Cynerio

the cynerio connector facilitates seamless integration with cynerio's healthcare cybersecurity platform, enabling automated threat detection and response for medical devices and iomt cynerio is a leading healthcare iot security platform, providing real time visibility and risk management for connected medical devices the cynerio connector for swimlane turbine enables users to automate incident response and risk management workflows, leveraging cynerio's detailed telemetry and risk analysis by integrating with cynerio, swimlane turbine users can streamline security processes, enhance incident handling, and enforce compliance with healthcare security standards, directly within their security automation playbooks limitations none to the date supported version it supports the latest version of cynerio additional docs api documentation https //us app cynerio com/outbound integrations/docs#/ configuration prerequisites to effectively utilize the cynerio connector for swimlane turbine, ensure you have the following prerequisites custom authentication with the following parameter url endpoint for the cynerio api services authentication methods custom authentication setup instructions download the cynerio token generator folder in your system run the get cynerio token py file and follow the instructions capabilities change incident instances change risk status get appliances get connection filter by incident id get customer events by incident id get customer assets get customer events get incident instances get risk instances set risk response change incident instances update the status of an incident instance click here https //us app cynerio com/outbound integrations/docs#/incidents/change incident status outbound integrations integration v1 incidents change status post change risk status update the status of a specific risk click here https //us app cynerio com/outbound integrations/docs#/risks/change risk status outbound integrations integration v1 risks change status post get appliances retrieve all appliances associated with the customer click here https //us app cynerio com/outbound integrations/docs#/appliances/get collectors outbound integrations integration v1 appliances post get connection filter by incident id retrieve connection filter for a specific incident click here https //us app cynerio com/outbound integrations/docs#/incidents/get incident connection outbound integrations integration v1 incidents incident id connections post get customer asset retrieve customer assets using various filters click here https //us app cynerio com/outbound integrations/docs#/assets/get assets data outbound integrations integration v1 assets post get customer events retrieve customer events filtered by specified criteria click here https //us app cynerio com/outbound integrations/docs#/events/get events data outbound integrations integration v2 events post get customer events by incident id retrieve customer events filtered by incident id click here https //us app cynerio com/outbound integrations/docs#/events/get events data outbound integrations integration v1 events incident id post get incident instances retrieve all incident instances associated with the customer click here https //us app cynerio com/outbound integrations/docs#/incidents/get incidents outbound integrations integration v1 incidents post get risk instances retrieve all risk instances associated with the customer click here https //us app cynerio com/outbound integrations/docs#/risks/get risks outbound integrations integration v1 risks post set risk response short description of the action to set risk response click here https //us app cynerio com/outbound integrations/docs#/risks/set risk response outbound integrations integration v1 risks set risk response post configurations cynerio authentication authenticates using a pair of client id and authentication secret or refresh token configuration parameters parameter description type required url a url to the target host string required clientid client id this field is public and is used to identify you string optional secret clinet authentication password cynerio doesn't have access to it and it is private to you string optional refreshtoken the refresh token for the target host string optional verify ssl verify ssl certificate boolean optional http proxy a proxy to route requests through string optional actions change incident instances updates the status of an incident instance in cynerio, requiring a json body input with relevant details endpoint url /outbound integrations/integration/v1/incidents/change status method post input argument name type required description status string optional current status of the incident id string optional unique identifier for the incident comment string optional comment regarding the status change updated by string optional user who updated the incident metadata object optional additional metadata for the incident output parameter type description status code number http status code of the response reason string response reason phrase example \[ { "status code" 200, "response headers" { "content length" "140", "content type" "application/json", "date" "thu, 16 jan 2025 20 37 23 gmt" }, "reason" "ok", "json body" {} } ] change risk status updates the status of a specific risk in cynerio, requiring details to be provided in the json body endpoint url /outbound integrations/integration/v1/risks/change status method post input argument name type required description status string optional the new status of the risk id string optional unique identifier of the risk comment string optional comment regarding the status change updated by string optional user who updated the risk status metadata object optional additional metadata for the request output parameter type description status code number http status code of the response reason string response reason phrase example \[ { "status code" 200, "response headers" { "content length" "140", "content type" "application/json", "date" "thu, 16 jan 2025 20 37 23 gmt" }, "reason" "ok", "json body" {} } ] get appliances retrieves all appliances associated with the customer from cynerio, requiring a json body input endpoint url /outbound integrations/integration/v1/appliances method post input argument name type required description page number optional page number for pagination per page number optional number of items per page output parameter type description status code number http status code of the response reason string response reason phrase items array output field items id number unique identifier appliance name string name of the resource cloud connectivity number output field cloud connectivity id string unique identifier last seen string output field last seen location string output field location mgmt ip string output field mgmt ip ntp servers object output field ntp servers data array response data status number status value port string output field port