Skip to main content

SecurityScorecard

This Integration is part of the SecurityScorecard Pack.#

Supported versions

Supported Cortex XSOAR versions: 6.0.0 and later.

Configure SecurityScorecard on Cortex XSOAR#

Provides scorecards for domains.

Configuration#

  1. Navigate to Settings > Integrations > Servers & Services.

  2. Search for SecurityScorecard.

  3. Click Add instance to create and configure a new integration instance.

    ParameterDescriptionRequired
    SecurityScorecard API Base URLTrue
    Username/EmailThe SecurityScorecard username/email.True
    API TokenTrue
    Incidents Fetch IntervalScheduled interval for alert fetching.False
    Fetch LimitMaximum number of alerts per fetch. The maximum is 50.False
    First fetchFirst fetch query <number> <time unit>, e.g. 7 daysFalse
  4. Click Test to validate the URLs, token, and connection.

Commands#

You can execute these commands from the Cortex XSOAR CLI, as part of an automation, or in a playbook. After you successfully execute a command, a DBot message appears in the War Room with the command details.

securityscorecard-portfolios-list#


List all Portfolios

Base Command#

securityscorecard-portfolios-list

Input#

Argument NameDescriptionRequired
limitLimit the amount of Portfolios to return. Defaults to 50.Optional

Context Output#

PathTypeDescription
SecurityScorecard.Portfolio.idStringPortfolio ID
SecurityScorecard.Portfolio.nameStringPortfolio name
SecurityScorecard.Portfolio.descriptionStringPortfolio description
SecurityScorecard.Portfolio.privacyStringPortfolio privacy.
SecurityScorecard.Portfolio.read_onlyBooleanWhether the portfolio is read-only.

Command Example#

!securityscorecard-portfolios-list limit=3

Context Example#

{
"SecurityScorecard": {
"Portfolio": [
{
"created_at": "2021-06-14T17:07:14.266Z",
"id": "60c78cc2d63162001a68c2b8",
"name": "username@domain.com",
"privacy": "private",
"read_only": true
},
{
"id": "60b7e8ea8242c000b8000000",
"name": "Company Portfolio",
"privacy": "shared",
"read_only": true
},
{
"created_at": "2021-06-15T15:23:37.476Z",
"id": "60c8c5f9139e40001908c6a4",
"name": "test_portfolio",
"privacy": "private"
}
]
}
}

Human Readable Output#

Your SecurityScorecard Portfolios (first 3) |id|name|privacy| |---|---|---| | 60c78cc2d63162001a68c2b8 | username@domain.com | private | | 60b7e8ea8242c000b8000000 | Paloaltonetworks App | shared | | 60c8c5f9139e40001908c6a4 | test_portfolio | private |

securityscorecard-portfolio-list-companies#


Lists all companies in Portfolio.

