6 | { 7 | "matchesJsonPath": "$[?(@.content == 'server_error')]" 8 | } 9 | ] 10 | }, 11 | "response": { 12 | "status": 500, 13 | "transformers": [ 14 | "response-template" 15 | ], 16 | "jsonBody": { 17 | "error": { 18 | "code": "InternalServerError", 19 | "message": "An internal error has occurred. Please try again later. If the issue persists, contact your support provider. (Error code: 3090999)", 20 | "number": 3090999 21 | } 22 | }, 23 | "headers": { 24 | "Content-Type": "application/json" 25 | } 26 | } 27 | } -------------------------------------------------------------------------------- /src/main/resources/mappings/xdr/v3/account/enable_207_500_internal_server_error.json: -------------------------------------------------------------------------------- 1 | { 2 | "priority": 1, 3 | "request": { 4 | "urlPath": "/v3.0/response/domainAccounts/enable", 5 | "method": "POST", 6 | "bodyPatterns": [ 7 | { 8 | "matchesJsonPath": "$[?(@.accountName == 'internal_server_error')]" 9 | } 10 | ] 11 | }, 12 | "response": { 13 | "status": 207, 14 | "transformers": [ 15 | "response-template" 16 | ], 17 | "jsonBody": [ 18 | { 19 | "status": 500, 20 | "body": { 21 | "error": { 22 | "code": "InternalServerError", 23 | "message": "Internal server error." 24 | } 25 | } 26 | } 27 | ], 28 | "headers": { 29 | "Content-Type": "application/json" 30 | } 31 | } 32 | } -------------------------------------------------------------------------------- /src/main/resources/mappings/xdr/v3/email/delete_207_400_fields_not_found.json: -------------------------------------------------------------------------------- 1 | { 2 | "priority": 1, 3 | "request": { 4 | "urlPath": "/v3.0/response/emails/delete", 5 | "method": "POST", 6 | "bodyPatterns": [ 7 | { 8 | "matchesJsonPath": "$[?(@.messageId == 'fields_not_found')]" 9 | } 10 | ] 11 | }, 12 | "response": { 13 | "status": 207, 14 | "transformers": [ 15 | "response-template" 16 | ], 17 | "jsonBody": [ 18 | { 19 | "status": 400, 20 | "body": { 21 | "error": { 22 | "code": "BadRequest", 23 | "message": "Invalid request - Required fields not found: %field%." 24 | } 25 | } 26 | } 27 | ], 28 | "headers": { 29 | "Content-Type": "application/json" 30 | } 31 | } 32 | } -------------------------------------------------------------------------------- /src/main/resources/mappings/xdr/v3/email/delete_207_403_unsupported_response.json: -------------------------------------------------------------------------------- 1 | { 2 | "priority": 1, 3 | "request": { 4 | "urlPath": "/v3.0/response/emails/delete", 5 | "method": "POST", 6 | "bodyPatterns": [ 7 | { 8 | "matchesJsonPath": "$[?(@.messageId == 'unsupported_response')]" 9 | } 10 | ] 11 | }, 12 | "response": { 13 | "status": 207, 14 | "transformers": [ 15 | "response-template" 16 | ], 17 | "jsonBody": [ 18 | { 19 | "status": 403, 20 | "body": { 21 | "error": { 22 | "code": "AccessDenied", 23 | "message": "Promotion does not support response action." 24 | } 25 | } 26 | } 27 | ], 28 | "headers": { 29 | "Content-Type": "application/json" 30 | } 31 | } 32 | } -------------------------------------------------------------------------------- /src/main/resources/mappings/xdr/v3/email/quarantine_207_403_insufficient_permissions.json: -------------------------------------------------------------------------------- 1 | { 2 | "priority": 1, 3 | "request": { 4 | "urlPath": "/v3.0/response/emails/quarantine", 5 | "method": "POST", 6 | "bodyPatterns": [ 7 | { 8 | "matchesJsonPath": "$[?(@.messageId == 'insufficient_permissions')]" 9 | } 10 | ] 11 | }, 12 | "response": { 13 | "status": 207, 14 | "transformers": [ 15 | "response-template" 16 | ], 17 | "jsonBody": [ 18 | { 19 | "status": 403, 20 | "body": { 21 | "error": { 22 | "code": "AccessDenied", 23 | "message": "Insufficient permissions." 24 | } 25 | } 26 | } 27 | ], 28 | "headers": { 29 | "Content-Type": "application/json" 30 | } 31 | } 32 | } -------------------------------------------------------------------------------- /src/main/resources/mappings/xdr/v3/endpoint/isolate_207_403_insufficient_permissions.json: -------------------------------------------------------------------------------- 1 | { 2 | "priority": 1, 3 | "request": { 4 | "urlPath": "/v3.0/response/endpoints/isolate", 5 | "method": "POST", 6 | "bodyPatterns": [ 7 | { 8 | "matchesJsonPath": "$[?(@.endpointName == 'insufficient_permissions')]" 9 | } 10 | ] 11 | }, 12 | "response": { 13 | "status": 207, 14 | "transformers": [ 15 | "response-template" 16 | ], 17 | "jsonBody": [ 18 | { 19 | "status": 403, 20 | "body": { 21 | "error": { 22 | "code": "AccessDenied", 23 | "message": "Insufficient permissions." 24 | } 25 | } 26 | } 27 | ], 28 | "headers": { 29 | "Content-Type": "application/json" 30 | } 31 | } 32 | } -------------------------------------------------------------------------------- /src/main/resources/mappings/xdr/v3/endpoint/isolate_207_500_internal_server_error.json: -------------------------------------------------------------------------------- 1 | { 2 | "priority": 1, 3 | "request": { 4 | "urlPath": "/v3.0/response/endpoints/isolate", 5 | "method": "POST", 6 | "bodyPatterns": [ 7 | { 8 | "matchesJsonPath": "$[?(@.endpointName == 'internal_server_error')]" 9 | } 10 | ] 11 | }, 12 | "response": { 13 | "status": 207, 14 | "transformers": [ 15 | "response-template" 16 | ], 17 | "jsonBody": [ 18 | { 19 | "status": 500, 20 | "body": { 21 | "error": { 22 | "code": "InternalServerError", 23 | "message": "Internal server error." 24 | } 25 | } 26 | } 27 | ], 28 | "headers": { 29 | "Content-Type": "application/json" 30 | } 31 | } 32 | } -------------------------------------------------------------------------------- /src/main/resources/mappings/xdr/v3/endpoint/restore_207_403_insufficient_permissions.json: -------------------------------------------------------------------------------- 1 | { 2 | "priority": 1, 3 | "request": { 4 | "urlPath": "/v3.0/response/endpoints/restore", 5 | "method": "POST", 6 | "bodyPatterns": [ 7 | { 8 | "matchesJsonPath": "$[?(@.endpointName == 'insufficient_permissions')]" 9 | } 10 | ] 11 | }, 12 | "response": { 13 | "status": 207, 14 | "transformers": [ 15 | "response-template" 16 | ], 17 | "jsonBody": [ 18 | { 19 | "status": 403, 20 | "body": { 21 | "error": { 22 | "code": "AccessDenied", 23 | "message": "Insufficient permissions." 24 | } 25 | } 26 | } 27 | ], 28 | "headers": { 29 | "Content-Type": "application/json" 30 | } 31 | } 32 | } -------------------------------------------------------------------------------- /src/main/resources/mappings/xdr/v3/endpoint/restore_207_500_internal_server_error.json: -------------------------------------------------------------------------------- 1 | { 2 | "priority": 1, 3 | "request": { 4 | "urlPath": "/v3.0/response/endpoints/restore", 5 | "method": "POST", 6 | "bodyPatterns": [ 7 | { 8 | "matchesJsonPath": "$[?(@.endpointName == 'internal_server_error')]" 9 | } 10 | ] 11 | }, 12 | "response": { 13 | "status": 207, 14 | "transformers": [ 15 | "response-template" 16 | ], 17 | "jsonBody": [ 18 | { 19 | "status": 500, 20 | "body": { 21 | "error": { 22 | "code": "InternalServerError", 23 | "message": "Internal server error." 24 | } 25 | } 26 | } 27 | ], 28 | "headers": { 29 | "Content-Type": "application/json" 30 | } 31 | } 32 | } -------------------------------------------------------------------------------- /src/main/resources/mappings/xdr/v3/object/add_block_list_207_403_insufficient_permissions.json: -------------------------------------------------------------------------------- 1 | { 2 | "priority": 1, 3 | "request": { 4 | "urlPath": "/v3.0/response/suspiciousObjects", 5 | "method": "POST", 6 | "bodyPatterns": [ 7 | { 8 | "matchesJsonPath": "$[?(@.url == 'insufficient_permissions')]" 9 | } 10 | ] 11 | }, 12 | "response": { 13 | "status": 207, 14 | "transformers": [ 15 | "response-template" 16 | ], 17 | "jsonBody": [ 18 | { 19 | "status": 403, 20 | "body": { 21 | "error": { 22 | "code": "AccessDenied", 23 | "message": "Insufficient permissions." 24 | } 25 | } 26 | } 27 | ], 28 | "headers": { 29 | "Content-Type": "application/json" 30 | } 31 | } 32 | } -------------------------------------------------------------------------------- /src/main/resources/mappings/xdr/v3/object/add_suspicious_207_500_internal_server_error.json: -------------------------------------------------------------------------------- 1 | { 2 | "priority": 1, 3 | "request": { 4 | "urlPath": "/v3.0/threatintel/suspiciousObjects", 5 | "method": "POST", 6 | "bodyPatterns": [ 7 | { 8 | "matchesJsonPath": "$[?