Cyware

the cyware connector enables automated interactions with the ctix platform, allowing for efficient threat intelligence management and exchange cyware offers a threat intelligence exchange platform (ctix) that allows for the aggregation and analysis of threat data the cyware connector for swimlane turbine enables users to perform bulk lookups of threat indicators and verify server connectivity within their security workflows by integrating with cyware, swimlane turbine users can enrich their incident response with detailed threat intelligence, including enrichment data and relationship details, directly within their automated playbooks this enhances the platform's ability to provide comprehensive security solutions by leveraging external threat intelligence for improved detection, analysis, and response capabilities prerequisites to effectively utilize the cyware connector within swimlane turbine, ensure you have the following prerequisites api authentication credentials from cyware ctix, which include access id your unique identifier for api access expires the expiration time for the api request signature a hashed signature for securing api requests limitations none to date supported versions this connector supports the latest version of the cyware policies api additional docs ctix api documentation https //ctixapiv3 cyware com/#intro configuration authentication methods the following authentication methods are supported for this connector custom authentication to authenticate using asset, you need to provide the following details url the url to the target host default is https //sample domain com access id your ctix access id secret key your ctix secret key these credentials are required to establish a secure connection with the ctix platform and perform various operations capabilities this connector provides the following capabilities bulk ioc lookup advance ping bulk ioc lookup advanced performs a lookup for threat data objects in the ctix platform and retrieves the details of the objects, such as basic details, enriched data, and relations https //ctixapiv3 cyware com/#b9a61c05 8fea 4545 bb8f 420ad282ce6c https //ctixapiv3 cyware com/#b9a61c05 8fea 4545 bb8f 420ad282ce6c ping ctix enables you to check the connectivity with a server through the ping pong method the ping pong method sends a request called ping to check the connection and a successful response is called a pong response https //ctixapiv3 cyware com/#0d48ddb2 f7fe 44c0 bf02 fced42cfb97b https //ctixapiv3 cyware com/#0d48ddb2 f7fe 44c0 bf02 fced42cfb97b configurations asset to authenticate the api requests made to the ctix application, you must include access id, expires, signature configuration parameters parameter description type required url a url to the target host string optional ctix access id access id string optional ctix secret key secret key string optional verify ssl verify ssl certificate boolean optional http proxy a proxy to route requests through string optional actions bulk ioc lookup performs a bulk lookup for threat data objects in the ctix platform, retrieving details like basic information, enriched data, and relationships endpoint url ctixpi/ingestion/openapi/bulk lookup/{{object type}} method post input argument name type required description enrichment data boolean optional pass true to retrieve the latest five enrichment data objects relation data boolean optional pass true to retrieve the latest 100 relations details enrichment tools string optional pass the name of up to five enrichment tools separated by a comma to retrieve a list of enrichment tools, use the get enrichment tools api under administration > enrichment management > enrichment tools fields string optional pass a comma separated list of field names to retrieve specific details of the objects by default, all fields are retrieved object type string required pass an object type to lookup for the list of supported object types, see supported sdo types in threat data > miscellaneous data body object optional response data value array optional value for the parameter output parameter type description status code number http status code of the response reason string response reason phrase next object output field next previous object output field previous total number output field total results array result of the operation analyst score object score value analyst tlp object output field analyst tlp country string output field country created string output field created ctix created string output field ctix created ctix modified string output field ctix modified custom attributes object output field custom attributes confidence score number unique identifier description object output field description enrichment data array response data tool string output field tool tool response string output field tool response first seen object output field first seen id string unique identifier ioc type string type of the resource is deprecated boolean output field is deprecated is false positive boolean output field is false positive is reviewed boolean output field is reviewed is whitelisted boolean output field is whitelisted example \[ { "status code" 200, "response headers" {}, "reason" "ok", "json body" { "next" null, "previous" null, "total" 1, "results" \[], "page size" 10 } } ] ping verify server connectivity using the ctix ping pong method, which sends a 'ping' and expects a 'pong' response endpoint url ctixpi/ping/ method get output parameter type description status code number http status code of the response reason string response reason phrase result string result of the operation example \[ { "status code" 200, "response headers" {}, "reason" "ok", "json body" { "result" "pong" } } ]