Skip to main content

Cyware Orchestrate

Cyware Collaborate 2.0.0

App Vendor: Cyware

App Category: Cyware Product, IT Services, Messaging

Connector Version: 2.0.1

API Version: V3

About App

The Cyware Collaborate app is an automated threat alert aggregation and information-sharing platform that enables security teams to share alerts and notifications efficiently, enhancing seamless collaboration.

The Cyware Collaborate app is configured with Cyware Orchestrate to perform the following actions:

Action Name

Description

Create Alert

This action creates an alert on the Cyware Collaborate Analyst Portal and publishes it to the intended recipients. You can only create an alert if you are a privileged user.

Create Intel

This action creates and submits intel in the Cyware Collaborate application. Note: Only member users can use this action.

Create Situational Awareness (SA) Alert (Deprecated)

This action creates and publishes an SA alert on the Cyware Collaborate Analyst Portal to recipients using an older endpoint. For better performance, use the Create Alert action instead.

Create Tag

This action creates a tag in Collaborate's Tag Library.

Fetch Reported Incidents (Deprecated)

This action retrieves the list of incidents reported.

Get Additional Field Details

This action retrieves the details of a specific field from Collaborate.

Get Alert Details

This action retrieves the details of an alert using the specified alert ID. For privileged users, it retrieves details of alerts in all statuses. For members, it retrieves details only for published alerts that are shared with them.

Get Attachments

This action retrieves attachments associated with a message using the topic ID and sequence ID.

Get Category Details

This action retrieves the details of an alert category using the unique category ID.

Get Intel Details

This action retrieves intel details. For privileged users, it retrieves details of all submitted intel by incident ID, while for members, it retrieves intel submitted by the member.

Get Member Details

This action retrieves the details of a member. Note: Only privileged users can use this action.

Get Messages

This action retrieves messages from a topic-based discussion in the Messenger.

Get Topics

This action retrieves the list of topic-based discussions from the Messenger.

List Additional Fields

This action retrieves the list of all the fields in Cyware Collaborate.

List Alerts

This action lists the alerts from the Cyware Collaborate application.

List Alerts by Related Indicators

This action retrieves a list of published alerts by indicators mentioned in the alerts.

List Alerts by Tracking ID

This action retrieves alerts using the tracking ID. A tracking ID is generated when third-party integrations publish alerts in Cyware Collaborate.

List Categories

This action retrieves the list of active alert categories from Cyware Collaborate.

List Information Sources

This action retrieves a list of information sources (info sources) from Cyware Collaborate.

List Members

This action retrieves the list of member users associated with your Cyware Collaborate tenant. Note: Only privileged users can use this action.

List Organizations

This action retrieves a list of organizations from Collaborate. For privileged users, it retrieves the list of available organizations in Cyware Collaborate. For members, it retrieves the organizations that they belong to.

List Recipient Groups

This action retrieves a list of recipient groups from Cyware Collaborate. For privileged users, it retrieves all recipient groups in Cyware Collaborate. For members, it retrieves only the recipient groups they belong to.

List Severity Categories

This action lists severity categories from the Cyware Collaborate application.

List Submitted Intels

This action retrieves a list of intels from Cyware Collaborate. For privileged users, it retrieves intel submitted by all members. For members, it retrieves only the intel they have submitted.

List Tags

This action lists all tags available in the Tag Library from Cyware Collaborate.

List Threat Methods

This action retrieves a list of threat methods from the Cyware Collaborate.

Update Published Alert

This action updates a published alert in the Analyst Portal by expiring the older alert and linking it to this new alert. You can only update an alert if you are a privileged user.

Update Situational Awareness (SA) Alert (Deprecated)

This action updates an SA alert from the Cyware Collaborate Analyst Portal based on the specified alert ID using an older endpoint. For better performance, use the Update Published Alert action.

Upload File

This action uploads a file to the Doc Library to share it with individual recipients and recipient groups.

Generic Action

This is a generic action used to make requests to any Cyware Collaborate endpoint.

Configuration Parameters

The following configuration parameters are required for the Cyware Collaborate app to communicate with the Cyware Collaborate enterprise application. The parameters can be configured by creating instances in the app.

Parameter

Description

Field Type

Required/Optional

Comments

Access ID 

Enter the access ID to access Collaborate.

