Cynerio

the cynerio connector facilitates seamless integration with cynerio's healthcare cybersecurity platform, enabling automated threat detection and response for medical devices and iomt cynerio is a leading healthcare iot security platform, providing real time visibility and risk management for connected medical devices the cynerio connector for swimlane turbine enables users to automate incident response and risk management workflows, leveraging cynerio's detailed telemetry and risk analysis by integrating with cynerio, swimlane turbine users can streamline security processes, enhance incident handling, and enforce compliance with healthcare security standards, directly within their security automation playbooks limitations none to the date supported version it supports the latest version of cynerio additional docs https //us app cynerio com/outbound integrations/docs#/ configuration prerequisites to effectively utilize the cynerio connector for swimlane turbine, ensure you have the following prerequisites custom authentication with the following parameter url endpoint for the cynerio api services authentication methods custom authentication setup instructions download the cynerio token generator folder in your system run the get cynerio token py file and follow the instructions capabilities change incident instances change risk status get appliances get connection filter by incident id get customer events by incident id get customer assets get customer events get incident instances get risk instances set risk response change incident instances update the status of an incident instance https //us app cynerio com/outbound integrations/docs#/incidents/change incident status outbound integrations integration v1 incidents change status post change risk status update the status of a specific risk https //us app cynerio com/outbound integrations/docs#/risks/change risk status outbound integrations integration v1 risks change status post get appliances retrieve all appliances associated with the customer https //us app cynerio com/outbound integrations/docs#/appliances/get collectors outbound integrations integration v1 appliances post get connection filter by incident id retrieve connection filter for a specific incident https //us app cynerio com/outbound integrations/docs#/incidents/get incident connection outbound integrations integration v1 incidents incident id connections post get customer asset retrieve customer assets using various filters https //us app cynerio com/outbound integrations/docs#/assets/get assets data outbound integrations integration v1 assets post get customer events retrieve customer events filtered by specified criteria https //us app cynerio com/outbound integrations/docs#/events/get events data outbound integrations integration v2 events post get customer events by incident id retrieve customer events filtered by incident id https //us app cynerio com/outbound integrations/docs#/events/get events data outbound integrations integration v1 events incident id post get incident instances retrieve all incident instances associated with the customer https //us app cynerio com/outbound integrations/docs#/incidents/get incidents outbound integrations integration v1 incidents post get risk instances retrieve all risk instances associated with the customer https //us app cynerio com/outbound integrations/docs#/risks/get risks outbound integrations integration v1 risks post set risk response short description of the action to set risk response https //us app cynerio com/outbound integrations/docs#/risks/set risk response outbound integrations integration v1 risks set risk response post configurations cynerio authentication authenticates using a pair of client id and authentication secret or refresh token configuration parameters parameter description type required url a url to the target host string required clientid client id this field is public and is used to identify you string optional secret clinet authentication password cynerio doesn't have access to it and it is private to you string optional refreshtoken the refresh token for the target host string optional verify ssl verify ssl certificate boolean optional http proxy a proxy to route requests through string optional actions change incident instances updates the status of an incident instance in cynerio, requiring a json body input with relevant details endpoint url /outbound integrations/integration/v1/incidents/change status method post input argument name type required description status string optional current status of the incident id string optional unique identifier for the incident comment string optional comment regarding the status change updated by string optional user who updated the incident metadata object optional additional metadata for the incident input example {"status" "active","id" "12345678 1234 1234 1234 123456789abc","comment" "string","updated by" "string","metadata" {}} output parameter type description status code number http status code of the response reason string response reason phrase output example {"status code" 200,"response headers" {"content length" "140","content type" "application/json","date" "thu, 16 jan 2025 20 37 23 gmt"},"reason" "ok","json body" {}} change risk status updates the status of a specific risk in cynerio, requiring details to be provided in the json body endpoint url /outbound integrations/integration/v1/risks/change status method post input argument name type required description status string optional the new status of the risk id string optional unique identifier of the risk comment string optional comment regarding the status change updated by string optional user who updated the risk status metadata object optional additional metadata for the request input example {"status" "active","id" "12345678 1234 1234 1234 123456789abc","comment" "string","updated by" "string","metadata" {}} output parameter type description status code number http status code of the response reason string response reason