REST API Reference
Version: 6.16.0
Last Updated: 2/23/2026
License
Securonix Proprietary and Confidential
Copyright © 2026 Securonix, Inc. All rights reserved.
NOTICE: All information contained herein, is, and remains the property of Securonix, Inc. The intellectual and technical concepts contained herein are proprietary to Securonix, Inc. and its suppliers and may be covered by U.S. and Foreign Patents, patents in process, and are protected by trade secret or copyright law.
Dissemination of this information or reproduction of this material is strictly forbidden unless prior written permission is obtained from Securonix, Inc.
Introduction
The ThreatQ API is built on REST principles and uses JSON as a data interchange format.
Base URI
All URIs referenced in this document use the following base: https://hostname/api/, where hostname is replaced with the hostname or ip address of your ThreatQ instance.
Request Format
The ThreatQ API supports the following HTTP verbs:
| Verb | Description |
|---|---|
| GET | GET requests retrieve resources. |
| POST | POST requests create resources. |
| PUT | PUT requests update resources. |
| DELETE | DELETE requests delete resources. |
Response Format
All responses are returned in JSON. The response is wrapped in a top level data envelope which is an object or array depending on whether a single item or a collection is returned. If a single item is returned, the data field will be an object. If a collection is returned, the field will be an array.
Response Codes
The ThreatQ API uses HTTP status codes to indicate the status of your request.
| Code | Description |
|---|---|
| 200 | Object was retrieved successfully. |
| 201 | Object was created successfully. |
| 204 | Object(s) were successfully deleted. |
| 400 | Validation failed (usually as the result of an incorrect request) |
| 401 | Access denied (authorization access token in the header was incorrect / out of date) |
| 403 | Access forbidden (usually as the result of a bad request) |
| 404 | Object not found |
Authentication
ThreatQ uses OAuth 2.0 to authenticate end users. You must have a ThreatQ user account to retrieve an api token. The api token is required for all api requests. The token does time out; therefore, you must periodically refresh the token.
Authorization workflow
-
Run a GET request to retrieve your client ID using the following format: https://hostname/assets/js/config.js
-
Run a POST/token request to retrieve your authorization access token. See POST/token in the Authorization section of this reference for the correct format.
Include the following parameters:
- grant_type (password)
- client-id (retrieved in step 1)
Example: https://hostname/api/token?grant_type=password&client_id=ab20a55dd9ac779246210d7102a45ee37
In the request body, include your ThreatQ credentials:
- password
-
Enter the access token as the authorization key in the header for all subsequent api requests.
Object/Parameter Relationships
The following table specifies the parameters available to api endpoints using the “with” query.
NOTE: Examples throughout this API reference are intended to show where you can add a parameter. Use this section as a reference.
| Section | Object | Parameter (Relationships available to the object) |
|---|---|---|
| Authorization | Client | connector |
| ACL | Group | users, clients, actions |
| User | source | |
| Adversaries | Adversary | adversaries, attachments, attributes, attributes.attribute, comments, description, events, indicators, plugins, pluginActions, signatures, sources, tags, watchlist |
| Adversary Attribute | attribute, attributes.attribute, sources | |
| Adversary Comment | adversary, sources | |
| Adversary Description | value | |
| Adversary Source | adversary, tlp | |
| Adversary Tag | adversaries | |
| ObjectLink (e.g., Adversary Link) | pivot.comments, pivot.comments.sources, pivot.attributes, pivot.attributes.attribute, pivot.attributes.sources, pivot.sources, sources | |
| ObjectLink Comment | sources | |
| Attachments | Attachment | adversaries, attachments, attributes, attributes.attribute, comments, contentType, events, indicators, signatures, sources, tags, type, watchlist |
| Attachment Attribute | attribute, attributes.attribute, sources | |
| Attachment Comment | attachment, sources | |
| Attachment Source | attachment, tlp | |
| Attachment Tag | attachments | |
| Attachment Type | plugins, pluginActions | |
| ObjectLink (e.g., Adversary Link) | pivot.comments, pivot.comments.sources, pivot.attributes, pivot.attributes.attribute, pivot.attributes.sources, pivot.sources, sources | |
| ObjectLink Comment | sources | |
| Connectors | Connector | category, tlp |
| Connector Category | connectors | |
| Events | Event | adversaries, attachments, attributes, attributes.attribute, comments, events, indicators, signatures, sources, spearphish, tags, type, watchlist |
| Event Attribute | attribute, attributes.attribute, sources | |
| Event Comment | event, sources | |
| Event Source | event, tlp | |
| Event Tag | events | |
| Event Type | events, plugins, pluginActions, pluginObjectTypes | |
| ObjectLink (e.g., Adversary Link) | pivot.comments, pivot.comments.sources, pivot.attributes, pivot.attributes.attribute, pivot.attributes.sources, pivot.sources, sources | |
| ObjectLink Comment | sources | |
| Event Imports | Event Import | attachments, creatorSource, events, globalAttributes, globalIndicatorAttributes, globalObjectLinks, indicators, indicatorStatus, objectLinks, type |
| Event Import Event | attributes, attributes.attribute, import, type | |
| Event Import Event Attribute | event, import | |
| Event Import Global Indicator Attribute | import | |
| Event Import Indicator | attributes, attributes.attribute, comments, import, status, type | |
| Eula | Eula | acceptance |
| Exporters | Exporter | dataType, deliveryType, config |
| Exporter Config | exporter | |
| Exporter Data Type Field | dataType | |
| Exporter Data Type | dataTypeFields, exporters | |
| Exporter Data Type Related Data Type Field | dataType | |
| Exporter Delivery Type Config Option | deliveryType | |
| Exporter Delivery Type | configOptions, exporters | |
| Imports | Import | attributes, attributes.attribute, indicators, events, objectLinks, source |
| Import Event | attributes, attributes.attribute, type | |
| Import Indicator | attributes, attributes.attribute, comments, objectLinks | |
| Indicators | Indicator | adversaries, attachments, attributes, attributes.attribute, comments, events, indicators, score, signatures, sources, status, tags, type, watchlist |
| Indicator Source | indicator, tlp | |
| Indicator Status | indicators | |
| Indicator Tag | indicators | |
| Indicator Type | indicators, plugins, pluginActions, pluginObjectTypes | |
| ObjectLink (e.g., Adversary Link) | pivot.comments, pivot.comments.sources, pivot.attributes, pivot.attributes.attribute, pivot.attributes.sources, pivot.sources, sources | |
| ObjectLink Comment | sources | |
| ObjectLinks | ObjectLink Comment | objectLink, sources |
| Plugins | Plugin | action, config, objectType |
| Plugin Action | objectType | |
| Signatures | Signature | adversaries, attachments, attributes, attributes.attribute, comments, events, indicators, signatures, sources, status, type, watchlist |
| Signature Attribute | attribute, attributes.attribute, sources | |
| Signature Comment | signature, sources | |
| Signature Source | signature, tlp | |
| Signature Status | signatures | |
| Signature Type | plugins, pluginActions, signatures | |
| ObjectLink (e.g., Adversary Link) | pivot.comments, pivot.comments.sources, pivot.attributes, pivot.attributes.attribute, pivot.attributes.sources, pivot.sources, sources | |
| ObjectLink Comment | sources | |
| Spearphish | Spearphish | event |
| Tag | Tag | attachments, adversaries, events, indicators |
| Whitelist | Whitelist Rule | type |
ACL ¶
Current Permissions ¶
Current PermissionsGET/permissions/current
Get a list of the permissions available to the current user.
Example URI
GET /permissions/current
Request
Headers
Authorization: Bearer <access_token>Response
200Object(s) retrieved successfully.
Body
{
"data": {}
}
}Response
401Access denied.
Current User ¶
Current UserGET/users/current
Get the current user.
Example URI
GET /users/current
Request
Headers
Authorization: Bearer <access_token>Response
200Object(s) retrieved successfully.
Body
{
"data": {
"id": 1,
"display_name": "Threat Quotient",
"email": "threatq@threatq.com",
"type": "user",
"status": "enabled",
"lock_expire_at": "0000-00-00 00:00:00",
"created_at": "2017-04-05 19:59:20",
"updated_at": "2017-04-05 19:59:20",
"source": {
"id": 5,
"type": "users",
"name": "Threat Quotient",
"expire_days": null,
"score": null,
"created_at": "2017-04-05 19:59:20",
"updated_at": "2017-04-05 19:59:20"
}
}
}Response
401Access denied.
User Activity ¶
User ActivityGET/users/{user_id}/activity{?limit,offset,sort}
Get a user’s activity.
Example URI
GET /users/1/activity?limit=500&offset=100&sort=id
URI Parameters
- user_id
integer(required) Example: 1User ID
- limit
integer(optional) Example: 500The maximum number of records to retrieve.
- offset
integer(optional) Example: 100Designate the record that will appear first in your retrieved list.
- sort
string(optional) Example: idDesignate the field(s) you want to use to sort the retrieved list. You can prepend each field with a minus sign (-) to reverse the sorting order. This string can be a list of comma-separated values.
Request
Headers
Authorization: Bearer <access_token>Response
200Object(s) retrieved successfully.
Body
{
"total": 11,
"data": [
{
"id": 1,
"user_id": 1,
"email": "user1@threatq.com",
"event_type": "Successful Login",
"ipaddress": "172.28.128.1",
"created_at": "2017-04-05 20:06:26"
},
{
"id": 2,
"user_id": 1,
"email": "user1@threatq.com",
"event_type": "Successful Login",
"ipaddress": "172.28.128.1",
"created_at": "2017-04-05 20:08:41"
},
{
"id": 3,
"user_id": 1,
"email": "user1@threatq.com",
"event_type": "Successful Login",
"ipaddress": "172.28.128.1",
"created_at": "2017-04-05 20:09:25"
}
]
}Response
401Access denied.
Response
404Object not found.
User Profile ¶
User ProfilePUT/users/profile
Update the currently authenticated User’s password.
Example URI
PUT /users/profile
Request
Headers
Content-Type: application/json
Authorization: Bearer <access_token>Body
{
"password": "new_password",
"password_confirmation": "new_password",
"display_name": "New Display Name",
"email": "new@email.com"
}Response
201Object was created successfully.
Headers
Content-Type: application/jsonBody
{
"data": {
"id": 1,
"display_name": "User 1",
"email": "user1@threatq.com",
"type": "user",
"status": "enabled",
"lock_expire_at": "0000-00-00 00:00:00",
"created_at": "2017-08-24 15:30:06",
"updated_at": "2017-08-24 15:35:51"
}
}Response
400Validation failed.
Headers
Content-Type: application/jsonBody
{
"data": {
"id": 1,
"display_name": "User 1",
"email": "user1@threatq.com",
"type": "user",
"status": "enabled",
"lock_expire_at": "0000-00-00 00:00:00",
"created_at": "2017-08-24 15:30:06",
"updated_at": "2017-08-24 15:35:51",
"password_confirmation": "new_password",
"errors": {
"password": [
"The password format is invalid."
]
}
}
}Response
401Access denied.
User List ¶
Get ListGET/users{?limit,offset,sort,with}
Get a list of Users. Only users with super or administrator permissions may access this endpoint.
Example URI
GET /users?limit=500&offset=100&sort=id&with=source
URI Parameters
- limit
integer(optional) Example: 500The maximum number of records to retrieve.
- offset
integer(optional) Example: 100Designate the record that will appear first in your retrieved list.
- sort
string(optional) Example: idDesignate the field(s) you want to use to sort the retrieved list. You can prepend each field with a minus sign (-) to reverse the sorting order. This string can be a list of comma-separated values.
- with
string(optional) Example: sourceA comma-separated list of related objects to include in the response. Options for this endpoint: source, eulaAcceptances, eulaAcceptances.eula.
Request
Headers
Authorization: Bearer <access_token>Response
200Object(s) retrieved successfully.
Body
{
"total": 1,
"data": [
{
"id": 1,
"display_name": "user1@threatq.com",
"email": "user1@threatq.com",
"type": "user",
"status": "enabled",
"lock_expire_at": "0000-00-00 00:00:00",
"created_at": "-0001-11-30 00:00:00",
"updated_at": "-0001-11-30 00:00:00",
"source": {
"id": 8,
"type": "users",
"name": "source1@threatq.com",
"expire_days": null,
"score": 0,
"created_at": "2017-03-21 19:58:17",
"updated_at": "2017-03-24 22:07:21"
},
"eula_acceptances": [
{
"id": 6,
"user_id": 1,
"eula_id": 1,
"created_at": "2021-03-30 16:03:01",
"updated_at": "2021-03-30 16:03:01",
"eula": {
"id": 1,
"license_type": "ON_PREM_CUST",
"text": "THREATQUOTIENT, INC.\n\nEND USER LICENSE AGREEMENT...",
"version": "2.0",
"hash": "08d1c9165e5f62365e1535f1958ef8ec",
"created_at": "2021-03-29 19:47:50",
"updated_at": "2021-03-29 19:47:50"
}
}
]
}
]
}Response
401Access denied.
Response
403Access forbidden.
Create NewPOST/users
Create a new User. Only users with super or administrator permissions may access this endpoint.
Example URI
POST /users
Request
Headers
Content-Type: application/json
Authorization: Bearer <access_token>Body
{
"display_name": "User2",
"email": "user2@threatq.com",
"group_id": "3",
"password": "thisisapassword",
"password_confirmation": "thisisapassword",
"status": "enabled",
"type": "user"
}Response
201Object was created successfully.
Headers
Content-Type: application/jsonBody
{
"data": {
"id": 7,
"display_name": "User2",
"email": "user2@threatq.com",
"type": "user",
"status": "enabled",
"lock_expire_at": "0000-00-00 00:00:00",
"created_at": "2017-04-05 21:23:09",
"updated_at": "2017-04-05 21:23:09"
}
}Response
400Validation failed.
Headers
Content-Type: application/jsonBody
{
"data": {
"type": "user",
"status": "disabled",
"errors": {
"display_name": [
"The display name field is required."
],
"email": [
"The email field is required."
],
"password": [
"The password field is required."
],
"group_id": [
"The group id field is required."
]
}
}
}Response
401Access denied.
Response
403Access forbidden.
User ¶
Get SingleGET/users/{user_id}{?with}
Get a single User. Only users with super or administrator permissions may access this endpoint.
Example URI
GET /users/1?with=source
URI Parameters
- user_id
integer(required) Example: 1User ID
- with
string(optional) Example: sourceA comma-separated list of related objects to include in the response. Options for this endpoint: source, eulaAcceptances, eulaAcceptances.eula.
Request
Headers
Authorization: Bearer <access_token>Response
200Object(s) retrieved successfully.
Body
{
"data": {
"id": 1,
"display_name": "user1@threatq.com",
"email": "user1@threatq.com",
"type": "user",
"status": "enabled",
"lock_expire_at": "0000-00-00 00:00:00",
"created_at": "-0001-11-30 00:00:00",
"updated_at": "-0001-11-30 00:00:00",
"source": {
"id": 8,
"type": "users",
"name": "source1@threatq.com",
"expire_days": null,
"score": 0,
"created_at": "2017-03-21 19:58:17",
"updated_at": "2017-03-24 22:07:21"
},
"eula_acceptances": [
{
"id": 6,
"user_id": 1,
"eula_id": 1,
"created_at": "2021-03-30 16:03:01",
"updated_at": "2021-03-30 16:03:01",
"eula": {
"id": 1,
"license_type": "ON_PREM_CUST",
"text": "THREATQUOTIENT, INC.\n\nEND USER LICENSE AGREEMENT...",
"version": "2.0",
"hash": "08d1c9165e5f62365e1535f1958ef8ec",
"created_at": "2021-03-29 19:47:50",
"updated_at": "2021-03-29 19:47:50"
}
}
]
}
}Response
401Access denied.
Response
403Access forbidden.
Response
404Object not found.
UpdatePUT/users/{user_id}{?with}
Update an User. Only users with super or administrator permissions may access this endpoint. If LDAP is enabled, LDAP users cannot update passwords.
Example URI
PUT /users/1?with=source
URI Parameters
- user_id
integer(required) Example: 1User ID
- with
string(optional) Example: sourceA comma-separated list of related objects to include in the response. Options for this endpoint: source, eulaAcceptances, eulaAcceptances.eula.
Request
Headers
Content-Type: application/json
Authorization: Bearer <access_token>Body
{
"display_name": "User 3",
"email": "user3@threatq.com",
"group_id": "4",
"password": "thisisanewpassword",
"password_confirmation": "thisisanewpassword",
"status": "enabled",
"type": "user"
}Response
201Object was created successfully.
Headers
Content-Type: application/jsonBody
{
"data": {
"id": 7,
"display_name": "User 3",
"email": "user3@threatq.com",
"type": "user",
"status": "enabled",
"lock_expire_at": "0000-00-00 00:00:00",
"created_at": "2017-04-05 21:23:09",
"updated_at": "2017-04-06 14:44:18",
"source": {
"id": 8,
"type": "users",
"name": "source1@threatq.com",
"expire_days": null,
"score": 0,
"created_at": "2017-03-21 19:58:17",
"updated_at": "2017-03-24 22:07:21"
}
}
}Response
400Validation failed.
Headers
Content-Type: application/jsonBody
{
"data": {
"id": 7,
"display_name": "User2",
"email": "user2@threatq.com",
"type": "user",
"status": "enabled",
"lock_expire_at": "0000-00-00 00:00:00",
"created_at": "2017-04-05 21:23:09",
"updated_at": "2017-04-05 21:23:09",
"password_confirmation": "thisisapassword",
"errors": {
"password": [
"The password confirmation does not match."
]
}
}
}Response
401Access denied.
Response
403Access forbidden.
Response
404Object not found.
DeleteDELETE/users/{user_id}
Delete an User. Only users with super or administrator permissions may access this endpoint.
Example URI
DELETE /users/1
URI Parameters
- user_id
integer(required) Example: 1User ID
Request
Headers
Authorization: Bearer <access_token>Response
204Object(s) were successfully deleted.
Response
401Access denied.
Response
403Access forbidden.
Response
404Object not found.
Adversaries ¶
Adversary List ¶
Get ListGET/adversaries{?limit,offset,sort,with}
Get a list of Adversaries.
Example URI
GET /adversaries?limit=500&offset=100&sort=id&with=adversaries,attachments
URI Parameters
- limit
integer(optional) Example: 500The maximum number of records to retrieve.
- offset
integer(optional) Example: 100Designate the record that will appear first in your retrieved list.
- sort
string(optional) Example: idDesignate the field(s) you want to use to sort the retrieved list. You can prepend each field with a minus sign (-) to reverse the sorting order. This string can be a list of comma-separated values.
- with
string(optional) Example: adversaries,attachmentsA comma-separated list of related objects to include in the response. Options for this endpoint: adversaries, attachments, attributes, comments, description, events, indicators, plugins, pluginActions, signatures, sources, tags, valueWeight, watchlist.
Request
Headers
Authorization: Bearer <access_token>Response
200Object(s) retrieved successfully.
Body
{
"total": 1,
"data": [
{
"id": 1,
"name": "BOOMER",
"created_at": "2017-03-23 20:38:39",
"updated_at": "2017-03-23 20:38:39",
"touched_at": "2017-04-03 15:09:41",
"adversaries": [
{
"id": 2,
"name": "AMOROUS PANDA",
"created_at": "2017-04-13 00:12:14",
"updated_at": "2017-04-13 00:12:14",
"touched_at": "2017-06-28 00:55:56",
"pivot": {
"id": 62204,
"created_at": "2017-06-28 00:55:56",
"updated_at": "2017-06-28 00:55:56"
}
}
],
"attachments": [
{
"id": 3,
"type_id": 3,
"title": "EXE like script",
"name": "Honeybooboo.sh",
"hash": "51774564f8d78fbddbfa22e1e7459af4",
"content_type_id": 1,
"file_size": 234234,
"malware_locked": 1,
"description": null,
"created_at": "2017-06-22 15:06:21",
"updated_at": "2017-06-22 15:06:21",
"touched_at": "2017-06-28 00:56:44",
"pivot": {
"id": 62205,
"created_at": "2017-06-28 00:56:44",
"updated_at": "2017-06-28 00:56:44"
}
}
],
"attributes": [
{
"id": 1,
"adversary_id": 1,
"attribute_id": 252,
"value": "Attribute Value",
"created_at": "2017-06-28 00:57:49",
"updated_at": "2017-06-28 00:57:49",
"name": "My Attribute",
"attribute": {
"id": 252,
"name": "My Attribute",
"created_at": "2017-06-28 00:57:49",
"updated_at": "2017-06-28 00:57:49"
}
}
],
"comments": [
{
"id": 54,
"adversary_id": 1,
"value": "A random comment appeared.",
"creator_source_id": 8,
"created_at": "2017-06-28 00:58:55",
"updated_at": "2017-06-28 00:58:55"
}
],
"description": {
"id": 1,
"adversary_id": 1,
"value_id": 1,
"created_at": "2017-03-23 20:38:39"
},
"events": [
{
"id": 434,
"type_id": 3,
"title": "SQL - 0/uB|*dgNjMEHXz(q%b,Pqm*ufQS{g",
"description": "",
"happened_at": "2017-05-15 17:05:01",
"hash": "1531ce6ae74370a9ac9267eb7ff1c008",
"created_at": "2017-05-15 17:05:01",
"updated_at": "2017-05-15 17:05:01",
"touched_at": "2017-06-27 15:09:22",
"pivot": {
"id": 61869,
"created_at": "2017-04-16 18:44:38",
"updated_at": "2017-06-27 15:09:19"
}
}
],
"indicators": [
{
"id": 549,
"type_id": 4,
"status_id": 3,
"class": "network",
"hash": "02a727a516e305b50c998f11acf75f9b",
"value": "sethc.exe",
"description": null,
"last_detected_at": "2013-11-12 06:22:41",
"expires_at": null,
"expired_at": null,
"expires_calculated_at": null,
"created_at": "2017-06-27 15:07:24",
"updated_at": "2017-06-27 15:07:24",
"touched_at": "2017-06-27 15:09:18",
"pivot": {
"id": 16032,
"created_at": "2017-04-16 21:50:44",
"updated_at": "2017-06-27 15:09:01"
}
}
],
"plugins": [
{
"id": 1,
"name": "plugin1",
"friendly_name": "Plugin 1",
"description": "A custom plugin",
"package_name": "my-package",
"version": "0.0.1",
"required_threatq_version": "2.1",
"author": "Me",
"logo_path": "logo.png",
"enabled": 1,
"disable_proxy": 0,
"created_at": "2017-06-27 15:06:45",
"updated_at": "2017-06-28 01:07:10",
"deleted_at": null,
"object_type_id": 1
}
],
"plugin_actions": [
{
"id": 1,
"plugin_id": 1,
"name": "action1",
"description": "Action 1",
"logo_path": "logo.png",
"created_at": "2017-06-27 15:06:45",
"updated_at": "2017-06-27 15:06:45",
"object_type_id": 1
}
],
"signatures": [
{
"id": 202,
"name": "ET EXPLOIT Possible CVE-2014-3704 Drupal SQLi attempt URLENCODE 27 (2019448:1)",
"description": "",
"hash": "32eb2da7b59c7e85fbeec98f90adaf2d",
"value": "alert tcp any any -> $HTTP_SERVERS $HTTP_PORTS (msg:\"ET EXPLOIT Possible CVE-2014-3704 Drupal SQLi attempt URLENCODE 27\"; flow:established,to_server; content:\"%6e%61m%65[\"; nocase; fast_pattern:only; http_client_body; pcre:\"/(?:^|&|Content-Disposition[\\x3a][^\\n]*?name\\s*?=\\s*?[\\x22\\x27])\\%6e\\%61m\\%65\\[[^\\x5d]*?\\W/Pi\"; reference:url,pastebin.com/F2Dk9LbX; classtype:web-application-attack; sid:2019448; rev:1;)",
"status_id": 6,
"type_id": 1,
"last_detected_at": null,
"created_at": "2017-06-27 15:08:53",
"updated_at": "2017-06-27 15:08:53",
"touched_at": "2017-06-28 01:10:58",
"pivot": {
"id": 62208,
"created_at": "2017-06-28 01:10:58",
"updated_at": "2017-06-28 01:10:58"
}
}
],
"sources": [
{
"id": 19,
"type": "other_sources",
"name": "Source 1",
"tlp_id": null,
"created_at": "2017-03-23 20:38:39",
"updated_at": "2017-03-23 20:38:39",
"published_at": null,
"pivot": {
"adversary_id": 1,
"source_id": 19,
"id": 1,
"creator_source_id": 8
}
}
],
"tags": [
{
"id": 1,
"name": "Yet Another Tag Name",
"pivot": {
"object_id": 1,
"tag_id": 1,
"created_at": "2017-06-28 01:12:27",
"updated_at": "2017-06-28 01:12:27"
}
}
],
"value_weight": {
"id": 1,
"object_type": "adversary",
"object_id": 1,
"score": 1,
"created_at": "2017-06-28 01:13:25",
"updated_at": "2017-06-28 01:13:25"
},
"watchlist": [
{
"id": 1,
"user_id": 1,
"object_type": "adversary",
"object_id": 1,
"created_at": "2017-06-27 18:39:18",
"updated_at": "2017-06-27 18:39:18"
}
]
}
]
}Response
401Access denied.
Create NewPOST/adversaries
Create a new Adversary.
Example URI
POST /adversaries
Request
Headers
Content-Type: application/json
Authorization: Bearer <access_token>Body
{
"name": "Adversary Name",
"sources": [
{
"name": "Adversary source",
"tlp": {
"name": "GREEN"
}
}
]
}Response
201Object was created successfully.
Headers
Content-Type: application/jsonBody
{
"data": {
"name": "Adversary Name",
"updated_at": "2017-03-01 16:12:18",
"created_at": "2017-03-01 16:12:18",
"id": 243,
"sources": [
{
"type": "other_sources",
"name": "Adversary Source",
"updated_at": "2017-03-01 16:12:18",
"created_at": "2017-03-01 16:12:18",
"id": 85
}
]
}
}Response
400Validation failed.
Headers
Content-Type: application/jsonBody
{
"data": {
"errors": {
"name": [
"The name field is required."
]
}
}
}Response
401Access denied.
Adversary ¶
Get SingleGET/adversaries/{adversary_id}{?with}
Get a single Adversary.
Example URI
GET /adversaries/1?with=adversaries,attachments
URI Parameters
- adversary_id
integer(required) Example: 1Adversary ID
- with
string(optional) Example: adversaries,attachmentsA comma-separated list of related objects to include in the response. Options for this endpoint: adversaries, attachments, attributes, comments, description, events, indicators, plugins, pluginActions, signatures, sources, tags, valueWeight, watchlist.
Request
Headers
Authorization: Bearer <access_token>Response
200Object(s) retrieved successfully.
Body
{
"data": {
"id": 1,
"name": "BOOMER",
"created_at": "2017-06-30 23:16:32",
"updated_at": "2017-06-30 23:16:32",
"touched_at": "2017-06-30 23:16:33",
"adversaries": [
{
"id": 1,
"name": "Advanced Pawn",
"created_at": "2017-04-16 05:49:49",
"updated_at": "2017-04-16 05:49:49",
"touched_at": "2017-06-30 23:16:33",
"pivot": {
"id": 62020,
"created_at": "2017-06-30 23:16:33",
"updated_at": "2017-06-30 23:16:33"
}
}
],
"attachments": [
{
"id": 1,
"type_id": 1,
"title": "Crazy File",
"name": "crazy-file.exe",
"hash": "f5f39c6886a66686af0950014dffe968",
"content_type_id": 1,
"file_size": 234235236,
"malware_locked": 1,
"description": null,
"created_at": "2017-06-30 22:06:29",
"updated_at": "2017-06-30 22:06:29",
"touched_at": "2017-06-30 23:16:33",
"pivot": {
"id": 62021,
"created_at": "2017-06-30 23:16:33",
"updated_at": "2017-06-30 23:16:33"
}
}
],
"attributes": [
{
"id": 3,
"adversary_id": 189,
"attribute_id": 1,
"value": "Attribute Value",
"created_at": "2017-06-30 23:16:33",
"updated_at": "2017-06-30 23:16:33",
"name": "My Attribute",
"attribute": {
"id": 1,
"name": "My Attribute",
"created_at": "2017-06-25 22:06:29",
"updated_at": "2017-06-12 22:06:29"
}
}
],
"comments": [
{
"id": 56,
"adversary_id": 1,
"value": "A random comment appeared.",
"creator_source_id": 8,
"created_at": "2017-06-30 23:16:33",
"updated_at": "2017-06-30 23:16:33"
}
],
"description": {
"id": 3,
"adversary_id": 1,
"value_id": 3,
"created_at": "-0001-11-30 00:00:00"
},
"events": [
{
"id": 1,
"type_id": 1,
"title": "Subject - Hatter were having.",
"description": "",
"happened_at": "2017-03-19 03:55:15",
"hash": "c7591a75b6059c9d27e48113f372687b",
"created_at": "2017-03-19 03:55:15",
"updated_at": "2017-03-19 03:55:15",
"touched_at": "2017-06-30 23:16:33",
"pivot": {
"id": 62026,
"created_at": "2017-06-30 23:16:33",
"updated_at": "2017-06-30 23:16:33"
}
}
],
"indicators": [
{
"id": 1,
"type_id": 1,
"status_id": 5,
"class": "network",
"hash": "4aba5ab07a3bda558d5d725a09d93ba6",
"value": "37.139.40.0/21",
"description": null,
"last_detected_at": "1976-02-14 17:27:49",
"expires_at": null,
"expired_at": null,
"expires_calculated_at": null,
"created_at": "2017-06-30 22:55:30",
"updated_at": "2017-06-30 22:55:30",
"touched_at": "2017-06-30 23:16:33",
"pivot": {
"id": 62023,
"created_at": "2017-06-30 23:16:33",
"updated_at": "2017-06-30 23:16:33"
}
}
],
"plugins": [
{
"id": 6,
"name": "adversary_plugin",
"friendly_name": "Adversary Plugin",
"description": "Adversary Plugin",
"package_name": "plugin",
"version": "6.16.0",
"required_threatq_version": "3.0.0",
"author": "dredd",
"logo_path": "a/b/c/d",
"enabled": 0,
"disable_proxy": 1,
"created_at": "2017-06-30 23:16:33",
"updated_at": "2017-06-30 23:16:33",
"deleted_at": null,
"object_type_id": 189
}
],
"plugin_actions": [
{
"id": 9,
"plugin_id": 6,
"name": "action1",
"description": "Action 1",
"logo_path": "a/b/c/d",
"created_at": "2017-06-30 23:16:33",
"updated_at": "2017-06-30 23:16:33",
"object_type_id": 189
}
],
"signatures": [
{
"id": 1,
"name": "ET EXPLOIT Arkeia full remote access without password or authentication (2001742:9)",
"description": "",
"hash": "737309fe355ef23e1c03a5e98bc364b5",
"value": "alert tcp $EXTERNAL_NET any -> $HOME_NET 617 (msg:\"ET EXPLOIT Arkeia full remote access without password or authentication\"; flow:to_server,established; content:\"|464F3A20596F75206861766520737563|\"; content:\"|6520636C69656E7420696E666F726D61|\"; reference:url,metasploit.com/research/vulns/arkeia_agent; reference:url,doc.emergingthreats.net/bin/view/Main/2001742; classtype:attempted-admin; sid:2001742; rev:9;)",
"status_id": 5,
"type_id": 1,
"last_detected_at": null,
"created_at": "2017-06-30 22:56:56",
"updated_at": "2017-06-30 22:56:56",
"touched_at": "2017-06-30 23:16:33",
"pivot": {
"id": 62024,
"created_at": "2017-06-30 23:16:33",
"updated_at": "2017-06-30 23:16:33"
}
}
],
"sources": [
{
"id": 8,
"type": "users",
"name": "Source 1",
"tlp_id": null,
"created_at": "2017-06-30 23:16:32",
"updated_at": "2017-06-30 23:16:32",
"published_at": null,
"pivot": {
"adversary_id": 1,
"source_id": 8,
"id": 356,
"creator_source_id": 8
}
}
],
"tags": [
{
"id": 3,
"name": "What a Tag",
"pivot": {
"object_id": 1,
"tag_id": 3,
"created_at": "2017-06-30 23:16:33",
"updated_at": "2017-06-30 23:16:33"
}
}
],
"value_weight": {
"id": 3,
"object_type": "adversary",
"object_id": 1,
"score": 2,
"created_at": "2017-06-30 23:16:33",
"updated_at": "2017-06-30 23:16:33"
},
"watchlist": [
{
"id": 3,
"user_id": 1,
"object_type": "adversary",
"object_id": 1,
"created_at": "2017-06-30 23:16:33",
"updated_at": "2017-06-30 23:16:33"
}
]
}
}Response
401Access denied.
Response
404Object not found.
UpdatePUT/adversaries/{adversary_id}{?with}
Update an Adversary.
Example URI
PUT /adversaries/1?with=adversaries,attachments
URI Parameters
- adversary_id
integer(required) Example: 1Adversary ID
- with
string(optional) Example: adversaries,attachmentsA comma-separated list of related objects to include in the response. Options for this endpoint: adversaries, attachments, attributes, comments, description, events, indicators, plugins, pluginActions, signatures, sources, tags, valueWeight, watchlist.
Request
Headers
Content-Type: application/json
Authorization: Bearer <access_token>Body
{
"name": "New Adversary Name",
"sources": [
{
"name": "Adversary source22",
"tlp": {
"name": "GREEN"
}
}
]
}Response
201Object was created successfully.
Headers
Content-Type: application/jsonBody
{
"data": {
"id": 1,
"name": "New Adversary Name",
"created_at": "2017-06-30 23:16:32",
"updated_at": "2017-06-30 23:16:32",
"touched_at": "2017-06-30 23:16:33",
"adversaries": [
{
"id": 1,
"name": "Advanced Pawn",
"created_at": "2017-04-16 05:49:49",
"updated_at": "2017-04-16 05:49:49",
"touched_at": "2017-06-30 23:16:33",
"pivot": {
"id": 62020,
"created_at": "2017-06-30 23:16:33",
"updated_at": "2017-06-30 23:16:33"
}
}
],
"attachments": [
{
"id": 1,
"type_id": 1,
"title": "Crazy File",
"name": "crazy-file.exe",
"hash": "f5f39c6886a66686af0950014dffe968",
"content_type_id": 1,
"file_size": 234235236,
"malware_locked": 1,
"description": null,
"created_at": "2017-06-30 22:06:29",
"updated_at": "2017-06-30 22:06:29",
"touched_at": "2017-06-30 23:16:33",
"pivot": {
"id": 62021,
"created_at": "2017-06-30 23:16:33",
"updated_at": "2017-06-30 23:16:33"
}
}
],
"attributes": [
{
"id": 3,
"adversary_id": 189,
"attribute_id": 1,
"value": "Attribute Value",
"created_at": "2017-06-30 23:16:33",
"updated_at": "2017-06-30 23:16:33",
"name": "My Attribute",
"attribute": {
"id": 1,
"name": "My Attribute",
"created_at": "2017-06-25 22:06:29",
"updated_at": "2017-06-12 22:06:29"
}
}
],
"comments": [
{
"id": 56,
"adversary_id": 1,
"value": "A random comment appeared.",
"creator_source_id": 8,
"created_at": "2017-06-30 23:16:33",
"updated_at": "2017-06-30 23:16:33"
}
],
"description": {
"id": 3,
"adversary_id": 1,
"value_id": 3,
"created_at": "-0001-11-30 00:00:00"
},
"events": [
{
"id": 1,
"type_id": 1,
"title": "Subject - Hatter were having.",
"description": "",
"happened_at": "2017-03-19 03:55:15",
"hash": "c7591a75b6059c9d27e48113f372687b",
"created_at": "2017-03-19 03:55:15",
"updated_at": "2017-03-19 03:55:15",
"touched_at": "2017-06-30 23:16:33",
"pivot": {
"id": 62022,
"created_at": "2017-06-30 23:16:33",
"updated_at": "2017-06-30 23:16:33"
}
}
],
"indicators": [
{
"id": 1,
"type_id": 1,
"status_id": 5,
"class": "network",
"hash": "4aba5ab07a3bda558d5d725a09d93ba6",
"value": "37.139.40.0/21",
"description": null,
"last_detected_at": "1976-02-14 17:27:49",
"expires_at": null,
"expired_at": null,
"expires_calculated_at": null,
"created_at": "2017-06-30 22:55:30",
"updated_at": "2017-06-30 22:55:30",
"touched_at": "2017-06-30 23:16:33",
"pivot": {
"id": 62023,
"created_at": "2017-06-30 23:16:33",
"updated_at": "2017-06-30 23:16:33"
}
}
],
"plugins": [
{
"id": 6,
"name": "adversary_plugin",
"friendly_name": "Adversary Plugin",
"description": "Adversary Plugin",
"package_name": "plugin",
"version": "1.0.0",
"required_threatq_version": "3.0.0",
"author": "dredd",
"logo_path": "a/b/c/d",
"enabled": 0,
"disable_proxy": 1,
"created_at": "2017-06-30 23:16:33",
"updated_at": "2017-06-30 23:16:33",
"deleted_at": null,
"object_type_id": 189
}
],
"plugin_actions": [
{
"id": 9,
"plugin_id": 6,
"name": "action1",
"description": "Action 1",
"logo_path": "a/b/c/d",
"created_at": "2017-06-30 23:16:33",
"updated_at": "2017-06-30 23:16:33",
"object_type_id": 189
}
],
"signatures": [
{
"id": 1,
"name": "ET EXPLOIT Arkeia full remote access without password or authentication (2001742:9)",
"description": "",
"hash": "737309fe355ef23e1c03a5e98bc364b5",
"value": "alert tcp $EXTERNAL_NET any -> $HOME_NET 617 (msg:\"ET EXPLOIT Arkeia full remote access without password or authentication\"; flow:to_server,established; content:\"|464F3A20596F75206861766520737563|\"; content:\"|6520636C69656E7420696E666F726D61|\"; reference:url,metasploit.com/research/vulns/arkeia_agent; reference:url,doc.emergingthreats.net/bin/view/Main/2001742; classtype:attempted-admin; sid:2001742; rev:9;)",
"status_id": 5,
"type_id": 1,
"last_detected_at": null,
"created_at": "2017-06-30 22:56:56",
"updated_at": "2017-06-30 22:56:56",
"touched_at": "2017-06-30 23:16:33",
"pivot": {
"id": 62024,
"created_at": "2017-06-30 23:16:33",
"updated_at": "2017-06-30 23:16:33"
}
}
],
"sources": [
{
"id": 8,
"type": "users",
"name": "Source 1",
"tlp_id": null,
"created_at": "2017-06-30 23:16:32",
"updated_at": "2017-06-30 23:16:32",
"published_at": null,
"pivot": {
"adversary_id": 1,
"source_id": 8,
"id": 356,
"creator_source_id": 8
}
}
],
"tags": [
{
"id": 3,
"name": "What a Tag",
"pivot": {
"object_id": 1,
"tag_id": 3,
"created_at": "2017-06-30 23:16:33",
"updated_at": "2017-06-30 23:16:33"
}
}
],
"value_weight": {
"id": 3,
"object_type": "adversary",
"object_id": 1,
"score": 2,
"created_at": "2017-06-30 23:16:33",
"updated_at": "2017-06-30 23:16:33"
},
"watchlist": [
{
"id": 3,
"user_id": 1,
"object_type": "adversary",
"object_id": 1,
"created_at": "2017-06-30 23:16:33",
"updated_at": "2017-06-30 23:16:33"
}
]
}
}Response
400Validation failed.
Headers
Content-Type: application/jsonBody
{
"data": {
"id": 243,
"name": "ANDROMEDA SPIDER",
"created_at": "2017-03-01 16:12:18",
"updated_at": "2017-03-01 16:32:55",
"touched_at": "2017-03-01 16:12:19",
"errors": {
"name": [
"The name has already been taken."
]
},
"attributes": [],
"events": [],
"indicators": [],
"sources": [
{
"id": 85,
"type": "other_sources",
"name": "Adversary Source",
"tlp_id": null,
"created_at": "2017-03-01 16:12:19",
"updated_at": "2017-03-01 16:12:19",
"published_at": null,
"pivot": {
"adversary_id": 243,
"source_id": 85,
"id": 419,
"creator_source_id": 5
}
}
],
"comments": [],
"signatures": []
}
}Response
401Access denied.
