CTM360

Details
Content
Dependencies
Version History

Take action on incidents derived from threat intelligence that is directly linked to your organization.

In External Attack Surface Management, HackerView provides an inventory of your digital assets discovered automatically, identifies issues (including vulnerabilities, misconfigurations, and exposures) in these digital assets, and generates a digital risk scorecard for your organization. The scorecard can also be generated for a limited number of your vendors for free.

In Digital Risk Protection, CyberBlindspot detects threats across the surface, deep, and dark web and monitors for over 40 threat types, i.e., actual or potential threats targeting your organization, brands, and executives. These incidents include phishing, social media fraud, suspicious mobile apps, look-alike domains, data leakage, etc.

What is CTM360?

CTM360 is a Software-as-a-Service (SaaS) technology platform that provides External Attack Surface Management, Digital Risk Protection, and Cyber Threat Intelligence in one consolidated platform.

What does this pack do?

This pack allows you to integrate HackerView & CyberBlindspot incidents with Cortex XSOAR. Automated integration fetches and populates incidents into Cortex XSOAR from HackerView & CyberBlindspot platforms along with all the details of the incident and leads the Cortex XSOAR analyst to take relevant actions over the incidents such as:

HackerView:
- Incident response and feedback.
CyberBlindspot:
- Closing the incident.
- Issuing an asset takedown request.

How to use it?

Install the pack and configure either one of the integration instances in Cortex XSOAR. For the configuration phase you will need an active API key which can be obtained in the respective platform. For any further support and questions, feel free to contact us via xsoar@ctm360.com

Pack Contributors:

Sayed A.

Contributions are welcome and appreciated. For more info, visit our Contribution Guide.

What is CTM360?

CTM360 is a Software-as-a-Service (SaaS) technology platform that provides External Attack Surface Management, Digital Risk Protection, and Cyber Threat Intelligence in one consolidated platform.

What does this pack do?

This pack allows you to integrate HackerView & CyberBlindspot incidents with Cortex. Automated integration fetches and populates incidents into Cortex from HackerView & CyberBlindspot platforms along with all the details of the incident and leads the Cortex analyst to take relevant actions over the incidents such as:

HackerView:
- Incident response and feedback.
CyberBlindspot:
- Closing the incident.
- Issuing an asset takedown request.

How to use it?

Install the pack and configure either one of the integration instances in Cortex. For the configuration phase you will need an active API key which can be obtained in the respective platform. For any further support and questions, feel free to contact us via xsoar@ctm360.com

Pack Contributors:

Sayed A.

Contributions are welcome and appreciated. For more info, visit our Contribution Guide.

Classifiers

Name	Description
CTM360-CyberBlindspot - Incoming Mapper	Maps incoming CTM360 CyberBlindspot incidents.
CTM360-HackerView - Incoming Mapper	Maps incoming CTM360 HackerView incidents.

