Cyware Collaborate 2.0.0
App Vendor: Cyware
App Category: Cyware Product, IT Services, Messaging
Connector Version: 2.1.1
API Version: V3
About App
The Cyware Collaborate app is an automated threat alert aggregation and information-sharing platform that enables security teams to share alerts and notifications efficiently, enhancing seamless collaboration.
The Cyware Collaborate app is configured with Cyware Orchestrate to perform the following actions:
Action Name | Description |
|---|---|
Add Member | This action adds a member user to Collaborate's Member Portal. |
Create Alert | This action creates an alert on the Cyware Collaborate Analyst Portal and publishes it to the intended recipients. You can only create an alert if you are a privileged user. |
Create Folder | This action creates a new folder in the Doc Library within the specified parent folder. If you do not specify any parent folder, the new folder is created in the root directory. You can only use this action if you are a privileged user. |
Create Intel | This action creates and submits intel in the Cyware Collaborate application. Note: Only member users can use this action. |
Create Organization | This action creates an organization in the Collaborate application. Note: Only privileged users can use this action. |
Create Recommended Action | This action creates a recommended action. As a privileged user, you can recommend actions to members for published alerts. As a member user, you can suggest recommended actions to other members. |
Create Situational Awareness (SA) Alert (Deprecated) | This action creates and publishes an SA alert on the Cyware Collaborate Analyst Portal to recipients using an older endpoint. For better performance, use the Create Alert action instead. |
Create Tag | This action creates a tag in Collaborate's Tag Library. |
Fetch Reported Incidents (Deprecated) | This action retrieves the list of incidents reported. |
Get Additional Field Details | This action retrieves the details of a specific field from Collaborate. |
Get Alert Details | This action retrieves the details of an alert using the specified alert ID. For privileged users, it retrieves details of alerts in all statuses. For members, it retrieves details only for published alerts that are shared with them. |
Get Attachments | This action retrieves attachments associated with a message using the topic ID and sequence ID. |
Get Category Details | This action retrieves the details of an alert category using the unique category ID. |
Get Details of a Request for Information | This action retrieves the details of an RFI using its incident ID. |
Get Document Detials | This action retrieves the details of a Doc Library file or folder using its document ID. You can only use this action if you are a privileged user. |
Get Folder Details | This action retrieves details of a specific folder using the folder ID. If no folder ID provided, details of root folder is retrieved. You can only use this action if you are a privileged user. |
Get Followers of Intelligence Requirement (IR) | This action retrieves the list of followers of a published Intelligence Requirement (IR). You can only use this action if you are a privileged user. |
Get Intel Details | This action retrieves intel details. For privileged users, it retrieves details of all submitted intel by incident ID, while for members, it retrieves intel submitted by the member. |
Get Intelligence Requirements (IRs) | This action retrieves the list of Intelligence Requirements (IRs) and their statuses. This endpoint excludes IRs in draft status. |
Get Matched Alerts by IR ID | This action retrieves the list of alerts matched with the specified Intelligence Requirement(IR) ID. Alerts are matched to IR based on tags. |
Get Member Details | This action retrieves the details of a member. Note: Only privileged users can use this action. |
Get Messages | This action retrieves messages from a topic-based discussion in Messenger. |
Get Recommended Actions | This action retrieves the recommended actions and their details for a specific alert using its alert ID. |
Get Responses for a Request for Information | This action retrieves all responses to an RFI alert. |
Get Topics | This action retrieves the list of topic-based discussions from Messenger. |
List Additional Fields | This action retrieves the list of all the fields in Cyware Collaborate. |
List Alerts | This action lists the alerts from the Cyware Collaborate application. |
List Alerts by Related Indicators | This action retrieves a list of published alerts by indicators mentioned in the alerts. |
List Alerts by Tracking ID | This action retrieves alerts using the tracking ID. A tracking ID is generated when third-party integrations publish alerts in Cyware Collaborate. |
List Categories | This action retrieves the list of active alert categories from Cyware Collaborate. |
List Information Sources | This action retrieves a list of information sources (info sources) from Cyware Collaborate. |
List Members | This action retrieves the list of member users associated with your Cyware Collaborate tenant. Note: Only privileged users can use this action. |
List Organizations | This action retrieves a list of organizations from Collaborate. For privileged users, it retrieves the list of available organizations in Cyware Collaborate. For members, it retrieves the organizations that they belong to. |
List Recipient Groups | This action retrieves a list of recipient groups from Cyware Collaborate. For privileged users, it retrieves all recipient groups in Cyware Collaborate. For members, it retrieves only the recipient groups they belong to. |
List Requests for Information | This action retrieves all the RFIs. For privileged users, it retrieves all the RFIs submitted by members. For members, it retrieves the RFIs submitted by them. |
List Severity Categories | This action lists severity categories from the Cyware Collaborate application. |
List Submitted Intels | This action retrieves a list of intels from Cyware Collaborate. For privileged users, it retrieves intel submitted by all members. For members, it retrieves only the intel they have submitted. |
List Tags | This action lists all tags available in the Tag Library from Cyware Collaborate. |
List Threat Methods | This action retrieves a list of threat methods from the Cyware Collaborate. |
Share RFI Response | This action adds a response to the specified RFI alert. You can also attach files to your RFI response. |
Submit Alert Feedback | This action submits feedback for an alert by indicating like or dislike, rating the content and relevancy, as well as adding a comment. You can only submit an alert feedback if you are a member. |
Submit Request for Information (RFI) | This action submits a Request for Information (RFI) to analysts. You can only submit an RFI if you are a member. |
Update Member | This action updates a member's profile details in Collaborate's Member Portal. |
Update Published Alert | This action updates a published alert in the Analyst Portal by expiring the older alert and linking it to this new alert. You can only update an alert if you are a privileged user. |
Update Situational Awareness (SA) Alert (Deprecated) | This action updates an SA alert from the Cyware Collaborate Analyst Portal based on the specified alert ID using an older endpoint. For better performance, use the Update Published Alert action. |
Upload Attachment | This action uploads a file and returns the media ID required to submit RFI responses. You can only upload an attachment if you are a member. |
Upload File | This action uploads a file to the Doc Library to share it with individual recipients and recipient groups. |
Generic Action | This is a generic action used to make requests to any Cyware Collaborate endpoint. |
Configuration Parameters
The following configuration parameters are required for the Cyware Collaborate app to communicate with the Cyware Collaborate enterprise application. The parameters can be configured by creating instances in the app.
