Skip to main content


This Integration is part of the Stamus Pack.#

Supported versions

Supported Cortex XSOAR versions: 6.9.0 and later.

[Get Declaration of Compromises from Stamus Security Platform and build Incidents. Then get related artifacts, events and Host Insight information] This integration was integrated and tested with version 39.0.1 of Stamus Security Platform

Configure Stamus on Cortex XSOAR#

  1. Navigate to Settings > Integrations > Servers & Services.

  2. Search for Stamus.

  3. Click Add instance to create and configure a new integration instance.

    Stamus Central ServerTrue
    API KeyThe API Key to use for connectionTrue
    Trust any certificate (not secure)False
    Use system proxy settingsFalse
    Incident typeFalse
    Fetch incidentsFalse
    Maximum number of incidents per fetchFalse
    First fetch timeFalse
  4. Click Test to validate the URLs, token, and connection.


You can execute these commands from the Cortex XSOAR CLI, as part of an automation, or in a playbook. After you successfully execute a command, a DBot message appears in the War Room with the command details.


[Get events with IOC key/value filter]

Base Command#



Argument NameDescriptionRequired
indicator_key[Indicator of Compromise key].Required
indicator_value[Indicator of Compromise value].Required

Context Output#

StamusIntegration.IOCString[Fetch events matching an IOC.]
StamusIntegration.IOC.timestampString[Timestamp of the event]
StamusIntegration.IOC.src_ipString[Source IP of the event]
StamusIntegration.IOC.dest_ipString[Destination IP of the event]
StamusIntegration.IOC.event_typeString[Type of the event - can be multitude, example: HTTP,SMB,DNS,Flow,TLS,KRB5,FTP etc]


[Get Host Insights information]

Base Command#



Argument NameDescriptionRequired
ip[IP to get Host Insights information].Required

Context Output#

StamusIntegration.HostInsightsString[Fetch information about a host known by Host Insight module]
StamusIntegration.HostInsights.ipString[Stamus Host Insights IP address]
StamusIntegration.HostInsights.host_id.client_service.first_seenString[Timestamp of first time seen]
StamusIntegration.HostInsights.host_id.client_serviceString[Client network service detected][Network services protocol][Network services port][Network services for the corresponding application protocol first time seen][Network services for the corresponding application protocol last time seen][Network services application layer protocol][Number of network services detected on the host]
StamusIntegration.HostInsights.host_id.client_service.nameString[Type of client network service detected - can be HTTP,KRB5,TLS,DCERPC,SMB etc]
StamusIntegration.HostInsights.host_id.hostname.hostString[Hostname detected on the host]
StamusIntegration.HostInsights.host_id.username.userString[Username detected loggin in on the host]
StamusIntegration.HostInsights.host_id.http.user_agent.agentString[HTTP User-Agent detected being used from the host]
StamusIntegration.HostInsights.host_id.tls.ja3.hashString[TLS JA3 hash detected being used from the host]
StamusIntegration.HostInsights.host_id.tls.ja3s.hashString[TLS JA3S hash detected being used from the host]


[Get events for a Declaration of Compromise using the Stamus ID]

Base Command#



Argument NameDescriptionRequired
id[Stamus ID used to get related information].Required

Context Output#

StamusIntegration.RelatedEventsString[Get events for a Declaration of Compromise.]
StamusIntegration.RelatedEvents.timestampString[Timestamp of the Stamus event]
StamusIntegration.RelatedEvents.stamus.assetString[Stamus asset]
StamusIntegration.RelatedEvents.offenderString[Offender, against the Stamus asset]
StamusIntegration.RelatedEvents.killchainString[Killchain stage]
StamusIntegration.RelatedEvents.methodString[Stamus method triggered]
StamusIntegration.RelatedEvents.infoString[Extra Information]
StamusIntegration.RelatedEvents.src_ipString[Source IP of the event]
StamusIntegration.RelatedEvents.dest_ipString[Destination IP of the event]
StamusIntegration.RelatedEvents.app_protoString[Application protocol of the event]