Skip to main content

NMAP - Banner Check

This Playbook is part of the Nmap Pack.#

Supported versions

Supported Cortex XSOAR versions: 6.5.0 and later.

Sub-playbook that performs an Nmap scan and compares the results against a regular expression for a match. This could be used to look for OpenSSH versions or other OS information found in the banner.

Dependencies#

This playbook uses the following sub-playbooks, integrations, and scripts.

Sub-playbooks#

This playbook does not use any sub-playbooks.

Integrations#

NMAP

Scripts#

Set

Commands#

nmap-scan

Playbook Inputs#


NameDescriptionDefault ValueRequired
RemoteIPRemote IP address in an incident/alert.Required
RemotePortRemote port number in incident/alertRequired
RegexRegular expression to compare against the banner for a match.Required
NMAPOptionsOptions to be used for the Nmap scan. (We do "--script=banner -p\<RemotePort>" by default and recommend using "-Pn" to skip the ping check.)Optional

Playbook Outputs#


PathDescriptionType
ScanResultThe results of the scan (if done)unknown
ScanDoneWhether a scan was actually performed (based on subtypes).unknown
NMAP.ScanNmap scan data.unknown

Playbook Image#


NMAP - Banner Check