Dashboards

Name	Description
CyberBlindspot Incident Dashboard
HackerView Incident Dashboard

Incident Fields

Name	Description
CTM360 CyberBlindspot BC Email	The email related to the breach.
CTM360 CyberBlindspot Severity	The severity of the incident.
CTM360 CyberBlindspot Confirmation Time	The time the incident was confirmed.
CTM360 CyberBlindspot Timestamp	The timestamp of the incident.
CTM360 CyberBlindspot Last Seen	The last time the incident was seen.
CTM360 HackerView Potential Attack Types	Attacks that may be attempted.
CTM360 CyberBlindspot Subject	The subject of the incident.
CTM360 CyberBlindspot ML Computer Name	The name of the computer that was compromised.
CTM360 CyberBlindspot ML Hostname	The hostname of the compromised device.
CTM360 CyberBlindspot ML Sources	The sources reporting the compromise.
CTM360 CyberBlindspot ML Website	The website compromised.
CTM360 CyberBlindspot ML Operating System	The operating system of the compromised device.
CTM360 CyberBlindspot BC Domain	The domain related to the breach.
CTM360 CyberBlindspot ML Date Compromised	The date of the compromise.
CTM360 CyberBlindspot CC Card Number	The compromised card's number.
CTM360 HackerView Potential Impact	Actions that can be taken on a HackerView incident.
CTM360 CyberBlindspot Class	The class of the incident.
CTM360 CyberBlindspot ML User Domain	The domain of the compromised user.
CTM360 CyberBlindspot ML Stealer Family	The family of the malware.
CTM360 CyberBlindspot ML Software	The software that was compromised.
CTM360 CyberBlindspot CC Expiry Year	The compromised card's expiry year.
CTM360 CyberBlindspot First Seen	The first time the incident was seen.
CTM360 CyberBlindspot BC Breach Source	The source of the breach.
CTM360 CyberBlindspot ML Malware Path	The path of the in which the malware was installed on the compromised device.
CTM360 CyberBlindspot Incident Type	The type of the incident.
CTM360 CyberBlindspot BC Password	The password related to the breach.
CTM360 CyberBlindspot CC Expiry Month	The compromised card's expiry month.
CTM360 CyberBlindspot ML Domain	The domain related to the compromised device.
CTM360 CyberBlindspot Risks	Risks associated with the incident.
CTM360 CyberBlindspot Course of Action	Actions that can be taken on a CyberBlindspot incident.
CTM360 HackerView Asset Type	Type of affected asset(s).
CTM360 CyberBlindspot Status	The status of the incident.
CTM360 CyberBlindspot ML Masked Password	The masked password of the compromised account.
CTM360 CyberBlindspot Ticket ID	The ticket ID of the incident.
CTM360 HackerView Technologies	Technologies associated with a HackerView incident.
CTM360 CyberBlindspot ML Source URI	The source URI of the compromise report.
CTM360 CyberBlindspot CC CVV	The compromised card's Card Verification Value (CVV).
CTM360 CyberBlindspot ML User	The user of the compromised account.
CTM360 CyberBlindspot Remarks	Remarks concerning the incident.
CTM360 CyberBlindspot ML URL Path	The path of the URL.
CTM360 CyberBlindspot BC Executive Name	The name of the executive related to the breach.
CTM360 CyberBlindspot Brand	The brand related to the incident.
CTM360 CyberBlindspot Module	Module the incident belongs to.
CTM360 CyberBlindspot Screenshots	The screenshot evidence files associated with the incident.
CTM360 CyberBlindspot ML Password	The password of the compromised account.
CTM360 CyberBlindspot BC Username	The username related to the breach.

Incident Types

Name	Description
HackerView Incident
CyberBlindspot Incident

Integrations

Name	Description
CTM360 HackerView (Partner Contribution)	External Attack Surface Management platform, which combines automated asset discovery, issue identification / management, remediation guidelines, security ratings and third party risk management.
CTM360 CyberBlindspot (Partner Contribution)	Take action on incidents derived from CTM360 CBS threat intelligence that is directly linked to your organization.

Playbooks

Name	Description
CyberBlindspot Incident Management V3	This playbook runs the incidents through indicator enrichment, then based on the mirroring settings, it can communicate with the remote server to assist the user in the next course of action (Whether it be closing the incident, initiating the takedown of an online asset or simply waiting for a process on the remote server to end) to take on the incident if any.
HackerView Incident Management	This playbook runs the incidents through indicator enrichment, then based on the mirroring settings, it can communicate with the remote server to track the progress of the investigation.
CyberBlindspot Incident Management V2	This playbook runs the incidents through indicator enrichment, then based on the mirroring settings, it can communicate with the remote server to assist the user in the next course of action (Whether it be closing the incident, initiating the takedown of an online asset or simply waiting for a process on the remote server to end) to take on the incident if any.
CyberBlindspot Retrieve Incident Screenshots	This playbook retrieves screenshot evidence from the CyberBlindspot API and adds it to the incident.
CyberBlindspot Incident Management	This playbook runs the incidents through indicator enrichment, then based on the mirroring settings, it can communicate with the remote server to assist the user in the next course of action (Whether it be closing the incident, initiating the takedown of an online asset or simply waiting for a process on the remote server to end) to take on the incident if any.

Classifiers

Name	Description
CTM360-HackerView - Incoming Mapper	Maps incoming CTM360 HackerView incidents.
CTM360-CyberBlindspot - Incoming Mapper	Maps incoming CTM360 CyberBlindspot incidents.

