Packs/CyCognito/Integrations/CyCognito/CyCognito.yml

category: Vulnerability Management
commonfields:
  id: CyCognito
  version: -1
configuration:
- additionalinfo: The API Key required to authenticate to the service.
  display: API Key
  name: api_key
  required: true
  type: 4
- defaultvalue: CyCognito Issue
  display: Incident type
  name: incidentType
  required: false
  type: 13
- additionalinfo: The mirroring direction in which to mirror the incident. You can
    mirror only in (from CyCognito to XSOAR), out (from XSOAR to CyCognito), or in
    both directions.
  display: Incident Mirroring Direction
  defaultvalue: Incoming and Outgoing
  hidden:
    - marketplacev2
  name: mirror_direction
  options:
  - None
  - Incoming
  - Outgoing
  - Incoming and Outgoing
  required: false
  type: 15
- display: Fetch incidents
  name: isFetch
  required: false
  type: 8
- additionalinfo: |-
    The date or relative timestamp from which to begin fetching incidents.

    Supported formats: 2 minutes, 2 hours, 2 days, 2 weeks, 2 months, 2 years, yyyy-mm-dd, yyyy-mm-ddTHH:MM:SSZ
    
    For example: 01 Mar 2021, 01 Feb 2021 04:45:33, 2022-04-17T14:05:44Z
  defaultvalue: 3 days
  display: First Fetch Time
  name: first_fetch
  required: false
  type: 0
- additionalinfo: The maximum number of incidents to fetch every time. The maximum
    value is '1000'.
  defaultvalue: '50'
  display: Max Fetch
  name: max_fetch
  required: false
  type: 0
- additionalinfo: The type of issue to fetch. By default, all types of issues will
    be fetched. Multiple selection is supported.
  display: Issue Type
  hidden: false
  name: issue_type
  options:
  - Abandoned Asset
  - Certificate Validity
  - Cryptographic Vulnerability
  - E-mail Security
  - Exposed Asset
  - Exposed Data
  - Exposed Dev Environment
  - Information Gathering
  - Phishing Threat
  - Potential Imposter Asset
  - Security Hygiene
  - Unmaintained Asset
  - Unsafe Authentication
  - Vulnerable Software
  - Weak Encryption
  - XSS
  required: false
  type: 16
- additionalinfo: Filters incidents according to the geographic locations in which the issue is found. Multiple selection is supported.
  display: Locations
  hidden: false
  name: locations
  options: ["Afghanistan","Aland Islands","Albania","Algeria","American Samoa","Andorra","Angola","Anguilla","Antarctica",
            "Antigua and Barbuda","Argentina","Armenia","Aruba","Australia","Austria","Azerbaijan","Bahamas","Bahrain",
            "Bangladesh","Barbados","Belarus","Belgium","Belize","Benin","Bermuda","Bhutan","Bolivia, Plurinational State of",
            "Bonaire, Sint Eustatius and Saba","Bosnia and Herzegovina","Botswana","Bouvet Island","Brazil",
            "British Indian Ocean Territory","Brunei Darussalam","Bulgaria","Burkina Faso","Burundi","Cabo Verde","Cambodia",
            "Cameroon","Canada","Cayman Islands","Central African Republic","Chad","Chile","China","Christmas Island",
            "Cocos (Keeling) Islands","Colombia","Comoros","Congo","Congo, The Democratic Republic of the","Cook Islands",
            "Costa Rica","Cote d'Ivoire","Croatia","Cuba","Curacao","Cyprus","Czechia","Denmark","Djibouti","Dominica",
            "Dominican Republic","Ecuador","Egypt","El Salvador","Equatorial Guinea","Eritrea","Estonia","Eswatini",
            "Ethiopia","Falkland Islands (Malvinas)","Faroe Islands","Fiji","Finland","France","French Guiana",
            "French Polynesia","French Southern Territories","Gabon","Gambia","Georgia","Germany","Ghana","Gibraltar",
            "Greece","Greenland","Grenada","Guadeloupe","Guam","Guatemala","Guernsey","Guinea","Guinea-Bissau","Guyana",
            "Haiti","Heard Island and McDonald Islands","Holy See","Honduras","Hong Kong","Hungary","Iceland","India",
            "Indonesia","Iran, Islamic Republic of","Iraq","Ireland","Isle of Man","Israel","Italy","Jamaica","Japan",
            "Jersey","Jordan","Kazakhstan","Kenya","Kiribati","Korea, Democratic People's Republic of","Korea, Republic of",
            "Kuwait","Kyrgyzstan","Lao People's Democratic Republic","Latvia","Lebanon","Lesotho","Liberia","Libya",
            "Liechtenstein","Lithuania","Luxembourg","Macao","Madagascar","Malawi","Malaysia","Maldives","Mali","Malta",
            "Marshall Islands","Martinique","Mauritania","Mauritius","Mayotte","Mexico","Micronesia, Federated States of",
            "Moldova, Republic of","Monaco","Mongolia","Montenegro","Montserrat","Morocco","Mozambique","Myanmar","Namibia",
