Team Cymru Pure Signal
App Vendor: Team Cymru
App Category: Data Enrichment & Threat Intelligence
Connector Version: 1.1.0
API Version: v1
Note
This app is currently released as a beta version.
About App
The Pure Signal Recon connector facilitates the integration of cutting-edge threat intelligence into your existing security ecosystem. By leveraging real-time insights and advanced query capabilities, this connector empowers security teams to enhance their threat detection and response capabilities with its intuitive interface and comprehensive data analysis tools, the connector enables organizations to bolster their cybersecurity posture by proactively identifying and mitigating potential threats.
The Team Cymru Pure Signal app is configured with Orchestrate to perform the following actions:
Action Name | Description |
|---|---|
Create Job | This action creates a new job. |
Create Schedule | This action creates a new scheduled job. |
Delete a Job | This action deletes all the results from a specific job. |
Delete Multiple Jobs | This action deletes multiple jobs passed in as IDs. |
Delete Multiple Jobs by Time | This action deletes multiple jobs within a specified date range. |
Delete Result | This action deletes the result from a single query from a job. |
Delete Schedule | This action deletes a specific scheduled job. |
Get All Jobs | This action retrieves all the jobs. |
Get All Schedules | This action retrieves all the schedules for the organization of the requesting user. |
Get Job Details | This action retrieves all the details from a specific job. |
Get Job Results | This action retrieves all the results from a specific job. |
Get Result | This action retrieves a file with the query results for a single query |
Get Schedule Details | This action retrieves details of a specific scheduled job. |
Generic Action | This is a generic action used to make requests to any Team Cymru Pure Signal endpoint. |
Configuration Parameters
The following configuration parameters are required for the Team Cymru Pure Signal app to communicate with the Team Cymru Pure Signal enterprise application. You can configure the parameters by creating instances in the app.
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
API Key | Enter the API key to authenticate with Team Cymru Pure Signal. | Password | Required | |
Timeout | Enter the timeout value in seconds. This is the number of seconds that requests will wait to establish a connection with Team Cymru Pure Signal. | Integer | Optional | Allowed range: 15-120 Default value: 15 |
Verify | Choose your preference to verify SSL or TLS while making requests. It is recommended to set this option to yes. Passing no may result in incorrectly establishing the connection. | Boolean | Optional | Default value: True |
Base URL | Enter the base URL to access Team Cymru Pure Signal. Example: https://recon.cymru.com | Text | Optional |
Action: Create Job
This action creates a new job. You can submit multiple different searches as part of one job, provided they are in different query formats.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Job Name | Enter the name of the job. Example: sample Job | Text | Required | |
Start Date | Enter the start date to search for. Example: 04/26/2017 00:00:00 | Text | Required | |
End Date | Enter the end date to perform the search. Example: 05/03/2017 23:59:59 | Text | Required | |
Queries | Enter the list of queries including the key "query_type" as the query type, and any other query criteria. Example: [{"query_type": "flows","any_ip_addr": "1.1.1.1","any_port": "10,20-60"},{"query_type": "pdns","any_ip_addr": "2.2.2.2,8.8.8.0/24"}] | List | Required | |
Add Data | Enter the additional data in key-value format. | Key Value | Optional | Allowed values:
|
Example Request
{
"job_name": "Sample Job",
"job_description": "This job is just an example.",
"start_date": "04/26/2017 00:00:00",
"end_date": "05/03/2017 23:59:59",
"priority": 25,
"queries": [
{
"query_type": "flows",
"any_ip_addr": "1.1.1.1,8.8.8.0/24",
"any_port": 10
},
{
"query_type": "pdns",
"any_ip_addr": "2.2.2.2,8.8.8.0/24"
}
]
}Action: Create Schedule
This action creates a new scheduled job that is equivalent to scheduling a job from the results page.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Job ID | Enter the job ID to be scheduled. Example: 222 | Text | Required | You can retrieve the Job ID using the following actions:
|
Interval | Enter the interval of the scheduled job. Example: 1 day | Text | Required | Allowed values:
|
Example Request
{
"job_id": "222",
"interval": "1 day"
}Action: Delete a Job
This action deletes all the results from a specific job.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Job ID | Enter the job ID to delete. Example: 222 | Text | Required | You can retrieve the Job ID using the following actions:
|
Example Request
{
"id": 222
}Action: Delete Multiple Jobs
This action deletes multiple jobs passed in as IDs.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Job IDs | Enter the list of job IDs to delete. Example: {"ids":[1,2,3,4]} | List | Required | You can retrieve the Job IDs using the Get All Jobs action. |
Example Request
{
"ids": [
1,
2,
3,
4
]
}Action: Delete Multiple Jobs by Time
This action deletes multiple jobs within a specified date range.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Start Date | Enter the start date of the search time range for desired jobs to be deleted. Example: 04/26/2017 00:00:00 | Text | Required | |
End Date | Enter the end date of the search time range for desired jobs to be deleted. 05/03/2017 23:59:59 | Text | Required |
Example Request
{
"start_date": "04/26/2017 00:00:00",
"end_date": "05/03/2017 23:59:59"
} Action: Delete Result
This action deletes the result from a single query from a job.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Result ID | Enter the result ID to delete. Example: 222 | Text | Required | You can retrieve the Result ID using the Get Job Results action. |
Example Request
{
"id": 222
} Action: Delete Schedule
This action deletes a specific scheduled job.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Schedule ID | Enter the schedule ID. Example: 222 | Text | Required | You can retrieve the Schedule ID using the following actions:
|
Example Request
{
"id": 222
} Action: Get All Jobs
This action retrieves all the jobs.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Filters | Enter the filters to narrow down the response. | Key Value | Optional | Allowed values:
|
Action: Get All Schedules
This action retrieves all the schedules for the organization of the requesting user.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Filters | Enter the filters to narrow down the response. | Key Value | Optional | Allowed values:
|
Action: Get Job Details
This action retrieves all the details from a specific job.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Job ID | Enter the job ID. Example: 222 | Text | Required | You can retrieve the Job ID using the following actions:
|
Example Request
{
"id": 222
}Action: Get Job Results
This action retrieves all the results from a specific job.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Job ID | Enter the job ID. Example: 222 | Text | Required | You can retrieve the Job ID using the following actions:
|
Example Request
{
"id": 222
}Action: Get Result
This action retrieves a file with the query results for a single query.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Result ID | Enter the result ID to fetch the details. Example: 222 | Text | Required | You can retrieve the Result ID using the Get Job Results action. |
Filters | Enter the filters to narrow down the response. Example: {'ip_addr':'8.8.8.8'} | Key Value | Optional |
Example Request
{
"id": 222
} Action: Get Schedule Details
This action retrieves a specific scheduled job.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Schedule ID | Enter the schedule ID. Example: 222 | Text | Required | You can retrieve the Schedule ID using the following actions:
|
Example Request
{
"id": 222
} Action: Generic Action
This is a generic action used to make requests to any Team Cymru Pure Signal endpoint.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Method | Enter the HTTP method to make the request. | Text | Required | Allowed values:
|
Endpoint | Enter the endpoint to make the request. | Text | Required | |
Query params | Enter the query parameters to pass to the API. | Key Value | Optional | |
Payload | Enter the payload to pass to the API. | Any | Optional | |
Extra Fields | Enter the extra fields to pass to the API. | Key Value | Optional |