CybelAngel
CybelAngel Pack.#
This Integration is part of theSupported versions
Supported Cortex XSOAR versions: 8.0.0 and later.
CybelAngel receives reports from the CybelAngel platform, which specializes in external attack surface protection and management
#
Configure CybelAngel in CortexParameter | Required |
---|---|
Server URL | True |
Client ID | True |
Client Secret | True |
First fetch timestamp (number, time unit, e.g., 12 hours, 7 days) | False |
The maximum number of events per fetch | True |
Trust any certificate (not secure) | False |
Use system proxy settings | False |
#
CommandsYou can execute these commands from the CLI, as part of an automation, or in a playbook. After you successfully execute a command, a DBot message appears in the War Room with the command details.
#
cybelangel-get-eventsSend events from CybelAngel to XSIAM. Used mainly for debugging.
#
Base Commandcybelangel-get-events
#
InputArgument Name | Description | Required |
---|---|---|
start_date | Get reports from a specific start date. | Optional |
end_date | Get reports until a specific end date. If not provided, uses current date. | Optional |
#
Context OutputThere is no context output for this command.
#
cybelangel-report-status-updateUpdate the status of one or multiple reports.
#
Base Commandcybelangel-report-status-update
#
InputArgument Name | Description | Required |
---|---|---|
report_ids | List of report IDs to update. | Required |
status | The new status of the reports. Possible values are: draft, open, in_progress, resolved, discarded. | Required |
#
Context OutputThere is no context output for this command.
#
Command example!cybelangel-report-status-update report_ids=1234 status=open
#
Human Readable Output"The status of the following reports </report list> has been successfully updated to </report status>."
#
cybelangel-report-getRetrieve reports from CybelAngel.
#
Base Commandcybelangel-report-get
#
InputArgument Name | Description | Required |
---|---|---|
report_id | The ID of the report to retrieve. | Required |
If true, retrieves the report as a PDF file. Possible values are: True, False. | Optional |
#
Context OutputPath | Type | Description |
---|---|---|
CybelAngel.Report | unknown | The retrieved report. |
InfoFile.EntryID | String | Entry ID of the saved PDF file. |
#
Command example!cybelangel-report-get report_id=1234
#
Context Example#
Human Readable Output#
Report ID example-id-6 detailsid | report_type | sender | severity | status | updated_at |
---|---|---|---|---|---|
example-id-6 | incident_detection | example@example.com | 1 | in_progress | 2025-03-03T09:13:33.253781 |
#
Command example!cybelangel-report-get report_id=1234 pdf=true
#
Context Example#
Human Readable OutputReturned file: cybelangel_report_1234.pdf
#
cybelangel-report-remediation-request-createCreate a remediation request for a report.
#
Base Commandcybelangel-report-remediation-request-create
#
InputArgument Name | Description | Required |
---|---|---|
report_id | The ID of the report. | Required |
requestor_email | Email of the requestor. | Required |
requestor_fullname | Full name of the requestor. | Required |
#
Context OutputThere is no context output for this command.
#
Command example!cybelangel-report-remediation-request-create report_id=1234 requestor_email=test@paloaltonetworks.com requestor_fullname="Example Test"
#
Context Example#
Human Readable OutputRemediation request was created for 1234.
#
cybelangel-report-attachment-getRetrieve an attachment from a report.
#
Base Commandcybelangel-report-attachment-get
#
InputArgument Name | Description | Required |
---|---|---|
report_id | The ID of the report. | Required |
attachment_id | The ID of the attachment. | Required |
#
Context OutputPath | Type | Description |
---|---|---|
InfoFile.EntryID | unknown | Entry ID of the retrieved file. |
#
Command example!cybelangel-report-attachment-get report_id=1234 attachment_id=5678
#
Context Example#
Human Readable Output#
cybelangel-archive-report-by-id-getRetrieve an archived report by ID as a ZIP file.
#
Base Commandcybelangel-archive-report-by-id-get
#
InputArgument Name | Description | Required |
---|---|---|
report_id | The ID of the archived report. | Required |
#
Context OutputPath | Type | Description |
---|---|---|
InfoFile.EntryID | unknown | Entry ID of the saved ZIP file. |
#
Command example!cybelangel-archive-report-by-id-get report_id=1234
#
Context Example#
Human Readable Output#
cybelangel-mirror-report-getRetrieve the mirror details for the specified report.