            "Nauru","Nepal","Netherlands","New Caledonia","New Zealand","Nicaragua","Niger","Nigeria","Niue","Norfolk Island",
            "North Macedonia","Northern Mariana Islands","Norway","Oman","Pakistan","Palau","Palestine, State of","Panama",
            "Papua New Guinea","Paraguay","Peru","Philippines","Pitcairn","Poland","Portugal","Puerto Rico","Qatar","Reunion",
            "Romania","Russian Federation","Rwanda","Saint Barthelemy","Saint Helena, Ascension and Tristan da Cunha",
            "Saint Kitts and Nevis","Saint Lucia","Saint Martin (French part)","Saint Pierre and Miquelon",
            "Saint Vincent and the Grenadines","Samoa","San Marino","Sao Tome and Principe","Saudi Arabia","Senegal",
            "Serbia","Seychelles","Sierra Leone","Singapore","Sint Maarten (Dutch part)","Slovakia","Slovenia",
            "Solomon Islands","Somalia","South Africa","South Georgia and the South Sandwich Islands","South Sudan","Spain",
            "Sri Lanka","Sudan","Suriname","Svalbard and Jan Mayen","Sweden","Switzerland","Syrian Arab Republic",
            "Taiwan, Province of China","Tajikistan","Tanzania, United Republic of","Thailand","Timor-Leste","Togo",
            "Tokelau","Tonga","Trinidad and Tobago","Tunisia","Turkey","Turkmenistan","Turks and Caicos Islands","Tuvalu",
            "Uganda","Ukraine","United Arab Emirates","United Kingdom of Great Britain and Northern Ireland",
            "United States of America","United States Minor Outlying Islands","Uruguay","Uzbekistan","Vanuatu",
            "Venezuela, Bolivarian Republic of","Vietnam","Virgin Islands, British","Virgin Islands, U.S.",
            "Wallis and Futuna","Western Sahara","Yemen","Zambia","Zimbabwe"]
  required: false
  type: 16
- additionalinfo: The severity levels of the issues to fetch from CyCognito. By default,
    all the severity levels will be fetched, Multiple selection is supported.
  display: Severity
  hidden: false
  name: severity_filter
  options:
  - low
  - high
  - medium
  - critical
  required: false
  type: 16
- additionalinfo: The investigation status of the issues to fetch from CyCognito.
    By default, it fetches uninvestigated issues.
  defaultvalue: uninvestigated
  display: Investigation Status
  hidden: false
  name: investigation_status
  options:
  - uninvestigated
  - investigating
  - investigated
  required: false
  type: 15
- additionalinfo: "Applies a filter to the list of issues based on a JSON-specific\
    \ query.\n\nFormat:\n[{\n    \"field\": \"issue-type\",\n    \"op\": \"in\",\n\
    \    \"values\": [\n       \"Unsafe Authentication\",\n       \"Vulnerable Software\"\
    \n    ]\t\n},\n{\n    \"op\": \"not-in\",\n    \"field\": \"severity-score\",\n\
    \    \"values\": [10, 9]\n}]\n\nNote: When using several filtering options (e.g.,\
    \ 'Issue Type' and 'Advanced Filter'), Advanced Filter parameters will take precedence\
    \ over other parameters.\nFor a complete reference to the CyCognito fields and\
    \ operations, please refer to the CyCognito API V0 documentation at \nhttps://docs.cycognito.com/reference/query-issues"
  display: Advanced Filter
  hidden: false
  name: advanced_filter
  required: false
  type: 12
- additionalinfo: Indicates whether to allow connections without verifying SSL certificate's
    validity.
  display: Trust any certificate (not secure)
  name: insecure
  required: false
  type: 8
- additionalinfo: Indicates whether to use XSOAR's system proxy settings to connect
    to the API.
  display: Use system proxy settings
  name: proxy
  required: false
  type: 8
- defaultvalue: '1440'
  display: Incidents Fetch Interval
  name: incidentFetchInterval
  required: false
  type: 19
description: The CyCognito integration fetches issues discovered by the CyCognito
  platform, thereby providing users with a view of their organization's internet-exposed
  attack surface. These issues include identification, prioritization, and recommendations
  for remediation of the risks faced by the organization. The integration contains
  commands to query assets and issues detected by the CyCognito platform, and includes
  a rich dashboard and layout with issue management capability.
display: CyCognito
name: CyCognito
script:
  commands:
  - arguments:
    - default: false
      description: |-
        Unique issue ID of the instance.

        Example: 0.0.0.0-cyc-auth-default-credentials,
        example.com-cyc-sql-injection, 0.0.0.0-cyc-exposed-bucket-with-data.

