Data Source
Comprehensive threat intelligence platform ingesting alerts from 40+ specialized Cyble Vision services including:
- Dark web monitoring: Ransomware groups, data breaches, marketplaces, stolen credentials
- Application security: GitHub, Docker, mobile apps, web applications, Postman API exposure
- Infrastructure threats: Domain expiry, SSL expiry, subdomain monitoring, suspicious domains
- Social media intelligence: Telegram mentions, Discord activity, social media monitoring
- Vulnerability management: Product vulnerabilities, CVE advisories, IoCs, malicious ads
Ingestion Mechanism
- CCF-based connector with comprehensive DCR configuration for CybleVisionAlerts_CL custom table
- API token-based authentication with Cyble Vision platform
- Structured alert ingestion with service-specific field mapping and normalization
- Automated alert status update playbook for bidirectional integration
Detection Surface Unlocked
Provides unprecedented breadth of threat intelligence coverage:
- 40+ specialized detection rules: Each service has dedicated analytic rules for alert classification
- Comprehensive parser framework: Service-specific parsers for optimal field extraction and normalization
- MITRE ATT&CK coverage: Extensive technique mapping including T1592 (Gather Victim Host Information), credential access, and reconnaissance tactics
- Automated incident response: Playbook integration for alert status updates and workflow automation
Affected Files
Solutions/Cyble Vision/Analytic Rules/ (40+ detection rules) Solutions/Cyble Vision/Parser/ (40+ specialized parsers) Solutions/Cyble Vision/Data Connectors/CybleVisionAlerts_CCF/ (CCF connector configuration) Solutions/Cyble Vision/Playbooks/CybleVisionAlert_Status_Update/ (automation playbook) Solutions/Cyble Vision/Workbooks/CybleVisionAlertsWorkbook.json (packaging artefacts: mainTemplate.json, createUiDefinition.json, 3.0.2.zip)