---
title: "Cyware"
slug: "coward"
tags: ["Indicator Enrichment", "Silent Push", "Threat Intelligence"]
updated: 2026-03-18T14:11:27Z
published: 2026-03-18T14:11:27Z
canonical: "help.silentpush.com/coward"
---

> ## Documentation Index
> Fetch the complete documentation index at: https://help.silentpush.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Cyware

Cyware Orchestrate provides two dedicated Silent Push connectors that bring high-fidelity threat intelligence and proactive attacker infrastructure detection into your security workflows:

- **Silent Push** (v1.0.0) – Full enrichment, reputation scoring, DNS intelligence, live scanning, feed management, and more.
- **Silent Push ThreatCheck** (v1.1.0) – Focused on Indicators of Future Attack (IOFA) checking and traffic origin analysis.

## Configuration Parameters

### Silent Push App

| Parameter | Required | Description |
| --- | --- | --- |
| API Key | Yes | Your Silent Push API key |
| Timeout | No | 15–120 seconds (default: 15) |
| Verify SSL | No | Recommended: true |

### Silent Push ThreatCheck App

| Parameter | Required | Description |
| --- | --- | --- |
| Access Key | Yes | Your ThreatCheck access key (found in the Silent Push subscription) |
| Timeout | No | 15–120 seconds (default: 15) |
| Verify SSL | No | Recommended: true |

**Tip:** Create separate app instances in Cyware Orchestrate for each connector if you need both full enrichment and IOFA/ThreatCheck capabilities.

## Most Commonly Used Actions

### Silent Push (Full Enrichment & Intelligence)

- **Enrich Indicator** – Get reputation score + enrichment for a single domain or IP
- **Bulk Enrich Domains** / **Bulk Enrich IP Addresses** – Process up to 100 indicators at once
- **Bulk Retrieve Domain Risk Scores** – Fast risk scoring for many domains
- **Run Live Scan** – Real-time web page analysis (screenshot, redirects, SSL, risk score)
- **Get Domain Information** / **Get IP Information** – Detailed passive DNS, ASN, and host data
- **Get Name Server Reputation**, **Get ASN Takedown Reputation**, **Get Infrastructure Reputation**
- **Create Feed** + **Add Indicators to Feed** – Build and populate your own threat feeds
- **Get Indicators of Future Attack (IOFA)** – Pull pre-attack indicators from a feed

### Silent Push ThreatCheck

- **Check Indicator Listing on IOFA Feed** – Quickly see if a domain/IP is listed as an Indicator of Future Attack
- **Get Traffic Origin Data for an Indicator** – Understand traffic patterns and origins (new in v1.1.0)

## Example Playbook Flow

1. Receive an alert containing a domain or an IP
2. Use **Enrich Indicator** (Silent Push) or **Check Indicator Listing on IOFA Feed** (ThreatCheck)
3. If the****risk score is high or listed on IOFA → enrich further with Bulk actions, Live Scan, or DNS lookups
4. Add confirmed malicious indicators to a Silent Push feed using **Create Feed** + **Add Indicators to Feed**
5. Use reputation data to enrich tickets, blocklists, or SIEM events

This integration gives your SOC high-fidelity, real-time visibility into attacker infrastructure — before it is used in active campaigns.

For full technical details, refer to the official [Silent Push](https://techdocs.cyware.com/co/en/silent-push.html) and [Silent Push Threat Check](https://techdocs.cyware.com/co/en/silent-push-threatcheck.html) app documentation in Cyware Orchestrate.