Resecurity Monitoring
This Integration is part of the Resecurity Pack.#
Supported versions
Supported Cortex XSOAR versions: 6.8.0 and later.
This package allows retrieving asset monitoring results from monitoring tasks that can be configured in Resecurity® CTI and Resecurity® DRM platforms. This integration was integrated and tested with version 1.01 of ResecurityMonitoring
Configure Resecurity Monitoring on Cortex XSOAR#
Navigate to Settings > Integrations > Servers & Services.
Search for Resecurity Monitoring.
Click Add instance to create and configure a new integration instance.
Parameter Description Required Your server URL True API Key The API Key to use for connection True Trust any certificate (not secure) False Use system proxy settings False Click Test to validate the URLs, token, and connection.
Commands#
You can execute these commands from the Cortex XSOAR CLI, as part of an automation, or in a playbook. After you successfully execute a command, a DBot message appears in the War Room with the command details.
resecurity-get-task-monitor-results-data-breaches#
Retrieve monitoring results from a specific monitor task
Base Command#
resecurity-get-task-monitor-results-data-breaches
Input#
| Argument Name | Description | Required |
|---|---|---|
| monitor_task_id | Monitor Task ID. | Required |
| page | Page number. The results will be returned only for specified page if param value is not empty. | Optional |
| page_size | Page size. Possible range of values: 1 - 50. Default value is 20. | Optional |
| limit | Limit of the records in dataset. Default value is 1000. | Optional |
| mode | Affects which results will be included in dataset. Possible values: 1 - only new results, 2 - last results (default value), 3 - all results. | Optional |
Context Output#
| Path | Type | Description |
|---|---|---|
| Resecurity.DataBreach.id | String | Data breach ID |
| Resecurity.DataBreach.query | String | The query for which the result was found |
| Resecurity.DataBreach.detection_date | Number | Data breach detection date |
| Resecurity.DataBreach.email | String | Data breach email |
| Resecurity.DataBreach.username | String | Data breach username |
| Resecurity.DataBreach.password | String | Data breach password |
| Resecurity.DataBreach.password_hash | String | Data breach password hash |
| Resecurity.DataBreach.salt | String | Data breach salt |
| Resecurity.DataBreach.ip | String | Data breach IP address |
| Resecurity.DataBreach.source_name | String | Data breach source name |
Command example#
!resecurity-get-task-monitor-results-data-breaches monitor_task_id=1 limit=2 mode=2
Context Example#
Human Readable Output#
Breaches results from task with ID 1#
date detection_date id info ip password password_hash query salt source_name username 2016-11-04 21:55:00 2023-03-18 13:14:04 email@domain.test 11192938 95.112.168.138 71356c329abee63757ecb3f60b5f90be34ab47caa85d41344cea3f9c92f38eea0313bf60650fe2149e4a2e169d492d9b59a71e97d7331d74caa8b054b448cf04 domain.test source1 JMBStarYT 2016-11-30 21:30:00 2023-03-18 13:14:04 email@domain.test 47200407 86.178.141.167 c2f5c61a8ad5dc1ef8c0478617cac76a domain.test source2
Command example#
!resecurity-get-task-monitor-results-data-breaches monitor_task_id=1 page_size=2 page=10 mode=2
Context Example#
Human Readable Output#
Breaches results from task with ID 1#
date detection_date id info ip password password_hash query salt source_name username 2016-12-07 15:53:00 2023-03-18 13:14:04 test@test.test 361424177 aaaaaa test.test source3 2016-12-07 15:53:00 2023-03-18 13:14:04 test@test.test 361832967 pppppp test.test source3