phrase output example {"status code" 200,"response headers" {"content length" "140","content type" "application/json","date" "thu, 16 jan 2025 20 37 23 gmt"},"reason" "ok","json body" {}} get appliances retrieves all appliances associated with the customer from cynerio, requiring a json body input endpoint url /outbound integrations/integration/v1/appliances method post input argument name type required description page number optional page number for pagination per page number optional number of items per page input example {"page" 1,"per page" 100} output parameter type description status code number http status code of the response reason string response reason phrase items array output field items items id number unique identifier items appliance name string name of the resource items cloud connectivity number output field items cloud connectivity items id string unique identifier items last seen string output field items last seen items location string output field items location items mgmt ip string output field items mgmt ip items ntp servers object output field items ntp servers items ntp servers data array response data items ntp servers status number status value items port string output field items port items serial string output field items serial items site name string name of the resource items span 1 object output field items span 1 items span 1 data string response data items span 1 status number status value items span 2 string output field items span 2 items span 3 string output field items span 3 items status number status value page number output field page pages number output field pages per page number output field per page output example {"status code" 200,"response headers" {"content length" "140","content type" "application/json","date" "thu, 16 jan 2025 20 37 23 gmt"},"reason" "ok","json body" {"items" \[{},{}],"page" 1,"pages" 1,"per page" 10,"total" 2}} get connection filter by incident id retrieve connection filter details associated with a specific incident id in cynerio endpoint url /outbound integrations/integration/v1/incidents/{{incident id}}/connections method post input argument name type required description path parameters incident id string required unique identifier for the incident per page number optional number of items per page page number optional page number to retrieve filters object optional the connection by incident filtration query filters updated to string optional fetch incidents updated up to this time filters updated from string optional fetch incidents updated from this time filters created from string optional fetch incidents beginning at this time filters created to string optional fetch incidents up to this time filters status string optional incident status filter filters incident type string optional filter by specific incident type filters incident id string optional get only the incident by id input example {"path parameters" {"incident id" "string"},"per page" 100,"page" 1,"filters" {"updated to" "string","updated from" "string","created from" "string","created to" "string","status" "active","incident type" "string","incident id" "string"}} output parameter type description status code number http status code of the response reason string response reason phrase items array output field items items dst asset id string unique identifier items dst ip string output field items dst ip items dst model string output field items dst model items dst name string name of the resource items dst type string type of the resource items dst type name string name of the resource items dst vendor string output field items dst vendor items id string unique identifier items port string output field items port items protocol string output field items protocol items src asset id string unique identifier items src ip string output field items src ip items src model string output field items src model items src name string name of the resource items src type string type of the resource items src type name string name of the resource items src vendor string output field items src vendor items transport string output field items transport items type string type of the resource items user agent string output field items user agent page number output field page pages number output field pages output example {"status code" 200,"response headers" {"content length" "140","content type" "application/json","date" "thu, 16 jan 2025 20 37 23 gmt"},"reason" "ok","json body" {"items" \[{}],"page" 1,"pages" 1,"per page" 10,"total" 1}} get customer assets retrieve customer assets from cynerio using specified filters to streamline asset management and security processes endpoint url /outbound integrations/integration/v1/assets method post input argument name type required description per page number optional number of assets per page page number optional page number for pagination fields array optional asset fields to be returned sort string optional sorting order of the assets filters object optional the assets filtration query filters ir classification code array optional list of ir code or codes as strings \['1'] filters vertical display name array optional list of class type or types iot, iomt, it filters type display name array optional list of asset type or types filters id array optional list of single or multiple asset ids input example {"per page" 100,"page" 1,"fields" \["string"],"sort" "string","filters" {"ir classification code" \["string"],"vertical display name" \["string"],"type display name" \["string"],"id" \["string"]}} output parameter type description status code number http status code of the response reason string response reason phrase items array output field items items category string output field items category items department string output field items department items display name string name of the resource items first seen string output field items first seen items id string unique identifier items ip string output field items ip items ir classification code number output field items ir classification code items last seen string output field items last seen items mac string output field items mac items model string output field items model items network ip allocation string output field items network ip allocation items network vlan string output field items network vlan items os string output field items os items phi boolean output field items phi items severity number output field items severity items status string status value items type display name string name of the resource items vendor string output field items vendor items vertical display name string name of the resource page number output field page pages number output field pages per page number output field per page output example {"status code" 200,"response headers" {"content length" "140","content type" "application/json","date" "thu, 16 jan 2025 20 37 23 gmt"},"reason" "ok","json body" {"items" \[{}],"page" 1,"pages" 52,"per page" 100,"total" 5175}} get customer events retrieve customer events from cynerio filtered by specified criteria, requiring a json body input endpoint url /outbound integrations/integration/v2/events method post input argument name type required description filters object optional the event filtration query filters event id string optional unique cynerio identifier of the event filters date from string optional fetch events beginning at this timestamp inclusive filters date to string optional fetch events up to this time exclusive filters title array optional filter by event name or list of names filters module array optional filter by module or list of modules filters severity array optional filter by severity level or list of levels filters device class string optional filter device by class iot or iomt page number optional the page to return for the given page size per page number optional how many results to return in every page input example {"filters" {"event id" "string","date from" "string","date to" "string","title" \["string"],"module" \["string"],"severity" \["string"],"device class" "string"},"page" 1,"per page" 100} output parameter type description status code number http status code of the response reason string response reason phrase items array output field items items asset id string unique identifier items asset type string type of the resource items details string output field items details items event id string unique identifier items ip string output field items ip items model string output field items model items module string output field items module items severity string output field items severity items timestamp string output field items timestamp items title string output field items title page number output field page pages number output field pages per page number output field per page total number output field total output example {"status code" 200,"response headers" {"content length" "140","content type" "application/json","date" "thu, 16 jan 2025 20 37 23 gmt"},"reason" "ok","json body" {"items" \[{},{}],"page" 1,"pages" 500,"per page" 2,"total" 1000}} get customer events by incident id retrieve customer events associated with a specific incident id in cynerio endpoint url /outbound integrations/integration/v1/events/{{incident id}} method post input argument name type required description path parameters incident id string required unique identifier for the incident filters object optional the event filtration query filters event id string optional unique cynerio identifier of the event filters date from string optional fetch events beginning at this timestamp filters date to string optional fetch events up to this time filters title array optional filter by event name or list of names filters module array optional filter by module or list of modules filters severity array optional filter by severity level or list filters device class string optional filter device by class iot or iomt page number optional the page to return for the given size per page number optional number of results per page input example {"path parameters" {"incident id" "string"},"filters" {"event id" "string","date from" "string","date to" "string","title" \["string"],"module" \["string"],"severity" \["string"],"device class" "string"},"page" 1,"per page" 100} output parameter type description status code number http status code of the response reason string response reason phrase items array output field items items asset id string unique identifier items asset type string type of the resource items details string output field items details items event id string unique identifier items ip string output field items ip items model string output field items model items module string output field items module items severity string output field items severity items timestamp string output field items timestamp items title string output field items title page number output field page pages number output field pages per page number output field per page total number output field total output example {"status code" 200,"response headers" {"content length" "140","content type" "application/json","date" "thu, 16 jan 2025 20 37 23 gmt"},"reason" "ok","json body" {"items" \[{},{}],"page" 1,"pages" 500,"per page" 2,"total" 1000}} get incident instances retrieve all incident instances associated with the customer from cynerio, requiring a json body input endpoint url /outbound integrations/integration/v1/incidents method post input argument name type required description per page number optional number of incidents per page page number optional page number for pagination filters object optional the incidents filtration query filters updated to string optional fetch incidents updated up to this time filters updated from string optional fetch incidents updated from this time filters created from string optional fetch incidents beginning at this time filters created to string optional fetch incidents up to this time filters status string optional incident status filter filters incident type string optional filter by specific incident type