Skip to main content

Cortex Attack Surface Management

This Integration is part of the Cortex Attack Surface Management Pack.#

Supported versions

Supported Cortex XSOAR versions: 6.5.0 and later.

Integration to pull assets and other ASM related information. This integration was integrated and tested with version 1.2.0 of Cortex Attack Surface Management

Configure Cortex Attack Surface Management#

  1. Navigate to Settings > Integrations > Servers & Services.

  2. Search for Cortex Attack Surface Management.

  3. Click Add instance to create and configure a new integration instance.

    ParameterDescriptionRequired
    Server URLShould be the web UI with `api-` appended to front (e.g., https://api-xsiam.paloaltonetworks.com). For more information please see: get-started-with-cortex-xdr-apis.True
    API Key IDSee get-started-with-cortex-xdr-apis.True
    API KeySee get-started-with-cortex-xdr-apis.True
  4. Click Test to validate the URLs, token, and connection.

Commands#

You can execute these commands from the Cortex XSOAR CLI, as part of an automation, or in a playbook. After you successfully execute a command, a DBot message appears in the War Room with the command details.

asm-list-external-service#


Get a list of all your external services filtered by business units, externally detected providers, domain, externally inferred CVEs, active classifications, inactive classifications, service name, service type, protocol, IP address, is active, and discovery type. Maximum result limit is 100 assets.

Base Command#

asm-list-external-service

Input#

Argument NameDescriptionRequired
ip_addressIP address on which to search.Optional
domainDomain on which to search.Optional
is_activeWhether the service is active. Possible values are: yes, no.Optional
discovery_typeHow the service was discovered. Possible values are: colocated_on_ip, directly_discovery, unknown.Optional

Context Output#

PathTypeDescription
ASM.ExternalService.service_idStringExternal service UUID.
ASM.ExternalService.service_nameStringName of the external service.
ASM.ExternalService.service_typeStringType of the external service.
ASM.ExternalService.ip_addressStringIP address of the external service.
ASM.ExternalService.externally_detected_providersStringProviders of the external service.
ASM.ExternalService.is_activeStringWhether the external service is active.
ASM.ExternalService.first_observedDateDate of the first observation of the external service.
ASM.ExternalService.last_observedDateDate of the last observation of the external service.
ASM.ExternalService.portNumberPort number of the external service.
ASM.ExternalService.protocolStringProtocol number of the external service.
ASM.ExternalService.inactive_classificationsStringExternal service classifications that are no longer active.
ASM.ExternalService.discovery_typeStringHow the external service was discovered.
ASM.ExternalService.business_unitsStringExternal service associated business units.
ASM.ExternalService.externally_inferred_vulnerability_scoreUnknownExternal service vulnerability score.

Command example#

!asm-list-external-service domain=acme.com is_active=yes discovery_type=directly_discovery

Context Example#

{
"ASM": {
"ExternalService": [
{
"active_classifications": [
"HttpServer",
"MicrosoftOWAServer",
"ServerSoftware",
"MicrosoftIisWebServer",
"ApplicationServerSoftware"
],
"business_units": [
"Acme",
"VanDelay Industries"
],
"discovery_type": "DirectlyDiscovered",
"domain": [
"autodiscover.acme.com"
],
"externally_detected_providers": [
"Microsoft Azure"
],
"externally_inferred_cves": [],
"externally_inferred_vulnerability_score": null,
"first_observed": 1659395040000,
"inactive_classifications": [],
"ip_address": [
"1.1.1.1",
"1.1.1.1",
"1.1.1.1",
"1.1.1.1",
"1.1.1.1",
"1.1.1.1",
"1.1.1.1",
"1.1.1.1",
"1.1.1.1",
"1.1.1.1",
"1.1.1.1",
"1.1.1.1",
"1.1.1.1",
"1.1.1.1",
"1.1.1.1",
"1.1.1.1",
"1.1.1.1"
],
"is_active": "Active",
"last_observed": 1663024320000,
"port": 80,
"protocol": "TCP",
"service_id": "4c755fea-59e8-3719-8829-9f6adde65068",
"service_name": "HTTP Server at autodiscover.acme.com:80",
"service_type": "HttpServer"
},
{
"active_classifications": [
"HttpServer",
"ServerSoftware"
],
"business_units": [
"Acme",
"VanDelay Industries"
],
"discovery_type": "DirectlyDiscovered",
"domain": [
"web.acme.com"
],
"externally_detected_providers": [
"Amazon Web Services"
],
"externally_inferred_cves": [],
"externally_inferred_vulnerability_score": null,
"first_observed": 1659396480000,
"inactive_classifications": [],
"ip_address": [
"1.1.1.1",
"1.1.1.1",
"1.1.1.1",
"1.1.1.1",
"1.1.1.1",
"1.1.1.1",
"1.1.1.1",
"1.1.1.1",
"1.1.1.1",
"1.1.1.1",
"1.1.1.1",
"1.1.1.1",
"1.1.1.1",
"1.1.1.1",
"1.1.1.1",
"1.1.1.1",
"1.1.1.1",
"1.1.1.1",
"1.1.1.1",
"1.1.1.1",
"1.1.1.1",
"1.1.1.1",
"1.1.1.1",
"1.1.1.1",
"1.1.1.1",
"1.1.1.1",
"1.1.1.1",
"1.1.1.1"
],
"is_active": "Active",
"last_observed": 1663029060000,
"port": 80,
"protocol": "TCP",
"service_id": "32c85ab1-fc98-3061-a813-2fe5daf7e7c5",
"service_name": "HTTP Server at web.acme.com:80",
"service_type": "HttpServer"
}
]
}
}

