Cyware Orchestrate

Check ZIP File Status

This action retrieves the information of the specified ZIP file.

Create and Download Password-Protected ZIP File

This action allows you to create a ZIP file and retrieve its downloadable link.

Create Livehunt Ruleset

This action creates a Google Threat Intelligence Hunting Livehunt ruleset.

Create Password-Protected ZIP of Private Files

This action creates a ZIP archive containing the specified private files.

Get Behaviour Reports From a Private File

This action retrieves all available private file behaviour reports using the file ID.

Get DNS Resolution Object

This action retrieves a resolution object by its ID.

Get Domain Report

This action retrieves the detailed report of a domain.

Get Existing Alert by ID

This action retrieves the details of an existing alert by the specified ID.

Get File Report

This action retrieves the report of a file hash.

Get Graph Object

This action retrieves the details of a graph by the specified ID.

Get Group API Usage

This action retrieves API usage information for a specified group, broken down by endpoint, within a specific date range. By default, the last 30 days are included.

Get IP Address Report

This action retrieves the report of an IP address.

Get Issue Details

This action retrieves detailed information about an issue based on the specified ID.

Get Livehunt Ruleset by ID

This action retrieves the details of a hunting ruleset by the specified ID.

Get Private Analysis

This action retrieves the status of a private file analysis using the analysis ID.

Get Private File Report

This action retrieves the scan report for a privately analyzed file.

Get Retrohunt Job by ID

This action retrieves the details of a retrohunt job using the specified ID.

Get Summary of Behaviour Reports for a File

This action retrieves a behavioural summary for a private file.

Get URL Analysis Report

This action retrieves the analysis report for a private URL.

Get URL or File Analysis

This action retrieves the analysis details for a URL or file using the specified analysis ID.

Get URL Report

This action retrieves the report of a URL.

Get User API Usage

This action retrieves API usage information for a specified user, broken down by endpoint, within a specific date range. By default, the last 30 days are included.

Get User Quota Summary

This action retrieves a summary of a user's overall quotas, including the allowed limit, the group from which the quota is inherited, and the amount of quota used.

Get Users of a Group

This action retrieves the users associated with the specified group using the group ID.

Get ZIP File Download URL

This action retrieves the download URL for the specified ZIP file.

List DTM Alerts

This action retrieves Digital Threat Monitoring (DTM) alerts for the current organization.

List Livehunt Rulesets

This action lists all the Google Threat Intelligence hunting livehunt rulesets.

List Private Analyses

This action lists the most recent private analyses.

List Private Files

This action returns a list of previously analyzed private files, ordered by SHA-256.

List Retrohunt Jobs

This action lists all the retrohunt jobs.

Scan Private URL

This action scans a private URL and returns an analysis ID.

Scan URL

This action scans a URL and retrieves the analysis report.

Search Advanced Corpus

This action searches for files in Google Threat Intelligence's dataset.

Search Graphs

This action searches for graphs based on the specified criteria and returns a list of matching graphs.

Search Issues

This action searches for all issue data.

Set Status

This action sets the status of an individual issue.

Update Livehunt Ruleset

This action updates a hunting ruleset.

Upload File

This action uploads a file for analysis.

Upload File for Private Scanning

This action uploads and analyzes a file using private scanning.

Generic Action

This is a generic action used to make requests to any Google Threat Intelligence endpoint.

API Key

Enter the API key for authentication.

Example:

ea3f9qn19eav007e9e25d7e333ef8bf13713098765426a19b26542123eb9tr65

Password

Required

Timeout

Enter the timeout value in seconds. This is the number of seconds requests will wait to connect to Google Threat Intelligence and read the response.

Integer

Optional

Allowed range:

15-120

Default value:

15

Verify

Choose your preference to verify SSL or TLS while making requests. It is recommended to set this option to yes. Passing no may result in incorrectly establishing the connection.

Boolean

Optional

By default, verification is enabled.

ZIP File ID

Enter the ZIP file ID to retrieve the information.

Example:

4939392292

Text

Required

You can retrieve the ZIP File ID using the Action: List Private Files.

Password

Enter the password to protect your ZIP file.

Password

Required

Hashes

Enter the list of file hashes to include in the ZIP file.

List

Required

Allowed hash types:

SHA-256, SHA-1, MD5

Download

Choose true to retrieve the downloadable link for the ZIP file.

Boolean

Optional

Name

Enter a unique name for the livehunt ruleset.

Example:

malicious_activity

Text

Required

YARA Rule

Enter the complete YARA rule content that defines the detection logic.

Example:

rule test { strings: $ = "foobar" condition: all of them }

Text

Required

Password

Enter the password to protect the generated ZIP file.

Example:

samplepassword

Password

Required

Hashes

Enter a list of file hashes to include in the ZIP file.

List

Required

Allowed hash types:

SHA-256, SHA-1, or MD5

File ID

Enter the file ID to retrieve the private file behaviour reports.

Text

Required

You can retrieve the file ID using the Action: List Private Files.

Resolution Object ID

Enter the resolution object ID to retrieve its DNS data.

Example:

8.8.8.8google.com

Text

Required

The resolution object ID is created by appending the IP address and the domain name it resolves to.

Domain name

Enter the domain name to retrieve the report.

Example:

exampledomain.com

Text

Required

Alert ID

Enter the ID of the alert to retrieve its details.

Example:

c4huif0mhcmiku5g7jsg

Text

Required

You can retrieve the alert ID using the Action: List DTM Alerts.

Truncate

Enter the desired length to truncate document fields, using the Unicode ellipsis ("x2026) to indicate truncation.

Integer

Optional

Refs

Choose true to include the triggering document, topics, and labels in the alert response.

Boolean

Optional

Sanitize

Choose true to sanitize any HTML content in the alert, ensuring it doesn't contain potentially malicious tags.

Boolean

Optional

File Hash

Enter the file hash to retrieve the report.

Text

Required

Allowed hash types:

SHA256, SHA1, MD5

Graph ID

Enter the unique ID of the graph to retrieve the details.

Example:

g8024f5ae25534403b3c1c115a0c930833ce57330b16b4d6e8db215c551c92897

Text

Required

You can retrieve the graph ID using the Action: Search Graphs.

Group ID

Enter the group ID to retrieve the API usage data.

Example:

sample_group_id

Text

Required

Start Date

Enter the start date in YYYYMMDD format to filter the API usage data from this date.

Example:

20230401

Text

Optional

End Date

Enter the end date in YYYYMMDD format to filter the API usage data up to this date.

Example:

20230430

Text

Optional

IP Address

Enter the IP address to retrieve the report.

Example:

1.1.1.1

Text

Required

Issue ID

Enter the unique ID of the issue to retrieve its information.

Text

Required

You can retrieve the issue ID using the Action: Search Issues.

Project ID

Enter the project ID to filter the issue details by a specific project.

Example:

26483

Text

Optional

Ruleset ID

Enter the ID of the livehunt ruleset to retrieve the details.

Example:

21931181017

Text

Required

You can retrieve the ruleset ID using the Action: List Livehunt Rulesets.

Analysis ID

Enter the analysis ID to retrieve the details.

Example:

m2y1ztg5mtnimwm5ymmxmgy0mgvjothjyzrhotk0m2i6mgiynmuzmtnlzdrhn2nhnjkwngiwztkznjllnwi5ntc6mtc0ntiyntq4ma==

Text

Required

You can retrieve the analysis ID using the Action: List Private Analyses.

File ID

Enter the SHA-256 hash value of the file.

Text

Required

Allowed file type:

SHA-256

Retrohunt Job ID

Enter the ID of the retrohunt job to retrieve the details.

Example:

sample_id-1732518945

Text

Required

You can retrieve the ID using the Action: List Retrohunt Jobs.

File ID

Enter the file's SHA-256 ID to retrieve the summary.

Text

Required

Required

You can retrieve the file ID using the Action: List Private Files.

URL

Enter the URL to retrieve the analysis report.

Example:

https://sampledomain.com

Text

Required

Analysis ID

Enter the analysis ID to retrieve the details.

Example:

u-f7d2b6b353e066fd98deb18620c441bff011929be9ab491efec088898622cf48-1745224204

Text

Required

URL

Enter the URL to retrieve the report.

Example:

https://api.example.com/

Text

Required

User ID

Enter the user ID to retrieve the API usage data.

Example:

sample_user_id

Text

Required

You can retrieve the user ID using the Action: Get Users of a Group.

Start Date

Enter the start date in yyyymmdd format to filter the API usage data from this date.

