Cynet

cynet is an integrated security platform that provides organizations with advanced threat detection and response capabilities cynet is a comprehensive threat detection and response platform that provides real time cybersecurity protection the cynet connector for swimlane turbine enables automated incident response and threat remediation by integrating key security actions users can leverage this connector to delete malicious files, retrieve file properties, monitor remediation status, and update alert statuses directly within the swimlane turbine environment this integration empowers security teams to streamline their workflows, reduce response times, and enhance their overall security posture with minimal manual intervention prerequisites to utilize the cynet connector within swimlane turbine, ensure you have the following prerequisites username and password authentication with the following parameters url endpoint url for the cynet api username your cynet account username password your cynet account password client id the client identifier associated with your cynet account capabilities the cynet connector has the following capabilities delete file by sha256 get file properties get file remediation status get latest alerts get latest files kill process by file sha256 quarantine file by path update alert status api documentation link cynet api documentation link https //help api cynet com/docs/cynet/i97ea0ntt0bvo hosts configurations cynet asset authenticates using username and password configuration parameters parameter description type required url a url to the target host string required username user email string required password password string required client id client id string required verify ssl verify ssl certificate boolean optional http proxy a proxy to route requests through string optional actions delete file by sha256 removes a specified file from an endpoint in cynet using the file's sha256 hash; provides a remediation id endpoint url /api/file/remediation/delete method post input argument name type required description sha256 string optional gets or sets the sha256 host string optional gets or sets the host output parameter type description status code number http status code of the response reason string response reason phrase remediation items array output field remediation items example \[ { "status code" 200, "response headers" { "content length" "140", "content type" "application/json", "date" "thu, 27 jun 2024 20 37 23 gmt" }, "reason" "ok", "json body" { "remediation items" \[] } } ] get file properties retrieves properties of a file identified by sha256, including data related to its presence on the endpoint endpoint url /api/file method get input argument name type required description sha256 string optional file sha256 output parameter type description status code number http status code of the response reason string response reason phrase sha256 string output field sha256 md5 string output field md5 sha1 string output field sha1 ssdeep string output field ssdeep common filename string name of the resource common path string output field common path is whitelisted boolean output field is whitelisted av detections number output field av detections risk level number output field risk level alert product name string name of the resource alert severity level string output field alert severity level imports ntdll boolean output field imports ntdll imports winsock boolean output field imports winsock imports wininet boolean output field imports wininet has sockets boolean output field has sockets has autorun occurances boolean output field has autorun occurances has hidden window occurrences boolean unique identifier has program files folder occurrences boolean output field has program files folder occurrences certificate name string name of the resource certificate root name string name of the resource certificate thumbprint string output field certificate thumbprint first seen string output field first seen last seen string output field last seen example \[ { "status code" 200, "response headers" { "content length" "140", "content type" "application/json", "date" "thu, 27 jun 2024 20 37 23 gmt" }, "reason" "ok", "json body" { "sha256" "string", "md5" "string", "sha1" "string", "ssdeep" "string", "common filename" "string", "common path" "string", "is whitelisted" true, "av detections" 2147483648, "risk level" 2147483648, "alert product name" "string", "alert severity level" "string", "imports ntdll" true, "imports winsock" true, "imports wininet" true, "has sockets" true } } ] get file remediation status retrieves the status of a file remediation action in cynet using the specified 'id' parameter endpoint url /api/file/remediation/{{id}} method get input argument name type required description id number required remediation action id output parameter type description status code number http status code of the response reason string response reason phrase id number unique identifier status number status value statusinfo string status value example \[ { "status code" 200, "response headers" { "content length" "140", "content type" "application/json", "date" "thu, 27 jun 2024 20 37 23 gmt" }, "reason" "ok", "json body" { "id" 9007199254740991, "status" 0, "statusinfo" "string" } } ] get latest alerts retrieve the most recent alerts from cynet, including all associated properties, filtered by a specified time endpoint url /api/alerts method get input argument name type required description lastseen string optional required format is yyyy mm dd hh\ mm \ ss output parameter type description synctimeutc string output field synctimeutc entities array output field entities clientdbid number unique identifier uniqueness string output field uniqueness incidentname string unique identifier incidentdescription string unique identifier incidentjsondescription string unique identifier incidentrecomendation string unique identifier hostid number unique identifier hostip string output field hostip hostname string name of the resource productid number unique identifier sha256 string output field sha256 sha256hex string output field sha256hex path string output field path commandline string output field commandline alertip number output field alertip alertdomain string output field alertdomain domainid number unique identifier alerturl string url endpoint for the request userid number unique identifier username string name of the resource severity number output field severity status number status value alerttype number type of the resource example \[ { "synctimeutc" "2024 01 25t10 03 02 684z", "entities" \[ {} ] } ] get latest files retrieve a list of the most recently discovered files in the environment from a specified time endpoint url /api/files method get input argument name type required description lastseen string optional required format is yyyy mm dd hh\ mm \ ss output parameter type description status code number http status code of the response reason string response reason phrase synctimeutc string output field synctimeutc entities array output field entities clientdbid number unique identifier sha256 string output field sha256 commonfilename string name of the resource metaproductname string name of the resource company string output field company risklevel number output field risklevel endpoints number output field endpoints antivirus number output field antivirus vtrisklevel number output field vtrisklevel lastseen string output field lastseen datein string output field datein example \[ { "status code" 200, "response headers" { "content length" "140", "content type" "application/json", "date" "thu, 27 jun 2024 20 37 23 gmt" }, "reason" "ok", "json body" { "synctimeutc" "2019 08 24t14 15 22z", "entities" \[] } } ] kill process by file sha256 terminates a process on the host identified by its sha 256 hash using cynet endpoint url /api/file/remediation/kill method post input argument name type required description sha256 string optional gets or sets the sha256 host string optional gets or sets the host output parameter type description status code number http status code of the response reason string response reason phrase remediation items array output field remediation items example \[ { "status code" 200, "response headers" { "content length" "140", "content type" "application/json", "date" "thu, 27 jun 2024 20 37 23 gmt" }, "reason" "ok", "json body" { "remediation items" \[] } } ] quarantine file by path isolates a file on an endpoint using its path and sha256, providing a remediation id in the response endpoint url /api/file/remediation/quarantine method post input argument name type required description sha256 string optional gets or sets the sha256 host string optional gets or sets the host output parameter type description status code number http status code of the response reason string response reason phrase remediation items array output field remediation items example \[ { "status code" 200, "response headers" { "content length" "140", "content type" "application/json", "date" "thu, 27 jun 2024 20 37 23 gmt" }, "reason" "ok", "json body" { "remediation items" \[] } } ] update alert status updates an alert's status in cynet for efficient incident management and response workflows endpoint url /api/alerts/updatestatus method put input argument name type required description alertdbid number optional it s a unique identifier assigned to an alert within a database status number optional 0=open, 1=pending, 2=ignored, 3=closed output parameter type description status code number http status code of the response reason string response reason phrase example \[ { "status code" 200, "response headers" {}, "reason" "ok", "json body" true } ] response headers header description example content length the length of the response body in bytes 140 content type the media type of the resource application/json date the date and time at which the message was originated thu, 27 jun 2024 20 37 23 gmt