Response
404Object not found.
DeleteDELETE/adversaries/{adversary_id}
Delete an Adversary.
Example URI
DELETE /adversaries/1
URI Parameters
- adversary_id
integer(required) Example: 1Adversary ID
Request
Headers
Authorization: Bearer <access_token>Response
204Object(s) were successfully deleted.
Response
401Access denied.
Response
404Object not found.
Adversary Adversaries List ¶
Get ListGET/adversaries/{adversary_id}/adversaries{?limit,offset,sort,with}
Get a list of Adversary Adversary links.
Example URI
GET /adversaries/1/adversaries?limit=500&offset=100&sort=id&with=sources,pivot.attributes
URI Parameters
- adversary_id
integer(required) Example: 1Adversary ID
- limit
integer(optional) Example: 500The maximum number of records to retrieve.
- offset
integer(optional) Example: 100Designate the record that will appear first in your retrieved list.
- sort
string(optional) Example: idDesignate the field(s) you want to use to sort the retrieved list. You can prepend each field with a minus sign (-) to reverse the sorting order. This string can be a list of comma-separated values.
- with
string(optional) Example: sources,pivot.attributesA comma-separated list of related objects to include in the response. Options for this endpoint: pivot.comments, pivot.comments.sources, pivot.attributes, pivot.attributes.attribute, pivot.attributes.sources, pivot.sources, sources.
Request
Headers
Authorization: Bearer <access_token>Response
200Object(s) retrieved successfully.
Body
{
"total": 2,
"data": [
{
"id": 2,
"name": "AMOROUS PANDA",
"created_at": "2018-03-24 03:49:31",
"updated_at": "2018-03-24 03:49:31",
"touched_at": "2018-04-02 16:16:38",
"deleted_at": null,
"sources": [
{
"name": "Customer Observer"
}
],
"pivot": {
"id": 62324,
"src_type": "adversary",
"src_object_id": 1,
"dest_type": "adversary",
"dest_object_id": 2,
"created_at": "2018-04-02 16:16:38",
"updated_at": "2018-04-02 16:16:38",
"comments": [
{
"id": 54,
"type": "users",
"value": "This link is important.",
"source": "Threat Quotient",
"created_at": "2018-04-02 16:19:51.184000",
"updated_at": "2018-04-02 16:23:40.426000",
"creator_source_id": 8
}
],
"attributes": [
{
"id": 15066,
"name": "Industry",
"value": "Hospitals",
"sources": [
{
"id": 2,
"name": "Threat Quotient",
"type": "users",
"pivot": {
"created_at": "2018-04-02 16:17:00.689000",
"updated_at": "2018-04-02 16:17:00.689000"
}
}
]
}
],
"sources": [
{
"id": 24424,
"name": "Threat Quotient",
"type": "users",
"pivot": {
"created_at": "2018-04-02 16:16:38.663000",
"updated_at": "2018-04-02 16:16:38.663000"
}
}
]
}
},
{
"id": 3,
"name": "ANCHOR PANDA",
"created_at": "2018-01-08 23:05:37",
"updated_at": "2018-01-08 23:05:37",
"touched_at": "2018-04-02 16:17:00",
"deleted_at": null,
"sources": [
{
"name": "ThreatQ Front End"
},
{
"name": "Domain Tools"
}
],
"pivot": {
"id": 62325,
"src_type": "adversary",
"src_object_id": 1,
"dest_type": "adversary",
"dest_object_id": 3,
"created_at": "2018-04-02 16:17:00",
"updated_at": "2018-04-02 16:17:00",
"comments": [
{
"id": 56,
"type": "users",
"value": "This link is also important.",
"source": "Threat Quotient",
"created_at": "2018-04-02 16:20:25.327000",
"updated_at": "2018-04-02 16:20:25.327000",
"creator_source_id": 8
}
],
"attributes": [
{
"id": 15065,
"name": "Industry",
"value": "Universities",
"sources": [
{
"id": 1,
"name": "Threat Quotient",
"type": "users",
"pivot": {
"created_at": "2018-04-02 16:17:00.689000",
"updated_at": "2018-04-02 16:17:00.689000"
}
}
]
}
],
"sources": [
{
"id": 24426,
"name": "Threat Quotient",
"type": "users",
"pivot": {
"created_at": "2018-04-02 16:17:00.689000",
"updated_at": "2018-04-02 16:17:00.689000"
}
}
]
}
}
],
"limit": 100,
"offset": 0
}Response
401Access denied.
Create NewPOST/adversaries/{adversary_id}/adversaries
Create a link from an Adversary to another Adversary.
Example URI
POST /adversaries/1/adversaries
URI Parameters
- adversary_id
integer(required) Example: 1Adversary ID
Request
Headers
Content-Type: application/json
Authorization: Bearer <access_token>Body
[
{
"id": 2
},
{
"id": 3
}
]Response
201Object was created successfully.
Headers
Content-Type: application/jsonBody
{
"total": 2,
"data": [
{
"id": 2,
"name": "AMOROUS PANDA",
"created_at": "2017-03-06 14:05:24",
"updated_at": "2017-03-06 14:05:24",
"touched_at": "2017-03-10 19:25:48",
"pivot": {
"id": 62141,
"created_at": "2017-03-10 19:25:48",
"updated_at": "2017-03-10 19:25:48"
}
},
{
"id": 3,
"name": "ANCHOR PANDA",
"created_at": "2016-12-27 13:45:12",
"updated_at": "2016-12-27 13:45:12",
"touched_at": "2017-03-10 19:25:48",
"pivot": {
"id": 62142,
"created_at": "2017-03-10 19:25:48",
"updated_at": "2017-03-10 19:25:48"
}
}
]
}Response
400Validation failed.
Headers
Content-Type: application/jsonBody
{
"data": [
{
"errors": {
"id": [
"The id field is required."
]
}
}
]
}Response
401Access denied.
Bulk DeleteDELETE/adversaries/{adversary_id}/adversaries
Delete multiple Adversary Adversary links. The request should include a list of object_link_ids to be deleted.
Example URI
DELETE /adversaries/1/adversaries
URI Parameters
- adversary_id
integer(required) Example: 1Adversary ID
Request
Headers
Content-Type: application/json
Authorization: Bearer <access_token>Body
[
62351,
62352
]Response
204Object(s) were successfully deleted.
Response
401Access denied.
Adversary Adversary ¶
Get SingleGET/adversaries/{adversary_id}/adversaries/{object_link_id}{?with}
Get a single Adversary Adversary link.
Example URI
GET /adversaries/1/adversaries/2?with=sources,pivot.attributes
URI Parameters
- adversary_id
integer(required) Example: 1Adversary ID
- object_link_id
integer(required) Example: 2Object Link ID
- with
string(optional) Example: sources,pivot.attributesA comma-separated list of related objects to include in the response. Options for this endpoint: pivot.comments, pivot.comments.sources, pivot.attributes, pivot.attributes.attribute, pivot.attributes.sources, pivot.sources, sources.
Request
Headers
Authorization: Bearer <access_token>Response
200Object(s) retrieved successfully.
Body
{
"data": {
"id": 1,
"name": "Advanced Pawn",
"created_at": "2018-01-18 22:47:52",
"updated_at": "2018-01-18 22:47:52",
"touched_at": "2018-04-02 16:17:00",
"pivot": {
"id": 62324,
"created_at": "2018-04-02 16:16:38",
"updated_at": "2018-04-02 16:16:38",
"comments": [
{
"id": 54,
"object_link_id": 62324,
"value": "This link is important.",
"creator_source_id": 8,
"created_at": "2018-04-02 16:19:51",
"updated_at": "2018-04-02 16:23:40",
"sources": [
{
"id": 8,
"type": "users",
"name": "Threat Quotient",
"expire_days": null,
"score": null,
"created_at": "2018-04-02 15:47:21",
"updated_at": "2018-04-02 15:47:21",
"pivot": {
"id": 54,
"creator_source_id": 8
}
}
]
}
],
"attributes": [
{
"id": 15066,
"object_link_id": 62324,
"attribute_id": 136,
"value": "Hospitals",
"created_at": "2018-04-02 16:25:47",
"updated_at": "2018-04-02 16:25:47",
"name": "Industry",
"attribute": {
"id": 136,
"name": "Industry",
"created_at": "2018-04-02 16:25:21",
"updated_at": "2018-04-02 16:25:21"
},
"sources": [
{
"id": 8,
"type": "users",
"name": "Threat Quotient",
"tlp_id": null,
"created_at": "2018-04-02 16:17:00",
"updated_at": "2018-04-02 16:17:00",
"published_at": null,
"pivot": {
"object_link_attribute_id": 15066,
"source_id": 8,
"id": 2,
"creator_source_id": 0
}
}
]
}
],
"sources": [
{
"id": 8,
"type": "users",
"name": "Threat Quotient",
"tlp_id": null,
"created_at": "2018-04-02 16:16:38",
"updated_at": "2018-04-02 16:16:38",
"published_at": null,
"pivot": {
"object_link_id": 62324,
"source_id": 8,
"id": 24424,
"creator_source_id": 8
}
}
]
},
"sources": [
{
"id": 1,
"type": "clients",
"name": "ThreatQ Front End",
"tlp_id": null,
"created_at": "2018-02-05 12:29:56",
"updated_at": "2018-04-02 15:49:40",
"published_at": null,
"pivot": {
"adversary_id": 1,
"source_id": 1,
"id": 1,
"creator_source_id": 1
}
},
{
"id": 7,
"type": "plugins",
"name": "VirusTotal",
"tlp_id": null,
"created_at": "2018-01-31 03:41:47",
"updated_at": "2018-04-02 15:49:40",
"published_at": null,
"pivot": {
"adversary_id": 1,
"source_id": 7,
"id": 2,
"creator_source_id": 7
}
},
{
"id": 8,
"type": "users",
"name": "Threat Quotient",
"tlp_id": null,
"created_at": "2018-03-31 21:31:30",
"updated_at": "2018-04-02 15:49:40",
"published_at": null,
"pivot": {
"adversary_id": 1,
"source_id": 8,
"id": 3,
"creator_source_id": 8
}
}
]
}
}Response
401Access denied.
Response
404Object not found.
DeleteDELETE/adversaries/{adversary_id}/adversaries/{object_link_id}
Delete an Adversary Adversary link.
Example URI
DELETE /adversaries/1/adversaries/2
URI Parameters
- adversary_id
integer(required) Example: 1Adversary ID
- object_link_id
integer(required) Example: 2Object Link ID
Request
Headers
Authorization: Bearer <access_token>Response
204Object(s) were successfully deleted.
Response
401Access denied.
Response
404Object not found.
Adversary Adversary Attributes List ¶
Get ListGET/adversaries/{adversary_id}/adversaries/{object_link_id}/attributes{?limit,offset,sort}
Get a list of Adversary Adversary link Attributes.
Example URI
GET /adversaries/1/adversaries/2/attributes?limit=500&offset=100&sort=id
URI Parameters
- adversary_id
integer(required) Example: 1Adversary ID
- object_link_id
integer(required) Example: 2Object Link ID
- limit
integer(optional) Example: 500The maximum number of records to retrieve.
- offset
integer(optional) Example: 100Designate the record that will appear first in your retrieved list.
- sort
string(optional) Example: idDesignate the field(s) you want to use to sort the retrieved list. You can prepend each field with a minus sign (-) to reverse the sorting order. This string can be a list of comma-separated values.
Request
Headers
Authorization: Bearer <access_token>Response
200Object(s) retrieved successfully.
Body
{
"total": 2,
"data": [
{
"id": 15067,
"object_link_id": 62326,
"attribute_id": 136,
"value": "Universities",
"created_at": "2018-04-02 17:46:43",
"updated_at": "2018-04-02 17:50:18",
"name": "Industry",
"attribute": {
"id": 136,
"name": "Industry",
"created_at": "2018-04-02 16:25:21",
"updated_at": "2018-04-02 16:25:21"
}
},
{
"id": 15068,
"object_link_id": 62326,
"attribute_id": 136,
"value": "Mining",
"created_at": "2018-04-02 17:52:14",
"updated_at": "2018-04-02 17:52:14",
"name": "Industry",
"attribute": {
"id": 136,
"name": "Industry",
"created_at": "2018-04-02 16:25:21",
"updated_at": "2018-04-02 16:25:21"
}
}
]
}Response
401Access denied.
Create NewPOST/adversaries/{adversary_id}/adversaries/{object_link_id}/attributes
Create a new Adversary Adversary link Attribute.
Example URI
POST /adversaries/1/adversaries/2/attributes
URI Parameters
- adversary_id
integer(required) Example: 1Adversary ID
- object_link_id
integer(required) Example: 2Object Link ID
Request
Headers
Content-Type: application/json
Authorization: Bearer <access_token>Body
{
"name": "Port",
"value": "4000",
"sources": [
{
"name": "TQ User",
"tlp": {
"name": "RED"
},
"published_at": "2017-02-28 01:01:01"
}
]
}Response
201Object was created successfully.
Headers
Content-Type: application/jsonBody
{
"data": [
{
"id": 15059,
"object_link_id": 61561,
"attribute_id": 401,
"value": "4000",
"created_at": "2017-03-01 21:47:14",
"updated_at": "2017-03-01 21:47:14",
"deleted_at": null
}
]
}Response
400Validation failed.
Headers
Content-Type: application/jsonBody
{
"errors": [
"Undefined index: value"
]
}Response
401Access denied.
Adversary Adversary Attribute ¶
Get SingleGET/adversaries/{adversary_id}/adversaries/{object_link_id}/attributes/{object_link_attribute_id}
Get a single Adversary Adversary link Attribute.
Example URI
GET /adversaries/1/adversaries/2/attributes/3
URI Parameters
- adversary_id
integer(required) Example: 1Adversary ID
- object_link_id
integer(required) Example: 2Object Link ID
- object_link_attribute_id
integer(required) Example: 3Object Link Attribute ID
Request
Headers
Authorization: Bearer <access_token>Response
200Object(s) retrieved successfully.
Body
{
"data": {
"id": 15068,
"object_link_id": 62326,
"attribute_id": 136,
"value": "Mining",
"created_at": "2018-04-02 17:52:14",
"updated_at": "2018-04-02 17:52:14",
"name": "Industry",
"attribute": {
"id": 136,
"name": "Industry",
"created_at": "2018-04-02 16:25:21",
"updated_at": "2018-04-02 16:25:21"
}
}
}Response
401Access denied.
Response
404Object not found.
UpdatePUT/adversaries/{adversary_id}/adversaries/{object_link_id}/attributes/{object_link_attribute_id}
Update an Adversary Adversary link Attribute.
Example URI
PUT /adversaries/1/adversaries/2/attributes/3
URI Parameters
- adversary_id
integer(required) Example: 1Adversary ID
- object_link_id
integer(required) Example: 2Object Link ID
- object_link_attribute_id
integer(required) Example: 3Object Link Attribute ID
Request
Headers
Content-Type: application/json
Authorization: Bearer <access_token>Body
{
"value": "New Value",
"tlp": {
"name": "RED"
}
}Response
200Object(s) retrieved successfully.
Body
{
"data": [
{
"id": 15058,
"object_link_id": 61561,
"attribute_id": 14,
"value": "New Value",
"created_at": "2017-01-24 14:54:31",
"updated_at": "2017-03-01 22:13:22",
"deleted_at": null
}
]
}Response
400Validation failed.
Headers
Content-Type: application/jsonBody
{
"errors": [
"Undefined index: value"
]
}Response
401Access denied.
Response
404Object not found.
DeleteDELETE/adversaries/{adversary_id}/adversaries/{object_link_id}/attributes/{object_link_attribute_id}
Delete an Adversary Adversary link Attribute.
Example URI
DELETE /adversaries/1/adversaries/2/attributes/3
URI Parameters
- adversary_id
integer(required) Example: 1Adversary ID
- object_link_id
integer(required) Example: 2Object Link ID
- object_link_attribute_id
integer(required) Example: 3Object Link Attribute ID
Request
Headers
Authorization: Bearer <access_token>Response
204Object(s) were successfully deleted.
Response
401Access denied.
Response
404Object not found.
Adversary Adversary Comments List ¶
Get ListGET/adversaries/{adversary_id}/adversaries/{object_link_id}/comments{?limit,offset,sort,with}
Get a list of Adversary Adversary link Comments.
Example URI
GET /adversaries/1/adversaries/2/comments?limit=500&offset=100&sort=id&with=sources
URI Parameters
- adversary_id
integer(required) Example: 1Adversary ID
- object_link_id
integer(required) Example: 2Object Link ID
- limit
integer(optional) Example: 500The maximum number of records to retrieve.
- offset
integer(optional) Example: 100Designate the record that will appear first in your retrieved list.
- sort
string(optional) Example: idDesignate the field(s) you want to use to sort the retrieved list. You can prepend each field with a minus sign (-) to reverse the sorting order. This string can be a list of comma-separated values.
- with
string(optional) Example: sourcesA comma-separated list of related objects to include in the response. Options for this endpoint: sources.
Request
Headers
Authorization: Bearer <access_token>Response
200Object(s) retrieved successfully.
Body
{
"total": 2,
"data": [
{
"id": 54,
"object_link_id": 62325,
"value": "This has some suspicious stuff.",
"creator_source_id": 8,
"created_at": "2018-04-02 16:19:51",
"updated_at": "2018-04-02 18:21:06",
"sources": [
{
"id": 8,
"type": "users",
"name": "Threat Quotient",
"expire_days": null,
"score": null,
"created_at": "2018-04-02 15:47:21",
"updated_at": "2018-04-02 15:47:21",
"pivot": {
"id": 54,
"creator_source_id": 8
}
}
]
},
{
"id": 56,
"object_link_id": 62325,
"value": "Compile date: 10/17/2011",
"creator_source_id": 8,
"created_at": "2018-04-02 16:20:25",
"updated_at": "2018-04-02 16:20:25",
"sources": [
{
"id": 8,
"type": "users",
"name": "Threat Quotient",
"expire_days": null,
"score": null,
"created_at": "2018-04-02 15:47:21",
"updated_at": "2018-04-02 15:47:21",
"pivot": {
"id": 56,
"creator_source_id": 8
}
}
]
}
]
}Response
401Access denied.
Create NewPOST/adversaries/{adversary_id}/adversaries/{object_link_id}/comments
Create a new Adversary Adversary link Comment.
Example URI
POST /adversaries/1/adversaries/2/comments
URI Parameters
- adversary_id
integer(required) Example: 1Adversary ID
- object_link_id
integer(required) Example: 2Object Link ID
Request
Headers
Content-Type: application/json
Authorization: Bearer <access_token>Body
{
"value": "This is a comment."
}Response
201Object was created successfully.
Headers
Content-Type: application/jsonBody
{
"data": {
"creator_source_id": 5,
"id": 69,
"value": "This is a comment.",
"sources": [
{
"id": 5,
"name": "Threat Quotient"
}
],
"created_at": "2017-03-02 14:12:32",
"updated_at": "2017-03-02 14:12:32"
}
}Response
400Validation failed.
Headers
Content-Type: application/jsonBody
{
"errors": [
"Undefined index: value"
]
}Response
401Access denied.
Adversary Adversary Comment ¶
Get SingleGET/adversaries/{adversary_id}/adversaries/{object_link_id}/comments/{object_link_comment_id}
Get a single Adversary Adversary link Comment.
Example URI
GET /adversaries/1/adversaries/2/comments/3
URI Parameters
- adversary_id
integer(required) Example: 1Adversary ID
- object_link_id
integer(required) Example: 2Object Link ID
- object_link_comment_id
integer(required) Example: 3Object Link Comment ID
Request
Headers
Authorization: Bearer <access_token>Response
200Object(s) retrieved successfully.
Body
{
"data": {
"id": 54,
"value": "This is a comment.",
"sources": [
{
"id": 5,
"name": "Threat Quotient"
}
],
"created_at": "2017-03-02 23:18:29",
"updated_at": "2017-03-02 23:18:29"
}
}Response
401Access denied.
Response
404Object not found.
UpdatePUT/adversaries/{adversary_id}/adversaries/{object_link_id}/comments/{object_link_comment_id}
Update an Adversary Adversary link Comment.
Example URI
PUT /adversaries/1/adversaries/2/comments/3
URI Parameters
- adversary_id
integer(required) Example: 1Adversary ID
- object_link_id
integer(required) Example: 2Object Link ID
- object_link_comment_id
integer(required) Example: 3Object Link Comment ID
Request
Headers
Content-Type: application/json
Authorization: Bearer <access_token>Body
{
"value": "This is an updated comment."
}Response
201Object was created successfully.
Headers
Content-Type: application/jsonBody
{
"data": {
"creator_source_id": 5,
"value": "This is an updated comment.",
"id": 67,
"sources": [
{
"id": 5,
"name": "Threat Quotient"
}
],
"created_at": "2017-02-28 20:18:50",
"updated_at": "2017-03-02 14:37:49"
}
}Response
400Validation failed.
Headers
Content-Type: application/jsonBody
{
"data": {
"creator_source_id": 5,
"errors": {
"value": [
"The value field is required."
]
}
}
}Response
401Access denied.
Response
404Object not found.
DeleteDELETE/adversaries/{adversary_id}/adversaries/{object_link_id}/comments/{object_link_comment_id}
Delete an Adversary Adversary link Comment.
Example URI
DELETE /adversaries/1/adversaries/2/comments/3
URI Parameters
- adversary_id
integer(required) Example: 1Adversary ID
- object_link_id
integer(required) Example: 2Object Link ID
- object_link_comment_id
integer(required) Example: 3Object Link Comment ID
Request
Headers
Authorization: Bearer <access_token>Response
204Object(s) were successfully deleted.
Response
401Access denied.
Response
404Object not found.
Adversary Attachments List ¶
Get ListGET/adversaries/{adversary_id}/attachments{?limit,offset,sort,with}
Get a list of Adversary Attachment links.
Example URI
GET /adversaries/1/attachments?limit=500&offset=100&sort=id&with=sources,pivot.attributes
URI Parameters
- adversary_id
integer(required) Example: 1Adversary ID
- limit
integer(optional) Example: 500The maximum number of records to retrieve.
- offset
integer(optional) Example: 100Designate the record that will appear first in your retrieved list.
- sort
string(optional) Example: idDesignate the field(s) you want to use to sort the retrieved list. You can prepend each field with a minus sign (-) to reverse the sorting order. This string can be a list of comma-separated values.
- with
string(optional) Example: sources,pivot.attributesA comma-separated list of related objects to include in the response. Options for this endpoint: pivot.comments, pivot.comments.sources, pivot.attributes, pivot.attributes.attribute, pivot.attributes.sources, pivot.sources, sources.
Request
Headers
Authorization: Bearer <access_token>Response
200Object(s) retrieved successfully.
Body
{
"total": 2,
"data": [
{
"id": 2,
"type_id": 19,
"title": "Honeybooboo.sh",
"name": "Honeybooboo.sh",
"hash": "4ece432b22f92461f9c4d2de2656d3e3",
"content_type_id": 2,
"file_size": 75,
"path": "6/b/d/0/d/c/1/2/e/5/d/f/a/0/4/3/e/b/4/9/6/0/9/f/a/4/7/c/4/f/1/0",
"malware_locked": "0",
"placeholder": 0,
"description": null,
"created_at": "2018-04-02 15:47:22",
"updated_at": "2018-04-02 15:47:22",
"touched_at": "2018-04-02 17:39:18",
"deleted_at": null,
"sources": [
{
"name": "Threat Quotient"
}
],
"pivot": {
"id": 62326,
"src_type": "adversary",
"src_object_id": 1,
"dest_type": "attachment",
"dest_object_id": 2,
"created_at": "2018-04-02 17:39:18",
"updated_at": "2018-04-02 17:39:18",
"comments": [
{
"id": 57,
"type": "users",
"value": "This link is important.",
"source": "Threat Quotient",
"created_at": "2018-04-02 17:54:58.936000",
"updated_at": "2018-04-02 17:55:15.039000",
"creator_source_id": 8
}
],
"attributes": [
{
"id": 15067,
"name": "Industry",
"value": "Universities",
"sources": [
{
"id": 3,
"name": "Threat Quotient",
"type": "users",
"pivot": {
"created_at": "2018-04-02 16:17:00.689000",
"updated_at": "2018-04-02 16:17:00.689000"
}
}
]
}
],
"sources": [
{
"id": 24428,
"name": "Threat Quotient",
"type": "users",
"pivot": {
"created_at": "2018-04-02 17:39:18.781000",
"updated_at": "2018-04-02 17:39:18.781000"
}
}
]
}
},
{
"id": 1,
"type_id": 10,
"title": "parsing-sample.pdf",
"name": "parsing-sample.pdf",
"hash": "89e17b2f6cd3888864237b0ee10048f0",
"content_type_id": 1,
"file_size": 11300,
"path": "e/a/f/d/d/7/1/e/5/c/e/1/1/9/b/0/5/6/4/a/6/d/5/9/a/2/3/5/3/1/0/4",
"malware_locked": "0",
"placeholder": 0,
"description": null,
"created_at": "2018-04-02 15:47:22",
"updated_at": "2018-04-02 15:47:22",
"touched_at": "2018-04-02 17:40:48",
"deleted_at": null,
"sources": [
{
"name": "Threat Quotient"
}
],
"pivot": {
"id": 62327,
"src_type": "adversary",
"src_object_id": 1,
"dest_type": "attachment",
"dest_object_id": 1,
"created_at": "2018-04-02 17:40:48",
"updated_at": "2018-04-02 17:40:48",
"comments": [
{
"id": 58,
"type": "users",
"value": "This link is also important.",
"source": "Threat Quotient",
"created_at": "2018-04-02 17:55:30.995000",
"updated_at": "2018-04-02 17:55:30.995000",
"creator_source_id": 8
}
],
"attributes": [
{
"id": 15068,
"name": "Industry",
"value": "Mining",
"sources": [
{
"id": 4,
"name": "Threat Quotient",
"type": "users",
"pivot": {
"created_at": "2018-04-02 16:17:00.689000",
"updated_at": "2018-04-02 16:17:00.689000"
}
}
]
}
],
"sources": [
{
"id": 24430,
"name": "Threat Quotient",
"type": "users",
"pivot": {
"created_at": "2018-04-02 17:40:48.310000",
"updated_at": "2018-04-02 17:40:48.310000"
}
}
]
}
}
],
"limit": 100,
"offset": 0
}Response
401Access denied.
Create NewPOST/adversaries/{adversary_id}/attachments
Create a link from an Attachment to an Adversary.
Example URI
POST /adversaries/1/attachments
URI Parameters
- adversary_id
integer(required) Example: 1Adversary ID
Request
Headers
Content-Type: application/json
Authorization: Bearer <access_token>Body
[
{
"id": 2
},
{
"id": 3
}
]Response
201Object was created successfully.
Headers
Content-Type: application/jsonBody
{
"total": 1,
"data": [
{
"id": 3,
"type_id": 3,
"title": "EXE like script",
"name": "Honeybooboo.sh",
"hash": "51774564f8d78fbddbfa22e1e7459af4",
"content_type_id": 1,
"file_size": 234234,
"malware_locked": 1,
"description": null,
"created_at": "2017-02-23 20:02:18",
"updated_at": "2017-02-23 20:02:18",
"touched_at": "2017-03-01 16:51:15",
"pivot": {
"id": 62394,
"created_at": "2017-03-01 16:51:15",
"updated_at": "2017-03-01 16:51:15"
}
}
]
}Response
400Validation failed.
Headers
Content-Type: application/jsonBody
{
"data": [
{
"errors": {
"id": [
"The id field is required."
]
}
}
]
}Response
401Access denied.
Bulk DeleteDELETE/adversaries/{adversary_id}/attachments
Delete multiple Adversary Attachment links. The request should include a list of object_link_ids to be deleted.
Example URI
DELETE /adversaries/1/attachments
URI Parameters
- adversary_id
integer(required) Example: 1Adversary ID
Request
Headers
Content-Type: application/json
Authorization: Bearer <access_token>Body
[
62351,
62352
]Response
204Object(s) were successfully deleted.
Response
401Access denied.
Adversary Attachment ¶
Get SingleGET/adversaries/{adversary_id}/attachments/{object_link_id}{?with}
Get a single Adversary Attachment link.
Example URI
GET /adversaries/1/attachments/2?with=sources,pivot.attributes
URI Parameters
- adversary_id
integer(required) Example: 1Adversary ID
- object_link_id
integer(required) Example: 2Object Link ID
- with
string(optional) Example: sources,pivot.attributesA comma-separated list of related objects to include in the response. Options for this endpoint: pivot.comments, pivot.comments.sources, pivot.attributes, pivot.attributes.attribute, pivot.attributes.sources, pivot.sources, sources.
Request
Headers
Authorization: Bearer <access_token>Response
200Object(s) retrieved successfully.
Body
{
"data": {
"id": 2,
"type_id": 19,
"title": "Honeybooboo.sh",
"name": "Honeybooboo.sh",
"hash": "4ece432b22f92461f9c4d2de2656d3e3",
"content_type_id": 2,
"file_size": 75,
"malware_locked": 0,
"placeholder": 0,
"description": null,
"created_at": "2018-04-02 15:47:22",
"updated_at": "2018-04-02 15:47:22",
"touched_at": "2018-04-02 17:39:18",
"pivot": {
"id": 62326,
"created_at": "2018-04-02 17:39:18",
"updated_at": "2018-04-02 17:39:18",
"comments": [
{
"id": 57,
"object_link_id": 62326,
"value": "This link is important.",
"creator_source_id": 8,
"created_at": "2018-04-02 17:54:58",
"updated_at": "2018-04-02 17:55:15",
"sources": [
{
"id": 8,
"type": "users",
"name": "Threat Quotient",
"expire_days": null,
"score": null,
"created_at": "2018-04-02 15:47:21",
"updated_at": "2018-04-02 15:47:21",
"pivot": {
"id": 57,
"creator_source_id": 8
}
}
]
}
],
"attributes": [
{
"id": 15067,
"object_link_id": 62326,
"attribute_id": 136,
"value": "Universities",
"created_at": "2018-04-02 17:46:43",
"updated_at": "2018-04-02 17:50:18",
"name": "Industry",
"attribute": {
"id": 136,
"name": "Industry",
"created_at": "2018-04-02 16:25:21",
"updated_at": "2018-04-02 16:25:21"
},
"sources": [
{
"id": 8,
"type": "users",
"name": "Threat Quotient",
"tlp_id": null,
"created_at": "2018-04-02 16:17:00",
"updated_at": "2018-04-02 16:17:00",
"published_at": null,
"pivot": {
"object_link_attribute_id": 15067,
"source_id": 8,
"id": 3,
"creator_source_id": 0
}
}
]
}
],
"sources": [
{
"id": 8,
"type": "users",
"name": "Threat Quotient",
"tlp_id": null,
"created_at": "2018-04-02 17:39:18",
"updated_at": "2018-04-02 17:39:18",
"published_at": null,
"pivot": {
"object_link_id": 62326,
"source_id": 8,
"id": 24428,
"creator_source_id": 8
}
}
]
},
"sources": [
{
"id": 8,
"type": "users",
"name": "Threat Quotient",
"tlp_id": null,
"created_at": "2018-04-02 15:47:22",
"updated_at": "2018-04-02 15:47:22",
"published_at": null,
"pivot": {
"attachment_id": 2,
"source_id": 8,
"id": 2,
"creator_source_id": 8
}
}
]
}
}Response
401Access denied.
Response
404Object not found.
DeleteDELETE/adversaries/{adversary_id}/attachments/{object_link_id}
Delete an Adversary Attachment link.
Example URI
DELETE /adversaries/1/attachments/2
URI Parameters
- adversary_id
integer(required) Example: 1Adversary ID
- object_link_id
integer(required) Example: 2Object Link ID
Request
Headers
Authorization: Bearer <access_token>Response
204Object(s) were successfully deleted.
Response
401Access denied.
Response
404Object not found.
Adversary Attachment Attributes List ¶
Get ListGET/adversaries/{adversary_id}/attachments/{object_link_id}/attributes{?limit,offset,sort}
Get a list of Adversary Attachment link Attributes.
Example URI
GET /adversaries/1/attachments/2/attributes?limit=500&offset=100&sort=id
URI Parameters
- adversary_id
integer(required) Example: 1Adversary ID
- object_link_id
integer(required) Example: 2Object Link ID
- limit
integer(optional) Example: 500The maximum number of records to retrieve.
- offset
integer(optional) Example: 100Designate the record that will appear first in your retrieved list.
- sort
string(optional) Example: idDesignate the field(s) you want to use to sort the retrieved list. You can prepend each field with a minus sign (-) to reverse the sorting order. This string can be a list of comma-separated values.
Request
Headers
Authorization: Bearer <access_token>Response
200Object(s) retrieved successfully.
Body
{
"total": 2,
"data": [
{
"id": 15067,
"object_link_id": 62326,
"attribute_id": 136,
"value": "Universities",
"created_at": "2018-04-02 17:46:43",
"updated_at": "2018-04-02 17:50:18",
"name": "Industry",
"attribute": {
"id": 136,
"name": "Industry",
"created_at": "2018-04-02 16:25:21",
"updated_at": "2018-04-02 16:25:21"
}
},
{
"id": 15068,
"object_link_id": 62326,
"attribute_id": 136,
"value": "Mining",
"created_at": "2018-04-02 17:52:14",
"updated_at": "2018-04-02 17:52:14",
"name": "Industry",
"attribute": {
"id": 136,
"name": "Industry",
"created_at": "2018-04-02 16:25:21",
"updated_at": "2018-04-02 16:25:21"
}
}
]
}Response
401Access denied.
Create NewPOST/adversaries/{adversary_id}/attachments/{object_link_id}/attributes
Create a new Adversary Attachment link Attribute.
Example URI
POST /adversaries/1/attachments/2/attributes
URI Parameters
- adversary_id
integer(required) Example: 1Adversary ID
- object_link_id
integer(required) Example: 2Object Link ID
Request
Headers
Content-Type: application/json
Authorization: Bearer <access_token>Body
{
"name": "Port",
"value": "4000",
"sources": [
{
"name": "TQ User",
"tlp": {
"name": "RED"
},
"published_at": "2017-02-28 01:01:01"
}
]
}Response
201Object was created successfully.
Headers
Content-Type: application/jsonBody
{
"data": [
{
"id": 15059,
"object_link_id": 61561,
"attribute_id": 401,
"value": "4000",
"created_at": "2017-03-01 21:47:14",
"updated_at": "2017-03-01 21:47:14",
"deleted_at": null
}
]
}Response
400Validation failed.
Headers
Content-Type: application/jsonBody
{
"errors": [
"Undefined index: value"
]
}Response
401Access denied.
Adversary Attachment Attribute ¶
Get SingleGET/adversaries/{adversary_id}/attachments/{object_link_id}/attributes/{object_link_attribute_id}
Get a single Adversary Attachment link Attribute.
Example URI
GET /adversaries/1/attachments/2/attributes/3
URI Parameters
- adversary_id
integer(required) Example: 1Adversary ID
- object_link_id
integer(required) Example: 2Object Link ID
- object_link_attribute_id
integer(required) Example: 3Object Link Attribute ID
Request
Headers
Authorization: Bearer <access_token>Response
200Object(s) retrieved successfully.
Body
{
"data": {
"id": 15068,
"object_link_id": 62326,
"attribute_id": 136,
"value": "Mining",
"created_at": "2018-04-02 17:52:14",
"updated_at": "2018-04-02 17:52:14",
"name": "Industry",
"attribute": {
"id": 136,
"name": "Industry",
"created_at": "2018-04-02 16:25:21",
"updated_at": "2018-04-02 16:25:21"
}
}
}Response
401Access denied.
Response
404Object not found.
UpdatePUT/adversaries/{adversary_id}/attachments/{object_link_id}/attributes/{object_link_attribute_id}
Update an Adversary Attachment link Attribute.
Example URI
PUT /adversaries/1/attachments/2/attributes/3
URI Parameters
- adversary_id
integer(required) Example: 1Adversary ID
- object_link_id
integer(required) Example: 2Object Link ID
- object_link_attribute_id
integer(required) Example: 3Object Link Attribute ID
Request
Headers
Content-Type: application/json
Authorization: Bearer <access_token>Body
{
"value": "New Value",
"tlp": {
"name": "RED"
}
}Response
200Object(s) retrieved successfully.
Body
{
"data": [
{
"id": 15058,
"object_link_id": 61561,
"attribute_id": 14,
"value": "New Value",
"created_at": "2017-01-24 14:54:31",
"updated_at": "2017-03-01 22:13:22",
"deleted_at": null
}
]
}Response
400Validation failed.
Headers
Content-Type: application/jsonBody
{
"errors": [
"Undefined index: value"
]
}Response
401Access denied.
Response
404Object not found.
DeleteDELETE/adversaries/{adversary_id}/attachments/{object_link_id}/attributes/{object_link_attribute_id}
Delete an Adversary Attachment link Attribute.
Example URI
DELETE /adversaries/1/attachments/2/attributes/3
URI Parameters
- adversary_id
integer(required) Example: 1Adversary ID
- object_link_id
integer(required) Example: 2Object Link ID
- object_link_attribute_id
integer(required) Example: 3Object Link Attribute ID
Request
Headers
Authorization: Bearer <access_token>Response
204Object(s) were successfully deleted.
Response
401Access denied.
Response
404Object not found.
Adversary Attachment Comments List ¶
Get ListGET/adversaries/{adversary_id}/attachments/{object_link_id}/comments{?limit,offset,sort,with}
Get a list of Adversary Attachment link Comments.
Example URI
GET /adversaries/1/attachments/2/comments?limit=500&offset=100&sort=id&with=sources
URI Parameters
- adversary_id
integer(required) Example: 1Adversary ID
- object_link_id
integer(required) Example: 2Object Link ID
- limit
integer(optional) Example: 500The maximum number of records to retrieve.
- offset
integer(optional) Example: 100Designate the record that will appear first in your retrieved list.
- sort
string(optional) Example: idDesignate the field(s) you want to use to sort the retrieved list. You can prepend each field with a minus sign (-) to reverse the sorting order. This string can be a list of comma-separated values.
- with
string(optional) Example: sourcesA comma-separated list of related objects to include in the response. Options for this endpoint: sources.
Request
Headers
Authorization: Bearer <access_token>Response
200Object(s) retrieved successfully.
Body
{
"total": 2,
"data": [
{
"id": 54,
"object_link_id": 62325,
"value": "This has some suspicious stuff.",
"creator_source_id": 8,
"created_at": "2018-04-02 16:19:51",
"updated_at": "2018-04-02 18:21:06",
"sources": [
{
"id": 8,
"type": "users",
"name": "Threat Quotient",
"expire_days": null,
"score": null,
"created_at": "2018-04-02 15:47:21",
"updated_at": "2018-04-02 15:47:21",
"pivot": {
"id": 54,
"creator_source_id": 8
}
}
]
},
{
"id": 56,
"object_link_id": 62325,
"value": "Compile date: 10/17/2011",
"creator_source_id": 8,
"created_at": "2018-04-02 16:20:25",
"updated_at": "2018-04-02 16:20:25",
"sources": [
{
"id": 8,
"type": "users",
"name": "Threat Quotient",
"expire_days": null,
"score": null,
"created_at": "2018-04-02 15:47:21",
"updated_at": "2018-04-02 15:47:21",
"pivot": {
"id": 56,
"creator_source_id": 8
}
}
]
}
]
}Response
401Access denied.
Create NewPOST/adversaries/{adversary_id}/attachments/{object_link_id}/comments
Create a new Adversary Attachment link Comment.
Example URI
POST /adversaries/1/attachments/2/comments
URI Parameters
- adversary_id
integer(required) Example: 1Adversary ID
- object_link_id
integer(required) Example: 2Object Link ID
Request
Headers
Content-Type: application/json
Authorization: Bearer <access_token>Body
{
"value": "This is a comment."
}Response
201Object was created successfully.
Headers
Content-Type: application/jsonBody
{
"data": {
"creator_source_id": 5,
"id": 69,
"value": "This is a comment.",
"sources": [
{
"id": 5,
"name": "Threat Quotient"
}
],
"created_at": "2017-03-02 14:12:32",
"updated_at": "2017-03-02 14:12:32"
}
}Response
400Validation failed.
