Cyren SentinelOne IOC Automation

Solution: Cyren-SentinelOne-ThreatIntelligence

Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊

↑ Back to Solutions Index

---

Attribute	Value
Publisher	Data443 Risk Mitigation, Inc.
Support Tier	Partner
Support Link	https://www.data443.com
Categories	domains
Version	3.0.1
Author	Data443 Risk Mitigation, Inc. - support@data443.com
First Published	2026-02-17
Last Updated	2026-04-08
Solution Folder	Cyren-SentinelOne-ThreatIntelligence
Marketplace	Azure Marketplace · Popularity: ⚪ Very Low (0%)

The Cyren SentinelOne Threat Intelligence solution polls the Cyren CCF (IP reputation, malware URLs) threat intelligence feed and pushes indicators of compromise (IOCs) to SentinelOne's Threat Intelligence API for automated detection and response.

Data Connectors

This solution does not include data connectors.

This solution may contain other components such as analytics rules, workbooks, hunting queries, or playbooks.

Content Items

This solution includes 1 content item(s):

Content Type	Count
Playbooks	1

Playbooks

Name	Description	Tables Used
Cyren to SentinelOne IOC Automation	This playbook fetches IP reputation and/or malware URL threat intelligence indicators from the Cyren...	-

Release Notes

Version	Date Modified (DD-MM-YYYY)	Change History
3.0.1	06-04-2026	Fix ARM deployment failure from Content Hub — inner Logic App template was evaluating workspaceResourceId incorrectly at deployment scope, causing InvalidTemplate error at position 61. Fixed by referencing variables('workspace-name') (which equals parameters('workspace')) consistent with the outer ARM evaluation scope.
3.0.0	20-03-2026	Initial release — Cyren CCF feed polling with NDJSON parsing, SentinelOne IOC push via Threat Intelligence API, PersistentToken pagination, 6-hour recurrence, cost safety parameters enforced.

---

Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊

↑ Back to Solutions Index