Skip to main content

Cyberint

cyberint

Version: 1.1
Updated: June 17, 2024

Cyberint offers to proactively monitor and positively impact external risk exposure and mitigation.

Actions

  • Close Alerts (Containment) - Closes an alert by Alert ID.
  • Get Alert Details (Enrichment) - Retrieves a single alert by Alert ID.
  • Search Alerts (Enrichment) - Returns a list of alerts based on the search criteria.
  • Update Alerts (Containment) - Updates the status of an alert by Alert ID.

Configure Cyberint in Automation Service and Cloud SOAR

Before you can use this automation integration, you must configure its authentication settings so that the product you're integrating with can communicate with Sumo Logic. For general guidance, see Configure Authentication for Automation Integrations.

How to open the integration's configuration dialog
  1. Access App Central and install the integration. (You can configure at installation, or after installation with the following steps.)
  2. Go to the Integrations page.
    Classic UI. In the main Sumo Logic menu, select Automation and then select Integrations in the left nav bar.
    New UI. In the main Sumo Logic menu, select Automation > Integrations. You can also click the Go To... menu at the top of the screen and select Integrations.
  3. Select the installed integration.
  4. Hover over the resource name and click the Edit button that appears.
    Edit a resource

In the configuration dialog, enter information from the product you're integrating with. When done, click TEST to test the configuration, and click SAVE to save the configuration.

  • Label. Unique name of the connection configuration.
  • Instance Name Url. Domain name associated with your Cyberint instance (typically in the format https://{instance_domain}.cyberint.io/...).
  • API key. API key associated with your Cyberint account.
  • Company Name. Company (client) name associated with your Cyberint instance.
  • (Optional) Verify Server Certificate. Validates a server’s SSL certificate.
  • (Optional) Connection Timeout (s). Sets the maximum amount of time an integration will wait for a server's response before terminating the connection.
  • (Optional) Automation engine. Select Cloud execution (for this certified integration) or select a Bridge option (for custom integrations).
  • (Optional) Proxy Options. Specifies the settings for routing network requests through a proxy server to manage and control internet traffic.
    cyberint

For information about Cyberint, see the Cyberint website.

Test actions

Before you start exploring the features of the Cyberint app, try test runs of each of the actions to learn specifics of usage.

Search Alerts

The Search Alerts action is designed to search for alerts using criteria (filters) such as Severity, Statuses, datetime range.
cyberint

The execution result displays a table with most valuable information, but also you can switch to the JSON-output mode by clicking the {} button.
cyberint
cyberint

Get Alert Details

The Get Alert Details action is designed to search for alerts by unique Alert Ref Id.
cyberint

The execution result displays a table with most valuable information, but also you can switch to the JSON-output mode by clicking the {} button.
cyberint
cyberint

Update Alerts

The Update Alerts action is designed to update an alert by Alert Ref Ids array.

The alert information available for update is:

  • Status. Available statuses:
    • Open
    • Acknowledged
      cyberint

The execution result displays a message Alerts status updated successfully. This result means successful result of an execution.
cyberint
cyberint

Close Alerts

The Close Alerts action is designed to close an alert by Alert Ref Ids array with providing a Closure reason and description if applicable.

The alert information available for closing is:

  • Closure reason. Available reasons:
    • Resolved
    • Irrelevant
    • False positive
    • Irrelevant alert subtype
    • No longer a threat
    • Asset should not be monitored
    • Asset belongs to my organization
    • Asm no longer detected
    • Asm manually closed
    • Other
  • Closure reason description. Can be set only if the chosen Closure reason is Other.
    cyberint

The execution result displays a message Alerts is closed successfully. This result means successful result of an execution.
cyberint
cyberint

Change Log

  • May 16, 2024 - First upload
  • June 17, 2024 - Improve documentation
Status
Legal
Privacy Statement
Terms of Use

Copyright © 2025 by Sumo Logic, Inc.