TwinWave

Cyware Orchestrate

TwinWave

App Vendor: TwinWave
App Category: Data Enrichment & Threat Intelligence
Connector Version: 1.0.0
API version: 1.1.0

About App

The TwinWave app allows security teams to integrate with the TwinWave enterprise application to submit Resources, URLs or files for analysis and retrieve detailed results.

The TwinWave app in the Orchestrate application can perform the below listed actions:

Action Name	Description
Get Jobs by user	This action can be used to retrieve recent Jobs by specific user.
Get shared Jobs	This action can be used to retrieve shared Jobs.
Get Jobs by user with exact filename	This action can be used to retrieve Jobs and matching Resources by user with an exactly matching filename.
Get Jobs with matching tags	This action can be used to retrieve Jobs with matching tags.
Get a list of recent Jobs	This action can be used to retrieve a list of recent Jobs.
Submit a file for scanning	This action can be used to submit a new file for scanning.
Submit a URL for scanning	This action can be used to submit a new URL for scanning.
Re-submit Job for scanning	This action can be used to re-submit a Job for scanning.
Get Job summary	This action can be used to retrieve the summary of a Job.
Get a Job's Normalized Forensics	This action can be used to return the consolidated forensics generated across all Resources and all Engines during the analysis.
Get a task's Normalized Forensics	This action can be used to return the forensics associated with a specific Resource and Engine analysis run.
Get a task's Raw Forensics	This action can be used to retrieve a task's Raw Forensics.
Download submitted Resources	This action can be used to download a password-protected Zip archive of the Resource.
Get temporary Artifact URL	This action can be used to return URL field containing a link to a signed URL for the desired Artifact.
Get a list of all Engines	This action can be used to retrieve all available Engines.
Get a list of recent Jobs	This action can be used to retrieve a list of recent Jobs.

Prerequisites

All the actions configured in the TwinWave app relate to private APIs. TwinWave Enterprise subscription is required to access private APIs.

Configuration parameters

The following configuration parameters are required for the TwinWave app to communicate with TwinWave enterprise application. The parameters can be configured by creating instances in the app.

Parameter	Description	Field Type	Required / Optional	Comments
API key	Enter the API key.	Password	Required

Action: Get Jobs by user

This action can be used to retrieve recent Jobs by specific user.

Input Parameters

Parameter	Description	Field Type	Required / Optional	Comments
Username	Enter the name of the user. For example, “Anna”.	Text	Required
Additional parameters	Enter additional parameters in the form of key-value pairs to filter Jobs.	Key Value	Optional

Example Request

[
        {
                “user_name“: “Anna“
        }
]

Action: Get Shared Jobs

This action can be used to retrieve shared Jobs.

Input Parameters

Parameter	Description	Field Type	Required / Optional	Comments
Additional parameters	Enter additional parameters int he form of key-value pairs to filter Shared Jobs.	Key Value	Optional

Action: Get Jobs by user with exact filename

This action can be used to retrieve Jobs and matching Resources by user with a matching filename.

Input Parameters

Parameter	Description	Field Type	Required / Optional
Username	Enter the username. For example, “John”.	Text	Required
File name	Enter the file name. For example, “File analysis”.	Text	Required
Additional parameters	Enter additional parameters in the form of key-value pairs to filter Jobs.	Key Value	Optional

Example Request

[
        {
                “user_name”: “John“,
                “file_name”: “File analysis”
        }
]

Action: Get Jobs with matching tags

This action can be used to retrieve Jobs with matching tags.

Input Parameters

Parameter	Description	Field Type	Required / Optional	Comments
Tag	Enter the tag. For example, “630”.	Text	Required
Additional parameters	Enter additional parameters in the form of key-value pairs to filter results.	Key Value	Optional

Example Request

[
        {
                “tag”: “630“
        }
]

Action: Get a list of recent Jobs

This action can be used to retrieve a list of recent Jobs.

Input Parameters

Parameter	Description	Field Type	Required / Optional	Comments
Additional parameters	Enter additional parameters in the form of key-value pairs to filter results.	Key Value	Optional

Action: Submit a file for scanning

This action can be used to submit a new file for scanning.

Input Parameters

Parameter	Description	Field Type	Required / Optional	Comments
File name	Enter the file name. For example, “File analysis”.	Text	Required
File path	Enter the file path.	Text	Required
Priority	Enter the priority of the Job. For example, 5.	Integer	Optional	Values must be between 1 and 255. By default, the priority is set as 10.
Engines	Enter the list of engines associated with TwinWave Malware pipeline. For example, ["URL Reputation", "Static File Analysis", "TwinWave Cuckoo"].	Any	Optional
Additional parameters	Enter additional parameters in the form of key-value pairs to filter results.	Key Value	Optional

Example Request

[
        {
                “file_name”: “File analysis“, 
                “priority“: 5,
                “engines“: “Static File Analysis“
        }
]

Action: Submit a URL for scanning

This action can be used to submit a new URL for scanning.

