Fortinet Document Library

Version:


Table of Contents

1.0.0
Copy Link

About the connector

Infocyte automates the process of threat hunting, allowing you to dig deep into forensics and eliminate threats quickly.

This document provides information about the Infocyte connector, which facilitates automated interactions, with your Infocyte server using FortiSOAR™ playbooks. Add the Infocyte connector, as a step in FortiSOAR™ playbooks and perform automated operations such as retrieving a list of hosts that are added in Infocyte, triggering a scan on a host, and retrieving scan details from Infocyte. 

Version information

Connector Version: 1.0.0

FortiSOAR™ Version Tested on: 4.12.1-253

Authored By: Fortinet

Certified: Yes

Installing the connector

All connectors provided by FortiSOAR™ are delivered using a FortiSOAR™ repository. Therefore, you must set up your FortiSOAR™ repository and use the yum command to install connectors:

yum install cyops-connector-infocyte

For the detailed procedure to install a connector, click here

Prerequisites to configuring the connector

  • You must have the URL of Infocyte server to which you will connect and perform automated operations and credentials (Username-Password pair) to access that server.
  • To access the FortiSOAR™ UI, ensure that port 443 is open through the firewall for the FortiSOAR™ instance.

Configuring the connector

For the procedure to configure a connector, click here

Configuration parameters

In FortiSOAR™, on the Connectors page, click the Infocyte connector row, and in the Configure tab enter the required configuration details.

Parameter Description
Server URL URL of the Infocyte server to which you will connect and perform the automated operations.
Username Username for the Infocyte server to which you will connect and perform the automated operations.
Password Password for the Infocyte server to which you will connect and perform the automated operations.
Verify SSL Specifies whether the SSL certificate for the server is to be verified or not.
By default, this option is set as True.

Actions supported by the connector

The following automated operations can be included in playbooks, and you can also use the annotations to access operations from FortiSOAR™ release 4.10.0 and onwards:

Function Description Annotation and Category
Get Scans Of Target Get scans associated with a specific target from Infocyte, based on the target ID you have specified. get_scans_of_target
Investigation
Get Hosts Artifacts Retrieves details of all artifacts or a specific artifact associated with hosts, based on the open query you have specified from Infocyte. get_hosts_artifacts
Investigation
Get Host Addresses Retrieves addresses of all the hosts, or specific hosts based on the host ID and other input parameters you have specified from Infocyte. get_host_address
Investigation
Get Target Group Details Retrieves details of all target groups, or specific target groups, based on the target group ID and other input parameters you have specified from Infocyte. get_target_group
Investigation
Run Scan Triggers a scan on a host on Infocyte based on the target ID, and optionally the host address ID and other input parameters that you have specified. run_scan
Investigation
Get Scans Retrieves details of all scans, or specific scans based on the input parameters that you have specified from Infocyte. get_scans
Investigation
Get Scan Status By User Task ID Retrieves the status of all scans, or specific scans based on the user task ID that you have specified from Infocyte. get_scan_status_by_user_taskid
Investigation
Get Processes Retrieves basic information, such as threat, score, etc for all processes, or specific processes based on the target ID and other input parameters that you have specified from Infocyte. get_processes
Investigation
Get Process Details Retrieves all details for all processes, or specific processes based on the process ID and other input parameters that you have specified from Infocyte. get_processes_details
Investigation
Get Accounts Retrieves details of all accounts, or specific accounts based on the target ID and other input parameters that you have specified from Infocyte. get_accounts
Investigation
Get Modules Retrieves basic information, such as threat, score, etc for all modules, or specific module based on the target ID and other input parameters that you have specified from Infocyte. get_modules
Investigation
Get Module Details Retrieves all details for all modules, or specific module based on the module ID that you have specified from Infocyte. get_modules_details
Investigation
Get Drivers Retrieves basic information, such as threat, score, etc for all drivers, or specific driver based on the target ID and other input parameters that you have specified from Infocyte. get_drivers
Investigation
Get Driver Details Retrieves details of all drivers, or specific drivers based on the driver ID that you have specified from Infocyte. get_drivers_details 
Investigation
Get Artifacts Retrieves basic information, such as threat, score, etc for all artifacts, or specific artifact based on the target ID and other input parameters that you have specified from Infocyte. get_artifacts
Investigation
Get Artifact Details Retrieves details of all artifacts, or specific artifacts based on the artifact ID that you have specified from Infocyte. get_artifacts_details
Investigation

operation: Get Scans Of Target

Input parameters

Parameter Description
Target ID ID of the target whose associated scans details you want to retrieve from Infocyte.

Output

The output contains the following populated JSON schema:
[
  { 
     "startedOn": "", 
     "autostartCount": "", 
     "moduleCount": "", 
     "accountCount": "", 
     "targetDeleted": "", 
     "completedOn": "", 
     "memoryCount": "", 
     "id": "", 
     "totalHostCount": "", 
     "name": "", 
     "applicationCount": "", 
     "hookCount": "", 
     "targetId": "", 
     "scriptCount": "", 
     "processCount": "", 
     "artifactCount": "", 
     "connectionCount": "", 
     "updatedOn": "", 
     "hostCount": "", 
     "targetName": "", 
     "driverCount": "" 
  }
]

operation: Get Hosts Artifacts

Input parameters

Parameter Description
Open Query (Optional) A generalized query that you can enter in this field to get artifacts details for hosts on Infocyte.
For example, {"where" : {"hostname":"AD"}}

Output

The output contains the following populated JSON schema:
[
  { 
     "hostname": "", 
     "hostId": "", 
     "signed": "", 
     "path": "", 
     "avTotal": "", 
     "hasAvScan": "", 
     "staticAnalysis": "", 
     "notMalicious": "", 
     "hostScanId": "", 
     "synapse": "", 
     "whitelist": "", 
     "flagName": "", 
     "managed": "", 
     "flagColor": "", 
     "localWhitelist": "", 
     "compromised": "", 
     "threatWeight": "", 
     "localBlacklist": "", 
     "scannedOn": "", 
     "blacklist": "", 
     "modifiedOn": "", 
     "artifactType": "", 
     "suspicious": "", 
     "threatScore": "", 
     "avPositives": "", 
     "unknown": "", 
     "id": "", 
     "flagWeight": "", 
     "name": "", 
     "artifactId": "", 
     "scanId": "", 
     "hitCount": "", 
     "threatName": "", 
     "malicious": "", 
     "dynamicAnalysis": "", 
     "flagId": "", 
     "failed": "", 
     "fileRepId": "" 
  }
]

operation: Get Host Addresses

Input parameters

Note: All the input parameters are optional. However, if you do not specify any parameter, then no filter criterion is applied, and an unfiltered list is returned.
The 'id' field in the output is the address ID.

Parameter Description
Filter By Filter hosts that are retrieved from Infocyte, based on the entity that you select in this field.
You can choose from the following options: Hostname, IP Address, or TargetID.
Filter Value Value of the filter based on which you want to filter hosts from Infocyte.
The filter value that you specify will be based on the Filter By option you have chosen.
Offset Index of the first item based on which the list of hosts are retrieved from Infocyte.
By default, this is set to 0.
Pagination Limit Maximum number of host records to be retrieved from Infocyte by this operation.
Open Query A generalized query that you can enter in this field to get details of hosts on Infocyte.
For example, {"where": {"hostname":"AD"}}}

Output

The output contains the following populated JSON schema:
[
  { 
     "port135": "", 
     "lastScannedOn": "", 
     "port5986": "", 
     "port22": "", 
     "accessWmi": "", 
     "accessSsh": "", 
     "osLinux": "", 
     "username": "", 
     "latency": "", 
     "agentId": "", 
     "accessible": "", 
     "lastScanDate": "", 
     "os": "", 
     "taskId": "", 
     "hostname": "", 
     "accessSmb": "", 
     "accessPs": "", 
     "port445": "", 
     "osOther": "", 
     "id": "", 
     "osOSX": "", 
     "ip": "", 
     "deleted": "", 
     "targetId": "", 
     "port139": "", 
     "accessRst": "", 
     "queryId": "", 
     "osWindows": "", 
     "ipstring": "", 
     "lastAccessedOn": "", 
     "failed": "", 
     "failureReason": "", 
     "accessAgent": "" 
  } 

]

operation: Get Target Group Details

Input parameters

Parameter Description
Target Group ID ID of the target group whose details you want to retrieve from Infocyte.
Offset Index of the first item based on which the list of target groups are retrieved from Infocyte.
By default, this is set to 0.
Pagination Limit Maximum number of target groups to be retrieved from Infocyte by this operation.
Open Query A generalized query that you can enter in this field to get details of target groups from Infocyte.
For example, {"where" : {"id" : "e42e963178fb46dbfac23c197dd0116149d4e81b"}}

Output

The output contains the following populated JSON schema:
[
  { 
     "deleted": "", 
     "totalAddressCount": "", 
     "lastScannedOn": "", 
     "id": "", 
     "reachableAddressCount": "", 
     "name": "", 
     "accessibleAddressCount": "" 
  }
]

operation: Run Scan

Input parameters

Parameter Description
Target ID ID of the target on which you want to run the scan on Infocyte.
Host Address ID ID of the host on which you want to run the scan on Infocyte.
Collect Drivers Select this option to collect driver information.
By default, this option is unchecked.
Collect Memory Select this option to collect memory information.
By default, this option is unchecked.
Collect Artifacts Select this option to collect artifacts information.
By default, this option is unchecked.
Collect Autostarts Select this option to collect autostarts information.
By default, this option is unchecked.
Collect Hooks Select this option to collect hooks information.
By default, this option is unchecked.
Collect Network Connections Select this option to collect network connections information.
By default, this option is unchecked.
Collect Applications Select this option to collect applications information.
By default, this option is unchecked.
Delete survey after execution Select this option to delete the survey after the scan is executed.
By default, this option is unchecked.
Delete log after execution Select this option to delete the logs after the scan is executed.
By default, this option is unchecked.

