App Vendor: Cyware
App Category: Cyware Product, IT Services, Messaging
Connector Version: 2.0.1
API Version: V3
The Cyware Collaborate app is an automated threat alert aggregation and information-sharing platform that enables security teams to share alerts and notifications efficiently, enhancing seamless collaboration.
The Cyware Collaborate app is configured with Cyware Orchestrate to perform the following actions:
Action Name | Description |
---|---|
Create Alert | This action creates an alert on the Cyware Collaborate Analyst Portal and publishes it to the intended recipients. You can only create an alert if you are a privileged user. |
Create Intel | This action creates and submits intel in the Cyware Collaborate application. Note: Only member users can use this action. |
Create Situational Awareness (SA) Alert (Deprecated) | This action creates and publishes an SA alert on the Cyware Collaborate Analyst Portal to recipients using an older endpoint. For better performance, use the Create Alert action instead. |
Create Tag | This action creates a tag in Collaborate's Tag Library. |
Fetch Reported Incidents (Deprecated) | This action retrieves the list of incidents reported. |
Get Additional Field Details | This action retrieves the details of a specific field from Collaborate. |
Get Alert Details | This action retrieves the details of an alert using the specified alert ID. For privileged users, it retrieves details of alerts in all statuses. For members, it retrieves details only for published alerts that are shared with them. |
Get Attachments | This action retrieves attachments associated with a message using the topic ID and sequence ID. |
Get Category Details | This action retrieves the details of an alert category using the unique category ID. |
Get Intel Details | This action retrieves intel details. For privileged users, it retrieves details of all submitted intel by incident ID, while for members, it retrieves intel submitted by the member. |
Get Member Details | This action retrieves the details of a member. Note: Only privileged users can use this action. |
Get Messages | This action retrieves messages from a topic-based discussion in the Messenger. |
Get Topics | This action retrieves the list of topic-based discussions from the Messenger. |
List Additional Fields | This action retrieves the list of all the fields in Cyware Collaborate. |
List Alerts | This action lists the alerts from the Cyware Collaborate application. |
List Alerts by Related Indicators | This action retrieves a list of published alerts by indicators mentioned in the alerts. |
List Alerts by Tracking ID | This action retrieves alerts using the tracking ID. A tracking ID is generated when third-party integrations publish alerts in Cyware Collaborate. |
List Categories | This action retrieves the list of active alert categories from Cyware Collaborate. |
List Information Sources | This action retrieves a list of information sources (info sources) from Cyware Collaborate. |
List Members | This action retrieves the list of member users associated with your Cyware Collaborate tenant. Note: Only privileged users can use this action. |
List Organizations | This action retrieves a list of organizations from Collaborate. For privileged users, it retrieves the list of available organizations in Cyware Collaborate. For members, it retrieves the organizations that they belong to. |
List Recipient Groups | This action retrieves a list of recipient groups from Cyware Collaborate. For privileged users, it retrieves all recipient groups in Cyware Collaborate. For members, it retrieves only the recipient groups they belong to. |
List Severity Categories | This action lists severity categories from the Cyware Collaborate application. |
List Submitted Intels | This action retrieves a list of intels from Cyware Collaborate. For privileged users, it retrieves intel submitted by all members. For members, it retrieves only the intel they have submitted. |
List Tags | This action lists all tags available in the Tag Library from Cyware Collaborate. |
List Threat Methods | This action retrieves a list of threat methods from the Cyware Collaborate. |
Update Published Alert | This action updates a published alert in the Analyst Portal by expiring the older alert and linking it to this new alert. You can only update an alert if you are a privileged user. |
Update Situational Awareness (SA) Alert (Deprecated) | This action updates an SA alert from the Cyware Collaborate Analyst Portal based on the specified alert ID using an older endpoint. For better performance, use the Update Published Alert action. |
Upload File | This action uploads a file to the Doc Library to share it with individual recipients and recipient groups. |
Generic Action | This is a generic action used to make requests to any Cyware Collaborate endpoint. |
The following configuration parameters are required for the Cyware Collaborate app to communicate with the Cyware Collaborate enterprise application. The parameters can be configured by creating instances in the app.
