Stellar Cyber

Cyware Orchestrate

Stellar Cyber

App Vendor: Stellar Cyber

App Category: IT Services

Connector Version: 1.0.0

API Version: 1.0.0

About App

The Stellar Cyber app allows you to manage and ingest data from Stellar Cyber.

The Stellar Cyber app is configured with Orchestrate to perform the following actions:

Action Name	Description
Fetch Incidents	This action retrieves incidents.
Get Event Detail	This action retrieves the details of an event.
Get Incident Details	This action retrieves the details of an incident.
Perform Search Query	This action performs a search operation on a query.
Update Event	This action updates an event.

Configuration Parameters

The following configuration parameters are required for the Stellar Cyber app to communicate with the Stellar Cyber enterprise application. The parameters can be configured by creating instances in the app.

Parameter	Description	Field Type	Required/Optional	Comments
Base URL	Enter the base URL of a Stellar Cyber instance.	Text	Required
Username	Enter the username to connect to the Stellar Cyber instance.	Text	Required
API Key	Enter the API key to connect to the Stellar Cyber instance.	Password	Required
SSL Verify	Choose to verify SSL certificates when connecting to the server.	Boolean	Optional	Default value: true Allowed values: true false

Action: Fetch Incidents

This action retrieves incidents.

Action Input Parameters

Parameter	Description	Field Type	Required/Optional	Comments
Limit	Enter the number of incidents to retrieve. Example: 100	Integer	Required	Default value: 1000 The maximum recommended value for the limit parameter is 1000.
Additional Parameters	Enter the additional query parameters. Example: $JSON[{"sort": "incident_score", "order": "desc"}]	Any	Optional

Parameter

Description

Field Type

Required/Optional

Comments

Limit

Enter the number of incidents to retrieve.

Example:

100

Integer

Required

Default value:

1000

The maximum recommended value for the limit parameter is 1000.

Additional Parameters

Enter the additional query parameters.

Example:

$JSON[{"sort": "incident_score", "order": "desc"}]

Any

Optional

Example Request

[
    {
        "limit": 100
    }
]

Action: Get Event Detail

This action retrieves the details of an event.

Action Input Parameters

Parameter	Description	Field Type	Required/Optional	Comments
Index	Enter the index where an event is located. Example: "aexxa-ser-166144585xx61"	Text	Required	You can retrieve an index using the action Get Incident Details.
Event ID	Enter the ID of an event to retrieve its details. Example: "2cbxx4ab4unix-hhvkwh16615xx579"	Text	Required

Parameter

Description

Field Type

Required/Optional

Comments

Index

Enter the index where an event is located.

Example:

"aexxa-ser-166144585xx61"

Text

Required

You can retrieve an index using the action Get Incident Details.

Event ID

Enter the ID of an event to retrieve its details.

Example:

"2cbxx4ab4unix-hhvkwh16615xx579"

Text

Required

Example Request

[
    {
        "index": "aexxa-ser-16614xx859561-",
        "event_id": "2CBD04xx4unIX-hHVKwh1661xx7579"
    }
]

Action: Get Incident Details

This action retrieves the details of an incident.

Action Input Parameters

Parameter	Description	Field Type	Required/Optional	Comments
Ticket ID	Enter the ticket ID to retrieve incident details. Example: 623	Integer	Required	You can retrieve a Ticket ID using the action Fetch Incidents.

Parameter

Description

Field Type

Required/Optional

Comments

Ticket ID

Enter the ticket ID to retrieve incident details.

Example:

623

Integer

Required

You can retrieve a Ticket ID using the action Fetch Incidents.

Example Request

[
    {
        "ticket_id": 623
    }
]

Action: Perform Search Query

This action performs a search operation on a query.

Action Input Parameters

Parameter	Description	Field Type	Required/Optional	Comments
Index	Enter the index where an event is located Example: "aella-eventsummary-2020.02.01"	Text	Required	You can retrieve an index using the action Get Incident Details.
Query	Enter the query to perform the search operation. Example: "_mapping"	Text	Required

Parameter

Description

Field Type

Required/Optional

Comments

Index

Enter the index where an event is located

Example:

"aella-eventsummary-2020.02.01"

Text

Required

You can retrieve an index using the action Get Incident Details.

Query

Enter the query to perform the search operation.

Example:

"_mapping"

Text

Required

Example Request

[
    {
        "index": "aella-wineventlog-1661445859636-",
        "query": "_mapping"
    }
]

Action: Update Event

This action updates an event.

Action Input Parameters

Parameter	Description	Field Type	Required/Optional	Comments
Index	Enter the index where an event is located. Example: "aella-ser-1661x45xx9561-"	Text	Required	You can retrieve an index using the action Get Incident Details.
Event ID	Enter the ID of an event that you need to update. Example: "2cbxx4ab4unix-hhvkwh166xx37579"	Text	Required
Status	Enter a new status for the event. Example: "ignored"	Text	Optional	Allowed values: new in progress ignored closed
Comments	Enter the comment for the event. Example: "This event is ignored."	Text	Optional
Tag	Enter a tag that you need to add or delete. Example: "phishing"	Text	Optional
Add Tag	Choose to add or remove a tag. If this parameter is set to true, then the tag is added, otherwise the tag is deleted. Example: false	Boolean	Optional	Default value: true Allowed values: true false If no tag is passed as an input, then this parameter is ignored.

Example Request

[
    {
        "index": "aella-ser-1661xx5859561-",
        "comments": "This update is from a playbook.",
        "event_id": "2CBD04AB4unIX-hHVKwhxx61537579"
    }
]

Was this helpful?

Would you like to provide feedback? Just click here to suggest edits.

Cyware Orchestrate

Stellar Cyber

About App

Configuration Parameters

Action: Fetch Incidents

Action: Get Event Detail

Action: Get Incident Details

Action: Perform Search Query

Action: Update Event

Search results