Skip to main content

Endpoint Enrichment - XM Cyber

This Playbook is part of the XM Cyber Pack.#

Supported versions

Supported Cortex XSOAR versions: 6.0.0 and later.

Enrich an endpoint by hostname using XM Cyber integration. Outputs include affected assets, affected entities, complexity of compromise, and more


This playbook uses the following sub-playbooks, integrations, and scripts.


This playbook does not use any sub-playbooks.


  • XMCyber


  • IsIntegrationAvailable


  • hostname
  • xmcyber-affected-critical-assets-list
  • xmcyber-affected-entities-list

Playbook Inputs#

NameDescriptionDefault ValueRequired
HostnameThe hostname of the endpoint to enrich.Endpoint.HostnameOptional

Playbook Outputs#

EndpointThe endpoint object of the endpoint that was enriched.unknown
Endpoint.HostnameThe hostnames of the endpoints that were enriched.string
Endpoint.OSThe operating systems running on the endpoints that were enriched.string
Endpoint.IPA list of the IP addresses of the endpoints.string
XMCyber.Entity.isAssetIs Entity a Critical Assetboolean
XMCyber.Entity.affectedEntitiesNumber of unique entities at risk from this entitynumber
XMCyber.Entity.averageComplexityAverage complexity to compromise this entitynumber
XMCyber.Entity.criticalAssetsAtRiskNumber of unique critical assets at risk from this entitynumber
XMCyber.Entity.averageComplexityLevelLevel of the average complexity to compromise this entitystring
XMCyber.Entity.idXMCyber Entity IDstring
XMCyber.Entity.criticalAssetsAtRiskListCritical assets at risk from this entityunknown
XMCyber.Entity.entitiesAtRiskListEntities at risk from this entityunknown

Playbook Image#

Endpoint Enrichment - XM Cyber