Cybersixgill

the cybersixgill connector provides integration with the cybersixgill threat intelligence service, enabling users to automate the monitoring and management of cyber threats directly from the swimlane platform cybersixgill offers a deep and dark web intelligence platform that provides organizations with continuous threat monitoring and tailored threat intelligence by integrating the cybersixgill connector with swimlane turbine, users can automate the process of managing actionable alerts, querying threat intelligence, and updating alert statuses directly within their security workflows this integration empowers security teams to proactively manage threats, streamline incident response, and enhance their overall security posture with up to date intelligence from cybersixgill's extensive data collection prerequisites to effectively utilize the cybersixgill connector within swimlane turbine, ensure you have the following prerequisites oauth 2 0 client credentials authentication with the following parameters url endpoint for cybersixgill api access client id unique identifier for oauth 2 0 authentication client secret confidential key for oauth 2 0 authentication capabilities this connector provides the following capabilities get actionable alerts by id deletes a list of actionable alerts by id updates a list of actionable alerts by id get actionable alerts statistics per user gets an actionable alert by id deletes an actionable alert by id updates an actionable alert by id iq/chat enter a question and return a response iq/chat by request id configurations cybersixgill oauth 2 0 client credentials authenticates using oauth 2 0 client credentials configuration parameters parameter description type required url a url to the target host string required client id the client id string required client secret the client secret string required verify ssl verify ssl certificate boolean optional http proxy a proxy to route requests through string optional actions delete actionable alert by id removes a specified actionable alert from cybersixgill using the unique alert id provided endpoint url /alerts/actionable alert/{{id}} method delete input argument name type required description id string required unique identifier output parameter type description status code number http status code of the response reason string response reason phrase items modified array output field items modified items modified count number count value message string response message status number status value example \[ { "status code" 200, "response headers" { "content type" "application/json", "date" "thu, 01 jan 2024 00 00 00 gmt" }, "reason" "ok", "json body" { "items modified" \[], "items modified count" 123, "message" "string", "status" 123 } } ] delete actionable alerts removes specified actionable alerts from cybersixgill using a list of ids, with support for additional filtering options endpoint url /alerts/actionable alert method delete input argument name type required description organization id string optional unique identifier is read string optional parameter for delete actionable alerts threat level string optional parameter for delete actionable alerts threat type string optional type of the resource data body string required response data output parameter type description status code number http status code of the response reason string response reason phrase items modified count number count value message string response message status number status value example \[ { "status code" 200, "response headers" {}, "reason" "ok", "json body" { "items modified count" 1, "message" "successfully deleted 1 actionable alerts", "status" 200 } } ] get actionable alert by id retrieve a specific actionable alert from cybersixgill using the unique alert id endpoint url /alerts/actionable alert/{{id}} method get input argument name type required description organization id string optional unique identifier id string required unique identifier output parameter type description status code number http status code of the response reason string response reason phrase additional info object output field additional info asset attributes array output field asset attributes date string date value matched organization aliases array output field matched organization aliases file name string name of the resource file string output field file organization aliases array output field organization aliases organization name string name of the resource post attributes array output field post attributes query attributes array output field query attributes site string output field site template id string unique identifier alert id string unique identifier alert name string name of the resource assessment string output field assessment category string output field category content type string type of the resource description string output field description es id string unique identifier es item object output field es item category string output field category channel message id number unique identifier collection date string date value example \[ { "status code" 200, "response headers" { "content type" "application/json", "date" "thu, 01 jan 2024 00 00 00 gmt" }, "reason" "ok", "json body" { "additional info" {}, "alert id" "string", "alert name" "example name", "assessment" "string", "category" "string", "content type" "string", "description" "string", "es id" "string", "es item" {}, "id" "12345678 1234 1234 1234 123456789abc", "lang" "string", "langcode" "string", "read" true, "recommendations" \[], "severity" 123 } } ] get actionable alert stats per user retrieve statistics for actionable alerts on a per user basis in cybersixgill endpoint url /alerts/actionable alert/stats