Incident Fields

Name	Description
CTM360 CyberBlindspot First Seen	The first time the incident was seen.
CTM360 CyberBlindspot Subject	The subject of the incident.
CTM360 CyberBlindspot Incident Type	The type of the incident.
CTM360 CyberBlindspot CC Expiry Year	The compromised card's expiry year.
CTM360 CyberBlindspot ML Malware Path	The path of the in which the malware was installed on the compromised device.
CTM360 CyberBlindspot Module	Module the incident belongs to.
CTM360 CyberBlindspot BC Domain	The domain related to the breach.
CTM360 HackerView Potential Attack Types	Attacks that may be attempted.
CTM360 CyberBlindspot ML Hostname	The hostname of the compromised device.
CTM360 HackerView Asset Type	Type of affected asset(s).
CTM360 CyberBlindspot CC Card Number	The compromised card's number.
CTM360 CyberBlindspot ML Computer Name	The name of the computer that was compromised.
CTM360 CyberBlindspot Timestamp	The timestamp of the incident.
CTM360 CyberBlindspot BC Email	The email related to the breach.
CTM360 CyberBlindspot ML Source URI	The source URI of the compromise report.
CTM360 CyberBlindspot CC CVV	The compromised card's Card Verification Value (CVV).
CTM360 CyberBlindspot ML User	The user of the compromised account.
CTM360 CyberBlindspot ML User Domain	The domain of the compromised user.
CTM360 CyberBlindspot ML Stealer Family	The family of the malware.
CTM360 CyberBlindspot ML Sources	The sources reporting the compromise.
CTM360 HackerView Technologies	Technologies associated with a HackerView incident.
CTM360 CyberBlindspot ML Date Compromised	The date of the compromise.
CTM360 CyberBlindspot Brand	The brand related to the incident.
CTM360 CyberBlindspot BC Breach Source	The source of the breach.
CTM360 CyberBlindspot ML URL Path	The path of the URL.
CTM360 CyberBlindspot Ticket ID	The ticket ID of the incident.
CTM360 CyberBlindspot Severity	The severity of the incident.
CTM360 CyberBlindspot Confirmation Time	The time the incident was confirmed.
CTM360 CyberBlindspot ML Masked Password	The masked password of the compromised account.
CTM360 CyberBlindspot Remarks	Remarks concerning the incident.
CTM360 CyberBlindspot Last Seen	The last time the incident was seen.
CTM360 CyberBlindspot Status	The status of the incident.
CTM360 CyberBlindspot ML Domain	The domain related to the compromised device.
CTM360 CyberBlindspot CC Expiry Month	The compromised card's expiry month.
CTM360 CyberBlindspot Risks	Risks associated with the incident.
CTM360 CyberBlindspot BC Username	The username related to the breach.
CTM360 CyberBlindspot ML Website	The website compromised.
CTM360 CyberBlindspot BC Executive Name	The name of the executive related to the breach.
CTM360 CyberBlindspot ML Software	The software that was compromised.
CTM360 CyberBlindspot Class	The class of the incident.
CTM360 HackerView Potential Impact	Actions that can be taken on a HackerView incident.
CTM360 CyberBlindspot BC Password	The password related to the breach.
CTM360 CyberBlindspot ML Password	The password of the compromised account.
CTM360 CyberBlindspot Screenshots	The screenshot evidence files associated with the incident.
CTM360 CyberBlindspot Course of Action	Actions that can be taken on a CyberBlindspot incident.
CTM360 CyberBlindspot ML Operating System	The operating system of the compromised device.

Incident Types

Name	Description
HackerView Incident
CyberBlindspot Incident

Integrations

Name	Description
CTM360 CyberBlindspot (Partner Contribution)	Take action on incidents derived from CTM360 CBS threat intelligence that is directly linked to your organization.
CTM360 HackerView (Partner Contribution)	External Attack Surface Management platform, which combines automated asset discovery, issue identification / management, remediation guidelines, security ratings and third party risk management.

Playbooks

Name	Description
CyberBlindspot Alert Management V3	This playbook runs the alerts through indicator enrichment, then based on the mirroring settings, it can communicate with the remote server to assist the user in the next course of action (Whether it be closing the alert, initiating the takedown of an online asset or simply waiting for a process on the remote server to end) to take on the alert if any.
HackerView Alert Management	This playbook runs the alerts through indicator enrichment, then based on the mirroring settings, it can communicate with the remote server to track the progress of the investigation.
CyberBlindspot Alert Management V2	This playbook runs the alerts through indicator enrichment, then based on the mirroring settings, it can communicate with the remote server to assist the user in the next course of action (Whether it be closing the alert, initiating the takedown of an online asset or simply waiting for a process on the remote server to end) to take on the alert if any.
CyberBlindspot Retrieve Alert Screenshots	This playbook retrieves screenshot evidence from the CyberBlindspot API and adds it to the alert.
CyberBlindspot Alert Management	This playbook runs the alerts through indicator enrichment, then based on the mirroring settings, it can communicate with the remote server to assist the user in the next course of action (Whether it be closing the alert, initiating the takedown of an online asset or simply waiting for a process on the remote server to end) to take on the alert if any.

