Skip to main content

Cyware Fusion and Threat Response

Integrate CTIX

Cyware Threat Intelligence Platform (CTIX) is a smart, client-server threat intelligence platform (TIP) for ingestion, enrichment, analysis, and bi-directional sharing of threat data within your trusted network. By integrating CTIX with CFTR, you can gain access to the real-time and enriched threat data of CTIX on CFTR for better threat response.

Before you Start

To integrate CTIX with CFTR, ensure that:

  • You have Create/Update permission to Configurations.

  • You have the CTIX API credentials.

Steps

  1. Generate CTIX API Credentials

  2. Configure CTIX API Credentials in CFTR

  3. Map Data Fields

  4. Update Data Fields Mapping

Generate CTIX API Credentials

To generate CTIX API credentials, you must have Update Tool Integrations permission. To generate CTIX API credentials, do the following:

  1. Sign in to CTIX.

  2. Go to Administration > Integration Management > Third Party Developers > CTIX Integrators.

  3. Click Add New at the top-right corner.

  4. Enter the following details:

    • Name: Enter a name for the API integration.

    • Description: Enter a description.

    • Expire Date: Specify when the integration expires.

    • Associated User: Select a user to associate with the API credentials.

      Note

      The API credentials have the same permissions as the associated bot user. Ensure that you select a user who has admin-level permissions in CTIX.

  5. Click Generate.

Ensure that you download the API credentials as you cannot retrieve the credentials later. Click Download Keys to download the credentials in .csv format.

Configure CTIX API Credentials in CFTR

To configure the CTIX API credentials in CFTR, do the following

  1. Go to Admin Panel > Configurations > Integrations > CTIX.

  2. Click Edit and enable CTIX.

  3. Enter the CTIX API credentials.

  4. Click Save.

To verify the integration, click Test Connection.

Map Data Fields

After integrating CTIX with CFTR, you can map the CTIX threat data objects with the CFTR indicator types. Mapping of the data fields enables CFTR to identify the CTIX threat data objects and connect them to incidents under the appropriate indicator type in Threat Intel.

To map threat data, do the following:

  1. Go to Admin Panel > Configurations > Integrations > CTIX.

  2. On Map Data Fields, click Edit.

  3. Click Add Indicator.

  4. Under CFTR Threat Intel, select a threat intel type.

  5. Under CTIX Objects, select a corresponding object type.

  6. Click Save.

Update Data Fields Mapping

After mapping the CFTR and CTIX data fields, you can update or delete the mappings.

Note

You cannot update or delete a mapping if the CTIX objects of the mapping are already linked to an incident.

To update or delete the mappings, do the following:

  1. Go to Admin Panel > Configurations > Integrations > CTIX.

  2. On Map Data Fields, click Edit.

  3. To update a mapping, on a mapping, select the appropriate Threat Intel or CTIX Object.

  4. To delete a mapping, on a mapping, click Delete.

  5. Click Save.