Skip to main content

Scan and Isolate - XM Cyber

This Playbook is part of the XM Cyber Pack.#

Supported versions

Supported Cortex XSOAR versions: 6.0.0 and later.

An example of playbook using data from XM Cyber to help decide about scanning and isolating a threat

Dependencies#

This playbook uses the following sub-playbooks, integrations, and scripts.

Sub-playbooks#

  • Isolate Endpoint - Generic
  • IP Enrichment - XM Cyber
  • Endpoint Enrichment - XM Cyber
  • Scan Assets - Nexpose

Integrations#

This playbook does not use any integrations.

Scripts#

This playbook does not use any scripts.

Commands#

This playbook does not use any commands.

Playbook Inputs#


NameDescriptionDefault ValueRequired
IPThe IP address to enrich.IP.AddressOptional
HostnameThe hostname of the endpoint to enrich.Endpoint.HostnameOptional

Playbook Outputs#


PathDescriptionType
Traps.IsolateResult.StatusThe status of the isolation operation.string
Nexpose.Scan.StatusThe scan status. Valid values are aborted, unknown, running, finished, stopped, error, paused, dispatched, integratingstring
Nexpose.Scan.AssetsThe number of assets found in the scannumber
Nexpose.Scan.Vulnerabilities.TotalThe total number of vulnerabilities.number
XMCyber.Entity.isAssetIs Entity a Critical Assetboolean
XMCyber.Entity.averageComplexityLevelLevel of the average complexity to compromise this entitystring
XMCyber.Entity.criticalAssetsAtRiskNumber of unique critical assets at risk from this entitynumber

Playbook Image#


Scan and Isolate - XM Cyber