This workflow template, "Fetch Cyberint Alerts on a Schedule," automates the monitoring and aggregation of open alerts from Cyberint according to a defined schedule. It sets initial parameters, including a global variable to keep track of polling times, and then systematically retrieves alerts based on the set time interval. The framework can paginate through all open alerts, looping to process events as needed. Moreover, it allows customization to add logic for opening cases or sending notifications via messages or emails depending on specific business requirements. This workflow is beneficial for Threat Intelligence Enrichment by providing systematic alert collection and processing.
Optional Triggers
["Can be run as a nested workflow by removing the trigger."]
Use Cases
Threat Intelligence Enrichment
Workflow Breakdown
Set Workflow Parameters and Schedule to run the workflow. This includes the global variable to track the last poll time.
Pull open alerts for the time period given. If this is the first run gather the events in the past settings interval.
Paginate on all open alerts and loop through the events as needed.
Add additional logic to open cases, send messages, or emails as needed based on the use case.
Vendors
Utils, Torq
Workflow Output
When open alerts are found provide the listing of alerts. If not alerts are found provide false on exit.