Skip to main content

Scan and Isolate - XM Cyber

This Playbook is part of the XM Cyber Pack.#

Supported versions

Supported Cortex XSOAR versions: 6.0.0 and later.

An example of playbook using data from XM Cyber to help decide about scanning and isolating a threat


This playbook uses the following sub-playbooks, integrations, and scripts.


  • Isolate Endpoint - Generic V2
  • Endpoint Enrichment By Hostname - XM Cyber
  • Endpoint Enrichment By IP - XM Cyber
  • Scan Assets - Nexpose


This playbook does not use any integrations.


This playbook does not use any scripts.


This playbook does not use any commands.

Playbook Inputs#

There are no inputs for this playbook.

Playbook Outputs#

Traps.IsolateResult.StatusThe status of the isolation operation.string
Nexpose.Scan.StatusThe scan status. Valid values are aborted, unknown, running, finished, stopped, error, paused, dispatched, integratingstring
Nexpose.Scan.AssetsThe number of assets found in the scannumber
Nexpose.Scan.Vulnerabilities.TotalThe total number of vulnerabilities.number
XMCyber.Entity.isAssetEntity is a critical assetboolean
XMCyber.Entity.averageComplexityLevelLevel of the average complexity to compromise this entitystring
XMCyber.Entity.criticalAssetsAtRiskNumber of unique critical assets at risk from this entitynumber

Playbook Image#

Scan and Isolate - XM Cyber