Cyberint
Version: 1.1
Updated: June 17, 2024
Cyberint offers to proactively monitor and positively impact external risk exposure and mitigation.
Actions
- Close Alerts (Containment) - Closes an alert by Alert ID.
- Get Alert Details (Enrichment) - Retrieves a single alert by Alert ID.
- Search Alerts (Enrichment) - Returns a list of alerts based on the search criteria.
- Update Alerts (Containment) - Updates the status of an alert by Alert ID.
Configure Cyberint in Automation Service and Cloud SOAR
Before you can use the integration, you must configure it so that the vendor can communicate with Sumo Logic. For general guidance, see Configure Authentication for Integrations.
- Access App Central and install the integration.
- Select the installed integration in the Integrations page.
Classic UI. In the main Sumo Logic menu, select Automation and then select Integrations in the left nav bar.
New UI. In the main Sumo Logic menu, select Automation > Integrations. You can also click the Go To... menu at the top of the screen and select Integrations. - Select the integration.
- Hover over the resource name and click the Edit button that appears.
- In the Add Resource dialog, enter the authentication needed by the resource. When done, click TEST to test the configuration, and click SAVE to save the configuration.
- Label. Unique name of the connection configuration.
- Instance Name Url. Domain name associated with your Cyberint instance (typically in the format
https://{instance_domain}.cyberint.io/...). - API key. API key associated with your Cyberint account.
- Company Name. Company (client) name associated with your Cyberint instance.
- (Optional) Verify Server Certificate. Validates a server’s SSL certificate.
- (Optional) Connection Timeout (s). Sets the maximum amount of time an integration will wait for a server's response before terminating the connection.
- (Optional) Automation engine. Select Cloud execution (for this certified integration) or select a Bridge option (for custom integrations).
- (Optional) Proxy Options. Specifies the settings for routing network requests through a proxy server to manage and control internet traffic.
For information about Cyberint, see the Cyberint website.
Test actions
Before you start exploring the features of the Cyberint app, try test runs of each of the actions to learn specifics of usage.
Search Alerts
The Search Alerts action is designed to search for alerts using criteria (filters) such as Severity, Statuses, datetime range. 
The execution result displays a table with most valuable information, but also you can switch to the JSON-output mode by clicking the {} button. 
Get Alert Details
The Get Alert Details action is designed to search for alerts by unique Alert Ref Id. 
The execution result displays a table with most valuable information, but also you can switch to the JSON-output mode by clicking the {} button. 
Update Alerts
The Update Alerts action is designed to update an alert by Alert Ref Ids array.
The alert information available for update is:
- Status. Available statuses:
- Open
- Acknowledged
The execution result displays a message Alerts status updated successfully. This result means successful result of an execution. 
Close Alerts
The Close Alerts action is designed to close an alert by Alert Ref Ids array with providing a Closure reason and description if applicable.
The alert information available for closing is:
- Closure reason. Available reasons:
- Resolved
- Irrelevant
- False positive
- Irrelevant alert subtype
- No longer a threat
- Asset should not be monitored
- Asset belongs to my organization
- Asm no longer detected
- Asm manually closed
- Other
- Closure reason description. Can be set only if the chosen Closure reason is Other.
The execution result displays a message Alerts is closed successfully. This result means successful result of an execution. 
Change Log
- May 16, 2024 - First upload
- June 17, 2024 - Improve documentation