Cyble Threat Intel

Solution: Cyble Vision

Cyble Vision Logo

Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊

Attribute	Value
Publisher	Cyble Support
Support Tier	Partner
Support Link	https://cyble.com/talk-to-sales/
Categories	domains
Version	3.0.1
Author	Cyble Inc
First Published	2025-05-05
Last Updated	2026-01-16
Solution Folder	Cyble Vision
Marketplace	Azure Marketplace · Popularity: 🟡 Low (13%)

This Solution provides Playbooks for Cyble Vision Threat Intelligence ingestion and IOC enrichment, integrating Cyble APIs.

This Solution also includes a CCF Conenctor which enables Alerts ingestion from Cyble Platform to Microsoft Sentinel Workspace.

Data Connectors
Tables Used
Content Items

Data Connectors

This solution provides 1 data connector(s):

Cyble Vision Alerts

Tables Used

This solution uses 1 table(s):

Table	Used By Connectors	Used By Content
`CybleVisionAlerts_CL`	Cyble Vision Alerts	Analytics, Workbooks

Content Items

This solution includes 93 content item(s) (92 in solution, 1 discovered 🔍):

Content Type	Total	In Solution	Discovered
Parsers	45	45	-
Analytic Rules	44	43	1
Playbooks	3	3	-
Workbooks	1	1	-