serial string output field serial site name string name of the resource span 1 object output field span 1 data string response data status number status value span 2 string output field span 2 span 3 string output field span 3 status number status value page number output field page pages number output field pages per page number output field per page example \[ { "status code" 200, "response headers" { "content length" "140", "content type" "application/json", "date" "thu, 16 jan 2025 20 37 23 gmt" }, "reason" "ok", "json body" { "items" \[], "page" 1, "pages" 1, "per page" 10, "total" 2 } } ] get connection filter by incident id retrieve connection filter details associated with a specific incident id in cynerio endpoint url /outbound integrations/integration/v1/incidents/{{incident id}}/connections method post input argument name type required description incident id string required unique identifier for the incident per page number optional number of items per page page number optional page number to retrieve filters object optional the connection by incident filtration query updated to string optional fetch incidents updated up to this time updated from string optional fetch incidents updated from this time created from string optional fetch incidents beginning at this time created to string optional fetch incidents up to this time status string optional incident status filter incident type string optional filter by specific incident type incident id string optional get only the incident by id output parameter type description status code number http status code of the response reason string response reason phrase items array output field items dst asset id string unique identifier dst ip string output field dst ip dst model string output field dst model dst name string name of the resource dst type string type of the resource dst type name string name of the resource dst vendor string output field dst vendor id string unique identifier port string output field port protocol string output field protocol src asset id string unique identifier src ip string output field src ip src model string output field src model src name string name of the resource src type string type of the resource src type name string name of the resource src vendor string output field src vendor transport string output field transport type string type of the resource user agent string output field user agent page number output field page pages number output field pages example \[ { "status code" 200, "response headers" { "content length" "140", "content type" "application/json", "date" "thu, 16 jan 2025 20 37 23 gmt" }, "reason" "ok", "json body" { "items" \[], "page" 1, "pages" 1, "per page" 10, "total" 1 } } ] get customer assets retrieve customer assets from cynerio using specified filters to streamline asset management and security processes endpoint url /outbound integrations/integration/v1/assets method post input argument name type required description per page number optional number of assets per page page number optional page number for pagination fields array optional asset fields to be returned sort string optional sorting order of the assets filters object optional the assets filtration query ir classification code array optional list of ir code or codes as strings \['1'] vertical display name array optional list of class type or types iot, iomt, it type display name array optional list of asset type or types id array optional list of single or multiple asset ids output parameter type description status code number http status code of the response reason string response reason phrase items array output field items category string output field category department string output field department display name string name of the resource first seen string output field first seen id string unique identifier ip string output field ip ir classification code number output field ir classification code last seen string output field last seen mac string output field mac model string output field model network ip allocation string output field network ip allocation network vlan string output field network vlan os string output field os phi boolean output field phi severity number output field severity status string status value type display name string name of the resource vendor string output field vendor vertical display name string name of the resource page number output field page pages number output field pages per page number output field per page example \[ { "status code" 200, "response headers" { "content length" "140", "content type" "application/json", "date" "thu, 16 jan 2025 20 37 23 gmt" }, "reason" "ok", "json body" { "items" \[], "page" 1, "pages" 52, "per page" 100, "total" 5175 } } ] get customer events retrieve customer events from cynerio filtered by specified criteria, requiring a json body input endpoint url /outbound integrations/integration/v2/events method post input argument name type required description filters object optional the event filtration query event id string optional unique cynerio identifier of the event date from string optional fetch events beginning at this timestamp inclusive date to string optional fetch events up to this time exclusive title array optional filter by event name or list of names module array optional filter by module or list of modules severity array optional filter by severity level or list of levels device class string optional filter device by class iot or iomt page number optional the page to return for the given page size per page number optional how many results to return in every page output parameter type description status code number http status code of the response reason string response reason phrase items array output field items asset id string unique identifier asset type string type of the resource details string output field details event id string unique identifier ip string output field ip model string output field model module string output field module severity string output field severity timestamp string output field timestamp title string output field title page number output field page pages number output field pages per page number output field per page total number output field total example \[ { "status code" 200, "response headers" { "content length" "140", "content type" "application/json", "date" "thu, 16 jan 2025 20 37 23 gmt" }, "reason" "ok", "json body" { "items" \[], "page" 1, "pages" 500, "per page" 2, "total" 1000 } } ] get customer events by incident id retrieve customer events associated with a specific incident id in cynerio endpoint url /outbound integrations/integration/v1/events/{{incident id}} method post input argument name type required description incident id string required unique identifier for the incident filters object optional the event filtration query event id string optional unique cynerio identifier of the event date from string optional fetch events beginning at this