Digital Defense FrontlineVM
Digital Defense Frontline VM Pack.#
This Integration is part of theUse the Digital Defense Frontline VM to identify and evaluate the security and business risks of network devices and applications deployed as premise, cloud, or hybrid network-based implementations. This integration was integrated and tested with version 6.2.4 of Digital Defense FrontlineVM
#
Configure Digital Defense FrontlineVM in CortexParameter | Description | Required |
---|---|---|
frontlineURL | Frontline VM URL | True |
insecure | Trust any certificate (not secure) | False |
apiToken | API Token to access Frontline VM | True |
isFetch | Fetch incidents | False |
incidentType | Incident type | False |
incidentSeverity | Minimum vulnerability severity for fetching incidents | False |
incidentFrequency | Rate at which to check vulnerability events when fetching incidents | True |
#
CommandsYou can execute these commands from the CLI, as part of an automation, or in a playbook. After you successfully execute a command, a DBot message appears in the War Room with the command details.
#
frontline-get-assetsRetrieves the asset's information from Frontline VM.
#
Base Commandfrontline-get-assets
#
InputArgument Name | Description | Required |
---|---|---|
ip_address | The IP address for which to return assets. | Optional |
label_name | The label name for which to return assets. | Optional |
max_days_since_scan | The number of days (retroactive) since the last scan. | Optional |
hostname | The hostname for which to return assets. | Optional |
#
Context OutputPath | Type | Description |
---|---|---|
FrontlineVM.Hosts | unknown | The host data from Frontline.Cloud. |
FrontlineVM.Hosts.ID | unknown | The ID number of the host. |
FrontlineVM.Hosts.Hostname | unknown | The hostname of the asset. |
FrontlineVM.Hosts.IP | unknown | The IP address of the host. |
FrontlineVM.Hosts.DNSHostname | unknown | The DNS hostname of the host. |
FrontlineVM.Hosts.MAC | unknown | The MAC address of the host. |
FrontlineVM.Hosts.OS | unknown | The operating system of the host. |
FrontlineVM.Hosts.OSType | unknown | The operating system type of the host. |
FrontlineVM.Hosts.CriticalVulnCount | unknown | The severity count of critical vulnerabilities. |
#
Command Example#
Human Readable Output#
frontline-scan-assetPerforms a scan on the specified asset.
#
Base Commandfrontline-scan-asset
#
InputArgument Name | Description | Required |
---|---|---|
ip_address | The IP address of the asset to scan. | Optional |
scan_policy | The policy of the scan (case sensitive). | Optional |
ip_range_start | The IP address start range of the asset to scan. | Optional |
ip_range_end | The IP address end range of the asset to scan. | Optional |
scan_name | The name of this scan to run in FrontlineVM. Default value will be "Cortex XSOAR Scan [<asset_ip_address>]" | Optional |
#
Context OutputPath | Type | Description |
---|---|---|
FrontlineVM.Scan.ID | unknown | The ID number of the scan. |
FrontlineVM.Scan.Name | unknown | The name of the scan. |
FrontlineVM.Scan.Policy | unknown | The policy name of the scan. |
FrontlineVM.Scan.IP | unknown | The IP address of the scan (can be a single IP address or a range of IP addresses). |