Orchestrate API Reference
Orchestrate enables security analysts to gather threat data from multiple sources and automate responses to threats and vulnerabilities through advanced workflows. This leads to faster detection, improved analysis, and efficient management of the security operations lifecycle. For more information, see Orchestrate Product Documentation.
The Orchestrate open API allows for programmatic interaction with Orchestrate services, enabling automation and integration with other systems in your environment.
Supported Orchestrate Version: 3.5.5.0 and later versions.
The API reference includes public Orchestrate API endpoints for the following modules:
What made this section unhelpful for you?
Base URL
Sample:
https://tenantname.cyware.com/soarapi/openapi/
What made this section unhelpful for you?
Authentication
Users with access to Cyware Orchestrate's Open APIs module can generate the credentials for API authentication.
Generate Open API Credentials
You can generate open API credentials in the Orchestrate application to access the open API endpoints. For more information on how to generate Open API credentials in Orchestrate, see Configure Open API.
Mandatory Query Parameters for Requests
After you have generated open API credentials, use them to authenticate your API requests. Ensure the following parameters are included in the query of each request:
- Access ID: Indicates the access ID linked to your Orchestrate Open API. For example, 57d008xx-7xxx-xx-b27a-1feb943d0xxx.
- Expires: Indicates the validity of the signature parameter. The signature becomes invalid if not used within the specified expiry duration. You can use
expires = current time + 30 secondsfor authentication. You can specify a margin of 10 to 30 seconds for expiration. - Signature: Signature is a combination of the access ID, secret key, and expiration parameters to authenticate API requests. The signature is hashed using the HMAC-SHA1 algorithm and then encoded using the Base64 scheme.
- Create a StringToSign value using the
StringToSign = access_id + \n + expiresformula. - Create a Signature value using the
Signature = Base64(HMAC-SHA1UTF-8-Encoding-Of(secret_key), UTF-8-Encoding-Of(StringToSign))formula.
The following Python code is a sample to generate a signature for endpoint authentication:
def generate_signature(access_id, secret_key):
expires = int(time.time() + 30) # expires in 30 seconds
to_sign = '{}\n{}'.format(access_id, expires)
signature = base64.b64encode(
hmac.new(
secret_key.encode('utf-8'),
to_sign.encode('utf-8'),
hashlib.sha1
).digest()).decode()
return expires, signature#Example:
#access_id = "7e4e6a9c-11ca-40f4-95af-edae017358d0"
#secret_key = "e61e92fb-bfd9-4cef-9b21-6f1e8211b77b"#Generate signature:#expires, signature = generate_signature(access_id, secret_key)Integrations
Cyware Orchestrate offers a robust App Store with a comprehensive library of apps required to integrate, orchestrate, and respond using various security tools within your organization. These integrations support tasks like threat data collection, prioritization, and other analytics, enabling a holistic approach to orchestration from a unified platform. For more information, see Integrations.
You can perform the following actions in this module:
- Retrieve App and Instance Details: Fetch details of available apps and instances, including details of a specific app and instance.
- Test Instance Connectivity: Verify the connectivity of a specific app instance to ensure successful integration.
- Retrieve App Actions and Details: Fetch a list of actions associated with an app and detailed information about each action.
- Execute App Actions: Run specific actions of an app.
- Download App Package: Download the ZIP file for a specific app to enable offline access.
- Install Custom Apps: Add new custom applications by uploading and installing app packages.
What made this section unhelpful for you?
Endpoints
GET
GET
GET
POST
GET
GET
GET
GET
POST
GET
POST
What made this section unhelpful for you?
Get Apps
Returns a list of apps from My Apps in Orchestrate.
Query Parameters
Pass a value for q to search for apps matching the query string.
Use ordering=title to sort by title or ordering=modified_at to sort by the last update date. Add - before the parameter to sort in descending order.
Pass the page number to retrieve the apps list.
Pass the number of items to retrieve per page.
Pass the user ID to retrieve a list of the apps created by a user.
Pass READY_TO_USE to list active apps, IN_PROGRESS to list the inactive apps, and INSTALLED to retrieve apps that are installed.
IN_PROGRESSREADY_TO_USEINSTALLEDPass the categories to filter apps.
AuthenticationMessagingNetwork SecurityConfiguration Management database(CMDB)Cyware ProductEndpointData Enrichment & Threat IntelligenceForensics & Malware AnalysisVulnerability ManagementCase/Ticket Management... 4 other enums
Pass false to retrieve custom apps or true to retrieve apps.
truefalsePass true to get configured apps or false to get non-configured apps.
truefalsePass true to retrieve agent-compatible apps or false to fetch apps that are not agent-compatible.
truefalsePass the created_at value to filter apps created in the last week, month, or year.
last_weeklast_monthlast_yearPass the start time in Unix time format. The list of apps created after the entered time will be returned. Example: 1655145000.
Pass the end time in Unix time format. The list of apps created before the entered time will be returned. Example: 1642530599.
Response
Response Attributes
Returns details of apps. Each object provides the details of one app.
Show child attributes
Returns the total number of apps.
Returns the link to the previous and next page.
Show child attributes
What made this section unhelpful for you?
Response
{
"results": [
{
"unique_id": "7d0bfe45-23e3-4842-a6c2-18df18ca37d1",
"title": "Example App",
"description": "The app provides helpful actions to automate small tasks.",
"app_identifier": "app",
"published_by": "Cyware",
"is_system": true,
"connector_version": "1.9.7",
"actions_count": 1,
"instances_count": 1,
"lite_enabled": true,
"documentation_url": "https://support.cyware.com/hc/en-us/articles/4415032299277-example-app",
"supported_versions": "NA",
"app_slug": "utility_1_9_7",
"is_installed": true,
"total_instance_count": 1,
"created_by": "49c5781f-ed52-4e13-ad25-9deffdfba7a8",
"modified_by": "49c5781f-ed52-4e13-ad25-9deffdfba7a8",
"app_type": "INSTALLED",
"created_at": "2024-11-05T13:31:12.322653Z",
"modified_at": "2024-11-05T13:31:41.751520Z",
"package_hash": "94b42132d1cf6cfd802d679a0236037e",
"publisher_logo_url": "https://production.cyware.com/enterprise/img/cyware_logo_composite_colored.683b73e.svg",
"logo_url": "https://production.domain.com/enterprise/img/appname_logo_composite_colored.683b73e.svg",
"download_counter": null,
"config_template": [],
"major_agent_version": "0",
"minor_agent_version": "0",
"patch_agent_version": "0",
"logo": "https://production.domain.com/enterprise/img/appname_logo_composite_colored.683b73e.svg",
"major_version": "0",
"minor_version": "0",
"patch_version": "0",
"categories": [],
"latest_installed_version": "2.0.0",
"all_installed_versions": [],
"connector_code": "",
"python_class_name": "",
"is_active": false,
"playbook_count_all_versions": 4,
"created_by_data": {
"unique_id": "49c5781f-ed52-4e13-ad25-9deffdfba7a8",
"first_name": "john",
"last_name": "doe",
"full_name": "john doe"
},
"modified_by_data": {
"unique_id": "49c5781f-ed52-4e13-ad25-9deffdfba7a8",
"first_name": "john",
"last_name": "doe",
"full_name": "john doe"
},
"actions_data": [
{
"title": "Append Content to file",
"description": "This action can be used to append content to a specific file.",
"action_identifier": "append_file",
"app_identifier": "utility",
"accepted_params": [
{
"title": "Content",
"field_key": "content",
"field_type": "text",
"description": "Enter the content you wish to append.",
"is_required": true,
"options": [],
"option_type": ""
}
],
"appinstance_set_data": [
{
"app_unique_id": "d2ef24db-e904-479c-806f-0baed192fed1",
"unique_id": "05b5c637-142a-4368-b5e3-7497e6123058",
"created_at": "2021-05-16T00:00:00Z",
"modified_at": "2021-08-25T06:34:10.697Z",
"title": "feodo tracker",
"created_by": "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx",
"modified_by": "xxxxxxxxxxxxxxxxxxxxxxxx",
"is_default": true,
"expiry_date": "2025-11-30T18:29:59Z",
"description": "Used for testing",
"tested_by": "xxxxxxxxxxxxxxxxxxxxxxxxxx",
"tested_date": "2021-08-25T06:34:10.696Z",
"connectivity_status": "ERROR",
"connectivity_message": "Connection test failed! Check the configuration and try again.",
"connector_version": "1.0.0",
"configuration": "{}",
"app_title": "Feodo Tracker",
"slug": "",
"is_removed": false,
"on_lite": false,
"csol_lite_id": "",
"connectivity_detail": "",
"status_code": "",
"lite_model": "",
"uploaded_file_data": [],
"expiry_mail_sent": false
}
]
}
]
}
],
"count": 1,
"link": {
"next": "URL",
"previous": "URL"
}
}What made this section unhelpful for you?
Get App Details
Returns the details of a specific app.
Path Parameters
Enter the unique ID of the app to retrieve its details. You can retrieve the unique IDs of apps using the Get Apps endpoint.