Output

The output contains the following populated JSON schema:
[
  { 
     "userTaskId": "" 
  }
]

operation: Get Scans

Input parameters

Note: All the input parameters are optional. However, if you do not specify any parameter, then no filter criterion is applied, and an unfiltered list is returned.

Parameter Description
Offset Index of the first item based on which the details of scans are retrieved from Infocyte.
By default, this is set to 0.
Pagination Limit Maximum number of scan records to be retrieved from Infocyte by this operation.
Open Query A generalized query that you can enter in this field to get details of scans from Infocyte.
For example,{"where": {"scanId":"306eb731-215b-1f1f-6c07-257d632d5687"}}}

Output

The output contains the following populated JSON schema:
[
  { 
     "ip": "", 
     "remediated": "", 
     "remediatedByUserId": "", 
     "boxId": "", 
     "id": "", 
     "completedOn": "", 
     "compromised": "", 
     "addressId": "", 
     "failed": "", 
     "scanId": "", 
     "remediatedOn": "", 
     "hostId": "" 
  }
]

operation: Get Scan Status By User Task ID

Input parameters

Parameter Description
User Task ID (Optional) ID of the user task whose scan status you want to retrieve from Infocyte.

Output

The output contains the following populated JSON schema:

     "status": "", 
     "jobId": "", 
     "createdOn": "", 
     "progress": "", 
     "endedOn": "", 
     "message": "", 
     "type": "", 
     "userId": "", 
     "id": "", 
     "itemCount": "", 
     "archived": "", 
     "stats": "", 
     "data": { 
         "scanName": "", 
         "scanId": "", 
         "updatedOn": "" 
     }, 
     "name": "", 
     "startedOn": "", 
     "relatedId": "" 
}

operation: Get Processes

Input parameters

Note: All the input parameters are optional. However, if you do not specify any parameter, then no filter criterion is applied, and an unfiltered list is returned.

Parameter Description
Target ID ID of the target whose basic process information you want to retrieve from Infocyte.
Duration

Duration for which you want to retrieve basic process information from Infocyte.

You can choose from the following options: Last 7 days, Last 30 days, or Last 90 days.

Scan ID On Target ID of the scan on target whose basic process information you want to retrieve from Infocyte.
Verified Good Select this option to collect verified good processes.
By default, this option is unchecked.
Probably Good Select this option to collect probably good processes.
By default, this option is unchecked.
Probably Bad Select this option to collect probably bad processes.
By default, this option is unchecked.
Verified Bad Select this option to collect verified bad processes.
By default, this option is unchecked.
Good Select this option to collect good processes.
By default, this option is unchecked.
Low Risk Select this option to collect low risk processes.
By default, this option is unchecked.
Bad Select this option to collect bad processes.
By default, this option is unchecked.
Suspicious Select this option to collect suspicious processes.
By default, this option is unchecked.
Unknown Select this option to collect unknown processes.
By default, this option is unchecked.
Whitelist Select this option to collect whitelist processes.
By default, this option is unchecked.
Blacklist Select this option to collect blacklist processes.
By default, this option is unchecked.
Process Score

Score operator based on which you want to collect processes from Infocyte.

You can choose from the following options: Between, Equals, Greater than, Greater or Equal, Less Than, Less or Equal.

Score Value Value for the score (considering what you have chosen from the Score drop-down list) based on which you want to collect processes from Infocyte.
Count

Count operator based on which you want to collect processes from Infocyte.

You can choose from the following options: Between, Equals, Greater than, Greater or Equal, Less Than, Less or Equal.

Count Value Value for the count (considering what you have chosen from the Count drop-down list) based on which you want to collect processes from Infocyte.
Signed Select this option to collect signed processes.
By default, this option is unchecked.
Not Signed Select this option to collect not signed processes.
By default, this option is unchecked.
Package Manager Select this option to collect package managed processes.
By default, this option is unchecked.
No Package Manager Select this option to collect not package managed processes.
By default, this option is unchecked.
Antivirus Data Select this option to collect antivirus data for processes.
By default, this option is unchecked.
No Antivirus Data Select this option to collect no antivirus data for processes.
By default, this option is unchecked.
Static Analysis Select this option to collect static analysis data for processes.
By default, this option is unchecked.
No Static Analysis Select this option to collect no static analysis data for processes.
By default, this option is unchecked.
Sandbox Analysis Select this option to collect sandbox analysis data for processes.
By default, this option is unchecked.
No Sandbox Analysis Select this option to collect no sandbox analysis data for processes.
By default, this option is unchecked.
Exclude Failures Select this option to exclude failures for processes.
By default, this option is unchecked.
Sort Order Orders the search results retrieved from Infocyte.
You can choose either Ascending or Descending.
Sort By Sorts the search results retrieved from Infocyte based on the filter criterion you have specified.
You can choose from the following options: Path, Hit Count, Threat Score, or Threat Weight.
Offset Offset, i.e., the index of the first item, based on which the basic information for processes are retrieved from Infocyte.
By default, this is set to 0.
Pagination Limit Maximum number of process records to be retrieved from Infocyte by this operation.
Open Query A generalized query that you can enter in this field to get details of processes from Infocyte.
For example, {"where" : {"id" : "013a30d953c16d2313956b76503532a542e1b8ac"}}
Following is an example of a complex open query
{"where":{"and":[{"and":[{"signed":true},{"hasAvScan":false}]},{"hitCount":{"gte":5}},{"boxId":"f0a14878-2012-4b8f-bf1c-f6922034686a"}]},"order":["threatWeight desc","id"],"limit":25,"skip":0}

Output

The output contains the following populated JSON schema:
[
  { 
     "flagWeight": "", 
     "localBlacklist": "", 
     "hitCount": "", 
     "threatScore": "", 
     "localWhitelist": "", 
     "flagColor": "", 
     "whitelist": "", 
     "name": "", 
     "path": "", 
     "id": "", 
     "hasAvScan": "", 
     "signed": "", 
     "blacklist": "", 
     "suspicious": "", 
     "boxId": "", 
     "dynamicAnalysis": "", 
     "staticAnalysis": "", 
     "managed": "", 
     "compromised": "", 
     "avPositives": "", 
     "notMalicious": "", 
     "size": "", 
     "flagId": "", 
     "fileRepId": "", 
     "unknown": "", 
     "threatName": "", 
     "synapse": "", 
     "malicious": "", 
     "threatWeight": "", 
     "avTotal": "", 
     "flagName": "", 
     "failed": "" 
  }
]

operation: Get Process Details

Input parameters

Note: All the input parameters are optional. However, if you do not specify any parameter, then no filter criterion is applied, and an unfiltered list is returned.

Parameter Description
Process ID ID of the process whose details you want to retrieve from Infocyte.
Pagination Limit Maximum number of process records to be retrieved from Infocyte by this operation.
Offset Offset, i.e., the index of the first item, based on which the details for the processes are retrieved from Infocyte.
By default, this is set to 0.

Output

The output contains the following populated JSON schema:
[
  { 
     "flagWeight": "", 
     "localBlacklist": "", 
     "hitCount": "", 
     "threatScore": "", 
     "localWhitelist": "", 
     "compromised": "", 
     "fileRepId": "", 
     "whitelist": "", 
     "name": "", 
     "timestampSubject": "", 
     "flagColor": "", 
     "avPositives": "", 
     "sha256": "", 
     "id": "", 
     "hasAvScan": "", 
     "signed": "", 
     "serialNumber": "", 
     "blacklist": "", 
     "suspicious": "", 
     "boxId": "", 
     "dynamicAnalysis": "", 
     "staticAnalysis": "", 
     "managed": "", 
     "subjectName": "", 
     "timestampIssuer": "", 
     "md5": "", 
     "path": "", 
     "issuerName": "", 
     "sha1": "", 
     "ssdeep": "", 
     "notMalicious": "", 
     "size": "", 
     "flagId": "", 
     "unknown": "", 
     "threatName": "", 
     "signatureType": "", 
     "synapse": "", 
     "malicious": "", 
     "threatWeight": "", 
     "avTotal": "", 
     "flagName": "", 
     "failed": "" 
  }
]

operation: Get Accounts

Input parameters

Note: All the input parameters are optional. However, if you do not specify any parameter, then no filter criterion is applied, and an unfiltered list is returned.

Parameter Description
Target ID ID of the target whose accounts details you want to retrieve from Infocyte.
Duration

Duration for which you want to retrieve account details from Infocyte.

You can choose from the following options: Last 7 days, Last 30 days, or Last 90 days.

Scan ID On Target ID of the scan on the target whose account information you want to retrieve from Infocyte.
Admin Select this option to collect admin privilege accounts.
By default, this option is unchecked.
User Select this option to collect user privilege accounts.
By default, this option is unchecked.
Guest Select this option to collect guest privilege accounts.
By default, this option is unchecked.
Sort Order Orders the search results retrieved from Infocyte.
You can choose either Ascending or Descending.
Sort By Sorts the search results retrieved from Infocyte based on the filter criterion you have specified.
You can choose from the following options: Name, Domain, Privileges, Hit Count, Logon Count, or Compromised.
Offset Offset, i.e., the index of the first item, based on which the details of accounts are retrieved from Infocyte.
By default, this is set to 0.
Pagination Limit Maximum number of account records to be retrieved from Infocyte by this operation.
Open Query A generalized query that you can enter in this field to get details of accounts from Infocyte.
For example, {"where" : {"id" : "0033240e-0612-40f0-8f5a-0bb891c53624"}}

Output

The output contains the following populated JSON schema:
[

  { 
     "boxId": "", 
     "flagWeight": "", 
     "domain": "", 
     "remediatedBy": "", 
     "hitCount": "", 
     "remediatedByUserId": "", 
     "flagName": "", 
     "name": "", 
     "logonCount": "", 
     "remediatedOn": "", 
     "flagId": "", 
     "uid": "", 
     "id": "", 
     "compromised": "", 
     "priv": "", 
     "accountId": "", 
     "flagColor": "", 
     "remediated": "" 
  }
]

operation: Get Modules

Input parameters

Note: All the input parameters are optional. However, if you do not specify any parameter, then no filter criterion is applied, and an unfiltered list is returned.

