Skip to main content

Cyware Threat Intelligence eXchange

Integrate Collaborate with Intel Exchange

Collaborate acts as a feed source for Intel Exchange. When you integrate Collaborate with Intel Exchange, it ingests the strategic information and refines and enriches it to act on the received threat intel. Additionally, Intel Exchange communicates essential information to Collaborate using rules, which include reports and associated objects. Collaborate analysts can then map this data into an accessible format and distribute it among their subscribers.

Intel Exchange shares intel in reports, and Collaborate comprehends information in the form of alerts. Therefore, Collaborate maps the Intel Exchange report title as the alert title and the report details as the alert description. Ensure that the Intel Exchange report object consists of a title and details to create an alert in Collaborate.

Note

Intel Exchange sends either the latest analyst description or the latest source description to Collaborate, whichever is available in Intel Exchange. When both descriptions are available, the latest analyst description is sent. This description is sent as part of the report details

Before you Start

Ensure that you have the following access and permissions to integrate Collaborate with Intel Exchange:

  • Access to the Collaborate application.

  • View and Update Tool Integration permission in Intel Exchange.

  • View Rule, Create Rule, and View & Update Rule permissions in Intel Exchange.

Steps

  1. Generate API Credentials in CSAP

  2. Activate Collaborate in Intel Exchange

  3. Enable Collaborate Alert

  4. Send an Alert to Collaborate

Activate Collaborate in Intel Exchange

Before you Start

You must have Update Tool Integrations and View Tool Integrations permissions.

Steps

  1. Sign in to Intel Exchange.

  2. Navigate to Administration and open Integration Management.

  3. Select Cyware Products under Tool Integrations.

  4. Select CSAP and click Add Account.

  5. Enter a unique account name to identify the alert type sent to Collaborate.

  6. Enter the endpoint value generated in the Collaborate application in the Base URL. The base URL directly connects with the application server.

  7. Enter the values of the access ID and secret key generated in Collaborate. These values authenticate the connection between the Intel Exchange and Collaborate applications and ensure secure communication is established between them.

  8. Select Verify SSL to verify and secure the connection between the Intel Exchange and Collaborate servers.

    If you disable this option, Intel Exchange may configure an instance for an expired SSL certificate. This may not establish the connection properly and Intel Exchange will not be able to notify you in case of a broken or improper connection. It is recommended to select this option.

  9. Click Save.

Enable Collaborate Alert

Enable the Collaborate account alert to manage the Collaborate account. This alert enables you to send alerts to Collaborate in the form of rules and related objects.

To manage the Collaborate account, do the following:

  1. In Intel Exchange, navigate to Administration and select Integration Management.

  2. Select Cyware Products under Tool Integrations, and select CSAP.

  3. Select the ellipsis on the top right side of the screen, and select Manage.

  4. Click Manage Actions.

  5. Click the arrow and enable the toggle switch to activate the Collaborate account.

  6. Click Save.

Send an Alert to Collaborate

Before you Start

You must have Create Rules, View Rules, and Update Rules permissions.

Steps

To send an alert from Intel Exchange to Collaborate, do the following:

  1. In Intel Exchange, navigate to Main Menu and open Rules under Actions.

  2. Click New Rule.

  3. Enter a unique rule name to identify the alert in Collaborate.

  4. Click Add.

  5. Select a source and collection. You can select multiple sources and collections.

  6. Hover below the source and collection box or expand Conditions under Component on the left side of the screen, and select a condition.

  7. Enter the following fields:

    1. Select Report as an intent type.

    2. Select a rule type based on which the condition is applicable. You can apply a condition on TLP, description, title, or more.

    3. Set the selector, such as equal, greater, or more.

    4. Set a value.

    5. Enable Select Object for Actioning to set an object when you select Report or Note as the Intent Type.

      You can apply multiple conditions by selecting the AND, OR operators.

  8. Hover below the conditions box or expand Actions under Component on the left side of the screen, and select Create CSAP Alert as the action.

  9. Select CSAP as the application and select the Collaborate account.

  10. To send notifications, select mobile, and email notifications.

  11. Select groups to send the notifications about the alert.

  12. Set the status of the alert to draft or published.

  13. Set a category and click Save in the top right corner.