CTM360 | Marketplace

Details
Content
Dependencies
Version History

Take action on incidents derived from threat intelligence that is directly linked to your organization.

In External Attack Surface Management, HackerView provides an inventory of your digital assets discovered automatically, identifies issues (including vulnerabilities, misconfigurations, and exposures) in these digital assets, and generates a digital risk scorecard for your organization. The scorecard can also be generated for a limited number of your vendors for free.

In Digital Risk Protection, CyberBlindspot detects threats across the surface, deep, and dark web and monitors for over 40 threat types, i.e., actual or potential threats targeting your organization, brands, and executives. These incidents include phishing, social media fraud, suspicious mobile apps, look-alike domains, data leakage, etc.

What is CTM360?

CTM360 is a Software-as-a-Service (SaaS) technology platform that provides External Attack Surface Management, Digital Risk Protection, and Cyber Threat Intelligence in one consolidated platform.

What does this pack do?

This pack allows you to integrate HackerView & CyberBlindspot incidents with Cortex XSOAR. Automated integration fetches and populates incidents into Cortex XSOAR from HackerView & CyberBlindspot platforms along with all the details of the incident and leads the Cortex XSOAR analyst to take relevant actions over the incidents such as:

HackerView:
- Incident response and feedback.
CyberBlindspot:
- Closing the incident.
- Issuing an asset takedown request.

How to use it?

Install the pack and configure either one of the integration instances in Cortex XSOAR. For the configuration phase you will need an active API key which can be obtained in the respective platform. For any further support and questions, feel free to contact us via xsoar@ctm360.com

Pack Contributors:

Sayed A.

Contributions are welcome and appreciated. For more info, visit our Contribution Guide.

What is CTM360?

CTM360 is a Software-as-a-Service (SaaS) technology platform that provides External Attack Surface Management, Digital Risk Protection, and Cyber Threat Intelligence in one consolidated platform.

What does this pack do?

This pack allows you to integrate HackerView & CyberBlindspot incidents with Cortex. Automated integration fetches and populates incidents into Cortex from HackerView & CyberBlindspot platforms along with all the details of the incident and leads the Cortex analyst to take relevant actions over the incidents such as:

HackerView:
- Incident response and feedback.
CyberBlindspot:
- Closing the incident.
- Issuing an asset takedown request.

How to use it?

Install the pack and configure either one of the integration instances in Cortex. For the configuration phase you will need an active API key which can be obtained in the respective platform. For any further support and questions, feel free to contact us via xsoar@ctm360.com

Pack Contributors:

Sayed A.

Contributions are welcome and appreciated. For more info, visit our Contribution Guide.

Classifiers

Name	Description
CTM360-CyberBlindspot - Incoming Mapper	Maps incoming CTM360 CyberBlindspot incidents.
CTM360-HackerView - Incoming Mapper	Maps incoming CTM360 HackerView incidents.

Dashboards

Name	Description
CyberBlindspot Incident Dashboard
HackerView Incident Dashboard

Incident Fields

Name	Description
CTM360 HackerView Potential Impact	Actions that can be taken on a HackerView incident.
CTM360 HackerView Technologies	Technologies associated with a HackerView incident.
CTM360 HackerView Asset Type	Type of affected asset(s).
CTM360 HackerView Potential Attack Types	Attacks that may be attempted.
CTM360 CyberBlindspot Course of Action	Actions that can be taken on a CyberBlindspot incident.
CTM360 CyberBlindspot Module	Module the incident belongs to.

Incident Types

Name	Description
CyberBlindspot Incident
HackerView Incident

Integrations

Name	Description
CTM360 HackerView (Partner Contribution)	External Attack Surface Management platform, which combines automated asset discovery, issue identification / management, remediation guidelines, security ratings and third party risk management.
CTM360 CyberBlindspot (Partner Contribution)	Take action on incidents derived from CTM360 CBS threat intelligence that is directly linked to your organization.

Playbooks

Name	Description
CyberBlindspot Incident Management	This playbook runs the incidents through indicator enrichment, then based on the mirroring settings, it can communicate with the remote server to assist the user in the next course of action (Whether it be closing the incident, initiating the takedown of an online asset or simply waiting for a process on the remote server to end) to take on the incident if any.
HackerView Incident Management	This playbook runs the incidents through indicator enrichment, then based on the mirroring settings, it can communicate with the remote server to track the progress of the investigation.
CyberBlindspot Incident Management V2	This playbook runs the incidents through indicator enrichment, then based on the mirroring settings, it can communicate with the remote server to assist the user in the next course of action (Whether it be closing the incident, initiating the takedown of an online asset or simply waiting for a process on the remote server to end) to take on the incident if any.

Classifiers

Name	Description
CTM360-CyberBlindspot - Incoming Mapper	Maps incoming CTM360 CyberBlindspot incidents.
CTM360-HackerView - Incoming Mapper	Maps incoming CTM360 HackerView incidents.