Parameter Description
Target ID ID of the target whose module basic information you want to retrieve from Infocyte.
Duration

Duration for which you want to retrieve basic module information details from Infocyte.

You can choose from the following options: Last 7 days, Last 30 days, or Last 90 days.

Scan ID On Target ID of the scan on the target whose basic module information you want to retrieve from Infocyte.
Verified Good Select this option to collect verified good modules.
By default, this option is unchecked.
Probably Good Select this option to collect probably good modules.
By default, this option is unchecked.
Probably Bad Select this option to collect probably bad modules.
By default, this option is unchecked.
Verified Bad Select this option to collect verified bad modules.
By default, this option is unchecked.
Good Select this option to collect good modules.
By default, this option is unchecked.
Low Risk Select this option to collect low risk modules.
By default, this option is unchecked.
Bad Select this option to collect bad modules.
By default, this option is unchecked.
Suspicious Select this option to collect suspicious modules.
By default, this option is unchecked.
Unknown Select this option to collect unknown modules.
By default, this option is unchecked.
Whitelist Select this option to collect whitelist modules.
By default, this option is unchecked.
Blacklist Select this option to collect blacklist modules.
By default, this option is unchecked.
Module Score

Score operator based on which you want to collect modules from Infocyte.

You can choose from the following options: Between, Equals, Greater than, Greater or Equal, Less Than, Less or Equal.

Score Value Value for the score (considering what you have chosen from the Score drop-down list) based on which you want to collect modules from Infocyte.
Count

Count operator based on which you want to collect modules from Infocyte.

You can choose from the following options: Between, Equals, Greater than, Greater or Equal, Less Than, Less or Equal.

Count Value Value for the count (considering what you have chosen from the Count drop-down list) based on which you want to collect modules from Infocyte.
Signed Select this option to collect signed modules.
By default, this option is unchecked.
Not Signed Select this option to collect not signed modules. By default, this option is unchecked.
Package Manager Select this option to collect package managed modules. By default, this option is unchecked.
No Package Manager Select this option to collect not package managed modules.
By default, this option is unchecked.
Antivirus Data Select this option to collect antivirus data for modules.
By default, this option is unchecked.
No Antivirus Data Select this option to collect no antivirus data for modules.
By default, this option is unchecked.
Static Analysis Select this option to collect static analysis data for modules.
By default, this option is unchecked.
No Static Analysis Select this option to collect no static analysis data for modules.
By default, this option is unchecked.
Sandbox Analysis Select this option to collect sandbox analysis data for modules.
By default, this option is unchecked.
No Sandbox Analysis Select this option to collect no sandbox analysis data for modules.
By default, this option is unchecked.
Exclude Failures Select this option to exclude failures for modules.
By default, this option is unchecked.
Sort Order Orders the search results retrieved from Infocyte.
You can choose either Ascending or Descending.
Sort By

Sorts the search results retrieved from Infocyte based on the filter criterion you have specified.

You can choose from the following options: Path, Hit Count, Threat Score, or Threat Weight.

Offset Offset, i.e., the index of the first item, based on which the basic information for modules are retrieved from Infocyte.
By default, this is set to 0.
Pagination Limit Maximum number of module records to be retrieved from Infocyte by this operation.
Open Query A generalized query that you can enter in this field to get details of modules from Infocyte.
For example, {"where" : {"id" : "1443b55832f5499cd5989bc69115674371d877f7"}}

Output

The output contains the following populated JSON schema:
[
  { 
     "flagWeight": "", 
     "localBlacklist": "", 
     "hitCount": "", 
     "threatScore": "", 
     "localWhitelist": "", 
     "flagColor": "", 
     "whitelist": "", 
     "name": "", 
     "path": "", 
     "id": "", 
     "hasAvScan": "", 
     "signed": "", 
     "blacklist": "", 
     "suspicious": "", 
     "boxId": "", 
     "dynamicAnalysis": "", 
     "staticAnalysis": "", 
     "managed": "", 
     "compromised": "", 
     "avPositives": "", 
     "notMalicious": "", 
     "size": "", 
     "flagId": "", 
     "fileRepId": "", 
     "unknown": "", 
     "threatName": "", 
     "synapse": "", 
     "malicious": "", 
     "threatWeight": "", 
     "avTotal": "", 
     "flagName": "", 
     "failed": "" 
  }
]

operation: Get Module Details

Input parameters

Note: All the input parameters are optional. However, if you do not specify any parameter, then no filter criterion is applied, and an unfiltered list is returned.

Parameter Description
Module ID ID of the module whose details you want to retrieve from Infocyte.
Offset Offset, i.e., the index of the first item, based on which the details for modules are retrieved from Infocyte.
By default, this is set to 0.
Pagination Limit Maximum number of module records to be retrieved from Infocyte by this operation.

Output

The output contains the following populated JSON schema:
[
  { 
     "flagWeight": "", 
     "localBlacklist": "", 
     "hitCount": "", 
     "threatScore": "", 
     "localWhitelist": "", 
     "compromised": "", 
     "fileRepId": "", 
     "whitelist": "", 
     "name": "", 
     "timestampSubject": "", 
     "flagColor": "", 
     "avPositives": "", 
     "sha256": "", 
     "id": "", 
     "hasAvScan": "", 
     "signed": "", 
     "serialNumber": "", 
     "blacklist": "", 
     "suspicious": "", 
     "boxId": "", 
     "dynamicAnalysis": "", 
     "staticAnalysis": "", 
     "managed": "", 
     "subjectName": "", 
     "timestampIssuer": "", 
     "md5": "", 
     "path": "", 
     "issuerName": "", 
     "sha1": "", 
     "ssdeep": "", 
     "notMalicious": "", 
     "size": "", 
     "flagId": "", 
     "unknown": "", 
     "threatName": "", 
     "signatureType": "", 
     "synapse": "", 
     "malicious": "", 
     "threatWeight": "", 
     "avTotal": "", 
     "flagName": "", 
     "failed": "" 
  }
]

operation: Get Drivers

Input parameters

Note: All the input parameters are optional. However, if you do not specify any parameter, then no filter criterion is applied, and an unfiltered list is returned.

Parameter Description
Target ID ID of the target whose driver basic information you want to retrieve from Infocyte.
Duration

Duration for which you want to retrieve driver basic information from Infocyte.

You can choose from the following options: Last 7 days, Last 30 days, or Last 90 days.

Scan ID On Target ID of the scan on the target whose driver basic information you want to retrieve from Infocyte.
Verified Good Select this option to collect verified good drivers.
By default, this option is unchecked.
Probably Good Select this option to collect probably good drivers.
By default, this option is unchecked.
Probably Bad Select this option to collect probably bad drivers.
By default, this option is unchecked.
Verified Bad Select this option to collect verified bad drivers.
By default, this option is unchecked.
Good Select this option to collect good drivers.
By default, this option is unchecked.
Low Risk Select this option to collect low risk drivers.
By default, this option is unchecked.
Bad Select this option to collect bad drivers.
By default, this option is unchecked.
Suspicious Select this option to collect suspicious drivers.
By default, this option is unchecked.
Unknown Select this option to collect unknown drivers.
By default, this option is unchecked.
Whitelist Select this option to collect whitelist drivers.
By default, this option is unchecked.
Blacklist Select this option to collect blacklist drivers.
By default, this option is unchecked.
Driver Score

Score operator based on which you want to collect divers from Infocyte.

You can choose from the following options: Between, Equals, Greater than, Greater or Equal, Less Than, Less or Equal.

Score Value Value for the score (considering what you have chosen from the Score drop-down list) based on which you want to collect drivers from Infocyte.
Count

Count operator based on which you want to collect drivers from Infocyte.

You can choose from the following options: Between, Equals, Greater than, Greater or Equal, Less Than, Less or Equal.

Count Value Value for the count (considering what you have chosen from the Count drop-down list) based on which you want to collect drivers from Infocyte.
Signed Select this option to collect signed drivers.
By default, this option is unchecked.
Not Signed Select this option to collect not signed drivers.
By default, this option is unchecked.
Package Manager Select this option to collect package managed drivers.
By default, this option is unchecked.
No Package Manager Select this option to collect not package managed drivers.
By default, this option is unchecked.
Antivirus Data Select this option to collect antivirus data for drivers.
By default, this option is unchecked.
No Antivirus Data Select this option to collect no antivirus data for drivers.
By default, this option is unchecked.
Static Analysis Select this option to collect static analysis data for drivers.
By default, this option is unchecked.
No Static Analysis Select this option to collect no static analysis data for drivers.
By default, this option is unchecked.
Sandbox Analysis Select this option to collect sandbox analysis data for drivers.
By default, this option is unchecked.
No Sandbox Analysis Select this option to collect no sandbox analysis data for drivers.
By default, this option is unchecked.
Exclude Failures Select this option to exclude failures for drivers.
By default, this option is unchecked.
Sort Order Orders the search results retrieved from Infocyte.
You can choose either Ascending or Descending.
Sort By

Sorts the search results retrieved from Infocyte based on the filter criterion you have specified.

