Cybersixgill

the cybersixgill connector provides integration with the cybersixgill threat intelligence service, enabling users to automate the monitoring and management of cyber threats directly from the swimlane platform cybersixgill offers a deep and dark web intelligence platform that provides organizations with continuous threat monitoring and tailored threat intelligence by integrating the cybersixgill connector with swimlane turbine, users can automate the process of managing actionable alerts, querying threat intelligence, and updating alert statuses directly within their security workflows this integration empowers security teams to proactively manage threats, streamline incident response, and enhance their overall security posture with up to date intelligence from cybersixgill's extensive data collection prerequisites to effectively utilize the cybersixgill connector within swimlane turbine, ensure you have the following prerequisites oauth 2 0 client credentials authentication with the following parameters url endpoint for cybersixgill api access client id unique identifier for oauth 2 0 authentication client secret confidential key for oauth 2 0 authentication capabilities this connector provides the following capabilities get actionable alerts by id deletes a list of actionable alerts by id updates a list of actionable alerts by id get actionable alerts statistics per user gets an actionable alert by id deletes an actionable alert by id updates an actionable alert by id iq/chat enter a question and return a response iq/chat by request id configurations cybersixgill oauth 2 0 client credentials authenticates using oauth 2 0 client credentials configuration parameters parameter description type required url a url to the target host string required client id the client id string required client secret the client secret string required verify ssl verify ssl certificate boolean optional http proxy a proxy to route requests through string optional actions delete actionable alert by id removes a specified actionable alert from cybersixgill using the unique alert id provided endpoint url /alerts/actionable alert/{{id}} method delete input argument name type required description path parameters id string required parameters for the delete actionable alert by id action input example {"path parameters" {"id" "5fbcfeb23a5ce900013de081"}} output parameter type description status code number http status code of the response reason string response reason phrase items modified array output field items modified items modified count number count value message string response message status number status value output example {"items modified" \["5fbcfeb23a5ce900013de081"],"items modified count" 1,"message" "successfully deleted 5fbcfeb23a5ce900013de081","status" 200} delete actionable alerts removes specified actionable alerts from cybersixgill using a list of ids, with support for additional filtering options endpoint url /alerts/actionable alert method delete input argument name type required description parameters organization id string optional parameters for the delete actionable alerts action parameters is read string optional parameters for the delete actionable alerts action parameters threat level string optional parameters for the delete actionable alerts action parameters threat type string optional parameters for the delete actionable alerts action data body string required response data input example {"parameters" {"organization id" "string","is read" "unread","threat level" "emerging","threat type" "string"},"data body" "\[\\"5ebc3929a4a7e300012365ae\\"]"} output parameter type description status code number http status code of the response reason string response reason phrase items modified count number count value message string response message status number status value output example {"status code" 200,"response headers" {},"reason" "ok","json body" {"items modified count" 1,"message" "successfully deleted 1 actionable alerts","status" 200}} get actionable alert by id retrieve a specific actionable alert from cybersixgill using the unique alert id endpoint url /alerts/actionable alert/{{id}} method get input argument name type required description parameters organization id string optional parameters for the get actionable alert by id action path parameters id string required parameters for the get actionable alert by id action input example {"parameters" {"organization id" "string"},"path parameters" {"id" "string"}} output parameter type description status code number http status code of the response reason string response reason phrase additional info object output field additional info additional info asset attributes array output field additional info asset attributes additional info date string date value additional info matched organization aliases array output field additional info matched organization aliases additional info matched organization aliases file name string name of the resource additional info matched organization aliases file string output field additional info matched organization aliases file additional info organization aliases array output field additional info organization aliases additional info organization name string name of the resource additional info post attributes array output field additional info post attributes additional info query attributes array output field additional info query attributes additional info site string output field additional info site additional info template id string unique identifier alert id string unique identifier alert name string name of the resource assessment string output field assessment category string output field category content type string type of the resource description string output field description es id string unique identifier es item object output field es item es item category string output field es item category es item channel message id number unique identifier es item collection date string date value output example {"additional info" {"asset attributes" \["string"],"date" "2024 01 01t00 00 00z","matched organization aliases" \[{}],"organization aliases" \["string"],"organization name" "example name","post attributes" \["string"],"query attributes" \["string"],"site" "string","template id" "string"},"alert id" "string","alert name" "example name","assessment" "string","category" "string","content type" "string","description" "string","es id" "string","es item" {"category" "string","channel message id" 123,"colle get actionable alert stats per user retrieve statistics for actionable alerts on a per user basis in cybersixgill endpoint url /alerts/actionable alert/stats method get input argument name type required description parameters organization id string optional parameters for the get actionable alert stats per user action parameters threat level string optional parameters for the get actionable alert stats per user action input example {"parameters" {"organization id" "string","threat level" "emerging"}} output parameter type description status code number http status code of the response reason string response reason phrase by threat