Skip to main content

Cyware Situational Awareness Platform

Share Alerts with Third-party Applications

Collaborate enables you to share alerts to third-party applications. This enables seamless integration and efficient sharing of threat advisories.

Steps

To share an alert with third-party applications:

  1. Follow the usual steps to create an alert. For more information, see Create Alerts.

  2. In the Finish section, select the checkbox for the required third-party application in Post the alert to other applications.

JSON Payload

When you integrate Collaborate with threat intelligence platforms (TIPs) such as Intel Exchange, you can utilize the following JSON payload structure for further analysis. Additionally, you can also leverage this payload for webhook-based integrations.

The following JSON payload structure is an example of alert data sent to third-party integrations:

{
  "title": "July 25 Phishing Campaign Alert",
  "description": "Summary: while highlighting interesting and rare techniques that the attackers use. Additional Details: <b>Adversary:</b> ,<br> <b>Malware Families:</b> njRAT - S0385, VjW0rm, Houdini RAT, AsyncRAT, HCrypt,<br> <b>Attack IDs:</b> T1104, T1140, T1547, T1548, T1562, T1059.001,<br> <b>Industries:</b> T1104, T1140, T1547, T1548, T1562, T1059.001",
  "short_id": "887703b3",
  "intel_media": [
    {"media_file": "https://yourdomain.cywarestg.com/webapp/user/doc-library/03edfd01-2026-496e-8016-ea2af42e442e"},
    {"media_file": "https://yourdomain.cywarestg.com/webapp/user/doc-library/531f4279-66e9-4f33-97e7-2c0d0c604735"}
  ],
  "tags": ["phishing_alert","financial_sector"],
  "tlp": "AMBER",
  "tlp_v2": "AMBER",
  "indicators": "",
  "indicator_data": {
    "registry_key_path": ["HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Run\\malicious_key, HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Run\\another_malicious_key"],
    "urls": ["http://malicious-site.com/login","http://malicious-site2.com/login"],
    "ips": ["192.168.1.100","192.168.1.101"],
    "ipv6": ["2001:db8::1","2001:db8::2"],
    "emails": ["phishing@example.com","scam@example.com"],
    "domains": ["malicious-site.com","malicious-site2.com"],
    "sha512": ["a6f745008f97d1f2f70b0e2e5a7283e7e0d5e4e6b374dcd0b77c2f5e43d0c8409b6f3f3a9f9e4d8d5f5e8e4f6b7f5d9a", "b6f745008f97d1f2f70b0e2e5a7283e7e0d5e4e6b374dcd0b77c2f5e43d0c8409b6f3f3a9f9e4d8d5f5e8e4f6b7f5d9b"],
    "sha256": ["d6f83a5c0e4e5d7f5f7e8a4e5d8b6d5f3a4e5f7d9b5f7e9a5d8b6d5f3a4e5d6f","e6f83a5c0e4e5d7f5f7e8a4e5d8b6d5f3a4e5f7d9b5f7e9a5d8b6d5f3a4e5d6f"],
    "sha1": ["e5f7d8a6b5c3d2e1f7g5h4i3j2k1l0m9n8o7p6q5r4s3t2u1v0w9x8y7z6a5b4c3","f5f7d8a6b5c3d2e1f7g5h4i3j2k1l0m9n8o7p6q5r4s3t2u1v0w9x8y7z6a5b4c3"],
    "md5": ["1a2b3c4d5e6f7g8h9i0j1k2l3m4n5o6p","2b3c4d5e6f7g8h9i0j1k2l3m4n5o6p7"],
    "sha224": ["2b4c6d8e0a1b2c3d4e5f6g7h8i9j0k1l2m3n4o5p6q7r8s9t0u1v2w3x4y5z6a7b8","3c5d7e9f1a2b3c4d5e6f7g8h9i0j1k2l3m4n5o6p7q8r9s0t1u2v3w4x5y6z7a8b9"],
    "sha384": ["3c5d7e9f1a2b3c4d5e6f7g8h9i0j1k2l3m4n5o6p7q8r9s0t1u2v3w4x5y6z7a8b9","4d6e8f0a1b2c3d4e5f6g7h8i9j0k1l2m3n4o5p6q7r8s9t0u1v2w3x4y5z6a7b8c9"],
    "ssdeeps": ["12288:3f27e3c1e1c2d2c3f4e3a5d3e6f7e4d5e3a4c3a4e3a5d:12288:3e2f3d4c1e2f3e5d3a6f7g8h9i0","12288:3g27e3c1e1c2d2c3f4e3a5d3e6f7e4d5e3a4c3a4e3a5d:12288:3h2f3d4c1e2f3e5d3a6f7g8h9i0"],
    "ipv4_cidr": ["192.168.1.0/24","192.168.2.0/24"],
    "autonomous-system": ["AS12345","AS67890"],
    "file_paths": {"values": ["C:\\Users\\Public\\malware.exe","C:\\Users\\Public\\malicious_file.exe"]}
  },
  "observables": {}
}