Giter VIP home page Giter VIP logo

cywarectix's Introduction

Cyware CTIX

Publisher: Cyware Labs
Connector Version: 1.0.2
Product Vendor: Cyware Labs
Product Name: Cyware Threat Intel eXchange
Product Version Supported (regex): ".*"
Minimum Product Version: 5.1.0

Cyware Threat Intel eXchange is an intelligent client-server intelligence exchange that provides subscriber with full Threat Intel collection management from multiple internal and external sources

Configuration Variables

The below configuration variables are required for this Connector to operate. These variables are specified when configuring a Cyware Threat Intel eXchange asset in SOAR.

VARIABLE REQUIRED TYPE DESCRIPTION
access_id required password Access ID
secret_key required password Authentication Secret Key
baseurl required string Base URL for CTIX REST API
verify_server_cert optional boolean Verify server certificate

Supported Actions

test connectivity - Validate the asset configuration for connectivity
lookup domain - Search IOCs in CTIX for matching Domain
lookup hash - Search IOCs in CTIX for matching Hash
lookup ip - Search IOCs in CTIX for matching IP Address
lookup url - Search IOCs in CTIX for matching URL

action: 'test connectivity'

Validate the asset configuration for connectivity

Type: test
Read only: True

Action Parameters

No parameters are required for this action

Action Output

No Output

action: 'lookup domain'

Search IOCs in CTIX for matching Domain

Type: investigate
Read only: True

Action Parameters

PARAMETER REQUIRED DESCRIPTION TYPE CONTAINS
domain required Domain to run the lookup on string domain

Action Output

DATA PATH TYPE CONTAINS
action_result.parameter.domain string domain
action_result.data.*.result.score numeric
action_result.data.*.result.created numeric
action_result.data.*.result.updated numeric
action_result.data.*.result.domain_data string
action_result.data.*.result.package_count string
action_result.data.*.result.packages_list string
action_result.data.*.result.stix_object_id string
action_result.data.*.result.misp_warninglist_status string
action_result.data.*.result.zscaler_enrichment_status string
action_result.data.*.result.cisco_umbrella_status string
action_result.data.*.result.geoip_report string
action_result.data.*.result.cisco_umbrella_status string
action_result.data.*.result.cisco_umbrella_malicious string
action_result.data.*.result.misp_warninglist_malicious string
action_result.data.*.result.misp_warninglist_domain_report string
action_result.data.*.result.cisco_umbrella_domain_report string
action_result.data.*.result.zscaler_enrichment_malicious string
action_result.data.*.result.zscaler_enrichment_domain_report string
action_result.status string
action_result.message string
action_result.summary string
summary.message string
summary.total_objects numeric
summary.total_objects_successful numeric

action: 'lookup hash'

Search IOCs in CTIX for matching Hash

Type: investigate
Read only: True

Action Parameters

PARAMETER REQUIRED DESCRIPTION TYPE CONTAINS
hash required Hash to run the lookup on string hash

Action Output

DATA PATH TYPE CONTAINS
action_result.parameter.hash string hash
action_result.data.*.result.score numeric
action_result.data.*.result.created numeric
action_result.data.*.result.updated numeric
action_result.data.*.result.hash_data string
action_result.data.*.result.package_count string
action_result.data.*.result.packages_list string
action_result.data.*.result.stix_object_id string
action_result.data.*.result.misp_warninglist_status string
action_result.data.*.result.zscaler_enrichment_status string
action_result.data.*.result.virus_total_hash_report string
action_result.data.*.result.zscaler_enrichment_hash_report string
action_result.data.*.result.mandiant_threat_intelligence_hash_report string
action_result.data.*.result.cisco_umbrella_malicious string
action_result.data.*.result.misp_warninglist_malicious string
action_result.data.*.result.alien_vault_hash_report string
action_result.data.*.result.cisco_umbrella_domain_report string
action_result.data.*.result.zscaler_enrichment_malicious string
action_result.data.*.result.comodo_hash_report string
action_result.status string
action_result.message string
action_result.summary string
summary.message string
summary.total_objects numeric
summary.total_objects_successful numeric

action: 'lookup ip'

