Cye Exposure Management Platform's Workflow Automations feature enables customers to orchestrate complex processes by embedding Workato as the underlying automation engine. This document outlines the key triggers and actions currently supported by the Cye Exposure Management Platform connector.
Before building your first recipe, connect to the Cye Exposure Management Platform connector using your access token.
For setup instructions, refer to: Workflow Automations – How-To and Best Practices.
Trigger Events and Output Fields
Cye platform triggers automatically initiate Workato recipes in response to platform activity.
Trigger Event Types
The following system events can be used to initiate an automation workflow in Workato:
New finding created
Fires when the platform generates a new finding.Finding severity changed
Triggers when a finding's severity is modified. Use this to automate escalations to high-priority response channels.Finding status changed
Runs when a finding's lifecycle state changes. Use this to sync status updates with external ticketing systems.Open ticket for an existing finding
Triggers a recipe when a user manually selects findings in the platform to initiate ticket creation. Each finding is processed individually.
Triggers' Standardized Output Fields
All triggers above provide a standardized set of output fields, ensuring consistent data mapping across all your automation workflows:
Finding ID: Unique system identifier (long ID). Use this — not the Short ID — when mapping to Cye platform actions.
Short ID: Human-readable identifier (e.g., F-232).
Finding Name: Title of the security finding.
Description: Technical details of the issue.
Finding Summary: Concise overview.
Severity: Current level (e.g., Critical, High).
Priority: Assigned urgency.
Status: Current state (e.g., Open, In Progress).
Mitigation Recommendation: List of strings — each item is a mitigation recommendation for the finding (a finding can have multiple).
Business Impact: Calculated organizational risk.
Security Domain: Category of the finding.
Subcategories: NIST subcategory classifications applied to the finding.
Engagement Name: The specific assessment source.
Source: The tool that identified the finding.
Tags: List of strings — each item is a tag applied to the finding (a finding can have multiple).
Created At: Initial discovery timestamp.
Critical to Block: Indicates whether this finding is critical to block — Yes or No.
Supporting Evidence: One or more file attachments supporting the finding.
Exposure Reduction: Estimated exposure reduction value, in US dollars ($).
Remediation Cost Level: Estimated cost level to remediate — High, Medium, Low, or Negligible.
Remediation Effort Level: Estimated effort level to remediate — High, Medium, Low, or Negligible.
Remediation Date: Target date for remediation.
Owner: Username of the finding's assigned owner.
MITRE Attack Matrix: List of MITRE ATT&CK entries, each containing a Tactic and Technique pair.
Supported Actions
Actions allow Workato recipes to push data, update records, or notify users based on trigger conditions.
1. Send link or ID reference
Attaches external ticket metadata to a finding in the Cye platform for bidirectional visibility.
Required Inputs:
Finding ID: The system ID (long ID) of the Cye platform finding you want to attach the ticket to.
Source: Map from the Finding ID output field of a Cye platform trigger.
Ticket URL: Direct link to the ticket in the external system (e.g., Jira, ServiceNow).
Source: Map from the output of your ticketing action (e.g., "Issue URL" from Jira).
Ticket ID: External reference ID.
Source: Map from your ticketing action (e.g., Jira issue key or ServiceNow ticket number).
Source App (Mandatory): External tool name (e.g., "Jira Cloud").
Source: Enter as text.
2. Update finding status
Modifies a finding's status in the Cye platform based on external triggers, such as closing a ticket in an ITSM tool.
Required Inputs:
Finding ID: The system ID (long ID) of the Cye platform finding you want to update.
Source: Mapped from a previous recipe step or from a value (like a custom field) stored on the related external ticket. The system ID (long ID) is available as the Finding ID output field from any Cye platform trigger.
New Status: The finding status in the Cye platform.
Source: Map from an external status (e.g., Jira Status) using a lookup table to match the supported values below.
Supported Statuses: Open, To Do, In Progress, Reopen, On Hold, Fixed, Acceptable Risk, Not Relevant.
3. Get remediation assets file
Generates a remediation assets CSV for an existing finding in the Cye platform.
Constraint: 5MB limit.
Input — Finding ID: The system ID of the finding to retrieve remediation assets for.
Source: Mapped from a trigger or previous step.
Output — Remediation assets file: CSV file containing the remediation assets for the specified finding.
4. Send email via Cye Exposure Management Platform
Sends a system email to registered Cye platform users.
Sender: Cye Platform Security: [email protected].
Inputs:
To: One or more email addresses, separated by commas.
Source: Enter email addresses as text, or map from owner fields in previous steps.
Subject: Usually entered as text (e.g., "Cye platform finding status updated").
Dynamic Mapping: Insert output fields like Finding Name or Severity to make the subject specific to the event.
Message: The email body.
Dynamic Mapping: Supports Markdown and insertion of any output fields (e.g., Description, Mitigation Recommendation).