Cyberint

a brief description goes here be sure to provide an overview of what the plugin does include description of the product being integrated, plus use cases/value prop of the swimlane integration prerequisites prerequisites, everything outside of the plugin itself this should include info on how to configure the device (api key, perms, ect) capabilities this plugin provides the following capabilities capabilities go here e g manage firewall policies instead of listing each individual tasks limitations include information about known limitations here, including supported or minimum versions, especially known unsupported versions asset setup the content here should discuss asset setup in a conversational manner be sure to include any known login and test connection errors tasks setup special task setup as needed depending on plugin, exclude if empty known available allowed input options from enum type selection notes any other notes not fitting other sections go here any reference urls to external docs or other resources configurations cyberint api key authentication authenticates cyberint using an api key configuration parameters parameter description type required url a url to the target host string required access token api key string required verify ssl verify ssl certificate boolean optional http proxy a proxy to route requests through string optional actions download daily ioc feed by type and activity the daily ioc feed api enables you to download a daily json lines format document by specifying the desired date, ioc type and detected activity endpoint url /ioc/api/v1/feed/daily method get input argument name type required description parameters detected activity string required parameters for the download daily ioc feed by type and activity action parameters ioc type string required parameters for the download daily ioc feed by type and activity action parameters date string required parameters for the download daily ioc feed by type and activity action parameters format string optional parameters for the download daily ioc feed by type and activity action input example {"parameters" {"detected activity" "malware payload","ioc type" "ipv4","date" "2024 02 28","format" "json1"}} output parameter type description status code number http status code of the response reason string response reason phrase file array output field file file file name string name of the resource file file string output field file file output example {"status code" 200,"reason" "ok","response headers" {},"json body" {}} get alert analysis report retrieve analysis report by alert reference id endpoint url /alert/api/v1/alerts/{{alert ref id}}/analysis report method get input argument name type required description path parameters alert ref id string required alert ref id input example {"path parameters" {"alert ref id" "string"}} output parameter type description status code number http status code of the response status string status value file array output field file file file name string name of the resource file file string output field file file output example {"status code" 302,"status" "ok","response headers" {},"json body" {}} get alert attachment retrieve attachment by alert reference id and attachment internal id endpoint url /alert/api/v1/alerts/{{alert ref id}}/attachments/{{attachment id}} method get input argument name type required description path parameters alert ref id string required alert ref id path parameters attachment id string required attachment id input example {"path parameters" {"alert ref id" "string","attachment id" "string"}} output parameter type description status code number http status code of the response status string status value file array output field file file file name string name of the resource file file string output field file file output example {"status code" 302,"status" "ok","response headers" {},"file" \[]} get alerts retrieves a list of up to 100 alerts, given the provided paging & filtering sorted by modification date if no filters provided will retrieve alerts modified in the past 24 hours from all environments endpoint url /alert/api/v1/alerts method post input argument name type required description page number optional page number to retrieve size number optional number of alerts per page filters object optional filters to retrieve alerts by filters created date object optional query alerts by creation date if specified filters created date from string required parameter for get alerts filters created date to string required parameter for get alerts filters modification date object optional query alerts by modification date if specified filters modification date from string required parameter for get alerts filters modification date to string required parameter for get alerts filters environments array optional filter alerts by environments if not specified, retrieves all alerts in customer environment and all sub environments filters status array optional filter alerts by status filters severity array optional filter alerts by severity filters type array optional filter alerts by type input example {"json body" {"page" 1,"size" 10,"filters" {"created date" {"from" "2019 08 24t14 15 22z","to" "2019 08 24t14 15 22z"},"modification date" {"from" "2019 08 24t14 15 22z","to" "2019 08 24t14 15 22z"},"environments" \["string"],"status" \["open"],"severity" \["low"],"type" \["refund fraud"]}}} output parameter type description status code number http status code of the response status string status value total number output field total alerts array output field alerts alerts environment string output field alerts environment alerts ref id string unique identifier alerts confidence number unique identifier alerts status string status value alerts severity string output field alerts severity alerts created date string date value alerts created by object output field alerts created by alerts created by email string output field alerts created by email alerts category string output field alerts category alerts type string type of the resource alerts source category string output field alerts source category alerts source string output field alerts source alerts targeted vectors array output field alerts targeted vectors alerts targeted vectors file name string name of the resource alerts targeted vectors file string output field alerts targeted vectors file alerts targeted brands array output field alerts targeted brands alerts targeted brands file name string name of the resource alerts targeted brands file string output field alerts targeted brands file alerts related entities array output field alerts related entities alerts related entities file name string name of the resource alerts related entities file string output field alerts related entities file output example {"status code" 200,"status" "ok","response headers" {},"json body" {"total" 0,"alerts" \[{}]}} get domain ioc get domain ioc endpoint url /ioc/api/v1/domain method get input argument name type required description parameters value string required parameters for the get domain ioc action input example {"parameters" {"value" "string"}} output parameter type description status code number http status code of the response reason string response reason phrase data object response data data entity object response data data entity type string response data data entity value string response data data risk object response data data risk malicious score number response data data risk detected