(@.url == 'internal_server_error')]" 9 | } 10 | ] 11 | }, 12 | "response": { 13 | "status": 207, 14 | "transformers": [ 15 | "response-template" 16 | ], 17 | "jsonBody": [ 18 | { 19 | "status": 500, 20 | "body": { 21 | "error": { 22 | "code": "InternalServerError", 23 | "message": "Internal server error." 24 | } 25 | } 26 | } 27 | ], 28 | "headers": { 29 | "Content-Type": "application/json" 30 | } 31 | } 32 | } -------------------------------------------------------------------------------- /src/main/resources/mappings/xdr/v3/account/disable_207_403_insufficient_permissions.json: -------------------------------------------------------------------------------- 1 | { 2 | "priority": 1, 3 | "request": { 4 | "urlPath": "/v3.0/response/domainAccounts/disable", 5 | "method": "POST", 6 | "bodyPatterns": [ 7 | { 8 | "matchesJsonPath": "$[?(@.accountName == 'insufficient_permissions')]" 9 | } 10 | ] 11 | }, 12 | "response": { 13 | "status": 207, 14 | "transformers": [ 15 | "response-template" 16 | ], 17 | "jsonBody": [ 18 | { 19 | "status": 403, 20 | "body": { 21 | "error": { 22 | "code": "AccessDenied", 23 | "message": "Insufficient permissions." 24 | } 25 | } 26 | } 27 | ], 28 | "headers": { 29 | "Content-Type": "application/json" 30 | } 31 | } 32 | } -------------------------------------------------------------------------------- /src/main/resources/mappings/xdr/v3/account/disable_207_500_internal_server_error.json: -------------------------------------------------------------------------------- 1 | { 2 | "priority": 1, 3 | "request": { 4 | "urlPath": "/v3.0/response/domainAccounts/disable", 5 | "method": "POST", 6 | "bodyPatterns": [ 7 | { 8 | "matchesJsonPath": "$[?(@.accountName == 'internal_server_error')]" 9 | } 10 | ] 11 | }, 12 | "response": { 13 | "status": 207, 14 | "transformers": [ 15 | "response-template" 16 | ], 17 | "jsonBody": [ 18 | { 19 | "status": 500, 20 | "body": { 21 | "error": { 22 | "code": "InternalServerError", 23 | "message": "Internal server error." 24 | } 25 | } 26 | } 27 | ], 28 | "headers": { 29 | "Content-Type": "application/json" 30 | } 31 | } 32 | } -------------------------------------------------------------------------------- /src/main/resources/mappings/xdr/v3/account/enable_207_403_insufficient_permissions.json: -------------------------------------------------------------------------------- 1 | { 2 | "priority": 1, 3 | "request": { 4 | "urlPath": "/v3.0/response/domainAccounts/enable", 5 | "method": "POST", 6 | "bodyPatterns": [ 7 | { 8 | "matchesJsonPath": "$[?(@.accountName == 'insufficient_permissions')]" 9 | } 10 | ] 11 | }, 12 | "response": { 13 | "status": 207, 14 | "transformers": [ 15 | "response-template" 16 | ], 17 | "jsonBody": [ 18 | { 19 | "status": 403, 20 | "body": { 21 | "error": { 22 | "code": "AccessDenied", 23 | "message": "Insufficient permissions." 24 | } 25 | } 26 | } 27 | ], 28 | "headers": { 29 | "Content-Type": "application/json" 30 | } 31 | } 32 | } -------------------------------------------------------------------------------- /src/main/resources/mappings/xdr/v3/account/sign_out_207_403_insufficient_permissions.json: -------------------------------------------------------------------------------- 1 | { 2 | "priority": 1, 3 | "request": { 4 | "urlPath": "/v3.0/response/domainAccounts/signOut", 5 | "method": "POST", 6 | "bodyPatterns": [ 7 | { 8 | "matchesJsonPath": "$[?(@.accountName == 'insufficient_permissions')]" 9 | } 10 | ] 11 | }, 12 | "response": { 13 | "status": 207, 14 | "transformers": [ 15 | "response-template" 16 | ], 17 | "jsonBody": [ 18 | { 19 | "status": 403, 20 | "body": { 21 | "error": { 22 | "code": "AccessDenied", 23 | "message": "Insufficient permissions." 24 | } 25 | } 26 | } 27 | ], 28 | "headers": { 29 | "Content-Type": "application/json" 30 | } 31 | } 32 | } -------------------------------------------------------------------------------- /src/main/resources/mappings/xdr/v3/account/sign_out_207_500_internal_server_error.json: -------------------------------------------------------------------------------- 1 | { 2 | "priority": 1, 3 | "request": { 4 | "urlPath": "/v3.0/response/domainAccounts/signOut", 5 | "method": "POST", 6 | "bodyPatterns": [ 7 | { 8 | "matchesJsonPath": "$[?(@.accountName == 'internal_server_error')]" 9 | } 10 | ] 11 | }, 12 | "response": { 13 | "status": 207, 14 | "transformers": [ 15 | "response-template" 16 | ], 17 | "jsonBody": [ 18 | { 19 | "status": 500, 20 | "body": { 21 | "error": { 22 | "code": "InternalServerError", 23 | "message": "Internal server error." 24 | } 25 | } 26 | } 27 | ], 28 | "headers": { 29 | "Content-Type": "application/json" 30 | } 31 | } 32 | } -------------------------------------------------------------------------------- /src/main/resources/mappings/xdr/v3/email/delete_207_400_invalid_field_format.json: -------------------------------------------------------------------------------- 1 | { 2 | "priority": 1, 3 | "request": { 4 | "urlPath": "/v3.0/response/emails/delete", 5 | "method": "POST", 6 | "bodyPatterns": [ 7 | { 8 | "matchesJsonPath": "$[?(@.messageId == 'invalid_field_format')]" 9 | } 10 | ] 11 | }, 12 | "response": { 13 | "status": 207, 14 | "transformers": [ 15 | "response-template" 16 | ], 17 | "jsonBody": [ 18 | { 19 | "status": 400, 20 | "body": { 21 | "error": { 22 | "code": "BadRequest", 23 | "message": "Invalid request - Invalid field format: %field%." 24 | } 25 | } 26 | } 27 | ], 28 | "headers": { 29 | "Content-Type": "application/json" 30 | } 31 | } 32 | } -------------------------------------------------------------------------------- /src/main/resources/mappings/xdr/v3/email/restore_207_400_fields_not_found.json: -------------------------------------------------------------------------------- 1 | { 2 | "priority": 1, 3 | "request": { 4 | "urlPath": "/v3.0/response/emails/restore", 5 | "method": "POST", 6 | "bodyPatterns": [ 7 | { 8 | "matchesJsonPath": "$[?(@.messageId == 'fields_not_found')]" 9 | } 10 | ] 11 | }, 12 | "response": { 13 | "status": 207, 14 | "transformers": [ 15 | "response-template" 16 | ], 17 | "jsonBody": [ 18 | { 19 | "status": 400, 20 | "body": { 21 | "error": { 22 | "code": "BadRequest", 23 | "message": "Invalid request - Required fields not found: %field%." 24 | } 25 | } 26 | } 27 | ], 28 | "headers": { 29 | "Content-Type": "application/json" 30 | } 31 | } 32 | } -------------------------------------------------------------------------------- /src/main/resources/mappings/xdr/v3/email/restore_207_400_invalid_field_format.json: -------------------------------------------------------------------------------- 1 | { 2 | "priority": 1, 3 | "request": { 4 | "urlPath": "/v3.0/response/emails/restore", 5 | "method": "POST", 6 | "bodyPatterns": [ 7 | { 8 | "matchesJsonPath": "$[?(@.messageId == 'invalid_field_format')]" 9 | } 10 | ] 11 | }, 12 | "response": { 13 | "status": 207, 14 | "transformers": [ 15 | "response-template" 16 | ], 17 | "jsonBody": [ 18 | { 19 | "status": 400, 20 | "body": { 21 | "error": { 22 | "code": "BadRequest", 23 | "message": "Invalid request - Invalid field format: %field%." 24 | } 25 | } 26 | } 27 | ], 28 | "headers": { 29 | "Content-Type": "application/json" 30 | } 31 | } 32 | } -------------------------------------------------------------------------------- /src/main/resources/mappings/xdr/v3/email/restore_207_403_unsupported_response.json: -------------------------------------------------------------------------------- 1 | { 2 | "priority": 1, 3 | "request": { 4 | "urlPath": "/v3.0/response/emails/restore", 5 | "method": "POST", 6 | "bodyPatterns": [ 7 | { 8 | "matchesJsonPath": "$[?(@.messageId == 'unsupported_response')]" 9 | } 10 | ] 11 | }, 12 | "response": { 13 | "status": 207, 14 | "transformers": [ 15 | "response-template" 16 | ], 17 | "jsonBody": [ 18 | { 19 | "status": 403, 20 | "body": { 21 | "error": { 22 | "code": "AccessDenied", 23 | "message": "Promotion does not support response action." 24 | } 25 | } 26 | } 27 | ], 28 | "headers": { 29 | "Content-Type": "application/json" 30 | } 31 | } 32 | } -------------------------------------------------------------------------------- /src/main/resources/mappings/xdr/v3/object/add_exception_207_500_internal_server_error.json: -------------------------------------------------------------------------------- 1 | { 2 | "priority": 1, 3 | "request": { 4 | "urlPath": "/v3.0/threatintel/suspiciousObjectExceptions", 5 | "method": "POST", 6 | "bodyPatterns": [ 7 | { 8 | "matchesJsonPath": "$[?