Cymptom
Cymptom Pack.#
This Integration is part of theCymptom is a Breach and Attack Simulation solution that revolutionizes the existing approach by transforming attack simulation into a data analysis question. Cymptom agentless scanning brings real-time always-on visibility into the entire security posture. This integration was integrated and tested with version 0.3.4 of Cymptom.
#
Configure Cymptom on Cortex XSOARNavigate to Settings > Integrations > Servers & Services.
Search for Cymptom.
Click Add instance to create and configure a new integration instance.
Parameter Description Required url Management URL (for ex: https://customer_name.cymptom.com/api/
)True api_key API key True is_fetch Fetch incidents False proxy Use system proxy settings False insecure Trust any certificate (not secure) False first_fetch First fetch time range ( <number> <time unit>
, e.g., 1 hour, 30 minutes). Default is "3 days"False Click Test to validate the URLs, token, and connection.
#
CommandsYou can execute these commands from the Cortex XSOAR CLI, as part of an automation, or in a playbook. After you successfully execute a command, a DBot message appears in the War Room with the command details.
#
cymptom-get-mitigationsThis command returns mitigations recommended by Cymptom
#
Base Commandcymptom-get-mitigations
#
InputArgument Name | Description | Required |
---|---|---|
timeout | Timeout for operation. Default is 60. | Optional |
#
Context OutputPath | Type | Description |
---|---|---|
Cymptom.Mitigations.SeverityType | String | The severity of the mitigation |
Cymptom.Mitigations.Name | String | The name of the mitigation |
Cymptom.Mitigations.AttackVectorsUsedPercentage | String | The percentage of attack vectors used that can be mitigated |
Cymptom.Mitigations.ID | String | The mitigation's ID |
Cymptom.Mitigations.AttackVectorsCount | number | The attack vectors counts that can be mitigated |
Cymptom.Mitigations.Techniques | unknown | Techniques relevant for this mitigation |
#
Command Example#
Human Readable Output#
MitigationsID | Name | Severity Type | Attack Vectors Use Percentage | Attack Vectors Count | Techniques |
---|---|---|---|---|---|
3936 | Steal or Forge Kerberos Tickets | Critical | 21.16 | 299 | Encrypt Sensitive Information, Privileged Account Management, Active Directory Configuration, Password Policies |
#
cymptom-get-users-with-cracked-passwordsThis command returns users with cracked password
#
InputArgument Name | Description | Required |
---|---|---|
timeout | Timeout for operation. Default is 60. | Optional |
privileged | Return only privileged (Domain Admin or Local Admin) or unprivileged users. Default is True. | Optional |
#
Context OutputPath | Type | Description |
---|---|---|
Cymptom.CrackedUsers.Username | String | Username of users with cracked passwords |
#
Context Example#
Command Example#
Human Readable Output#
Unprivileged Users With Cracked PasswordsUsername |
---|
user1 |
user2 |