Cyware Orchestrate

Apply Action to Incident

This action applies an action to an incident.

Create Incident

This action creates an incident in PhishLabs.

Get Brands

This action retrieves the list of brands based on the incident type.

Get Document File

This action retrieves the specified document file.

Get Image File

This action retrieves the specified image file.

Get Incident Details

This action retrieves the details of an incident.

Search Incidents

This action searches for incidents in PhishLabs.

Upload File to Incident

This action uploads a file to the specified incident.

Generic Action

This is a generic action used to make requests to any Fortra PhishLabs endpoint.

Base URL

Enter the base URL to access Fortra PhishLabs.

Text

Required

Client ID

Enter the client ID of the Fortra PhishLabs account.

Text

Required

Client Secret

Enter the client secret for the Fortra PhishLabs account.

Password

Required

Scope

Enter the scope of the access request. It may have multiple space-delimited values.

Text

Required

Timeout

Enter the timeout value in seconds. This is the number of seconds that requests will wait to establish a connection with Fortra PhishLabs.

Integer

Optional

Allowed range:

15-120

Default value:

15

Verify

Choose your preference to verify SSL while making requests. It is recommended to set this option to yes. Passing no may result in incorrectly establishing the connection.

Boolean

Optional

By default, verification is disabled.

Incident ID

Enter the incident ID to apply the action.

Integer

Required

You can retrieve this using the action Search Incidents.

Action Type Code

Enter the type of action to apply.

Text

Required

Allowed values:

AddComment, ProvideInput, CloseIncident, Mitigate

Comment

Enter the comment to apply action to the incident.

Text

Required

Incident Type Code 

Enter the type of the incident.

Text

Required

Allowed values:

SocialMedia, DarkWeb

Threat Type Code 

Enter the type of the threat.

Text

Required

Allowed values:

AccountCredentialsForSaleDW, ConsumerGoodsForSaleDW, CreditDebitCardDataDW, CyberRiskDW, DepositFraudDW, ExecutiveMentionInPostDW, FraudToolsDW, PersonalIdentifiableInformationDW, PhysicalThreatToExecutiveDW, SourceCodeDW, BINIINDetailsSM, BrandMentionOnPageSM, CyberRiskSM, DepositFraudSM, ExecutiveMentionOnPageSM, GenericPhysicalThreatSM, ImpersonationOfEmployeeSM, ImpersonationOfExecutiveSM, ImpersonationOfBrandSM, LeakedCredentialsSM, LeakedDocumentsSM, LegalThreatSM, NegativeCommentTowardEmployeeSM, NegativeCommentTowardOrganizationSM, NewsPRStockCommentarySM, PersonalIdentifiableInformationSM, PhishingSM, PhysicalThreatToEmployeeSM, PhysicalThreatToEventSM, PhysicalThreatToExecutiveSM, PhysicalThreatToLocationSM, ProtestPetitionBoycottsSM, SourceCodeSM, EventSM, CryptocurrencyScamSM, CounterfeitSM, ThirdPartyCorporateEmailLeaksDW, StealerMalwareCredentialsDW, BotnetCredentialsDW, RemoteAccessTrojanCredentialsDW

Title 

Enter the title of the incident.

Text

Required

URL 

Enter the URL associated with the incident.

Text

Required

Brand ID 

Enter the brand ID associated with the incident.

Integer

Optional

You can retrieve this using the action Get Brands.

Executive ID 

Enter the ID of the executive reporting the incident.

Integer

Optional

Comment 

Enter the comment to be added to the incident.

Text

Optional

Incident Type Code

Enter the type of the incident to retrieve associated brands.

Text

Required

Allowed values:

SocialMedia, DarkWeb

Document ID

Enter the document identifier to retrieve its details.

Integer

Required

You can retrieve this using action Get Incident Details.

Image ID

Enter the image identifier to retrieve its details.

Integer

Required

You can retrieve this using the action Get Incident Details.

Size

Enter the size of the image file.

Text

Required

Allowed values:

small (for thumbnails), large (for full-size images)

Incident ID

Enter the ID of the incident to retrieve its details.

Text

Required

You can retrieve this using the action Search Incidents.

Page Number

Enter the page number to retrieve results from.

Integer

Optional

Default value:

1

Page Size

Enter the number of results to retrieve on each page.

Integer

Optional

Allowed range:

1-200

Default value:

100

Created From Date

Enter the incident creation date to retrieve results starting from that date.

Text

Optional

Allowed format:

YYYY-MM-DDTHH:MM:SS.SSSZ or YYYY-MM-DDTHH:MM:SS.SSS+HH:MM (ISO)

Created To Date

Enter the incident creation date until which you want to retrieve results.

Text

Optional

Allowed format:

YYYY-MM-DDTHH:MM:SS.SSSZ or YYYY-MM-DDTHH:MM:SS.SSS+HH:MM (ISO)

Brand Names

Enter the incident brand names to retrieve incidents. This list is unique to your organization.

Text

Optional

Extra Params

Enter the extra parameters to search for incidents.

Key Value

Optional

Allowed keys:

SortField, SortOrder, LastModifiedDateFrom, LastModifiedDateTo, IncidentTypeCode, ThreatTypeCodes, IncidentStatusCodes, IncidentStatusReasonCodes, IncidentSeverityCodes, BrandIds, ExecutiveIds

Incident ID

Enter the ID of the incident to which you want to upload the file.

Integer

Required

You can retrieve this using the action Search Incidents.

File Path

Enter the file path to upload the file.

Text

Required

Comment

Enter the comment for uploading the file.

Text

Optional

Method

Enter the HTTP method to make the request.

Text

Required

Allowed values:

GET, PUT, POST, DELETE

Endpoint

Enter the endpoint to make the request.

Example:

/incident/search

Text

Required

Query Params

Enter the query parameters to pass to the API.

Key Value

Optional

Payload

Enter the payload to pass to the API.

Any

Optional

Extra Fields

Enter the extra fields to pass to the API.

Key Value

Optional

Allowed keys:

payload_json, custom_output, download, filename, files, retry_wait, retry_count, response_type