Back to binalyze.com

Cortex XSOAR Integration

Integration of AIR with Cortex XSOAR is possible via Plug-In.

Steps to Integrate

Step 1: Preparing API Token

  1. Create a new API Token by clicking the Settings → API Tokens.

  2. Give a Token Name.

  3. Choose an expiration date.

  4. Click Save and copy the token.

Step 2: Adding Integration to Cortex XSOAR

  1. Sign in to Cortex XSOAR server.

  2. Click “Marketplace” on the left bottom corner.

  3. Search and install the Binalyze Integration to your instance.

Step 3: Setting up the Integration

  1. Click “Settings” on the left bottom corner.

  2. Find installed integration, and click “Add instance

  3. Fill in the AIR Server URL and API Key. Click “Test”, and you will see “Success”, which means Cortex XSOAR established the test connection with the AIR Server.

  4. Save and Exit.

Usage

Isolation

  • You can use the integration in Automations, Playbooks, or War Room.

  • To execute an isolation task, write the following command at the bottom of the page:

!air-isolate hostname=<HOSTNAMEofENDPOINT> organization_id=<ORGANIZATION ID> isolation=<ENABLE or DISABLE>

  • Acquisition

  • To execute an acquisition task, write the following command at the bottom of the page:

!binalyze-air-acquire case_id=<CASE-ID> hostname=<HOSTNAMEofENDPOINT> organization_id=0 profile="PROFILE"
PreviousWazuh IntegrationNextElasticsearch Logstash Kibana Integration

Last updated