RemoteAccess v2
Remote Access Pack.#
This Integration is part of theSupported versions
Supported Cortex XSOAR versions: 6.0.0 and later.
This integration transfers files between Cortex XSOAR and a remote machine and executes commands on the remote machine.
Some changes have been made that might affect your existing content. If you are upgrading from a previous version of this integration, see Breaking Changes.
Note: This integration was integrated and tested on a remote machine with Centos-7 operating system. It does not work with Windows operation system.
#
Configure RemoteAccess v2 in CortexParameter | Description | Required |
---|---|---|
Default Hostname or IP Address | If not provided, "host" or "system" should be provided in the command's arguments. | False |
User | For example, "root". | False |
Password | The password of the remote machine. | False |
sshKey | The private RSA key to authenticate to the remote machine, should be configured within the credentials object. | False |
Additional Password | Requires an additional password as an argument to run any command of this module. | False |
Ciphers | A comma-separated list of ciphers to use. If none of the specified ciphers are agreed to by the server, an error message specifying the supported ciphers is returned. | False |
Key Algorithms | A comma-separated list of key algorithms to use. If none of the specified key algorithms are agreed to by the server, an error message specifying the supported key algorithms is returned. | False |
#
Configure SSH From RemoteFor login using root:
- Edit the /etc/ssh/sshd_config file.
- set
PermitRootLogin
toyes
- set
PasswordAuthentication
toyes
- Restart the sshd server:
service sshd restart
#
Configure the instance with SSH certificateCurrently, the only type of certificate that is supported is RSA private keys (.PEM) files. In case access is required to an instance in the cloud, use the PEM file provided by the cloud provider.
#
CommandsYou can execute these commands from the CLI, as part of an automation, or in a playbook. After you successfully execute a command, a DBot message appears in the War Room with the command details.
#
sshRun the specified command on the remote system with SSH.
#
Base Commandssh
#
InputArgument Name | Description | Required |
---|---|---|
cmd | Command to run on the remote machine. To combine commands and run them in a single SSH session, concatenate them using semicolons (;) e.g., 'echo 1;echo 2'. | Required |
additional_password | Password required to match the Additional Password parameter if it was supplied to run the command. | Optional |
timeout | Timeout for command in seconds. | Optional |
system | System to run the command on. | Optional |
host | Host name to run the command on. | Optional |
port | Port to run the command on. | Optional |
#
Context OutputPath | Type | Description |
---|---|---|
RemoteAccess.Command.output | String | Standard output of the specified command. |
RemoteAccess.Command.error | String | Standard error output of the specified command. |
RemoteAccess.Command.success | Boolean | Whether the operation was successful. |
RemoteAccess.Command.command | String | Command that was run. |
#
Command Example!ssh command="echo test"
#
Context Example#
Human Readable Output#
Command echo test Outputs
command output success echo test test true
#
copy-toCopies the given file from Cortex XSOAR to the remote machine.
#
Base Commandcopy-to
#
InputArgument Name | Description | Required |
---|---|---|
entry_id | Entry ID of the file to be copied from Cortex XSOAR to the remote machine. | Optional |
destination_path | Destination of the path of the copied file in the remote machine. Defaults to the entry_id file name if not specified. | Optional |
additional_password | Password. Required to match the Additional Password parameter if it was supplied in order to run the command. | Optional |
timeout | Timeout for command in seconds. Default is 10.0 seconds. | Optional |
dest-dir | Destination of the directory to copy the file to in the remote machine. The file name of the entry_id will be used as the file name in the destination directory. Creates the destination directory in the remote machine if it does not exist. | Optional |
entry | This input is deprecated. Please use the entry_id input instead. | Optional |
system | System to run the command on. | Optional |
host | Host name to run the command on. | Optional |
port | Port to run the command on. | Optional |
#
Context OutputThere is no context output for this command.
#
Command Example!copy-to entry_id=104@49493d71-eef6-4bb4-8075-4be38d9bc340 destination_path="test/cortex_copied_file"
#
Human Readable Output#
The file corresponding to entry ID: 104@49493d71-eef6-4bb4-8075-4be38d9bc340 was copied to remote host.
#
copy-fromCopies the given file from the remote machine to Cortex XSOAR.
#
Base Commandcopy-from
#
InputArgument Name | Description | Required |
---|---|---|
file_path | Path of the file in the remote machine to be copied to Cortex XSOAR. | Optional |
file_name | Name of the file to be copied to Cortex XSOAR. Defaults to the file name in file_path if not specified. For example, if file_path is "a/b/c.txt", the file name will be c.txt. | Optional |
additional_password | Password required to match the Additional Password parameter if it was supplied to run the command. | Optional |
timeout | Timeout for command, in seconds. Default is 10.0 seconds. | Optional |
file | This input is deprecated. Please use the file_path input instead. | Optional |
system | System to run the command on. | Optional |
host | Host name to run the command on. | Optional |
port | Port to run the command on. | Optional |
#
Context OutputPath | Type | Description |
---|---|---|
File.Name | String | The full file name (including the file extension). |
File.EntryID | String | The ID for locating the file in the War Room. |
File.Size | Number | The size of the file in bytes. |
File.MD5 | String | The MD5 hash of the file. |
File.SHA1 | String | The SHA1 hash of the file. |
File.SHA256 | String | The SHA256 hash of the file. |
File.SHA512 | String | The SHA512 hash of the file. |
File.Extension | String | The file extension. For example: "xls". |
File.Type | String | The file type, as determined by libmagic (same as displayed in file entries). |
#
Command Example!copy-from file_path="test/remote_file.txt" file_name="CopiedRemoteFile"
#
Context Example#
Human Readable Output#
Breaking changes from the previous version of this integration - RemoteAccess v2- Removed the Interactive terminal mode instance parameter.
- Removed the Terminal Type instance parameter.
#
Commands#
Arguments#
The following argument names were changed, added, or removed in this versionRemote Access Command Name | Old Command Argument Name | New Command Name |
---|---|---|
copy-to | fileID | Argument was removed |
copy-from | Argument did not exist | file_name |
#
Outputs#
The following outputs were removed in this version:Remote Access Command Name | Old Command Outputs | Remote Access v2 Command Name | New Command Outputs |
---|---|---|---|
ssh | Command outputs were: - command - stdout - stderr - remote machine IP - success status | ssh | Outputs: - stdout - stderr |