Enter the e-mail address of the person responsible for answering questions related to "Minimising the impact of cyber security incidents"
NCSC Cyber Asssessment Framework
- Details
- Content
- Dependencies
- Version History
This pack contains an incident type and relevant fields to initiate a self-assessment against the National Cyber Security Centre's Cyber Assessment Framework. All assessment questions are sent via e-mail and the responses also sent via e-mail. The assessments can also be answered within the Cortex XSOAR platform.
Layouts
| Name | Description |
|---|---|
NCSC CAF Assessment |
Incident Fields
| Name | Description |
|---|---|
CAF B Result | |
CAF D Email | |
CAF A Result Raw | |
CAF D Answers | |
CAF C Email | Enter the e-mail address of the person responsible for answering questions related to "Detecting cyber security events" |
CAF Overall Result | |
CAF D Result Raw | |
CAF B Result Raw | |
CAF A Questions | |
CAF C Achievement | |
CAF A Answers | |
NCSC Assessment Status | |
CAF D Achievement | |
CAF B Status | |
CAF B Answers | |
CAF D Questions | |
CAF C Result Raw | |
CAF C Questions | |
CAF B Details | |
CAF Regulator Email | The e-mail address of the regulator or assessor of this assessment |
CAF D Result | |
CAF A Status | |
CAF A Achievement | |
CAF A Details | |
CAF C Status | |
CAF D Status | |
CAF B Achievement | |
CAF A Email | Enter the e-mail address of the person responsible for answering questions related to "Managing security risk" |
CAF D Details | |
CAF B Email | Enter the e-mail address of the person responsible for answering questions related to "Protecting against cyber-attack" |
CAF C Result | |
CAF C Details | |
CAF C Answers | |
CAF B Questions | |
CAF A Result |
Automations
| Name | Description |
|---|---|
EntryWidgetNCSCResultsD | This script populates results for the dynamic content shown in the incident layout. |
| NCSCReportDetails_D | This script generates the report details for the individual CAF Section. This automation runs using the default Limited User role, unless you explicitly change the permissions. |
EntryWidgetNCSCResultsA | This script populates results for the dynamic content shown in the incident layout. |
| NCSCReportOverview | This script generates the report details for the individual CAF Section. This automation runs using the default Limited User role, unless you explicitly change the permissions. |
| NCSCReportDetails_C | This script generates the report details for the individual CAF Section. This automation runs using the default Limited User role, unless you explicitly change the permissions. |
NCSCQuestionPopulate | Populate a list named "NCSC CAF Assessment" with a list of the NCSC Questions. |
NCSCCalculateQuestionsScore | This script calculates the score based on the question and answer responses. |
NCSCFieldProtection | This script protects the fields associated with the assessment from accidental modification. |
| NCSCReportDetails_B | This script generates the report details for the individual CAF Section. This automation runs using the default Limited User role, unless you explicitly change the permissions. |
| NCSCReportDetails_A | This script generates the report details for the individual CAF Section. This automation runs using the default Limited User role, unless you explicitly change the permissions. |
| NCSCReportDetails | This script generates the report details used in the final report. This automation runs using the default Limited User role, unless you explicitly change the permissions. |
EntryWidgetNCSCResultsC | This script populates results for the dynamic content shown in the incident layout. |
EntryWidgetNCSCResultsB | This script populates results for the dynamic content shown in the incident layout. |
Incident Types
| Name | Description |
|---|---|
NCSC CAF Assessment |
Report
| Name | Description |
|---|---|
NCSC Assessment | This if the final report generated when all CAF section questions are answered. |
Playbooks
| Name | Description |
|---|---|
NCSC CAF Assessment | This playbook executes automatically as part of the NCSC Assessment Incident Type. It will send the relevant questions (via e-mail) to each participant and generate the assessment results. |
Incident Fields
| Name | Description |
|---|---|
CAF B Result | |
CAF D Email | Enter the e-mail address of the person responsible for answering questions related to "Minimising the impact of cyber security incidents" |
CAF A Result Raw | |
CAF D Answers | |
CAF C Email | Enter the e-mail address of the person responsible for answering questions related to "Detecting cyber security events" |
CAF Overall Result | |
CAF D Result Raw | |
CAF B Result Raw | |
CAF A Questions | |
CAF C Achievement | |
CAF A Answers | |
NCSC Assessment Status | |
CAF D Achievement | |
CAF B Status | |
CAF B Answers | |
CAF D Questions | |
CAF C Result Raw | |
CAF C Questions | |
CAF B Details | |
CAF Regulator Email | The e-mail address of the regulator or assessor of this assessment |
CAF D Result | |
CAF A Status | |
CAF A Achievement | |
CAF A Details | |
CAF C Status | |
CAF D Status | |
CAF B Achievement | |
CAF A Email | Enter the e-mail address of the person responsible for answering questions related to "Managing security risk" |
CAF D Details | |
CAF B Email | Enter the e-mail address of the person responsible for answering questions related to "Protecting against cyber-attack" |
CAF C Result | |
CAF C Details | |
CAF C Answers | |
CAF B Questions | |
CAF A Result |
Automations
| Name | Description |
|---|---|
EntryWidgetNCSCResultsD | This script populates results for the dynamic content shown in the incident layout. |
| NCSCReportDetails_D | This script generates the report details for the individual CAF Section. This automation runs using the default Limited User role, unless you explicitly change the permissions. |
