Bruteforcetrigger (#37414)

* trigger * rn * fixid * newrn
demisto · Dec 8, 2024 · 8942a4f · 8942a4f
1 parent a62856c
commit 8942a4f
Show file tree

Hide file tree

Showing 3 changed files with 35 additions and 1 deletion.
diff --git a/Packs/Core/ReleaseNotes/3_1_0.md b/Packs/Core/ReleaseNotes/3_1_0.md
@@ -0,0 +1,6 @@
+
+#### Triggers Recommendations
+
+##### New: SSO Brute Force Activity
+
+This trigger is responsible for handling the 'SSO Brute Force Threat Detected' and 'SSO Brute Force Activity Observed' alerts.
diff --git a/Packs/Core/Triggers/Trigger_-_SSO_Brute_Force_Activity.json b/Packs/Core/Triggers/Trigger_-_SSO_Brute_Force_Activity.json
@@ -0,0 +1,28 @@
+{
+  "trigger_id": "4c039023b3a5216ba6774484bf1859ea",
+  "playbook_id": "SSO Brute Force",
+  "suggestion_reason": "Recommended for 'SSO Brute Force Threat Detected' and 'SSO Brute Force Activity Observed' alerts",
+  "description": "This trigger is responsible for handling the 'SSO Brute Force Threat Detected' and 'SSO Brute Force Activity Observed' alerts",
+  "trigger_name": "SSO Brute Force Activity",
+  "alerts_filter": {
+    "filter": {
+        "AND": [
+            {
+            "OR": [
+                {
+                "SEARCH_FIELD": "alert_name",
+                "SEARCH_TYPE": "EQ",
+                "SEARCH_VALUE": "SSO Brute Force Threat Detected"
+                },
+                {
+                "SEARCH_FIELD": "alert_name",
+                "SEARCH_TYPE": "EQ",
+                "SEARCH_VALUE": "SSO Brute Force Activity Observed"
+                }
+                ]
+            }
+        ]    
+    }
+  }
+}
+
diff --git a/Packs/Core/pack_metadata.json b/Packs/Core/pack_metadata.json
@@ -2,7 +2,7 @@
     "name": "Core - Investigation and Response",
     "description": "Automates incident response",
     "support": "xsoar",
-    "currentVersion": "3.0.99",
+    "currentVersion": "3.1.0",
     "author": "Cortex XSOAR",
     "url": "https://www.paloaltonetworks.com/cortex",
     "email": "",