SpyCloud Enterprise Protection v1.0.10
Create breach and malware incidents in Cortex® XSOAR™ using the SpyCloud Enterprise Protection API. Provide enrichment for domains, IPs, emails, usernames, and passwords.
- Author:
- SpyCloud
- Support:
- partner
Classifiers (2)
Incident fields (16)
- SpyCloud Compass Device-Data
- SpyCloud Confidence
- SpyCloud Document ID
- SpyCloud Email Domain
- SpyCloud Email Username
- SpyCloud Infected Machine ID
- SpyCloud Password
- SpyCloud Password Plaintext
- SpyCloud Password Type
- SpyCloud Publish Date
- SpyCloud Record Modification Date
- SpyCloud Target Domain
- SpyCloud Target Subdomain
- SpyCloud User Browser
- SpyCloud User SYS Registered Owner
- SpyCloud User System Domain
Incident types (3)
Integrations (2)
README
What does this pack do?
SpyCloud’s data includes stolen assets from third-party breaches, malware victim logs, and other sources on the darknet. With the SpyCloud Enterprise API you can automate your exposed assets to be pulled in as incidents in Cortex® XSOAR™. These incidents can trigger two different sample playbooks to be used to triage SpyCloud breach record and malware alerts.
Additionally, the integration includes enrichment commands (along with sample Enrichment Playbooks) that can be used to look up specific details using the standard enterprise endpoints, including:
- Watchlist
- Domain
- IP Addresses
- Username
- Password
SpyCloud Compass users can also perform enrichment from additional endpoints, including:
- Malware-infected devices
- Exposed corporate applications (e.g., SSO, collaboration tools, CRM, etc.)