Skip to main content

RemoteAccess v2

This Integration is part of the Remote Access Pack.#

Supported versions

Supported Cortex XSOAR versions: 6.0.0 and later.

This integration transfers files between Cortex XSOAR and a remote machine and executes commands on the remote machine.

Some changes have been made that might affect your existing content. If you are upgrading from a previous version of this integration, see Breaking Changes.

Note: This integration was integrated and tested on a remote machine with Centos-7 operating system. It does not work with Windows operation system.

Configure RemoteAccess v2 on Cortex XSOAR#

  1. Navigate to Settings > Integrations > Servers & Services.

  2. Search for RemoteAccess v2.

  3. Click Add instance to create and configure a new integration instance.

    ParameterDescriptionRequired
    Default Hostname or IP AddressTrue
    UserFor example, "root".False
    PasswordThe password of the remote machine.False
    sshKeyThe private RSA key to authenticate to the remote machine, should be configured within the credentials object.False
    Additional PasswordRequires an additional password as an argument to run any command of this module.False
    CiphersA comma-separated list of ciphers to use. If none of the specified ciphers are agreed to by the server, an error message specifying the supported ciphers is returned.False
    Key AlgorithmsA comma-separated list of key algorithms to use. If none of the specified key algorithms are agreed to by the server, an error specifying the supported key algorithms is returned.False
  4. Click Test to validate the URLs, token, and connection.

Configure SSH From Remote#

For login using root:

  1. Edit the /etc/ssh/sshd_config file.
  • set PermitRootLogin to yes
  • set PasswordAuthentication to yes
  1. Restart the sshd server: service sshd restart

Configure the instance with SSH certificate#

Currently, the only type of certificate that is supported is RSA private keys (.PEM) files. In case access is required to an instance in the cloud, use the PEM file provided by the cloud provider.

Commands#

You can execute these commands from the Cortex XSOAR CLI, as part of an automation, or in a playbook. After you successfully execute a command, a DBot message appears in the War Room with the command details.

ssh#


Run the specified command on the remote system with SSH.

Base Command#

ssh

Input#

Argument NameDescriptionRequired
cmdCommand to run on the remote machine.Required
additional_passwordPassword required to match the Additional Password parameter if it was supplied to run the command.Optional
timeoutTimeout for command in seconds.Optional

Context Output#

PathTypeDescription
RemoteAccess.Command.outputStringStandard output of the specified command.
RemoteAccess.Command.errorStringStandard error output of the specified command.
RemoteAccess.Command.successBooleanWhether the operation was successful.
RemoteAccess.Command.commandStringCommand that was run.

Command Example#

!ssh command="echo test"

Context Example#

{
"RemoteAccess": {
"Command": [
{
"command": "echo test",
"error": "",
"output": "test\n",
"success": true
}
]
}
}

Human Readable Output#

Command echo test Outputs#

commandoutputsuccess
echo testtest
true

copy-to#


Copies the given file from Cortex XSOAR to the remote machine.

Base Command#

copy-to

Input#

Argument NameDescriptionRequired
entry_idEntry ID of the file to be copied from Cortex XSOAR to the remote machine.Optional
destination_pathDestination of the path of the copied file in the remote machine. Defaults to the entry_id file name if not specified.Optional
additional_passwordPassword. Required to match the Additional Password parameter if it was supplied in order to run the command.Optional
timeoutTimeout for command in seconds. Default is 10.0 seconds.Optional
dest-dirDestination of the directory to copy the file to in the remote machine. The file name of the entry_id will be used as the file name in the destination directory. Creates the destination directory in the remote machine if it does not exist.Optional
entryThis input is deprecated. Please use the entry_id input instead.Optional

Context Output#

There is no context output for this command.

Command Example#

!copy-to entry_id=104@49493d71-eef6-4bb4-8075-4be38d9bc340 destination_path="test/cortex_copied_file"

Human Readable Output#

The file corresponding to entry ID: 104@49493d71-eef6-4bb4-8075-4be38d9bc340 was copied to remote host.#

copy-from#


Copies the given file from the remote machine to Cortex XSOAR.

Base Command#

copy-from

Input#

Argument NameDescriptionRequired
file_pathPath of the file in the remote machine to be copied to Cortex XSOAR.Optional
file_nameName of the file to be copied to Cortex XSOAR. Defaults to the file name in file_path if not specified. For example, if file_path is "a/b/c.txt", the file name will be c.txt.Optional
additional_passwordPassword required to match the Additional Password parameter if it was supplied to run the command.Optional
timeoutTimeout for command, in seconds. Default is 10.0 seconds.Optional
fileThis input is deprecated. Please use the file_path input instead.Optional

Context Output#

PathTypeDescription
File.NameStringThe full file name (including the file extension).
File.EntryIDStringThe ID for locating the file in the War Room.
File.SizeNumberThe size of the file in bytes.
File.MD5StringThe MD5 hash of the file.
File.SHA1StringThe SHA1 hash of the file.
File.SHA256StringThe SHA256 hash of the file.
File.SHA512StringThe SHA512 hash of the file.
File.ExtensionStringThe file extension. For example: "xls".
File.TypeStringThe file type, as determined by libmagic (same as displayed in file entries).

Command Example#

!copy-from file_path="test/remote_file.txt" file_name="CopiedRemoteFile"

Context Example#

{
"File": {
"EntryID": "165@49493d71-eef6-4bb4-8075-4be38d9bc340",
"Info": "text/plain",
"MD5": "c5253b90e791d18439a84511c382616b",
"Name": "CopiedRemoteFile",
"SHA1": "98c94e6e64b7a52576870fc07a0da5f33243c505",
"SHA256": "bf98cd7cda320c300218397d9ee1df263415aac7f0f41c8f57dee7944e68fba0",
"SHA512": "6f2199d786a13c7b8cd6d268166a26f4423d4aa1e4ba59565e9130da01555d83d190870dade6098fe7992425e0d2d9128841b92f419dbf4193a6112c4cf7264f",
"SSDeep": "3:9bLbEin:6i",
"Size": 16,
"Type": "ASCII text, with no line terminators"
}
}

Human Readable Output#

Breaking changes from the previous version of this integration - RemoteAccess v2#

  • Removed the Interactive terminal mode instance parameter.
  • Removed the Terminal Type instance parameter.

Commands#

Arguments#

The following argument names were changed, added, or removed in this version#

Remote Access Command NameOld Command Argument NameNew Command Name
sshsystemArgument was removed
copy-tosystemArgument was removed
copy-tofileIDArgument was removed
copy-tosystemArgument was removed
copy-fromArgument did not existcopy-from
copy-fromsystemArgument was removed

Outputs#

The following outputs were removed in this version:#

Remote Access Command NameOld Command OutputsRemote Access v2 Command NameNew Command Outputs
sshCommand outputs were:
- command
- stdout
- stderr
- remote machine IP
- success status
sshOutputs:
- stdout
- stderr