App Vendor: CybelAngel
App Category: Incident Management
Connector Version: 1.3.0
API Version: 1.0
Note
This app is currently released as a beta version
CybelAngel is a data risk protection platform that can monitor for external threats across every layer of the web.
The CybelAngel app is configured with the Orchestrate application to perform the following actions:
Action Name | Description |
---|---|
Create Remediation Request | This action creates a remediation request IN CybelAngel. |
Get Assets from Reports | This action downloads a static file, given its type and name. It’s used to retrieve screenshots, attachments and more. |
Get Credential Watchlist | This action retrieves the list of monitored credentials based on the specified filters. |
Get Domain Watchlist | This action returns a list of monitored domains in descending order. |
Get Incident Reports | This action retrieves a list of reports between the specified dates. |
Get Incident Report Attachments | This action retrieves attachments for the given report ID. |
Get Incident Report Comments | This action retrieves a list of comments on a specific report. |
Get Incident Report Detail | This action retrieves a detailed report for the given instance. |
Get Report | This action gets a list of reports in the specified range. The reports are returned in ascending order by date. |
Update Incident Report | This action updates the status of a specific report identified by the report ID. |
Generic Action | This is a generic action to perform any additional use case that you want on CybelAngel by making a request to any endpoint. |
The following configuration parameters are required for the Cybel Angel app to communicate with the CybelAngel enterprise application. The parameters can be configured by creating instances in the app.
Parameter | Description | Field Type | Required/Optional | Comments |
---|---|---|---|---|
Client ID | Enter the client ID. | Text | Required |
|
Client Secret | Enter the client secret. | Password | Required |
|
Verify | Choose to perform or skip the SSL certificate verification. | Boolean | Optional | Allowed values:
Default value: False |
Timeout | Enter the timeout value in seconds. This is the number of seconds that requests will wait to establish a connection with the CybelAngel app. | Integer | Optional | Available range: 15-120 seconds Default value: 15 seconds |
This action creates a remediation request.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
---|---|---|---|---|
Report ID | Enter the report ID. Example: "vb1419b4-f1c8-445b-84aa-40ad02e3ae9b" | Text | Required | This parameter can be retrieved using the Get Incident Reports action. |
Example Request
[
{
"report_id": "vb1419b4-f1c8-445b-84aa-40ad02e3ae9b"
}
]
This action downloads a static file, given its type and name. It’s used to retrieve screenshots, attachments, and more.
Parameter | Description | Field Type | Required/Optional | Comments |
---|---|---|---|---|
Asset Type | Enter the asset type. Example: domain | Text | Required | |
Asset Name | Enter the asset name. Example: shop.exampledomain.com | Text | Required |
This action returns the list of monitored credentials matching the specified filters.
Parameter | Description | Field Type | Required/Optional | Comments |
---|---|---|---|---|
Filters | Specify filters to narrow the response. You can specify filters such as sort_by, email, end, limit, order, skip, start, and status. Example: limit: 10 | Key value | Optional | Allowed values:
|
This action returns the list of the monitored domains (domain watchlist) in descending order.
Parameter | Description | Field Type | Required/Optional | Comments |
---|---|---|---|---|
Filters | Specify filters to narrow down the response. You can use filters such as limit, max-date, min-date, query, skip, and status. Example: {'limit':10}. | Key value | Optional | Allowed values:
|
This action retrieves a list of reports between the specified dates.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
---|---|---|---|---|
Start Date | Enter the start date. Example: "2009-06-18t13:45:30" | Text | Required | |
End Date | Enter the end date. Example: "2021-10-15t13:45:30" | Text | Required |
Example Request
[
{
"start_date": "2009-06-18t13:45:30",
"end_date": "2021-10-15t13:45:30"
}
]
This action retrieves attachments for the given report ID.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
---|---|---|---|---|
Report ID | Enter the report ID to retrieve the attachments. Example: "vb1419b4-f1c8-445b-84aa-40ad02e3ae9b" | Text | Required | This parameter can be retrieved using the Get Incident Reports action. |
Attachment ID | Enter the attachment ID. Example: "bd419b4-f1c8-445b-f4aa-40ad02e3ae9b" | Text | Required | This parameter can be retrieved using the Get Incident Reports action. |
Example Request
[
{
"report_id": "vb1419b4-f1c8-445b-84aa-40ad02e3ae9b"
"attachment_id": "b1419b4-f1c8-445b-84aa-40ad02e3ae9b"
}
]
This action retrieves a list of comments on a specific report.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
---|---|---|---|---|
Report ID | Enter the report ID to retrieve comments for the report. Example: "vb1419b4-f1c8-445b-84aa-40ad02e3ae9b" | Text | Required | This parameter can be retrieved using the Get Incident Reports action. |
Example Request
[
{
"report_id": "vb1419b4-f1c8-445b-84aa-40ad02e3ae9b"
}
]
This action retrieves a detailed report for the given instance.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
---|---|---|---|---|
Report ID | Enter the report ID. Example: "vb1419b4-f1c8-445b-84aa-40ad02e3ae9b" | Text | Required | This parameter can be retrieved using the Get Incident Reports action. |
Example Request
[
{
"report_id": "vb1419b4-f1c8-445b-84aa-40ad02e3ae9b"
}
]
This action gets a list of reports in the specified range. The reports are returned in ascending order by date.
Parameter | Description | Field Type | Required/Optional | Comments |
---|---|---|---|---|
Start Date | Filter the reports that have been sent before this date. Example: 2021-10-15T13:45:30 | Text | Required | |
End Date | Filter the reports that have been sent after this date. Example: 2009-06-18T13:45:30 | Text | Required |
This action updates status of a specific report identified by the report ID.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
---|---|---|---|---|
Report ID | Enter the report ID. Example: "vb1419b4-f1c8-445b-84aa-40ad02e3ae9b" | Text | Required | This parameter can be retrieved using the Get Incident Reports action. |
Status | Enter the status for report. Example: "open" | Text | Required | Allowed values:
|
Example Request
[
{
"report_id": "vb1419b4-f1c8-445b-84aa-40ad02e3ae9b",
"status": "open"
}
]
This is a generic action to perform any additional use case that you want on Cybel Angel by making a request to any endpoint.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
---|---|---|---|---|
Method | Enter the HTTP method to make. | Text | Required |
|
Endpoint | Enter the endpoint to make the request. Example: /api/vulnerabilities/{cve_id}/affected-projects | Text | Required |
|
Query Params | Enter the query parameters to pass to the API. | Key_value | Optional |
|
Payload | Enter the payload to pass to the API. | Any | Optional |
|
Extra Fields | Enter the extra fields to pass to the API. | Key_value | Optional |
|