(@.url == 'internal_server_error')]" 9 | } 10 | ] 11 | }, 12 | "response": { 13 | "status": 207, 14 | "transformers": [ 15 | "response-template" 16 | ], 17 | "jsonBody": [ 18 | { 19 | "status": 500, 20 | "body": { 21 | "error": { 22 | "code": "InternalServerError", 23 | "message": "Internal server error." 24 | } 25 | } 26 | } 27 | ], 28 | "headers": { 29 | "Content-Type": "application/json" 30 | } 31 | } 32 | } -------------------------------------------------------------------------------- /src/main/resources/mappings/xdr/v3/object/delete_block_list_207_500_internal_server_error.json: -------------------------------------------------------------------------------- 1 | { 2 | "priority": 1, 3 | "request": { 4 | "urlPath": "/v3.0/response/suspiciousObjects/delete", 5 | "method": "POST", 6 | "bodyPatterns": [ 7 | { 8 | "matchesJsonPath": "$[?(@.url == 'internal_server_error')]" 9 | } 10 | ] 11 | }, 12 | "response": { 13 | "status": 207, 14 | "transformers": [ 15 | "response-template" 16 | ], 17 | "jsonBody": [ 18 | { 19 | "status": 500, 20 | "body": { 21 | "error": { 22 | "code": "InternalServerError", 23 | "message": "Internal server error." 24 | } 25 | } 26 | } 27 | ], 28 | "headers": { 29 | "Content-Type": "application/json" 30 | } 31 | } 32 | } -------------------------------------------------------------------------------- /src/main/resources/mappings/xdr/v3/email/quarantine_207_400_fields_not_found.json: -------------------------------------------------------------------------------- 1 | { 2 | "priority": 1, 3 | "request": { 4 | "urlPath": "/v3.0/response/emails/quarantine", 5 | "method": "POST", 6 | "bodyPatterns": [ 7 | { 8 | "matchesJsonPath": "$[?(@.messageId == 'fields_not_found')]" 9 | } 10 | ] 11 | }, 12 | "response": { 13 | "status": 207, 14 | "transformers": [ 15 | "response-template" 16 | ], 17 | "jsonBody": [ 18 | { 19 | "status": 400, 20 | "body": { 21 | "error": { 22 | "code": "BadRequest", 23 | "message": "Invalid request - Required fields not found: %field%." 24 | } 25 | } 26 | } 27 | ], 28 | "headers": { 29 | "Content-Type": "application/json" 30 | } 31 | } 32 | } -------------------------------------------------------------------------------- /src/main/resources/mappings/xdr/v3/email/quarantine_207_400_invalid_field_format.json: -------------------------------------------------------------------------------- 1 | { 2 | "priority": 1, 3 | "request": { 4 | "urlPath": "/v3.0/response/emails/quarantine", 5 | "method": "POST", 6 | "bodyPatterns": [ 7 | { 8 | "matchesJsonPath": "$[?(@.messageId == 'invalid_field_format')]" 9 | } 10 | ] 11 | }, 12 | "response": { 13 | "status": 207, 14 | "transformers": [ 15 | "response-template" 16 | ], 17 | "jsonBody": [ 18 | { 19 | "status": 400, 20 | "body": { 21 | "error": { 22 | "code": "BadRequest", 23 | "message": "Invalid request - Invalid field format: %field%." 24 | } 25 | } 26 | } 27 | ], 28 | "headers": { 29 | "Content-Type": "application/json" 30 | } 31 | } 32 | } -------------------------------------------------------------------------------- /src/main/resources/mappings/xdr/v3/email/quarantine_207_403_unsupported_response.json: -------------------------------------------------------------------------------- 1 | { 2 | "priority": 1, 3 | "request": { 4 | "urlPath": "/v3.0/response/emails/quarantine", 5 | "method": "POST", 6 | "bodyPatterns": [ 7 | { 8 | "matchesJsonPath": "$[?(@.messageId == 'unsupported_response')]" 9 | } 10 | ] 11 | }, 12 | "response": { 13 | "status": 207, 14 | "transformers": [ 15 | "response-template" 16 | ], 17 | "jsonBody": [ 18 | { 19 | "status": 403, 20 | "body": { 21 | "error": { 22 | "code": "AccessDenied", 23 | "message": "Promotion does not support response action." 24 | } 25 | } 26 | } 27 | ], 28 | "headers": { 29 | "Content-Type": "application/json" 30 | } 31 | } 32 | } -------------------------------------------------------------------------------- /src/main/resources/mappings/xdr/v3/endpoint/collect_file_207_403_insufficient_permissions.json: -------------------------------------------------------------------------------- 1 | { 2 | "priority": 1, 3 | "request": { 4 | "urlPath": "/v3.0/response/endpoints/collectFile", 5 | "method": "POST", 6 | "bodyPatterns": [ 7 | { 8 | "matchesJsonPath": "$[?(@.endpointName == 'insufficient_permissions')]" 9 | } 10 | ] 11 | }, 12 | "response": { 13 | "status": 207, 14 | "transformers": [ 15 | "response-template" 16 | ], 17 | "jsonBody": [ 18 | { 19 | "status": 403, 20 | "body": { 21 | "error": { 22 | "code": "AccessDenied", 23 | "message": "Insufficient permissions." 24 | } 25 | } 26 | } 27 | ], 28 | "headers": { 29 | "Content-Type": "application/json" 30 | } 31 | } 32 | } -------------------------------------------------------------------------------- /src/main/resources/mappings/xdr/v3/endpoint/collect_file_207_500_internal_server_error.json: -------------------------------------------------------------------------------- 1 | { 2 | "priority": 1, 3 | "request": { 4 | "urlPath": "/v3.0/response/endpoints/collectFile", 5 | "method": "POST", 6 | "bodyPatterns": [ 7 | { 8 | "matchesJsonPath": "$[?(@.endpointName == 'internal_server_error')]" 9 | } 10 | ] 11 | }, 12 | "response": { 13 | "status": 207, 14 | "transformers": [ 15 | "response-template" 16 | ], 17 | "jsonBody": [ 18 | { 19 | "status": 500, 20 | "body": { 21 | "error": { 22 | "code": "InternalServerError", 23 | "message": "Internal server error." 24 | } 25 | } 26 | } 27 | ], 28 | "headers": { 29 | "Content-Type": "application/json" 30 | } 31 | } 32 | } -------------------------------------------------------------------------------- /src/main/resources/mappings/xdr/v3/endpoint/isolate_207_400_fields_not_found.json: -------------------------------------------------------------------------------- 1 | { 2 | "priority": 1, 3 | "request": { 4 | "urlPath": "/v3.0/response/endpoints/isolate", 5 | "method": "POST", 6 | "bodyPatterns": [ 7 | { 8 | "matchesJsonPath": "$[?(@.endpointName == 'fields_not_found')]" 9 | } 10 | ] 11 | }, 12 | "response": { 13 | "status": 207, 14 | "transformers": [ 15 | "response-template" 16 | ], 17 | "jsonBody": [ 18 | { 19 | "status": 400, 20 | "body": { 21 | "error": { 22 | "code": "BadRequest", 23 | "message": "Invalid request - Required fields not found: %field%." 24 | } 25 | } 26 | } 27 | ], 28 | "headers": { 29 | "Content-Type": "application/json" 30 | } 31 | } 32 | } -------------------------------------------------------------------------------- /src/main/resources/mappings/xdr/v3/endpoint/isolate_207_403_unsupported_response.json: -------------------------------------------------------------------------------- 1 | { 2 | "priority": 1, 3 | "request": { 4 | "urlPath": "/v3.0/response/endpoints/isolate", 5 | "method": "POST", 6 | "bodyPatterns": [ 7 | { 8 | "matchesJsonPath": "$[?(@.endpointName == 'unsupported_response')]" 9 | } 10 | ] 11 | }, 12 | "response": { 13 | "status": 207, 14 | "transformers": [ 15 | "response-template" 16 | ], 17 | "jsonBody": [ 18 | { 19 | "status": 403, 20 | "body": { 21 | "error": { 22 | "code": "AccessDenied", 23 | "message": "Promotion does not support response action." 24 | } 25 | } 26 | } 27 | ], 28 | "headers": { 29 | "Content-Type": "application/json" 30 | } 31 | } 32 | } -------------------------------------------------------------------------------- /src/main/resources/mappings/xdr/v3/endpoint/restore_207_400_fields_not_found.json: -------------------------------------------------------------------------------- 1 | { 2 | "priority": 1, 3 | "request": { 4 | "urlPath": "/v3.0/response/endpoints/restore", 5 | "method": "POST", 6 | "bodyPatterns": [ 7 | { 8 | "matchesJsonPath": "$[?(@.endpointName == 'fields_not_found')]" 9 | } 10 | ] 11 | }, 12 | "response": { 13 | "status": 207, 14 | "transformers": [ 15 | "response-template" 16 | ], 17 | "jsonBody": [ 18 | { 19 | "status": 400, 20 | "body": { 21 | "error": { 22 | "code": "BadRequest", 23 | "message": "Invalid request - Required fields not found: %field%." 24 | } 25 | } 26 | } 27 | ], 28 | "headers": { 29 | "Content-Type": "application/json" 30 | } 31 | } 32 | } -------------------------------------------------------------------------------- /src/main/resources/mappings/xdr/v3/endpoint/restore_207_403_unsupported_response.json: -------------------------------------------------------------------------------- 1 | { 2 | "priority": 1, 3 | "request": { 4 | "urlPath": "/v3.0/response/endpoints/restore", 5 | "method": "POST", 6 | "bodyPatterns": [ 7 | { 8 | "matchesJsonPath": "$[?