Supported Cortex XSOAR versions: 6.0.0 and later.
This playbook remediates port scans originating outside of the organization's network.
This playbook uses the following sub-playbooks, integrations, and scripts.
- Block IP - Generic v3
- Indicator Pivoting - DomainTools Iris
- Calculate Severity - Generic v2
- Domain Enrichment - Generic v2
|Whether attacking IPs should be automatically blocked using firewalls.
|The external IP address(es) that initiated the port scan.
|In the event that reverse IP lookup is performed, and a malicious domain is found, setting this to True will automatically block the malicious domains. If set to False, an analyst can manually block the domains.
|All the DBotScores that were calculated, either automatically by auto-reputation or using specific tasks, when the incident was ingested. This is used to calculate the incident severity at a later stage.
There are no outputs for this playbook.