        Note: Users can retrieve the list of issue instance IDs by executing the "cycognito-issues-list" command.
      isArray: false
      name: issue_instance_id
      required: true
      secret: false
    deprecated: false
    description: Retrieves information about an issue associated with a particular
      instance based on the provided issue instance ID.
    execution: false
    name: cycognito-issue-get
    outputs:
    - contextPath: CyCognito.Issue.id
      description: Unique ID of the issue.
      type: String
    - contextPath: CyCognito.Issue.references
      description: Issue reference.
      type: Unknown
    - contextPath: CyCognito.Issue.potential_threat
      description: The threat that the issue might cause.
      type: String
    - contextPath: CyCognito.Issue.tags
      description: Tags of the issue.
      type: Unknown
    - contextPath: CyCognito.Issue.organizations
      description: Organizations of the instance.
      type: Unknown
    - contextPath: CyCognito.Issue.issue_id
      description: Unique ID of the issue.
      type: String
    - contextPath: CyCognito.Issue.summary
      description: A brief description that summarizes the issue.
      type: String
    - contextPath: CyCognito.Issue.resolved_at
      description: Date/time when the issue was resolved.
      type: String
    - contextPath: CyCognito.Issue.investigation_status
      description: Investigation status of the issue.
      type: String
    - contextPath: CyCognito.Issue.locations
      description: The geographic location of the instance.
      type: Unknown
    - contextPath: CyCognito.Issue.detection_complexity
      description: Measures the difficulty at which a vulnerable asset can be detected
        by a potential attacker.
      type: String
    - contextPath: CyCognito.Issue.title
      description: Title of the issue.
      type: String
    - contextPath: CyCognito.Issue.exploitation_score
      description: Exploitation score of the issue.
      type: Number
    - contextPath: CyCognito.Issue.issue_type
      description: Type of the issue.
      type: String
    - contextPath: CyCognito.Issue.comment
      description: Comment associated with the issue.
      type: String
    - contextPath: CyCognito.Issue.severity
      description: Severity of the issue.
      type: String
    - contextPath: CyCognito.Issue.remediation_steps
      description: A list of actions that describe how to resolve the issue.
      type: Unknown
    - contextPath: CyCognito.Issue.potential_impact
      description: A list of categories that describe what might happen if the issue
        is exploited.
      type: Unknown
    - contextPath: CyCognito.Issue.exploitation_method
      description: Exploitation method of the issue.
      type: String
    - contextPath: CyCognito.Issue.affected_asset
      description: The unique ID of the asset with which the issue is associated.
      type: String
    - contextPath: CyCognito.Issue.severity_score
      description: The numeric severity of the issue is in the range of 0 (not severe)
        through 10 (severe).
      type: Number
    - contextPath: CyCognito.Issue.last_detected
      description: The time at which the issue was last detected.
      type: Date
    - contextPath: CyCognito.Issue.first_detected
      description: The time at which the issue was first detected.
      type: Date
    - contextPath: CyCognito.Issue.issue_status
      description: Status of the issue found.
      type: String
    - contextPath: CyCognito.Issue.evidence
      description: Provides a reason or proof of why the issue was indeed detected by CyCognito.
      type: Unknown
  - arguments:
    - auto: PREDEFINED
      default: false
      description: |-
        The type of asset.

        Supported values: 'ip', 'domain', 'cert', 'webapp', 'iprange'
      isArray: false
      name: asset_type
      predefined:
      - ip
      - domain
      - iprange
      - cert
      - webapp
      required: true
      secret: false
    - default: false
      description: |-
        The unique asset identifier.

        Note: The asset ID value can be found by executing the "cycognito-assets-list" command.
      isArray: false
      name: asset_id
      required: true
      secret: false
    deprecated: false
    description: Retrieves information about a specific asset according to the specified
      asset type and asset ID.
    execution: false
    name: cycognito-asset-get
    outputs:
    - contextPath: CyCognito.Asset.alive
      description: Whether the port is alive or not.
      type: Boolean
    - contextPath: CyCognito.Asset.comment
      description: Comment associated with the asset.
      type: String
    - contextPath: CyCognito.Asset.id
      description: |-
        Unique identifier of the asset.
        