You can choose from the following options: Path, Hit Count, Threat Score, or Threat Weight.

Offset Offset, i.e., the index of the first item, based on which the basic information for drivers are retrieved from Infocyte.
By default, this is set to 0.
Pagination Limit Maximum number of driver records to be retrieved from Infocyte by this operation.
Open Query A generalized query that you can enter in this field to get details of drivers from Infocyte.
For example, {"where" : {"id" : "019b92c309e1e700e94e6d9bf7710d6f868db650"}}

Output

The output contains the following populated JSON schema:
[
  { 
     "flagWeight": "", 
     "localBlacklist": "", 
     "hitCount": "", 
     "threatScore": "", 
     "localWhitelist": "", 
     "flagColor": "", 
     "whitelist": "", 
     "name": "", 
     "path": "", 
     "id": "", 
     "hasAvScan": "", 
     "signed": "", 
     "blacklist": "", 
     "suspicious": "", 
     "boxId": "", 
     "dynamicAnalysis": "", 
     "staticAnalysis": "", 
     "managed": "", 
     "compromised": "", 
     "avPositives": "", 
     "notMalicious": "", 
     "size": "", 
     "flagId": "", 
     "fileRepId": "", 
     "unknown": "", 
     "threatName": "", 
     "synapse": "", 
     "malicious": "", 
     "threatWeight": "", 
     "avTotal": "", 
     "flagName": "", 
     "failed": "" 
  }
]

operation: Get Driver Details

Input parameters

Parameter Description
Driver ID ID of the driver whose details you want to retrieve from Infocyte.
Offset Offset, i.e., the index of the first item, based on which the details for drivers are retrieved from Infocyte.
By default, this is set to 0.
Pagination Limit Maximum number of driver records to be retrieved from Infocyte by this operation.

Output

The output contains the following populated JSON schema:
[
  { 
     "flagWeight": "", 
     "localBlacklist": "", 
     "hitCount": "", 
     "threatScore": "", 
     "localWhitelist": "", 
     "compromised": "", 
     "fileRepId": "", 
     "whitelist": "", 
     "name": "", 
     "timestampSubject": "", 
     "flagColor": "", 
     "avPositives": "", 
     "sha256": "", 
     "id": "", 
     "hasAvScan": "", 
     "signed": "", 
     "serialNumber": "", 
     "blacklist": "", 
     "suspicious": "", 
     "boxId": "", 
     "dynamicAnalysis": "", 
     "staticAnalysis": "", 
     "managed": "", 
     "subjectName": "", 
     "timestampIssuer": "", 
     "md5": "", 
     "path": "", 
     "issuerName": "", 
     "sha1": "", 
     "ssdeep": "", 
     "notMalicious": "", 
     "size": "", 
     "flagId": "", 
     "unknown": "", 
     "threatName": "", 
     "signatureType": "", 
     "synapse": "", 
     "malicious": "", 
     "threatWeight": "", 
     "avTotal": "", 
     "flagName": "", 
     "failed": "" 
  }
]

operation: Get Artifacts

Input parameters

Note: All the input parameters are optional. However, if you do not specify any parameter, then no filter criterion is applied, and an unfiltered list is returned.

Parameter Description
Target ID ID of the target whose basic artifact information you want to retrieve from Infocyte.
Duration

Duration for which you want to retrieve basic artifact information from Infocyte.

You can choose from the following options: Last 7 days, Last 30 days, or Last 90 days.

Scan ID On Target ID of the scan on the target whose basic artifact information you want to retrieve from Infocyte.
Verified Good Select this option to collect verified good artifacts.
By default, this option is unchecked.
Probably Good Select this option to collect probably good artifacts.
By default, this option is unchecked.
Probably Bad Select this option to collect probably bad artifacts.
By default, this option is unchecked.
Verified Bad Select this option to collect verified bad artifacts.
By default, this option is unchecked.
Good Select this option to collect good artifacts.
By default, this option is unchecked.
Low Risk Select this option to collect low risk artifacts.
By default, this option is unchecked.
Bad Select this option to collect bad artifacts.
By default, this option is unchecked.
Suspicious Select this option to collect suspicious artifacts.
By default, this option is unchecked.
Unknown Select this option to collect unknown artifacts.
By default, this option is unchecked.
Whitelist Select this option to collect whitelist artifacts.
By default, this option is unchecked.
Blacklist Select this option to collect blacklist artifacts.
By default, this option is unchecked.
Artifact Score

Score operator based on which you want to collect artifacts from Infocyte.

You can choose from the following options: Between, Equals, Greater than, Greater or Equal, Less Than, Less or Equal.

Score Value

Value for the score (considering what you have chosen from the Score drop-down list) based on which you want to collect artifacts from Infocyte.

Count

Count operator based on which you want to collect artifacts from Infocyte.

You can choose from the following options: Between, Equals, Greater than, Greater or Equal, Less Than, Less or Equal.

Count Value Value for the count (considering what you have chosen from the Count drop-down list) based on which you want to collect artifacts from Infocyte.
Signed Select this option to collect signed artifacts.
By default, this option is unchecked.
Not Signed Select this option to collect not signed artifacts.
By default, this option is unchecked.
Package Manager Select this option to collect package managed artifacts.
By default, this option is unchecked.
No Package Manager Select this option to collect not package managed artifacts.
By default, this option is unchecked.
Antivirus Data Select this option to collect antivirus data for artifacts.
By default, this option is unchecked.
No Antivirus Data Select this option to collect no antivirus data for artifacts.
By default, this option is unchecked.
Static Analysis Select this option to collect static analysis data for artifacts.
By default, this option is unchecked.
No Static Analysis Select this option to collect no static analysis data for artifacts.
By default, this option is unchecked.
Sandbox Analysis Select this option to collect sandbox analysis data for artifacts.
By default, this option is unchecked.
No Sandbox Analysis Select this option to collect no sandbox analysis data for artifacts.
By default, this option is unchecked.
Exclude Failures Select this option to exclude failures for artifacts.
By default, this option is unchecked.
Sort Order Orders the search results retrieved from Infocyte.
You can choose either Ascending or Descending.
Sort By

Sorts the search results retrieved from Infocyte based on the filter criterion you have specified.

You can choose from the following options: Path, Hit Count, Threat Score, or Threat Weight.

Offset Offset, i.e., the index of the first item, based on which the basic information of the artifacts are retrieved from Infocyte.
By default, this is set to 0.
Pagination Limit Maximum number of artifact records to be retrieved from Infocyte by this operation.
Open Query A generalized query that you can enter in this field to get details of artifacts from Infocyte.
For example, {"where" : {"id" : "000c5fa0548fe249b5e1f37d496ea6078aaf6301"}}

Output

The output contains the following populated JSON schema:
[
  { 
     "flagWeight": "", 
     "localBlacklist": "", 
     "hitCount": "", 
     "threatScore": "", 
     "localWhitelist": "", 
     "flagColor": "", 
     "whitelist": "", 
     "name": "", 
     "path": "", 
     "id": "", 
     "hasAvScan": "", 
     "signed": "", 
     "blacklist": "", 
     "suspicious": "", 
     "boxId": "", 
     "dynamicAnalysis": "", 
     "staticAnalysis": "", 
     "managed": "", 
     "compromised": "", 
     "avPositives": "", 
     "notMalicious": "", 
     "size": "", 
     "flagId": "", 
     "fileRepId": "", 
     "unknown": "", 
     "threatName": "", 
     "synapse": "", 
     "malicious": "", 
     "threatWeight": "", 
     "avTotal": "", 
     "flagName": "", 
     "failed": "" 
  }
]

operation: Get Artifact Details

Input parameters

Parameter Description
Artifact ID ID of the artifact whose details you want to retrieve from Infocyte.
Offset Offset, i.e., the index of the first item, based on which the details of the artifacts are retrieved from Infocyte.
By default, this is set to 0.
Pagination Limit Maximum number of artifact records to be retrieved from Infocyte by this operation.

Output

The output contains the following populated JSON schema:
[
  { 
     "flagWeight": "", 
     "localBlacklist": "", 
     "hitCount": "", 
     "threatScore": "", 
     "localWhitelist": "", 
     "compromised": "", 
     "fileRepId": "", 
     "whitelist": "", 
     "name": "", 
     "timestampSubject": "", 
     "flagColor": "", 
     "avPositives": "", 
     "sha256": "", 
     "id": "", 
     "hasAvScan": "", 
     "signed": "", 
     "serialNumber": "", 
     "blacklist": "", 
     "suspicious": "", 
     "boxId": "", 
     "dynamicAnalysis": "", 
     "staticAnalysis": "", 
     "managed": "", 
     "subjectName": "", 
     "timestampIssuer": "", 
     "md5": "", 
     "path": "", 
     "issuerName": "", 
     "sha1": "", 
     "ssdeep": "", 
     "notMalicious": "", 
     "size": "", 
     "flagId": "", 
     "unknown": "", 
     "threatName": "", 
     "signatureType": "", 
     "synapse": "", 
     "malicious": "", 
     "threatWeight": "", 
     "avTotal": "", 
     "flagName": "", 
     "failed": "" 
  }
]

Included playbooks

The Sample - Infocyte - 1.0.0 playbook collection comes bundled with the Infocyte connector. These playbooks contain steps using which you can perform all supported actions. You can see bundled playbooks in the Automation > Playbooks section in FortiSOAR™ after importing the Infocyte connector.

