CybelAngel
App Vendor: CybelAngel
App Category: Incident Management
Connector Version: 1.3.0
API Version: 1.0
Note
This app is currently released as a beta version
About App
CybelAngel is a data risk protection platform that can monitor for external threats across every layer of the web.
The CybelAngel app is configured with the Orchestrate application to perform the following actions:
Action Name | Description |
|---|---|
Create Remediation Request | This action creates a remediation request IN CybelAngel. |
Get Assets from Reports | This action downloads a static file, given its type and name. It’s used to retrieve screenshots, attachments and more. |
Get Credential Watchlist | This action retrieves the list of monitored credentials based on the specified filters. |
Get Domain Watchlist | This action returns a list of monitored domains in descending order. |
Get Incident Reports | This action retrieves a list of reports between the specified dates. |
Get Incident Report Attachments | This action retrieves attachments for the given report ID. |
Get Incident Report Comments | This action retrieves a list of comments on a specific report. |
Get Incident Report Detail | This action retrieves a detailed report for the given instance. |
Get Report | This action gets a list of reports in the specified range. The reports are returned in ascending order by date. |
Update Incident Report | This action updates the status of a specific report identified by the report ID. |
Generic Action | This is a generic action to perform any additional use case that you want on CybelAngel by making a request to any endpoint. |
Configuration Parameters
The following configuration parameters are required for the Cybel Angel app to communicate with the CybelAngel enterprise application. The parameters can be configured by creating instances in the app.
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Client ID | Enter the client ID. | Text | Required |
|
Client Secret | Enter the client secret. | Password | Required |
|
Verify | Choose to perform or skip the SSL certificate verification. | Boolean | Optional | Allowed values:
Default value: False |
Timeout | Enter the timeout value in seconds. This is the number of seconds that requests will wait to establish a connection with the CybelAngel app. | Integer | Optional | Available range: 15-120 seconds Default value: 15 seconds |
Action: Create Remediation Request
This action creates a remediation request.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Report ID | Enter the report ID. Example: "vb1419b4-f1c8-445b-84aa-40ad02e3ae9b" | Text | Required | This parameter can be retrieved using the Get Incident Reports action. |
Example Request
[
{
"report_id": "vb1419b4-f1c8-445b-84aa-40ad02e3ae9b"
}
]Action: Get Assets from Reports
This action downloads a static file, given its type and name. It’s used to retrieve screenshots, attachments, and more.
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Asset Type | Enter the asset type. Example: domain | Text | Required | |
Asset Name | Enter the asset name. Example: shop.exampledomain.com | Text | Required |
Action: Get Credential Watchlist
This action returns the list of monitored credentials matching the specified filters.
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Filters | Specify filters to narrow the response. You can specify filters such as sort_by, email, end, limit, order, skip, start, and status. Example: limit: 10 | Key value | Optional | Allowed values:
|
Action: Get Domain Watchlist
This action returns the list of the monitored domains (domain watchlist) in descending order.
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Filters | Specify filters to narrow down the response. You can use filters such as limit, max-date, min-date, query, skip, and status. Example: {'limit':10}. | Key value | Optional | Allowed values:
|
Action: Get Incident Reports
This action retrieves a list of reports between the specified dates.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Start Date | Enter the start date. Example: "2009-06-18t13:45:30" | Text | Required | |
End Date | Enter the end date. Example: "2021-10-15t13:45:30" | Text | Required |
Example Request
[
{
"start_date": "2009-06-18t13:45:30",
"end_date": "2021-10-15t13:45:30"
}
]Action: Get Incident Report Attachments
This action retrieves attachments for the given report ID.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Report ID | Enter the report ID to retrieve the attachments. Example: "vb1419b4-f1c8-445b-84aa-40ad02e3ae9b" | Text | Required | This parameter can be retrieved using the Get Incident Reports action. |
Attachment ID | Enter the attachment ID. Example: "bd419b4-f1c8-445b-f4aa-40ad02e3ae9b" | Text | Required | This parameter can be retrieved using the Get Incident Reports action. |
Example Request
[
{
"report_id": "vb1419b4-f1c8-445b-84aa-40ad02e3ae9b"
"attachment_id": "b1419b4-f1c8-445b-84aa-40ad02e3ae9b"
}
]Action: Get Incident Report Comments
This action retrieves a list of comments on a specific report.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Report ID | Enter the report ID to retrieve comments for the report. Example: "vb1419b4-f1c8-445b-84aa-40ad02e3ae9b" | Text | Required | This parameter can be retrieved using the Get Incident Reports action. |
Example Request
[
{
"report_id": "vb1419b4-f1c8-445b-84aa-40ad02e3ae9b"
}
]Action: Get Incident Report Detail
This action retrieves a detailed report for the given instance.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Report ID | Enter the report ID. Example: "vb1419b4-f1c8-445b-84aa-40ad02e3ae9b" | Text | Required | This parameter can be retrieved using the Get Incident Reports action. |
Example Request
[
{
"report_id": "vb1419b4-f1c8-445b-84aa-40ad02e3ae9b"
}
]Action: Get Report
This action gets a list of reports in the specified range. The reports are returned in ascending order by date.
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Start Date | Filter the reports that have been sent before this date. Example: 2021-10-15T13:45:30 | Text | Required | |
End Date | Filter the reports that have been sent after this date. Example: 2009-06-18T13:45:30 | Text | Required |
Action: Update Incident Report
This action updates status of a specific report identified by the report ID.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Report ID | Enter the report ID. Example: "vb1419b4-f1c8-445b-84aa-40ad02e3ae9b" | Text | Required | This parameter can be retrieved using the Get Incident Reports action. |
Status | Enter the status for report. Example: "open" | Text | Required | Allowed values:
|
Example Request
[
{
"report_id": "vb1419b4-f1c8-445b-84aa-40ad02e3ae9b",
"status": "open"
}
]Action: Generic Action
This is a generic action to perform any additional use case that you want on Cybel Angel by making a request to any endpoint.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Method | Enter the HTTP method to make. | Text | Required |
|
Endpoint | Enter the endpoint to make the request. Example: /api/vulnerabilities/{cve_id}/affected-projects | Text | Required |
|
Query Params | Enter the query parameters to pass to the API. | Key_value | Optional |
|
Payload | Enter the payload to pass to the API. | Any | Optional |
|
Extra Fields | Enter the extra fields to pass to the API. | Key_value | Optional |
|