Parameter | Description | Field Type | Required/Optional | Comments |
---|---|---|---|---|
Access ID | Enter the access ID to access Collaborate. Example: 80bd31c8-76fe-4548-8d4d-a65c6d3491b7 | Text | Required | For more information about generating an Access ID, see Configure Collaborate Open API. |
Secret Key | Enter the secret key to access Collaborate. Example: 4217008c-f4c9-4307-b0b1-8286719b5907 | Password | Required | For more information about generating a Secret Key, see Configure Collaborate Open API. |
Base URL | Enter the base URL to access Collaborate. Example: https://tenant.domain.tld/api/ | Text | Required | |
Timeout | Enter the timeout value in seconds. This is the number of seconds that requests will wait to establish a connection with Collaborate. | Integer | Optional | Allowed range: 15-120 Default value: 15 |
Verify | Choose your preference to verify SSL or TLS while making requests. It is recommended to set this option to yes. Passing no may result in incorrectly establishing the connection. | Boolean | Optional | By default, verification is enabled. |
This action creates an alert on the Cyware Collaborate Analyst Portal and publishes it to the intended recipients.
Note
You can only create an alert if you are a Privileged User.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
---|---|---|---|---|
Title | Enter the title of the alert. Example: Malware Alert | Text | Required | |
Content | Enter the description for the alert. Example: This is to notify you about the ongoing malware attacks. | Text | Required | |
Status | Enter the status of the alert. | Text | Required | Allowed values: DRAFT, PUBLISHED NoteYou can specify the status as PUBLISHED only if you have permission to publish alerts in the Analyst Portal. |
Card Groups | Enter the list of recipient groups to whom the alert is published. | Any | Optional | You can retrieve this using the action List Recipient Groups. This is a required field if the status is PUBLISHED. |
Attachments | Enter the list of document IDs or link to the documents to add attachments. | List | Optional | You can retrieve the document ID using the action Upload File. |
Extra Params | Enter the extra parameters to create an alert. | Key Value | Optional | Allowed keys: display_alert_image, card_image, type, tlp, card_category, card_category_name, card_info, tags, custom_fields, credibility, confidence, announcement_type, systemsaffected, info_source, document_type, risk, priority, vendorsnproduct, reportsource, vulnerability_type, vulnerability_source, targeted_sector, linked_alerts |
Example Request
[
{
"title": "Malware Alert",
"status": "PUBLISHED",
"content": "This is to notify you about the ongoing malware attacks.",
"card_group": [
{
"group_id": "f3da5053",
"group_name": "IT Professionals"
}
],
"extra_data": {
"tracking_id": "1111"
},
"attachments": [
"https://example.com/attachments/sample-file.pdf"
]
}
]
This action creates and submits intel in the Cyware Collaborate application.
Note
You can only create and submit an intel if you are a Member.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
---|---|---|---|---|
Title | Enter the title of the intel. Example: New Intel | Text | Required | |
Description | Enter the description for the intel. Example: New intel for cybersecurity threats | Text | Required | |
Category ID | Enter the category ID associated with the category for the intel. Example: 07b74568 | Text | Required | You can retrieve this using the action List Categories. |
TLP | Enter the TLP associated with the intel. | Text | Optional | Allowed values: RED, GREEN, WHITE, CLEAR, AMBER, AMBER+STRICT Default value: WHITE |
Extra Params | Enter the extra parameters in the form of key-value pairs. | Key Value | Optional | Allowed values: user_group, organizations, optional_fields, indicators, credibility, urgency, threat_actors, threat_methods, severity, incident_date, system_function, recommendation |
Example Request
[
{
"tlp": "RED",
"title": "New Intel",
"category_id": "b573dd45",
"description": "This is sample description.",
"extra_params": {}
}
]
This action creates and publishes an SA alert on the Cyware Collaborate Analyst Portal to recipients using an older endpoint.
