Cynet

the cynet connector enables automated interaction with the cynet security platform, facilitating threat detection and response activities through swimlane turbine cynet is an advanced threat detection and response platform that provides real time cybersecurity protection the cynet turbine connector enables swimlane users to automate critical security tasks such as file and user management, host isolation, and alert status updates directly within the swimlane platform by integrating with cynet, swimlane turbine users can enhance their security posture with streamlined incident response, threat containment, and remediation capabilities, leveraging cynet's comprehensive telemetry and automated response actions prerequisites to effectively utilize the cynet connector with swimlane turbine, ensure you have the following prerequisites standard authentication credentials, which include url the base endpoint for the cynet api username your cynet account username password your cynet account password client id a unique identifier for your cynet api client enhanced authentication credentials, necessary for extended functionality url the base endpoint for the cynet api access key a key provided by cynet for api access secret key a secret associated with your access key for secure authentication client id a unique identifier for your cynet api client capabilities the cynet connector has the following capabilities delete file by sha256 get file properties get file remediation status get host remediation status get latest alerts get latest files isolate host kill process by file sha256 quarantine file by path unisolate host update alert status api documentation link https //help api cynet com/docs/cynet/i97ea0ntt0bvo hosts configurations cynet asset authenticates using username and password configuration parameters parameter description type required url a url to the target host string required username user email string required password password string required client id client id string required verify ssl verify ssl certificate boolean optional http proxy a proxy to route requests through string optional cynet access token authenticates a user and generates an access token configuration parameters parameter description type required url a url to the target host string required accesskey the access key generated for your api user in the cynet console string required secretkey the secret key generated for your api user in the cynet console string required client id client id string required verify ssl verify ssl certificate boolean optional http proxy a proxy to route requests through string optional actions delete file by sha256 removes a file from an endpoint in cynet using its sha256 hash and provides a remediation id for tracking endpoint url /api/file/remediation/delete method post input argument name type required description sha256 string optional gets or sets the sha256 host string optional gets or sets the host input example {"sha256" "string","host" "string"} output parameter type description status code number http status code of the response reason string response reason phrase remediation items array output field remediation items output example {"status code" 200,"response headers" {"content length" "140","content type" "application/json","date" "thu, 27 jun 2024 20 37 23 gmt"},"reason" "ok","json body" {"remediation items" \[ 9007199254740991]}} disable user disables a user in cynet endpoint url /api/users/remediation/disable method post input argument name type required description host or domain string optional the host or domain to disable username string optional the username to disable input example {"host or domain" "string","username" "example name"} output parameter type description status code number http status code of the response reason string response reason phrase remediation items array it s a list of remediation items output example {"remediation items" \[123]} enable user enables a user in cynet endpoint url /api/users/remediation/enable method post input argument name type required description host or domain string optional the host or domain to enable username string optional the username to enable input example {"host or domain" "string","username" "example name"} output parameter type description status code number http status code of the response reason string response reason phrase remediation items array it s a list of remediation items output example {"status code" 200,"response headers" {},"reason" "ok","json body" {"remediation items" \[ 9007199254740991]}} get file properties retrieves a file's properties using its sha256 hash, detailing its presence and related data on the endpoint endpoint url /api/file method get input argument name type required description parameters sha256 string optional file sha256 input example {"parameters" {"sha256" "string"}} output parameter type description status code number http status code of the response reason string response reason phrase sha256 string output field sha256 md5 string output field md5 sha1 string output field sha1 ssdeep string output field ssdeep common filename string name of the resource common path string output field common path is whitelisted boolean output field is whitelisted av detections number output field av detections risk level number output field risk level alert product name string name of the resource alert severity level string output field alert severity level imports ntdll boolean output field imports ntdll imports winsock boolean output field imports winsock imports wininet boolean output field imports wininet has sockets boolean output field has sockets has autorun occurances boolean output field has autorun occurances has hidden window occurrences boolean unique identifier has program files folder occurrences boolean output field has program files folder occurrences certificate name string name of the resource certificate root name string name of the resource certificate thumbprint string output field certificate thumbprint first seen string output field first seen last seen string output field last seen output example {"status code" 200,"response headers" {"content length" "140","content type" "application/json","date" "thu, 27 jun 2024 20 37 23 gmt"},"reason" "ok","json body" {"sha256" "string","md5" "string","sha1" "string","ssdeep" "string","common filename" "string","common path" "string","is whitelisted"\ true,"av detections" 2147483648,"risk level" 2147483648,"alert product name" "string","alert severity level" "string","imports ntdll"\ true,"imports winsock"\ true,"imports wininet"\ true,"has sockets"\ tr get file remediation status retrieve the current status of a file remediation action in cynet by using the unique 'id' parameter endpoint url /api/file/remediation/{{id}} method get input argument name type required description path parameters id number required remediation action id input example {"path parameters" {"id" 