ACTI Vulnerability Query

This Integration is part of the Accenture CTI v2 Pack.#

Supported versions

Available on Cortex XSOAR (versions 5.5.0 and later) and Cortex XSIAM.

Accenture CTI provides intelligence regarding security threats and vulnerabilities. This integration was integrated and tested with version v2.93.0 of ACTI

Configure ACTI Vulnerability Query in Cortex#

Parameter	Description	Required
url	URL	True
api_token	API Token	True
Source Reliability	Reliability of the source providing the intelligence data.	B - Usually reliable
insecure	Trust any certificate (not secure)	False
use_proxy	Use system proxy settings	False

Commands#

You can execute these commands from the CLI, as part of an automation, or in a playbook. After you successfully execute a command, a DBot message appears in the War Room with the command details.

acti-vuln#

Checks the reputation of the given common vulnerabilities and exposures ID.

Base Command#

acti-vuln

Input#

Argument Name	Description	Required
cve	CVE ID to check.	Optional

Context Output#

Path	Type	Description
CVE.ID	String	The ID of the CVE, for example: CVE-2022-1653
CVE.CVSS2	String	The CVSS2 temporal score of the CVE based on exploitability, remediation level & report confidence, for example: 10.0
CVE.CVSS3	String	The CVSS3 temporal score of the CVE based on exploitability, remediation level & report confidence, for example: 10.0
CVE.Published	String	The timestamp of when the CVE was published.
CVE.Modified	String	The timestamp of when the CVE was last modified.
CVE.Description	String	A description of the CVE.
DBotScore.Indicator	String	The indicator that was tested.
DBotScore.Reliability	String	Reliability of the source providing the intelligence data.
DBotScore.Type	String	The indicator type.
DBotScore.Vendor	String	The vendor that was used to calculate the score.
DBotScore.Score	String	The actual score.

Command Example#

!acti-vuln cve=CVE-2022-1653

Context Example#

{
    "DBotScore": {
        "Indicator": "CVE-2022-1653",
        "Reliability": "B - Usually reliable",
        "Score": 2,
        "Type": "cve",
        "Vendor": "ACTI Vulnerability Query"
    },
    "CVE": {
        "CVSS2": "10.0",
        "CVSS3": "10.0",
        "Description": "Description of the vulnerability",
        "ID": "CVE-2022-1653",
        "Modified": "2022-01-27 03:40:00",
        "Published": "2022-01-22 04:01:42",
    }
}

Human Readable Output#

Results#
CPEs CVSS2 CVSS3 DbotReputation Description LastModified LastPublished Name UUID
cpe:/a:f5:big-ip:16.1.1 10 10 2 Description of the vulnerability 2022-01-27 03:40:00 2022-01-22 04:01:42 CVE-2022-1653 cbc55efe-aa5c-4114-b532-e44f9b824fe1