Endpoint Enrichment By EntityId - XM Cyber
This Playbook is part of the XM Cyber Pack.#
Supported versions
Supported Cortex XSOAR versions: 6.0.0 and later.
Enrich an endpoint by entityId using XM Cyber integration. Outputs include affected assets, affected entities, complexity of compromise, and more
Dependencies#
This playbook uses the following sub-playbooks, integrations, and scripts.
Sub-playbooks#
This playbook does not use any sub-playbooks.
Integrations#
- XMCyber
Scripts#
- IsIntegrationAvailable
Commands#
- xmcyber-enrich-from-entityId
- xmcyber-affected-critical-assets-list
- xmcyber-affected-entities-list
Playbook Inputs#
| Name | Description | Default Value | Required |
|---|---|---|---|
| EntityId | The entityId of the endpoint to enrich. | Endpoint.EntityId | Optional |
Playbook Outputs#
| Path | Description | Type |
|---|---|---|
| Endpoint | The endpoint object of the endpoint that was enriched. | unknown |
| Endpoint.Hostname | The hostnames of the endpoints that were enriched. | string |
| Endpoint.OS | The operating systems running on the endpoints that were enriched. | string |
| Endpoint.IP | A list of the IP addresses of the endpoints. | string |
| XMCyber.Entity.isAsset | Entity is a critical asset | boolean |
| XMCyber.Entity.affectedEntities | Number of unique entities at risk from this entity | number |
| XMCyber.Entity.averageComplexity | Average complexity to compromise this entity | number |
| XMCyber.Entity.criticalAssetsAtRisk | Number of unique critical assets at risk from this entity | number |
| XMCyber.Entity.averageComplexityLevel | Level of the average complexity to compromise this entity | string |
| XMCyber.Entity.id | XMCyber Entity ID | string |
| XMCyber.Entity.criticalAssetsAtRiskList | Critical assets at risk from this entity | unknown |
| XMCyber.Entity.entitiesAtRiskList | Entities at risk from this entity | unknown |
Playbook Image#
