Skip to main content

Hackuity

This Integration is part of the Hackuity Pack.#

Supported versions

Supported Cortex XSOAR versions: 6.0.0 and later.

From a war-room, query your Hackuity cockpit in order to seamlessly retrieve information related to your vulnerability stock. This integration was integrated and tested with version 1.25.0 of Hackuity

Configure Hackuity on Cortex XSOAR#

  1. Navigate to Settings > Integrations > Servers & Services.

  2. Search for Hackuity.

  3. Click Add instance to create and configure a new integration instance.

    ParameterRequired
    Corporate server URLTrue
    NamespaceTrue
    LoginTrue
    PasswordTrue
    Trust any certificate (not secure)False
    Use system proxy settingsFalse
  4. Click Test to validate the URLs, token, and connection.

Commands#

You can execute these commands from the Cortex XSOAR CLI, as part of an automation, or in a playbook. After you successfully execute a command, a DBot message appears in the War Room with the command details.

hackuity-search-findings#


Search for findings in Hackuity.

Base Command#

hackuity-search-findings

Input#

Argument NameDescriptionRequired
asset_nameThe name of the asset.Optional
asset_typeThe type of the asset if the asset name is specified (by default, restricts to IPs & domains).Optional
attributeAn attribute value.Optional
cvss_minThe minimum CVSS (included).Optional
cvss_maxThe maximum CVSS (excluded).Optional
limitThe maximum number of items to return. Default is 20.Optional
trs_minThe minimum TRS (included).Optional
trs_maxThe maximum TRS (excluded).Optional
vuln_typeThe vulnerability type (ID).Optional

Context Output#

PathTypeDescription
Hackuity.Findings.Asset.IDStringThe ID of the asset
Hackuity.Findings.Asset.NameStringThe name of the asset
Hackuity.Findings.Asset.TypeStringThe type of the asset
Hackuity.Findings.AttributesUnknownThe attributes of the finding
Hackuity.Findings.Score.CVSSNumberThe CVSS of the finding
Hackuity.Findings.Score.TRSNumberThe TRS of the finding
Hackuity.Findings.IDStringThe ID of the finding
Hackuity.Findings.Status.IgnoredBooleanWhether the finding is ignored
Hackuity.Findings.Status.StateStringThe state of the finding
Hackuity.Findings.Status.SubStateStringThe sub-state of the finding
Hackuity.Findings.VulnType.IDStringThe ID of the vulnerability type
Hackuity.Findings.VulnType.NameStringThe name of the vulnerability type

Command example#

!hackuity-search-findings asset_name=example.com

Context Example#

{
"Hackuity": {
"Findings": [
{
"Asset": {
"ID": "NKTVm2RU4606",
"Name": "example.com",
"Type": "DOMAIN"
},
"Attributes": {
"cve_id": "CVE-2015-6550"
},
"ID": "j6SMpiorqFi1",
"Score": {
"CVSS": 10,
"TRS": 693
},
"Status": {
"Ignored": false,
"State": "CLOSED",
"SubState": "FIXED"
},
"VulnType": {
"ID": "common-vulnerability-exposure",
"Name": "Common Vulnerability and Exposure (CVE)"
}
},
{
"Asset": {
"ID": "NKTVm2RU4606",
"Name": "example.com",
"Type": "DOMAIN"
},
"Attributes": {
"cve_id": "CVE-2015-6551"
},
"ID": "ag8FkNpubY7N",
"Score": {
"CVSS": 10,
"TRS": 693
},
"Status": {
"Ignored": false,
"State": "CLOSED",
"SubState": "FIXED"
},
"VulnType": {
"ID": "common-vulnerability-exposure",
"Name": "Common Vulnerability and Exposure (CVE)"
}
}
]
}
}

Human Readable Output#

Findings#

AssetVulnTypeAttributesScoreStatus
ID: NKTVm2RU4606
Name: example.com
Type: DOMAIN
ID: common-vulnerability-exposure
Name: Common Vulnerability and Exposure (CVE)
cve_id: CVE-2015-6550CVSS: 10.0
TRS: 693
Ignored: false
State: CLOSED
SubState: FIXED
ID: NKTVm2RU4606
Name: example.com
Type: DOMAIN
ID: common-vulnerability-exposure
Name: Common Vulnerability and Exposure (CVE)
cve_id: CVE-2015-6551CVSS: 10.0
TRS: 693
Ignored: false
State: CLOSED
SubState: FIXED

hackuity-search-vulndb-vulnerabilities#


Search for vulndb vulnerabilities in Hackuity.