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Access ID | Enter the access ID to access Collaborate. Example: 80bd31c8-76fe-4548-8d4d-a65c6d3491b7 | Text | Required | For more information about generating an Access ID, see Configure Collaborate Open API. |
Secret Key | Enter the secret key to access Collaborate. Example: 4217008c-f4c9-4307-b0b1-8286719b5907 | Password | Required | For more information about generating a Secret Key, see Configure Collaborate Open API. |
Base URL | Enter the base URL to access Collaborate. Example: https://tenant.domain.tld/api/ | Text | Required | |
Timeout | Enter the timeout value in seconds. This is the number of seconds that requests will wait to establish a connection with Collaborate. | Integer | Optional | Allowed range: 15-120 Default value: 15 |
Verify | Choose your preference to verify SSL or TLS while making requests. It is recommended to set this option to yes. Passing no may result in incorrectly establishing the connection. | Boolean | Optional | By default, verification is enabled. |
Action: Add Member
This action adds a member user to Collaborate's Member Portal. Note: Only privileged users can use this action.
Note
You can only add a member if you are a Privileged User.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Enter the email address of the member user you want to add. Example: john.doe@orgname.com | Text | Required | ||
First Name | Enter the name of the member. | Text | Required | |
Organization Type | Enter the organization type that the member belongs to. Example: { "org_type_id": "a95f3553-ea8e-4f95-8e6a-43d47997c50c", "org_type_name": "Media and Communications" } | Key Value | Required | You can retrieve this using the Action: List Organizations. |
Organization | Enter the organization that the member belongs to. Example: { "organization_id": "3cf257a6-e329-48b7-8c14-815d3c358bae", "organization_name": "Example Org" } | Key Value | Required | You can retrieve this using the Action: List Organizations. |
User Group | Enter the group ID of the recipient group the member is part of. Example: $JSON[[{"group_id": "18d6cc08","group_name": "All Users"}]] | Any | Optional | You can retrieve this using the Action: List Recipient Groups. |
Extra Fields | Enter the additional fields to add a member. | Key Value | Optional | Allowed keys: country_code, phone_number, send_welcome_email, mailing_address, member_email_whitelisted_domains |
Example Request
[
{
"email": "john.doe@orgname.com",
"first_name": "John",
"extra_fields": {},
"organization": {
"organization_id": "dc15341e-cb5b-4018-99a8-a1fde8ddb7b0",
"organization_name": "Example Org Name"
},
"organization_type": {
"org_type_id": "3d849dfa-0025-4e88-b344-6843111aad63",
"org_type_name": "All Users"
}
}
]Action: Create Alert
This action creates an alert on the Cyware Collaborate Analyst Portal and publishes it to the intended recipients.
Note
You can only create an alert if you are a Privileged User.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Title | Enter the title of the alert. Example: Malware Alert | Text | Required | |
Content | Enter the description for the alert. Example: This is to notify you about the ongoing malware attacks. | Text | Required | |
Status | Enter the status of the alert. | Text | Required | Allowed values: DRAFT, PUBLISHED NoteYou can specify the status as PUBLISHED only if you have permission to publish alerts in the Analyst Portal. |
Card Groups | Enter the list of recipient groups to whom the alert is published. | Any | Optional | You can retrieve this using the action List Recipient Groups. This is a required field if the status is PUBLISHED. |
Attachments | Enter the list of document IDs or link to the documents to add attachments. | List | Optional | You can retrieve the document ID using the action Upload File. |
Extra Params | Enter the extra parameters to create an alert. | Key Value | Optional | Allowed keys: display_alert_image, card_image, type, tlp, card_category, card_category_name, card_info, tags, custom_fields, credibility, confidence, announcement_type, systemsaffected, info_source, document_type, risk, priority, vendorsnproduct, reportsource, vulnerability_type, vulnerability_source, targeted_sector, linked_alerts |
Example Request
[
{
"title": "Malware Alert",
"status": "PUBLISHED",
"content": "This is to notify you about the ongoing malware attacks.",
"card_group": [
{
"group_id": "f3da5053",
"group_name": "IT Professionals"
}
],
"extra_data": {
"tracking_id": "1111"
},
"attachments": [
"https://example.com/attachments/sample-file.pdf"
]
}
]Action: Create Folder
This action creates a new folder in the Doc Library within the specified parent folder. If you do not specify any parent folder, the new folder is created in the root directory.
