Cyware Collaborate
The Cyware Collaborate app is an automated threat alert aggregation and information-sharing platform that enables security teams to efficiently share alerts and notifications, enhancing seamless collaboration.
Supported Actions and Prompt Examples
The following table lists the supported actions and prompt examples for the action:
Action Name | Description | Prompt Example |
|---|---|---|
Create Alert | This action creates an alert on the Cyware Collaborate Analyst Portal and publishes it to the intended recipients. You can only create an alert if you are a privileged user. For more information, see Action: Create Alert. | Create an alert in Collaborate with title Malware Alert and description This is to notify you about the ongoing malware attacks , and status set to Draft. |
List Alerts | This action lists the alerts from the Cyware Collaborate application. For more information, see Action: List Alerts. | List alerts from Collaborate. |
Get Alert Details | This action retrieves the details of an alert using the specified alert ID. For privileged users, it retrieves details of alerts in all statuses. For members, it retrieves details only for published alerts that are shared with them. For more information, see Action: Get Alert Details. | Retrieve the details of the alert 0cc6a7ba from Collaborate. |
Install and Configure the App
Install and configure the required apps to enable Quarterback AI to perform various security-related tasks and provide relevant responses. After installing an app, you must create an instance that will be used to communicate with the app endpoints. An app can have multiple instances, and you can set a default instance from the configured instance list.
Before you Start
Ensure that you have the API token to authenticate with the Cyware Collaborate app.
Steps
To install and configure an app, follow these steps:
Go to the application, in the left pane, select Quarterback AI.
In Apps, select Cyware Collaborate and click Install.
After the app is installed, click Configure and enter the following details to create an instance:
Instance Name: Enter a name for the instance.
Instance Description: Enter a description for the instance.
Expiry: Select an expiry date for the instance.
Set as default instance: Select this option to set this instance as the default instance. By default, this instance will be used to perform actions from this app.
Access ID: Enter the access ID to access Collaborate. For example, 80bd31c8-76fe-4548-8d4d-a65c6d3491b7
Secret Key: Enter the secret key to access Collaborate. For example, 4217008c-f4c9-4307-b0b1-8286719b5907
Base URL: Enter the base URL to access Collaborate. For example, https://tenant.domain.tld/api/
Timeout: Enter the timeout value in seconds. This is the number of seconds that requests will wait to establish a connection with AbuseIPDB. You can enter values between 15 - 120 seconds. By default, 15 seconds is set.
Verify: Select this option to verify SSL while making requests. It is recommended to select this option to ensure a secure connection. By default, this option is not selected.
Click Done.
The instance is created, and you can view it in Instances. To create another instance, click Add Instance.
Action: Create Alert
This action creates an alert on the Cyware Collaborate Analyst Portal and publishes it to the intended recipients.
Note
You can only create an alert if you are a Privileged User.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Title | Enter the title of the alert. Example: Malware Alert | Text | Required | |
Content | Enter the description for the alert. Example: This is to notify you about the ongoing malware attacks. | Text | Required | |
Status | Enter the status of the alert. | Text | Required | Allowed values: DRAFT Default value: DRAFT |
Card Groups | Enter the list of recipient groups to whom the alert is published. | Any | Optional | This is a required field if the status is PUBLISHED. |
Attachments | Enter the list of document IDs or link to the documents to add attachments. | List | Optional | |
Extra Params | Enter the extra parameters to create an alert. | Key Value | Optional | Allowed keys: display_alert_image, card_image, type, tlp, card_category, card_category_name, card_info, tags, custom_fields, credibility, confidence, announcement_type, systemsaffected, info_source, document_type, risk, priority, vendorsnproduct, reportsource, vulnerability_type, vulnerability_source, targeted_sector, linked_alerts |
Example Request
[
{
"title": "Malware Alert",
"status": "PUBLISHED",
"content": "This is to notify you about the ongoing malware attacks.",
"card_group": [
{
"group_id": "f3da5053",
"group_name": "IT Professionals"
}
],
"extra_data": {
"tracking_id": "1111"
},
"attachments": [
"https://example.com/attachments/sample-file.pdf"
]
}
]Action: List Alerts
This action lists the alerts from the Cyware Collaborate application.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Status | Enter the status of the alerts to be retrieved. | Text | Optional | Allowed values: PUBLISHED, DRAFT, EXPIRED Default value: PUBLISHED |
Start Time | Enter the start date of the query in epoch format. Example: 1737405600 | Text | Optional | |
End Time | Enter the end date of the query in epoch format. Example: 1737441600 | Text | Optional | |
Query Params | Enter the query parameters in the form of key-value pairs to filter the response. Example: {"page": "1","status": "draft","pagesize": "1"} | Key Value | Optional | Allowed keys: page, status, page_size, start_time, end_time, category_id, title, tlp |
Example Request
[
{
"extra_params": {
"page": "1",
"status": "DRAFT",
"pagesize": "5"
}
}
]Action: Get Alert Details
This action retrieves the details of an alert using the specified alert ID. For Privileged Users, it retrieves details of alerts in all statuses. For Members, it retrieves details only for published alerts that are shared with them.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Alert ID | Enter the alert ID to retrieve its details. Example: 0cc6a7ba | Text | Required | You can retrieve this using the action List Alerts. |
Example Request
[
{
"alert_id": "127738ee"
}
]