CTM360_CyberBlindspot

Take action on incidents derived from CTM360 CBS threat intelligence that is directly linked to your organization.

Analytics & SIEM · CTM360

Configuration parameters

  • mirror_direction — Incident Mirroring Direction
  • module_to_use — Module To Use
  • retrieve_screenshots — Retrieve Screenshots
  • first_fetch — First fetch (<number> <time unit>, e.g., 12 hours. Default is `7 days`)
  • api_key — (required)
  • max_fetch — Maximum Number of Incidents per Fetch (required)
  • isFetch — Fetch incidents
  • insecure — Trust any certificate (not secure)
  • proxy — Use system proxy settings
  • incidentType — Incident type

Commands (9)

  • ctm360-cbs-incident-close

    Close a CBS incident.

  • ctm360-cbs-incident-details

    Fetch details of a single incident from the CyberBlindspot platform.

  • ctm360-cbs-incident-list

    Get the list of incidents from CBS.

  • ctm360-cbs-incident-request-takedown

    Request a takedown of the asset where the incident was found.

  • ctm360-cbs-incident-retrieve-screenshots

    Retrieves screenshot evidence if available.

  • get-mapping-fields

    Returns the list of fields for an incident type.

  • get-modified-remote-data

    Gets the list of incidents that were modified since the last update time. Note that this method is here for debugging purposes. The get-modified-remote-data command is used as part of a Mirroring feature, which is available in Cortex XSOAR from version 6.1.

  • get-remote-data

    Gets remote data from a remote incident. This method does not update the current incident, and should be used for debugging purposes.

  • update-remote-system

    Updates the remote system with local changes.