Response
Response Attributes
Returns the unique ID that is generated dynamically on creating the app.
Returns the title of the app.
Returns a brief description of the app.
Returns a human-readable identifier of the app. For example: abuse_ipdb.
Returns the name of the user who published the app.
Returns the date and time when the app was published.
Indicates if the app is a system app or a custom app.
Returns the version of the app.
Returns the number of actions supported in the app.
Returns the number of instances configured for the app.
Returns the supported app's API version.
Returns the configuration parameters to create an instance in the app.
Show child attributes
Returns the resource identifier of the application.
Returns the URL link for the app's logo.
Indicates if the app is installed or not.
Returns the major version of the app.
Returns the list of categories associated with the app.
Show child attributes
Returns the latest installed version of the app.
Returns all the installed versions of the app.
Show child attributes
Returns the count of instances in the app.
Returns the user ID of the user who created the app.
Returns the user ID of the user who modified the app.
Returns the app type to indicate if the app is installed, active, or inactive.
Returns the code of the app.
Returns the date and time when the app was created.
Returns the date and time the app was last modified.
Returns the hash of the app package.
Returns the URL for the logo of the app publisher.
Returns the python class name of the app.
Returns the URL of the app logo.
Returns the number of times the app is downloaded.
Indicates whether the app is compatible with the Cyware Agent or not.
Returns the URL of the app's documentation.
Returns the major version of the Cyware agent, if supported.
Returns the minor version of the Cyware agent, if supported.
Returns the current patch version of Cyware agent, if supported.
Returns the minor version of the app.
Returns the current patch version of the app.
Returns the details of the user who created the app.
Show child attributes
Returns the details of the user who last modified the app.
Show child attributes
Returns the details of the app's action.
Show child attributes
Returns the details of all the instances configured for the app.
Show child attributes
What made this section unhelpful for you?
Response
{
"unique_id": "6d9c0ec4-bdf4-4334-99a0-83fffb7c3af9",
"title": "AbuseIPDB",
"description": "This app provides integration with AbuseIPDB, a project dedicated to helping combat the spread of hackers, spammers, and abusive activity on the internet.",
"app_identifier": "abuse_ipdb",
"published_by": "Cyware",
"published_date": "2021-10-20T08:38:03Z",
"is_system": true,
"connector_version": "1.0.0",
"actions_count": 3,
"instances_count": 1,
"supported_versions": "1.0.0",
"config_template": [
{
"title": "API Token",
"field_key": "api_token",
"field_type": "text",
"description": "Input the API token for authentication.",
"is_required": true,
"valid_file_type": []
}
],
"app_slug": "abuse_ipdb_1_0_0",
"logo": "https://production.domain.com/enterprise/img/appname_logo_composite_colored.683b73e.svg",
"is_installed": true,
"major_version": "1",
"categories": [
{
"title": "Data Enrichment & Threat Intelligence",
"description": "Data Enrichment & Threat Intelligence",
"unique_id": "b429e1ed-1f78-483c-af29-e70c2381bbf2"
}
],
"latest_installed_version": "1.0.1",
"all_installed_versions": [
{
"connector_version": "1.0.1",
"app_unique_id": "04373357-8f9f-4a5e-b4e7-19d9afca60ff",
"created_at": "2021-12-01T11:06:52.916Z",
"modified_at": "2021-12-21T17:00:49.941Z",
"app_identifier": "abuse_ipdb"
}
],
"total_instance_count": 6,
"created_by": "xxxxxxxxxxxxxxxxxxxxxxxxxx",
"modified_by": "xxxxxxxxxxxxxxxxxxxxxxxxxx",
"app_type": "INSTALLED",
"connector_code": {},
"created_at": "2021-12-01T11:06:52.916Z",
"modified_at": "2021-12-21T17:00:49.941Z",
"package_hash": "0d8361da9dda1b7018d8123b3d3150aa",
"publisher_logo_url": "https://production.app.com/enterprise/img/demo_logo_composite_colored.683b73e.svg",
"python_class_name": "AbuseIpdbConnector",
"logo_url": "",
"download_counter": null,
"lite_enabled": false,
"documentation_url": "https://techdocs.cyware.com/en/index-en.html?contextId=app_name",
"major_agent_version": "0",
"minor_agent_version": "0",
"patch_agent_version": "0",
"minor_version": "1",
"patch_version": "0",
"created_by_data": {
"unique_id": "xxxxxxxxxxxxxxxxxxxxxxxx",
"first_name": "Bob",
"last_name": "David",
"full_name": "Bob David"
},
"modified_by_data": {
"unique_id": "xxxxxxxxxxxxxxxxxxxxxxxxxx",
"first_name": "Bob",
"last_name": "David",
"full_name": "Bob David"
},
"actions_data": [
{
"title": "Check Subnet Reputation",
"description": "This action can be used to get the reputation of a subnet from Abuse IPDB.",
"action_identifier": "check_cidr",
"app_identifier": "cftr_v2",
"accepted_params": [
{
"title": "IP Address Subnet",
"field_key": "network_subnet",
"field_type": "text",
"description": "Input the IP address Subnet (CIDR)\n- 127.0.0.1/26",
"is_required": true,
"options": [],
"option_type": ""
}
],
"unique_id": "52091b28-5daa-42f3-9eb9-926994a91ca5",
"app_unique_id": "6d9c0ec4-bdf4-4334-99a0-83fffb7c3af9",
"created_by": "xxxxxxxxxxxxxxxxxxxxxxxx",
"modified_by": "xxxxxxxxxxxxxxxxxxxxxxxx",
"created_at": "2021-12-01T11:06:52.943Z",
"modified_at": "2021-12-01T11:06:52.943Z",
"app_slug": "abuse_ipdb_1_0_0",
"connector_version": "1.0.0",
"app_title": "Abuse IPDB",
"system_app": true,
"return_values": []
}
],
"appinstance_set_data": [
{
"app_unique_id": "6d9c0ec4-bdf4-4334-99a0-83fffb7c3af9",
"unique_id": "23b5d0d0-4cd0-42b6-9979-aa47d98d0790",
"created_at": "2021-12-21T17:00:49.934Z",
"modified_at": "2022-01-05T08:44:22.924Z",
"title": "instance name",
"slug": "instance name",
"created_by": "xxxxxxxxxxxxxxxxxxxxxxxx",
"modified_by": "xxxxxxxxxxxxxxxxxxxxxxxx",
"is_default": true,
"description": "This istance is used to test the action",
"tested_by": "xxxxxxxxxxxxxxxxxxxxxxxx",
"tested_date": "2022-01-05T08:44:22.922Z",
"connectivity_status": "SUCCESS",
"connectivity_message": "Connection test successful!",
"connector_version": "1.0.0",
"configuration": {},
"lite_model": "PULL",
"app_title": "Abuse IPDB",
"is_removed": false,
"on_lite": false,
"csol_lite_id": "e0011ab0-af8b-44c4-b3f1-ede9143b0507",
"connectivity_detail": "",
"status_code": "",
"uploaded_file_data": [],
"expiry_mail_sent": false
}
]
}What made this section unhelpful for you?
Get App Instances
Retrieves a list of available instances for all apps. To retrieve instances of a specific app, pass the unique ID of the app.
Query Parameters
Pass the page number to retrieve the app details.
Pass the number of records to display per page.
Pass the app unique ID to retrieve the instances of the app. You can retrieve the unique ID of an app using the Get Apps endpoint. If the app ID is not passed, all available instances will be retrieved.
Response
Response Attributes
Returns details of an app instance.
Show child attributes
Returns the total number of instances in the app.
Returns the links for the previous and next pages.
Show child attributes
What made this section unhelpful for you?
Response
{
"results": [
{
"app_unique_id": "e591047c-8879-4579-b2db-f6a1eae44c15",
"unique_id": "d6a03423-52fd-479b-a79d-85102e53861f",
"created_at": "2021-06-30T20:52:29.968Z",
"modified_at": "2021-11-10T09:07:33.942Z",
"title": "UAT",
"slug": "uat_instance",
"created_by": "49c5781f-ed52-4e13-ad25-9deffdfba7a8",
"modified_by": "49c5781f-ed52-4e13-ad25-9deffdfba7a8",
"description": "new",
"tested_by": "49c5781f-ed52-4e13-ad25-9deffdfba7a8",
"tested_date": "2021-11-10T09:07:33.941Z",
"connectivity_status": "SUCCESS",
"connectivity_message": "Connection test successful!",
"connector_version": "1.0.1",
"configuration": {
"api_key": "061331ee8e0efb19dbf0c60d60e67597e91594185031b798dca24cff0810a24a"
},
"app_title": "Virus Total Alpha",
"is_removed": false,
"is_default": false,
"on_lite": false,
"csol_lite_id": "e0011ab0-af8b-44c4-b3f1-ede9143b0507 A",
"connectivity_detail": "",
"status_code": "",
"uploaded_file_data": [],
"expiry_mail_sent": false,
"tested_by_data": {
"unique_id": "49c5781f-ed52-4e13-ad25-9deffdfba7a8",
"first_name": "Bob",
"last_name": "David",
"full_name": "Bob David"
},
"created_by_data": {
"unique_id": "49c5781f-ed52-4e13-ad25-9deffdfba7a8",
"first_name": "Bob",
"last_name": "David",
"full_name": "Bob David"
},
"modified_by_data": {
"unique_id": "49c5781f-ed52-4e13-ad25-9deffdfba7a8",
"first_name": "Bob",
"last_name": "David",
"full_name": "Bob David"
}
}
],
"count": 1,
"link": {
"next": "",
"previous": ""
}
}What made this section unhelpful for you?
