Skip to main content

PerimeterX BotDefender

This Integration is part of the PerimeterX Pack.#

Gathers PerimeterX related data

Configure BotDefender on Cortex XSOAR#

  1. Navigate to Settings > Integrations > Servers & Services.
  2. Search for BotDefender.
  3. Click Add instance to create and configure a new integration instance.
ParameterDescriptionRequired
urlServer URL (e.g. https://example.net\)True
apikeyAPI KeyTrue
incidentTypeIncident typeFalse
insecureTrust any certificate (not secure)False
proxyUse system proxy settingsFalse
  1. Click Test to validate the URLs, token, and connection.

Commands#

You can execute these commands from the Palo Alto CLI, as part of an automation, or in a playbook. After you successfully execute a command, a DBot message appears in the War Room with the command details.

ip#


Gets the PerimeterX DBotScore decision for a particular IP

Base Command#

ip

Input#

Argument NameDescriptionRequired
ipThe custom parameter value or IP address for which the report is requestedOptional

Context Output#

PathTypeDescription
IP.AddressStringBad IP address
IP.Malicious.VendorStringFor malicious IPs, the vendor that made the decision
IP.Malicious.DescriptionStringFor malicious IPs, the reason that the vendor made the decision
DBotScore.IndicatorStringThe indicator that was tested
DBotScore.TypeStringThe indicator type
DBotScore.VendorStringThe vendor used to calculate the score
DBotScore.ScoreNumberThe actual score

Command Example#

!ip ip="5.79.76.181"

Context Example#

{
"DBotScore": {
"Indicator": "5.79.76.181",
"Score": 3,
"Type": "ip",
"Vendor": "PerimeterX"
},
"IP": {
"Address": "5.79.76.181",
"Malicious": {
"Description": "Something random from PerimeterX for now enjoy!",
"Vendor": "PerimeterX"
}
},
"PerimeterX": {
"catpchaSolves": 200,
"ipClassifications": [
{
"class": "Bad Reputation",
"name": "Bad Reputation"
},
{
"class": "SharedIPs",
"name": "Shared IPs"
},
{
"class": "DataCenter",
"name": "TAG DCIP"
}
],
"max_risk_score": 100,
"pageTypeDistributions": [
{
"count": 1228,
"pageType": "Login"
},
{
"count": 739,
"pageType": "Scraping"
},
{
"count": 139,
"pageType": "Checkout"
}
],
"topBlockedURLPaths": [
{
"blockedURLPath": "/",
"count": 1404
},
{
"blockedURLPath": "/cgi-bin/way-board.cgi",
"count": 702
},
{
"blockedURLPath": "/loginok/light.cgi",
"count": 702
}
],
"topIncidentTypes": [
{
"count": 2106,
"incidentType": "Spoof"
},
{
"count": 702,
"incidentType": "Bot Behavior"
}
],
"topURLPaths": [
{
"count": 3315,
"urlPath": "/favicon.ico"
},
{
"count": 3253,
"urlPath": "/favicon.png"
},
{
"count": 3212,
"urlPath": "/"
},
{
"count": 1228,
"urlPath": "/loginok/light.cgi"
},
{
"count": 1222,
"urlPath": "/cgi-bin/way-board.cgi"
},
{
"count": 205,
"urlPath": "/phpmyadmin/"
},
{
"count": 139,
"urlPath": "-"
},
{
"count": 82,
"urlPath": "/images/icons/favicon.ico"
},
{
"count": 48,
"urlPath": "/test.php"
}
],
"topUserAgents": [
{
"count": 84,
"userAgentName": "Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.79 Safari/537.36"
},
{
"count": 80,
"userAgentName": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/65.0.3325.181 Safari/537.36"
},
{
"count": 78,
"userAgentName": "Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/66.0.3359.170 Safari/537.36 OPR/53.0.2907.99"
},
{
"count": 76,
"userAgentName": "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 OPR/54.0.2952.64 (Edition Yx)"
},
{
"count": 72,
"userAgentName": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 OPR/54.0.2952.51"
},
{
"count": 72,
"userAgentName": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/68.0.3440.75 Safari/537.36"
},
{
"count": 72,
"userAgentName": "Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/49.0.2623.112 Safari/537.36"
},
{
"count": 72,
"userAgentName": "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/66.0.3359.181 Safari/537.36"
},
{
"count": 72,
"userAgentName": "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/66.0.3359.181 Safari/537.36 Kinza/4.7.2"
},
{
"count": 72,
"userAgentName": "Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.79 Safari/537.36"
}
],
"trafficOverTime": []
}
}

Human Readable Output#

[<IP object at 0x7f31335e0e80>]