Input Parameters

Parameter	Description	Field Type	Required / Optional	Comments
Target URL	Enter the target URL. For example, “http[s]://cyware.com”.	Text	Required
Priority	Enter the priority of the Job. For example, 5.	Integer	Optional	Values must be between 1 and 255. By default, the priority is set as 10.
Engines	Enter the list of engines associated with TwinWave Malware pipeline. For example, ["URL Reputation", "Static File Analysis", "TwinWave Cuckoo"]	Any	Optional
Additional parameters	Enter additional parameters in the form of key-value pairs to filter results.	Key Value	Optional

Example Request

[
        {
                “target_url”: “http[s]://cyware.com“,
                “priority“: 5,
                “engines“: “Static File Analysis“
        }
]

Action: Re-submit Job for scanning

This action can be used to re-submit a Job for scanning.

Input Parameters

Parameter	Description	Field Type	Required / Optional	Comments
Job ID	Enter the Job ID.	Text	Required

Action: Get Job summary

This action can be used to retrieve the summary of a Job.

Input Parameters

Parameter	Description	Field Type	Required / Optional	Comments
Job ID	Enter the Job ID.	Text	Required

Action: Get a Job's Normalized Forensics

This action can be used to return the consolidated forensics generated across all Resources and all Engines during the analysis.

Input Parameters

Parameter	Description	Field Type	Required / Optional	Comments
Job ID	Enter the Job ID.	Text	Required

Action: Get a task's Normalized Forensics

This action can be used to return the forensics associated with a specific Resource and Engine analysis run.

Input Parameters

Parameter	Description	Field Type	Required / Optional	Comments
Job ID	Enter the Job ID.	Text	Required
Task ID	Enter the Task ID.	Text	Required

Action: Get a task's Raw Forensics

This action can be used to retrieve a task's Raw Forensics.

Input Parameters

Parameter	Description	Field Type	Required / Optional	Comments
Job ID	Enter the Job ID.	Text	Required
Task ID	Enter the Task ID.	Text	Required

Action: Download submitted Resources

This action can be used to download a password-protected Zip archive of the Resource.

Input Parameters

Parameter	Description	Field Type	Required / Optional
Job ID	Enter the Job ID.	Text	Required
sha256	Enter the SHA256 hash value.	Text	Required
File name	Enter the file name. For example, “File analysis”.	Text	Required

Example Request

[
        {
                “file_name“: “File analysis“
        }
]

Action: Get temporary artifact URL

This action can be used to return URL field containing a link to a signed URL for the desired Artifact.

Input Parameters

Parameter	Description	Field Type	Required / Optional	Comments
Path	Enter the path.	Text	Required

Action: Get a list of all Engines

This action can be used to retrieve a list of all available Engines.

Input Parameters

No input parameters are required for this Action.

Action: Get a list of recent Jobs

This action can be used to retrieve a list of recent Jobs.

Input Parameters

Parameter	Description	Field Type	Required / Optional	Comments
Additional parameters	Enter additional parameters in the form of key-value pairs to filter results.	Key Value	Optional

Was this helpful?

Would you like to provide feedback? Just click here to suggest edits.

Cyware Orchestrate

TwinWave

About App

Prerequisites

Configuration parameters

Action: Get Jobs by user

Input Parameters

Example Request

Action: Get Shared Jobs

Input Parameters

Action: Get Jobs by user with exact filename

Input Parameters

Example Request

Action: Get Jobs with matching tags

Input Parameters

Example Request

Action: Get a list of recent Jobs

Input Parameters

Action: Submit a file for scanning

Input Parameters

Example Request

Action: Submit a URL for scanning

Input Parameters

Example Request

Action: Re-submit Job for scanning

Input Parameters

Action: Get Job summary

Input Parameters

Action: Get a Job's Normalized Forensics

Input Parameters

Action: Get a task's Normalized Forensics

Input Parameters

Action: Get a task's Raw Forensics

Input Parameters

Action: Download submitted Resources

Input Parameters

Example Request

Action: Get temporary artifact URL

Input Parameters

Action: Get a list of all Engines

Input Parameters

Action: Get a list of recent Jobs

Input Parameters

Search results