Enter the e-mail address of the person responsible for answering questions related to "Managing security risk"
NCSC Cyber Asssessment Framework
- Details
- Content
- Dependencies
- Version History
- Download With Dependencies
This pack contains an incident type and relevant fields to initiate a self-assessment against the National Cyber Security Centre's Cyber Assessment Framework. All assessment questions are sent via e-mail and the responses also sent via e-mail. The assessments can also be answered within the Cortex XSOAR platform.
PUBLISHER
Adam Burt
INFO
Supported By | Community | |
Created | January 27, 2021 | |
Last Release | December 21, 2021 |
DISCLAIMER
Content packs are licensed by the Publisher identified above and subject to the Publisher’s own licensing terms. Palo Alto Networks is not liable for and does not warrant or support any content pack produced by a third-party Publisher, whether or not such packs are designated as “Palo Alto Networks-certified” or otherwise. For more information, see the Marketplace documentation.Name | Description |
---|---|
CAF Overall Result | |
CAF A Status | |
CAF B Status | |
CAF A Email | |
CAF C Answers | |
CAF D Result Raw | |
CAF C Result Raw | |
CAF D Questions | |
CAF A Answers | |
CAF B Details | |
CAF B Email | Enter the e-mail address of the person responsible for answering questions related to "Protecting against cyber-attack" |
CAF C Email | Enter the e-mail address of the person responsible for answering questions related to "Detecting cyber security events" |
CAF D Status | |
CAF D Email | Enter the e-mail address of the person responsible for answering questions related to "Minimising the impact of cyber security incidents" |
CAF B Achievement | |
CAF B Result | |
CAF A Achievement | |
CAF D Answers | |
CAF A Questions | |
CAF D Result | |
CAF B Questions | |
CAF C Achievement | |
CAF C Details | |
CAF B Result Raw | |
CAF D Achievement | |
NCSC Assessment Status | |
CAF C Result | |
CAF C Status | |
CAF B Answers | |
CAF A Details | |
CAF A Result Raw | |
CAF C Questions | |
CAF D Details | |
CAF A Result | |
CAF Regulator Email | The e-mail address of the regulator or assessor of this assessment |
Name | Description |
---|---|
NCSC CAF Assessment | This playbook executes automatically as part of the NCSC Assessment Incident Type. It will send the relevant questions (via e-mail) to each participant and generate the assessment results. |
Name | Description |
---|---|
NCSC CAF Assessment |
Name | Description |
---|---|
NCSC CAF Assessment |
Name | Description |
---|---|
NCSCFieldProtection | This script protects the fields associated with the assessment from accidental modification. |
NCSCReportDetails_A | This script generates the report details for the individual CAF Section. This automation runs using the default Limited User role, unless you explicitly change the permissions. |
EntryWidgetNCSCResultsA | This script populates results for the dynamic content shown in the incident layout. |
NCSCReportOverview | This script generates the report details for the individual CAF Section. This automation runs using the default Limited User role, unless you explicitly change the permissions. |
NCSCReportDetails_D | This script generates the report details for the individual CAF Section. This automation runs using the default Limited User role, unless you explicitly change the permissions. |
EntryWidgetNCSCResultsB | This script populates results for the dynamic content shown in the incident layout. |
EntryWidgetNCSCResultsC | This script populates results for the dynamic content shown in the incident layout. |
NCSCReportDetails | This script generates the report details used in the final report. This automation runs using the default Limited User role, unless you explicitly change the permissions. |
NCSCReportDetails_B | This script generates the report details for the individual CAF Section. This automation runs using the default Limited User role, unless you explicitly change the permissions. |
NCSCQuestionPopulate | Populate a list named "NCSC CAF Assessment" with a list of the NCSC Questions. |
EntryWidgetNCSCResultsD | This script populates results for the dynamic content shown in the incident layout. |
NCSCCalculateQuestionsScore | This script calculates the score based on the question and answer responses. |
NCSCReportDetails_C | This script generates the report details for the individual CAF Section. This automation runs using the default Limited User role, unless you explicitly change the permissions. |
Name | Description |
---|---|
NCSC Assessment | This if the final report generated when all CAF section questions are answered. |
Pack Name | Pack By |
---|---|
GetServerURL | By: Cortex XSOAR |
Base | By: Cortex XSOAR |
CommonScripts | By: Cortex XSOAR |
DemistoRESTAPI | By: Cortex XSOAR |
Pack Name | Pack By |
---|
Scripts
Multiple Scrips Changes:
Added reference to required permissions in automation's description and README.
