Set up Google Maps in Cortex XSOAR to use map automations
You need to set up Google Maps in Cortex XSOAR before using either the
ShowLocationOnMap or the
ShowLocationOnMap automation, to view the map, you also need to add the automation to a indicator layout.
In Google Cloud Platform, do the following:
- Create a Google Cloud Project.
- Enable APIs and Services (API & Services>Dashboard> ENABLE APIS AND SERVICES).
Select Settings > ABOUT > Troubleshooting> Add Server Configuration.
Add the following key and value:
Click Save. You can now run the
ShowOnMapautomation in Cortex XSOAR. For example in the CLI type,
!ShowOnMap lat=6.1287 lng=1.2215.
For more information, see How to Display a Geo-location Using Google Maps in the War Room.
(ShowLocationOnMap automation only) Customize an indicator layout.
If using an out-of-the box layout, such as IP, duplicate/detach the layout.
Edit the layout.
Drag and drop the General Purpose Dynamic Section onto the indicator page.
In the General Purpose Dynamic Section, click Edit button>Edit section settings.
Edit the name as required.
In this example, we will call it
General Purpose Dynamic Section - ShowLocationOnMap.
In the Automation Script field, select ShowLocationOnMap.
Add the indicator layout to an indicator type.
Go to Settings>OBJECTS SETUP>Indicators.
Select the indicator type and click Edit.
In the Layout section select the layout you added in step 3.
In the Threat Intel page, select a relevant indicator that has a value for the Geo Location field. The map should be shown in the section that you created.
If you do not have an indicator that has a value for the Geo Location field, to test the indicator, do the following:
- Go to Settings>OBJECTS SETUP>Incident Fields>Indicators and search for Geo Location.
- Click Edit Geo Location and select the indicator type where you want the field to appear.
- Go to Threat Intel page, select the indicator and then click Edit
- In the Geo Location field, type