Asimily Insight
Asimily Insight Pack.#
This Integration is part of theSupported versions
Supported Cortex XSOAR versions: 6.10.0 and later.
Integrate Asimily Insight to ingest security anomalies, CVEs, and leverage detailed asset data for streamlined incident investigation.
Asimily Insight delivers comprehensive IoT/OT security and management by providing deep asset visibility, automated vulnerability prioritization, and actionable mitigation strategies aligned with MITRE ATT&CK. It analyzes device communication, calculates holistic risk scores, and enables targeted network segmentation. The platform detects anomalies, simplifies policy management, and automates forensic packet capture. Beyond security, Asimily optimizes asset utilization, tracks operational usage, and manages configuration drift. Its Risk Simulator improves efficiency, and centralized data streamlines IT/OT convergence while identifying unmanaged devices.
This integration utilizes the Asimily Insight RESTful APIs to provide seamless access to comprehensive device data. Users can retrieve detailed information on IT, medical, and security parameters, as well as view known vulnerabilities (CVEs), detect asset anomalies, and maintain synchronized data—either on a regular schedule or on demand.
#
What does this pack do?- On-Demand Asset Retrieval: Query Asimily Insight for detailed device information using search parameters, such as IP address, MAC address, facility, or device ID.
- Anomaly Alert Synchronization: Regularly sync alerts generated by Asimily Insight to ensure up-to-date visibility into device-related security and operational events.
- Vulnerability (CVE) Synchronization: Periodically retrieve and update known device vulnerabilities detected by Asimily Insight to support informed risk management and mitigation.
- Incident Creation in Cortex XSOAR: All synced data—whether alerts, or vulnerabilities is automatically converted into incidents within the Cortex XSOAR platform for streamlined investigation and response workflows. Asset info can be automatically queried and stored by using Playbook to call the
asimily-get-asset-details
command.
#
Configure Asimily Insight on Cortex XSOARNavigate to Settings > Integrations > Servers & Services.
Search for Asimily Insight.
Click Add instance to create and configure a new integration instance.
Parameter Description Required/Default Type Name XSOAR Integration Instance Name True String Asimily Portal URL This will be in the following format: https://customer-portal.asimily.com
.True String API User Name The Asimily Insight API username True String Password The password of the Asimily Insight API user True String Trust any certificate (not secure) Default False Boolean Use system proxy settings Default False Boolean Device Family Filter for Fetch Operation Fetch incidents only for assets with selected device families in fetch-incidents "All" Multi-Select Device Tags Filter for Fetch Operation Fetch incidents only for assets with selected device tags in fetch-incidents "All" Multi-Select Fetch Anomaly Alerts If fetch anomalies incidents in fetch-incidents Default False Boolean Fetch Anomaly Criticality Fetch anomaly incidents only for anomalies with selected criticality "High Only" Single-Select Fetch Device CVEs If fetch CVEs incidents in fetch-incidents Default False Boolean Fetch CVE Score Fetch CVEs incidents only for CVEs with selected scores "High Only" Single-Select Incidents Fetch Interval The default 5-minute fetch interval can be adjusted based on observed fetch duration to optimize data freshness and system load. 5 Number Fetches incidents If Fetch incidents False Boolean Click Test to validate the URL, API username, API password and connection.
#
Resetting the "Last Run" TimestampIf you modify any of the fetch filters (Fetch Anomaly Alerts, Fetch Device CVEs, Device Family Filter, Device Tags Filter, Fetch Anomaly Criticality, Fetch CVE Score), this means there may be new devices included to fetch incidents or there will be new incidents included for existing devices. It is strongly recommended to Reset the "last run" timestamp.
To reset:
- Go to the integration instance configuration.
- Navigate to Collect > Advanced Settings.
- Click Reset the "last run" timestamp.
- Click Reset Now.
This ensures that incidents related to newly included devices and updated filters are correctly fetched.
#
Configure Pre-Process RulesThe integration pulls in assets information, anomaly alerts, CVEs from Asimily Insight based on its updates or upon query, creating the need for a preprocessing rule that drops the incoming incident if it's a duplication.
Follow the guidelines below to configure the preprocessing rule.
- Navigate to Settings > Object Setup > Incidents > Pre-Process Rules.
- Click +New Rule on the top right corner.
- Name the rule appropriately (e.g. Asimily Incident Dedup).
- In the Conditions for Incoming Incident section, enter:
- Type - Includes - Asimily
- In the Action section, select Run a script.
- In the Choose a script section, pick from the drop-down list:
- PreProcessAsimilyDedup
The configuration of the preprocessing rule is optional, but highly recommended to avoid duplication.
