Cyware

the cyware connector enables automated interactions with the ctix platform, allowing for efficient threat intelligence management and exchange cyware offers a threat intelligence exchange platform (ctix) that allows for the aggregation and analysis of threat data the cyware connector for swimlane turbine enables users to perform bulk lookups of threat indicators and verify server connectivity within their security workflows by integrating with cyware, swimlane turbine users can enrich their incident response with detailed threat intelligence, including enrichment data and relationship details, directly within their automated playbooks this enhances the platform's ability to provide comprehensive security solutions by leveraging external threat intelligence for improved detection, analysis, and response capabilities prerequisites to effectively utilize the cyware connector within swimlane turbine, ensure you have the following prerequisites api authentication credentials from cyware ctix, which include access id your unique identifier for api access expires the expiration time for the api request signature a hashed signature for securing api requests limitations none to date supported versions this connector supports the latest version of the cyware policies api additional docs https //ctixapiv3 cyware com/#intro configuration authentication methods the following authentication methods are supported for this connector custom authentication to authenticate using asset, you need to provide the following details url the url to the target host default is https //sample domain com access id your ctix access id secret key your ctix secret key these credentials are required to establish a secure connection with the ctix platform and perform various operations capabilities this connector provides the following capabilities bulk ioc lookup advance ping bulk ioc lookup advanced performs a lookup for threat data objects in the ctix platform and retrieves the details of the objects, such as basic details, enriched data, and relations https //ctixapiv3 cyware com/#b9a61c05 8fea 4545 bb8f 420ad282ce6c ping ctix enables you to check the connectivity with a server through the ping pong method the ping pong method sends a request called ping to check the connection and a successful response is called a pong response https //ctixapiv3 cyware com/#0d48ddb2 f7fe 44c0 bf02 fced42cfb97b configurations asset to authenticate the api requests made to the ctix application, you must include access id, expires, signature configuration parameters parameter description type required url a url to the target host string optional ctix access id access id string optional ctix secret key secret key string optional verify ssl verify ssl certificate boolean optional http proxy a proxy to route requests through string optional actions bulk ioc lookup performs a bulk lookup for threat data objects in the ctix platform, retrieving details like basic information, enriched data, and relationships endpoint url ctixpi/ingestion/openapi/bulk lookup/{{object type}} method post input argument name type required description parameters enrichment data boolean optional pass true to retrieve the latest five enrichment data objects parameters relation data boolean optional pass true to retrieve the latest 100 relations details parameters enrichment tools string optional pass the name of up to five enrichment tools separated by a comma to retrieve a list of enrichment tools, use the get enrichment tools api under administration > enrichment management > enrichment tools parameters fields string optional pass a comma separated list of field names to retrieve specific details of the objects by default, all fields are retrieved path parameters object type string required pass an object type to lookup for the list of supported object types, see supported sdo types in threat data > miscellaneous data body object optional response data data body value array optional response data input example {"parameters" {"enrichment data"\ true,"relation data"\ true,"enrichment tools" "abuseipdb","fields" "relations,enrichment data"},"path parameters" {"object type" "indicator"},"data body" {"value" \["47 92 78 238","www facebook com"]}} output parameter type description status code number http status code of the response reason string response reason phrase next object output field next previous object output field previous total number output field total results array result of the operation results analyst score object result of the operation results analyst tlp object result of the operation results country string result of the operation results created string result of the operation results ctix created string result of the operation results ctix modified string result of the operation results custom attributes object result of the operation results confidence score number unique identifier results description object result of the operation results enrichment data array response data results enrichment data tool string response data results enrichment data tool response string response data results first seen object result of the operation results id string unique identifier results ioc type string type of the resource results is deprecated boolean result of the operation results is false positive boolean result of the operation results is reviewed boolean result of the operation results is whitelisted boolean result of the operation output example {"status code" 200,"response headers" {},"reason" "ok","json body" {"next"\ null,"previous"\ null,"total" 1,"results" \[{}],"page size" 10}} ping verify server connectivity using the ctix ping pong method, which sends a 'ping' and expects a 'pong' response endpoint url ctixpi/ping/ method get output parameter type description status code number http status code of the response reason string response reason phrase result string result of the operation output example {"status code" 200,"response headers" {},"reason" "ok","json body" {"result" "pong"}} response headers header description example content type the media type of the resource application/json date the date and time at which the message was originated thu, 01 jan 2024 00 00 00 gmt