Cortex ASM - Detect Service
#
This Playbook is part of the Cortex Attack Surface Management Pack.Supported versions
Supported Cortex XSOAR versions: 6.5.0 and later.
Playbook that looks at what ASM sub-type the alert is and directs it to different pre/post mitigation scans (such as NMAP, SNMP).
#
DependenciesThis playbook uses the following sub-playbooks, integrations, and scripts.
#
Sub-playbooks- AWS - Unclaimed S3 Bucket Validation
- NMAP - Single Port Scan
- Cortex ASM - SNMP Check
- NMAP - Banner Check
#
IntegrationsThis playbook does not use any integrations.
#
Scripts- GridFieldSetup
- GetTime
#
CommandsThis playbook does not use any commands.
#
Playbook InputsName | Description | Default Value | Required |
---|---|---|---|
RemoteIP | Remote IP address in the alert. | alert.remoteip | Optional |
RemotePort | Remote port number in the alert. | alert.remoteport | Optional |
ASMRuleID | Attack Surface Management Rule ID. | alert.asmattacksurfaceruleid | Required |
ScanNumber | Scan number in case there are multiple IDs in the parent playbook. | Required |
#
Playbook OutputsThere are no outputs for this playbook.