Example:

80bd31c8-76fe-4548-8d4d-a65c6d3491b7

Text

Required

For more information about generating an Access ID, see Configure Collaborate Open API.

Secret Key 

Enter the secret key to access Collaborate.

Example:

4217008c-f4c9-4307-b0b1-8286719b5907

Password

Required

For more information about generating a Secret Key, see Configure Collaborate Open API.

Base URL 

Enter the base URL to access Collaborate.

Example:

https://tenant.domain.tld/api/

Text

Required

Timeout 

Enter the timeout value in seconds. This is the number of seconds that requests will wait to establish a connection with Collaborate.

Integer

Optional

Allowed range:

15-120

Default value:

15

Verify 

Choose your preference to verify SSL or TLS while making requests. It is recommended to set this option to yes. Passing no may result in incorrectly establishing the connection.

Boolean

Optional

By default, verification is enabled.

Action: Create Alert

This action creates an alert on the Cyware Collaborate Analyst Portal and publishes it to the intended recipients.

Note

You can only create an alert if you are a Privileged User.

Action Input Parameters

Parameter

Description

Field Type

Required/Optional

Comments

Title

Enter the title of the alert.

Example:

Malware Alert

Text

Required

Content

Enter the description for the alert.

Example:

This is to notify you about the ongoing malware attacks.

Text

Required

Status

Enter the status of the alert.

Text

Required

Allowed values:

DRAFT, PUBLISHED

Note

You can specify the status as PUBLISHED only if you have permission to publish alerts in the Analyst Portal.

Card Groups

Enter the list of recipient groups to whom the alert is published.

Any

Optional

You can retrieve this using the action List Recipient Groups.

This is a required field if the status is PUBLISHED.

Attachments

Enter the list of document IDs or link to the documents to add attachments.

List

Optional

You can retrieve the document ID using the action Upload File.

Extra Params

Enter the extra parameters to create an alert.

Key Value

Optional

Allowed keys:

display_alert_image, card_image, type, tlp, card_category, card_category_name, card_info, tags, custom_fields, credibility, confidence, announcement_type, systemsaffected, info_source, document_type, risk, priority, vendorsnproduct, reportsource, vulnerability_type, vulnerability_source, targeted_sector, linked_alerts

Example Request

[
  {
    "title": "Malware Alert",
    "status": "PUBLISHED",
    "content": "This is to notify you about the ongoing malware attacks.",
    "card_group": [
      {
        "group_id": "f3da5053",
        "group_name": "IT Professionals"
      }
    ],
    "extra_data": {
      "tracking_id": "1111"
    },
    "attachments": [
      "https://example.com/attachments/sample-file.pdf"
    ]
  }
]
Action: Create Intel

This action creates and submits intel in the Cyware Collaborate application.

Note

You can only create and submit an intel if you are a Member.

Action Input Parameters

Parameter

Description

Field Type

Required/Optional

Comments

Title

Enter the title of the intel.

Example:

New Intel

Text

Required

Description

Enter the description for the intel.

Example:

New intel for cybersecurity threats

Text

Required

Category ID

Enter the category ID associated with the category for the intel.

Example:

07b74568

Text

Required

You can retrieve this using the action List Categories.

TLP

Enter the TLP associated with the intel.

Text

Optional

Allowed values:

RED, GREEN, WHITE, CLEAR, AMBER, AMBER+STRICT

Default value:

WHITE

Extra Params

Enter the extra parameters in the form of key-value pairs.

Key Value

Optional

Allowed values:

user_group, organizations, optional_fields, indicators, credibility, urgency, threat_actors, threat_methods, severity, incident_date, system_function, recommendation

Example Request

[
  {
    "tlp": "RED",
    "title": "New Intel",
    "category_id": "b573dd45",
    "description": "This is sample description.",
    "extra_params": {}
  }
]
Action: Create Situational Awareness (SA) Alert (Deprecated)

This action creates and publishes an SA alert on the Cyware Collaborate Analyst Portal to recipients using an older endpoint.

Note

For better performance, use the Create Alert action instead.

Action Input Parameters

Parameter

Description

Field Type

Required/Optional

Comments

Title

Enter the title of the alert.

Example:

Malware Alert

Text

Required

Description

Enter the description of the alert.

