OpenCTI

Cyware Orchestrate

OpenCTI

App Vendor: OpenCTI

App Category: Data Enrichment & Threat Intelligence

Connector Version: 1.0.1

API Version: 5.12.25

About App

OpenCTI is an open threat intelligence platform that provides a powerful knowledge management database used for integrating, malwarestoring, managing, and, sharing cyber threat intelligence.

The OpenCTI app is configured with Cyware Orchestrate to perform the following actions:

Action Name	Description
Add Indicator	This action is used to add an indicator.
Add Malware	This action is used to add a malware.
Add Vulnerability	This action is used to add a vulnerability.
Get Indicators	This action is used to get all indicators from OpenCTI.
Get Malwares	This action is used to get all malware from OpenCTI.
Get STIX Data	This action is used to get STIX data for a particular STIX ID.
Get Vulnerabilities	This action is used to get all vulnerabilities from OpenCTI.
Global Search	This action is used to perform a global search on the OpenCTI platform.
Perform Query	This action is used to perform GraphQL queries and mutations.

Configuration Parameters

The following configuration parameters are required for the OpenCTI app to communicate with the OpenCTI enterprise application. The parameters can be configured by creating instances in the app.

Parameter	Description	Field Type	Required/Optional
Base URL	Enter the base URL of OpenCTI.	Text	Required
API Token	Enter the bearer token to connect to OpenCTI.	Password	Required
Verify	Choose whether to verify SSL/TLS certificates while making requests to the OpenCTI API server. It is recommended to set this option to yes. It may result in an incorrect establishment of the connection, causing it to break if no is passed.	Boolean	Optional
Timeout	Enter the timeout value in seconds for OpenCTI.	Integer	Optional

Action: Add Indicator

This action is used to add an indicator.

Action Input Parameters

Parameter	Description	Field Type	Required/Optional
Pattern type	Enter the pattern type for this indicator. Example: stix	Text	Required
Pattern	Enter the pattern for this indicator. Example: [file:hashes.'SHA-256' = 'be12e55c7b520947f974677557fc1fda52083891b6aa9bbf9b17341fd9480f5a']"	Text	Required
Name	Enter a name for this indicator. Example: 103.83.192.6	Text	Required
X OpenCTI STIX IDs	Enter a list of OpenCTI STIX IDs for this indicator. Example: 40caf0b8-0632-4f62-9ba6-dc10c093a63e	List	Optional
Indicator types	Enter a list of indicator types.	List	Optional
X MITRE platforms	Enter a list of MITRE platforms.	List	Optional
STIX ID	Enter the STIX ID for this indicator.	Text	Optional
Description	Enter a description for this indicator.	Text	Optional
Confidence	Enter the confidence score for this indicator. Example: 50	Integer	Optional
Extra params	Enter extra parameters as a dictionary.	Key Value	Optional

Action: Add Malware

This action is used to add a malware.

Action Input Parameters

Parameter	Description	Field Type	Required/Optional
Name	Enter a name for this malware.	Text	Required
Description	Enter a description for this malware.	Text	Optional
STIX id	Enter the STIX ID for this malware.	Text	Optional
Confidence	Enter the confidence score for this malware. Example: 80	Integer	Optional
Malware types	Enter a list of types associated with this malware.	List	Optional
Extra params	Enter extra parameters as a dictionary.	Key Value	Optional

Action: Add Vulnerability

This action is used to add a vulnerability.

