Skip to main content

Endpoint Enrichment By Hostname - XM Cyber

This Playbook is part of the XM Cyber Pack.#

Supported versions

Supported Cortex XSOAR versions: 6.0.0 and later.

Enrich an endpoint by entityId using XM Cyber integration. Outputs include affected assets, affected entities, complexity of compromise, and more

Dependencies#

This playbook uses the following sub-playbooks, integrations, and scripts.

Sub-playbooks#

This playbook does not use any sub-playbooks.

Integrations#

  • XMCyber

Scripts#

  • IsIntegrationAvailable

Commands#

  • xmcyber-enrich-from-hostname
  • xmcyber-affected-critical-assets-list
  • xmcyber-affected-entities-list

Playbook Inputs#


NameDescriptionDefault ValueRequired
HostnameThe hostname of the endpoint to enrich.Endpoint.HostnameOptional

Playbook Outputs#


PathDescriptionType
EndpointThe endpoint object of the endpoint that was enriched.unknown
Endpoint.HostnameThe hostnames of the endpoints that were enriched.string
Endpoint.OSThe operating systems running on the endpoints that were enriched.string
Endpoint.IPA list of the IP addresses of the endpoints.string
XMCyber.Entity.isAssetEntity is a critical assetboolean
XMCyber.Entity.affectedEntitiesNumber of unique entities at risk from this entitynumber
XMCyber.Entity.averageComplexityAverage complexity to compromise this entitynumber
XMCyber.Entity.criticalAssetsAtRiskNumber of unique critical assets at risk from this entitynumber
XMCyber.Entity.averageComplexityLevelLevel of the average complexity to compromise this entitystring
XMCyber.Entity.idXMCyber Entity IDstring
XMCyber.Entity.criticalAssetsAtRiskListCritical assets at risk from this entityunknown
XMCyber.Entity.entitiesAtRiskListEntities at risk from this entityunknown

Playbook Image#


Endpoint Enrichment By Hostname - XM Cyber