Cyware Orchestrate
App Vendor: Cyware
App Category: Cyware Product
Connector Version: 2.1.0
API Version: 3.5.5.0
About App
The Cyware Orchestrate connector allows security teams to integrate with the Cyware Orchestrate application to execute on-demand or event-triggered tasks across deployment environments at machine speeds.
The Orchestrate app is configured with Cyware Orchestrate to perform the following actions:
Action Name | Description |
|---|---|
Create Events | This action creates a source event. |
Execute Action | This action executes a particular action of an app. |
Get Action Details | This action retrieves the details of an action based on the given ID. |
Get App Actions | This action retrieves the list of available actions of all the apps. |
List App Instances | This action retrieves a list of all the available app instances. |
Get Apps | This action retrieves a list of all the integration apps and their details. |
Get App Details | This action retrieves the details of an app based on the given ID. |
Get App Instance | This action retrieves the instance details of an app. |
List Playbook Run Logs | This action retrieves a list of playbook run logs. |
Get Playbook Run Log Details | This action retrieves the details of a single playbook. |
Run Playbook | This action executes a playbook based on the playbook ID. |
Generic Action | This is a generic action used to make requests to any Orchestrate endpoint. |
Configuration Parameters
The following configuration parameters are required for the Orchestrate app to communicate with the Orchestrate enterprise application. The parameters can be configured by creating instances in the app.
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Base URL | Enter the base URL to access Orchestrate. Example: https://ent-multitenant.csol.spotio.cywaredev.com/soarapi/openapi | Text | Required | |
Access ID | Enter the access ID. | Text | Required | |
Secret Key | Enter the secret key. | Password | Required | |
Version | Enter the API version. | Text | Optional | Default value: v1 |
Timeout | Enter the timeout value in seconds. This is the number of seconds that requests will wait to establish a connection with Orchestrate. | Integer | Optional | Allowed range: 15-120 Default value: 15 |
Verify | Choose your preference to verify SSL or TLS while making requests. It is recommended to set this option to yes. Passing no may result in incorrectly establishing the connection. | Boolean | Optional | Default value: true |
Action: Create Events
This action creates a source event.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Title | Enter the title for the source event. Example: SourceEvent | Text | Required | |
App Identifier | Enter the unique identifier of the app to which the action belongs. | Text | Required | |
Action Identifier | Enter the unique identifier of the action. | Text | Required | |
Data | Enter the data to be passed for the event. | Key Value | Optional |
Example Request
[
{
"data": {},
"title": "SourceEvent",
"app_identifier": "virus_total_v3_clone20276_a",
"action_identifier": "ip_address_enrichment"
}
]Action: Execute Action
This action executes a particular action of an app.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
App Name | Enter the unique name of the app to which the action belongs. | Text | Required | |
Action Name | Enter the action name. | Text | Required | |
Instance Slug | Enter the resource identifier of the app instance. | Text | Required | |
Action Params | Enter the action parameters to execute the action. | Key Value | Optional |
Example Request
[
{
"app_name": "virus_total_v3_1_3_0",
"action_name": "ip_address_enrichment",
"action_params": {
"ip_address": "1.1.1.1"
},
"instance_slug": "test_instance"
}
]Action: Get Action Details
This action retrieves the details of an action based on the given ID.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Action ID | Enter the unique ID of the action to retrieve its details. Example: 8d79fe9a-0328-4b86-8102-ac3f55a32915 | Text | Required | You can retrieve this using the action Get App Actions. |
Example Request
[
{
"action_id": "8d79fe9a-0328-4b86-8102-ac3f55a32915"
}
]Action: Get App Actions
This action retrieves the list of available actions of all the apps.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Query Params | Enter the query parameters to retrieve the list of available actions. | Key Value | Optional | Available keys: app_unique_id, page, page_size |
Example Request
[
{
"query_params": {}
}
]Action: Get App Details
This action retrieves the details of an app based on the given ID.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
App ID | Enter the unique ID of the app to retrieve its details. Example: b1d55d90-b41a-485d-ad63-f45459b24690 | Text | Required | You can retrieve this using the action Get Apps. |
Example Request
[
{
"app_id": "b1d55d90-b41a-485d-ad63-f45459b24690"
}
]Action: Get App Instance
This action retrieves the instance details of an app.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Instance ID | Enter the unique ID of the instance. Example: d6a03423-52fd-479b-a79d-85102e53861f | Text | Required | You can retrieve this using the action List App Instances. |
Example Request
[
{
"instance_id": "35408141-775e-415b-9f5f-a09d3c611069"
}
]Action: Get Apps
This action retrieves a list of all the integration apps and their details.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Query Params | Enter the query parameters. | Key Value | Optional | Available keys: q, page, page_size, ordering, created_by, app_type, published_by, categories, is_system, is_configured, lite_enabled, created_at, created_at_gte, created_at_lte |
Example Request
[
{
"query_params": {}
}
]Action: Get Playbook Run Log Details
This action retrieves the details of a single playbook.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Playbook Runlog ID | Enter the unique ID of the playbook run. Example: 935862df-efea-48ce-967f-a7e53f144d8a | Text | Required | You can retrieve this using the action Run Playbook. |
Example Request
[
{
"playbook_runlog_id": "9a38bcfd-839e-4e31-873d-83715667601e"
}
]Action: List App Instances
This action retrieves a list of all the available app instances.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Query Params | Enter the query parameter to filter the data. | Key Value | Optional | Allowed keys: page, page_size, app_unique_id |
Example Request
[
{
"query_params": {}
}
]Action: List Playbook Run Logs
This action retrieves a list of playbook run logs.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Start Date | Enter start date and time (in 01/07/2021 00:00:00 format and in UTC time zone) from which you want to retrieve the result. | Text | Optional | Default: None |
End Date | Enter end date and time (in 01/07/2021 00:00:00 format and in UTC time zone) until which you want to retrieve the result. | Text | Optional | Default: None |
Is Source Playbook Result Null | Select true if you want to retrieve results of associated playbook. | Boolean | Optional | Default value: true |
Page | Enter the page number to retrieve results. | Text | Optional | Default value: 1 |
Page Size | Enter the number of results to be returned on each page. | Text | Optional | Default value: 10 |
Playbook ID | Enter the playbook ID to retrieve it's result. Example: 903b87b71-4120-9c63-04b4df60ab4b | Text | Optional |
Action: Run Playbook
This action executes a playbook based on the playbook ID.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Playbook ID | Enter the unique ID of the playbook to run it. Example: 903b87b71-4120-9c63-04b4df60ab4b | Text | Required |
Example Request
[
{
"playbook_id": "95495f88-52af-4509-ab7d-2c82ccc48fea"
}
]Action: Generic Action
This is a generic action used to make requests to any Orchestrate endpoint.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Method | Enter the HTTP method to make the request. | Text | Required | Allowed values: GET, PUT, POST, DELETE |
Endpoint | Enter the endpoint to make the request to. Example: actions/execute/ | Text | Required | |
Query Params | Enter the query parameters to pass to the API. | Key Value | Optional | |
Payload | Enter the payload to pass to the API. | Any | Optional | |
Extra Fields | Enter the extra fields to pass to the API. | Key Value | Optional | Allowed keys: payload_json, custom_output, download, filename, files, retry_wait, retry_count, response_type, include_headers |
Example Request
[
{
"method": "Get",
"endpoint": "/playbook/playbook-result/filter",
"extra_fields": {},
"query_params": {}
}
]