Skip to main content

Cyware Threat Intelligence eXchange

CyberSixgill

Connector Category: API Feed Source

About Integration

Cybersixgill integrates with CTIX to provide security teams with the ability to access, automate, and operationalize the dark feed and Dynamic Vulnerability Exploit (DVE) threat intel coming from Cybersixgill.

Cybersixgill fetches DVE threat intel to enable security teams to track threats from vulnerabilities that may exploit your system. Cybersixgill provides contextual, automated, and preemptive threat intel in the form of malicious indicators of compromise (IOCs), and vulnerabilities.

Use Cases

  • Enable security teams to track undetected and non-remediated threats lurking in your network.

  • Triage and prioritize the vulnerabilities that have a higher chance of being exploited based on the DVE score in the system.

  • Ingests, processes, and analyzes high-fidelity, context-rich dark and deep web threat intelligence to gain visibility and a deeper understanding of attacker intent, exploit availability and trending threat actor campaigns, tactics, techniques, and procedures (TTPs), and more.

Benefits

  • Utilize advanced automation capabilities of CTIX to proactively mitigate threats by feeding Cybersixgill’s intelligence into deployed monitoring, detection, and response security technologies such as SIEM, Firewall, IDS/IPS, SOAR, UEBA, and more.

Configure CyberSixgill as API Feed Source

Configure CyberSixgill as an API feed source in CTIX to fetch dark feeds. CTIX analyses these data feeds for vulnerabilities that may be exploited, analyze attack patterns, and respond to them by blocking them.

Before you Start

  • You must have the client ID and client secret of your CyberSixgill account.

  • You must have View API Feed, View Feed Sources, Create Feed Sources, and Update Feed Sources permissions.

Steps

  1. Navigate to Administration, select Integration Management, and select APIs under FEED SOURCES.

  2. Click Add API Source.

  3. Search for Cybersixgill and click on the app.

  4. Click Add Instance.

  5. Enter a unique name to identify the instance. For example, Prod-Cybersixgill.

  6. Enter the base URL to directly connect to the application's server. For example, https://sitename.com/directoryname/.

  7. Enter the client secret to authenticate your server on the OAuth 2.0 for client APIs.

  8. Enter the client ID to authenticate your application on the server.

  9. Select Verify SSL to verify and secure the connection between the CTIX and CyberSixgill servers.

    If you disable this option, CTIX may configure an instance for an expired SSL certificate. This may not establish the connection properly and CTIX will not be able to notify you in case of a broken or improper connection. It is recommended to select this option.

  10. Click Save.

You can configure multiple instances of this integration by clicking Manage and Add More on the Manage Instance screen.

To successfully configure the integration between CTIX and CyberSixgill, follow the steps mentioned in API Integrations.