Headers
Content-Type: application/jsonBody
{
"errors": [
"Undefined index: value"
]
}Response
401Access denied.
Adversary Attachment Comment ¶
Get SingleGET/adversaries/{adversary_id}/attachments/{object_link_id}/comments/{object_link_comment_id}
Get a single Adversary Attachment link Comment.
Example URI
GET /adversaries/1/attachments/2/comments/3
URI Parameters
- adversary_id
integer(required) Example: 1Adversary ID
- object_link_id
integer(required) Example: 2Object Link ID
- object_link_comment_id
integer(required) Example: 3Object Link Comment ID
Request
Headers
Authorization: Bearer <access_token>Response
200Object(s) retrieved successfully.
Body
{
"data": {
"id": 54,
"value": "This is a comment.",
"sources": [
{
"id": 5,
"name": "Threat Quotient"
}
],
"created_at": "2017-03-02 23:18:29",
"updated_at": "2017-03-02 23:18:29"
}
}Response
401Access denied.
Response
404Object not found.
UpdatePUT/adversaries/{adversary_id}/attachments/{object_link_id}/comments/{object_link_comment_id}
Update an Adversary Attachment link Comment.
Example URI
PUT /adversaries/1/attachments/2/comments/3
URI Parameters
- adversary_id
integer(required) Example: 1Adversary ID
- object_link_id
integer(required) Example: 2Object Link ID
- object_link_comment_id
integer(required) Example: 3Object Link Comment ID
Request
Headers
Content-Type: application/json
Authorization: Bearer <access_token>Body
{
"value": "This is an updated comment."
}Response
201Object was created successfully.
Headers
Content-Type: application/jsonBody
{
"data": {
"creator_source_id": 5,
"value": "This is an updated comment.",
"id": 67,
"sources": [
{
"id": 5,
"name": "Threat Quotient"
}
],
"created_at": "2017-02-28 20:18:50",
"updated_at": "2017-03-02 14:37:49"
}
}Response
400Validation failed.
Headers
Content-Type: application/jsonBody
{
"data": {
"creator_source_id": 5,
"errors": {
"value": [
"The value field is required."
]
}
}
}Response
401Access denied.
Response
404Object not found.
DeleteDELETE/adversaries/{adversary_id}/attachments/{object_link_id}/comments/{object_link_comment_id}
Delete an Adversary Attachment link Comment.
Example URI
DELETE /adversaries/1/attachments/2/comments/3
URI Parameters
- adversary_id
integer(required) Example: 1Adversary ID
- object_link_id
integer(required) Example: 2Object Link ID
- object_link_comment_id
integer(required) Example: 3Object Link Comment ID
Request
Headers
Authorization: Bearer <access_token>Response
204Object(s) were successfully deleted.
Response
401Access denied.
Response
404Object not found.
Adversary Attributes List ¶
Get ListGET/adversaries/{adversary_id}/attributes{?limit,offset,sort,with}
Get a list of Adversary Attributes.
Example URI
GET /adversaries/1/attributes?limit=500&offset=100&sort=id&with=attribute,sources
URI Parameters
- adversary_id
integer(required) Example: 1Adversary ID
- limit
integer(optional) Example: 500The maximum number of records to retrieve.
- offset
integer(optional) Example: 100Designate the record that will appear first in your retrieved list.
- sort
string(optional) Example: idDesignate the field(s) you want to use to sort the retrieved list. You can prepend each field with a minus sign (-) to reverse the sorting order. This string can be a list of comma-separated values.
- with
string(optional) Example: attribute,sourcesA comma-separated list of related objects to include in the response. Options for this endpoint: attribute, sources.
Request
Headers
Authorization: Bearer <access_token>Response
200Object(s) retrieved successfully.
Body
{
"total": 2,
"data": [
{
"id": 7,
"adversary_id": 193,
"attribute_id": 1,
"value": "Adversary Attribute",
"created_at": "2017-07-03 23:45:02",
"updated_at": "2017-07-03 23:45:02",
"name": "Attribute Name",
"attribute": {
"id": 1,
"name": "Attribute Name",
"created_at": "2017-06-22 23:06:31",
"updated_at": "2017-06-25 23:06:31"
},
"sources": [
{
"id": 8,
"type": "users",
"name": "Threat Quotient",
"tlp_id": 0,
"created_at": "2017-07-03 23:45:02",
"updated_at": "2017-07-03 23:45:02",
"published_at": null,
"pivot": {
"adversary_attribute_id": 7,
"source_id": 8,
"id": 13,
"creator_source_id": 8
}
}
]
},
{
"id": 9,
"adversary_id": 108,
"attribute_id": 3,
"value": "Another Attribute",
"created_at": "2017-07-03 23:45:02",
"updated_at": "2017-07-03 23:45:02",
"name": "Attribute Name",
"attribute": {
"id": 3,
"name": "Attribute Name",
"created_at": "2017-06-22 23:06:31",
"updated_at": "2017-06-25 23:06:31"
},
"sources": [
{
"id": 8,
"type": "users",
"name": "Threat Quotient",
"tlp_id": 0,
"created_at": "2017-07-03 23:45:02",
"updated_at": "2017-07-03 23:45:02",
"published_at": null,
"pivot": {
"adversary_attribute_id": 9,
"source_id": 8,
"id": 13,
"creator_source_id": 8
}
}
]
}
]
}Response
401Access denied.
Create NewPOST/adversaries/{adversary_id}/attributes
Create a new Adversary Attribute.
Example URI
POST /adversaries/1/attributes
URI Parameters
- adversary_id
integer(required) Example: 1Adversary ID
Request
Headers
Content-Type: application/json
Authorization: Bearer <access_token>Body
{
"name": "Port",
"value": "4000",
"sources": [
{
"name": "TQ User",
"tlp": {
"name": "RED"
},
"published_at": "2017-02-28 01:01:01"
}
]
}Response
201Object was created successfully.
Headers
Content-Type: application/jsonBody
{
"total": 1,
"data": [
{
"value": "Test Value",
"adversary_id": 1,
"updated_at": "2017-03-01 19:24:48",
"created_at": "2017-03-01 19:24:48",
"id": 12,
"name": "Test Attribute",
"attribute": {
"name": "Test Attribute"
},
"sources": [
{
"id": 86,
"type": "other_sources",
"name": "AdversarySource",
"tlp_id": 1,
"created_at": "2017-03-01 19:24:48",
"updated_at": "2017-03-01 19:24:48",
"published_at": "2017-02-28 00:00:00",
"pivot": {
"adversary_attribute_id": 12,
"source_id": 86,
"id": 12,
"creator_source_id": 5
}
}
]
}
]
}Response
400Validation failed.
Headers
Content-Type: application/jsonBody
{
"data": {
"adversary_id": "1",
"errors": {
"value": [
"The value field is required."
]
}
}
}Response
401Access denied.
Adversary Attribute ¶
Get SingleGET/adversaries/{adversary_id}/attributes/{adversary_attribute_id}{?with}
Get a single Adversary Attribute.
Example URI
GET /adversaries/1/attributes/2?with=attribute,sources
URI Parameters
- adversary_id
integer(required) Example: 1Adversary ID
- adversary_attribute_id
integer(required) Example: 2Adversary Attribute ID
- with
string(optional) Example: attribute,sourcesA comma-separated list of related objects to include in the response. Options for this endpoint: attribute, sources.
Request
Headers
Authorization: Bearer <access_token>Response
200Object(s) retrieved successfully.
Body
{
"data": {
"id": 7,
"adversary_id": 193,
"attribute_id": 1,
"value": "Adversary Attribute",
"created_at": "2017-07-03 23:45:02",
"updated_at": "2017-07-03 23:45:02",
"name": "Attribute Name",
"attribute": {
"id": 1,
"name": "Attribute Name",
"created_at": "2017-06-22 23:06:31",
"updated_at": "2017-06-25 23:06:31"
},
"sources": [
{
"id": 8,
"type": "users",
"name": "Threat Quotient",
"tlp_id": 0,
"created_at": "2017-07-03 23:45:02",
"updated_at": "2017-07-03 23:45:02",
"published_at": null,
"pivot": {
"adversary_attribute_id": 7,
"source_id": 8,
"id": 13,
"creator_source_id": 8
}
}
]
}
}Response
401Access denied.
Response
404Object not found.
UpdatePUT/adversaries/{adversary_id}/attributes/{adversary_attribute_id}{?with}
Update an Adversary Attribute.
Example URI
PUT /adversaries/1/attributes/2?with=attribute,sources
URI Parameters
- adversary_id
integer(required) Example: 1Adversary ID
- adversary_attribute_id
integer(required) Example: 2Adversary Attribute ID
- with
string(optional) Example: attribute,sourcesA comma-separated list of related objects to include in the response. Options for this endpoint: attribute, sources.
Request
Headers
Content-Type: application/json
Authorization: Bearer <access_token>Body
{
"value": "New Value",
"tlp": {
"name": "RED"
}
}Response
200Object(s) retrieved successfully.
Body
{
"data": {
"id": 7,
"adversary_id": 193,
"attribute_id": 1,
"value": "New Value",
"created_at": "2017-07-03 23:45:02",
"updated_at": "2017-07-03 23:45:02",
"name": "Attribute Name",
"attribute": {
"id": 1,
"name": "Attribute Name",
"created_at": "2017-06-22 23:06:31",
"updated_at": "2017-06-25 23:06:31"
},
"sources": [
{
"id": 8,
"type": "users",
"name": "Threat Quotient",
"tlp_id": 1,
"created_at": "2017-07-03 23:45:02",
"updated_at": "2017-07-03 23:45:02",
"published_at": null,
"pivot": {
"adversary_attribute_id": 7,
"source_id": 8,
"id": 13,
"creator_source_id": 8
}
}
]
}
}Response
400Validation failed.
Headers
Content-Type: application/jsonBody
{
"data": {
"adversary_id": "1",
"attribute_id": "31",
"errors": {
"value": [
"The value field is required."
]
},
"name": null,
"attribute": null
}
}Response
401Access denied.
Response
404Object not found.
DeleteDELETE/adversaries/{adversary_id}/attributes/{adversary_attribute_id}
Delete an Adversary Attribute.
Example URI
DELETE /adversaries/1/attributes/2
URI Parameters
- adversary_id
integer(required) Example: 1Adversary ID
- adversary_attribute_id
integer(required) Example: 2Adversary Attribute ID
Request
Headers
Authorization: Bearer <access_token>Response
204Object(s) were successfully deleted.
Response
401Access denied.
Response
404Object not found.
Adversary Attribute Source ¶
UpdatePUT/adversaries/{adversary_id}/attributes/{adversary_attribute_id}/sources/{adversary_attribute_source_id}
Update an Adversary Attribute Source.
Example URI
PUT /adversaries/1/attributes/2/sources/3
URI Parameters
- adversary_id
integer(required) Example: 1Adversary ID
- adversary_attribute_id
integer(required) Example: 2Adversary Attribute ID
- adversary_attribute_source_id
integer(required) Example: 3Adversary Attribute Source ID
Request
Headers
Content-Type: application/json
Authorization: Bearer <access_token>Body
{
"tlp": {
"name": "RED"
}
}Response
200Object(s) retrieved successfully.
Body
{
"data": {
"id": 1,
"adversary_attribute_id": 1,
"source_id": 8,
"tlp_id": 1,
"created_at": "2018-09-20 21:22:20",
"updated_at": "2018-09-20 21:23:46",
"published_at": "2017-01-01 01:01:01",
"creator_source_id": 8
}
}Response
401Access denied.
Response
404Object not found.
DeleteDELETE/adversaries/{adversary_id}/attributes/{adversary_attribute_id}/sources/{adversary_attribute_source_id}
Delete an Adversary Attribute Source.
Example URI
DELETE /adversaries/1/attributes/2/sources/3
URI Parameters
- adversary_id
integer(required) Example: 1Adversary ID
- adversary_attribute_id
integer(required) Example: 2Adversary Attribute ID
- adversary_attribute_source_id
integer(required) Example: 3Adversary Attribute Source ID
Request
Headers
Authorization: Bearer <access_token>Response
204Object(s) were successfully deleted.
Response
401Access denied.
Response
404Object not found.
Adversary Comments List ¶
Get ListGET/adversaries/{adversary_id}/comments{?limit,offset,sort,with}
Get a list of Adversary Comments.
Example URI
GET /adversaries/1/comments?limit=500&offset=100&sort=id&with=adversary,sources
URI Parameters
- adversary_id
integer(required) Example: 1Adversary ID
- limit
integer(optional) Example: 500The maximum number of records to retrieve.
- offset
integer(optional) Example: 100Designate the record that will appear first in your retrieved list.
- sort
string(optional) Example: idDesignate the field(s) you want to use to sort the retrieved list. You can prepend each field with a minus sign (-) to reverse the sorting order. This string can be a list of comma-separated values.
- with
string(optional) Example: adversary,sourcesA comma-separated list of related objects to include in the response. Options for this endpoint: adversary, sources.
Request
Headers
Authorization: Bearer <access_token>Response
200Object(s) retrieved successfully.
Body
{
"total": 2,
"data": [
{
"id": 56,
"adversary_id": 19,
"value": "This is a comment.",
"creator_source_id": 8,
"created_at": "2017-07-04 01:01:43",
"updated_at": "2017-07-04 01:01:43",
"adversary": {
"id": 189,
"name": "Adversary Name",
"created_at": "2017-07-04 01:01:43",
"updated_at": "2017-07-04 01:01:44",
"touched_at": "2017-07-04 01:01:49"
},
"sources": [
{
"id": 8,
"type": "users",
"name": "Threat Quotient",
"expire_days": null,
"score": null,
"created_at": "2017-07-04 00:53:08",
"updated_at": "2017-07-04 00:53:08",
"pivot": {
"id": 56,
"creator_source_id": 8
}
}
]
},
{
"id": 57,
"adversary_id": 19,
"value": "This is another comment.",
"creator_source_id": 8,
"created_at": "2017-07-04 01:01:43",
"updated_at": "2017-07-04 01:01:43",
"adversary": {
"id": 189,
"name": "Adversary Name",
"created_at": "2017-07-04 01:01:43",
"updated_at": "2017-07-04 01:01:44",
"touched_at": "2017-07-04 01:01:49"
},
"sources": [
{
"id": 8,
"type": "users",
"name": "Threat Quotient",
"expire_days": null,
"score": null,
"created_at": "2017-07-04 00:53:08",
"updated_at": "2017-07-04 00:53:08",
"pivot": {
"id": 56,
"creator_source_id": 8
}
}
]
}
]
}Response
401Access denied.
Create NewPOST/adversaries/{adversary_id}/comments
Create a new Adversary Comment.
Example URI
POST /adversaries/1/comments
URI Parameters
- adversary_id
integer(required) Example: 1Adversary ID
Request
Headers
Content-Type: application/json
Authorization: Bearer <access_token>Body
{
"value": "This is a comment."
}Response
201Object was created successfully.
Headers
Content-Type: application/jsonBody
{
"data": {
"id": 64,
"adversary_id": 1,
"value": "This is a comment.",
"creator_source_id": 5,
"created_at": "2017-03-01 19:52:17",
"updated_at": "2017-03-01 19:52:17",
"sources": [
{
"id": 5,
"type": "users",
"name": "Threat Quotient",
"expire_days": null,
"score": null,
"created_at": "2017-02-28 20:13:18",
"updated_at": "2017-02-28 20:13:18",
"pivot": {
"id": 64,
"creator_source_id": 5
}
}
]
}
}Response
400Validation failed.
Headers
Content-Type: application/jsonBody
{
"data": {
"creator_source_id": 5,
"adversary_id": "1",
"errors": {
"value": [
"The value field is required."
]
}
}
}Response
401Access denied.
Adversary Comment ¶
UpdatePUT/adversaries/{adversary_id}/comments/{adversary_comment_id}{?with}
Update an Adversary Comment.
Example URI
PUT /adversaries/1/comments/2?with=adversary,sources
URI Parameters
- adversary_id
integer(required) Example: 1Adversary ID
- adversary_comment_id
integer(required) Example: 2Adversary Comment ID
- with
string(optional) Example: adversary,sourcesA comma-separated list of related objects to include in the response. Options for this endpoint: adversary, sources.
Request
Headers
Content-Type: application/json
Authorization: Bearer <access_token>Body
{
"value": "This is an updated comment."
}Response
201Object was created successfully.
Headers
Content-Type: application/jsonBody
{
"data": {
"id": 62,
"adversary_id": 1,
"value": "This is an updated comment.",
"creator_source_id": 5,
"created_at": "2017-03-01 19:46:23",
"updated_at": "2017-03-01 20:06:04",
"sources": [
{
"id": 5,
"type": "users",
"name": "Threat Quotient",
"expire_days": null,
"score": null,
"created_at": "2017-02-28 20:13:18",
"updated_at": "2017-02-28 20:13:18",
"pivot": {
"id": 62,
"creator_source_id": 5
}
}
]
}
}Response
400Validation failed.
Headers
Content-Type: application/jsonBody
{
"errors": [
"The current authenticated owner is not the owner of this comment."
]
}Response
401Access denied.
Response
404Object not found.
DeleteDELETE/adversaries/{adversary_id}/comments/{adversary_comment_id}
Delete an Adversary Comment.
Example URI
DELETE /adversaries/1/comments/2
URI Parameters
- adversary_id
integer(required) Example: 1Adversary ID
- adversary_comment_id
integer(required) Example: 2Adversary Comment ID
Request
Headers
Authorization: Bearer <access_token>Response
204Object(s) were successfully deleted.
Response
401Access denied.
Response
404Object not found.
Adversary Comment Short ¶
Get SingleGET/adversaries/comments/{adversary_comment_id}{?with}
Get a single Adversary Comment.
Example URI
GET /adversaries/comments/2?with=adversary,sources
URI Parameters
- adversary_comment_id
integer(required) Example: 2Adversary Comment ID
- with
string(optional) Example: adversary,sourcesA comma-separated list of related objects to include in the response. Options for this endpoint: adversary, sources.
Request
Headers
Authorization: Bearer <access_token>Response
200Object(s) retrieved successfully.
Body
{
"data": {
"id": 54,
"value": "This is a comment.",
"sources": [
{
"id": 5,
"name": "Threat Quotient"
}
],
"created_at": "2017-03-02 23:18:29",
"updated_at": "2017-03-02 23:18:29"
}
}Response
401Access denied.
Response
404Object not found.
UpdatePUT/adversaries/comments/{adversary_comment_id}{?with}
Update an Adversary Comment.
Example URI
PUT /adversaries/comments/2?with=adversary,sources
URI Parameters
- adversary_comment_id
integer(required) Example: 2Adversary Comment ID
- with
string(optional) Example: adversary,sourcesA comma-separated list of related objects to include in the response. Options for this endpoint: adversary, sources.
Request
Headers
Content-Type: application/json
Authorization: Bearer <access_token>Body
{
"value": "This is an updated comment."
}Response
201Object was created successfully.
Headers
Content-Type: application/jsonBody
{
"data": {
"id": 62,
"adversary_id": 1,
"value": "This is an updated comment.",
"creator_source_id": 5,
"created_at": "2017-03-01 19:46:23",
"updated_at": "2017-03-01 20:06:04",
"sources": [
{
"id": 5,
"type": "users",
"name": "Threat Quotient",
"expire_days": null,
"score": null,
"created_at": "2017-02-28 20:13:18",
"updated_at": "2017-02-28 20:13:18",
"pivot": {
"id": 62,
"creator_source_id": 5
}
}
]
}
}Response
400Validation failed.
Headers
Content-Type: application/jsonBody
{
"errors": [
"The current authenticated owner is not the owner of this comment."
]
}Response
401Access denied.
Response
404Object not found.
DeleteDELETE/adversaries/comments/{adversary_comment_id}
Delete an Adversary Comment.
Example URI
DELETE /adversaries/comments/2
URI Parameters
- adversary_comment_id
integer(required) Example: 2Adversary Comment ID
Request
Headers
Authorization: Bearer <access_token>Response
204Object(s) were successfully deleted.
Response
401Access denied.
Response
404Object not found.
Adversary Consume ¶
Adversary ConsumePOST/adversaries/consume
Consume a list of Adversary objects.
Required fields: name
Optional fields: description, published_at, tlp (an object with a name field) or tlp_id, sources, attributes, comments, and tags
Relations can also be included as optional fields in the request: adversaries, attachments, attack_pattern, campaign, course_of_action, events, exploit_target, identity, incident, indicators, intrusion_set, malware, report, signatures, tool, ttp, and vulnerability.
When including relations, if the relation is of the same type as the endpoint used (e.g. related adversaries on Adversary Consume), the relation can be defined using the required fields. Otherwise, relations must be created in advance and the resulting IDs should be used in the request.
Note: Objects that already exist in the system will not be duplicated, any new context in the request will be added to the existing object. This endpoint does not fail on validation - any errors will be included in the response object.
Example URI
POST /adversaries/consume
Request
Headers
Content-Type: application/json
Authorization: Bearer <access_token>Body
[
{
"name": "Deadeye Jackal",
"tlp": {
"name": "WHITE"
},
"published_at": "2017-01-01 00:00:00",
"adversaries": [
{
"name": "Keyhole Panda"
}
],
"comments": [
{
"value": "Found this during the investigation."
}
]
},
{
"name": "Numbered Panda",
"tlp_id": 3,
"attributes": [
{
"name": "Industry",
"value": "Hospitals"
}
],
"indicators": [
{
"id": 3
},
{
"id": 4
}
]
},
{
"name": "Boulder Bear",
"description": [
{
"value": "This bear is from Colorado."
}
],
"sources": [
{
"name": "Digital Shadows",
"tlp": "AMBER"
}
],
"tags": [
{
"name": "Internal"
}
]
}
]Response
201Object was created successfully.
Headers
Content-Type: application/jsonBody
{
"total": 4,
"data": [
{
"name": "Deadeye Jackal",
"id": 187
},
{
"name": "Numbered Panda",
"id": 188
},
{
"name": "Boulder Bear",
"id": 189
},
{
"name": "Keyhole Panda",
"id": 190
}
]
}Response
401Access denied.
Adversary Description ¶
Get SingleGET/adversaries/{adversary_id}/description
Get an Adversary Description.
Example URI
GET /adversaries/1/description
URI Parameters
- adversary_id
integer(required) Example: 1Adversary ID
Request
Headers
Authorization: Bearer <access_token>Response
200Object(s) retrieved successfully.
Body
{
"data": "<p>This Adversary has a description.</p>\n"
}Response
400Validation failed.
Headers
Content-Type: application/jsonBody
{
"errors": [
"Adversary has no description"
]
}Response
401Access denied.
Create NewPOST/adversaries/{adversary_id}/description
Create a new Adversary Description.
Example URI
POST /adversaries/1/description
URI Parameters
- adversary_id
integer(required) Example: 1Adversary ID
Request
Headers
Content-Type: application/json
Authorization: Bearer <access_token>Body
{
"value": "This Adversary has these qualities."
}Response
200Object(s) retrieved successfully.
Body
{
"data": "This Adversary has these qualities."
}Response
400Validation failed.
Headers
Content-Type: application/jsonBody
{
"data": {
"errors": {
"value": [
"The value field is required."
]
}
}
}Response
401Access denied.
Adversary Events List ¶
Get ListGET/adversaries/{adversary_id}/events{?limit,offset,sort,with}
Get a list of Adversary Event links.
Example URI
GET /adversaries/1/events?limit=500&offset=100&sort=id&with=sources,pivot.attributes
URI Parameters
- adversary_id
integer(required) Example: 1Adversary ID
- limit
integer(optional) Example: 500The maximum number of records to retrieve.
- offset
integer(optional) Example: 100Designate the record that will appear first in your retrieved list.
- sort
string(optional) Example: idDesignate the field(s) you want to use to sort the retrieved list. You can prepend each field with a minus sign (-) to reverse the sorting order. This string can be a list of comma-separated values.
- with
string(optional) Example: sources,pivot.attributesA comma-separated list of related objects to include in the response. Options for this endpoint: pivot.comments, pivot.comments.sources, pivot.attributes, pivot.attributes.attribute, pivot.attributes.sources, pivot.sources, sources.
Request
Headers
Authorization: Bearer <access_token>Response
200Object(s) retrieved successfully.
Body
{
"total": 2,
"data": [
{
"id": 13,
"type_id": 1,
"title": "Origin - http://halvorson.com/quia-reprehenderit-ullam-aut-accusantium-iusto-voluptas-omnis",
"description": "",
"happened_at": "2018-01-25 03:17:53",
"hash": "0ba76d18a6e5350a8e5979b5676bc8c8",
"created_at": "2018-01-25 03:17:53",
"updated_at": "2018-01-25 03:17:53",
"touched_at": "2018-04-03 15:34:22",
"deleted_at": null,
"sources": [
{
"name": "Threat Quotient"
}
],
"pivot": {
"id": 61077,
"src_type": "adversary",
"src_object_id": 1,
"dest_type": "event",
"dest_object_id": 13,
"created_at": "2018-02-26 00:36:06",
"updated_at": "2018-04-03 15:34:20",
"comments": [
{
"id": 55,
"type": "users",
"value": "This is important.",
"source": "Threat Quotient",
"created_at": "2018-04-04 14:42:46.690000",
"updated_at": "2018-04-04 14:42:46.690000",
"creator_source_id": 8
}
],
"attributes": [
{
"id": 14948,
"name": "Industry",
"value": "Universities",
"sources": [
{
"id": 1,
"name": "Threat Quotient",
"type": "users",
"pivot": {
"created_at": "0000-00-00 00:00:00",
"updated_at": "0000-00-00 00:00:00"
}
}
]
}
],
"sources": [
{
"id": 22414,
"name": "Threat Quotient",
"type": "clients",
"pivot": {
"created_at": "2018-03-05 22:01:33",
"updated_at": "2018-04-03 15:34:22.693000"
}
}
]
}
},
{
"id": 46,
"type_id": 1,
"title": "Origin - http://kling.com/voluptate-nihil-sit-est-aut",
"description": "",
"happened_at": "2017-12-31 23:17:05",
"hash": "e2e96a1516420fc05ad8ac04de52bd89",
"created_at": "2017-12-31 23:17:05",
"updated_at": "2017-12-31 23:17:05",
"touched_at": "2018-04-03 15:34:22",
"deleted_at": null,
"sources": [
{
"name": "Domain Tools"
},
{
"name": "Emerging Threats"
},
{
"name": "VirusTotal"
}
],
"pivot": {
"id": 61144,
"src_type": "adversary",
"src_object_id": 1,
"dest_type": "event",
"dest_object_id": 46,
"created_at": "2018-03-01 23:54:52",
"updated_at": "2018-04-03 15:34:20",
"comments": [
{
"id": 56,
"type": "users",
"value": "This is also important.",
"source": "Threat Quotient",
"created_at": "2018-04-04 14:43:10.692000",
"updated_at": "2018-04-04 14:43:10.692000",
"creator_source_id": 8
}
],
"attributes": [
{
"id": 14949,
"name": "Industry",
"value": "Mining",
"sources": [
{
"id": 2,
"name": "Threat Quotient",
"type": "users",
"pivot": {
"created_at": "0000-00-00 00:00:00",
"updated_at": "0000-00-00 00:00:00"
}
}
]
}
],
"sources": [
{
"id": 22513,
"name": "Threat Quotient",
"type": "users",
"pivot": {
"created_at": "2018-02-24 09:36:30",
"updated_at": "2018-04-03 15:34:22.693000"
}
},
{
"id": 22514,
"name": "Customer Observer",
"type": "users",
"pivot": {
"created_at": "2018-02-25 22:27:11",
"updated_at": "2018-04-03 15:34:22.693000"
}
}
]
}
}
],
"limit": 100,
"offset": 0
}Response
401Access denied.
Create NewPOST/adversaries/{adversary_id}/events
Create a link from an Event to an Adversary.
Example URI
POST /adversaries/1/events
URI Parameters
- adversary_id
integer(required) Example: 1Adversary ID
Request
Headers
Content-Type: application/json
Authorization: Bearer <access_token>Body
[
{
"id": 2
},
{
"id": 3
}
]Response
201Object was created successfully.
Headers
Content-Type: application/jsonBody
{
"total": 1,
"data": [
{
"id": 202,
"type_id": 2,
"title": "Origin - http://www.durgan.biz/vel-omnis-impedit-at-quod-quasi-reiciendis.html",
"description": "",
"happened_at": "2016-12-05 20:01:48",
"hash": "d13e682a5d567d51b99f676b7bdef980",
"created_at": "2016-12-05 20:01:48",
"updated_at": "2016-12-05 20:01:48",
"touched_at": "2017-02-28 20:14:59",
"pivot": {
"id": 62396,
"created_at": "2017-03-01 20:55:10",
"updated_at": "2017-03-01 20:55:10"
}
}
]
}Response
400Validation failed.
Headers
Content-Type: application/jsonBody
{
"data": [
{
"errors": {
"id": [
"The id field is required."
]
}
}
]
}Response
401Access denied.
Bulk DeleteDELETE/adversaries/{adversary_id}/events
Delete multiple Adversary Event links. The request should include a list of object_link_ids to be deleted.
Example URI
DELETE /adversaries/1/events
URI Parameters
- adversary_id
integer(required) Example: 1Adversary ID
Request
Headers
Content-Type: application/json
Authorization: Bearer <access_token>Body
[
62351,
62352
]Response
204Object(s) were successfully deleted.
Response
401Access denied.
Adversary Event ¶
Get SingleGET/adversaries/{adversary_id}/events/{object_link_id}{?with}
Get a single Adversary Event link.
Example URI
GET /adversaries/1/events/2?with=sources,pivot.attributes
URI Parameters
- adversary_id
integer(required) Example: 1Adversary ID
- object_link_id
integer(required) Example: 2Object Link ID
- with
string(optional) Example: sources,pivot.attributesA comma-separated list of related objects to include in the response. Options for this endpoint: pivot.comments, pivot.comments.sources, pivot.attributes, pivot.attributes.attribute, pivot.attributes.sources, pivot.sources, sources.
Request
Headers
Authorization: Bearer <access_token>Response
200Object(s) retrieved successfully.
Body
{
"data": {
"id": 13,
"type_id": 1,
"title": "Origin - http://halvorson.com/quia-reprehenderit-ullam-aut-accusantium-iusto-voluptas-omnis",
"description": "",
"happened_at": "2018-01-25 03:17:53",
"hash": "0ba76d18a6e5350a8e5979b5676bc8c8",
"created_at": "2018-01-25 03:17:53",
"updated_at": "2018-01-25 03:17:53",
"touched_at": "2018-04-03 15:34:22",
"pivot": {
"id": 61077,
"created_at": "2018-02-26 00:36:06",
"updated_at": "2018-04-03 15:34:20",
"comments": [
{
"id": 55,
"object_link_id": 61077,
"value": "This is important.",
"creator_source_id": 8,
"created_at": "2018-04-04 14:42:46",
"updated_at": "2018-04-04 14:42:46",
"sources": [
{
"id": 8,
"type": "users",
"name": "Threat Quotient",
"expire_days": null,
"score": null,
"created_at": "2018-04-03 15:31:57",
"updated_at": "2018-04-03 15:31:57",
"pivot": {
"id": 55,
"creator_source_id": 8
}
}
]
}
],
"attributes": [
{
"id": 14948,
"object_link_id": 61077,
"attribute_id": 135,
"value": "Universities",
"created_at": "2018-04-04 14:38:39",
"updated_at": "2018-04-04 14:38:39",
"name": "Industry",
"attribute": {
"id": 135,
"name": "Industry",
"created_at": "2018-04-03 19:41:04",
"updated_at": "2018-04-03 19:41:04"
},
"sources": [
{
"id": 8,
"type": "users",
"name": "Threat Quotient",
"tlp_id": null,
"created_at": "-0001-11-30 00:00:00",
"updated_at": "-0001-11-30 00:00:00",
"published_at": null,
"pivot": {
"object_link_attribute_id": 14948,
"source_id": 8,
"id": 1,
"creator_source_id": 0
}
}
]
}
],
"sources": [
{
"id": 2,
"type": "clients",
"name": "Threat Quotient",
"tlp_id": null,
"created_at": "2018-03-05 22:01:33",
"updated_at": "2018-04-03 15:34:22",
"published_at": null,
"pivot": {
"object_link_id": 61077,
"source_id": 2,
"id": 22414,
"creator_source_id": 2
}
}
]
},
"sources": [
{
"id": 8,
"type": "users",
"name": "Threat Quotient",
"tlp_id": null,
"created_at": "2018-02-24 22:23:15",
"updated_at": "2018-04-03 15:34:22",
"published_at": null,
"pivot": {
"event_id": 13,
"source_id": 8,
"id": 27,
"creator_source_id": 8
}
}
]
}
}Response
401Access denied.
Response
404Object not found.
DeleteDELETE/adversaries/{adversary_id}/events/{object_link_id}
Delete an Adversary Event link.
Example URI
DELETE /adversaries/1/events/2
URI Parameters
- adversary_id
integer(required) Example: 1Adversary ID
- object_link_id
integer(required) Example: 2Object Link ID
Request
Headers
Authorization: Bearer <access_token>Response
204Object(s) were successfully deleted.
Response
401Access denied.
Response
404Object not found.
Adversary Event Attributes List ¶
Get ListGET/adversaries/{adversary_id}/events/{object_link_id}/attributes{?limit,offset,sort}
Get a list of Adversary Event link Attributes.
Example URI
GET /adversaries/1/events/2/attributes?limit=500&offset=100&sort=id
URI Parameters
- adversary_id
integer(required) Example: 1Adversary ID
- object_link_id
integer(required) Example: 2Object Link ID
- limit
integer(optional) Example: 500The maximum number of records to retrieve.
- offset
integer(optional) Example: 100Designate the record that will appear first in your retrieved list.
- sort
string(optional) Example: idDesignate the field(s) you want to use to sort the retrieved list. You can prepend each field with a minus sign (-) to reverse the sorting order. This string can be a list of comma-separated values.
Request
Headers
Authorization: Bearer <access_token>Response
200Object(s) retrieved successfully.
Body
{
"total": 2,
"data": [
{
"id": 15067,
"object_link_id": 62326,
"attribute_id": 136,
"value": "Universities",
"created_at": "2018-04-02 17:46:43",
"updated_at": "2018-04-02 17:50:18",
"name": "Industry",
"attribute": {
"id": 136,
"name": "Industry",
"created_at": "2018-04-02 16:25:21",
"updated_at": "2018-04-02 16:25:21"
}
},
{
"id": 15068,
"object_link_id": 62326,
"attribute_id": 136,
"value": "Mining",
"created_at": "2018-04-02 17:52:14",
"updated_at": "2018-04-02 17:52:14",
"name": "Industry",
"attribute": {
"id": 136,
"name": "Industry",
"created_at": "2018-04-02 16:25:21",
"updated_at": "2018-04-02 16:25:21"
}
}
]
}Response
401Access denied.
Create NewPOST/adversaries/{adversary_id}/events/{object_link_id}/attributes
Create a new Adversary Event link Attribute.
Example URI
POST /adversaries/1/events/2/attributes
URI Parameters
- adversary_id
integer(required) Example: 1Adversary ID
- object_link_id
integer(required) Example: 2Object Link ID
Request
Headers
Content-Type: application/json
Authorization: Bearer <access_token>Body
{
"name": "Port",
"value": "4000",
"sources": [
{
"name": "TQ User",
"tlp": {
"name": "RED"
},
"published_at": "2017-02-28 01:01:01"
}
]
}Response
201Object was created successfully.
Headers
Content-Type: application/jsonBody
{
"data": [
{
"id": 15059,
"object_link_id": 61561,
"attribute_id": 401,
"value": "4000",
"created_at": "2017-03-01 21:47:14",
"updated_at": "2017-03-01 21:47:14",
"deleted_at": null
}
]
}Response
400Validation failed.
Headers
Content-Type: application/jsonBody
{
"errors": [
"Undefined index: value"
]
}Response
401Access denied.
Adversary Event Attribute ¶
Get SingleGET/adversaries/{adversary_id}/events/{object_link_id}/attributes/{object_link_attribute_id}
Get a single Adversary Event link Attribute.
Example URI
GET /adversaries/1/events/2/attributes/3
URI Parameters
- adversary_id
integer(required) Example: 1Adversary ID
- object_link_id
integer(required) Example: 2Object Link ID
- object_link_attribute_id
integer(required) Example: 3Object Link Attribute ID
Request
Headers
Authorization: Bearer <access_token>Response
200Object(s) retrieved successfully.
Body
{
"data": {
"id": 15068,
"object_link_id": 62326,
"attribute_id": 136,
"value": "Mining",
"created_at": "2018-04-02 17:52:14",
"updated_at": "2018-04-02 17:52:14",
"name": "Industry",
"attribute": {
"id": 136,
"name": "Industry",
"created_at": "2018-04-02 16:25:21",
"updated_at": "2018-04-02 16:25:21"
}
}
}Response
401Access denied.
Response
404Object not found.
UpdatePUT/adversaries/{adversary_id}/events/{object_link_id}/attributes/{object_link_attribute_id}
Update an Adversary Event link Attribute.
Example URI
PUT /adversaries/1/events/2/attributes/3
URI Parameters
- adversary_id
integer(required) Example: 1Adversary ID
- object_link_id
integer(required) Example: 2Object Link ID
- object_link_attribute_id
integer(required) Example: 3Object Link Attribute ID
Request
Headers
Content-Type: application/json
Authorization: Bearer <access_token>Body
{
"value": "New Value",
"tlp": {
"name": "RED"
}
}Response
200Object(s) retrieved successfully.
Body
{
"data": [
{
"id": 15058,
"object_link_id": 61561,
"attribute_id": 14,
"value": "New Value",
"created_at": "2017-01-24 14:54:31",
"updated_at": "2017-03-01 22:13:22",
"deleted_at": null
}
]
}Response
400Validation failed.
Headers
Content-Type: application/jsonBody
{
"errors": [
"Undefined index: value"
]
}Response
401Access denied.
Response
404Object not found.
DeleteDELETE/adversaries/{adversary_id}/events/{object_link_id}/attributes/{object_link_attribute_id}
Delete an Adversary Event link Attribute.
Example URI
DELETE /adversaries/1/events/2/attributes/3
URI Parameters
- adversary_id
integer(required) Example: 1Adversary ID
- object_link_id
integer(required) Example: 2Object Link ID
- object_link_attribute_id
integer(required) Example: 3Object Link Attribute ID
Request
Headers
Authorization: Bearer <access_token>Response
204Object(s) were successfully deleted.
Response
401Access denied.
Response
404Object not found.
Adversary Event Comments List ¶
Get ListGET/adversaries/{adversary_id}/events/{object_link_id}/comments{?limit,offset,sort,with}
Get a list of Adversary Event link Comments.
Example URI
GET /adversaries/1/events/2/comments?limit=500&offset=100&sort=id&with=sources
URI Parameters
- adversary_id
integer(required) Example: 1Adversary ID
- object_link_id
integer(required) Example: 2Object Link ID
- limit
integer(optional) Example: 500The maximum number of records to retrieve.
- offset
integer(optional) Example: 100Designate the record that will appear first in your retrieved list.
- sort
string(optional) Example: idDesignate the field(s) you want to use to sort the retrieved list. You can prepend each field with a minus sign (-) to reverse the sorting order. This string can be a list of comma-separated values.
- with
string(optional) Example: sourcesA comma-separated list of related objects to include in the response. Options for this endpoint: sources.
Request
Headers
Authorization: Bearer <access_token>Response
200Object(s) retrieved successfully.