Example:

20230401

Text

Optional

End Date

Enter the end date in yyyymmdd format to filter the API usage data up to this date.

Example:

20230430

Text

Optional

User ID

Enter the user ID to retrieve the quota summary.

Example:

sample_user_id

Text

Required

You can retrieve the ID using the Action: Get Users of a Group.

Group ID

Enter the group ID to retrieve the users associated with it.

Example:

sample_group_id

Text

Required

ZIP File ID

Enter the ID of the ZIP file to retrieve its download URL.

Example:

4939392292

Text

Required

You can retrieve the ID using the Action: Create and Download Password-Protected ZIP File.

Sort

Enter the fields to sort the alerts.

Text

Optional

Allowed values:

id, created_at, updated_at, modified_at

Default value:

created_at

Order

Enter the order to sort the response.

Text

Optional

Allowed values:

asc, desc

Default value:

asc

Size

Enter the number of alerts to retrieve on each page.

Example:

20

Integer

Optional

Maximum allowed value:

100

Status

Enter the value to filter alerts based on the status.

Text

Optional

Allowed values:

new, read, escalated, in_progress, closed, no_action_required, duplicate, not_relevant, tracked_external

Alert Type

Enter the type of alert to filter the response.

Text

Optional

Allowed values:

Compromised Credentials, Domain Discovery, Message, Forum Post, Paste, Tweet, Shop Listing, Web Content

Extra Params

Enter the extra parameters to list the DTM alerts.

Key Value

Optional

Allowed keys:

refs, since, until, monitor_id, replace_links, monitor_name, has_analysis, buckets, page, truncate, search, match_value, search_encoding, tags, severity, mscore_gte, sanitize

Search Filter

Enter a value to filter rulesets based on specific attribute values.

Example:

You can retrieve the enabled rulesets with enabled:true

Text

Optional

Allowed attributes:

enabled, name, tag, rules

Limit

Enter the maximum number of rulesets to retrieve.

Integer

Optional

Default value:

1

Cursor

Enter the continuation cursor to retrieve the next page of results.

Text

Optional

Order

Enter the order to sort the response.

Text

Optional

Allowed values:

name, creation_date, and modification_date

Limit

Enter the maximum number of private analyses to retrieve.

Integer

Optional

Maximum allowed value:

40

Default value:

10

Cursor

Enter the continuation cursor to retrieve the next page of results.

Text

Optional

Order

Enter the order to sort the response.

Text

Optional

Allowed values:

date- (for oldest first), date (for most recent first)

Default value:

date

Limit

Enter the maximum number of files to retrieve.

Integer

Optional

Maximum allowed value:

40

Default value:

10

Cursor

Enter the continuation cursor to retrieve the next page of results.

Text

Optional

Filter

Enter the filter in the format status:(value) to retrieve retrohunt jobs.

Example:

status:starting

Text

Optional

Allowed values:

starting, running, aborting, aborted, and finished

Limit

Enter the maximum number of retrohunt jobs to retrieve.

Integer

Optional

Default value:

10

Cursor

Enter the continuation cursor to retrieve the next page of results.

Text

Optional

URL

Enter the URL to scan.

Example:

https://sampledomain.com

Text

Required

User Agent

Enter the user agent string for scanning the URL.

Text

Optional

Sandboxes

Enter one or more comma-separated sandboxes where the URL will be scanned.

Example:

cape_win

Text

Optional

Allowed values:

cape_win, zenbox_windows.

Retention Period (days)

Enter the number of days the analysis report and URL will be retained in the database.

Integer

Optional

Allowed range:

1 to 28 days

Default value is your group's retention policy, typically 1 day.

Storage Region

Enter the storage region where the URL and its analysis results will be stored.

Text

Optional

Allowed values:

US, CA, EU, GB

Default value depends on your group's private scanning policy.

Interaction Sandbox

Enter the sandbox for interactive analysis.

Text

Optional

Allowed value:

cape_win

Default value:

cape_win

Interaction Timeout

Enter the timeout duration (in seconds) for the interactive sandbox.

Integer

Optional

Allowed range:

60 - 1800

Default value:

60

URL

Enter the URL to scan.

Example:

https://api.example.com/

Text

Required

Query

Enter the query to search. You can search for files, URLs, domains, and IP addresses.

Example:

\"sample query\"

Text

Required

Limit

Enter the maximum number of results to retrieve on each page.

