Skip to main content

Cortex ASM - AWS Enrichment

This Playbook is part of the Cortex Attack Surface Management Pack.#

Supported versions

Supported Cortex XSOAR versions: 6.5.0 and later.

Given the IP address this playbook enriches AWS information relevant to ASM alerts.

Dependencies#

This playbook uses the following sub-playbooks, integrations, and scripts.

Sub-playbooks#

  • AWS - Enrichment
  • AWS - Unclaimed S3 Bucket Validation

Integrations#

This playbook does not use any integrations.

Scripts#

  • GridFieldSetup
  • Set

Commands#

  • setAlert

Playbook Inputs#


NameDescriptionDefault ValueRequired
RemoteIPIP address of servicealert.remoteipOptional
ASMRuleIDAttack Surface Management Rule ID.alert.asmattacksurfaceruleidRequired
AWSAssumeRoleNameIf assuming roles for AWS, this is the name of the role to assume (should be the same for all organizations).Optional

Playbook Outputs#


There are no outputs for this playbook.

Playbook Image#


Cortex ASM - AWS Enrichment