Create App Instance
Create an instance in a specific app.
Body Parameters
Pass true to set the instance as default.
Paas a title for the app instance.
Pass a description for the app instance.
Pass the unique ID of the app to create an instance. You can retrieve the unique IDs of apps using the Get Apps endpoint.
Pass the necessary configurations to create an instance. The required parameters vary depending on the app.
Pass the version of the app to create an instance. For example, 1.0.0. You can retrieve the supported version using the Get Apps endpoint.
Pass the expiry date of the app instance in ISO format.
Response
Response Attributes
Returns the unique ID of the app.
Returns the Unique ID of the instance.
Returns the date and time when the instance was created.
Returns the date and time when the instance was last modified.
Returns the title of the instance.
Returns the resource identifier of the instance.
Returns the user ID of the user who created the instance.
Returns the user ID of the user who last modified the instance.
Returns if the instance is a default instance or not.
Returns the expiry date of the instance.
Returns the description of the instance.
Returns the connectivity status, indicating either SUCCESS or FAIL.
Returns the version of the app.
Returns the configuration details of the instance.
Show child attributes
Returns the title of the app instance.
Indicates if the instance is deleted or not.
Indicates if the app instance is Cyware Agent compatible or not.
Returns the Cyware Agent ID.
Returns the unique ID of the user who tested the instance.
Returns the message elaborating the connectivity status of the instance. For example, Authentication successful.
Returns the details related to the connectivity of the instance.
Returns the status code based on the status of the instance.
Returns the uploaded file data if a file is uploaded to create an instance.
Returns if the instance expiry email is sent to the users or not.
Returns the details of the user who tested the instance.
Show child attributes
Returns the details of the user who created the instance.
Show child attributes
Returns the details of the user who last modified the instance.
Show child attributes
What made this section unhelpful for you?
Response
{
"app_unique_id": "a1027657-4e63-49d2-b3c9-e29949d02359",
"unique_id": "dcc1b286-b34f-4f87-a662-3ef45d4aefa9",
"created_at": "2022-07-27T11:02:22.496Z",
"modified_at": "2022-07-27T11:02:22.496Z",
"title": "Final Test",
"slug": "final_test",
"created_by": "bf62bdbe-c280-4882-b947-c750b31062fb",
"modified_by": "bf62bdbe-c280-4882-b947-c750b31062fb",
"is_default": true,
"expiry_date": "2025-01-01T00:00:00Z",
"description": "instance description",
"connectivity_status": "UNTESTED",
"connector_version": "2.2.2",
"configuration": {
"token": "*******"
},
"app_title": "App",
"is_removed": false,
"on_lite": false,
"csol_lite_id": "",
"tested_by": "",
"connectivity_message": "",
"connectivity_detail": "",
"status_code": "",
"uploaded_file_data": [],
"expiry_mail_sent": false,
"tested_by_data": {
"first_name": "John ",
"last_name": "Doe"
},
"created_by_data": {
"unique_id": "bf62bdbe-c280-4882-b947-c750b31062fb",
"first_name": "Jon",
"last_name": "Doe",
"full_name": "Jon Doe"
},
"modified_by_data": {
"unique_id": "bf62bdbe-c280-4882-b947-c750b31062fb",
"first_name": "Jon",
"last_name": "Doe",
"full_name": "Jon Doe"
}
}What made this section unhelpful for you?
Get App Instance Details
Returns the details of a specific instance.
Path Parameters
Pass the unique ID of the instance to retrieve details of the app instance. Example: d6a03423-52fd-479b-a79d-85102e53861. You can retrieve the instance ID using the Get App Instances endpoint.
Response
Response Attributes
Returns the unique ID of the app.
Returns the unique ID of the instance.
Returns date and time when the instance was created.
Returns date and time when the instance was last modified.
Returns the title of the instance.
Returns the resource identifier of the instance.
Returns the unique ID of the user who created the instance.
Returns the unique ID of the user who last modified the instance.
Returns the description of the instance.
Returns the unique ID of the user who tested the instance.
Returns the date and time when the app was tested.
Returns the connectivity status, indicating either SUCCESS or FAIL.
Returns the message elaborating the connectivity status. For example, Authentication successful.
Returns the app version.
Returns the configuration details of the instance.
Show child attributes
Retrieves the title of the application associated with the instance.
Indicates if the instance is deleted or not.
Returns if the instance is a default instance or not.
Indicates if the instance of the app is supported on the Cyware Agent.
Returns the Cyware agent ID associated with the instance.
Returns the details related to the instance connectivity.
Returns the status code based on the status of the instance.
Returns the file data if uploaded while creating the instance.
Returns if the instance expiry email is sent or not.
Returns the details of the user who tested the instance.
Show child attributes
Returns the details of the user who created the instance.
Show child attributes
Returns the details of the user who last modified the instance.
Show child attributes
What made this section unhelpful for you?
Response
{
"app_unique_id": "e591047c-8879-4579-b2db-f6a1eae44c15",
"unique_id": "d6a03423-52fd-479b-a79d-85102e53861f",
"created_at": "2021-06-30T20:52:29.968Z",
"modified_at": "2021-11-10T09:07:33.942Z",
"title": "uat",
"slug": "uat_instance",
"created_by": "49c5781f-ed52-4e13-ad25-9deffdfba7a8",
"modified_by": "49c5781f-ed52-4e13-ad25-9deffdfba7a8",
"description": "new",
"tested_by": "49c5781f-ed52-4e13-ad25-9deffdfba7a8",
"tested_date": "2021-11-10T09:07:33.941Z",
"connectivity_status": "SUCCESS",
"connectivity_message": "Connection test successful!",
"connector_version": "1.0.1",
"configuration": {
"api_key": "061331ee8e0efb19dbf0c60d60e67597e91594185031b798dca24cff0810a24a"
},
"app_title": "Virus Total Alpha",
"is_removed": false,
"is_default": false,
"on_lite": false,
"csol_lite_id": "",
"connectivity_detail": "",
"status_code": "",
"uploaded_file_data": [],
"expiry_mail_sent": false,
"tested_by_data": {
"unique_id": "49c5781f-ed52-4e13-ad25-9deffdfba7a8",
"first_name": "Bob",
"last_name": "David",
"full_name": "Bob David"
},
"created_by_data": {
"unique_id": "49c5781f-ed52-4e13-ad25-9deffdfba7a8",
"first_name": "Bob",
"last_name": "David",
"full_name": "Bob David"
},
"modified_by_data": {
"unique_id": "49c5781f-ed52-4e13-ad25-9deffdfba7a8",
"first_name": "Bob",
"last_name": "David",
"full_name": "Bob David"
}
}What made this section unhelpful for you?
Test App Instance Connectivity
Verify the connectivity of an app instance.
Path Parameters
Enter the unique ID of the instance to test the connectivity. Example: d6a03423-52fd-479b-a79d-85102e53861f. You can retrieve the instance ID using the Get App Instances endpoint.
Response
Response Attributes
Returns the message conveying the connectivity status.
Returns the connectivity status, indicating either SUCCESS or FAIL.
Returns the details related to the connectivity.
Returns the unique ID of the user who tested the app instance.
Returns the date and time of when the instance was tested.
Returns the title of the app instance.
Returns the status code based on the status of the instance.
Indicates if the app instance is agent compatible or not.
Returns the unique ID of the app instance.
Returns the details of the user who tested the instance.
Show child attributes
What made this section unhelpful for you?
Response
{
"connectivity_message": "Authentication successful",
"connectivity_status": "SUCCESS",
"connectivity_detail": null,
"tested_by": "bf62bdbe-c280-4882-b947-c750b31062fb",
"tested_date": "2022-07-26T13:31:11.811507596Z",
"title": "Instance",
"status_code": "",
"is_lite": false,
"unique_id": "instance-unique-id",
"tested_by_data": {
"unique_id": "bf62bdbe-c280-4882-b947-c750b31062fb",
"first_name": "Jon",
"last_name": "Doe",
"full_name": "Jon Doe"
}
}What made this section unhelpful for you?
Get App Actions
Returns a list of all available actions from all apps. To retrieve actions of a specific app, pass the Unique ID of the app.
Query Parameters
Pass the unique ID of the app to retrieve the list of actions. Example: f8f6af0e-35c8-48e3-8cda-d0fe61476441. You can retrieve the unique ID of an app using the Get Apps endpoint.
Pass the page number to retrieve the app actions list.
Pass the number of items to view per page.
Response
Response Attributes
Returns details of app actions. Each object provides the details of one app action.
