Skip to main content


This Script is part of the Cortex Attack Surface Management Pack.#

Supported versions

Supported Cortex XSOAR versions: 6.5.0 and later.

For a given alert and remediation path rules that are defined for that alert's attack surface rule, this script takes each remediation path rule and looks at the rule criteria to see if the rule matches for the given alert. If multiple rules match, it will return the most recently created rule. This assumes that the rules passed in are filtered to correlate with the alert's attack surface rule.

Script Data#

Script Typepython3


Argument NameDescription
severityAlert's Severity.
ipAlert's Remote IP.
development_environmentIs this in a development environment?
cloud_managedIs this cloud managed?
service_owner_identifiedHas a service owner been identified?
tagsIncludes Cloud and Xpanse tags
providersExternally Detected Providers
remediation_path_rulesList of remediation path rules for the alert's attack surface rule.


There are no outputs for this script.