Skip to main content

Cortex ASM - Enrichment

This Playbook is part of the Cortex Attack Surface Management Pack.#

Supported versions

Supported Cortex XSOAR versions: 6.8.0 and later.

Used as a container folder for all enrichments of ASM alerts.

Dependencies#

This playbook uses the following sub-playbooks, integrations, and scripts.

Sub-playbooks#

  • Cortex ASM - AWS Enrichment
  • Cortex ASM - Azure Enrichment
  • Cortex ASM - GCP Enrichment
  • Cortex ASM - Prisma Cloud Enrichment
  • Cortex ASM - Qualys Enrichment
  • Cortex ASM - Rapid7 Enrichment
  • Cortex ASM - Service Ownership
  • Cortex ASM - ServiceNow CMDB Enrichment
  • Cortex ASM - Splunk Enrichment
  • Cortex ASM - Tenable.io Enrichment

Integrations#

  • Cortex Attack Surface Management

Scripts#

  • InferWhetherServiceIsDev

Commands#

  • setAlert
  • asm-get-external-service

Playbook Inputs#


NameDescriptionDefault ValueRequired
RemoteIPIP address of servicealert.remoteipOptional

Playbook Outputs#


PathDescriptionType
ASM.ExternalService.externally_detected_providersProviders of the external service.unknown

Playbook Image#


Cortex ASM - Enrichment