Required Content Packs (3)

Pack Name	Pack By
Base	By: Cortex XSOAR
Common Playbooks	By: Cortex XSOAR
Common Scripts	By: Cortex XSOAR

Optional Content Packs (1)

Pack Name	Pack By
Common Types	By: Cortex XSOAR

All level dependencies (6)

Pack Name	Pack By
Common Playbooks	By: Cortex XSOAR
Base	By: Cortex XSOAR
Common Scripts	By: Cortex XSOAR
Filters And Transformers	By: Cortex XSOAR
Rasterize	By: Cortex XSOAR
Cortex REST API	By: Cortex XSOAR

2.3.0 - 4246904 (July 21, 2025)

Incident Fields

New: CTM360 CyberBlindspot CC CVV
Added a new incident field- CTM360 CyberBlindspot CC CVV The compromised card's Card Verification Value (CVV).
New: CTM360 CyberBlindspot Risks
Added a new incident field- CTM360 CyberBlindspot Risks Risks associated with the incident.
New: CTM360 CyberBlindspot ML Computer Name
Added a new incident field- CTM360 CyberBlindspot ML Computer Name The name of the computer that was compromised.
New: CTM360 CyberBlindspot ML User
Added a new incident field- CTM360 CyberBlindspot ML User The user of the compromised account.
New: CTM360 CyberBlindspot Confirmation Time
Added a new incident field- CTM360 CyberBlindspot Confirmation Time The time the incident was confirmed.
New: CTM360 CyberBlindspot ML Hostname
Added a new incident field- CTM360 CyberBlindspot ML Hostname The hostname of the compromised device.
New: CTM360 CyberBlindspot BC Username
Added a new incident field- CTM360 CyberBlindspot BC Username The username related to the breach.
New: CTM360 CyberBlindspot ML Source URI
Added a new incident field- CTM360 CyberBlindspot ML Source URI The source URI of the malware.
New: CTM360 CyberBlindspot Timestamp
Added a new incident field- CTM360 CyberBlindspot Timestamp The timestamp of the incident.
New: CTM360 CyberBlindspot ML Stealer Family
Added a new incident field- CTM360 CyberBlindspot ML Stealer Family The family of the malware.
New: CTM360 CyberBlindspot CC Expiry Year
Added a new incident field- CTM360 CyberBlindspot CC Expiry Year The compromised card's expiry year.
New: CTM360 CyberBlindspot ML URL Path
Added a new incident field- CTM360 CyberBlindspot ML URL Path The path of the URL.
New: CTM360 CyberBlindspot Subject
Added a new incident field- CTM360 CyberBlindspot Subject The subject of the incident.
New: CTM360 CyberBlindspot ML Website
Added a new incident field- CTM360 CyberBlindspot ML Website The website of the malware.
New: CTM360 CyberBlindspot Ticket ID
Added a new incident field- CTM360 CyberBlindspot Ticket ID The ticket ID of the incident.
New: CTM360 CyberBlindspot ML Software
Added a new incident field- CTM360 CyberBlindspot ML Software The software that was compromised.
New: CTM360 CyberBlindspot Screenshots
Added a new incident field- CTM360 CyberBlindspot Screenshots The screenshot evidence files associated with the incident.
New: CTM360 CyberBlindspot BC Breach Source
Added a new incident field- CTM360 CyberBlindspot BC Breach Source The source of the breach.
New: CTM360 CyberBlindspot Incident Type
Added a new incident field- CTM360 CyberBlindspot Incident Type The type of the incident.
New: CTM360 CyberBlindspot ML Sources
Added a new incident field- CTM360 CyberBlindspot ML Sources The sources of the malware.
New: CTM360 CyberBlindspot Last Seen
Added a new incident field- CTM360 CyberBlindspot Last Seen The last time the incident was seen.
New: CTM360 CyberBlindspot ML Operating System
Added a new incident field- CTM360 CyberBlindspot ML Operating System The operating system of the compromised device.
New: CTM360 CyberBlindspot ML Date Compromised
Added a new incident field- CTM360 CyberBlindspot ML Date Compromised The date of the compromise.
New: CTM360 CyberBlindspot ML Malware Path
Added a new incident field- CTM360 CyberBlindspot ML Malware Path The path in which the malware was installed on the compromised device.
New: CTM360 CyberBlindspot ML Masked Password
Added a new incident field- CTM360 CyberBlindspot ML Masked Password The masked password of the compromised account.
New: CTM360 CyberBlindspot Severity
Added a new incident field- CTM360 CyberBlindspot Severity The severity of the incident.
New: CTM360 CyberBlindspot ML User Domain
Added a new incident field- CTM360 CyberBlindspot ML User Domain The domain of the compromised user.
New: CTM360 CyberBlindspot BC Domain
Added a new incident field- CTM360 CyberBlindspot BC Domain The domain related to the breach.
New: CTM360 CyberBlindspot CC Expiry Month
Added a new incident field- CTM360 CyberBlindspot CC Expiry Month The compromised card's expiry month.
New: CTM360 CyberBlindspot Remarks
Added a new incident field- CTM360 CyberBlindspot Remarks Remarks concerning the incident.
New: CTM360 CyberBlindspot BC Email
Added a new incident field- CTM360 CyberBlindspot BC Email The email related to the breach.
New: CTM360 CyberBlindspot Class
Added a new incident field- CTM360 CyberBlindspot Class The class of the incident.
New: CTM360 CyberBlindspot Status
Added a new incident field- CTM360 CyberBlindspot Status The status of the incident.
New: CTM360 CyberBlindspot BC Executive Name
Added a new incident field- CTM360 CyberBlindspot BC Executive Name The name of the executive related to the breach.
New: CTM360 CyberBlindspot ML Domain
Added a new incident field- CTM360 CyberBlindspot ML Domain The domain related to the compromised device.
New: CTM360 CyberBlindspot First Seen
Added a new incident field- CTM360 CyberBlindspot First Seen The first time the incident was seen.
New: CTM360 CyberBlindspot ML Password
Added a new incident field- CTM360 CyberBlindspot ML Password The password of the compromised account.
New: CTM360 CyberBlindspot BC Password
Added a new incident field- CTM360 CyberBlindspot BC Password The password related to the breach.
New: CTM360 CyberBlindspot Brand
Added a new incident field- CTM360 CyberBlindspot Brand The brand related to the incident.
New: CTM360 CyberBlindspot CC Card Number
Added a new incident field- CTM360 CyberBlindspot CC Card Number The compromised card's number.

