AWS - Enrichment
AWS Enrichment and Remediation Pack.#
This Playbook is part of theSupported versions
Supported Cortex XSOAR versions: 6.5.0 and later.
Given the IP address this playbook enriches EC2 and IAM information.
#
DependenciesThis playbook uses the following sub-playbooks, integrations, and scripts.
#
Sub-playbooksThis playbook does not use any sub-playbooks.
#
Integrations- AWS - EC2
#
ScriptsThis playbook does not use any scripts.
#
Commands- aws-ec2-describe-security-groups
- aws-ec2-describe-instances
#
Playbook InputsName | Description | Default Value | Required |
---|---|---|---|
Indicator Query | Indicators matching the indicator query will be used as playbook input | Optional | |
AwsIP | AWS IP in alert | alert.remoteip | Required |
#
Playbook OutputsPath | Description | Type |
---|---|---|
AWS.EC2.Instances | AWS EC2 information. | unknown |
AWS.EC2.SecurityGroups | AWS Security group information. | unknown |