Base Command#

securityscorecard-portfolio-list-companies

Input#

Argument NameDescriptionRequired
portfolio_idPortfolio ID. The Portfolio ID can be retrieved using the 'securityscorecard-portfolios-list' command.Required
gradeGrade filter. To filter multiple grades, comma-separate them, e.g. A,B. Possible values are: A, B, C, D, E, F.Optional
industryIndustry filter. To filter multiple industries, comma-separate them, e.g. education,financial_services. Possible values are: education, financial_services, food, government, healthcare, information_services, manufacturing, retail, technology.Optional
vulnerabilityVulnerability filter.Optional
issue_typeComma-separated list of issue types. Possible values are: adware_installation_trail, adware_installation, alleged_breach_incident, chatter, anonymous_proxy, service_cassandra, service_couchdb, attack_detected, attack_feed, new_booter_shell, spa_browser, cdn_hosting, tlscert_expired, tlscert_revoked, tlscert_self_signed, tlscert_excessive_expiration, tlscert_weak_signature, tlscert_no_revocation, service_cloud_provider, csp_no_policy_v2, csp_unsafe_policy_v2, csp_too_broad_v2, marketing_site, cookie_missing_secure_attribute, short_term_lending_site, leaked_credentials, leaked_credentials_info, service_dns, new_defacement, ransomware_victim, domain_uses_hsts_preloading, service_elasticsearch, employee_satisfaction, service_end_of_life, service_end_of_service, exposed_personal_information, exposed_personal_information_info, admin_subdomain_v2, tlscert_extended_validation, service_ftp, patching_cadence_high, web_vuln_host_high, service_vuln_host_high, service_imap, iot_camera, industrial_control_device, insecure_https_redirect_pattern_v2, service_ldap, service_ldap_anonymous, social_network_issues, patching_cadence_low, web_vuln_host_low, service_vuln_host_low, spf_record_malformed, malware_controller, malware_1_day, malware_30_day, malware_365_day, malware_infection, malware_infection_trail, patching_cadence_medium, web_vuln_host_medium, service_vuln_host_medium, service_microsoft_sql, minecraft_server, service_mongodb, no_browser_policy, service_mysql, service_neo4j, service_networking, object_storage_bucket_with_risky_acl, open_resolver, exposed_ports, service_open_vpn, service_oracle_db, outdated_os, outdated_browser, non_malware_events_last_month, service_pop3, service_pptp, phishing, typosquat, service_postgresql, exploited_product, public_text_credit_cards, public_text_database_dump, public_text_hashes, public_text_mention, public_text_password_dump, service_pulse_vpn, service_rdp, ransomware_association, redirect_chain_contains_http_v2, service_redis, remote_access, service_smb, mail_server_unusual_port, service_soap, spf_record_wildcard, spf_record_softfail, spf_record_missing, ssh_weak_protocol, ssh_weak_cipher, ssh_weak_mac, tls_weak_protocol, github_information_leak_disclosure, google_information_leak_disclosure, cookie_missing_http_only, domain_missing_https_v2, suspicious_traffic, tls_ocsp_stapling, tls_weak_cipher, telephony, service_telnet, tor_node_events_last_month, upnp_accessible, unsafe_sri_v2, uce, service_vnc, dnssec_detected, waf_detected_v2, hsts_incorrect_v2, hosted_on_object_storage_v2, references_object_storage_v2, x_content_type_options_incorrect_v2, x_frame_options_incorrect_v2, x_xss_protection_incorrect_v2, service_rsync.Optional
had_breach_within_last_daysDomains with breaches in the last X days. Possible values are numbers, e.g. 1000.Optional

Context Output#

PathTypeDescription
SecurityScorecard.Portfolio.Company.domainStringCompany domain.
SecurityScorecard.Portfolio.Company.nameStringCompany name.
SecurityScorecard.Portfolio.Company.scoreNumberCompany overall score in numeric form (55-100).
SecurityScorecard.Portfolio.Company.gradeStringCompany overall score in letter grade.
SecurityScorecard.Portfolio.Company.grade_urlStringCompany overall score URL to SVG asset.
SecurityScorecard.Portfolio.Company.last30days_score_changeNumberCompany overall score numeric change (±) in the last month.
SecurityScorecard.Portfolio.Company.industryStringIndustry category of the domain.
SecurityScorecard.Portfolio.Company.sizeStringCompany size, e.g. 'size_more_than_10000'
SecurityScorecard.Portfolio.Company.is_custom_vendorBooleanWhether the company is a custom vendor.
SecurityScorecard.Portfolio.Company.totalNumberTotal number of companies in Portfolio.

Command Example#

!securityscorecard-portfolio-list-companies portfolio_id=60c78cc2d63162001a68c2b8 grade=A industry=information_services

Context Example#

{
"SecurityScorecard": {
"Portfolio": {
"Company": {
"domain": "berkshirehathaway.com",
"grade": "A",
"grade_url": "https://s3.amazonaws.com/ssc-static/grades/factor_a.svg",
"industry": "information_services",
"is_custom_vendor": false,
"last30days_score_change": 0,
"name": "Berkshire Hathaway Inc.",
"score": 98,
"size": "size_more_than_10000"
}
}
}
}

Human Readable Output#

1 companies found in Portfolio 60c78cc2d63162001a68c2b8#

domainnamescorelast30days_score_changeindustrysize
berkshirehathaway.comBerkshire Hathaway Inc.980information_servicessize_more_than_10000

securityscorecard-company-score-get#


Retrieve company overall score.

Base Command#

securityscorecard-company-score-get

Input#

Argument NameDescriptionRequired
domainCompany domain, e.g. somecompany.com. The company must first be added to a Portfolio in order to be able to get its score.Required

Context Output#

PathTypeDescription
SecurityScorecard.Company.Score.domainStringCompany domain.
SecurityScorecard.Company.Score.nameStringCompany name.
SecurityScorecard.Company.Score.scoreNumberCompany overall score in numeric form (55-100).
SecurityScorecard.Company.Score.gradeStringCompany overall score in letter grade form (A-F).
SecurityScorecard.Company.Score.last30days_score_changeNumberCompany overall score numeric change (±) in the last month.
SecurityScorecard.Company.Score.industryStringndustry category of the domain.
SecurityScorecard.Company.Score.sizeStringCompany size, e.g. 'size_more_than_10000'