- NCSCReportOverview
- NCSCReportDetails
- NCSCReportDetails_A
- NCSCReportDetails_B
- NCSCReportDetails_C
- NCSCReportDetails_D
Incident Fields
- CAF D Status
- Maintenance and stability enhancements.
- CAF D Achievement
- Maintenance and stability enhancements.
- CAF C Achievement
- Maintenance and stability enhancements.
- CAF B Status
- Maintenance and stability enhancements.
- CAF A Status
- Maintenance and stability enhancements.
- CAF C Status
- Maintenance and stability enhancements.
- CAF A Achievement
- Maintenance and stability enhancements.
- CAF Overall Result
- Maintenance and stability enhancements.
- CAF B Achievement
- Maintenance and stability enhancements.
Scripts
Breaking Change The following breaking change applies for organizations that implement pre-set roles on their incidents:
DBotRole has been removed from these automations. This change will affect any playbook that is dependent on, or runs, these automations.
These automations will now run using the default Limited User role, unless you explicitly change the permissions.
For more information, see the section about permissions here:
https://docs.paloaltonetworks.com/cortex/cortex-xsoar/6-2/cortex-xsoar-admin/playbooks/automations.html
- ##### NCSCReportDetails_A
- ##### NCSCReportDetails_B
- ##### NCSCReportOverview
- ##### NCSCReportDetails
- ##### NCSCReportDetails_D
- ##### NCSCReportDetails_C
Scripts
EntryWidgetNCSCResultsA
- Updated the Docker image to: demisto/python3:3.9.7.24076.
EntryWidgetNCSCResultsB
- Updated the Docker image to: demisto/python3:3.9.7.24076.
EntryWidgetNCSCResultsC
- Updated the Docker image to: demisto/python3:3.9.7.24076.
EntryWidgetNCSCResultsD
- Updated the Docker image to: demisto/python3:3.9.7.24076.
NCSCCalculateQuestionsScore
- Updated the Docker image to: demisto/python3:3.9.7.24076.
NCSCFieldProtection
- Updated the Docker image to: demisto/python3:3.9.7.24076.
NCSCQuestionPopulate
- Updated the Docker image to: demisto/python3:3.9.7.24076.
NCSCReportDetails
- Updated the Docker image to: demisto/python3:3.9.7.24076.
NCSCReportDetails_A
- Updated the Docker image to: demisto/python3:3.9.7.24076.
NCSCReportDetails_B
- Updated the Docker image to: demisto/python3:3.9.7.24076.
NCSCReportDetails_C
- Updated the Docker image to: demisto/python3:3.9.7.24076.
NCSCReportDetails_D
- Updated the Docker image to: demisto/python3:3.9.7.24076.
NCSCReportOverview
- Updated the Docker image to: demisto/python3:3.9.7.24076.
Layouts
NCSC CAF Assessment
- Updated the script IDs in the layoutscontainer-NCSC_CAF_Assessment to the relevant script IDs.
Scripts
NCSCReportDetails_D
- Updated the script to execute using the DBot role.
- Upgraded the Docker image to: demisto/python3:3.9.5.21272.
NCSCReportDetails_B
- Updated the script to execute using the DBot role.
- Upgraded the Docker image to: demisto/python3:3.9.5.21272.
NCSCReportDetails
- Updated the script to execute using the DBot role.
- Upgraded the Docker image to: demisto/python3:3.9.5.21272.
NCSCReportOverview
- Updated the script to execute using the DBot role.
- Upgraded the Docker image to: demisto/python3:3.9.5.21272.
NCSCReportDetails_C
- Updated the script to execute using the DBot role.
- Upgraded the Docker image to: demisto/python3:3.9.5.21272.
NCSCReportDetails_A
- Updated the script to execute using the DBot role.
- Upgraded the Docker image to: demisto/python3:3.9.5.21272.
This pack contains an incident type and relevant fields to initiate a self-assessment against the National Cyber Security Centre's Cyber Assessment Framework.
All assessment questions are sent via e-mail and the responses also sent via e-mail. The assessments can also be answered within the Cortex XSOAR platform.