        Note: The asset ID is derived from the asset_id input field.
      type: String
    - contextPath: CyCognito.Asset.type
      description: The type of asset.
      type: String
    - contextPath: CyCognito.Asset.business_units
      description: The business units of the asset.
      type: Unknown
    - contextPath: CyCognito.Asset.signature
      description: The identifier of the certificate.
      type: String
    - contextPath: CyCognito.Asset.closed_ports.status
      description: Status of the closed ports object associated with the asset.
      type: String
    - contextPath: CyCognito.Asset.closed_ports.port
      description: Port of the closed ports object associated with the asset.
      type: Number
    - contextPath: CyCognito.Asset.closed_ports.protocol
      description: Protocol associated with the asset.
      type: String
    - contextPath: CyCognito.Asset.created
      description: Creation time of the asset.
      type: Date
    - contextPath: CyCognito.Asset.domain
      description: Domain of the asset.
      type: String
    - contextPath: CyCognito.Asset.domains
      description: List of domains associated with the asset.
      type: Unknown
    - contextPath: CyCognito.Asset.domain_names
      description: List of domain names associated with the asset.
      type: Unknown
    - contextPath: CyCognito.Asset.expiration
      description: The date and time at which the asset expires.
      type: Date
    - contextPath: CyCognito.Asset.first_seen
      description: The time and date at which the asset was first discovered.
      type: Date
    - contextPath: CyCognito.Asset.hosting_type
      description: Hosting type of the asset.
      type: String
    - contextPath: CyCognito.Asset.ip
      description: IP address of the asset.
      type: String
    - contextPath: CyCognito.Asset.ip_addresses
      description: IP name of the asset.
      type: Unknown
    - contextPath: CyCognito.Asset.issuer_alt_names
      description: List of alternative names of the issuers.
      type: Unknown
    - contextPath: CyCognito.Asset.issuer_common_name
      description: Common name of the Issuer.
      type: String
    - contextPath: CyCognito.Asset.issuer_country
      description: Country of the issuer.
      type: String
    - contextPath: CyCognito.Asset.issuer_locality
      description: Locality of the issuer.
      type: String
    - contextPath: CyCognito.Asset.issuer_organization
      description: The issuer's organization.
      type: String
    - contextPath: CyCognito.Asset.issuer_organization_unit
      description: The issuer's organization unit.
      type: String
    - contextPath: CyCognito.Asset.issuer_state
      description: The state of the issuer.
      type: String
    - contextPath: CyCognito.Asset.issues_count
      description: Count of the issues.
      type: Number
    - contextPath: CyCognito.Asset.last_seen
      description: The time and date at which the asset was last seen.
      type: Date
    - contextPath: CyCognito.Asset.locations
      description: Location of the asset.
      type: Unknown
    - contextPath: CyCognito.Asset.open_ports.status
      description: Status of the open ports object associated with the asset.
      type: String
    - contextPath: CyCognito.Asset.open_ports.port
      description: Port of the open ports object associated with the asset.
      type: Number
    - contextPath: CyCognito.Asset.open_ports.protocol
      description: Protocol associated with the asset.
      type: String
    - contextPath: CyCognito.Asset.organizations
      description: Organizations of the asset.
      type: Unknown
    - contextPath: CyCognito.Asset.status
      description: Status of the asset.
      type: String
    - contextPath: CyCognito.Asset.security_grade
      description: Security rating of the asset.
      type: String
    - contextPath: CyCognito.Asset.severe_issues
      description: The number of severe issues associated with the asset.
      type: Number
    - contextPath: CyCognito.Asset.signature_algorithm
      description: Signature algorithm of the asset.
      type: String
    - contextPath: CyCognito.Asset.sub_domains
      description: Subdomains of the asset.
      type: Unknown
    - contextPath: CyCognito.Asset.subject_alt_names
      description: List of alternate subject names.
      type: Unknown
    - contextPath: CyCognito.Asset.subject_common_name
      description: Common name of the subject.
      type: String
    - contextPath: CyCognito.Asset.subject_country
      description: Subject's country.
      type: String
    - contextPath: CyCognito.Asset.subject_locality
      description: Locality of the subject.
      type: String
    - contextPath: CyCognito.Asset.subject_organization
      description: Subject's Organization.
      type: String
    - contextPath: CyCognito.Asset.subject_organization_unit
      description: The organization unit of the subject.
      type: String
    - contextPath: CyCognito.Asset.subject_state
      description: State of the subject.
      type: String
    - contextPath: CyCognito.Asset.tags
      description: Tags of the asset.
      type: Unknown
    - contextPath: CyCognito.Asset.dynamically_resolved
      description: Whether the asset has a rotating IP address.
      type: String
    - contextPath: CyCognito.Asset.investigation_status
      description: Investigation status of the asset.
      type: String
    - contextPath: CyCognito.Asset.discoverability
      description: Quantifies an asset's level of exposure.
      type: String
  - arguments:
    - auto: PREDEFINED
      default: false
      description: |-
        The type of asset.

        Supported values: 'ip', 'domain', 'cert', 'webapp', 'iprange'
      isArray: false
      name: asset_type
      predefined:
      - ip
      - domain
      - cert
      - webapp
      - iprange
      required: true
      secret: false
    - default: false
      description: |-
        The unique asset identifier.