Command Example#

!securityscorecard-company-score-get domain=somecompany.com

Context Example#

{
"SecurityScorecard": {
"Company": {
"Score": {
"created_at": "2014-04-18T23:00:55.588Z",
"domain": "somecompany.com",
"grade": "C",
"grade_url": "https://s3.amazonaws.com/ssc-static/grades/factor_c.svg",
"industry": "technology",
"last30day_score_change": 0,
"name": "Google",
"score": 74,
"size": "size_more_than_10000",
"tags": [
"service_provider"
]
}
}
}
}

Human Readable Output#

Domain somecompany.com Scorecard#

namegradescoreindustrylast30day_score_changesize
GoogleC74technology0size_more_than_10000

securityscorecard-company-factor-score-get#


Retrieve company factor score.

Base Command#

securityscorecard-company-factor-score-get

Input#

Argument NameDescriptionRequired
domainCompany domain.Required
severityIssue severity filter. Comma-separated list of the following values: 'positive', 'info', 'low', 'medium', 'high'.Optional

Context Output#

PathTypeDescription
SecurityScorecard.Company.Factor.nameStringFactor name.
SecurityScorecard.Company.Factor.scoreNumberFactor score in numeric form (55-100)
SecurityScorecard.Company.Factor.gradeStringFactor score in letter grade form (A-F)
SecurityScorecard.Company.Factor.Issue.typeStringType of issue found
SecurityScorecard.Company.Factor.Issue.countNumberHow many times the issue was found
SecurityScorecard.Company.Factor.Issue.severityStringSeverity of the issue
SecurityScorecard.Company.Factor.Issue.total_score_impactNumberContribution of issue on overall score
SecurityScorecard.Company.Factor.Issue.detail_urlStringURL to the details of the issue
SecurityScorecard.Company.Factor.totalNumberNumber of factors returned

Command Example#

!securityscorecard-company-factor-score-get domain=somecompany.com severity_in=high

