Scan and Isolate - XM Cyber
Supported versions
Supported Cortex XSOAR versions: 6.0.0 and later.
An example of playbook using data from XM Cyber to help decide about scanning and isolating a threat
Dependencies#
This playbook uses the following sub-playbooks, integrations, and scripts.
Sub-playbooks#
- Isolate Endpoint - Generic
- IP Enrichment - XM Cyber
- Endpoint Enrichment - XM Cyber
- Scan Assets - Nexpose
Integrations#
This playbook does not use any integrations.
Scripts#
This playbook does not use any scripts.
Commands#
This playbook does not use any commands.
Playbook Inputs#
| Name | Description | Default Value | Required |
|---|---|---|---|
| IP | The IP address to enrich. | IP.Address | Optional |
| Hostname | The hostname of the endpoint to enrich. | Endpoint.Hostname | Optional |
Playbook Outputs#
| Path | Description | Type |
|---|---|---|
| Traps.IsolateResult.Status | The status of the isolation operation. | string |
| Nexpose.Scan.Status | The scan status. Valid values are aborted, unknown, running, finished, stopped, error, paused, dispatched, integrating | string |
| Nexpose.Scan.Assets | The number of assets found in the scan | number |
| Nexpose.Scan.Vulnerabilities.Total | The total number of vulnerabilities. | number |
| XMCyber.Entity.isAsset | Is Entity a Critical Asset | boolean |
| XMCyber.Entity.averageComplexityLevel | Level of the average complexity to compromise this entity | string |
| XMCyber.Entity.criticalAssetsAtRisk | Number of unique critical assets at risk from this entity | number |
Playbook Image#