        Note: The asset ID value can be found by executing the "cycognito-assets-list" command.
      isArray: false
      name: asset_id
      required: true
      secret: false
    - auto: PREDEFINED
      default: false
      description: |-
        The investigation status of the asset. 
        
        Supported values: 'uninvestigated', 'investigating', 'investigated'
      isArray: false
      name: investigation_status
      predefined:
      - uninvestigated
      - investigating
      - investigated
      required: true
      secret: false
    deprecated: false
    description: Modifies the investigation status of the specified asset.
    execution: false
    name: cycognito-asset-investigation-status-change
    outputs:
    - contextPath: CyCognito.Asset.type
      description: The type of the asset.
      type: String
    - contextPath: CyCognito.Asset.id
      description: |-
        Unique identifier of the asset.
        
        Note: The asset ID is derived from the asset_ID input field."
      type: String
    - contextPath: CyCognito.Asset.investigation_status
      description: Investigation status of the Asset.
      type: String
    - contextPath: CyCognito.Asset.action_status
      description: Whether the status update is successful or failed.
      type: String
  - arguments:
    - default: false
      description: |-
        The unique issue ID of the instance whose investigation status is to be changed.

        Example: 0.0.0.0-cyc-auth-default-credentials,
        example.com-cyc-sql-injection, 0.0.0.0-cyc-exposed-bucket-with-data.

        Note: Users can retrieve the list of issue instance IDs by executing the "cycognito-issues-list" command.
      isArray: false
      name: issue_instance_id
      required: true
      secret: false
    - auto: PREDEFINED
      default: false
      description: |-
        The investigation status of the issue.

        Supported values: 'uninvestigated', 'investigating', 'investigated'
      isArray: false
      name: investigation_status
      predefined:
      - uninvestigated
      - investigating
      - investigated
      required: true
      secret: false
    deprecated: false
    description: Modifies the investigation status of the specified issue.
    execution: false
    name: cycognito-issue-investigation-status-change
    outputs:
    - contextPath: CyCognito.Issue.id
      description: Unique ID of the issue.
      type: String
    - contextPath: CyCognito.Issue.investigation_status
      description: Investigation status of the issue.
      type: String
    - contextPath: CyCognito.Issue.action_status
      description: Whether the update is successful or failed.
      type: String
  - arguments:
    - default: false
      defaultValue: '50'
      description: |-
        The number of results to retrieve.
        
        Maximum value is '1000'
      isArray: false
      name: count
      required: false
      secret: false
    - default: false
      defaultValue: '0'
      description: |-
        Sets the starting index for the returned results. By specifying offset, you retrieve a subset of records starting with the offset value.

        Note: If a negative value is provided then the default value of 0 will be used.
      isArray: false
      name: offset
      required: false
      secret: false
    - default: false
      description: |-
        An Advanced Search parameter to query the response.

        Note: Retrieves all the occurrences that are included in the string.
      isArray: false
      name: search
      required: false
      secret: false
    - default: false
      description: |-
        The date and time at which CyCognito first discovered and attributed the asset to the organization.

        Supported formats: 2 minutes, 2 hours, 2 days, 2 weeks, 2 months, 2 years, yyyy-mm-dd, yyyy-mm-ddTHH:MM:SSZ
        
        For example: 01 Mar 2021, 01 Feb 2021 04:45:33, 2022-04-17T14:05:44Z
      isArray: false
      name: first_detected
      required: false
      secret: false
    - default: false
      description: |-
        The date and time at which CyCognito most recently attributed the asset to the organization.

        Supported formats: 2 minutes, 2 hours, 2 days, 2 weeks, 2 months, 2 years, yyyy-mm-dd, yyyy-mm-ddTHH:MM:SSZ
        
        For example: 01 Mar 2021, 01 Feb 2021 04:45:33, 2022-04-17T14:05:44Z
      isArray: false
      name: last_detected
      required: false
      secret: false
    - default: false
      description: Filters the issues according to the provided organizations. Supports comma-separated values.
      isArray: false
      name: organizations
      required: false
      secret: false
    - default: false
      description: The geographical locations in which the issue is found. Supported
        values contain the three-letter ISO country code for the respective countries--e.g.,
        IND, USA.
      isArray: false
      name: locations
      required: false
      secret: false
    - default: false
      description: |-
        Filters the records according to the issue type. Supports comma-separated values.

        Supported values: "Abandoned Asset", "Certificate Validity", "Cryptographic Vulnerability", "E-mail Security", "Exposed Asset", "Exposed Data", "Exposed Dev Environment", "Information Gathering", "Phishing Threat", "Potential Imposter Asset", "Security Hygiene", "Unmaintained Asset", "Unsafe Authentication", "Vulnerable Software", "Weak Encryption", "XSS"
      isArray: false
      name: issue_type
      required: false
      secret: false
    - default: false
      description: |-
        The name of the field by which to sort the results. The response fields available for sorting the data are found in the following documentation:
        https://docs.cycognito.com/reference/reference-getting-started
      isArray: false
      name: sort_by
      required: false
      secret: false
    - auto: PREDEFINED
      default: false
      description: |-
        Specifies whether to sort the results in either ascending or descending order.