Analytic Rules

Name	Severity	Tactics	Tables Used
Cyble Advisory Alerts Advisory ⚠️	Low	Reconnaissance, ResourceDevelopment	`CybleVisionAlerts_CL`
Cyble Vision Alerts Assets	Low	Reconnaissance	`CybleVisionAlerts_CL`
Cyble Vision Alerts Bitbucket	Low	CredentialAccess, Exfiltration, Discovery	`CybleVisionAlerts_CL`
Cyble Vision Alerts Cloud Storage	Low	Exfiltration, Discovery	`CybleVisionAlerts_CL`
Cyble Vision Alerts Compromised Endpoint Cookies	Low	CredentialAccess, DefenseEvasion	`CybleVisionAlerts_CL`
Cyble Vision Alerts Compromised Files	Low	CredentialAccess, Exfiltration	`CybleVisionAlerts_CL`
Cyble Vision Alerts Cyble Web Applications	Low	Reconnaissance	`CybleVisionAlerts_CL`
Cyble Vision Alerts Darkweb Data Breaches	Low	Reconnaissance, InitialAccess, Exfiltration, Collection	`CybleVisionAlerts_CL`
Cyble Vision Alerts Darkweb Ransomware Leak	Low	Impact, Exfiltration, Reconnaissance	`CybleVisionAlerts_CL`
Cyble Vision Alerts Discord Keyword	Low	Reconnaissance, InitialAccess	`CybleVisionAlerts_CL`
Cyble Vision Alerts Discovered Subdomain	Low	Reconnaissance	`CybleVisionAlerts_CL`
Cyble Vision Alerts Docker	Low	Exfiltration, Execution, Discovery	`CybleVisionAlerts_CL`
Cyble Vision Alerts Domain Expiry Alert	Low	Impact	`CybleVisionAlerts_CL`
Cyble Vision Alerts Domain Watchlist	Low	ResourceDevelopment	`CybleVisionAlerts_CL`
Cyble Vision Alerts Flash Report	Low	Reconnaissance	`CybleVisionAlerts_CL`
Cyble Vision Alerts Github	Low	Collection, CredentialAccess	`CybleVisionAlerts_CL`
Cyble Vision Alerts Hacktivism	Low	Reconnaissance, Impact, ResourceDevelopment	`CybleVisionAlerts_CL`
Cyble Vision Alerts I2P Monitoring	Low	ResourceDevelopment	`CybleVisionAlerts_CL`
Cyble Vision Alerts IOC'S	Low	Reconnaissance, InitialAccess, Discovery, CommandAndControl, Impact	`CybleVisionAlerts_CL`
Cyble Vision Alerts IP Risk Score	Low	Reconnaissance	`CybleVisionAlerts_CL`
Cyble Vision Alerts Leaked Credentials	Low	CredentialAccess, Discovery, Reconnaissance	`CybleVisionAlerts_CL`
Cyble Vision Alerts Malicious Ads Detected	Low	InitialAccess, Execution	`CybleVisionAlerts_CL`
Cyble Vision Alerts New Vulnerability Detected	Low	InitialAccess	`CybleVisionAlerts_CL`
Cyble Vision Alerts News Feed Alert	Low	Reconnaissance	`CybleVisionAlerts_CL`
Cyble Vision Alerts OSINT Mention Detected	Low	Reconnaissance, ResourceDevelopment	`CybleVisionAlerts_CL`
Cyble Vision Alerts OT/ICS Threat Activity Detected	Low	Discovery, Collection	`CybleVisionAlerts_CL`
Cyble Vision Alerts Pastebin	Low	Reconnaissance	`CybleVisionAlerts_CL`
Cyble Vision Alerts Phishing Domain Detected	Low	Reconnaissance	`CybleVisionAlerts_CL`
Cyble Vision Alerts Physical Threat Alert	Low	Impact	`CybleVisionAlerts_CL`
Cyble Vision Alerts Postman API Exposure Detection	Low	Reconnaissance, CredentialAccess, Exfiltration	`CybleVisionAlerts_CL`
Cyble Vision Alerts Product Vulnerability Detected	Low	InitialAccess, ResourceDevelopment	`CybleVisionAlerts_CL`
Cyble Vision Alerts SSL Certificate Expiry	Low	InitialAccess, Impact	`CybleVisionAlerts_CL`
Cyble Vision Alerts Social Media Monitoring	Low	Reconnaissance, ResourceDevelopment	`CybleVisionAlerts_CL`
Cyble Vision Alerts Suspicious Domain	Low	Reconnaissance	`CybleVisionAlerts_CL`
Cyble Vision Alerts TOR Links	Low	ResourceDevelopment, Reconnaissance	`CybleVisionAlerts_CL`
Cyble Vision Alerts Vulnerability	Low	Reconnaissance, Execution, Discovery	`CybleVisionAlerts_CL`
Cyble Vision Alerts Website Defacement Content	Low	Impact	`CybleVisionAlerts_CL`
Cyble Vision Alerts Website Defacement Keyword	Low	Impact, Reconnaissance	`CybleVisionAlerts_CL`
Cyble Vision Alerts Website Defacement URL	Low	Impact	`CybleVisionAlerts_CL`
CybleVision Alerts Cyber Crime Forum Alerts	Low	Reconnaissance, ResourceDevelopment, Exfiltration	`CybleVisionAlerts_CL`
CybleVision Alerts Darkweb Marketplace Alerts	Low	CredentialAccess, Collection, Exfiltration, Reconnaissance	`CybleVisionAlerts_CL`
CybleVision Alerts Mobile Apps	Low	Reconnaissance, ResourceDevelopment, InitialAccess	`CybleVisionAlerts_CL`
CybleVision Alerts Stealer Logs	Low	CredentialAccess, Collection, Exfiltration, Reconnaissance, InitialAccess	`CybleVisionAlerts_CL`
CybleVision Alerts Telegram Mentions	Low	Reconnaissance, ResourceDevelopment, InitialAccess, CommandAndControl	`CybleVisionAlerts_CL`

Workbooks

Name	Tables Used
CybleVisionAlertsWorkbook	`CybleVisionAlerts_CL`

Playbooks

Name	Description	Tables Used
Cyble-IOC_Enrichment-Playbook	This playbook leverages the Cyble API to enrich IP, Domain, Url & Hash indicators, found in Microsof...	-
Cyble-ThreatIntelligence-Ingest-Playbook	This playbook imports IoC lists from Cyble and stores them as Threat Intelligence Indicators in Micr...	-
CybleVisionAlert_Status_Update	This Logic App updates Cyble alert status and severity based on Microsoft Sentinel incident changes....	-