Body
{
"total": 2,
"data": [
{
"id": 54,
"object_link_id": 62325,
"value": "This has some suspicious stuff.",
"creator_source_id": 8,
"created_at": "2018-04-02 16:19:51",
"updated_at": "2018-04-02 18:21:06",
"sources": [
{
"id": 8,
"type": "users",
"name": "Threat Quotient",
"expire_days": null,
"score": null,
"created_at": "2018-04-02 15:47:21",
"updated_at": "2018-04-02 15:47:21",
"pivot": {
"id": 54,
"creator_source_id": 8
}
}
]
},
{
"id": 56,
"object_link_id": 62325,
"value": "Compile date: 10/17/2011",
"creator_source_id": 8,
"created_at": "2018-04-02 16:20:25",
"updated_at": "2018-04-02 16:20:25",
"sources": [
{
"id": 8,
"type": "users",
"name": "Threat Quotient",
"expire_days": null,
"score": null,
"created_at": "2018-04-02 15:47:21",
"updated_at": "2018-04-02 15:47:21",
"pivot": {
"id": 56,
"creator_source_id": 8
}
}
]
}
]
}Response
401Access denied.
Create NewPOST/adversaries/{adversary_id}/events/{object_link_id}/comments
Create a new Adversary Event link Comment.
Example URI
POST /adversaries/1/events/2/comments
URI Parameters
- adversary_id
integer(required) Example: 1Adversary ID
- object_link_id
integer(required) Example: 2Object Link ID
Request
Headers
Content-Type: application/json
Authorization: Bearer <access_token>Body
{
"value": "This is a comment."
}Response
201Object was created successfully.
Headers
Content-Type: application/jsonBody
{
"data": {
"creator_source_id": 5,
"id": 69,
"value": "This is a comment.",
"sources": [
{
"id": 5,
"name": "Threat Quotient"
}
],
"created_at": "2017-03-02 14:12:32",
"updated_at": "2017-03-02 14:12:32"
}
}Response
400Validation failed.
Headers
Content-Type: application/jsonBody
{
"errors": [
"Undefined index: value"
]
}Response
401Access denied.
Adversary Event Comment ¶
Get SingleGET/adversaries/{adversary_id}/events/{object_link_id}/comments/{object_link_comment_id}
Get a single Adversary Event link Comment.
Example URI
GET /adversaries/1/events/2/comments/3
URI Parameters
- adversary_id
integer(required) Example: 1Adversary ID
- object_link_id
integer(required) Example: 2Object Link ID
- object_link_comment_id
integer(required) Example: 3Object Link Comment ID
Request
Headers
Authorization: Bearer <access_token>Response
200Object(s) retrieved successfully.
Body
{
"data": {
"id": 54,
"value": "This is a comment.",
"sources": [
{
"id": 5,
"name": "Threat Quotient"
}
],
"created_at": "2017-03-02 23:18:29",
"updated_at": "2017-03-02 23:18:29"
}
}Response
401Access denied.
Response
404Object not found.
UpdatePUT/adversaries/{adversary_id}/events/{object_link_id}/comments/{object_link_comment_id}
Update an Adversary Event link Comment.
Example URI
PUT /adversaries/1/events/2/comments/3
URI Parameters
- adversary_id
integer(required) Example: 1Adversary ID
- object_link_id
integer(required) Example: 2Object Link ID
- object_link_comment_id
integer(required) Example: 3Object Link Comment ID
Request
Headers
Content-Type: application/json
Authorization: Bearer <access_token>Body
{
"value": "This is an updated comment."
}Response
201Object was created successfully.
Headers
Content-Type: application/jsonBody
{
"data": {
"creator_source_id": 5,
"value": "This is an updated comment.",
"id": 67,
"sources": [
{
"id": 5,
"name": "Threat Quotient"
}
],
"created_at": "2017-02-28 20:18:50",
"updated_at": "2017-03-02 14:37:49"
}
}Response
400Validation failed.
Headers
Content-Type: application/jsonBody
{
"data": {
"creator_source_id": 5,
"errors": {
"value": [
"The value field is required."
]
}
}
}Response
401Access denied.
Response
404Object not found.
DeleteDELETE/adversaries/{adversary_id}/events/{object_link_id}/comments/{object_link_comment_id}
Delete an Adversary Event link Comment.
Example URI
DELETE /adversaries/1/events/2/comments/3
URI Parameters
- adversary_id
integer(required) Example: 1Adversary ID
- object_link_id
integer(required) Example: 2Object Link ID
- object_link_comment_id
integer(required) Example: 3Object Link Comment ID
Request
Headers
Authorization: Bearer <access_token>Response
204Object(s) were successfully deleted.
Response
401Access denied.
Response
404Object not found.
Adversary Indicators List ¶
Get ListGET/adversaries/{adversary_id}/indicators{?limit,offset,sort,with}
Get a list of Adversary Indicator links.
Example URI
GET /adversaries/1/indicators?limit=500&offset=100&sort=id&with=sources,pivot.attributes
URI Parameters
- adversary_id
integer(required) Example: 1Adversary ID
- limit
integer(optional) Example: 500The maximum number of records to retrieve.
- offset
integer(optional) Example: 100Designate the record that will appear first in your retrieved list.
- sort
string(optional) Example: idDesignate the field(s) you want to use to sort the retrieved list. You can prepend each field with a minus sign (-) to reverse the sorting order. This string can be a list of comma-separated values.
- with
string(optional) Example: sources,pivot.attributesA comma-separated list of related objects to include in the response. Options for this endpoint: pivot.comments, pivot.comments.sources, pivot.attributes, pivot.attributes.attribute, pivot.attributes.sources, pivot.sources, sources.
Request
Headers
Authorization: Bearer <access_token>Response
200Object(s) retrieved successfully.
Body
{
"total": 2,
"data": [
{
"id": 24,
"type_id": 3,
"status_id": 3,
"class": "network",
"hash": "bc77846655cdf4c183713a59f8c2a8f1",
"value": "brendon57@hotmail.com",
"description": null,
"last_detected_at": "2002-06-23 14:29:54",
"expires_at": null,
"expired_at": null,
"expires_needs_calc": "Y",
"expires_calculated_at": null,
"created_at": "2018-04-04 19:28:34",
"updated_at": "2018-04-04 19:28:34",
"touched_at": "2018-04-04 19:30:57",
"deleted_at": null,
"sources": [
{
"name": "ThreatQ Example Feed"
}
],
"pivot": {
"id": 14896,
"src_type": "indicator",
"src_object_id": 24,
"dest_type": "adversary",
"dest_object_id": 1,
"created_at": "2018-04-04 19:28:34",
"updated_at": "2018-04-04 19:28:34",
"comments": [
{
"id": 54,
"type": "users",
"value": "This link is important.",
"created_at": "2018-04-04 20:05:39.284000",
"updated_at": "2018-04-04 20:05:39.284000",
"creator_source_id": 8,
"sources": [
{
"id": 8,
"name": "Threat Quotient"
}
]
}
],
"attributes": [
{
"id": 43,
"name": "Confidence",
"value": "75",
"sources": [
{
"id": 1,
"name": "Threat Quotient",
"type": "users",
"pivot": {
"created_at": "0000-00-00 00:00:00",
"updated_at": "0000-00-00 00:00:00"
}
}
]
}
],
"sources": [
{
"id": 62,
"name": "VirusTotal",
"type": "plugins",
"pivot": {
"created_at": "2018-02-19 02:14:29",
"updated_at": "2018-04-04 19:30:59.439000"
}
}
]
}
},
{
"id": 74,
"type_id": 3,
"status_id": 3,
"class": "network",
"hash": "890a7aa3415d8b4fa39d9f51a026b7d8",
"value": "hazel.kilback@hotmail.com",
"description": null,
"last_detected_at": "1992-07-15 20:23:27",
"expires_at": null,
"expired_at": null,
"expires_needs_calc": "Y",
"expires_calculated_at": null,
"created_at": "2018-04-04 19:28:35",
"updated_at": "2018-04-04 19:28:35",
"touched_at": "2018-04-04 19:30:57",
"deleted_at": null,
"sources": [
{
"name": "Customer Admin"
}
],
"pivot": {
"id": 14991,
"src_type": "indicator"",
"src_object_id": 74,
"dest_type": "adversary",
"dest_object_id": 1,
"created_at": "2018-04-04 19:28:35",
"updated_at": "2018-04-04 19:28:35",
"comments": [
{
"id": 56,
"type": "users",
"value": "This link is also important.",
"created_at": "2018-04-04 20:09:29.324000",
"updated_at": "2018-04-04 20:09:29.324000",
"creator_source_id": 8,
"sources": [
{
"id": 8,
"name": "Threat Quotient"
}
]
}
],
"attributes": [
{
"id": 138,
"name": "Confidence",
"value": "75",
"sources": [
{
"id": 2,
"name": "Threat Quotient",
"type": "users",
"pivot": {
"created_at": "0000-00-00 00:00:00",
"updated_at": "0000-00-00 00:00:00"
}
}
]
}
],
"sources": [
{
"id": 200,
"name": "Emerging Threats",
"type": "plugins",
"pivot": {
"created_at": "2018-01-13 11:24:36",
"updated_at": "2018-04-04 19:30:59.439000"
}
}
]
}
}
],
"limit": 2,
"offset": 0
}Response
401Access denied.
Create NewPOST/adversaries/{adversary_id}/indicators
Create a link from an Indicator to an Adversary.
Example URI
POST /adversaries/1/indicators
URI Parameters
- adversary_id
integer(required) Example: 1Adversary ID
Request
Headers
Content-Type: application/json
Authorization: Bearer <access_token>Body
[
{
"id": 2
},
{
"id": 3
}
]Response
201Object was created successfully.
Headers
Content-Type: application/jsonBody
{
"total": 1,
"data": [
{
"id": 202,
"type_id": 2,
"status_id": 3,
"class": "network",
"hash": "bba60e76a34af96122b9f44e67ae8ea7",
"value": "oolson@yahoo.com",
"last_detected_at": "2013-12-13 08:58:00",
"expires_at": null,
"expired_at": null,
"expires_calculated_at": null,
"created_at": "2017-02-28 20:13:19",
"updated_at": "2017-02-28 20:13:19",
"touched_at": "2017-03-02 14:57:32",
"pivot": {
"id": 62397,
"created_at": "2017-03-02 14:57:32",
"updated_at": "2017-03-02 14:57:32"
}
}
]
}Response
400Validation failed.
Headers
Content-Type: application/jsonBody
{
"data": [
{
"errors": {
"id": [
"The id field is required."
]
}
}
]
}Response
401Access denied.
Bulk DeleteDELETE/adversaries/{adversary_id}/indicators
Delete multiple Adversary Indicator links. The request should include a list of object_link_ids to be deleted.
Example URI
DELETE /adversaries/1/indicators
URI Parameters
- adversary_id
integer(required) Example: 1Adversary ID
Request
Headers
Content-Type: application/json
Authorization: Bearer <access_token>Body
[
62351,
62352
]Response
204Object(s) were successfully deleted.
Response
401Access denied.
Adversary Indicator ¶
Get SingleGET/adversaries/{adversary_id}/indicators/{object_link_id}{?with}
Get a single Adversary Indicator link.
Example URI
GET /adversaries/1/indicators/2?with=sources,pivot.attributes
URI Parameters
- adversary_id
integer(required) Example: 1Adversary ID
- object_link_id
integer(required) Example: 2Object Link ID
- with
string(optional) Example: sources,pivot.attributesA comma-separated list of related objects to include in the response. Options for this endpoint: pivot.comments, pivot.comments.sources, pivot.attributes, pivot.attributes.attribute, pivot.attributes.sources, pivot.sources, sources.
Request
Headers
Authorization: Bearer <access_token>Response
200Object(s) retrieved successfully.
Body
{
"data": {
"id": 24,
"type_id": 3,
"status_id": 3,
"class": "network",
"hash": "bc77846655cdf4c183713a59f8c2a8f1",
"value": "brendon57@hotmail.com",
"description": null,
"last_detected_at": "2002-06-23 14:29:54",
"expires_at": null,
"expired_at": null,
"expires_needs_calc": "Y",
"expires_calculated_at": null,
"created_at": "2018-04-04 19:28:34",
"updated_at": "2018-04-04 19:28:34",
"touched_at": "2018-04-04 19:30:57",
"pivot": {
"id": 14896,
"created_at": "2018-03-09 14:32:27",
"updated_at": "2018-04-04 19:30:29",
"comments": [
{
"id": 54,
"object_link_id": 14896,
"value": "This link is also important.",
"creator_source_id": 8,
"created_at": "2018-04-04 20:05:39",
"updated_at": "2018-04-04 20:05:39",
"sources": [
{
"id": 8,
"type": "users",
"name": "Threat Quotient",
"expire_days": null,
"score": null,
"created_at": "2018-04-04 19:28:33",
"updated_at": "2018-04-04 19:28:33",
"pivot": {
"id": 54,
"creator_source_id": 8
}
}
]
}
],
"attributes": [
{
"id": 43,
"object_link_id": 14896,
"attribute_id": 13,
"value": "75",
"created_at": "2018-02-24 14:33:41",
"updated_at": "-0001-11-30 00:00:00",
"name": "Confidence",
"attribute": {
"id": 13,
"name": "Confidence",
"created_at": "2018-03-28 19:03:33",
"updated_at": "2018-03-24 19:03:33"
},
"sources": [
{
"id": 8,
"type": "users",
"name": "Threat Quotient",
"tlp_id": null,
"created_at": "-0001-11-30 00:00:00",
"updated_at": "-0001-11-30 00:00:00",
"published_at": null,
"pivot": {
"object_link_attribute_id": 43,
"source_id": 8,
"id": 1,
"creator_source_id": 0
}
}
]
}
],
"sources": [
{
"id": 5,
"type": "plugins",
"name": "VirusTotal",
"tlp_id": null,
"created_at": "2018-02-19 02:14:29",
"updated_at": "2018-04-04 19:30:59",
"published_at": null,
"pivot": {
"object_link_id": 14896,
"source_id": 5,
"id": 62,
"creator_source_id": 5
}
}
]
},
"sources": [
{
"id": 3,
"type": "clients",
"name": "ThreatQ",
"tlp_id": null,
"created_at": "2018-04-04 19:28:35",
"updated_at": "2018-04-04 19:28:35",
"published_at": null,
"pivot": {
"indicator_id": 24,
"source_id": 3,
"id": 59,
"creator_source_id": 8
}
}
]
}
}Response
401Access denied.
Response
404Object not found.
DeleteDELETE/adversaries/{adversary_id}/indicators/{object_link_id}
Delete an Adversary Indicator link.
Example URI
DELETE /adversaries/1/indicators/2
URI Parameters
- adversary_id
integer(required) Example: 1Adversary ID
- object_link_id
integer(required) Example: 2Object Link ID
Request
Headers
Authorization: Bearer <access_token>Response
204Object(s) were successfully deleted.
Response
401Access denied.
Response
404Object not found.
Adversary Indicator Attributes List ¶
Get ListGET/adversaries/{adversary_id}/indicators/{object_link_id}/attributes{?limit,offset,sort}
Get a list of Adversary Indicator link Attributes.
Example URI
GET /adversaries/1/indicators/2/attributes?limit=500&offset=100&sort=id
URI Parameters
- adversary_id
integer(required) Example: 1Adversary ID
- object_link_id
integer(required) Example: 2Object Link ID
- limit
integer(optional) Example: 500The maximum number of records to retrieve.
- offset
integer(optional) Example: 100Designate the record that will appear first in your retrieved list.
- sort
string(optional) Example: idDesignate the field(s) you want to use to sort the retrieved list. You can prepend each field with a minus sign (-) to reverse the sorting order. This string can be a list of comma-separated values.
Request
Headers
Authorization: Bearer <access_token>Response
200Object(s) retrieved successfully.
Body
{
"total": 2,
"data": [
{
"id": 15067,
"object_link_id": 62326,
"attribute_id": 136,
"value": "Universities",
"created_at": "2018-04-02 17:46:43",
"updated_at": "2018-04-02 17:50:18",
"name": "Industry",
"attribute": {
"id": 136,
"name": "Industry",
"created_at": "2018-04-02 16:25:21",
"updated_at": "2018-04-02 16:25:21"
}
},
{
"id": 15068,
"object_link_id": 62326,
"attribute_id": 136,
"value": "Mining",
"created_at": "2018-04-02 17:52:14",
"updated_at": "2018-04-02 17:52:14",
"name": "Industry",
"attribute": {
"id": 136,
"name": "Industry",
"created_at": "2018-04-02 16:25:21",
"updated_at": "2018-04-02 16:25:21"
}
}
]
}Response
401Access denied.
Create NewPOST/adversaries/{adversary_id}/indicators/{object_link_id}/attributes
Create a new Adversary Indicator link Attribute.
Example URI
POST /adversaries/1/indicators/2/attributes
URI Parameters
- adversary_id
integer(required) Example: 1Adversary ID
- object_link_id
integer(required) Example: 2Object Link ID
Request
Headers
Content-Type: application/json
Authorization: Bearer <access_token>Body
{
"name": "Port",
"value": "4000",
"sources": [
{
"name": "TQ User",
"tlp": {
"name": "RED"
},
"published_at": "2017-02-28 01:01:01"
}
]
}Response
201Object was created successfully.
Headers
Content-Type: application/jsonBody
{
"data": [
{
"id": 15059,
"object_link_id": 61561,
"attribute_id": 401,
"value": "4000",
"created_at": "2017-03-01 21:47:14",
"updated_at": "2017-03-01 21:47:14",
"deleted_at": null
}
]
}Response
400Validation failed.
Headers
Content-Type: application/jsonBody
{
"errors": [
"Undefined index: value"
]
}Response
401Access denied.
Adversary Indicator Attribute ¶
Get SingleGET/adversaries/{adversary_id}/indicators/{object_link_id}/attributes/{object_link_attribute_id}
Get a single Adversary Indicator link Attribute.
Example URI
GET /adversaries/1/indicators/2/attributes/3
URI Parameters
- adversary_id
integer(required) Example: 1Adversary ID
- object_link_id
integer(required) Example: 2Object Link ID
- object_link_attribute_id
integer(required) Example: 3Object Link Attribute ID
Request
Headers
Authorization: Bearer <access_token>Response
200Object(s) retrieved successfully.
Body
{
"data": {
"id": 15068,
"object_link_id": 62326,
"attribute_id": 136,
"value": "Mining",
"created_at": "2018-04-02 17:52:14",
"updated_at": "2018-04-02 17:52:14",
"name": "Industry",
"attribute": {
"id": 136,
"name": "Industry",
"created_at": "2018-04-02 16:25:21",
"updated_at": "2018-04-02 16:25:21"
}
}
}Response
401Access denied.
Response
404Object not found.
UpdatePUT/adversaries/{adversary_id}/indicators/{object_link_id}/attributes/{object_link_attribute_id}
Update an Adversary Indicator link Attribute.
Example URI
PUT /adversaries/1/indicators/2/attributes/3
URI Parameters
- adversary_id
integer(required) Example: 1Adversary ID
- object_link_id
integer(required) Example: 2Object Link ID
- object_link_attribute_id
integer(required) Example: 3Object Link Attribute ID
Request
Headers
Content-Type: application/json
Authorization: Bearer <access_token>Body
{
"value": "New Value",
"tlp": {
"name": "RED"
}
}Response
200Object(s) retrieved successfully.
Body
{
"data": [
{
"id": 15058,
"object_link_id": 61561,
"attribute_id": 14,
"value": "New Value",
"created_at": "2017-01-24 14:54:31",
"updated_at": "2017-03-01 22:13:22",
"deleted_at": null
}
]
}Response
400Validation failed.
Headers
Content-Type: application/jsonBody
{
"errors": [
"Undefined index: value"
]
}Response
401Access denied.
Response
404Object not found.
DeleteDELETE/adversaries/{adversary_id}/indicators/{object_link_id}/attributes/{object_link_attribute_id}
Delete an Adversary Indicator link Attribute.
Example URI
DELETE /adversaries/1/indicators/2/attributes/3
URI Parameters
- adversary_id
integer(required) Example: 1Adversary ID
- object_link_id
integer(required) Example: 2Object Link ID
- object_link_attribute_id
integer(required) Example: 3Object Link Attribute ID
Request
Headers
Authorization: Bearer <access_token>Response
204Object(s) were successfully deleted.
Response
401Access denied.
Response
404Object not found.
Adversary Indicator Comments List ¶
Get ListGET/adversaries/{adversary_id}/indicators/{object_link_id}/comments{?limit,offset,sort,with}
Get a list of Adversary Indicator link Comments.
Example URI
GET /adversaries/1/indicators/2/comments?limit=500&offset=100&sort=id&with=sources
URI Parameters
- adversary_id
integer(required) Example: 1Adversary ID
- object_link_id
integer(required) Example: 2Object Link ID
- limit
integer(optional) Example: 500The maximum number of records to retrieve.
- offset
integer(optional) Example: 100Designate the record that will appear first in your retrieved list.
- sort
string(optional) Example: idDesignate the field(s) you want to use to sort the retrieved list. You can prepend each field with a minus sign (-) to reverse the sorting order. This string can be a list of comma-separated values.
- with
string(optional) Example: sourcesA comma-separated list of related objects to include in the response. Options for this endpoint: sources.
Request
Headers
Authorization: Bearer <access_token>Response
200Object(s) retrieved successfully.
Body
{
"total": 2,
"data": [
{
"id": 54,
"object_link_id": 62325,
"value": "This has some suspicious stuff.",
"creator_source_id": 8,
"created_at": "2018-04-02 16:19:51",
"updated_at": "2018-04-02 18:21:06",
"sources": [
{
"id": 8,
"type": "users",
"name": "Threat Quotient",
"expire_days": null,
"score": null,
"created_at": "2018-04-02 15:47:21",
"updated_at": "2018-04-02 15:47:21",
"pivot": {
"id": 54,
"creator_source_id": 8
}
}
]
},
{
"id": 56,
"object_link_id": 62325,
"value": "Compile date: 10/17/2011",
"creator_source_id": 8,
"created_at": "2018-04-02 16:20:25",
"updated_at": "2018-04-02 16:20:25",
"sources": [
{
"id": 8,
"type": "users",
"name": "Threat Quotient",
"expire_days": null,
"score": null,
"created_at": "2018-04-02 15:47:21",
"updated_at": "2018-04-02 15:47:21",
"pivot": {
"id": 56,
"creator_source_id": 8
}
}
]
}
]
}Response
401Access denied.
Create NewPOST/adversaries/{adversary_id}/indicators/{object_link_id}/comments
Create a new Adversary Indicator link Comment.
Example URI
POST /adversaries/1/indicators/2/comments
URI Parameters
- adversary_id
integer(required) Example: 1Adversary ID
- object_link_id
integer(required) Example: 2Object Link ID
Request
Headers
Content-Type: application/json
Authorization: Bearer <access_token>Body
{
"value": "This is a comment."
}Response
201Object was created successfully.
Headers
Content-Type: application/jsonBody
{
"data": {
"creator_source_id": 5,
"id": 69,
"value": "This is a comment.",
"sources": [
{
"id": 5,
"name": "Threat Quotient"
}
],
"created_at": "2017-03-02 14:12:32",
"updated_at": "2017-03-02 14:12:32"
}
}Response
400Validation failed.
Headers
Content-Type: application/jsonBody
{
"errors": [
"Undefined index: value"
]
}Response
401Access denied.
Adversary Indicator Comment ¶
Get SingleGET/adversaries/{adversary_id}/indicators/{object_link_id}/comments/{object_link_comment_id}
Get a single Adversary Indicator link Comment.
Example URI
GET /adversaries/1/indicators/2/comments/3
URI Parameters
- adversary_id
integer(required) Example: 1Adversary ID
- object_link_id
integer(required) Example: 2Object Link ID
- object_link_comment_id
integer(required) Example: 3Object Link Comment ID
Request
Headers
Authorization: Bearer <access_token>Response
200Object(s) retrieved successfully.
Body
{
"data": {
"id": 54,
"value": "This is a comment.",
"sources": [
{
"id": 5,
"name": "Threat Quotient"
}
],
"created_at": "2017-03-02 23:18:29",
"updated_at": "2017-03-02 23:18:29"
}
}Response
401Access denied.
Response
404Object not found.
UpdatePUT/adversaries/{adversary_id}/indicators/{object_link_id}/comments/{object_link_comment_id}
Update an Adversary Indicator link Comment.
Example URI
PUT /adversaries/1/indicators/2/comments/3
URI Parameters
- adversary_id
integer(required) Example: 1Adversary ID
- object_link_id
integer(required) Example: 2Object Link ID
- object_link_comment_id
integer(required) Example: 3Object Link Comment ID
Request
Headers
Content-Type: application/json
Authorization: Bearer <access_token>Body
{
"value": "This is an updated comment."
}Response
201Object was created successfully.
Headers
Content-Type: application/jsonBody
{
"data": {
"creator_source_id": 5,
"value": "This is an updated comment.",
"id": 67,
"sources": [
{
"id": 5,
"name": "Threat Quotient"
}
],
"created_at": "2017-02-28 20:18:50",
"updated_at": "2017-03-02 14:37:49"
}
}Response
400Validation failed.
Headers
Content-Type: application/jsonBody
{
"data": {
"creator_source_id": 5,
"errors": {
"value": [
"The value field is required."
]
}
}
}Response
401Access denied.
Response
404Object not found.
DeleteDELETE/adversaries/{adversary_id}/indicators/{object_link_id}/comments/{object_link_comment_id}
Delete an Adversary Indicator link Comment.
Example URI
DELETE /adversaries/1/indicators/2/comments/3
URI Parameters
- adversary_id
integer(required) Example: 1Adversary ID
- object_link_id
integer(required) Example: 2Object Link ID
- object_link_comment_id
integer(required) Example: 3Object Link Comment ID
Request
Headers
Authorization: Bearer <access_token>Response
204Object(s) were successfully deleted.
Response
401Access denied.
Response
404Object not found.
Adversary Investigations List ¶
Get ListGET/adversaries/{adversary_id}/investigations{?limit,offset,sort,with}
Get a list of Adversary Investigation links.
Example URI
GET /adversaries/1/investigations?limit=500&offset=100&sort=id&with=sources,pivot.attributes
URI Parameters
- adversary_id
integer(required) Example: 1Adversary ID
- limit
integer(optional) Example: 500The maximum number of records to retrieve.
- offset
integer(optional) Example: 100Designate the record that will appear first in your retrieved list.
- sort
string(optional) Example: idDesignate the field(s) you want to use to sort the retrieved list. You can prepend each field with a minus sign (-) to reverse the sorting order. This string can be a list of comma-separated values.
- with
string(optional) Example: sources,pivot.attributesA comma-separated list of related objects to include in the response. Options for this endpoint: pivot.comments, pivot.comments.sources, pivot.attributes, pivot.attributes.attribute, pivot.attributes.sources, pivot.sources, sources.
Request
Headers
Authorization: Bearer <access_token>Response
200Object(s) retrieved successfully.
Body
{
"total": 2,
"data": [
{
"id": 1,
"name": "Investigation 1",
"user_id": 1,
"status_id": 2,
"priority_id": 2,
"last_updated_by": 1,
"visible": 1,
"data": "{\"data\": \"This is Investigation data.\", \"data1\": \"more data\"}",
"description": "WTF",
"created_at": "2018-01-31 23:35:59",
"updated_at": "2018-02-05 01:48:53",
"sources": [
{
"name": "Customer Observer"
}
],
"pivot": {
"id": 62324,
"src_type": "adversary",
"src_object_id": 1,
"dest_type": "investigation",
"dest_object_id": 2,
"created_at": "2018-04-02 16:16:38",
"updated_at": "2018-04-02 16:16:38",
"comments": [
{
"id": 54,
"type": "users",
"value": "This link is important.",
"source": "Threat Quotient",
"created_at": "2018-04-02 16:19:51.184000",
"updated_at": "2018-04-02 16:23:40.426000",
"creator_source_id": 8
}
],
"attributes": [
{
"id": 15066,
"name": "Industry",
"value": "Hospitals",
"sources": [
{
"id": 2,
"name": "Threat Quotient",
"type": "users",
"pivot": {
"created_at": "2018-04-02 16:17:00.689000",
"updated_at": "2018-04-02 16:17:00.689000"
}
}
]
}
],
"sources": [
{
"id": 24424,
"name": "Threat Quotient",
"type": "users",
"pivot": {
"created_at": "2018-04-02 16:16:38.663000",
"updated_at": "2018-04-02 16:16:38.663000"
}
}
]
}
},
{
"id": 2,
"name": "Investigation 2",
"user_id": 1,
"status_id": 2,
"priority_id": 2,
"last_updated_by": 1,
"visible": 1,
"data": "{\"data\": \"This is Investigation data.\", \"data1\": \"more data\"}",
"description": "WTF",
"created_at": "2018-01-31 23:35:59",
"updated_at": "2018-02-05 01:48:53",
"sources": [
{
"name": "Customer Observer"
}
],
"pivot": {
"id": 62324,
"src_type": "adversary",
"src_object_id": 2,
"dest_type": "investigation",
"dest_object_id": 2,
"created_at": "2018-04-02 16:16:38",
"updated_at": "2018-04-02 16:16:38",
"comments": [
{
"id": 54,
"type": "users",
"value": "This link is also important.",
"source": "Threat Quotient",
"created_at": "2018-04-02 16:19:51.184000",
"updated_at": "2018-04-02 16:23:40.426000",
"creator_source_id": 8
}
],
"attributes": [
{
"id": 15066,
"name": "Industry",
"value": "Universities",
"sources": [
{
"id": 2,
"name": "Threat Quotient",
"type": "users",
"pivot": {
"created_at": "2018-04-02 16:17:00.689000",
"updated_at": "2018-04-02 16:17:00.689000"
}
}
]
}
],
"sources": [
{
"id": 24424,
"name": "Threat Quotient",
"type": "users",
"pivot": {
"created_at": "2018-04-02 16:16:38.663000",
"updated_at": "2018-04-02 16:16:38.663000"
}
}
]
}
}
],
"limit": 100,
"offset": 0
}Response
401Access denied.
Create NewPOST/adversaries/{adversary_id}/investigations
Create a link from an Adversary to an Investigation.
Example URI
POST /adversaries/1/investigations
URI Parameters
- adversary_id
integer(required) Example: 1Adversary ID
Request
Headers
Content-Type: application/json
Authorization: Bearer <access_token>Body
[
{
"id": 2
},
{
"id": 3
}
]Response
201Object was created successfully.
Headers
Content-Type: application/jsonBody
{
"total": 1,
"data": [
{
"id": 2,
"name": "Investigation 2",
"user_id": 1,
"status_id": 2,
"priority_id": 2,
"last_updated_by": 1,
"visible": 1,
"data": "{\"data\": \"This is Investigation data.\", \"data1\": \"more data\"}",
"description": "This is an important investigation.",
"created_at": "2018-01-31 23:35:59",
"updated_at": "2018-02-05 01:48:53",
"pivot": {
"id": 62317,
"created_at": "2018-02-05 15:06:27",
"updated_at": "2018-02-05 15:06:27"
}
},
{
"id": 3,
"name": "Investigation 3",
"user_id": 1,
"status_id": 2,
"priority_id": 2,
"last_updated_by": 1,
"visible": 1,
"data": "{\"data\": \"This is Investigation data.\", \"data1\": \"more data\"}",
"description": "This is an important investigation.",
"created_at": "2018-01-31 23:35:59",
"updated_at": "2018-02-05 01:48:53",
"pivot": {
"id": 62318,
"created_at": "2018-02-05 15:06:27",
"updated_at": "2018-02-05 15:06:27"
}
}
]
}Response
400Validation failed.
Headers
Content-Type: application/jsonBody
{
"data": [
{
"errors": {
"id": [
"The id field is required."
]
}
}
]
}Response
401Access denied.
Bulk DeleteDELETE/adversaries/{adversary_id}/investigations
Delete multiple Adversary Investigation links. The request should include a list of object_link_ids to be deleted.
Example URI
DELETE /adversaries/1/investigations
URI Parameters
- adversary_id
integer(required) Example: 1Adversary ID
Request
Headers
Content-Type: application/json
Authorization: Bearer <access_token>Body
[
62351,
62352
]Response
204Object(s) were successfully deleted.
Response
401Access denied.
Adversary Investigation ¶
Get SingleGET/adversaries/{adversary_id}/investigations/{object_link_id}{?with}
Get a single Adversary Investigation link.
Example URI
GET /adversaries/1/investigations/2?with=sources,pivot.attributes
URI Parameters
- adversary_id
integer(required) Example: 1Adversary ID
- object_link_id
integer(required) Example: 2Object Link ID
- with
string(optional) Example: sources,pivot.attributesA comma-separated list of related objects to include in the response. Options for this endpoint: pivot.comments, pivot.comments.sources, pivot.attributes, pivot.attributes.attribute, pivot.attributes.sources, pivot.sources, sources.
Request
Headers
Authorization: Bearer <access_token>Response
200Object(s) retrieved successfully.
Body
{
"data": {
"id": 1,
"name": "Investigation 1",
"user_id": 1,
"status_id": 2,
"priority_id": 2,
"last_updated_by": 1,
"visible": 1,
"data": "{\"data\": \"This is Investigation data.\", \"data1\": \"more data\"}",
"description": "WTF",
"created_at": "2018-01-31 23:35:59",
"updated_at": "2018-02-05 01:48:53",
"sources": [
{
"name": "Customer Observer"
}
],
"pivot": {
"id": 62324,
"src_type": "adversary",
"src_object_id": 1,
"dest_type": "investigation",
"dest_object_id": 2,
"created_at": "2018-04-02 16:16:38",
"updated_at": "2018-04-02 16:16:38",
"comments": [
{
"id": 54,
"type": "users",
"value": "This link is important.",
"source": "Threat Quotient",
"created_at": "2018-04-02 16:19:51.184000",
"updated_at": "2018-04-02 16:23:40.426000",
"creator_source_id": 8
}
],
"attributes": [
{
"id": 15066,
"name": "Industry",
"value": "Hospitals",
"sources": [
{
"id": 2,
"name": "Threat Quotient",
"type": "users",
"pivot": {
"created_at": "2018-04-02 16:17:00.689000",
"updated_at": "2018-04-02 16:17:00.689000"
}
}
]
}
],
"sources": [
{
"id": 24424,
"name": "Threat Quotient",
"type": "users",
"pivot": {
"created_at": "2018-04-02 16:16:38.663000",
"updated_at": "2018-04-02 16:16:38.663000"
}
}
]
}
}
}Response
401Access denied.
Response
404Object not found.
DeleteDELETE/adversaries/{adversary_id}/investigations/{object_link_id}
Delete an Adversary Investigation link.
Example URI
DELETE /adversaries/1/investigations/2
URI Parameters
- adversary_id
integer(required) Example: 1Adversary ID
- object_link_id
integer(required) Example: 2Object Link ID
Request
Headers
Authorization: Bearer <access_token>Response
204Object(s) were successfully deleted.
Response
401Access denied.
Response
404Object not found.
Adversary Investigation Attributes List ¶
Get ListGET/adversaries/{adversary_id}/investigations/{object_link_id}/attributes{?limit,offset,sort}
Get a list of Adversary Investigation link Attributes.
Example URI
GET /adversaries/1/investigations/2/attributes?limit=500&offset=100&sort=id
URI Parameters
- adversary_id
integer(required) Example: 1Adversary ID
- object_link_id
integer(required) Example: 2Object Link ID
- limit
integer(optional) Example: 500The maximum number of records to retrieve.
- offset
integer(optional) Example: 100Designate the record that will appear first in your retrieved list.
- sort
string(optional) Example: idDesignate the field(s) you want to use to sort the retrieved list. You can prepend each field with a minus sign (-) to reverse the sorting order. This string can be a list of comma-separated values.
Request
Headers
Authorization: Bearer <access_token>Response
200Object(s) retrieved successfully.
Body
{
"total": 2,
"data": [
{
"id": 15067,
"object_link_id": 62326,
"attribute_id": 136,
"value": "Universities",
"created_at": "2018-04-02 17:46:43",
"updated_at": "2018-04-02 17:50:18",
"name": "Industry",
"attribute": {
"id": 136,
"name": "Industry",
"created_at": "2018-04-02 16:25:21",
"updated_at": "2018-04-02 16:25:21"
}
},
{
"id": 15068,
"object_link_id": 62326,
"attribute_id": 136,
"value": "Mining",
"created_at": "2018-04-02 17:52:14",
"updated_at": "2018-04-02 17:52:14",
"name": "Industry",
"attribute": {
"id": 136,
"name": "Industry",
"created_at": "2018-04-02 16:25:21",
"updated_at": "2018-04-02 16:25:21"
}
}
]
}Response
401Access denied.
Create NewPOST/adversaries/{adversary_id}/investigations/{object_link_id}/attributes
Create a new Adversary Investigation link Attribute.
Example URI
POST /adversaries/1/investigations/2/attributes
URI Parameters
- adversary_id
integer(required) Example: 1Adversary ID
- object_link_id
integer(required) Example: 2Object Link ID
Request
Headers
Content-Type: application/json
Authorization: Bearer <access_token>Body
{
"name": "Port",
"value": "4000",
"sources": [
{
"name": "TQ User",
"tlp": {
"name": "RED"
},
"published_at": "2017-02-28 01:01:01"
}
]
}Response
201Object was created successfully.
Headers
Content-Type: application/jsonBody
{
"data": [
{
"id": 15059,
"object_link_id": 61561,
"attribute_id": 401,
"value": "4000",
"created_at": "2017-03-01 21:47:14",
"updated_at": "2017-03-01 21:47:14",
"deleted_at": null
}
]
}Response
400Validation failed.
Headers
Content-Type: application/jsonBody
{
"errors": [
"Undefined index: value"
]
}Response
401Access denied.
Adversary Investigation Attribute ¶
Get SingleGET/adversaries/{adversary_id}/investigations/{object_link_id}/attributes/{object_link_attribute_id}
Get a single Adversary Investigation link Attribute.
Example URI
GET /adversaries/1/investigations/2/attributes/3
URI Parameters
- adversary_id
integer(required) Example: 1Adversary ID
- object_link_id
integer(required) Example: 2Object Link ID
- object_link_attribute_id
integer(required) Example: 3Object Link Attribute ID
Request
Headers
Authorization: Bearer <access_token>Response
200Object(s) retrieved successfully.
Body
{
"data": {
"id": 15068,
"object_link_id": 62326,
"attribute_id": 136,
"value": "Mining",
"created_at": "2018-04-02 17:52:14",
"updated_at": "2018-04-02 17:52:14",
"name": "Industry",
"attribute": {
"id": 136,
"name": "Industry",
"created_at": "2018-04-02 16:25:21",
"updated_at": "2018-04-02 16:25:21"
}
}
}Response
401Access denied.
Response
404Object not found.
UpdatePUT/adversaries/{adversary_id}/investigations/{object_link_id}/attributes/{object_link_attribute_id}
Update an Adversary Investigation link Attribute.
Example URI
PUT /adversaries/1/investigations/2/attributes/3
URI Parameters
- adversary_id
integer(required) Example: 1Adversary ID
- object_link_id
integer(required) Example: 2Object Link ID
- object_link_attribute_id
integer(required) Example: 3Object Link Attribute ID
Request
Headers
Content-Type: application/json
Authorization: Bearer <access_token>Body
{
"value": "New Value",
"tlp": {
"name": "RED"
}
}Response
200Object(s) retrieved successfully.
Body
{
"data": [
{
"id": 15058,
"object_link_id": 61561,
"attribute_id": 14,
"value": "New Value",
"created_at": "2017-01-24 14:54:31",
"updated_at": "2017-03-01 22:13:22",
"deleted_at": null
}
]
}Response
400Validation failed.
Headers
Content-Type: application/jsonBody
{
"errors": [
"Undefined index: value"
]
}Response
401Access denied.
Response
404Object not found.
DeleteDELETE/adversaries/{adversary_id}/investigations/{object_link_id}/attributes/{object_link_attribute_id}
Delete an Adversary Investigation link Attribute.
Example URI
DELETE /adversaries/1/investigations/2/attributes/3
URI Parameters
- adversary_id
integer(required) Example: 1Adversary ID
- object_link_id
integer(required) Example: 2Object Link ID
- object_link_attribute_id
integer(required) Example: 3Object Link Attribute ID
Request
Headers
Authorization: Bearer <access_token>Response
204Object(s) were successfully deleted.
Response
401Access denied.
Response
404Object not found.
Adversary Investigation Comments List ¶
Get ListGET/adversaries/{adversary_id}/investigations/{object_link_id}/comments{?limit,offset,sort,with}
Get a list of Adversary Investigation link Comments.
