{ "workflow": { "unique_name": "definition_workflow_01PSAG3UACQ1N38Q4Bns45cYWo4hpBsqNGv", "name": "Kenna - Show Malware Hashes", "title": "Kenna - Show Malware Hashes", "type": "generic.workflow", "base_type": "workflow", "variables": [ { "schema_id": "datatype.string", "properties": { "value": "", "scope": "output", "name": "Body", "type": "datatype.string", "is_required": false, "is_invisible": false }, "unique_name": "variable_workflow_01PSAG3U3EPFS0fZxmysHxxoaYyGFyrvwfZ", "object_type": "variable_workflow" }, { "schema_id": "datatype.string", "properties": { "value": "", "scope": "input", "name": "CVE ID", "type": "datatype.string", "description": "IP address of the endpoint to search for", "is_required": true, "is_invisible": false }, "unique_name": "variable_workflow_01PSAG3U3ERWO6vgjqzKZHVwvVeMY4QU0KJ", "object_type": "variable_workflow" }, { "schema_id": "datatype.secure_string", "properties": { "value": "", "scope": "input", "name": "Kenna Token", "type": "datatype.secure_string", "is_required": true, "is_invisible": false }, "unique_name": "variable_workflow_01PSAG3U3ELHL08CBgRRkdUyztmhuUaWxCZ", "object_type": "variable_workflow" } ], "properties": { "atomic": { "atomic_group": "Kenna", "is_atomic": true }, "delete_workflow_instance": true, "description": "Searches Kenna for the malware hashes related to a given CVE ID and returns the list of sha256 hashes.\n\n[] Build the search query based on the input provided\n[] Query Kenna for malware hashes matching given vulnerability\n[] If a match is found, return JSON respone body.", "display_name": "Kenna - Show Malware Hashes", "runtime_user": { "override_target_runtime_user": false, "specify_on_workflow_start": false, "target_default": true }, "target": { "target_type": "web-service.endpoint", "specify_on_workflow_start": true } }, "object_type": "definition_workflow", "actions": [ { "unique_name": "definition_activity_01PSAG43RCKWN2AmyGcE1bBJLUoi7UJIgJj", "name": "Condition Block", "title": "Was input provided?", "type": "logic.if_else", "base_type": "activity", "properties": { "continue_on_failure": false, "display_name": "Was input provided?", "skip_execution": false }, "object_type": "definition_activity", "blocks": [ { "unique_name": "definition_activity_01PSAG47NRJNY7NCrIbEnkfGrX0zh1BY2Ub", "name": "Condition Branch", "title": "No", "type": "logic.condition_block", "base_type": "activity", "properties": { "condition": { "left_operand": "$workflow.definition_workflow_01PSAG3UACQ1N38Q4Bns45cYWo4hpBsqNGv.input.variable_workflow_01PSAG3U3ERWO6vgjqzKZHVwvVeMY4QU0KJ$", "operator": "eq", "right_operand": "" }, "continue_on_failure": false, "display_name": "No", "skip_execution": false }, "object_type": "definition_activity", "actions": [ { "unique_name": "definition_activity_01PSAG4A7471C5g9Dm0dnMtEzVHdpmi5CJm", "name": "Completed", "title": "Completed", "type": "logic.completed", "base_type": "activity", "properties": { "completion_type": "failed-completed", "continue_on_failure": false, "display_name": "Completed", "result_message": "CVE ID was not provided.", "skip_execution": false }, "object_type": "definition_activity" } ] } ] }, { "unique_name": "definition_activity_01PSAG4ENNIFU2PmrkkCoiTXIn0Tdvpm2Tj", "name": "HTTP Request", "title": "Kenna - Get Malware Hashes", "type": "web-service.http_request", "base_type": "activity", "properties": { "accept": "application/json", "action_timeout": 30, "allow_auto_redirect": true, "content_type": "application/json", "continue_on_error_status_code": false, "continue_on_failure": false, "custom_headers": [ { "name": "X-Risk-Token", "value": "$workflow.definition_workflow_01PSAG3UACQ1N38Q4Bns45cYWo4hpBsqNGv.input.variable_workflow_01PSAG3U3ELHL08CBgRRkdUyztmhuUaWxCZ$" } ], "display_name": "Kenna - Get Malware Hashes", "method": "GET", "relative_url": "/vulnerability_definitions/$workflow.definition_workflow_01PSAG3UACQ1N38Q4Bns45cYWo4hpBsqNGv.input.variable_workflow_01PSAG3U3ERWO6vgjqzKZHVwvVeMY4QU0KJ$/malware", "runtime_user": { "override_target_runtime_user": false, "target_default": true }, "skip_execution": false, "target": { "override_workflow_target": false, "override_workflow_target_group_criteria": false, "use_workflow_target": true, "use_workflow_target_group": false } }, "object_type": "definition_activity" }, { "unique_name": "definition_activity_01PSAG4IXAF6I014k0s9jDgG4IKgt2IMMhp", "name": "Condition Block", "title": "Did the request succeed?", "type": "logic.if_else", "base_type": "activity", "properties": { "continue_on_failure": false, "display_name": "Did the request succeed?", "skip_execution": false }, "object_type": "definition_activity", "blocks": [ { "unique_name": "definition_activity_01PSAG4N5002W0TleThBlWY8RmTB9XZ6JKS", "name": "Condition Branch", "title": "Success/200", "type": "logic.condition_block", "base_type": "activity", "properties": { "condition": { "left_operand": "$activity.definition_activity_01PSAG4ENNIFU2PmrkkCoiTXIn0Tdvpm2Tj.output.status_code$", "operator": "eq", "right_operand": 200 }, "continue_on_failure": false, "display_name": "Success/200", "skip_execution": false }, "object_type": "definition_activity", "actions": [ { "unique_name": "definition_activity_01PSAG4PKPPQR3ZkJ3PLL2BEFhYT7wPHLuU", "name": "Set Variables", "title": "Set Variables", "type": "core.set_multiple_variables", "base_type": "activity", "properties": { "continue_on_failure": false, "display_name": "Set Variables", "skip_execution": false, "variables_to_update": [ { "variable_to_update": "$workflow.definition_workflow_01PSAG3UACQ1N38Q4Bns45cYWo4hpBsqNGv.output.variable_workflow_01PSAG3U3EPFS0fZxmysHxxoaYyGFyrvwfZ$", "variable_value_new": "$activity.definition_activity_01PSAG4ENNIFU2PmrkkCoiTXIn0Tdvpm2Tj.output.response_body$" } ] }, "object_type": "definition_activity" } ] }, { "unique_name": "definition_activity_01PSAG4UI4I076ixAWXrnE0le4BvK6PTwhK", "name": "Condition Branch", "title": "Failure/Anything Else", "type": "logic.condition_block", "base_type": "activity", "properties": { "condition": { "left_operand": "$activity.definition_activity_01PSAG4ENNIFU2PmrkkCoiTXIn0Tdvpm2Tj.output.status_code$", "operator": "ne", "right_operand": 200 }, "continue_on_failure": false, "display_name": "Failure/Anything Else", "skip_execution": false }, "object_type": "definition_activity", "actions": [ { "unique_name": "definition_activity_01PSAG4WMYVZO3rc6emNgim2VQEAhSvfJMW", "name": "Failed", "title": "Failed", "type": "logic.completed", "base_type": "activity", "properties": { "completion_type": "failed-completed", "continue_on_failure": false, "display_name": "Failed", "result_message": "There was an error fetching the malware hashes from Kenna. CVE ID: $workflow.definition_workflow_01PSAG3UACQ1N38Q4Bns45cYWo4hpBsqNGv.input.variable_workflow_01PSAG3U3ERWO6vgjqzKZHVwvVeMY4QU0KJ$\nStatus Code: $activity.definition_activity_01PSAG4ENNIFU2PmrkkCoiTXIn0Tdvpm2Tj.output.status_code$\nResponse Body: $activity.definition_activity_01PSAG4ENNIFU2PmrkkCoiTXIn0Tdvpm2Tj.output.response_body$", "skip_execution": false }, "object_type": "definition_activity" } ] } ] } ], "categories": [ "category_1BMfMXSnJMyt5Ihqi7rWJr5N8cf" ] } }