Integrations

CTM360 CyberBlindspot

Updated the CTM360_CyberBlindspot integration to support the Malware Logs module.
Updated the Docker image to: demisto/python3:3.12.11.4095827.

Mappers

CTM360-CyberBlindspot - Incoming Mapper

Updated the CTM360-CyberBlindspot - Incoming Mapper to support the new incident fields.

Related pull requests:
- 40566
- 40644

Download

2.2.1 - R3980324 (June 26, 2025)

Integrations

CTM360 HackerView

Documentation and metadata improvements.

CTM360 CyberBlindspot

Documentation and metadata improvements.

Related pull requests:
- 40195

Download

2.2.0 - R3481649 (May 21, 2025)

Incident Types

CyberBlindspot Incident
Updated the CyberBlindspot incident type to use the updated playbook "CyberBlindspot Incident Management V3".

Integrations

CTM360 CyberBlindspot

Added support for Retrieve Screenshots parameter.
Added new command ctm360-cbs-incident-retrieve-screenshots that retrieves screenshot evidence if available.

Playbooks

New: CyberBlindspot Retrieve Incident Screenshots

This playbook retrieves screenshot evidence from the CyberBlindspot API and adds it to the incident.
(Available from Cortex XSIAM 2.0).
(Available from Cortex XSOAR 6.10.0).

New: CyberBlindspot Incident Management V3

This playbook runs the incidents through indicator enrichment, then based on the mirroring settings, it can communicate with the remote server to assist the user in the next course of action (Whether it be closing the incident, initiating the takedown of an online asset or simply waiting for a process on the remote server to end) to take on the incident if any.
(Available from Cortex XSIAM 2.0).
(Available from Cortex XSOAR 6.10.0).

Related pull requests:
- 39747
- 39550

Download

2.1.3 - 3023472 (March 31, 2025)

Integrations

CTM360 HackerView

Metadata and documentation improvements.

CTM360 CyberBlindspot

Metadata and documentation improvements.

Related pull requests:
- 39025

Download

2.1.2 - R2988287 (March 26, 2025)

Ensure that mirroring fields only appear in XSOAR integrations.

Related pull requests:
- 38998

Download

2.1.1 - 2751788 (March 12, 2025)

Integrations

CTM360 CyberBlindspot

Fixed a bug in the CTM360_CyberBlindspot integration test command where an error was thrown.
Updated the Docker image to: demisto/python3:3.12.8.1983910.

Related pull requests:
- 38760
- 39001

Download

2.1.0 - 2395597 (February 10, 2025)

Dashboards

CyberBlindspot Incident Dashboard

Updated dashboard widget sizes.
Added more widgets.

Incident Fields

New: CTM360 CyberBlindspot Module
New: Incident field to identify which module the incident belongs to.
(Available from Cortex XSIAM 2.0).
(Available from Cortex XSOAR 6.10.0).

Incident Types

CyberBlindspot Incident
Updated CyberBlindspot incidents to use V2 playbook.

Integrations

CTM360 CyberBlindspot

Updated pack README file.
Added module type configuration (defaults to 'Incidents'):
- Incidents
- Compromised Cards
- Breached Credentials
- Domain Infringement
- Subdomain Infringement

Mappers

CTM360-CyberBlindspot - Incoming Mapper

Added mapping for the new incident field "CTM360 CyberBlindspot Module"

Playbooks

New: CyberBlindspot Incident Management V2

Related pull requests:
- 38199
- 38558

Download

2.0.0 - R2040490 (January 22, 2025)

Dashboards

New: HackerView Incident Dashboard

New: Dashboard to find metrics regarding the HackerView module
(Available from Cortex XSIAM 2.0).
(Available from Cortex XSOAR 6.10.0).

