Skip to main content

AWS - Enrichment

This Playbook is part of the AWS Enrichment and Remediation Pack.#

Supported versions

Supported Cortex XSOAR versions: 6.5.0 and later.

Given the IP address this playbook enriches EC2 and IAM information.


This playbook uses the following sub-playbooks, integrations, and scripts.


This playbook does not use any sub-playbooks.


  • AWS - EC2


  • AWSAccountHierarchy
  • Set


  • aws-ec2-describe-ipam-resource-discoveries
  • aws-ec2-describe-security-groups
  • aws-ec2-get-ipam-discovered-public-addresses
  • aws-ec2-describe-regions
  • aws-ec2-describe-instances

Playbook Inputs#

NameDescriptionDefault ValueRequired
Indicator QueryIndicators matching the indicator query will be used as playbook inputOptional
AwsIPAWS IP in alertalert.remoteipRequired
AWSAssumeRoleNameIf assuming roles for AWS, this is the name of the role to assume (should be the same for all organizations).Optional

Playbook Outputs#

AWS.EC2.InstancesAWS EC2 information.unknown
AWS.EC2.SecurityGroupsAWS Security group information.unknown
AWSHierarchyAWS account hierarchy information.unknown

Playbook Image#

AWS - Enrichment