(@.endpointName == 'unsupported_response')]" 9 | } 10 | ] 11 | }, 12 | "response": { 13 | "status": 207, 14 | "transformers": [ 15 | "response-template" 16 | ], 17 | "jsonBody": [ 18 | { 19 | "status": 403, 20 | "body": { 21 | "error": { 22 | "code": "AccessDenied", 23 | "message": "Promotion does not support response action." 24 | } 25 | } 26 | } 27 | ], 28 | "headers": { 29 | "Content-Type": "application/json" 30 | } 31 | } 32 | } -------------------------------------------------------------------------------- /src/main/resources/mappings/xdr/v3/object/add_block_list_207_400_fields_not_found.json: -------------------------------------------------------------------------------- 1 | { 2 | "priority": 1, 3 | "request": { 4 | "urlPath": "/v3.0/response/suspiciousObjects", 5 | "method": "POST", 6 | "bodyPatterns": [ 7 | { 8 | "matchesJsonPath": "$[?(@.url == 'fields_not_found')]" 9 | } 10 | ] 11 | }, 12 | "response": { 13 | "status": 207, 14 | "transformers": [ 15 | "response-template" 16 | ], 17 | "jsonBody": [ 18 | { 19 | "status": 400, 20 | "body": { 21 | "error": { 22 | "code": "BadRequest", 23 | "message": "Invalid request - Required fields not found: %field%." 24 | } 25 | } 26 | } 27 | ], 28 | "headers": { 29 | "Content-Type": "application/json" 30 | } 31 | } 32 | } -------------------------------------------------------------------------------- /src/main/resources/mappings/xdr/v3/object/add_block_list_207_400_invalid_field_format.json: -------------------------------------------------------------------------------- 1 | { 2 | "priority": 1, 3 | "request": { 4 | "urlPath": "/v3.0/response/suspiciousObjects", 5 | "method": "POST", 6 | "bodyPatterns": [ 7 | { 8 | "matchesJsonPath": "$[?(@.url == 'invalid_field_format')]" 9 | } 10 | ] 11 | }, 12 | "response": { 13 | "status": 207, 14 | "transformers": [ 15 | "response-template" 16 | ], 17 | "jsonBody": [ 18 | { 19 | "status": 400, 20 | "body": { 21 | "error": { 22 | "code": "BadRequest", 23 | "message": "Invalid request - Invalid field format: %field%." 24 | } 25 | } 26 | } 27 | ], 28 | "headers": { 29 | "Content-Type": "application/json" 30 | } 31 | } 32 | } -------------------------------------------------------------------------------- /src/main/resources/mappings/xdr/v3/object/add_block_list_207_403_unsupported_response.json: -------------------------------------------------------------------------------- 1 | { 2 | "priority": 1, 3 | "request": { 4 | "urlPath": "/v3.0/response/suspiciousObjects", 5 | "method": "POST", 6 | "bodyPatterns": [ 7 | { 8 | "matchesJsonPath": "$[?(@.url == 'unsupported_response')]" 9 | } 10 | ] 11 | }, 12 | "response": { 13 | "status": 207, 14 | "transformers": [ 15 | "response-template" 16 | ], 17 | "jsonBody": [ 18 | { 19 | "status": 403, 20 | "body": { 21 | "error": { 22 | "code": "AccessDenied", 23 | "message": "Promotion does not support response action." 24 | } 25 | } 26 | } 27 | ], 28 | "headers": { 29 | "Content-Type": "application/json" 30 | } 31 | } 32 | } -------------------------------------------------------------------------------- /src/main/resources/mappings/xdr/v3/object/delete_block_list_207_403_insufficient_permissions.json: -------------------------------------------------------------------------------- 1 | { 2 | "priority": 1, 3 | "request": { 4 | "urlPath": "/v3.0/response/suspiciousObjects/delete", 5 | "method": "POST", 6 | "bodyPatterns": [ 7 | { 8 | "matchesJsonPath": "$[?(@.url == 'insufficient_permissions')]" 9 | } 10 | ] 11 | }, 12 | "response": { 13 | "status": 207, 14 | "transformers": [ 15 | "response-template" 16 | ], 17 | "jsonBody": [ 18 | { 19 | "status": 403, 20 | "body": { 21 | "error": { 22 | "code": "AccessDenied", 23 | "message": "Insufficient permissions." 24 | } 25 | } 26 | } 27 | ], 28 | "headers": { 29 | "Content-Type": "application/json" 30 | } 31 | } 32 | } -------------------------------------------------------------------------------- /src/main/resources/mappings/xdr/v3/object/delete_suspicious_207_500_internal_server_error.json: -------------------------------------------------------------------------------- 1 | { 2 | "priority": 1, 3 | "request": { 4 | "urlPath": "/v3.0/threatintel/suspiciousObjects/delete", 5 | "method": "POST", 6 | "bodyPatterns": [ 7 | { 8 | "matchesJsonPath": "$[?(@.url == 'internal_server_error')]" 9 | } 10 | ] 11 | }, 12 | "response": { 13 | "status": 207, 14 | "transformers": [ 15 | "response-template" 16 | ], 17 | "jsonBody": [ 18 | { 19 | "status": 500, 20 | "body": { 21 | "error": { 22 | "code": "InternalServerError", 23 | "message": "Internal server error." 24 | } 25 | } 26 | } 27 | ], 28 | "headers": { 29 | "Content-Type": "application/json" 30 | } 31 | } 32 | } -------------------------------------------------------------------------------- /src/main/resources/mappings/xdr/v3/workbench/alert/edit_status_412_precondition_failed.json: -------------------------------------------------------------------------------- 1 | { 2 | "priority": 1, 3 | "request": { 4 | "urlPathPattern": "/v3.0/workbench/alerts/.*", 5 | "method": "PATCH", 6 | "headers": { 7 | "If-Match": { 8 | "matches": "\"precondition_failed\"" 9 | } 10 | }, 11 | "bodyPatterns": [ 12 | { 13 | "matchesJsonPath": "$.investigationStatus" 14 | } 15 | ] 16 | }, 17 | "response": { 18 | "status": 412, 19 | "jsonBody": { 20 | "error": { 21 | "code": "ConditionNotMet", 22 | "message": "The target resource is not updated because of ETag unmatching. (Error code: 3090018)", 23 | "number": 3090018 24 | } 25 | }, 26 | "headers": { 27 | "Content-Type": "application/json" 28 | } 29 | } 30 | } -------------------------------------------------------------------------------- /src/main/resources/mappings/xdr/v3/account/disable_207_400_fields_not_found.json: -------------------------------------------------------------------------------- 1 | { 2 | "priority": 1, 3 | "request": { 4 | "urlPath": "/v3.0/response/domainAccounts/disable", 5 | "method": "POST", 6 | "bodyPatterns": [ 7 | { 8 | "matchesJsonPath": "$[?(@.accountName == 'fields_not_found')]" 9 | } 10 | ] 11 | }, 12 | "response": { 13 | "status": 207, 14 | "transformers": [ 15 | "response-template" 16 | ], 17 | "jsonBody": [ 18 | { 19 | "status": 400, 20 | "body": { 21 | "error": { 22 | "code": "BadRequest", 23 | "message": "Invalid request - Required fields not found: %field%." 24 | } 25 | } 26 | } 27 | ], 28 | "headers": { 29 | "Content-Type": "application/json" 30 | } 31 | } 32 | } -------------------------------------------------------------------------------- /src/main/resources/mappings/xdr/v3/account/disable_207_403_unsupported_response.json: -------------------------------------------------------------------------------- 1 | { 2 | "priority": 1, 3 | "request": { 4 | "urlPath": "/v3.0/response/domainAccounts/disable", 5 | "method": "POST", 6 | "bodyPatterns": [ 7 | { 8 | "matchesJsonPath": "$[?(@.accountName == 'unsupported_response')]" 9 | } 10 | ] 11 | }, 12 | "response": { 13 | "status": 207, 14 | "transformers": [ 15 | "response-template" 16 | ], 17 | "jsonBody": [ 18 | { 19 | "status": 403, 20 | "body": { 21 | "error": { 22 | "code": "AccessDenied", 23 | "message": "Promotion does not support response action." 24 | } 25 | } 26 | } 27 | ], 28 | "headers": { 29 | "Content-Type": "application/json" 30 | } 31 | } 32 | } -------------------------------------------------------------------------------- /src/main/resources/mappings/xdr/v3/account/enable_207_400_fields_not_found.json: -------------------------------------------------------------------------------- 1 | { 2 | "priority": 1, 3 | "request": { 4 | "urlPath": "/v3.0/response/domainAccounts/enable", 5 | "method": "POST", 6 | "bodyPatterns": [ 7 | { 8 | "matchesJsonPath": "$[?(@.accountName == 'fields_not_found')]" 9 | } 10 | ] 11 | }, 12 | "response": { 13 | "status": 207, 14 | "transformers": [ 15 | "response-template" 16 | ], 17 | "jsonBody": [ 18 | { 19 | "status": 400, 20 | "body": { 21 | "error": { 22 | "code": "BadRequest", 23 | "message": "Invalid request - Required fields not found: %field%." 24 | } 25 | } 26 | } 27 | ], 28 | "headers": { 29 | "Content-Type": "application/json" 30 | } 31 | } 32 | } -------------------------------------------------------------------------------- /src/main/resources/mappings/xdr/v3/account/enable_207_400_invalid_field_format.json: -------------------------------------------------------------------------------- 1 | { 2 | "priority": 1, 3 | "request": { 4 | "urlPath": "/v3.0/response/domainAccounts/enable", 5 | "method": "POST", 6 | "bodyPatterns": [ 7 | { 8 | "matchesJsonPath": "$[?