Search IOCs in CTIX for matching IP Address

Type: investigate
Read only: True

Action Parameters

PARAMETER REQUIRED DESCRIPTION TYPE CONTAINS
ip required IP Address to run the lookup on string ip

Action Output

DATA PATH TYPE CONTAINS
action_result.parameter.ip string ip
action_result.data.*.result.score numeric
action_result.data.*.result.created numeric
action_result.data.*.result.updated numeric
action_result.data.*.result.hash_data string
action_result.data.*.result.package_count string
action_result.data.*.result.packages_list string
action_result.data.*.result.stix_object_id string
action_result.data.*.result.misp_warninglist_status string
action_result.data.*.result.zscaler_enrichment_status string
action_result.data.*.result.virus_total_hash_report string
action_result.data.*.result.zscaler_enrichment_hash_report string
action_result.data.*.result.mandiant_threat_intelligence_hash_report string
action_result.data.*.result.cisco_umbrella_malicious string
action_result.data.*.result.misp_warninglist_malicious string
action_result.data.*.result.alien_vault_hash_report string
action_result.data.*.result.cisco_umbrella_domain_report string
action_result.data.*.result.zscaler_enrichment_malicious string
action_result.data.*.result.comodo_hash_report string
action_result.status string
action_result.message string
action_result.summary string
summary.message string
summary.total_objects numeric
summary.total_objects_successful numeric

action: 'lookup url'

Search IOCs in CTIX for matching URL

Type: investigate
Read only: True

Action Parameters

PARAMETER REQUIRED DESCRIPTION TYPE CONTAINS
url required URL to run the lookup on string url

Action Output

DATA PATH TYPE CONTAINS
action_result.parameter.url string url
action_result.data.*.result.score numeric
action_result.data.*.result.created numeric
action_result.data.*.result.updated numeric
action_result.data.*.result.hash_data string
action_result.data.*.result.package_count string
action_result.data.*.result.packages_list string
action_result.data.*.result.stix_object_id string
action_result.data.*.result.misp_warninglist_status string
action_result.data.*.result.zscaler_enrichment_status string
action_result.data.*.result.virus_total_hash_report string
action_result.data.*.result.zscaler_enrichment_hash_report string
action_result.data.*.result.mandiant_threat_intelligence_hash_report string
action_result.data.*.result.cisco_umbrella_malicious string
action_result.data.*.result.misp_warninglist_malicious string
action_result.data.*.result.alien_vault_hash_report string
action_result.data.*.result.cisco_umbrella_domain_report string
action_result.data.*.result.zscaler_enrichment_malicious string
action_result.data.*.result.comodo_hash_report string
action_result.status string
action_result.message string
action_result.summary string
summary.message string
summary.total_objects numeric
summary.total_objects_successful numeric

cywarectix's People

Contributors

arathore-crest avatar hsrivastava-crest avatar jdemelo avatar seablooms avatar

Watchers

avatar

Forkers

pdros-splunk

cywarectix's Issues

Ip and URL lookup giving error "Couldn't add response data to the action_result. Error Message: 'bool' object has no attribute 'format'""

Name of the app
The app this issue relates to. splunk SOAR

Describe the bug
A clear and concise description of what the bug is.
while doing IP lookup and URL lookup we are getting error "
Couldn't add response data to the action_result. Error Message: 'bool' object has no attribute 'format'"
To Reproduce
Steps to reproduce the behavior:

  1. Go to '...'
  2. Click on '....'
  3. Scroll down to '....'
  4. See error

Expected behavior
A clear and concise description of what you expected to happen. the ip lookup and url lookup should work as expected

Screenshots
If applicable, add screenshots to help explain your problem.

Splunk SOAR Version (please complete the following information):

  • OVA, Unprivileged Install, or RPM?
  • If not OVA, OS Version?
  • Hypervisor (if applicable)?
  • App Version? version 6.2.1.305

Additional context
Add any other context about the problem here.

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.