Human Readable Output#

External Services#

active_classificationsbusiness_unitsdiscovery_typedomainexternally_detected_providersfirst_observedip_addressis_activelast_observedportprotocolservice_idservice_nameservice_type
HttpServer,
MicrosoftOWAServer,
ServerSoftware,
MicrosoftIisWebServer,
ApplicationServerSoftware
Acme,
VanDelay Industries
DirectlyDiscoveredautodiscover.acme.comMicrosoft Azure16593950400001.1.1.1,
1.1.1.1,
1.1.1.1,
1.1.1.1,
1.1.1.1,
1.1.1.1,
1.1.1.1,
1.1.1.1,
1.1.1.1,
1.1.1.1,
1.1.1.1,
1.1.1.1,
1.1.1.1,
1.1.1.1,
1.1.1.1,
1.1.1.1,
1.1.1.1
Active166302432000080TCP4c755fea-59e8-3719-8829-9f6adde65068HTTP Server at autodiscover.acme.com:80HttpServer
HttpServer,
ServerSoftware
Acme,
VanDelay Industries
DirectlyDiscoveredweb.acme.comAmazon Web Services16593964800001.1.1.1,
1.1.1.1,
1.1.1.1,
1.1.1.1,
1.1.1.1,
1.1.1.1,
1.1.1.1,
1.1.1.1,
1.1.1.1,
1.1.1.1,
1.1.1.1,
1.1.1.1,
1.1.1.1,
1.1.1.1,
1.1.1.1,
1.1.1.1,
1.1.1.1,
1.1.1.1,
1.1.1.1,
1.1.1.1,
1.1.1.1,
1.1.1.1,
1.1.1.1,
1.1.1.1,
1.1.1.1,
1.1.1.1,
1.1.1.1,
1.1.1.1
Active166302906000080TCP32c85ab1-fc98-3061-a813-2fe5daf7e7c5HTTP Server at web.acme.com:80HttpServer

asm-get-external-service#


Get service details according to the service ID.

Base Command#

asm-get-external-service

Input#

Argument NameDescriptionRequired
service_idA string representing the service ID you want to get details for.Required

Context Output#

PathTypeDescription
ASM.ExternalService.service_idStringExternal service UUID.
ASM.ExternalService.service_nameStringName of the external service.
ASM.ExternalService.service_typeStringType of the external service.
ASM.ExternalService.ip_addressStringIP address of the external service.
ASM.ExternalService.externally_detected_providersStringProviders of the external service.
ASM.ExternalService.is_activeStringWhether the external service is active.
ASM.ExternalService.first_observedDateDate of the first observation of the external service.
ASM.ExternalService.last_observedDateDate of the last observation of the external service.
ASM.ExternalService.portNumberPort number of the external service.
ASM.ExternalService.protocolStringProtocol of the external service.
ASM.ExternalService.inactive_classificationsStringExternal service classifications that are no longer active.
ASM.ExternalService.discovery_typeStringHow the external service was discovered.
ASM.ExternalService.business_unitsStringExternal service associated business units.
ASM.ExternalService.externally_inferred_vulnerability_scoreUnknownExternal service vulnerability score.
ASM.ExternalService.detailsStringAdditional details.