(@.accountName == 'invalid_field_format')]" 9 | } 10 | ] 11 | }, 12 | "response": { 13 | "status": 207, 14 | "transformers": [ 15 | "response-template" 16 | ], 17 | "jsonBody": [ 18 | { 19 | "status": 400, 20 | "body": { 21 | "error": { 22 | "code": "BadRequest", 23 | "message": "Invalid request - Invalid field format: %field%." 24 | } 25 | } 26 | } 27 | ], 28 | "headers": { 29 | "Content-Type": "application/json" 30 | } 31 | } 32 | } -------------------------------------------------------------------------------- /src/main/resources/mappings/xdr/v3/account/enable_207_403_unsupported_response.json: -------------------------------------------------------------------------------- 1 | { 2 | "priority": 1, 3 | "request": { 4 | "urlPath": "/v3.0/response/domainAccounts/enable", 5 | "method": "POST", 6 | "bodyPatterns": [ 7 | { 8 | "matchesJsonPath": "$[?(@.accountName == 'unsupported_response')]" 9 | } 10 | ] 11 | }, 12 | "response": { 13 | "status": 207, 14 | "transformers": [ 15 | "response-template" 16 | ], 17 | "jsonBody": [ 18 | { 19 | "status": 403, 20 | "body": { 21 | "error": { 22 | "code": "AccessDenied", 23 | "message": "Promotion does not support response action." 24 | } 25 | } 26 | } 27 | ], 28 | "headers": { 29 | "Content-Type": "application/json" 30 | } 31 | } 32 | } -------------------------------------------------------------------------------- /src/main/resources/mappings/xdr/v3/account/reset_password_207_500_internal_server_error.json: -------------------------------------------------------------------------------- 1 | { 2 | "priority": 1, 3 | "request": { 4 | "urlPath": "/v3.0/response/domainAccounts/resetPassword", 5 | "method": "POST", 6 | "bodyPatterns": [ 7 | { 8 | "matchesJsonPath": "$[?(@.accountName == 'internal_server_error')]" 9 | } 10 | ] 11 | }, 12 | "response": { 13 | "status": 207, 14 | "transformers": [ 15 | "response-template" 16 | ], 17 | "jsonBody": [ 18 | { 19 | "status": 500, 20 | "body": { 21 | "error": { 22 | "code": "InternalServerError", 23 | "message": "Internal server error." 24 | } 25 | } 26 | } 27 | ], 28 | "headers": { 29 | "Content-Type": "application/json" 30 | } 31 | } 32 | } -------------------------------------------------------------------------------- /src/main/resources/mappings/xdr/v3/account/sign_out_207_400_fields_not_found.json: -------------------------------------------------------------------------------- 1 | { 2 | "priority": 1, 3 | "request": { 4 | "urlPath": "/v3.0/response/domainAccounts/signOut", 5 | "method": "POST", 6 | "bodyPatterns": [ 7 | { 8 | "matchesJsonPath": "$[?(@.accountName == 'fields_not_found')]" 9 | } 10 | ] 11 | }, 12 | "response": { 13 | "status": 207, 14 | "transformers": [ 15 | "response-template" 16 | ], 17 | "jsonBody": [ 18 | { 19 | "status": 400, 20 | "body": { 21 | "error": { 22 | "code": "BadRequest", 23 | "message": "Invalid request - Required fields not found: %field%." 24 | } 25 | } 26 | } 27 | ], 28 | "headers": { 29 | "Content-Type": "application/json" 30 | } 31 | } 32 | } -------------------------------------------------------------------------------- /src/main/resources/mappings/xdr/v3/account/sign_out_207_403_unsupported_response.json: -------------------------------------------------------------------------------- 1 | { 2 | "priority": 1, 3 | "request": { 4 | "urlPath": "/v3.0/response/domainAccounts/signOut", 5 | "method": "POST", 6 | "bodyPatterns": [ 7 | { 8 | "matchesJsonPath": "$[?(@.accountName == 'unsupported_response')]" 9 | } 10 | ] 11 | }, 12 | "response": { 13 | "status": 207, 14 | "transformers": [ 15 | "response-template" 16 | ], 17 | "jsonBody": [ 18 | { 19 | "status": 403, 20 | "body": { 21 | "error": { 22 | "code": "AccessDenied", 23 | "message": "Promotion does not support response action." 24 | } 25 | } 26 | } 27 | ], 28 | "headers": { 29 | "Content-Type": "application/json" 30 | } 31 | } 32 | } -------------------------------------------------------------------------------- /src/main/resources/mappings/xdr/v3/endpoint/isolate_207_400_invalid_field_format.json: -------------------------------------------------------------------------------- 1 | { 2 | "priority": 1, 3 | "request": { 4 | "urlPath": "/v3.0/response/endpoints/isolate", 5 | "method": "POST", 6 | "bodyPatterns": [ 7 | { 8 | "matchesJsonPath": "$[?(@.endpointName == 'invalid_field_format')]" 9 | } 10 | ] 11 | }, 12 | "response": { 13 | "status": 207, 14 | "transformers": [ 15 | "response-template" 16 | ], 17 | "jsonBody": [ 18 | { 19 | "status": 400, 20 | "body": { 21 | "error": { 22 | "code": "BadRequest", 23 | "message": "Invalid request - Invalid field format: %field%." 24 | } 25 | } 26 | } 27 | ], 28 | "headers": { 29 | "Content-Type": "application/json" 30 | } 31 | } 32 | } -------------------------------------------------------------------------------- /src/main/resources/mappings/xdr/v3/endpoint/restore_207_400_invalid_field_format.json: -------------------------------------------------------------------------------- 1 | { 2 | "priority": 1, 3 | "request": { 4 | "urlPath": "/v3.0/response/endpoints/restore", 5 | "method": "POST", 6 | "bodyPatterns": [ 7 | { 8 | "matchesJsonPath": "$[?(@.endpointName == 'invalid_field_format')]" 9 | } 10 | ] 11 | }, 12 | "response": { 13 | "status": 207, 14 | "transformers": [ 15 | "response-template" 16 | ], 17 | "jsonBody": [ 18 | { 19 | "status": 400, 20 | "body": { 21 | "error": { 22 | "code": "BadRequest", 23 | "message": "Invalid request - Invalid field format: %field%." 24 | } 25 | } 26 | } 27 | ], 28 | "headers": { 29 | "Content-Type": "application/json" 30 | } 31 | } 32 | } -------------------------------------------------------------------------------- /src/main/resources/mappings/xdr/v3/object/delete_exception_207_500_internal_server_error.json: -------------------------------------------------------------------------------- 1 | { 2 | "priority": 1, 3 | "request": { 4 | "urlPath": "/v3.0/threatintel/suspiciousObjectExceptions/delete", 5 | "method": "POST", 6 | "bodyPatterns": [ 7 | { 8 | "matchesJsonPath": "$[?(@.url == 'internal_server_error')]" 9 | } 10 | ] 11 | }, 12 | "response": { 13 | "status": 207, 14 | "transformers": [ 15 | "response-template" 16 | ], 17 | "jsonBody": [ 18 | { 19 | "status": 500, 20 | "body": { 21 | "error": { 22 | "code": "InternalServerError", 23 | "message": "Internal server error." 24 | } 25 | } 26 | } 27 | ], 28 | "headers": { 29 | "Content-Type": "application/json" 30 | } 31 | } 32 | } -------------------------------------------------------------------------------- /src/main/resources/mappings/xdr/v3/account/disable_207_400_invalid_field_format.json: -------------------------------------------------------------------------------- 1 | { 2 | "priority": 1, 3 | "request": { 4 | "urlPath": "/v3.0/response/domainAccounts/disable", 5 | "method": "POST", 6 | "bodyPatterns": [ 7 | { 8 | "matchesJsonPath": "$[?(@.accountName == 'invalid_field_format')]" 9 | } 10 | ] 11 | }, 12 | "response": { 13 | "status": 207, 14 | "transformers": [ 15 | "response-template" 16 | ], 17 | "jsonBody": [ 18 | { 19 | "status": 400, 20 | "body": { 21 | "error": { 22 | "code": "BadRequest", 23 | "message": "Invalid request - Invalid field format: %field%." 24 | } 25 | } 26 | } 27 | ], 28 | "headers": { 29 | "Content-Type": "application/json" 30 | } 31 | } 32 | } -------------------------------------------------------------------------------- /src/main/resources/mappings/xdr/v3/account/reset_password_207_403_insufficient_permissions.json: -------------------------------------------------------------------------------- 1 | { 2 | "priority": 1, 3 | "request": { 4 | "urlPath": "/v3.0/response/domainAccounts/resetPassword", 5 | "method": "POST", 6 | "bodyPatterns": [ 7 | { 8 | "matchesJsonPath": "$[?(@.accountName == 'insufficient_permissions')]" 9 | } 10 | ] 11 | }, 12 | "response": { 13 | "status": 207, 14 | "transformers": [ 15 | "response-template" 16 | ], 17 | "jsonBody": [ 18 | { 19 | "status": 403, 20 | "body": { 21 | "error": { 22 | "code": "AccessDenied", 23 | "message": "Insufficient permissions." 