Note
You can only create a folder if you are a Privileged User.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Folder Name | Enter the name of the folder in 100 characters. Example: Sample Folder Name | Text | Required | |
Folder Description | Enter a brief description of the folder in 500 characters. | Text | Optional | |
Recipient Groups | Enter the recipient groups who can access this folder. If you specify a parent folder, ensure to include the recipient groups that have access to the parent folder as well. Example: $JSON[[{"group_id": "611e7a57", "edit_access": true}, {"group_id": "591s7b01", "edit_access": true}]] | Any | Optional | You can retrieve this using the Action: Get Folder Details. |
Individual Recipients | Enter the individual recipients who can access this folder. If you specify a parent folder, ensure to include users from the parent folder here. Example: $JSON[[{"email": "johndoe@orgname.com", "edit_access": true}, {"email": "janedoe@orgname.com", "edit_access": true}]] | Any | Optional | You can retrieve this using the Action: Get Folder Details. |
Parent Folder ID | Enter the ID of the parent folder where you want to create the new folder. Example: 0888cb50-f234-422b-8765-65bdc62fa819 | Text | Optional | You can retrieve this using the Action: Get Folder Details. |
Example Request
[
{
"folder_name": "Sample Folder Name",
"recipient_groups": [
{
"group_id": "74efd683",
"edit_access": true
}
],
"folder_description": "This is a sample description",
"individual_recipients": [
{
"email": "johndoe@orgname.com",
"edit_access": true
}
]
}
]Action: Create Intel
This action creates and submits intel in the Cyware Collaborate application.
Note
You can only create and submit an intel if you are a Member.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Title | Enter the title of the intel. Example: New Intel | Text | Required | |
Description | Enter the description for the intel. Example: New intel for cybersecurity threats | Text | Required | |
Category ID | Enter the category ID associated with the category for the intel. Example: 07b74568 | Text | Required | You can retrieve this using the action List Categories. |
TLP | Enter the TLP associated with the intel. | Text | Optional | Allowed values: RED, GREEN, WHITE, CLEAR, AMBER, AMBER+STRICT Default value: WHITE |
Extra Params | Enter the extra parameters in the form of key-value pairs. | Key Value | Optional | Allowed values: user_group, organizations, optional_fields, indicators, credibility, urgency, threat_actors, threat_methods, severity, incident_date, system_function, recommendation |
Example Request
[
{
"tlp": "RED",
"title": "New Intel",
"category_id": "b573dd45",
"description": "This is sample description.",
"extra_params": {}
}
]Action: Create Organization
This action creates an organization in the Collaborate application.
Note
You can only create an organization if you are a Privileged User.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Organization Name | Enter the name of the organization that you want to create. Example: Sample Org Name | Text | Required | |
Organization Type | Enter the organization type that the organization must be part of. Example: $JSON[{"organization_type_id": "3d849dfa-0025-4e88-b344-6843111aad63", "org_type_name": "Media and Communications", "is_active": true}] | Any | Required | You can retrieve this using the Action: List Organizations. |
Member Email Whitelisted Domains | Enter the list of allowed email domains in comma-separated format. Example: exampleorg.com | Text | Optional |
Example Request
[
{
"organization_name": "Sample Org Name",
"organization_types": [
{
"organization_type_id": "10f68aa6-acde-4aaa-b2e2-7be169dc30c2",
"org_type_name": "Media and Communications",
"is_active": true
}
],
"member_email_whitelisted_domains": "exampleorg.com"
}
]Action: Create Recommended Action
This action creates a recommended action. As a privileged user, you can recommend actions to members for published alerts. As a member user, you can suggest recommended actions to other members.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Alert ID | Enter the ID of the alert associated with the recommended action. Example: 5b8d53c7 | Text | Required | You can retrieve the alert ID using the Action: List Alerts. |
Title | Enter the title of the recommended action in 150 characters. Example: Verify Suspicious Email for Phishing Indicators | Text | Required | |
Description | Enter the description of the recommended action in HTML format. Example: <p>Analyze the reported phishing email, check for suspicious links, and report any potential threats.</p> | Text | Required | |
Recipient Type | Enter the recipient type for the recommended action. This determines the default group of users who will receive the action. | Text | Required | Allowed value if you are a privileged user: BY_ORGANIZATION Allowed values if you are a member user: BY_RECIPIENT_GROUP, BY_RECIPIENT_USER |
Assigned To | Enter a list of one or more email IDs of users to assign the action to. Only users who are recipients of the alert can be assigned. NoteYou must provide at least one of Assigned To or Assigned Groups. Example: $LIST[john.doe@orgname.com] | List | Optional | |
Assigned Groups | Enter a list of one or more recipient group IDs to assign the action to. Only groups that are recipients of the alert can be assigned. NoteYou must provide at least one of Assigned To or Assigned Groups. Example: $LIST["532bfbef","532bfbed"] | List | Optional | |
Due Date | Enter the due date for the recommended action in epoch format. Example: 1739212990 | Integer | Optional |
Example Request
[
{
"title": "Verify Suspicious Email for Phishing Indicators",
"alert_id": "5b8d53c7",
"description": "<p>Analyze the reported phishing email, check for suspicious links, and report any potential threats.</p>",
"recipient_type": "BY_RECIPIENT_GROUP",
"assigned_groups": [
"3bb536c4"
]
}
]Action: Create Situational Awareness (SA) Alert (Deprecated)
This action creates and publishes an SA alert on the Cyware Collaborate Analyst Portal to recipients using an older endpoint.