method get input argument name type required description organization id string optional unique identifier threat level string optional parameter for get actionable alert stats per user output parameter type description status code number http status code of the response reason string response reason phrase by threat level object output field by threat level emerging number output field emerging imminent number output field imminent by threat type object type of the resource brand protection number output field brand protection compromised accounts number output field compromised accounts ddos attack number output field ddos attack data leak number response data defacement number output field defacement fraud number output field fraud malware number output field malware phishing number output field phishing vulnerability exploit number output field vulnerability exploit web attack number output field web attack total number output field total example \[ { "status code" 200, "response headers" { "content type" "application/json", "date" "thu, 01 jan 2024 00 00 00 gmt" }, "reason" "ok", "json body" { "by threat level" {}, "by threat type" {}, "total" 123 } } ] get actionable alerts retrieve a list of actionable alerts from cybersixgill using optional filters to refine results endpoint url /alerts/actionable alert method get input argument name type required description alert type id string optional unique identifier organization id string optional unique identifier sort by string optional parameter for get actionable alerts sort order string optional parameter for get actionable alerts offset string optional parameter for get actionable alerts fetch size string optional parameter for get actionable alerts from date string optional date value to date string optional date value is read string optional parameter for get actionable alerts threat level string optional parameter for get actionable alerts threat type string optional type of the resource output parameter type description status code number http status code of the response reason string response reason phrase example \[ { "status code" 200, "response headers" { "content type" "application/json", "date" "thu, 01 jan 2024 00 00 00 gmt" }, "reason" "ok", "json body" \[] } ] iq chat pose a question to cybersixgill's iq and receive relevant answers, requiring a 'query' in the json body endpoint url /iq/chat method post input argument name type required description query string required parameter for iq chat add references boolean optional parameter for iq chat output parameter type description status code number http status code of the response reason string response reason phrase answer string output field answer request id string unique identifier example \[ { "status code" 200, "response headers" {}, "reason" "ok", "json body" { "answer" "yes, there is a cve related to the blacklotus malware the cve is cve2022 21894 ", "request id" "846c19a4 a70c 4595 ac19 a4a70c9595d4" } } ] iq chat by request id retrieve query results applicable to your organization using the id from a previous iq/chat request in cybersixgill endpoint url /iq/chat/my organization method post input argument name type required description answer request id string required unique identifier output parameter type description status code number http status code of the response reason string response reason phrase answer string output field answer request id string unique identifier example \[ { "status code" 200, "response headers" {}, "reason" "ok", "json body" { "answer" "string", "request id" "fc01ca85 f074 4e84 81ca 85f074be8442" } } ] update actionable alert by id updates a specific actionable alert in cybersixgill using its unique id with parameters like read status, threat level, and current status endpoint url /alerts/actionable alert/{{id}} method patch input argument name type required description id string required unique identifier organization id string optional unique identifier read string required parameter for update actionable alert by id threat level string required parameter for update actionable alert by id status string required status value output parameter type description status code number http status code of the response reason string response reason phrase items modified array output field items modified items modified count number count value message string response message status number status value example \[ { "status code" 200, "response headers" {}, "reason" "ok", "json body" { "items modified" \[], "items modified count" 1, "message" "successfully deleted 5fbcfeb23a5ce900013de081", "status" 200 } } ] update actionable alerts updates cybersixgill actionable alerts by id, with options to mark as read/unread and change treatment status endpoint url /alerts/actionable alert method patch input argument name type required description organization id string optional unique identifier id list array optional unique identifier set read string optional parameter for update actionable alerts threat level string optional parameter for update actionable alerts threat type string optional type of the resource output parameter type description status code number http status code of the response reason string response reason phrase items modified count number count value message string response message status number status value example \[ { "status code" 200, "response headers" {}, "reason" "ok", "json body" { "items modified count" 1, "message" "successfully updated 1 actionable alerts", "status" 200 } } ] response headers header description example content type the media type of the resource application/json date the date and time at which the message was originated thu, 01 jan 2024 00 00 00 gmt