CTM360 CyberBlindSpot

the ctm360 cyberblindspot connector integrates with swimlane turbine to allow for automated actions using the ctm360 cyberblindspot apis prerequisites this connector requires the following input parameters to authenticate url api key capabilities this connector provides the following capabilities close incident incident request takedown list incident configurations api key authentication authenticates using an api key configuration parameters parameter description type required url a url to the target host string required api key api key string required verify ssl verify ssl certificate boolean optional http proxy a proxy to route requests through string optional actions close incident close a cbs incident endpoint url /api/v2/incidents/close incident method post input argument name type required description ticketid string required unique identifier output parameter type description status code number http status code of the response reason string response reason phrase statuscode number status value success boolean whether the operation was successful message string response message example \[ { "status code" 200, "response headers" { "content type" "application/json; charset=utf 8", "content length" "81", "connection" "keep alive", "date" "wed, 03 apr 2024 06 30 55 gmt", "server" "nginx", "vary" "origin", "access control allow credentials" "true", "etag" "w/\\"51 awox9vbgknj2dj2bqic/jdmp5dg\\"", "x cache" "error from cloudfront", "via" "1 1 719a8a3051824d9bf82ea46b74aff862 cloudfront net (cloudfront)", "x amz cf pop" "bom78 p4", "x amz cf id" "kjvsm yq3eq9kdinpe0mo4xqavombz8hat76spytqz5f4hic2gaamg==" }, "reason" "ok", "json body" { "statuscode" 200, "success" false, "message" "success" } } ] incident request takedown request a takedown of the asset where the incident was found endpoint url /api/v2/incidents/request takedown method post input argument name type required description ticketid string required unique identifier output parameter type description status code number http status code of the response reason string response reason phrase statuscode number status value success boolean whether the operation was successful message string response message example \[ { "status code" 200, "response headers" { "content type" "application/json; charset=utf 8", "content length" "81", "connection" "keep alive", "date" "tue, 02 apr 2024 10 46 04 gmt", "server" "nginx", "vary" "origin", "access control allow credentials" "true", "etag" "w/\\"51 awox9vbgknj2dj2bqic/jdmp5dg\\"", "x cache" "error from cloudfront", "via" "1 1 42a0bfce97a174e5c6d2b115346fb472 cloudfront net (cloudfront)", "x amz cf pop" "hyd50 c2", "x amz cf id" "ceaxu8ehhoapmforcss4t zdkpzjcfakty6nz2zacnspx9ihyzmcig==" }, "reason" "ok", "json body" { "statuscode" 200, "success" false, "message" "success" } } ] list incident get the list of incidents from cbs endpoint url /api/v2/incidents method get input argument name type required description datefrom string optional parameter for list incident dateto string optional parameter for list incident maxhits number optional parameter for list incident order string optional parameter for list incident output parameter type description status code number http status code of the response reason string response reason phrase statuscode number status value success boolean whether the operation was successful message string response message incident list array unique identifier id string unique identifier subject string output field subject severity string output field severity type string type of the resource class string output field class status string status value coa string output field coa remarks string output field remarks created date string date value updated date string date value brand string output field brand timestamp number output field timestamp count number count value example \[ { "status code" 200, "response headers" { "content type" "application/json; charset=utf 8", "content length" "2871467", "connection" "keep alive", "date" "tue, 02 apr 2024 11 11 49 gmt", "server" "nginx", "vary" "origin", "access control allow credentials" "true", "etag" "w/\\"2bd0ab foqlqmlu7kr3bqpp/d80n0i/hpu\\"", "x cache" "miss from cloudfront", "via" "1 1 c3c13380d1c5bf8586d7fd3d4dbe9502 cloudfront net (cloudfront)", "x amz cf pop" "hyd50 c2", "x amz cf id" "sbywlgqdkcgdnpnhykdgax2fhdpajvulr9iqkq7ejxswsit2tz pfw==" }, "reason" "ok", "json body" { "statuscode" 200, "success" true, "message" "success", "incident list" \[], "count" 7739 } } ] response headers header description example access control allow credentials http response header access control allow credentials true connection http response header connection keep alive content length the length of the response body in bytes 81 content type the media type of the resource application/json; charset=utf 8 date the date and time at which the message was originated wed, 03 apr 2024 06 30 55 gmt etag an identifier for a specific version of a resource w/"2bd0ab foqlqmlu7kr3bqpp/d80n0i/hpu" server information about the software used by the origin server nginx vary http response header vary origin via http response header via 1 1 719a8a3051824d9bf82ea46b74aff862 cloudfront net (cloudfront) x amz cf id http response header x amz cf id sbywlgqdkcgdnpnhykdgax2fhdpajvulr9iqkq7ejxswsit2tz pfw== x amz cf pop http response header x amz cf pop hyd50 c2 x cache http response header x cache error from cloudfront