Skip to main content

Cyware Threat Intelligence eXchange

CyberInt

Connector Category: API Feed Source

About CyberInt

CTIX integrates with Cyberint to provide access to contextual threat intelligence. This empowers you to enhance threat-hunting capabilities, conduct more comprehensive threat research, and effectively assess potential attacks.

Use cases 

  • Identify potential threats at an early stage by leveraging streamlined deep and dark web intel.

  • Provide contextual threat intel to enrich and enhance your security platform, blocklists, threat research, and threat-hunting activities.

Benefits 

  • Enhance threat research and threat-hunting activities by providing in-depth insights and understanding of relevant threats.

  • Polls threat data to ensure the confidentiality and integrity of your organization.

Configure CyberInt as an API Feed Source

Configure Cyberint as an API feed source to receive data feeds from Cyberint.

Before you Start 

  • You must have the View API Feed, View Feed Source, Create Feed Source, and Update Feed Source permissions.

  • You must have the base URL and API key of your CyberInt account.

    Note

    Ensure that the API key includes the permissions to retrieve threat data. If the API key does not have permission to retrieve the threat data feed, then the feed channel is disabled automatically and displays a connection error.

Steps 

To configure Cyberint as an API feed source in CTIX, do the following:

  1. Go to Administration > Integration Management > FEED SOURCES > APIs.

  2. Click Add API Source.

  3. Search and select the Cyberint app.

  4. Click Add Instance.

  5. Enter a unique name to identify the instance. For example, Cyberint_intel.

  6. Enter the base URL of your Cyberint instance. For example, https://sample_url.com/sample_path/.

  7. Enter the API key of your Cyberint account to authenticate communication between the CTIX and Cyberint servers.

  8. Select Verify SSL to verify the SSL certificate and secure the connection between the CTIX and Cyberint servers. By default, Verify SSL is selected.

    Note

    Cyware recommends you select Verify SSL. If you disable this option, CTIX may configure an instance for an expired SSL certificate. This may not establish the connection properly and CTIX will not be able to notify you in case of a broken or improper connection.

  9. Click Save.

You can view and configure CyberInt feed channels to poll feeds. For more information, see API Integrations.

Note

  • It is recommended that you poll for Cyberint feeds at 00:01 hrs once a day to obtain a fresh set of feeds.

  • The minimum polling time you can enter to automatically poll feeds from Cyberint is 1440 minutes (1 day).

CyberInt Feed Channels

CTIX provides multiple channels to poll feeds from CyberInt. The following table lists all the feed channels and the API endpoints used for each feed channel:

Feed Channel 

API Endpoint 

Retrieve Domain Feeds Data

https://{environment}.cyberint.io/ioc/api/v1/feed/daily/?ioc_type=domain 

Retrieve URL Feeds Data

https://{environment}.cyberint.io/ioc/api/v1/feed/daily/?ioc_type=url 

Retrieve SHA256 Hash Feeds Data

https://{environment}.cyberint.io/ioc/api/v1/feed/daily/?ioc_type=file/sha256 

Retrieve IP Feeds Data

https://{environment}.cyberint.io/ioc/api/v1/feed/daily/?ioc_type=ipv4