Skip to main content

Cyble Events

This Integration is part of the Cyble Events Pack.#

Supported versions

Supported Cortex XSOAR versions: 6.0.0 and later.

Cyble Events is an integration which will help Existing Cyble Vision users. This integration would allow users to access the API available as part of Vision Licensing and integrate the data into XSOAR.

Configure Cyble Events on Cortex XSOAR#

  1. Navigate to Settings > Integrations > Servers & Services.

  2. Search for Cyble Events.

  3. Click Add instance to create and configure a new integration instance.

    ParameterDescriptionRequired
    Server URL (e.g. https://example.net)True
    Access TokenTrue
    Trust any certificate (not secure)False
    Use system proxy settingsFalse
    Fetch incidentsFalse
    Incidents Fetch IntervalFalse
    Incident Fetch LimitMaximum incidents to be fetched every time. Upper limit is 50 incidents.True
    Incident typeFalse
    PriorityFetch the events based on priority. All priorities will be considered by default.False
  4. Click Test to validate the URLs, token, and connection.

Commands#

You can execute these commands from the Cortex XSOAR CLI, as part of an automation, or in a playbook. After you successfully execute a command, a DBot message appears in the War Room with the command details.

This integration provides the following command(s) which can be used to access Threat Intelligence

cyble-vision-fetch-iocs#


Fetch the indicators for the given timeline

Base Command#

cyble-vision-fetch-iocs

Input#

Argument NameDescriptionRequired
fromReturns records started with given value. Default is 0.Optional
limitNumber of records to return (max 1000). Using a smaller limit will get faster responses. Default is 1.Optional
start_dateTimeline start date in the format "YYYY-MM-DD". Need to used with end_date as timeline range.Optional
end_dateTimeline end date in the format "YYYY-MM-DD". Need to used with start_date as timeline range.Optional
typeReturns record by type like (CIDR, CVE, domain, email, FileHash-IMPHASH, FileHash-MD5, FileHash-PEHASH, FileHash-SHA1, FileHash-SHA256, FilePath, hostname, IPv4, IPv6, Mutex, NIDS, URI, URL, YARA, osquery, Ja3, Bitcoinaddress, Sslcertfingerprint).Optional
keywordReturns records for the specified keyword.Optional

Context Output#

PathTypeDescription
CybleEvents.IoCs.dataStringReturns indicator inital creation date

cyble-vision-fetch-alerts#


Fetch Incident Event alerts based on the given parameters. Alerts would have multiple events grouped into one based on specific service type. So users would see, in certain cases, more events than the limit provides.

Base Command#

cyble-vision-fetch-alerts

Input#

Argument NameDescriptionRequired
fromReturns records for the timeline starting from given indice. Default is 0.Required
limitNumber of records to return (max 50). Using a smaller limit will get faster responses. Default is 5.Required
start_dateTimeline start date in the format "YYYY/MM/DD".Required
end_dateTimeline end date in the format "YYYY/MM/DD".Required
order_bySorting order for alert fetch either Ascending or Descending. Possible values are: Ascending, Descending. Default is Ascending.Required
priorityFetch the events based on priority. Possible values are: high,medium,low,informational.Optional

Context Output#

PathTypeDescription
CybleEvents.Events.eventidStringReturns the event ID
CybleEvents.Events.eventtypeStringReturns the event type
CybleEvents.Events.severityNumberReturns the event severity
CybleEvents.Events.occurredDateReturns the event occurred timeline
CybleEvents.Events.nameStringReturns the alert title
CybleEvents.Events.cybleeventsnameStringReturns the event name
CybleEvents.Events.cybleeventsbucketStringReturns the event bucket name
CybleEvents.Events.cybleeventskeywordStringReturns the event keyword
CybleEvents.Events.cybleeventsaliasStringReturns the event type alias name

cyble-vision-fetch-event-detail#


Fetch Incident detail based on event type and event ID

Base Command#

cyble-vision-fetch-event-detail

Input#

Argument NameDescriptionRequired
event_typeEvent Type of the Incident.Required
event_idEvent ID of the incident.Required
fromThe value in the field represents the position of records that are retrievedRequired
limitThe value in the field represents the number of events that can be returned, maximum allowed is 50Required

Context Output#

PathTypeDescription
CybleEvents.Events.DetailsStringReturns details for given event of specific type