Muokkaa

Jaa

Cyware Intel Exchange

  • Artikkeli

Important

Some information in this article relates to a prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.

Cyware Intel is an automated Threat Intelligence Platform (TIP) for ingestion, enrichment, analysis, prioritization, actioning, and bidirectional sharing of threat data.

Note

This article contains information about third-party plugins. This is provided to help complete integration scenarios. However, Microsoft does not provide troubleshooting support for third-party plugins. Contact the third-party vendor for support.

Know before you begin

Integration with Security Copilot requires an API Key. You'll need to take the following steps before using the plugin.

  1. Get your Cyware Respond API key. If you don't have one yet, follow these steps:

    1. Go to the Cyware website and create an account.

    2. Go to the Admin panel, and then go to Open APIs.

    3. Create a new OpenAPI credential set.

    4. Copy your OpenAPI token generated.

  2. Sign in to Microsoft Security Copilot.

  3. Access Manage Plugins by selecting the Plugin button from the prompt bar.

  4. Next to Cyware Intel Exchange, select Set up.

  5. Provide your Cyware Respond Instance URL and API Token.

  6. Select Save and Test. Then select Save.

Sample Cyware Respond prompts

After the Cyware Intel Exchange plugin is configured, you can use the following capabilities with Security Copilot. The following table lists example prompts to try.

Capability Example prompts
Querying Threat Intelligence - Search Cyware Intel Exchange for the malware Ryuk.

- Can you search for the above indicator on Cyware Intel Exchange.
Convert Natural Language query to Cyware query language query - Can you give me a CQL query to find all malwares associated with the threat actor APT2?

- Generate CQL query for searching an indicator on Cyware Intel ExchangeGenerate CQL query for searching an indicator on Cyware Intel Exchange.

Troubleshoot the Cyware Intel Exchange plugin

Errors occur

If you encounter errors, such as Couldn't complete your request, or An unknown error occurred, make sure the plugin is turned on. If the issue persists, sign out of Security Copilot, and then sign back in.

Prompts aren't invoking the correct capabilities

If prompts are not invoking the correct capabilities, or prompts are invoking some other capability set, you might have custom plugins or other plugins that have similar functionality as the capability set you want to use.

Provide feedback

To provide feedback, contact Cyware.

See also

Other plugins for Microsoft Security Copilot

Manage plugins in Microsoft Security Copilot