Added support for Jira, Pagerduty and Increased Slack to include webooks and custom fields

contentctl/objects/alert_action.py

@@ -7,13 +7,17 @@
 from contentctl.objects.deployment_rba import DeploymentRBA
 from contentctl.objects.deployment_slack import DeploymentSlack
 from contentctl.objects.deployment_phantom import DeploymentPhantom
+from contentctl.objects.deployment_jira import DeploymentJira
+from contentctl.objects.deployment_pagerduty import DeploymentPagerDuty
 
 class AlertAction(BaseModel):
     email: Optional[DeploymentEmail] = None
     notable: Optional[DeploymentNotable] = None
     rba: Optional[DeploymentRBA] = DeploymentRBA()
     slack: Optional[DeploymentSlack] = None
     phantom: Optional[DeploymentPhantom] = None
+    jira: Optional[DeploymentJira] = None
+    pagerduty: Optional[DeploymentPagerDuty] = None
 
 
     @model_serializer
@@ -36,5 +40,11 @@ def serialize_model(self):
         if self.phantom is not None:
             raise Exception("Phantom not implemented")
 
+        if self.jira is not None:
+            raise Exception("Jira not implemented")
+
+        if self.pagerduty is not None:
+            raise Exception("PagerDuty not implemented")
+
         #return the model
         return model

contentctl/objects/deployment_jira.py

@@ -0,0 +1,15 @@
+
+from __future__ import annotations
+from pydantic import BaseModel
+
+class DeploymentJira(BaseModel):
+    account: str
+    jira_attachment: str
+    jira_dedup: str
+    jira_dedup_content: str
+    jira_description: str
+    jira_project: str
+    jira_issue_type: str
+    jira_priority: str
+    jira_priority_dynamic: str
+    jira_summary: str

contentctl/objects/deployment_pagerduty.py

@@ -0,0 +1,6 @@
+from __future__ import annotations
+from pydantic import BaseModel
+
+class DeploymentPagerDuty(BaseModel):
+    pagerduty_description: str
+    integration_url_override: str

contentctl/objects/deployment_slack.py

@@ -4,4 +4,6 @@
 
 class DeploymentSlack(BaseModel):
     channel: str
-    message: str
+    message: str
+    webhook_url_override: str
+    fields: str

contentctl/output/templates/savedsearches_detections.j2

@@ -93,6 +93,30 @@ action.slack = 1
 action.slack.param.channel = {{ detection.deployment.alert_action.slack.channel | custom_jinja2_enrichment_filter(detection) | escapeNewlines() }}
 action.slack.param.message = {{ detection.deployment.alert_action.slack.message | custom_jinja2_enrichment_filter(detection) | escapeNewlines() }}
 {% endif %}
+{% if detection.deployment.alert_action.slack.webhook_url_override is defined %}
+action.slack.param.webhook_url_override = {{ detection.deployment.alert_action.slack.webhook_url_override | custom_jinja2_enrichment_filter(detection) | escapeNewlines() }}
+{% endif %}
+{% if detection.deployment.alert_action.slack.fields is defined %}
+action.slack.param.fields = {{ detection.deployment.alert_action.slack.fields | custom_jinja2_enrichment_filter(detection) | escapeNewlines() }}
+{% endif %}
+{% if detection.deployment.alert_action.jira %}
+action.jira_service_desk = 1
+action.jira_service_desk.param.account = {{ detection.deployment.alert_action.jira.account | custom_jinja2_enrichment_filter(detection) | escapeNewlines() }}
+action.jira_service_desk.param.jira_attachment = {{ detection.deployment.alert_action.jira.jira_attachment | custom_jinja2_enrichment_filter(detection) | escapeNewlines() }}
+action.jira_service_desk.param.jira_dedup = {{ detection.deployment.alert_action.jira.jira_dedup | custom_jinja2_enrichment_filter(detection) | escapeNewlines() }}
+action.jira_service_desk.param.jira_dedup_content = {{ detection.deployment.alert_action.jira.jira_dedup_content | custom_jinja2_enrichment_filter(detection) | escapeNewlines() }}
+action.jira_service_desk.param.jira_description = {{ detection.deployment.alert_action.jira.jira_description | custom_jinja2_enrichment_filter(detection) | escapeNewlines() }}
+action.jira_service_desk.param.jira_issue_type = {{ detection.deployment.alert_action.jira.jira_issue_type | custom_jinja2_enrichment_filter(detection) | escapeNewlines() }}
+action.jira_service_desk.param.jira_priority = {{ detection.deployment.alert_action.jira.jira_priority | custom_jinja2_enrichment_filter(detection) | escapeNewlines() }}
+action.jira_service_desk.param.jira_priority_dynamic = {{ detection.deployment.alert_action.jira.jira_priority_dynamic | custom_jinja2_enrichment_filter(detection) | escapeNewlines() }}
+action.jira_service_desk.param.jira_summary = {{ detection.deployment.alert_action.jira.jira_summary | custom_jinja2_enrichment_filter(detection) | escapeNewlines() }}
+action.jira_service_desk.param.jira_project = {{ detection.deployment.alert_action.jira.jira_project | custom_jinja2_enrichment_filter(detection) | escapeNewlines() }}
+{% endif %}
+{% if detection.deployment.alert_action.pagerduty %}
+action.pagerduty = 1
+action.pagerduty.description = {{ detection.deployment.alert_action.pagerduty.pagerduty_description | custom_jinja2_enrichment_filter(detection) | escapeNewlines() }}
+action.pagerduty.param.integration_url_override = {{ detection.deployment.alert_action.pagerduty.integration_url_override | custom_jinja2_enrichment_filter(detection) | escapeNewlines() }}
+{% endif %}
 {% if detection.deployment.alert_action.phantom%}
 action.sendtophantom = 1
 action.sendtophantom.param._cam_workers = {{ detection.deployment.alert_action.phantom.cam_workers | custom_jinja2_enrichment_filter(detection) }}