Script includes installed with Security Support Common

Security Support Common adds the following script includes.
Table 1. Script includes for Security Operations Common Support
Script include Description
DataSourceReportProcessor This script include is the default reference implementation of SecurityDataIntegrationReportProcessorBase. Takes processor data and passes it to configured data sources associated with the integration.
EmailIntegration Utilities to handle parsing SecOps emails and handling duplicates.
EmailIntegrationAJAX Exposes some functions to client-side scripting.
EnrichmentDataMappingUtil Provides helper methods to transform enrichment data to records.
  • CreateRecordsForEnrichment: Called by workflows to convert input data to the target tables and create an enrichment entry.
  • enrichmentDataTransform: Converts input data to records on the target table including enrichment identifiers.
  • Transform: Converts input data into records on the target table.
FieldMappingUtil Gathers all valid SecOps tables from the database. These tables serve as choice list for the source table field on the field mapping form.

Transforms a given source record to a record on the target table, taking the field mapping fields into consideration

FilterGroupAJAX Fills in manually added values as the user edits filter groups
FilterGroupUtil Provides helper methods to query the members of a filter group or CI group based on its dynamic conditions or static members.
  • Filter Group: Getting the members of this group means looking at the table and condition defined in the condition criteria.
  • CI Group: To get the members of this group, a member must be within the results of the table/condition criteria, as well as the network address/subnet condition. Also, any statically defined CIs in the m2m table are added regardless of whether they meet the other two conditions. If any of these conditions are not provided, they are not used in determining the membership of the group.
Note: Examples of CI groups appear below the table.
RegexValidationUtil Verifies correct format for IP addresses, domain names, URLs, etc…
ResourceLookup Locates a CI based on available attributes such as IP address, FQDN, name.
Scanner The lookup source and scanner implementations for Threat Intelligence and Vulnerability Response.
ScannerIntegrationBase Base class for lookup source and scanner integration implementations.
ScannerProcessorBase Base class for lookup source and scanner processor implementations.
ScannerUtils Common lookup source and scanner helper methods.
ScanQueueManager The lookup and scan queues manager implementation for Threat Intelligence and Vulnerability Response.
ScriptedRESTSecurityDataIntegration Security Data Integration to support the Security Data Integration Service REST API. For each run, retrieveData() looks at the integration run for an attachment (added by the Scripted REST Service) and returns the details to be passed to the report processor.
ScriptIncludeSubclassHelper Finds all the script includes that either share a scope or extend the same object as the specified script include. Used as part of a reference qualifier when selecting script includes.
SimpleRESTSecurityDataIntegration Runs a single REST call, saves the response as an attachment, and then returns the attachment to the processor.
SecurityCalculator Checks conditions and applies values based on criteria defined in the Security Calculator record.
SecurityCommonClientUtils Contains conditions which determine whether Ui actions should be displayed on forms.
SecurityCommonUtils A repository of utilities used throughout the Security Common application.
SecurityDataIntegrationBase Base class for security data integration. The purpose of this class is to provide the skeleton for integrations. SecurityDataIntegrationController builds and executes it, and operates against an integration process record. Both the integration record and the integration process record are exposed to subclasses as class variables (integrationGr and integrationProcessGr, respectively).
SecurityDataIntegrationController Manages integration script executions.
SecurityDataIntegrationDSAttachmentManag As integrations add attachments to data sources for processing, manages the execution of the ds/transform. Necessary for long running transforms and paginated requests.
SecurityDataIntegrationReportProcessorBase Base class for processing integration data reports provided by a retrieveData() call from the integration implementation. The purpose of this class is to provide the skeleton for integration data processing. SecurityDataIntegrationController builds and executes it, and operates against an integration process record. Both the integration record and the integration process record are exposed to subclasses as class variables (integrationGr and integrationProcessGr, respectively).
SecurityDataIntegrationUtils Utility class to add convenience functions for handling integration run and process records.
SecuritySuportUtil Supports domain separation and copying integration items.
SimpleRESTSecurityDataIntegration PowerShell script executed on the Exchange email server as part of a workflow.

FilterGroupUtil CI group examples

  • The table/condition criteria returns three members A, B, and C. The subnet condition and static CI list are not provided. The final member list is A, B, C.
  • The table/condition criteria returns three members A, B, and C. The subnet condition returns two members B and D. The static CI list is not provided. The final member list is B.
  • The table/condition criteria returns three members A, B, and C. The subnet condition returns two members B and D. The static CI list contains E and F. The final member list is B, E, and F.
  • The table/condition and subnet criteria are not provided. The static CI list contains E and F. The final member list is E and F.