Cynet

Integration version: 9.0

Configure Cynet integration in Google Security Operations SOAR

For detailed instructions on how to configure an integration in Google Security Operations SOAR, see Configure integrations.

Actions

Delete Hash in Host

Description

Delete the file remediation action.

Parameters

N/A

Use cases

N/A

Run On

This action runs on the Filehash entity.

Action Results

Entity Enrichment
Enrichment Field Name Logic - When to apply
13590 Returns if it exists in JSON result
Insights

N/A

Script Result
Script Result Name Value Options Example
is_success True/False is_success:False
JSON Result
[{
   "EntityResult": 13590,
   "Entity": "0DC213FE4551740E12CAC575A9880753A9DACD510533F31BD7F635E743A7605"
}]

Hash Query

Description

Retrieve all the information about a specific file.

Parameters

N/A

Use cases

N/A

Run On

This action runs on the Filehash entity.

Action Results

Entity Enrichment
Enrichment Field Name Logic-When to apply
meta_copyright Returns if it exists in JSON result
common_filename Returns if it exists in JSON result
occurrences Returns if it exists in JSON result
meta_product_name_and_version Returns if it exists in JSON result
first_seen Returns if it exists in JSON result
is_whitelisted Returns if it exists in JSON result
imports_winsock Returns if it exists in JSON result
meta_description Returns if it exists in JSON result
meta_companyName Returns if it exists in JSON result
risk_level Returns if it exists in JSON result
has_autorun_occurrences Returns if it exists in JSON result
meta_original_filename Returns if it exists in JSON result
sha256 Returns if it exists in JSON result
has_program_files_folder_occurrences Returns if it exists in JSON result
common_path Returns if it exists in JSON result
certificate_thumbprint Returns if it exists in JSON result
certificate_name Returns if it exists in JSON result
certificate_root_name Returns if it exists in JSON result
alert_severity_level Returns if it exists in JSON result
ssdeep Returns if it exists in JSON result
md5 Returns if it exists in JSON result
sha1 Returns if it exists in JSON result
has_hidden_window_occurrences Returns if it exists in JSON result
alert_product_name Returns if it exists in JSON result
imports_wininet Returns if it exists in JSON result
domains Returns if it exists in JSON result
last_seen Returns if it exists in JSON result
imports_ntdll Returns if it exists in JSON result
av_detections Returns if it exists in JSON result
Insights

N/A

Script Result
Script Result Name Value Options Example
is_success True/False is_success:False
JSON Result
{
    "meta_copyright": "Copyright (C) 2000",
    "common_filename": "ipscan.exe",
    "has_sockets": "false",
    "occurrences": [{
        "file_type": "PROCESS",
        "creation_time": "2017-12-15T14:34:41Z",
        "owner_user": "builtin\\\\administrators",
        "last_run_time": "2017-12-15T14:34:41Z",
        "hostname": "host1",
        "commandline_parameters": "C:\\\\DocumenteD\\\\___soft\\\\IP_Tools\\\\IPscan\\\\ipscan.exe",
        "filename": "ipscan.exe",
        "parent_path": "c:\\\\windows\\\\explorer.exe",
        "sha256": "40DC213FE4551740E12CAC575A9880753A9DACD510533F31BD7F635E743A7605",
        "running_user": "cabuk\\\\r610739",
        "full_path":"c:\\\\documented\\\\___soft\\\\ip_tools\\\\ipscan\\\\ipscan.exe"
    }],
    "meta_product_name_and_version": " 0.0.0.0",
    "first_seen": "2016-12-27T15:07:53Z",
    "is_whitelisted": "false",
    "imports_winsock": "false",
    "meta_description": "Angry IP scanner",
    "meta_companyName": "Angryziber Software",
    "risk_level": 1000,
    "has_autorun_occurrences": "false",
    "meta_original_filename": "ipscan.exe",
    "sha256": "40DC213FE4551740E12CAC575A9880753A9DACD510533F31BD7F635E743A7605",
    "has_program_files_folder_occurrences": "false",
    "common_path": "c:\\\\documented\\\\___soft\\\\ip_tools\\\\ipscan\\\\ipscan.exe",
    "certificate_thumbprint": "0000000000000000000000000000000000000000",
    "certificate_name": "",
    "certificate_root_name": "",
    "alert_severity_level": "Critical",
    "ssdeep": "",
    "md5": "6C1BCF0B1297689C8C4C12CC70996A75",
    "sha1": "",
    "has_hidden_window_occurrences": "true",
    "alert_product_name": "Angry IP Scanner - Cynet.Scanner.Angry IP Scanner",
    "imports_wininet": "false",
    "domains": [],
    "last_seen": "2018-02-28T11:26:32Z",
    "imports_ntdll": "false",
    "av_detections": 22
}

Kill Hash in Host

Description

Kill the process file remediation action.

Parameters

N/A

Use cases

N/A

Run On

This action runs on the Filehash entity.

Action Results

Entity Enrichment

N/A

Insights

N/A

Script Result
Script Result Name Value Options Example
is_success True/False is_success:False
JSON Result
[
    {
        "EntityResult": 13590,
        "Entity": "0DC213FE4551740E12CAC575A9880753A9DACD510533F31BD7F635E743A7605"
    }
]

Ping

Description

Test Connectivity.

Parameters

N/A

Use cases

N/A

Run On

This action runs on all entities.

Action Results

Entity Enrichment

N/A

Insights

N/A

Script Result
Script Result Name Value Options Example
is_success True/False is_success:False
JSON Result
N/A

Quarantine Hash in Host

Description

Action to remediate the quarantined file.

Parameters

N/A

Use cases

N/A

Run On

This action runs on the Filehash entity.

Action Results

Entity Enrichment

N/A

Insights

N/A

Script Result
Script Result Name Value Options Example
is_success True/False is_success:False
JSON Result
[
    {
        "EntityResult": 13590,
        "Entity": "0DC213FE4551740E12CAC575A9880753A9DACD510533F31BD7F635E743A7605"
    }
]

Remediation Status

Description

Get the remediation status based on the remediation ID.

Parameters

Parameter Type Default Value Description
Remediation ID String N/A e.g. 312.

Use cases

N/A

Run On

This action runs on all entities.

Action Results

Entity Enrichment

N/A

Insights

N/A

Script Result
Script Result Name Value Options Example
is_success True/False is_success:False
JSON Result
{
  "status": 24,
  "statusInfo": "File does not exist",
  "id": 13592
}