Cyware Security Orchestration Layer (CSOL) is a security orchestration platform that allows organizations to integrate efficient security team staff, threat response process with the organization’s security tools and related infrastructure to form a single platform.
Pre-requisites to use Cyware trigger and DNIF
Outbound access required for connectivity between DNIF Setup and Cyware
|Protocol||Source IP||Source Port||Direction||Destination IP||Destination Port|
The above rule assumes both request and response in enabled
Cyware trigger plugin functions
Details of the function that can be used with the Cyware trigger is given in this section.
This function allows for creating an event on Cyware portal using the necessary event details.
Cyware RESTful API segments use many different fields within inputs to be entered.
Name: A name of the module being raised for the event that has been created. This is denoted by $Name field of the created module.
_fetch * from module limit 1 >>_trigger api cyware create_event $Name
The trigger call returns output in the following structure for available data
|$CYActionIdentifier||action performed by the app due to which action to be created data.|
|$CYTitle||Title of the event.|
|$CYUniqueID||ID of the event created.|
|$CYCreatedOn||Timestamp for creation time of event.|
|$CYModified||Timestamp for modification time of event.|
|$CYLabelsData||Label data for the event.|
|$CYCreatedBy||ID of the creator of the event.|
|$CYCreatedByUniqueId||Unique ID of the creator of the event.|
|$CYFirstName||First name of the creator.|
|$CYLastName||Last name of the creator.|
|$CYEmail||Eail of the creator.|
Getting started with Cyware API and DNIF
Place the folder cyware.tar.gz to /var/tmp folder of host machine.
Login to your Data Store and Correlator containers and access DNIF container via SSH
Copy the files on the server from location /var/tmp to the relevant location using below commands:
cp /var/tmp/cyware.tar.gz /dnif/<D-Key>/trigger_plugins/
- Move to the ‘/dnif/<D-Key>/trigger_plugins’ folder path.
- Extract the cyware.tar.gz using the following command:
tar xvzf cyware.tar.gz -C /dnif/<D-Key>/trigger_plugins
Move to the ‘/dnif/<D-Key>/trigger_plugins/cyware/ ’ folder path, open dnifconfig.yml configuration file
Replace the tags: <Add_your_*> with your Cyware credentials
trigger_plugin: CY_ACCESS_ID: <Add_your_Cyware_Access_ID> CY_API_KEY: <Add_your_Cyware_API_key> CY_DOMAIN: <Add_your_Cyware_Domain_IP>