IP Enrichment - XM Cyber

Supported versions

Supported Cortex XSOAR versions: 6.0.0 and later.

Enrich IP addresses using XM Cyber integration.

  • Resolve IP address to entity
  • Get entity information for IP addresses regarding impact on critical assets and complexity of compromise

Dependencies

This playbook uses the following sub-playbooks, integrations, and scripts.

Sub-playbooks

This playbook does not use any sub-playbooks.

Integrations

  • XMCyber

Scripts

  • IsIntegrationAvailable

Commands

  • ip
  • xmcyber-affected-entities-list
  • xmcyber-affected-critical-assets-list

Playbook Inputs


NameDescriptionDefault ValueRequired
IPThe IP address to enrich.IP.AddressOptional

Playbook Outputs


PathDescriptionType
IPThe IP objects.unknown
DBotScoreIndicator, Score, Type and Vendorunknown
EndpointThe endpoint's object.unknown
Endpoint.HostnameThe hostname to enrich.string
Endpoint.IPA list of endpoint IP addresses.string
Endpoint.OSOS of the device corresponding to the IPstring
XMCyber.Entity.isAssetIs Entity a Critical Assetboolean
XMCyber.Entity.affectedEntitiesNumber of unique entities at risk from this entitynumber
XMCyber.Entity.averageComplexityAverage complexity to compromise this entitynumber
XMCyber.Entity.criticalAssetsAtRiskNumber of unique critical assets at risk from this entitynumber
XMCyber.Entity.averageComplexityLevelLevel of the average complexity to compromise this entitystring
XMCyber.Entity.typeEntity Typestring
XMCyber.Entity.entitiesAtRiskListEntities at risk from this entityunknown
XMCyber.Entity.criticalAssetsAtRiskListCritical assets at risk from this entityunknown

Playbook Image


IP Enrichment - XM Cyber