Cymptom is a Breach and Attack Simulation solution that revolutionizes the existing approach by transforming attack simulation into a data analysis question. Cymptom agentless scanning brings real-time always-on visibility into the entire security posture. This integration was integrated and tested with version 0.3.4 of Cymptom.

Configure Cymptom on Cortex XSOAR#

  1. Navigate to Settings > Integrations > Servers & Services.

  2. Search for Cymptom.

  3. Click Add instance to create and configure a new integration instance.

    urlManagement URL (for ex:
    api_keyAPI keyTrue
    is_fetchFetch incidentsFalse
    proxyUse system proxy settingsFalse
    insecureTrust any certificate (not secure)False
    first_fetchFirst fetch time range (<number> <time unit>, e.g., 1 hour, 30 minutes). Default is "3 days"False
  4. Click Test to validate the URLs, token, and connection.


You can execute these commands from the Cortex XSOAR CLI, as part of an automation, or in a playbook. After you successfully execute a command, a DBot message appears in the War Room with the command details.


This command returns mitigations recommended by Cymptom

Base Command#



Argument NameDescriptionRequired
timeoutTimeout for operation. Default is 60.Optional

Context Output#

Cymptom.Mitigations.SeverityTypeStringThe severity of the mitigation
Cymptom.Mitigations.NameStringThe name of the mitigation
Cymptom.Mitigations.AttackVectorsUsedPercentageStringThe percentage of attack vectors used that can be mitigated
Cymptom.Mitigations.IDStringThe mitigation's ID
Cymptom.Mitigations.AttackVectorsCountnumberThe attack vectors counts that can be mitigated
Cymptom.Mitigations.TechniquesunknownTechniques relevant for this mitigation

Command Example#


Human Readable Output#

IDNameSeverity TypeAttack Vectors Use PercentageAttack Vectors CountTechniques
3936Steal or Forge Kerberos TicketsCritical21.16299Encrypt Sensitive Information,
Privileged Account Management,
Active Directory Configuration,
Password Policies


This command returns users with cracked password


Argument NameDescriptionRequired
timeoutTimeout for operation. Default is 60.Optional
privilegedReturn only privileged (Domain Admin or Local Admin) or unprivileged users. Default is True.Optional

Context Output#

Cymptom.CrackedUsers.UsernameStringUsername of users with cracked passwords

Context Example#


Command Example#

!cymptom-get-users-with-cracked-passwords privileged=False

Human Readable Output#

Unprivileged Users With Cracked Passwords#