CTM360 CyberBlindspot

Details
Content
Dependencies
Version History

Take action on incidents derived from threat intelligence that is directly linked to your organization.

CyberBlindspot is a cloud-based external threat intelligence and digital risk protection platform. The platform has the automated capability of monitoring and processing data collected from internet (surface, deep and dark web sources), then turning this data into security intelligence as incidents and threat intelligence feeds (domain, IP, hash) to improve the existing detection/protection appliances of the customers.

What does this pack do?

This pack allows you to integrate CyberBlindspot incidents with XSOAR. Automated integration fetches and populates incidents into XSOAR from CyberBlindspot platform along with all the details of the incident and leads XSOAR analyst to take relevant actions over the incidents such as:

Closing the incident.
Issuing an asset takedown request.

How to use it?

You just need to install the pack and configure the CyberBlindspot integration instances in XSOAR. For the configuration phase you will need an active API key which can be obtained in the CyberBlindspot platform. For any further support and questions please feel free to contact with us via xsoar@ctm360.com

What does this pack do?

Closing the incident.
Issuing an asset takedown request.

How to use it?

Classifiers

Name	Description
CTM360-CyberBlindspot - Incoming Mapper	Maps incoming CTM360 CyberBlindspot incidents.

Dashboards

Name	Description
CyberBlindspot Incident Dashboard

Incident Fields

Name	Description
CTM360 CyberBlindspot Course of Action	Actions that can be taken on a CyberBlindspot incident.

Incident Types

Name	Description
CyberBlindspot Incident

Integrations

Name	Description
CTM360 CyberBlindspot (Partner Contribution)	Take action on incidents derived from CTM360 CBS threat intelligence that is directly linked to your organization.

Playbooks

Name	Description
CyberBlindspot Incident Management	This playbook runs the incidents through indicator enrichment, then based on the mirroring settings, it can communicate with the remote server to assist the user in the next course of action (Whether it be closing the incident, initiating the takedown of an online asset or simply waiting for a process on the remote server to end) to take on the incident if any.

Classifiers

Name	Description
CTM360-CyberBlindspot - Incoming Mapper	Maps incoming CTM360 CyberBlindspot incidents.

Incident Fields

Name	Description
CTM360 CyberBlindspot Course of Action	Actions that can be taken on a CyberBlindspot incident.

Incident Types

Name	Description
CyberBlindspot Incident

Integrations

Name	Description
CTM360 CyberBlindspot (Partner Contribution)	Take action on incidents derived from CTM360 CBS threat intelligence that is directly linked to your organization.

Playbooks

Name	Description
CyberBlindspot Alert Management	This playbook runs the alerts through indicator enrichment, then based on the mirroring settings, it can communicate with the remote server to assist the user in the next course of action (Whether it be closing the alert, initiating the takedown of an online asset or simply waiting for a process on the remote server to end) to take on the alert if any.

Required Content Packs (3)

Pack Name	Pack By
Base	By: Cortex XSOAR
Common Playbooks	By: Cortex XSOAR
Common Scripts	By: Cortex XSOAR

Optional Content Packs (1)

Pack Name	Pack By
Common Types	By: Cortex XSOAR

All level dependencies (6)

Pack Name	Pack By
Cortex REST API	By: Cortex XSOAR
Base	By: Cortex XSOAR
Filters And Transformers	By: Cortex XSOAR
Rasterize	By: Cortex XSOAR
Common Scripts	By: Cortex XSOAR
Common Playbooks	By: Cortex XSOAR

PUBLISHER

CTM360

PLATFORMS

Cortex XSOARCortex XSIAM

INFO

Certification	Certified	Read more
Supported By	Partner
Created	February 5, 2024
Last Release	February 5, 2024

WORKS WITH THE FOLLOWING INTEGRATIONS:

DISCLAIMER

Content packs are licensed by the Publisher identified above and subject to the Publisher’s own licensing terms. Palo Alto Networks is not liable for and does not warrant or support any content pack produced by a third-party Publisher, whether or not such packs are designated as “Palo Alto Networks-certified” or otherwise. For more information, see the Marketplace documentation.