Asimily Insight

Integrate Asimily Insight to ingest security anomalies, CVEs, and leverage detailed asset data for streamlined incident investigation.

Asimily Insight delivers comprehensive IoT/OT security and management by providing deep asset visibility, automated vulnerability prioritization, and actionable mitigation strategies aligned with MITRE ATT&CK. It analyzes device communication, calculates holistic risk scores, and enables targeted network segmentation. The platform detects anomalies, simplifies policy management, and automates forensic packet capture. Beyond security, Asimily optimizes asset utilization, tracks operational usage, and manages configuration drift. Its Risk Simulator improves efficiency, and centralized data streamlines IT/OT convergence while identifying unmanaged devices.

This integration utilizes the Asimily Insight RESTful APIs to provide seamless access to comprehensive device data. Users can retrieve detailed information on IT, medical, and security parameters, as well as view known vulnerabilities (CVEs), detect asset anomalies, and maintain synchronized data—either on a regular schedule or on demand.

What does this pack do?

• On-Demand Asset Retrieval: Query Asimily Insight for detailed device information using search parameters, such as IP address, MAC address, facility, or device ID.
• Anomaly Alert Synchronization: Regularly sync alerts generated by Asimily Insight to ensure up-to-date visibility into device-related security and operational events.
• Vulnerability (CVE) Synchronization: Periodically retrieve and update known device vulnerabilities detected by Asimily Insight to support informed risk management and mitigation.
• Incident Creation in Cortex XSOAR: All synced data—whether alerts, or vulnerabilities is automatically converted into incidents within the Cortex XSOAR platform for streamlined investigation and response workflows. Asset info can be automatically queried and stored by using Playbook to call the asimily-get-asset-details command.

What does this pack include?

Specifically, this pack includes:

• Asimily Insight Integration: A dedicated integration that connects Cortex XSOAR with Asimily Insight via its RESTful APIs. This allows for on-demand retrieval of detailed device information (using parameters like IP address, MAC address, facility, or device ID), and synchronized fetching of anomaly alerts and device vulnerabilities (CVEs).

• Two Custom Incident Types: Pre-configured incident types to categorize and manage incoming security anomalies and CVEs from Asimily Insight.

• Custom Incident Fields: 38 custom incident fields designed to store the rich asset, anomaly, and CVE data retrieved from Asimily Insight, ensuring all relevant information is captured for investigation.

• Custom Incident Layouts: Two custom layouts for the new incident types, including a dedicated section to display the fetched asset, anomaly, and CVE information, making it readily accessible for analysts.

• Default Playbook for Asset Enrichment: A ready-to-use playbook that automatically calls the asimily-get-asset-details command to enrich incidents with corresponding asset information, storing it in the incident's Context Data (under Asimily > Asset). Users can modify this playbook or create similar ones.

• Custom Scripts:

  • PreProcessAsimilyDedup: A preprocessing script to prevent incident duplication, searching all past incidents to ensure unique anomaly alerts or CVEs generate new incidents. The script can be used for configuring Pre-Process Rules to avoid duplication.
  • Asset Information Extraction: The implicit asimily-get-asset-details command (which functions as a script/command) is used by the playbook to extract and store detailed asset information.