Skip to main content

Cyware Threat Intelligence eXchange

Action Taken

The Action Taken tab provides you with details on the particular action performed on the threat data object. Actions can be performed on threat data objects either manually or using rules. You can view the following details about the actions taken on objects:

  • Actions Performed: Shows the statistics on the number of Intel Exchange or third-party actions performed.

  • CTIX Actions: Shows the latest Intel Exchange actions performed using rules or manually, and the timestamp of when the action was performed.

  • 3rd Party Actions: Shows the actions performed by the configured third-party tools with the action name and timestamp.

  • Action Taken Details: Shows the details of the actions performed on the object. The actions performed can be manual using quick actions or automated using rules. The list of actions performed on an object is grouped under the following tabs:

    • CTIX-Specific Actions: Include the actions performed manually using quick actions and the CTIX-specific actions performed using rules, such as Save result Set, Manual Review, Update False Positive, and more. Each row shows the details of an action performed, such as the action name, medium (manual or rule), rule name, user who performed the action, actioned date, and the JSON response of the action.

    • Third-party Actions: Include the actions performed by rules using the actions provided by third-party tools that are configured in Administration > Integration Management > Internal Applications. For more information, see Internal Applications. Each row shows the details of an action performed, such as the action name, the third-party app used, the rule name, the user who performed the action, actioned date, and the action status, such as success, failed, or unknown. For more information about the status codes, see Third-Party Action Status Codes.

      Note

      If the exact cause of failure cannot be determined the action status shows the Unknown status.

Third-Party Action Status Codes

Success Status Codes

The success status indicates that the API request has been executed successfully and the server has fulfilled the request.

Status Code

Message

Description

200

OK

The request succeeded.

201

Created

The request succeeded and a resource was created as a result.

202

Accepted

The request has been received but not yet acted upon.

203

Non-Authoritative Information

The returned metadata is not the same as what is available from the origin server; it is collected from a local or a third-party copy.

204

No Content

There is no content to send for this request, but the headers may be useful.

205

Reset Content

The user agent to reset the document that sent this request.

206

Partial Content

This response code is used when the Range header is sent from the client to request only part of a resource.

207

Multi-Status

Conveys information about multiple resources, for situations where multiple status codes might be appropriate.

208

Already Reported

Used inside a response element to avoid repeatedly enumerating the internal members of multiple bindings to the same collection.

226

IM Used

The server has fulfilled a GET request for the resource, and the response is a representation of the result of one or more instance-manipulations applied to the current instance.

Failed Status Codes

The success status indicates that the API request has failed and the request was not fulfilled. It can be due to Client Errors (4xx) or Server Errors (5xx).

Status Code

Message

Description

Client error responses

400

Bad Request

The server is unable to process the request due to an error on the client's side.

401

Unauthorised

Authentication is required, and either has failed or has not been provided. Check your credentials and try again.

403

Forbidden

Access to the requested resource is forbidden.

404

Not Found

The requested resource could not be found on the server.

405

Method Not Allowed

The requested resource does not support the HTTP method used in the request.

406

Not Acceptable

The requested resource can only generate content that is acceptable according to the Accept headers sent in the request.

Server error responses

500

Internal Server Error

An unexpected condition has occurred while processing the request. Try again later.

502

Bad Gateway

The server acting as a gateway or proxy received an invalid response from the upstream server. Try again later.

503

Service Unavailable

The server is unable to handle the request at this time, possibly due to overload or maintenance. Try again later.

504

Gateway Timeout

The server acting as a gateway or proxy did not receive a timely response from the upstream server. Try again later.