Context Example#

{
"SecurityScorecard": {
"Company": {
"Factor": [
{
"grade": "F",
"grade_url": "https://s3.amazonaws.com/ssc-static/grades/factor_f.svg",
"issue_summary": [
{
"count": 14,
"detail_url": "https://api.securityscorecard.io/companies/somecompany.com/issues/insecure_https_redirect_pattern_v2/",
"severity": "medium",
"total_score_impact": 2.8799643274287376,
"type": "insecure_https_redirect_pattern_v2"
},
{
"count": 5,
"detail_url": "https://api.securityscorecard.io/companies/somecompany.com/issues/domain_missing_https_v2/",
"severity": "high",
"total_score_impact": 4.0102975263373395,
"type": "domain_missing_https_v2"
},
{
"count": 38,
"detail_url": "https://api.securityscorecard.io/companies/somecompany.com/issues/csp_no_policy_v2/",
"severity": "medium",
"total_score_impact": 5.201100632206234,
"type": "csp_no_policy_v2"
},
{
"count": 43,
"detail_url": "https://api.securityscorecard.io/companies/somecompany.com/issues/csp_unsafe_policy_v2/",
"severity": "info",
"total_score_impact": 0,
"type": "csp_unsafe_policy_v2"
},
{
"count": 4,
"detail_url": "https://api.securityscorecard.io/companies/somecompany.com/issues/redirect_chain_contains_http_v2/",
"severity": "medium",
"total_score_impact": 1.0326184028639176,
"type": "redirect_chain_contains_http_v2"
},
{
"count": 6,
"detail_url": "https://api.securityscorecard.io/companies/somecompany.com/issues/references_object_storage_v2/",
"severity": "info",
"total_score_impact": 0,
"type": "references_object_storage_v2"
},
{
"count": 56,
"detail_url": "https://api.securityscorecard.io/companies/somecompany.com/issues/unsafe_sri_v2/",
"severity": "info",
"total_score_impact": 0,
"type": "unsafe_sri_v2"
},
{
"count": 28,
"detail_url": "https://api.securityscorecard.io/companies/somecompany.com/issues/x_frame_options_incorrect_v2/",
"severity": "low",
"total_score_impact": 1.091096316549013,
"type": "x_frame_options_incorrect_v2"
},
{
"count": 73,
"detail_url": "https://api.securityscorecard.io/companies/somecompany.com/issues/x_xss_protection_incorrect_v2/",
"severity": "info",
"total_score_impact": 0,
"type": "x_xss_protection_incorrect_v2"
},
{
"count": 26,
"detail_url": "https://api.securityscorecard.io/companies/somecompany.com/issues/csp_too_broad_v2/",
"severity": "info",
"total_score_impact": 0,
"type": "csp_too_broad_v2"
},
{
"count": 90,
"detail_url": "https://api.securityscorecard.io/companies/somecompany.com/issues/hsts_incorrect_v2/",
"severity": "medium",
"total_score_impact": 4.856195629021897,
"type": "hsts_incorrect_v2"
},
{
"count": 9,
"detail_url": "https://api.securityscorecard.io/companies/somecompany.com/issues/x_content_type_options_incorrect_v2/",
"severity": "low",
"total_score_impact": 0.7205419642483406,
"type": "x_content_type_options_incorrect_v2"
}
],
"name": "application_security",
"score": 24
},
{
"grade": "B",
"grade_url": "https://s3.amazonaws.com/ssc-static/grades/factor_b.svg",
"issue_summary": [
{
"count": 5,
"detail_url": "https://api.securityscorecard.io/companies/somecompany.com/issues/admin_subdomain_v2/",
"severity": "low",
"total_score_impact": 0.45435810384235253,
"type": "admin_subdomain_v2"
}
],
"name": "cubit_score",
"score": 89
},
{
"grade": "A",
"grade_url": "https://s3.amazonaws.com/ssc-static/grades/factor_a.svg",
"issue_summary": [],
"name": "dns_health",
"score": 100
},
{
"grade": "A",
"grade_url": "https://s3.amazonaws.com/ssc-static/grades/factor_a.svg",
"issue_summary": [],
"name": "endpoint_security",
"score": 100
},
{
"grade": "A",
"grade_url": "https://s3.amazonaws.com/ssc-static/grades/factor_a.svg",
"issue_summary": [],
"name": "hacker_chatter",
"score": 100
},
{
"grade": "A",
"grade_url": "https://s3.amazonaws.com/ssc-static/grades/factor_a.svg",
"issue_summary": [
{
"count": 4,
"detail_url": "https://api.securityscorecard.io/companies/somecompany.com/issues/suspicious_traffic/",
"severity": "info",
"total_score_impact": 0,
"type": "suspicious_traffic"
},
{
"count": 31,
"detail_url": "https://api.securityscorecard.io/companies/somecompany.com/issues/uce/",
"severity": "info",
"total_score_impact": 0,
"type": "uce"
}
],
"name": "ip_reputation",
"score": 100
},
{
"grade": "A",
"grade_url": "https://s3.amazonaws.com/ssc-static/grades/factor_a.svg",
"issue_summary": [
{
"count": 14,
"detail_url": "https://api.securityscorecard.io/companies/somecompany.com/issues/leaked_credentials_info/",
"severity": "info",
"total_score_impact": 0,
"type": "leaked_credentials_info"
}
],
"name": "leaked_information",
"score": 100
},
{
"grade": "B",
"grade_url": "https://s3.amazonaws.com/ssc-static/grades/factor_b.svg",
"issue_summary": [
{
"count": 44,
"detail_url": "https://api.securityscorecard.io/companies/somecompany.com/issues/tlscert_excessive_expiration/",
"severity": "low",
"total_score_impact": 0.06768171402700318,
"type": "tlscert_excessive_expiration"
},
{
"count": 30,
"detail_url": "https://api.securityscorecard.io/companies/somecompany.com/issues/tlscert_self_signed/",
"severity": "medium",
"total_score_impact": 0.18204539659438979,
"type": "tlscert_self_signed"
},
{
"count": 71,
"detail_url": "https://api.securityscorecard.io/companies/somecompany.com/issues/tlscert_no_revocation/",
"severity": "low",
"total_score_impact": 0.07718961545099035,
"type": "tlscert_no_revocation"
},
{
"count": 731,
"detail_url": "https://api.securityscorecard.io/companies/somecompany.com/issues/tls_weak_cipher/",
"severity": "medium",
"total_score_impact": 0.3050661902513667,
"type": "tls_weak_cipher"
}
],
"name": "network_security",
"score": 89
},
{
"grade": "A",
"grade_url": "https://s3.amazonaws.com/ssc-static/grades/factor_a.svg",
"issue_summary": [],
"name": "patching_cadence",
"score": 100
},
{
"grade": "A",
"grade_url": "https://s3.amazonaws.com/ssc-static/grades/factor_a.svg",
"issue_summary": [
{
"count": 770,
"detail_url": "https://api.securityscorecard.io/companies/somecompany.com/issues/exposed_personal_information_info/",
"severity": "info",
"total_score_impact": 0,
"type": "exposed_personal_information_info"
}
],
"name": "social_engineering",
"score": 100
}
]
}
}
}

