Skip to main content

SecurityScorecard

This Integration is part of the SecurityScorecard Pack.#

Supported versions

Supported Cortex XSOAR versions: 6.0.0 and later.

Provides commands to access SecurityScorecard's API. This integration was integrated and tested with the latest version of SecurityScorecard's API as of August 2024.

Configure SecurityScorecard in Cortex#

ParameterDescriptionRequired
SecurityScorecard API Base URLTrue
Username/EmailThe SecurityScorecard username/email.True
API TokenTrue
Fetch incidentsFalse
Incidents Fetch IntervalSecurityScorecard is updated on a daily basis therefore there's no need to modify this value.False
Fetch LimitMaximum number of alerts per fetch. The maximum is 50.False
First fetchFirst fetch query (<number> <time unit>, e.g., 12 hours, 7 days. SecurityScorecard provides a maximum of 7 days back. To ensure no alerts are missed, it's recommended to use a value less than 2 days.False
Incident typeFalse
Trust any certificate (not secure)False
Use system proxy settingsFalse
Portfolio IDFalse

Commands#

You can execute these commands from the CLI, as part of an automation, or in a playbook. After you successfully execute a command, a DBot message appears in the War Room with the command details.

securityscorecard-portfolios-list#


List all Portfolios.

Base Command#

securityscorecard-portfolios-list

Input#

Argument NameDescriptionRequired
limitLimit the amount of Portfolios to return. Defaults to 50.Optional

Context Output#

PathTypeDescription
SecurityScorecard.Portfolio.idStringPortfolio ID.
SecurityScorecard.Portfolio.nameStringPortfolio name.
SecurityScorecard.Portfolio.descriptionStringPortfolio description.
SecurityScorecard.Portfolio.privacyStringPortfolio privacy. Can be either private, shared or team.
SecurityScorecard.Portfolio.read_onlyBooleanWhether the portfolio is read only.

securityscorecard-portfolio-list-companies#


Lists all companies in Portfolio.

Base Command#

securityscorecard-portfolio-list-companies

Input#

Argument NameDescriptionRequired
portfolio_idPortfolio ID. The Portfolio ID can be retrieved using the 'securityscorecard-portfolios-list' command.Required
gradeGrade filter. To filter multiple grades, comma-separate them, e.g. A,B. Possible values are: A, B, C, D, E, F.Optional
industryIndustry filter. To filter multiple industries, comma-separate them, e.g. education,financial_services. Possible values are: education, financial_services, food, government, healthcare, information_services, manufacturing, retail, technology.Optional
vulnerabilityVulnerability filter.Optional
issue_typeComma-separated list of issue types. Possible values are: adware_installation_trail, adware_installation, alleged_breach_incident, chatter, anonymous_proxy, service_cassandra, service_couchdb, attack_detected, attack_feed, new_booter_shell, spa_browser, cdn_hosting, tlscert_expired, tlscert_revoked, tlscert_self_signed, tlscert_excessive_expiration, tlscert_weak_signature, tlscert_no_revocation, service_cloud_provider, csp_no_policy_v2, csp_unsafe_policy_v2, csp_too_broad_v2, marketing_site, cookie_missing_secure_attribute, short_term_lending_site, leaked_credentials, leaked_credentials_info, service_dns, new_defacement, ransomware_victim, domain_uses_hsts_preloading, service_elasticsearch, employee_satisfaction, service_end_of_life, service_end_of_service, exposed_personal_information, exposed_personal_information_info, admin_subdomain_v2, tlscert_extended_validation, service_ftp, patching_cadence_high, web_vuln_host_high, service_vuln_host_high, service_imap, iot_camera, industrial_control_device, insecure_https_redirect_pattern_v2, service_ldap, service_ldap_anonymous, social_network_issues, patching_cadence_low, web_vuln_host_low, service_vuln_host_low, spf_record_malformed, malware_controller, malware_1_day, malware_30_day, malware_365_day, malware_infection, malware_infection_trail, patching_cadence_medium, web_vuln_host_medium, service_vuln_host_medium, service_microsoft_sql, minecraft_server, service_mongodb, no_browser_policy, service_mysql, service_neo4j, service_networking, object_storage_bucket_with_risky_acl, open_resolver, exposed_ports, service_open_vpn, service_oracle_db, outdated_os, outdated_browser, non_malware_events_last_month, service_pop3, service_pptp, phishing, typosquat, service_postgresql, exploited_product, public_text_credit_cards, public_text_database_dump, public_text_hashes, public_text_mention, public_text_password_dump, service_pulse_vpn, service_rdp, ransomware_association, redirect_chain_contains_http_v2, service_redis, remote_access, service_smb, mail_server_unusual_port, service_soap, spf_record_wildcard, spf_record_softfail, spf_record_missing, ssh_weak_protocol, ssh_weak_cipher, ssh_weak_mac, tls_weak_protocol, github_information_leak_disclosure, google_information_leak_disclosure, cookie_missing_http_only, domain_missing_https_v2, suspicious_traffic, tls_ocsp_stapling, tls_weak_cipher, telephony, service_telnet, tor_node_events_last_month, upnp_accessible, unsafe_sri_v2, uce, service_vnc, dnssec_detected, waf_detected_v2, hsts_incorrect_v2, hosted_on_object_storage_v2, references_object_storage_v2, x_content_type_options_incorrect_v2, x_frame_options_incorrect_v2, x_xss_protection_incorrect_v2, service_rsync.Optional
had_breach_within_last_daysDomains with breaches in the last X days. Possible values are numbers, e.g. 1000.Optional

