Integrate CTIX
Cyware Threat Intelligence Platform (CTIX) is a smart, client-server threat intelligence platform (TIP) for ingestion, enrichment, analysis, and bi-directional sharing of threat data within your trusted network. By integrating CTIX with CFTR, you can gain access to the real-time and enriched threat data of CTIX on CFTR for better threat response.
Before you Start
To integrate CTIX with CFTR, ensure that:
You have Create/Update permission to Configurations.
You have the CTIX API credentials.
Steps
Generate CTIX API Credentials
To generate CTIX API credentials, you must have Update Tool Integrations permission. To generate CTIX API credentials, do the following:
Sign in to CTIX.
Go to Administration > Integration Management > Third Party Developers > CTIX Integrators.
Click Add New at the top-right corner.
Enter the following details:
Name: Enter a name for the API integration.
Description: Enter a description.
Expire Date: Specify when the integration expires.
Associated User: Select a user to associate with the API credentials.
Note
The API credentials have the same permissions as the associated bot user. Ensure that you select a user who has admin-level permissions in CTIX.
Click Generate.
Ensure that you download the API credentials as you cannot retrieve the credentials later. Click Download Keys to download the credentials in .csv
format.
Configure CTIX API Credentials in CFTR
To configure the CTIX API credentials in CFTR, do the following
Go to Admin Panel > Configurations > Integrations > CTIX.
Click Edit and enable CTIX.
Enter the CTIX API credentials.
Click Save.
To verify the integration, click Test Connection.
Map Data Fields
After integrating CTIX with CFTR, you can map the CTIX threat data objects with the CFTR indicator types. Mapping of the data fields enables CFTR to identify the CTIX threat data objects and connect them to incidents under the appropriate indicator type in Threat Intel.
To map threat data, do the following:
Go to Admin Panel > Configurations > Integrations > CTIX.
On Map Data Fields, click Edit.
Click Add Indicator.
Under CFTR Threat Intel, select a threat intel type.
Under CTIX Objects, select a corresponding object type.
Click Save.
Update Data Fields Mapping
After mapping the CFTR and CTIX data fields, you can update or delete the mappings.
Note
You cannot update or delete a mapping if the CTIX objects of the mapping are already linked to an incident.
To update or delete the mappings, do the following:
Go to Admin Panel > Configurations > Integrations > CTIX.
On Map Data Fields, click Edit.
To update a mapping, on a mapping, select the appropriate Threat Intel or CTIX Object.
To delete a mapping, on a mapping, click Delete.
Click Save.