cybleeventsv2

Cyble Events for Vision Users. Must have Vision API access to use the threat intelligence.

Data Enrichment & Threat Intelligence · CybleEventsV2

Configuration parameters

  • base_url — URL (required)
  • credentials — (required)
  • incident_collections — Colletions to fetch
  • incident_severity — Severity
  • insecure — Trust any certificate (not secure)
  • proxy — Use system proxy settings
  • max_fetch — Incident Fetch Limit
  • incidentType — Incident type
  • isFetch — Fetch incidents
  • first_fetch_timestamp — First fetch time (by hours)
  • hide_data — Hide Card Details
  • mirror — Update Incident to Remote System

Commands (8)

  • cyble-vision-fetch-alert-groups

    Fetch incident event group.

  • cyble-vision-fetch-alerts

    Fetch alerts based on the given parameters. The alerts would have multiple events grouped into one, based on a specific service type. This way the user will see, in some cases, more events than the limit provides.

  • cyble-vision-fetch-iocs

    Fetch the indicators in the given timeline.

  • cyble-vision-subscribed-services

    Get list of Subscribed services.

  • cyble-vision-update-alerts

    Update multiple Cyble alerts with new status/severity. Service is auto-resolved per alert ID.

  • get-mapping-fields

    Retrieves a User Profile schema, which holds all of the user fields within the application. Used for outgoing-mapping through the Get Schema option.

  • get-modified-remote-data

    Checks for incidents modified since the last synchronization time to enable incremental data fetching.

  • get-remote-data

    Retrieves the latest data for a specific remote incident by its ID, updating only if modified since the given timestamp.