#
Base Commandcybelangel-mirror-report-get
#
InputArgument Name | Description | Required |
---|---|---|
report_id | The ID of the report. | Required |
csv | If true, retrieves the mirror report in CSV format. Possible values are: True, False. | Optional |
#
Context OutputPath | Type | Description |
---|---|---|
CybelAngel.ReportMirror | unknown | Mirror details of the report. |
InfoFile.EntryID | unknown | Entry ID of the saved CSV file. |
#
Command example!cybelangel-mirror-report-get report_id=1234
#
Context Example#
Human Readable Output#
Mirror details for Report ID example-id-7report_id | created_at | available_files_count | updated_at |
---|---|---|---|
example-id-7 | 2024-07-11T12:50:20Z | 1 | 2025-01-12T03:26:49Z |
#
Command example!cybelangel-mirror-report-get report_id=1234 csv=true
#
Context Example#
Human Readable Output#
cybelangel-report-comment-createCreate a new comment on a report.
#
Base Commandcybelangel-report-comment-create
#
InputArgument Name | Description | Required |
---|---|---|
discussion_id | The discussion_id is made of report id and tenant id like uuid:uuid. Example: [report_id]:[your-tenant-id]. | Required |
content | The content of the comment. | Required |
parent_id | The ID of the parent comment (for replies). | Optional |
assigned | Specifies if the comment is assigned to analysts (true/false). | Optional |
#
Context OutputThere is no context output for this command.
#
Command example!cybelangel-report-comment-create report_id=1234 content="Test Comment"
#
Human Readable OutputComment added to Report ID 1234.
#
cybelangel-report-listRetrieve reports from CybelAngel.
#
Base Commandcybelangel-report-list
#
InputArgument Name | Description | Required |
---|---|---|
start_date | Get reports from a specific start date formatted with ISO 8601. | Optional |
end_date | Get reports until a specific end date formatted with ISO 8601. | Optional |
#
Context OutputPath | Type | Description |
---|---|---|
CybelAngel.Report | unknown | The retrieved reports. |
#
Command example!cybelangel-report-list start_date="19 hours ago" end_date="now"
#
Context Example#
Human Readable Output#
Reports listid | url | report_type | sender | severity | status | updated_at | report_content |
---|---|---|---|---|---|---|---|
example-id-1 | https://platform.example.com/reports/example-id-1 | incident_detection | example@example.com | 1 | open | 2025-02-25T13:06:06.821922 | ### Sample content… Example |
example-id-2 | https://platform.example.com/reports/example-id-2 | incident_detection | example@example.com | 1 | resolved | 2025-02-26T18:58:50.303598 | ### Sample content… Example |
example-id-3 | https://platform.example.com/reports/example-id-3 | incident_detection | example@example.com | 1 | in_progress | 2025-02-26T12:17:42.241832 | ### Sample content… Example |
example-id-4 | https://platform.example.com/reports/example-id-4 | incident_detection | example@example.com | 1 | open | 2025-02-26T13:29:54.520708 | ### Sample content… Example |
example-id-5 | https://platform.example.com/reports/example-id-5 | incident_detection | example@example.com | 2 | open | 2025-02-25T16:29:32.696281 | ### Sample content… Example |
example-id-6 | https://platform.example.com/reports/example-id-6 | incident_detection | example@example.com | 1 | in_progress | 2025-03-03T09:13:33.253781 | ### Sample content… Example |
example-id-7 | https://platform.example.com/reports/example-id-7 | incident_detection | example@example.com | 1 | in_progress | 2025-03-03T09:13:33.253781 | ### Sample content… Example |
example-id-8 | https://platform.example.com/reports/example-id-8 | incident_detection | example@example.com | 1 | open | 2025-03-03T14:26:11.424002 | ### Sample content… Example |
example-id-9 | https://platform.example.com/reports/example-id-9 | incident_detection | example@example.com | 1 | open | 2025-03-03T14:22:14.184243 | ### Sample content… Example |
example-id-10 | https://platform.example.com/reports/example-id-10 | incident_detection | example@example.com | 1 | open | 2025-03-03T14:28:22.089922 | ### Sample content… Example |
#
cybelangel-report-comments-getRetrieve comments from a report.
#
Base Commandcybelangel-report-comments-get
#
InputArgument Name | Description | Required |
---|---|---|
report_id | The ID of the report. | Required |
#
Context OutputPath | Type | Description |
---|---|---|
CybelAngel.Report.Comment | unknown | The list of comments for the report. |
#
Command example!cybelangel-report-comments-get report_id=1234
#
Context Example#
Human Readable Output#
Comments for Report ID example-id-8content | created_at | discussion_id | assigned | author_firstname | author_lastname | last_updated_at |
---|---|---|---|---|---|---|
This is a comment message | 2025-02-27T11:04:05Z | example-id-8:example-tenant-id | false | ExampleFirst | ExampleLast | 2025-02-27T11:04:05Z |