Skip to main content

Enrich Incident With Asset Details - RiskIQ Digital Footprint

This Playbook is part of the RiskIQ Digital Footprint Pack.#

Supported versions

Supported Cortex XSOAR versions: 5.5.0 and later.

Enriches the incident with asset details and the asset with the incident URL on the RiskIQ Digital Footprint platform. This playbook also sends an email containing the owner's information to the primary or secondary contact of the asset and provides the user with an opportunity to update or remove the asset. Supported integration:

  • RiskIQ Digital Footprint


This playbook uses the following sub-playbooks, integrations, and scripts.


  • Update Or Remove Assets - RiskIQ Digital Footprint


  • RiskIQ Digital Footprint


  • DeleteContext
  • GetServerURL


  • setIncident
  • df-update-assets
  • df-get-asset
  • send-mail

Playbook Inputs#

NameDescriptionDefault ValueRequired
asset_typeType of the asset. Possible values: Domain, Host, IP Address, IP Block, ASN, Page, SSL Cert, Contact. This input supports a single value only.incident.riskiqassettypeRequired
asset_nameName of the asset.incident.riskiqassetnameRequired
skip_manual_tasksSkip the manual tasks and do not prompt for user input. Possible values: "Yes" and "No". The default value is "No".incident.riskiqskipmanualtasksOptional
support_email_addressThe contact email address of the support team from which manual inputs should be fetched.incident.riskiqsupportcontactOptional

Playbook Outputs#

There are no outputs for this playbook.

Playbook Image#

Enrich Incident With Asset Details - RiskIQ Digital Footprint