level object output field by threat level by threat level emerging number output field by threat level emerging by threat level imminent number output field by threat level imminent by threat type object type of the resource by threat type brand protection number type of the resource by threat type compromised accounts number type of the resource by threat type ddos attack number type of the resource by threat type data leak number response data by threat type defacement number type of the resource by threat type fraud number type of the resource by threat type malware number type of the resource by threat type phishing number type of the resource by threat type vulnerability exploit number type of the resource by threat type web attack number type of the resource total number output field total output example {"by threat level" {"emerging" 140,"imminent" 360},"by threat type" {"brand protection" 9,"compromised accounts" 48,"ddos attack" 96,"data leak" 49,"defacement" 97,"fraud" 164,"malware" 9,"phishing" 82,"vulnerability exploit" 129,"web attack" 96},"total" 500} get actionable alerts retrieve a list of actionable alerts from cybersixgill using optional filters to refine results endpoint url /alerts/actionable alert method get input argument name type required description parameters alert type id string optional parameters for the get actionable alerts action parameters organization id string optional parameters for the get actionable alerts action parameters sort by string optional parameters for the get actionable alerts action parameters sort order string optional parameters for the get actionable alerts action parameters offset string optional parameters for the get actionable alerts action parameters fetch size string optional parameters for the get actionable alerts action parameters from date string optional parameters for the get actionable alerts action parameters to date string optional parameters for the get actionable alerts action parameters is read string optional parameters for the get actionable alerts action parameters threat level string optional parameters for the get actionable alerts action parameters threat type string optional parameters for the get actionable alerts action input example {"parameters" {"alert type id" "string","organization id" "string","sort by" "date","sort order" "asc","offset" "200","fetch size" "50","from date" "yyyy mm dd","to date" "yyyy mm dd","is read" "unread","threat level" "imminent","threat type" "string"}} output parameter type description status code number http status code of the response reason string response reason phrase output example {"alert name" "rogueappalert","category" "regular","content" "string","date" "2020 05 13 18 15 05","id" "5ebc3929a4a7e300012365ae","read"\ false,"severity" 10,"threat level" "imminent","threats" \["data leak","brand protection","phishing"],"title" "an app matching jj halen assets was found in an app store","user id" "5d2336aef8db38787dbe4f69"} iq chat pose a question to cybersixgill's iq and receive relevant answers, requiring a 'query' in the json body endpoint url /iq/chat method post input argument name type required description query string optional parameter for iq chat add references boolean optional parameter for iq chat input example {"json body" {"query" "is there a cve related to the blacklotus malware?","add references"\ false}} output parameter type description status code number http status code of the response reason string response reason phrase answer string output field answer request id string unique identifier output example {"status code" 200,"response headers" {},"reason" "ok","json body" {"answer" "yes, there is a cve related to the blacklotus malware the cve is cve2022 21894 ","request id" "846c19a4 a70c 4595 ac19 a4a70c9595d4"}} iq chat by request id retrieve query results applicable to your organization using the id from a previous iq/chat request in cybersixgill endpoint url /iq/chat/my organization method post input argument name type required description answer request id string optional unique identifier input example {"json body" {"answer request id" "5607113f b7e2 4a50 adcb 7f1634baa228"}} output parameter type description status code number http status code of the response reason string response reason phrase answer string output field answer request id string unique identifier output example {"status code" 200,"response headers" {},"reason" "ok","json body" {"answer" "string","request id" "fc01ca85 f074 4e84 81ca 85f074be8442"}} update actionable alert by id updates a specific actionable alert in cybersixgill using its unique id with parameters like read status, threat level, and current status endpoint url /alerts/actionable alert/{{id}} method patch input argument name type required description path parameters id string required parameters for the update actionable alert by id action parameters organization id string optional parameters for the update actionable alert by id action read string optional parameter for update actionable alert by id threat level string optional parameter for update actionable alert by id status string optional status value input example {"parameters" {"organization id" "string"},"json body" {"read" "read","threat level" "emerging","status" "resolved"},"path parameters" {"id" "5fbcfeb23a5ce900013de081"}} output parameter type description status code number http status code of the response reason string response reason phrase items modified array output field items modified items modified count number count value message string response message status number status value output example {"status code" 200,"response headers" {},"reason" "ok","json body" {"items modified" \["5fbcfeb23a5ce900013de081"],"items modified count" 1,"message" "successfully deleted 5fbcfeb23a5ce900013de081","status" 200}} update actionable alerts updates cybersixgill actionable alerts by id, with options to mark as read/unread and change treatment status endpoint url /alerts/actionable alert method patch input argument name type required description parameters organization id string optional parameters for the update actionable alerts action id list array optional unique identifier set read string optional parameter for update actionable alerts threat level string optional parameter for update actionable alerts threat type string optional type of the resource input example {"parameters" {"organization id" "string"},"json body" {"id list" \["5fb4c6a6d604c200010f0916"],"set read" "read","threat level" "emerging","threat type" "string"}} output parameter type description status code number http status code of the response reason string response reason phrase items modified count number count value message string response message status number status value output example {"status code" 200,"response headers" {},"reason" "ok","json body" {"items modified count" 1,"message" "successfully updated 1 actionable alerts","status" 200}} response headers header description example content type the media type of the resource application/json date the date and time at which the message was originated thu, 01 jan 2024 00 00 00 gmt