Note
For better performance, use the Create Alert action instead.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
---|---|---|---|---|
Title | Enter the title of the alert. Example: Malware Alert | Text | Required | |
Description | Enter the description of the alert. Example: This is a malware alert. | Text | Required | |
Status | Enter the alert status. | Text | Optional | Allowed values: DRAFT, PUBLISHED |
Category Name | Enter the category name. Example: Vulnerability | Text | Optional | |
Extra Fields | Enter the additional fields in the form of key-value pairs. Example: threat_indicators_obj = {"ip": ['1.1.1.1', 8.8.8.8'],"domain": ['abc.com', 'cde.com']} | Key Value | Optional | Allowed keys: support, card_group payload with id, name, tlp in dict of obj, threat_indicators_obj, card_info |
TLP | Enter the traffic light protocol (TLP) associated with the alert. | Text | Optional | Allowed values: RED, AMBER, GREEN, WHITE |
Card Groups | Enter the list of recipient groups to whom the alert is published. | Any | Optional | This is required if the status is PUBLISHED. |
Example Request
[
{
"tlp": "GREEN",
"title": "Malware Alert",
"status": "PUBLISHED",
"card_group": [
{
"group_id": "f3da5053",
"group_name": "All Users"
}
],
"description": "This is a sample description.",
"extra_fields": {},
"category_name": "Malware Advisories"
}
]
This action creates a tag in Collaborate's Tag Library.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
---|---|---|---|---|
Tag Name | Enter the tag name within 100 characters. Example: Sample Tag | Text | Required |
Example Request
[
{
"tag_name": "Sample Tag"
}
]
This action retrieves the list of incidents reported.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
---|---|---|---|---|
Extra Params | Enter additional parameters in the form of key-value pairs. Example: {"page": "1","pagesize": "1"} | Key Value | Optional | Allowed keys: page, pagesize |
Example Request
[
{
"page": "3",
"pagesize": "10"
}
]
This action retrieves the details of a specific field from Collaborate.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
---|---|---|---|---|
Field ID | Enter the unique ID of the field to retrieve the details. Example: 9123a385-09f7-4d89-9205-626dd5adad40 | Text | Required | You can retrieve this using the action List Additional Fields. |
Example Request
[
{
"field_uid": "2fbdbaba-56b9-4773-ad45-178c24e19f59"
}
]
This action retrieves the details of an alert using the specified alert ID. For Privileged Users, it retrieves details of alerts in all statuses. For Members, it retrieves details only for published alerts that are shared with them.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
---|---|---|---|---|
Alert ID | Enter the alert ID to retrieve its details. Example: 0cc6a7ba | Text | Required | You can retrieve this using the action List Alerts. |
Example Request
[
{
"alert_id": "127738ee"
}
]
This action retrieves attachments associated with a message using the Topic ID and sequence ID.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
---|---|---|---|---|
Seq ID | Enter the sequence ID to get the attachments from a message. Example: 1 | Integer | Required | You can retrieve this using the action Get Messages. |
Topic ID | Enter the topic ID to get the attachments from a topic. Example: altFJS7tcesE3I | Text | Required | You can retrieve this using the action Get Topics. |
Expiration Time | Enter the expiration time for the attachment URL in seconds. | Integer | Optional | Default value: 10 Maximum value: 604800 (7 days) |
Example Request
[
{
"seq_id": "9",
"topic_id": "alth7y9Gba2hkQ"
}
]
This action retrieves the details of an alert category using the unique category ID.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
---|---|---|---|---|
Category ID | Enter the category ID to retrieve its details. Example: 249ab570 | Text | Required | You can retrieve this using the action List Categories. |
Example Request
[
{
"category_id": "cef5d51f"
}
]
This action retrieves intel details. For Privileged Users, it retrieves details of all submitted intel by incident ID, while for Members, it retrieves the details of the intel submitted by the member.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
---|---|---|---|---|
Incident ID | Enter the incident ID to retrieve the details. Example: CY-e9492812 | Text | Required | You can retrieve this using the action List Submitted Intels. |
Example Request
[
{
"incident_id": "CY-e9492812"
}
]
This action retrieves the details of a member.
Note
Only Privileged Users can use this action.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
---|---|---|---|---|
User ID | Enter the user ID to retrieve the details. Example: 833ee8db-f3eb-447c-b0fc-aa6c1f906c36 | Text | Required | You can retrieve this using the action List Members. |
Example Request
[
{
"user_id": "833ee8db-f3eb-447c-b0fc-aa6c1f906c36cef5d51f"
}
]
This action retrieves messages from a topic-based discussion in the Messenger.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
---|---|---|---|---|
Topic ID | Enter the unique topic ID to retrieve the messages for the topic. Example: grp7WDklY1e23s | Text | Required | You can retrieve this using the action Get Topics. |
From Time | Enter the time (in EPOCH format) from which messages must be retrieved. Example: 160000000 | Text | Required | |
To Time | Enter the time (in EPOCH format) until which messages must be retrieved. Example: 1710147669 | Text | Required | |