        Supported values: 'asc', 'desc'
      isArray: false
      name: sort_order
      predefined:
      - asc
      - desc
      required: false
      secret: false
    - default: false
      description: "Applies a filter to the list of issues based on a JSON-specific\
        \ query.\n\nFormat:\n[{\n    \"field\": \"issue-type\",\n    \"op\": \"in\"\
        ,\n    \"values\": [\n       \"Unsafe Authentication\",\n       \"Vulnerable\
        \ Software\"\n    ]\t\n},\n{\n    \"op\": \"not-in\",\n    \"field\": \"severity-score\"\
        ,\n    \"values\": [10, 9]\n}]\n\nNote: When using several filtering options\
        \ (e.g., 'Issue Type' and 'Advanced Filter'), advance_json parameters will\
        \ take precedence over other parameters. \nFor a complete reference to the\
        \ CyCognito fields and operations, please refer to the CyCognito API V0 documentation\
        \ at \nhttps://docs.cycognito.com/reference/query-issues"
      isArray: false
      name: advanced_filter
      required: false
      secret: false
    deprecated: false
    description: Retrieves the list of the issues that meet the specified filter criteria.
    execution: false
    name: cycognito-issues-list
    outputs:
    - contextPath: CyCognito.Issue.id
      description: Unique ID of the issue.
      type: String
    - contextPath: CyCognito.Issue.references
      description: Reference of the issue.
      type: Unknown
    - contextPath: CyCognito.Issue.potential_threat
      description: The threat that the issue might cause.
      type: String
    - contextPath: CyCognito.Issue.tags
      description: Tags of the issue.
      type: Unknown
    - contextPath: CyCognito.Issue.organizations
      description: Organizations of the instance.
      type: Unknown
    - contextPath: CyCognito.Issue.issue_id
      description: Unique ID of the issue.
      type: String
    - contextPath: CyCognito.Issue.summary
      description: A brief description that summarizes the issue.
      type: String
    - contextPath: CyCognito.Issue.resolved_at
      description: Date/time when the issue was resolved.
      type: String
    - contextPath: CyCognito.Issue.investigation_status
      description: Investigation status of the issue.
      type: String
    - contextPath: CyCognito.Issue.locations
      description: The geographic location of the instance.
      type: Unknown
    - contextPath: CyCognito.Issue.detection_complexity
      description: Measures the difficulty at which a vulnerable asset can be detected
        by a potential attacker.
      type: String
    - contextPath: CyCognito.Issue.title
      description: Title of the issue.
      type: String
    - contextPath: CyCognito.Issue.exploitation_score
      description: Exploitation score of the issue.
      type: Number
    - contextPath: CyCognito.Issue.issue_type
      description: Type of the issue.
      type: String
    - contextPath: CyCognito.Issue.comment
      description: Comment associated with the issue.
      type: String
    - contextPath: CyCognito.Issue.severity
      description: Severity of the issue.
      type: String
    - contextPath: CyCognito.Issue.remediation_steps
      description: A list of actions that describe how to resolve the issue.
      type: Unknown
    - contextPath: CyCognito.Issue.potential_impact
      description: A list of categories that describe what might happen if the issue
        is exploited.
      type: Unknown
    - contextPath: CyCognito.Issue.exploitation_method
      description: Exploitation method of the issue.
      type: String
    - contextPath: CyCognito.Issue.affected_asset
      description: The unique ID of the asset with which the issue is associated.
      type: String
    - contextPath: CyCognito.Issue.severity_score
      description: The numeric severity of the issue is in the range of 0 (not severe) through 10 (severe).
      type: Number
    - contextPath: CyCognito.Issue.last_detected
      description: The time at which the issue was last detected.
      type: Date
    - contextPath: CyCognito.Issue.first_detected
      description: The time at which the issue was first detected.
      type: Date
    - contextPath: CyCognito.Issue.issue_status
      description: Status of the issue found.
      type: String
    - contextPath: CyCognito.Issue.evidence
      description: Provides a reason or proof of why the issue was indeed detected by CyCognito.
      type: Unknown
  - arguments:
    - auto: PREDEFINED
      default: false
      description: |-
        The type of asset.

        Supported values: 'ip', 'domain', 'cert', 'webapp', 'iprange'
      isArray: false
      name: asset_type
      predefined:
      - ip
      - domain
      - iprange
      - webapp
      - cert
      required: true
      secret: false
    - default: false
      defaultValue: '50'
      description: |-
        The number of results to be retrieved in a response. 
        
