Picus Security NG
PicusNGAutomation Pack.#
This Integration is part of theSupported versions
Supported Cortex XSOAR versions: 6.5.0 and later.
This integration was integrated and tested with Picus NG
#
Configure PicusNG on Cortex XSOAR- Navigate to Settings > Integrations > Servers & Services.
- Search for PicusNG.
Click Add instance to create and configure a new integration instance.
Parameter Required Picus Manager URL True Trust any certificate (not secure) False Use system proxy settings False Picus Refresh Token True Click Test to validate the URLs, token, and connection.
#
CommandsYou can execute these commands from the Cortex XSOAR CLI, as part of an automation, or in a playbook. After you successfully execute a command, a DBot message appears in the War Room with the command details.
#
picus-get-access-tokenOAuth2 protocol is used to authorize Refresh/Access tokens. To obtain the API, you should generate a refresh token and then request an access token using this command.
#
Base Commandpicus-get-access-token
#
InputThere are no input arguments for this command.
#
Context OutputThere is no context output for this command.
#
picus-get-agent-listThis command returns the simulation agent list with agent name, id, status, agent type and platform information as in Picus platform > Agents.
#
Base Commandpicus-get-agent-list
#
InputThere are no input arguments for this command.
#
Context OutputThere is no context output for this command.
#
picus-get-agent-detailThis command returns agent name, status, agent type, platform and also mitigation devices and attack modules using the agent ID.
#
Base Commandpicus-get-agent-detail
#
InputArgument Name | Description | Required |
---|---|---|
id | Agent id. | Required |
#
Context OutputThere is no context output for this command.
#
picus-create-simulationThis command creates and runs a simulation as requested; scheduled or instant. You can create a simulation by giving your simulation a name and adding the template ID, agent ID.
#
Base Commandpicus-create-simulation
#
InputArgument Name | Description | Required |
---|---|---|
agent_id | ID of the agent. | Required |
description | Description of the simulation. Default is this simulation created with cortex app. | Optional |
name | Name of the simulation. | Required |
schedule_now | Schedule now state. Possible values are: True, False. | Required |
template_id | Id of the template. | Required |
#
Context OutputThere is no context output for this command.
#
picus-get-template-listThis command returns template list that contains template name, id, description, content type, category as in Picus Platform> Threat Templates.
#
Base Commandpicus-get-template-list
#
InputArgument Name | Description | Required |
---|---|---|
offset | Pagination value. | Optional |
limit | Pagination value. | Optional |
#
Context OutputThere is no context output for this command.
#
picus-get-integration-agent-listThis command returns the agent name, id, status, agent installation information and the token expiration information.
#
Base Commandpicus-get-integration-agent-list
#
InputThere are no input arguments for this command.
#
Context OutputThere is no context output for this command.
#
picus-get-simulation-listThis command returns the list of you latest simulation result overview as in Picus Platform > Simulations tab. Latest simulation run results are included.
#
Base Commandpicus-get-simulation-list
#
InputArgument Name | Description | Required |
---|---|---|
offset | Pagination value. | Optional |
limit | Pagination value. | Optional |
#
Context OutputPath | Type | Description |
---|---|---|
Picus.simulationlist.simulation_id | Number | ID of the simulation |
#
picus-simulate-nowThis command runs the existing simulation using the Simulation ID.
#
Base Commandpicus-simulate-now
#
InputArgument Name | Description | Required |
---|---|---|
id | Simulation ID. | Required |
#
Context OutputThere is no context output for this command.
#
picus-get-simulation-detailThis command returns the information about a specific simulation.
#
Base Commandpicus-get-simulation-detail
#
InputArgument Name | Description | Required |
---|---|---|
id | Simulation ID. | Required |
#
Context OutputThere is no context output for this command.
#
picus-get-latest-simulation-resultThis command returns detailed information about simulation results including Prevention and Detection result details for the latest simulation run.
#
Base Commandpicus-get-latest-simulation-result
#
InputArgument Name | Description | Required |
---|---|---|
id | Simulation ID. | Required |
#
Context OutputPath | Type | Description |
---|---|---|
Picus.latestSimulationResult.simulation_run_id | String | Simulation Run ID |
Picus.latestSimulationResult.simulation_id | String | Simulation ID |
Picus.latestSimulationResult.status | String | Simulation Status |
#
picus-get-simulation-resultThis command returns detailed information about simulation results including Prevention and Detection result details for a specific simulation run with run id.
#
Base Commandpicus-get-simulation-result
#
InputArgument Name | Description | Required |
---|---|---|
id | Simulation ID. | Required |
run_id | Simulation Run ID. | Required |
#
Context OutputThere is no context output for this command.
#
picus-get-simulation-threatsThis command returns simulation result based on threats. Threat result includes threat id and name, prevention result and action count.
#
Base Commandpicus-get-simulation-threats
#
InputArgument Name | Description | Required |
---|---|---|
id | Simulation ID. | Required |
run_id | Simulation Run ID. | Required |
limit | Pagination value. | Optional |
offset | Pagination value. | Optional |
#
Context OutputPath | Type | Description |
---|---|---|
Picus.SimulationThreats | String | Threat list of simulation |
#
picus-get-simulation-actionsThis command returns simulation result based on action list using threat ID, simulation ID and simulation run ID.
#
Base Commandpicus-get-simulation-actions
#
InputArgument Name | Description | Required |
---|---|---|
id | Simulation ID. | Required |
run_id | Simulation Run ID. | Required |
threat_ids | Threat ID list ("111,222,333,...") or single threat ID can be given. | Required |
limit | Pagination value. | Optional |
offset | Pagination value. | Optional |
#
Context OutputPath | Type | Description |
---|---|---|
Picus.SimulationActions | String | Action Results(ID and result combination) |
#
picus-get-mitigation-devicesThis command returns mitigation device information as obtained under Picus platform > Mitigation > Vendor Based Mitigations. Vendor based mitigation devices can be fetched using this command.
#
Base Commandpicus-get-mitigation-devices
#
InputArgument Name | Description | Required |
---|---|---|
ids | Simulation ID list ("111,222,333,...") or single simulation ID can be given. | Optional |
#
Context OutputThere is no context output for this command.
#
picus-get-signature-listThis command returns action based signature suggestions.
#
Base Commandpicus-get-signature-list
#
InputArgument Name | Description | Required |
---|---|---|
device_id | Mitigation Device ID. | Required |
action_ids | Action ID list ("111,222,333,...") or single action ID can be given. | Required |
#
Context OutputThere is no context output for this command.
#
picus-set-paramPBSet parameter on playbook. (This command is only used on playbook)
#
Base Commandpicus-set-paramPB
#
InputArgument Name | Description | Required |
---|---|---|
agent_id | Simulation Agent ID. | Required |
device_id | Device ID . | Optional |
simulation_id | Simulation ID. | Required |
#
Context OutputPath | Type | Description |
---|---|---|
Picus.param.agent_id | String | Agent ID |
Picus.param.device_id | String | Device ID |
Picus.param.simulation_id | String | Simulation ID |
#
picus-filter-insecure-attacksFilter insecure attacks on playbook. (This command is only used on playbook)
#
Base Commandpicus-filter-insecure-attacks
#
InputArgument Name | Description | Required |
---|---|---|
threatinfo | Threat id and result combine. Used for playbook. | Required |
#
Context OutputPath | Type | Description |
---|---|---|
Picus.filterinsecure | String | Insecure Attack List |