Limit | Enter the limit for the number of messages. | Integer | Optional | Maximum allowed value: 500 Default value: 50 |
Example Request
[
{
"to_time": "1728021463",
"topic_id": "alth7y9Gba2hkQ",
"from_time": "1727848368"
}
]
This action retrieves the list of topic-based discussions from the Messenger.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
---|---|---|---|---|
Alert ID | Enter the unique ID of the alert to retrieve associated discussion topics. Example: 765f89c5 | Text | Required | You can retrieve this using the action List Alerts. |
Example Request
[
{
"alert_id": "127738ee"
}
]
This action retrieves the list of all the fields in Cyware Collaborate.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
---|---|---|---|---|
Query Params | Enter the query parameters in the form of key-value pairs. | Key Value | Optional | Allowed keys: page, pagesize |
Example Request
[
{
"query_params": {
"page": "1",
"pagesize": "1"
}
}
]
This actions lists the alerts from the Cyware Collaborate application.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
---|---|---|---|---|
Query Params | Enter the query parameters in the form of key-value pairs to filter the response. Example: {"page": "1","status": "draft","pagesize": "1"} | Key Value | Optional | Allowed keys: page, status, page_size, start_time, end_time, category_id, title, tlp |
Example Request
[
{
"extra_params": {
"page": "1",
"status": "DRAFT",
"pagesize": "5"
}
}
]
This action retrieves alerts using the tracking ID. A tracking ID is generated when third-party integrations publish alerts in Cyware Collaborate.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
---|---|---|---|---|
Tracking ID | Enter the tracking ID for the alert. Example: 240ce34b-1dc4-4dfc-9cbf-62360f46d3de | Text | Required | You can retrieve this using the action Get Alert Details. |
Count | Enter the number of alerts to retrieve in the response. Example: 2 | Integer | Optional | Default value: 5 |
Extra Params | Enter the extra parameters in the form of key-value pairs. | Key Value | Optional | Allowed key: status |
Example Request
[
{
"count": "2",
"tracking_id": "237d56d5-b0e7-4ba1-a068-b7ac802b1c63"
}
]
This action retrieves the list of active alert categories from Cyware Collaborate.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
---|---|---|---|---|
Query Params | Enter the query parameters in the form of key-value pairs. Example: {"page": "1", "pagesize": "1"} | Key Value | Optional | Allowed keys: page, pagesize, q |
Example Request
[
{
"extra_params": {
"page": "1",
"page_size": "160"
}
}
]
This action retrieves a list of information sources (info sources) from Cyware Collaborate.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
---|---|---|---|---|
Query Params | Enter the query parameters in the form of key-value pairs. Example: {"page": "1", "pagesize": "1"} | Key Value | Optional | Allowed keys: page, pagesize |
Example Request
[
{
"extra_params": {
"page": "1",
"page_size": "1"
}
}
]
This action retrieves the list of member users associated with your Cyware Collaborate tenant.
Note
Only Privileged Users can use this action.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
---|---|---|---|---|
Extra Params | Enter the extra parameters in the form of key-value pairs. Example: {"page": "1", "pagesize": "1"} | Key Value | Optional | Allowed keys: organization_id, email, page, pagesize |
Example Request
[
{
"extra_params": {
"page": "1",
"pagesize": "1"
}
}
]
This action retrieves a list of organizations from Collaborate. For Privileged Users, it retrieves the list of available organizations in Cyware Collaborate. For Members, it retrieves the organizations that they belong to.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
---|---|---|---|---|
Query Params | Enter the query parameters in the form of key-value pairs. Example: {"page": "1", "pagesize": "1"} | Key Value | Optional | Allowed keys: page, pagesize |
Example Request
[
{
"query_params": {
"page": "1",
"pagesize": "1"
}
}
]
This action retrieves a list of recipient groups from Cyware Collaborate. For Privileged Users, it retrieves all recipient groups in Cyware Collaborate. For Members, it retrieves only the recipient groups they belong to.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
---|---|---|---|---|
Query Params | Enter the query parameters in the form of key-value pairs. Example: {"page": "1", "pagesize": "1"} | Key Value | Optional | Allowed keys: page, pagesize, all_data, q |
Example Request
[
{
"extra_params": {
"page": "1",
"page_size": "1"
}
}
]
This action lists severity categories from the Cyware Collaborate application.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
---|---|---|---|---|
Query Params | Enter the query parameters in the form of key-value pairs. | Key Value | Optional |
Example Request
[
{
"extra_params": {}
}
]
This action retrieves a list of intels from Cyware Collaborate. For Privileged Users, it retrieves intel submitted by all members. For Members, it retrieves only the intel they have submitted.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
---|---|---|---|---|
Query Params | Enter the query parameters in the form of key-value pairs. Example: {"page": "1", "pagesize": "1"} | Key Value | Optional | Allowed keys: page, pagesize |
Example Request
[
{
"query_params": {
"page": "1",
"pagesize": "1"
}
}
]
This action lists all tags available in the Tag Library from Cyware Collaborate.
Action Input Parameters
No input parameters are required for this action.
