Skip to main content

Linkshadow

Supported versions

Supported Cortex XSOAR versions: 5.5.0 and later.

Configure Linkshadow on Cortex XSOAR#

  1. Navigate to Settings > Integrations > Servers & Services.
  2. Search for Linkshadow
  3. Click Add instance to create and configure a new integration instance.

To configure the connection to your Linkshadow instance, you will provide:

API Token, API Username from Linkshadow ( Generate tokens from following url : https://Linkshadow-device-IP/settings/#general-settings ) under the "Generate API Key for LinkShadow" section)

ParameterDescriptionRequired
API KeyUse API TokenTrue
urlServer URL (e.g. https://Linkshadow_IP/)True
API UsernameUse API UsernameTrue
actionfetch_entity_anomaliesTrue
plugin_idxsoar_integration_1604211382True
Incidents Fetch Interval01 MinutesDefault
  1. Click Test to validate the URLs, token, and connection.

Commands#

You can execute these commands from the Cortex XSOAR CLI, as part of an automation, or in a playbook. After you successfully execute a command, a DBot message appears in the War Room with the command details.

Linkshadow-fetch-entity-anomalies#


Linkshadow returns the full incident details referenced by timeframe (default = 60min) in an API response. Use of this command will return the JSON structure of the API response.

Base Command#

Linkshadow-fetch-entity-anomalies

Input#

Argument NameDescriptionRequired
time_frameTime PeriodOptional(default:60)

Context Output#

PathTypeDescription
Linkshadow.data.GlobalIDStringUnique ID of the Anomaly to track in Linkshadow
Linkshadow.data.action_timeDateTime of Anomaly Send to XSOAR
Linkshadow.data.anomaly_flagNumberAnomaly Flag Value 1 - Means Active Anomaly, 0 Means Fixed Anomaly
Linkshadow.data.anomaly_idNumberAnomaly ID for LinkShadow
Linkshadow.data.anomaly_typeStringIncident Type
Linkshadow.data.bandwidthStringBandwidth usage of the Anomalous session
Linkshadow.data.categoryStringAdditional Information for the anomaly
Linkshadow.data.dataStringTime of Anomaly seen
Linkshadow.data.descStringDescription of anomaly from linkshadow
Linkshadow.data.dipStringDestination Ip in the detected anomaly
Linkshadow.data.dmacStringDestination mac address
Linkshadow.data.dportStringDestination port number of the anomalous session
Linkshadow.data.idStringNA
Linkshadow.data.inserted_timeDateTime of Anomaly added to the database
Linkshadow.data.scoreNumberRisk Score of the Anomaly - Typical value between 1-20
Linkshadow.data.sipStringSource IP in the detected Anomaly
Linkshadow.data.smacStringSource Mac Address in the detected Anomaly
Linkshadow.data.sportStringSource port number of the anomalous session
Linkshadow.data.time_seenDateTime of Anomaly seen