DeCYFIR v1.1.5

DeCYFIR API's provides External Threat Landscape Management insights

Author:
Cyfirma
Support:
partner
URL:
https://www.cyfirma.com/
Default data source:
DecyfirEventCollector
agentixxsiam
Data Enrichment & Threat Intelligence

Incident fields (1)

Indicator fields (3)

  • Target Countries
  • Target Industries
  • Technologies

Modeling rules (1)

Playbooks (1)

README

Cyfirma DeCYFIR Content Pack

CYFIRMA’s core platform, DeCYFIR, combines cyber threat intelligence with attack surface discovery and digital risk protection to deliver predictive, personalized, contextual, outside-in, and multi-layered cyber-intelligence.
With DeCYFIR’s APIs, security teams obtain a complete view of their external threat landscape and receive actionable insights to ensure their cybersecurity posture is robust, resilient, and able to counter emerging cyber threats.

This packs empowers security teams with the following capabilities

  • Monitor your entire external attack surfaces as they emerge.
  • Gain knowledge of vulnerabilities and understand the threat actors, campaigns, and attack methods used by adversaries.
  • Stay informed of data breach/leaks, including company email addresses, intellectual property information, and confidential data.
  • Be alerted to impersonation of company domains and executives across public and social platforms.
  • Prioritize remedial actions with insights from external threat landscape.de
  • Use the insights to expedite threat hunting and accelerate incident response activities.

<~XSOAR>

Note:
Support and maintenance for this content pack is provided by Cyfirma.

</~XSOAR>

<~XSIAM>

This content pack contains an integration that collects event logs from DeCYFIR for ingestion into Cortex XSIAM.

Once configured, the integration periodically fetches event logs from DeCYFIR’s APIs and sends them to Cortex XSIAM for ingestion, normalization and analysis.

  • Events are fetched in real time (starting from the moment the integration is enabled).

  • Each event type (Access Logs, Assets Logs, Digital Risk Keywords Logs) is fetched separately using its own pagination and limit.

  • To prevent duplication, the integration automatically tracks and stores the last fetched timestamp and event IDs.

Configure the DeCYFIR Event Collector Integration in Cortex

Parameter Required
Server URL True
API Key True
Event types to fetch True
Maximum number of Access Logs events per fetch False
Maximum number of Assets Logs events per fetch False
Maximum number of Digital Risk Keywords Logs events per fetch False
Trust any certificate (not secure) False
Use system proxy settings False

</~XSIAM>