filters incident id string optional get only the incident by id input example {"per page" 100,"page" 1,"filters" {"updated to" "string","updated from" "string","created from" "string","created to" "string","status" "active","incident type" "string","incident id" "string"}} output parameter type description status code number http status code of the response reason string response reason phrase items array output field items items bad actor asset string output field items bad actor asset items bad actor external ip string output field items bad actor external ip items bad actor internal ip array output field items bad actor internal ip items bad actor proxy asset string output field items bad actor proxy asset items bad actor proxy ip internal string output field items bad actor proxy ip internal items benign string output field items benign items child incident ids array unique identifier items created on string output field items created on items cynerio live notes string output field items cynerio live notes items description string output field items description items incident id string unique identifier items incident type string unique identifier items sos actions string output field items sos actions items status string status value items target assets array output field items target assets items target ips array output field items target ips page number output field page pages number output field pages per page number output field per page total number output field total output example {"status code" 200,"response headers" {"content length" "140","content type" "application/json","date" "thu, 16 jan 2025 20 37 23 gmt"},"reason" "ok","json body" {"items" \[{}],"page" 1,"pages" 1,"per page" 10,"total" 1}} get risk instances retrieve all risk instances associated with the customer from cynerio, requiring a json body input endpoint url /outbound integrations/integration/v1/risks method post input argument name type required description per page number optional number of results per page page number optional page number for pagination filters object optional the risks asset filtration query filters id string optional unique cynerio identifier of the risk filters asset id string optional unique cynerio identifier of the asset filters event id string optional unique cynerio identifier of the event filters risk score level \['string', 'array'] optional identifier of risk score level filters risk score number optional minimum value of risk score filters device class string optional filter device by class iot or iomt filters site string optional filter by site name or list filters detected on start string optional filter by creation date after provided date filters detected on end string optional filter by creation date until provided date filters vlan string optional filter by vlan filters status string optional filter by risk status filters latest status update string optional show risks updated after provided date input example {"per page" 100,"page" 1,"filters" {"id" "12345678 1234 1234 1234 123456789abc","asset id" "string","event id" "string","risk score" 123,"device class" "string","site" "string","detected on start" "string","detected on end" "string","vlan" "string","status" "active","latest status update" "active"}} output parameter type description status code number http status code of the response reason string response reason phrase items array output field items items asset id string unique identifier items availability score string score value items category string output field items category items confidentiality score string unique identifier items cvss string output field items cvss items description string output field items description items device class string output field items device class items display name string name of the resource items epss string output field items epss items has malware string output field items has malware items id string unique identifier items impact confidentiality string unique identifier items impact patient safety string output field items impact patient safety items impact service disruption string output field items impact service disruption items integrity score string score value items link array output field items link items link 0 string output field items link 0 items link 1 string output field items link 1 items name string name of the resource items nhs published date string date value items nhs severity string output field items nhs severity items nhs threat id string unique identifier output example {"status code" 200,"response headers" {"content length" "140","content type" "application/json","date" "thu, 16 jan 2025 20 37 23 gmt"},"reason" "ok","json body" {"items" \[{}],"page" 1,"pages" 1,"per page" 100,"total" 1}} set risk response updates the risk response status for a specified entity in cynerio by providing its id and the new status endpoint url /outbound integrations/integration/v1/risks/set risk response method post input argument name type required description status string optional the status of the risk response id array optional list of risk ids comment string optional comment regarding the risk response updated by string optional user who updated the risk response due date string optional due date for the risk response metadata object optional additional metadata for the risk response input example {"status" "active","id" \["string"],"comment" "string","updated by" "string","due date" "2024 01 15","metadata" {}} output parameter type description status code number http status code of the response reason string response reason phrase output example {"status code" 200,"response headers" {"content length" "140","content type" "application/json","date" "thu, 16 jan 2025 20 37 23 gmt"},"reason" "ok","json body" {}} response headers header description example content length the length of the response body in bytes 140 content type the media type of the resource application/json date the date and time at which the message was originated thu, 16 jan 2025 20 37 23 gmt