24 | } 25 | } 26 | } 27 | ], 28 | "headers": { 29 | "Content-Type": "application/json" 30 | } 31 | } 32 | } -------------------------------------------------------------------------------- /src/main/resources/mappings/xdr/v3/account/sign_out_207_400_invalid_field_format.json: -------------------------------------------------------------------------------- 1 | { 2 | "priority": 1, 3 | "request": { 4 | "urlPath": "/v3.0/response/domainAccounts/signOut", 5 | "method": "POST", 6 | "bodyPatterns": [ 7 | { 8 | "matchesJsonPath": "$[?(@.accountName == 'invalid_field_format')]" 9 | } 10 | ] 11 | }, 12 | "response": { 13 | "status": 207, 14 | "transformers": [ 15 | "response-template" 16 | ], 17 | "jsonBody": [ 18 | { 19 | "status": 400, 20 | "body": { 21 | "error": { 22 | "code": "BadRequest", 23 | "message": "Invalid request - Invalid field format: %field%." 24 | } 25 | } 26 | } 27 | ], 28 | "headers": { 29 | "Content-Type": "application/json" 30 | } 31 | } 32 | } -------------------------------------------------------------------------------- /src/main/resources/mappings/xdr/v3/endpoint/collect_file_207_400_fields_not_found.json: -------------------------------------------------------------------------------- 1 | { 2 | "priority": 1, 3 | "request": { 4 | "urlPath": "/v3.0/response/endpoints/collectFile", 5 | "method": "POST", 6 | "bodyPatterns": [ 7 | { 8 | "matchesJsonPath": "$[?(@.endpointName == 'fields_not_found')]" 9 | } 10 | ] 11 | }, 12 | "response": { 13 | "status": 207, 14 | "transformers": [ 15 | "response-template" 16 | ], 17 | "jsonBody": [ 18 | { 19 | "status": 400, 20 | "body": { 21 | "error": { 22 | "code": "BadRequest", 23 | "message": "Invalid request - Required fields not found: %field%." 24 | } 25 | } 26 | } 27 | ], 28 | "headers": { 29 | "Content-Type": "application/json" 30 | } 31 | } 32 | } -------------------------------------------------------------------------------- /src/main/resources/mappings/xdr/v3/endpoint/collect_file_207_403_unsupported_response.json: -------------------------------------------------------------------------------- 1 | { 2 | "priority": 1, 3 | "request": { 4 | "urlPath": "/v3.0/response/endpoints/collectFile", 5 | "method": "POST", 6 | "bodyPatterns": [ 7 | { 8 | "matchesJsonPath": "$[?(@.endpointName == 'unsupported_response')]" 9 | } 10 | ] 11 | }, 12 | "response": { 13 | "status": 207, 14 | "transformers": [ 15 | "response-template" 16 | ], 17 | "jsonBody": [ 18 | { 19 | "status": 403, 20 | "body": { 21 | "error": { 22 | "code": "AccessDenied", 23 | "message": "Promotion does not support response action." 24 | } 25 | } 26 | } 27 | ], 28 | "headers": { 29 | "Content-Type": "application/json" 30 | } 31 | } 32 | } -------------------------------------------------------------------------------- /src/main/resources/mappings/xdr/v3/endpoint/terminate_process_207_403_insufficient_permissions.json: -------------------------------------------------------------------------------- 1 | { 2 | "priority": 1, 3 | "request": { 4 | "urlPath": "/v3.0/response/endpoints/terminateProcess", 5 | "method": "POST", 6 | "bodyPatterns": [ 7 | { 8 | "matchesJsonPath": "$[?(@.endpointName == 'insufficient_permissions')]" 9 | } 10 | ] 11 | }, 12 | "response": { 13 | "status": 207, 14 | "transformers": [ 15 | "response-template" 16 | ], 17 | "jsonBody": [ 18 | { 19 | "status": 403, 20 | "body": { 21 | "error": { 22 | "code": "AccessDenied", 23 | "message": "Insufficient permissions." 24 | } 25 | } 26 | } 27 | ], 28 | "headers": { 29 | "Content-Type": "application/json" 30 | } 31 | } 32 | } -------------------------------------------------------------------------------- /src/main/resources/mappings/xdr/v3/endpoint/terminate_process_207_500_internal_server_error.json: -------------------------------------------------------------------------------- 1 | { 2 | "priority": 1, 3 | "request": { 4 | "urlPath": "/v3.0/response/endpoints/terminateProcess", 5 | "method": "POST", 6 | "bodyPatterns": [ 7 | { 8 | "matchesJsonPath": "$[?(@.endpointName == 'internal_server_error')]" 9 | } 10 | ] 11 | }, 12 | "response": { 13 | "status": 207, 14 | "transformers": [ 15 | "response-template" 16 | ], 17 | "jsonBody": [ 18 | { 19 | "status": 500, 20 | "body": { 21 | "error": { 22 | "code": "InternalServerError", 23 | "message": "Internal server error." 24 | } 25 | } 26 | } 27 | ], 28 | "headers": { 29 | "Content-Type": "application/json" 30 | } 31 | } 32 | } -------------------------------------------------------------------------------- /src/main/resources/mappings/xdr/v3/object/delete_block_list_207_400_fields_not_found.json: -------------------------------------------------------------------------------- 1 | { 2 | "priority": 1, 3 | "request": { 4 | "urlPath": "/v3.0/response/suspiciousObjects/delete", 5 | "method": "POST", 6 | "bodyPatterns": [ 7 | { 8 | "matchesJsonPath": "$[?(@.url == 'fields_not_found')]" 9 | } 10 | ] 11 | }, 12 | "response": { 13 | "status": 207, 14 | "transformers": [ 15 | "response-template" 16 | ], 17 | "jsonBody": [ 18 | { 19 | "status": 400, 20 | "body": { 21 | "error": { 22 | "code": "BadRequest", 23 | "message": "Invalid request - Required fields not found: %field%." 24 | } 25 | } 26 | } 27 | ], 28 | "headers": { 29 | "Content-Type": "application/json" 30 | } 31 | } 32 | } -------------------------------------------------------------------------------- /src/main/resources/mappings/xdr/v3/object/delete_block_list_207_400_invalid_field_format.json: -------------------------------------------------------------------------------- 1 | { 2 | "priority": 1, 3 | "request": { 4 | "urlPath": "/v3.0/response/suspiciousObjects/delete", 5 | "method": "POST", 6 | "bodyPatterns": [ 7 | { 8 | "matchesJsonPath": "$[?(@.url == 'invalid_field_format')]" 9 | } 10 | ] 11 | }, 12 | "response": { 13 | "status": 207, 14 | "transformers": [ 15 | "response-template" 16 | ], 17 | "jsonBody": [ 18 | { 19 | "status": 400, 20 | "body": { 21 | "error": { 22 | "code": "BadRequest", 23 | "message": "Invalid request - Invalid field format: %field%." 24 | } 25 | } 26 | } 27 | ], 28 | "headers": { 29 | "Content-Type": "application/json" 30 | } 31 | } 32 | } -------------------------------------------------------------------------------- /src/main/resources/mappings/xdr/v3/object/delete_block_list_207_403_unsupported_response.json: -------------------------------------------------------------------------------- 1 | { 2 | "priority": 1, 3 | "request": { 4 | "urlPath": "/v3.0/response/suspiciousObjects/delete", 5 | "method": "POST", 6 | "bodyPatterns": [ 7 | { 8 | "matchesJsonPath": "$[?(@.url == 'unsupported_response')]" 9 | } 10 | ] 11 | }, 12 | "response": { 13 | "status": 207, 14 | "transformers": [ 15 | "response-template" 16 | ], 17 | "jsonBody": [ 18 | { 19 | "status": 403, 20 | "body": { 21 | "error": { 22 | "code": "AccessDenied", 23 | "message": "Promotion does not support response action." 24 | } 25 | } 26 | } 27 | ], 28 | "headers": { 29 | "Content-Type": "application/json" 30 | } 31 | } 32 | } -------------------------------------------------------------------------------- /src/main/resources/mappings/xdr/v3/email/delete_207_403_access_denied_no_scope.json: -------------------------------------------------------------------------------- 1 | { 2 | "priority": 1, 3 | "request": { 4 | "urlPath": "/v3.0/response/emails/delete", 5 | "method": "POST", 6 | "bodyPatterns": [ 7 | { 8 | "matchesJsonPath": "$[?(@.messageId == 'access_denied_no_scope')]" 9 | } 10 | ] 11 | }, 12 | "response": { 13 | "status": 207, 14 | "transformers": [ 15 | "response-template" 16 | ], 17 | "jsonBody": [ 18 | { 19 | "status": 403, 20 | "body": { 21 | "error": { 22 | "code": "AccessDenied", 23 | "message": "Access denied. The target is not in the user's management scope." 24 | } 25 | } 26 | } 27 | ], 28 | "headers": { 29 | "Content-Type": "application/json" 30 | } 31 | } 32 | } -------------------------------------------------------------------------------- /src/main/resources/mappings/xdr/v3/endpoint/collect_file_207_400_invalid_field_format.json: -------------------------------------------------------------------------------- 1 | { 2 | "priority": 1, 3 | "request": { 4 | "urlPath": "/v3.0/response/endpoints/collectFile", 5 | "method": "POST", 6 | "bodyPatterns": [ 7 | { 8 | "matchesJsonPath": "$[?(@.endpointName == 'invalid_field_format')]" 9 | } 10 | ] 11 | }, 12 | "response": { 13 | "status": 207, 14 | "transformers": [ 15 | "response-template" 16 | ], 17 | "jsonBody": [ 18 | { 19 | "status": 400, 20 | "body": { 21 | "error": { 22 | "code": "BadRequest", 23 | "message": "Invalid request - Invalid field format: %field%." 