Supported Cortex XSOAR versions: 6.0.0 and later.
Threat InDepth's correlated and contextualized intelligence helps enterprises improve their threat detection and response by providing unprecedented visibility into new email-borne security threats and actionable insights to make meaningful response decisions. By correlating insights gathered across email content, web traffic, and suspicious files; Cyren provides security teams with a multi-dimensional presentation of critical threat characteristics.
- Access to Cyren's GlobalView™ Threat Intelligence Cloud that provides the earliest visibility into new and evolving attacks on a global basis
- Comprehensive, multi-dimensional presentation of critical threat characteristics to help analysts understand the evolving threat landscape
- Timely, Correlated, & Contextualized intelligence that helps reduce mean-time-to-detect (MTTD) and mean-time-to-respond (MTTR) for security analysts
- Improved threat detection for existing security products such as SIEM and SOAR solutions
Feeds included in Cyren Threat InDepth content pack
The Cyren Threat InDepth content pack includes access to these streams of indicators:
- IP Reputation Intelligence
- Phishing & Fraud URL Intelligence
- Malware URL Intelligence
- Malware File Intelligence
Configure Cyren Threat InDepth Threat Intelligence Feed on XSOAR
- Navigate to Settings > Integrations > Servers & Services.
- Search for Cyren Threat InDepth Threat Intelligence Feed.
- Click Add instance to create and configure a new integration instance.
|url||Cyren Threat InDepth API URL||True|
|apikey||API JWT token that has been issued to you||True|
|feed_name||Name of the particular feed that matches your API JWT token||True|
|max_indicators||The maximum number of indicators to fetch||False|
|feedIncremental||Is incremental or not||False|
|feedReputation||The reputation to apply to the fetched indicators.||False|
|feedReliability||The reliability of the this feed.||True|
|tlp_color||The Traffic Light Protocol (TLP) designation to apply to indicators fetched from the feed. More information about the protocol can be found at https://us-cert.cisa.gov/tlp||False|
|feedFetchInterval||Feed Fetch Interval||False|
|feedBypassExclusionList||Bypass exclusion list||False|
- Click Test to validate the URLs, token, and connection.
The underlying Cyren Threat InDepth API provides you with an incremental feed, meaning it provides new or modified indicators. It also works with an offset value that keeps track of your currently processed indicators. Your current offset defaults at the globally known maximum offset on your first setup and is being stored and updated for you in the integration instance context. The integration then uses the "Maximum number of indicators" parameter as the count in each request. It is recommended to set it to a high enough value so that you get all the feed indicators for maximum product value, to handle bursts etc.(the value cannot be higher than 100.000 and it will be capped at that value if you set a higher one).
You can execute these commands from the XSOAR CLI, as part of an automation, or in a playbook. After you successfully execute a command, a DBot message appears in the War Room with the command details.
Fetching Cyren Threat InDepth indicators
- A valid API JWT token and a matching feed name
|max_indicators||The maximum number of results to return.||True|
There is no context output for this command.
Human Readable Output
Indicators from Cyren Threat InDepth:
Contact us: firstname.lastname@example.org