Incident Fields

New: CTM360 HackerView Potential Impact
New: Incident field for potential impact of incident on an asset.
(Available from Cortex XSIAM 2.0).
(Available from Cortex XSOAR 6.10.0).
New: CTM360 HackerView Technologies
New: Incident field for technologies associated with asset involved in an incident.
(Available from Cortex XSIAM 2.0).
(Available from Cortex XSOAR 6.10.0).
New: CTM360 HackerView Potential Attack Types
New: Incident field for potential types of attacks that may follow such incident.
(Available from Cortex XSIAM 2.0).
(Available from Cortex XSOAR 6.10.0).
New: CTM360 HackerView Asset Type
New: Incident field for type of asset involved in an incident.
(Available from Cortex XSIAM 2.0).
(Available from Cortex XSOAR 6.10.0).

Incident Types

New: HackerView Incident
New: Incident type.
(Available from Cortex XSIAM 2.0).
(Available from Cortex XSOAR 6.10.0).

Integrations

New: CTM360 HackerView

New: External Attack Surface Management platform, which combines automated asset discovery, issue identification / management, remediation guidelines, security ratings and third party risk management.
(Available from Cortex XSIAM 2.0).
(Available from Cortex XSOAR 6.10.0).

CTM360 CyberBlindspot

Updated the Docker image to: demisto/python3:3.11.10.116949.

Mappers

New: CTM360-HackerView - Incoming Mapper

New: New incoming mapper for HackerView incidents.
(Available from Cortex XSIAM 2.0).
(Available from Cortex XSOAR 6.10.0).

Playbooks

New: HackerView Incident Management

New: This playbook runs the incidents through indicator enrichment, then based on the mirroring settings, it can communicate with the remote server to track the progress of the investigation.
(Available from Cortex XSIAM 2.0).
(Available from Cortex XSOAR 6.10.0).

Related pull requests:
- 37743
- 37967

Download

1.0.1 - 1748140 (December 4, 2024)

Integrations

CTM360 CyberBlindspot

Updated the Docker image to: demisto/python3:3.11.10.115186.

Related pull requests:
- 37528
- 37524
- 37525
- 37526
- 37527

Download

2.3.0 - 4246904 (July 21, 2025)