This action retrieves a list of threat methods from the Cyware Collaborate.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
---|---|---|---|---|
Query Params | Enter the query parameters in the form of key-value pairs. | Key Value | Optional |
Example Request
[
{
"extra_params": {}
}
]
This action updates a published alert in the Analyst Portal by expiring the older alert and linking it to this new alert.
Note
You can only update an alert if you are a Privileged User.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
---|---|---|---|---|
Short ID | Enter the unique ID of the alert. Example: 37e03cb9 | Text | Required | You can retrieve this using the action List Alerts. |
Title | Enter the title of the alert. Example: Malware Alert | Text | Required | |
Content | Enter the description for the alert. Example: The team has tracked a unique threat. | Text | Required | |
Status | Enter the status of the alert. | Text | Required | Allowed values: DRAFT, PUBLISHED |
Extra Params | Enter the extra parameters to update the alert. | Key Value | Optional | Allowed keys: display_alert_image, card_image, type, tlp, card_category, card_category_name, card_info, tags, custom_fields, credibility, confidence, announcement_type, systemsaffected, info_source, document_type, risk, priority, vendorsnproduct, reportsource, vulnerability_type, vulnerability_source, targeted_sector, linked_alerts |
Example Request
[
{
"title": "Rising Threats",
"status": "DRAFT",
"content": "The team has tracked a unique threat.",
"short_id": "127738ee",
"extra_data": {}
}
]
This action updates an SA alert from the Cyware Collaborate Analyst Portal based on the specified alert ID using an older endpoint.
Note
For better performance, use the Update Published Alert action.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
---|---|---|---|---|
Alert ID | Enter the alert ID. Example: 0cc6a7ba | Text | Required | |
Title | Enter the title of the alert. Example: malware alert | Text | Required | |
Description | Enter the description of the alert. Example: This is a malware alert. | Text | Required | |
Status | Enter the alert status. allowed values: published, draft. by default, the value is published. | Text | Optional | |
Threat Indicators | Enter the threat indicators in the form of key-value pairs. Example: {"ip": ['1.1.1.1', 8.8.8.8'], "domain": ['abc.com', 'cde.com']} | Key Value | Optional | |
Additional Information | Enter any additional details of the alert to update. | Text | Optional | |
TLP | Enter the traffic light protocol (TLP) associated with the alert. | Text | Optional | Allowed values: RED, AMBER, GREEN, WHITE |
Extra Fields | Enter the extra fields in the form of key-value pairs. | Key Value | Optional | Allowed keys: support, card_group payload with id, name, tlp in dict of obj |
Example Request
[
{
"tlp": "GREEN",
"title": "Malware Alert",
"status": "PUBLISHED",
"alert_id": "59569642",
"description": "This is a sample description.",
"extra_fields": {},
"threat_indicators_obj": {}
}
]
This action uploads a file to the Doc Library to share it with individual recipients and recipient groups.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
---|---|---|---|---|
File | Specify the file path to upload the file to the Doc Library. | Text | Required | |
User Groups | Enter the group IDs of the recipient groups as comma-separated values to share the file. You can either enter User Groups or Individual Recipients. | Text | Optional | You can retrieve this using the action List Recipient Groups. |
Individual Recipients | Enter the email IDs of individual recipients as comma-separated values to share the file. You can either enter User Groups or Individual Recipients. Example: johndoe@sampleorg.com | Text | Required | |
TLP | Enter the TLP associated with the media. | Text | Required | Default value: WHITE |
File Name | Enter the name of the file. | Text | Required |
Example Request
[
{
"tlp": "WHITE",
"file_name": "test.jpg",
"file_path": "/tmp/559c7d0e-49b5-4288-bfeb-f9ae25ce0037/test.jpg",
"user_groups": "f3da5053,057aafab",
"individual_recipients": "johndoe@orgname.com"
}
]
This is a generic action used to make requests to any Cyware Collaborate endpoint.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
---|---|---|---|---|
Method | Enter the HTTP method to make the request. | Text | Required | Allowed values: GET, PUT, POST, DELETE |
Endpoint | Enter the endpoint to make the request. Example: /tag | Text | Required | |
Query Params | Enter the query parameters to pass to the API. | Key Value | Optional | |
Payload | Enter the payload to pass to the API. Example: $JSON[{"data": {'type': type,'id': id}}] | Any | Optional | |
Extra Fields | Enter the extra fields to pass to the API. | Key Value | Optional | Allowed keys: payload_data, custom_output, download, filename, files, retry_wait, retry_count, response_type |
Example Request
[
{
"method": "GET",
"endpoint": "/tag",
"extra_fields": {},
"query_params": {}
}
]