Endpoint Enrichment - XM Cyber

Supported versions

Supported Cortex XSOAR versions: 6.0.0 and later.

Enrich an endpoint by hostname using XM Cyber integration. Outputs include affected assets, affected entities, complexity of compromise, and more

Dependencies

This playbook uses the following sub-playbooks, integrations, and scripts.

Sub-playbooks

This playbook does not use any sub-playbooks.

Integrations

  • XMCyber

Scripts

  • IsIntegrationAvailable

Commands

  • hostname
  • xmcyber-affected-critical-assets-list
  • xmcyber-affected-entities-list

Playbook Inputs


NameDescriptionDefault ValueRequired
HostnameThe hostname of the endpoint to enrich.Endpoint.HostnameOptional

Playbook Outputs


PathDescriptionType
EndpointThe endpoint object of the endpoint that was enriched.unknown
Endpoint.HostnameThe hostnames of the endpoints that were enriched.string
Endpoint.OSThe operating systems running on the endpoints that were enriched.string
Endpoint.IPA list of the IP addresses of the endpoints.string
XMCyber.Entity.isAssetIs Entity a Critical Assetboolean
XMCyber.Entity.affectedEntitiesNumber of unique entities at risk from this entitynumber
XMCyber.Entity.averageComplexityAverage complexity to compromise this entitynumber
XMCyber.Entity.criticalAssetsAtRiskNumber of unique critical assets at risk from this entitynumber
XMCyber.Entity.averageComplexityLevelLevel of the average complexity to compromise this entitystring
XMCyber.Entity.idXMCyber Entity IDstring
XMCyber.Entity.criticalAssetsAtRiskListCritical assets at risk from this entityunknown
XMCyber.Entity.entitiesAtRiskListEntities at risk from this entityunknown

Playbook Image


Endpoint Enrichment - XM Cyber