activities array response data data risk detected activities type string response data data risk detected activities observation date string response data data risk detected activities description string response data data risk detected activities confidence number response data data risk detected activities occurrences count number response data data risk occurrences count number response data data enrichment object response data data enrichment ips array response data data enrichment whois object response data data enrichment whois registrant name string response data data enrichment whois registrant email string response data data enrichment whois registrant organization string response data data enrichment whois registrant country string response data data enrichment whois registrant telephone string response data data enrichment whois technical contact email string response data data enrichment whois technical contact name string response data output example {"status code" 200,"reason" "ok","response headers" {},"json body" {"data" {"entity" {},"risk" {},"enrichment" {}}}} get enriched cve get enriched cve endpoint url /cve intel/get enriched cve/{{cve id}} method get input argument name type required description path parameters cve id string required cve id input example {"path parameters" {"cve id" "string"}} output parameter type description status code number http status code of the response status string status value data object response data data id string response data data cve object response data data configurations object response data data impact object response data data published date string response data data last modified date string response data data cyberint score number response data data research content object response data data known exploited vulnerability boolean response data data epss object response data data cwes array response data data indicators array response data data tags array response data data indicators histogram object response data output example {"status code" 200,"status" "ok","response headers" {},"json body" {"data" {"id" "string","cve" {},"configurations" {},"impact" {},"published date" "2019 08 24t14 15 22z","last modified date" "2019 08 24t14 15 22z","cyberint score" 10,"research content" {},"known exploited vulnerability"\ true,"epss" {},"cwes" \[],"indicators" \[],"tags" \[],"indicators histogram" {}}}} get file sha256 ioc get file sha256 ioc endpoint url /ioc/api/v1/file/sha256 method get input argument name type required description parameters value string required parameters for the get file sha256 ioc action input example {"parameters" {"value" "string"}} output parameter type description status code number http status code of the response reason string response reason phrase data object response data data entity object response data data entity type string response data data entity value string response data data risk object response data data risk malicious score number response data data risk detected activities array response data data risk detected activities type string response data data risk detected activities observation date string response data data risk detected activities description string response data data risk detected activities confidence number response data data risk detected activities occurrences count number response data data risk occurrences count number response data data enrichment object response data data enrichment filenames array response data data enrichment first seen string response data data enrichment download urls array response data output example {"status code" 200,"reason" "ok","response headers" {},"json body" {"data" {"entity" {},"risk" {},"enrichment" {}}}} get ipv4 ioc get ipv4 ioc endpoint url /ioc/api/v1/ipv4 method get input argument name type required description parameters value string required parameters for the get ipv4 ioc action input example {"parameters" {"value" "string"}} output parameter type description status code number http status code of the response reason string response reason phrase data object response data data entity object response data data entity type string response data data entity value string response data data risk object response data data risk malicious score number response data data risk detected activities array response data data risk detected activities type string response data data risk detected activities observation date string response data data risk detected activities description string response data data risk detected activities confidence number response data data risk detected activities occurrences count number response data data risk occurrences count number response data data enrichment object response data data enrichment geo object response data data enrichment geo country string response data data enrichment geo city string response data data enrichment asn object response data data enrichment asn number number response data data enrichment asn organization string response data data enrichment suspicious urls array response data data enrichment suspicious domains array response data output example {"status code" 200,"reason" "ok","response headers" {},"json body" {"data" {"entity" {},"risk" {},"enrichment" {}}}} get url ioc get url ioc endpoint url /ioc/api/v1/url method get input argument name type required description parameters value string required parameters for the get url ioc action input example {"parameters" {"value" "string"}} output parameter type description status code number http status code of the response reason string response reason phrase data object response data data entity object response data data entity type string response data data entity value string response data data risk object response data data risk malicious score number response data data risk detected activities array response data data risk detected activities type string response data data risk detected activities observation date string response data data risk detected activities description string response data data risk detected activities confidence number response data data risk detected activities occurrences count number response data data risk occurrences count number response data data enrichment object response data data enrichment ips array response data data enrichment hostname string response data data enrichment domain string response data output example {"status code" 200,"reason" "ok","response headers" {},"json body" {"data" {"entity" {},"risk" {},"enrichment" {}}}} update alert status update up to 100 alerts status in case of updating the status to 'close' the 'closure reason' is required endpoint url /alert/api/v1/alerts/status method put input argument name type required description alert ref ids array optional ref id of the requested alerts data object optional response data data status string optional desired status to update for the alerts data closure reason string optional reason for updating the alerts status to close input example {"json body" {"alert ref ids" \["1","2"],"data" {"status" "closed","closure reason" "resolved"}}} output parameter type description status code number http status code of the response status string status value output example {"status code" 200,"status" "ok","response headers" {},"json body" {}} response headers header description example content type the media type of the resource application/json date the date and time at which the message was originated thu, 01 jan 2024 00 00 00 gmt