[New Pack] - Internal - UVEM - Cortex VM (#37799) (#38372)

* pack init

* UVEM-755 - trigger

* adding fields

* update fields

* staging for UVEM-787

* Update from EM to VM

* Remove leftover EM playbooks

* Update RankSO Script and Release Notes

* Update Dependencies

* update playbooks

* update dependencies

* Revert "Update RankSO Script and Release Notes"

This reverts commit 34850eb.

* Revert pack metadata

* description wording change

* itemPrefix

* add README

* updated to playbooks and screenshots

* fix val error

* re-add field

* Apply suggestions from code review



* fix val error

* fix input ref

* fix and change to issues

* removed end field

---------

Co-authored-by: John <[email protected]>
Co-authored-by: jwilkes <[email protected]>
Co-authored-by: johnnywilkes <[email protected]>
Co-authored-by: ShirleyDenkberg <[email protected]>

Packs/CortexVulnerabilityManagement/IncidentFields/incidentfield-VM-_Asset_Owner.json

@@ -0,0 +1,119 @@
+{
+    "associatedToAll": true,
+    "caseInsensitive": true,
+    "cliName": "vmassetowner",
+    "closeForm": false,
+    "columns": [
+        {
+            "displayName": "Name",
+            "fieldCalcScript": "",
+            "isDefault": true,
+            "isReadOnly": false,
+            "key": "name",
+            "orgType": "shortText",
+            "required": false,
+            "script": "",
+            "selectValues": null,
+            "type": "shortText",
+            "width": 150,
+            "_comment": "Optional: Name of asset owner. Either name or email will be present."
+        },
+        {
+            "displayName": "Email",
+            "fieldCalcScript": "",
+            "isDefault": true,
+            "isReadOnly": false,
+            "key": "email",
+            "orgType": "shortText",
+            "required": false,
+            "script": "",
+            "selectValues": null,
+            "type": "shortText",
+            "width": 150,
+            "_comment": "Optional: Email address of asset owner. Either name or email will be present."
+        },
+        {
+            "displayName": "Source",
+            "fieldCalcScript": "",
+            "isDefault": true,
+            "isReadOnly": false,
+            "key": "source",
+            "orgType": "shortText",
+            "required": false,
+            "script": "",
+            "selectValues": null,
+            "type": "shortText",
+            "width": 150,
+            "_comment": "Mandatory: Where this asset owner was found from based on data from integrations."
+        },
+        {
+            "displayName": "Timestamp",
+            "fieldCalcScript": "",
+            "isDefault": true,
+            "isReadOnly": false,
+            "key": "timestamp",
+            "orgType": "shortText",
+            "required": false,
+            "script": "",
+            "selectValues": null,
+            "type": "shortText",
+            "width": 150,
+            "_comment": "Mandatory: Current timestamp the user was found by the playbook."
+        },
+        {
+            "displayName": "Ranking Score",
+            "fieldCalcScript": "",
+            "isDefault": true,
+            "isReadOnly": false,
+            "key": "ranking_score",
+            "orgType": "shortText",
+            "required": false,
+            "script": "",
+            "selectValues": null,
+            "type": "shortText",
+            "width": 150,
+            "_comment": "Mandatory: Score for how likely a the user is a asset owner."
+        },
+        {
+            "displayName": "Justification",
+            "fieldCalcScript": "",
+            "isDefault": true,
+            "isReadOnly": false,
+            "key": "justification",
+            "orgType": "shortText",
+            "required": false,
+            "script": "",
+            "selectValues": null,
+            "type": "shortText",
+            "width": 150,
+            "_comment": "Mandatory: Same as source, subject to change in the future."
+        }
+    ],
+    "content": true,
+    "defaultRows": [
+        {},
+        {},
+        {}
+    ],
+    "description": "Potential asset owners gathered through playbook",
+    "editForm": true,
+    "group": 0,
+    "hidden": false,
+    "id": "incident_vmassetowner",
+    "isReadOnly": false,
+    "locked": false,
+    "name": "VM - Asset Owner",
+    "neverSetAsRequired": false,
+    "openEnded": false,
+    "ownerOnly": false,
+    "required": false,
+    "sla": 0,
+    "system": false,
+    "threshold": 72,
+    "type": "grid",
+    "unmapped": false,
+    "unsearchable": true,
+    "useAsKpi": false,
+    "version": -1,
+    "fromVersion": "6.5.0"
+}

Packs/CortexVulnerabilityManagement/IncidentFields/incidentfield-VM_-_Asset_Owner_Unranked_Raw.json

@@ -0,0 +1,91 @@
+{
+    "associatedToAll": true,
+    "caseInsensitive": true,
+    "cliName": "vmassetownerunrankedraw",
+    "closeForm": false,
+    "columns": [
+        {
+            "displayName": "Name",
+            "fieldCalcScript": "",
+            "isDefault": true,
+            "isReadOnly": false,
+            "key": "name",
+            "orgType": "shortText",
+            "required": false,
+            "script": "",
+            "selectValues": null,
+            "type": "shortText",
+            "width": 150,
+            "_comment": "Optional: Name of asset owner. Either name or email will be present."
+        },
+        {
+            "displayName": "Email",
+            "fieldCalcScript": "",
+            "isDefault": true,
+            "isReadOnly": false,
+            "key": "email",
+            "orgType": "shortText",
+            "required": false,
+            "script": "",
+            "selectValues": null,
+            "type": "shortText",
+            "width": 150,
+            "_comment": "Optional: Email address of asset owner. Either name or email will be present."
+        },
+        {
+            "displayName": "Source",
+            "fieldCalcScript": "",
+            "isDefault": true,
+            "isReadOnly": false,
+            "key": "source",
+            "orgType": "shortText",
+            "required": false,
+            "script": "",
+            "selectValues": null,
+            "type": "shortText",
+            "width": 150,
+            "_comment": "Mandatory: Where this asset owner was found from based on data from integrations."
+        },
+        {
+            "displayName": "Timestamp",
+            "fieldCalcScript": "",
+            "isDefault": true,
+            "isReadOnly": false,
+            "key": "timestamp",
+            "orgType": "shortText",
+            "required": false,
+            "script": "",
+            "selectValues": null,
+            "type": "shortText",
+            "width": 150,
+            "_comment": "Mandatory: Current timestamp the user was found by the playbook."
+        }
+    ],
+    "content": true,
+    "defaultRows": [
+        {},
+        {},
+        {}
+    ],
+    "description": "Original set of potential asset owners gathered through playbook. This field contains all the asset owners collected by the playbook in vmassetowner as well as additional users that may help identify likely owners (e.g. service accounts).",
+    "editForm": true,
+    "group": 0,
+    "hidden": false,
+    "id": "incident_vmassetownerunrankedraw",
+    "isReadOnly": false,
+    "locked": false,
+    "name": "VM - Asset Owner Unranked Raw",
+    "neverSetAsRequired": false,
+    "openEnded": false,
+    "ownerOnly": false,
+    "required": false,
+    "sla": 0,
+    "system": false,
+    "threshold": 72,
+    "type": "grid",
+    "unmapped": false,
+    "unsearchable": true,
+    "useAsKpi": false,
+    "version": -1,
+    "fromVersion": "6.5.0"
+}