Incident Fields

New: CTM360 CyberBlindspot CC CVV
Added a new incident field- CTM360 CyberBlindspot CC CVV The compromised card's Card Verification Value (CVV).
New: CTM360 CyberBlindspot Risks
Added a new incident field- CTM360 CyberBlindspot Risks Risks associated with the incident.
New: CTM360 CyberBlindspot ML Computer Name
Added a new incident field- CTM360 CyberBlindspot ML Computer Name The name of the computer that was compromised.
New: CTM360 CyberBlindspot ML User
Added a new incident field- CTM360 CyberBlindspot ML User The user of the compromised account.
New: CTM360 CyberBlindspot Confirmation Time
Added a new incident field- CTM360 CyberBlindspot Confirmation Time The time the incident was confirmed.
New: CTM360 CyberBlindspot ML Hostname
Added a new incident field- CTM360 CyberBlindspot ML Hostname The hostname of the compromised device.
New: CTM360 CyberBlindspot BC Username
Added a new incident field- CTM360 CyberBlindspot BC Username The username related to the breach.
New: CTM360 CyberBlindspot ML Source URI
Added a new incident field- CTM360 CyberBlindspot ML Source URI The source URI of the malware.
New: CTM360 CyberBlindspot Timestamp
Added a new incident field- CTM360 CyberBlindspot Timestamp The timestamp of the incident.
New: CTM360 CyberBlindspot ML Stealer Family
Added a new incident field- CTM360 CyberBlindspot ML Stealer Family The family of the malware.
New: CTM360 CyberBlindspot CC Expiry Year
Added a new incident field- CTM360 CyberBlindspot CC Expiry Year The compromised card's expiry year.
New: CTM360 CyberBlindspot ML URL Path
Added a new incident field- CTM360 CyberBlindspot ML URL Path The path of the URL.
New: CTM360 CyberBlindspot Subject
Added a new incident field- CTM360 CyberBlindspot Subject The subject of the incident.
New: CTM360 CyberBlindspot ML Website
Added a new incident field- CTM360 CyberBlindspot ML Website The website of the malware.
New: CTM360 CyberBlindspot Ticket ID
Added a new incident field- CTM360 CyberBlindspot Ticket ID The ticket ID of the incident.
New: CTM360 CyberBlindspot ML Software
Added a new incident field- CTM360 CyberBlindspot ML Software The software that was compromised.
New: CTM360 CyberBlindspot Screenshots
Added a new incident field- CTM360 CyberBlindspot Screenshots The screenshot evidence files associated with the incident.
New: CTM360 CyberBlindspot BC Breach Source
Added a new incident field- CTM360 CyberBlindspot BC Breach Source The source of the breach.
New: CTM360 CyberBlindspot Incident Type
Added a new incident field- CTM360 CyberBlindspot Incident Type The type of the incident.
New: CTM360 CyberBlindspot ML Sources
Added a new incident field- CTM360 CyberBlindspot ML Sources The sources of the malware.
New: CTM360 CyberBlindspot Last Seen
Added a new incident field- CTM360 CyberBlindspot Last Seen The last time the incident was seen.
New: CTM360 CyberBlindspot ML Operating System
Added a new incident field- CTM360 CyberBlindspot ML Operating System The operating system of the compromised device.
New: CTM360 CyberBlindspot ML Date Compromised
Added a new incident field- CTM360 CyberBlindspot ML Date Compromised The date of the compromise.
New: CTM360 CyberBlindspot ML Malware Path
Added a new incident field- CTM360 CyberBlindspot ML Malware Path The path in which the malware was installed on the compromised device.
New: CTM360 CyberBlindspot ML Masked Password
Added a new incident field- CTM360 CyberBlindspot ML Masked Password The masked password of the compromised account.
New: CTM360 CyberBlindspot Severity
Added a new incident field- CTM360 CyberBlindspot Severity The severity of the incident.
New: CTM360 CyberBlindspot ML User Domain
Added a new incident field- CTM360 CyberBlindspot ML User Domain The domain of the compromised user.
New: CTM360 CyberBlindspot BC Domain
Added a new incident field- CTM360 CyberBlindspot BC Domain The domain related to the breach.
New: CTM360 CyberBlindspot CC Expiry Month
Added a new incident field- CTM360 CyberBlindspot CC Expiry Month The compromised card's expiry month.
New: CTM360 CyberBlindspot Remarks
Added a new incident field- CTM360 CyberBlindspot Remarks Remarks concerning the incident.
New: CTM360 CyberBlindspot BC Email
Added a new incident field- CTM360 CyberBlindspot BC Email The email related to the breach.
New: CTM360 CyberBlindspot Class
Added a new incident field- CTM360 CyberBlindspot Class The class of the incident.
New: CTM360 CyberBlindspot Status
Added a new incident field- CTM360 CyberBlindspot Status The status of the incident.
New: CTM360 CyberBlindspot BC Executive Name
Added a new incident field- CTM360 CyberBlindspot BC Executive Name The name of the executive related to the breach.
New: CTM360 CyberBlindspot ML Domain
Added a new incident field- CTM360 CyberBlindspot ML Domain The domain related to the compromised device.
New: CTM360 CyberBlindspot First Seen
Added a new incident field- CTM360 CyberBlindspot First Seen The first time the incident was seen.
New: CTM360 CyberBlindspot ML Password
Added a new incident field- CTM360 CyberBlindspot ML Password The password of the compromised account.
New: CTM360 CyberBlindspot BC Password
Added a new incident field- CTM360 CyberBlindspot BC Password The password related to the breach.
New: CTM360 CyberBlindspot Brand
Added a new incident field- CTM360 CyberBlindspot Brand The brand related to the incident.
New: CTM360 CyberBlindspot CC Card Number
Added a new incident field- CTM360 CyberBlindspot CC Card Number The compromised card's number.

Integrations

CTM360 CyberBlindspot

Updated the CTM360_CyberBlindspot integration to support the Malware Logs module.
Updated the Docker image to: demisto/python3:3.12.11.4095827.

Mappers

CTM360-CyberBlindspot - Incoming Mapper

Updated the CTM360-CyberBlindspot - Incoming Mapper to support the new incident fields.

Related pull requests:
- 40566
- 40644

Download

2.2.1 - R3980324 (June 26, 2025)

Integrations

CTM360 HackerView

Documentation and metadata improvements.

CTM360 CyberBlindspot

Documentation and metadata improvements.

Related pull requests:
- 40195

Download

2.2.0 - R3481649 (May 21, 2025)

Incident Types

CyberBlindspot Incident
Updated the CyberBlindspot incident type to use the updated playbook "CyberBlindspot Incident Management V3".

Integrations

CTM360 CyberBlindspot

Added support for Retrieve Screenshots parameter.
Added new command ctm360-cbs-incident-retrieve-screenshots that retrieves screenshot evidence if available.

