Skip to main content

Cortex ASM - Enrichment

This Playbook is part of the Cortex Attack Surface Management Pack.#

Supported versions

Supported Cortex XSOAR versions: 6.10.0 and later.

Used as a container folder for all enrichments of ASM alerts.


This playbook uses the following sub-playbooks, integrations, and scripts.


  • Cortex ASM - AWS Enrichment
  • Cortex ASM - Active Directory Enrichment
  • Cortex ASM - Azure Enrichment
  • Cortex ASM - Cortex Endpoint Enrichment_Core_Combo
  • Cortex ASM - GCP Enrichment
  • Cortex ASM - On Prem Enrichment
  • Cortex ASM - Prisma Cloud Enrichment
  • Cortex ASM - Qualys Enrichment
  • Cortex ASM - ServiceNow CMDB Enrichment
  • Cortex ASM - ServiceNow ITSM Enrichment
  • Cortex ASM - Splunk Enrichment
  • Cortex ASM - Enrichment


  • Cortex Attack Surface Management


  • Sleep
  • InferWhetherServiceIsDev
  • GetTime
  • GridFieldSetup


  • setAlert
  • asm-get-external-service

Playbook Inputs#

NameDescriptionDefault ValueRequired
RemoteIPIP address of servicealert.remoteipOptional
AWSAssumeRoleNameIf assuming roles for AWS, this is the name of the role to assume (should be the same for all organizations).Optional

Playbook Outputs#

ASM.ExternalService.externally_detected_providersProviders of the external service.unknown

Playbook Image#

Cortex ASM - Enrichment