The integration includes a preprocessing script (PreProcessAsimilyDedup) that will drop the incoming incident if it's a duplicate. It will search all past incidents with all status.
Alternative rule settings can be:
- In the Action section, select Drop and update.
- In the Update section, enter
- Link to - Oldest incident - Created within the last - Your desired timeframe
- DbotMirrorId - Is identical (Incoming Incident) - to incoming incident
#
CommandsYou can run these commands from the Cortex XSOAR CLI, as part of an automation, or within a playbook. Upon successful execution, a DBot message will appear in the War Room with execution details. If asset data, anomaly alerts, or CVE information is retrieved, corresponding incidents will be automatically created with appropriate incident types.
#
asimily-get-asset-detailsFetch assets details from Asimily Insight. You can add argument filters.
#
Base Commandasimily-get-asset-details
#
InputArgument | Description | Required | Support List |
---|---|---|---|
mac_addr | The MAC Address of Asimily Asset | Optional | No |
ip_addr | The IP Address of Asimily Asset | Optional | No |
facility | The Facility of Asimily Asset | Optional | No |
asimily_device_id | Asimily Insight given ID for devices | Optional | No |
limit | Maximum amount of items to fetch. | Optional | No |
#
Context OutputFetched
${fetch_limit}
out of${device_count}
assets matching search. Asset fetch count is limited to avoid server overload.
Path | Type | Description |
---|---|---|
AsimilyInsight.Asset.asimilydeviceid | number | Asimily Device ID |
AsimilyInsight.Asset.asimilydeviceipv4address | unknown | Asimily Device IP Address |
AsimilyInsight.Asset.asimilydevicemacaddress | string | Asimily Device MAC Address |
AsimilyInsight.Asset.asimilydeviceipv6address | unknown | Asimily Device IPV6 Address |
AsimilyInsight.Asset.asimilydevicemanufacturer | string | Asimily Device Manufacturer |
AsimilyInsight.Asset.asimilydevicemodel | string | Asimily Device Model |
AsimilyInsight.Asset.asimilydeviceos | string | Asimily Device OS |
AsimilyInsight.Asset.asimilydeviceosversion | string | Asimily Device OS Version |
AsimilyInsight.Asset.asimilydevicetype | string | Asimily Device Type |
AsimilyInsight.Asset.asimilydevicefamilies | unknown | Asimily Device Families |
AsimilyInsight.Asset.asimilydeviceserialnumber | string | Asimily Device Serial Number |
AsimilyInsight.Asset.asimilydevicedepartment | string | Asimily Device Department |
AsimilyInsight.Asset.asimilydevicefacility | string | Asimily Device Facility |
AsimilyInsight.Asset.asimilydevicehardwarearchitecture | string | Asimily Device Hardware Architecture |
AsimilyInsight.Asset.asimilydevicehostname | string | Asimily Device Host Name |
AsimilyInsight.Asset.asimilydevicelocation | string | Asimily Device Location |
AsimilyInsight.Asset.asimilydeviceregion | string | Asimily Device Region |
AsimilyInsight.Asset.asimilydevicesoftwareverison | string | Asimily Device Software Verison |
AsimilyInsight.Asset.asimilydeviceifstoreephi | boolean | Asimily Device If Store Ephi |
AsimilyInsight.Asset.asimilydeviceiftransmitephi | boolean | Asimily Device If Transmit Ephi |
AsimilyInsight.Asset.asimilydeviceriskscore | number | Asimily Device Risk Score |
AsimilyInsight.Asset.asimilydevicelikelihood | number | Asimily Device Likelihood |
AsimilyInsight.Asset.asimilydeviceimpact | number | Asimily Device Impact |
AsimilyInsight.Asset.asimilydeviceaverageutilizationpercent | number | Asimily Device Average Utilization Percent |
AsimilyInsight.Asset.asimilydeviceuptime | number | Asimily Device Up Time |
AsimilyInsight.Asset.asimilydeviceisconnected | boolean | Asimily Device Is Connected |
AsimilyInsight.Asset.asimilydeviceiscurrentlyinuse | boolean | Asimily Device Is Currently In Use |
AsimilyInsight.Asset.asimilydeviceisnetworkingdevice | boolean | 'Asimily Device Is Networking Device ' |
AsimilyInsight.Asset.asimilydeviceiswireless | boolean | Asimily Device Is Wireless |
AsimilyInsight.Asset.asimilydeviceclass | string | Asimily Device Class |
AsimilyInsight.Asset.asimilydevicemanagedby | string | Asimily Device Managed By |
AsimilyInsight.Asset.asimilydeviceanomalypresent | boolean | Asimily Device Anomaly Present |
AsimilyInsight.Asset.asimilydevicemds2 | string | Asimily Device MDS2 |
AsimilyInsight.Asset.asimilydevicecmmsid | string | Asimily Device CMMS ID |
AsimilyInsight.Asset.asimilydevicelastdiscoveredtime | date | Asimily Device Last Discovered Time |
AsimilyInsight.Asset.asimilydevicetag | unknown | Asimily Device Tag |
AsimilyInsight.Asset.asimilydevicemasterfamily | string | Asimily Device Master Family |
AsimilyInsight.Asset.asimilydevicediscoverysource | string | Asimily Device Discovery Source |
AsimilyInsight.Asset.asimilydeviceapplications | unknown | Asimily Device Applications |
AsimilyInsight.Asset.asimilydeviceurl | string | Asimily Device URL |
AsimilyInsight.Asset.asimilydeviceifusingendpointsecurity | boolean | Asimily Device If Using Endpoint Security |
#
asimily-get-asset-anomaliesFetch anomaly alerts from Asimily Insight. You can add argument filters.