24 | } 25 | } 26 | } 27 | ], 28 | "headers": { 29 | "Content-Type": "application/json" 30 | } 31 | } 32 | } -------------------------------------------------------------------------------- /src/main/resources/mappings/xdr/v3/object/add_block_list_207_202.json: -------------------------------------------------------------------------------- 1 | { 2 | "priority": 9, 3 | "request": { 4 | "urlPath": "/v3.0/response/suspiciousObjects", 5 | "method": "POST", 6 | "bodyPatterns": [ 7 | { 8 | "matchesJsonPath": "$[?(@.url || @.domain || @.fileSha1 || @.senderMailAddress || @.ip)]" 9 | } 10 | ] 11 | }, 12 | "response": { 13 | "status": 207, 14 | "transformers": [ 15 | "response-template" 16 | ], 17 | "jsonBody": [ 18 | { 19 | "status": 202, 20 | "headers": [ 21 | { 22 | "name": "Operation-Location", 23 | "value": "{{request.baseUrl}}/v3.0/xdr/response/tasks/00000007" 24 | } 25 | ] 26 | } 27 | ], 28 | "headers": { 29 | "Content-Type": "application/json" 30 | } 31 | } 32 | } -------------------------------------------------------------------------------- /src/main/resources/mappings/xdr/v3/account/reset_password_207_400_fields_not_found.json: -------------------------------------------------------------------------------- 1 | { 2 | "priority": 1, 3 | "request": { 4 | "urlPath": "/v3.0/response/domainAccounts/resetPassword", 5 | "method": "POST", 6 | "bodyPatterns": [ 7 | { 8 | "matchesJsonPath": "$[?(@.accountName == 'fields_not_found')]" 9 | } 10 | ] 11 | }, 12 | "response": { 13 | "status": 207, 14 | "transformers": [ 15 | "response-template" 16 | ], 17 | "jsonBody": [ 18 | { 19 | "status": 400, 20 | "body": { 21 | "error": { 22 | "code": "BadRequest", 23 | "message": "Invalid request - Required fields not found: %field%." 24 | } 25 | } 26 | } 27 | ], 28 | "headers": { 29 | "Content-Type": "application/json" 30 | } 31 | } 32 | } -------------------------------------------------------------------------------- /src/main/resources/mappings/xdr/v3/account/reset_password_207_400_invalid_field_format.json: -------------------------------------------------------------------------------- 1 | { 2 | "priority": 1, 3 | "request": { 4 | "urlPath": "/v3.0/response/domainAccounts/resetPassword", 5 | "method": "POST", 6 | "bodyPatterns": [ 7 | { 8 | "matchesJsonPath": "$[?(@.accountName == 'invalid_field_format')]" 9 | } 10 | ] 11 | }, 12 | "response": { 13 | "status": 207, 14 | "transformers": [ 15 | "response-template" 16 | ], 17 | "jsonBody": [ 18 | { 19 | "status": 400, 20 | "body": { 21 | "error": { 22 | "code": "BadRequest", 23 | "message": "Invalid request - Invalid field format: %field%." 24 | } 25 | } 26 | } 27 | ], 28 | "headers": { 29 | "Content-Type": "application/json" 30 | } 31 | } 32 | } -------------------------------------------------------------------------------- /src/main/resources/mappings/xdr/v3/account/reset_password_207_403_unsupported_response.json: -------------------------------------------------------------------------------- 1 | { 2 | "priority": 1, 3 | "request": { 4 | "urlPath": "/v3.0/response/domainAccounts/resetPassword", 5 | "method": "POST", 6 | "bodyPatterns": [ 7 | { 8 | "matchesJsonPath": "$[?(@.accountName == 'unsupported_response')]" 9 | } 10 | ] 11 | }, 12 | "response": { 13 | "status": 207, 14 | "transformers": [ 15 | "response-template" 16 | ], 17 | "jsonBody": [ 18 | { 19 | "status": 403, 20 | "body": { 21 | "error": { 22 | "code": "AccessDenied", 23 | "message": "Promotion does not support response action." 24 | } 25 | } 26 | } 27 | ], 28 | "headers": { 29 | "Content-Type": "application/json" 30 | } 31 | } 32 | } -------------------------------------------------------------------------------- /src/main/resources/mappings/xdr/v3/email/restore_207_403_access_denied_no_scope.json: -------------------------------------------------------------------------------- 1 | { 2 | "priority": 1, 3 | "request": { 4 | "urlPath": "/v3.0/response/emails/restore", 5 | "method": "POST", 6 | "bodyPatterns": [ 7 | { 8 | "matchesJsonPath": "$[?(@.messageId == 'access_denied_no_scope')]" 9 | } 10 | ] 11 | }, 12 | "response": { 13 | "status": 207, 14 | "transformers": [ 15 | "response-template" 16 | ], 17 | "jsonBody": [ 18 | { 19 | "status": 403, 20 | "body": { 21 | "error": { 22 | "code": "AccessDenied", 23 | "message": "Access denied. The target is not in the user's management scope." 24 | } 25 | } 26 | } 27 | ], 28 | "headers": { 29 | "Content-Type": "application/json" 30 | } 31 | } 32 | } -------------------------------------------------------------------------------- /src/main/resources/mappings/xdr/v3/endpoint/terminate_process_207_400_fields_not_found.json: -------------------------------------------------------------------------------- 1 | { 2 | "priority": 1, 3 | "request": { 4 | "urlPath": "/v3.0/response/endpoints/terminateProcess", 5 | "method": "POST", 6 | "bodyPatterns": [ 7 | { 8 | "matchesJsonPath": "$[?(@.endpointName == 'fields_not_found')]" 9 | } 10 | ] 11 | }, 12 | "response": { 13 | "status": 207, 14 | "transformers": [ 15 | "response-template" 16 | ], 17 | "jsonBody": [ 18 | { 19 | "status": 400, 20 | "body": { 21 | "error": { 22 | "code": "BadRequest", 23 | "message": "Invalid request - Required fields not found: %field%." 24 | } 25 | } 26 | } 27 | ], 28 | "headers": { 29 | "Content-Type": "application/json" 30 | } 31 | } 32 | } -------------------------------------------------------------------------------- /src/main/resources/mappings/xdr/v3/endpoint/terminate_process_207_403_unsupported_response.json: -------------------------------------------------------------------------------- 1 | { 2 | "priority": 1, 3 | "request": { 4 | "urlPath": "/v3.0/response/endpoints/terminateProcess", 5 | "method": "POST", 6 | "bodyPatterns": [ 7 | { 8 | "matchesJsonPath": "$[?(@.endpointName == 'unsupported_response')]" 9 | } 10 | ] 11 | }, 12 | "response": { 13 | "status": 207, 14 | "transformers": [ 15 | "response-template" 16 | ], 17 | "jsonBody": [ 18 | { 19 | "status": 403, 20 | "body": { 21 | "error": { 22 | "code": "AccessDenied", 23 | "message": "Promotion does not support response action." 24 | } 25 | } 26 | } 27 | ], 28 | "headers": { 29 | "Content-Type": "application/json" 30 | } 31 | } 32 | } -------------------------------------------------------------------------------- /src/main/resources/mappings/xdr/v3/workbench/alert/add_note_404_not_found.json: -------------------------------------------------------------------------------- 1 | { 2 | "priority": 1, 3 | "request": { 4 | "urlPathPattern": "/v3.0/workbench/alerts/.*/notes", 5 | "method": "POST", 6 | "bodyPatterns": [ 7 | { 8 | "matchesJsonPath": "$[?(@.content == 'not_found')]" 9 | } 10 | ] 11 | }, 12 | "response": { 13 | "status": 404, 14 | "transformers": [ 15 | "response-template" 16 | ], 17 | "jsonBody": { 18 | "error": { 19 | "code": "NotFound", 20 | "message": "Unable to process the request. Verify that the specified workbench ID exists and that you have permission to access the alert and try again. (Error code: 3090007)", 21 | "number": 3090007 22 | } 23 | }, 24 | "headers": { 25 | "Content-Type": "application/json" 26 | } 27 | } 28 | } -------------------------------------------------------------------------------- /src/main/resources/mappings/xdr/v3/email/quarantine_207_403_access_denied_no_scope.json: -------------------------------------------------------------------------------- 1 | { 2 | "priority": 1, 3 | "request": { 4 | "urlPath": "/v3.0/response/emails/quarantine", 5 | "method": "POST", 6 | "bodyPatterns": [ 7 | { 8 | "matchesJsonPath": "$[?(@.messageId == 'access_denied_no_scope')]" 9 | } 10 | ] 11 | }, 12 | "response": { 13 | "status": 207, 14 | "transformers": [ 15 | "response-template" 16 | ], 17 | "jsonBody": [ 18 | { 19 | "status": 403, 20 | "body": { 21 | "error": { 22 | "code": "AccessDenied", 23 | "message": "Access denied. The target is not in the user's management scope." 24 | } 25 | } 26 | } 27 | ], 28 | "headers": { 29 | "Content-Type": "application/json" 30 | } 31 | } 32 | } -------------------------------------------------------------------------------- /src/main/resources/mappings/xdr/v3/endpoint/isolate_207_403_access_denied_no_scope.json: -------------------------------------------------------------------------------- 1 | { 2 | "priority": 1, 3 | "request": { 4 | "urlPath": "/v3.0/response/endpoints/isolate", 5 | "method": "POST", 6 | "bodyPatterns": [ 7 | { 8 | "matchesJsonPath": "$[?