Skip to main content

ACTI Indicator Enrichment

This Playbook is part of the Accenture CTI v2 Pack.#

Supported versions

Supported Cortex XSOAR versions: 6.0.0 and later.

  • This playbook automatically queries ACTI Threat Indicator, Report, and Fundamental API to pull context for IOC and associated intelligence reports into XSOAR incidents.
  • This sub-playbook can be integrated into generic XSOAR playbooks and playbooks from other vendors by itself.


This playbook uses the following sub-playbooks, integrations, and scripts.


This playbook does not use any sub-playbooks.


  • ACTI Indicator Query


  • Exists


  • ip
  • domain
  • url

Playbook Inputs#

NameDescriptionDefault ValueRequired
IP_Pre_EnrichThe extracted IP.${ExtractedIndicators.IP}Optional
Domain_Pre_EnrichThe extracted Domain.${ExtractedIndicators.Domain}Optional
URL_Pre_EnrichThe extracted URL.${ExtractedIndicators.URL}Optional

Playbook Outputs#

IPThe enriched IP.unknown
DBotScoreDBotScore of indicators.unknown
DomainThe enriched Domain.unknown
URLThe enriched URLunknown
intelligence_alertsThe Intelligence Alerts related to indicators.unknown
intelligence_reportsThe Intelligence Reports related to indicators.unknown

Playbook Image#

ACTI Indicator Enrichment