Cymptom
Cymptom Pack.#
This Integration is part of theCymptom is a Breach and Attack Simulation solution that revolutionizes the existing approach by transforming attack simulation into a data analysis question. Cymptom agentless scanning brings real-time always-on visibility into the entire security posture. This integration was integrated and tested with version 0.3.4 of Cymptom.
#
Configure Cymptom in CortexParameter | Description | Required |
---|---|---|
url | Management URL (for ex: https://customer_name.cymptom.com/api/ ) | True |
api_key | API key | True |
is_fetch | Fetch incidents | False |
proxy | Use system proxy settings | False |
insecure | Trust any certificate (not secure) | False |
first_fetch | First fetch time range (<number> <time unit> , e.g., 1 hour, 30 minutes). Default is "3 days" | False |
#
CommandsYou can execute these commands from the CLI, as part of an automation, or in a playbook. After you successfully execute a command, a DBot message appears in the War Room with the command details.
#
cymptom-get-mitigationsThis command returns mitigations recommended by Cymptom
#
Base Commandcymptom-get-mitigations
#
InputArgument Name | Description | Required |
---|---|---|
timeout | Timeout for operation. Default is 60. | Optional |
#
Context OutputPath | Type | Description |
---|---|---|
Cymptom.Mitigations.SeverityType | String | The severity of the mitigation |
Cymptom.Mitigations.Name | String | The name of the mitigation |
Cymptom.Mitigations.AttackVectorsUsedPercentage | String | The percentage of attack vectors used that can be mitigated |
Cymptom.Mitigations.ID | String | The mitigation's ID |
Cymptom.Mitigations.AttackVectorsCount | number | The attack vectors counts that can be mitigated |
Cymptom.Mitigations.Techniques | unknown | Techniques relevant for this mitigation |
#
Command Example#
Human Readable Output#
MitigationsID | Name | Severity Type | Attack Vectors Use Percentage | Attack Vectors Count | Techniques |
---|---|---|---|---|---|
3936 | Steal or Forge Kerberos Tickets | Critical | 21.16 | 299 | Encrypt Sensitive Information, Privileged Account Management, Active Directory Configuration, Password Policies |
#
cymptom-get-users-with-cracked-passwordsThis command returns users with cracked password
#
InputArgument Name | Description | Required |
---|---|---|
timeout | Timeout for operation. Default is 60. | Optional |
privileged | Return only privileged (Domain Admin or Local Admin) or unprivileged users. Default is True. | Optional |
#
Context OutputPath | Type | Description |
---|---|---|
Cymptom.CrackedUsers.Username | String | Username of users with cracked passwords |
#
Context Example#
Command Example#
Human Readable Output#
Unprivileged Users With Cracked PasswordsUsername |
---|
user1 |
user2 |