Summary
CTM360 CYNA (Cyber News & Alerts) is an aggregated cybersecurity news feed that collects and categorizes threat intelligence news from across the internet. This proposal adds an external import connector
that ingests CYNA news items into OpenCTI as STIX Reports.
Connector
ctm360-cyna-feed (External Import)
Polls the CYNA API on a configurable schedule, extracts CVE references, classifies content by threat category, and pushes STIX bundles into OpenCTI.
Features
- Cursor-based pagination — Iterates through the full CYNA news feed using the
searchAfter cursor token with configurable page size and safety page limit.
- CVE extraction — Scans each news item's title and description with a regex pattern to detect CVE identifiers and creates deduplicated
Vulnerability objects per unique CVE in a batch.
- Keyword-based label classification — Assigns one or more labels to each
Report based on content keywords: cve, ransomware, ddos, data-leak, threat-actor, advisory,
phishing, malware, zero-day.
- STIX objects — Creates
Identity (CTM360 CYNA author), Report (one per news item, type threat-report), Vulnerability (per unique CVE with NVD external reference), and Relationship
(related-to from Report to Vulnerability). All objects marked TLP:WHITE.
- Incremental imports — Persists
last_run timestamp and filters items by published_date to skip already-imported news.
- Total failure guard — Raises an error and marks the work as failed if all news items in a cycle fail STIX conversion, rather than silently importing nothing.
- Retry with exponential backoff — HTTP 429, 5xx, connection errors, and timeouts are retried up to three times.
Technical Implementation
Built using connectors-sdk with Pydantic for configuration. Uses deterministic STIX IDs via pycti generators for the Vulnerability and Report objects. Compatible with OpenCTI 7.260401.0 and later.
Configuration
A valid CTM360 CYNA API key is required (contact CTM360 to obtain one).
Key environment variables: CTM360_CYNA_API_KEY, CTM360_CYNA_API_BASE_URL, CTM360_CYNA_IMPORT_INTERVAL, CTM360_CYNA_PAGE_SIZE, CTM360_CYNA_MAX_PAGES.
A pull request will follow.
Summary
CTM360 CYNA (Cyber News & Alerts) is an aggregated cybersecurity news feed that collects and categorizes threat intelligence news from across the internet. This proposal adds an external import connector
that ingests CYNA news items into OpenCTI as STIX Reports.
Connector
ctm360-cyna-feed (External Import)
Polls the CYNA API on a configurable schedule, extracts CVE references, classifies content by threat category, and pushes STIX bundles into OpenCTI.
Features
searchAftercursor token with configurable page size and safety page limit.Vulnerabilityobjects per unique CVE in a batch.Reportbased on content keywords:cve,ransomware,ddos,data-leak,threat-actor,advisory,phishing,malware,zero-day.Identity(CTM360 CYNA author),Report(one per news item, typethreat-report),Vulnerability(per unique CVE with NVD external reference), andRelationship(
related-tofrom Report to Vulnerability). All objects markedTLP:WHITE.last_runtimestamp and filters items bypublished_dateto skip already-imported news.Technical Implementation
Built using
connectors-sdkwith Pydantic for configuration. Uses deterministic STIX IDs viapyctigenerators for the Vulnerability and Report objects. Compatible with OpenCTI 7.260401.0 and later.Configuration
A valid CTM360 CYNA API key is required (contact CTM360 to obtain one).
Key environment variables:
CTM360_CYNA_API_KEY,CTM360_CYNA_API_BASE_URL,CTM360_CYNA_IMPORT_INTERVAL,CTM360_CYNA_PAGE_SIZE,CTM360_CYNA_MAX_PAGES.A pull request will follow.