CDC engine 3.0.0
- 02 Apr 2025
- 3 Minutes to read
- DarkLight
- PDF
CDC engine 3.0.0
- Updated on 02 Apr 2025
- 3 Minutes to read
- DarkLight
- PDF
Article summary
Did you find this summary helpful?
Thank you for your feedback!
CDC engine - 3.0.0
tags: python | infrastructure | cdc
Table of Contents
Description
CDC_engine is a generic pack prepared for the implementation of a higher level of automations and integration with the CDC. It uses different API frameworks supported by the CDC, such as cdc_sdk and APIs such as cdc_backend, cdc_async, cdc_public, etc.
CyberProof can use this pack for any implementation that is not directly part of cdc_sdk or async, but still related to StackStorm. All common functionality that is independent of the API and used for communication with CDC is usually placed in this pack. Copying observable tags in alert tags is also supported using this pack, and available for all CDC APIs.
| Integration Type: | Integration |
| Information read: | Alerts read from CDC using webhooks. |
| API Supported: | Rest APIs |
| Input: | Rule ( no input required) |
| Output: | Processed Rules and workflows. |
CDC Command Lines
No CDC command lines
Workflows
* **add_enrichment_to_observable**
This workflow will adds enrichment to observable in cdc
* **add_observables_alert**
This workflow will add observables to alert
* **add_observables_incident**
This workflow will add observables to incident
* **add_observable_alert**
This workflow will add observable to alert
* **add_observable_incident**
This workflow will add observable to incident
* **add_observable_tags_to_alert**
Copies observable tags to the alert tag.
* **add_tags_to_alert**
This workflow will add tags to cdc alert
* **add_tags_to_incident**
This workflow will update tags to incident
* **attach_alerts_to_incident**
This workflow will add alerts to incident
* **CACHED_upload_files**
This workflow will send files to alert , incident , channel
* **close_alert**
This workflow will close cdc alert
* **close_incident**
This workflow will close cdc incident
* **create_alert**
This workflow will create alert from async
* **create_incident_discrete**
This workflow will create incident with discrete inputs using from async-api
* **detach_alerts_from_incident**
This workflow will remove alerts from incident
* **detach_and_attach_alerts_to_existing_incident**
This workflow will detach alerts from an incident and attach it to existing CDC incident
* **detach_and_attach_alerts_to_new_incident**
This workflow will remove alerts from incident
* **format_and_post_form**
This workflow will format the inputs required to display input form as adaptive card and post to CDC. For detailed steps to consume this workflow please refer: https://bi-sec.atlassian.net/wiki/spaces/RD/pages/3315040265/Generic+Input+Adaptive+Card
* **get_alert**
This workflow will get alert
* **get_alert_observables**
This workflow will get alert observables
* **get_alert_raw_data**
This workflow will get raw data by alert id
* **get_cdc_files**
This workflow is used to get the file names of particular alerts , incident or channel
* **get_dynamic_data**
This workflow will fetch the dynamic data from blob for required dynamic fields. For detailed steps to consume this workflow please refer: https://bi-sec.atlassian.net/wiki/spaces/RD/pages/3315040265/Generic+Input+Adaptive+Card
* **get_file_content_by_id**
This workflow is used to get the content of the file by file id
* **get_incident**
This workflow will get incident details
* **get_incident_observables**
This workflow will get incident observables
* **get_observable_details**
This workflow will get observable details.
* **handle_new_alert**
Handles a new alert that was created in the CDC.
* **inject_alert**
This workflow will inject an alert to the CDC.
* **mark_alert_message_as_evidence**
This workflow will mark a message in alert as evidence
* **mark_incident_message_as_evidence**
This workflow will mark a message in incident as evidence
* **post_card_message**
This workflow will send message data in adaptive card to alert , incident , channel
* **post_message**
This workflow will send message to cdc alert incident and channel level
* **post_thread_card_message**
This workflow will send message data in adaptive card to thread of alert channel or incident eg cli output
* **post_thread_message**
This workflow will send message to thread of alert channel or incident eg cli output
* **search_query**
This workflow will search query from cdc
* **update_alert**
This workflow will update alert
* **update_alert_severity**
This workflow will update alert severity
* **update_incident_company**
This workflow will update incident company
* **update_incident_priority**
This workflow will update incident priority
* **validate_max_alerts_per_incident**
This workflow will validate max_alerts_per_incident
Rules
* **cdc_add_observable_tags_to_alert**
This rule is for getting an alert_created webhook event from the CDC. It triggers an action for adding the tags from the observable to the alert.
* **inject_alert_listener**
Triggers injecting new alerts to the CDC workflow, when a sensor dispatches a new alert to the CDC.
* **new_alert_listener**
Triggered when a new alert in the CDC is created.
Sensors
No sensors
Triggers
* **cdc_new_alert**
Trigger that indicates that a new alert has been created, that needs to be injected to the CDC.
Known Issues
Was this article helpful?