Human Readable Output#

Domain somecompany.com Scorecard#

namegradescoreissues
application_securityF2412
cubit_scoreB891
dns_healthA1000
endpoint_securityA1000
hacker_chatterA1000
ip_reputationA1002
leaked_informationA1001
network_securityB894
patching_cadenceA1000
social_engineeringA1001

securityscorecard-company-history-score-get#


Retrieve company historical scores

Base Command#

securityscorecard-company-history-score-get

Input#

Argument NameDescriptionRequired
domainCompany domain, e.g. somecompany.com.Required
fromInitial date for historical data. Value should be in format YYYY-MM-DD.Optional
toInitial date for historical data. Value should be in format YYYY-MM-DD.Optional
timingTiming granularity. Possible values are: daily, weekly.Optional

Context Output#

PathTypeDescription
SecurityScorecard.Company.ScoreHistory.domainStringCompany domain.
SecurityScorecard.Company.ScoreHistory.dateDateScore date.
SecurityScorecard.Company.ScoreHistory.scoreNumberCompany historical security score in numeric form (55-100)

Command Example#

!securityscorecard-company-history-score-get domain=somecompany.com from=2021-06-01 to=2021-06-28 timing=weekly

Context Example#

{
"SecurityScorecard": {
"Company": {
"ScoreHistory": [
{
"date": "2021-06-05T00:00:00.000Z",
"domain": "somecompany.com",
"score": 76
},
{
"date": "2021-06-12T00:00:00.000Z",
"domain": "somecompany.com",
"score": 76
},
{
"date": "2021-06-19T00:00:00.000Z",
"domain": "somecompany.com",
"score": 76
},
{
"date": "2021-06-26T00:00:00.000Z",
"domain": "somecompany.com",
"score": 75
},
{
"date": "2021-06-28T00:00:00.000Z",
"domain": "somecompany.com",
"score": 74
}
]
}
}
}

Human Readable Output#

Historical Scores for Domain somecompany.com#

datescore
2021-06-05T00:00:00.000Z76
2021-06-12T00:00:00.000Z76
2021-06-19T00:00:00.000Z76
2021-06-26T00:00:00.000Z75
2021-06-28T00:00:00.000Z74

securityscorecard-company-history-factor-score-get#


Retrieve company historical factor scores

Base Command#

securityscorecard-company-history-factor-score-get

Input#

Argument NameDescriptionRequired
domainCompany domain, e.g. somecompany.com.Required
fromInitial date for historical data. Value should be in format 'YYYY-MM-DD'.Optional
toInitial date for historical data. Value should be in format 'YYYY-MM-DD'.Optional
timingTiming granularity. or "monthly". Possible values are: daily, weekly, monthly.Optional

Context Output#

PathTypeDescription
SecurityScorecard.Company.FactorHistory.domainStringCompany domain.
SecurityScorecard.Company.FactorHistory.dateDateScore date.
SecurityScorecard.Company.FactorHistory.Factor.nameNumberFactor name.
SecurityScorecard.Company.FactorHistory.scoreNumberCompany historical security score in numeric form (55-100)

Command Example#

!securityscorecard-company-history-factor-score-get domain=somecompany.com from=2021-06-01 to=2021-06-30 timing=weekly

