C2sec irisk
This Integration is part of the C2sec irisk Pack.#
Use the C2sec irisk integration to scan domains and return scan results.
C2sec irisk Playbooks
- C2SEC-Domain Scan - scans domains and waits for the full response from the C2sec irisk service.
Configure C2sec irisk on Cortex XSOAR
- Navigate to Settings > Integrations > Servers & Services .
- Search for C2sec irisk.
-
Click
Add instance
to create and configure a new integration instance.
- Name : a textual name for the integration instance.
- API URL (e.g. https://api.c2sec.com/api )
- API Key
- Default domain name
- Trust any certificate (not secure)
- Use system proxy settings
- Click Test to validate the URLs, token, and connection.
Commands
You can execute these commands from the Cortex XSOAR CLI, as part of an automation, or in a playbook. After you successfully execute a command, a DBot message appears in the War Room with the command details.
- Add a domain to a portfolio: irisk-add-domain
- Get the status of a scan: irisk-get-scan-status
- Re-scan a domain: irisk-rescan-domain
- Get the issues for a domain: irisk-get-domain-issues
- Get the results of a scan: irisk-get-scan-results
1. Add a domain to a portfolio
Adds a domain to a portfolio.
Base Command
irisk-add-domain
Input
| Argument Name | Description | Required |
|---|---|---|
| domain | Domain to add to the portfolio. If empty, the default domain will be used. | Optional |
| newscan | Flag to indicate whether a new scan is always initiated for the specified domain. | Required |
Context Output
| Path | Type | Description |
|---|---|---|
| C2Sec.Domain.result | string | Result status of adding the new company. |
| C2Sec.Domain.Name | string | The name of the searched domain. |
Command Example
!irisk-add-domain newscan=false domain=demisto.com
Human Readable Output
2. Get the status of a scan
Queries the status of a scan.
Base Command
irisk-get-scan-status
Input
| Argument Name | Description | Required |
|---|---|---|
| id | Domain workitemid for which to check the status. | Required |
Context Output
| Path | Type | Description |
|---|---|---|
| C2sec.Domain.Scan.domain | string | The name of the scanned domain. |
| C2sec.Domain.Scan.workitemid | number | The ID of the current scan. |
| C2sec.Domain.Scan.completeTime | date | The time that the scan was completed. |
| C2sec.Domain.Scan.creationTime | date | The time that the scan was initiated. |
| C2sec.Domain.Scan.status | number | The status of the current scan (“processing”/“completed”). |
Command Example
!irisk-get-scan-status id=1247
Human Readable Output
3. Re-scan a domain
Initiates a re-scan for a domain within a portfolio.
Base Command
irisk-rescan-domain
Input
| Argument Name | Description | Required |
|---|---|---|
| domain | Domain to re-scan. If empty, the default domain will be used. | Optional |
Context Output
| Path | Type | Description |
|---|---|---|
| C2sec.Domain.Scan.domain | string | The name of the scanned domain. |
| C2sec.Domain.Scan.workitemid | number | Scan ID. |
| C2sec.Domain.Scan.result | string | The scan result status. |
Command Example
!irisk-rescan-domain domain=demisto.com
Human Readable Output
4. Get the issues for a domain
Returns the issues located under the specified domain.
Base Command
irisk-get-domain-issues
Input
| Argument Name | Description | Required |
|---|---|---|
| domain | The domain to query. If empty, the default domain it will be used. | Optional |
| severity | Filter query results by issue severity… | Optional |
Context Output
| Path | Type | Description |
|---|---|---|
| C2sec.Domain.Name | string | The name of the domain against which it was checked. |
| C2sec.Domain.Issue.ID | string | Issue ID. |
| C2sec.Domain.Issue.Asset | string | Asset associated with the issues. For example, IP addresses, website URLs, and so on. |
| C2sec.Domain.Issue.Component | string | The component used in the issue. |
| C2sec.Domain.Issue.ComponentDisplay | string | The display name of the component being used. |
| C2sec.Domain.Issue.Details | string | The details for the issue. |
| C2sec.Domain.Issue.Issue | string | The name of the issue. |
| C2sec.Domain.Issue.Severity | string | The severity of the issue. |
Command Example
!irisk-get-domain-issues domain=google.com
Human Readable Output
5. Get the results of a scan
Queries data for a specific component for companies in the portfolio.
Base Command
irisk-get-scan-results
Input
| Argument Name | Description | Required |
|---|---|---|
| domain | The domain to query. If empty, default domain will be used. | Required |
| component | The component to query. | Required |
Context Output
| Path | Type | Description |
|---|---|---|
| C2sec.Domain.application.result | string | Query status. |
| C2sec.Domain.application.Domain | string | The domain name being queried. |
| C2sec.Domain.application.data.appdetail | string | Details about the application being checked. |
| C2sec.Domain.application.data.info | string | Information regarding the data being processed. |
| C2sec.Domain.application.data.website | string | Website address being processed. |
| C2sec.Domain.credential.result | string | Query status. |
| C2sec.Domain.credential.Domain | string | The domain name being queried. |
| C2sec.Domain.credential.data.user | string | User name. |
| C2sec.Domain.credential.data.pw | string | User password. |
| C2sec.Domain.network.result | string | Query status. |
| C2sec.Domain.network.Domain | string | The domain name being queried. |
| C2sec.Domain.network.data.firewall | string | Firewall status. |
| C2sec.Domain.network.data.port | string | Port number. |
| C2sec.Domain.network.data.IP | string | IP address. |
| C2sec.Domain.network.data.Name | string | Name of the user. |
| C2sec.Domain.network.data.service | string | Name of the service being used. |
| C2sec.Domain.network.data.protocol | string | Name of the protocol being used. |
| C2sec.Domain.network.data.state | string | State of the network application (“open” or “closed”). |
Command Example
!irisk-get-scan-results component=application domain=demisto.com
Human Readable Output
