Skip to main content

Cortex ASM - Enrichment

This Playbook is part of the Cortex Attack Surface Management Pack.#

Supported versions

Supported Cortex XSOAR versions: 6.8.0 and later.

Used as a container folder for all enrichments of ASM alerts.


This playbook uses the following sub-playbooks, integrations, and scripts.


  • Cortex ASM - AWS Enrichment
  • Cortex ASM - Azure Enrichment
  • Cortex ASM - GCP Enrichment
  • Cortex ASM - Prisma Cloud Enrichment
  • Cortex ASM - Qualys Enrichment
  • Cortex ASM - Rapid7 Enrichment
  • Cortex ASM - Service Ownership
  • Cortex ASM - ServiceNow CMDB Enrichment
  • Cortex ASM - Splunk Enrichment
  • Cortex ASM - Enrichment


  • Cortex Attack Surface Management


  • InferWhetherServiceIsDev


  • setAlert
  • asm-get-external-service

Playbook Inputs#

NameDescriptionDefault ValueRequired
RemoteIPIP address of servicealert.remoteipOptional

Playbook Outputs#

ASM.ExternalService.externally_detected_providersProviders of the external service.unknown

Playbook Image#

Cortex ASM - Enrichment