Base Command#

hackuity-search-vulndb-vulnerabilities

Input#

Argument NameDescriptionRequired
asset_nameThe name of the asset.Optional
asset_typeThe type of the asset if the asset name is specified (by default, restricts to IPs & domains).Optional
attributeAn attribute value.Optional
cvss_minThe minimum CVSS (included).Optional
cvss_maxThe maximum CVSS (excluded).Optional
limitThe maximum number of items to return. Default is 20.Optional
trs_minThe minimum TRS (included).Optional
trs_maxThe maximum TRS (excluded).Optional
vuln_typeThe vulnerability type (ID).Optional

Context Output#

PathTypeDescription
Hackuity.Vulnerabilities.AttributesStringThe attributes of the vulnerability
Hackuity.Vulnerabilities.Score.CVSSStringThe CVSS of the vulnerability
Hackuity.Vulnerabilities.Score.TRSStringThe TRS of the vulnerability
Hackuity.Vulnerabilities.DescriptionStringThe description of the vulnerability
Hackuity.Vulnerabilities.IDStringThe ID of the vulnerability
Hackuity.Vulnerabilities.Seen.FirstDateThe date of the first time the vulnerability has been seen
Hackuity.Vulnerabilities.Findings.TotalStringThe total number of findings on this vulnerability
Hackuity.Vulnerabilities.Findings.OpenStringThe number of open findings on this vulnerability
Hackuity.Vulnerabilities.Findings.ClosedStringThe number of closed findings on this vulnerability
Hackuity.Vulnerabilities.Findings.IgnoredStringThe number of ignored findings on this vulnerability
Hackuity.Vulnerabilities.VulnType.IDStringThe ID of the vulnerability type
Hackuity.Vulnerabilities.VulnType.NameStringThe name of the vulnerability type

Command example#

!hackuity-search-vulndb-vulnerabilities asset_name=example.com

Context Example#

{
"Hackuity": {
"Vulnerabilities": [
{
"Attributes": [
{
"key": "cve_id",
"value": "CVE-2020-0705"
}
],
"Description": "An information disclosure vulnerability exists when the Windows Network Driver Interface Specification (NDIS) improperly handles memory.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Windows Network Driver Interface Specification (NDIS) Information Disclosure Vulnerability'.",
"Findings": {
"Closed": 0,
"Ignored": 0,
"Open": 1,
"Total": 1
},
"ID": "hy#asset/NKTVm2RU4606:LWxh4Y7UpCUw",
"Score": {
"CVSS": 9,
"TRS": 636
},
"Seen": {
"First": "2021-03-03T07:56:07Z"
},
"VulnTypes": [
{
"ID": "common-vulnerability-exposure",
"Name": "Common Vulnerability and Exposure (CVE)"
}
]
},
{
"Attributes": [
{
"key": "cve_id",
"value": "CVE-2020-0958"
}
],
"Description": "An elevation of privilege vulnerability exists in Windows when the Windows kernel-mode driver fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0956, CVE-2020-0957.",
"Findings": {
"Closed": 0,
"Ignored": 0,
"Open": 1,
"Total": 1
},
"ID": "hy#asset/NKTVm2RU4606:mTYugfvOy9yt",
"Score": {
"CVSS": 9,
"TRS": 636
},
"Seen": {
"First": "2021-03-03T07:56:07Z"
},
"VulnTypes": [
{
"ID": "common-vulnerability-exposure",
"Name": "Common Vulnerability and Exposure (CVE)"
}
]
}
]
}
}

Human Readable Output#

VulnDB vulnerabilities#

VulnTypesDescriptionAttributesScoreFindingsSeen
{'ID': 'common-vulnerability-exposure', 'Name': 'Common Vulnerability and Exposure (CVE)'}An information disclosure vulnerability exists when the Windows Network Driver Interface Specification (NDIS) improperly handles memory.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Windows Network Driver Interface Specification (NDIS) Information Disclosure Vulnerability'.{'key': 'cve_id', 'value': 'CVE-2020-0705'}CVSS: 9.0
TRS: 636
Total: 1
Open: 1
Closed: 0
Ignored: 0
First: 2021-03-03T07:56:07Z
{'ID': 'common-vulnerability-exposure', 'Name': 'Common Vulnerability and Exposure (CVE)'}An elevation of privilege vulnerability exists in Windows when the Windows kernel-mode driver fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0956, CVE-2020-0957.{'key': 'cve_id', 'value': 'CVE-2020-0958'}CVSS: 9.0
TRS: 636
Total: 1
Open: 1
Closed: 0
Ignored: 0
First: 2021-03-03T07:56:07Z

hackuity-search-provider-vulnerabilities#


Search for provider vulnerabilities in Hackuity.

Base Command#

hackuity-search-provider-vulnerabilities

Input#

Argument NameDescriptionRequired
asset_nameThe name of the asset.Optional
asset_typeThe type of the asset if the asset name is specified (by default, restricts to IPs & domains).Optional
attributeAn attribute value.Optional
cvss_minThe minimum CVSS (included).Optional
cvss_maxThe maximum CVSS (excluded).Optional
limitThe maximum number of items to return. Default is 20.Optional
trs_minThe minimum TRS (included).Optional
trs_maxThe maximum TRS (excluded).Optional
vuln_typeThe vulnerability type (ID).Optional