Command example#

!asm-get-external-service service_id=94232f8a-f001-3292-aa65-63fa9d981427

Context Example#

{
"ASM": {
"ExternalService": {
"active_classifications": [
"SSHWeakMACAlgorithmsEnabled",
"SshServer",
"OpenSSH"
],
"business_units": [
"Acme"
],
"details": {
"businessUnits": [
{
"name": "Acme"
}
],
"certificates": [],
"classifications": [
{
"activityStatus": "Active",
"firstObserved": 1662774120000,
"lastObserved": 1663026480000,
"name": "SshServer",
"values": [
{
"firstObserved": 1662774169000,
"jsonValue": "{\"version\":\"2.0\",\"serverVersion\":\"OpenSSH_7.6p1\",\"extraInfo\":\"Ubuntu-4ubuntu0.7\"}",
"lastObserved": 1663026500000
}
]
},
{
"activityStatus": "Active",
"firstObserved": 1662774120000,
"lastObserved": 1663026480000,
"name": "SSHWeakMACAlgorithmsEnabled",
"values": [
{
"firstObserved": 1662774169000,
"jsonValue": "{}",
"lastObserved": 1663026500000
}
]
},
{
"activityStatus": "Active",
"firstObserved": 1662774120000,
"lastObserved": 1663026480000,
"name": "OpenSSH",
"values": [
{
"firstObserved": 1662774169000,
"jsonValue": "{\"version\":\"7.6\"}",
"lastObserved": 1663026500000
}
]
}
],
"domains": [],
"enrichedObservationSource": "CLOUD",
"inferredCvesObserved": [
{
"activityStatus": "Active",
"firstObserved": 1662774169000,
"inferredCve": {
"cveId": "CVE-2020-15778",
"cveSeverityV2": "MEDIUM",
"cveSeverityV3": "HIGH",
"cvssScoreV2": 6.8,
"cvssScoreV3": 7.8,
"inferredCveMatchMetadata": {
"confidence": "High",
"inferredCveMatchType": "ExactVersionMatch",
"product": "openssh",
"vendor": "openbsd",
"version": "7.6"
}
},
"lastObserved": 1663026500000
},
{
"activityStatus": "Active",
"firstObserved": 1662774169000,
"inferredCve": {
"cveId": "CVE-2021-41617",
"cveSeverityV2": "MEDIUM",
"cveSeverityV3": "HIGH",
"cvssScoreV2": 4.4,
"cvssScoreV3": 7,
"inferredCveMatchMetadata": {
"confidence": "High",
"inferredCveMatchType": "ExactVersionMatch",
"product": "openssh",
"vendor": "openbsd",
"version": "7.6"
}
},
"lastObserved": 1663026500000
},
{
"activityStatus": "Active",
"firstObserved": 1662774169000,
"inferredCve": {
"cveId": "CVE-2019-6110",
"cveSeverityV2": "MEDIUM",
"cveSeverityV3": "MEDIUM",
"cvssScoreV2": 4,
"cvssScoreV3": 6.8,
"inferredCveMatchMetadata": {
"confidence": "High",
"inferredCveMatchType": "ExactVersionMatch",
"product": "openssh",
"vendor": "openbsd",
"version": "7.6"
}
},
"lastObserved": 1663026500000
},
{
"activityStatus": "Active",
"firstObserved": 1662774169000,
"inferredCve": {
"cveId": "CVE-2019-6109",
"cveSeverityV2": "MEDIUM",
"cveSeverityV3": "MEDIUM",
"cvssScoreV2": 4,
"cvssScoreV3": 6.8,
"inferredCveMatchMetadata": {
"confidence": "High",
"inferredCveMatchType": "ExactVersionMatch",
"product": "openssh",
"vendor": "openbsd",
"version": "7.6"
}
},
"lastObserved": 1663026500000
},
{
"activityStatus": "Active",
"firstObserved": 1662774169000,
"inferredCve": {
"cveId": "CVE-2020-14145",
"cveSeverityV2": "MEDIUM",
"cveSeverityV3": "MEDIUM",
"cvssScoreV2": 4.3,
"cvssScoreV3": 5.9,
"inferredCveMatchMetadata": {
"confidence": "High",
"inferredCveMatchType": "ExactVersionMatch",
"product": "openssh",
"vendor": "openbsd",
"version": "7.6"
}
},
"lastObserved": 1663026500000
},
{
"activityStatus": "Active",
"firstObserved": 1662774169000,
"inferredCve": {
"cveId": "CVE-2019-6111",
"cveSeverityV2": "MEDIUM",
"cveSeverityV3": "MEDIUM",
"cvssScoreV2": 5.8,
"cvssScoreV3": 5.9,
"inferredCveMatchMetadata": {
"confidence": "High",
"inferredCveMatchType": "ExactVersionMatch",
"product": "openssh",
"vendor": "openbsd",
"version": "7.6"
}
},
"lastObserved": 1663026500000
},
{
"activityStatus": "Active",
"firstObserved": 1662774169000,
"inferredCve": {
"cveId": "CVE-2018-20685",
"cveSeverityV2": "LOW",
"cveSeverityV3": "MEDIUM",
"cvssScoreV2": 2.6,
"cvssScoreV3": 5.3,
"inferredCveMatchMetadata": {
"confidence": "High",
"inferredCveMatchType": "ExactVersionMatch",
"product": "openssh",
"vendor": "openbsd",
"version": "7.6"
}
},
"lastObserved": 1663026500000
},
{
"activityStatus": "Active",
"firstObserved": 1662774169000,
"inferredCve": {
"cveId": "CVE-2018-15919",
"cveSeverityV2": "MEDIUM",
"cveSeverityV3": "MEDIUM",
"cvssScoreV2": 5,
"cvssScoreV3": 5.3,
"inferredCveMatchMetadata": {
"confidence": "High",
"inferredCveMatchType": "ExactVersionMatch",
"product": "openssh",
"vendor": "openbsd",
"version": "7.6"
}
},
"lastObserved": 1663026500000
},
{
"activityStatus": "Active",
"firstObserved": 1662774169000,
"inferredCve": {
"cveId": "CVE-2016-20012",
"cveSeverityV2": "MEDIUM",
"cveSeverityV3": "MEDIUM",
"cvssScoreV2": 4.3,
"cvssScoreV3": 5.3,
"inferredCveMatchMetadata": {
"confidence": "High",
"inferredCveMatchType": "ExactVersionMatch",
"product": "openssh",
"vendor": "openbsd",
"version": "7.6"
}
},
"lastObserved": 1663026500000
},
{
"activityStatus": "Active",
"firstObserved": 1662774169000,
"inferredCve": {
"cveId": "CVE-2018-15473",
"cveSeverityV2": "MEDIUM",
"cveSeverityV3": "MEDIUM",
"cvssScoreV2": 5,
"cvssScoreV3": 5.3,
"inferredCveMatchMetadata": {
"confidence": "High",
"inferredCveMatchType": "ExactVersionMatch",
"product": "openssh",
"vendor": "openbsd",
"version": "7.6"
}
},
"lastObserved": 1663026500000
},
{
"activityStatus": "Active",
"firstObserved": 1662774169000,
"inferredCve": {
"cveId": "CVE-2021-36368",
"cveSeverityV2": "LOW",
"cveSeverityV3": "LOW",
"cvssScoreV2": 2.6,
"cvssScoreV3": 3.7,
"inferredCveMatchMetadata": {
"confidence": "High",
"inferredCveMatchType": "ExactVersionMatch",
"product": "openssh",
"vendor": "openbsd",
"version": "7.6"
}
},
"lastObserved": 1663026500000
}
],
"ip_ranges": {},
"ips": [
{
"activityStatus": "Active",
"firstObserved": 1662774169000,
"geolocation": {
"city": "ASHBURN",
"countryCode": "US",
"latitude": 39.0438,
"longitude": -77.4879,
"regionCode": "VA",
"timeZone": null
},
"ip": 873887795,
"lastObserved": 1663026500000,
"protocol": "TCP",
"provider": "AWS"
}
],
"providerDetails": [
{
"firstObserved": 1662774169000,
"lastObserved": 1663026500000,
"name": "AWS"
}
],
"serviceKey": "1.1.1.1:22",
"serviceKeyType": "IP",
"tlsVersions": []
},
"discovery_type": "ColocatedOnIp",
"domain": [],
"externally_detected_providers": [
"Amazon Web Services"
],
"externally_inferred_cves": [
"CVE-2020-15778",
"CVE-2021-41617",
"CVE-2019-6110",
"CVE-2019-6109",
"CVE-2020-14145",
"CVE-2019-6111",
"CVE-2018-20685",
"CVE-2018-15919",
"CVE-2016-20012",
"CVE-2018-15473",
"CVE-2021-36368"
],
"externally_inferred_vulnerability_score": 7.8,
"first_observed": 1662774120000,
"inactive_classifications": [],
"ip_address": [
"1.1.1.1"
],
"is_active": "Active",
"last_observed": 1663026480000,
"port": 22,
"protocol": "TCP",
"service_id": "94232f8a-f001-3292-aa65-63fa9d981427",
"service_name": "SSH Server at 1.1.1.1:22",
"service_type": "SshServer"
}
}
}

