Skip to main content

Cyware Orchestrate

Pass Static Data

You can pass static data such as an Indicator of Compromise (IOC) type and IOC value to a Playbook node to execute the Playbook workflow successfully.

To pass static data in Playbook:

  1. Click Manage Playbooks to open the Playbook canvas.

  2. Drag and drop an action node to add to the Playbook workflow. Connect the added node with the start node. For more information on creating a Playbook, see Create Playbook

  3. Navigate to a required Playbook node and click Setup Input Data to pass static data for the node execution.

    Example: If you need to search an indicator in CTIX, then you can drag and drop CTIX-Indicator Search app- action and in the Setup Input Data, you can enter IOC Type as domain and IOC Value as mail.xxx-download.com

    Pass_Static_Data_xx.png

  4. Complete the required Playbook configurations and click Save and Run.

    The following code snippet displays the node execution details of Action: CTIX - Indicator Search.

    {
  "enriched_iocs": {
    "mail.naver-download.com": {
      "blocked": false,
      "ctix_id": "indicator--3ffxx581-9ab2-4xxb-9426-c1d8xxc21a9",
      "ioc_type": "domain",
      "ioc_value": "mail.xxxx-download.com",
      "ioc_exists": "Present",
      "whitelisted": false,
      "alexa_ranking": "No Result Found",
      "block_details": {
        "message": "Invalid indicator type received. Crowdstrike only supports following types",
        "success": "False",
        "source_id": "d4530f6fa1a00deb30926xx0de2906fd321baf4c790c8xxxx71bc8e4ea6c905",
        "action_date": "2022-xx-14T06",
        "action_requested": "block on crowdstrike",
        "source_of_request": "CFTR"
      },
      "confidence_score": 100,
      "bluecoat_category": "No Result Found",
      "related_vulnerabilities": [
        {
          "name2": "CVE-2018-16xx8"
        }
      ]
    }
  },
  "run_result_id": "0a352c60-xxff-4a95-8796-a903bxxx634"
}