PerimeterX BotDefender
This Integration is part of the PerimeterX Pack.#
Gathers PerimeterX related data
Configure BotDefender on Cortex XSOAR#
- Navigate to Settings > Integrations > Servers & Services.
- Search for BotDefender.
- Click Add instance to create and configure a new integration instance.
| Parameter | Description | Required |
|---|---|---|
| url | Server URL (e.g. https://example.net\) | True |
| apikey | API Key | True |
| incidentType | Incident type | False |
| insecure | Trust any certificate (not secure) | False |
| proxy | Use system proxy settings | False |
- Click Test to validate the URLs, token, and connection.
Commands#
You can execute these commands from the Palo Alto CLI, as part of an automation, or in a playbook. After you successfully execute a command, a DBot message appears in the War Room with the command details.
ip#
Gets the PerimeterX DBotScore decision for a particular IP
Base Command#
ip
Input#
| Argument Name | Description | Required |
|---|---|---|
| ip | The custom parameter value or IP address for which the report is requested | Optional |
Context Output#
| Path | Type | Description |
|---|---|---|
| IP.Address | String | Bad IP address |
| IP.Malicious.Vendor | String | For malicious IPs, the vendor that made the decision |
| IP.Malicious.Description | String | For malicious IPs, the reason that the vendor made the decision |
| DBotScore.Indicator | String | The indicator that was tested |
| DBotScore.Type | String | The indicator type |
| DBotScore.Vendor | String | The vendor used to calculate the score |
| DBotScore.Score | Number | The actual score |
Command Example#
!ip ip="5.79.76.181"
Context Example#
Human Readable Output#
[<IP object at 0x7f31335e0e80>]