Skip to main content

Acalvio ShadowPlex

This Integration is part of the Acalvio ShadowPlex Pack.#

Acalvio ShadowPlex is a comprehensive Autonomous Deception Platform that offers Advanced Threat Detection, Investigation and Response capabilities. This integration was integrated and tested with Acalvio ShadowPlex 5.x and ShadowPlex API 2.0.

Configure Acalvio ShadowPlex in Cortex#

ParameterDescriptionRequired
urlAcalvio API Server URL (e.g. https://example.net\)True
apikeyAcalvio API KeyTrue
insecureTrust SSL certificateFalse
proxyUse system proxy settingsFalse

Commands#

You can execute these commands from the CLI, as part of an automation, or in a playbook. After you successfully execute a command, a DBot message appears in the War Room with the command details.

acalvio-is-deception-host#


Check if its a Deception Host

Base Command#

acalvio-is-deception-host

Input#

Argument NameDescriptionRequired
hostHostname or IP Address of EndpointRequired

Context Output#

PathTypeDescription
Acalvio.IsDeceptionHost.is_deceptionBooleanReturns 'True' if Host is a Deception else 'False'
Acalvio.IsDeceptionHost.hostStringHost to be checked if Deception

Command Example#

!acalvio-is-deception-host host="10.10.10.10"

Context Example#

{
'is_deception': true,
'host': '10.10.10.10'
}

Human Readable Output#

Results - Deception Host

KeyValue
is_deceptiontrue
host10.10.10.10

acalvio-is-deception-user#


Check if its a Deception User

Base Command#

acalvio-is-deception-user

Input#

Argument NameDescriptionRequired
usernameUsername of the Domain UserRequired
domainAD Domain Name to which User belongs toOptional

Context Output#

PathTypeDescription
Acalvio.IsDeceptionUser.is_deceptionBooleanReturns 'True' if its a Deception User else 'False'
Acalvio.IsDeceptionUser.usernameStringUsername to be checked if Deception
Acalvio.IsDeceptionUser.domainStringUsers Domain

Command Example#

!acalvio-is-deception-user username="tom" domain="acalvio.com"

Context Example#

{
'is_deception': true,
'username': 'tom',
'domain': 'acalvio.com'
}

Human Readable Output#

Results - Deception User

KeyValue
is_deceptiontrue
usernamedmusernonadmin2
domainacalvio.com

acalvio-is-deception-file#


Check if its a Deception File on the Endpoint

Base Command#

acalvio-is-deception-file

Input#

Argument NameDescriptionRequired
endpointHostname or IP Address of Endpoint where file residesRequired
filenameName of the file to be checkedRequired

Context Output#

PathTypeDescription
Acalvio.IsDeceptionFile.is_deceptionBooleanReturns 'True' if File is a Deception else 'False'
Acalvio.IsDeceptionFile.filenameStringFilename to be checked if Deception
Acalvio.IsDeceptionFile.endpointStringHostname or IP Address of Endpoint where file resides

Command Example#

!acalvio-is-deception-file endpoint="win10-ep" filename="t33.pdf"

Context Example#

{
'is_deception': true,
'filename': 't33.pdf',
'endpoint': 'win10-ep'
}

Human Readable Output#

Results - Deception File

KeyValue
is_deceptiontrue
filenamet33.pdf
endpointwin10-ep

acalvio-mute-deception-host#


Mute a Deception Host

Base Command#

acalvio-mute-deception-host

Input#

Argument NameDescriptionRequired
hostDeception Host to be MutedRequired

Context Output#

PathTypeDescription
Acalvio.MuteDeceptionHost.is_muteBooleanReturns 'True' if Deception is Muted else 'False'
Acalvio.MuteDeceptionHost.hostStringDeception Host to be Muted

Command Example#

acalvio-mute-deception-host host="win10-host"

Context Example#

{
'is_mute': true,
'host': 'win10-host'
}

Human Readable Output#

Results - Mute Deception

KeyValue
is_mutetrue
hostwin10-host

acalvio-unmute-deception-host#


Unmute a Deception Host

Base Command#

acalvio-unmute-deception-host

Input#

Argument NameDescriptionRequired
hostDeception Host to be UnmutedRequired

Context Output#

PathTypeDescription
Acalvio.UnmuteDeceptionHost.is_unmuteBooleanReturns 'True' if Deception is Unmuted else 'False'
Acalvio.UnmuteDeceptionHost.hostStringDeception Host to be Unmuted

Command Example#

acalvio-unmute-deception-host host="win10-host"

Context Example#

{
'is_unmute': true,
'host': 'win10-host'
}

Human Readable Output#

Results - Unute Deception

KeyValue
is_unmutetrue
hostwin10-host

acalvio-mute-deception-on-endpoint#


Mute a Deception on Endpoint

Base Command#

acalvio-mute-deception-on-endpoint

Input#

Argument NameDescriptionRequired
endpointHostname or IP Address of EndpointRequired

Context Output#

PathTypeDescription
Acalvio.MuteDeceptionEndpoint.is_muteBooleanReturns 'True' if Deception is Muted else 'False'
Acalvio.MuteDeceptionEndpoint.endpointStringHostname or IP Address of Endpoint

Command Example#

acalvio-mute-deception-on-endpoint endpoint="win10-ep"

Context Example#

{
'is_mute': true,
'endpoint': 'win10-ep'
}

Human Readable Output#

Results - Mute Deception

KeyValue
is_mutetrue
endpointwin10-ep

acalvio-unmute-deception-on-endpoint#


Unmute a Deception on Endpoint

Base Command#

acalvio-unmute-deception-on-endpoint

Input#

Argument NameDescriptionRequired
endpointHostname or IP Address of EndpointRequired

Context Output#

PathTypeDescription
Acalvio.UnmuteDeceptionEndpoint.is_unmuteBooleanReturns 'True' if Deception is Unmuted else 'False'
Acalvio.UnmuteDeceptionEndpoint.endpointStringHostname or IP Address of Endpoint

Command Example#

acalvio-unmute-deception-on-endpoint endpoint="win10-ep"

Context Example#

{
'is_unmute': true,
'endpoint': 'win10-ep'
}

Human Readable Output#

Results - Unmute Deception

KeyValue
is_unmutetrue
endpointwin10-ep