Example:

This is a malware alert.

Text

Required

Status

Enter the alert status.

Text

Optional

Allowed values:

DRAFT, PUBLISHED

Category Name

Enter the category name.

Example:

Vulnerability

Text

Optional

Extra Fields

Enter the additional fields in the form of key-value pairs.

Example:

threat_indicators_obj = {"ip": ['1.1.1.1', 8.8.8.8'],"domain": ['abc.com', 'cde.com']}

Key Value

Optional

Allowed keys:

support, card_group payload with id, name, tlp in dict of obj, threat_indicators_obj, card_info

TLP

Enter the traffic light protocol (TLP) associated with the alert.

Text

Optional

Allowed values:

RED, AMBER, GREEN, WHITE

Card Groups

Enter the list of recipient groups to whom the alert is published.

Any

Optional

This is required if the status is PUBLISHED.

Example Request

[
  {
    "tlp": "GREEN",
    "title": "Malware Alert",
    "status": "PUBLISHED",
    "card_group": [
      {
        "group_id": "f3da5053",
        "group_name": "All Users"
      }
    ],
    "description": "This is a sample description.",
    "extra_fields": {},
    "category_name": "Malware Advisories"
  }
]
Action: Create Tag

This action creates a tag in Collaborate's Tag Library.

Action Input Parameters

Parameter

Description

Field Type

Required/Optional

Comments

Tag Name

Enter the tag name within 100 characters.

Example:

Sample Tag

Text

Required

Example Request

[
  {
    "tag_name": "Sample Tag"
  }
]
Action: Fetch Reported Incidents (Deprecated)

This action retrieves the list of incidents reported.

Action Input Parameters

Parameter

Description

Field Type

Required/Optional

Comments

Extra Params

Enter additional parameters in the form of key-value pairs.

Example:

{"page": "1","pagesize": "1"}

Key Value

Optional

Allowed keys:

page, pagesize

Example Request

[
    {
        "page": "3",
        "pagesize": "10"
    }
]
Action: Get Additional Field Details

This action retrieves the details of a specific field from Collaborate.

Action Input Parameters

Parameter

Description

Field Type

Required/Optional

Comments

Field ID

Enter the unique ID of the field to retrieve the details.

Example:

9123a385-09f7-4d89-9205-626dd5adad40

Text

Required

You can retrieve this using the action List Additional Fields.

Example Request

[
  {
    "field_uid": "2fbdbaba-56b9-4773-ad45-178c24e19f59"
  }
]
Action: Get Alert Details

This action retrieves the details of an alert using the specified alert ID. For Privileged Users, it retrieves details of alerts in all statuses. For Members, it retrieves details only for published alerts that are shared with them.

Action Input Parameters

Parameter

Description

Field Type

Required/Optional

Comments

Alert ID

Enter the alert ID to retrieve its details.

Example:

0cc6a7ba

Text

Required

You can retrieve this using the action List Alerts.

Example Request

[
  {
    "alert_id": "127738ee"
  }
]
Action: Get Attachments

This action retrieves attachments associated with a message using the Topic ID and sequence ID.

Action Input Parameters

Parameter

Description

Field Type

Required/Optional

Comments

Seq ID

Enter the sequence ID to get the attachments from a message.

Example:

1

Integer

Required

You can retrieve this using the action Get Messages.

Topic ID

Enter the topic ID to get the attachments from a topic.

Example:

altFJS7tcesE3I

Text

Required

You can retrieve this using the action Get Topics.

Expiration Time

Enter the expiration time for the attachment URL in seconds.

Integer

Optional

Default value:

10

Maximum value:

604800 (7 days)

Example Request

[
  {
    "seq_id": "9",
    "topic_id": "alth7y9Gba2hkQ"
  }
]
Action: Get Category Details

This action retrieves the details of an alert category using the unique category ID.

Action Input Parameters

Parameter

Description

Field Type

Required/Optional

Comments

Category ID

Enter the category ID to retrieve its details.

Example:

249ab570

Text

Required

You can retrieve this using the action List Categories.

Example Request

[
  {
    "category_id": "cef5d51f"
  }
]
Action: Get Intel Details

This action retrieves intel details. For Privileged Users, it retrieves details of all submitted intel by incident ID, while for Members, it retrieves the details of the intel submitted by the member.

