Skip to main content

Unisys Stealth

Supported versions

Supported Cortex XSOAR versions: 6.0.0 and later.

This integration is intended to aid companies in integrating with the Stealth EcoAPI service. Using the included commands, security teams can trigger dynamically isolation of users or endpoints from the rest of the Stealth network.

Configure Unisys Stealth on Cortex XSOAR#

  1. Navigate to Settings > Integrations > Servers & Services.

  2. Search for Unisys Stealth.

  3. Click Add instance to create and configure a new integration instance.

    ParameterRequired
    Stealth Eco API IP Address or HostnameTrue
    Stealth Eco API PortTrue
    CredentialsTrue
    Isolation Role IDFalse
    Trust any certificate (unsecure)False
    Use Proxy?False
  4. Click Test to validate the URLs, token, and connection.

Commands#

You can execute these commands from the Cortex XSOAR CLI, as part of an automation, or in a playbook. After you successfully execute a command, a DBot message appears in the War Room with the command details.

stealth-isolate-machine#


This is the command which will isolate an endpoint from the Stealth Network

Base Command#

stealth-isolate-machine

Input#

Argument NameDescriptionRequired
endpointFQDN of machine to isolate.Required

Context Output#

There is no context output for this command.

stealth-unisolate-machine#


This is the command which will un-isolate an endpoint from Stealth Network

Base Command#

stealth-unisolate-machine

Input#

Argument NameDescriptionRequired
endpointFQDN of machine to isolate.Required

Context Output#

There is no context output for this command.

stealth-get-stealth-roles#


Retrieve roles from Stealth Network

Base Command#

stealth-get-stealth-roles

Input#

There are no input arguments for this command.

Context Output#

There is no context output for this command.

stealth-isolate-user#


This is the command which will isolate an user from the Stealth Network

Base Command#

stealth-isolate-user

Input#

Argument NameDescriptionRequired
userHostname of machine to isolate.Optional

Context Output#

There is no context output for this command.

stealth-unisolate-user#


This is the command which will un-isolate an user from Stealth Network

Base Command#

stealth-unisolate-user

Input#

Argument NameDescriptionRequired
userUsername to un-isolate.Optional

Context Output#

There is no context output for this command.

stealth-isolate-machine-and-user#


This is the command which will isolate an endpoint and user from the Stealth Network

Base Command#

stealth-isolate-machine-and-user

Input#

Argument NameDescriptionRequired
endpointFQDN of machine to isolate.Optional
userUsername to isolate.Optional

Context Output#

There is no context output for this command.

stealth-unisolate-machine-and-user#


This is the command which will un-isolate an endpoint and user from Stealth Network

Base Command#

stealth-unisolate-machine-and-user

Input#

Argument NameDescriptionRequired
endpointFQDN of machine to isolate.Optional
userUsername to un-isolate.Optional

Context Output#

There is no context output for this command.