Contact sales
Details

This atomic belongs to the Cisco XDR: Investigate atomic group.

Uses the Cisco XDR API to get verdicts for a single observable. Note that if the observable has multiple verdicts, the following priorities are used: clean, malicious, suspicious, unknown. As in, if an observable has one verdict that's suspicious and one that's clean, this atomic will return clean

Target: Platform APIs

Steps:
[] Generate the observable JSON
[] Request verdict information from Cisco XDR
[] Check if the request was successful:
[]> If it was, extract the dispositions and determine which final disposition to return
[]> If it wasn't, return an error

More information about this API: https://developer.cisco.com/docs/cisco-xdr/get-observable-verdicts/

About
Authorship
Cisco Managed