Cypho Threat Intelligence

This integration enables your organization to efficiently collect, analyze, and respond to actionable cyber alerts generated within the Cypho platform enhancing visibility, automation, and overall security posture.

Utilities · Cypho Threat Intelligence

Configuration parameters

  • url — Server URL (e.g. https://api.cypho.io/external/v1/) (required)
  • max_fetch — Maximum number of incidents per fetch
  • apikey — (required)
  • first_fetch — First fetch time
  • insecure — Trust any certificate (not secure)
  • incidentFetchInterval — Incidents Fetch Interval
  • tenant — Tenant Name
  • isFetch — Fetch incidents
  • incidentType — Incident type

Commands (6)

  • cypho-add-comment

    This command sends a comment as the status_reason parameter and attributes it to a user constructed from the provided username and domain. It is used to log investigation notes or analyst input directly on the issue.

  • cypho-approve-dismiss-issue

    Approves or dismisses a Cypho issue based on the provided ticket ID, user email, and approval decision.

  • cypho-assign-incident

    Assign a Cypho issue to an analyst by constructing their email from the given username and domain. The incident is assigned and updated with this user’s email.

  • cypho-download-attachment

    Downloads one or more attachments from a Cypho incident using the incident's unique "ticket_id". The command retrieves the attachment URLs from the issue and returns the files directly to the War Room. Useful for reviewing screenshots, logs, or other evidence related to the incident.

  • cypho-get-incident

    Retrieves the full details of a specific security incident from Cypho using its unique ticket_id. This command returns the raw response from the Cypho API, including metadata such as title, status, risk level, category, timestamps, impacted asset, and more.This command is intended for debugging purposes only and should not be used in production playbooks.

  • cypho-update-severity

    Updates the severity level of a specific Cypho issue using its unique ticket ID. This command is used to escalate or de-escalate the risk level ("Low", "Moderate", or "Critical") based on analysis or triage.