Playbooks

New: CyberBlindspot Retrieve Incident Screenshots

This playbook retrieves screenshot evidence from the CyberBlindspot API and adds it to the incident.
(Available from Cortex XSIAM 2.0).
(Available from Cortex XSOAR 6.10.0).

New: CyberBlindspot Incident Management V3

Related pull requests:
- 39747
- 39550

Download

2.1.3 - 3042633 (April 2, 2025)

Integrations

CTM360 HackerView

Metadata and documentation improvements.

CTM360 CyberBlindspot

Metadata and documentation improvements.

Related pull requests:
- 39025

Download

2.1.2 - R2988287 (March 26, 2025)

CTM360

Ensure that mirroring fields only appear in XSOAR integrations.

Related pull requests:
- 38998

Download

2.1.1 - 2751788 (March 12, 2025)

Integrations

CTM360 CyberBlindspot

Fixed a bug in the CTM360_CyberBlindspot integration test command where an error was thrown.
Updated the Docker image to: demisto/python3:3.12.8.1983910.

Related pull requests:
- 38760
- 39001

Download

2.1.0 - 2429474 (February 11, 2025)

Incident Fields

New: CTM360 CyberBlindspot Module
New: Incident field to identify which module the incident belongs to.
(Available from Cortex XSIAM 2.0).
(Available from Cortex XSOAR 6.10.0).

Incident Types

CyberBlindspot Incident
Updated CyberBlindspot incidents to use V2 playbook.

Integrations

CTM360 CyberBlindspot

Updated pack README file.
Added module type configuration (defaults to 'Incidents'):
- Incidents
- Compromised Cards
- Breached Credentials
- Domain Infringement
- Subdomain Infringement

Mappers

CTM360-CyberBlindspot - Incoming Mapper

Added mapping for the new incident field "CTM360 CyberBlindspot Module"

Playbooks

New: CyberBlindspot Incident Management V2

Related pull requests:
- 38199
- 38558

Download

2.0.0 - R2040490 (January 22, 2025)

Incident Fields

New: CTM360 HackerView Potential Impact
New: Incident field for potential impact of incident on an asset.
(Available from Cortex XSIAM 2.0).
(Available from Cortex XSOAR 6.10.0).
New: CTM360 HackerView Technologies
New: Incident field for technologies associated with asset involved in an incident.
(Available from Cortex XSIAM 2.0).
(Available from Cortex XSOAR 6.10.0).
New: CTM360 HackerView Potential Attack Types
New: Incident field for potential types of attacks that may follow such incident.
(Available from Cortex XSIAM 2.0).
(Available from Cortex XSOAR 6.10.0).
New: CTM360 HackerView Asset Type
New: Incident field for type of asset involved in an incident.
(Available from Cortex XSIAM 2.0).
(Available from Cortex XSOAR 6.10.0).

Incident Types

New: HackerView Incident
New: Incident type.
(Available from Cortex XSIAM 2.0).
(Available from Cortex XSOAR 6.10.0).

Integrations

New: CTM360 HackerView

New: External Attack Surface Management platform, which combines automated asset discovery, issue identification / management, remediation guidelines, security ratings and third party risk management.
(Available from Cortex XSIAM 2.0).
(Available from Cortex XSOAR 6.10.0).

CTM360 CyberBlindspot

Updated the Docker image to: demisto/python3:3.11.10.116949.

Mappers

New: CTM360-HackerView - Incoming Mapper

New: New incoming mapper for HackerView incidents.
(Available from Cortex XSIAM 2.0).
(Available from Cortex XSOAR 6.10.0).

Playbooks

New: HackerView Incident Management

New: This playbook runs the incidents through indicator enrichment, then based on the mirroring settings, it can communicate with the remote server to track the progress of the investigation.
(Available from Cortex XSIAM 2.0).
(Available from Cortex XSOAR 6.10.0).

Related pull requests:
- 37743
- 37967

Download

1.0.1 - 1748140 (December 4, 2024)

Integrations

CTM360 CyberBlindspot

Updated the Docker image to: demisto/python3:3.11.10.115186.

Related pull requests:
- 37528
- 37524
- 37525
- 37526
- 37527

Download

PUBLISHER

PLATFORMS

Cortex XSOARCortex XSIAM

INFO

Certification	Certified	Read more
Supported By	Partner
Created	February 5, 2024
Last Release	July 21, 2025

WORKS WITH THE FOLLOWING INTEGRATIONS:

DISCLAIMER

Content packs are licensed by the Publisher identified above and subject to the Publisher’s own licensing terms. Palo Alto Networks is not liable for and does not warrant or support any content pack produced by a third-party Publisher, whether or not such packs are designated as “Palo Alto Networks-certified” or otherwise.