Reputation commands generalized across reputation integrations to calculate a DBot score.
Cortex XSIAM supports many integrations with reputation providers, for example, VirusTotal, AlienVault OTX, and MISP. Every integration that returns a reputation about an indicator must implement the generic reputation commands and calculate a DBot Score.
When creating commands that enrich indicators, the commands should be named according to the indicator, such as !ip
and !domain
. This naming convention allows commands from multiple integrations to be run together to enrich an indicator. For example, running !ip ip=8.8.8.8
can trigger multiple integrations that gather information about the IP address.
The recommended way to return indicator context is using one of the classes under Common
(Common.IP
, Common.URL
). For more information, see Return IP Reputation in Context and outputs. An example of returning indicators is the IPinfo v2 integration.
The following are available generic reputation commands.