Context Example#

{
"SecurityScorecard": {
"Company": {
"FactorHistory": [
{
"date": "2021-06-05T00:00:00.000Z",
"domain": "somecompany.com",
"factors": [
{
"name": "endpoint_security",
"score": 100
},
{
"name": "application_security",
"score": 32
},
{
"name": "hacker_chatter",
"score": 100
},
{
"name": "leaked_information",
"score": 100
},
{
"name": "network_security",
"score": 88
},
{
"name": "dns_health",
"score": 100
},
{
"name": "social_engineering",
"score": 100
},
{
"name": "ip_reputation",
"score": 100
},
{
"name": "patching_cadence",
"score": 100
},
{
"name": "cubit_score",
"score": 80
}
]
},
{
"date": "2021-06-12T00:00:00.000Z",
"domain": "somecompany.com",
"factors": [
{
"name": "endpoint_security",
"score": 100
},
{
"name": "application_security",
"score": 33
},
{
"name": "hacker_chatter",
"score": 100
},
{
"name": "leaked_information",
"score": 100
},
{
"name": "network_security",
"score": 88
},
{
"name": "dns_health",
"score": 100
},
{
"name": "social_engineering",
"score": 100
},
{
"name": "ip_reputation",
"score": 100
},
{
"name": "patching_cadence",
"score": 100
},
{
"name": "cubit_score",
"score": 80
}
]
},
{
"date": "2021-06-19T00:00:00.000Z",
"domain": "somecompany.com",
"factors": [
{
"name": "endpoint_security",
"score": 100
},
{
"name": "application_security",
"score": 34
},
{
"name": "hacker_chatter",
"score": 100
},
{
"name": "leaked_information",
"score": 100
},
{
"name": "network_security",
"score": 90
},
{
"name": "dns_health",
"score": 100
},
{
"name": "social_engineering",
"score": 100
},
{
"name": "ip_reputation",
"score": 93
},
{
"name": "patching_cadence",
"score": 100
},
{
"name": "cubit_score",
"score": 80
}
]
},
{
"date": "2021-06-26T00:00:00.000Z",
"domain": "somecompany.com",
"factors": [
{
"name": "endpoint_security",
"score": 100
},
{
"name": "application_security",
"score": 35
},
{
"name": "hacker_chatter",
"score": 100
},
{
"name": "leaked_information",
"score": 100
},
{
"name": "network_security",
"score": 90
},
{
"name": "dns_health",
"score": 100
},
{
"name": "social_engineering",
"score": 100
},
{
"name": "ip_reputation",
"score": 87
},
{
"name": "patching_cadence",
"score": 100
},
{
"name": "cubit_score",
"score": 80
}
]
},
{
"date": "2021-06-30T00:00:00.000Z",
"domain": "somecompany.com",
"factors": [
{
"name": "endpoint_security",
"score": 100
},
{
"name": "application_security",
"score": 34
},
{
"name": "hacker_chatter",
"score": 100
},
{
"name": "leaked_information",
"score": 100
},
{
"name": "network_security",
"score": 91
},
{
"name": "dns_health",
"score": 100
},
{
"name": "social_engineering",
"score": 100
},
{
"name": "ip_reputation",
"score": 86
},
{
"name": "patching_cadence",
"score": 100
},
{
"name": "cubit_score",
"score": 80
}
]
}
]
}
}
}

Human Readable Output#

Historical Factor Scores for Domain somecompany.com)#

datefactors
2021-06-05Endpoint Security: 100
Application Security: 32
Hacker Chatter: 100
Leaked Information: 100
Network Security: 88
Dns Health: 100
Social Engineering: 100
Ip Reputation: 100
Patching Cadence: 100
Cubit Score: 80
2021-06-12Endpoint Security: 100
Application Security: 33
Hacker Chatter: 100
Leaked Information: 100
Network Security: 88
Dns Health: 100
Social Engineering: 100
Ip Reputation: 100
Patching Cadence: 100
Cubit Score: 80
2021-06-19Endpoint Security: 100
Application Security: 34
Hacker Chatter: 100
Leaked Information: 100
Network Security: 90
Dns Health: 100
Social Engineering: 100
Ip Reputation: 93
Patching Cadence: 100
Cubit Score: 80
2021-06-26Endpoint Security: 100
Application Security: 35
Hacker Chatter: 100
Leaked Information: 100
Network Security: 90
Dns Health: 100
Social Engineering: 100
Ip Reputation: 87
Patching Cadence: 100
Cubit Score: 80
2021-06-30Endpoint Security: 100
Application Security: 34
Hacker Chatter: 100
Leaked Information: 100
Network Security: 91
Dns Health: 100
Social Engineering: 100
Ip Reputation: 86
Patching Cadence: 100
Cubit Score: 80

securityscorecard-alert-grade-change-create#


Create alert based on grade

Base Command#

securityscorecard-alert-grade-change-create

Input#

Argument NameDescriptionRequired
change_directionDirection of change. Possible values are: rises, drops.Required
score_typesComma-separated list of risk factors to monitor. Possible values are 'overall', 'any_factor_score', 'network_security', 'dns_health', 'patching_cadence', 'endpoint_security', 'ip_reputation', 'application_security', 'cubit_score', 'hacker_chatter', 'leaked_information', 'social_engineering'.Required
targetWhat do you want to monitor with this alert. This argument is required if the portfolios argument is not specified. Possible values are: my_scorecard, any_followed_company.Optional
portfoliosA comma-separated list of Portfolios. to use as a target for the alert. This argument is require if the target argument is not specified. You can get a list of portfolios by running !securityscorecard-portfolios-list.Optional

Context Output#

PathTypeDescription
SecurityScorecard.Alerts.GradeChangeAlert.idStringAlert ID

Command Example#

!securityscorecard-alert-grade-change-create change_direction=drops score_types=network_security,endpoint_security target=60c8c5f9139e40001908c6a4,my_scorecard