9007199254740991}} output parameter type description status code number http status code of the response reason string response reason phrase id number unique identifier status number status value statusinfo string status value output example {"status code" 200,"response headers" {"content length" "140","content type" "application/json","date" "thu, 27 jun 2024 20 37 23 gmt"},"reason" "ok","json body" {"id" 9007199254740991,"status" 0,"statusinfo" "string"}} get host details retrieves a host's details using its name endpoint url /api/full/host method get input argument name type required description parameters name string optional the name of the host to get properties for input example {"parameters" {"name" "example name"}} output parameter type description status code number http status code of the response reason string response reason phrase hostname string name of the resource risk level number output field risk level operating system string output field operating system last ms update string date value hd serial number output field hd serial last scan string output field last scan last ip string output field last ip last mask string output field last mask number of processes number output field number of processes number of logged users number output field number of logged users total cpu percentage number output field total cpu percentage system partition size number output field system partition size system partition free space number output field system partition free space total memory number output field total memory total free memory number output field total free memory memory percentage number output field memory percentage scangroup object output field scangroup scangroup scangroupname string name of the resource scangroup distributiontype string type of the resource scangroup platformtype string type of the resource antivirus object output field antivirus antivirus status string status value antivirus databasedate string response data output example {"status code" 200,"response headers" {"content length" "140","content type" "application/json","date" "thu, 27 jun 2024 20 37 23 gmt"},"reason" "ok","json body" {"hostname" "string","risk level" 0,"operating system" "string","last ms update" "2019 08 24t14 15 22z","hd serial" 0,"last scan" "2019 08 24t14 15 22z","last ip" "string","last mask" "string","number of processes" 0,"number of logged users" 0,"total cpu percentage" 0,"system partition size" 0,"system partition free space" 0,"total memo get host properties retrieves a host's properties using its name endpoint url /api/host method get input argument name type required description parameters name string optional the name of the host to get properties for input example {"parameters" {"name" "example name"}} output parameter type description status code number http status code of the response reason string response reason phrase hostname string name of the resource risk level number output field risk level operating system string output field operating system last ms update string date value hd serial number output field hd serial last scan string output field last scan last ip string output field last ip last mask string output field last mask number of processes number output field number of processes number of logged users number output field number of logged users total cpu percentage number output field total cpu percentage system partition size number output field system partition size system partition free space number output field system partition free space total memory number output field total memory total free memory number output field total free memory memory percentage number output field memory percentage scangroup object output field scangroup scangroup scangroupname string name of the resource scangroup distributiontype string type of the resource scangroup platformtype string type of the resource antivirus object output field antivirus antivirus status string status value antivirus databasedate string response data output example {"status code" 200,"response headers" {"content length" "140","content type" "application/json","date" "thu, 27 jun 2024 20 37 23 gmt"},"reason" "ok","json body" {"hostname" "string","risk level" 2147483648,"operating system" "string","last ms update" "2019 08 24t14 15 22z","hd serial" 9007199254740991,"last scan" "2019 08 24t14 15 22z","last ip" "string","last mask" "string","number of processes" 2147483648,"number of logged users" 2147483648,"total cpu percentage" 2147483648,"system parti get host remediation status retrieves the current status of a remediation action for an endpoint in cynet using the provided remediation action id endpoint url api/host/remediation/{{id}} method get input argument name type required description path parameters id number required remediation action id input example {"path parameters" {"id" 9007199254740991}} output parameter type description status code number http status code of the response reason string response reason phrase id number unique identifier status number status value statusinfo string status value output example {"status code" 200,"response headers" {},"reason" "ok","json body" {"id" 9007199254740991,"status" 0,"statusinfo" "string"}} get latest alerts retrieve the most recent alerts from cynet with all associated properties, filtered by a specified time frame endpoint url /api/alerts method get input argument name type required description parameters lastseen string optional required format is yyyy mm dd hh\ mm \ ss input example {"parameters" {"lastseen" "2024 01 25t10 03 02 684z"}} output parameter type description synctimeutc string output field synctimeutc entities array output field entities entities clientdbid number unique identifier entities uniqueness string output field entities uniqueness entities incidentname string unique identifier entities incidentdescription string unique identifier entities incidentjsondescription string unique identifier entities incidentrecomendation string unique identifier entities hostid number unique identifier entities hostip string output field entities hostip entities hostname string name of the resource entities productid number unique identifier entities sha256 string output field entities sha256 entities sha256hex string output field entities sha256hex entities path string output field entities path entities commandline string output field entities commandline entities alertip number output field entities alertip entities alertdomain string output field entities alertdomain entities domainid number unique identifier entities alerturl string url endpoint for the request entities userid number unique identifier entities username string name of the resource entities severity number output field entities severity entities status number status value entities alerttype number type of the resource output example {"synctimeutc" "2024 01 25t10 03 02 684z","entities" \[{"clientdbid" 