Cortex XSOAR Integration
Integration of AIR with Cortex XSOAR is possible via Plug-In.
Step 1: Preparing API Token
- 1.Create a new API Token by clicking the Settings → API Tokens.
- 2.Give a Token Name.
- 3.Choose an expiration date.
- 4.Click Save and copy the token.
- 1.Sign in to Cortex XSOAR server.
- 2.Click “Marketplace” on the left bottom corner.
- 3.Search and install the Binalyze Integration to your instance.
- 1.Click “Settings” on the left bottom corner.
- 2.Find installed integration, and click “Add instance”
- 3.Fill in the AIR Server URL and API Key. Click “Test”, and you will see “Success”, which means Cortex XSOAR established the test connection with the AIR Server.
- 4.Save and Exit.
Isolation
- You can use the integration in Automations, Playbooks, or War Room.
- To execute an isolation task, write the following command at the bottom of the page:
!air-isolate hostname=<HOSTNAMEofENDPOINT> organization_id=<ORGANIZATION ID> isolation=<ENABLE or DISABLE>
!binalyze-air-acquire case_id=<CASE-ID> hostname=<HOSTNAMEofENDPOINT> organization_id=0 profile="PROFILE"
Last modified 1yr ago