Skip to main content
All CollectionsTemplatesBasic
Fetch Cyberint Alerts on a Schedule - Workflow Template
Fetch Cyberint Alerts on a Schedule - Workflow Template

Fetch alerts from Cyberint on a schedule. An optional loop is available in the workflow to do additional actions as needed.

Updated over 3 months ago

This workflow template, "Fetch Cyberint Alerts on a Schedule," automates the monitoring and aggregation of open alerts from Cyberint according to a defined schedule. It sets initial parameters, including a global variable to keep track of polling times, and then systematically retrieves alerts based on the set time interval. The framework can paginate through all open alerts, looping to process events as needed. Moreover, it allows customization to add logic for opening cases or sending notifications via messages or emails depending on specific business requirements. This workflow is beneficial for Threat Intelligence Enrichment by providing systematic alert collection and processing.

Optional Triggers

["Can be run as a nested workflow by removing the trigger."]

Use Cases

Threat Intelligence Enrichment

Workflow Breakdown

  1. Set Workflow Parameters and Schedule to run the workflow. This includes the global variable to track the last poll time.

  2. Pull open alerts for the time period given. If this is the first run gather the events in the past settings interval.

  3. Paginate on all open alerts and loop through the events as needed.

  4. Add additional logic to open cases, send messages, or emails as needed based on the use case.

Vendors

Utils, Torq

Workflow Output

When open alerts are found provide the listing of alerts. If not alerts are found provide false on exit.

Did this answer your question?