Skip to main content

Cortex ASM - Detect Service

This Playbook is part of the Cortex Attack Surface Management Pack.#

Supported versions

Supported Cortex XSOAR versions: 6.5.0 and later.

Playbook that looks at what ASM sub-type the alert is and directs it to different pre/post mitigation scans (such as NMAP, SNMP).

Dependencies#

This playbook uses the following sub-playbooks, integrations, and scripts.

Sub-playbooks#

  • AWS - Unclaimed S3 Bucket Validation
  • NMAP - Single Port Scan
  • Cortex ASM - SNMP Check
  • NMAP - Banner Check

Integrations#

This playbook does not use any integrations.

Scripts#

  • GridFieldSetup
  • GetTime

Commands#

This playbook does not use any commands.

Playbook Inputs#


NameDescriptionDefault ValueRequired
RemoteIPRemote IP address in the alert.alert.remoteipOptional
RemotePortRemote port number in the alert.alert.remoteportOptional
ASMRuleIDAttack Surface Management Rule ID.alert.asmattacksurfaceruleidRequired
ScanNumberScan number in case there are multiple IDs in the parent playbook.Required

Playbook Outputs#


There are no outputs for this playbook.

Playbook Image#


Cortex ASM - Detect Service