Skip to main content

Cymptom

This Integration is part of the Cymptom Pack.#

Cymptom is a Breach and Attack Simulation solution that revolutionizes the existing approach by transforming attack simulation into a data analysis question. Cymptom agentless scanning brings real-time always-on visibility into the entire security posture. This integration was integrated and tested with version 0.3.4 of Cymptom.

Configure Cymptom on Cortex XSOAR#

  1. Navigate to Settings > Integrations > Servers & Services.

  2. Search for Cymptom.

  3. Click Add instance to create and configure a new integration instance.

    ParameterDescriptionRequired
    urlManagement URL (for ex: https://customer_name.cymptom.com/api/)True
    api_keyAPI keyTrue
    is_fetchFetch incidentsFalse
    proxyUse system proxy settingsFalse
    insecureTrust any certificate (not secure)False
    first_fetchFirst fetch time range (<number> <time unit>, e.g., 1 hour, 30 minutes). Default is "3 days"False
  4. Click Test to validate the URLs, token, and connection.

Commands#

You can execute these commands from the Cortex XSOAR CLI, as part of an automation, or in a playbook. After you successfully execute a command, a DBot message appears in the War Room with the command details.

cymptom-get-mitigations#


This command returns mitigations recommended by Cymptom

Base Command#

cymptom-get-mitigations

Input#

Argument NameDescriptionRequired
timeoutTimeout for operation. Default is 60.Optional

Context Output#

PathTypeDescription
Cymptom.Mitigations.SeverityTypeStringThe severity of the mitigation
Cymptom.Mitigations.NameStringThe name of the mitigation
Cymptom.Mitigations.AttackVectorsUsedPercentageStringThe percentage of attack vectors used that can be mitigated
Cymptom.Mitigations.IDStringThe mitigation's ID
Cymptom.Mitigations.AttackVectorsCountnumberThe attack vectors counts that can be mitigated
Cymptom.Mitigations.TechniquesunknownTechniques relevant for this mitigation

Command Example#

!cymptom-get-mitigations

Human Readable Output#

Mitigations#
IDNameSeverity TypeAttack Vectors Use PercentageAttack Vectors CountTechniques
3936Steal or Forge Kerberos TicketsCritical21.16299Encrypt Sensitive Information,
Privileged Account Management,
Active Directory Configuration,
Password Policies

cymptom-get-users-with-cracked-passwords#


This command returns users with cracked password

Input#

Argument NameDescriptionRequired
timeoutTimeout for operation. Default is 60.Optional
privilegedReturn only privileged (Domain Admin or Local Admin) or unprivileged users. Default is True.Optional

Context Output#

PathTypeDescription
Cymptom.CrackedUsers.UsernameStringUsername of users with cracked passwords

Context Example#

[
{'Username':'cymptom'},
{'Username':'chen'}
]

Command Example#

!cymptom-get-users-with-cracked-passwords privileged=False

Human Readable Output#

Unprivileged Users With Cracked Passwords#

Username
user1
user2