Parsers

Name	Description	Tables Used
Alerts_advisory	-	`CybleVisionAlerts_CL` (read)
Alerts_assets	-	`CybleVisionAlerts_CL` (read)
Alerts_bit_bucket	-	`CybleVisionAlerts_CL` (read)
Alerts_cloud_storage	-	`CybleVisionAlerts_CL` (read)
Alerts_compromised_endpoints_cookies	-	`CybleVisionAlerts_CL` (read)
Alerts_compromised_files	-	`CybleVisionAlerts_CL` (read)
Alerts_cyber_crime_forums	-	`CybleVisionAlerts_CL` (read)
Alerts_darkweb_data_breaches	-	`CybleVisionAlerts_CL` (read)
Alerts_darkweb_marketplaces	-	`CybleVisionAlerts_CL` (read)
Alerts_darkweb_ransomware	-	`CybleVisionAlerts_CL` (read)
Alerts_defacement_content	-	`CybleVisionAlerts_CL` (read)
Alerts_defacement_keyword	-	`CybleVisionAlerts_CL` (read)
Alerts_defacement_url	-	`CybleVisionAlerts_CL` (read)
Alerts_discord	-	`CybleVisionAlerts_CL` (read)
Alerts_docker	-	`CybleVisionAlerts_CL` (read)
Alerts_domain_expiry	-	`CybleVisionAlerts_CL` (read)
Alerts_domain_watchlist	-	`CybleVisionAlerts_CL` (read)
Alerts_flash_report	-	`CybleVisionAlerts_CL` (read)
Alerts_github	-	`CybleVisionAlerts_CL` (read)
Alerts_hacktivism	-	`CybleVisionAlerts_CL` (read)
Alerts_i2p	-	`CybleVisionAlerts_CL` (read)
Alerts_iocs	-	`CybleVisionAlerts_CL` (read)
Alerts_ip_risk_score	-	`CybleVisionAlerts_CL` (read)
Alerts_leaked_credentials	-	`CybleVisionAlerts_CL` (read)
Alerts_malicious_ads	-	`CybleVisionAlerts_CL` (read)
Alerts_mobile_apps	-	`CybleVisionAlerts_CL` (read)
Alerts_new_vulnerability	-	`CybleVisionAlerts_CL` (read)
Alerts_news_feed	-	`CybleVisionAlerts_CL` (read)
Alerts_osint	-	`CybleVisionAlerts_CL` (read)
Alerts_ot_ics	-	`CybleVisionAlerts_CL` (read)
Alerts_pastebin	-	`CybleVisionAlerts_CL` (read)
Alerts_phishing	-	`CybleVisionAlerts_CL` (read)
Alerts_physical_threats	-	`CybleVisionAlerts_CL` (read)
Alerts_postman	-	`CybleVisionAlerts_CL` (read)
Alerts_product_vulnerability	-	`CybleVisionAlerts_CL` (read)
Alerts_ransomware_updates	-	`CybleVisionAlerts_CL` (read)
Alerts_social_media_monitoring	-	`CybleVisionAlerts_CL` (read)
Alerts_ssl_expiry	-	`CybleVisionAlerts_CL` (read)
Alerts_stealer_logs	-	`CybleVisionAlerts_CL` (read)
Alerts_subdomains	-	`CybleVisionAlerts_CL` (read)
Alerts_suspicious_domains	-	`CybleVisionAlerts_CL` (read)
Alerts_telegram_mentions	-	`CybleVisionAlerts_CL` (read)
Alerts_tor_links	-	`CybleVisionAlerts_CL` (read)
Alerts_vulnerability	-	`CybleVisionAlerts_CL` (read)
Alerts_web_applications	-	`CybleVisionAlerts_CL` (read)

⚠️ Items marked with ⚠️ are not listed in the Solution JSON file. They were discovered by scanning the solution folder and may be legacy items, under development, or excluded from the official solution package.

Release Notes

Version	Date Modified (DD-MM-YYYY)	Change History
3.0.3	12-01-2026	Updated API endpoint for CCF Data Connector. Minor descriptive changes to Analytic Rule and Playbook.Updated Playbook API Body.
3.0.2	14-12-2025	Added new CCF data connector. Added new Parsers to Parse data message of each service. Added Analytic Rules to generate incidents based on Services.
3.0.1	10-06-2025	Cyble-ThreatIntelligence-Ingest Playbook, including fixes for de-duplication of IoCs, optimized KQL query load, and pagination support.
3.0.0	20-05-2025	Initial Solution Release.