  • Get Accounts
  • Get Artifact Details
  • Get Artifacts
  • Get Driver Details
  • Get Drivers
  • Get Host Addresses
  • Get Host Artifacts
  • Get Module Details
  • Get Modules
  • Get Process Details
  • Get Processes
  • Get Scans
  • Get Scans Of Target
  • Get Scan Status By User Task ID
  • Get Target Group Details
  • Run Scan

Note: If you are planning to use any of the sample playbooks in your environment, ensure that you clone those playbooks and move them to a different collection since the sample playbook collection gets deleted during connector upgrade and delete.

About the connector

Infocyte automates the process of threat hunting, allowing you to dig deep into forensics and eliminate threats quickly.

This document provides information about the Infocyte connector, which facilitates automated interactions, with your Infocyte server using FortiSOAR™ playbooks. Add the Infocyte connector, as a step in FortiSOAR™ playbooks and perform automated operations such as retrieving a list of hosts that are added in Infocyte, triggering a scan on a host, and retrieving scan details from Infocyte. 

Version information

Connector Version: 1.0.0

FortiSOAR™ Version Tested on: 4.12.1-253

Authored By: Fortinet

Certified: Yes

Installing the connector

All connectors provided by FortiSOAR™ are delivered using a FortiSOAR™ repository. Therefore, you must set up your FortiSOAR™ repository and use the yum command to install connectors:

yum install cyops-connector-infocyte

For the detailed procedure to install a connector, click here

Prerequisites to configuring the connector

Configuring the connector

For the procedure to configure a connector, click here

Configuration parameters

In FortiSOAR™, on the Connectors page, click the Infocyte connector row, and in the Configure tab enter the required configuration details.

Parameter Description
Server URL URL of the Infocyte server to which you will connect and perform the automated operations.
Username Username for the Infocyte server to which you will connect and perform the automated operations.
Password Password for the Infocyte server to which you will connect and perform the automated operations.
Verify SSL Specifies whether the SSL certificate for the server is to be verified or not.
By default, this option is set as True.

Actions supported by the connector

The following automated operations can be included in playbooks, and you can also use the annotations to access operations from FortiSOAR™ release 4.10.0 and onwards:

Function Description Annotation and Category
Get Scans Of Target Get scans associated with a specific target from Infocyte, based on the target ID you have specified. get_scans_of_target
Investigation
Get Hosts Artifacts Retrieves details of all artifacts or a specific artifact associated with hosts, based on the open query you have specified from Infocyte. get_hosts_artifacts
Investigation
Get Host Addresses Retrieves addresses of all the hosts, or specific hosts based on the host ID and other input parameters you have specified from Infocyte. get_host_address
Investigation
Get Target Group Details Retrieves details of all target groups, or specific target groups, based on the target group ID and other input parameters you have specified from Infocyte. get_target_group
Investigation
Run Scan Triggers a scan on a host on Infocyte based on the target ID, and optionally the host address ID and other input parameters that you have specified. run_scan
Investigation
Get Scans Retrieves details of all scans, or specific scans based on the input parameters that you have specified from Infocyte. get_scans
Investigation
Get Scan Status By User Task ID Retrieves the status of all scans, or specific scans based on the user task ID that you have specified from Infocyte. get_scan_status_by_user_taskid
Investigation
Get Processes Retrieves basic information, such as threat, score, etc for all processes, or specific processes based on the target ID and other input parameters that you have specified from Infocyte. get_processes
Investigation
Get Process Details Retrieves all details for all processes, or specific processes based on the process ID and other input parameters that you have specified from Infocyte. get_processes_details
Investigation
Get Accounts Retrieves details of all accounts, or specific accounts based on the target ID and other input parameters that you have specified from Infocyte. get_accounts
Investigation
Get Modules Retrieves basic information, such as threat, score, etc for all modules, or specific module based on the target ID and other input parameters that you have specified from Infocyte. get_modules
Investigation
Get Module Details Retrieves all details for all modules, or specific module based on the module ID that you have specified from Infocyte. get_modules_details
Investigation
Get Drivers Retrieves basic information, such as threat, score, etc for all drivers, or specific driver based on the target ID and other input parameters that you have specified from Infocyte. get_drivers
Investigation
Get Driver Details Retrieves details of all drivers, or specific drivers based on the driver ID that you have specified from Infocyte. get_drivers_details 
Investigation
Get Artifacts Retrieves basic information, such as threat, score, etc for all artifacts, or specific artifact based on the target ID and other input parameters that you have specified from Infocyte. get_artifacts
Investigation
Get Artifact Details Retrieves details of all artifacts, or specific artifacts based on the artifact ID that you have specified from Infocyte. get_artifacts_details
Investigation

operation: Get Scans Of Target

Input parameters

Parameter Description
Target ID ID of the target whose associated scans details you want to retrieve from Infocyte.

Output

The output contains the following populated JSON schema:
[
  { 
     "startedOn": "", 
     "autostartCount": "", 
     "moduleCount": "", 
     "accountCount": "", 
     "targetDeleted": "", 
     "completedOn": "", 
     "memoryCount": "", 
     "id": "", 
     "totalHostCount": "", 
     "name": "", 
     "applicationCount": "", 
     "hookCount": "", 
     "targetId": "", 
     "scriptCount": "", 
     "processCount": "", 
     "artifactCount": "", 
     "connectionCount": "", 
     "updatedOn": "", 
     "hostCount": "", 
     "targetName": "", 
     "driverCount": "" 
  }
]

operation: Get Hosts Artifacts

Input parameters

Parameter Description
Open Query (Optional) A generalized query that you can enter in this field to get artifacts details for hosts on Infocyte.
For example, {"where" : {"hostname":"AD"}}

Output

The output contains the following populated JSON schema:
[
  { 
     "hostname": "", 
     "hostId": "", 
     "signed": "", 
     "path": "", 
     "avTotal": "", 
     "hasAvScan": "", 
     "staticAnalysis": "", 
     "notMalicious": "", 
     "hostScanId": "", 
     "synapse": "", 
     "whitelist": "", 
     "flagName": "", 
     "managed": "", 
     "flagColor": "", 
     "localWhitelist": "", 
     "compromised": "", 
     "threatWeight": "", 
     "localBlacklist": "", 
     "scannedOn": "", 
     "blacklist": "", 
     "modifiedOn": "", 
     "artifactType": "", 
     "suspicious": "", 
     "threatScore": "", 
     "avPositives": "", 
     "unknown": "", 
     "id": "", 
     "flagWeight": "", 
     "name": "", 
     "artifactId": "", 
     "scanId": "", 
     "hitCount": "", 
     "threatName": "", 
     "malicious": "", 
     "dynamicAnalysis": "", 
     "flagId": "", 
     "failed": "", 
     "fileRepId": "" 
  }
]

operation: Get Host Addresses

Input parameters

Note: All the input parameters are optional. However, if you do not specify any parameter, then no filter criterion is applied, and an unfiltered list is returned.
The 'id' field in the output is the address ID.

Parameter Description
Filter By Filter hosts that are retrieved from Infocyte, based on the entity that you select in this field.
You can choose from the following options: Hostname, IP Address, or TargetID.
Filter Value Value of the filter based on which you want to filter hosts from Infocyte.
The filter value that you specify will be based on the Filter By option you have chosen.
Offset Index of the first item based on which the list of hosts are retrieved from Infocyte.
By default, this is set to 0.
Pagination Limit Maximum number of host records to be retrieved from Infocyte by this operation.
Open Query A generalized query that you can enter in this field to get details of hosts on Infocyte.
For example, {"where": {"hostname":"AD"}}}

Output

The output contains the following populated JSON schema:
[
  { 
     "port135": "", 
     "lastScannedOn": "", 
     "port5986": "", 
     "port22": "", 
     "accessWmi": "", 
     "accessSsh": "", 
     "osLinux": "", 
     "username": "", 
     "latency": "", 
     "agentId": "", 
     "accessible": "", 
     "lastScanDate": "", 
     "os": "", 
     "taskId": "", 
     "hostname": "", 
     "accessSmb": "", 
     "accessPs": "", 
     "port445": "", 
     "osOther": "", 
     "id": "", 
     "osOSX": "", 
     "ip": "", 
     "deleted": "", 
     "targetId": "", 
     "port139": "", 
     "accessRst": "", 
     "queryId": "", 
     "osWindows": "", 
     "ipstring": "", 
     "lastAccessedOn": "", 
     "failed": "", 
     "failureReason": "", 
     "accessAgent": "" 
  } 

]

operation: Get Target Group Details

Input parameters

Parameter Description
Target Group ID ID of the target group whose details you want to retrieve from Infocyte.
Offset Index of the first item based on which the list of target groups are retrieved from Infocyte.
By default, this is set to 0.
Pagination Limit Maximum number of target groups to be retrieved from Infocyte by this operation.
Open Query A generalized query that you can enter in this field to get details of target groups from Infocyte.
For example, {"where" : {"id" : "e42e963178fb46dbfac23c197dd0116149d4e81b"}}

Output

The output contains the following populated JSON schema:
[
  { 
     "deleted": "", 
     "totalAddressCount": "", 
     "lastScannedOn": "", 
     "id": "", 
     "reachableAddressCount": "", 
     "name": "", 
     "accessibleAddressCount": "" 
  }
]

operation: Run Scan

Input parameters

Parameter Description
Target ID ID of the target on which you want to run the scan on Infocyte.
Host Address ID ID of the host on which you want to run the scan on Infocyte.
Collect Drivers Select this option to collect driver information.
By default, this option is unchecked.
Collect Memory Select this option to collect memory information.
By default, this option is unchecked.
Collect Artifacts Select this option to collect artifacts information.
By default, this option is unchecked.
Collect Autostarts Select this option to collect autostarts information.
By default, this option is unchecked.
Collect Hooks Select this option to collect hooks information.
By default, this option is unchecked.
Collect Network Connections Select this option to collect network connections information.
By default, this option is unchecked.
Collect Applications Select this option to collect applications information.
By default, this option is unchecked.
Delete survey after execution Select this option to delete the survey after the scan is executed.
By default, this option is unchecked.
Delete log after execution Select this option to delete the logs after the scan is executed.
By default, this option is unchecked.

