XSOAR Engineer Training
XSOAR Engineer Training Pack.#
This Integration is part of theSupported versions
Supported Cortex XSOAR versions: 6.9.0 and later.
The XSOAR Engineer Training (XET) integration provides sample data to fetch events into Cortex XSOAR, and commands to build playbooks around.
Use for training purposes only. This integration was integrated and tested with versions 6.9+ and 8.3 of XSOAR.
#
Configure XSOAR Engineer Training in CortexParameter | Required |
---|---|
Fetch incidents | False |
Incident type | False |
Incidents Fetch Interval | False |
#
CommandsYou can execute these commands from the CLI, as part of an automation, or in a playbook. After you successfully execute a command, a DBot message appears in the War Room with the command details.
#
xet-get-eventsFetches events from the XSOAR Engineer Training (XET) integration.
#
Base Commandxet-get-events
#
InputArgument Name | Description | Required |
---|
#
Context OutputThere is no context output for this command.
#
Command example!xet-get-events
#
Human Readable Output#
Training Events
eventID occurred sourceIP sourceUser type url urlCategory userAgent 4218 2023-10-04T21:30:06Z 10.8.8.8 m@xsoar.local url blocked https://xsoar.pan.dev/52/download.zip MALWARE Mozilla/5.0(WindowsNT6.1;WOW64;rv:27.0)Gecko/20100101Firefox/27.0
#
xet-ad-get-userRetrieves detailed information about a user account. The user can be specified by username, email address, or as an Active Directory Distinguished Name (DN).
#
Base Commandxet-ad-get-user
#
InputArgument Name | Description | Required |
---|---|---|
dn | The Distinguished Name of the user in which to return information. | Optional |
username | Queries users by the samAccountName attribute. | Optional |
Queries by the user's email address. | Optional |
#
Context OutputPath | Type | Description |
---|---|---|
ActiveDirectory.Users.dn | unknown | The Distinguished Name of the user. |
ActiveDirectory.Users.displayName | unknown | The display name of the user. |
ActiveDirectory.Users.name | unknown | The common name of the user. |
ActiveDirectory.Users.sAMAccountName | unknown | The sAMAccountName of the user. |
ActiveDirectory.Users.userAccountControl | unknown | The account control flag of the user. |
ActiveDirectory.Users.mail | unknown | The email address of the user. |
ActiveDirectory.Users.manager | unknown | The manager of the user. |
ActiveDirectory.Users.memberOf | unknown | Groups for which the user is a member. |
Account.DisplayName | unknown | The display name of the user. |
Account.Groups | unknown | Groups for which the user is a member. |
Account.Manager | unknown | The manager of the user. |
Account.ID | unknown | The Distinguished Name of the user. |
Account.Username | unknown | The samAccountName of the user. |
Account.Email | unknown | The email address of the user. |
#
Command example!xet-ad-get-user email="james.bond@xsoar.local"
#
Context Example#
Human Readable Output#
Active Directory - Get Users
displayName dn manager memberOf name sAMAccountName userAccountControl James Bond CN=James Bond,CN=Users,DC=xsoar,DC=local james.bond@xsoar.local CN=M,CN=Users,DC=xsoar,DC=local CN=Agents,CN=Users,DC=xsoar,DC=local James Bond XSOAR007 512
#
xet-ad-expire-passwordExpires the password of an Active Directory user.
#
Base Commandxet-ad-expire-password
#
InputArgument Name | Description | Required |
---|---|---|
username | The username (samAccountName) of the user to modify. | Required |
#
Context OutputThere is no context output for this command.
#
Command example!xet-ad-expire-password username="XSOAR007"
#
Human Readable OutputExpired password successfully
#
xet-ad-set-new-passwordSets a new password for an Active Directory user.
#
Base Commandxet-ad-set-new-password
#
InputArgument Name | Description | Required |
---|---|---|
username | The username of the account to disable (sAMAccountName). | Required |
password | The password to set for the user. | Required |
#
Context OutputThere is no context output for this command.
#
Command example!xet-ad-set-new-password username="XSOAR007" password="bondjamesbond"
#
Human Readable OutputUser password successfully set
#
xet-siem-searchSearches the simulated SIEM for events.
#
Base Commandxet-siem-search
#
InputArgument Name | Description | Required |
---|---|---|
query | The query to execute against the SIEM. | Required |
result_type | Type of result to return for this SIEM integration. Possible values are: email, hosts. | Optional |
#
Context OutputPath | Type | Description |
---|---|---|
SIEM.Result | unknown | The results of the SIEM search. The results are a JSON array, in which each item is a SIEM event. |
#
Command example!xet-siem-search query="host:crossiscoming81"
#
Human Readable Output#
SIEM Search results for query: host:crossiscoming81No entries.
#
xet-send-mailSend an email. (Doesn't actually send an email.)
#
Base Commandxet-send-mail
#
InputArgument Name | Description | Required |
---|---|---|
to | Who to send the fake email to. | Required |
body | The body of the fake email that we are not actually sending. | Required |
#
Context OutputThere is no context output for this command.
#
Command example!xet-send-mail to="james.bond@xsoar.local" body="shaken or stirred?"
#
Human Readable OutputXSOAR Engineer Training: fake email notification not sent