Digital Defense FrontlineVM

Use the Digital Defense Frontline VM to identify and evaluate the security and business risks of network devices and applications deployed as premise, cloud, or hybrid network-based implementations. This integration was integrated and tested with version 6.2.4 of Digital Defense FrontlineVM

Configure Digital Defense FrontlineVM on Cortex XSOAR

  1. Navigate to Settings > Integrations > Servers & Services.
  2. Search for Digital Defense FrontlineVM.
  3. Click Add instance to create and configure a new integration instance.
ParameterDescriptionRequired
frontlineURLFrontline VM URLTrue
insecureTrust any certificate (not secure)False
apiTokenAPI Token to access Frontline VMTrue
isFetchFetch incidentsFalse
incidentTypeIncident typeFalse
incidentSeverityMinimum vulnerability severity for fetching incidentsFalse
incidentFrequencyRate at which to check vulnerability events when fetching incidentsTrue
  1. Click Test to validate the URLs, token, and connection.

Commands

You can execute these commands from the Demisto CLI, as part of an automation, or in a playbook. After you successfully execute a command, a DBot message appears in the War Room with the command details.

frontline-get-assets


Retrieves the asset's information from Frontline VM.

Base Command

frontline-get-assets

Input

Argument NameDescriptionRequired
ip_addressThe IP address for which to return assets.Optional
label_nameThe label name for which to return assets.Optional
max_days_since_scanThe number of days (retroactive) since the last scan.Optional
hostnameThe hostname for which to return assets.Optional

Context Output

PathTypeDescription
FrontlineVM.HostsunknownThe host data from Frontline.Cloud.
FrontlineVM.Hosts.IDunknownThe ID number of the host.
FrontlineVM.Hosts.HostnameunknownThe hostname of the asset.
FrontlineVM.Hosts.IPunknownThe IP address of the host.
FrontlineVM.Hosts.DNSHostnameunknownThe DNS hostname of the host.
FrontlineVM.Hosts.MACunknownThe MAC address of the host.
FrontlineVM.Hosts.OSunknownThe operating system of the host.
FrontlineVM.Hosts.OSTypeunknownThe operating system type of the host.
FrontlineVM.Hosts.CriticalVulnCountunknownThe severity count of critical vulnerabilities.

Command Example

Human Readable Output

frontline-get-vulns


Retrieves vulnerability information from Frontline VM.

Base Command

frontline-get-vulns

Input

Argument NameDescriptionRequired
min_severityThe minimum severity level for which to return vulnerabilities. This argument overrides the "severity" argument when used together. Can be: "critical","high","medium","low","trivial", or "info".Optional
severityReturns all vulnerabilities from Frontline with the specified severity level. Can be: "critical","high","medium","low","trivial", or "info".Optional
max_days_since_createdRetrieves vulnerabilities found prior to the specified date (in days).Optional
min_days_since_createdRetrieves vulnerabilities found after the specified date (in days).Optional
host_idRetrieves vulnerabilities from a specific host based on the Host ID.Optional
ip_addressThe IP address of the host for which to retrieve the vulnerability data.Optional

Context Output

PathTypeDescription
FrontlineVM.VulnsunknownRetrieved vulnerability data pulled from Frontline.Cloud.
FrontlineVM.StatunknownThe statistical overview of vulnerabilities pulled.
FrontlineVM.Vulns.vuln-idunknownThe ID of the vulnerability.
FrontlineVM.Vulns.hostnameunknownThe hostname of the asset.
FrontlineVM.Vulns.ip-addressunknownThe IP address of the asset.
FrontlineVM.Vulns.vuln-titleunknownThe title of the vulnerability.
FrontlineVM.Vulns.date-createdunknownThe date the vulnerability was created.
FrontlineVM.Vulns.ddi-severityunknownThe severity level of the vulnerability.
FrontlineVM.Vulns.vuln-infounknownInformation related to the vulnerability.

Command Example

Human Readable Output

frontline-scan-asset


Performs a scan on the specified asset.

Base Command

frontline-scan-asset

Input

Argument NameDescriptionRequired
ip_addressThe IP address of the asset to scan.Optional
scan_policyThe policy of the scan (case sensitive).Optional
ip_range_startThe IP address start range of the asset to scan.Optional
ip_range_endThe IP address end range of the asset to scan.Optional
scan_nameThe name of this scan to run in FrontlineVM. Default value will be "Cortex XSOAR Scan [<asset_ip_address>]"Optional

Context Output

PathTypeDescription
FrontlineVM.Scan.IDunknownThe ID number of the scan.
FrontlineVM.Scan.NameunknownThe name of the scan.
FrontlineVM.Scan.PolicyunknownThe policy name of the scan.
FrontlineVM.Scan.IPunknownThe IP address of the scan (can be a single IP address or a range of IP addresses).

Command Example

Human Readable Output