Skip to main content

Armorblox

This Integration is part of the Armorblox Pack.#

Supported versions

Supported Cortex XSOAR versions: 6.0.0 and later.

Armorblox is an API-based platform that stops targeted email attacks, protects sensitive data, and automates incident response. This integration was integrated and tested with version 4.3.0 of Armorblox

Configure Armorblox on Cortex XSOAR#

  1. Navigate to Settings > Integrations > Servers & Services.

  2. Search for Armorblox.

  3. Click Add instance to create and configure a new integration instance.

  4. Select Fetches incidents to pull incidents from Armorblox to Cortex

  5. Select Classifier as Armorblox-Classifier

  6. Select Mapper as Armorblox-Mapper

    ParameterRequired
    Armorblox tenant nameTrue
    Incident typeFalse
    API keyTrue
    Fetch limitFalse
    First fetch timestamp (last <number> <time unit>, e.g., last7Days)False
    Incidents Fetch IntervalFalse
    Trust any certificate (not secure)False
    Use system proxy settingsFalse
    Fetch incidentsFalse
  7. Click Test to validate the URLs, token, and connection.

  8. Save and Exit to enable the instance.

Commands#

You can execute these commands from the Cortex XSOAR CLI, as part of an automation, or in a playbook. After you successfully execute a command, a DBot message appears in the War Room with the command details.

armorblox-check-remediation-action#


Check the recommended remediation action for any incident

Base Command#

armorblox-check-remediation-action

Input#

Argument NameDescriptionRequired
incident_idThe incident id of the incident under inspection.Required

Context Output#

PathTypeDescription
Armorblox.Threat.remediation_actionsstring

Command Example#

!armorblox-check-remediation-action

Context Example#

{
"Armorblox":
{
"Threat":
{
"incident_id": "5375",
"remediation_actions": "NEEDS REVIEW"
}
}
}

Human Readable Output#

incident_id5375
remediation_actionsNEEDS REVIEW