Skip to main content

ACTI Incident Enrichment

This Playbook is part of the Accenture CTI v2 Pack.#

Supported versions

Supported Cortex XSOAR versions: 6.0.0 and later.

  • This playbook enriches Intelligence Alerts, Intelligence Reports, Malware Families, Threat Actors, Threat Groups & Threat Campaigns

Dependencies#

This playbook uses the following sub-playbooks, integrations, and scripts.

Sub-playbooks#

This playbook does not use any sub-playbooks.

Integrations#

  • ACTI Indicator Query

Scripts#

This playbook does not use any scripts.

Commands#

  • acti-get-fundamentals-by-uuid
  • acti-getThreatIntelReport

Playbook Inputs#


NameDescriptionDefault ValueRequired
ia_uuidIntelligence Alert unique ID.${intelligence_alerts}.NoneOptional
ir_uuidIntelligence Report unique ID.${intelligence_reports}.NoneOptional
MalwareFamily_uuidMalware Family unique ID.${acti_malware_family_uuid}.NoneOptional
ThreatGroup_uuidThreat Group unique ID.${acti_threat_groups_uuid}.NoneOptional
ThreatCampaign_uuidThreat Campaign unique ID.${acti_threat_campaigns_uuid}.NoneOptional
ThreatActor_uuidThreat Actor unique ID.${acti_threat_actors_uuid}.NoneOptional

Playbook Image#


ACTI Incident Enrichment