BlackBerry Protect
App Vendor: BlackBerry Protect
App Category: Endpoint, Forensics & Malware Analysis
Connector Version: 1.0.1
API Version: 1.0.0
About App
This app provides integration with blackberry protect, an ai-based endpoint security solution that prevents breaches and provides added controls for safeguarding against sophisticated threats. human intervention, cloud connections, signatures, heuristics, and sandboxes are not required.
The BlackBerry Protect app is configured with the Orchestrate application to perform the following actions:
Action Name | Description |
|---|---|
Add Hash to Global List | This action can be used to add a sha256 hash to the global list in the CylancePROTECT application. |
Get Device Details | This action can be used to get the details of a particular device from the CylancePROTECT application. |
Get List of Device Threats | This action can be used to get a list of threats in a particular device from the CylancePROTECT application. |
Get List of Device Zones | This action can be used to get a list of zones from the CylancePROTECT application. |
Get List of Devices | This action can be used to get a list of devices from the CylancePROTECT application. |
Get List of Global Lists | This action can be used to get a list of global lists from the CylancePROTECT application. |
Get List of Policies | This action can be used to get a list of policies from the CylancePROTECT application. |
Get List of Threat Devices | This action can be used to get a list of devices in particular threats from the CylancePROTECT application. |
Get List of Threats | This action can be used to get a list of threats from the CylancePROTECT application. |
Get List of Users | This action can be used to get a list of users from the CylancePROTECT application. |
Get List of Zones | This action can be used to get a list of zones from the CylancePROTECT application. |
Get Policy Details | This action can be used to get the details of a particular policy from the CylancePROTECT application. |
Get Threat Details | This action can be used to get the details of a particular threat from the CylancePROTECT application. |
Get User Details | This action can be used to get the details of a particular user from the CylancePROTECT application. |
Get Zone Details | This action can be used to get the details of a particular zone from the CylancePROTECT application. |
Remove Hash from Global List | This action can be used to remove a sha256 hash from a global list in the CylancePROTECT application. |
Configuration Parameters
The following configuration parameters are required for the BlackBerry Protect connector app to communicate with the BlackBerry Protect enterprise application. The parameters can be configured by creating instances in the connector app.
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Base URL | Input the base url. ex: https://protectapi{-regioncode}.cylance.com | Text | Required | |
Tenant ID | Input the tenant id. | Text | Required | |
Application ID | Input the application id. | Text | Required | |
Application Secret | Input the application secret. | Password | Required |
Action: Add Hash to Global List
This action can be used to add a sha256 hash to the global list in the cylanceprotect application.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Sha256 hash | Input the sha256 hash. | Text | Required |
|
List type | Input the list type; supported values: - globalquarantine - globalsafe. | Text | Required |
|
Reason | Input the reason. | Text | Required |
|
Category | Input the category; - this field is required only if the list_type value is globalsafe - support: admin tool, commercial software, drivers, internal application, operating system, security software, none. | Text | Optional |
|
Action: Get Device Details
This action can be used to get the details of particular device from the CylancePROTECT application.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Device id | Input the device id. | Text | Required |
|
Action: Get List of Device Threats
This action can be used to get a list of threats in particular device from the CylancePROTECT application.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Device id | Input the device id. | Text | Required |
|
page number | Input the page number (default:0). | Integer | Optional |
|
Page size | Input the page size (default:10, 1-200). | Integer | Optional |
|
Action: Get List of Device Zones
This action can be used to get a list of zones from the CylancePROTECT application.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Device id | Input the device id. | Text | Required |
|
Page number | Input the page number (default:0). | Integer | Optional |
|
Page size | Input the page size (default:10, 1-200). | Integer | Optional |
|
Action: Get List of Devices
This action can be used to get a list of devices from the CylancePROTECT application.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Page number | Input the page number (default:0). | Integer | Optional |
|
Page size | Input the page size (default:10, 1-200). | Integer | Optional |
|
Action: Get List of Global Lists
This action can be used to get a list of global lists from the CylancePROTECT application.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Page number | Input the page number (default:0). | Integer | Optional |
|
Page size | Input the page number (default:10, 1-200). | Integer | Optional |
|
List type id | Input the list type id; supported values: 0 (global quarantine, 1 global safe) | Integer | Optional |
|
Action: Get List of Policies
This action can be used to get a list of policies from the CylancePROTECT application.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Page number | Input the page number (default:0). | Integer | Optional |
|
Page size | Input the page size (default:10, 1-200). | Integer | Optional |
|
Action: Get List of Threat Devices
This action can be used to get a list of devices in particular threat from the CylancePROTECT application.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Sha256 hash | Input the threat sha256 hash. | Text | Required |
|
Page number | Input the page number (default:0). | Integer | Optional |
|
Page size | Input the page size (default:10, 1-200). | Integer | Optional |
|
Action: Get List of Threats
This action can be used to get a list of threats from the CylancePROTECT application.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Page number | Input the page number (default:0). | Integer | Optional |
|
Page size | Input the page size (default:10, 1-200). | Integer | Optional |
|
Action: Get List of Users
This action can be used to get a list of users from the CylancePROTECT application.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Page number | Input the page number (default:0). | Integer | Optional |
|
Page size | Input the page size (default:10, 1-200). | Integer | Optional |
|
Action: Get List of Zones
This action can be used to get a list of zones from the CylancePROTECT application.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Page number | Input the page number (default:0). | Integer | Optional |
|
Page size | Input the page size (default:10, 1-200). | Integer | Optional |
|
Action: Get Policy Details
This action can be used to get the details of particular policy from the CylancePROTECT application.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Policy id | Input the policy id. | Text | Required |
|
Action: Get Threat Details
This action can be used to get the details of particular threat from the CylancePROTECT application.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Sha256 hash | Input the threat sha256 hash. | Text | Required |
|
Action: Get User Details
This action can be used to get the details of particular user from the cylanceprotect application.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
User id | Input the user id or user email address. | Text | Required |
Example Request
Action: Get Zone Details
This action can be used to get the details of a particular zone from the CylancePROTECT application.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Zone id | Input the zone id. | Text | Required |
|
Action: Remove Hash from Global List
This action can be used to remove a sha256 hash from a global list in the CylancePROTECT application.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Sha256 hash | Input the threat sha256 hash. | Text | Required |
|
List type | Input the list type; supported values: - globalquarantine - globalsafe | Text | Required |
|