Example URI
GET /adversaries/1/investigations/2/comments?limit=500&offset=100&sort=id&with=sources
URI Parameters
- adversary_id
integer(required) Example: 1Adversary ID
- object_link_id
integer(required) Example: 2Object Link ID
- limit
integer(optional) Example: 500The maximum number of records to retrieve.
- offset
integer(optional) Example: 100Designate the record that will appear first in your retrieved list.
- sort
string(optional) Example: idDesignate the field(s) you want to use to sort the retrieved list. You can prepend each field with a minus sign (-) to reverse the sorting order. This string can be a list of comma-separated values.
- with
string(optional) Example: sourcesA comma-separated list of related objects to include in the response. Options for this endpoint: sources.
Request
Headers
Authorization: Bearer <access_token>Response
200Object(s) retrieved successfully.
Body
{
"total": 2,
"data": [
{
"id": 54,
"object_link_id": 62325,
"value": "This has some suspicious stuff.",
"creator_source_id": 8,
"created_at": "2018-04-02 16:19:51",
"updated_at": "2018-04-02 18:21:06",
"sources": [
{
"id": 8,
"type": "users",
"name": "Threat Quotient",
"expire_days": null,
"score": null,
"created_at": "2018-04-02 15:47:21",
"updated_at": "2018-04-02 15:47:21",
"pivot": {
"id": 54,
"creator_source_id": 8
}
}
]
},
{
"id": 56,
"object_link_id": 62325,
"value": "Compile date: 10/17/2011",
"creator_source_id": 8,
"created_at": "2018-04-02 16:20:25",
"updated_at": "2018-04-02 16:20:25",
"sources": [
{
"id": 8,
"type": "users",
"name": "Threat Quotient",
"expire_days": null,
"score": null,
"created_at": "2018-04-02 15:47:21",
"updated_at": "2018-04-02 15:47:21",
"pivot": {
"id": 56,
"creator_source_id": 8
}
}
]
}
]
}Response
401Access denied.
Create NewPOST/adversaries/{adversary_id}/investigations/{object_link_id}/comments
Create a new Adversary Investigation link Comment.
Example URI
POST /adversaries/1/investigations/2/comments
URI Parameters
- adversary_id
integer(required) Example: 1Adversary ID
- object_link_id
integer(required) Example: 2Object Link ID
Request
Headers
Content-Type: application/json
Authorization: Bearer <access_token>Body
{
"value": "This is a comment."
}Response
201Object was created successfully.
Headers
Content-Type: application/jsonBody
{
"data": {
"creator_source_id": 5,
"id": 69,
"value": "This is a comment.",
"sources": [
{
"id": 5,
"name": "Threat Quotient"
}
],
"created_at": "2017-03-02 14:12:32",
"updated_at": "2017-03-02 14:12:32"
}
}Response
400Validation failed.
Headers
Content-Type: application/jsonBody
{
"errors": [
"Undefined index: value"
]
}Response
401Access denied.
Adversary Investigation Comment ¶
Get SingleGET/adversaries/{adversary_id}/investigations/{object_link_id}/comments/{object_link_comment_id}
Get a single Adversary Investigation link Comment.
Example URI
GET /adversaries/1/investigations/2/comments/3
URI Parameters
- adversary_id
integer(required) Example: 1Adversary ID
- object_link_id
integer(required) Example: 2Object Link ID
- object_link_comment_id
integer(required) Example: 3Object Link Comment ID
Request
Headers
Authorization: Bearer <access_token>Response
200Object(s) retrieved successfully.
Body
{
"data": {
"id": 54,
"value": "This is a comment.",
"sources": [
{
"id": 5,
"name": "Threat Quotient"
}
],
"created_at": "2017-03-02 23:18:29",
"updated_at": "2017-03-02 23:18:29"
}
}Response
401Access denied.
Response
404Object not found.
UpdatePUT/adversaries/{adversary_id}/investigations/{object_link_id}/comments/{object_link_comment_id}
Update an Adversary Investigation link Comment.
Example URI
PUT /adversaries/1/investigations/2/comments/3
URI Parameters
- adversary_id
integer(required) Example: 1Adversary ID
- object_link_id
integer(required) Example: 2Object Link ID
- object_link_comment_id
integer(required) Example: 3Object Link Comment ID
Request
Headers
Content-Type: application/json
Authorization: Bearer <access_token>Body
{
"value": "This is an updated comment."
}Response
201Object was created successfully.
Headers
Content-Type: application/jsonBody
{
"data": {
"creator_source_id": 5,
"value": "This is an updated comment.",
"id": 67,
"sources": [
{
"id": 5,
"name": "Threat Quotient"
}
],
"created_at": "2017-02-28 20:18:50",
"updated_at": "2017-03-02 14:37:49"
}
}Response
400Validation failed.
Headers
Content-Type: application/jsonBody
{
"data": {
"creator_source_id": 5,
"errors": {
"value": [
"The value field is required."
]
}
}
}Response
401Access denied.
Response
404Object not found.
DeleteDELETE/adversaries/{adversary_id}/investigations/{object_link_id}/comments/{object_link_comment_id}
Delete an Adversary Investigation link Comment.
Example URI
DELETE /adversaries/1/investigations/2/comments/3
URI Parameters
- adversary_id
integer(required) Example: 1Adversary ID
- object_link_id
integer(required) Example: 2Object Link ID
- object_link_comment_id
integer(required) Example: 3Object Link Comment ID
Request
Headers
Authorization: Bearer <access_token>Response
204Object(s) were successfully deleted.
Response
401Access denied.
Response
404Object not found.
Adversary Search ¶
Adversary SearchPOST/adversaries/query{?limit,offset,sort}
Search the Threat Library for Adversaries using criteria and filters.
Criteria and filters should be formatted in the convention of SOLR query structures.
Criteria Options: mentions, name
Filter Options: created_at, updated_at, expires_at, published_at, source_name, source_created_at, related, tags, attribute
Example URI
POST /adversaries/query?limit=500&offset=100&sort=id
URI Parameters
- limit
integer(optional) Example: 500The maximum number of records to retrieve.
- offset
integer(optional) Example: 100Designate the record that will appear first in your retrieved list.
- sort
string(optional) Example: idDesignate the field(s) you want to use to sort the retrieved list. You can prepend each field with a minus sign (-) to reverse the sorting order. This string can be a list of comma-separated values.
Request
Headers
Content-Type: application/json
Authorization: Bearer <access_token>Body
{
"criteria": {
"+or": [
{
"mentions": "bear"
},
{
"name": {
"+contains": "bad"
}
}
]
},
"filters": {
"+and": [
{
"created_at": {
"+lt": "2021-01-27 22:35:00"
}
},
{
"+or": [
{
"expires_at": {
"+gt": "2021-01-26 23:59:59",
"+lt": "2021-01-28 00:00:00"
}
},
{
"expired_at": {
"+gt": "2021-01-26 23:59:59",
"+lt": "2021-01-28 00:00:00"
}
}
]
},
{
"+or": [
{
"+and": [
{
"source_name": "Customer Admin"
},
{
"published_at": {
"+lt": "2021-01-27 22:50:00"
}
}
]
}
]
},
{
"+or": [
{
"related": {
"id": 1,
"type": "indicator"
}
}
]
},
{
"+or": [
{
"related": {
"object": "adversary"
}
}
]
},
{
"+or": [
{
"source_name": "Primary Contributor"
}
]
},
{
"+or": [
{
"tags": "Internal"
}
]
},
{
"updated_at": {
"+lt": "2021-01-27 22:51:00"
}
},
{
"+or": [
{
"+and": [
{
"source_name": "Primary Contributor"
},
{
"source_created_at": {
"+lt": "2021-01-27 22:50:00"
}
}
]
}
]
}
],
"+or": [
{
"attribute": {
"name": "Confidence",
"value": "High"
}
}
]
}
}Response
200Object(s) retrieved successfully.
Body
{
"total": 2,
"data": [
{
"touched_at": "2021-01-27 19:55:23",
"updated_at": "2021-01-27 09:58:51",
"published_at": "2021-01-27 09:58:51",
"created_at": "2021-01-27 09:58:51",
"id": 174,
"name": "VENOMOUS BEAR",
"sources": [
{
"updated_at": "2021-01-27 19:55:23",
"source_id": 1,
"type": "clients",
"creator_source_id": 1,
"adversary_id": 174,
"created_at": "2020-11-18 03:02:26",
"id": 345,
"reference_id": 1,
"published_at": "2020-11-18 03:02:26",
"name": "ThreatQ System"
}
]
},
{
"touched_at": "2021-01-27 19:55:23",
"updated_at": "2021-01-17 12:05:24",
"published_at": "2021-01-17 12:05:24",
"created_at": "2021-01-17 12:05:24",
"id": 11,
"name": "BERSERK BEAR",
"sources": [
{
"updated_at": "2021-01-27 19:55:23",
"source_id": 1,
"type": "clients",
"creator_source_id": 1,
"adversary_id": 11,
"created_at": "2020-12-17 04:54:18",
"id": 20,
"reference_id": 1,
"published_at": "2020-12-17 04:54:18",
"name": "ThreatQ System"
},
{
"updated_at": "2021-01-27 19:55:23",
"source_id": 6,
"type": "users",
"creator_source_id": 6,
"adversary_id": 11,
"created_at": "2020-11-17 07:54:33",
"id": 21,
"reference_id": 2,
"published_at": "2020-11-17 07:54:33",
"name": "Threat Quotient Feeds"
}
]
}
],
"offset": 0,
"limit": 25
}Response
401Access denied.
Adversary Signatures List ¶
Get ListGET/adversaries/{adversary_id}/signatures{?limit,offset,sort,with}
Get a list of Adversary Signature links.
Example URI
GET /adversaries/1/signatures?limit=500&offset=100&sort=id&with=sources,pivot.attributes
URI Parameters
- adversary_id
integer(required) Example: 1Adversary ID
- limit
integer(optional) Example: 500The maximum number of records to retrieve.
- offset
integer(optional) Example: 100Designate the record that will appear first in your retrieved list.
- sort
string(optional) Example: idDesignate the field(s) you want to use to sort the retrieved list. You can prepend each field with a minus sign (-) to reverse the sorting order. This string can be a list of comma-separated values.
- with
string(optional) Example: sources,pivot.attributesA comma-separated list of related objects to include in the response. Options for this endpoint: pivot.comments, pivot.comments.sources, pivot.attributes, pivot.attributes.attribute, pivot.attributes.sources, pivot.sources, sources.
Request
Headers
Authorization: Bearer <access_token>Response
200Object(s) retrieved successfully.
Body
{
"total": 2,
"data": [
{
"id": 2,
"name": "ET EXPLOIT Borland VisiBroker Smart Agent Heap Overflow (2007937:4)",
"description": "",
"hash": "8cf2e60aeb0b7ed9874f2ed379b3f42d",
"value": "alert udp $EXTERNAL_NET any -> $HOME_NET 14000 (msg:\"ET EXPLOIT Borland VisiBroker Smart Agent Heap Overflow\"; content:\"|44 53 52 65 71 75 65 73 74|\"; pcre:\"/[0-9a-zA-Z]{50}/R\"; reference:bugtraq,28084; reference:url,aluigi.altervista.org/adv/visibroken-adv.txt; reference:url,doc.emergingthreats.net/bin/view/Main/2007937; classtype:successful-dos; sid:2007937; rev:4;)",
"status_id": 3,
"type_id": 6,
"last_detected_at": null,
"created_at": "2018-04-04 19:30:18",
"updated_at": "2018-04-04 19:30:18",
"touched_at": "2018-04-04 23:02:46",
"deleted_at": null,
"sources": [
{
"name": "Threat Quotient"
}
],
"pivot": {
"id": 62261,
"src_type": "signature",
"src_object_id": 2,
"dest_type": "adversary",
"dest_object_id": 1,
"created_at": "2018-04-04 19:30:18",
"updated_at": "2018-04-04 19:30:18",
"comments": [
{
"id": 57,
"type": "users",
"value": "This link is important.",
"created_at": "2018-04-04 23:16:40.155000",
"updated_at": "2018-04-04 23:18:42.648000",
"creator_source_id": 8,
"sources": [
{
"id": 8,
"name": "Threat Quotient"
}
]
}
],
"attributes": [
{
"id": 15080,
"name": "Industry",
"value": "Universities",
"sources": [
{
"id": 3,
"name": "Threat Quotient",
"type": "users",
"pivot": {
"created_at": "0000-00-00 00:00:00",
"updated_at": "0000-00-00 00:00:00"
}
}
]
}
],
"sources": [
{
"id": 24298,
"name": "Threat Quotient",
"type": "users",
"pivot": {
"created_at": "2018-04-04 23:02:46.740000",
"updated_at": "2018-04-04 23:02:46.740000"
}
}
]
}
},
{
"id": 1,
"name": "ET EXPLOIT Arkeia full remote access without password or authentication (2001742:9)",
"description": "",
"hash": "737309fe355ef23e1c03a5e98bc364b5",
"value": "alert tcp $EXTERNAL_NET any -> $HOME_NET 617 (msg:\"ET EXPLOIT Arkeia full remote access without password or authentication\"; flow:to_server,established; content:\"|464F3A20596F75206861766520737563|\"; content:\"|6520636C69656E7420696E666F726D61|\"; reference:url,metasploit.com/research/vulns/arkeia_agent; reference:url,doc.emergingthreats.net/bin/view/Main/2001742; classtype:attempted-admin; sid:2001742; rev:9;)",
"status_id": 3,
"type_id": 6,
"last_detected_at": null,
"created_at": "2018-04-04 19:30:18",
"updated_at": "2018-04-04 19:30:18",
"touched_at": "2018-04-04 23:03:35",
"deleted_at": null,
"sources": [
{
"name": "Threat Quotient"
}
],
"pivot": {
"id": 62262,
"src_type": "signature",
"src_object_id": 1,
"dest_type": "adversary",
"dest_object_id": 1,
"created_at": "2018-04-04 19:30:18",
"updated_at": "2018-04-04 19:30:18",
"comments": [
{
"id": 58,
"type": "users",
"value": "This link is also important.",
"created_at": "2018-04-04 23:16:58.817000",
"updated_at": "2018-04-04 23:16:58.817000",
"creator_source_id": 8,
"sources": [
{
"id": 8,
"name": "Threat Quotient"
}
]
}
],
"attributes": [
{
"id": 15081,
"name": "Industry",
"value": "Mining",
"sources": [
{
"id": 4,
"name": "Threat Quotient",
"type": "users",
"pivot": {
"created_at": "0000-00-00 00:00:00",
"updated_at": "0000-00-00 00:00:00"
}
}
]
}
],
"sources": [
{
"id": 24300,
"name": "Threat Quotient",
"type": "users",
"pivot": {
"created_at": "2018-04-04 23:03:35.975000",
"updated_at": "2018-04-04 23:03:35.975000"
}
}
]
}
}
],
"limit": 100,
"offset": 0
}Response
401Access denied.
Create NewPOST/adversaries/{adversary_id}/signatures
Create a link from a Signature to an Adversary.
Example URI
POST /adversaries/1/signatures
URI Parameters
- adversary_id
integer(required) Example: 1Adversary ID
Request
Headers
Content-Type: application/json
Authorization: Bearer <access_token>Body
[
{
"id": 2
},
{
"id": 3
}
]Response
201Object was created successfully.
Headers
Content-Type: application/jsonBody
{
"total": 1,
"data": [
{
"id": 202,
"name": "ET EXPLOIT Possible CVE-2014-3704 Drupal SQLi attempt URLENCODE 27 (2019448:1)",
"description": "",
"hash": "32eb2da7b59c7e85fbeec98f90adaf2d",
"value": "alert tcp any any -> $HTTP_SERVERS $HTTP_PORTS (msg:\"ET EXPLOIT Possible CVE-2014-3704 Drupal SQLi attempt URLENCODE 27\"; flow:established,to_server; content:\"%6e%61m%65[\"; nocase; fast_pattern:only; http_client_body; pcre:\"/(?:^|&|Content-Disposition[\\x3a][^\\n]*?name\\s*?=\\s*?[\\x22\\x27])\\%6e\\%61m\\%65\\[[^\\x5d]*?\\W/Pi\"; reference:url,pastebin.com/F2Dk9LbX; classtype:web-application-attack; sid:2019448; rev:1;)",
"status_id": 4,
"type_id": 1,
"last_detected_at": null,
"created_at": "2017-03-02 16:34:40",
"updated_at": "2017-03-02 16:34:40",
"touched_at": "2017-03-02 16:34:41",
"pivot": {
"id": 62337,
"created_at": "2017-03-02 16:43:29",
"updated_at": "2017-03-02 16:43:29"
}
}
]
}Response
400Validation failed.
Headers
Content-Type: application/jsonBody
{
"data": [
{
"errors": {
"id": [
"The id field is required."
]
}
}
]
}Response
401Access denied.
Bulk DeleteDELETE/adversaries/{adversary_id}/signatures
Delete multiple Adversary Signature links. The request should include a list of object_link_ids to be deleted.
Example URI
DELETE /adversaries/1/signatures
URI Parameters
- adversary_id
integer(required) Example: 1Adversary ID
Request
Headers
Content-Type: application/json
Authorization: Bearer <access_token>Body
[
62351,
62352
]Response
204Object(s) were successfully deleted.
Response
401Access denied.
Adversary Signature ¶
Get SingleGET/adversaries/{adversary_id}/signatures/{object_link_id}{?with}
Get a single Adversary Signature link.
Example URI
GET /adversaries/1/signatures/2?with=sources,pivot.attributes
URI Parameters
- adversary_id
integer(required) Example: 1Adversary ID
- object_link_id
integer(required) Example: 2Object Link ID
- with
string(optional) Example: sources,pivot.attributesA comma-separated list of related objects to include in the response. Options for this endpoint: pivot.comments, pivot.comments.sources, pivot.attributes, pivot.attributes.attribute, pivot.attributes.sources, pivot.sources, sources.
Request
Headers
Authorization: Bearer <access_token>Response
200Object(s) retrieved successfully.
Body
{
"data": {
"id": 2,
"name": "ET EXPLOIT Borland VisiBroker Smart Agent Heap Overflow (2007937:4)",
"description": "",
"hash": "8cf2e60aeb0b7ed9874f2ed379b3f42d",
"value": "alert udp $EXTERNAL_NET any -> $HOME_NET 14000 (msg:\"ET EXPLOIT Borland VisiBroker Smart Agent Heap Overflow\"; content:\"|44 53 52 65 71 75 65 73 74|\"; pcre:\"/[0-9a-zA-Z]{50}/R\"; reference:bugtraq,28084; reference:url,aluigi.altervista.org/adv/visibroken-adv.txt; reference:url,doc.emergingthreats.net/bin/view/Main/2007937; classtype:successful-dos; sid:2007937; rev:4;)",
"status_id": 3,
"type_id": 6,
"last_detected_at": null,
"created_at": "2018-04-04 19:30:18",
"updated_at": "2018-04-04 19:30:18",
"touched_at": "2018-04-04 23:02:46",
"pivot": {
"id": 62261,
"created_at": "2018-04-04 23:02:46",
"updated_at": "2018-04-04 23:02:46",
"comments": [
{
"id": 57,
"object_link_id": 62261,
"value": "This link is important.",
"creator_source_id": 8,
"created_at": "2018-04-04 23:16:40",
"updated_at": "2018-04-04 23:18:42",
"sources": [
{
"id": 8,
"type": "users",
"name": "Threat Quotient",
"expire_days": null,
"score": null,
"created_at": "2018-04-04 19:28:33",
"updated_at": "2018-04-04 19:28:33",
"pivot": {
"id": 57,
"creator_source_id": 8
}
}
]
}
],
"attributes": [
{
"id": 15080,
"object_link_id": 62261,
"attribute_id": 135,
"value": "Universities",
"created_at": "2018-04-04 23:09:28",
"updated_at": "2018-04-04 23:09:28",
"name": "Industry",
"attribute": {
"id": 135,
"name": "Industry",
"created_at": "2018-04-04 20:01:00",
"updated_at": "2018-04-04 20:01:00"
},
"sources": [
{
"id": 8,
"type": "users",
"name": "Threat Quotient",
"tlp_id": null,
"created_at": "-0001-11-30 00:00:00",
"updated_at": "-0001-11-30 00:00:00",
"published_at": null,
"pivot": {
"object_link_attribute_id": 15080,
"source_id": 8,
"id": 3,
"creator_source_id": 0
}
}
]
}
],
"sources": [
{
"id": 8,
"type": "users",
"name": "Threat Quotient",
"tlp_id": null,
"created_at": "2018-04-04 23:02:46",
"updated_at": "2018-04-04 23:02:46",
"published_at": null,
"pivot": {
"object_link_id": 62261,
"source_id": 8,
"id": 24298,
"creator_source_id": 8
}
}
]
},
"sources": [
{
"id": 8,
"type": "users",
"name": "Threat Quotient",
"tlp_id": null,
"created_at": "2018-04-04 19:30:18",
"updated_at": "2018-04-04 19:30:18",
"published_at": null,
"pivot": {
"signature_id": 2,
"source_id": 8,
"id": 2,
"creator_source_id": 8
}
}
]
}
}Response
401Access denied.
Response
404Object not found.
DeleteDELETE/adversaries/{adversary_id}/signatures/{object_link_id}
Delete an Adversary Signature link.
Example URI
DELETE /adversaries/1/signatures/2
URI Parameters
- adversary_id
integer(required) Example: 1Adversary ID
- object_link_id
integer(required) Example: 2Object Link ID
Request
Headers
Authorization: Bearer <access_token>Response
204Object(s) were successfully deleted.
Response
401Access denied.
Response
404Object not found.
Adversary Signature Attributes List ¶
Get ListGET/adversaries/{adversary_id}/signatures/{object_link_id}/attributes{?limit,offset,sort}
Get a list of Adversary Signature link Attributes.
Example URI
GET /adversaries/1/signatures/2/attributes?limit=500&offset=100&sort=id
URI Parameters
- adversary_id
integer(required) Example: 1Adversary ID
- object_link_id
integer(required) Example: 2Object Link ID
- limit
integer(optional) Example: 500The maximum number of records to retrieve.
- offset
integer(optional) Example: 100Designate the record that will appear first in your retrieved list.
- sort
string(optional) Example: idDesignate the field(s) you want to use to sort the retrieved list. You can prepend each field with a minus sign (-) to reverse the sorting order. This string can be a list of comma-separated values.
Request
Headers
Authorization: Bearer <access_token>Response
200Object(s) retrieved successfully.
Body
{
"total": 2,
"data": [
{
"id": 15067,
"object_link_id": 62326,
"attribute_id": 136,
"value": "Universities",
"created_at": "2018-04-02 17:46:43",
"updated_at": "2018-04-02 17:50:18",
"name": "Industry",
"attribute": {
"id": 136,
"name": "Industry",
"created_at": "2018-04-02 16:25:21",
"updated_at": "2018-04-02 16:25:21"
}
},
{
"id": 15068,
"object_link_id": 62326,
"attribute_id": 136,
"value": "Mining",
"created_at": "2018-04-02 17:52:14",
"updated_at": "2018-04-02 17:52:14",
"name": "Industry",
"attribute": {
"id": 136,
"name": "Industry",
"created_at": "2018-04-02 16:25:21",
"updated_at": "2018-04-02 16:25:21"
}
}
]
}Response
401Access denied.
Create NewPOST/adversaries/{adversary_id}/signatures/{object_link_id}/attributes
Create a new Adversary Signature link Attribute.
Example URI
POST /adversaries/1/signatures/2/attributes
URI Parameters
- adversary_id
integer(required) Example: 1Adversary ID
- object_link_id
integer(required) Example: 2Object Link ID
Request
Headers
Content-Type: application/json
Authorization: Bearer <access_token>Body
{
"name": "Port",
"value": "4000",
"sources": [
{
"name": "TQ User",
"tlp": {
"name": "RED"
},
"published_at": "2017-02-28 01:01:01"
}
]
}Response
201Object was created successfully.
Headers
Content-Type: application/jsonBody
{
"data": [
{
"id": 15059,
"object_link_id": 61561,
"attribute_id": 401,
"value": "4000",
"created_at": "2017-03-01 21:47:14",
"updated_at": "2017-03-01 21:47:14",
"deleted_at": null
}
]
}Response
400Validation failed.
Headers
Content-Type: application/jsonBody
{
"errors": [
"Undefined index: value"
]
}Response
401Access denied.
Adversary Signature Attribute ¶
Get SingleGET/adversaries/{adversary_id}/signatures/{object_link_id}/attributes/{object_link_attribute_id}
Get a single Adversary Signature link Attribute.
Example URI
GET /adversaries/1/signatures/2/attributes/3
URI Parameters
- adversary_id
integer(required) Example: 1Adversary ID
- object_link_id
integer(required) Example: 2Object Link ID
- object_link_attribute_id
integer(required) Example: 3Object Link Attribute ID
Request
Headers
Authorization: Bearer <access_token>Response
200Object(s) retrieved successfully.
Body
{
"data": {
"id": 15068,
"object_link_id": 62326,
"attribute_id": 136,
"value": "Mining",
"created_at": "2018-04-02 17:52:14",
"updated_at": "2018-04-02 17:52:14",
"name": "Industry",
"attribute": {
"id": 136,
"name": "Industry",
"created_at": "2018-04-02 16:25:21",
"updated_at": "2018-04-02 16:25:21"
}
}
}Response
401Access denied.
Response
404Object not found.
UpdatePUT/adversaries/{adversary_id}/signatures/{object_link_id}/attributes/{object_link_attribute_id}
Update an Adversary Signature link Attribute.
Example URI
PUT /adversaries/1/signatures/2/attributes/3
URI Parameters
- adversary_id
integer(required) Example: 1Adversary ID
- object_link_id
integer(required) Example: 2Object Link ID
- object_link_attribute_id
integer(required) Example: 3Object Link Attribute ID
Request
Headers
Content-Type: application/json
Authorization: Bearer <access_token>Body
{
"value": "New Value",
"tlp": {
"name": "RED"
}
}Response
200Object(s) retrieved successfully.
Body
{
"data": [
{
"id": 15058,
"object_link_id": 61561,
"attribute_id": 14,
"value": "New Value",
"created_at": "2017-01-24 14:54:31",
"updated_at": "2017-03-01 22:13:22",
"deleted_at": null
}
]
}Response
400Validation failed.
Headers
Content-Type: application/jsonBody
{
"errors": [
"Undefined index: value"
]
}Response
401Access denied.
Response
404Object not found.
DeleteDELETE/adversaries/{adversary_id}/signatures/{object_link_id}/attributes/{object_link_attribute_id}
Delete an Adversary Signature link Attribute.
Example URI
DELETE /adversaries/1/signatures/2/attributes/3
URI Parameters
- adversary_id
integer(required) Example: 1Adversary ID
- object_link_id
integer(required) Example: 2Object Link ID
- object_link_attribute_id
integer(required) Example: 3Object Link Attribute ID
Request
Headers
Authorization: Bearer <access_token>Response
204Object(s) were successfully deleted.
Response
401Access denied.
Response
404Object not found.
Adversary Signature Comments List ¶
Get ListGET/adversaries/{adversary_id}/signatures/{object_link_id}/comments{?limit,offset,sort,with}
Get a list of Adversary Signature link Comments.
Example URI
GET /adversaries/1/signatures/2/comments?limit=500&offset=100&sort=id&with=sources
URI Parameters
- adversary_id
integer(required) Example: 1Adversary ID
- object_link_id
integer(required) Example: 2Object Link ID
- limit
integer(optional) Example: 500The maximum number of records to retrieve.
- offset
integer(optional) Example: 100Designate the record that will appear first in your retrieved list.
- sort
string(optional) Example: idDesignate the field(s) you want to use to sort the retrieved list. You can prepend each field with a minus sign (-) to reverse the sorting order. This string can be a list of comma-separated values.
- with
string(optional) Example: sourcesA comma-separated list of related objects to include in the response. Options for this endpoint: sources.
Request
Headers
Authorization: Bearer <access_token>Response
200Object(s) retrieved successfully.
Body
{
"total": 2,
"data": [
{
"id": 54,
"object_link_id": 62325,
"value": "This has some suspicious stuff.",
"creator_source_id": 8,
"created_at": "2018-04-02 16:19:51",
"updated_at": "2018-04-02 18:21:06",
"sources": [
{
"id": 8,
"type": "users",
"name": "Threat Quotient",
"expire_days": null,
"score": null,
"created_at": "2018-04-02 15:47:21",
"updated_at": "2018-04-02 15:47:21",
"pivot": {
"id": 54,
"creator_source_id": 8
}
}
]
},
{
"id": 56,
"object_link_id": 62325,
"value": "Compile date: 10/17/2011",
"creator_source_id": 8,
"created_at": "2018-04-02 16:20:25",
"updated_at": "2018-04-02 16:20:25",
"sources": [
{
"id": 8,
"type": "users",
"name": "Threat Quotient",
"expire_days": null,
"score": null,
"created_at": "2018-04-02 15:47:21",
"updated_at": "2018-04-02 15:47:21",
"pivot": {
"id": 56,
"creator_source_id": 8
}
}
]
}
]
}Response
401Access denied.
Create NewPOST/adversaries/{adversary_id}/signatures/{object_link_id}/comments
Create a new Adversary Signature link Comment.
Example URI
POST /adversaries/1/signatures/2/comments
URI Parameters
- adversary_id
integer(required) Example: 1Adversary ID
- object_link_id
integer(required) Example: 2Object Link ID
Request
Headers
Content-Type: application/json
Authorization: Bearer <access_token>Body
{
"value": "This is a comment."
}Response
201Object was created successfully.
Headers
Content-Type: application/jsonBody
{
"data": {
"creator_source_id": 5,
"id": 69,
"value": "This is a comment.",
"sources": [
{
"id": 5,
"name": "Threat Quotient"
}
],
"created_at": "2017-03-02 14:12:32",
"updated_at": "2017-03-02 14:12:32"
}
}Response
400Validation failed.
Headers
Content-Type: application/jsonBody
{
"errors": [
"Undefined index: value"
]
}Response
401Access denied.
Adversary Signature Comment ¶
Get SingleGET/adversaries/{adversary_id}/signatures/{object_link_id}/comments/{object_link_comment_id}
Get a single Adversary Signature link Comment.
Example URI
GET /adversaries/1/signatures/2/comments/3
URI Parameters
- adversary_id
integer(required) Example: 1Adversary ID
- object_link_id
integer(required) Example: 2Object Link ID
- object_link_comment_id
integer(required) Example: 3Object Link Comment ID
Request
Headers
Authorization: Bearer <access_token>Response
200Object(s) retrieved successfully.
Body
{
"data": {
"id": 54,
"value": "This is a comment.",
"sources": [
{
"id": 5,
"name": "Threat Quotient"
}
],
"created_at": "2017-03-02 23:18:29",
"updated_at": "2017-03-02 23:18:29"
}
}Response
401Access denied.
Response
404Object not found.
UpdatePUT/adversaries/{adversary_id}/signatures/{object_link_id}/comments/{object_link_comment_id}
Update an Adversary Signature link Comment.
Example URI
PUT /adversaries/1/signatures/2/comments/3
URI Parameters
- adversary_id
integer(required) Example: 1Adversary ID
- object_link_id
integer(required) Example: 2Object Link ID
- object_link_comment_id
integer(required) Example: 3Object Link Comment ID
Request
Headers
Content-Type: application/json
Authorization: Bearer <access_token>Body
{
"value": "This is an updated comment."
}Response
201Object was created successfully.
Headers
Content-Type: application/jsonBody
{
"data": {
"creator_source_id": 5,
"value": "This is an updated comment.",
"id": 67,
"sources": [
{
"id": 5,
"name": "Threat Quotient"
}
],
"created_at": "2017-02-28 20:18:50",
"updated_at": "2017-03-02 14:37:49"
}
}Response
400Validation failed.
Headers
Content-Type: application/jsonBody
{
"data": {
"creator_source_id": 5,
"errors": {
"value": [
"The value field is required."
]
}
}
}Response
401Access denied.
Response
404Object not found.
DeleteDELETE/adversaries/{adversary_id}/signatures/{object_link_id}/comments/{object_link_comment_id}
Delete an Adversary Signature link Comment.
Example URI
DELETE /adversaries/1/signatures/2/comments/3
URI Parameters
- adversary_id
integer(required) Example: 1Adversary ID
- object_link_id
integer(required) Example: 2Object Link ID
- object_link_comment_id
integer(required) Example: 3Object Link Comment ID
Request
Headers
Authorization: Bearer <access_token>Response
204Object(s) were successfully deleted.
Response
401Access denied.
Response
404Object not found.
Adversary Sources List ¶
Get ListGET/adversaries/{adversary_id}/sources{?limit,offset,sort,with}
Get a list of Adversary Sources.
Example URI
GET /adversaries/1/sources?limit=500&offset=100&sort=id&with=adversary,tlp
URI Parameters
- adversary_id
integer(required) Example: 1Adversary ID
- limit
integer(optional) Example: 500The maximum number of records to retrieve.
- offset
integer(optional) Example: 100Designate the record that will appear first in your retrieved list.
- sort
string(optional) Example: idDesignate the field(s) you want to use to sort the retrieved list. You can prepend each field with a minus sign (-) to reverse the sorting order. This string can be a list of comma-separated values.
- with
string(optional) Example: adversary,tlpA comma-separated list of related objects to include in the response. Options for this endpoint: adversary, tlp.
Request
Headers
Authorization: Bearer <access_token>Response
200Object(s) retrieved successfully.
Body
{
"total": 2,
"data": [
{
"id": 366,
"adversary_id": 187,
"source_id": 8,
"creator_source_id": 8,
"tlp_id": 1,
"created_at": "2017-07-04 03:44:46",
"updated_at": "2017-07-04 03:44:46",
"published_at": null,
"adversary": {
"id": 187,
"name": "Adversary Name",
"created_at": "2017-07-04 03:44:46",
"updated_at": "2017-07-04 03:44:48",
"touched_at": "2017-07-04 03:45:01"
},
"tlp": {
"id": 1,
"name": "RED",
"description": "Red",
"value": 0,
"user_editable": "N",
"created_at": "2017-07-04 03:37:52",
"updated_at": "2017-07-04 03:37:52"
}
},
{
"id": 367,
"adversary_id": 187,
"source_id": 9,
"creator_source_id": 8,
"tlp_id": 1,
"created_at": "2017-07-04 03:44:46",
"updated_at": "2017-07-04 03:44:46",
"published_at": null,
"adversary": {
"id": 187,
"name": "Adversary Name",
"created_at": "2017-07-04 03:44:46",
"updated_at": "2017-07-04 03:44:48",
"touched_at": "2017-07-04 03:45:01"
},
"tlp": {
"id": 1,
"name": "RED",
"description": "Red",
"value": 0,
"user_editable": "N",
"created_at": "2017-07-04 03:37:52",
"updated_at": "2017-07-04 03:37:52"
}
}
]
}Response
401Access denied.
Create NewPOST/adversaries/{adversary_id}/sources
Create a new Adversary Source.
Example URI
POST /adversaries/1/sources
URI Parameters
- adversary_id
integer(required) Example: 1Adversary ID
Request
Headers
Content-Type: application/json
Authorization: Bearer <access_token>Body
{
"name": "Test Source",
"tlp": {
"name": "RED"
}
}Response
201Object was created successfully.
Headers
Content-Type: application/jsonBody
{
"total": 1,
"data": [
{
"id": 370,
"adversary_id": 1,
"source_id": 11,
"creator_source_id": 5,
"tlp_id": 1,
"created_at": "2017-03-02 21:08:27",
"updated_at": "2017-03-02 21:08:27",
"published_at": null,
"deleted_at": null,
"existing": 0,
"name": "Test Source"
}
]
}Response
400Validation failed.
Headers
Content-Type: application/jsonBody
{
"data": [
{
"errors": {
"name": [
"The name field is required."
]
}
}
]
}Response
401Access denied.
Adversary Source ¶
Get SingleGET/adversaries/{adversary_id}/sources/{adversary_source_id}
Get a single Adversary Source.
Example URI
GET /adversaries/1/sources/2
URI Parameters
- adversary_id
integer(required) Example: 1Adversary ID
- adversary_source_id
integer(required) Example: 2Adversary Source ID
Request
Headers
Authorization: Bearer <access_token>Response
200Object(s) retrieved successfully.
Body
{
"data": {
"id": 1,
"adversary_id": 1,
"source_id": 13,
"creator_source_id": 8,
"tlp_id": 4,
"created_at": "2018-10-30 20:10:24",
"updated_at": "2018-10-30 20:10:24",
"published_at": null
}
}Response
401Access denied.
Response
404Object not found.
UpdatePUT/adversaries/{adversary_id}/sources/{adversary_source_id}
Update an Adversary Source.
Example URI
PUT /adversaries/1/sources/2
URI Parameters
- adversary_id
integer(required) Example: 1Adversary ID
- adversary_source_id
integer(required) Example: 2Adversary Source ID
Request
Headers
Content-Type: application/json
Authorization: Bearer <access_token>Body
{
"tlp": {
"name": "RED"
}
}Response
200Object(s) retrieved successfully.
Body
{
"data": {
"id": 1,
"adversary_id": 1,
"source_id": 13,
"creator_source_id": 8,
"tlp_id": 4,
"created_at": "2018-10-30 20:10:24",
"updated_at": "2018-10-30 20:10:24",
"published_at": null
}
}Response
401Access denied.
Response
404Object not found.
DeleteDELETE/adversaries/{adversary_id}/sources/{adversary_source_id}
Delete an Adversary Source.
Example URI
DELETE /adversaries/1/sources/2
URI Parameters
- adversary_id
integer(required) Example: 1Adversary ID
- adversary_source_id
integer(required) Example: 2Adversary Source ID
Request
Headers
Authorization: Bearer <access_token>Response
204Object(s) were successfully deleted.
Response
401Access denied.
Response
404Object not found.
Adversary Tag List ¶
Get ListGET/adversaries/{adversary_id}/tags{?limit,offset,sort,with}
Get a list of Adversary Tags.
Example URI
GET /adversaries/1/tags?limit=500&offset=100&sort=id&with=adversaries
URI Parameters
- adversary_id
integer(required) Example: 1Adversary ID
- limit
integer(optional) Example: 500The maximum number of records to retrieve.
- offset
integer(optional) Example: 100Designate the record that will appear first in your retrieved list.
- sort
string(optional) Example: idDesignate the field(s) you want to use to sort the retrieved list. You can prepend each field with a minus sign (-) to reverse the sorting order. This string can be a list of comma-separated values.
- with
string(optional) Example: adversariesA comma-separated list of related objects to include in the response. Options for this endpoint: adversaries.
Request
Headers
Authorization: Bearer <access_token>Response
200Object(s) retrieved successfully.
Body
{
"total": 2,
"data": [
{
"id": 1,
"name": "A Tag Name",
"pivot": {
"object_id": 1,
"tag_id": 1,
"created_at": "2017-05-25 19:38:08",
"updated_at": "2017-05-25 19:38:08"
},
"adversaries": [
{
"id": 1,
"name": "Advanced Pawn",
"created_at": "2017-03-15 17:27:36",
"updated_at": "2017-03-15 17:27:36",
"touched_at": "2017-05-24 19:08:38",
"pivot": {
"tag_id": 1,
"object_id": 1,
"created_at": "2017-05-25 19:38:08",
"updated_at": "2017-05-25 19:38:08"
}
}
]
},
{
"id": 2,
"name": "Yet Another Tag Name",
"pivot": {
"object_id": 1,
"tag_id": 2,
"created_at": "2017-05-25 19:38:08",
"updated_at": "2017-05-25 19:38:08"
},
"adversaries": [
{
"id": 1,
"name": "Advanced Pawn",
"created_at": "2017-03-15 17:27:36",
"updated_at": "2017-03-15 17:27:36",
"touched_at": "2017-05-24 19:08:38",
"pivot": {
"tag_id": 2,
"object_id": 1,
"created_at": "2017-05-25 19:38:08",
"updated_at": "2017-05-25 19:38:08"
}
}
]
}
]
}Response
401Access denied.
Create NewPOST/adversaries/{adversary_id}/tags
Create a new Adversary Tag.