Note
For better performance, use the Create Alert action instead.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Title | Enter the title of the alert. Example: Malware Alert | Text | Required | |
Description | Enter the description of the alert. Example: This is a malware alert. | Text | Required | |
Status | Enter the alert status. | Text | Optional | Allowed values: DRAFT, PUBLISHED |
Category Name | Enter the category name. Example: Vulnerability | Text | Optional | |
Extra Fields | Enter the additional fields in the form of key-value pairs. Example: threat_indicators_obj = {"ip": ['1.1.1.1', 8.8.8.8'],"domain": ['abc.com', 'cde.com']} | Key Value | Optional | Allowed keys: support, card_group payload with id, name, tlp in dict of obj, threat_indicators_obj, card_info |
TLP | Enter the traffic light protocol (TLP) associated with the alert. | Text | Optional | Allowed values: RED, AMBER, GREEN, WHITE |
Card Groups | Enter the list of recipient groups to whom the alert is published. | Any | Optional | This is required if the status is PUBLISHED. |
Example Request
[
{
"tlp": "GREEN",
"title": "Malware Alert",
"status": "PUBLISHED",
"card_group": [
{
"group_id": "f3da5053",
"group_name": "All Users"
}
],
"description": "This is a sample description.",
"extra_fields": {},
"category_name": "Malware Advisories"
}
]Action: Create Tag
This action creates a tag in Collaborate's Tag Library.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Tag Name | Enter the tag name within 100 characters. Example: Sample Tag | Text | Required |
Example Request
[
{
"tag_name": "Sample Tag"
}
]Action: Fetch Reported Incidents (Deprecated)
This action retrieves the list of incidents reported.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Extra Params | Enter additional parameters in the form of key-value pairs. Example: {"page": "1","pagesize": "1"} | Key Value | Optional | Allowed keys: page, pagesize |
Example Request
[
{
"page": "3",
"pagesize": "10"
}
]Action: Get Additional Field Details
This action retrieves the details of a specific field from Collaborate.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Field ID | Enter the unique ID of the field to retrieve the details. Example: 9123a385-09f7-4d89-9205-626dd5adad40 | Text | Required | You can retrieve this using the action List Additional Fields. |
Example Request
[
{
"field_uid": "2fbdbaba-56b9-4773-ad45-178c24e19f59"
}
]Action: Get Alert Details
This action retrieves the details of an alert using the specified alert ID. For Privileged Users, it retrieves details of alerts in all statuses. For Members, it retrieves details only for published alerts that are shared with them.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Alert ID | Enter the alert ID to retrieve its details. Example: 0cc6a7ba | Text | Required | You can retrieve this using the action List Alerts. |
Example Request
[
{
"alert_id": "127738ee"
}
]Action: Get Attachments
This action retrieves attachments associated with a message using the Topic ID and sequence ID.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Seq ID | Enter the sequence ID to get the attachments from a message. Example: 1 | Integer | Required | You can retrieve this using the action Get Messages. |
Topic ID | Enter the topic ID to get the attachments from a topic. Example: altFJS7tcesE3I | Text | Required | You can retrieve this using the action Get Topics. |
Expiration Time | Enter the expiration time for the attachment URL in seconds. | Integer | Optional | Default value: 10 Maximum value: 604800 (7 days) |
Example Request
[
{
"seq_id": "9",
"topic_id": "alth7y9Gba2hkQ"
}
]Action: Get Category Details
This action retrieves the details of an alert category using the unique category ID.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Category ID | Enter the category ID to retrieve its details. Example: 249ab570 | Text | Required | You can retrieve this using the action List Categories. |
Example Request
[
{
"category_id": "cef5d51f"
}
]Action: Get Details of a Request for Information
This action retrieves the details of an RFI using its incident ID.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Incident ID | Enter the unique ID of the RFI to retrieve its details. Example: CY-ba747091 | Text | Required | You can retrieve this using the Action: List Requests for Information. |
Example Request
[
{
"incident_id": "CY-90a5c029"
}
]Action: Get Document Details
This action retrieves the details of a Doc Library file or folder using its document ID.
Note
You can only use this action if you are a Privileged User.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Document ID | Enter the unique ID of the file to retrieve the details. Example: 44c09229-398b-4531-ac2c-bd215d264cd4 | Text | Required | You can retrieve this using the Action: Upload File. |
Example Request
[
{
"document_id": "44c09229-398b-4531-ac2c-bd215d264cd4"
}
]Action: Get Folder Details
This action retrieves details of a specific folder using the folder ID. If no folder ID is provided, details of root folder is retrieved.