        Maximum value is '1000'
      isArray: false
      name: count
      required: false
      secret: false
    - default: false
      defaultValue: '0'
      description: |-
        Sets the starting index for the returned results. By specifying offset, you retrieve a subset of records starting with the offset value.

        Note: If a negative value is provided then the default value of 0 will be used.
      isArray: false
      name: offset
      required: false
      secret: false
    - default: false
      description: |-
        An Advanced Search parameter to query the response.

        Note: Retrieves all the occurrences that are included in the string.
      isArray: false
      name: search
      required: false
      secret: false
    - default: false
      description: |- 
        Filters the assets according to the selected status. Supports comma-separated values.
        
        Supported values: 'changed', 'new', 'normal'
      isArray: false
      name: status
      required: false
      secret: false
    - default: false
      description: Filters the assets according to the provided organizations. Supports
        comma-separated values.
      isArray: false
      name: organizations
      required: false
      secret: false
    - default: false
      description: |-
        Filters the assets according to the provided security ratings. Supports comma-separated values.

        Supported values: 'A', 'B', 'C', 'D', 'F'

        Where:
        A = Very strong
        B = Strong
        C = Less vulnerable
        D = Vulnerable
        F = Highly vulnerable
      isArray: false
      name: security_grade
      required: false
      secret: false
    - default: false
      description: |-
        The geographical locations in which the asset is found. Supported values contain the three-letter ISO country code for the respective countries'e.g., IND, USA.
        Locations are available only for IP, Domain, and Certificate asset types.
      isArray: false
      name: locations
      required: false
      secret: false
    - default: false
      description: |-
        The date and time at which CyCognito first discovered and attributed the asset to the organization.

        Supported formats: 2 minutes, 2 hours, 2 days, 2 weeks, 2 months, 2 years, yyyy-mm-dd, yyyy-mm-ddTHH:MM:SSZ

        For example: 01 Mar 2021, 01 Feb 2021 04:45:33, 2022-04-17T14:05:44Z
      isArray: false
      name: first_seen
      required: false
      secret: false
    - default: false
      description: |-
        The date and time at which CyCognito most recently attributed the asset to the organization.

        Supported formats: 2 minutes, 2 hours, 2 days, 2 weeks, 2 months, 2 years, yyyy-mm-dd, yyyy-mm-ddTHH:MM:SSZ

        For example: 01 Mar 2021, 01 Feb 2021 04:45:33, 2022-04-17T14:05:44Z
      isArray: false
      name: last_seen
      required: false
      secret: false
    - default: false
      description: |-
        Specifies the field by which to sort.

        Note: The response fields available for sorting the data are found in the following documentation:
        https://docs.cycognito.com/reference/query-assets
      isArray: false
      name: sort_by
      required: false
      secret: false
    - auto: PREDEFINED
      default: false
      defaultValue: desc
      description: |-
        Specifies whether to sort the results in either ascending or descending order.

