Cyfirma

cyfirma is a cybersecurity platform that provides threat intelligence to help organizations anticipate and mitigate cyber risks cyfirma is a leading cyber threat intelligence platform that provides proactive insights into potential threats the cyfirma connector for swimlane turbine enables users to access indicators of compromise (iocs) in stix 1 1 json format, allowing for seamless integration into security workflows by leveraging this connector, swimlane turbine users can automate the retrieval of critical threat intelligence, enhancing their ability to respond to emerging threats swiftly and effectively this integration empowers security teams to maintain a proactive security posture by accessing timely and relevant threat data directly within their automation playbooks prerequisites before you can use the cyfirma connector for turbine, you'll need access to the cyfirma api this requires the following an api key authentication using the following parameters url the endpoint url for accessing cyfirma's api services key your unique api key for authenticating requests to cyfirma cyfirma is an external threat landscape management platform company offering predictive threat visibility and intelligence capabilities this connector provides the following capabilities get ioc asset setup the cyfirma asset requires an url and an api key to interact with the api additional documentation cyfirma connector documentation https //docs swimlane com/connectors/cyfirmacyfirma api documentation https //api cyfirma com/ configurations api key authentication authenticates using an api key configuration parameters parameter description type required url a url to the target host string required key key string required verify ssl verify ssl certificate boolean optional http proxy a proxy to route requests through string optional actions get ioc provides indicators of compromise (iocs) in stix 1 1 json format from cyfirma, requiring parameters such as delta and all endpoint url /core/api ua/threatioc/stix json method get input argument name type required description parameters delta boolean required true will return only the iocs that were added in the platform after the last api call false will return the iocs that were added in the system in the last 24 hours parameters all boolean required true will return all the iocs irrespective of whether it has been linked to the client false will return only those iocs that have been linked to the client input example {"parameters" {"delta"\ true,"all"\ false}} output parameter type description status code number http status code of the response reason string response reason phrase observables object output field observables indicators object output field indicators indicators indicators array output field indicators indicators exploittargets object output field exploittargets incidents object unique identifier coursesofaction object output field coursesofaction campaigns object output field campaigns threatactors object output field threatactors reports object output field reports relatedpackages object output field relatedpackages id string unique identifier idref object unique identifier timestamp string output field timestamp version string output field version stixheader object output field stixheader stixheader title object output field stixheader title stixheader packageintents array output field stixheader packageintents stixheader descriptions array output field stixheader descriptions stixheader descriptions value string value for the parameter stixheader descriptions id object unique identifier stixheader descriptions ordinality object output field stixheader descriptions ordinality stixheader descriptions structuringformat object output field stixheader descriptions structuringformat stixheader shortdescriptions array output field stixheader shortdescriptions output example {"status code" 200,"response headers" {"date" "mon, 30 oct 2023 17 08 47 gmt","content type" "application/json","transfer encoding" "chunked","connection" "keep alive","vary" "origin, access control request method, access control request headers, origin, a ","content encoding" "gzip","expires" "0","cache control" "no cache, no store, max age=0, must revalidate","x xss protection" "1; mode=block, 1; mode=block","pragma" "no cache","x content type options" "nosniff, nosniff","strict transport se response headers header description example cache control directives for caching mechanisms no cache, no store, max age=0, must revalidate cf cache status http response header cf cache status dynamic cf ray http response header cf ray 81e54323fddf9a90 nag connection http response header connection keep alive content encoding http response header content encoding gzip content security policy http response header content security policy default src 'self'; frame src 'self' data ; script src 'self' 'unsafe inline' 'unsafe eval' https //storage googleapis com https //storage googleapis com https //d3js org https //d3js org https //cdn ckeditor com https //cdn ckeditor com https //www amcharts com https //www amcharts com https //cdn amcharts com https //cdn amcharts com https //d3js org/d3 v4 min js https //d3js org/d3 v4 min js ; style src 'self' 'unsafe inline'; style src elem 'self' 'unsafe inline' https //fonts googleapis com https //fonts googleapis com https //www amcharts com https //www amcharts com https //d3js org https //d3js org https //cdn ckeditor com https //cdn ckeditor com ; img src 'self' data ; font src 'self' data content type the media type of the resource application/json date the date and time at which the message was originated mon, 30 oct 2023 17 08 47 gmt expires the date/time after which the response is considered stale 0 permissions policy http response header permissions policy camera=(), fullscreen=(self), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), midi=(), payment=(), sync xhr=(), accelerometer=(self), ambient light sensor=(self), autoplay=(self), battery=(self), camera=(self), cross origin isolated=(self), display capture=(self), document domain=(self), encrypted media=(self), execution while not rendered=(self), execution while out of viewport=(self), fullscreen=(self), geolocation=(self), gyroscope=(self), keyboard map=(self), magnetometer=(self), microphone=(self), midi=(self), navigation override=(self), payment=(self), picture in picture=(self), publickey credentials get=(self), screen wake lock=(self), sync xhr=(self), usb=(self), web share=(self), xr spatial tracking=(self) pragma http response header pragma no cache referrer policy http response header referrer policy strict origin when cross origin server information about the software used by the origin server cloudflare strict transport security http response header strict transport security max age=31536000 ; includesubdomains, max age=63072000; includesubdomains; preload transfer encoding http response header transfer encoding chunked vary http response header vary origin, access control request method, access control request headers, origin, access control request method, access control request headers x content type options http response header x content type options nosniff, nosniff x frame options http response header x frame options deny, deny x xss protection http response header x xss protection 1; mode=block, 1; mode=block