Example URI
POST /adversaries/1/tags
URI Parameters
- adversary_id
integer(required) Example: 1Adversary ID
Request
Headers
Content-Type: application/json
Authorization: Bearer <access_token>Body
{
"name": "Tag Name"
}Response
201Object was created successfully.
Headers
Content-Type: application/jsonBody
{
"total": 1,
"data": [
{
"id": 2,
"name": "Tag Name",
"pivot": {
"object_id": 1,
"tag_id": 2,
"created_at": "2017-03-02 21:24:30",
"updated_at": "2017-03-02 21:24:30"
}
}
]
}Response
400Validation failed.
Headers
Content-Type: application/jsonBody
{
"data": {
"errors": {
"name": [
"The name field is required."
]
}
}
}Response
401Access denied.
Adversary Tag ¶
Get SingleGET/adversaries/{adversary_id}/tags/{tag_id}{?with}
Get a single Adversary Tag.
Example URI
GET /adversaries/1/tags/2?with=adversaries
URI Parameters
- adversary_id
integer(required) Example: 1Adversary ID
- tag_id
integer(required) Example: 2Tag ID
- with
string(optional) Example: adversariesA comma-separated list of related objects to include in the response. Options for this endpoint: adversaries.
Request
Headers
Authorization: Bearer <access_token>Response
200Object(s) retrieved successfully.
Body
{
"data": {
"id": 3,
"name": "A Tag Name",
"pivot": {
"object_id": 189,
"tag_id": 3,
"created_at": "2017-07-04 18:39:46",
"updated_at": "2017-07-04 18:39:46"
},
"adversaries": [
{
"id": 189,
"name": "New Adversary Name",
"created_at": "2017-07-04 18:39:46",
"updated_at": "2017-07-04 18:39:48",
"touched_at": "2017-07-04 18:40:04",
"pivot": {
"tag_id": 3,
"object_id": 189,
"created_at": "2017-07-04 18:39:46",
"updated_at": "2017-07-04 18:39:46"
}
}
]
}
}Response
401Access denied.
Response
404Object not found.
DeleteDELETE/adversaries/{adversary_id}/tags/{tag_id}
Delete an Adversary Tag.
Example URI
DELETE /adversaries/1/tags/2
URI Parameters
- adversary_id
integer(required) Example: 1Adversary ID
- tag_id
integer(required) Example: 2Tag ID
Request
Headers
Authorization: Bearer <access_token>Response
204Object(s) were successfully deleted.
Response
401Access denied.
Response
404Object not found.
Adversary Task List ¶
Get ListGET/adversaries/{adversary_id}/tasks{?limit,offset,sort,with}
Get a list of Adversary Task links.
Example URI
GET /adversaries/1/tasks?limit=500&offset=100&sort=id&with=pivot.sources,pivot.attributes
URI Parameters
- adversary_id
integer(required) Example: 1Adversary ID
- limit
integer(optional) Example: 500The maximum number of records to retrieve.
- offset
integer(optional) Example: 100Designate the record that will appear first in your retrieved list.
- sort
string(optional) Example: idDesignate the field(s) you want to use to sort the retrieved list. You can prepend each field with a minus sign (-) to reverse the sorting order. This string can be a list of comma-separated values.
- with
string(optional) Example: pivot.sources,pivot.attributesA comma-separated list of related objects to include in the response. Options for this endpoint: pivot.comments, pivot.comments.sources, pivot.attributes, pivot.attributes.attribute, pivot.attributes.sources, pivot.sources.
Request
Headers
Authorization: Bearer <access_token>Response
200Object(s) retrieved successfully.
Body
{
"total": 2,
"data": [
{
"id": 1,
"name": "Investigate",
"description": "This issue should be investigated.",
"status_id": 1,
"priority": "Medium",
"assignee_source_id": 8,
"creator_source_id": 8,
"due_at": "2018-04-10 23:57:08",
"completed_at": null,
"assigned_at": "2018-04-04 23:57:08",
"created_at": "2018-04-04 23:57:08",
"updated_at": "2018-04-04 23:57:29",
"pivot": {
"id": 62263,
"src_type": "adversary",
"src_object_id": 1,
"dest_type": "task",
"dest_object_id": 1,
"created_at": "2018-04-04 23:57:08",
"updated_at": "2018-04-04 23:57:08",
"comments": [
{
"id": 59,
"type": "users",
"value": "This link is also important.",
"created_at": "2018-04-05 00:03:55.818000",
"updated_at": "2018-04-05 00:03:55.818000",
"creator_source_id": 8,
"sources": [
{
"id": 8,
"name": "Threat Quotient"
}
]
}
],
"attributes": [
{
"id": 15082,
"name": "Industry",
"value": "Universities",
"sources": [
{
"id": 5,
"name": "Threat Quotient",
"type": "users",
"pivot": {
"created_at": "0000-00-00 00:00:00",
"updated_at": "0000-00-00 00:00:00"
}
}
]
}
],
"sources": [
{
"id": 24302,
"name": "Threat Quotient",
"type": "users",
"pivot": {
"created_at": "2018-04-04 23:58:35.081000",
"updated_at": "2018-04-04 23:58:35.081000"
}
}
]
}
},
{
"id": 2,
"name": "Research",
"description": "More research should be done on this issue.",
"status_id": 2,
"priority": "High",
"assignee_source_id": 8,
"creator_source_id": 8,
"due_at": "2018-04-10 23:57:08",
"completed_at": null,
"assigned_at": "2018-04-04 23:57:08",
"created_at": "2018-04-04 23:57:08",
"updated_at": "2018-04-04 23:58:19",
"pivot": {
"id": 62264,
"src_type": "adversary",
"src_object_id": 1,
"dest_type": "task",
"dest_object_id": 2,
"created_at": "2018-04-04 23:57:08",
"updated_at": "2018-04-04 23:57:08",
"comments": [
{
"id": 60,
"type": "users",
"value": "This link is important.",
"created_at": "2018-04-05 00:04:02.625000",
"updated_at": "2018-04-05 00:05:12.045000",
"creator_source_id": 8,
"sources": [
{
"id": 8,
"name": "Threat Quotient"
}
]
}
],
"attributes": [
{
"id": 15083,
"name": "Industry",
"value": "Mining",
"sources": [
{
"id": 6,
"name": "Threat Quotient",
"type": "users",
"pivot": {
"created_at": "0000-00-00 00:00:00",
"updated_at": "0000-00-00 00:00:00"
}
}
]
}
],
"sources": [
{
"id": 24304,
"name": "Threat Quotient",
"type": "users",
"pivot": {
"created_at": "2018-04-04 23:58:45.642000",
"updated_at": "2018-04-04 23:58:45.642000"
}
}
]
}
}
],
"limit": 100,
"offset": 0
}Response
401Access denied.
Create NewPOST/adversaries/{adversary_id}/tasks
Create a link from a Task to an Adversary.
Example URI
POST /adversaries/1/tasks
URI Parameters
- adversary_id
integer(required) Example: 1Adversary ID
Request
Headers
Content-Type: application/json
Authorization: Bearer <access_token>Body
[
{
"id": 2
},
{
"id": 3
}
]Response
201Object was created successfully.
Headers
Content-Type: application/jsonBody
{
"total": 1,
"data": [
{
"id": 2,
"name": "Research",
"description": "More research should be done on this issue.",
"status_id": 2,
"priority": "High",
"assignee_source_id": 8,
"creator_source_id": 8,
"due_at": "2018-04-10 23:57:08",
"completed_at": null,
"assigned_at": "2018-04-04 23:57:08",
"created_at": "2018-04-04 23:57:08",
"updated_at": "2018-04-04 23:58:19",
"pivot": {
"id": 62264,
"created_at": "2018-04-04 23:58:45",
"updated_at": "2018-04-04 23:58:45"
}
}
]
}Response
400Validation failed.
Headers
Content-Type: application/jsonBody
{
"data": [
{
"errors": {
"id": [
"The id field is required."
]
}
}
]
}Response
401Access denied.
Bulk DeleteDELETE/adversaries/{adversary_id}/tasks
Delete multiple Adversary Task links. The request should include a list of object_link_ids to be deleted.
Example URI
DELETE /adversaries/1/tasks
URI Parameters
- adversary_id
integer(required) Example: 1Adversary ID
Request
Headers
Content-Type: application/json
Authorization: Bearer <access_token>Body
[
62351,
62352
]Response
204Object(s) were successfully deleted.
Response
401Access denied.
Adversary Task ¶
Get SingleGET/adversaries/{adversary_id}/tasks/{object_link_id}{?with}
Get a single Adversary Task link.
Example URI
GET /adversaries/1/tasks/2?with=pivot.sources,pivot.attributes
URI Parameters
- adversary_id
integer(required) Example: 1Adversary ID
- object_link_id
integer(required) Example: 2Object Link ID
- with
string(optional) Example: pivot.sources,pivot.attributesA comma-separated list of related objects to include in the response. Options for this endpoint: pivot.comments, pivot.comments.sources, pivot.attributes, pivot.attributes.attribute, pivot.attributes.sources, pivot.sources.
Request
Headers
Authorization: Bearer <access_token>Response
200Object(s) retrieved successfully.
Body
{
"data": {
"id": 1,
"name": "Investigate",
"description": "This issue should be investigated.",
"status_id": 1,
"priority": "Medium",
"assignee_source_id": 8,
"creator_source_id": 8,
"due_at": "2018-04-10 23:57:08",
"completed_at": null,
"assigned_at": "2018-04-04 23:57:08",
"created_at": "2018-04-04 23:57:08",
"updated_at": "2018-04-04 23:57:29",
"pivot": {
"id": 62263,
"created_at": "2018-04-04 23:58:35",
"updated_at": "2018-04-04 23:58:35",
"comments": [
{
"id": 59,
"object_link_id": 62263,
"value": "This link is also important.",
"creator_source_id": 8,
"created_at": "2018-04-05 00:03:55",
"updated_at": "2018-04-05 00:03:55",
"sources": [
{
"id": 8,
"type": "users",
"name": "Threat Quotient",
"expire_days": null,
"score": null,
"created_at": "2018-04-04 19:28:33",
"updated_at": "2018-04-04 19:28:33",
"pivot": {
"id": 59,
"creator_source_id": 8
}
}
]
}
],
"attributes": [
{
"id": 15082,
"object_link_id": 62263,
"attribute_id": 135,
"value": "Universities",
"created_at": "2018-04-05 00:00:38",
"updated_at": "2018-04-05 00:00:38",
"name": "Industry",
"attribute": {
"id": 135,
"name": "Industry",
"created_at": "2018-04-04 20:01:00",
"updated_at": "2018-04-04 20:01:00"
},
"sources": [
{
"id": 8,
"type": "users",
"name": "Threat Quotient",
"tlp_id": null,
"created_at": "-0001-11-30 00:00:00",
"updated_at": "-0001-11-30 00:00:00",
"published_at": null,
"pivot": {
"object_link_attribute_id": 15082,
"source_id": 8,
"id": 5,
"creator_source_id": 0
}
}
]
}
],
"sources": [
{
"id": 8,
"type": "users",
"name": "Threat Quotient",
"tlp_id": null,
"created_at": "2018-04-04 23:58:35",
"updated_at": "2018-04-04 23:58:35",
"published_at": null,
"pivot": {
"object_link_id": 62263,
"source_id": 8,
"id": 24302,
"creator_source_id": 8
}
}
]
}
}
}Response
401Access denied.
Response
404Object not found.
DeleteDELETE/adversaries/{adversary_id}/tasks/{object_link_id}
Delete an Adversary Task link.
Example URI
DELETE /adversaries/1/tasks/2
URI Parameters
- adversary_id
integer(required) Example: 1Adversary ID
- object_link_id
integer(required) Example: 2Object Link ID
Request
Headers
Authorization: Bearer <access_token>Response
204Object(s) were successfully deleted.
Response
401Access denied.
Response
404Object not found.
Adversary Task Attributes List ¶
Get ListGET/adversaries/{adversary_id}/tasks/{object_link_id}/attributes{?limit,offset,sort}
Get a list of Adversary Task link Attributes.
Example URI
GET /adversaries/1/tasks/2/attributes?limit=500&offset=100&sort=id
URI Parameters
- adversary_id
integer(required) Example: 1Adversary ID
- object_link_id
integer(required) Example: 2Object Link ID
- limit
integer(optional) Example: 500The maximum number of records to retrieve.
- offset
integer(optional) Example: 100Designate the record that will appear first in your retrieved list.
- sort
string(optional) Example: idDesignate the field(s) you want to use to sort the retrieved list. You can prepend each field with a minus sign (-) to reverse the sorting order. This string can be a list of comma-separated values.
Request
Headers
Authorization: Bearer <access_token>Response
200Object(s) retrieved successfully.
Body
{
"total": 2,
"data": [
{
"id": 15067,
"object_link_id": 62326,
"attribute_id": 136,
"value": "Universities",
"created_at": "2018-04-02 17:46:43",
"updated_at": "2018-04-02 17:50:18",
"name": "Industry",
"attribute": {
"id": 136,
"name": "Industry",
"created_at": "2018-04-02 16:25:21",
"updated_at": "2018-04-02 16:25:21"
}
},
{
"id": 15068,
"object_link_id": 62326,
"attribute_id": 136,
"value": "Mining",
"created_at": "2018-04-02 17:52:14",
"updated_at": "2018-04-02 17:52:14",
"name": "Industry",
"attribute": {
"id": 136,
"name": "Industry",
"created_at": "2018-04-02 16:25:21",
"updated_at": "2018-04-02 16:25:21"
}
}
]
}Response
401Access denied.
Create NewPOST/adversaries/{adversary_id}/tasks/{object_link_id}/attributes
Create a new Adversary Task link Attribute.
Example URI
POST /adversaries/1/tasks/2/attributes
URI Parameters
- adversary_id
integer(required) Example: 1Adversary ID
- object_link_id
integer(required) Example: 2Object Link ID
Request
Headers
Content-Type: application/json
Authorization: Bearer <access_token>Body
{
"name": "Port",
"value": "4000",
"sources": [
{
"name": "TQ User",
"tlp": {
"name": "RED"
},
"published_at": "2017-02-28 01:01:01"
}
]
}Response
201Object was created successfully.
Headers
Content-Type: application/jsonBody
{
"data": [
{
"id": 15059,
"object_link_id": 61561,
"attribute_id": 401,
"value": "4000",
"created_at": "2017-03-01 21:47:14",
"updated_at": "2017-03-01 21:47:14",
"deleted_at": null
}
]
}Response
400Validation failed.
Headers
Content-Type: application/jsonBody
{
"errors": [
"Undefined index: value"
]
}Response
401Access denied.
Adversary Task Attribute ¶
Get SingleGET/adversaries/{adversary_id}/tasks/{object_link_id}/attributes/{object_link_attribute_id}
Get a single Adversary Task link Attribute.
Example URI
GET /adversaries/1/tasks/2/attributes/3
URI Parameters
- adversary_id
integer(required) Example: 1Adversary ID
- object_link_id
integer(required) Example: 2Object Link ID
- object_link_attribute_id
integer(required) Example: 3Object Link Attribute ID
Request
Headers
Authorization: Bearer <access_token>Response
200Object(s) retrieved successfully.
Body
{
"data": {
"id": 15068,
"object_link_id": 62326,
"attribute_id": 136,
"value": "Mining",
"created_at": "2018-04-02 17:52:14",
"updated_at": "2018-04-02 17:52:14",
"name": "Industry",
"attribute": {
"id": 136,
"name": "Industry",
"created_at": "2018-04-02 16:25:21",
"updated_at": "2018-04-02 16:25:21"
}
}
}Response
401Access denied.
Response
404Object not found.
UpdatePUT/adversaries/{adversary_id}/tasks/{object_link_id}/attributes/{object_link_attribute_id}
Update an Adversary Task link Attribute.
Example URI
PUT /adversaries/1/tasks/2/attributes/3
URI Parameters
- adversary_id
integer(required) Example: 1Adversary ID
- object_link_id
integer(required) Example: 2Object Link ID
- object_link_attribute_id
integer(required) Example: 3Object Link Attribute ID
Request
Headers
Content-Type: application/json
Authorization: Bearer <access_token>Body
{
"value": "New Value",
"tlp": {
"name": "RED"
}
}Response
200Object(s) retrieved successfully.
Body
{
"data": [
{
"id": 15058,
"object_link_id": 61561,
"attribute_id": 14,
"value": "New Value",
"created_at": "2017-01-24 14:54:31",
"updated_at": "2017-03-01 22:13:22",
"deleted_at": null
}
]
}Response
400Validation failed.
Headers
Content-Type: application/jsonBody
{
"errors": [
"Undefined index: value"
]
}Response
401Access denied.
Response
404Object not found.
DeleteDELETE/adversaries/{adversary_id}/tasks/{object_link_id}/attributes/{object_link_attribute_id}
Delete an Adversary Task link Attribute.
Example URI
DELETE /adversaries/1/tasks/2/attributes/3
URI Parameters
- adversary_id
integer(required) Example: 1Adversary ID
- object_link_id
integer(required) Example: 2Object Link ID
- object_link_attribute_id
integer(required) Example: 3Object Link Attribute ID
Request
Headers
Authorization: Bearer <access_token>Response
204Object(s) were successfully deleted.
Response
401Access denied.
Response
404Object not found.
Adversary Task Comments List ¶
Get ListGET/adversaries/{adversary_id}/tasks/{object_link_id}/comments{?limit,offset,sort,with}
Get a list of Adversary Task link Comments.
Example URI
GET /adversaries/1/tasks/2/comments?limit=500&offset=100&sort=id&with=sources
URI Parameters
- adversary_id
integer(required) Example: 1Adversary ID
- object_link_id
integer(required) Example: 2Object Link ID
- limit
integer(optional) Example: 500The maximum number of records to retrieve.
- offset
integer(optional) Example: 100Designate the record that will appear first in your retrieved list.
- sort
string(optional) Example: idDesignate the field(s) you want to use to sort the retrieved list. You can prepend each field with a minus sign (-) to reverse the sorting order. This string can be a list of comma-separated values.
- with
string(optional) Example: sourcesA comma-separated list of related objects to include in the response. Options for this endpoint: sources.
Request
Headers
Authorization: Bearer <access_token>Response
200Object(s) retrieved successfully.
Body
{
"total": 2,
"data": [
{
"id": 54,
"object_link_id": 62325,
"value": "This has some suspicious stuff.",
"creator_source_id": 8,
"created_at": "2018-04-02 16:19:51",
"updated_at": "2018-04-02 18:21:06",
"sources": [
{
"id": 8,
"type": "users",
"name": "Threat Quotient",
"expire_days": null,
"score": null,
"created_at": "2018-04-02 15:47:21",
"updated_at": "2018-04-02 15:47:21",
"pivot": {
"id": 54,
"creator_source_id": 8
}
}
]
},
{
"id": 56,
"object_link_id": 62325,
"value": "Compile date: 10/17/2011",
"creator_source_id": 8,
"created_at": "2018-04-02 16:20:25",
"updated_at": "2018-04-02 16:20:25",
"sources": [
{
"id": 8,
"type": "users",
"name": "Threat Quotient",
"expire_days": null,
"score": null,
"created_at": "2018-04-02 15:47:21",
"updated_at": "2018-04-02 15:47:21",
"pivot": {
"id": 56,
"creator_source_id": 8
}
}
]
}
]
}Response
401Access denied.
Create NewPOST/adversaries/{adversary_id}/tasks/{object_link_id}/comments
Create a new Adversary Task link Comment.
Example URI
POST /adversaries/1/tasks/2/comments
URI Parameters
- adversary_id
integer(required) Example: 1Adversary ID
- object_link_id
integer(required) Example: 2Object Link ID
Request
Headers
Content-Type: application/json
Authorization: Bearer <access_token>Body
{
"value": "This is a comment."
}Response
201Object was created successfully.
Headers
Content-Type: application/jsonBody
{
"data": {
"creator_source_id": 5,
"id": 69,
"value": "This is a comment.",
"sources": [
{
"id": 5,
"name": "Threat Quotient"
}
],
"created_at": "2017-03-02 14:12:32",
"updated_at": "2017-03-02 14:12:32"
}
}Response
400Validation failed.
Headers
Content-Type: application/jsonBody
{
"errors": [
"Undefined index: value"
]
}Response
401Access denied.
Adversary Task Comment ¶
Get SingleGET/adversaries/{adversary_id}/tasks/{object_link_id}/comments/{object_link_comment_id}
Get a single Adversary Task link Comment.
Example URI
GET /adversaries/1/tasks/2/comments/3
URI Parameters
- adversary_id
integer(required) Example: 1Adversary ID
- object_link_id
integer(required) Example: 2Object Link ID
- object_link_comment_id
integer(required) Example: 3Object Link Comment ID
Request
Headers
Authorization: Bearer <access_token>Response
200Object(s) retrieved successfully.
Body
{
"data": {
"id": 54,
"value": "This is a comment.",
"sources": [
{
"id": 5,
"name": "Threat Quotient"
}
],
"created_at": "2017-03-02 23:18:29",
"updated_at": "2017-03-02 23:18:29"
}
}Response
401Access denied.
Response
404Object not found.
UpdatePUT/adversaries/{adversary_id}/tasks/{object_link_id}/comments/{object_link_comment_id}
Update an Adversary Task link Comment.
Example URI
PUT /adversaries/1/tasks/2/comments/3
URI Parameters
- adversary_id
integer(required) Example: 1Adversary ID
- object_link_id
integer(required) Example: 2Object Link ID
- object_link_comment_id
integer(required) Example: 3Object Link Comment ID
Request
Headers
Content-Type: application/json
Authorization: Bearer <access_token>Body
{
"value": "This is an updated comment."
}Response
201Object was created successfully.
Headers
Content-Type: application/jsonBody
{
"data": {
"creator_source_id": 5,
"value": "This is an updated comment.",
"id": 67,
"sources": [
{
"id": 5,
"name": "Threat Quotient"
}
],
"created_at": "2017-02-28 20:18:50",
"updated_at": "2017-03-02 14:37:49"
}
}Response
400Validation failed.
Headers
Content-Type: application/jsonBody
{
"data": {
"creator_source_id": 5,
"errors": {
"value": [
"The value field is required."
]
}
}
}Response
401Access denied.
Response
404Object not found.
DeleteDELETE/adversaries/{adversary_id}/tasks/{object_link_id}/comments/{object_link_comment_id}
Delete an Adversary Task link Comment.
Example URI
DELETE /adversaries/1/tasks/2/comments/3
URI Parameters
- adversary_id
integer(required) Example: 1Adversary ID
- object_link_id
integer(required) Example: 2Object Link ID
- object_link_comment_id
integer(required) Example: 3Object Link Comment ID
Request
Headers
Authorization: Bearer <access_token>Response
204Object(s) were successfully deleted.
Response
401Access denied.
Response
404Object not found.
Adversary Value Weights ¶
Get ListGET/adversaries/{adversary_id}/value-weight{?limit,offset,sort,with}
Get an Adversary’s Value Weight.
Example URI
GET /adversaries/1/value-weight?limit=500&offset=100&sort=id&with=adversary
URI Parameters
- adversary_id
integer(required) Example: 1Adversary ID
- limit
integer(optional) Example: 500The maximum number of records to retrieve.
- offset
integer(optional) Example: 100Designate the record that will appear first in your retrieved list.
- sort
string(optional) Example: idDesignate the field(s) you want to use to sort the retrieved list. You can prepend each field with a minus sign (-) to reverse the sorting order. This string can be a list of comma-separated values.
- with
string(optional) Example: adversaryA comma-separated list of related objects to include in the response. Options for this endpoint: adversary.
Request
Headers
Authorization: Bearer <access_token>Response
200Object(s) retrieved successfully.
Body
{
"total": 1,
"data": [
{
"id": 8,
"object_type": "adversary",
"object_id": 194,
"score": 2,
"created_at": "2017-07-04 19:32:12",
"updated_at": "2017-07-04 19:32:12",
"adversary": {
"id": 194,
"name": "Adversary Name",
"created_at": "2017-07-04 19:32:12",
"updated_at": "2017-07-04 19:32:14",
"touched_at": "2017-07-04 19:32:30"
}
}
]
}Response
401Access denied.
Create NewPOST/adversaries/{adversary_id}/value-weight
Create a new Adversary Value Weight.
Example URI
POST /adversaries/1/value-weight
URI Parameters
- adversary_id
integer(required) Example: 1Adversary ID
Request
Headers
Content-Type: application/json
Authorization: Bearer <access_token>Body
{
"score": "1"
}Response
201Object was created successfully.
Headers
Content-Type: application/jsonBody
{
"data": {
"object_type": "adversary",
"object_id": "3",
"score": "1",
"updated_at": "2017-03-03 14:49:04",
"created_at": "2017-03-03 14:49:04",
"id": 3
}
}Response
401Access denied.
Adversary Value Weight ¶
Get SingleGET/adversaries/{adversary_id}/value-weight/{value_weight_id}{?with}
Get a single Adversary Value Weight.
Example URI
GET /adversaries/1/value-weight/2?with=adversary
URI Parameters
- adversary_id
integer(required) Example: 1Adversary ID
- value_weight_id
integer(required) Example: 2Indicator Relation Value Weight ID
- with
string(optional) Example: adversaryA comma-separated list of related objects to include in the response. Options for this endpoint: adversary.
Request
Headers
Authorization: Bearer <access_token>Response
200Object(s) retrieved successfully.
Body
{
"data": {
"id": 2,
"object_type": "adversary",
"object_id": 188,
"score": 2,
"created_at": "2017-07-04 19:52:12",
"updated_at": "2017-07-04 19:52:12",
"adversary": {
"id": 188,
"name": "Adversary Name",
"created_at": "2017-07-04 19:52:12",
"updated_at": "2017-07-04 19:52:15",
"touched_at": "2017-07-04 19:52:30"
}
}
}Response
401Access denied.
Response
404Object not found.
UpdatePUT/adversaries/{adversary_id}/value-weight/{value_weight_id}{?with}
Update an Adversary Value Weight.
Example URI
PUT /adversaries/1/value-weight/2?with=adversary
URI Parameters
- adversary_id
integer(required) Example: 1Adversary ID
- value_weight_id
integer(required) Example: 2Indicator Relation Value Weight ID
- with
string(optional) Example: adversaryA comma-separated list of related objects to include in the response. Options for this endpoint: adversary.
Request
Headers
Content-Type: application/json
Authorization: Bearer <access_token>Body
{
"score": "-3"
}Response
201Object was created successfully.
Headers
Content-Type: application/jsonBody
{
"data": {
"id": 1,
"object_type": "adversary",
"object_id": 187,
"score": "1",
"created_at": "2017-07-04 23:08:33",
"updated_at": "2017-07-04 23:18:45",
"adversary": {
"id": 187,
"name": "Adversary Name",
"created_at": "2017-07-04 23:08:33",
"updated_at": "2017-07-04 23:08:35",
"touched_at": "2017-07-04 23:08:48"
}
}
}Response
401Access denied.
Response
404Object not found.
DeleteDELETE/adversaries/{adversary_id}/value-weight/{value_weight_id}
Delete an Adversary Value Weight.
Example URI
DELETE /adversaries/1/value-weight/2
URI Parameters
- adversary_id
integer(required) Example: 1Adversary ID
- value_weight_id
integer(required) Example: 2Indicator Relation Value Weight ID
Request
Headers
Authorization: Bearer <access_token>Response
204Object(s) were successfully deleted.
Response
401Access denied.
Response
404Object not found.
Adversary Value Weight List ¶
Adversary Value Weight ListGET/adversaries/value-weight{?limit,offset,sort,with}
Get all Adversary Value Weights.
Example URI
GET /adversaries/value-weight?limit=500&offset=100&sort=id&with=adversary
URI Parameters
- limit
integer(optional) Example: 500The maximum number of records to retrieve.
- offset
integer(optional) Example: 100Designate the record that will appear first in your retrieved list.
- sort
string(optional) Example: idDesignate the field(s) you want to use to sort the retrieved list. You can prepend each field with a minus sign (-) to reverse the sorting order. This string can be a list of comma-separated values.
- with
string(optional) Example: adversaryA comma-separated list of related objects to include in the response. Options for this endpoint: adversary.
Request
Headers
Authorization: Bearer <access_token>Response
200Object(s) retrieved successfully.
Body
{
"total": 3,
"data": [
{
"id": 1,
"object_type": "adversary",
"object_id": 1,
"score": 2,
"created_at": "2017-03-03 14:19:16",
"updated_at": "2017-03-03 14:35:43"
},
{
"id": 2,
"object_type": "adversary",
"object_id": 2,
"score": -4,
"created_at": "2017-03-03 14:19:16",
"updated_at": "2017-03-03 14:35:44"
},
{
"id": 3,
"object_type": "adversary",
"object_id": 3,
"score": 1,
"created_at": "2017-03-03 14:49:04",
"updated_at": "2017-03-03 14:49:04"
}
]
}Response
401Access denied.
Adversary Watchlists ¶
Get SingleGET/adversaries/{adversary_id}/watchlist
Get an Adversary in a user’s Watchlist.
Example URI
GET /adversaries/1/watchlist
URI Parameters
- adversary_id
integer(required) Example: 1Adversary ID
Request
Headers
Authorization: Bearer <access_token>Response
200Object(s) retrieved successfully.
Body
{
"total": 1,
"data": [
{
"id": 1,
"user_id": 1,
"object_type": "adversary",
"object_id": 1,
"created_at": "2017-03-02 21:46:50",
"updated_at": "2017-03-02 21:46:50",
"adversary": {
"id": 1,
"name": "Advanced Pawn",
"created_at": "2017-02-14 15:09:26",
"updated_at": "2017-02-14 15:09:26",
"touched_at": "2017-03-02 21:08:27"
}
}
]
}Response
401Access denied.
Create NewPOST/adversaries/{adversary_id}/watchlist
Add an Adversary to the user’s Watchlist.
Example URI
POST /adversaries/1/watchlist
URI Parameters
- adversary_id
integer(required) Example: 1Adversary ID
Request
Headers
Authorization: Bearer <access_token>Body
No Request Body.Response
201Object was created successfully.
Headers
Content-Type: application/jsonBody
{
"data": {
"object_type": "adversary",
"user_id": 1,
"object_id": "1",
"updated_at": "2017-03-02 21:50:37",
"created_at": "2017-03-02 21:50:37",
"id": 3
}
}Response
401Access denied.
Adversary Watchlist ¶
Adversary WatchlistDELETE/adversaries/{adversary_id}/watchlist/{watchlist_id}
Remove an Adversary from the user’s Watchlist.
Example URI
DELETE /adversaries/1/watchlist/2
URI Parameters
- adversary_id
integer(required) Example: 1Adversary ID
- watchlist_id
integer(required) Example: 2Watchlist ID
Request
Headers
Authorization: Bearer <access_token>Response
204Object(s) were successfully deleted.
Response
401Access denied.
Response
404Object not found.
Adversary Watchlist Bulk ¶
Get ListGET/adversaries/watchlist
Get all Adversaries in a user’s Watchlist. Only users with administrator privileges can see Watchlists for all users.
Example URI
GET /adversaries/watchlist
Request
Headers
Authorization: Bearer <access_token>Response
200Object(s) retrieved successfully.
Body
{
"total": 3,
"data": [
{
"id": 1,
"user_id": 1,
"object_type": "adversary",
"object_id": 1,
"created_at": "2017-03-03 15:52:39",
"updated_at": "2017-03-03 15:52:39",
"adversary": {
"id": 1,
"name": "Advanced Pawn",
"created_at": "2017-01-26 19:20:42",
"updated_at": "2017-01-26 19:20:42",
"touched_at": "2017-03-03 14:20:55"
}
},
{
"id": 2,
"user_id": 1,
"object_type": "adversary",
"object_id": 2,
"created_at": "2017-03-03 15:52:48",
"updated_at": "2017-03-03 15:52:48",
"adversary": {
"id": 2,
"name": "AMOROUS PANDA",
"created_at": "2016-12-06 14:17:52",
"updated_at": "2016-12-06 14:17:52",
"touched_at": "2017-03-03 14:20:55"
}
},
{
"id": 3,
"user_id": 1,
"object_type": "adversary",
"object_id": 16,
"created_at": "2017-03-03 15:53:10",
"updated_at": "2017-03-03 15:53:10",
"adversary": {
"id": 16,
"name": "BOULDER BEAR",
"created_at": "2016-12-15 01:18:20",
"updated_at": "2016-12-15 01:18:20",
"touched_at": "2017-03-03 14:20:55"
}
}
]
}Response
401Access denied.
Create NewPOST/adversaries/watchlist
Bulk add Adversaries to the user’s Watchlist.
Example URI
POST /adversaries/watchlist
Request
Headers
Content-Type: application/json
Authorization: Bearer <access_token>Body
{
"object_ids": [
5,
6,
7
]
}Response
201Object was created successfully.
Headers
Content-Type: application/jsonBody
{
"data": [
{
"object_type": "adversary",
"user_id": 1,
"object_id": "5",
"updated_at": "2017-03-03 15:56:58",
"created_at": "2017-03-03 15:56:58",
"id": 4
},
{
"object_type": "adversary",
"user_id": 1,
"object_id": "6",
"updated_at": "2017-03-03 15:56:58",
"created_at": "2017-03-03 15:56:58",
"id": 5
},
{
"object_type": "adversary",
"user_id": 1,
"object_id": "7",
"updated_at": "2017-03-03 15:56:58",
"created_at": "2017-03-03 15:56:58",
"id": 6
}
]
}Response
401Access denied.
Attachments ¶
Attachment List ¶
Get ListGET/attachments{?limit,offset,sort,with}
Get a list of Attachments (Files).
Example URI
GET /attachments?limit=500&offset=100&sort=id&with=adversaries,attachments
URI Parameters
- limit
integer(optional) Example: 500The maximum number of records to retrieve.
- offset
integer(optional) Example: 100Designate the record that will appear first in your retrieved list.
- sort
string(optional) Example: idDesignate the field(s) you want to use to sort the retrieved list. You can prepend each field with a minus sign (-) to reverse the sorting order. This string can be a list of comma-separated values.
- with
string(optional) Example: adversaries,attachmentsA comma-separated list of related objects to include in the response. Options for this endpoint: adversaries, attachments, attributes, comments, contentType, events, indicators, signatures, sources, tags, type, watchlist.
Request
Headers
Authorization: Bearer <access_token>Response
200Object(s) retrieved successfully.
Body
{
"total": 3,
"data": [
{
"id": 1,
"type_id": 1,
"title": "Crazy File",
"name": "crazy-file.exe",
"hash": "f5f39c6886a66686af0950014dffe968",
"content_type_id": 1,
"file_size": 234235236,
"malware_locked": 1,
"description": null,
"created_at": "2017-03-16 13:03:07",
"updated_at": "2017-03-16 13:03:07",
"touched_at": "2017-03-16 13:05:54"
},
{
"id": 2,
"type_id": 2,
"title": "Bad Malware",
"name": "Crazy effing malware!.net.org.exe",
"hash": "350649b5b5fa5436d325cbaf482d52c7",
"content_type_id": 1,
"file_size": 134232,
"malware_locked": 1,
"description": null,
"created_at": "2017-03-15 13:03:07",
"updated_at": "2017-03-15 13:03:07",
"touched_at": "2017-03-16 13:05:54"
},
{
"id": 3,
"type_id": 3,
"title": "EXE like script",
"name": "Honeybooboo.sh",
"hash": "51774564f8d78fbddbfa22e1e7459af4",
"content_type_id": 1,
"file_size": 234234,
"malware_locked": 1,
"description": null,
"created_at": "2017-03-11 13:03:07",
"updated_at": "2017-03-11 13:03:07",
"touched_at": "2017-03-16 13:05:54"
}
]
}Response
401Access denied.
Create NewPOST/attachments
Create a new Attachment (File). Before a request is made to this endpoint, the file should be uploaded with a POST to /attachments/upload.
If you leave the title field blank in your request, the title will share the file name of the attachment.
Example URI
POST /attachments
Request
Headers
Content-Type: application/json
Authorization: Bearer <access_token>Body
{
"name": "bad_file.exe",
"title": "Bad File",
"type_id": "2",
"malware_locked": "0",
"tlp": {
"name": "GREEN"
}
}Response
201Object was created successfully.
Headers
Content-Type: application/jsonBody
{
"data": {
"malware_locked": 0,
"name": "bad_file.exe",
"file_size": 917573,
"hash": "aead2388d5b9de8b1bfdd83eb6b4746d",
"type_id": 1,
"content_type_id": 2,
"updated_at": "2017-03-16 15:01:52",
"created_at": "2017-03-16 15:01:52",
"id": 4
}
}Response
401Access denied.
Response
500Internal Server Error.
Body
{
"errors": [
"The file \"/tmp/bad_file.exe\" does not exist"
]
}Attachment ¶
Get SingleGET/attachments/{attachment_id}{?with}
Get a single Attachment (File).
Example URI
GET /attachments/1?with=adversaries,attachments
URI Parameters
- attachment_id
integer(required) Example: 1Attachment ID
- with
string(optional) Example: adversaries,attachmentsA comma-separated list of related objects to include in the response. Options for this endpoint: adversaries, attachments, attributes, comments, contentType, events, indicators, signatures, sources, tags, type, watchlist.
Request
Headers
Authorization: Bearer <access_token>Response
200Object(s) retrieved successfully.
Body
{
"data": {
"id": 1,
"type_id": 1,
"title": "Crazy File",
"name": "crazy-file.exe",
"hash": "f5f39c6886a66686af0950014dffe968",
"content_type_id": 1,
"file_size": 234235236,
"malware_locked": 1,
"description": null,
"created_at": "2017-03-16 13:03:07",
"updated_at": "2017-03-16 13:03:07",
"touched_at": "2017-03-16 13:05:54"
}
}Response
401Access denied.
Response
404Object not found.
UpdatePUT/attachments/{attachment_id}{?with}
Update an Attachment (File). If making changes to the file itself, the file should be uploaded with a POST to /attachments/upload first.
If you leave the title field blank in your request, the title will share the file name of the attachment.
Example URI
PUT /attachments/1?with=adversaries,attachments
URI Parameters
- attachment_id
integer(required) Example: 1Attachment ID
- with
string(optional) Example: adversaries,attachmentsA comma-separated list of related objects to include in the response. Options for this endpoint: adversaries, attachments, attributes, comments, contentType, events, indicators, signatures, sources, tags, type, watchlist.
Request
Headers
Content-Type: application/json
Authorization: Bearer <access_token>Body
{
"description": "This file is crazy bad.",
"title": "Crazy Bad File"
}Response
201Object was created successfully.
Headers
Content-Type: application/jsonBody
{
"data": {
"id": 1,
"type_id": 1,
"title": "Crazy Bad File",
"name": "crazy-file.exe",
"hash": "f5f39c6886a66686af0950014dffe968",
"content_type_id": 1,
"file_size": 234235236,
"malware_locked": 1,
"description": "This file is crazy bad.",
"created_at": "2017-03-16 13:03:07",
"updated_at": "2017-03-16 16:37:58",
"touched_at": "2017-03-16 16:37:38"
}
}Response
401Access denied.
Response
404Object not found.
DeleteDELETE/attachments/{attachment_id}
Delete an Attachment (File).
Example URI
DELETE /attachments/1
URI Parameters
- attachment_id
integer(required) Example: 1Attachment ID
Request
Headers
Authorization: Bearer <access_token>Response
204Object(s) were successfully deleted.
Response
401Access denied.
Response
404Object not found.
Attachment Adversaries List ¶
Get ListGET/attachments/{attachment_id}/adversaries{?limit,offset,sort,with}
Get a list of Attachment (File) Adversary links.
Example URI
GET /attachments/1/adversaries?limit=500&offset=100&sort=id&with=sources,pivot.attributes
URI Parameters
- attachment_id
integer(required) Example: 1Attachment ID
- limit
integer(optional) Example: 500The maximum number of records to retrieve.
- offset
integer(optional) Example: 100Designate the record that will appear first in your retrieved list.
- sort
string(optional) Example: idDesignate the field(s) you want to use to sort the retrieved list. You can prepend each field with a minus sign (-) to reverse the sorting order. This string can be a list of comma-separated values.
- with
string(optional) Example: sources,pivot.attributesA comma-separated list of related objects to include in the response. Options for this endpoint: pivot.comments, pivot.comments.sources, pivot.attributes, pivot.attributes.attribute, pivot.attributes.sources, pivot.sources, sources.
