Acalvio ShadowPlex
Acalvio ShadowPlex Pack.#
This Integration is part of theAcalvio ShadowPlex is a comprehensive Autonomous Deception Platform that offers Advanced Threat Detection, Investigation and Response capabilities. This integration was integrated and tested with Acalvio ShadowPlex 5.x and ShadowPlex API 2.0.
#
Configure Acalvio ShadowPlex in CortexParameter | Description | Required |
---|---|---|
url | Acalvio API Server URL (e.g. https://example.net\) | True |
apikey | Acalvio API Key | True |
insecure | Trust SSL certificate | False |
proxy | Use system proxy settings | False |
#
CommandsYou can execute these commands from the CLI, as part of an automation, or in a playbook. After you successfully execute a command, a DBot message appears in the War Room with the command details.
#
acalvio-is-deception-hostCheck if its a Deception Host
#
Base Commandacalvio-is-deception-host
#
InputArgument Name | Description | Required |
---|---|---|
host | Hostname or IP Address of Endpoint | Required |
#
Context OutputPath | Type | Description |
---|---|---|
Acalvio.IsDeceptionHost.is_deception | Boolean | Returns 'True' if Host is a Deception else 'False' |
Acalvio.IsDeceptionHost.host | String | Host to be checked if Deception |
#
Command Example!acalvio-is-deception-host host="10.10.10.10"
#
Context Example#
Human Readable OutputResults - Deception Host
Key Value is_deception true host 10.10.10.10
#
acalvio-is-deception-userCheck if its a Deception User
#
Base Commandacalvio-is-deception-user
#
InputArgument Name | Description | Required |
---|---|---|
username | Username of the Domain User | Required |
domain | AD Domain Name to which User belongs to | Optional |
#
Context OutputPath | Type | Description |
---|---|---|
Acalvio.IsDeceptionUser.is_deception | Boolean | Returns 'True' if its a Deception User else 'False' |
Acalvio.IsDeceptionUser.username | String | Username to be checked if Deception |
Acalvio.IsDeceptionUser.domain | String | Users Domain |
#
Command Example!acalvio-is-deception-user username="tom" domain="acalvio.com"
#
Context Example#
Human Readable OutputResults - Deception User
Key Value is_deception true username dmusernonadmin2 domain acalvio.com
#
acalvio-is-deception-fileCheck if its a Deception File on the Endpoint
#
Base Commandacalvio-is-deception-file
#
InputArgument Name | Description | Required |
---|---|---|
endpoint | Hostname or IP Address of Endpoint where file resides | Required |
filename | Name of the file to be checked | Required |
#
Context OutputPath | Type | Description |
---|---|---|
Acalvio.IsDeceptionFile.is_deception | Boolean | Returns 'True' if File is a Deception else 'False' |
Acalvio.IsDeceptionFile.filename | String | Filename to be checked if Deception |
Acalvio.IsDeceptionFile.endpoint | String | Hostname or IP Address of Endpoint where file resides |
#
Command Example!acalvio-is-deception-file endpoint="win10-ep" filename="t33.pdf"
#
Context Example#
Human Readable OutputResults - Deception File
Key Value is_deception true filename t33.pdf endpoint win10-ep
#
acalvio-mute-deception-hostMute a Deception Host
#
Base Commandacalvio-mute-deception-host
#
InputArgument Name | Description | Required |
---|---|---|
host | Deception Host to be Muted | Required |
#
Context OutputPath | Type | Description |
---|---|---|
Acalvio.MuteDeceptionHost.is_mute | Boolean | Returns 'True' if Deception is Muted else 'False' |
Acalvio.MuteDeceptionHost.host | String | Deception Host to be Muted |
#
Command Exampleacalvio-mute-deception-host host="win10-host"
#
Context Example#
Human Readable OutputResults - Mute Deception
Key Value is_mute true host win10-host
#
acalvio-unmute-deception-hostUnmute a Deception Host
#
Base Commandacalvio-unmute-deception-host
#
InputArgument Name | Description | Required |
---|---|---|
host | Deception Host to be Unmuted | Required |
#
Context OutputPath | Type | Description |
---|---|---|
Acalvio.UnmuteDeceptionHost.is_unmute | Boolean | Returns 'True' if Deception is Unmuted else 'False' |
Acalvio.UnmuteDeceptionHost.host | String | Deception Host to be Unmuted |
#
Command Exampleacalvio-unmute-deception-host host="win10-host"
#
Context Example#
Human Readable OutputResults - Unute Deception
Key Value is_unmute true host win10-host
#
acalvio-mute-deception-on-endpointMute a Deception on Endpoint
#
Base Commandacalvio-mute-deception-on-endpoint
#
InputArgument Name | Description | Required |
---|---|---|
endpoint | Hostname or IP Address of Endpoint | Required |
#
Context OutputPath | Type | Description |
---|---|---|
Acalvio.MuteDeceptionEndpoint.is_mute | Boolean | Returns 'True' if Deception is Muted else 'False' |
Acalvio.MuteDeceptionEndpoint.endpoint | String | Hostname or IP Address of Endpoint |
#
Command Exampleacalvio-mute-deception-on-endpoint endpoint="win10-ep"
#
Context Example#
Human Readable OutputResults - Mute Deception
Key Value is_mute true endpoint win10-ep
#
acalvio-unmute-deception-on-endpointUnmute a Deception on Endpoint
#
Base Commandacalvio-unmute-deception-on-endpoint
#
InputArgument Name | Description | Required |
---|---|---|
endpoint | Hostname or IP Address of Endpoint | Required |
#
Context OutputPath | Type | Description |
---|---|---|
Acalvio.UnmuteDeceptionEndpoint.is_unmute | Boolean | Returns 'True' if Deception is Unmuted else 'False' |
Acalvio.UnmuteDeceptionEndpoint.endpoint | String | Hostname or IP Address of Endpoint |
#
Command Exampleacalvio-unmute-deception-on-endpoint endpoint="win10-ep"
#
Context Example#
Human Readable OutputResults - Unmute Deception
Key Value is_unmute true endpoint win10-ep