Output

The output contains the following populated JSON schema:
[
  { 
     "userTaskId": "" 
  }
]

operation: Get Scans

Input parameters

Note: All the input parameters are optional. However, if you do not specify any parameter, then no filter criterion is applied, and an unfiltered list is returned.

Parameter Description
Offset Index of the first item based on which the details of scans are retrieved from Infocyte.
By default, this is set to 0.
Pagination Limit Maximum number of scan records to be retrieved from Infocyte by this operation.
Open Query A generalized query that you can enter in this field to get details of scans from Infocyte.
For example,{"where": {"scanId":"306eb731-215b-1f1f-6c07-257d632d5687"}}}

Output

The output contains the following populated JSON schema:
[
  { 
     "ip": "", 
     "remediated": "", 
     "remediatedByUserId": "", 
     "boxId": "", 
     "id": "", 
     "completedOn": "", 
     "compromised": "", 
     "addressId": "", 
     "failed": "", 
     "scanId": "", 
     "remediatedOn": "", 
     "hostId": "" 
  }
]

operation: Get Scan Status By User Task ID

Input parameters

Parameter Description
User Task ID (Optional) ID of the user task whose scan status you want to retrieve from Infocyte.

Output

The output contains the following populated JSON schema:

     "status": "", 
     "jobId": "", 
     "createdOn": "", 
     "progress": "", 
     "endedOn": "", 
     "message": "", 
     "type": "", 
     "userId": "", 
     "id": "", 
     "itemCount": "", 
     "archived": "", 
     "stats": "", 
     "data": { 
         "scanName": "", 
         "scanId": "", 
         "updatedOn": "" 
     }, 
     "name": "", 
     "startedOn": "", 
     "relatedId": "" 
}

operation: Get Processes

Input parameters

Note: All the input parameters are optional. However, if you do not specify any parameter, then no filter criterion is applied, and an unfiltered list is returned.

Parameter Description
Target ID ID of the target whose basic process information you want to retrieve from Infocyte.
Duration

Duration for which you want to retrieve basic process information from Infocyte.

You can choose from the following options: Last 7 days, Last 30 days, or Last 90 days.

Scan ID On Target ID of the scan on target whose basic process information you want to retrieve from Infocyte.
Verified Good Select this option to collect verified good processes.
By default, this option is unchecked.
Probably Good Select this option to collect probably good processes.
By default, this option is unchecked.
Probably Bad Select this option to collect probably bad processes.
By default, this option is unchecked.
Verified Bad Select this option to collect verified bad processes.
By default, this option is unchecked.
Good Select this option to collect good processes.
By default, this option is unchecked.
Low Risk Select this option to collect low risk processes.
By default, this option is unchecked.
Bad Select this option to collect bad processes.
By default, this option is unchecked.
Suspicious Select this option to collect suspicious processes.
By default, this option is unchecked.
Unknown Select this option to collect unknown processes.
By default, this option is unchecked.
Whitelist Select this option to collect whitelist processes.
By default, this option is unchecked.
Blacklist Select this option to collect blacklist processes.
By default, this option is unchecked.
Process Score

Score operator based on which you want to collect processes from Infocyte.

You can choose from the following options: Between, Equals, Greater than, Greater or Equal, Less Than, Less or Equal.

Score Value Value for the score (considering what you have chosen from the Score drop-down list) based on which you want to collect processes from Infocyte.
Count

Count operator based on which you want to collect processes from Infocyte.

You can choose from the following options: Between, Equals, Greater than, Greater or Equal, Less Than, Less or Equal.

Count Value Value for the count (considering what you have chosen from the Count drop-down list) based on which you want to collect processes from Infocyte.
Signed Select this option to collect signed processes.
By default, this option is unchecked.
Not Signed Select this option to collect not signed processes.
By default, this option is unchecked.
Package Manager Select this option to collect package managed processes.
By default, this option is unchecked.
No Package Manager Select this option to collect not package managed processes.
By default, this option is unchecked.
Antivirus Data Select this option to collect antivirus data for processes.
By default, this option is unchecked.
No Antivirus Data Select this option to collect no antivirus data for processes.
By default, this option is unchecked.
Static Analysis Select this option to collect static analysis data for processes.
By default, this option is unchecked.
No Static Analysis Select this option to collect no static analysis data for processes.
By default, this option is unchecked.
Sandbox Analysis Select this option to collect sandbox analysis data for processes.
By default, this option is unchecked.
No Sandbox Analysis Select this option to collect no sandbox analysis data for processes.
By default, this option is unchecked.
Exclude Failures Select this option to exclude failures for processes.
By default, this option is unchecked.
Sort Order Orders the search results retrieved from Infocyte.
You can choose either Ascending or Descending.
Sort By Sorts the search results retrieved from Infocyte based on the filter criterion you have specified.
You can choose from the following options: Path, Hit Count, Threat Score, or Threat Weight.
Offset Offset, i.e., the index of the first item, based on which the basic information for processes are retrieved from Infocyte.
By default, this is set to 0.
Pagination Limit Maximum number of process records to be retrieved from Infocyte by this operation.
Open Query A generalized query that you can enter in this field to get details of processes from Infocyte.
For example, {"where" : {"id" : "013a30d953c16d2313956b76503532a542e1b8ac"}}
Following is an example of a complex open query
{"where":{"and":[{"and":[{"signed":true},{"hasAvScan":false}]},{"hitCount":{"gte":5}},{"boxId":"f0a14878-2012-4b8f-bf1c-f6922034686a"}]},"order":["threatWeight desc","id"],"limit":25,"skip":0}

Output

The output contains the following populated JSON schema:
[
  { 
     "flagWeight": "", 
     "localBlacklist": "", 
     "hitCount": "", 
     "threatScore": "", 
     "localWhitelist": "", 
     "flagColor": "", 
     "whitelist": "", 
     "name": "", 
     "path": "", 
     "id": "", 
     "hasAvScan": "", 
     "signed": "", 
     "blacklist": "", 
     "suspicious": "", 
     "boxId": "", 
     "dynamicAnalysis": "", 
     "staticAnalysis": "", 
     "managed": "", 
     "compromised": "", 
     "avPositives": "", 
     "notMalicious": "", 
     "size": "", 
     "flagId": "", 
     "fileRepId": "", 
     "unknown": "", 
     "threatName": "", 
     "synapse": "", 
     "malicious": "", 
     "threatWeight": "", 
     "avTotal": "", 
     "flagName": "", 
     "failed": "" 
  }
]

operation: Get Process Details

Input parameters

Note: All the input parameters are optional. However, if you do not specify any parameter, then no filter criterion is applied, and an unfiltered list is returned.

Parameter Description
Process ID ID of the process whose details you want to retrieve from Infocyte.
Pagination Limit Maximum number of process records to be retrieved from Infocyte by this operation.
Offset Offset, i.e., the index of the first item, based on which the details for the processes are retrieved from Infocyte.
By default, this is set to 0.

Output

The output contains the following populated JSON schema:
[
  { 
     "flagWeight": "", 
     "localBlacklist": "", 
     "hitCount": "", 
     "threatScore": "", 
     "localWhitelist": "", 
     "compromised": "", 
     "fileRepId": "", 
     "whitelist": "", 
     "name": "", 
     "timestampSubject": "", 
     "flagColor": "", 
     "avPositives": "", 
     "sha256": "", 
     "id": "", 
     "hasAvScan": "", 
     "signed": "", 
     "serialNumber": "", 
     "blacklist": "", 
     "suspicious": "", 
     "boxId": "", 
     "dynamicAnalysis": "", 
     "staticAnalysis": "", 
     "managed": "", 
     "subjectName": "", 
     "timestampIssuer": "", 
     "md5": "", 
     "path": "", 
     "issuerName": "", 
     "sha1": "", 
     "ssdeep": "", 
     "notMalicious": "", 
     "size": "", 
     "flagId": "", 
     "unknown": "", 
     "threatName": "", 
     "signatureType": "", 
     "synapse": "", 
     "malicious": "", 
     "threatWeight": "", 
     "avTotal": "", 
     "flagName": "", 
     "failed": "" 
  }
]

operation: Get Accounts

Input parameters

Note: All the input parameters are optional. However, if you do not specify any parameter, then no filter criterion is applied, and an unfiltered list is returned.

Parameter Description
Target ID ID of the target whose accounts details you want to retrieve from Infocyte.
Duration

Duration for which you want to retrieve account details from Infocyte.

You can choose from the following options: Last 7 days, Last 30 days, or Last 90 days.

Scan ID On Target ID of the scan on the target whose account information you want to retrieve from Infocyte.
Admin Select this option to collect admin privilege accounts.
By default, this option is unchecked.
User Select this option to collect user privilege accounts.
By default, this option is unchecked.
Guest Select this option to collect guest privilege accounts.
By default, this option is unchecked.
Sort Order Orders the search results retrieved from Infocyte.
You can choose either Ascending or Descending.
Sort By Sorts the search results retrieved from Infocyte based on the filter criterion you have specified.
You can choose from the following options: Name, Domain, Privileges, Hit Count, Logon Count, or Compromised.
Offset Offset, i.e., the index of the first item, based on which the details of accounts are retrieved from Infocyte.
By default, this is set to 0.
Pagination Limit Maximum number of account records to be retrieved from Infocyte by this operation.
Open Query A generalized query that you can enter in this field to get details of accounts from Infocyte.
For example, {"where" : {"id" : "0033240e-0612-40f0-8f5a-0bb891c53624"}}

Output

The output contains the following populated JSON schema:
[

  { 
     "boxId": "", 
     "flagWeight": "", 
     "domain": "", 
     "remediatedBy": "", 
     "hitCount": "", 
     "remediatedByUserId": "", 
     "flagName": "", 
     "name": "", 
     "logonCount": "", 
     "remediatedOn": "", 
     "flagId": "", 
     "uid": "", 
     "id": "", 
     "compromised": "", 
     "priv": "", 
     "accountId": "", 
     "flagColor": "", 
     "remediated": "" 
  }
]

operation: Get Modules

Input parameters

Note: All the input parameters are optional. However, if you do not specify any parameter, then no filter criterion is applied, and an unfiltered list is returned.