Incident Fields

Name	Description
CTM360 HackerView Potential Attack Types	Attacks that may be attempted.
CTM360 CyberBlindspot Module	Module the incident belongs to.
CTM360 HackerView Potential Impact	Actions that can be taken on a HackerView incident.
CTM360 CyberBlindspot Course of Action	Actions that can be taken on a CyberBlindspot incident.
CTM360 HackerView Technologies	Technologies associated with a HackerView incident.
CTM360 HackerView Asset Type	Type of affected asset(s).

Incident Types

Name	Description
CyberBlindspot Incident
HackerView Incident

Integrations

Name	Description
CTM360 CyberBlindspot (Partner Contribution)	Take action on incidents derived from CTM360 CBS threat intelligence that is directly linked to your organization.
CTM360 HackerView (Partner Contribution)	External Attack Surface Management platform, which combines automated asset discovery, issue identification / management, remediation guidelines, security ratings and third party risk management.

Playbooks

Name	Description
CyberBlindspot Alert Management	This playbook runs the alerts through indicator enrichment, then based on the mirroring settings, it can communicate with the remote server to assist the user in the next course of action (Whether it be closing the alert, initiating the takedown of an online asset or simply waiting for a process on the remote server to end) to take on the alert if any.
CyberBlindspot Alert Management V2	This playbook runs the alerts through indicator enrichment, then based on the mirroring settings, it can communicate with the remote server to assist the user in the next course of action (Whether it be closing the alert, initiating the takedown of an online asset or simply waiting for a process on the remote server to end) to take on the alert if any.
HackerView Alert Management	This playbook runs the alerts through indicator enrichment, then based on the mirroring settings, it can communicate with the remote server to track the progress of the investigation.

Required Content Packs (3)

Pack Name	Pack By
Base	By: Cortex XSOAR
Common Playbooks	By: Cortex XSOAR
Common Scripts	By: Cortex XSOAR

Optional Content Packs (1)

Pack Name	Pack By
Common Types	By: Cortex XSOAR

All level dependencies (6)

Pack Name	Pack By
Cortex REST API	By: Cortex XSOAR
Common Playbooks	By: Cortex XSOAR
Base	By: Cortex XSOAR
Common Scripts	By: Cortex XSOAR
Filters And Transformers	By: Cortex XSOAR
Rasterize	By: Cortex XSOAR

2.1.0 - 2395597 (February 10, 2025)

Dashboards

CyberBlindspot Incident Dashboard

Updated dashboard widget sizes.
Added more widgets.

Incident Fields

New: CTM360 CyberBlindspot Module
New: Incident field to identify which module the incident belongs to.
(Available from Cortex XSIAM 2.0).
(Available from Cortex XSOAR 6.10.0).

Incident Types

CyberBlindspot Incident
Updated CyberBlindspot incidents to use V2 playbook.

Integrations

CTM360 CyberBlindspot

Updated pack README file.
Added module type configuration (defaults to 'Incidents'):
- Incidents
- Compromised Cards
- Breached Credentials
- Domain Infringement
- Subdomain Infringement

Mappers

CTM360-CyberBlindspot - Incoming Mapper

Added mapping for the new incident field "CTM360 CyberBlindspot Module"

Playbooks

New: CyberBlindspot Incident Management V2

This playbook runs the incidents through indicator enrichment, then based on the mirroring settings, it can communicate with the remote server to assist the user in the next course of action (Whether it be closing the incident, initiating the takedown of an online asset or simply waiting for a process on the remote server to end) to take on the incident if any.
(Available from Cortex XSIAM 2.0).
(Available from Cortex XSOAR 6.10.0).

Related pull requests:
- 38199
- 38558

Download

2.0.0 - R2040490 (January 22, 2025)

Dashboards

New: HackerView Incident Dashboard

New: Dashboard to find metrics regarding the HackerView module
(Available from Cortex XSIAM 2.0).
(Available from Cortex XSOAR 6.10.0).

Incident Fields

New: CTM360 HackerView Potential Impact
New: Incident field for potential impact of incident on an asset.
(Available from Cortex XSIAM 2.0).
(Available from Cortex XSOAR 6.10.0).
New: CTM360 HackerView Technologies
New: Incident field for technologies associated with asset involved in an incident.
(Available from Cortex XSIAM 2.0).
(Available from Cortex XSOAR 6.10.0).
New: CTM360 HackerView Potential Attack Types
New: Incident field for potential types of attacks that may follow such incident.
(Available from Cortex XSIAM 2.0).
(Available from Cortex XSOAR 6.10.0).
New: CTM360 HackerView Asset Type
New: Incident field for type of asset involved in an incident.
(Available from Cortex XSIAM 2.0).
(Available from Cortex XSOAR 6.10.0).

Incident Types

New: HackerView Incident
New: Incident type.
(Available from Cortex XSIAM 2.0).
(Available from Cortex XSOAR 6.10.0).

Integrations

New: CTM360 HackerView

New: External Attack Surface Management platform, which combines automated asset discovery, issue identification / management, remediation guidelines, security ratings and third party risk management.
(Available from Cortex XSIAM 2.0).
(Available from Cortex XSOAR 6.10.0).

CTM360 CyberBlindspot

Updated the Docker image to: demisto/python3:3.11.10.116949.

Mappers

New: CTM360-HackerView - Incoming Mapper

New: New incoming mapper for HackerView incidents.
(Available from Cortex XSIAM 2.0).
(Available from Cortex XSOAR 6.10.0).

Playbooks

New: HackerView Incident Management

New: This playbook runs the incidents through indicator enrichment, then based on the mirroring settings, it can communicate with the remote server to track the progress of the investigation.
(Available from Cortex XSIAM 2.0).
(Available from Cortex XSOAR 6.10.0).

Related pull requests:
- 37743
- 37967

Download

1.0.1 - 1748140 (December 4, 2024)

Integrations

CTM360 CyberBlindspot

Updated the Docker image to: demisto/python3:3.11.10.115186.

Related pull requests:
- 37528
- 37524
- 37525
- 37526
- 37527

Download

1.0.0 - 1681986 (February 5, 2024)

Take action on incidents derived from threat intelligence that is directly linked to your organization.

Download

2.1.0 - 2429474 (February 11, 2025)

Incident Fields

New: CTM360 CyberBlindspot Module
New: Incident field to identify which module the incident belongs to.
(Available from Cortex XSIAM 2.0).
(Available from Cortex XSOAR 6.10.0).

Incident Types

CyberBlindspot Incident
Updated CyberBlindspot incidents to use V2 playbook.

Integrations

CTM360 CyberBlindspot

Updated pack README file.
Added module type configuration (defaults to 'Incidents'):
- Incidents
- Compromised Cards
- Breached Credentials
- Domain Infringement
- Subdomain Infringement

Mappers

CTM360-CyberBlindspot - Incoming Mapper

Added mapping for the new incident field "CTM360 CyberBlindspot Module"

Playbooks

New: CyberBlindspot Incident Management V2

Related pull requests:
- 38199
- 38558

Download

2.0.0 - R2040490 (January 22, 2025)

Incident Fields

New: CTM360 HackerView Potential Impact
New: Incident field for potential impact of incident on an asset.
(Available from Cortex XSIAM 2.0).
(Available from Cortex XSOAR 6.10.0).
New: CTM360 HackerView Technologies
New: Incident field for technologies associated with asset involved in an incident.
(Available from Cortex XSIAM 2.0).
(Available from Cortex XSOAR 6.10.0).
New: CTM360 HackerView Potential Attack Types
New: Incident field for potential types of attacks that may follow such incident.
(Available from Cortex XSIAM 2.0).
(Available from Cortex XSOAR 6.10.0).
New: CTM360 HackerView Asset Type
New: Incident field for type of asset involved in an incident.
(Available from Cortex XSIAM 2.0).
(Available from Cortex XSOAR 6.10.0).

Incident Types

New: HackerView Incident
New: Incident type.
(Available from Cortex XSIAM 2.0).
(Available from Cortex XSOAR 6.10.0).

Integrations

New: CTM360 HackerView

New: External Attack Surface Management platform, which combines automated asset discovery, issue identification / management, remediation guidelines, security ratings and third party risk management.
(Available from Cortex XSIAM 2.0).
(Available from Cortex XSOAR 6.10.0).

CTM360 CyberBlindspot

Updated the Docker image to: demisto/python3:3.11.10.116949.

Mappers

New: CTM360-HackerView - Incoming Mapper

New: New incoming mapper for HackerView incidents.
(Available from Cortex XSIAM 2.0).
(Available from Cortex XSOAR 6.10.0).

Playbooks

New: HackerView Incident Management

New: This playbook runs the incidents through indicator enrichment, then based on the mirroring settings, it can communicate with the remote server to track the progress of the investigation.
(Available from Cortex XSIAM 2.0).
(Available from Cortex XSOAR 6.10.0).

Related pull requests:
- 37743
- 37967

Download

1.0.1 - 1748140 (December 4, 2024)

Integrations

CTM360 CyberBlindspot

Updated the Docker image to: demisto/python3:3.11.10.115186.

Related pull requests:
- 37528
- 37524
- 37525
- 37526
- 37527

Download

1.0.0 - 1681986 (February 5, 2024)

Take action on incidents derived from threat intelligence that is directly linked to your organization.

Download

PUBLISHER

PLATFORMS

Cortex XSOARCortex XSIAM

INFO

Certification	Certified	Read more
Supported By	Partner
Created	February 5, 2024
Last Release	February 10, 2025

WORKS WITH THE FOLLOWING INTEGRATIONS:

DISCLAIMER

Content packs are licensed by the Publisher identified above and subject to the Publisher’s own licensing terms. Palo Alto Networks is not liable for and does not warrant or support any content pack produced by a third-party Publisher, whether or not such packs are designated as “Palo Alto Networks-certified” or otherwise.