Cyberint
App Vendor: Cyberint
App Category: Data Enrichment & Threat Intelligence, Compromised Credentials
Connector Version: 1.0.1
API Version: v1
About App
Cyberint helps security teams monitor, detect, and respond to cyber threats in real-time, protecting digital assets with its comprehensive threat intelligence platform and expert analysis.
The Cyberint app is configured with Orchestrate to perform the following actions:
Action Name | Description |
|---|---|
Get Alert Analysis Report | This action retrieves the analysis report of an alert by the alert reference ID. |
Get Alert Attachment | This action retrieves attachment by alert reference id and attachment internal ID. |
Get Alert Indicator | This action retrieves the indicator by alert reference ID and indicator ID. |
Get Alerts | This action retrieves a list of alerts. |
Get Enriched CVE | This action retrieves the enrichment data using the CVE ID. |
Get Full Alert by Ref ID | This action retrieves the details of an alert using the reference ID. |
Update Alerts Status | This action updates the status of alerts. You can update up to 100 alerts simultaneously. |
Generic Action | This is a generic action used to make requests to any Cyberint endpoint. |
Configuration Parameters
The following configuration parameters are required for the Cyberint app to communicate with the Cyberint enterprise application. The parameters can be configured by creating instances in the app.
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Base URL | Enter the base URL. | Text | Required | |
API Token | Enter the API token to authenticate with Cyberint. | Password | Required | |
Timeout | Enter the timeout value in seconds. This is the number of seconds that requests will wait to establish a connection with Cyberint. | Integer | Optional | Allowed range: 15-120 Default value: 15 |
Verify | Choose your preference to verify SSL or TLS while making requests. It is recommended to set this option to yes. Passing no may result in incorrectly establishing the connection. | Boolean | Optional | By default, verification is enabled. |
Action: Get Alert Analysis Report
This action retrieves the analysis report of an alert by the alert reference ID.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Alert Ref ID | Enter the reference ID of the alert. Example: CYW3-14 | Text | Required | You can retrieve this using the action Get Alerts. |
Action: Get Alert Attachment
This action retrieves attachment by alert reference ID and attachment internal ID.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Alert Ref ID | Enter the reference ID of the alert. Example: CYW3-20 | Text | Required | You can retrieve this using the action Get Alerts. |
Attachment ID | Enter the attachment ID. Example: 5299111 | Text | Required | You can retrieve this using the action Get Alerts. |
Example Request
[
{
"alert_ref_id": "CYW3-20",
"attachment_id": "5299111"
}
]Action: Get Alert Indicator
This action retrieves the indicator by alert reference ID and indicator ID.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Alert Ref ID | Enter the reference ID of the alert. Example: CYW3-14 | Text | Required | You can retrieve this using the action Get Alerts. |
Indicator ID | Enter the indicator ID. Example: 4e1c54ee774460fe4d70a54ab0d02d94f3d101cfdaff25adb45d2fa4ceb3600a | Text | Required | You can retrieve this using the action Get Alerts. |
Example Request
[
{
"alert_ref_id": "CYW3-14",
"indicator_id": "4e1c54ee337760fe4d70a54ab0d02d92e4d101cfdaff25adb45d2fa4cbe3600a"
}
]Action: Get Alerts
This action retrieves a list of alerts.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
From | Enter the date (in ISO 8601 format) from which you want to retrieve the response. Example: 2019-08-24t14:15:22z | Text | Required | |
To | Enter the date (in ISO 8601 format) until which you want to retrieve the response. Example: 2019-08-24t14:15:22z | Text | Required | |
Filters | Enter the filters to narrow down the response. Example: "severity": "low" | Key Value | Optional | Allowed Keys: environments, status, severity, type, targeted_brands |
Page | Enter the page number to retrieve results from. | Integer | Optional | Default value: 1 |
Size | Enter the number of alerts to retrieve on each page. | Integer | Optional | Allowed Range: 10-100 Default value: 10 |
Include CSV as JSON | Choose whether to include CSV attachments as JSON content in the response. | Boolean | Optional | The default value is false. |
Example Request
[
{
"from": "2024-01-10T14:15:22Z",
"to": "2024-08-22T14:15:22Z",
"filters": {
"severity": [
"low"
]
}
}
]Action: Get Enriched CVE
This action retrieves the enrichment data using the CVE ID.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
CVE ID | Enter the CVE ID to retrieve the enrichment data. Example: CVE-2024-41110 | Text | Required |
Example Request
[
{
"cve_id": "CVE-2023-44487"
}
]Action: Get Full Alert by Ref ID
This action retrieves the details of an alert using the reference ID.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Alert Ref ID | Enter the reference ID of the alert. Example: CYW3-14 | Text | Required | You can retrieve this using the action Get Alerts. |
Example Request
[
{
"alert_ref_id": "CYW3-20"
}
]Action: Update Alerts Status
This action updates the status of alerts. You can update up to 100 alerts simultaneously.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Alert Ref IDs | Enter the reference IDs of alerts. Example: [CYW3-14, CYW3-04] | List | Required | You can retrieve this using the action Get Alerts. |
Status | Enter the updated status of the alert. | Text | Required | Allowed values: open, acknowledged, closed |
Closure Reason | Enter the reason for closing the alert. This is required if you change the status to closed. | Text | Optional | Allowed values: resolved, irrelevant, false_positive, irrelevant_alert_subtype, no_longer_a_threat, asset_should_not_be_monitored, asset_belongs_to_my_organization, asm_no_longer_detected, asm_manually_closed, other |
Closure Reason Description | Enter a description for closing the alert if you choose ‘other’ as the closure reason. | Text | Optional |
Example Request
[
{
"status": "open",
"alert_ref_ids": [
"CYW3-13"
]
}
]Action: Generic Action
This is a generic action used to make requests to any Cyberint endpoint.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Method | Enter the HTTP method to make the request. | Text | Required | Allowed values: GET, PUT, POST, DELETE |
Endpoint | Enter the endpoint to make the request. Example: /alert/api/v1/alerts | Text | Required | |
Query Params | Enter the query parameters to pass to the API. | Key Value | Optional | |
Payload | Enter the payload to pass to the API. | Any | Optional | |
Extra Fields | Enter the extra fields to pass to the API. | Key Value | Optional | Allowed keys: payload_json, custom_output, download, filename, files, retry_wait, retry_count, response_type, include_headers |