Action Input Parameters

Parameter

Description

Field Type

Required/Optional

Comments

Incident ID

Enter the incident ID to retrieve the details.

Example:

CY-e9492812

Text

Required

You can retrieve this using the action List Submitted Intels.

Example Request

[
  {
    "incident_id": "CY-e9492812"
  }
]
Action: Get Member Details

This action retrieves the details of a member.

Note

Only Privileged Users can use this action.

Action Input Parameters

Parameter

Description

Field Type

Required/Optional

Comments

User ID

Enter the user ID to retrieve the details.

Example:

833ee8db-f3eb-447c-b0fc-aa6c1f906c36

Text

Required

You can retrieve this using the action List Members.

Example Request

[
  {
    "user_id": "833ee8db-f3eb-447c-b0fc-aa6c1f906c36cef5d51f"
  }
]
Action: Get Messages

This action retrieves messages from a topic-based discussion in the Messenger.

Action Input Parameters

Parameter

Description

Field Type

Required/Optional

Comments

Topic ID

Enter the unique topic ID to retrieve the messages for the topic.

Example:

grp7WDklY1e23s

Text

Required

You can retrieve this using the action Get Topics.

From Time

Enter the time (in EPOCH format) from which messages must be retrieved.

Example:

160000000

Text

Required

To Time

Enter the time (in EPOCH format) until which messages must be retrieved.

Example:

1710147669

Text

Required

Limit

Enter the limit for the number of messages.

Integer

Optional

Maximum allowed value:

500

Default value:

50

Example Request

[
  {
    "to_time": "1728021463",
    "topic_id": "alth7y9Gba2hkQ",
    "from_time": "1727848368"
  }
]
Action: Get Topics

This action retrieves the list of topic-based discussions from the Messenger.

Action Input Parameters

Parameter

Description

Field Type

Required/Optional

Comments

Alert ID

Enter the unique ID of the alert to retrieve associated discussion topics.

Example:

765f89c5

Text

Required

You can retrieve this using the action List Alerts.

Example Request

[
  {
    "alert_id": "127738ee"
  }
]
Action: List Additional Fields

This action retrieves the list of all the fields in Cyware Collaborate.

Action Input Parameters

Parameter

Description

Field Type

Required/Optional

Comments

Query Params

Enter the query parameters in the form of key-value pairs.

Key Value

Optional

Allowed keys:

page, pagesize

Example Request

[
  {
    "query_params": {
      "page": "1",
      "pagesize": "1"
    }
  }
]
Action: List Alerts

This actions lists the alerts from the Cyware Collaborate application.

Action Input Parameters

Parameter

Description

Field Type

Required/Optional

Comments

Query Params

Enter the query parameters in the form of key-value pairs to filter the response.

Example:

{"page": "1","status": "draft","pagesize": "1"}

Key Value

Optional

Allowed keys:

page, status, page_size, start_time, end_time, category_id, title, tlp

Example Request

[
  {
    "extra_params": {
      "page": "1",
      "status": "DRAFT",
      "pagesize": "5"
    }
  }
]
Action: List Alerts by Tracking ID

This action retrieves alerts using the tracking ID. A tracking ID is generated when third-party integrations publish alerts in Cyware Collaborate.

Action Input Parameters

Parameter

Description

Field Type

Required/Optional

Comments

Tracking ID

Enter the tracking ID for the alert.

Example:

240ce34b-1dc4-4dfc-9cbf-62360f46d3de

Text

Required

You can retrieve this using the action Get Alert Details.

Count

Enter the number of alerts to retrieve in the response.

Example:

2

Integer

Optional

Default value:

5

Extra Params

Enter the extra parameters in the form of key-value pairs.

Key Value

Optional

Allowed key:

status

Example Request

[
  {
    "count": "2",
    "tracking_id": "237d56d5-b0e7-4ba1-a068-b7ac802b1c63"
  }
]
Action: List Categories

This action retrieves the list of active alert categories from Cyware Collaborate.

Action Input Parameters

Parameter

Description

Field Type

Required/Optional

Comments

Query Params

Enter the query parameters in the form of key-value pairs.