Integer

Optional

Maximum allowed value:

300

Default value:

1

Cursor

Enter the continuation cursor to retrieve the next page of results.

Text

Optional

Order

Enter the order to sort the response.

Text

Optional

For supported orders, see Supported Sort Orders.

Descriptors Only

Choose true to retrieve only descriptors in the response. If you choose false, it retrieves the full object information.

Boolean

Optional

Default value:

false

Filter

Enter the filters to retrieve graphs matching the given criteria.

Example:

domain:hooli.com

Text

Optional

Allowed modifiers:

id, name, owner, group, visible_to_user, visible_to_group, private, creation_date, last_modified_date, total_nodes, comments_count, views_count, label, file, domain, ip_address, url, actor, victim, email, department

Limit

Enter the maximum number of graphs to retrieve.

Integer

Optional

Example:

10

Cursor

Enter the continuation cursor to retrieve the next page of results.

Text

Optional

Order

Enter the order to sort the response.

Text

Optional

Allowed fields:

name, owner, creation_date, last_modified_date, views_count, comments_count

Attributes

Enter the specific fields to retrieve in the response.

Example:

graph_data

Text

Optional

Search String

Enter the query to search for issues. By default, the search is performed on issue name.

Example:

collection:collectionname_a6mz56o first_seen_after:2022-01-01 last_seen_before:last_refresh

Text

Required

Allowed fields:

collection, name, uid, tag, last_seen_after, last_seen_before, first_seen_after, entity_uid, entity_type, entity_name, scoped, severity, severity_lte, severity_gte, status_new, status_detailed

Project ID

Enter the project ID to narrow the search to a specific project.

Example:

26483

Text

Optional

Page Size

Enter the number of results to be retrieved on each page.

Integer

Optional

Maximum allowed value:

1000

Default value:

50

Page Token

Enter the page token to retrieve the next set of search results.

Text

Optional

Issue ID

Enter the issue ID to set the status.

Text

Required

You can retrieve the issue ID using the Action: Search Issues.

Status Payload

Enter the status to set for an individual entity.

Example:

{status : open_new}

Key Value

Required

Allowed values:

open_new, open_triaged, open_in_progress, closed_resolved, closed_duplicate, closed_out_of_scope, closed_benign, closed_risk_accepted, closed_false_positive, closed_no_repro, closed_tracked_externally, closed

Project ID

Enter the ID of the project associated with the issue.

Example:

26483

Text

Optional

Ruleset ID

Enter the unique ID of the hunting ruleset to update.

Example:

21931181017

Text

Required

You can retrieve the ID using the Action: List Livehunt Rulesets.

Name

Enter a name for the hunting ruleset to update.

Example:

"malicious_activity"

Text

Required

YARA Rule

Enter the complete YARA rule content that defines the detection logic.

Example:

rule test { strings: $ = "foobar" condition: all of them }

Text

Required

File Path

Enter the file path to upload. The file size must be 64 MB or less.

Example:

c:\users\username\documents\sample.csv

Text

Required

File Path

Enter the file path to upload. The file size must be 64 MB or less.

Example:

c:\users\username\documents\sample.csv

Text

Required

Extra Fields

Enter the extra fields to upload a file for private scanning.

Key Value

Optional

Allowed keys:

command_line, disable_sandbox, enable_internet, intercept_tls, password, retention_period_days, storage_region, interaction_sandbox, interaction_timeout, locale

Method

Enter the HTTP method to make the request.

Text

Required

Allowed values:

GET, PUT, POST, DELETE

Endpoint

Enter the endpoint to make the request to.

Example:

intelligence/retrohunt_jobs

Text

Required

Query Params

Enter the query parameters to pass to the API.

Example:

{'limit': 100}

Key Value

Optional

JSON Payload

Enter the payload to pass to the API.

Example:

{"rules": }

Any

Optional

Extra Fields

Enter the extra fields to pass to the API.

Key Value

Optional

Allowed keys:

payload_json, download, files, filename, retry_wait, retry_count, custom_output, response_type

File

first_submission_date, last_submission_date, positives, times_submitted, size

last_submission_date-

URL

first_submission_date, last_submission_date, positives, times_submitted, status

last_submission_date-

Domain

creation_date, last_modification_date, last_update_date, positives

last_modification_date-

IP

ip, last_modification_date, positives

last_modification_date-