Skip to main content

Endpoint Enrichment By IP - XM Cyber

This Playbook is part of the XM Cyber Pack.#

Supported versions

Supported Cortex XSOAR versions: 6.0.0 and later.

Enrich an endpoint by IP addresses using XM Cyber integration.

  • Resolve IP address to entity
  • Get entity information for IP addresses regarding impact on critical assets and complexity of compromise


This playbook uses the following sub-playbooks, integrations, and scripts.


This playbook does not use any sub-playbooks.


  • XMCyber


  • IsIntegrationAvailable


  • xmcyber-enrich-from-ip
  • xmcyber-affected-entities-list
  • xmcyber-affected-critical-assets-list

Playbook Inputs#

NameDescriptionDefault ValueRequired
IPThe IP address to enrich.IP.AddressOptional

Playbook Outputs#

EndpointThe endpoint's object.unknown
Endpoint.HostnameThe hostname to enrich.string
Endpoint.IPA list of endpoint IP addresses.string
Endpoint.OSOS of the device corresponding to the IPstring
XMCyber.Entity.isAssetEntity is a critical assetboolean
XMCyber.Entity.affectedEntitiesNumber of unique entities at risk from this entitynumber
XMCyber.Entity.averageComplexityAverage complexity to compromise this entitynumber
XMCyber.Entity.criticalAssetsAtRiskNumber of unique critical assets at risk from this entitynumber
XMCyber.Entity.averageComplexityLevelLevel of the average complexity to compromise this entitystring
XMCyber.Entity.typeEntity Typestring
XMCyber.Entity.entitiesAtRiskListEntities at risk from this entityunknown
XMCyber.Entity.criticalAssetsAtRiskListCritical assets at risk from this entityunknown

Playbook Image#

Endpoint Enrichment By IP - XM Cyber