XMCyber

The XM Cyber integration creates unique incidents with valuable data collected daily, and enriches your existing incidents with attack simulation context. This enables you to prioritize your responses based on XM Cyber’s insights.

Data Enrichment & Threat Intelligence · XM Cyber

Configuration parameters

  • apikey — API Key (required)
  • url — URL (required)
  • proxy — Use system proxy settings
  • insecure — Trust any certificate (not secure)
  • isFetch — Fetch incidents
  • incidentType — Incident type
  • max_fetch — Maximum number of incidents per fetch
  • first_fetch — First fetch
  • integrationReliability — Source Reliability
  • feedExpirationPolicy
  • feedExpirationInterval

Commands (8)

  • xmcyber-affected-critical-assets-list

    List critical assets at risk from an entity and the complexity of the attack.

  • xmcyber-affected-entities-list

    List all entities at risk from an entity and the complexity of the attack.

  • xmcyber-enrich-from-entityId

    Return data on Entity by entityId from XM Cyber.

  • xmcyber-enrich-from-fields

    Return data on an XM entity.

  • xmcyber-enrich-from-hostname

    Return data on Entity by hostname from XM Cyber.

  • xmcyber-enrich-from-ip

    Return data on Entity by IP from XM Cyber.

  • xmcyber-version-get

    Get current xm version.

  • xmcyber-version-supported

    Check if current XM version supports Cortex Xsoar integration.