ExpanseEnrichAttribution
This Script is part of the Cortex Xpanse by Palo Alto Networks (Deprecated) Pack.#
Deprecated
No available replacement.
This script can be used to enrich context generated by ExpanseAggregateAttribution* scripts with additional details
Script Data#
| Name | Description |
|---|---|
| Script Type | python3 |
| Tags | |
| Cortex XSOAR Version | 6.0.0 |
Used In#
This script is used in the following playbooks and scripts.
- Expanse Attribution Subplaybook
Inputs#
| Argument Name | Description |
|---|---|
| enrich | List of entries to extract additional data from. |
| enrich_key | Primary key in the enrichment entries to match against primary key in the attribution data structure. |
| current | Current attribution data structure. |
| type | What attribution structure to enrich. |
| enrich_fields | comma separated list of fields to take enrichment details from. |
Outputs#
| Path | Description | Type |
|---|---|---|
| Expanse.AttributionIP.ip | IP address | string |
| Expanse.AttributionIP.private | Is the IP private? | boolean |
| Expanse.AttributionIP.sightings | Number of sessions seen on this device | number |
| Expanse.AttributionDevice.serial | Serial Number of the device | string |
| Expanse.AttributionDevice.vsys | VSYS of the device | string |
| Expanse.AttributionDevice.device-group | Device Group inside Panorama | string |
| Expanse.AttributionDevice.exposing_service | Is the device exposing the asset? | boolean |
| Expanse.AttributionDevice.sightings | Number of sessions seen on this device | number |
| Expanse.AttributionUser.username | Username of the user | string |
| Expanse.AttributionUser.domain | Domain of the user | string |
| Expanse.AttributionUser.groups | List of groups the user is member of | Unknown |
| Expanse.AttributionUser.display-name | Display Name | string |
| Expanse.AttributionUser.description | Description of the user | string |
| Expanse.AttributionUser.sightings | Number of sessions seen on this device | number |