Note
You can only use this action if you are a privileged user.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Folder ID | Enter the unique ID of the folder for which you want to retrieve the details. Example: 99e20306-cf52-425f-9e9d-fb7b3e38bd85 | Text | Optional | If not specified, the details of the root folder are retrieved by default. This includes the list of all folder IDs within the root folder. |
Page Number | Enter the page number for the response. | Integer | Optional | Default value: 1 |
Page Size | Enter the number of records to retrieve on each page. | Integer | Optional | Default value: 10 |
Example Request
[
{
"folder_id": "99e20306-cf52-425f-9e9d-fb7b3e38bd85"
}
]Action: Get Followers of Intelligence Requirement (IR)
This action retrieves the list of followers of a published Intelligence Requirement (IR).
Note
You can only retrieve followers of an IR if you are a Privileged User.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
IR ID | Enter the unique ID of the IR to retrieve its followers. Example: 01J0QKZ8S8NQFCMP2ZPZN8PFJY | Text | Required | You can retrieve this using the action Action: Get Intelligence Requirements (IRs). |
Example Request
[
{
"ir_id": "01JR82Z3V2B6XT7BY4FQV89Z6W"
}
]Action: Get Intel Details
This action retrieves intel details. For Privileged Users, it retrieves details of all submitted intel by incident ID, while for Members, it retrieves the details of the intel submitted by the member.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Incident ID | Enter the incident ID to retrieve the details. Example: CY-e9492812 | Text | Required | You can retrieve this using the action List Submitted Intels. |
Example Request
[
{
"incident_id": "CY-e9492812"
}
]Action: Get Intelligence Requirements (IRs)
This action retrieves the list of Intelligence Requirements (IRs) and their statuses. This endpoint excludes IRs in draft status.
Action Input Parameters
No input parameters are required for this action.
Action: Get Matched Alerts by IR ID
This action retrieves the list of alerts matched with the specified Intelligence Requirement(IR) ID. Alerts are matched to IR based on tags.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
IR ID | Enter the unique identifier of the IR to retrieve associated alerts. Example: 01JKKKN1HQZE9KCEC10VXTEJ3E | Text | Required | You can retrieve this using the Action: Get Intelligence Requirements (IRs). |
Page Number | Enter the page number for the response. | Integer | Optional | Default value: 1 |
Page Size | Enter the number of records to retrieve on each page. | Integer | Optional | Default value: 10 |
Example Request
[
{
"ir_id": "01JR8CFPABM9NBNSP2V14AP909"
}
]Action: Get Member Details
This action retrieves the details of a member.
Note
Only Privileged Users can use this action.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
User ID | Enter the user ID to retrieve the details. Example: 833ee8db-f3eb-447c-b0fc-aa6c1f906c36 | Text | Required | You can retrieve this using the action List Members. |
Example Request
[
{
"user_id": "833ee8db-f3eb-447c-b0fc-aa6c1f906c36cef5d51f"
}
]Action: Get Messages
This action retrieves messages from a topic-based discussion in the Messenger.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Topic ID | Enter the unique topic ID to retrieve the messages for the topic. Example: grp7WDklY1e23s | Text | Required | You can retrieve this using the action Get Topics. |
From Time | Enter the time (in EPOCH format) from which messages must be retrieved. Example: 160000000 | Text | Required | |
To Time | Enter the time (in EPOCH format) until which messages must be retrieved. Example: 1710147669 | Text | Required | |
Limit | Enter the limit for the number of messages. | Integer | Optional | Maximum allowed value: 500 Default value: 50 |
Example Request
[
{
"to_time": "1728021463",
"topic_id": "alth7y9Gba2hkQ",
"from_time": "1727848368"
}
]Action: Get Recommended Actions
This action retrieves the recommended actions and their details for a specific alert using its alert ID.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Alert ID | Enter the alert ID to retrieve associated recommended actions. Example: 5b8d53c7 | Text | Required | You can retrieve the alert ID using the Action: List Alerts. |
Is Recommended Action | Choose true to retrieve only recommended actions associated with the alert. | Boolean | Optional | Default value: true |
Page Number | Enter the page number for the response. | Integer | Optional | Default value: 1 |
Page Size | Enter the number of records to retrieve on each page. | Integer | Optional | Default value: 10 |
Example Request
[
{
"alert_id": "5b8d53c7",
"page_size": "2",
"page_number": "1",
"is_recommended_action": true
}
]Action: Get Responses for a Request for Information
This action retrieves all responses to an RFI alert.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Incident ID | Enter the unique ID of the RFI to retrieve responses. Example: CY-ba747091 | Text | Required | You can retrieve this using the Action: List Requests for Information. |
Example Request
[
{
"incident_id": "CY-b74de50a"
}
]Action: Get Topics
This action retrieves the list of topic-based discussions from Messenger.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Alert ID | Enter the unique ID of the alert to retrieve associated discussion topics. Example: 765f89c5 | Text | Required | You can retrieve this using the action List Alerts. |
Group ID | Enter the unique ID of the recipient group to retrieve associated discussion topics. Example: 16179745 | Text | Optional | You can retrieve this using the Action: List Recipient Groups. |
Example Request
[
{
"alert_id": "127738ee"
}
]Action: List Additional Fields
This action retrieves the list of all the fields in Cyware Collaborate.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Query Params | Enter the query parameters in the form of key-value pairs. | Key Value | Optional | Allowed keys: page, pagesize |
Example Request
[
{
"query_params": {
"page": "1",
"pagesize": "1"
}
}
]Action: List Alerts
This actions lists the alerts from the Cyware Collaborate application.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Status | Enter the status of the alerts to be retrieved. | Text | Optional | Allowed values: PUBLISHED, DRAFT, EXPIRED Default value: PUBLISHED |
Start Time | Enter the start date of the query in epoch format. Example: 1737405600 | Text | Optional | |
End Time | Enter the end date of the query in epoch format. Example: 1737441600 | Text | Optional | |
Query Params | Enter the query parameters in the form of key-value pairs to filter the response. Example: {"page": "1","status": "draft","pagesize": "1"} | Key Value | Optional | Allowed keys: page, status, page_size, start_time, end_time, category_id, title, tlp |
Example Request
[
{
"extra_params": {
"page": "1",
"status": "DRAFT",
"pagesize": "5"
}
}
]Action: List Alerts by Tracking ID
This action retrieves alerts using the tracking ID. A tracking ID is generated when third-party integrations publish alerts in Cyware Collaborate.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Tracking ID | Enter the tracking ID for the alert. Example: 240ce34b-1dc4-4dfc-9cbf-62360f46d3de | Text | Required | You can retrieve this using the action Get Alert Details. |
Count | Enter the number of alerts to retrieve in the response. Example: 2 | Integer | Optional | Default value: 5 |
Status | Enter one or more comma-separated alert status to filter the response. | Text | Optional | Allowed values: draft, submitted, published, expired, scheduled By default, alerts from all statuses are retrieved. |
Extra Params | Enter the extra parameters in the form of key-value pairs. | Key Value | Optional | Allowed key: status |
Example Request
[
{
"count": "2",
"tracking_id": "237d56d5-b0e7-4ba1-a068-b7ac802b1c63"
}
]Action: List Categories
This action retrieves the list of active alert categories from Cyware Collaborate.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Search Query | Enter the keyword to search for categories. | Text | Optional | |
Page Number | Enter the page number for the response. | Integer | Optional | Default value: 1 |
Page Size | Enter the number of records to retrieve on each page. | Integer | Optional | Default value: 10 |
Query Params | Enter the query parameters in the form of key-value pairs. Example: {"page": "1", "pagesize": "1"} | Key Value | Optional | Allowed keys: page, pagesize, q |
Example Request
[
{
"extra_params": {
"page": "1",
"page_size": "160"
}
}
]Action: List Information Sources
This action retrieves a list of information sources (info sources) from Cyware Collaborate.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Query Params | Enter the query parameters in the form of key-value pairs. Example: {"page": "1", "pagesize": "1"} | Key Value | Optional | Allowed keys: page, pagesize |
Example Request
[
{
"extra_params": {
"page": "1",
"page_size": "1"
}
}
]Action: List Members
This action retrieves the list of member users associated with your Cyware Collaborate tenant.
Note
Only Privileged Users can use this action.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Organization ID | Enter the organization ID to retrieve the list of member users who are part of the organization. | Text | Optional | You can retrieve this using the Action: List Organizations. |
Enter the email address of the users you want to retrieve information for. Example: john.doe@orgname.com | Text | Optional | ||
Page Number | Enter the page number for the response. | Integer | Optional | |
Page Size | Enter the number of records to retrieve on each page. | Integer | Optional | Maximum allowed value: 50 Default value: 20 |
Extra Params | Enter the extra parameters in the form of key-value pairs. Example: {"page": "1", "pagesize": "1"} | Key Value | Optional |
Example Request
[
{
"extra_params": {
"page": "1",
"pagesize": "1"
}
}
]Action: List Organizations
This action retrieves a list of organizations from Collaborate. For Privileged Users, it retrieves the list of available organizations in Cyware Collaborate. For Members, it retrieves the organizations that they belong to.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Query Params | Enter the query parameters in the form of key-value pairs. Example: {"page": "1", "pagesize": "1"} | Key Value | Optional | Allowed keys: page, pagesize |
Example Request
[
{
"query_params": {
"page": "1",
"pagesize": "1"
}
}
]Action: List Recipient Groups
This action retrieves a list of recipient groups from Cyware Collaborate. For Privileged Users, it retrieves all recipient groups in Cyware Collaborate. For Members, it retrieves only the recipient groups they belong to.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Search Query | Enter the keyword to search for recipient groups. Example: manager | Text | Optional | |
Page Number | Enter the page number for the response. | Integer | Optional | Default value: 1 |
Page Size | Enter the number of records to retrieve on each page. | Integer | Optional | Default value: 10 |
All Data | Choose true to retrieve details of all the recipient groups. Choose false to retrieve data based on the page and page_size values. | Boolean | Optional | |
Query Params | Enter the query parameters in the form of key-value pairs. Example: {"page": "1", "pagesize": "1"} | Key Value | Optional | Allowed keys: page, pagesize, all_data, q |
Example Request
[
{
"extra_params": {
"page": "1",
"page_size": "1"
}
}
]Action: List Requests for Information
This action retrieves all the RFIs. For privileged users, it retrieves all the RFIs submitted by members. For members, it retrieves the RFIs they submitted.
Action Input Parameters
No input parameters are required for this action.
Action: List Severity Categories (Deprecated)
This action lists severity categories from the Cyware Collaborate application.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Query Params | Enter the query parameters in the form of key-value pairs. | Key Value | Optional |
Example Request
[
{
"extra_params": {}
}
]Action: List Submitted Intels
This action retrieves a list of intels from Cyware Collaborate. For Privileged Users, it retrieves intel submitted by all members. For Members, it retrieves only the intel they have submitted.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Query Params | Enter the query parameters in the form of key-value pairs. Example: {"page": "1", "pagesize": "1"} | Key Value | Optional | Allowed keys: page, pagesize |
Example Request
[
{
"query_params": {
"page": "1",
"pagesize": "1"
}
}
]Action: List Tags
This action lists all tags available in the Tag Library from Cyware Collaborate.
Action Input Parameters
No input parameters are required for this action.
Action: List Threat Methods (Deprecated)
This action retrieves a list of threat methods from the Cyware Collaborate.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Query Params | Enter the query parameters in the form of key-value pairs. | Key Value | Optional |
Example Request
[
{
"extra_params": {}
}
]Action: Submit Alert Feedback
This action submits feedback for an alert by indicating like or dislike, rating the content and relevancy, as well as adding a comment. Note: Only member users can use this action.
Note
You can only submit feedback for an alert if you are a Member.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Like Preference | Enter the value denoting your preference for the alert. | Integer | Required | Allowed values: 0 (for like), 1 (for dislike), 2 (for neutral) |
Alert ID | Enter the 8-digit unique alert ID for which you want to submit feedback. Example: 9bd49110 | Text | Required | You can retrieve the alert ID using the Action: List Alerts. |
Comment | Enter the comment for the alert. Example: This is helpful. | Text | Optional | - |
Relevancy Rating | Enter the rating for the alert's relevancy using any value from 1 to 5. NoteIf you pass this parameter, you must also pass Content Rating. | Integer | Optional | Allowed range: 1 - 5 |
Content Rating | Enter the rating for the alert's content using any value from 1 to 5. NoteIf you pass this parameter, you must also pass Relevancy Rating. | Integer | Optional | Allowed range: 1-5 |
Example Request
[
{
"comment": "This is helpful",
"alert_id": "21d3efbe",
"like_preference": "0"
}
]Action: Submit Request for Information (RFI)
This action submits a Request for Information (RFI) to analysts.
Note
You can only submit an RFI if you are a Member.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Title | Enter the title of the RFI. Example: Sample RFI Title | Text | Required | |
Description | Enter the description of the RFI. Example: Sample description of the RFI | Text | Required | |
TLP | Enter the TLP associated with the RFI. Example: {"tlp_id": "GREEN","tlp_name": "GREEN"} | Key-Value | Required | Allowed keys: tlp_id, tlp_name |
User Group | Enter the details of one or more user groups to share the RFI with. This field is required only if direct submission is enabled. Example: $JSON[[{"user_group_id": "0afc8972","user_group_name": "General User","user_group_tlp": "GREEN"}]] | Any | Optional | |
Extra Fields | Enter the additional fields to submit the RFI. | Key-Value | Optional | Allowed keys depend on the category configuration. To identify required and optional fields, see Collaborate API Documentation. |
Example Request
[
{
"tlp": {
"tpl_id": "GREEN",
"tpl_name": "GREEN"
},
"title": "Sample Title",
"description": "This is a sample description.",
"extra_fields": {}
}
]Action: Update Member
This action updates a member's profile details in Collaborate's Member Portal.
Note
You can only update member details if you are a Privileged User.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Member ID | Enter the member ID to update the details. Example: 642080b6-35d9-4362-afe3-6f06c2d8eb41 | Text | Required | You can retrieve the member ID using the Action: List Members. |
Enter the email address of the member user you want to update. Example: john.doe@orgname.com | Text | Required | ||
First Name | Enter the name of the member to update. | Text | Required | |
Organization Type | Enter the organization type to update. Example: { "org_type_id": "a95f3553-ea8e-4f95-8e6a-43d47997c50c", "org_type_name": "Media and Communications" } | Key Value | Required | You can retrieve this using the Action: List Organizations. |
Organization Detail | Enter the organization details to update. Example: { "org_id": "3cf257a6-e329-48b7-8c14-815d3c358bae", "org_name": "Example Org" } | Key Value | Required | You can retrieve this using the Action: List Organizations. |
Extra Fields | Enter the additional fields to update member details. | Key Value | Optional | Allowed keys: user_group, title, country_code, phone_number, business_unit, send_welcome_email, mailing_address, user_location |
Action: Update Published Alert
This action updates a published alert in the Analyst Portal by expiring the older alert and linking it to this new alert.
