Appstore
Yes, Orchestrate supports Webhooks. You can receive data from the third party applications that you use in your organization. For this, you need to create the Webhook configurations and tokens in Orchestrate.
Yes, Orchestrate supports Open API to integrate Orchestrate with third party applications. Using the Open API, you can generate API credentials according to the permissions assigned to you.
Yes, Orchestrate has a comprehensive list of out-of-box of 282+ apps of various categories in its Appstore library, such as:
Analytics & SIEM Authentication
Case/Ticket Management
Configuration Management Database (CMDB)
Cyware Product
Data Enrichment & Threat Intelligence
Data Loss and Prevention
Email Gateway
Endpoint Forensics & Malware Analysis
IT Services
Messaging
Network Security
Vulnerability Management
Yes, you can write your custom apps in an Interactive Development Environment (IDE). As you create a custom app, you need to define the actions and other configurations for the app. Cyware also offers a basic framework to build these custom apps, and you need to provide data for the new actions or parameters.
To build a custom app, you must know to write in Python and also have an understanding on the application's attributes, actions, and other app configurations. In addition, Cyware offers a framework with a basic infrastructure to build the apps. You can sync the data from the python editor onto the UI before saving the app, to ensure a uniform reflection.
It is vital for the decision-makers to focus on the architecture that supports ideal data/event distribution while upholding the key pillars of Cyware recommended architecture. Here are a few best practices to keep in mind before implementing a custom app:
Ingest data properly: It is very important for the App server to get data from the Database and Indexing servers to perform independent tasks. This helps in quick searching of components from the Application, providing accurate and quick results to users about the components, and also make the data ingestion effective.
Optimally distribute data to database and indexing server: Ensure that the app data is distributed rightly to the respective servers so that it can be effectively used for further tasks. Data processed or created in the application is widely used for critical actions such as alerting, blocking, researching, validation, actioning and various orchestration tasks.
Minimize Latency time for processing: Minimal ingest latency is often crucial for monitoring use cases that trigger alerts to staff or incur automated action.
Secure data in transit: If the data is either sensitive or has to be protected while being sent over non-trusted networks, encryption of data may be required to prevent unauthorized third-party interception. Generally, we recommend all connections between architecture to be SSL enabled, and HTTPS connections are mandatory to enable SSL encryption.
Minimize network resource: It is important to minimize the network resource on log data collections as this could cause a direct impact on other business-critical traffic. This will also reduce the total cost of ownership of the deployment architecture.
Authenticate/authorize data sources: Implement connection authorization/authentication in order to prevent rogue data sources from affecting your data and indexing environment. This is done by using network controls, or by employing application-level mechanisms (For example: SSL/TLS).
Yes, the apps developed in Orchestrate 2.x version can be imported from the 2.x to 3.x. For more information on the import process, see Import Apps.