cybleeventsv2
Cyble Events for Vision Users. Must have Vision API access to use the threat intelligence.
Data Enrichment & Threat Intelligence · CybleEventsV2
Configuration parameters
base_url— URL (required)credentials— (required)incident_collections— Colletions to fetchincident_severity— Severityinsecure— Trust any certificate (not secure)proxy— Use system proxy settingsmax_fetch— Incident Fetch LimitincidentType— Incident typeisFetch— Fetch incidentsfirst_fetch_timestamp— First fetch time (by hours)hide_data— Hide Card Detailsmirror— Update Incident to Remote System
Commands (8)
-
cyble-vision-fetch-alert-groupsFetch incident event group.
-
cyble-vision-fetch-alertsFetch alerts based on the given parameters. The alerts would have multiple events grouped into one, based on a specific service type. This way the user will see, in some cases, more events than the limit provides.
-
cyble-vision-fetch-iocsFetch the indicators in the given timeline.
-
cyble-vision-subscribed-servicesGet list of Subscribed services.
-
cyble-vision-update-alertsUpdate multiple Cyble alerts with new status/severity. Service is auto-resolved per alert ID.
-
get-mapping-fieldsRetrieves a User Profile schema, which holds all of the user fields within the application. Used for outgoing-mapping through the Get Schema option.
-
get-modified-remote-dataChecks for incidents modified since the last synchronization time to enable incremental data fetching.
-
get-remote-dataRetrieves the latest data for a specific remote incident by its ID, updating only if modified since the given timestamp.