Skip to main content

SSL Labs

This Integration is part of the SSL Labs Pack.#

Supported versions

Supported Cortex XSOAR versions: 6.0.0 and later.

Analyze a host or a URL.

Configure SSL Labs (Community Contribution) in Cortex#

ParameterDescriptionRequired
Registered Email AddressThe registered email address that will be used to access SSL Labs.False

Commands#

You can execute these commands from the CLI, as part of an automation, or in a playbook. After you successfully execute a command, a DBot message appears in the War Room with the command details.

ssl-labs-register-email#


Register for Scan API initiation and result fetching

Base Command#

ssl-labs-register-email

Input#

Argument NameDescriptionRequired
firstNameUsers First Name.Required
lastNameUsers Last Name.Required
emailUsers Email Address. Email services such as Gmail, Yahoo, or Hotmail are not allowed.Required
organizationName of the organization using the service.Required

Context Output#

PathTypeDescription
SslLabs.Registation.messagestringRegistration message response
SslLabs.Registation.statusstringEither success or failure

ssl-labs-info#


Check the availability of the SSL Labs servers, retrieve the engine and criteria version, and initialize the maximum number of concurrent assessments.

Base Command#

ssl-labs-info

Input#

Argument NameDescriptionRequired

Context Output#

PathTypeDescription
SslLabs.Info.criteriaVersionstringRating criteria version as a string (e.g., "2009f")
SslLabs.Info.currentAssessmentsnumberThe number of ongoing assessments submitted by this client.
SslLabs.Info.engineVersionstringSSL Labs software version as a string (e.g., "2.2.0")
SslLabs.Info.maxAssessmentsnumberThe maximum number of concurrent assessments the client is allowed to initiate.
SslLabs.Info.newAssessmentCoolOffnumberThe cool-off period after each new assessment, in milliseconds; you're not allowed to submit a new assessment before the cool-off expires, otherwise you'll get a 429.
SslLabs.Info.messagesstringA list of messages (strings). Messages can be public (sent to everyone) and private (sent only to the invoking client). Private messages are prefixed with "[Private]"

ssl-labs-analyze#


Invoke assessments.

Base Command#

ssl-labs-analyze

Input#

Argument NameDescriptionRequired
hostProvide hostname or URL.Required
publishSet to on if assessment results needs to be published on the public results boards. Default: off. Possible values are: off, on. Default is off.Optional
startNewIf on setting is enabled, a new assessment is started, even if there is a cached assessment in progress. However, if an assessment is in progress, its status is returned instead of starting a new assessment. Note: This parameter should only be used once to start a new assessment; any additional use may cause an assessment loop. Possible values are: off, on. Default is off.Optional
fromCacheDelivers cached assessment reports if available. This parameter is intended for API consumers who do not wish to wait for assessment results and cannot be used simultaneously with the startNew parameter. Default: off. Possible values are: off, on. Default is off.Optional
maxAgeMaximum report age in hours if retrieving from cache (fromCache parameter).Optional
allWhen the parameter is set to on, full information will be returned. When the parameter is set to done, full information will be returned only if the assessment is complete (status is READY or ERROR). Possible values are: off, on. Default is on.Optional
ignoreMismatchIgnores the mismatch if server certificate doesn't match the assessment hostname and proceeds with assessments if set to on. Default: off Note: This parameter is ignored if a cached report is returned. Possible values are: off, on. Default is off.Optional

Context Output#

PathTypeDescription
SslLabs.Analyze.hoststringAssessment host, which can be a hostname or an IP address
SslLabs.Analyze.portnumberAssessment port (e.g., 443)
SslLabs.Analyze.protocolstringProtocol (e.g., HTTP)
SslLabs.Analyze.isPublicbooleantrue if this assessment is publicly available (listed on the SSL Labs assessment boards)
SslLabs.Analyze.statusstringAssessment status; possible values: DNS, ERROR, IN_PROGRESS, and READY.
SslLabs.Analyze.startTimenumberAssessment starting time, in milliseconds since 1970
SslLabs.Analyze.testTimenumberAssessment completion time, in milliseconds since 1970
SslLabs.Analyze.engineVersionstringAssessment engine version (e.g., "2.2.0")
SslLabs.Analyze.criteriaVersionstringGrading criteria version (e.g., "2009l")
SslLabs.Analyze.cacheExpiryTimenumberWhen will the assessment results expire from the cache (typically set only for assessment with errors; otherwise the results stay in the cache for as long as there's sufficient room)
SslLabs.Analyze.certHostnamesunknownThe list of certificate hostnames collected from the certificates seen during assessment. The hostnames may not be valid. This field is available only if the server certificate doesn't match the requested hostname. In that case, this field saves you some time as you don't have to inspect the certificates yourself to find out what valid hostnames might be.
SslLabs.Analyze.endpointsunknownlist of Endpoint objects
SslLabs.Analyze.certsunknowna list of Cert object, representing the chain certificates in the order in which they were retrieved from the server.