Context Output#

PathTypeDescription
SecurityScorecard.Portfolio.Company.domainStringCompany domain.
SecurityScorecard.Portfolio.Company.nameStringCompany name.
SecurityScorecard.Portfolio.Company.scoreNumberCompany overall score in numeric form (55-100).
SecurityScorecard.Portfolio.Company.gradeStringCompany overall score in letter grade.
SecurityScorecard.Portfolio.Company.grade_urlStringCompany overall score URL to SVG asset.
SecurityScorecard.Portfolio.Company.last30days_score_changeNumberCompany overall score numeric change (±) in the last month.
SecurityScorecard.Portfolio.Company.industryStringIndustry category of the domain.
SecurityScorecard.Portfolio.Company.sizeStringCompany size, e.g. 'size_more_than_10000'.
SecurityScorecard.Portfolio.Company.is_custom_vendorBooleanWhether the company is a custom vendor.
SecurityScorecard.Portfolio.Company.totalNumberTotal number of companies in Portfolio.

securityscorecard-company-score-get#


Retrieve company overall score.

Base Command#

securityscorecard-company-score-get

Input#

Argument NameDescriptionRequired
domainCompany domain, e.g. google.com. The company must first be added to a Portfolio in order to be able to get its score.Required

Context Output#

PathTypeDescription
SecurityScorecard.Company.Score.domainStringCompany domain.
SecurityScorecard.Company.Score.nameStringCompany name.
SecurityScorecard.Company.Score.scoreNumberCompany overall score in numeric form (55-100).
SecurityScorecard.Company.Score.gradeStringCompany overall score in letter grade form (A-F).
SecurityScorecard.Company.Score.last30days_score_changeNumberCompany overall score numeric change (±) in the last month.
SecurityScorecard.Company.Score.industryStringndustry category of the domain.
SecurityScorecard.Company.Score.sizeStringCompany size, e.g. 'size_more_than_10000'.

securityscorecard-company-factor-score-get#


Retrieve company factor score.

Base Command#

securityscorecard-company-factor-score-get

Input#

Argument NameDescriptionRequired
domainCompany domain.Required
severityIssue severity filter. Comma-separated list of the following values: 'positive', 'info', 'low', 'medium', 'high'.Optional

Context Output#

PathTypeDescription
SecurityScorecard.Company.Factor.nameStringFactor name.
SecurityScorecard.Company.Factor.scoreNumberFactor score in numeric form (55-100).
SecurityScorecard.Company.Factor.gradeStringFactor score in letter grade form (A-F).
SecurityScorecard.Company.Factor.Issue.typeStringType of issue found.
SecurityScorecard.Company.Factor.Issue.countNumberHow many times the issue was found.
SecurityScorecard.Company.Factor.Issue.severityStringSeverity of the issue.
SecurityScorecard.Company.Factor.Issue.total_score_impactNumberContribution of issue on overall score.
SecurityScorecard.Company.Factor.Issue.detail_urlStringURL to the details of the issue.
SecurityScorecard.Company.Factor.totalNumberNumber of factors returned.

securityscorecard-company-history-score-get#


Retrieve company historical scores.