Parameter Description
Target ID ID of the target whose module basic information you want to retrieve from Infocyte.
Duration

Duration for which you want to retrieve basic module information details from Infocyte.

You can choose from the following options: Last 7 days, Last 30 days, or Last 90 days.

Scan ID On Target ID of the scan on the target whose basic module information you want to retrieve from Infocyte.
Verified Good Select this option to collect verified good modules.
By default, this option is unchecked.
Probably Good Select this option to collect probably good modules.
By default, this option is unchecked.
Probably Bad Select this option to collect probably bad modules.
By default, this option is unchecked.
Verified Bad Select this option to collect verified bad modules.
By default, this option is unchecked.
Good Select this option to collect good modules.
By default, this option is unchecked.
Low Risk Select this option to collect low risk modules.
By default, this option is unchecked.
Bad Select this option to collect bad modules.
By default, this option is unchecked.
Suspicious Select this option to collect suspicious modules.
By default, this option is unchecked.
Unknown Select this option to collect unknown modules.
By default, this option is unchecked.
Whitelist Select this option to collect whitelist modules.
By default, this option is unchecked.
Blacklist Select this option to collect blacklist modules.
By default, this option is unchecked.
Module Score

Score operator based on which you want to collect modules from Infocyte.

You can choose from the following options: Between, Equals, Greater than, Greater or Equal, Less Than, Less or Equal.

Score Value Value for the score (considering what you have chosen from the Score drop-down list) based on which you want to collect modules from Infocyte.
Count

Count operator based on which you want to collect modules from Infocyte.

You can choose from the following options: Between, Equals, Greater than, Greater or Equal, Less Than, Less or Equal.

Count Value Value for the count (considering what you have chosen from the Count drop-down list) based on which you want to collect modules from Infocyte.
Signed Select this option to collect signed modules.
By default, this option is unchecked.
Not Signed Select this option to collect not signed modules. By default, this option is unchecked.
Package Manager Select this option to collect package managed modules. By default, this option is unchecked.
No Package Manager Select this option to collect not package managed modules.
By default, this option is unchecked.
Antivirus Data Select this option to collect antivirus data for modules.
By default, this option is unchecked.
No Antivirus Data Select this option to collect no antivirus data for modules.
By default, this option is unchecked.
Static Analysis Select this option to collect static analysis data for modules.
By default, this option is unchecked.
No Static Analysis Select this option to collect no static analysis data for modules.
By default, this option is unchecked.
Sandbox Analysis Select this option to collect sandbox analysis data for modules.
By default, this option is unchecked.
No Sandbox Analysis Select this option to collect no sandbox analysis data for modules.
By default, this option is unchecked.
Exclude Failures Select this option to exclude failures for modules.
By default, this option is unchecked.
Sort Order Orders the search results retrieved from Infocyte.
You can choose either Ascending or Descending.
Sort By

Sorts the search results retrieved from Infocyte based on the filter criterion you have specified.

You can choose from the following options: Path, Hit Count, Threat Score, or Threat Weight.

Offset Offset, i.e., the index of the first item, based on which the basic information for modules are retrieved from Infocyte.
By default, this is set to 0.
Pagination Limit Maximum number of module records to be retrieved from Infocyte by this operation.
Open Query A generalized query that you can enter in this field to get details of modules from Infocyte.
For example, {"where" : {"id" : "1443b55832f5499cd5989bc69115674371d877f7"}}

Output

The output contains the following populated JSON schema:
[
  { 
     "flagWeight": "", 
     "localBlacklist": "", 
     "hitCount": "", 
     "threatScore": "", 
     "localWhitelist": "", 
     "flagColor": "", 
     "whitelist": "", 
     "name": "", 
     "path": "", 
     "id": "", 
     "hasAvScan": "", 
     "signed": "", 
     "blacklist": "", 
     "suspicious": "", 
     "boxId": "", 
     "dynamicAnalysis": "", 
     "staticAnalysis": "", 
     "managed": "", 
     "compromised": "", 
     "avPositives": "", 
     "notMalicious": "", 
     "size": "", 
     "flagId": "", 
     "fileRepId": "", 
     "unknown": "", 
     "threatName": "", 
     "synapse": "", 
     "malicious": "", 
     "threatWeight": "", 
     "avTotal": "", 
     "flagName": "", 
     "failed": "" 
  }
]

operation: Get Module Details

Input parameters

Note: All the input parameters are optional. However, if you do not specify any parameter, then no filter criterion is applied, and an unfiltered list is returned.

Parameter Description
Module ID ID of the module whose details you want to retrieve from Infocyte.
Offset Offset, i.e., the index of the first item, based on which the details for modules are retrieved from Infocyte.
By default, this is set to 0.
Pagination Limit Maximum number of module records to be retrieved from Infocyte by this operation.

Output

The output contains the following populated JSON schema:
[
  { 
     "flagWeight": "", 
     "localBlacklist": "", 
     "hitCount": "", 
     "threatScore": "", 
     "localWhitelist": "", 
     "compromised": "", 
     "fileRepId": "", 
     "whitelist": "", 
     "name": "", 
     "timestampSubject": "", 
     "flagColor": "", 
     "avPositives": "", 
     "sha256": "", 
     "id": "", 
     "hasAvScan": "", 
     "signed": "", 
     "serialNumber": "", 
     "blacklist": "", 
     "suspicious": "", 
     "boxId": "", 
     "dynamicAnalysis": "", 
     "staticAnalysis": "", 
     "managed": "", 
     "subjectName": "", 
     "timestampIssuer": "", 
     "md5": "", 
     "path": "", 
     "issuerName": "", 
     "sha1": "", 
     "ssdeep": "", 
     "notMalicious": "", 
     "size": "", 
     "flagId": "", 
     "unknown": "", 
     "threatName": "", 
     "signatureType": "", 
     "synapse": "", 
     "malicious": "", 
     "threatWeight": "", 
     "avTotal": "", 
     "flagName": "", 
     "failed": "" 
  }
]

operation: Get Drivers

Input parameters

Note: All the input parameters are optional. However, if you do not specify any parameter, then no filter criterion is applied, and an unfiltered list is returned.

Parameter Description
Target ID ID of the target whose driver basic information you want to retrieve from Infocyte.
Duration

Duration for which you want to retrieve driver basic information from Infocyte.

You can choose from the following options: Last 7 days, Last 30 days, or Last 90 days.

Scan ID On Target ID of the scan on the target whose driver basic information you want to retrieve from Infocyte.
Verified Good Select this option to collect verified good drivers.
By default, this option is unchecked.
Probably Good Select this option to collect probably good drivers.
By default, this option is unchecked.
Probably Bad Select this option to collect probably bad drivers.
By default, this option is unchecked.
Verified Bad Select this option to collect verified bad drivers.
By default, this option is unchecked.
Good Select this option to collect good drivers.
By default, this option is unchecked.
Low Risk Select this option to collect low risk drivers.
By default, this option is unchecked.
Bad Select this option to collect bad drivers.
By default, this option is unchecked.
Suspicious Select this option to collect suspicious drivers.
By default, this option is unchecked.
Unknown Select this option to collect unknown drivers.
By default, this option is unchecked.
Whitelist Select this option to collect whitelist drivers.
By default, this option is unchecked.
Blacklist Select this option to collect blacklist drivers.
By default, this option is unchecked.
Driver Score

Score operator based on which you want to collect divers from Infocyte.

You can choose from the following options: Between, Equals, Greater than, Greater or Equal, Less Than, Less or Equal.

Score Value Value for the score (considering what you have chosen from the Score drop-down list) based on which you want to collect drivers from Infocyte.
Count

Count operator based on which you want to collect drivers from Infocyte.

You can choose from the following options: Between, Equals, Greater than, Greater or Equal, Less Than, Less or Equal.

Count Value Value for the count (considering what you have chosen from the Count drop-down list) based on which you want to collect drivers from Infocyte.
Signed Select this option to collect signed drivers.
By default, this option is unchecked.
Not Signed Select this option to collect not signed drivers.
By default, this option is unchecked.
Package Manager Select this option to collect package managed drivers.
By default, this option is unchecked.
No Package Manager Select this option to collect not package managed drivers.
By default, this option is unchecked.
Antivirus Data Select this option to collect antivirus data for drivers.
By default, this option is unchecked.
No Antivirus Data Select this option to collect no antivirus data for drivers.
By default, this option is unchecked.
Static Analysis Select this option to collect static analysis data for drivers.
By default, this option is unchecked.
No Static Analysis Select this option to collect no static analysis data for drivers.
By default, this option is unchecked.
Sandbox Analysis Select this option to collect sandbox analysis data for drivers.
By default, this option is unchecked.
No Sandbox Analysis Select this option to collect no sandbox analysis data for drivers.
By default, this option is unchecked.
Exclude Failures Select this option to exclude failures for drivers.
By default, this option is unchecked.
Sort Order Orders the search results retrieved from Infocyte.
You can choose either Ascending or Descending.
Sort By

Sorts the search results retrieved from Infocyte based on the filter criterion you have specified.