Human Readable Output#

External Service#

active_classificationsbusiness_unitsdetailsdiscovery_typeexternally_detected_providersexternally_inferred_cvesexternally_inferred_vulnerability_scorefirst_observedip_addressis_activelast_observedportprotocolservice_idservice_nameservice_type
SSHWeakMACAlgorithmsEnabled,
SshServer,
OpenSSH
AcmeserviceKey: 1.1.1.1:22
serviceKeyType: IP
businessUnits: {'name': 'Acme'}
providerDetails: {'name': 'AWS', 'firstObserved': 1662774169000, 'lastObserved': 1663026500000}
certificates:
domains:
ips: {'ip': 873887795, 'protocol': 'TCP', 'provider': 'AWS', 'geolocation': {'latitude': 39.0438, 'longitude': -77.4879, 'countryCode': 'US', 'city': 'ASHBURN', 'regionCode': 'VA', 'timeZone': None}, 'activityStatus': 'Active', 'lastObserved': 1663026500000, 'firstObserved': 1662774169000}
classifications: {'name': 'SshServer', 'activityStatus': 'Active', 'values': [{'jsonValue': '{"version":"2.0","serverVersion":"OpenSSH_7.6p1","extraInfo":"Ubuntu-4ubuntu0.7"}', 'firstObserved': 1662774169000, 'lastObserved': 1663026500000}], 'firstObserved': 1662774120000, 'lastObserved': 1663026480000},
{'name': 'SSHWeakMACAlgorithmsEnabled', 'activityStatus': 'Active', 'values': [{'jsonValue': '{}', 'firstObserved': 1662774169000, 'lastObserved': 1663026500000}], 'firstObserved': 1662774120000, 'lastObserved': 1663026480000},
{'name': 'OpenSSH', 'activityStatus': 'Active', 'values': [{'jsonValue': '{"version":"7.6"}', 'firstObserved': 1662774169000, 'lastObserved': 1663026500000}], 'firstObserved': 1662774120000, 'lastObserved': 1663026480000}
tlsVersions:
inferredCvesObserved: {'inferredCve': {'cveId': 'CVE-2020-15778', 'cvssScoreV2': 6.8, 'cveSeverityV2': 'MEDIUM', 'cvssScoreV3': 7.8, 'cveSeverityV3': 'HIGH', 'inferredCveMatchMetadata': {'inferredCveMatchType': 'ExactVersionMatch', 'product': 'openssh', 'confidence': 'High', 'vendor': 'openbsd', 'version': '7.6'}}, 'activityStatus': 'Active', 'firstObserved': 1662774169000, 'lastObserved': 1663026500000},
{'inferredCve': {'cveId': 'CVE-2021-41617', 'cvssScoreV2': 4.4, 'cveSeverityV2': 'MEDIUM', 'cvssScoreV3': 7.0, 'cveSeverityV3': 'HIGH', 'inferredCveMatchMetadata': {'inferredCveMatchType': 'ExactVersionMatch', 'product': 'openssh', 'confidence': 'High', 'vendor': 'openbsd', 'version': '7.6'}}, 'activityStatus': 'Active', 'firstObserved': 1662774169000, 'lastObserved': 1663026500000},
{'inferredCve': {'cveId': 'CVE-2019-6110', 'cvssScoreV2': 4.0, 'cveSeverityV2': 'MEDIUM', 'cvssScoreV3': 6.8, 'cveSeverityV3': 'MEDIUM', 'inferredCveMatchMetadata': {'inferredCveMatchType': 'ExactVersionMatch', 'product': 'openssh', 'confidence': 'High', 'vendor': 'openbsd', 'version': '7.6'}}, 'activityStatus': 'Active', 'firstObserved': 1662774169000, 'lastObserved': 1663026500000},
{'inferredCve': {'cveId': 'CVE-2019-6109', 'cvssScoreV2': 4.0, 'cveSeverityV2': 'MEDIUM', 'cvssScoreV3': 6.8, 'cveSeverityV3': 'MEDIUM', 'inferredCveMatchMetadata': {'inferredCveMatchType': 'ExactVersionMatch', 'product': 'openssh', 'confidence': 'High', 'vendor': 'openbsd', 'version': '7.6'}}, 'activityStatus': 'Active', 'firstObserved': 1662774169000, 'lastObserved': 1663026500000},
{'inferredCve': {'cveId': 'CVE-2020-14145', 'cvssScoreV2': 4.3, 'cveSeverityV2': 'MEDIUM', 'cvssScoreV3': 5.9, 'cveSeverityV3': 'MEDIUM', 'inferredCveMatchMetadata': {'inferredCveMatchType': 'ExactVersionMatch', 'product': 'openssh', 'confidence': 'High', 'vendor': 'openbsd', 'version': '7.6'}}, 'activityStatus': 'Active', 'firstObserved': 1662774169000, 'lastObserved': 1663026500000},
{'inferredCve': {'cveId': 'CVE-2019-6111', 'cvssScoreV2': 5.8, 'cveSeverityV2': 'MEDIUM', 'cvssScoreV3': 5.9, 'cveSeverityV3': 'MEDIUM', 'inferredCveMatchMetadata': {'inferredCveMatchType': 'ExactVersionMatch', 'product': 'openssh', 'confidence': 'High', 'vendor': 'openbsd', 'version': '7.6'}}, 'activityStatus': 'Active', 'firstObserved': 1662774169000, 'lastObserved': 1663026500000},
{'inferredCve': {'cveId': 'CVE-2018-20685', 'cvssScoreV2': 2.6, 'cveSeverityV2': 'LOW', 'cvssScoreV3': 5.3, 'cveSeverityV3': 'MEDIUM', 'inferredCveMatchMetadata': {'inferredCveMatchType': 'ExactVersionMatch', 'product': 'openssh', 'confidence': 'High', 'vendor': 'openbsd', 'version': '7.6'}}, 'activityStatus': 'Active', 'firstObserved': 1662774169000, 'lastObserved': 1663026500000},
{'inferredCve': {'cveId': 'CVE-2018-15919', 'cvssScoreV2': 5.0, 'cveSeverityV2': 'MEDIUM', 'cvssScoreV3': 5.3, 'cveSeverityV3': 'MEDIUM', 'inferredCveMatchMetadata': {'inferredCveMatchType': 'ExactVersionMatch', 'product': 'openssh', 'confidence': 'High', 'vendor': 'openbsd', 'version': '7.6'}}, 'activityStatus': 'Active', 'firstObserved': 1662774169000, 'lastObserved': 1663026500000},
{'inferredCve': {'cveId': 'CVE-2016-20012', 'cvssScoreV2': 4.3, 'cveSeverityV2': 'MEDIUM', 'cvssScoreV3': 5.3, 'cveSeverityV3': 'MEDIUM', 'inferredCveMatchMetadata': {'inferredCveMatchType': 'ExactVersionMatch', 'product': 'openssh', 'confidence': 'High', 'vendor': 'openbsd', 'version': '7.6'}}, 'activityStatus': 'Active', 'firstObserved': 1662774169000, 'lastObserved': 1663026500000},
{'inferredCve': {'cveId': 'CVE-2018-15473', 'cvssScoreV2': 5.0, 'cveSeverityV2': 'MEDIUM', 'cvssScoreV3': 5.3, 'cveSeverityV3': 'MEDIUM', 'inferredCveMatchMetadata': {'inferredCveMatchType': 'ExactVersionMatch', 'product': 'openssh', 'confidence': 'High', 'vendor': 'openbsd', 'version': '7.6'}}, 'activityStatus': 'Active', 'firstObserved': 1662774169000, 'lastObserved': 1663026500000},
{'inferredCve': {'cveId': 'CVE-2021-36368', 'cvssScoreV2': 2.6, 'cveSeverityV2': 'LOW', 'cvssScoreV3': 3.7, 'cveSeverityV3': 'LOW', 'inferredCveMatchMetadata': {'inferredCveMatchType': 'ExactVersionMatch', 'product': 'openssh', 'confidence': 'High', 'vendor': 'openbsd', 'version': '7.6'}}, 'activityStatus': 'Active', 'firstObserved': 1662774169000, 'lastObserved': 1663026500000}
enrichedObservationSource: CLOUD
ip_ranges: {}
ColocatedOnIpAmazon Web ServicesCVE-2020-15778,
CVE-2021-41617,
CVE-2019-6110,
CVE-2019-6109,
CVE-2020-14145,
CVE-2019-6111,
CVE-2018-20685,
CVE-2018-15919,
CVE-2016-20012,
CVE-2018-15473,
CVE-2021-36368
7.816627741200001.1.1.1Active166302648000022TCP94232f8a-f001-3292-aa65-63fa9d981427SSH Server at 1.1.1.1:22SshServer