Note
You can only update an alert if you are a Privileged User.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Short ID | Enter the unique ID of the alert. Example: 37e03cb9 | Text | Required | You can retrieve this using the action List Alerts. |
Title | Enter the title of the alert. Example: Malware Alert | Text | Required | |
Content | Enter the description for the alert. Example: The team has tracked a unique threat. | Text | Required | |
Status | Enter the status of the alert. | Text | Required | Allowed values: DRAFT, PUBLISHED |
Extra Params | Enter the extra parameters to update the alert. | Key Value | Optional | Allowed keys: display_alert_image, card_image, type, tlp, card_category, card_category_name, card_info, tags, custom_fields, credibility, confidence, announcement_type, systemsaffected, info_source, document_type, risk, priority, vendorsnproduct, reportsource, vulnerability_type, vulnerability_source, targeted_sector, linked_alerts |
Example Request
[
{
"title": "Rising Threats",
"status": "DRAFT",
"content": "The team has tracked a unique threat.",
"short_id": "127738ee",
"extra_data": {}
}
]Action: Update Situational Awareness (SA) Alert (Deprecated)
This action updates an SA alert from the Cyware Collaborate Analyst Portal based on the specified alert ID using an older endpoint.
Note
For better performance, use the Update Published Alert action.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Alert ID | Enter the alert ID. Example: 0cc6a7ba | Text | Required | |
Title | Enter the title of the alert. Example: malware alert | Text | Required | |
Description | Enter the description of the alert. Example: This is a malware alert. | Text | Required | |
Status | Enter the alert status. allowed values: published, draft. by default, the value is published. | Text | Optional | |
Threat Indicators | Enter the threat indicators in the form of key-value pairs. Example: {"ip": ['1.1.1.1', 8.8.8.8'], "domain": ['abc.com', 'cde.com']} | Key Value | Optional | |
Additional Information | Enter any additional details of the alert to update. | Text | Optional | |
TLP | Enter the traffic light protocol (TLP) associated with the alert. | Text | Optional | Allowed values: RED, AMBER, GREEN, WHITE |
Extra Fields | Enter the extra fields in the form of key-value pairs. | Key Value | Optional | Allowed keys: support, card_group payload with id, name, tlp in dict of obj |
Example Request
[
{
"tlp": "GREEN",
"title": "Malware Alert",
"status": "PUBLISHED",
"alert_id": "59569642",
"description": "This is a sample description.",
"extra_fields": {},
"threat_indicators_obj": {}
}
]Action: Upload Attachment
This action uploads a file and returns the media ID required to submit RFI responses.
Note
You can only upload an attachment if you are a Member.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
File Path | Enter the path of the file to upload. Example: /tmp/2d8acef6-5ed2-469b-9b40-e7e9db18db77/sample.jpg | Text | Required | |
File Name | Enter the file name along with its extension. Example: sample.jpg | Text | Required |
Example Request
[
{
"file_name": "sample.jpg",
"file_path": "/tmp/2d8acef6-5ed2-469b-9b40-e7e9db18db77/sample.jpg"
}
]Action: Upload File
This action uploads a file to the Doc Library to share it with individual recipients and recipient groups.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
File | Specify the file path to upload the file to the Doc Library. | Text | Required | |
User Groups | Enter the group IDs of the recipient groups as comma-separated values to share the file. You can either enter User Groups or Individual Recipients. | Text | Optional | You can retrieve this using the action List Recipient Groups. |
Individual Recipients | Enter the email IDs of individual recipients as comma-separated values to share the file. You can either enter User Groups or Individual Recipients. Example: johndoe@sampleorg.com | Text | Optional | |
TLP | Enter the TLP associated with the media. | Text | Optional | Default value: WHITE |
File Name | Enter the name of the file. Example: test.jpg | Text | Required | |
Parent Folder ID | Enter the ID of the parent folder where you want to upload the file. If you do not pass this ID, the file will be uploaded to the root directory. Example: 0888cb50-f234-422b-8765-65bdc62fa819 | Text | Optional | You can retrieve this using the Action: Get Folder Details. |
Example Request
[
{
"tlp": "WHITE",
"file_name": "test.jpg",
"file_path": "/tmp/559c7d0e-49b5-4288-bfeb-f9ae25ce0037/test.jpg",
"user_groups": "f3da5053,057aafab",
"individual_recipients": "johndoe@orgname.com",
"parent_folder_id": "0de0b0f2-c504-4540-8d45-e20680378d7d"
}
]Action: Generic Action
This is a generic action used to make requests to any Cyware Collaborate endpoint.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Method | Enter the HTTP method to make the request. | Text | Required | Allowed values: GET, PUT, POST, DELETE |
Endpoint | Enter the endpoint to make the request. Example: /tag | Text | Required | |
Query Params | Enter the query parameters to pass to the API. | Key Value | Optional | |
Payload | Enter the payload to pass to the API. Example: $JSON[{"data": {'type': type,'id': id}}] | Any | Optional | |
Extra Fields | Enter the extra fields to pass to the API. | Key Value | Optional | Allowed keys: payload_data, custom_output, download, filename, files, retry_wait, retry_count, response_type |
Example Request
[
{
"method": "GET",
"endpoint": "/tag",
"extra_fields": {},
"query_params": {}
}
]