App Vendor: Cyberint
App Category: Data Enrichment & Threat Intelligence, Compromised Credentials
Connector Version: 1.0.1
API Version: v1
Cyberint helps security teams monitor, detect, and respond to cyber threats in real-time, protecting digital assets with its comprehensive threat intelligence platform and expert analysis.
The Cyberint app is configured with Orchestrate to perform the following actions:
Action Name | Description |
---|---|
Get Alert Analysis Report | This action retrieves the analysis report of an alert by the alert reference ID. |
Get Alert Attachment | This action retrieves attachment by alert reference id and attachment internal ID. |
Get Alert Indicator | This action retrieves the indicator by alert reference ID and indicator ID. |
Get Alerts | This action retrieves a list of alerts. |
Get Enriched CVE | This action retrieves the enrichment data using the CVE ID. |
Get Full Alert by Ref ID | This action retrieves the details of an alert using the reference ID. |
Update Alerts Status | This action updates the status of alerts. You can update up to 100 alerts simultaneously. |
Generic Action | This is a generic action used to make requests to any Cyberint endpoint. |
The following configuration parameters are required for the Cyberint app to communicate with the Cyberint enterprise application. The parameters can be configured by creating instances in the app.
Parameter | Description | Field Type | Required/Optional | Comments |
---|---|---|---|---|
Base URL | Enter the base URL. | Text | Required | |
API Token | Enter the API token to authenticate with Cyberint. | Password | Required | |
Timeout | Enter the timeout value in seconds. This is the number of seconds that requests will wait to establish a connection with Cyberint. | Integer | Optional | Allowed range: 15-120 Default value: 15 |
Verify | Choose your preference to verify SSL or TLS while making requests. It is recommended to set this option to yes. Passing no may result in incorrectly establishing the connection. | Boolean | Optional | By default, verification is enabled. |
This action retrieves the analysis report of an alert by the alert reference ID.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
---|---|---|---|---|
Alert Ref ID | Enter the reference ID of the alert. Example: CYW3-14 | Text | Required | You can retrieve this using the action Get Alerts. |
This action retrieves attachment by alert reference ID and attachment internal ID.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
---|---|---|---|---|
Alert Ref ID | Enter the reference ID of the alert. Example: CYW3-20 | Text | Required | You can retrieve this using the action Get Alerts. |
Attachment ID | Enter the attachment ID. Example: 5299111 | Text | Required | You can retrieve this using the action Get Alerts. |
Example Request
[ { "alert_ref_id": "CYW3-20", "attachment_id": "5299111" } ]
This action retrieves the indicator by alert reference ID and indicator ID.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
---|---|---|---|---|
Alert Ref ID | Enter the reference ID of the alert. Example: CYW3-14 | Text | Required | You can retrieve this using the action Get Alerts. |
Indicator ID | Enter the indicator ID. Example: 4e1c54ee774460fe4d70a54ab0d02d94f3d101cfdaff25adb45d2fa4ceb3600a | Text | Required | You can retrieve this using the action Get Alerts. |
Example Request
[ { "alert_ref_id": "CYW3-14", "indicator_id": "4e1c54ee337760fe4d70a54ab0d02d92e4d101cfdaff25adb45d2fa4cbe3600a" } ]
This action retrieves a list of alerts.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
---|---|---|---|---|
From | Enter the date (in ISO 8601 format) from which you want to retrieve the response. Example: 2019-08-24t14:15:22z | Text | Required | |
To | Enter the date (in ISO 8601 format) until which you want to retrieve the response. Example: 2019-08-24t14:15:22z | Text | Required | |
Filters | Enter the filters to narrow down the response. Example: "severity": "low" | Key Value | Optional | Allowed Keys: environments, status, severity, type, targeted_brands |
Page | Enter the page number to retrieve results from. | Integer | Optional | Default value: 1 |
Size | Enter the number of alerts to retrieve on each page. | Integer | Optional | Allowed Range: 10-100 Default value: 10 |
Include CSV as JSON | Choose whether to include CSV attachments as JSON content in the response. | Boolean | Optional | The default value is false. |
Example Request
[ { "from": "2024-01-10T14:15:22Z", "to": "2024-08-22T14:15:22Z", "filters": { "severity": [ "low" ] } } ]
This action retrieves the enrichment data using the CVE ID.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
---|---|---|---|---|
CVE ID | Enter the CVE ID to retrieve the enrichment data. Example: CVE-2024-41110 | Text | Required |
Example Request
[ { "cve_id": "CVE-2023-44487" } ]
This action retrieves the details of an alert using the reference ID.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
---|---|---|---|---|
Alert Ref ID | Enter the reference ID of the alert. Example: CYW3-14 | Text | Required | You can retrieve this using the action Get Alerts. |
Example Request
[ { "alert_ref_id": "CYW3-20" } ]
This action updates the status of alerts. You can update up to 100 alerts simultaneously.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
---|---|---|---|---|
Alert Ref IDs | Enter the reference IDs of alerts. Example: [CYW3-14, CYW3-04] | List | Required | You can retrieve this using the action Get Alerts. |
Status | Enter the updated status of the alert. | Text | Required | Allowed values: open, acknowledged, closed |
Closure Reason | Enter the reason for closing the alert. This is required if you change the status to closed. | Text | Optional | Allowed values: resolved, irrelevant, false_positive, irrelevant_alert_subtype, no_longer_a_threat, asset_should_not_be_monitored, asset_belongs_to_my_organization, asm_no_longer_detected, asm_manually_closed, other |
Closure Reason Description | Enter a description for closing the alert if you choose ‘other’ as the closure reason. | Text | Optional |
Example Request
[ { "status": "open", "alert_ref_ids": [ "CYW3-13" ] } ]
This is a generic action used to make requests to any Cyberint endpoint.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
---|---|---|---|---|
Method | Enter the HTTP method to make the request. | Text | Required | Allowed values: GET, PUT, POST, DELETE |
Endpoint | Enter the endpoint to make the request. Example: /alert/api/v1/alerts | Text | Required | |
Query Params | Enter the query parameters to pass to the API. | Key Value | Optional | |
Payload | Enter the payload to pass to the API. | Any | Optional | |
Extra Fields | Enter the extra fields to pass to the API. | Key Value | Optional | Allowed keys: payload_json, custom_output, download, filename, files, retry_wait, retry_count, response_type, include_headers |