XMCyberCEM

The XM Cyber integration connects XM Cyber's Continuous Exposure Management (CEM) platform with XSOAR, enhancing your Security Information and Event Management (SIEM) and Security Orchestration, Automation, and Response processes with attack graph context and prioritization, while also feeding relevant entities back to CEM to be defined as breach points in CEM scenarios.

Data Enrichment & Threat Intelligence · XM Cyber

Configuration parameters

  • server_url — Server URL (required)
  • credentials — (required)
  • insecure — Trust any certificate (not secure)
  • proxy — Use system proxy settings

Commands (5)

  • xmcyber-calculate-risk-score

    Calculates the overall risk score for entities based on their Compromise Risk Score and Choke Point Score from XM Cyber enrichment data.

  • xmcyber-enrich-incident

    Enriches Hostname and User entities on the SOAR platform by using information available in the XM Cyber platform.

  • xmcyber-get-dashboard-data

    Gets dashboard data from the XM Cyber server.

  • xmcyber-push-breach-point

    Adds a breach point label to the specified entities based on defined criteria and pushes the label as an Imported Attribute to XM Cyber CEM's platform.

  • xmcyber-remove-breach-point

    Removes a breach point label from the specified entities in XM Cyber CEM's platform.