EntryWidgetNCSCResultsA | This script populates results for the dynamic content shown in the incident layout. |
| NCSCReportOverview | This script generates the report details for the individual CAF Section. This automation runs using the default Limited User role, unless you explicitly change the permissions. |
| NCSCReportDetails_C | This script generates the report details for the individual CAF Section. This automation runs using the default Limited User role, unless you explicitly change the permissions. |
NCSCQuestionPopulate | Populate a list named "NCSC CAF Assessment" with a list of the NCSC Questions. |
NCSCCalculateQuestionsScore | This script calculates the score based on the question and answer responses. |
NCSCFieldProtection | This script protects the fields associated with the assessment from accidental modification. |
| NCSCReportDetails_B | This script generates the report details for the individual CAF Section. This automation runs using the default Limited User role, unless you explicitly change the permissions. |
| NCSCReportDetails_A | This script generates the report details for the individual CAF Section. This automation runs using the default Limited User role, unless you explicitly change the permissions. |
| NCSCReportDetails | This script generates the report details used in the final report. This automation runs using the default Limited User role, unless you explicitly change the permissions. |
EntryWidgetNCSCResultsC | This script populates results for the dynamic content shown in the incident layout. |
EntryWidgetNCSCResultsB | This script populates results for the dynamic content shown in the incident layout. |
Incident Types
| Name | Description |
|---|---|
NCSC CAF Assessment |
Playbooks
| Name | Description |
|---|---|
NCSC CAF Assessment | This playbook executes automatically as part of the NCSC Assessment Alert Type. It will send the relevant questions (via e-mail) to each participant and generate the assessment results. |
Required Content Packs (2)
| Pack Name | Pack By |
|---|---|
| Base | By: Cortex XSOAR |
| Common Scripts | By: Cortex XSOAR |
Optional Content Packs (0)
| Pack Name | Pack By |
|---|
All level dependencies (3)
| Pack Name | Pack By |
|---|---|
| Cortex REST API | By: Cortex XSOAR |
| Common Scripts | By: Cortex XSOAR |
| Base | By: Cortex XSOAR |
1.1.4 - R5866730 (July 25, 2023)
- 23716
Download
Scripts
NCSCReportOverview
- Updated the Docker image to: demisto/python3:3.10.10.48392.
- Documentation and metadata improvements.
NCSCReportDetails_D
- Updated the Docker image to: demisto/python3:3.10.10.48392.
- Documentation and metadata improvements.
NCSCReportDetails_C
- Updated the Docker image to: demisto/python3:3.10.10.48392.
- Documentation and metadata improvements.
NCSCReportDetails
- Updated the Docker image to: demisto/python3:3.10.10.48392.
- Documentation and metadata improvements.
NCSCReportDetails_A
- Updated the Docker image to: demisto/python3:3.10.10.48392.
- Documentation and metadata improvements.
NCSCReportDetails_B
- Updated the Docker image to: demisto/python3:3.10.10.48392.
- Documentation and metadata improvements.
- 23716
Download
1.1.2 - R4001473 (November 9, 2022)
1.1.1 - 1959372 (November 16, 2021)
Incident Fields
- CAF D Status
- Maintenance and stability enhancements.
- CAF D Achievement
- Maintenance and stability enhancements.
- CAF C Achievement
- Maintenance and stability enhancements.
- CAF B Status
- Maintenance and stability enhancements.
- CAF A Status
- Maintenance and stability enhancements.
- CAF C Status
- Maintenance and stability enhancements.
- CAF A Achievement
- Maintenance and stability enhancements.
- CAF Overall Result
- Maintenance and stability enhancements.
- CAF B Achievement
- Maintenance and stability enhancements.
1.1.0 - 1882648 (November 2, 2021)
Scripts
Breaking Change The following breaking change applies for organizations that implement pre-set roles on their incidents:
DBotRole has been removed from these automations. This change will affect any playbook that is dependent on, or runs, these automations.
These automations will now run using the default Limited User role, unless you explicitly change the permissions.
For more information, see the section about permissions here:
https://docs.paloaltonetworks.com/cortex/cortex-xsoar/6-2/cortex-xsoar-admin/playbooks/automations.html
- ##### NCSCReportDetails_A
- ##### NCSCReportDetails_B
- ##### NCSCReportOverview
- ##### NCSCReportDetails
- ##### NCSCReportDetails_D
- ##### NCSCReportDetails_C
1.0.3 - 7772209 (September 25, 2021)
Scripts
EntryWidgetNCSCResultsA
- Updated the Docker image to: demisto/python3:3.9.7.24076.
EntryWidgetNCSCResultsB
- Updated the Docker image to: demisto/python3:3.9.7.24076.
EntryWidgetNCSCResultsC
- Updated the Docker image to: demisto/python3:3.9.7.24076.
EntryWidgetNCSCResultsD
- Updated the Docker image to: demisto/python3:3.9.7.24076.
NCSCCalculateQuestionsScore
- Updated the Docker image to: demisto/python3:3.9.7.24076.
NCSCFieldProtection
- Updated the Docker image to: demisto/python3:3.9.7.24076.
NCSCQuestionPopulate
- Updated the Docker image to: demisto/python3:3.9.7.24076.
NCSCReportDetails
- Updated the Docker image to: demisto/python3:3.9.7.24076.
NCSCReportDetails_A
- Updated the Docker image to: demisto/python3:3.9.7.24076.
NCSCReportDetails_B
- Updated the Docker image to: demisto/python3:3.9.7.24076.
NCSCReportDetails_C
- Updated the Docker image to: demisto/python3:3.9.7.24076.
NCSCReportDetails_D
- Updated the Docker image to: demisto/python3:3.9.7.24076.
NCSCReportOverview
- Updated the Docker image to: demisto/python3:3.9.7.24076.
PUBLISHER
PLATFORMS
Cortex XSOARCortex XSIAM
INFO
| Supported By | Community | |
| Created | January 27, 2021 | |
| Last Release | July 25, 2023 |
Compliance