Show child attributes
Returns the number of actions in the app.
Returns the link to the previous and next page
Show child attributes
What made this section unhelpful for you?
Response
{
"results": [
{
"title": " Get Bucket Lifecycle",
"description": "This action retrieves the lifecycle configuration information of a bucket.",
"action_identifier": "aws_s3_get_bucket_lifecycle",
"app_identifier": "aws_s3",
"return_values": [
{
"title": "Rules",
"description": "This path is used to retrieve Rules from the action response.",
"data_source": "Rules"
}
],
"accepted_params": [
{
"title": "Bucket Name",
"field_key": "bucket_name",
"field_type": "text",
"description": "Enter name of bucket.(E.g.\"testingbucket\")",
"is_required": true,
"options": [],
"option_type": ""
}
],
"unique_id": "ecd9c2d4-2443-44d0-ba9c-6f927e02fdcc",
"app_unique_id": "f8f6af0e-35c8-48e3-8cda-d0fe61476441",
"created_by": "49c5781f-ed52-4e13-ad25-9deffdfba7a8",
"modified_by": "49c5781f-ed52-4e13-ad25-9deffdfba7a8",
"created_at": "2022-01-18T11:32:10.091Z",
"modified_at": "2022-01-18T11:32:10.091Z",
"app_slug": "aws_s3_1_1_0",
"connector_version": "1.1.0",
"app_title": "AWS S3",
"system_app": true,
"created_by_data": {
"unique_id": "f7caf369-bf63-44a9-a8f9-b9f7605f4916",
"first_name": "Bob",
"last_name": "David",
"full_name": "Bob David"
},
"modified_by_data": {
"unique_id": "f7caf369-bf63-44a9-a8f9-b9f7605f4916",
"first_name": "Bob",
"last_name": "David",
"full_name": "Bob David"
}
}
],
"count": 1,
"link": {
"next": "/integrations/app-action/?page=2&page_size=10&AccessID=75c235d2-c096-43ff-817b-2e137e2cdd4c&Signature=bhCSACuhvtudS55QJCULNuJFkJA=&Expires=1642567435",
"previous": ""
}
}What made this section unhelpful for you?
Get Action Details
Returns the details of a specific action.
Path Parameters
Pass the unique ID of the action to retrieve the action details. Example: 52091b28-5daa-42f3-9eb9-926994a91ca5. You can retrieve unique ID of an action using the Get App Actions endpoint.
Response
Response Attributes
Returns the title of the app action.
Returns the description of the action.
Returns the unique identifier of the action.
Returns the unique identifier of the app associated with the action.
Returns the details of the accepted parameters to execute the action.
Show child attributes
Returns the unique ID of the action.
Returns the unique ID of the app associated with the action.
Returns the unique ID of the user who created the action.
Returns the unique ID of the user who last modified the action.
Returns the date and time when the action was created.
Returns the date and time when the action was last modified.
Returns the resource identifier of the app associated with the action.
Returns the app version.
Returns the title of the app.
Returns the details of the response parameters you will receive after the action is executed.
Returns true if the app is a Cyware app or false if the app is a custom app.
Returns the details of the user who created the action.
Show child attributes
Returns the details of the user who last modified the action.
Show child attributes
What made this section unhelpful for you?
Response
{
"title": "Action to scan URL",
"description": "Enter a valid url to scan",
"action_identifier": "url_scan",
"app_identifier": "virus_total_alpha",
"accepted_params": [
{
"title": "url",
"field_key": "url",
"field_type": "any",
"description": "Check for malicious activity",
"is_required": false,
"options": [],
"option_type": ""
}
],
"unique_id": "09ee5c03-32d1-4a96-9223-e0bf15c9f9bf",
"app_unique_id": "e591047c-8879-4579-b2db-f6a1eae44c15",
"created_by": "49c5781f-ed52-4e13-ad25-9deffdfba7a8",
"modified_by": "49c5781f-ed52-4e13-ad25-9deffdfba7a8",
"created_at": "2021-06-30T20:48:22.273Z",
"modified_at": "2021-09-28T08:47:58.328Z",
"app_slug": "virus_total_alpha_1_0_1",
"connector_version": "1.0.1",
"app_title": "Virus Total Alpha",
"return_values": [],
"system_app": false,
"created_by_data": {
"unique_id": "49c5781f-ed52-4e13-ad25-9deffdfba7a8",
"first_name": "Bob",
"last_name": "David",
"full_name": "Bob David"
},
"modified_by_data": {
"unique_id": "49c5781f-ed52-4e13-ad25-9deffdfba7a8",
"first_name": "Bob",
"last_name": "David",
"full_name": "Bob David"
}
}What made this section unhelpful for you?
Execute Action
Execute an app action by passing the required parameters in the payload.
Body Parameters
Pass the identifier of the app. For example, abuse_ipdb. You can use the Get Apps endpoint to retrieve the identifier of an app.
Pass the unique identifier of the action. For example, check_ip_address. You can use the Get App Actions endpoint to retrieve the identifier of an action.
Pass the parameters required to execute the action. You can retrieve the details of the required parameters of the action using the Get Action Details endpoint.
Show child attributes
Pass the resource identifier of the app instance to execute an action. You can retrieve the identifier of an instance using the Get App Instances endpoint.
Response
Response Attributes
Returns the results of the executed action, with response details varying based on the specific action performed.
Show child attributes
Returns the status of the action execution.
SUCCESSERRORWAITINGUNTESTEDWhat made this section unhelpful for you?
Response
{
"result": {
"result": {
"filescan_id": {},
"permalink": "https://www.virustotal.com/gui/url/cf4b367e49bf0b22041c6f065f4aa19f3cfe39c8d5abc0617343d1a66c6a26f5/detection/u-cf4b367e49bf0b22041c6f065f4aa19f3cfe39c8d5abc0617343d1a66c6a26f5-1642656275",
"resource": "google.com",
"response_code": 1,
"scans": {},
"total": 93,
"url": "http://google.com/"
},
"status_code": 200
},
"execution_status": "SUCCESS"
}What made this section unhelpful for you?
Download App Package
Download the app's ZIP file by entering the app identifier. You can save the response as a ZIP file to your device.
Path Parameters
Pass the app's unique resource identifier to generate a downloadable response file. Example: abuse_ipdb_1_1_0. You can retrieve the app slug of an app using the Get Apps endpoint.
Response
What made this section unhelpful for you?
Response
PK
connector.py#!/usr/bin/env python
import requests
"""
Description: Abuse IPDB API Integration.
Reference: https://docs.abuseipdb.com/#introduction
API Version - V2
Authentication Type - API Token based normal Authentication
"""
class AbuseIpdbConnector(object):
"""
an object which make request on your behalf
"""
def __init__(self, api_token, **kwargs):
"""
description: init function
:param api_token: api token
:param kwargs:
"""
api_version = "v2"
url = "https://api.abuseipdb.com/api"
self.base_url = "{0}/{1}".format(url, api_version)
self.api_token = api_token
def test_connection(self, **kwargs):
"""
description: test connection
:param kwargs:
:return:
"""
try:
endpoint = self.base_url
response = requests.request("GET", endpoint)
if response.status_code < 500:
return True
else:
return False
except KeyError:
return False
def action_check_ip_address(self, ip_address, detailed_report=False,
get_report_since=30, **kwargs):
"""
description: check ip address(v4/v6) reputation
:param ip_address: ip address
:param detailed_report: Want to include Detailed Report or not in response,
Default value is False.
:param get_report_since: determines how far back in time want to go to fetch
reports. Default is '30' Days, min: 1 day, max: 365 days
:param kwargs:
:return:
"""
endpoint = "check"
query_string = {
"ipAddress": ip_address,
"verbose": detailed_report,
"maxAgeInDays": get_report_since
}
response = self.request_handler("GET", endpoint,
query_params=query_string)
return response
def action_check_cidr(self, network_subnet, get_report_since=30, **kwargs):
"""
description: check subnet(v4/v6) reputation
:param network_subnet: accept cidr in format like: "127.0.0.1/26"
:param get_report_since: determines how far back in time want to go to fetch
reports. Default: '30' Days, min: 1 day, max: 365 days
:param kwargs:
:return:
"""
endpoint = "check-block"
query_string = {
"network": network_subnet,
"maxAgeInDays": get_report_since
}
response = self.request_handler("GET", endpoint,
query_params=query_string)
return response
def action_report_ip_address(self, ip_address, categories,
description=None, **kwargs):
"""
description: report ip address
:param ip_address:
:param categories: comma separated categories of IP to report.
