cyberint

Cyberint provides intelligence-driven digital risk protection. This integration will help your enterprise effectively consume actionable cyber alerts to increase your security posture.

Data Enrichment & Threat Intelligence · Cyberint

Configuration parameters

  • client_name — Company Name (required)
  • access_token — Cyberint Access Token (required)
  • environment — Cyberint API URL (required)
  • region — Data residency
  • duplicate_alert — Create an incident per CSV record
  • isFetch — Fetch incidents
  • fetch_severity — Fetch Severity
  • fetch_status — Fetch Status
  • fetch_environment — Fetch Environment
  • mirror_direction — Incident Mirroring Direction
  • incidentType — Incident type
  • close_incident — Close Mirrored XSOAR Incident
  • close_alert — Close Mirrored Cyberint Alert
  • fetch_type — Fetch Types
  • max_fetch — Fetch Limit
  • first_fetch — First fetch timestamp (<number> <time unit>, e.g., 12 hours, 7 days)
  • insecure — Trust any certificate (not secure)
  • proxy — Use system proxy settings

Commands (8)

  • cyberint-alerts-analysis-report

    Get alert analysis report.

  • cyberint-alerts-fetch

    List alerts according to parameters.

  • cyberint-alerts-get-attachment

    Get alert attachment.

  • cyberint-alerts-status-update

    Update the status of one or more alerts.

  • get-mapping-fields

    Returns the list of fields for an incident type.

  • get-modified-remote-data

    Gets the list of incidents that were modified since the last update time. Note that this method is here for debugging purposes. The get-modified-remote-data command is used as part of a Mirroring feature, which is available in Cortex XSOAR from version 6.1.

  • get-remote-data

    Gets remote data from a remote incident. This method does not update the current incident, and should be used for debugging purposes.

  • update-remote-system

    Updates the remote incident or detection with local incident or detection changes. This method is only used for debugging purposes and will not update the current incident or detection.