Skip to main content


This Integration is part of the Armorblox Pack.#

Supported versions

Supported Cortex XSOAR versions: 6.0.0 and later.

Armorblox is an API-based platform that stops targeted email attacks, protects sensitive data, and automates incident response. This integration was integrated and tested with version 4.3.0 of Armorblox

Configure Armorblox on Cortex XSOAR#

  1. Navigate to Settings > Integrations > Servers & Services.

  2. Search for Armorblox.

  3. Click Add instance to create and configure a new integration instance.

  4. Select Fetches incidents to pull incidents from Armorblox to Cortex

  5. Select Classifier as Armorblox-Classifier

  6. Select Mapper as Armorblox-Mapper

    Armorblox tenant nameTrue
    Incident typeFalse
    API keyTrue
    Fetch limitFalse
    First fetch timestamp (last <number> <time unit>, e.g., last7Days)False
    Incidents Fetch IntervalFalse
    Trust any certificate (not secure)False
    Use system proxy settingsFalse
    Fetch incidentsFalse
  7. Click Test to validate the URLs, token, and connection.

  8. Save and Exit to enable the instance.


You can execute these commands from the Cortex XSOAR CLI, as part of an automation, or in a playbook. After you successfully execute a command, a DBot message appears in the War Room with the command details.


Check the recommended remediation action for any incident

Base Command#



Argument NameDescriptionRequired
incident_idThe incident id of the incident under inspection.Required

Context Output#


Command Example#


Context Example#

"incident_id": "5375",
"remediation_actions": "NEEDS REVIEW"

Human Readable Output#

remediation_actionsNEEDS REVIEW


Gets a list of armorblox incidents

Base Command#


Context Output#

There is no context output for this command.