example: 3,6,10
3-Fraud Orders, 4-DDoS Attack,
5-FTP Brute-Force, 6-Ping of Death,
7-Phishing, 8-Fraud VoIP, 9-Open Proxy,
10-Web Spam, 11-Email Spam,
12-Blog Spam 13-VPN IP,
14-Port Scan, 15-Hacking
16-SQL Injection, 17-Spoofing,
18-Brute-Force, 19-Bad Web Bot,
20-Exploited Host, 21-Web App Attack
22-SSH, 23-IoT Targeted
:param description: add some description about ip address
:param kwargs:
:return:
"""
endpoint = "report"
payload = {
"ip": ip_address,
"categories": categories,
"comment": description
}
response = self.request_handler("POST", endpoint, payload=payload)
return response
def request_handler(self, method, endpoint, query_params=None,
payload=None, **kwargs):
"""
description: function used for handling request and response
:param method: http method
:param endpoint: api request endpoint
:param query_params: query params
:param payload: payload
:param kwargs:
:return:
"""
try:
url = "{0}/{1}".format(self.base_url, endpoint)
headers = {
"Accept": "application/json",
"Key": self.api_token
}
if method == "GET":
response = requests.request("GET", url, params=query_params,
headers=headers)
elif method == "POST":
response = requests.request("POST", url, json=payload,
headers=headers)
else:
method_error = "Invalid Method {0} Requested!".format(method)
return {"result": method_error, "execution_status": "ERROR"}
if response.ok:
response_json = response.json()
return {"result": response_json, "execution_status": "SUCCESS"}
elif response.status_code == 422 or response.status_code == 429:
response_message = response.json()
return {"result": response_message, "execution_status": "ERROR"}
else:
response_error = response.text
return {"result": response_error, "execution_status": "ERROR"}
except Exception as e:
exception_error = str(e)
return {"result": exception_error, "execution_status": "ERROR"}
PKv��PKLogo_abuse_ipdb.png�PNG
IHDR�`|'�tEXtSoftwareAdobe ImageReadyq�e<*HIDATx��] xTU��_��BB@vHd�4 �J�E� m��"�ilm�[�m�B���ݎ��L�[�pA8�� A\@@�l"["��%��w�#ERUᆰWIU��ǡ���[�����{���z������k�V���
��Aj�%��$�O���C֒�*��du�ΐ��#�N֚�
��P�dM��t�f��N}�Qǁ�z@�d�m
g���/�>���s������I*ˊ׀���H
�}d�D��
�OY^*�#�.���m7YO����
Ț��@vL^�J��
���X%�+٠T�!�`��o���lr�M~��q�D6G�8���Ud ����BCCCC�
��D�+��s}�aE�<
�G�
Oo�'�����LIhgu�����V$�p���F@�h���@zi3��[`�v�M�<��n*��Z������+5Z+�
0�0�xp�<}5_+2
�+��8���D�`��B�x�Лm)�}���
W��&�5�
p[�VTRd�@�π@ ���GCCC��X"�o�W��:�9���}���z����0��Y5����Z@u�})5�z�ܩ���������d�j�nBU��:���Z=��9����D�V
m
��
XC:T�x���<Y�� �� ��
�������u�����m�����T����D��i��^�9��t�����F�!�����"�0$�
�����Y ��؞"�D;�9^n} �i�C�Y�d2"�tzMvzк@��=��b�[����Јa{�A��Z"h������>
��XD_mm [���Җ��{��������P$q���-���<�>���nR���zb �B��]E$�
������d��>y���>#�~ �����"��#�:�E
�hhhh\�f�����U�cV[����y�A �Iv����8��2���WG�JS]j/1�y�nV�A`qM�?w
���x�� �w�
�� �]��:9L��_�^_�y����D�A��J�����F�QN-�Wة�|���̀�
�G�0�V��
���ޣȞ�,jH�2
譲Sm�^ ��(?�MLCCC#:ؿv'�S<�I���"b��('/_,{
�x��i�Z@��B�u�MLCCC�����
x��
e��p
�,�&��
�ĩb�.ΣȪ�:�%�xY���?�C��P1��"���b�.�8N6�ʽ����$s�+8��Lc��+E`�N��4444�����+�b5sΰ:��o0
�h�#2�M��R����E#�.��͂��!֏d��u&[��S8%/%ƙ��B(�=����߈H�
�_�K� �����1j��^�O ������� L"�
��:!L���J
��>xJt��[߿ Ȑ�UcI:��q'�>��,�����Ƥ�k���J��>u��咗�;��l��M�30`�����ihhhD��j��"�?6�&d4�%XA
��>!��%ז �0
�^�7T��#:&2�_L$� ��R�L
���E"��w���<��'˧�
t�����pN�8n�Y�����@�׀��\c���d�X� �MHH`+�^�z �ZI��̬��9�F�p��r��?�mH�2~�$*x�i
M`�}�2"5�:��d���*��RBʫ����g�z/^��ڵk�Q�FHIIAbb"jԨ"4���-��]b� ������mx�=�
G�|�44444� �}�#0����b"�b�ps��N�H��K())��s�p��Q�߿ �N����1��u��hժ4hRi������s���"�'T6�d�K/��4444Qv���dЖ��dd���
��Q����֮
$�
QضZ�j�Z�j��N�:���u�y� ?�ӧO���q�� ��3g,2�H�����
"�S�p�*�)x��~ ��eW�����*�;W�o�y��Ejhhh(�\G}?�~mG^�5�;{�g�N?
��
<[C,ji
�'5��
"��v*���8q��,""2�2��*cBce�v��&3/�����U�^
���3RSSq��a,^��K��ك��^� ����[�?
�t�J��Dw`���-D�G
���P�;�n�C����Ԟ��m��K��?%Db��Q�
ӝh�M$�d�1�Աc�
2�h�m1�Y
�nݺFRR�9�ƪ���6n܈m۶1yY���
1��tLl�W���������I2/��ڃD`���0
5�s!���
�g�{�/��L`�A��&�� ����:�
�=����M�j�8��"?Ib�Dl����Y��5.8�s WхhN��
f��K��\�� �<Ǔ���~��v!jhhh�F`�O�w��R�>�@
2��g����w�Z ��%@S'3�yL�d_�q?ev�Ȃ�#9�'w9�F/�����D1m. H��~��W��#07".6�A�W�>���2�n`t�<�Mr�9�V�Pl/����1B���g�~Oeȏ�5:�1���S6?e͂>�
|L�N}9�
1����
��v�E�����t"�sK���;��)���͘u���D$$�J����Jo8$2ގ3�<J��� e�z�����`]
��C�#�2q�S�6�Q��E����
��RQ�zL�W8�
�_fDI������L����|a
7-B�u�N��K�N���}q�¥�C�Y�$r/ݍ�a������=*c�=���
��*���p�`'F�3N?;��b�1<�ٲa��m�����N#7�:���(+[�|h�����Z���y���*xf)��J`�iz
U�|��"�-d�Cz�8�"�케ʙ���B�;�����=�
���F��
� �Fᄔ�IŦ����鮕��hBFU��r�C1��DŲS�^��6����a!C ����k�݉uC��P ���� $���7N�u�����`'���$Г��Js
�$9�M�0
��$�}��(&�`u���$Z�� �煶��"��
(ݬSB�Zzߗ�I����u��������!�-_ĢEg�FR������ LC#4�F��nf�)1�:-G`q�2��L@&�p��پ�L����79�$;� ʮ ٻKb�>���I��� x�XxZ��|��v��+pX(�9t_���ҙ�e̍�av'
�/axQH�t�,���@�n�T��W��f"�
��=
�^�Z���$��J�VLz% ^b��>����Sz�q�M.�;+�}s��Qu�La�t8w��#�p#�O�|�D���@�̸�Y��vHC�g�I�2�e+!���@�M��xK��u�
�J�&"��qq�U/*��[��k%���f�
�R��� Q1�����b�1��O",��1��
�p�&�ЈJ��%��d��*Sv�����
W�9,_�<�8�����0�_�\�<�;IO�
�zMbק�s�#��@�j6�C��}h�)�"^�e7�p��"���$6�iN�Z�)�[{O�Ǜ�뙤�W&-^W��n߾
�ϟ�Gb�u�̔�ꠍ�
F`�>ӊ]�9e�H
�0Y��z44� ����
��
�@�V�9, ��]�3��R)c�ܶ2���^�|�H��9��V7�}� ���
;�6������Y-��Yw�w�ax�)g�B�ӧ1���h^�67n�&M��iӦhٲ�i
��ؽ{��eɷ���c������
��@S�LYp7ư�t���qQ��)T�*������6O���D��Q!{��
����H��[�o�94�
)�%b��_C$Ӱ�8)���{o�x������X_�H�n�1#=�[\�.�yI���g�
���r#f���0����7�Ŕ6�h�&��F�᩸�\ �!|�]mx$2s�\C���W��.�|��P�4d=��t
�����F��q
��
��$��]�ۙ�
�o�ۙQ^F&����9QPln�SBٱ
�����@�Z,��1��^
"�R�x2q~I ��#�0���V}��<Db��Z�Ç����n�.��R�J\�`����㝃l�4&K��STN)�T8V�����
D��I�{f��Ӗa�Km6�z�
/Y�{��+�l*
+�P�[d&�/�FU��1*�O�9U�!C�]D��N����*��u'���T΅��&�����M�cW�ɢ�r��HI^�J�!ENp`G���dA�����Њ���[#E^ֵ�t�Fl��vh+rF���QEr�V��*,3�|�]
��ގ'gΈ�T9vu�)��t��c���B��%�9I��ˤ�K
��Re���t�R���*#
ʪ�N���H�D��I�����g�?^��
R��K\�XOǸYq�f
�|3r�Ĭk��)�
Ǥ�D��� f(D+���
c��k� �_�Pta5^9@>%������:�I��<8�F�������#��
n���JU���$Ѫ��G��=�R�����;
�#��Idig7NK7����p���I,B��
�Ǭ�j�S_� x���v�`c�6˲4�
�V_e��TTX� l"B�p틮�Lb��"1��$�(��t�u�H�U1S��+�}��Z� =
ھݘ}�~���Q�F������C~�����< |���b%փl��}x����Y�
�W���g�}�Rb^Yww�}=
x���!�+S��S�6
�a����
�d
}o,�a�ތ��
]
�N�4D6��%ہ�Ę�8�"�
�Ce�Z�& l�
܊��_Q�q6�^; �B�P�-Z࣏>u�ƬY����χ�!�;�Ş�+��zb��<�d�_�y����x�7p�إ�N�:��k@����ǁ?���[���6ם��*�
O�����*:�H</9��6��"'����"�L�dE���M�B��
��k
��ꦰ����+��́�[uY�Y%8�
����NA���'k��,>�Zb��祹
m�����@�/��&L���3g����q��Q�D�1m�x5(���s䢘I̬��={?�0F�a��stc�����A
����վ��X
��ra>��i�XEe�(�e�aEF�� ab+
����%o�cA\��L
�F�+G��x� ۗ��B�V��c�%T���ꎊ�'���P�]#t S����#�@�k3.[�Xe��Ѯ]�K :v��
w�}7-Zd|���ʕ+�E�
%2�Y�yegCui�[}�X�i5j�������Q�0t�PT�VZE\
�؟l�
��
,]�vB@������`v�h�?��\�I:
����e�,[�2�r��RcE�IrN�!�I����U�ͱ�\E*����:YR����Bg�V�g�#���4���:��F�ر��s�6,G`���I�s��W�N�;��~ڱc��ڵkc�ȑ3f
6l�`|���ظq��e�l۶�+C��b��gJ/�����-�
"���+�KJ�M�6Fzz:
��Ç3��=�֭[�NU"����?�^��� �t�6;�U�Ԉ��ʱ���J$0n�6
�1����Сd�H'bG*I�s9f�]v�-��
$���nS�=gס�߳�8ZW���u�4Bǝ�s���d��iT"�]d��\m(�����8;F||<.\�pI�4k�
�G�6�/..��ݻ�M�6q�B��
�v���߿ EEE�߭soщ|�)�e�N�?9)W_��mۚ���n@�>}P����o�Q9����F;�?6�,�pp&
S��%�H*�I*�)eG=I��J�re�U;Ւ+�*u��ҩ(
���w��6~��栰�m���
Gv���VO�J�p���քb&-I@B�H=r��9Ӭ�)))�
4h��w������G�b�������q��Ip��L�~Α#h��v�݉yM��ƛo�q����������-56h� �ش����8����|u�cv>��)�cr���L1$�H6}�a5�V^��P��C��}Cu�ّJ�j����(H�L�7b�u%�8�`"㶙�^=~:�3e�����^�����q��YԬY���Ɋ�����ӧM�V�^=S1=�����/�v�Z0�}�s'v��*�$�̧nތ�;���M�Y���v
8P��G0�)��b3cT`
�EJ}���d�Df�e!��*ד�w���Bզ
l����[f!�
7���S���>
U��X�k���,���#��@�y��}�����l����$�iժ����2�Y��ˣ��c�ř����L�u��A��,�dKR�m���(
=�6o.���L����Þ={JB��W�
1
:=a/�C���]PC��?Y�|E.��EH��J'j���"4�m}��u�}�˿O�����kk�"8k�[B[�{���EL�*o�O��X����ѣGc���f"+1&!&%_�R��<�
F����b�y��<�0߂Hlט1�?{6�q'��{�����
/�#%f�����5m��z� +Q}��0�9a�.6�P\.*
j�d�Ȗu�|���Iw# W%k�
�p�d73�TVn�G���2���B\В���,��w�rF2���X�BJ��=|��wڴiƂ
��۷����EVV�:dҰ#4V^��-:�q7z<h}���$�2? �F���w�A�v��j�*s�unn.�)�&.
��m�XF-�!���@���
�Q�B����<��F&��ύ25�)�
Qٙ#��t�6�_Im�ϛ%��Sx��F���r֒�ҋ@ϸ2�rV��Pz_"۴i���'�4���0d����9�ռys$&&�$�A
���.<ߕ�y?���wމ
��5Db�O�ePl�n
V�|3F5m���|�W��j�N������X������r*�_�� qj�{72>�+���L����13���5}�٩�*h��P�?_F۩�T�D�� �z�9�'��� �G�
�E�\�ٽ
?{�l/�
KOO7Z�nm��jذ�IV ��ۑI,99�t!�g�Xׯ��T\���QC��z
8�G�x��ۿ&σ j�>��!���+�Cr33G4�&ΑJ9[ѥ�������5}����̈�l��
�A l3�k�7�C\��,#�0�.����b/O&�=��s�8P��z���%�Q��i�7v9��4����F�ja��S���(��d�ѥ�����M�Z���f;�7>�
��?Y
��6�w��4����ҥ���O��*[��0GO����B`�D��
��2U�/�}�!+/�w9��(�Y�-�
ѓ���x\��ĉ�<a��0�;��|��>3c� .�+h��6%�Ez �q1vԗ��
�}bv>�$3w�t�dH2����CTy��'u=W*�PL/�f�`�
���)N��Ɩ��~�l�H��
�6Ɍ
+����ry
�"�a�g�73���q
��U6�
��a�tś!Z�r�!3+
�
�1e�sf�@h�!�I��r�JP�#���wU��.k�
�a-��?fbI�:Ċ�>*,�a��|�a-�qa=�nT?�l�!���{���U��G����!L�VIG�9 �Ј:�px,��sG�����A-�o����XS_6͉����wA��Ǘ�
���@�>��4�-�w�F�p�^�$f*�:���;���B
���H)4 N�L�\p
�+�y��9���]t��97� )e���p]��:O��d3�N��'�<9nƿ��(F�o�A��ꗿO�lZ�U8yq�U��̈�rg+���fmD
�6"����q(���\8U��7�݉=`�g��ž/J�sJb܊�EA�n��D��W]6f��=���(�O8Y�P��SuA�CJR
w
�~�ՏSm�C�w�D��Ђ{�l�#��$� ����ړkRY�L�դȔ����&j����)�j`����I�^;@'<�l!�m�뼘��ەD���
���G�[�ޗщG��/�n��
$
Iz�qpX�U��ܘd)יZ�q7
REd#1�ޔJ��T��Y�����}(T(t4�d�`�B'��@�˂ԗ�ˉ'E���>iA��5 �/��ukDe�t�Y9�#V�+��e�[ː��j����;5��-};{ �bk?nD
7��Dkz�IB�
bL͵
��*[ ��q���0ݦ�ъ$�n�i
��8���_N���[@2I�X�%
��[���*�4U�̜֤c��x�e�9_��~��FHIy%��=�X��߲��
��� i�u���C���,UY�٥�A�~�vIk�U�d?��� b=�h&2v'��Z�0G��@Ibc���g$
���6ǁ��I��
ZueX�LN.T騳�Nfߵ��}�0���T�,�6Yx�\fƷ,n���V(G�� ��:.�f=����W��6eY�X�u�,y(�s��
��'�r�1Z�r}[�(� |l5�#b�ˀ� �n<>
x�>��Hb�M�Dkmptb?���a{��)ȼ2Vu��
�ο�t�A��)����p;|\���^f% ��(]�m�!^ӥk��ϳMt����^S
�c�$���m�b
=�[�����U��RY�q����
��T�Cl.(p�P;�Y�����P�dk��G_�D6��
Da��F"���8�g���ژ@�S���}
�A�
�Z��"U4������ֹT�B՛S�;xs�
���ixYt\*O��.�K�eЈ\�g�肛�=�{�(��l1�36�t�S�ȕW�ľ �C�N�q����!v��Ĩ��Ի��������
�,��O�������.;U�
l�b�
�
��������txs�u�
8_/�,�x�Wv�%�Ɉ��r�Y�c^�1X�|
�U)G`����/Tu��;���
���d���
d#��Cd
D��q�TbN�)�
%�������A���,\I�v�����Y��W$�s�I�a��dZ�&��x�z�}F$fu�a�l�c!㺛���6�)q���s�U
����V1:�5_��A ʫ)
��$�#=I5$�N7`��#�W��7��!���؟�[��eǬ���ur��2��n۟#�������XUć ���JP\uY�d�!��D�X��-�'����4
���w�P��t��Aʓ-�
���H�.��PǛ���yseY�Vt4BV,y�
̍��n3���Rz��x�O����"U`@T��00�h�8S�\��^_����̈́w�Cs�.7�Kh�R3Ϲ�^9/T3vt���%R���E���������#�>�
���e�V�?
