Skip to main content

ACTI Indicator Enrichment

This Playbook is part of the Accenture CTI v2 Pack.#

Supported versions

Supported Cortex XSOAR versions: 6.0.0 and later.

  • This playbook automatically queries ACTI Threat Indicator, Report, and Fundamental API to pull context for IOC and associated intelligence reports into XSOAR incidents.
  • This sub-playbook can be integrated into generic XSOAR playbooks and playbooks from other vendors by itself.

Dependencies#

This playbook uses the following sub-playbooks, integrations, and scripts.

Sub-playbooks#

This playbook does not use any sub-playbooks.

Integrations#

  • ACTI Indicator Query

Scripts#

  • Exists

Commands#

  • ip
  • domain
  • url

Playbook Inputs#


NameDescriptionDefault ValueRequired
IP_Pre_EnrichThe extracted IP.${ExtractedIndicators.IP}Optional
Domain_Pre_EnrichThe extracted Domain.${ExtractedIndicators.Domain}Optional
URL_Pre_EnrichThe extracted URL.${ExtractedIndicators.URL}Optional

Playbook Outputs#


PathDescriptionType
IPThe enriched IP.unknown
DBotScoreDBotScore of indicators.unknown
DomainThe enriched Domain.unknown
URLThe enriched URLunknown
intelligence_alertsThe Intelligence Alerts related to indicators.unknown
intelligence_reportsThe Intelligence Reports related to indicators.unknown

Playbook Image#


ACTI Indicator Enrichment