Console
    Contact Us Start free

    Cynet

    Integration version: 9.0

    Configure Cynet integration in Google Security Operations

    For detailed instructions on how to configure an integration in Google SecOps, see Configure integrations .

    Actions

    Delete Hash in Host

    Description

    Delete the file remediation action.

    Parameters

    N/A

    Use cases

    N/A

    Run On

    This action runs on the Filehash entity.

    Action Results

    Entity Enrichment
    Enrichment Field Name Logic - When to apply
    13590 Returns if it exists in JSON result
    Insights

    N/A

    Script Result
    Script Result Name Value Options Example
    is_success
    		 True/False is_success:False
    JSON Result
      [{ 
  
 "EntityResult" 
 : 
  
 13590 
 , 
  
 "Entity" 
 : 
  
 "0DC213FE4551740E12CAC575A9880753A9DACD510533F31BD7F635E743A7605" 
 }]

    Hash Query

    Description

    Retrieve all the information about a specific file.

    Parameters

    N/A

    Use cases

    N/A

    Run On

    This action runs on the Filehash entity.

    Action Results

    Entity Enrichment
    Enrichment Field Name Logic-When to apply
    meta_copyright Returns if it exists in JSON result
    common_filename Returns if it exists in JSON result
    occurrences Returns if it exists in JSON result
    meta_product_name_and_version Returns if it exists in JSON result
    first_seen Returns if it exists in JSON result
    is_whitelisted Returns if it exists in JSON result
    imports_winsock Returns if it exists in JSON result
    meta_description Returns if it exists in JSON result
    meta_companyName Returns if it exists in JSON result
    risk_level Returns if it exists in JSON result
    has_autorun_occurrences Returns if it exists in JSON result
    meta_original_filename Returns if it exists in JSON result
    sha256 Returns if it exists in JSON result
    has_program_files_folder_occurrences Returns if it exists in JSON result
    common_path Returns if it exists in JSON result
    certificate_thumbprint Returns if it exists in JSON result
    certificate_name Returns if it exists in JSON result
    certificate_root_name Returns if it exists in JSON result
    alert_severity_level Returns if it exists in JSON result
    ssdeep Returns if it exists in JSON result
    md5 Returns if it exists in JSON result
    sha1 Returns if it exists in JSON result
    has_hidden_window_occurrences Returns if it exists in JSON result
    alert_product_name Returns if it exists in JSON result
    imports_wininet Returns if it exists in JSON result
    domains Returns if it exists in JSON result
    last_seen Returns if it exists in JSON result
    imports_ntdll Returns if it exists in JSON result
    av_detections Returns if it exists in JSON result
    Insights

    N/A

    Script Result
    Script Result Name Value Options Example
    is_success
    		 True/False is_success:False
    JSON Result
      { 
  
 "meta_copyright" 
 : 
  
 "Copyright (C) 2000" 
 , 
  
 "common_filename" 
 : 
  
 "ipscan.exe" 
 , 
  
 "has_sockets" 
 : 
  
 "false" 
 , 
  
 "occurrences" 
 : 
  
 [{ 
  
 "file_type" 
 : 
  
 "PROCESS" 
 , 
  
 "creation_time" 
 : 
  
 "2017-12-15T14:34:41Z" 
 , 
  
 "owner_user" 
 : 
  
 "builtin\\\\administrators" 
 , 
  
 "last_run_time" 
 : 
  
 "2017-12-15T14:34:41Z" 
 , 
  
 "hostname" 
 : 
  
 "host1" 
 , 
  
 "commandline_parameters" 
 : 
  
 "C:\\\\DocumenteD\\\\___soft\\\\IP_Tools\\\\IPscan\\\\ipscan.exe" 
 , 
  
 "filename" 
 : 
  
 "ipscan.exe" 
 , 
  
 "parent_path" 
 : 
  
 "c:\\\\windows\\\\explorer.exe" 
 , 
  
 "sha256" 
 : 
  
 "40DC213FE4551740E12CAC575A9880753A9DACD510533F31BD7F635E743A7605" 
 , 
  
 "running_user" 
 : 
  
 "cabuk\\\\r610739" 
 , 
  
 "full_path" 
 : 
 "c:\\\\documented\\\\___soft\\\\ip_tools\\\\ipscan\\\\ipscan.exe" 
  
 }], 
  
 "meta_product_name_and_version" 
 : 
  
 " 0.0.0.0" 
 , 
  
 "first_seen" 
 : 
  
 "2016-12-27T15:07:53Z" 
 , 
  
 "is_whitelisted" 
 : 
  
