Supported Cortex XSOAR versions: 6.0.0 and later.
Armorblox is an API-based platform that stops targeted email attacks, protects sensitive data, and automates incident response. This integration was integrated and tested with version 4.3.0 of Armorblox
Navigate to Settings > Integrations > Servers & Services.
Search for Armorblox.
Click Add instance to create and configure a new integration instance.
Select Fetches incidents to pull incidents from Armorblox to Cortex
Select Classifier as Armorblox-Classifier
Select Mapper as Armorblox-Mapper
Parameter Required Armorblox tenant name True Incident type False API key True Fetch limit False First fetch timestamp (last <number> <time unit>, e.g., last7Days) False Incidents Fetch Interval False Trust any certificate (not secure) False Use system proxy settings False Fetch incidents False
Click Test to validate the URLs, token, and connection.
Save and Exit to enable the instance.
You can execute these commands from the Cortex XSOAR CLI, as part of an automation, or in a playbook. After you successfully execute a command, a DBot message appears in the War Room with the command details.
Check the recommended remediation action for any incident
|incident_id||The incident id of the incident under inspection.||Required|
Gets a list of armorblox incidents
There is no context output for this command.