timestamp date to string optional fetch events up to this time title array optional filter by event name or list of names module array optional filter by module or list of modules severity array optional filter by severity level or list device class string optional filter device by class iot or iomt page number optional the page to return for the given size per page number optional number of results per page output parameter type description status code number http status code of the response reason string response reason phrase items array output field items asset id string unique identifier asset type string type of the resource details string output field details event id string unique identifier ip string output field ip model string output field model module string output field module severity string output field severity timestamp string output field timestamp title string output field title page number output field page pages number output field pages per page number output field per page total number output field total example \[ { "status code" 200, "response headers" { "content length" "140", "content type" "application/json", "date" "thu, 16 jan 2025 20 37 23 gmt" }, "reason" "ok", "json body" { "items" \[], "page" 1, "pages" 500, "per page" 2, "total" 1000 } } ] get incident instances retrieve all incident instances associated with the customer from cynerio, requiring a json body input endpoint url /outbound integrations/integration/v1/incidents method post input argument name type required description per page number optional number of incidents per page page number optional page number for pagination filters object optional the incidents filtration query updated to string optional fetch incidents updated up to this time updated from string optional fetch incidents updated from this time created from string optional fetch incidents beginning at this time created to string optional fetch incidents up to this time status string optional incident status filter incident type string optional filter by specific incident type incident id string optional get only the incident by id output parameter type description status code number http status code of the response reason string response reason phrase items array output field items bad actor asset string output field bad actor asset bad actor external ip string output field bad actor external ip bad actor internal ip array output field bad actor internal ip bad actor proxy asset string output field bad actor proxy asset bad actor proxy ip internal string output field bad actor proxy ip internal benign string output field benign child incident ids array unique identifier created on string output field created on cynerio live notes string output field cynerio live notes description string output field description incident id string unique identifier incident type string unique identifier sos actions string output field sos actions status string status value target assets array output field target assets target ips array output field target ips page number output field page pages number output field pages per page number output field per page total number output field total example \[ { "status code" 200, "response headers" { "content length" "140", "content type" "application/json", "date" "thu, 16 jan 2025 20 37 23 gmt" }, "reason" "ok", "json body" { "items" \[], "page" 1, "pages" 1, "per page" 10, "total" 1 } } ] get risk instances retrieve all risk instances associated with the customer from cynerio, requiring a json body input endpoint url /outbound integrations/integration/v1/risks method post input argument name type required description per page number optional number of results per page page number optional page number for pagination filters object optional the risks asset filtration query id string optional unique cynerio identifier of the risk asset id string optional unique cynerio identifier of the asset event id string optional unique cynerio identifier of the event risk score level \['string', 'array'] optional identifier of risk score level risk score number optional minimum value of risk score device class string optional filter device by class iot or iomt site string optional filter by site name or list detected on start string optional filter by creation date after provided date detected on end string optional filter by creation date until provided date vlan string optional filter by vlan status string optional filter by risk status latest status update string optional show risks updated after provided date output parameter type description status code number http status code of the response reason string response reason phrase items array output field items asset id string unique identifier availability score string score value category string output field category confidentiality score string unique identifier cvss string output field cvss description string output field description device class string output field device class display name string name of the resource epss string output field epss has malware string output field has malware id string unique identifier impact confidentiality string unique identifier impact patient safety string output field impact patient safety impact service disruption string output field impact service disruption integrity score string score value link array output field link 0 string output field 0 1 string output field 1 name string name of the resource nhs published date string date value nhs severity string output field nhs severity nhs threat id string unique identifier example \[ { "status code" 200, "response headers" { "content length" "140", "content type" "application/json", "date" "thu, 16 jan 2025 20 37 23 gmt" }, "reason" "ok", "json body" { "items" \[], "page" 1, "pages" 1, "per page" 100, "total" 1 } } ] set risk response updates the risk response status for a specified entity in cynerio by providing its id and the new status endpoint url /outbound integrations/integration/v1/risks/set risk response method post input argument name type required description status string required the status of the risk response id array required list of risk ids comment string optional comment regarding the risk response updated by string optional user who updated the risk response due date string optional due date for the risk response metadata object optional additional metadata for the risk response output parameter type description status code number http status code of the response reason string response reason phrase example \[ { "status code" 200, "response headers" { "content length" "140", "content type" "application/json", "date" "thu, 16 jan 2025 20 37 23 gmt" }, "reason" "ok", "json body" {} } ] response headers header description example content length the length of the response body in bytes 140 content type the media type of the resource application/json date the date and time at which the message was originated thu, 16 jan 2025 20 37 23 gmt