Skip to main content

Configure the Intel Exchange App

To use the Cyware Intel Exchange integration with Google SecOps SOAR, you must configure both Cyware Intel Exchange and Google SecOps SOAR. This includes generating API credentials in Cyware Intel Exchange and installing and configuring the integration in Google SecOps SOAR.

Ensure that you have access to both platforms before starting the configuration.

Generate API Credentials in Intel Exchange

Before configuring the Cyware Intel Exchange integration in Google SecOps SOAR, generate API credentials in Cyware Intel Exchange. These credentials enable secure authentication between Cyware Intel Exchange and Google SecOps SOAR.

Before you Start

Ensure that you have Create and Update permissions for CTIX Integrators.

Steps

To generate the API credentials, follow these steps:

  1. Sign in to Intel Exchange.

  2. Go to Administration > Integration Management, and select CTIX Integrators under THIRD PARTY DEVELOPERS.

  3. Click Add New and use the following information:

    • Name: Enter a unique name for the API credentials.

    • Description: Enter key details in the description for the API integration.

    • Expiry Date: Select an expiry date for open API keys. To apply an expiration date for the credentials, you can select Expires On and select the date. To ensure the credentials never expire, you can select Never Expire.

  4. Click Add New.

  5. Click Download to download the API credentials in CSV format. You can also click Copy to copy the endpoint URL, secret key, and access ID.

    Important

    It is recommended to download the API credentials since you cannot recover them later.

Configure the Cyware Intel Exchange Integration

To use Cyware Intel Exchange actions in Google SecOps SOAR, you must install and configure the Cyware Intel Exchange integration. This configuration allows Google SecOps SOAR to authenticate with your Cyware Intel Exchange instance and run actions from cases and playbooks.

Before you Start

  • Ensure that you have access to a Google SecOps SOAR instance with an Admin role user.

  • Ensure that you have the Cyware Intel Exchange instance details, which include Base URL, Access ID, and Secret Key.

Install Cyware Intel Exchange

Install the Cyware Intel Exchange integration from the Content Hub in Google SecOps SOAR to begin configuring the integration.

Steps

To install the Cyware Intel Exchange integration, follow these steps:

  1. Log in to the Google SecOps SOAR platform.

  2. In the sidebar, click Content Hub.

    image28.png

  3. Select the Response Integrations and search for CywareIntelExchange.

    image38.png

  4. Click Install. After installing, proceed to configure the integration.

Configure Cyware Intel Exchange in Google SecOps SOAR

After installing the integration, configure it to allow Google SecOps SOAR to authenticate with your Cyware Intel Exchange instance and use the integration actions in cases and playbooks.

Steps

To configure the Cyware Intel Exchange integration, follow these steps:

  1. In Google SecOps SOAR, from the sidebar, go to Response > Integrations Setup.

    image21.png

  2. Select the environment in which you want to configure the integration. The integration actions are available to playbooks and cases within the environment where the integration is configured.

  3. Click the + button to add a new integration instance.

  4. Search for and select CywareIntelExchange, and click Save to create the integration instance.

  5. In the configuration panel, enter the required parameters using the following information:

    • Access ID: Enter the access ID generated in Cyware Intel Exchange.

    • Base URL: Enter the base URL of your Cyware Intel Exchange instance. This URL corresponds to the endpoint of your Intel Exchange platform.

    • Secret Key: Enter the secret key associated with the access ID.

      Note

      While updating credentials, clear the entire Secret Key field before entering the updated value.

    • Verify SSL: Select the checkbox to verify the SSL certificate when Google SecOps SOAR connects to the Cyware Intel Exchange endpoint. By default, this is selected.

  6. Click Save to store the configuration parameters. Saving the configuration allows Google SecOps SOAR to authenticate with the Cyware Intel Exchange APIs used by the integration.

  7. Click Test to validate the configuration. A green check mark indicates that the connection is successful. A cross mark indicates that the configuration failed. Click the cross icon to view the error details.

    Note

    After modifying any configuration parameters, you must save the changes before testing the connection again.

After the configuration is validated, you can use the Cyware Intel Exchange integration actions in Google SecOps SOAR cases and playbooks.