This repository has been archived by the owner on Aug 31, 2018. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 159
Cyphort
robfry edited this page Nov 10, 2014
·
12 revisions
Cyphort is a relatively new network based detector company. We've worked with them since they were in stealth mode and we have high confidence in their technology. Besides some of the obvious values provided by their technology, they provide an API to interface with their data. IMO, all security based software, appliances, devices should provide APIs </rant:off>. For FIDO the value of an API is invaluable. The ability to get access to all information without needing to go through a UI allows you to do more automation and analysis than what you would be able to without an API. The below describes how to setup this integration.
- Open the FIDO database and go to the configs_detectors table.
- Add a new row and for the detectortype column add in 'api'.
- For the detector column add in 'cyphort' and for the vendor column add in 'Cyphort'.
- For the server column add in the URL to the Cyphort API, for example, https://%serverFQDN%/cyadmin/api.php?.
- For the api_key column modify the existing value and replace the %api_key% value with the API key you created through the Cyphort console.
- (Optional) You can also modify the query string used to pull data through the API via the query column. By default FIDO will retrieve all alerts from the last hour with a maximum return of 1000. Once FIDO processes an alert it will keep track of which ones it has processed, so even though retrieves alerts from the last hour it will not reprocess alerts more than once.