#
Base Commandasimily-get-asset-anomalies
#
InputArgument Name | Description | Required | Support List |
---|---|---|---|
mac_addr | The MAC Address of Asimily Asset | Optional | No |
ip_addr | The IP Address of Asimily Asset | Optional | No |
asimily_device_id | Asimily Insight given ID for devices | Optional | No |
device_family | Optional | Yes | |
device_tag | Optional | Yes | |
criticality | Anomaly Alert Criticality Filter. Options: High Only, Medium and High, All | Optional | No |
limit | Maximum amount of items to fetch. (Fetch will stop after device anomalies reached the limit) | Optional | No |
#
Context OutputFetched
${fetch_count}
anomalies for${fetch_device_count}
devices matching search.${pending_device_count}
devices matching search is not fetched. Fetch count is limited to avoid server overload.
Path | Type | Description |
---|---|---|
AsimilyInsight.Anomaly.asimilyanomalyname | string | Asimily Anomaly Name |
AsimilyInsight.Anomaly.asimilyanomalycriticality | string | Asimily Anomaly Criticality |
AsimilyInsight.Anomaly.asimilyanomalyearliesttriggertime | date | Asimily Anomaly Earliest Trigger Time |
AsimilyInsight.Anomaly.asimilyanomalylasttriggertime | date | Asimily Anomaly Last Trigger Time |
AsimilyInsight.Anomaly.asimilyanomalyalertid | string | Asimily Anomaly Alert ID |
AsimilyInsight.Anomaly.asimilyanomalyurls | unknown | Asimily Anomaly URLs |
AsimilyInsight.Anomaly.asimilyanomalyisfixed | boolean | Asimily Anomaly Is Fixed |
AsimilyInsight.Anomaly.asimilyanomalyfixby | string | Asimily Anomaly Fix By |
AsimilyInsight.Anomaly.asimilyanomalycriticalityscore | number | Asimily Anomaly Criticality Score |
AsimilyInsight.Anomaly.asimilyanomalymitretactic | string | Asimily Anomaly Mitre Tactic |
AsimilyInsight.Anomaly.asimilyanomalymitretechnique | string | Asimily Anomaly Mitre Technique |
AsimilyInsight.Anomaly.asimilyanomalycategory | string | Asimily Anomaly Category |
AsimilyInsight.Anomaly.asimilyanomalydescription | string | Asimily Anomaly Description |
AsimilyInsight.Anomaly.asimilyanomalycustomeranomalyid | string | Asimily Anomaly Customer Anomaly ID. Unique anomaly type identifier assigned by Asimily for a specific customer. This ID can be used in future operations such as invoking anomaly fix actions. |
AsimilyInsight.Anomaly.asimilydeviceid | number | Asimily Device ID |
AsimilyInsight.Anomaly.asimilydevicemacaddress | string | Asimily Device MAC Address |
AsimilyInsight.Anomaly.asimilydeviceipv4address | string | Asimily Device IPV4 Address |
AsimilyInsight.Anomaly.asimilydevicehostname | string | Asimily Device Host Name |
AsimilyInsight.Anomaly.asimilydevicetype | string | Asimily Device Type |
AsimilyInsight.Anomaly.asimilydevicemodel | string | Asimily Device Model |
AsimilyInsight.Anomaly.asimilydeviceos | string | Asimily Device OS |
AsimilyInsight.Anomaly.asimilydevicemanufacturer | string | Asimily Device Manufacturer |
AsimilyInsight.Anomaly.asimilydevicefamilies | unknown | Asimily Device Families |
#
asimily-get-asset-vulnerabilitiesFetch device CVEs from Asimily Insight. You can add argument filters.
