cyberint
Cyberint provides intelligence-driven digital risk protection. This integration will help your enterprise effectively consume actionable cyber alerts to increase your security posture.
Data Enrichment & Threat Intelligence · Cyberint
Configuration parameters
client_name— Company Name (required)access_token— Cyberint Access Token (required)environment— Cyberint API URL (required)region— Data residencyduplicate_alert— Create an incident per CSV recordisFetch— Fetch incidentsfetch_severity— Fetch Severityfetch_status— Fetch Statusfetch_environment— Fetch Environmentmirror_direction— Incident Mirroring DirectionincidentType— Incident typeclose_incident— Close Mirrored XSOAR Incidentclose_alert— Close Mirrored Cyberint Alertfetch_type— Fetch Typesmax_fetch— Fetch Limitfirst_fetch— First fetch timestamp (<number> <time unit>, e.g., 12 hours, 7 days)insecure— Trust any certificate (not secure)proxy— Use system proxy settings
Commands (8)
-
cyberint-alerts-analysis-reportGet alert analysis report.
-
cyberint-alerts-fetchList alerts according to parameters.
-
cyberint-alerts-get-attachmentGet alert attachment.
-
cyberint-alerts-status-updateUpdate the status of one or more alerts.
-
get-mapping-fieldsReturns the list of fields for an incident type.
-
get-modified-remote-dataGets the list of incidents that were modified since the last update time. Note that this method is here for debugging purposes. The get-modified-remote-data command is used as part of a Mirroring feature, which is available in Cortex XSOAR from version 6.1.
-
get-remote-dataGets remote data from a remote incident. This method does not update the current incident, and should be used for debugging purposes.
-
update-remote-systemUpdates the remote incident or detection with local incident or detection changes. This method is only used for debugging purposes and will not update the current incident or detection.