Context Example#

{
"SecurityScorecard": {
"Alerts": {
"GradeChangeAlert": "39f82660-1486-11ec-96c5-6991d4f42be9"
}
}
}

Human Readable Output#

Alert 39f82660-1486-11ec-96c5-6991d4f42be9 created

securityscorecard-alert-score-threshold-create#


Create alert based threshold met

Base Command#

securityscorecard-alert-score-threshold-create

Input#

Argument NameDescriptionRequired
change_directionDirection of change. Possible values are: rises_above, drops_below.Required
thresholdThe numeric score used as the threshold to trigger the alert.Required
score_typesComma separated list of risk factors to monitor. Possible values are 'overall', 'any_factor_score', 'network_security', 'dns_health', 'patching_cadence', 'endpoint_security', 'ip_reputation', 'application_security', 'cubit_score', 'hacker_chatter', 'leaked_information', 'social_engineering'. For multiple factors, provide comma-separated list, i.e. leaked_information,social_engineering.Required
targetWhat do you want to monitor with this alert. This argument is required if the portfolios argument is not specified. Possible values are: my_scorecard, any_followed_company.Optional
portfoliosA comma-separated list of Portfolios. to use as a target for the alert. This argument is require if the target argument is not specified. You can get a list of portfolios by running !securityscorecard-portfolios-list.Optional

Context Output#

PathTypeDescription
SecurityScorecard.Alerts.ScoreThresholdAlert.idStringAlert ID

Command Example#

!securityscorecard-alert-score-threshold-create change_direction=drops_below threshold=100 score_types=network_security,dns_health target=60c8c5f9139e40001908c6a4,my_scorecard

Context Example#

{
"SecurityScorecard": {
"Alerts": {
"ScoreThresholdAlert": "3cede6c0-1486-11ec-92bd-ff2223ac2147"
}
}
}

Human Readable Output#

Alert 3cede6c0-1486-11ec-92bd-ff2223ac2147 created

securityscorecard-alert-delete#


Delete an alert

Base Command#

securityscorecard-alert-delete

Input#

Argument NameDescriptionRequired
alert_idAlert ID.Required
alert_typeType of Alert to delete. Possible values are: score, grade.Required

Context Output#

There is no context output for this command.

Command Example#

securityscorecard-alert-delete alert_id=3cede6c0-1486-11ec-92bd-ff2223ac2147 alert_type=score

Human Readable Output#

Alert 3cede6c0-1486-11ec-92bd-ff2223ac2147 deleted

securityscorecard-alerts-list#


List alerts triggered in the last week

Base Command#

securityscorecard-alerts-list

Input#

Argument NameDescriptionRequired
portfolio_idPortfolio ID. Can be retrieved using !securityscorecard-portfolios-list.Optional

Context Output#

PathTypeDescription
SecurityScorecard.Alerts.Alert.idStringAlert ID
SecurityScorecard.Alerts.Alert.emailStringAlert email recipient.
SecurityScorecard.Alerts.Alert.change_typeStringAlert change type configured (score or threshold)
SecurityScorecard.Alerts.Alert.domainStringAlert domain
SecurityScorecard.Alerts.Alert.company_nameStringAlert company name
SecurityScorecard.Alerts.Alert.Portfolio.idarrayAlert Portfolio ID
SecurityScorecard.Alerts.Alert.my_scorecardBooleanWhether the alert was triggered on private scorecard. This depends on whether 'my_scorecard' was added to the optional argument 'target' when creating alerts using the 'securityscorecard-alert-score-threshold-create' and 'securityscorecard-alert-grade-change-create' commands.
SecurityScorecard.Alerts.Alert.created_atDateTimestamp of when the alert was triggered

