Types of APIs Available in Cytomic Orion

The methods SOC applications and third-party solutions can use are divided into five categories:

• Indicator query: Returns a list of indicators of potential attacks logged in the Cytomic Orion platform in the specified period.

• File and computer information query: Returns information about the classification of files detected on computers. It also returns information about the devices that make up the IT infrastructure.

• IOC management: Receives new indicators of compromise that Cytomic Orion uses in its analysis of the flow of events generated by the company’s computers to detect new malware.

• Response tools: Invokes mechanisms to resolve and mitigate the impact of any potential attacks detected by the Cytomic Orion platform.

• OSQuery access: Send OSQuery statements to get information about the client’s IT infrastructure.

• Investigations: Enables you to create, modify, and delete investigations.

• Data access: Access to the data lake. This is equivalent to the advanced SQL query module.

For more information about each of the available APIs, see Cytomic Orion API Specification.