CYFIRMA

9 min

cyfirma is an external threat landscape management platform company offering predictive threat visibility and intelligence capabilities this connector provides the following capabilities get ioc asset setup the cyfirma asset requires an url and an api key to interact with the api configurations api key authentication authenticates using an api key configuration parameters parameter description type required url a url to the target host string required key key string required verify ssl verify ssl certificate boolean optional http proxy a proxy to route requests through string optional actions get ioc this action provides the iocs in stix 1 1 json format endpoint url /core/api ua/threatioc/stix json method get input argument name type required description delta boolean required true will return only the iocs that were added in the platform after the last api call false will return the iocs that were added in the system in the last 24 hours all boolean required true will return all the iocs irrespective of whether it has been linked to the client false will return only those iocs that have been linked to the client output parameter type description status code number http status code of the response reason string response reason phrase observables object output field observables indicators object output field indicators indicators array output field indicators exploittargets object output field exploittargets incidents object unique identifier coursesofaction object output field coursesofaction campaigns object output field campaigns threatactors object output field threatactors reports object output field reports relatedpackages object output field relatedpackages id string unique identifier idref object unique identifier timestamp string output field timestamp version string output field version stixheader object output field stixheader title object output field title packageintents array output field packageintents descriptions array output field descriptions value string value for the parameter id object unique identifier ordinality object output field ordinality structuringformat object output field structuringformat shortdescriptions array output field shortdescriptions example \[ { "status code" 200, "response headers" { "date" "mon, 30 oct 2023 17 08 47 gmt", "content type" "application/json", "transfer encoding" "chunked", "connection" "keep alive", "vary" "origin, access control request method, access control request headers, origin, a ", "content encoding" "gzip", "expires" "0", "cache control" "no cache, no store, max age=0, must revalidate", "x xss protection" "1; mode=block, 1; mode=block", "pragma" "no cache", "x content type options" "nosniff, nosniff", "strict transport security" "max age=31536000 ; includesubdomains, max age=63072000; includesubdomains; prelo ", "x frame options" "deny, deny", "permissions policy" "camera=(), fullscreen=(self), geolocation=(), gyroscope=(), magnetometer=(), mic ", "content security policy" "default src 'self'; frame src 'self' data ; script src 'self' 'unsafe inline' 'u " }, "reason" "ok", "json body" { "observables" null, "indicators" {}, "exploittargets" null, "incidents" null, "coursesofaction" null, "campaigns" null, "threatactors" null, "reports" null, "relatedpackages" null, "id" "{https //www cyfirma com/}package 2f4c1007 1825 4776 b1f8 53405aefef70", "idref" null, "timestamp" "2023 10 30t17 08 47 745+00 00", "version" "1 2", "stixheader" {}, "ttps" null } } ] response headers header description example cache control directives for caching mechanisms no cache, no store, max age=0, must revalidate cf cache status http response header cf cache status dynamic cf ray http response header cf ray 81e54323fddf9a90 nag connection http response header connection keep alive content encoding http response header content encoding gzip content security policy http response header content security policy default src 'self'; frame src 'self' data ; script src 'self' 'unsafe inline' 'unsafe eval' https //storage googleapis com https //storage googleapis com https //d3js org https //d3js org https //cdn ckeditor com https //cdn ckeditor com https //www amcharts com https //www amcharts com https //cdn amcharts com https //cdn amcharts com https //d3js org/d3 v4 min js https //d3js org/d3 v4 min js ; style src 'self' 'unsafe inline'; style src elem 'self' 'unsafe inline' https //fonts googleapis com https //fonts googleapis com https //www amcharts com https //www amcharts com https //d3js org https //d3js org https //cdn ckeditor com https //cdn ckeditor com ; img src 'self' data ; font src 'self' data content type the media type of the resource application/json date the date and time at which the message was originated mon, 30 oct 2023 17 08 47 gmt expires the date/time after which the response is considered stale 0 permissions policy http response header permissions policy camera=(), fullscreen=(self), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), midi=(), payment=(), sync xhr=(), accelerometer=(self), ambient light sensor=(self), autoplay=(self), battery=(self), camera=(self), cross origin isolated=(self), display capture=(self), document domain=(self), encrypted media=(self), execution while not rendered=(self), execution while out of viewport=(self), fullscreen=(self), geolocation=(self), gyroscope=(self), keyboard map=(self), magnetometer=(self), microphone=(self), midi=(self), navigation override=(self), payment=(self), picture in picture=(self), publickey credentials get=(self), screen wake lock=(self), sync xhr=(self), usb=(self), web share=(self), xr spatial tracking=(self) pragma http response header pragma no cache referrer policy http response header referrer policy strict origin when cross origin server information about the software used by the origin server cloudflare strict transport security http response header strict transport security max age=31536000 ; includesubdomains, max age=63072000; includesubdomains; preload transfer encoding http response header transfer encoding chunked vary http response header vary origin, access control request method, access control request headers, origin, access control request method, access control request headers x content type options http response header x content type options nosniff, nosniff x frame options http response header x frame options deny, deny x xss protection http response header x xss protection 1; mode=block, 1; mode=block