Scan and Isolate - XM Cyber

Supported versions

Supported Cortex XSOAR versions: 6.0.0 and later.

An example of playbook using data from XM Cyber to help decide about scanning and isolating a threat

Dependencies

This playbook uses the following sub-playbooks, integrations, and scripts.

Sub-playbooks

  • Isolate Endpoint - Generic
  • IP Enrichment - XM Cyber
  • Endpoint Enrichment - XM Cyber
  • Scan Assets - Nexpose

Integrations

This playbook does not use any integrations.

Scripts

This playbook does not use any scripts.

Commands

This playbook does not use any commands.

Playbook Inputs


NameDescriptionDefault ValueRequired
IPThe IP address to enrich.IP.AddressOptional
HostnameThe hostname of the endpoint to enrich.Endpoint.HostnameOptional

Playbook Outputs


PathDescriptionType
Traps.IsolateResult.StatusThe status of the isolation operation.string
Nexpose.Scan.StatusThe scan status. Valid values are aborted, unknown, running, finished, stopped, error, paused, dispatched, integratingstring
Nexpose.Scan.AssetsThe number of assets found in the scannumber
Nexpose.Scan.Vulnerabilities.TotalThe total number of vulnerabilities.number
XMCyber.Entity.isAssetIs Entity a Critical Assetboolean
XMCyber.Entity.averageComplexityLevelLevel of the average complexity to compromise this entitystring
XMCyber.Entity.criticalAssetsAtRiskNumber of unique critical assets at risk from this entitynumber

Playbook Image


Scan and Isolate - XM Cyber