Example:

{"page": "1", "pagesize": "1"}

Key Value

Optional

Allowed keys:

page, pagesize, q

Example Request

[
  {
    "extra_params": {
      "page": "1",
      "page_size": "160"
    }
  }
]
Action: List Information Sources

This action retrieves a list of information sources (info sources) from Cyware Collaborate.

Action Input Parameters

Parameter

Description

Field Type

Required/Optional

Comments

Query Params

Enter the query parameters in the form of key-value pairs.

Example:

{"page": "1", "pagesize": "1"}

Key Value

Optional

Allowed keys:

page, pagesize

Example Request

[
  {
    "extra_params": {
      "page": "1",
      "page_size": "1"
    }
  }
]
Action: List Members

This action retrieves the list of member users associated with your Cyware Collaborate tenant.

Note

Only Privileged Users can use this action.

Action Input Parameters

Parameter

Description

Field Type

Required/Optional

Comments

Extra Params

Enter the extra parameters in the form of key-value pairs.

Example:

{"page": "1", "pagesize": "1"}

Key Value

Optional

Allowed keys:

organization_id, email, page, pagesize

Example Request

[
  {
    "extra_params": {
      "page": "1",
      "pagesize": "1"
    }
  }
]
Action: List Organizations

This action retrieves a list of organizations from Collaborate. For Privileged Users, it retrieves the list of available organizations in Cyware Collaborate. For Members, it retrieves the organizations that they belong to.

Action Input Parameters

Parameter

Description

Field Type

Required/Optional

Comments

Query Params

Enter the query parameters in the form of key-value pairs.

Example:

{"page": "1", "pagesize": "1"}

Key Value

Optional

Allowed keys:

page, pagesize

Example Request

[
  {
    "query_params": {
      "page": "1",
      "pagesize": "1"
    }
  }
]
Action: List Recipient Groups

This action retrieves a list of recipient groups from Cyware Collaborate. For Privileged Users, it retrieves all recipient groups in Cyware Collaborate. For Members, it retrieves only the recipient groups they belong to.

Action Input Parameters

Parameter

Description

Field Type

Required/Optional

Comments

Query Params

Enter the query parameters in the form of key-value pairs.

Example:

{"page": "1", "pagesize": "1"}

Key Value

Optional

Allowed keys:

page, pagesize, all_data, q

Example Request

[
  {
    "extra_params": {
      "page": "1",
      "page_size": "1"
    }
  }
]
Action: List Severity Categories

This action lists severity categories from the Cyware Collaborate application.

Action Input Parameters

Parameter

Description

Field Type

Required/Optional

Comments

Query Params

Enter the query parameters in the form of key-value pairs.

Key Value

Optional

Example Request

[
  {
    "extra_params": {}
  }
]
Action: List Submitted Intels

This action retrieves a list of intels from Cyware Collaborate. For Privileged Users, it retrieves intel submitted by all members. For Members, it retrieves only the intel they have submitted.

Action Input Parameters

Parameter

Description

Field Type

Required/Optional

Comments

Query Params

Enter the query parameters in the form of key-value pairs.

Example:

{"page": "1", "pagesize": "1"}

Key Value

Optional

Allowed keys:

page, pagesize

Example Request

[
  {
    "query_params": {
      "page": "1",
      "pagesize": "1"
    }
  }
]
Action: List Tags

This action lists all tags available in the Tag Library from Cyware Collaborate.

Action Input Parameters

No input parameters are required for this action.

Action: List Threat Methods

This action retrieves a list of threat methods from the Cyware Collaborate.

Action Input Parameters

Parameter

Description

Field Type

Required/Optional

Comments

Query Params

Enter the query parameters in the form of key-value pairs.

Key Value

Optional

Example Request

[
  {
    "extra_params": {}
  }
]
Action: Update Published Alert

This action updates a published alert in the Analyst Portal by expiring the older alert and linking it to this new alert.

Note

You can only update an alert if you are a Privileged User.

Action Input Parameters

Parameter

Description

Field Type

Required/Optional

Comments

Short ID

Enter the unique ID of the alert.

Example:

37e03cb9

Text

Required

You can retrieve this using the action List Alerts.

Title

Enter the title of the alert.

Example:

Malware Alert

Text

Required

Content

Enter the description for the alert.

Example:

The team has tracked a unique threat.

Text

Required

Status

Enter the status of the alert.

