Skip to main content


This Integration is part of the Linkshadow Pack.#

Supported versions

Supported Cortex XSOAR versions: 5.5.0 and later.

Configure Linkshadow on Cortex XSOAR#

  1. Navigate to Settings > Integrations > Servers & Services.
  2. Search for Linkshadow
  3. Click Add instance to create and configure a new integration instance.

To configure the connection to your Linkshadow instance, you will provide:

API Token, API Username from Linkshadow ( Generate tokens from following url : https://Linkshadow-device-IP/settings/#general-settings ) under the "Generate API Key for LinkShadow" section)

API KeyUse API TokenTrue
urlServer URL (e.g. https://Linkshadow_IP/)True
API UsernameUse API UsernameTrue
Incidents Fetch Interval01 MinutesDefault
  1. Click Test to validate the URLs, token, and connection.


You can execute these commands from the Cortex XSOAR CLI, as part of an automation, or in a playbook. After you successfully execute a command, a DBot message appears in the War Room with the command details.


Linkshadow returns the full incident details referenced by timeframe (default = 60min) in an API response. Use of this command will return the JSON structure of the API response.

Base Command#



Argument NameDescriptionRequired
time_frameTime PeriodOptional(default:60)

Context Output#

PathTypeDescription ID of the Anomaly to track in Linkshadow of Anomaly Send to XSOAR Flag Value 1 - Means Active Anomaly, 0 Means Fixed Anomaly ID for LinkShadow Type usage of the Anomalous session Information for the anomaly of Anomaly seen of anomaly from linkshadow Ip in the detected anomaly mac address port number of the anomalous session of Anomaly added to the database Score of the Anomaly - Typical value between 1-20 IP in the detected Anomaly Mac Address in the detected Anomaly port number of the anomalous session of Anomaly seen