Command Example#

!securityscorecard-alerts-list

Context Example#

{
"SecurityScorecard": {
"Alerts": {
"Alert": [
{
"Alert ID": "c2f4d398-6e3a-5c2b-a8ad-285427caf9eb",
"Company": "Shijigroup",
"Creation Time": "2021-09-10T01:04:24.064Z",
"Details": "**Patching Cadence** **drops** by -3 to 88 (B)\n",
"Domain": "shijigroup.com"
},
{
"Alert ID": "2314db36-0835-5f66-a733-b4042e858944",
"Company": "Palo Alto Networks",
"Creation Time": "2021-09-10T01:00:31.348Z",
"Details": "**Endpoint Security** **drops** by -1 to 69 (D)\n",
"Domain": "paloaltonetworks.com"
},
{
"Alert ID": "449bba34-b80d-584c-b331-17e73c74c125",
"Company": "ClickSoftware",
"Creation Time": "2021-09-10T01:00:18.981Z",
"Details": "**Network Security** **drops** by -1 to 89 (B)\n",
"Domain": "clicksoftware.com"
},
{
"Alert ID": "d0c8d408-0685-560e-9039-4130b0eabfef",
"Company": "GE Healthcare",
"Creation Time": "2021-09-08T22:20:09.478Z",
"Details": "**Network Security** **drops** by -1 to 69 (D)\n**Patching Cadence** **rises_above** by 4 to 73 (C)\n",
"Domain": "gehealthcare.com"
},
{
"Alert ID": "12242cf9-bb70-5def-896b-1ae3e6ab4054",
"Company": "Google",
"Creation Time": "2021-09-07T00:12:15.334Z",
"Details": "**Endpoint Security** **drops_below** by -8 to 92 (A)\n",
"Domain": "google.co.il"
},
{
"Alert ID": "2608711b-16c8-5382-8855-f86d539060da",
"Company": "Apple",
"Creation Time": "2021-09-07T00:11:51.044Z",
"Details": "**Dns Health** **rises** by 1 to 60 (D)\n",
"Domain": "apple.com"
},
{
"Alert ID": "f0058672-3454-5ed4-85df-97b8cdba6129",
"Company": "Fyber GmbH",
"Creation Time": "2021-09-07T00:11:23.164Z",
"Details": "**Dns Health** **rises_above** by 8 to 70 (C)\n",
"Domain": "fyber.com"
},
{
"Alert ID": "6110b7fb-e6f3-581d-b5a8-d836380ec00a",
"Company": "PING AN",
"Creation Time": "2021-09-05T05:05:20.922Z",
"Details": "**Ip Reputation** **drops** by -16 to 84 (B)\n",
"Domain": "pingan.com"
},
{
"Alert ID": "51b2ea59-010c-5e24-b7ff-eb7085b66238",
"Company": "Shijigroup",
"Creation Time": "2021-09-04T19:02:51.588Z",
"Details": "**Application Security** **rises_above** by 1 to 70 (C)\n",
"Domain": "shijigroup.com"
}
]
}
}
}

Human Readable Output#

Latest Alerts for user username@domain.com#

Alert IDCompanyCreation TimeDetailsDomain
c2f4d398-6e3a-5c2b-a8ad-285427caf9ebShijigroup2021-09-10T01:04:24.064ZPatching Cadence drops by -3 to 88 (B)
shijigroup.com
2314db36-0835-5f66-a733-b4042e858944Palo Alto Networks2021-09-10T01:00:31.348ZEndpoint Security drops by -1 to 69 (D)
paloaltonetworks.com
449bba34-b80d-584c-b331-17e73c74c125ClickSoftware2021-09-10T01:00:18.981ZNetwork Security drops by -1 to 89 (B)
clicksoftware.com
d0c8d408-0685-560e-9039-4130b0eabfefGE Healthcare2021-09-08T22:20:09.478ZNetwork Security drops by -1 to 69 (D)
Patching Cadence rises_above by 4 to 73 (C)
gehealthcare.com
12242cf9-bb70-5def-896b-1ae3e6ab4054Google2021-09-07T00:12:15.334ZEndpoint Security drops_below by -8 to 92 (A)
google.co.il
2608711b-16c8-5382-8855-f86d539060daApple2021-09-07T00:11:51.044ZDns Health rises by 1 to 60 (D)
apple.com
f0058672-3454-5ed4-85df-97b8cdba6129Fyber GmbH2021-09-07T00:11:23.164ZDns Health rises_above by 8 to 70 (C)
fyber.com
6110b7fb-e6f3-581d-b5a8-d836380ec00aPING AN2021-09-05T05:05:20.922ZIp Reputation drops by -16 to 84 (B)
pingan.com
51b2ea59-010c-5e24-b7ff-eb7085b66238Shijigroup2021-09-04T19:02:51.588ZApplication Security rises_above by 1 to 70 (C)
shijigroup.com

securityscorecard-company-services-get#


Retrieve the service providers of a domain

Base Command#

securityscorecard-company-services-get

Input#

Argument NameDescriptionRequired
domainCompany domain.Required

Context Output#

PathTypeDescription
SecurityScorecard.Service.vendor_domainStringVendor domain, e.g. Google, Amazon
SecurityScorecard.Service.client_domainStringClient domain. This value is identical to the input of the domain argument
SecurityScorecard.Service.categoriesarrayVendor service provider, e.g. mail_provider, nameserver_provider

Command Example#

!securityscorecard-company-services-get domain=somecompany.com

Human Readable Output#

Services for domain somecompany.com#

No entries.