Skip to main content

Cyware Fusion and Threat Response

Integrate Orchestrate

Orchestrate is a universal security orchestration gateway for executing on-demand or event-triggered tasks across deployment environments at machine speeds. By integrating Orchestrate with CFTR, you can:

  • Access Orchestrate playbooks from the CFTR application.

  • Get related playbooks suggestion for incidents.

  • Run playbooks from the CFTR application.

  • Automatically execute playbooks when certain parameters of an incident match the parameters to run a playbook.

Before you Start

Before you integrate Orchestrate with CFTR, ensure that:

  • You have Create/Update permission to Configurations.

  • You have the API authorization credentials of Orchestrate.

Steps

  1. Generate Orchestrate API Authorization Credentials

  2. Configure Orchestrate API Authorization Credentials in CFTR

Generate Orchestrate API Authorization Credentials

To generate the authorization credentials, ensure that you have Create/Update Open APIs permission in Orchestrate.

To generate the API authorization credentials of Orchestrate, do the following:

  1. Sign in to Orchestrate.

  2. Go to Admin Panel > Open API.

  3. On the top-right corner, click New.

  4. Enter the following details:

    • API Title: Enter a title for the API configuration.

    • Expiration Date: Enter an expiration date for the API configuration.

    • Bot User: Select a bot user to associate with the API credentials.

      Note

      The API credentials have the same permissions as the associated bot user. Ensure that you select a bot user who has admin-level permissions in Orchestrate.

    • Status: Select the status of API configuration as Active.

  5. Click Create.

Ensure that you download the API credentials as you cannot retrieve the credentials later. Click Download Keys to download the credentials in .csv format.

Configure Orchestrate API Authorization Credentials in CFTR

To integrate Orchestrate in your CFTR application, do the following:

  1. Go to Admin Panel > Configurations > Integrations > Orchestrate Integration.

  2. Click Edit.

  3. Enter the Orchestrate API credentials.

  4. Click Save.

Enable Role-Based Access Control (RBAC) of Playbooks to restrict users of various user groups from accessing certain Playbooks of Orchestrate. You can configure user groups with the Playbook tags in User Group Management to restrict user access to certain Playbooks. For more information, see Create User Group.

Note

You must create a CFTR instance on Orchestrate to automate tasks in CFTR such as creating incidents, actions, and more. For more information, see Create a CFTR Instance in Orchestrate.