Cyware

cyware is a threat intelligence platform that facilitates threat data sharing, analysis, and response cyware is a comprehensive threat intelligence platform that enhances security operations by providing detailed threat data and insights the cyware connector for swimlane turbine allows users to perform bulk lookups of threat data objects, enriching security incidents with detailed information and relationships this integration empowers security teams to automate threat intelligence processes, improving response times and decision making by leveraging enriched data and actionable insights directly within their workflows prerequisites before you can use the cyware connector for turbine, you'll need access to the cyware api this requires the following to authenticate the api requests made to the ctix application, you must include access id unique identifier for accessing the api expires timestamp indicating when the access expires signature cryptographic signature for request validation limitations none to date supported versions this connector supports the latest version of the cyware policies api additional docs ctix api documentation https //ctixapiv3 cyware com/#intro configuration authentication methods the following authentication methods are supported for this connector custom authentication to authenticate using asset, you need to provide the following details url the url to the target host default is https //sample domain com access id your ctix access id secret key your ctix secret key these credentials are required to establish a secure connection with the ctix platform and perform various operations capabilities this connector provides the following capabilities bulk ioc lookup advance ping bulk ioc lookup advanced performs a lookup for threat data objects in the ctix platform and retrieves the details of the objects, such as basic details, enriched data, and relations https //ctixapiv3 cyware com/#b9a61c05 8fea 4545 bb8f 420ad282ce6c https //ctixapiv3 cyware com/#b9a61c05 8fea 4545 bb8f 420ad282ce6c ping ctix enables you to check the connectivity with a server through the ping pong method the ping pong method sends a request called ping to check the connection and a successful response is called a pong response https //ctixapiv3 cyware com/#0d48ddb2 f7fe 44c0 bf02 fced42cfb97b https //ctixapiv3 cyware com/#0d48ddb2 f7fe 44c0 bf02 fced42cfb97b additional documentation cyware connector documentation https //docs swimlane com/connectors/cywarecyware api documentation https //ctixapiv3 cyware com/ configurations asset to authenticate the api requests made to the ctix application, you must include access id, expires, signature configuration parameters parameter description type required url a url to the target host string optional ctix access id access id string optional ctix secret key secret key string optional verify ssl verify ssl certificate boolean optional http proxy a proxy to route requests through string optional actions bulk ioc lookup perform a bulk lookup for threat data objects in the ctix platform, retrieving details like basic information, enriched data, and relationships requires object type as a path parameter endpoint url ctixpi/ingestion/openapi/bulk lookup/{{object type}} method post input argument name type required description parameters enrichment data boolean optional pass true to retrieve the latest five enrichment data objects parameters relation data boolean optional pass true to retrieve the latest 100 relations details parameters enrichment tools string optional pass the name of up to five enrichment tools separated by a comma to retrieve a list of enrichment tools, use the get enrichment tools api under administration > enrichment management > enrichment tools parameters fields string optional pass a comma separated list of field names to retrieve specific details of the objects by default, all fields are retrieved path parameters object type string required pass an object type to lookup for the list of supported object types, see supported sdo types in threat data > miscellaneous data body object optional response data data body value array optional response data input example {"parameters" {"enrichment data"\ true,"relation data"\ true,"enrichment tools" "abuseipdb","fields" "relations,enrichment data"},"path parameters" {"object type" "indicator"},"data body" {"value" \["47 92 78 238","www facebook com"]}} output parameter type description status code number http status code of the response reason string response reason phrase next object output field next previous object output field previous total number output field total results array result of the operation results analyst score object result of the operation results analyst tlp object result of the operation results country string result of the operation results created string result of the operation results ctix created string result of the operation results ctix modified string result of the operation results custom attributes object result of the operation results confidence score number unique identifier results description object result of the operation results enrichment data array response data results enrichment data tool string response data results enrichment data tool response string response data results first seen object result of the operation results id string unique identifier results ioc type string type of the resource results is deprecated boolean result of the operation results is false positive boolean result of the operation results is reviewed boolean result of the operation results is whitelisted boolean result of the operation output example {"status code" 200,"response headers" {},"reason" "ok","json body" {"next"\ null,"previous"\ null,"total" 1,"results" \[{}],"page size" 10}} ping verify server connectivity using the ctix ping pong method, which sends a 'ping' and expects a 'pong' response endpoint url ctixpi/ping/ method get output parameter type description status code number http status code of the response reason string response reason phrase result string result of the operation output example {"status code" 200,"response headers" {},"reason" "ok","json body" {"result" "pong"}} response headers header description example content type the media type of the resource application/json date the date and time at which the message was originated thu, 01 jan 2024 00 00 00 gmt