Cyberint

a brief description goes here be sure to provide an overview of what the plugin does include description of the product being integrated, plus use cases/value prop of the swimlane integration prerequisites prerequisites, everything outside of the plugin itself this should include info on how to configure the device (api key, perms, ect) capabilities this plugin provides the following capabilities capabilities go here e g manage firewall policies instead of listing each individual tasks limitations include information about known limitations here, including supported or minimum versions, especially known unsupported versions asset setup the content here should discuss asset setup in a conversational manner be sure to include any known login and test connection errors tasks setup special task setup as needed depending on plugin, exclude if empty known available allowed input options from enum type selection configurations cyberint api key authentication authenticates cyberint using an api key configuration parameters parameter description type required url a url to the target host string required access token api key string required verify ssl verify ssl certificate boolean optional http proxy a proxy to route requests through string optional actions download daily ioc feed by type and activity the daily ioc feed api enables you to download a daily json lines format document by specifying the desired date, ioc type and detected activity endpoint url /ioc/api/v1/feed/daily method get input argument name type required description detected activity string required parameter for download daily ioc feed by type and activity ioc type string required type of the resource date string required date value format string optional parameter for download daily ioc feed by type and activity output parameter type description status code number http status code of the response reason string response reason phrase file array output field file file name string name of the resource file string output field file example \[ { "status code" 200, "reason" "ok", "response headers" {}, "json body" {} } ] get alert analysis report retrieve analysis report by alert reference id endpoint url /alert/api/v1/alerts/{{alert ref id}}/analysis report method get input argument name type required description alert ref id string required alert ref id output parameter type description status code number http status code of the response status string status value file array output field file file name string name of the resource file string output field file example \[ { "status code" 302, "status" "ok", "response headers" {}, "json body" {} } ] get alert attachment retrieve attachment by alert reference id and attachment internal id endpoint url /alert/api/v1/alerts/{{alert ref id}}/attachments/{{attachment id}} method get input argument name type required description alert ref id string required alert ref id attachment id string required attachment id output parameter type description status code number http status code of the response status string status value file array output field file file name string name of the resource file string output field file example \[ { "status code" 302, "status" "ok", "response headers" {}, "file" \[] } ] get alerts retrieves a list of up to 100 alerts, given the provided paging & filtering sorted by modification date if no filters provided will retrieve alerts modified in the past 24 hours from all environments endpoint url /alert/api/v1/alerts method post input argument name type required description page number optional page number to retrieve size number optional number of alerts per page filters object optional filters to retrieve alerts by created date object optional query alerts by creation date if specified from string required parameter for get alerts to string required parameter for get alerts modification date object optional query alerts by modification date if specified from string required parameter for get alerts to string required parameter for get alerts environments array optional filter alerts by environments if not specified, retrieves all alerts in customer environment and all sub environments status array optional filter alerts by status severity array optional filter alerts by severity type array optional filter alerts by type output parameter type description status code number http status code of the response status string status value total number output field total alerts array output field alerts environment string output field environment ref id string unique identifier confidence number unique identifier status string status value severity string output field severity created date string date value created by object output field created by email string output field email category string output field category type string type of the resource source category string output field source category source string output field source targeted vectors array output field targeted vectors file name string name of the resource file string output field file targeted brands array output field targeted brands file name string name of the resource file string output field file related entities array output field related entities file name string name of the resource file string output field file example \[ { "status code" 200, "status" "ok", "response headers" {}, "json body" { "total" 0, "alerts" \[] } } ] get domain ioc get domain ioc endpoint url /ioc/api/v1/domain method get input argument name type required description value string required value for the parameter output parameter type description status code number http status code of the response reason string response reason phrase data object response data entity object output field entity type string type of the resource value string value for the parameter risk object output field risk malicious score number score value detected activities array output field detected activities type string type of the resource observation date string date value description string output field description confidence number unique identifier occurrences count number count value occurrences count number count value enrichment object output field enrichment ips array output field ips whois object output field whois registrant name string name of the resource registrant email string output field registrant email registrant organization string output field registrant organization registrant country string output field registrant country registrant telephone string output field registrant telephone technical contact email string output field technical contact email technical contact name string name of the resource example \[ { "status code" 200, "reason" "ok", "response headers" {}, "json body" { "data" {} } } ] get enriched cve get enriched cve endpoint url /cve intel/get enriched cve/{{cve id}} method get input argument name type required description cve id string required cve id output parameter type description status code number http status code of the response status string status value data object response data id string unique identifier cve object output field cve configurations object output field configurations impact object output field impact published date string date value last modified date string date value cyberint score number score value research content object response content known exploited vulnerability boolean output field known exploited vulnerability epss object output field epss cwes array output field cwes indicators array output field indicators tags array output field tags indicators histogram object output field indicators histogram example \[ { "status code" 200, "status" "ok", "response headers" {}, "json body" { "data" {} } } ] get file sha256 ioc get file sha256 ioc endpoint url /ioc/api/v1/file/sha256 method get input argument name type required description value string required value for the parameter output parameter type description status code number http status code of the response reason string response reason phrase data object response data entity object output field entity type string type of the resource value string value for the parameter risk object output field risk malicious score number score value detected activities array output field detected activities type string type of the resource observation date string date value description string output field description confidence number unique identifier occurrences count number count value occurrences count number count value enrichment object output field enrichment filenames array name of the resource first seen string output field first seen download urls array url endpoint for the request example \[ { "status code" 200, "reason" "ok", "response headers" {}, "json body" { "data" {} } } ] get ipv4 ioc get ipv4 ioc endpoint url /ioc/api/v1/ipv4 method get input argument name type required description value string required value for the parameter output parameter type description status code number http status code of the response reason string response reason phrase data object response data entity object output field entity type string type of the resource value string value for the parameter risk object output field risk malicious score number score value detected activities array output field detected activities type string type of the resource observation date string date value description string output field description confidence number unique identifier occurrences count number count value occurrences count number count value enrichment object output field enrichment geo object output field geo country string output field country city string output field city asn object output field asn number number output field number organization string output field organization suspicious urls array url endpoint for the request suspicious domains array output field suspicious domains example \[ { "status code" 200, "reason" "ok", "response headers" {}, "json body" { "data" {} } } ] get url ioc get url ioc endpoint url /ioc/api/v1/url method get input argument name type required description value string required value for the parameter output parameter type description status code number http status code of the response reason string response reason phrase data object response data entity object output field entity type string type of the resource value string value for the parameter risk object output field risk malicious score number score value detected activities array output field detected activities type string type of the resource observation date string date value description string output field description confidence number unique identifier occurrences count number count value occurrences count number count value enrichment object output field enrichment ips array output field ips hostname string name of the resource domain string output field domain example \[ { "status code" 200, "reason" "ok", "response headers" {}, "json body" { "data" {} } } ] update alert status update up to 100 alerts status in case of updating the status to 'close' the 'closure reason' is required endpoint url /alert/api/v1/alerts/status method put input argument name type required description alert ref ids array required ref id of the requested alerts data object required response data status string optional desired status to update for the alerts closure reason string optional reason for updating the alerts status to close output parameter type description status code number http status code of the response status string status value example \[ { "status code" 200, "status" "ok", "response headers" {}, "json body" {} } ] notes any other notes not fitting other sections go here any reference urls to external docs or other resources