(@.endpointName == 'access_denied_no_scope')]" 9 | } 10 | ] 11 | }, 12 | "response": { 13 | "status": 207, 14 | "transformers": [ 15 | "response-template" 16 | ], 17 | "jsonBody": [ 18 | { 19 | "status": 403, 20 | "body": { 21 | "error": { 22 | "code": "AccessDenied", 23 | "message": "Access denied. The target is not in the user's management scope." 24 | } 25 | } 26 | } 27 | ], 28 | "headers": { 29 | "Content-Type": "application/json" 30 | } 31 | } 32 | } -------------------------------------------------------------------------------- /src/main/resources/mappings/xdr/v3/endpoint/restore_207_403_access_denied_no_scope.json: -------------------------------------------------------------------------------- 1 | { 2 | "priority": 1, 3 | "request": { 4 | "urlPath": "/v3.0/response/endpoints/restore", 5 | "method": "POST", 6 | "bodyPatterns": [ 7 | { 8 | "matchesJsonPath": "$[?(@.endpointName == 'access_denied_no_scope')]" 9 | } 10 | ] 11 | }, 12 | "response": { 13 | "status": 207, 14 | "transformers": [ 15 | "response-template" 16 | ], 17 | "jsonBody": [ 18 | { 19 | "status": 403, 20 | "body": { 21 | "error": { 22 | "code": "AccessDenied", 23 | "message": "Access denied. The target is not in the user's management scope." 24 | } 25 | } 26 | } 27 | ], 28 | "headers": { 29 | "Content-Type": "application/json" 30 | } 31 | } 32 | } -------------------------------------------------------------------------------- /src/main/resources/mappings/xdr/v3/endpoint/terminate_process_207_400_invalid_field_format.json: -------------------------------------------------------------------------------- 1 | { 2 | "priority": 1, 3 | "request": { 4 | "urlPath": "/v3.0/response/endpoints/terminateProcess", 5 | "method": "POST", 6 | "bodyPatterns": [ 7 | { 8 | "matchesJsonPath": "$[?(@.endpointName == 'invalid_field_format')]" 9 | } 10 | ] 11 | }, 12 | "response": { 13 | "status": 207, 14 | "transformers": [ 15 | "response-template" 16 | ], 17 | "jsonBody": [ 18 | { 19 | "status": 400, 20 | "body": { 21 | "error": { 22 | "code": "BadRequest", 23 | "message": "Invalid request - Invalid field format: %field%." 24 | } 25 | } 26 | } 27 | ], 28 | "headers": { 29 | "Content-Type": "application/json" 30 | } 31 | } 32 | } -------------------------------------------------------------------------------- /src/main/resources/mappings/xdr/v3/object/add_block_list_207_403_access_denied_no_scope.json: -------------------------------------------------------------------------------- 1 | { 2 | "priority": 1, 3 | "request": { 4 | "urlPath": "/v3.0/response/suspiciousObjects", 5 | "method": "POST", 6 | "bodyPatterns": [ 7 | { 8 | "matchesJsonPath": "$[?(@.url == 'access_denied_no_scope')]" 9 | } 10 | ] 11 | }, 12 | "response": { 13 | "status": 207, 14 | "transformers": [ 15 | "response-template" 16 | ], 17 | "jsonBody": [ 18 | { 19 | "status": 403, 20 | "body": { 21 | "error": { 22 | "code": "AccessDenied", 23 | "message": "Access denied. The target is not in the user's management scope." 24 | } 25 | } 26 | } 27 | ], 28 | "headers": { 29 | "Content-Type": "application/json" 30 | } 31 | } 32 | } -------------------------------------------------------------------------------- /src/main/resources/mappings/xdr/v3/object/delete_block_list_207_202.json: -------------------------------------------------------------------------------- 1 | { 2 | "priority": 9, 3 | "request": { 4 | "urlPath": "/v3.0/response/suspiciousObjects/delete", 5 | "method": "POST", 6 | "bodyPatterns": [ 7 | { 8 | "matchesJsonPath": "$[?(@.url || @.domain || @.fileSha1 || @.senderMailAddress || @.ip)]" 9 | } 10 | ] 11 | }, 12 | "response": { 13 | "status": 207, 14 | "transformers": [ 15 | "response-template" 16 | ], 17 | "jsonBody": [ 18 | { 19 | "status": 202, 20 | "headers": [ 21 | { 22 | "name": "Operation-Location", 23 | "value": "{{request.baseUrl}}/v3.0/xdr/response/tasks/00000008" 24 | } 25 | ] 26 | } 27 | ], 28 | "headers": { 29 | "Content-Type": "application/json" 30 | } 31 | } 32 | } -------------------------------------------------------------------------------- /src/main/resources/mappings/xdr/v3/account/disable_207_403_access_denied_no_scope.json: -------------------------------------------------------------------------------- 1 | { 2 | "priority": 1, 3 | "request": { 4 | "urlPath": "/v3.0/response/domainAccounts/disable", 5 | "method": "POST", 6 | "bodyPatterns": [ 7 | { 8 | "matchesJsonPath": "$[?(@.accountName == 'access_denied_no_scope')]" 9 | } 10 | ] 11 | }, 12 | "response": { 13 | "status": 207, 14 | "transformers": [ 15 | "response-template" 16 | ], 17 | "jsonBody": [ 18 | { 19 | "status": 403, 20 | "body": { 21 | "error": { 22 | "code": "AccessDenied", 23 | "message": "Access denied. The target is not in the user's management scope." 24 | } 25 | } 26 | } 27 | ], 28 | "headers": { 29 | "Content-Type": "application/json" 30 | } 31 | } 32 | } -------------------------------------------------------------------------------- /src/main/resources/mappings/xdr/v3/account/enable_207_403_access_denied_no_scope.json: -------------------------------------------------------------------------------- 1 | { 2 | "priority": 1, 3 | "request": { 4 | "urlPath": "/v3.0/response/domainAccounts/enable", 5 | "method": "POST", 6 | "bodyPatterns": [ 7 | { 8 | "matchesJsonPath": "$[?(@.accountName == 'access_denied_no_scope')]" 9 | } 10 | ] 11 | }, 12 | "response": { 13 | "status": 207, 14 | "transformers": [ 15 | "response-template" 16 | ], 17 | "jsonBody": [ 18 | { 19 | "status": 403, 20 | "body": { 21 | "error": { 22 | "code": "AccessDenied", 23 | "message": "Access denied. The target is not in the user's management scope." 24 | } 25 | } 26 | } 27 | ], 28 | "headers": { 29 | "Content-Type": "application/json" 30 | } 31 | } 32 | } -------------------------------------------------------------------------------- /src/main/resources/mappings/xdr/v3/account/sign_out_207_403_access_denied_no_scope.json: -------------------------------------------------------------------------------- 1 | { 2 | "priority": 1, 3 | "request": { 4 | "urlPath": "/v3.0/response/domainAccounts/signOut", 5 | "method": "POST", 6 | "bodyPatterns": [ 7 | { 8 | "matchesJsonPath": "$[?(@.accountName == 'access_denied_no_scope')]" 9 | } 10 | ] 11 | }, 12 | "response": { 13 | "status": 207, 14 | "transformers": [ 15 | "response-template" 16 | ], 17 | "jsonBody": [ 18 | { 19 | "status": 403, 20 | "body": { 21 | "error": { 22 | "code": "AccessDenied", 23 | "message": "Access denied. The target is not in the user's management scope." 24 | } 25 | } 26 | } 27 | ], 28 | "headers": { 29 | "Content-Type": "application/json" 30 | } 31 | } 32 | } -------------------------------------------------------------------------------- /src/main/resources/mappings/xdr/v3/api_keys/get_api_key_list_200.json: -------------------------------------------------------------------------------- 1 | { 2 | "priority": 99, 3 | "request": { 4 | "urlPath": "/v3.0/iam/apiKeys", 5 | "method": "GET" 6 | }, 7 | "response": { 8 | "status": 200, 9 | "transformers": [ 10 | "response-template" 11 | ], 12 | "jsonBody": { 13 | "totalCount": 1, 14 | "count": 1, 15 | "items": [ 16 | { 17 | "id": "d367abdd-7739-4129-a36a-862c4ec018b4", 18 | "name": "test", 19 | "status": "enabled", 20 | "role": "Master Administrator", 21 | "description": "this is a test", 22 | "expiredDateTime": "2025-02-06T10:00:00Z", 23 | "lastUsedDateTime": "2023-02-06T10:00:00Z" 24 | } 25 | ] 26 | }, 27 | "headers": { 28 | "Content-Type": "application/json" 29 | } 30 | } 31 | } -------------------------------------------------------------------------------- /src/main/resources/mappings/xdr/v3/email/delete_207_400_action_not_supported.json: -------------------------------------------------------------------------------- 1 | { 2 | "priority": 1, 3 | "request": { 4 | "urlPath": "/v3.0/response/emails/delete", 5 | "method": "POST", 6 | "bodyPatterns": [ 7 | { 8 | "matchesJsonPath": "$[?(@.messageId == 'action_not_supported')]" 9 | } 10 | ] 11 | }, 12 | "response": { 13 | "status": 207, 14 | "transformers": [ 15 | "response-template" 16 | ], 17 | "jsonBody": [ 18 | { 19 | "status": 400, 20 | "body": { 21 | "error": { 22 | "code": "NotSupported", 23 | "message": "Action not supported. Install or upgrade the agent program on the target endpoint." 24 | } 25 | } 26 | } 27 | ], 28 | "headers": { 29 | "Content-Type": "application/json" 30 | } 31 | } 32 | } --------------------------------------------------------------------------------