Cymon

Publisher: Splunk
Connector Version: 1.0.16
Product Vendor: eSentire
Product Name: Cymon
Product Version Supported (regex): ".*"
Minimum Product Version: 4.0.1068

This app integrates with the Cymon to implement investigative and reputation actions

Configuration Variables

The below configuration variables are required for this Connector to operate. These variables are specified when configuring a Cymon asset in SOAR.

VARIABLE	REQUIRED	TYPE	DESCRIPTION
api_key	optional	password	api key

Supported Actions

ip reputation - Get information about an IP
lookup domain - Get information about a domain
test connectivity - Test connectivity to Cymon
file reputation - Get information about a hash

action: 'ip reputation'

Get information about an IP

Type: investigate
Read only: True

This action retrieves:

related events
related domains
related URLs

As a result, this action makes three separate REST calls.

Action Parameters

PARAMETER	REQUIRED	DESCRIPTION	TYPE	CONTAINS
ip	required	IP address to query	string	`ip` `ipv6`

Action Output

DATA PATH	TYPE	CONTAINS
action_result.status	string
action_result.parameter.ip	string	`ip` `ipv6`
action_result.data.*.domains.count	numeric
action_result.data.*.domains.next	string
action_result.data.*.domains.previous	string
action_result.data..domains.results..created	string
action_result.data..domains.results..name	string
action_result.data..domains.results..updated	string
action_result.data.*.events.count	numeric
action_result.data.*.events.next	string
action_result.data.*.events.previous	string
action_result.data..events.results..created	string
action_result.data..events.results..description	string
action_result.data..events.results..details_url	string	`url`
action_result.data..events.results..tag	string
action_result.data..events.results..title	string
action_result.data..events.results..updated	string
action_result.data.*.urls.count	numeric
action_result.data.*.urls.next	string
action_result.data.*.urls.previous	string
action_result.data..urls.results..created	string
action_result.data..urls.results..location	string	`url` `file name`
action_result.data..urls.results..updated	string
action_result.summary.total_count	numeric
action_result.message	string
summary.total_objects	numeric
summary.total_objects_successful	numeric

action: 'lookup domain'

Get information about a domain

Type: investigate
Read only: True

Action Parameters

PARAMETER	REQUIRED	DESCRIPTION	TYPE	CONTAINS
domain	required	Domain to query	string	`domain`

Action Output

DATA PATH	TYPE	CONTAINS
action_result.status	string
action_result.parameter.domain	string	`domain`
action_result.data.*.created	string
action_result.data.*.ips	string	`ip`
action_result.data.*.name	string	`domain`
action_result.data.*.sources	string
action_result.data.*.updated	string
action_result.data.*.urls	string	`url`
action_result.summary.domain_count	numeric
action_result.message	string
summary.total_objects	numeric
summary.total_objects_successful	numeric

action: 'test connectivity'

Test connectivity to Cymon

Type: test
Read only: True

Action Parameters

No parameters are required for this action

Action Output

No Output

action: 'file reputation'

Get information about a hash

Type: investigate
Read only: True

Action Parameters

PARAMETER	REQUIRED	DESCRIPTION	TYPE	CONTAINS
hash	required	Hash (md5, sha1, sha256, sha512)	string	`hash` `md5` `sha1` `sha256` `sha512`

Action Output

DATA PATH	TYPE	CONTAINS
action_result.status	string
action_result.parameter.hash	string	`hash` `md5` `sha1` `sha256` `sha512`
action_result.data.*.count	numeric
action_result.data.*.next	string
action_result.data.*.previous	string
action_result.data..results..created	string
action_result.data..results..description	string
action_result.data..results..details_url	string	`url`
action_result.data..results..tag	string
action_result.data..results..title	string
action_result.data..results..updated	string
action_result.summary.total_count	numeric
action_result.message	string
summary.total_objects	numeric
summary.total_objects_successful	numeric

splunk-soar-connectors/cymon

Cymon

Configuration Variables

Supported Actions

action: 'ip reputation'

Action Parameters

Action Output

action: 'lookup domain'

Action Parameters

Action Output

action: 'test connectivity'

Action Parameters

Action Output

action: 'file reputation'

Action Parameters

Action Output