ExpanseEnrichAttribution

Supported versions

Supported Cortex XSOAR versions: 6.0.0 and later.

This script can be used to enrich context generated by ExpanseAggregateAttribution* scripts with additional details

Script Data


NameDescription
Script Typepython3
Tags
Demisto Version6.0.0

Used In


This script is used in the following playbooks and scripts.

  • Expanse Attribution Subplaybook

Inputs


Argument NameDescription
enrichList of entries to extract additional data from.
enrich_keyPrimary key in the enrichment entries to match against primary key in the attribution data structure.
currentCurrent attribution data structure.
typeWhat attribution structure to enrich.
enrich_fieldscomma separated list of fields to take enrichment details from.

Outputs


PathDescriptionType
Expanse.AttributionIP.ipIP addressstring
Expanse.AttributionIP.privateIs the IP private?boolean
Expanse.AttributionIP.sightingsNumber of sessions seen on this devicenumber
Expanse.AttributionDevice.serialSerial Number of the devicestring
Expanse.AttributionDevice.vsysVSYS of the devicestring
Expanse.AttributionDevice.device-groupDevice Group inside Panoramastring
Expanse.AttributionDevice.exposing_serviceIs the device exposing the asset?boolean
Expanse.AttributionDevice.sightingsNumber of sessions seen on this devicenumber
Expanse.AttributionUser.usernameUsername of the userstring
Expanse.AttributionUser.domainDomain of the userstring
Expanse.AttributionUser.groupsList of groups the user is member ofUnknown
Expanse.AttributionUser.display-nameDisplay Namestring
Expanse.AttributionUser.descriptionDescription of the userstring
Expanse.AttributionUser.sightingsNumber of sessions seen on this devicenumber