Integration of AIR with Cortex XSOAR is possible via Plug-In.
Steps to Integrate
Step 1: Preparing API Token
1.
Create a new API Token by clicking the Settings → API Tokens.
2.
Give a Token Name.
3.
Choose an expiration date.
4.
Click Save and copy the token.
Step 2: Adding Integration to Cortex XSOAR
1.
Sign in to Cortex XSOAR server.
2.
Click “Marketplace” on the left bottom corner.
3.
Search and install the Binalyze Integration to your instance.
Step 3: Setting up the Integration
1.
Click “Settings” on the left bottom corner.
2.
Find installed integration, and click “Add instance”
3.
Fill in the AIR Server URL and API Key. Click “Test”, and you will see “Success”, which means Cortex XSOAR established the test connection with the AIR Server.
4.
Save and Exit.
Usage
Isolation
You can use the integration in Automations, Playbooks, or War Room.
To execute an isolation task, write the following command at the bottom of the page:
!air-isolate hostname=<HOSTNAMEofENDPOINT> organization_id=<ORGANIZATION ID> isolation=<ENABLE or DISABLE>
Acquisition
To execute an acquisition task, write the following command at the bottom of the page: