Cyware Orchestrate

Check Threat Action Status

This action checks the status of a requested action on a threat.

Download Email Attachment

This action downloads the attachment from an email message as a file.

Download Email Message

This action downloads the email message in EML format.

Get Email Attachment Details

This action retrieves details of an attachment in an email message.

Get Threat Campaign Attachments

This action retrieves details of the attachments in a threat campaign.

Get Threat Campaign Links

This action retrieves information about the links in a threat campaign.

Get Threat Details

This action retrieves the details of a threat.

List Threats

This action lists all the threats.

Manage Threat

This action manages a threat by remediating it or reversing its remediation.

Generic Action

This is a generic action used to make requests to any Abnormal Security endpoint.

API Token

Enter the API token for authentication.

Password

Required

Base URL

Enter the base URL to access Abnormal Security.

Example:

https://api.abnormalplatform.com

Text

Required

Allowed values:

https://api.abnormalplatform.com, https://eu.rest.abnormalsecurity.com

Mock Data

Choose true to retrieve sample data in the response.

Boolean

Optional

Default value:

false

Timeout

Enter the timeout value in seconds. This is the number of seconds that requests will wait to establish a connection with Abnormal Security.

Integer

Optional

Allowed range:

15-120

Default value:

15

Verify

Choose your preference to verify SSL or TLS while making requests. It is recommended to set this option to yes. Passing no may result in incorrectly establishing the connection.

Boolean

Optional

By default, verification is not enabled.

Threat ID

Enter the ID of the threat.

Example:

184712ab-6d8b-47b3-89d3-a314efef79e2

Text

Required

You can retrieve the threat ID using the action List Threats.

Action ID

Enter the ID of the action to check the status.

Example:

a33a212a-89ff-461f-be34-ea52aff44a67

Text

Required

Message ID

Enter the ABX ID of the message.

Example:

4551618356913732000

Integer

Required

Attachment Name

Enter the name of the attachment from the email message.

Example:

attachment1.jpg

Text

Required

Message ID

Enter the ABX ID of the message.

Example:

4551618356913732000

Text

Required

Message ID

Enter the ABX ID of the message.

Example:

4551618356913732000

Text

Required

Attachment Name

Enter the name of the attachment from the email message.

Example:

attachment1.jpg

Text

Required

Threat ID

Enter the ID of the threat.

Example:

184712ab-6d8b-47b3-89d3-a314efef79e2

Text

Required

You can retrieve the threat ID using the action List Threats.

Threat ID

Enter the ID of the threat.

Example:

184712ab-6d8b-47b3-89d3-a314efef79e2

Text

Required

You can retrieve the threat ID using the action List Threats.

Threat ID

Enter the ID of the threat to retrieve its details.

Example:

184712ab-6d8b-47b3-89d3-a314efef79e2

Text

Required

You can retrieve the threat ID using the action List Threats.

Page Size

Enter the number of threat messages to retrieve on each page.

Integer

Optional

Allowed range:

1-2000

Default value:

100

Page Number

Enter the page number to retrieve a particular page of threat messages.

Integer

Optional

Default value:

1

Filter

Enter the value to filter the response.

Example:

receivedTime gte 2020-01-01T01:01:01Z lte 2021-12-01T01:01:01Z

Text

Optional

Allowed format:

filter={FILTER KEY} gte YYYY-MM-DDTHH:MM:SSZ lte YYYY-MM-DDTHH:MM:SSZ

Allowed key:

receivedTime

Source

Enter the source of detection to filter the response.

Example:

all

Text

Optional

Allowed values:

all, advanced

Attack Type

Enter the type of attack to filter the response.

Text

Optional

Allowed values:

Internal-to-Internal Attacks (Email Account Takeover), Spam, Reconnaissance, Scam, Social Engineering (BEC), Phishing: Credential, Invoice/Payment Fraud (BEC), Malware, Extortion, Phishing: Sensitive Data, Other

Attack Vector

Enter the attack vector to filter the response.

Text

Optional

Allowed values:

Link, Attachment, Text, Others, Attachment with Zipped File

Attack Strategy

Enter the attack strategy to filter the response.

Text

Optional

Allowed values:

Name Impersonation, Internal Compromised Email Account, External Compromised Email Account, Spoofed Email, Unknown Sender, Covid 19 Related Attack

Extra Fields

Enter the extra fields to filter the response.

Key Value

Optional

Allowed keys:

pageSize, pageNumber, sender, recipient, subject, topic, impersonatedParty, mock-data

Threat ID

Enter the ID of the threat to manage.

Example:

184712ab-6d8b-47b3-89d3-a314efef79e2

Text

Required

You can retrieve the threat ID using the action List Threats.

Threat Action

Enter the action to take on the threat.

Example:

remediate

Text

Required

Allowed values:

remediate, unremediate

Method

Enter the HTTP method to make the request.

Text

Required

Allowed values:

GET, PUT, POST, DELETE

Endpoint

Enter the endpoint to make the request to.

Example:

/messages/{message_id}/download

Text

Required

Query Params

Enter the query parameters to pass to the API.

Key Value

Optional

Payload

Enter the payload to pass to the API.

Any

Optional

Extra Fields

Enter the extra fields to pass to the API.

Key Value

Optional

Allowed keys:

payload_json, headers, download, files, filename, retry_wait, retry_count, custom_output, response_type