Skip to main content

Digital Defense FrontlineVM

This Integration is part of the Digital Defense Frontline VM Pack.#

Use the Digital Defense Frontline VM to identify and evaluate the security and business risks of network devices and applications deployed as premise, cloud, or hybrid network-based implementations. This integration was integrated and tested with version 6.2.4 of Digital Defense FrontlineVM

Configure Digital Defense FrontlineVM in Cortex#

ParameterDescriptionRequired
frontlineURLFrontline VM URLTrue
insecureTrust any certificate (not secure)False
apiTokenAPI Token to access Frontline VMTrue
isFetchFetch incidentsFalse
incidentTypeIncident typeFalse
incidentSeverityMinimum vulnerability severity for fetching incidentsFalse
incidentFrequencyRate at which to check vulnerability events when fetching incidentsTrue

Commands#

You can execute these commands from the CLI, as part of an automation, or in a playbook. After you successfully execute a command, a DBot message appears in the War Room with the command details.

frontline-get-assets#


Retrieves the asset's information from Frontline VM.

Base Command#

frontline-get-assets

Input#

Argument NameDescriptionRequired
ip_addressThe IP address for which to return assets.Optional
label_nameThe label name for which to return assets.Optional
max_days_since_scanThe number of days (retroactive) since the last scan.Optional
hostnameThe hostname for which to return assets.Optional

Context Output#

PathTypeDescription
FrontlineVM.HostsunknownThe host data from Frontline.Cloud.
FrontlineVM.Hosts.IDunknownThe ID number of the host.
FrontlineVM.Hosts.HostnameunknownThe hostname of the asset.
FrontlineVM.Hosts.IPunknownThe IP address of the host.
FrontlineVM.Hosts.DNSHostnameunknownThe DNS hostname of the host.
FrontlineVM.Hosts.MACunknownThe MAC address of the host.
FrontlineVM.Hosts.OSunknownThe operating system of the host.
FrontlineVM.Hosts.OSTypeunknownThe operating system type of the host.
FrontlineVM.Hosts.CriticalVulnCountunknownThe severity count of critical vulnerabilities.

Command Example#

#### Human Readable Output
### frontline-get-vulns
***
Retrieves vulnerability information from Frontline VM.
#### Base Command
`frontline-get-vulns`
#### Input
| **Argument Name** | **Description** | **Required** |
| --- | --- | --- |
| min_severity | The minimum severity level for which to return vulnerabilities. This argument overrides the "severity" argument when used together. Can be: "critical","high","medium","low","trivial", or "info". | Optional |
| severity | Returns all vulnerabilities from Frontline with the specified severity level. Can be: "critical","high","medium","low","trivial", or "info". | Optional |
| max_days_since_created | Retrieves vulnerabilities found prior to the specified date (in days). | Optional |
| min_days_since_created | Retrieves vulnerabilities found after the specified date (in days). | Optional |
| host_id | Retrieves vulnerabilities from a specific host based on the Host ID. | Optional |
| ip_address | The IP address of the host for which to retrieve the vulnerability data. | Optional |
#### Context Output
| **Path** | **Type** | **Description** |
| --- | --- | --- |
| FrontlineVM.Vulns | unknown | Retrieved vulnerability data pulled from Frontline.Cloud. |
| FrontlineVM.Stat | unknown | The statistical overview of vulnerabilities pulled. |
| FrontlineVM.Vulns.vuln-id | unknown | The ID of the vulnerability. |
| FrontlineVM.Vulns.hostname | unknown | The hostname of the asset. |
| FrontlineVM.Vulns.ip-address | unknown | The IP address of the asset. |
| FrontlineVM.Vulns.vuln-title | unknown | The title of the vulnerability. |
| FrontlineVM.Vulns.date-created | unknown | The date the vulnerability was created. |
| FrontlineVM.Vulns.ddi-severity | unknown | The severity level of the vulnerability. |
| FrontlineVM.Vulns.vuln-info | unknown | Information related to the vulnerability. |
#### Command Example

Human Readable Output#

frontline-scan-asset#


Performs a scan on the specified asset.

Base Command#

frontline-scan-asset

Input#

Argument NameDescriptionRequired
ip_addressThe IP address of the asset to scan.Optional
scan_policyThe policy of the scan (case sensitive).Optional
ip_range_startThe IP address start range of the asset to scan.Optional
ip_range_endThe IP address end range of the asset to scan.Optional
scan_nameThe name of this scan to run in FrontlineVM. Default value will be "Cortex XSOAR Scan [<asset_ip_address>]"Optional

Context Output#

PathTypeDescription
FrontlineVM.Scan.IDunknownThe ID number of the scan.
FrontlineVM.Scan.NameunknownThe name of the scan.
FrontlineVM.Scan.PolicyunknownThe policy name of the scan.
FrontlineVM.Scan.IPunknownThe IP address of the scan (can be a single IP address or a range of IP addresses).

Command Example#

#### Human Readable Output