Text

Required

Allowed values:

DRAFT, PUBLISHED

Extra Params

Enter the extra parameters to update the alert.

Key Value

Optional

Allowed keys:

display_alert_image, card_image, type, tlp, card_category, card_category_name, card_info, tags, custom_fields, credibility, confidence, announcement_type, systemsaffected, info_source, document_type, risk, priority, vendorsnproduct, reportsource, vulnerability_type, vulnerability_source, targeted_sector, linked_alerts

Example Request

[
  {
    "title": "Rising Threats",
    "status": "DRAFT",
    "content": "The team has tracked a unique threat.",
    "short_id": "127738ee",
    "extra_data": {}
  }
]
Action: Update Situational Awareness (SA) Alert (Deprecated)

This action updates an SA alert from the Cyware Collaborate Analyst Portal based on the specified alert ID using an older endpoint.

Note

For better performance, use the Update Published Alert action.

Action Input Parameters

Parameter

Description

Field Type

Required/Optional

Comments

Alert ID

Enter the alert ID.

Example:

0cc6a7ba

Text

Required

Title

Enter the title of the alert.

Example:

malware alert

Text

Required

Description

Enter the description of the alert.

Example:

This is a malware alert.

Text

Required

Status

Enter the alert status. allowed values: published, draft. by default, the value is published.

Text

Optional

Threat Indicators

Enter the threat indicators in the form of key-value pairs.

Example:

{"ip": ['1.1.1.1', 8.8.8.8'], "domain": ['abc.com', 'cde.com']}

Key Value

Optional

Additional Information

Enter any additional details of the alert to update.

Text

Optional

TLP

Enter the traffic light protocol (TLP) associated with the alert.

Text

Optional

Allowed values:

RED, AMBER, GREEN, WHITE

Extra Fields

Enter the extra fields in the form of key-value pairs.

Key Value

Optional

Allowed keys:

support, card_group payload with id, name, tlp in dict of obj

Example Request

[
  {
    "tlp": "GREEN",
    "title": "Malware Alert",
    "status": "PUBLISHED",
    "alert_id": "59569642",
    "description": "This is a sample description.",
    "extra_fields": {},
    "threat_indicators_obj": {}
  }
]
Action: Upload File

This action uploads a file to the Doc Library to share it with individual recipients and recipient groups.

Action Input Parameters

Parameter

Description

Field Type

Required/Optional

Comments

File

Specify the file path to upload the file to the Doc Library.

Text

Required

User Groups

Enter the group IDs of the recipient groups as comma-separated values to share the file.

You can either enter User Groups or Individual Recipients.

Text

Optional

You can retrieve this using the action List Recipient Groups.

Individual Recipients

Enter the email IDs of individual recipients as comma-separated values to share the file.

You can either enter User Groups or Individual Recipients.

Example:

johndoe@sampleorg.com

Text

Required

TLP

Enter the TLP associated with the media.

Text

Required

Default value:

WHITE

File Name

Enter the name of the file.

Text

Required

Example Request

[
  {
    "tlp": "WHITE",
    "file_name": "test.jpg",
    "file_path": "/tmp/559c7d0e-49b5-4288-bfeb-f9ae25ce0037/test.jpg",
    "user_groups": "f3da5053,057aafab",
    "individual_recipients": "johndoe@orgname.com"
  }
]
Action: Generic Action

This is a generic action used to make requests to any Cyware Collaborate endpoint.

Action Input Parameters

Parameter

Description

Field Type

Required/Optional

Comments

Method

Enter the HTTP method to make the request.

Text

Required

Allowed values:

GET, PUT, POST, DELETE

Endpoint

Enter the endpoint to make the request.

Example:

/tag

Text

Required

Query Params

Enter the query parameters to pass to the API.

Key Value

Optional

Payload

Enter the payload to pass to the API.

Example:

$JSON[{"data": {'type': type,'id': id}}]

Any

Optional

Extra Fields

Enter the extra fields to pass to the API.

Key Value

Optional

Allowed keys:

payload_data, custom_output, download, filename, files, retry_wait, retry_count, response_type

Example Request

[
  {
    "method": "GET",
    "endpoint": "/tag",
    "extra_fields": {},
    "query_params": {}
  }
]
Publication date:
Hide Menu
Back to Top