Expanse Find Cloud IP Address Region and Service

Supported versions

Supported Cortex XSOAR versions: 6.0.0 and later.

Subplaybook for Expanse Enrich Cloud Assets subplaybook. This playbook is used to find the corresponding Public Cloud Region (i.e. AWS us-east-1) and Service (i.e. AWS EC2) for a provided IP Address. It works by correlating the provided IP address with the IP Range Indicators (CIDRs) that can be collected from Public Cloud feeds (i.e. AWS Feed) in XSOAR. CIDR Indicators must be tagged properly using the corresponding tags (i.e. AWS for AWS Feed): tags can be configured in the Feed Integrations and must match the ones provided in the inputs of this playbook. Correlation is done based on the longest match (i.e. smaller CIDR such as /20 range wins over a bigger one such as /16).

Dependencies

This playbook uses the following sub-playbooks, integrations, and scripts.

Sub-playbooks

This playbook does not use any sub-playbooks.

Integrations

This playbook does not use any integrations.

Scripts

This playbook does not use any scripts.

Commands

This playbook does not use any commands.

Playbook Inputs


NameDescriptionDefault ValueRequired
ipIP Address to find.${IP.Address}Required
ProviderCloud Provider (Google,Amazon web services,Microsoft azure) or empty to search in all.Optional
AWSIndicatorTagsTags to search for AWS Indicators.AWSOptional
GCPIndicatorTagsTags to search for GCP Indicators.GCPOptional
AzureIndicatorTagsTags to search for Azure Indicators.AzureOptional

Playbook Outputs


PathDescriptionType
MatchingCIDRIndicatorMatching CIDR Indicatorunknown

Playbook Image


Expanse Find Cloud IP Address Region and Service