Skip to main content

ACTI Vulnerability Query

This Integration is part of the Accenture CTI v2 Pack.#

Supported versions

Supported Cortex XSOAR versions: 5.5.0 and later.

Accenture CTI provides intelligence regarding security threats and vulnerabilities. This integration was integrated and tested with version v2.93.0 of ACTI

Configure ACTI Vulnerability Query in Cortex#

ParameterDescriptionRequired
urlURLTrue
api_tokenAPI TokenTrue
Source ReliabilityReliability of the source providing the intelligence data.B - Usually reliable
insecureTrust any certificate (not secure)False
use_proxyUse system proxy settingsFalse

Commands#

You can execute these commands from the CLI, as part of an automation, or in a playbook. After you successfully execute a command, a DBot message appears in the War Room with the command details.

acti-vuln#


Checks the reputation of the given common vulnerabilities and exposures ID.

Base Command#

acti-vuln

Input#

Argument NameDescriptionRequired
cveCVE ID to check.Optional

Context Output#

PathTypeDescription
CVE.IDStringThe ID of the CVE, for example: CVE-2022-1653
CVE.CVSS2StringThe CVSS2 temporal score of the CVE based on exploitability, remediation level & report confidence, for example: 10.0
CVE.CVSS3StringThe CVSS3 temporal score of the CVE based on exploitability, remediation level & report confidence, for example: 10.0
CVE.PublishedStringThe timestamp of when the CVE was published.
CVE.ModifiedStringThe timestamp of when the CVE was last modified.
CVE.DescriptionStringA description of the CVE.
DBotScore.IndicatorStringThe indicator that was tested.
DBotScore.ReliabilityStringReliability of the source providing the intelligence data.
DBotScore.TypeStringThe indicator type.
DBotScore.VendorStringThe vendor that was used to calculate the score.
DBotScore.ScoreStringThe actual score.

Command Example#

!acti-vuln cve=CVE-2022-1653

Context Example#

{
"DBotScore": {
"Indicator": "CVE-2022-1653",
"Reliability": "B - Usually reliable",
"Score": 2,
"Type": "cve",
"Vendor": "ACTI Vulnerability Query"
},
"CVE": {
"CVSS2": "10.0",
"CVSS3": "10.0",
"Description": "Description of the vulnerability",
"ID": "CVE-2022-1653",
"Modified": "2022-01-27 03:40:00",
"Published": "2022-01-22 04:01:42",
}
}

Human Readable Output#

Results#

CPEsCVSS2CVSS3DbotReputationDescriptionLastModifiedLastPublishedNameUUID
cpe:/a:f5:big-ip:16.1.110102Description of the vulnerability2022-01-27 03:40:002022-01-22 04:01:42CVE-2022-1653cbc55efe-aa5c-4114-b532-e44f9b824fe1