Cyware
  • 1 Minute to read
  • Contributors
  • Dark
    Light
  • PDF

Cyware

  • Dark
    Light
  • PDF

Overview

Cyware Security Orchestration Layer (CSOL) is a security orchestration platform that allows organizations to integrate efficient security team staff, threat response process with the organization’s security tools and related infrastructure to form a single platform.

Pre-requisites to use Cyware trigger and DNIF

Outbound access required for connectivity between DNIF Setup and Cyware

Protocol Source IP Source Port Direction Destination IP Destination Port
TCP DS,CR Any Egress Cyware_Domain Cyware_PORT
Note

The above rule assumes both request and response in enabled

Cyware trigger plugin functions

Details of the function that can be used with the Cyware trigger is given in this section.

  • create_event
    This function allows for creating an event on Cyware portal using the necessary event details.

  • Input
    Cyware RESTful API segments use many different fields within inputs to be entered.
    Name: A name of the module being raised for the event that has been created. This is denoted by $Name field of the created module.

  • Example

_fetch * from module limit 1
>>_trigger api cyware create_event $Name

  • Output

The trigger call returns output in the following structure for available data

Fields Description
$CYAppIdentifier DNIF
$CYActionIdentifier action performed by the app due to which action to be created data.
$CYTitle Title of the event.
$CYUniqueID ID of the event created.
$CYCreatedOn Timestamp for creation time of event.
$CYModified Timestamp for modification time of event.
$CYLabelsData Label data for the event.
$CYCreatedBy ID of the creator of the event.
$CYCreatedByUniqueId Unique ID of the creator of the event.
$CYFirstName First name of the creator.
$CYLastName Last name of the creator.
$CYEmail Eail of the creator.

Getting started with Cyware API and DNIF

  • Place the folder cyware.tar.gz to /var/tmp folder of host machine.

  • Login to your Data Store and Correlator containers and access DNIF container via SSH

  • Copy the files on the server from location /var/tmp to the relevant location using below commands:

cp /var/tmp/cyware.tar.gz /dnif/<D-Key>/trigger_plugins/
  • Move to the ‘/dnif/<D-Key>/trigger_plugins’ folder path.
$cd /dnif/<D-Key>/trigger_plugins/
  • Extract the cyware.tar.gz using the following command:
tar xvzf cyware.tar.gz -C /dnif/<D-Key>/trigger_plugins
  • Move to the ‘/dnif/<D-Key>/trigger_plugins/cyware/ ’ folder path, open dnifconfig.yml configuration file

  • Replace the tags: <Add_your_*> with your Cyware credentials


trigger_plugin:
  CY_ACCESS_ID: <Add_your_Cyware_Access_ID>
  CY_API_KEY: <Add_your_Cyware_API_key>
  CY_DOMAIN: <Add_your_Cyware_Domain_IP>

Was this article helpful?

What's Next