8��eJ�(CfE����q��%CY�<g��B�����:���ɒ�;3��KK
�
���-%.�'C>De��%5@��S�P��*t*�n�/��o �s�Ŷ� �lx�,7�H���y�Ds��pP�����h��ВW��
ޘ �Ow�D6X�$�P��"q�N~�3�Y�:�+a9��
��7��b����
����w�؞�"�qȎ�|�˘���Y��f�Hiu-�
�:.\7�0�"\1�U �{�D��F>̬v)=dx��T铂�΅~U�����2�*������6l�6xk80j��l�B<FL��4�>��*qLS�1�X��W�b\Zl����1�O���
�r�\���884�Dno�^D�
쏁���%�|�PP��@d}v�p
�MNCCC�
�
�����0p�"!���@� �.�N����rq�?ɥyӀ�g��D
�������F�)0Ƒρ{H�,HR��
�
�?�>������0���?yH�=
���?A"�I� �B�}��`�
In�ۛ���F��"����*K�H��]*�E=:AD�p��?o"��i�Q��9
l�(���MMCCC#:����k7N���}
xh}�UR
н��u�;?FA�����Ј"c�[,U%�d�!���������H
M�
)�o(�$�/�yS�u���Ј
.hi+�{!pk
��N@�8E��
<H
e�B`�)RecE�|�����%У����z���G��jhhhh&.�ݶXY����7�nrz�d�=K�p���A�'=
�W)/R���� 覥�����8����I�$Rn��������_�_�|���q��#��T�f��
v| �Mo��f����y��*�����)0���eS���i�s���������;)�vy�H��zp��
݀�
�0�n��E�}Dzkt����Ј=�p�4"���M
�H/�=)9/�1�w����"s;���х���i��'�D:5�8�WT�7� �l54444b��Sf�G��;]����$��*�*&�
�� &B�$[K�b��@�9��"~23h�{0�,��i-"ʄ0/��ջ
x���/��
M`!b1�X����[�C\��Z����GضD��ú{o'�ȥV�B�\�|""*�����W�(�NK��uf10��e݄4444�
�ɾ
I����[[�~�Q#�2�Tp��{����\J�o p�`�5��hhhhT**t��5@�U���b)���N��g��H�uK��54444�cp4�-@�B��c��$�������u@
�,"W�Y����t"����s��R��8�
xq�X
�7dgts���Ј
T��so ��
�k�JR�+�T9����Q��A`�^�*�+uG8jhhhh\�fa���D
�
���:����%D�LX
�_L����ם��l��BCCCC�SN�4L�2
:���XRH
%�j��'Hl
�"�s������VR~�uS������X
͑6e;G$vMw"���nDdW���kr
[m�;�;/�{\(����C;��������y�{��k�D����"
�`d������z^�ot�
hM�\M�14H]��!;
(�|��Xv5���/&9
�2�o������j�z1��d�IEND�B`�PK��3��*�*PK
config.json{
"title": "Abuse IPDB",
"app_identifier": "abuse_ipdb",
"description": "This app provides integration with AbuseIPDB, a project dedicated to helping combat the spread of hackers, spammers, and abusive activity on the internet.",
"logo_data": "Logo_abuse_ipdb.png",
"config_template": [
{
"title": "API Token",
"field_key": "api_token",
"field_type": "text",
"description": "Input the API token for authentication.",
"is_required": true,
"valid_file_type": null
}
],
"actions_data": [
{
"title": "Get IP Address Reputation Details",
"description": "This action can be used to get the reputation details of an IP address in Abuse IPDB.",
"accepted_params": [
{
"title": "IP Address",
"field_key": "ip_address",
"field_type": "text",
"description": "Input an IP address.",
"is_required": true
},
{
"title": "Detailed Report",
"field_key": "detailed_report",
"field_type": "boolean",
"description": "Option to get a detailed report. Default: False"
},
{
"title": "Days To Look Back",
"field_key": "get_report_since",
"field_type": "integer",
"description": "Input a number of days to go back for fetch reports.\nDefault - '30' Days, min - 1 day, max - 365 days"
}
],
"return_values": [],
"app": "abuse_ipdb_1.0.1",
"action_identifier": "check_ip_address"
},
{
"title": "Check Subnet Reputation",
"description": "This action can be used to get the reputation of a subnet from Abuse IPDB.",
"accepted_params": [
{
"title": "IP Address Subnet",
"field_key": "network_subnet",
"field_type": "text",
"description": "Input the IP address Subnet (CIDR)\n- 127.0.0.1/26",
"is_required": true
},
{
"title": "Days To Look Back",
"field_key": "get_report_since",
"field_type": "integer",
"description": "Input the number of days to go back for fetch reports.\nDefault - '30' Days, min - 1 day, max - 365 days"
}
],
"return_values": [],
"app": "abuse_ipdb_1.0.1",
"action_identifier": "check_cidr"
},
{
"title": "Report Malicious IP Address",
"description": "This action can be used to report a malicious IP Address to Abuse IPDB.",
"accepted_params": [
{
"title": "IP Address",
"field_key": "ip_address",
"field_type": "text",
"description": "Input the IP address.",
"is_required": true
},
{
"title": "List of Categories",
"field_key": "categories",
"field_type": "text",
"description": "Input the categories; support in a comma separated list of category numbers;\n3 - Fraud Orders, 4 - DDoS Attack, 5 - FTP Brute-Force, 6 - Ping of Death\n7 - Phishing, 8 - Fraud VoIP, 9 - Open Proxy, 10 - Web Spam\n11 - Email Spam, 12 - Blog Spam, 13 - VPN IP, 14 - Port Scan\n15 - Hacking, 16 - SQL Injection, 17 - Spoofing, 18 - Brute-Force\n19 - Bad Web Bot, 20 - Exploited Host, 21 - Web App Attack\n22 - SSH, 23 - IoT Targeted",
"is_required": true
},
{
"title": "Description",
"field_key": "description",
"field_type": "text",
"description": "Input a description."
}
],
"return_values": [],
"app": "abuse_ipdb_1.0.1",
"action_identifier": "report_ip_address"
}
],
"supported_versions": "1.0.1",
"connector_version": "1.0.1",
"categories": [
"Data Enrichment \u0026 Threat Intelligence"
],
"lite_enabled": false,
"published_by": "Cyware",
"published_date": "2021-05-27T11:21:50+00:00",
"documentation_url": "",
"agent_version_slug": "",
"supporting_media": null,
"app_hash": "",
"publisher_logo_url": ""
}PKOªPK
__init__.pyPKPKv��
��connector.pyPK��3��*�*��;Logo_abuse_ipdb.pngPKOª
��"Aconfig.jsonPK
���S__init__.pyPK�TWhat made this section unhelpful for you?
Install Custom Apps
Install custom apps on the Orchestrate application.
Body Parameters
Upload the app package in ZIP format to install the app.
Response
Response Attributes
Returns the unique ID of the app.
Returns the title of the app.
Returns the unique identifier of the app.
Returns the published date and time of the app.
Returns the version of the app.
Returns the number of actions supported in the app.
Returns the app's supported versions.
Returns the configuration parameters required to create an instance in the app.
Show child attributes
Returns the resource identifier of the app.
Returns if the app is installed or not.
Returns the major version of the app. For example: 1.
Returns the available latest version of the app. For example: 1.0.0.
Returns the supported versions of the app.
Show child attributes
Returns the user ID of the user who created the app.
Returns the user ID of the user who last modified the app.
Returns the type of the app.
Returns the code of the app.
Returns the date and time of when the app was created.
Returns the date and time of when the app was last modified.
Returns the array of version statuses.
Returns the description of the app.
Returns the name of the app publisher.
Returns true if the app is a system or pre-configured app, otherwise, it returns false.
Returns the URL of the logo.
Returns the number of times the app is downloaded.
Returns the count of app instances.
Returns true if the app is Cyware Agent compatible, else false.
Returns the documenation link of the app.
Returns the major version of the agent if the app is agent-compatible.
Returns the minor version of the agent if the app is agent-compatible.
Returns the current patch version of the agent if the app is agent-compatible.
Returns the link to the app logo.
Returns the minor version of the app.
Returns the patch version of the app.
Returns the list of categories associated with the app.
Returns the URL of the logo for the app's publisher.
Returns true if the status of the app is active, else false.
What made this section unhelpful for you?