Base Command#

securityscorecard-company-history-score-get

Input#

Argument NameDescriptionRequired
domainCompany domain, e.g. google.com.Required
fromInitial date for historical data. Value should be in format YYYY-MM-DD.Optional
toEnd date for historical data. Value should be in format YYYY-MM-DD.Optional
timingTiming granularity. Possible values are: daily, weekly.Optional

Context Output#

PathTypeDescription
SecurityScorecard.Company.ScoreHistory.domainStringCompany domain.
SecurityScorecard.Company.ScoreHistory.dateDateScore date.
SecurityScorecard.Company.ScoreHistory.scoreNumberCompany historical security score in numeric form (55-100).

securityscorecard-company-history-factor-score-get#


Retrieve company historical factor scores.

Base Command#

securityscorecard-company-history-factor-score-get

Input#

Argument NameDescriptionRequired
domainCompany domain, e.g. google.com.Required
fromInitial date for historical data. Value should be in format 'YYYY-MM-DD'.Optional
toEnd date for historical data. Value should be in format 'YYYY-MM-DD'.Optional
timingTiming granularity. or "monthly". Possible values are: daily, weekly, monthly.Optional

Context Output#

PathTypeDescription
SecurityScorecard.Company.FactorHistory.domainStringCompany domain.
SecurityScorecard.Company.FactorHistory.dateDateScore date.
SecurityScorecard.Company.FactorHistory.Factor.nameNumberFactor name.
SecurityScorecard.Company.FactorHistory.scoreNumberCompany historical security score in numeric form (55-100).

securityscorecard-alert-grade-change-create#


Create alert based on grade.

Base Command#

securityscorecard-alert-grade-change-create

Input#

Argument NameDescriptionRequired
change_directionDirection of change. Possible values are: rises, drops.Required
score_typesComma-separated list of risk factors to monitor. Possible values are 'overall', 'any_factor_score', 'network_security', 'dns_health', 'patching_cadence', 'endpoint_security', 'ip_reputation', 'application_security', 'cubit_score', 'hacker_chatter', 'leaked_information', 'social_engineering'.Required
targetWhat do you want to monitor with this alert. This argument is required if the portfolios argument is not specified. Possible values are: my_scorecard, any_followed_company.Optional
portfoliosA comma-separated list of Portfolios. to use as a target for the alert. This argument is require if the target argument is not specified. You can get a list of portfolios by running !securityscorecard-portfolios-list.Optional

Context Output#

PathTypeDescription
SecurityScorecard.Alerts.GradeChangeAlert.idStringAlert ID.

securityscorecard-alert-score-threshold-create#


Create alert based threshold met.

Base Command#

securityscorecard-alert-score-threshold-create

Input#

Argument NameDescriptionRequired
change_directionDirection of change. Possible values are: rises_above, drops_below.Required
thresholdThe numeric score used as the threshold to trigger the alert.Required
score_typesComma separated list of risk factors to monitor. Possible values are 'overall', 'any_factor_score', 'network_security', 'dns_health', 'patching_cadence', 'endpoint_security', 'ip_reputation', 'application_security', 'cubit_score', 'hacker_chatter', 'leaked_information', 'social_engineering'. For multiple factors, provide comma-separated list, i.e. leaked_information,social_engineering.Required
targetWhat do you want to monitor with this alert. This argument is required if the portfolios argument is not specified. Possible values are: my_scorecard, any_followed_company.Optional
portfoliosA comma-separated list of Portfolios. to use as a target for the alert. This argument is require if the target argument is not specified. You can get a list of portfolios by running !securityscorecard-portfolios-list.Optional

Context Output#

PathTypeDescription
SecurityScorecard.Alerts.ScoreThresholdAlert.idStringAlert ID.

securityscorecard-alert-delete#


Delete an alert.

Base Command#

securityscorecard-alert-delete

Input#

Argument NameDescriptionRequired
alert_idAlert ID.Required
alert_typeType of Alert to delete. Possible values are: score, grade.Required

Context Output#

There is no context output for this command.

securityscorecard-alerts-list#


List alerts triggered in the last week.

Base Command#

securityscorecard-alerts-list

Input#

Argument NameDescriptionRequired
portfolio_idPortfolio ID. Can be retrieved using !securityscorecard-portfolios-list.Optional

Context Output#

PathTypeDescription
SecurityScorecard.Alerts.Alert.idStringAlert ID.
SecurityScorecard.Alerts.Alert.emailStringAlert email recipient.
SecurityScorecard.Alerts.Alert.change_typeStringAlert change type configured (score or threshold).
SecurityScorecard.Alerts.Alert.domainStringAlert domain.
SecurityScorecard.Alerts.Alert.company_nameStringAlert company name.
SecurityScorecard.Alerts.Alert.Portfolio.idarrayAlert Portfolio ID.
SecurityScorecard.Alerts.Alert.my_scorecardBooleanWhether the alert was triggered on private scorecard. This depends on whether 'my_scorecard' was added to the optional argument 'target' when creating alerts using the 'securityscorecard-alert-score-threshold-create' and 'securityscorecard-alert-grade-change-create' commands.
SecurityScorecard.Alerts.Alert.created_atDateTimestamp of when the alert was triggered.

securityscorecard-company-services-get#


Retrieve the service providers of a domain.

Base Command#

securityscorecard-company-services-get

Input#

Argument NameDescriptionRequired
domainCompany domain.Required

Context Output#

PathTypeDescription
SecurityScorecard.Service.vendor_domainStringVendor domain, e.g. Google, Amazon.
SecurityScorecard.Service.client_domainStringClient domain. This value is identical to the input of the domain argument.
SecurityScorecard.Service.categoriesarrayVendor service provider, e.g. mail_provider, nameserver_provider.

securityscorecard-company-events-get#


Retrieve a company's historical events.

Base Command#

securityscorecard-company-events-get

Input#

Argument NameDescriptionRequired
domainCompany domain, e.g. google.com.Required
date_fromInitial date for historical data. Value should be in format 2020-01-30T00:00:00.000Z.Optional
date_toEnd date for historical data. Value should be in format 2020-01-30T00:00:00.000Z.Optional

Context Output#

PathTypeDescription
SecurityScorecard.Events.Event.ssc_event_idstringevent id.
SecurityScorecard.Events.Event.datedateevent date.
SecurityScorecard.Events.Event.statusunknownevent status.
SecurityScorecard.Events.Event.issue_countnumberevent issue count.
SecurityScorecard.Events.Event.score_impactnumberevent score impact.
SecurityScorecard.Events.Event.issue_typestringevent issue type.
SecurityScorecard.Events.Event.severitystringevent severity.
SecurityScorecard.Events.Event.factorstringevent factor.
SecurityScorecard.Events.Event.ssc_detail_urlstringevent detail url.

securityscorecard-company-findings-get#


Retrieve an issue_type's historical findings in a scorecard.

Base Command#

securityscorecard-company-findings-get

Input#

Argument NameDescriptionRequired
domainRetrieve the service providers of a domain.Required
dateThe effective_date for historical data. Value should be in format 'YYYY-MM-DD'.Required
issue_typeKey representing issue type, e.g. api_key_exposed.Required
statusgroup_status filter. Comma-separated list of the following values: 'active', 'inactive', 'all'.Optional

Context Output#

There is no context output for this command.

securityscorecard-issue-metadata#


Retrieve metadata for an issue type, including description and recommendation.

Base Command#

securityscorecard-issue-metadata

Input#

Argument NameDescriptionRequired
issue_typeKey representing issue type, e.g. api_key_exposed.Required

Context Output#

PathTypeDescription
SecurityScorecard.Metadata.Issues.keystringKey representing issue type, e.g. api_key_exposed.
SecurityScorecard.Metadata.Issues.severitystringissue severity.
SecurityScorecard.Metadata.Issues.factorstringissue factor.
SecurityScorecard.Metadata.Issues.titlestringissue title.
SecurityScorecard.Metadata.Issues.short_descriptionstringissue short description.
SecurityScorecard.Metadata.Issues.long_descriptionstringissue long description.
SecurityScorecard.Metadata.Issues.recommendationstringissue recommendation.