Context Output#

PathTypeDescription
Hackuity.Vulnerabilities.AttributesStringThe attributes of the vulnerability
Hackuity.Vulnerabilities.Score.CVSSStringThe CVSS of the vulnerability
Hackuity.Vulnerabilities.Score.TRSStringThe TRS of the vulnerability
Hackuity.Vulnerabilities.DescriptionStringThe description of the vulnerability
Hackuity.Vulnerabilities.IDStringThe ID of the vulnerability
Hackuity.Vulnerabilities.Seen.FirstDateThe date of the first time the vulnerability has been seen
Hackuity.Vulnerabilities.Findings.TotalStringThe total number of findings on this vulnerability
Hackuity.Vulnerabilities.Findings.OpenStringThe number of open findings on this vulnerability
Hackuity.Vulnerabilities.Findings.ClosedStringThe number of closed findings on this vulnerability
Hackuity.Vulnerabilities.Findings.IgnoredStringThe number of ignored findings on this vulnerability
Hackuity.Vulnerabilities.VulnType.IDStringThe ID of the vulnerability type
Hackuity.Vulnerabilities.VulnType.NameStringThe name of the vulnerability type

Command example#

!hackuity-search-provider-vulnerabilities asset_name=example.com

Context Example#

{
"Hackuity": {
"Vulnerabilities": [
{
"Attributes": [],
"Description": "KB4561669: Windows 7 and Windows Server 2008 R2 June 2020 Security Update",
"Findings": {
"Closed": 2,
"Ignored": 0,
"Open": 8,
"Total": 10
},
"ID": "hy#asset/NKTVm2RU4606:QHBzm5XEkjIp",
"Score": {
"CVSS": 9,
"TRS": 636
},
"Seen": {
"First": "2021-03-03T07:56:07Z"
},
"VulnTypes": [
{
"ID": "common-vulnerability-exposure",
"Name": "Common Vulnerability and Exposure (CVE)"
}
]
},
{
"Attributes": [],
"Description": "KB4541500: Windows 7 and Windows Server 2008 R2 March 2020 Security Update",
"Findings": {
"Closed": 1,
"Ignored": 0,
"Open": 15,
"Total": 16
},
"ID": "hy#asset/NKTVm2RU4606:rX8JQJaETpoq",
"Score": {
"CVSS": 9,
"TRS": 636
},
"Seen": {
"First": "2021-03-03T07:56:07Z"
},
"VulnTypes": [
{
"ID": "common-vulnerability-exposure",
"Name": "Common Vulnerability and Exposure (CVE)"
}
]
}
]
}
}

Human Readable Output#

Provider vulnerabilities#

VulnTypesDescriptionAttributesScoreFindingsSeen
{'ID': 'common-vulnerability-exposure', 'Name': 'Common Vulnerability and Exposure (CVE)'}KB4561669: Windows 7 and Windows Server 2008 R2 June 2020 Security UpdateCVSS: 9.0
TRS: 636
Total: 10
Open: 8
Closed: 2
Ignored: 0
First: 2021-03-03T07:56:07Z
{'ID': 'common-vulnerability-exposure', 'Name': 'Common Vulnerability and Exposure (CVE)'}KB4541500: Windows 7 and Windows Server 2008 R2 March 2020 Security UpdateCVSS: 9.0
TRS: 636
Total: 16
Open: 15
Closed: 1
Ignored: 0
First: 2021-03-03T07:56:07Z

hackuity-dashboard-widgets#


List the widgets in the default dashboard of the user.

Base Command#

hackuity-dashboard-widgets

Input#

There are no input arguments for this command.

Context Output#

PathTypeDescription
Hackuity.Dashboard.Widgets.IDStringThe ID of the widget
Hackuity.Dashboard.Widgets.ParamsUnknownThe configuration of the widget
Hackuity.Dashboard.Widgets.TypeStringThe type of the widget

Command example#

!hackuity-dashboard-widgets

Context Example#

{
"Hackuity": {
"Dashboard": {
"Widgets": [
{
"ID": "abcd3fgh1jklmn0pqrstuv",
"Params": {
"nbDaysToCompare": 28,
"withTotal": true
},
"Type": "ASSETS_OVERVIEW"
}
]
}
}
}

Human Readable Output#

Dashboard widgets#

IDTypeParams
abcd3fgh1jklmn0pqrstuvASSETS_OVERVIEWnbDaysToCompare: 28
withTotal: true

hackuity-dashboard-data#


Get the data of a dashboard widget

Base Command#

hackuity-dashboard-data

Input#

Argument NameDescriptionRequired
widget_idThe ID of the widget.Required

Context Output#

PathTypeDescription
Hackuity.Dashboard.DataUnknownThe data of the widget

Command example#

!hackuity-dashboard-data widget_id=abcd3fgh1jklmn0pqrstuv

Context Example#

{
"Hackuity": {
"Dashboard": {
"Data": {
"abcd3fgh1jklmn0pqrstuv": {
"currentNbAssets": 456,
"previousNbAssets": 123
}
}
}
}
}

Human Readable Output#

Dashboard widget data (abcd3fgh1jklmn0pqrstuv)#

currentNbAssetspreviousNbAssets
456123