Response
{
"unique_id": "c82b4808-fc35-4e2a-b24d-e1f2ef21bdbc",
"title": "Respond_samp",
"app_identifier": "ip",
"published_date": "2023-08-23T09:04:05Z",
"connector_version": "1.0.0",
"actions_count": 1,
"supported_versions": "1.0.0",
"config_template": [
{
"title": "key",
"field_key": "key",
"field_type": "integer",
"description": "",
"is_required": false,
"valid_file_type": []
}
],
"app_slug": "ip_1_0_0",
"is_installed": true,
"major_version": "1",
"latest_installed_version": "1.0.0",
"all_installed_versions": [
{
"connector_version": "1.0.0",
"app_unique_id": "c82b4808-fc35-4e2a-b24d-e1f2ef21bdbc",
"created_at": "2025-02-26T08:15:25.995824Z",
"modified_at": "2025-02-26T08:15:25.995824Z",
"app_identifier": "ip",
"version_status": [],
"is_configured": false,
"is_action_supported": false
}
],
"created_by": "11c05e4a-ab01-4a08-bea8-8f1d6db0298f",
"modified_by": "11c05e4a-ab01-4a08-bea8-8f1d6db0298f",
"app_type": "READY_TO_USE",
"connector_code": "{\"__init__.py\":\"\",\"connector.py\":\"import requests\\nimport json\\n\\n'''\\nadd imports headers\\n'''\\n\\n\\nclass IpConnector(object):\\n \\\"\\\"\\\"\\n an object which make request on your behalf\\n \\\"\\\"\\\"\\n\\n def __init__(self, key: int, **kwargs):\\n \\\"\\\"\\\"\\n description: init function\\n :param api_token: api token\\n :param kwargs:\\n \\\"\\\"\\\"\\n self.key = key\\n self.SUCCESS = \\\"SUCCESS\\\"\\n self.ERROR = \\\"ERROR\\\"\\n self.ACTION_RESULT = 'result'\\n self.ACTION_STATUS = 'execution_status'\\n\\n def test_connection(self, **kwargs):\\n \\\"\\\"\\\"\\n description: function used for authenticating credentials\\n return: True/False\\n \\\"\\\"\\\"\\n return True\\n \\n \\n def action_get_machine_ip(self, **kwargs):\\n try:\\n url = \\\"https://api64.ipify.org?format=json\\\"\\n response = requests.get(url)\\n if response.status_code == 200:\\n return {\\n self.ACTION_RESULT: response.json(),\\n self.ACTION_STATUS: self.SUCCESS}\\n else:\\n return {\\n self.ACTION_RESULT: str(e),\\n self.ACTION_STATUS: self.ERROR}\\n \\n \\n except Exception as e:\\n return {\\n self.ACTION_RESULT: str(e),\\n self.ACTION_STATUS: self.ERROR}\\n \\n\",\"requirements.txt\":\"\"}",
"created_at": "2025-02-26T08:15:25.995824Z",
"modified_at": "2025-02-26T08:15:25.995824Z",
"version_status": "[]",
"description": "",
"published_by": "",
"is_system": false,
"logo_url": "",
"download_counter": null,
"instances_count": null,
"lite_enabled": false,
"documentation_url": "",
"major_agent_version": "0",
"minor_agent_version": "0",
"patch_agent_version": "0",
"logo": "",
"minor_version": "0",
"patch_version": "0",
"categories": [],
"publisher_logo_url": "",
"is_active": false
}What made this section unhelpful for you?
Playbooks
Playbooks are a structured sequence of actions organized into workflows to automate and orchestrate security responses, standardizing processes for effective incident and threat management. Orchestrate offers manual and automated playbooks to meet your organization's specific needs.
Playbooks can be scheduled based on application input sources or automatically triggered by specific events. Additionally, playbooks facilitate seamless integration between different security tools, creating a more connected and efficient security environment. For more information, see Playbooks.
You can perform the following actions in this module:
- Export Playbook: Export playbook details for backup or external use.
- Retrieve Playbooks and Details: Fetch the list of playbooks and specific playbook details.
- Retrieve Playbook Run Logs and Run Details: Fetch the list of playbook results, run logs, and specific run log details.
- Execute and Manage Playbooks: Run or terminate specific playbooks.
- Download Playbook and Node Results: Fetch and download results of a specific playbook or a specific node output for analysis.
Endpoints
GET
GET
GET
GET
GET
GET
POST
GET
GET
GET
POST
Custom Email Templates
Email templates are predefined email layouts with a header and body in rich text format. Analysts can reuse and customize these templates, reducing the effort required to compose emails from scratch.
These templates can be used in playbooks to automate email notifications. They are compatible with applications that support Rich Text Format fields, such as the Cyware Email Service - Send Email in Rich Text Format action and more. For more information, see Email Templates.
You can perform the following actions in this module:
- Get Custom Email Template List: Retrieve a list of available email templates.
- Get Custom Email Template Details: Retrieve detailed information about a specific email template.
Endpoints
GET
GET
Code Snippets
Code snippets are reusable blocks of code, such as functions, loops, and conditional statements. They support the creation of custom nodes, including custom actions and conditions, within playbooks.
Analysts can leverage a centralized library of reusable code to streamline workflows and reduce effort. This allows them to customize code pieces that are used in multiple playbook workflows from one location. For more information, see Code Snippets.
You can perform the following actions in this module:
- Retrieve Code Snippets: Retrieve a list of available code snippets.
- Retrieve Code Snippet Details: Fetch detailed information about a specific code snippet.
Endpoints
GET
GET
Persistent List
Persistent List is a collection of key-value pairs that analysts can use to store data and then look up from this data to use in a playbook or playbook node. Data stored in a persistent list can survive system reboots, system crashes, and more. Analysts can then retrieve the data defined in a persistent list using any playbook node. For more information, see Persistent List.
You can perform the following actions in this module:
- Retrieve Persistent Lists and Details: Fetch a list of all persistent storage objects and fetch detailed information about a specific object using its unique identifier.
- Create and Update Persistent Lists: Create new persistent storage objects or modify existing ones to update their details.
- Delete Persistent Storage Objects: Remove a specific persistent storage object from Orchestrate.
- Retrieve Persistent List Slugs: Get a list of unique resource identifiers for all persistent lists.
- Retrieve Playbooks Associated with a Persistent List: Get details and count of playbooks associated with a specific persistent storage object.
Endpoints
GET
GET
POST
PUT
PUT
GET
GET
Analytics
The Analytics Dashboard in Orchestrate provides an overview of activities across modules. Upon signing in, users can view dashboards that offer insights into playbook workflows, app performance, instance usage, and action execution. By analyzing key metrics such as frequently used playbooks and actions, analysts can optimize workflows and enhance automation. Dashboards also help identify underutilized events, diagnose execution errors, and refine automated responses, reducing manual intervention. For more information, see Analytics Dashboard.
You can perform the following actions in this module:
- Retrieve Playbook Execution Metrics: Get insights on playbook run count, most active playbooks, and average playbook execution time.
- Retrieve App and Instance Usage Metrics: Get insights into the most used and most active apps, instances, and actions.
- Retrieve Event Processing Metrics: Get insights on event count, unprocessed events, events with errors, and incoming source events.
Endpoints
GET
GET
GET
GET
GET
GET
GET
GET
GET
GET
GET
GET
GET
Events
A Source Event acts as a trigger for a playbook to execute. You can configure triggers to automatically trigger the execution of a playbook based on the occurrence of an event. These events can occur in Orchestrate or on external platforms such as Respond, Intel Exchange, Splunk, and more. You can configure the source event app and source event type to execute pre-configured playbook workflows. For more information, see Events.
When a Source Event is triggered in Cyware Orchestrate, it carries the Source Event Data from integrated tools like Splunk, Respond, and other apps. This data is transmitted in JSON format via the Cyware Orchestrate REST API.
Authorization
These APIs require an OpenAPI access ID and a generated secret key for authentication.
You can perform the following actions in this module:
- Create Events: Create new events with either detailed or concise response data.
- Retrieve Source Events and Details: Fetch a list of all source events and retrieve the details of a specific event.
- Configure and Manage Events: Configure events by passing the app identifier, action identifier, and labels through the payload.
- Download Event Data: Export event data for further analysis.
Endpoints
POST
POST
GET
GET
POST
GET
Tags
A playbook tag can be used to define role-based access control (RBAC) for playbooks. To configure RBAC, analysts must create playbook tags and associate them with both playbooks and user groups in Respond. Members of a Respond user group can execute playbooks only if the assigned tags match those of the user group. For more information, see Create Playbook Tags.
You can perform the following actions in this module:
- Retrieve Tags: Fetch the list of tags.
- Retrieve Tag Details: Fetch the details of a specific tag.
Endpoints
GET
GET
Webhooks
Webhooks are serialized messages/information sent from one application to another's unique URL over the web. Webhooks enable analysts to bypass data exchange complications by generating token-based URLs and authenticating endpoints whenever events (GET and POST requests) are triggered in the Orchestrate application.
Webhooks module allows users to create and manage webhook configurations and tokens. Users will be able to access features based on the permissions assigned to the user in the Orchestrate application. For more information, see Configure Webhooks.
Authentication
These APIs require a webhook token as a mandatory parameter.
Generate Webhook Credentials
- Navigate to the Admin Panel and select Webhooks.
- Click Add Webhook and enter the webhook details.
- After entering the details, click Generate Webhook URL.
- After the webhook URL is generated, copy the token and the Base URL displayed to you, and then configure the keys in the required application.
You can perform the following actions in this module:
- Test Connectivity: Verify the webhook connection to ensure a successful event creation.
- Create Events: Create new events with either detailed or concise response data.
- Create Events through Payload: Create new events by passing the app identifier, action identifier, and data through the payload.