asm-list-external-ip-address-range#


Get a list of all your internet exposure filtered by business units and organization handles. Maximum result limit is 100 ranges.

Base Command#

asm-list-external-ip-address-range

Input#

Argument NameDescriptionRequired

Context Output#

PathTypeDescription
ASM.ExternalIpAddressRange.range_idStringExternal IP address range UUID.
ASM.ExternalIpAddressRange.first_ipStringFirst IP address of the external IP address range.
ASM.ExternalIpAddressRange.last_ipStringLast IP address of the external IP address range.
ASM.ExternalIpAddressRange.ips_countNumberNumber of IP addresses of the external IP address range.
ASM.ExternalIpAddressRange.active_responsive_ips_countNumberThe number of IPs in the external address range that are actively responsive.
ASM.ExternalIpAddressRange.date_addedDateDate the external IP address range was added.
ASM.ExternalIpAddressRange.business_unitsStringExternal IP address range associated business units.
ASM.ExternalIpAddressRange.organization_handlesStringExternal IP address range associated organization handles.

Command example#

!asm-list-external-ip-address-range

Context Example#

{
"ASM": {
"ExternalIpAddressRange": [
{
"active_responsive_ips_count": 0,
"business_units": [
"VanDelay Industries"
],
"date_added": 1663031000145,
"first_ip": "1.1.1.1",
"ips_count": 64,
"last_ip": "1.1.1.1",
"organization_handles": [
"MAINT-HK-PCCW-BIA-CS",
"BNA2-AP",
"TA66-AP"
],
"range_id": "4da29b7f-3086-3b52-981b-aa8ee5da1e60"
},
{
"active_responsive_ips_count": 0,
"business_units": [
"VanDelay Industries"
],
"date_added": 1663031000144,
"first_ip": "1.1.1.1",
"ips_count": 16,
"last_ip": "1.1.1.1",
"organization_handles": [
"AR17615-RIPE",
"EASYNET-UK-MNT",
"JW372-RIPE",
"EH92-RIPE"
],
"range_id": "6ef4638e-7788-3ef5-98a5-ad5b7f4e02f5"
}
]
}
}

Human Readable Output#

External IP Address Ranges#

active_responsive_ips_countbusiness_unitsdate_addedfirst_ipips_countlast_iporganization_handlesrange_id
0VanDelay Industries16630310001451.1.1.1641.1.1.1MAINT-HK-PCCW-BIA-CS,
BNA2-AP,
TA66-AP
4da29b7f-3086-3b52-981b-aa8ee5da1e60
0VanDelay Industries16630310001441.1.1.1161.1.1.1AR17615-RIPE,
EASYNET-UK-MNT,
JW372-RIPE,
EH92-RIPE
6ef4638e-7788-3ef5-98a5-ad5b7f4e02f5

asm-get-external-ip-address-range#


Get external IP address range details according to the range IDs.

Base Command#

asm-get-external-ip-address-range

Input#

Argument NameDescriptionRequired
range_idA string representing the range ID for which you want to get the details.Required

Context Output#

PathTypeDescription
ASM.ExternalIpAddressRange.range_idStringExternal IP address range UUID.
ASM.ExternalIpAddressRange.first_ipStringFirst IP address of the external IP address range.
ASM.ExternalIpAddressRange.last_ipStringLast IP address of the external IP address range.
ASM.ExternalIpAddressRange.ips_countNumberNumber of IP addresses of the external IP address range.
ASM.ExternalIpAddressRange.active_responsive_ips_countNumberThe number of IPs in the external address range that are actively responsive.
ASM.ExternalIpAddressRange.date_addedDateDate the external IP address range was added.
ASM.ExternalIpAddressRange.business_unitsStringExternal IP address range associated business units.
ASM.ExternalIpAddressRange.organization_handlesStringExternal IP address range associated organization handles.
ASM.ExternalIpAddressRange.detailsStringAdditional information.

Command example#

!asm-get-external-ip-address-range range_id=4da29b7f-3086-3b52-981b-aa8ee5da1e60

Context Example#

{
"ASM": {
"ExternalIpAddressRange": {
"active_responsive_ips_count": 0,
"business_units": [
"VanDelay Industries"
],
"date_added": 1663031000145,
"details": {
"networkRecords": [
{
"firstIp": "1.1.1.1",
"handle": "1.1.1.1 - 1.1.1.1",
"lastChanged": 1663030241931,
"lastIp": "1.1.1.1",
"name": "SEARS-HK",
"organizationRecords": [
{
"address": "",
"dateAdded": 1663029346957,
"email": "noc@acme.com",
"firstRegistered": null,
"formattedName": "",
"handle": "MAINT-HK-PCCW-BIA-CS",
"kind": "group",
"lastChanged": null,
"org": "",
"phone": "",
"remarks": "",
"roles": [
"registrant"
]
},
{
"address": "27/F, PCCW Tower, Taikoo Place,\n979 King's Road, Quarry Bay, HK ",
"dateAdded": 1663029346957,
"email": "cs@acme.com",
"firstRegistered": 1220514857000,
"formattedName": "BIZ NETVIGATOR ADMINISTRATORS",
"handle": "BNA2-AP",
"kind": "group",
"lastChanged": 1514892767000,
"org": "",
"phone": "+852-2888-6932",
"remarks": "",
"roles": [
"administrative"
]
},
{
"address": "HKT Limited\nPO Box 9896 GPO ",
"dateAdded": 1663029346957,
"email": "noc@acme.com",
"firstRegistered": 1220514856000,
"formattedName": "TECHNICAL ADMINISTRATORS",
"handle": "TA66-AP",
"kind": "group",
"lastChanged": 1468555410000,
"org": "",
"phone": "+852-2883-5151",
"remarks": "",
"roles": [
"technical"
]
}
],
"remarks": "Sears Holdings Global Sourcing Ltd",
"whoIsServer": "whois.apnic.net"
}
]
},
"first_ip": "1.1.1.1",
"ips_count": 64,
"last_ip": "1.1.1.1",
"organization_handles": [
"MAINT-HK-PCCW-BIA-CS",
"BNA2-AP",
"TA66-AP"
],
"range_id": "4da29b7f-3086-3b52-981b-aa8ee5da1e60"
}
}
}

Human Readable Output#

External IP Address Range#

active_responsive_ips_countbusiness_unitsdate_addeddetailsfirst_ipips_countlast_iporganization_handlesrange_id
0VanDelay Industries1663031000145networkRecords: {'handle': '1.1.1.1 - 1.1.1.1', 'firstIp': '1.1.1.1', 'lastIp': '1.1.1.1', 'name': 'SEARS-HK', 'whoIsServer': 'whois.apnic.net', 'lastChanged': 1663030241931, 'organizationRecords': [{'handle': 'MAINT-HK-PCCW-BIA-CS', 'dateAdded': 1663029346957, 'address': '', 'email': 'noc@acme.com', 'phone': '', 'org': '', 'formattedName': '', 'kind': 'group', 'roles': ['registrant'], 'lastChanged': None, 'firstRegistered': None, 'remarks': ''}, {'handle': 'BNA2-AP', 'dateAdded': 1663029346957, 'address': "27/F, PCCW Tower, Taikoo Place,\n979 King's Road, Quarry Bay, HK ", 'email': 'cs@acme.com', 'phone': '+852-2888-6932', 'org': '', 'formattedName': 'BIZ NETVIGATOR ADMINISTRATORS', 'kind': 'group', 'roles': ['administrative'], 'lastChanged': 1514892767000, 'firstRegistered': 1220514857000, 'remarks': ''}, {'handle': 'TA66-AP', 'dateAdded': 1663029346957, 'address': 'HKT Limited\nPO Box 9896 GPO ', 'email': 'noc@acme.com', 'phone': '+852-2883-5151', 'org': '', 'formattedName': 'TECHNICAL ADMINISTRATORS', 'kind': 'group', 'roles': ['technical'], 'lastChanged': 1468555410000, 'firstRegistered': 1220514856000, 'remarks': ''}], 'remarks': 'Sears Holdings Global Sourcing Ltd'}1.1.1.1641.1.1.1MAINT-HK-PCCW-BIA-CS,
BNA2-AP,
TA66-AP
4da29b7f-3086-3b52-981b-aa8ee5da1e60

asm-list-asset-internet-exposure#


Get a list of all your internet exposure filtered by ip address, domain, type, and/or if there is an active external service. Maximum result limit is 100 assets.

Base Command#

asm-list-asset-internet-exposure

Input#

Argument NameDescriptionRequired
ip_addressIP address on which to search.Optional
nameName of asset on which to search.Optional
typeType of the external service. Possible values are: certificate, cloud_compute_instance, on_prem, domain, unassociated_responsive_ip.Optional
has_active_external_servicesWhether the internet exposure has an active external service. Possible values are: yes, no.Optional

Context Output#

PathTypeDescription
ASM.AssetInternetExposure.asm_idsStringAttack surface management UUID.
ASM.AssetInternetExposure.nameStringName of the exposed asset.
ASM.AssetInternetExposure.asset_typeStringType of the exposed asset.
ASM.AssetInternetExposure.cloud_providerUnknownThe cloud provider used to collect these cloud assets as either GCP, AWS, or Azure.
ASM.AssetInternetExposure.regionUnknownDisplays the region as provided by the cloud provider.
ASM.AssetInternetExposure.last_observedUnknownLast time the exposure was observed.
ASM.AssetInternetExposure.first_observedUnknownFirst time the exposure was observed.
ASM.AssetInternetExposure.has_active_externally_servicesBooleanWhether the internet exposure is associated with an active external service(s).
ASM.AssetInternetExposure.has_xdr_agentStringWhether the internet exposure asset has an XDR agent.
ASM.AssetInternetExposure.cloud_idUnknownDisplays the resource ID as provided from the cloud provider.
ASM.AssetInternetExposure.domain_resolvesBooleanWhether the asset domain is resolvable.
ASM.AssetInternetExposure.operation_systemUnknownThe operating system reported by the source for this asset.
ASM.AssetInternetExposure.agent_idUnknownIf there is an endpoint installed on this asset, this is the endpoint ID.
ASM.AssetInternetExposure.externally_detected_providersStringThe provider of the asset as determined by an external assessment.
ASM.AssetInternetExposure.service_typeStringType of the asset.
ASM.AssetInternetExposure.externally_inferred_cvesStringIf the internet exposure has associated CVEs.
ASM.AssetInternetExposure.ipsStringIP addresses associated with the internet exposure.

Command example#

!asm-list-asset-internet-exposure name="acme.com" type=certificate has_active_external_services=no

Context Example#

{
"ASM": {
"AssetInternetExposure": [
{
"agent_id": null,
"asm_ids": [
"cfa1cd5a-77f1-3963-8557-7f652309a143"
],
"asm_va_score": null,
"asset_type": "CERTIFICATE",
"business_units": [
"Acme",
"VanDelay Industries"
],
"certificate_algorithm": "SHA256withRSA",
"certificate_classifications": [
"LongExpiration",
"Wildcard",
"Expired"
],
"certificate_issuer": "DigiCert",
"cloud_id": null,
"cloud_provider": null,
"domain_resolves": false,
"externally_detected_providers": [],
"externally_inferred_cves": [],
"first_observed": null,
"has_active_externally_services": false,
"has_xdr_agent": "NA",
"iot_category": null,
"iot_model": null,
"iot_profile": null,
"ip_ranges": [],
"ips": [],
"last_observed": null,
"mac_addresses": [],
"management_status": [],
"name": "*.digital-dev.acme.com",
"operation_system": null,
"region": null,
"sensor": [
"XPANSE"
],
"service_type": []
},
{
"agent_id": null,
"asm_ids": [
"78a11e94-58a9-329c-99ca-e527d2db6cfb"
],
"asm_va_score": null,
"asset_type": "CERTIFICATE",
"business_units": [
"Acme",
"VanDelay Industries"
],
"certificate_algorithm": "SHA256withRSA",
"certificate_classifications": [
"LongExpiration",
"Wildcard",
"Expired"
],
"certificate_issuer": "DigiCert",
"cloud_id": null,
"cloud_provider": null,
"domain_resolves": false,
"externally_detected_providers": [],
"externally_inferred_cves": [],
"first_observed": null,
"has_active_externally_services": false,
"has_xdr_agent": "NA",
"iot_category": null,
"iot_model": null,
"iot_profile": null,
"ip_ranges": [],
"ips": [],
"last_observed": null,
"mac_addresses": [],
"management_status": [],
"name": "*.digital-prod.acme.com",
"operation_system": null,
"region": null,
"sensor": [
"XPANSE"
],
"service_type": []
}
]
}
}

Human Readable Output#

Asset Internet Exposures#

asm_idsasset_typebusiness_unitscertificate_algorithmcertificate_classificationscertificate_issuerdomain_resolveshas_active_externally_serviceshas_xdr_agentnamesensor
cfa1cd5a-77f1-3963-8557-7f652309a143CERTIFICATEAcme,
VanDelay Industries
SHA256withRSALongExpiration,
Wildcard,
Expired
DigiCertfalsefalseNA*.digital-dev.acme.comXPANSE
78a11e94-58a9-329c-99ca-e527d2db6cfbCERTIFICATEAcme,
VanDelay Industries
SHA256withRSALongExpiration,
Wildcard,
Expired
DigiCertfalsefalseNA*.digital-prod.acme.comXPANSE

asm-get-asset-internet-exposure#


Get internet exposure asset details according to the asset ID.

Base Command#

asm-get-asset-internet-exposure

Input#

Argument NameDescriptionRequired
asm_idA string representing the asset ID for which you want to get the details.Required

Context Output#

PathTypeDescription
ASM.AssetInternetExposure.asm_idsStringAttack surface management UUID.
ASM.AssetInternetExposure.nameStringName of the exposed asset.
ASM.AssetInternetExposure.typeStringType of the exposed asset.
ASM.AssetInternetExposure.last_observedUnknownLast time the exposure was observed.
ASM.AssetInternetExposure.first_observedUnknownFirst time the exposure was observed.
ASM.AssetInternetExposure.createdDateDate the ASM issue was created.
ASM.AssetInternetExposure.business_unitsStringAsset associated business units.
ASM.AssetInternetExposure.domainUnknownAsset associated domain.
ASM.AssetInternetExposure.certificate_issuerStringAsset certificate issuer.
ASM.AssetInternetExposure.certificate_algorithmStringAsset certificate algorithm.
ASM.AssetInternetExposure.certificate_classificationsStringAsset certificate classifications.
ASM.AssetInternetExposure.resolvesBooleanWhether the asset has DNS resolution.
ASM.AssetInternetExposure.detailsUnknownAdditional details.
ASM.AssetInternetExposure.externally_inferred_vulnerability_scoreUnknownAsset vulnerability score.

Command example#

!asm-get-asset-internet-exposure asm_id=3c176460-8735-333c-b618-8262e2fb660c

Context Example#

{
"ASM": {
"AssetInternetExposure": {
"active_external_services_types": [],
"active_service_ids": [],
"all_service_ids": [],
"asm_ids": "3c176460-8735-333c-b618-8262e2fb660c",
"business_units": [
"Acme"
],
"certificate_algorithm": "SHA1withRSA",
"certificate_classifications": [
"Wildcard",
"Expired",
"InsecureSignature"
],
"certificate_issuer": "Thawte",
"created": 1663030146931,
"details": {
"businessUnits": [
{
"name": "Acme"
}
],
"certificateDetails": {
"formattedIssuerOrg": "Thawte",
"issuer": "C=US,O=Thawte\\, Inc.,CN=Thawte SSL CA",
"issuerAlternativeNames": "",
"issuerCountry": "US",
"issuerEmail": null,
"issuerLocality": null,
"issuerName": "Thawte SSL CA",
"issuerOrg": "Thawte\\\\, Inc.",
"issuerOrgUnit": null,
"issuerState": null,
"md5Fingerprint": "498ec19ebd6c6883ecd43d064e713002",
"publicKey": "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp21W/QVHuo0Nyy9l6Qp6Ye7yniuCccplWLdkL34pB0roNWBiklLJFftFTXJLtUuYEBhEbUtOPtNr5QRZFo+LQSj+JMQsGajEgNvIIMDms2xtc+vYkuJeNRsN/0zRm8iBjCNEZ0zBbWdupO6xee+Lngq5RiyRzAN2+Q5HlmHmVOcc7NtY5VIQhajp3a5Gc7tmLXa7ZxwQb+afdlpmE0iv4ZxmXFyHwlPXUlIxfETDDjtv2EzAgrnpZ5juo7TEFZA7AjsT0lO6cC2qPE9x9kC02PeC1Heg4hWf70CsXcKQBsprLqusrPYM9+OYfZnj+Dq9j6FjZD314Nz4qTGwmZrwDQIDAQAB",
"publicKeyAlgorithm": "RSA",
"publicKeyBits": 2048,
"publicKeyModulus": "a76d56fd0547ba8d0dcb2f65e90a7a61eef29e2b8271ca6558b7642f7e29074ae83560629252c915fb454d724bb54b981018446d4b4e3ed36be50459168f8b4128fe24c42c19a8c480dbc820c0e6b36c6d73ebd892e25e351b0dff4cd19bc8818c2344674cc16d676ea4eeb179ef8b9e0ab9462c91cc0376f90e479661e654e71cecdb58e5521085a8e9ddae4673bb662d76bb671c106fe69f765a661348afe19c665c5c87c253d75252317c44c30e3b6fd84cc082b9e96798eea3b4c415903b023b13d253ba702daa3c4f71f640b4d8f782d477a0e2159fef40ac5dc29006ca6b2eabacacf60cf7e3987d99e3f83abd8fa163643df5e0dcf8a931b0999af00d",
"publicKeyRsaExponent": 65537,
"publicKeySpki": "Up3fHwOddA9cXEeO4XBOgn63bfnvkXsOrOv6AycwQAk=",
"serialNumber": "91384582774546160650506315451812470612",
"sha1Fingerprint": "77d025c36f055e254063ae2ac3625fd4bf4507fb",
"sha256Fingerprint": "9a37c952ee1169cfa6e91efb57fe6d405d1ca48b26a714e9a46f008c15ea62e8",
"signatureAlgorithm": "SHA1withRSA",
"subject": "C=US,ST=New Jersey,L=Wayne,O=Acme,OU=MIS,CN=*.babiesrus.com",
"subjectAlternativeNames": "*.babiesrus.com",
"subjectCountry": "US",
"subjectEmail": null,
"subjectLocality": "Wayne",
"subjectName": "*.babiesrus.com",
"subjectOrg": "Acme",
"subjectOrgUnit": "MIS",
"subjectState": "New Jersey",
"validNotAfter": 1444780799000,
"validNotBefore": 1413158400000,
"version": "3"
},
"dnsZone": null,
"domain": null,
"domainAssetType": null,
"domainDetails": null,
"inferredCvesObserved": [],
"ip_ranges": {},
"isPaidLevelDomain": false,
"latestSampledIp": null,
"providerDetails": [],
"recentIps": [],
"subdomainMetadata": null,
"topLevelAssetMapperDomain": null
},
"domain": null,
"external_services": [],
"externally_detected_providers": [],
"externally_inferred_cves": [],
"externally_inferred_vulnerability_score": null,
"first_observed": null,
"ips": [],
"last_observed": null,
"name": "*.babiesrus.com",
"resolves": false,
"type": "Certificate"
}
}
}

Human Readable Output#

Asset Internet Exposure#

asm_idsbusiness_unitscertificate_algorithmcertificate_classificationscertificate_issuercreateddetailsnameresolvestype
3c176460-8735-333c-b618-8262e2fb660cAcmeSHA1withRSAWildcard,
Expired,
InsecureSignature
Thawte1663030146931providerDetails:
domain: null
topLevelAssetMapperDomain: null
domainAssetType: null
isPaidLevelDomain: false
domainDetails: null
dnsZone: null
latestSampledIp: null
subdomainMetadata: null
recentIps:
businessUnits: {'name': 'Acme'}
certificateDetails: {"issuer": "C=US,O=Thawte\, Inc.,CN=Thawte SSL CA", "issuerAlternativeNames": "", "issuerCountry": "US", "issuerEmail": null, "issuerLocality": null, "issuerName": "Thawte SSL CA", "issuerOrg": "Thawte\\, Inc.", "formattedIssuerOrg": "Thawte", "issuerOrgUnit": null, "issuerState": null, "publicKey": "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp21W/QVHuo0Nyy9l6Qp6Ye7yniuCccplWLdkL34pB0roNWBiklLJFftFTXJLtUuYEBhEbUtOPtNr5QRZFo+LQSj+JMQsGajEgNvIIMDms2xtc+vYkuJeNRsN/0zRm8iBjCNEZ0zBbWdupO6xee+Lngq5RiyRzAN2+Q5HlmHmVOcc7NtY5VIQhajp3a5Gc7tmLXa7ZxwQb+afdlpmE0iv4ZxmXFyHwlPXUlIxfETDDjtv2EzAgrnpZ5juo7TEFZA7AjsT0lO6cC2qPE9x9kC02PeC1Heg4hWf70CsXcKQBsprLqusrPYM9+OYfZnj+Dq9j6FjZD314Nz4qTGwmZrwDQIDAQAB", "publicKeyAlgorithm": "RSA", "publicKeyRsaExponent": 65537, "signatureAlgorithm": "SHA1withRSA", "subject": "C=US,ST=New Jersey,L=Wayne,O=Acme,OU=MIS,CN=.babiesrus.com", "subjectAlternativeNames": ".babiesrus.com", "subjectCountry": "US", "subjectEmail": null, "subjectLocality": "Wayne", "subjectName": "*.babiesrus.com", "subjectOrg": "Acme", "subjectOrgUnit": "MIS", "subjectState": "New Jersey", "serialNumber": "91384582774546160650506315451812470612", "validNotBefore": 1413158400000, "validNotAfter": 1444780799000, "version": "3", "publicKeyBits": 2048, "publicKeyModulus": "a76d56fd0547ba8d0dcb2f65e90a7a61eef29e2b8271ca6558b7642f7e29074ae83560629252c915fb454d724bb54b981018446d4b4e3ed36be50459168f8b4128fe24c42c19a8c480dbc820c0e6b36c6d73ebd892e25e351b0dff4cd19bc8818c2344674cc16d676ea4eeb179ef8b9e0ab9462c91cc0376f90e479661e654e71cecdb58e5521085a8e9ddae4673bb662d76bb671c106fe69f765a661348afe19c665c5c87c253d75252317c44c30e3b6fd84cc082b9e96798eea3b4c415903b023b13d253ba702daa3c4f71f640b4d8f782d477a0e2159fef40ac5dc29006ca6b2eabacacf60cf7e3987d99e3f83abd8fa163643df5e0dcf8a931b0999af00d", "publicKeySpki": "Up3fHwOddA9cXEeO4XBOgn63bfnvkXsOrOv6AycwQAk=", "sha1Fingerprint": "77d025c36f055e254063ae2ac3625fd4bf4507fb", "sha256Fingerprint": "9a37c952ee1169cfa6e91efb57fe6d405d1ca48b26a714e9a46f008c15ea62e8", "md5Fingerprint": "498ec19ebd6c6883ecd43d064e713002"}
inferredCvesObserved:
ip_ranges: {}
*.babiesrus.comfalseCertificate