Cortex Xpanse

Integration to pull assets and other ASM related information.

Vulnerability Management · Cortex Xpanse

Configuration parameters

  • url — Server URL (required)
  • credentials — API Key ID (required)
  • insecure — Trust any certificate (not secure)
  • proxy — Use system proxy settings
  • isFetch — Fetch incidents
  • incidentFetchInterval — Incidents Fetch Interval
  • incidentType — Incident type
  • max_fetch — Maximum number of alerts per fetch
  • first_fetch — First fetch timestamp (<number> <time unit>, e.g., 12 hours, 7 days)
  • severity — Alert Severities to Fetch
  • status — Alert Statuses to fetch
  • tags — Fetch alerts with tags (comma separated string)
  • integration_reliability — Source Reliability
  • search_limit — Search Limit
  • look_back — Advanced: Minutes to look back when fetching (Warning: exceeding 720 could lead to issues with fetching)

Commands (21)

  • asm-add-note-to-asset

    Adds a note to an asset in Xpanse.

  • asm-get-asset-internet-exposure

    Get internet exposure asset details according to the asset ID.

  • asm-get-attack-surface-rule

    Fetches attack surface rules related to how Cortex Xpanse does assessment.

  • asm-get-external-ip-address-range

    Get the external IP address range details according to the range IDs.

  • asm-get-external-service

    Get service details according to the service ID.

  • asm-get-incident

    Returns additional details about a specific incident.

  • asm-list-alerts

    Get a list of all your ASM alerts filtered by alert IDs, severity and/or creation time. Can also sort by creation time or severity. Maximum result limit is 100 assets.

  • asm-list-asset-internet-exposure

    Get a list of all your internet exposures filtered by IP address, domain, type, asm id, IPv6 address, AWS/GCP/Azure tags, has XDR agent, Externally detected providers, Externally inferred cves, Business units list, has BU overrides and/or if there is an active external service. Maximum result limit is 100 assets.

  • asm-list-external-ip-address-range

    Get a list of all your internet exposures filtered by business units and organization handles. Maximum result limit is 100 ranges.

  • asm-list-external-service

    Get a list of all your external services filtered by business units, externally detected providers, domain, externally inferred CVEs, active classifications, inactive classifications, service name, service type, protocol, IP address, is active, and discovery type. Maximum result limit is 100 assets.

  • asm-list-external-websites

    Get external websites assets.

  • asm-list-incidents

    Fetches ASM incidents that match provided filters. Incidents are an aggregation of related alerts. Note: Incident IDs may also be references as "Case IDs' elsewhere in the API.

  • asm-reset-last-run

    Resets the fetch incidents last run value, which resets the fetch to its initial fetch state.

  • asm-tag-asset-assign

    Assigns tags to a list of assets.

  • asm-tag-asset-remove

    Removes tags from a list of assets.

  • asm-tag-range-assign

    Assigns tags to a list of IP ranges.

  • asm-tag-range-remove

    Removes tags from a list of IP ranges.

  • asm-update-alerts

    Updates the state of one or more alerts.

  • asm-update-incident

    Updates a given incident. Can be used to modify the status, severity, assignee, or add comments.

  • domain Deprecated

    (Deprecated) Returns enrichment for a domain.

  • ip Deprecated

    (Deprecated) Returns enrichment for an IP address.