        Supported values: 'asc', 'desc'
      isArray: false
      name: sort_order
      predefined:
      - asc
      - desc
      required: false
      secret: false
    - default: false
      description: "Applies a filter to the list of assets based on a JSON-specific query.\n\nFormat:\n\
        [{\n    \"field\": \"status\",\n    \"op\": \"in\",\n    \"values\":\
        \ [\n        \"new\",\n        \"changed\"\n    ]\t\n},\n{\n    \"op\": \"\
        not-in\",\n    \"field\": \"security-rating\",\n    \"values\": [\"A\"]\n}]\n\
        \nNote: For a complete reference to the CyCognito fields and operations, please\
        \ refer to the CyCognito API V0 documentation at https://docs.cycognito.com/reference/query-assets."
      isArray: false
      name: advanced_filter
      required: false
      secret: false
    deprecated: false
    description: Retrieves the list of assets that meet specified filter criteria.
    execution: false
    name: cycognito-assets-list
    outputs:
    - contextPath: CyCognito.Asset.alive
      description: Whether the port is alive or not.
      type: Boolean
    - contextPath: CyCognito.Asset.comment
      description: Comments related to the asset.
      type: String
    - contextPath: CyCognito.Asset.id
      description: "Unique identifier of the asset. \n\nNote: Asset ID is derived\
        \ from the asset_id input field."
      type: String
    - contextPath: CyCognito.Asset.type
      description: Type of the asset.
      type: String
    - contextPath: CyCognito.Asset.business_units
      description: Business units of the asset.
      type: Unknown
    - contextPath: CyCognito.Asset.signature
      description: The identifier of the certificate.
      type: String
    - contextPath: CyCognito.Asset.closed_ports.status
      description: Status of the closed ports object associated with the asset.
      type: String
    - contextPath: CyCognito.Asset.closed_ports.port
      description: Port of the closed ports object associated with the asset.
      type: Number
    - contextPath: CyCognito.Asset.closed_ports.protocol
      description: Protocol associated with the asset.
      type: String
    - contextPath: CyCognito.Asset.created
      description: Date and time at which the asset was created.
      type: Date
    - contextPath: CyCognito.Asset.domain
      description: Domain name of the asset.
      type: String
    - contextPath: CyCognito.Asset.domains
      description: Domain of the asset.
      type: Unknown
    - contextPath: CyCognito.Asset.domain_names
      description: List of domain names associated with the asset.
      type: Unknown
    - contextPath: CyCognito.Asset.expiration
      description: Date and time at which the asset is expired.
      type: Date
    - contextPath: CyCognito.Asset.first_seen
      description: Time at which an asset was first discovered and attributed to the
        organization.
      type: Date
    - contextPath: CyCognito.Asset.hosting_type
      description: Hosting type of the asset.
      type: String
    - contextPath: CyCognito.Asset.investigation_status
      description: Investigation status of the asset.
      type: String
    - contextPath: CyCognito.Asset.ip
      description: IP of the asset.
      type: String
    - contextPath: CyCognito.Asset.ip_addresses
      description: List of IP associated with the asset.
      type: Unknown
    - contextPath: CyCognito.Asset.issuer_alt_names
      description: List of alternate issuer names.
      type: Unknown
    - contextPath: CyCognito.Asset.issuer_common_name
      description: Common name of the Issuer.
      type: String
    - contextPath: CyCognito.Asset.issuer_country
      description: Country of Issuer.
      type: String
    - contextPath: CyCognito.Asset.issuer_locality
      description: Locality of issuer.
      type: String
    - contextPath: CyCognito.Asset.issuer_organization
      description: Organization of the issuer.
      type: String
    - contextPath: CyCognito.Asset.issuer_organization_unit
      description: The organization unit of the issuer.
      type: String
    - contextPath: CyCognito.Asset.issuer_state
      description: State of the issuer.
      type: String
    - contextPath: CyCognito.Asset.issues_count
      description: Count of issues associated with the asset.
      type: Number
    - contextPath: CyCognito.Asset.last_seen
      description: Time at which an asset was discovered and attributed to the organization.
      type: Date
    - contextPath: CyCognito.Asset.locations
      description: List of geographic locations with which an asset might be associated.
      type: Unknown
    - contextPath: CyCognito.Asset.open_ports.status
      description: Status of the open ports object associated with the asset.
      type: String
    - contextPath: CyCognito.Asset.open_ports.port
      description: Port of the open ports object associated with the asset.
      type: Number
    - contextPath: CyCognito.Asset.open_ports.protocol
      description: Protocol associated with the asset.
      type: String
    - contextPath: CyCognito.Asset.organizations
      description: List of organizations associated with the asset.
      type: Unknown
    - contextPath: CyCognito.Asset.status
      description: Last status of the asset.
      type: String
    - contextPath: CyCognito.Asset.security_grade
      description: Security rating of the asset based on the number and severity of
        the associated issues.
      type: String
    - contextPath: CyCognito.Asset.severe_issues
      description: The number of severe issues associated with the asset.
      type: Number
    - contextPath: CyCognito.Asset.signature_algorithm
      description: Signature algorithm associated with the asset.
      type: String
    - contextPath: CyCognito.Asset.sub_domains
      description: List of subdomains associated with the asset.
      type: Unknown
    - contextPath: CyCognito.Asset.subject_alt_names
      description: List of alternate subject names.
      type: Unknown
    - contextPath: CyCognito.Asset.subject_common_name
      description: Common name of the subject.
      type: String
    - contextPath: CyCognito.Asset.subject_country
      description: Subject's country.
      type: String
    - contextPath: CyCognito.Asset.subject_locality
      description: Locality of the subject.
      type: String
    - contextPath: CyCognito.Asset.subject_organization
      description: Subject's organization.
      type: String
    - contextPath: CyCognito.Asset.subject_organization_unit
      description: The organization unit of the subject.
      type: String
    - contextPath: CyCognito.Asset.subject_state
      description: State of the subject.
      type: String
    - contextPath: CyCognito.Asset.tags
      description: List of tags associated with the asset.
      type: Unknown
    - contextPath: CyCognito.Asset.dynamically_resolved
      description: Whether the asset has a rotating IP address.
      type: String
    - contextPath: CyCognito.Asset.discoverability
      description: Quantifies an asset's level of exposure.
      type: String
  dockerimage: demisto/pycountry:1.0.0.54603
  feed: false
  isfetch: true
  isremotesyncin: true
  isremotesyncout: true
  longRunning: false
  longRunningPort: false
  runonce: false
  script: '-'
  subtype: python3
  type: python
tests:
- CyCognito-Test
defaultmapperin: CyCognito - Incoming Mapper
marketplaces:
- xsoar
- marketplacev2
fromversion: 6.2.0