 "false" 
 , 
  
 "imports_winsock" 
 : 
  
 "false" 
 , 
  
 "meta_description" 
 : 
  
 "Angry IP scanner" 
 , 
  
 "meta_companyName" 
 : 
  
 "Angryziber Software" 
 , 
  
 "risk_level" 
 : 
  
 1000 
 , 
  
 "has_autorun_occurrences" 
 : 
  
 "false" 
 , 
  
 "meta_original_filename" 
 : 
  
 "ipscan.exe" 
 , 
  
 "sha256" 
 : 
  
 "40DC213FE4551740E12CAC575A9880753A9DACD510533F31BD7F635E743A7605" 
 , 
  
 "has_program_files_folder_occurrences" 
 : 
  
 "false" 
 , 
  
 "common_path" 
 : 
  
 "c:\\\\documented\\\\___soft\\\\ip_tools\\\\ipscan\\\\ipscan.exe" 
 , 
  
 "certificate_thumbprint" 
 : 
  
 "0000000000000000000000000000000000000000" 
 , 
  
 "certificate_name" 
 : 
  
 "" 
 , 
  
 "certificate_root_name" 
 : 
  
 "" 
 , 
  
 "alert_severity_level" 
 : 
  
 "Critical" 
 , 
  
 "ssdeep" 
 : 
  
 "" 
 , 
  
 "md5" 
 : 
  
 "6C1BCF0B1297689C8C4C12CC70996A75" 
 , 
  
 "sha1" 
 : 
  
 "" 
 , 
  
 "has_hidden_window_occurrences" 
 : 
  
 "true" 
 , 
  
 "alert_product_name" 
 : 
  
 "Angry IP Scanner - Cynet.Scanner.Angry IP Scanner" 
 , 
  
 "imports_wininet" 
 : 
  
 "false" 
 , 
  
 "domains" 
 : 
  
 [], 
  
 "last_seen" 
 : 
  
 "2018-02-28T11:26:32Z" 
 , 
  
 "imports_ntdll" 
 : 
  
 "false" 
 , 
  
 "av_detections" 
 : 
  
 22 
 }

    Kill Hash in Host

    Description

    Kill the process file remediation action.

    Parameters

    N/A

    Use cases

    N/A

    Run On

    This action runs on the Filehash entity.

    Action Results

    Entity Enrichment

    N/A

    Insights

    N/A

    Script Result
    Script Result Name Value Options Example
    is_success
    		 True/False is_success:False
    JSON Result
      [ 
  
 { 
  
 "EntityResult" 
 : 
  
 13590 
 , 
  
 "Entity" 
 : 
  
 "0DC213FE4551740E12CAC575A9880753A9DACD510533F31BD7F635E743A7605" 
  
 } 
 ]

    Ping

    Description

    Test Connectivity.

    Parameters

    N/A

    Use cases

    N/A

    Run On

    This action runs on all entities.

    Action Results

    Entity Enrichment

    N/A

    Insights

    N/A

    Script Result
    Script Result Name Value Options Example
    is_success
    		 True/False is_success:False
    JSON Result
      N/A

    Quarantine Hash in Host

    Description

    Action to remediate the quarantined file.

    Parameters

    N/A

    Use cases

    N/A

    Run On

    This action runs on the Filehash entity.

    Action Results

    Entity Enrichment

    N/A

    Insights

    N/A

    Script Result
    Script Result Name Value Options Example
    is_success
    		 True/False is_success:False
    JSON Result
      [ 
  
 { 
  
 "EntityResult" 
 : 
  
 13590 
 , 
  
 "Entity" 
 : 
  
 "0DC213FE4551740E12CAC575A9880753A9DACD510533F31BD7F635E743A7605" 
  
 } 
 ]

    Remediation Status

    Description

    Get the remediation status based on the remediation ID.

    Parameters

    Parameter Type Default Value Description
    Remediation ID
    		 String N/A e.g. 312.

    Use cases

    N/A

    Run On

    This action runs on all entities.

    Action Results

    Entity Enrichment

    N/A

    Insights

    N/A

    Script Result
    Script Result Name Value Options Example
    is_success
    		 True/False is_success:False
    JSON Result
      { 
  
 "status" 
 : 
  
 24 
 , 
  
 "statusInfo" 
 : 
  
 "File does not exist" 
 , 
  
 "id" 
 : 
  
 13592 
 }

    Need more help? Get answers from Community members and Google SecOps professionals.

    Design a Mobile Site
    View Site in Mobile | Classic
    Share by: