Skip to main content

AWS - Enrichment

This Playbook is part of the AWS Enrichment and Remediaton Pack.#

Supported versions

Supported Cortex XSOAR versions: 6.5.0 and later.

Given the IP address this playbook enriches EC2 and IAM information.

Dependencies#

This playbook uses the following sub-playbooks, integrations, and scripts.

Sub-playbooks#

This playbook does not use any sub-playbooks.

Integrations#

  • AWS - EC2
  • AWS - IAM

Scripts#

This playbook does not use any scripts.

Commands#

  • aws-ec2-describe-security-groups
  • aws-ec2-describe-instances
  • aws-iam-list-users

Playbook Inputs#


NameDescriptionDefault ValueRequired
Indicator QueryIndicators matching the indicator query will be used as playbook inputOptional
AwsIPAWS IP in alertalert.remoteipRequired

Playbook Outputs#


PathDescriptionType
AWS.EC2.InstancesAWS EC2 information.unknown
AWS.EC2.SecurityGroupsAWS Security group information.unknown
AWS.IAM.UsersAWS IAM information.unknown

Playbook Image#


AWS - Enrichment