#
Base Commandasimily-get-asset-vulnerabilities
#
InputArgument Name | Description | Required | Support List |
---|---|---|---|
mac_addr | The MAC Address of Asimily Asset | Optional | No |
ip_addr | The IP Address of Asimily Asset | Optional | No |
asimily_device_id | Asimily Insight given ID for devices | Optional | No |
device_family | Optional | Yes | |
device_tag | Optional | Yes | |
cve_score | CVE Score Filter. Options: High Only, Medium and High, All (Score limit: High=7.5, Medium=3.5) | Optional | No |
limit | Maximum amount of items to fetch. (Fetch will stop after device CVEs reached the limit) | Optional | No |
#
Context OutputFetched
${fetch_count}
CVEs for${fetch_device_count}
devices matching search.${pending_device_count}
devices matching search is not fetched. Fetch count is limited to avoid server overload.
Path | Type | Description |
---|---|---|
AsimilyInsight.CVE.asimilycvename | string | Asimily CVE Name |
AsimilyInsight.CVE.asimilycvecwetype | string | Asimily CVE CWE Type |
AsimilyInsight.CVE.asimilycveentitytype | string | Asimily CVE Entity Type |
AsimilyInsight.CVE.asimilycveentityname | string | Asimily CVE Entity Name |
AsimilyInsight.CVE.asimilycvescore | number | Asimily CVE Score |
AsimilyInsight.CVE.asimilycvecvss3basescore | number | Asimily CVE CVSS 3 Base Score |
AsimilyInsight.CVE.asimilycvedescripttion | string | Asimily CVE Descripttion |
AsimilyInsight.CVE.asimilycveisfixed | boolean | Asimily CVE Is Fixed |
AsimilyInsight.CVE.asimilycvefixedby | string | Asimily CVE Fixed By |
AsimilyInsight.CVE.asimilycveoempatched | boolean | Asimily CVE OEM Patched |
AsimilyInsight.CVE.asimilycveismuted | boolean | Asimily CVE Is Muted |
AsimilyInsight.CVE.asimilycveexploitableinwild | boolean | Asimily CVE Exploitable In Wild |
AsimilyInsight.CVE.asimilycvepublisheddate | date | Asimily CVE Published Date |
AsimilyInsight.CVE.asimilycveopendate | date | Asimily CVE Open Date |
AsimilyInsight.CVE.asimilycvefixeddate | date | Asimily CVE Fixed Date |
AsimilyInsight.CVE.asimilydeviceid | number | Asimily Device ID |
AsimilyInsight.CVE.asimilydevicemacaddress | string | Asimily Device MAC Address |
AsimilyInsight.CVE.asimilydeviceipv4address | string | Asimily Device IPV4 Address |
AsimilyInsight.CVE.asimilydevicehostname | string | Asimily Device Host Name |
AsimilyInsight.CVE.asimilydevicetype | string | Asimily Device Type |
AsimilyInsight.CVE.asimilydevicemodel | string | Asimily Device Model |
AsimilyInsight.CVE.asimilydeviceos | string | Asimily Device OS |
AsimilyInsight.CVE.asimilydevicemanufacturer | string | Asimily Device Manufacturer |
AsimilyInsight.CVE.asimilydevicefamilies | string | Asimily Device Families |
#
Additional Information#
Incident Search- System searchable fields:
macaddress
,devicelocalip
,devicemodel
,hostnames
,deviceid
- Asimily Insight Custom searchable fields:
asimilyanomalyname
,asimilycvename
#
Incident Name- For
Asimily Anomaly
incident, name will beanomalyname|hostname|ip|mac
- For
Asimily CVE
incident, name will becvename|hostname|ip|mac
#
Incident Criticality Mapping- XSOAR incidents have 4 levels of criticality:
- Informational (0)
- Low (1)
- Medium (2)
- High (3)
- Critical (4)
- Asimily Anomaly Alerts have 3 levels of criticality (Low/Medium/High). When creating incidents, we populate the incident criticality using the respective anomaly alert criticality.
- Asimily Asset CVEs have Asimily Calculated CVE score (Range: 0-10). When creating incidents, we populate the incident criticality using the respective CVE scores.
- Low (CVE score: < 3.5)
- Medium (CVE score: < 7.5)
- High (CVE score: < 10)
#
Default PlaybookTo enrich incidents with corresponding asset information, we've published a default playbook for two custom incident types. This playbook calls asimily-get-asset-details
to retrieve asset information and stores it in Context Data (under Asimily
> Asset
).
We've also added a section to custom incident layouts to display this information.
Users can modify this playbook or create similar ones. We recommend using the device ID or MAC address as a unique identifier when querying asset details.