Request
Headers
Authorization: Bearer <access_token>Response
200Object(s) retrieved successfully.
Body
{
"total": 2,
"data": [
{
"id": 2,
"name": "AMOROUS PANDA",
"created_at": "2018-03-24 03:49:31",
"updated_at": "2018-03-24 03:49:31",
"touched_at": "2018-04-02 16:16:38",
"deleted_at": null,
"sources": [
{
"name": "Customer Observer"
}
],
"pivot": {
"id": 62324,
"src_type": "adversary",
"src_object_id": 1,
"dest_type": "adversary",
"dest_object_id": 2,
"created_at": "2018-04-02 16:16:38",
"updated_at": "2018-04-02 16:16:38",
"comments": [
{
"id": 54,
"type": "users",
"value": "This link is important.",
"source": "Threat Quotient",
"created_at": "2018-04-02 16:19:51.184000",
"updated_at": "2018-04-02 16:23:40.426000",
"creator_source_id": 8
}
],
"attributes": [
{
"id": 15066,
"name": "Industry",
"value": "Hospitals",
"sources": [
{
"id": 2,
"name": "Threat Quotient",
"type": "users",
"pivot": {
"created_at": "2018-04-02 16:17:00.689000",
"updated_at": "2018-04-02 16:17:00.689000"
}
}
]
}
],
"sources": [
{
"id": 24424,
"name": "Threat Quotient",
"type": "users",
"pivot": {
"created_at": "2018-04-02 16:16:38.663000",
"updated_at": "2018-04-02 16:16:38.663000"
}
}
]
}
},
{
"id": 3,
"name": "ANCHOR PANDA",
"created_at": "2018-01-08 23:05:37",
"updated_at": "2018-01-08 23:05:37",
"touched_at": "2018-04-02 16:17:00",
"deleted_at": null,
"sources": [
{
"name": "ThreatQ Front End"
},
{
"name": "Domain Tools"
}
],
"pivot": {
"id": 62325,
"src_type": "adversary",
"src_object_id": 1,
"dest_type": "adversary",
"dest_object_id": 3,
"created_at": "2018-04-02 16:17:00",
"updated_at": "2018-04-02 16:17:00",
"comments": [
{
"id": 56,
"type": "users",
"value": "This link is also important.",
"source": "Threat Quotient",
"created_at": "2018-04-02 16:20:25.327000",
"updated_at": "2018-04-02 16:20:25.327000",
"creator_source_id": 8
}
],
"attributes": [
{
"id": 15065,
"name": "Industry",
"value": "Universities",
"sources": [
{
"id": 1,
"name": "Threat Quotient",
"type": "users",
"pivot": {
"created_at": "2018-04-02 16:17:00.689000",
"updated_at": "2018-04-02 16:17:00.689000"
}
}
]
}
],
"sources": [
{
"id": 24426,
"name": "Threat Quotient",
"type": "users",
"pivot": {
"created_at": "2018-04-02 16:17:00.689000",
"updated_at": "2018-04-02 16:17:00.689000"
}
}
]
}
}
],
"limit": 100,
"offset": 0
}Response
401Access denied.
Create NewPOST/attachments/{attachment_id}/adversaries
Create a link from an Adversary to an Attachment (File).
Example URI
POST /attachments/1/adversaries
URI Parameters
- attachment_id
integer(required) Example: 1Attachment ID
Request
Headers
Content-Type: application/json
Authorization: Bearer <access_token>Body
[
{
"id": 2
},
{
"id": 3
}
]Response
201Object was created successfully.
Headers
Content-Type: application/jsonBody
{
"total": 2,
"data": [
{
"id": 2,
"name": "AMOROUS PANDA",
"created_at": "2017-03-06 14:05:24",
"updated_at": "2017-03-06 14:05:24",
"touched_at": "2017-03-10 19:25:48",
"pivot": {
"id": 62141,
"created_at": "2017-03-10 19:25:48",
"updated_at": "2017-03-10 19:25:48"
}
},
{
"id": 3,
"name": "ANCHOR PANDA",
"created_at": "2016-12-27 13:45:12",
"updated_at": "2016-12-27 13:45:12",
"touched_at": "2017-03-10 19:25:48",
"pivot": {
"id": 62142,
"created_at": "2017-03-10 19:25:48",
"updated_at": "2017-03-10 19:25:48"
}
}
]
}Response
400Validation failed.
Headers
Content-Type: application/jsonBody
{
"data": [
{
"errors": {
"id": [
"The id field is required."
]
}
}
]
}Response
401Access denied.
Bulk DeleteDELETE/attachments/{attachment_id}/adversaries
Delete multiple Attachment (File) Adversary links. The request should include a list of object_link_ids to be deleted.
Example URI
DELETE /attachments/1/adversaries
URI Parameters
- attachment_id
integer(required) Example: 1Attachment ID
Request
Headers
Content-Type: application/json
Authorization: Bearer <access_token>Body
[
62351,
62352
]Response
204Object(s) were successfully deleted.
Response
401Access denied.
Attachment Adversary ¶
Get SingleGET/attachments/{attachment_id}/adversaries/{object_link_id}{?with}
Get a single Attachment (File) Adversary link.
Example URI
GET /attachments/1/adversaries/2?with=sources,pivot.attributes
URI Parameters
- attachment_id
integer(required) Example: 1Attachment ID
- object_link_id
integer(required) Example: 2Object Link ID
- with
string(optional) Example: sources,pivot.attributesA comma-separated list of related objects to include in the response. Options for this endpoint: pivot.comments, pivot.comments.sources, pivot.attributes, pivot.attributes.attribute, pivot.attributes.sources, pivot.sources, sources.
Request
Headers
Authorization: Bearer <access_token>Response
200Object(s) retrieved successfully.
Body
{
"data": {
"id": 1,
"name": "Advanced Pawn",
"created_at": "2018-01-18 22:47:52",
"updated_at": "2018-01-18 22:47:52",
"touched_at": "2018-04-02 16:17:00",
"pivot": {
"id": 62324,
"created_at": "2018-04-02 16:16:38",
"updated_at": "2018-04-02 16:16:38",
"comments": [
{
"id": 54,
"object_link_id": 62324,
"value": "This link is important.",
"creator_source_id": 8,
"created_at": "2018-04-02 16:19:51",
"updated_at": "2018-04-02 16:23:40",
"sources": [
{
"id": 8,
"type": "users",
"name": "Threat Quotient",
"expire_days": null,
"score": null,
"created_at": "2018-04-02 15:47:21",
"updated_at": "2018-04-02 15:47:21",
"pivot": {
"id": 54,
"creator_source_id": 8
}
}
]
}
],
"attributes": [
{
"id": 15066,
"object_link_id": 62324,
"attribute_id": 136,
"value": "Hospitals",
"created_at": "2018-04-02 16:25:47",
"updated_at": "2018-04-02 16:25:47",
"name": "Industry",
"attribute": {
"id": 136,
"name": "Industry",
"created_at": "2018-04-02 16:25:21",
"updated_at": "2018-04-02 16:25:21"
},
"sources": [
{
"id": 8,
"type": "users",
"name": "Threat Quotient",
"tlp_id": null,
"created_at": "2018-04-02 16:17:00",
"updated_at": "2018-04-02 16:17:00",
"published_at": null,
"pivot": {
"object_link_attribute_id": 15066,
"source_id": 8,
"id": 2,
"creator_source_id": 0
}
}
]
}
],
"sources": [
{
"id": 8,
"type": "users",
"name": "Threat Quotient",
"tlp_id": null,
"created_at": "2018-04-02 16:16:38",
"updated_at": "2018-04-02 16:16:38",
"published_at": null,
"pivot": {
"object_link_id": 62324,
"source_id": 8,
"id": 24424,
"creator_source_id": 8
}
}
]
},
"sources": [
{
"id": 1,
"type": "clients",
"name": "ThreatQ Front End",
"tlp_id": null,
"created_at": "2018-02-05 12:29:56",
"updated_at": "2018-04-02 15:49:40",
"published_at": null,
"pivot": {
"adversary_id": 1,
"source_id": 1,
"id": 1,
"creator_source_id": 1
}
},
{
"id": 7,
"type": "plugins",
"name": "VirusTotal",
"tlp_id": null,
"created_at": "2018-01-31 03:41:47",
"updated_at": "2018-04-02 15:49:40",
"published_at": null,
"pivot": {
"adversary_id": 1,
"source_id": 7,
"id": 2,
"creator_source_id": 7
}
},
{
"id": 8,
"type": "users",
"name": "Threat Quotient",
"tlp_id": null,
"created_at": "2018-03-31 21:31:30",
"updated_at": "2018-04-02 15:49:40",
"published_at": null,
"pivot": {
"adversary_id": 1,
"source_id": 8,
"id": 3,
"creator_source_id": 8
}
}
]
}
}Response
401Access denied.
Response
404Object not found.
DeleteDELETE/attachments/{attachment_id}/adversaries/{object_link_id}
Delete an Attachment (File) Adversary link.
Example URI
DELETE /attachments/1/adversaries/2
URI Parameters
- attachment_id
integer(required) Example: 1Attachment ID
- object_link_id
integer(required) Example: 2Object Link ID
Request
Headers
Authorization: Bearer <access_token>Response
204Object(s) were successfully deleted.
Response
401Access denied.
Response
404Object not found.
Attachment Adversary Attributes List ¶
Get ListGET/attachments/{attachment_id}/adversaries/{object_link_id}/attributes{?limit,offset,sort}
Get a list of Attachment (File) Adversary link Attributes.
Example URI
GET /attachments/1/adversaries/2/attributes?limit=500&offset=100&sort=id
URI Parameters
- attachment_id
integer(required) Example: 1Attachment ID
- object_link_id
integer(required) Example: 2Object Link ID
- limit
integer(optional) Example: 500The maximum number of records to retrieve.
- offset
integer(optional) Example: 100Designate the record that will appear first in your retrieved list.
- sort
string(optional) Example: idDesignate the field(s) you want to use to sort the retrieved list. You can prepend each field with a minus sign (-) to reverse the sorting order. This string can be a list of comma-separated values.
Request
Headers
Authorization: Bearer <access_token>Response
200Object(s) retrieved successfully.
Body
{
"total": 2,
"data": [
{
"id": 15067,
"object_link_id": 62326,
"attribute_id": 136,
"value": "Universities",
"created_at": "2018-04-02 17:46:43",
"updated_at": "2018-04-02 17:50:18",
"name": "Industry",
"attribute": {
"id": 136,
"name": "Industry",
"created_at": "2018-04-02 16:25:21",
"updated_at": "2018-04-02 16:25:21"
}
},
{
"id": 15068,
"object_link_id": 62326,
"attribute_id": 136,
"value": "Mining",
"created_at": "2018-04-02 17:52:14",
"updated_at": "2018-04-02 17:52:14",
"name": "Industry",
"attribute": {
"id": 136,
"name": "Industry",
"created_at": "2018-04-02 16:25:21",
"updated_at": "2018-04-02 16:25:21"
}
}
]
}Response
401Access denied.
Create NewPOST/attachments/{attachment_id}/adversaries/{object_link_id}/attributes
Create a new Attachment (File) Adversary link Attribute.
Example URI
POST /attachments/1/adversaries/2/attributes
URI Parameters
- attachment_id
integer(required) Example: 1Attachment ID
- object_link_id
integer(required) Example: 2Object Link ID
Request
Headers
Content-Type: application/json
Authorization: Bearer <access_token>Body
{
"name": "Port",
"value": "4000",
"sources": [
{
"name": "TQ User",
"tlp": {
"name": "RED"
},
"published_at": "2017-02-28 01:01:01"
}
]
}Response
201Object was created successfully.
Headers
Content-Type: application/jsonBody
{
"data": [
{
"id": 15059,
"object_link_id": 61561,
"attribute_id": 401,
"value": "4000",
"created_at": "2017-03-01 21:47:14",
"updated_at": "2017-03-01 21:47:14",
"deleted_at": null
}
]
}Response
400Validation failed.
Headers
Content-Type: application/jsonBody
{
"errors": [
"Undefined index: value"
]
}Response
401Access denied.
Attachment Adversary Attribute ¶
Get SingleGET/attachments/{attachment_id}/adversaries/{object_link_id}/attributes/{object_link_attribute_id}
Get a single Attachment (File) Adversary link Attribute.
Example URI
GET /attachments/1/adversaries/2/attributes/3
URI Parameters
- attachment_id
integer(required) Example: 1Attachment ID
- object_link_id
integer(required) Example: 2Object Link ID
- object_link_attribute_id
integer(required) Example: 3Object Link Attribute ID
Request
Headers
Authorization: Bearer <access_token>Response
200Object(s) retrieved successfully.
Body
{
"data": {
"id": 15068,
"object_link_id": 62326,
"attribute_id": 136,
"value": "Mining",
"created_at": "2018-04-02 17:52:14",
"updated_at": "2018-04-02 17:52:14",
"name": "Industry",
"attribute": {
"id": 136,
"name": "Industry",
"created_at": "2018-04-02 16:25:21",
"updated_at": "2018-04-02 16:25:21"
}
}
}Response
401Access denied.
Response
404Object not found.
UpdatePUT/attachments/{attachment_id}/adversaries/{object_link_id}/attributes/{object_link_attribute_id}
Update an Attachment (File) Adversary link Attribute.
Example URI
PUT /attachments/1/adversaries/2/attributes/3
URI Parameters
- attachment_id
integer(required) Example: 1Attachment ID
- object_link_id
integer(required) Example: 2Object Link ID
- object_link_attribute_id
integer(required) Example: 3Object Link Attribute ID
Request
Headers
Content-Type: application/json
Authorization: Bearer <access_token>Body
{
"value": "New Value",
"tlp": {
"name": "RED"
}
}Response
200Object(s) retrieved successfully.
Body
{
"data": [
{
"id": 15058,
"object_link_id": 61561,
"attribute_id": 14,
"value": "New Value",
"created_at": "2017-01-24 14:54:31",
"updated_at": "2017-03-01 22:13:22",
"deleted_at": null
}
]
}Response
400Validation failed.
Headers
Content-Type: application/jsonBody
{
"errors": [
"Undefined index: value"
]
}Response
401Access denied.
Response
404Object not found.
DeleteDELETE/attachments/{attachment_id}/adversaries/{object_link_id}/attributes/{object_link_attribute_id}
Delete an Attachment (File) Adversary link Attribute.
Example URI
DELETE /attachments/1/adversaries/2/attributes/3
URI Parameters
- attachment_id
integer(required) Example: 1Attachment ID
- object_link_id
integer(required) Example: 2Object Link ID
- object_link_attribute_id
integer(required) Example: 3Object Link Attribute ID
Request
Headers
Authorization: Bearer <access_token>Response
204Object(s) were successfully deleted.
Response
401Access denied.
Response
404Object not found.
Attachment Adversary Comments List ¶
Get ListGET/attachments/{attachment_id}/adversaries/{object_link_id}/comments{?limit,offset,sort,with}
Get a list of Attachment (File) Adversary link Comments.
Example URI
GET /attachments/1/adversaries/2/comments?limit=500&offset=100&sort=id&with=sources
URI Parameters
- attachment_id
integer(required) Example: 1Attachment ID
- object_link_id
integer(required) Example: 2Object Link ID
- limit
integer(optional) Example: 500The maximum number of records to retrieve.
- offset
integer(optional) Example: 100Designate the record that will appear first in your retrieved list.
- sort
string(optional) Example: idDesignate the field(s) you want to use to sort the retrieved list. You can prepend each field with a minus sign (-) to reverse the sorting order. This string can be a list of comma-separated values.
- with
string(optional) Example: sourcesA comma-separated list of related objects to include in the response. Options for this endpoint: sources.
Request
Headers
Authorization: Bearer <access_token>Response
200Object(s) retrieved successfully.
Body
{
"total": 2,
"data": [
{
"id": 54,
"object_link_id": 62325,
"value": "This has some suspicious stuff.",
"creator_source_id": 8,
"created_at": "2018-04-02 16:19:51",
"updated_at": "2018-04-02 18:21:06",
"sources": [
{
"id": 8,
"type": "users",
"name": "Threat Quotient",
"expire_days": null,
"score": null,
"created_at": "2018-04-02 15:47:21",
"updated_at": "2018-04-02 15:47:21",
"pivot": {
"id": 54,
"creator_source_id": 8
}
}
]
},
{
"id": 56,
"object_link_id": 62325,
"value": "Compile date: 10/17/2011",
"creator_source_id": 8,
"created_at": "2018-04-02 16:20:25",
"updated_at": "2018-04-02 16:20:25",
"sources": [
{
"id": 8,
"type": "users",
"name": "Threat Quotient",
"expire_days": null,
"score": null,
"created_at": "2018-04-02 15:47:21",
"updated_at": "2018-04-02 15:47:21",
"pivot": {
"id": 56,
"creator_source_id": 8
}
}
]
}
]
}Response
401Access denied.
Create NewPOST/attachments/{attachment_id}/adversaries/{object_link_id}/comments
Create a new Attachment (File) Adversary link Comment.
Example URI
POST /attachments/1/adversaries/2/comments
URI Parameters
- attachment_id
integer(required) Example: 1Attachment ID
- object_link_id
integer(required) Example: 2Object Link ID
Request
Headers
Content-Type: application/json
Authorization: Bearer <access_token>Body
{
"value": "This is a comment."
}Response
201Object was created successfully.
Headers
Content-Type: application/jsonBody
{
"data": {
"creator_source_id": 5,
"id": 69,
"value": "This is a comment.",
"sources": [
{
"id": 5,
"name": "Threat Quotient"
}
],
"created_at": "2017-03-02 14:12:32",
"updated_at": "2017-03-02 14:12:32"
}
}Response
400Validation failed.
Headers
Content-Type: application/jsonBody
{
"errors": [
"Undefined index: value"
]
}Response
401Access denied.
Attachment Adversary Comment ¶
Get SingleGET/attachments/{attachment_id}/adversaries/{object_link_id}/comments/{object_link_comment_id}
Get a single Attachment (File) Adversary link Comment.
Example URI
GET /attachments/1/adversaries/2/comments/3
URI Parameters
- attachment_id
integer(required) Example: 1Attachment ID
- object_link_id
integer(required) Example: 2Object Link ID
- object_link_comment_id
integer(required) Example: 3Object Link Comment ID
Request
Headers
Authorization: Bearer <access_token>Response
200Object(s) retrieved successfully.
Body
{
"data": {
"id": 54,
"value": "This is a comment.",
"sources": [
{
"id": 5,
"name": "Threat Quotient"
}
],
"created_at": "2017-03-02 23:18:29",
"updated_at": "2017-03-02 23:18:29"
}
}Response
401Access denied.
Response
404Object not found.
UpdatePUT/attachments/{attachment_id}/adversaries/{object_link_id}/comments/{object_link_comment_id}
Update an Attachment (File) Adversary link Comment.
Example URI
PUT /attachments/1/adversaries/2/comments/3
URI Parameters
- attachment_id
integer(required) Example: 1Attachment ID
- object_link_id
integer(required) Example: 2Object Link ID
- object_link_comment_id
integer(required) Example: 3Object Link Comment ID
Request
Headers
Content-Type: application/json
Authorization: Bearer <access_token>Body
{
"value": "This is an updated comment."
}Response
201Object was created successfully.
Headers
Content-Type: application/jsonBody
{
"data": {
"creator_source_id": 5,
"value": "This is an updated comment.",
"id": 67,
"sources": [
{
"id": 5,
"name": "Threat Quotient"
}
],
"created_at": "2017-02-28 20:18:50",
"updated_at": "2017-03-02 14:37:49"
}
}Response
400Validation failed.
Headers
Content-Type: application/jsonBody
{
"data": {
"creator_source_id": 5,
"errors": {
"value": [
"The value field is required."
]
}
}
}Response
401Access denied.
Response
404Object not found.
DeleteDELETE/attachments/{attachment_id}/adversaries/{object_link_id}/comments/{object_link_comment_id}
Delete an Attachment (File) Adversary link Comment.
Example URI
DELETE /attachments/1/adversaries/2/comments/3
URI Parameters
- attachment_id
integer(required) Example: 1Attachment ID
- object_link_id
integer(required) Example: 2Object Link ID
- object_link_comment_id
integer(required) Example: 3Object Link Comment ID
Request
Headers
Authorization: Bearer <access_token>Response
204Object(s) were successfully deleted.
Response
401Access denied.
Response
404Object not found.
Attachment Attachments List ¶
Get ListGET/attachments/{attachment_id}/attachments{?limit,offset,sort,with}
Get a list of Attachment (File) Attachment links.
Example URI
GET /attachments/1/attachments?limit=500&offset=100&sort=id&with=sources,pivot.attributes
URI Parameters
- attachment_id
integer(required) Example: 1Attachment ID
- limit
integer(optional) Example: 500The maximum number of records to retrieve.
- offset
integer(optional) Example: 100Designate the record that will appear first in your retrieved list.
- sort
string(optional) Example: idDesignate the field(s) you want to use to sort the retrieved list. You can prepend each field with a minus sign (-) to reverse the sorting order. This string can be a list of comma-separated values.
- with
string(optional) Example: sources,pivot.attributesA comma-separated list of related objects to include in the response. Options for this endpoint: pivot.comments, pivot.comments.sources, pivot.attributes, pivot.attributes.attribute, pivot.attributes.sources, pivot.sources, sources.
Request
Headers
Authorization: Bearer <access_token>Response
200Object(s) retrieved successfully.
Body
{
"total": 2,
"data": [
{
"id": 2,
"type_id": 19,
"title": "Honeybooboo.sh",
"name": "Honeybooboo.sh",
"hash": "4ece432b22f92461f9c4d2de2656d3e3",
"content_type_id": 2,
"file_size": 75,
"path": "6/b/d/0/d/c/1/2/e/5/d/f/a/0/4/3/e/b/4/9/6/0/9/f/a/4/7/c/4/f/1/0",
"malware_locked": "0",
"placeholder": 0,
"description": null,
"created_at": "2018-04-02 15:47:22",
"updated_at": "2018-04-02 15:47:22",
"touched_at": "2018-04-02 17:39:18",
"deleted_at": null,
"sources": [
{
"name": "Threat Quotient"
}
],
"pivot": {
"id": 62326,
"src_type": "adversary",
"src_object_id": 1,
"dest_type": "attachment",
"dest_object_id": 2,
"created_at": "2018-04-02 17:39:18",
"updated_at": "2018-04-02 17:39:18",
"comments": [
{
"id": 57,
"type": "users",
"value": "This link is important.",
"source": "Threat Quotient",
"created_at": "2018-04-02 17:54:58.936000",
"updated_at": "2018-04-02 17:55:15.039000",
"creator_source_id": 8
}
],
"attributes": [
{
"id": 15067,
"name": "Industry",
"value": "Universities",
"sources": [
{
"id": 3,
"name": "Threat Quotient",
"type": "users",
"pivot": {
"created_at": "2018-04-02 16:17:00.689000",
"updated_at": "2018-04-02 16:17:00.689000"
}
}
]
}
],
"sources": [
{
"id": 24428,
"name": "Threat Quotient",
"type": "users",
"pivot": {
"created_at": "2018-04-02 17:39:18.781000",
"updated_at": "2018-04-02 17:39:18.781000"
}
}
]
}
},
{
"id": 1,
"type_id": 10,
"title": "parsing-sample.pdf",
"name": "parsing-sample.pdf",
"hash": "89e17b2f6cd3888864237b0ee10048f0",
"content_type_id": 1,
"file_size": 11300,
"path": "e/a/f/d/d/7/1/e/5/c/e/1/1/9/b/0/5/6/4/a/6/d/5/9/a/2/3/5/3/1/0/4",
"malware_locked": "0",
"placeholder": 0,
"description": null,
"created_at": "2018-04-02 15:47:22",
"updated_at": "2018-04-02 15:47:22",
"touched_at": "2018-04-02 17:40:48",
"deleted_at": null,
"sources": [
{
"name": "Threat Quotient"
}
],
"pivot": {
"id": 62327,
"src_type": "adversary",
"src_object_id": 1,
"dest_type": "attachment",
"dest_object_id": 1,
"created_at": "2018-04-02 17:40:48",
"updated_at": "2018-04-02 17:40:48",
"comments": [
{
"id": 58,
"type": "users",
"value": "This link is also important.",
"source": "Threat Quotient",
"created_at": "2018-04-02 17:55:30.995000",
"updated_at": "2018-04-02 17:55:30.995000",
"creator_source_id": 8
}
],
"attributes": [
{
"id": 15068,
"name": "Industry",
"value": "Mining",
"sources": [
{
"id": 4,
"name": "Threat Quotient",
"type": "users",
"pivot": {
"created_at": "2018-04-02 16:17:00.689000",
"updated_at": "2018-04-02 16:17:00.689000"
}
}
]
}
],
"sources": [
{
"id": 24430,
"name": "Threat Quotient",
"type": "users",
"pivot": {
"created_at": "2018-04-02 17:40:48.310000",
"updated_at": "2018-04-02 17:40:48.310000"
}
}
]
}
}
],
"limit": 100,
"offset": 0
}Response
401Access denied.
Create NewPOST/attachments/{attachment_id}/attachments
Create a link from an Attachment (File) to an Attachment.
Example URI
POST /attachments/1/attachments
URI Parameters
- attachment_id
integer(required) Example: 1Attachment ID
Request
Headers
Content-Type: application/json
Authorization: Bearer <access_token>Body
[
{
"id": 2
},
{
"id": 3
}
]Response
201Object was created successfully.
Headers
Content-Type: application/jsonBody
{
"total": 1,
"data": [
{
"id": 3,
"type_id": 3,
"title": "EXE like script",
"name": "Honeybooboo.sh",
"hash": "51774564f8d78fbddbfa22e1e7459af4",
"content_type_id": 1,
"file_size": 234234,
"malware_locked": 1,
"description": null,
"created_at": "2017-02-23 20:02:18",
"updated_at": "2017-02-23 20:02:18",
"touched_at": "2017-03-01 16:51:15",
"pivot": {
"id": 62394,
"created_at": "2017-03-01 16:51:15",
"updated_at": "2017-03-01 16:51:15"
}
}
]
}Response
400Validation failed.
Headers
Content-Type: application/jsonBody
{
"data": [
{
"errors": {
"id": [
"The id field is required."
]
}
}
]
}Response
401Access denied.
Bulk DeleteDELETE/attachments/{attachment_id}/attachments
Delete multiple Attachment (File) Attachment links. The request should include a list of object_link_ids to be deleted.
Example URI
DELETE /attachments/1/attachments
URI Parameters
- attachment_id
integer(required) Example: 1Attachment ID
Request
Headers
Content-Type: application/json
Authorization: Bearer <access_token>Body
[
62351,
62352
]Response
204Object(s) were successfully deleted.
Response
401Access denied.
Attachment Attachment ¶
Get SingleGET/attachments/{attachment_id}/attachments/{object_link_id}{?with}
Get a single Attachment (File) Attachment link.
Example URI
GET /attachments/1/attachments/2?with=sources,pivot.attributes
URI Parameters
- attachment_id
integer(required) Example: 1Attachment ID
- object_link_id
integer(required) Example: 2Object Link ID
- with
string(optional) Example: sources,pivot.attributesA comma-separated list of related objects to include in the response. Options for this endpoint: pivot.comments, pivot.comments.sources, pivot.attributes, pivot.attributes.attribute, pivot.attributes.sources, pivot.sources, sources.
Request
Headers
Authorization: Bearer <access_token>Response
200Object(s) retrieved successfully.
Body
{
"data": {
"id": 2,
"type_id": 19,
"title": "Honeybooboo.sh",
"name": "Honeybooboo.sh",
"hash": "4ece432b22f92461f9c4d2de2656d3e3",
"content_type_id": 2,
"file_size": 75,
"malware_locked": 0,
"placeholder": 0,
"description": null,
"created_at": "2018-04-02 15:47:22",
"updated_at": "2018-04-02 15:47:22",
"touched_at": "2018-04-02 17:39:18",
"pivot": {
"id": 62326,
"created_at": "2018-04-02 17:39:18",
"updated_at": "2018-04-02 17:39:18",
"comments": [
{
"id": 57,
"object_link_id": 62326,
"value": "This link is important.",
"creator_source_id": 8,
"created_at": "2018-04-02 17:54:58",
"updated_at": "2018-04-02 17:55:15",
"sources": [
{
"id": 8,
"type": "users",
"name": "Threat Quotient",
"expire_days": null,
"score": null,
"created_at": "2018-04-02 15:47:21",
"updated_at": "2018-04-02 15:47:21",
"pivot": {
"id": 57,
"creator_source_id": 8
}
}
]
}
],
"attributes": [
{
"id": 15067,
"object_link_id": 62326,
"attribute_id": 136,
"value": "Universities",
"created_at": "2018-04-02 17:46:43",
"updated_at": "2018-04-02 17:50:18",
"name": "Industry",
"attribute": {
"id": 136,
"name": "Industry",
"created_at": "2018-04-02 16:25:21",
"updated_at": "2018-04-02 16:25:21"
},
"sources": [
{
"id": 8,
"type": "users",
"name": "Threat Quotient",
"tlp_id": null,
"created_at": "2018-04-02 16:17:00",
"updated_at": "2018-04-02 16:17:00",
"published_at": null,
"pivot": {
"object_link_attribute_id": 15067,
"source_id": 8,
"id": 3,
"creator_source_id": 0
}
}
]
}
],
"sources": [
{
"id": 8,
"type": "users",
"name": "Threat Quotient",
"tlp_id": null,
"created_at": "2018-04-02 17:39:18",
"updated_at": "2018-04-02 17:39:18",
"published_at": null,
"pivot": {
"object_link_id": 62326,
"source_id": 8,
"id": 24428,
"creator_source_id": 8
}
}
]
},
"sources": [
{
"id": 8,
"type": "users",
"name": "Threat Quotient",
"tlp_id": null,
"created_at": "2018-04-02 15:47:22",
"updated_at": "2018-04-02 15:47:22",
"published_at": null,
"pivot": {
"attachment_id": 2,
"source_id": 8,
"id": 2,
"creator_source_id": 8
}
}
]
}
}Response
401Access denied.
Response
404Object not found.
DeleteDELETE/attachments/{attachment_id}/attachments/{object_link_id}
Delete an Attachment (File) Attachment link.
Example URI
DELETE /attachments/1/attachments/2
URI Parameters
- attachment_id
integer(required) Example: 1Attachment ID
- object_link_id
integer(required) Example: 2Object Link ID
Request
Headers
Authorization: Bearer <access_token>Response
204Object(s) were successfully deleted.
Response
401Access denied.
Response
404Object not found.
Attachment Attachment Attributes List ¶
Get ListGET/attachments/{attachment_id}/attachments/{object_link_id}/attributes{?limit,offset,sort}
Get a list of Attachment (File) Attachment link Attributes.
Example URI
GET /attachments/1/attachments/2/attributes?limit=500&offset=100&sort=id
URI Parameters
- attachment_id
integer(required) Example: 1Attachment ID
- object_link_id
integer(required) Example: 2Object Link ID
- limit
integer(optional) Example: 500The maximum number of records to retrieve.
- offset
integer(optional) Example: 100Designate the record that will appear first in your retrieved list.
- sort
string(optional) Example: idDesignate the field(s) you want to use to sort the retrieved list. You can prepend each field with a minus sign (-) to reverse the sorting order. This string can be a list of comma-separated values.
Request
Headers
Authorization: Bearer <access_token>Response
200Object(s) retrieved successfully.
Body
{
"total": 2,
"data": [
{
"id": 15067,
"object_link_id": 62326,
"attribute_id": 136,
"value": "Universities",
"created_at": "2018-04-02 17:46:43",
"updated_at": "2018-04-02 17:50:18",
"name": "Industry",
"attribute": {
"id": 136,
"name": "Industry",
"created_at": "2018-04-02 16:25:21",
"updated_at": "2018-04-02 16:25:21"
}
},
{
"id": 15068,
"object_link_id": 62326,
"attribute_id": 136,
"value": "Mining",
"created_at": "2018-04-02 17:52:14",
"updated_at": "2018-04-02 17:52:14",
"name": "Industry",
"attribute": {
"id": 136,
"name": "Industry",
"created_at": "2018-04-02 16:25:21",
"updated_at": "2018-04-02 16:25:21"
}
}
]
}Response
401Access denied.
Create NewPOST/attachments/{attachment_id}/attachments/{object_link_id}/attributes
Create a new Attachment (File) Attachment link Attribute.
Example URI
POST /attachments/1/attachments/2/attributes
URI Parameters
- attachment_id
integer(required) Example: 1Attachment ID
- object_link_id
integer(required) Example: 2Object Link ID
Request
Headers
Content-Type: application/json
Authorization: Bearer <access_token>Body
{
"name": "Port",
"value": "4000",
"sources": [
{
"name": "TQ User",
"tlp": {
"name": "RED"
},
"published_at": "2017-02-28 01:01:01"
}
]
}Response
201Object was created successfully.
Headers
Content-Type: application/jsonBody
{
"data": [
{
"id": 15059,
"object_link_id": 61561,
"attribute_id": 401,
"value": "4000",
"created_at": "2017-03-01 21:47:14",
"updated_at": "2017-03-01 21:47:14",
"deleted_at": null
}
]
}Response
400Validation failed.
Headers
Content-Type: application/jsonBody
{
"errors": [
"Undefined index: value"
]
}Response
401Access denied.
Attachment Attachment Attribute ¶
Get SingleGET/attachments/{attachment_id}/attachments/{object_link_id}/attributes/{object_link_attribute_id}
Get a single Attachment (File) Attachment link Attribute.
Example URI
GET /attachments/1/attachments/2/attributes/3
URI Parameters
- attachment_id
integer(required) Example: 1Attachment ID
- object_link_id
integer(required) Example: 2Object Link ID
- object_link_attribute_id
integer(required) Example: 3Object Link Attribute ID
Request
Headers
Authorization: Bearer <access_token>Response
200Object(s) retrieved successfully.
Body
{
"data": {
"id": 15068,
"object_link_id": 62326,
"attribute_id": 136,
"value": "Mining",
"created_at": "2018-04-02 17:52:14",
"updated_at": "2018-04-02 17:52:14",
"name": "Industry",
"attribute": {
"id": 136,
"name": "Industry",
"created_at": "2018-04-02 16:25:21",
"updated_at": "2018-04-02 16:25:21"
}
}
}Response
401Access denied.
Response
404Object not found.
UpdatePUT/attachments/{attachment_id}/attachments/{object_link_id}/attributes/{object_link_attribute_id}
Update an Attachment (File) Attachment link Attribute.
Example URI
PUT /attachments/1/attachments/2/attributes/3
URI Parameters
- attachment_id
integer(required) Example: 1Attachment ID
- object_link_id
integer(required) Example: 2Object Link ID
- object_link_attribute_id
integer(required) Example: 3Object Link Attribute ID
Request
Headers
Content-Type: application/json
Authorization: Bearer <access_token>Body
{
"value": "New Value",
"tlp": {
"name": "RED"
}
}Response
200Object(s) retrieved successfully.
Body
{
"data": [
{
"id": 15058,
"object_link_id": 61561,
"attribute_id": 14,
"value": "New Value",
"created_at": "2017-01-24 14:54:31",
"updated_at": "2017-03-01 22:13:22",
"deleted_at": null
}
]
}Response
400Validation failed.
Headers
Content-Type: application/jsonBody
{
"errors": [
"Undefined index: value"
]
}Response
401Access denied.
Response
404Object not found.
DeleteDELETE/attachments/{attachment_id}/attachments/{object_link_id}/attributes/{object_link_attribute_id}
Delete an Attachment (File) Attachment link Attribute.
Example URI
DELETE /attachments/1/attachments/2/attributes/3
URI Parameters
- attachment_id
integer(required) Example: 1Attachment ID
- object_link_id
integer(required) Example: 2Object Link ID
- object_link_attribute_id
integer(required) Example: 3Object Link Attribute ID
Request
Headers
Authorization: Bearer <access_token>Response
204Object(s) were successfully deleted.
Response
401Access denied.
Response
404Object not found.
Attachment Attachment Comments List ¶
Get ListGET/attachments/{attachment_id}/attachments/{object_link_id}/comments{?limit,offset,sort,with}
Get a list of Attachment (File) Attachment link Comments.
Example URI
GET /attachments/1/attachments/2/comments?limit=500&offset=100&sort=id&with=sources
URI Parameters
- attachment_id
integer(required) Example: 1Attachment ID
- object_link_id
integer(required) Example: 2Object Link ID
- limit
integer(optional) Example: 500The maximum number of records to retrieve.
- offset
integer(optional) Example: 100Designate the record that will appear first in your retrieved list.
- sort
string(optional) Example: idDesignate the field(s) you want to use to sort the retrieved list. You can prepend each field with a minus sign (-) to reverse the sorting order. This string can be a list of comma-separated values.
- with
string(optional) Example: sourcesA comma-separated list of related objects to include in the response. Options for this endpoint: sources.
Request
Headers
Authorization: Bearer <access_token>Response
200Object(s) retrieved successfully.
Body
{
"total": 2,
"data": [
{
"id": 54,
"object_link_id": 62325,
"value": "This has some suspicious stuff.",
"creator_source_id": 8,
"created_at": "2018-04-02 16:19:51",
"updated_at": "2018-04-02 18:21:06",
"sources": [
{
"id": 8,
"type": "users",
"name": "Threat Quotient",
"expire_days": null,
"score": null,
"created_at": "2018-04-02 15:47:21",
"updated_at": "2018-04-02 15:47:21",
"pivot": {
"id": 54,
"creator_source_id": 8
}
}
]
},
{
"id": 56,
"object_link_id": 62325,
"value": "Compile date: 10/17/2011",
"creator_source_id": 8,
"created_at": "2018-04-02 16:20:25",
"updated_at": "2018-04-02 16:20:25",
"sources": [
{
"id": 8,
"type": "users",
"name": "Threat Quotient",
"expire_days": null,
"score": null,
"created_at": "2018-04-02 15:47:21",
"updated_at": "2018-04-02 15:47:21",
"pivot": {
"id": 56,
"creator_source_id": 8
}
}
]
}
]
}Response
401Access denied.
Create NewPOST/attachments/{attachment_id}/attachments/{object_link_id}/comments
Create a new Attachment (File) Attachment link Comment.
Example URI
POST /attachments/1/attachments/2/comments
URI Parameters
- attachment_id
integer(required) Example: 1Attachment ID
- object_link_id
integer(required) Example: 2Object Link ID
Request
Headers
Content-Type: application/json
Authorization: Bearer <access_token>Body
{
"value": "This is a comment."
}Response
201Object was created successfully.
Headers
Content-Type: application/jsonBody
{
"data": {
"creator_source_id": 5,
"id": 69,
"value": "This is a comment.",
"sources": [
{
"id": 5,
"name": "Threat Quotient"
}
],
"created_at": "2017-03-02 14:12:32",
"updated_at": "2017-03-02 14:12:32"
}
}Response
400Validation failed.
Headers
Content-Type: application/jsonBody
{
"errors": [
"Undefined index: value"
]
}Response
401Access denied.
Attachment Attachment Comment ¶
Get SingleGET/attachments/{attachment_id}/attachments/{object_link_id}/comments/{object_link_comment_id}
Get a single Attachment (File) Attachment link Comment.
Example URI
GET /attachments/1/attachments/2/comments/3
URI Parameters
- attachment_id
integer(required) Example: 1Attachment ID
- object_link_id
integer(required) Example: 2Object Link ID
- object_link_comment_id
integer(required) Example: 3Object Link Comment ID
Request
Headers
Authorization: Bearer <access_token>Response
200Object(s) retrieved successfully.
Body
{
"data": {
"id": 54,
"value": "This is a comment.",
"sources": [
{
"id": 5,
"name": "Threat Quotient"
}
],
"created_at": "2017-03-02 23:18:29",
"updated_at": "2017-03-02 23:18:29"
}
}Response
401Access denied.
Response
404Object not found.
UpdatePUT/attachments/{attachment_id}/attachments/{object_link_id}/comments/{object_link_comment_id}
Update an Attachment (File) Attachment link Comment.
