Skip to main content

Expanse Find Cloud IP Address Region and Service

Supported versions

Supported Cortex XSOAR versions: 6.0.0 and later.

Subplaybook for Expanse Enrich Cloud Assets subplaybook. This playbook is used to find the corresponding Public Cloud Region (i.e. AWS us-east-1) and Service (i.e. AWS EC2) for a provided IP Address. It works by correlating the provided IP address with the IP Range Indicators (CIDRs) that can be collected from Public Cloud feeds (i.e. AWS Feed) in XSOAR. CIDR Indicators must be tagged properly using the corresponding tags (i.e. AWS for AWS Feed): tags can be configured in the Feed Integrations and must match the ones provided in the inputs of this playbook. Correlation is done based on the longest match (i.e. smaller CIDR such as /20 range wins over a bigger one such as /16).

Dependencies#

This playbook uses the following sub-playbooks, integrations, and scripts.

Sub-playbooks#

This playbook does not use any sub-playbooks.

Integrations#

This playbook does not use any integrations.

Scripts#

This playbook does not use any scripts.

Commands#

This playbook does not use any commands.

Playbook Inputs#


NameDescriptionDefault ValueRequired
ipIP Address to find.${IP.Address}Required
ProviderCloud Provider (Google,Amazon web services,Microsoft azure) or empty to search in all.Optional
AWSIndicatorTagsTags to search for AWS Indicators.AWSOptional
GCPIndicatorTagsTags to search for GCP Indicators.GCPOptional
AzureIndicatorTagsTags to search for Azure Indicators.AzureOptional

Playbook Outputs#


PathDescriptionType
MatchingCIDRIndicatorMatching CIDR Indicatorunknown

Playbook Image#


Expanse Find Cloud IP Address Region and Service