Skip to main content

Qintel PMI

This Integration is part of the Qintel Pack.#

Supported versions

Supported Cortex XSOAR versions: 6.0.0 and later.

Qintel’s Patch Management Intelligence (PMI) product simplifies the vulnerability management process by providing vital context around reported Common Vulnerabilities and Exposures. With this integration, users can query PMI to surface CVEs that are known by Qintel to be leveraged by eCrime and Nation State adversaries. This integration was integrated and tested with version 0.16.0 of PMI

Configure QintelPMI on Cortex XSOAR#

  1. Navigate to Settings > Integrations > Servers & Services.

  2. Search for QintelPMI.

  3. Click Add instance to create and configure a new integration instance.

    ParameterRequired
    PMI API URL (optional)False
    Qintel CredentialsTrue
    PasswordTrue
    Trust any certificate (not secure)False
    Use system proxy settingsFalse
  4. Click Test to validate the URLs, token, and connection.

Commands#

You can execute these commands from the Cortex XSOAR CLI, as part of an automation, or in a playbook. After you successfully execute a command, a DBot message appears in the War Room with the command details.

cve#


Queries Qintel for CVE intelligence

Base Command#

cve

Input#

Argument NameDescriptionRequired
cveList of CVEs.Required

Context Output#

PathTypeDescription
CVE.IDStringThe ID of the CVE, for example: CVE-2015-1653
CVE.CVSSStringThe CVSS of the CVE, for example: 10.0
CVE.PublishedDateThe timestamp of when the CVE was published.
CVE.ModifiedDateThe timestamp of when the CVE was last modified.
CVE.DescriptionStringA description of the CVE.
Qintel.CVE.IDstringThe ID of the CVE
Qintel.CVE.AffectedSystemstringSystems affected by the CVE
Qintel.CVE.AffectedVersionsstringSystems affected by the CVE
Qintel.CVE.LastObservedstringLast threat actor observation time
Qintel.CVE.ObservationsarrayList of observations
DBotScore.IndicatorStringThe indicator that was tested.
DBotScore.ScoreNumberThe actual score.
DBotScore.TypeStringThe indicator type.
DBotScore.VendorStringThe vendor used to calculate the score.

Command Example#

!cve cve=CVE-2021-0123

Context Example#

{
"CVE": {
"CVSS": "None",
"Description": "None",
"ID": "CVE-2021-0123",
"Modified": "None",
"Published": "None"
},
"DBotScore": {
"Indicator": "CVE-2021-0123",
"Score": 0,
"Type": "cve",
"Vendor": null
},
"Qintel": {
"CVE": {
"AffectedSystem": "Example System",
"AffectedVersions": "1.0, 1.1",
"LastObserved": "2021-04-20 04:00:00",
"Observations": [
{
"actor": "Unattributed Threat Actor",
"actor_type": "other",
"date_observed": "2021-04-20 04:00:00",
"exploit_notes": null,
"exploit_type": "cve"
}
],
"id": "CVE-2021-0123"
}
}
}

Human Readable Output#

Qintel vulnerability results for: CVE-2021-0123#

Vulnerability in Example System affecting versions: 1.0, 1.1 Last observed: 2021-04-20 04:00:00 |actor|actor_type|exploit_type|exploit_notes|date_observed| |---|---|---|---|---| | Unattributed Threat Actor | other | cve | | 2021-04-20 04:00:00 |