Action Input Parameters

Parameter	Description	Field Type	Required/Optional
Name	Enter a name for this vulnerability.	Text	Required
Description	Enter a description for this vulnerability.	Text	Optional
STIX ID	Enter the STIX ID for this vulnerability.	Text	Optional
Confidence	Enter the confidence score for this vulnerability.	Integer	Optional
X OpenCTI base score	Enter the OpenCTI score for this vulnerability.	Float	Optional
X OpenCTI base severity	Enter a severity level for this vulnerability.	Text	Optional
Extra params	Enter extra parameters as a dictionary.	Key Value	Optional

Action: Get Indicators

This action is used to get all indicators from OpenCTI

Action Input Parameters

Parameter	Description	Field Type	Required/Optional	Comments
Limit	Enter the response limit.	Integer	Optional	Default: All
After	Enter the cursor value. The server returns a response after this cursor value.	Text	Optional
Order by	Enter the field name to order the results by. Example: name	Text	Optional	Default: name
Order mode	Enter the direction to order the results by.	Text	Optional	Default: Ascending
Search	Enter a search string.	Text	Optional
Filters	Enter filters to filter the response by.	Key Value	Optional

Action: Get Malwares

This action is used to get all malwares from OpenCTI

Action Input Parameters

Parameter	Description	Field Type	Required/Optional	Comments
Limit	Enter the response limit.	Integer	Optional	Default: All
After	Enter the cursor value. The server returns a response after this cursor value.	Text	Optional
Order by	Enter the field name to order the results by. Example: name	Text	Optional	Default: name
Order mode	Enter the direction to order the results by.	Text	Optional	Default: Ascending
Search	Enter a search string.	Text	Optional
Filters	Enter filters to filter the response by.	Key Value	Optional
To STIX	Choose whether to return the values in STIX format.	Boolean	Optional	Default: True

Action: Get STIX Data

This action is used to get stix data for a particular STIX ID

Action Input Parameters

Parameter	Description	Field Type	Required/Optional	Comments
STIX ID	Enter the STIX ID. Example: { "stix_id": "indicator--8c82827b-ab26-51bb-b41b-6220b48d2464" }	Text	Required

Parameter

Description

Field Type

Required/Optional

Comments

STIX ID

Enter the STIX ID.

Example:

{

"stix_id": "indicator--8c82827b-ab26-51bb-b41b-6220b48d2464"

}

Text

Required

Action: Get Vulnerabilities

This action is used to get all vulnerabilities from OpenCTI

Action Input Parameters

Parameter	Description	Field Type	Required/Optional	Comments
Limit	Enter the response limit.	Integer	Optional	Default: All
After	Enter the cursor value. The server returns a response after this cursor value.	Text	Optional
Order by	Enter the field name to order the results by. Example: name	Text	Optional	Default: name
Order mode	Enter the direction to order the results by.	Text	Optional	Default: Ascending
Search	Enter a search string.	Text	Optional
Filters	Enter filters to filter the response by.	Key Value	Optional
To STIX	Choose whether to return the values in STIX format.	Boolean	Optional	Default: True

Action: Global Search

This action is used to perform a global search on the OpenCTI platform

Action Input Parameters

Parameter	Description	Field Type	Required/Optional	Comments
Limit	Enter the response limit.	Integer	Optional	Default: Returns all
After	Enter the cursor value. The server returns a response after this cursor value.	Text	Optional
Search	Enter a search string.	Text	Optional
Types	Enter the type of entity to search. Example: Malware	List	Optional
Order by	Enter the field name to sort the results Example: name	Text	Optional	Default: name
Order mode	Enter the direction to filter the results	Text	Optional	Default: Ascending
Filters	Enter filters to filter the response by.	Key Value	Optional

Action: Perform Query

This action is used to perform GraphQL queries and mutations

Action Input Parameters

Parameter	Description	Field Type	Required/Optional	Comments
GraphQL query	Enter the GraphQL query to run.	Text	Required

Was this helpful?

Would you like to provide feedback? Just click here to suggest edits.

Cyware Orchestrate

OpenCTI

About App

Configuration Parameters

Action: Add Indicator

Action: Add Malware

Action: Add Vulnerability

Action: Get Indicators

Action: Get Malwares

Action: Get STIX Data

Action: Get Vulnerabilities

Action: Global Search

Action: Perform Query

Search results