0,"uniqueness" "","incidentname" "","incidentdescription" "","incidentjsondescription" "","incidentrecomendation" "","hostid" 0,"hostip" "192 168 1 100","hostname" "","productid" 0,"sha256" "","sha256hex" "","path" "","commandline" "","alertip" 0}]} get latest files retrieve the most recently discovered files in the environment from a specified time endpoint url /api/files method get input argument name type required description parameters lastseen string optional required format is yyyy mm dd hh\ mm \ ss input example {"parameters" {"lastseen" "2019 08 24t14 15 22z"}} output parameter type description status code number http status code of the response reason string response reason phrase synctimeutc string output field synctimeutc entities array output field entities entities clientdbid number unique identifier entities sha256 string output field entities sha256 entities commonfilename string name of the resource entities metaproductname string name of the resource entities company string output field entities company entities risklevel number output field entities risklevel entities endpoints number output field entities endpoints entities antivirus number output field entities antivirus entities vtrisklevel number output field entities vtrisklevel entities lastseen string output field entities lastseen entities datein string output field entities datein output example {"status code" 200,"response headers" {"content length" "140","content type" "application/json","date" "thu, 27 jun 2024 20 37 23 gmt"},"reason" "ok","json body" {"synctimeutc" "2019 08 24t14 15 22z","entities" \[{}]}} get user remediation status retrieves the current status of a remediation action for an endpoint in cynet using the provided remediation action id endpoint url api/user/remediation/{{id}} method get input argument name type required description path parameters id number required remediation action id input example {"path parameters" {"id" 9007199254740991}} output parameter type description status code number http status code of the response reason string response reason phrase id number unique identifier status number status value statusinfo string status value output example {"status code" 200,"response headers" {},"reason" "ok","json body" {"id" 9007199254740991,"status" 0,"statusinfo" "string"}} isolate host isolates a specified host within the cynet platform to contain threats and prevent lateral movement endpoint url api/host/remediation/isolate method post input argument name type required description headers object required http headers for the request headers client id number required the site id of the host to be isolated headers content type string optional the content type of the request data body object optional response data data body host string optional the name of the host to isolate input example {"headers" {"client id" 1231234,"content type" "text/plain"},"data body" {"host" "host name"}} output parameter type description status code number http status code of the response reason string response reason phrase output example {"status code" 200,"response headers" {},"reason" "ok","json body" {}} kill process by file sha256 terminates a process on the host identified by its sha 256 hash using cynet endpoint url /api/file/remediation/kill method post input argument name type required description sha256 string optional gets or sets the sha256 host string optional gets or sets the host input example {"sha256" "string","host" "string"} output parameter type description status code number http status code of the response reason string response reason phrase remediation items array output field remediation items output example {"status code" 200,"response headers" {"content length" "140","content type" "application/json","date" "thu, 27 jun 2024 20 37 23 gmt"},"reason" "ok","json body" {"remediation items" \[ 9007199254740991]}} quarantine file by path isolates a file on an endpoint by path and sha256, returning a remediation id for tracking endpoint url /api/file/remediation/quarantine method post input argument name type required description sha256 string optional gets or sets the sha256 host string optional gets or sets the host input example {"sha256" "string","host" "string"} output parameter type description status code number http status code of the response reason string response reason phrase remediation items array output field remediation items output example {"status code" 200,"response headers" {"content length" "140","content type" "application/json","date" "thu, 27 jun 2024 20 37 23 gmt"},"reason" "ok","json body" {"remediation items" \[ 9007199254740991]}} run command on host runs a command on a host in cynet endpoint url /api/host/remediation/runcommand method post input argument name type required description host string optional the host to run the command on command string optional the command to run on the host input example {"host" "string","command" "string"} output parameter type description status code number http status code of the response reason string response reason phrase remediation items array it's a list of remediation items output example {"status code" 200,"response headers" {},"reason" "ok","json body" {"remediation items" \[ 9007199254740991]}} unisolate host reconnects a previously isolated host to the network using cynet headers are required for authentication endpoint url api/host/remediation/unisolate method post input argument name type required description headers object required http headers for the request headers client id number required the site id of the host to be unisolated headers content type string optional the content type of the request data body object optional response data data body host string optional the name of the host to unisolate input example {"headers" {"client id" 1231234,"content type" "text/plain"},"data body" {"host" "host name"}} output parameter type description status code number http status code of the response reason string response reason phrase output example {"status code" 200,"response headers" {},"reason" "ok","json body" {}} update alert status updates an alert's status in cynet for efficient incident management and response workflows, requiring a json body input endpoint url /api/alerts/updatestatus method put input argument name type required description alertdbid number optional it s a unique identifier assigned to an alert within a database status number optional 0=open, 1=pending, 2=ignored, 3=closed input example {"json body" {"alertdbid" 0,"status" 0}} output parameter type description status code number http status code of the response reason string response reason phrase output example {"status code" 200,"response headers" {},"reason" "ok","json body"\ true} response headers header description example content length the length of the response body in bytes 140 content type the media type of the resource application/json date the date and time at which the message was originated thu, 01 jan 2024 00 00 00 gmt