You can choose from the following options: Path, Hit Count, Threat Score, or Threat Weight.

Offset Offset, i.e., the index of the first item, based on which the basic information for drivers are retrieved from Infocyte.
By default, this is set to 0.
Pagination Limit Maximum number of driver records to be retrieved from Infocyte by this operation.
Open Query A generalized query that you can enter in this field to get details of drivers from Infocyte.
For example, {"where" : {"id" : "019b92c309e1e700e94e6d9bf7710d6f868db650"}}

Output

The output contains the following populated JSON schema:
[
  { 
     "flagWeight": "", 
     "localBlacklist": "", 
     "hitCount": "", 
     "threatScore": "", 
     "localWhitelist": "", 
     "flagColor": "", 
     "whitelist": "", 
     "name": "", 
     "path": "", 
     "id": "", 
     "hasAvScan": "", 
     "signed": "", 
     "blacklist": "", 
     "suspicious": "", 
     "boxId": "", 
     "dynamicAnalysis": "", 
     "staticAnalysis": "", 
     "managed": "", 
     "compromised": "", 
     "avPositives": "", 
     "notMalicious": "", 
     "size": "", 
     "flagId": "", 
     "fileRepId": "", 
     "unknown": "", 
     "threatName": "", 
     "synapse": "", 
     "malicious": "", 
     "threatWeight": "", 
     "avTotal": "", 
     "flagName": "", 
     "failed": "" 
  }
]

operation: Get Driver Details

Input parameters

Parameter Description
Driver ID ID of the driver whose details you want to retrieve from Infocyte.
Offset Offset, i.e., the index of the first item, based on which the details for drivers are retrieved from Infocyte.
By default, this is set to 0.
Pagination Limit Maximum number of driver records to be retrieved from Infocyte by this operation.

Output

The output contains the following populated JSON schema:
[
  { 
     "flagWeight": "", 
     "localBlacklist": "", 
     "hitCount": "", 
     "threatScore": "", 
     "localWhitelist": "", 
     "compromised": "", 
     "fileRepId": "", 
     "whitelist": "", 
     "name": "", 
     "timestampSubject": "", 
     "flagColor": "", 
     "avPositives": "", 
     "sha256": "", 
     "id": "", 
     "hasAvScan": "", 
     "signed": "", 
     "serialNumber": "", 
     "blacklist": "", 
     "suspicious": "", 
     "boxId": "", 
     "dynamicAnalysis": "", 
     "staticAnalysis": "", 
     "managed": "", 
     "subjectName": "", 
     "timestampIssuer": "", 
     "md5": "", 
     "path": "", 
     "issuerName": "", 
     "sha1": "", 
     "ssdeep": "", 
     "notMalicious": "", 
     "size": "", 
     "flagId": "", 
     "unknown": "", 
     "threatName": "", 
     "signatureType": "", 
     "synapse": "", 
     "malicious": "", 
     "threatWeight": "", 
     "avTotal": "", 
     "flagName": "", 
     "failed": "" 
  }
]

operation: Get Artifacts

Input parameters

Note: All the input parameters are optional. However, if you do not specify any parameter, then no filter criterion is applied, and an unfiltered list is returned.

Parameter Description
Target ID ID of the target whose basic artifact information you want to retrieve from Infocyte.
Duration

Duration for which you want to retrieve basic artifact information from Infocyte.

You can choose from the following options: Last 7 days, Last 30 days, or Last 90 days.

Scan ID On Target ID of the scan on the target whose basic artifact information you want to retrieve from Infocyte.
Verified Good Select this option to collect verified good artifacts.
By default, this option is unchecked.
Probably Good Select this option to collect probably good artifacts.
By default, this option is unchecked.
Probably Bad Select this option to collect probably bad artifacts.
By default, this option is unchecked.
Verified Bad Select this option to collect verified bad artifacts.
By default, this option is unchecked.
Good Select this option to collect good artifacts.
By default, this option is unchecked.
Low Risk Select this option to collect low risk artifacts.
By default, this option is unchecked.
Bad Select this option to collect bad artifacts.
By default, this option is unchecked.
Suspicious Select this option to collect suspicious artifacts.
By default, this option is unchecked.
Unknown Select this option to collect unknown artifacts.
By default, this option is unchecked.
Whitelist Select this option to collect whitelist artifacts.
By default, this option is unchecked.
Blacklist Select this option to collect blacklist artifacts.
By default, this option is unchecked.
Artifact Score

Score operator based on which you want to collect artifacts from Infocyte.

You can choose from the following options: Between, Equals, Greater than, Greater or Equal, Less Than, Less or Equal.

Score Value

Value for the score (considering what you have chosen from the Score drop-down list) based on which you want to collect artifacts from Infocyte.

Count

Count operator based on which you want to collect artifacts from Infocyte.

You can choose from the following options: Between, Equals, Greater than, Greater or Equal, Less Than, Less or Equal.

Count Value Value for the count (considering what you have chosen from the Count drop-down list) based on which you want to collect artifacts from Infocyte.
Signed Select this option to collect signed artifacts.
By default, this option is unchecked.
Not Signed Select this option to collect not signed artifacts.
By default, this option is unchecked.
Package Manager Select this option to collect package managed artifacts.
By default, this option is unchecked.
No Package Manager Select this option to collect not package managed artifacts.
By default, this option is unchecked.
Antivirus Data Select this option to collect antivirus data for artifacts.
By default, this option is unchecked.
No Antivirus Data Select this option to collect no antivirus data for artifacts.
By default, this option is unchecked.
Static Analysis Select this option to collect static analysis data for artifacts.
By default, this option is unchecked.
No Static Analysis Select this option to collect no static analysis data for artifacts.
By default, this option is unchecked.
Sandbox Analysis Select this option to collect sandbox analysis data for artifacts.
By default, this option is unchecked.
No Sandbox Analysis Select this option to collect no sandbox analysis data for artifacts.
By default, this option is unchecked.
Exclude Failures Select this option to exclude failures for artifacts.
By default, this option is unchecked.
Sort Order Orders the search results retrieved from Infocyte.
You can choose either Ascending or Descending.
Sort By

Sorts the search results retrieved from Infocyte based on the filter criterion you have specified.

You can choose from the following options: Path, Hit Count, Threat Score, or Threat Weight.

Offset Offset, i.e., the index of the first item, based on which the basic information of the artifacts are retrieved from Infocyte.
By default, this is set to 0.
Pagination Limit Maximum number of artifact records to be retrieved from Infocyte by this operation.
Open Query A generalized query that you can enter in this field to get details of artifacts from Infocyte.
For example, {"where" : {"id" : "000c5fa0548fe249b5e1f37d496ea6078aaf6301"}}

Output

The output contains the following populated JSON schema:
[
  { 
     "flagWeight": "", 
     "localBlacklist": "", 
     "hitCount": "", 
     "threatScore": "", 
     "localWhitelist": "", 
     "flagColor": "", 
     "whitelist": "", 
     "name": "", 
     "path": "", 
     "id": "", 
     "hasAvScan": "", 
     "signed": "", 
     "blacklist": "", 
     "suspicious": "", 
     "boxId": "", 
     "dynamicAnalysis": "", 
     "staticAnalysis": "", 
     "managed": "", 
     "compromised": "", 
     "avPositives": "", 
     "notMalicious": "", 
     "size": "", 
     "flagId": "", 
     "fileRepId": "", 
     "unknown": "", 
     "threatName": "", 
     "synapse": "", 
     "malicious": "", 
     "threatWeight": "", 
     "avTotal": "", 
     "flagName": "", 
     "failed": "" 
  }
]

operation: Get Artifact Details

Input parameters

Parameter Description
Artifact ID ID of the artifact whose details you want to retrieve from Infocyte.
Offset Offset, i.e., the index of the first item, based on which the details of the artifacts are retrieved from Infocyte.
By default, this is set to 0.
Pagination Limit Maximum number of artifact records to be retrieved from Infocyte by this operation.

Output

The output contains the following populated JSON schema:
[
  { 
     "flagWeight": "", 
     "localBlacklist": "", 
     "hitCount": "", 
     "threatScore": "", 
     "localWhitelist": "", 
     "compromised": "", 
     "fileRepId": "", 
     "whitelist": "", 
     "name": "", 
     "timestampSubject": "", 
     "flagColor": "", 
     "avPositives": "", 
     "sha256": "", 
     "id": "", 
     "hasAvScan": "", 
     "signed": "", 
     "serialNumber": "", 
     "blacklist": "", 
     "suspicious": "", 
     "boxId": "", 
     "dynamicAnalysis": "", 
     "staticAnalysis": "", 
     "managed": "", 
     "subjectName": "", 
     "timestampIssuer": "", 
     "md5": "", 
     "path": "", 
     "issuerName": "", 
     "sha1": "", 
     "ssdeep": "", 
     "notMalicious": "", 
     "size": "", 
     "flagId": "", 
     "unknown": "", 
     "threatName": "", 
     "signatureType": "", 
     "synapse": "", 
     "malicious": "", 
     "threatWeight": "", 
     "avTotal": "", 
     "flagName": "", 
     "failed": "" 
  }
]

Included playbooks

The Sample - Infocyte - 1.0.0 playbook collection comes bundled with the Infocyte connector. These playbooks contain steps using which you can perform all supported actions. You can see bundled playbooks in the Automation > Playbooks section in FortiSOAR™ after importing the Infocyte connector.

Note: If you are planning to use any of the sample playbooks in your environment, ensure that you clone those playbooks and move them to a different collection since the sample playbook collection gets deleted during connector upgrade and delete.