Skip to main content

Picus Security NG

This Integration is part of the PicusNGAutomation Pack.#

Supported versions

Supported Cortex XSOAR versions: 6.5.0 and later.

This integration was integrated and tested with Picus NG

Configure PicusNG on Cortex XSOAR#

  1. Navigate to Settings > Integrations > Servers & Services.
  2. Search for PicusNG.

image

  1. Click Add instance to create and configure a new integration instance.

    ParameterRequired
    Picus Manager URLTrue
    Trust any certificate (not secure)False
    Use system proxy settingsFalse
    Picus Refresh TokenTrue
  2. Click Test to validate the URLs, token, and connection.

image

Commands#

You can execute these commands from the Cortex XSOAR CLI, as part of an automation, or in a playbook. After you successfully execute a command, a DBot message appears in the War Room with the command details.

picus-get-access-token#


OAuth2 protocol is used to authorize Refresh/Access tokens. To obtain the API, you should generate a refresh token and then request an access token using this command.

Base Command#

picus-get-access-token

Input#

There are no input arguments for this command.

Context Output#

There is no context output for this command.

picus-get-agent-list#


This command returns the simulation agent list with agent name, id, status, agent type and platform information as in Picus platform > Agents.

Base Command#

picus-get-agent-list

Input#

There are no input arguments for this command.

Context Output#

There is no context output for this command.

picus-get-agent-detail#


This command returns agent name, status, agent type, platform and also mitigation devices and attack modules using the agent ID.

Base Command#

picus-get-agent-detail

Input#

Argument NameDescriptionRequired
idAgent id.Required

Context Output#

There is no context output for this command.

picus-create-simulation#


This command creates and runs a simulation as requested; scheduled or instant. You can create a simulation by giving your simulation a name and adding the template ID, agent ID.

Base Command#

picus-create-simulation

Input#

Argument NameDescriptionRequired
agent_idID of the agent.Required
descriptionDescription of the simulation. Default is this simulation created with cortex app.Optional
nameName of the simulation.Required
schedule_nowSchedule now state. Possible values are: True, False.Required
template_idId of the template.Required

Context Output#

There is no context output for this command.

picus-get-template-list#


This command returns template list that contains template name, id, description, content type, category as in Picus Platform> Threat Templates.

Base Command#

picus-get-template-list

Input#

Argument NameDescriptionRequired
offsetPagination value.Optional
limitPagination value.Optional

Context Output#

There is no context output for this command.

picus-get-integration-agent-list#


This command returns the agent name, id, status, agent installation information and the token expiration information.

Base Command#

picus-get-integration-agent-list

Input#

There are no input arguments for this command.

Context Output#

There is no context output for this command.

picus-get-simulation-list#


This command returns the list of you latest simulation result overview as in Picus Platform > Simulations tab. Latest simulation run results are included.

Base Command#

picus-get-simulation-list

Input#

Argument NameDescriptionRequired
offsetPagination value.Optional
limitPagination value.Optional

Context Output#

PathTypeDescription
Picus.simulationlist.simulation_idNumberID of the simulation

picus-simulate-now#


This command runs the existing simulation using the Simulation ID.

Base Command#

picus-simulate-now

Input#

Argument NameDescriptionRequired
idSimulation ID.Required

Context Output#

There is no context output for this command.

picus-get-simulation-detail#


This command returns the information about a specific simulation.

Base Command#

picus-get-simulation-detail

Input#

Argument NameDescriptionRequired
idSimulation ID.Required

Context Output#

There is no context output for this command.

picus-get-latest-simulation-result#


This command returns detailed information about simulation results including Prevention and Detection result details for the latest simulation run.

Base Command#

picus-get-latest-simulation-result

Input#

Argument NameDescriptionRequired
idSimulation ID.Required

Context Output#

PathTypeDescription
Picus.latestSimulationResult.simulation_run_idStringSimulation Run ID
Picus.latestSimulationResult.simulation_idStringSimulation ID
Picus.latestSimulationResult.statusStringSimulation Status

picus-get-simulation-result#


This command returns detailed information about simulation results including Prevention and Detection result details for a specific simulation run with run id.

Base Command#

picus-get-simulation-result

Input#

Argument NameDescriptionRequired
idSimulation ID.Required
run_idSimulation Run ID.Required

Context Output#

There is no context output for this command.

picus-get-simulation-threats#


This command returns simulation result based on threats. Threat result includes threat id and name, prevention result and action count.

Base Command#

picus-get-simulation-threats

Input#

Argument NameDescriptionRequired
idSimulation ID.Required
run_idSimulation Run ID.Required
limitPagination value.Optional
offsetPagination value.Optional

Context Output#

PathTypeDescription
Picus.SimulationThreatsStringThreat list of simulation

picus-get-simulation-actions#


This command returns simulation result based on action list using threat ID, simulation ID and simulation run ID.

Base Command#

picus-get-simulation-actions

Input#

Argument NameDescriptionRequired
idSimulation ID.Required
run_idSimulation Run ID.Required
threat_idsThreat ID list ("111,222,333,...") or single threat ID can be given.Required
limitPagination value.Optional
offsetPagination value.Optional

Context Output#

PathTypeDescription
Picus.SimulationActionsStringAction Results(ID and result combination)

picus-get-mitigation-devices#


This command returns mitigation device information as obtained under Picus platform > Mitigation > Vendor Based Mitigations. Vendor based mitigation devices can be fetched using this command.

Base Command#

picus-get-mitigation-devices

Input#

Argument NameDescriptionRequired
idsSimulation ID list ("111,222,333,...") or single simulation ID can be given.Optional

Context Output#

There is no context output for this command.

picus-get-signature-list#


This command returns action based signature suggestions.

Base Command#

picus-get-signature-list

Input#

Argument NameDescriptionRequired
device_idMitigation Device ID.Required
action_idsAction ID list ("111,222,333,...") or single action ID can be given.Required

Context Output#

There is no context output for this command.

picus-set-paramPB#


Set parameter on playbook. (This command is only used on playbook)

Base Command#

picus-set-paramPB

Input#

Argument NameDescriptionRequired
agent_idSimulation Agent ID.Required
device_idDevice ID .Optional
simulation_idSimulation ID.Required

Context Output#

PathTypeDescription
Picus.param.agent_idStringAgent ID
Picus.param.device_idStringDevice ID
Picus.param.simulation_idStringSimulation ID

picus-filter-insecure-attacks#


Filter insecure attacks on playbook. (This command is only used on playbook)

Base Command#

picus-filter-insecure-attacks

Input#

Argument NameDescriptionRequired
threatinfoThreat id and result combine. Used for playbook.Required

Context Output#

PathTypeDescription
Picus.filterinsecureStringInsecure Attack List