Overview
Cyfirma is a management platform created to provide organizations with a perspective from the attacker's point of view. They analyze real-time visibility and the external threat environment to take faster action from threat actors.
Prerequisites
- Logsign 6.3.26+ versions support this integration.
Configure On Cyfirma
Forwarding settings are completed as follows:
- Log in to the Cyfirma portal.
- Click On-Boarding > API.
- In the API part, copy the value.
Configure On Logsign
Forwarding settings are completed as follows:
- Click Settings > Integrations > Responses.
- In the ‘Search’ part, write Cyfirma.
- Click ‘Configure’ and then click ‘+Device’.
- Define the settings as follows:
- Device Name: Define the Device Name.
- Url: The URL address of the Cyfirma device/product to be integrated with Logsign.
- Api Key: Define the Api Key.
- Click Create to save the changes.
Methods
IOC_SEARCH
- Device: Select the configuration you have configured.
- Indicator Type: Specify the indicator type.
- Value: Define the value.
VULNERABILITY_SEARCH
- Device: Select the configuration you have configured.
- Cve: Define the Cve value.
COMPROMISED_USER_DETAILS
- It shows the compromised e-mail addresses.
RISK_DOSSIER
- Device: Select the configuration you have configured.
- Indicator Type: Specify the indicator type.
- Value: Define the value.