Example URI
PUT /attachments/1/attachments/2/comments/3
URI Parameters
- attachment_id
integer(required) Example: 1Attachment ID
- object_link_id
integer(required) Example: 2Object Link ID
- object_link_comment_id
integer(required) Example: 3Object Link Comment ID
Request
Headers
Content-Type: application/json
Authorization: Bearer <access_token>Body
{
"value": "This is an updated comment."
}Response
201Object was created successfully.
Headers
Content-Type: application/jsonBody
{
"data": {
"creator_source_id": 5,
"value": "This is an updated comment.",
"id": 67,
"sources": [
{
"id": 5,
"name": "Threat Quotient"
}
],
"created_at": "2017-02-28 20:18:50",
"updated_at": "2017-03-02 14:37:49"
}
}Response
400Validation failed.
Headers
Content-Type: application/jsonBody
{
"data": {
"creator_source_id": 5,
"errors": {
"value": [
"The value field is required."
]
}
}
}Response
401Access denied.
Response
404Object not found.
DeleteDELETE/attachments/{attachment_id}/attachments/{object_link_id}/comments/{object_link_comment_id}
Delete an Attachment (File) Attachment link Comment.
Example URI
DELETE /attachments/1/attachments/2/comments/3
URI Parameters
- attachment_id
integer(required) Example: 1Attachment ID
- object_link_id
integer(required) Example: 2Object Link ID
- object_link_comment_id
integer(required) Example: 3Object Link Comment ID
Request
Headers
Authorization: Bearer <access_token>Response
204Object(s) were successfully deleted.
Response
401Access denied.
Response
404Object not found.
Attachment Attributes List ¶
Get ListGET/attachments/{attachment_id}/attributes{?limit,offset,sort,with}
Get a list of Attachment (File) Attributes.
Example URI
GET /attachments/1/attributes?limit=500&offset=100&sort=id&with=attribute,sources
URI Parameters
- attachment_id
integer(required) Example: 1Attachment ID
- limit
integer(optional) Example: 500The maximum number of records to retrieve.
- offset
integer(optional) Example: 100Designate the record that will appear first in your retrieved list.
- sort
string(optional) Example: idDesignate the field(s) you want to use to sort the retrieved list. You can prepend each field with a minus sign (-) to reverse the sorting order. This string can be a list of comma-separated values.
- with
string(optional) Example: attribute,sourcesA comma-separated list of related objects to include in the response. Options for this endpoint: attribute, sources.
Request
Headers
Authorization: Bearer <access_token>Response
200Object(s) retrieved successfully.
Body
{
"total": 2,
"data": [
{
"id": 1,
"attachment_id": 1,
"attribute_id": 68,
"value": "Koobface payload aolsbm.2.exe",
"created_at": "2017-02-03 21:22:36",
"updated_at": "2017-02-03 21:22:36",
"name": "Registrant",
"attribute": {
"id": 68,
"name": "Registrant",
"created_at": "2017-02-22 13:02:07",
"updated_at": "2017-03-01 13:03:07"
}
},
{
"id": 2,
"attachment_id": 1,
"attribute_id": 69,
"value": "Riskware%2FOpenCandy",
"created_at": "2017-02-03 21:22:36",
"updated_at": "2017-02-03 21:22:36",
"name": "Registrant Email",
"attribute": {
"id": 69,
"name": "Registrant Email",
"created_at": "2017-03-15 13:03:07",
"updated_at": "2017-03-06 13:03:07"
}
}
]
}Response
401Access denied.
Create NewPOST/attachments/{attachment_id}/attributes
Create a new Attachment (File) Attribute.
Example URI
POST /attachments/1/attributes
URI Parameters
- attachment_id
integer(required) Example: 1Attachment ID
Request
Headers
Content-Type: application/json
Authorization: Bearer <access_token>Body
{
"name": "Port",
"value": "4000",
"sources": [
{
"name": "TQ User",
"tlp": {
"name": "RED"
},
"published_at": "2017-02-28 01:01:01"
}
]
}Response
201Object was created successfully.
Headers
Content-Type: application/jsonBody
{
"total": 1,
"data": [
{
"value": "Test Value",
"attachment_id": 1,
"updated_at": "2017-03-17 02:35:19",
"created_at": "2017-03-17 02:35:19",
"id": 4,
"name": "Test Attribute",
"attribute": {
"name": "Test Attribute"
},
"sources": [
{
"id": 12,
"type": "other_sources",
"name": "Source",
"tlp_id": 1,
"created_at": "2017-03-17 02:35:20",
"updated_at": "2017-03-17 02:35:20",
"published_at": "2017-02-28 00:00:00",
"pivot": {
"attachment_attribute_id": 4,
"source_id": 12,
"id": 2,
"creator_source_id": 5
}
}
]
}
]
}Response
400Validation failed.
Headers
Content-Type: application/jsonBody
{
"data": {
"attachment_id": "1",
"errors": {
"value": [
"The value field is required."
]
}
}
}Response
401Access denied.
Attachment Attribute ¶
Get SingleGET/attachments/{attachment_id}/attributes/{attachment_attribute_id}{?with}
Get a single Attachment (File) Attribute.
Example URI
GET /attachments/1/attributes/2?with=attribute,sources
URI Parameters
- attachment_id
integer(required) Example: 1Attachment ID
- attachment_attribute_id
integer(required) Example: 2Attachment Attribute ID
- with
string(optional) Example: attribute,sourcesA comma-separated list of related objects to include in the response. Options for this endpoint: attribute, sources.
Request
Headers
Authorization: Bearer <access_token>Response
200Object(s) retrieved successfully.
Body
{
"data": {
"id": 1,
"attachment_id": 1,
"attribute_id": 68,
"value": "Koobface payload aolsbm.2.exe",
"created_at": "2017-02-03 21:22:36",
"updated_at": "2017-02-03 21:22:36",
"name": "Registrant",
"attribute": {
"id": 68,
"name": "Registrant",
"created_at": "2017-02-22 13:02:07",
"updated_at": "2017-03-01 13:03:07"
}
}
}Response
401Access denied.
Response
404Object not found.
UpdatePUT/attachments/{attachment_id}/attributes/{attachment_attribute_id}{?with}
Update an Attachment (File) Attribute.
Example URI
PUT /attachments/1/attributes/2?with=attribute,sources
URI Parameters
- attachment_id
integer(required) Example: 1Attachment ID
- attachment_attribute_id
integer(required) Example: 2Attachment Attribute ID
- with
string(optional) Example: attribute,sourcesA comma-separated list of related objects to include in the response. Options for this endpoint: attribute, sources.
Request
Headers
Content-Type: application/json
Authorization: Bearer <access_token>Body
{
"value": "New Value",
"tlp": {
"name": "RED"
}
}Response
201Object was created successfully.
Headers
Content-Type: application/jsonBody
{
"data": {
"id": 1,
"attachment_id": 1,
"attribute_id": 68,
"value": "New Value",
"created_at": "2017-02-03 21:22:36",
"updated_at": "2017-03-17 13:05:34",
"name": "Registrant",
"attribute": {
"id": 68,
"name": "Registrant",
"created_at": "2017-02-22 13:02:07",
"updated_at": "2017-03-01 13:03:07"
}
}
}Response
400Validation failed.
Headers
Content-Type: application/jsonBody
{
"data": {
"attachment_id": "1",
"attribute_id": "1",
"errors": {
"value": [
"The value field is required."
]
},
"name": "Accessed Time",
"attribute": {
"id": 1,
"name": "Accessed Time",
"created_at": "2017-03-10 13:03:07",
"updated_at": "2017-03-01 13:03:07"
}
}
}Response
401Access denied.
Response
404Object not found.
DeleteDELETE/attachments/{attachment_id}/attributes/{attachment_attribute_id}
Delete an Attachment (File) Attribute.
Example URI
DELETE /attachments/1/attributes/2
URI Parameters
- attachment_id
integer(required) Example: 1Attachment ID
- attachment_attribute_id
integer(required) Example: 2Attachment Attribute ID
Request
Headers
Authorization: Bearer <access_token>Response
204Object(s) were successfully deleted.
Response
401Access denied.
Response
404Object not found.
Attachment Attribute Source ¶
UpdatePUT/attachments/{attachment_id}/attributes/{attachment_attribute_id}/sources/{attachment_attribute_source_id}
Update an Attachment (File) Attribute Source.
Example URI
PUT /attachments/1/attributes/2/sources/3
URI Parameters
- attachment_id
integer(required) Example: 1Attachment ID
- attachment_attribute_id
integer(required) Example: 2Attachment Attribute ID
- attachment_attribute_source_id
integer(required) Example: 3Attachment Attribute Source ID
Request
Headers
Content-Type: application/json
Authorization: Bearer <access_token>Body
{
"tlp": {
"name": "RED"
}
}Response
200Object(s) retrieved successfully.
Body
{
"data": {
"id": 1,
"attachment_attribute_id": 1,
"source_id": 8,
"tlp_id": 1,
"created_at": "2018-09-20 21:22:20",
"updated_at": "2018-09-20 21:23:46",
"published_at": "2017-01-01 01:01:01",
"creator_source_id": 8
}
}Response
401Access denied.
Response
404Object not found.
DeleteDELETE/attachments/{attachment_id}/attributes/{attachment_attribute_id}/sources/{attachment_attribute_source_id}
Delete an Attachment (File) Attribute Source.
Example URI
DELETE /attachments/1/attributes/2/sources/3
URI Parameters
- attachment_id
integer(required) Example: 1Attachment ID
- attachment_attribute_id
integer(required) Example: 2Attachment Attribute ID
- attachment_attribute_source_id
integer(required) Example: 3Attachment Attribute Source ID
Request
Headers
Authorization: Bearer <access_token>Response
204Object(s) were successfully deleted.
Response
401Access denied.
Response
404Object not found.
Attachment Comments List ¶
Get ListGET/attachments/{attachment_id}/comments{?limit,offset,sort,with}
Get a list of Attachment (File) Comments.
Example URI
GET /attachments/1/comments?limit=500&offset=100&sort=id&with=attachment,sources
URI Parameters
- attachment_id
integer(required) Example: 1Attachment ID
- limit
integer(optional) Example: 500The maximum number of records to retrieve.
- offset
integer(optional) Example: 100Designate the record that will appear first in your retrieved list.
- sort
string(optional) Example: idDesignate the field(s) you want to use to sort the retrieved list. You can prepend each field with a minus sign (-) to reverse the sorting order. This string can be a list of comma-separated values.
- with
string(optional) Example: attachment,sourcesA comma-separated list of related objects to include in the response. Options for this endpoint: attachment, sources.
Request
Headers
Authorization: Bearer <access_token>Response
200Object(s) retrieved successfully.
Body
{
"total": 2,
"data": [
{
"id": 2,
"attachment_id": 1,
"value": "Hey John, did you update this last week?",
"creator_source_id": 9,
"created_at": "2017-01-20 23:35:21",
"updated_at": "2017-01-20 23:35:21"
},
{
"id": 4,
"attachment_id": 1,
"value": "This file has not been updated.",
"creator_source_id": 5,
"created_at": "2017-03-16 20:26:25",
"updated_at": "2017-03-16 20:26:25"
}
]
}Response
401Access denied.
Create NewPOST/attachments/{attachment_id}/comments
Create a new Attachment (File) Comment.
Example URI
POST /attachments/1/comments
URI Parameters
- attachment_id
integer(required) Example: 1Attachment ID
Request
Headers
Content-Type: application/json
Authorization: Bearer <access_token>Body
{
"value": "This is a comment."
}Response
201Object was created successfully.
Headers
Content-Type: application/jsonBody
{
"data": {
"id": 5,
"attachment_id": 1,
"value": "This is a comment.",
"creator_source_id": 5,
"created_at": "2017-03-16 20:34:15",
"updated_at": "2017-03-16 20:34:15",
"sources": [
{
"id": 5,
"type": "users",
"name": "Threat Quotient",
"expire_days": null,
"score": null,
"created_at": "2017-03-16 13:04:06",
"updated_at": "2017-03-16 13:04:06",
"pivot": {
"id": 5,
"creator_source_id": 5
}
}
]
}
}Response
400Validation failed.
Headers
Content-Type: application/jsonBody
{
"data": {
"creator_source_id": 5,
"attachment_id": "1",
"errors": {
"value": [
"The value field is required."
]
}
}
}Response
401Access denied.
Attachment Comment ¶
UpdatePUT/attachments/{attachment_id}/comments/{attachment_comment_id}{?with}
Update an Attachment (File) Comment.
Example URI
PUT /attachments/1/comments/2?with=attachment,sources
URI Parameters
- attachment_id
integer(required) Example: 1Attachment ID
- attachment_comment_id
integer(required) Example: 2Attachment Comment ID
- with
string(optional) Example: attachment,sourcesA comma-separated list of related objects to include in the response. Options for this endpoint: attachment, sources.
Request
Headers
Content-Type: application/json
Authorization: Bearer <access_token>Body
{
"value": "This is an updated comment."
}Response
201Object was created successfully.
Headers
Content-Type: application/jsonBody
{
"data": {
"id": 4,
"attachment_id": 1,
"value": "This is an updated comment.",
"creator_source_id": 5,
"created_at": "2017-03-16 20:26:25",
"updated_at": "2017-03-16 20:38:01",
"sources": [
{
"id": 5,
"type": "users",
"name": "Threat Quotient",
"expire_days": null,
"score": null,
"created_at": "2017-03-16 13:04:06",
"updated_at": "2017-03-16 13:04:06",
"pivot": {
"id": 4,
"creator_source_id": 5
}
}
]
}
}Response
400Validation failed.
Headers
Content-Type: application/jsonBody
{
"errors": [
"The current authenticated owner is not the owner of this comment."
]
}Response
401Access denied.
Response
404Object not found.
DeleteDELETE/attachments/{attachment_id}/comments/{attachment_comment_id}
Delete an Attachment (File) Comment.
Example URI
DELETE /attachments/1/comments/2
URI Parameters
- attachment_id
integer(required) Example: 1Attachment ID
- attachment_comment_id
integer(required) Example: 2Attachment Comment ID
Request
Headers
Authorization: Bearer <access_token>Response
204Object(s) were successfully deleted.
Response
401Access denied.
Response
404Object not found.
Attachment Comment Short ¶
Get SingleGET/attachments/comments/{attachment_comment_id}{?with}
Get a single Attachment (File) Comment.
Example URI
GET /attachments/comments/2?with=attachment,sources
URI Parameters
- attachment_comment_id
integer(required) Example: 2Attachment Comment ID
- with
string(optional) Example: attachment,sourcesA comma-separated list of related objects to include in the response. Options for this endpoint: attachment, sources.
Request
Headers
Authorization: Bearer <access_token>Response
200Object(s) retrieved successfully.
Body
{
"data": {
"id": 54,
"value": "This is a comment.",
"sources": [
{
"id": 5,
"name": "Threat Quotient"
}
],
"created_at": "2017-03-02 23:18:29",
"updated_at": "2017-03-02 23:18:29"
}
}Response
401Access denied.
Response
404Object not found.
UpdatePUT/attachments/comments/{attachment_comment_id}{?with}
Update an Attachment (File) Comment.
Example URI
PUT /attachments/comments/2?with=attachment,sources
URI Parameters
- attachment_comment_id
integer(required) Example: 2Attachment Comment ID
- with
string(optional) Example: attachment,sourcesA comma-separated list of related objects to include in the response. Options for this endpoint: attachment, sources.
Request
Headers
Content-Type: application/json
Authorization: Bearer <access_token>Body
{
"value": "This is an updated comment."
}Response
201Object was created successfully.
Headers
Content-Type: application/jsonBody
{
"data": {
"id": 4,
"attachment_id": 1,
"value": "This is an updated comment.",
"creator_source_id": 5,
"created_at": "2017-03-16 20:26:25",
"updated_at": "2017-03-16 20:38:01",
"sources": [
{
"id": 5,
"type": "users",
"name": "Threat Quotient",
"expire_days": null,
"score": null,
"created_at": "2017-03-16 13:04:06",
"updated_at": "2017-03-16 13:04:06",
"pivot": {
"id": 4,
"creator_source_id": 5
}
}
]
}
}Response
400Validation failed.
Headers
Content-Type: application/jsonBody
{
"errors": [
"The current authenticated owner is not the owner of this comment."
]
}Response
401Access denied.
Response
404Object not found.
DeleteDELETE/attachments/comments/{attachment_comment_id}
Delete an Attachment (File) Comment.
Example URI
DELETE /attachments/comments/2
URI Parameters
- attachment_comment_id
integer(required) Example: 2Attachment Comment ID
Request
Headers
Authorization: Bearer <access_token>Response
204Object(s) were successfully deleted.
Response
401Access denied.
Response
404Object not found.
Attachment Download ¶
Attachment DownloadGET/attachments/{attachment_id}/download
Download an attachment (file).
Example URI
GET /attachments/1/download
URI Parameters
- attachment_id
integer(required) Example: 1Attachment ID
Request
Headers
Authorization: Bearer <access_token>Response
200Object(s) retrieved successfully.
Body
Contents of the file.Response
401Access denied.
Response
404Object not found.
Attachment Events List ¶
Get ListGET/attachments/{attachment_id}/events{?limit,offset,sort,with}
Get a list of Attachment (File) Event links.
Example URI
GET /attachments/1/events?limit=500&offset=100&sort=id&with=sources,pivot.attributes
URI Parameters
- attachment_id
integer(required) Example: 1Attachment ID
- limit
integer(optional) Example: 500The maximum number of records to retrieve.
- offset
integer(optional) Example: 100Designate the record that will appear first in your retrieved list.
- sort
string(optional) Example: idDesignate the field(s) you want to use to sort the retrieved list. You can prepend each field with a minus sign (-) to reverse the sorting order. This string can be a list of comma-separated values.
- with
string(optional) Example: sources,pivot.attributesA comma-separated list of related objects to include in the response. Options for this endpoint: pivot.comments, pivot.comments.sources, pivot.attributes, pivot.attributes.attribute, pivot.attributes.sources, pivot.sources, sources.
Request
Headers
Authorization: Bearer <access_token>Response
200Object(s) retrieved successfully.
Body
{
"total": 2,
"data": [
{
"id": 13,
"type_id": 1,
"title": "Origin - http://halvorson.com/quia-reprehenderit-ullam-aut-accusantium-iusto-voluptas-omnis",
"description": "",
"happened_at": "2018-01-25 03:17:53",
"hash": "0ba76d18a6e5350a8e5979b5676bc8c8",
"created_at": "2018-01-25 03:17:53",
"updated_at": "2018-01-25 03:17:53",
"touched_at": "2018-04-03 15:34:22",
"deleted_at": null,
"sources": [
{
"name": "Threat Quotient"
}
],
"pivot": {
"id": 61077,
"src_type": "adversary",
"src_object_id": 1,
"dest_type": "event",
"dest_object_id": 13,
"created_at": "2018-02-26 00:36:06",
"updated_at": "2018-04-03 15:34:20",
"comments": [
{
"id": 55,
"type": "users",
"value": "This is important.",
"source": "Threat Quotient",
"created_at": "2018-04-04 14:42:46.690000",
"updated_at": "2018-04-04 14:42:46.690000",
"creator_source_id": 8
}
],
"attributes": [
{
"id": 14948,
"name": "Industry",
"value": "Universities",
"sources": [
{
"id": 1,
"name": "Threat Quotient",
"type": "users",
"pivot": {
"created_at": "0000-00-00 00:00:00",
"updated_at": "0000-00-00 00:00:00"
}
}
]
}
],
"sources": [
{
"id": 22414,
"name": "Threat Quotient",
"type": "clients",
"pivot": {
"created_at": "2018-03-05 22:01:33",
"updated_at": "2018-04-03 15:34:22.693000"
}
}
]
}
},
{
"id": 46,
"type_id": 1,
"title": "Origin - http://kling.com/voluptate-nihil-sit-est-aut",
"description": "",
"happened_at": "2017-12-31 23:17:05",
"hash": "e2e96a1516420fc05ad8ac04de52bd89",
"created_at": "2017-12-31 23:17:05",
"updated_at": "2017-12-31 23:17:05",
"touched_at": "2018-04-03 15:34:22",
"deleted_at": null,
"sources": [
{
"name": "Domain Tools"
},
{
"name": "Emerging Threats"
},
{
"name": "VirusTotal"
}
],
"pivot": {
"id": 61144,
"src_type": "adversary",
"src_object_id": 1,
"dest_type": "event",
"dest_object_id": 46,
"created_at": "2018-03-01 23:54:52",
"updated_at": "2018-04-03 15:34:20",
"comments": [
{
"id": 56,
"type": "users",
"value": "This is also important.",
"source": "Threat Quotient",
"created_at": "2018-04-04 14:43:10.692000",
"updated_at": "2018-04-04 14:43:10.692000",
"creator_source_id": 8
}
],
"attributes": [
{
"id": 14949,
"name": "Industry",
"value": "Mining",
"sources": [
{
"id": 2,
"name": "Threat Quotient",
"type": "users",
"pivot": {
"created_at": "0000-00-00 00:00:00",
"updated_at": "0000-00-00 00:00:00"
}
}
]
}
],
"sources": [
{
"id": 22513,
"name": "Threat Quotient",
"type": "users",
"pivot": {
"created_at": "2018-02-24 09:36:30",
"updated_at": "2018-04-03 15:34:22.693000"
}
},
{
"id": 22514,
"name": "Customer Observer",
"type": "users",
"pivot": {
"created_at": "2018-02-25 22:27:11",
"updated_at": "2018-04-03 15:34:22.693000"
}
}
]
}
}
],
"limit": 100,
"offset": 0
}Response
401Access denied.
Create NewPOST/attachments/{attachment_id}/events
Create a link from an Event to an Attachment (File).
Example URI
POST /attachments/1/events
URI Parameters
- attachment_id
integer(required) Example: 1Attachment ID
Request
Headers
Content-Type: application/json
Authorization: Bearer <access_token>Body
[
{
"id": 2
},
{
"id": 3
}
]Response
201Object was created successfully.
Headers
Content-Type: application/jsonBody
{
"total": 1,
"data": [
{
"id": 202,
"type_id": 2,
"title": "Origin - http://www.durgan.biz/vel-omnis-impedit-at-quod-quasi-reiciendis.html",
"description": "",
"happened_at": "2016-12-05 20:01:48",
"hash": "d13e682a5d567d51b99f676b7bdef980",
"created_at": "2016-12-05 20:01:48",
"updated_at": "2016-12-05 20:01:48",
"touched_at": "2017-02-28 20:14:59",
"pivot": {
"id": 62396,
"created_at": "2017-03-01 20:55:10",
"updated_at": "2017-03-01 20:55:10"
}
}
]
}Response
400Validation failed.
Headers
Content-Type: application/jsonBody
{
"data": [
{
"errors": {
"id": [
"The id field is required."
]
}
}
]
}Response
401Access denied.
Bulk DeleteDELETE/attachments/{attachment_id}/events
Delete multiple Attachment (File) Event links. The request should include a list of object_link_ids to be deleted.
Example URI
DELETE /attachments/1/events
URI Parameters
- attachment_id
integer(required) Example: 1Attachment ID
Request
Headers
Content-Type: application/json
Authorization: Bearer <access_token>Body
[
62351,
62352
]Response
204Object(s) were successfully deleted.
Response
401Access denied.
Attachment Event ¶
Get SingleGET/attachments/{attachment_id}/events/{object_link_id}{?with}
Get a single Attachment (File) Event link.
Example URI
GET /attachments/1/events/2?with=sources,pivot.attributes
URI Parameters
- attachment_id
integer(required) Example: 1Attachment ID
- object_link_id
integer(required) Example: 2Object Link ID
- with
string(optional) Example: sources,pivot.attributesA comma-separated list of related objects to include in the response. Options for this endpoint: pivot.comments, pivot.comments.sources, pivot.attributes, pivot.attributes.attribute, pivot.attributes.sources, pivot.sources, sources.
Request
Headers
Authorization: Bearer <access_token>Response
200Object(s) retrieved successfully.
Body
{
"data": {
"id": 13,
"type_id": 1,
"title": "Origin - http://halvorson.com/quia-reprehenderit-ullam-aut-accusantium-iusto-voluptas-omnis",
"description": "",
"happened_at": "2018-01-25 03:17:53",
"hash": "0ba76d18a6e5350a8e5979b5676bc8c8",
"created_at": "2018-01-25 03:17:53",
"updated_at": "2018-01-25 03:17:53",
"touched_at": "2018-04-03 15:34:22",
"pivot": {
"id": 61077,
"created_at": "2018-02-26 00:36:06",
"updated_at": "2018-04-03 15:34:20",
"comments": [
{
"id": 55,
"object_link_id": 61077,
"value": "This is important.",
"creator_source_id": 8,
"created_at": "2018-04-04 14:42:46",
"updated_at": "2018-04-04 14:42:46",
"sources": [
{
"id": 8,
"type": "users",
"name": "Threat Quotient",
"expire_days": null,
"score": null,
"created_at": "2018-04-03 15:31:57",
"updated_at": "2018-04-03 15:31:57",
"pivot": {
"id": 55,
"creator_source_id": 8
}
}
]
}
],
"attributes": [
{
"id": 14948,
"object_link_id": 61077,
"attribute_id": 135,
"value": "Universities",
"created_at": "2018-04-04 14:38:39",
"updated_at": "2018-04-04 14:38:39",
"name": "Industry",
"attribute": {
"id": 135,
"name": "Industry",
"created_at": "2018-04-03 19:41:04",
"updated_at": "2018-04-03 19:41:04"
},
"sources": [
{
"id": 8,
"type": "users",
"name": "Threat Quotient",
"tlp_id": null,
"created_at": "-0001-11-30 00:00:00",
"updated_at": "-0001-11-30 00:00:00",
"published_at": null,
"pivot": {
"object_link_attribute_id": 14948,
"source_id": 8,
"id": 1,
"creator_source_id": 0
}
}
]
}
],
"sources": [
{
"id": 2,
"type": "clients",
"name": "Threat Quotient",
"tlp_id": null,
"created_at": "2018-03-05 22:01:33",
"updated_at": "2018-04-03 15:34:22",
"published_at": null,
"pivot": {
"object_link_id": 61077,
"source_id": 2,
"id": 22414,
"creator_source_id": 2
}
}
]
},
"sources": [
{
"id": 8,
"type": "users",
"name": "Threat Quotient",
"tlp_id": null,
"created_at": "2018-02-24 22:23:15",
"updated_at": "2018-04-03 15:34:22",
"published_at": null,
"pivot": {
"event_id": 13,
"source_id": 8,
"id": 27,
"creator_source_id": 8
}
}
]
}
}Response
401Access denied.
Response
404Object not found.
DeleteDELETE/attachments/{attachment_id}/events/{object_link_id}
Delete an Attachment (File) Event link.
Example URI
DELETE /attachments/1/events/2
URI Parameters
- attachment_id
integer(required) Example: 1Attachment ID
- object_link_id
integer(required) Example: 2Object Link ID
Request
Headers
Authorization: Bearer <access_token>Response
204Object(s) were successfully deleted.
Response
401Access denied.
Response
404Object not found.
Attachment Event Attributes List ¶
Get ListGET/attachments/{attachment_id}/events/{object_link_id}/attributes{?limit,offset,sort}
Get a list of Attachment (File) Event link Attributes.
Example URI
GET /attachments/1/events/2/attributes?limit=500&offset=100&sort=id
URI Parameters
- attachment_id
integer(required) Example: 1Attachment ID
- object_link_id
integer(required) Example: 2Object Link ID
- limit
integer(optional) Example: 500The maximum number of records to retrieve.
- offset
integer(optional) Example: 100Designate the record that will appear first in your retrieved list.
- sort
string(optional) Example: idDesignate the field(s) you want to use to sort the retrieved list. You can prepend each field with a minus sign (-) to reverse the sorting order. This string can be a list of comma-separated values.
Request
Headers
Authorization: Bearer <access_token>Response
200Object(s) retrieved successfully.
Body
{
"total": 2,
"data": [
{
"id": 15067,
"object_link_id": 62326,
"attribute_id": 136,
"value": "Universities",
"created_at": "2018-04-02 17:46:43",
"updated_at": "2018-04-02 17:50:18",
"name": "Industry",
"attribute": {
"id": 136,
"name": "Industry",
"created_at": "2018-04-02 16:25:21",
"updated_at": "2018-04-02 16:25:21"
}
},
{
"id": 15068,
"object_link_id": 62326,
"attribute_id": 136,
"value": "Mining",
"created_at": "2018-04-02 17:52:14",
"updated_at": "2018-04-02 17:52:14",
"name": "Industry",
"attribute": {
"id": 136,
"name": "Industry",
"created_at": "2018-04-02 16:25:21",
"updated_at": "2018-04-02 16:25:21"
}
}
]
}Response
401Access denied.
Create NewPOST/attachments/{attachment_id}/events/{object_link_id}/attributes
Create a new Attachment (File) Event link Attribute.
Example URI
POST /attachments/1/events/2/attributes
URI Parameters
- attachment_id
integer(required) Example: 1Attachment ID
- object_link_id
integer(required) Example: 2Object Link ID
Request
Headers
Content-Type: application/json
Authorization: Bearer <access_token>Body
{
"name": "Port",
"value": "4000",
"sources": [
{
"name": "TQ User",
"tlp": {
"name": "RED"
},
"published_at": "2017-02-28 01:01:01"
}
]
}Response
201Object was created successfully.
Headers
Content-Type: application/jsonBody
{
"data": [
{
"id": 15059,
"object_link_id": 61561,
"attribute_id": 401,
"value": "4000",
"created_at": "2017-03-01 21:47:14",
"updated_at": "2017-03-01 21:47:14",
"deleted_at": null
}
]
}Response
400Validation failed.
Headers
Content-Type: application/jsonBody
{
"errors": [
"Undefined index: value"
]
}Response
401Access denied.
Attachment Event Attribute ¶
Get SingleGET/attachments/{attachment_id}/events/{object_link_id}/attributes/{object_link_attribute_id}
Get a single Attachment (File) Event link Attribute.
Example URI
GET /attachments/1/events/2/attributes/3
URI Parameters
- attachment_id
integer(required) Example: 1Attachment ID
- object_link_id
integer(required) Example: 2Object Link ID
- object_link_attribute_id
integer(required) Example: 3Object Link Attribute ID
Request
Headers
Authorization: Bearer <access_token>Response
200Object(s) retrieved successfully.
Body
{
"data": {
"id": 15068,
"object_link_id": 62326,
"attribute_id": 136,
"value": "Mining",
"created_at": "2018-04-02 17:52:14",
"updated_at": "2018-04-02 17:52:14",
"name": "Industry",
"attribute": {
"id": 136,
"name": "Industry",
"created_at": "2018-04-02 16:25:21",
"updated_at": "2018-04-02 16:25:21"
}
}
}Response
401Access denied.
Response
404Object not found.
UpdatePUT/attachments/{attachment_id}/events/{object_link_id}/attributes/{object_link_attribute_id}
Update an Attachment (File) Event link Attribute.
Example URI
PUT /attachments/1/events/2/attributes/3
URI Parameters
- attachment_id
integer(required) Example: 1Attachment ID
- object_link_id
integer(required) Example: 2Object Link ID
- object_link_attribute_id
integer(required) Example: 3Object Link Attribute ID
Request
Headers
Content-Type: application/json
Authorization: Bearer <access_token>Body
{
"value": "New Value",
"tlp": {
"name": "RED"
}
}Response
200Object(s) retrieved successfully.
Body
{
"data": [
{
"id": 15058,
"object_link_id": 61561,
"attribute_id": 14,
"value": "New Value",
"created_at": "2017-01-24 14:54:31",
"updated_at": "2017-03-01 22:13:22",
"deleted_at": null
}
]
}Response
400Validation failed.
Headers
Content-Type: application/jsonBody
{
"errors": [
"Undefined index: value"
]
}Response
401Access denied.
Response
404Object not found.
DeleteDELETE/attachments/{attachment_id}/events/{object_link_id}/attributes/{object_link_attribute_id}
Delete an Attachment (File) Event link Attribute.
Example URI
DELETE /attachments/1/events/2/attributes/3
URI Parameters
- attachment_id
integer(required) Example: 1Attachment ID
- object_link_id
integer(required) Example: 2Object Link ID
- object_link_attribute_id
integer(required) Example: 3Object Link Attribute ID
Request
Headers
Authorization: Bearer <access_token>Response
204Object(s) were successfully deleted.
Response
401Access denied.
Response
404Object not found.
Attachment Event Comments List ¶
Get ListGET/attachments/{attachment_id}/events/{object_link_id}/comments{?limit,offset,sort,with}
Get a list of Attachment (File) Event link Comments.
Example URI
GET /attachments/1/events/2/comments?limit=500&offset=100&sort=id&with=sources
URI Parameters
- attachment_id
integer(required) Example: 1Attachment ID
- object_link_id
integer(required) Example: 2Object Link ID
- limit
integer(optional) Example: 500The maximum number of records to retrieve.
- offset
integer(optional) Example: 100Designate the record that will appear first in your retrieved list.
- sort
string(optional) Example: idDesignate the field(s) you want to use to sort the retrieved list. You can prepend each field with a minus sign (-) to reverse the sorting order. This string can be a list of comma-separated values.
- with
string(optional) Example: sourcesA comma-separated list of related objects to include in the response. Options for this endpoint: sources.
Request
Headers
Authorization: Bearer <access_token>Response
200Object(s) retrieved successfully.
Body
{
"total": 2,
"data": [
{
"id": 54,
"object_link_id": 62325,
"value": "This has some suspicious stuff.",
"creator_source_id": 8,
"created_at": "2018-04-02 16:19:51",
"updated_at": "2018-04-02 18:21:06",
"sources": [
{
"id": 8,
"type": "users",
"name": "Threat Quotient",
"expire_days": null,
"score": null,
"created_at": "2018-04-02 15:47:21",
"updated_at": "2018-04-02 15:47:21",
"pivot": {
"id": 54,
"creator_source_id": 8
}
}
]
},
{
"id": 56,
"object_link_id": 62325,
"value": "Compile date: 10/17/2011",
"creator_source_id": 8,
"created_at": "2018-04-02 16:20:25",
"updated_at": "2018-04-02 16:20:25",
"sources": [
{
"id": 8,
"type": "users",
"name": "Threat Quotient",
"expire_days": null,
"score": null,
"created_at": "2018-04-02 15:47:21",
"updated_at": "2018-04-02 15:47:21",
"pivot": {
"id": 56,
"creator_source_id": 8
}
}
]
}
]
}Response
401Access denied.
Create NewPOST/attachments/{attachment_id}/events/{object_link_id}/comments
Create a new Attachment (File) Event link Comment.
Example URI
POST /attachments/1/events/2/comments
URI Parameters
- attachment_id
integer(required) Example: 1Attachment ID
- object_link_id
integer(required) Example: 2Object Link ID
Request
Headers
Content-Type: application/json
Authorization: Bearer <access_token>Body
{
"value": "This is a comment."
}Response
201Object was created successfully.
Headers
Content-Type: application/jsonBody
{
"data": {
"creator_source_id": 5,
"id": 69,
"value": "This is a comment.",
"sources": [
{
"id": 5,
"name": "Threat Quotient"
}
],
"created_at": "2017-03-02 14:12:32",
"updated_at": "2017-03-02 14:12:32"
}
}Response
400Validation failed.
Headers
Content-Type: application/jsonBody
{
"errors": [
"Undefined index: value"
]
}Response
401Access denied.
Attachment Event Comment ¶
Get SingleGET/attachments/{attachment_id}/events/{object_link_id}/comments/{object_link_comment_id}
Get a single Attachment (File) Event link Comment.
Example URI
GET /attachments/1/events/2/comments/3
URI Parameters
- attachment_id
integer(required) Example: 1Attachment ID
- object_link_id
integer(required) Example: 2Object Link ID
- object_link_comment_id
integer(required) Example: 3Object Link Comment ID
Request
Headers
Authorization: Bearer <access_token>Response
200Object(s) retrieved successfully.
Body
{
"data": {
"id": 54,
"value": "This is a comment.",
"sources": [
{
"id": 5,
"name": "Threat Quotient"
}
],
"created_at": "2017-03-02 23:18:29",
"updated_at": "2017-03-02 23:18:29"
}
}Response
401Access denied.
Response
404Object not found.
UpdatePUT/attachments/{attachment_id}/events/{object_link_id}/comments/{object_link_comment_id}
Update an Attachment (File) Event link Comment.
Example URI
PUT /attachments/1/events/2/comments/3
URI Parameters
- attachment_id
integer(required) Example: 1Attachment ID
- object_link_id
integer(required) Example: 2Object Link ID
- object_link_comment_id
integer(required) Example: 3Object Link Comment ID
Request
Headers
Content-Type: application/json
Authorization: Bearer <access_token>Body
{
"value": "This is an updated comment."
}Response
201Object was created successfully.
Headers
Content-Type: application/jsonBody
{
"data": {
"creator_source_id": 5,
"value": "This is an updated comment.",
"id": 67,
"sources": [
{
"id": 5,
"name": "Threat Quotient"
}
],
"created_at": "2017-02-28 20:18:50",
"updated_at": "2017-03-02 14:37:49"
}
}Response
400Validation failed.
Headers
Content-Type: application/jsonBody
{
"data": {
"creator_source_id": 5,
"errors": {
"value": [
"The value field is required."
]
}
}
}Response
401Access denied.
Response
404Object not found.
DeleteDELETE/attachments/{attachment_id}/events/{object_link_id}/comments/{object_link_comment_id}
Delete an Attachment (File) Event link Comment.
Example URI
DELETE /attachments/1/events/2/comments/3
URI Parameters
- attachment_id
integer(required) Example: 1Attachment ID
- object_link_id
integer(required) Example: 2Object Link ID
- object_link_comment_id
integer(required) Example: 3Object Link Comment ID
Request
Headers
Authorization: Bearer <access_token>Response
204Object(s) were successfully deleted.
Response
401Access denied.
Response
404Object not found.
Attachment Indicators List ¶
Get ListGET/attachments/{attachment_id}/indicators{?limit,offset,sort,with}
Get a list of Attachment (File) Indicator links.
Example URI
GET /attachments/1/indicators?limit=500&offset=100&sort=id&with=sources,pivot.attributes
URI Parameters
- attachment_id
integer(required) Example: 1Attachment ID
- limit
integer(optional) Example: 500The maximum number of records to retrieve.
- offset
integer(optional) Example: 100Designate the record that will appear first in your retrieved list.
- sort
string(optional) Example: idDesignate the field(s) you want to use to sort the retrieved list. You can prepend each field with a minus sign (-) to reverse the sorting order. This string can be a list of comma-separated values.
- with
string(optional) Example: sources,pivot.attributesA comma-separated list of related objects to include in the response. Options for this endpoint: pivot.comments, pivot.comments.sources, pivot.attributes, pivot.attributes.attribute, pivot.attributes.sources, pivot.sources, sources.
Request
Headers
Authorization: Bearer <access_token>Response
200Object(s) retrieved successfully.
Body
{
"total": 2,
"data": [
{
"id": 24,
"type_id": 3,
"status_id": 3,
"class": "network",
"hash": "bc77846655cdf4c183713a59f8c2a8f1",
"value": "brendon57@hotmail.com",
"description": null,
"last_detected_at": "2002-06-23 14:29:54",
"expires_at": null,
"expired_at": null,
"expires_needs_calc": "Y",
"expires_calculated_at": null,
"created_at": "2018-04-04 19:28:34",
"updated_at": "2018-04-04 19:28:34",
"touched_at": "2018-04-04 19:30:57",
"deleted_at": null,
"sources": [
{
"name": "ThreatQ Example Feed"
}
],
"pivot": {
"id": 14896,
"src_type": "indicator",
"src_object_id": 24,
"dest_type": "adversary",
"dest_object_id": 1,
"created_at": "2018-04-04 19:28:34",
"updated_at": "2018-04-04 19:28:34",
"comments": [
{
"id": 54,
"type": "users",
"value": "This link is important.",
"created_at": "2018-04-04 20:05:39.284000",
"updated_at": "2018-04-04 20:05:39.284000",
"creator_source_id": 8,
"sources": [
{
"id": 8,
"name": "Threat Quotient"
}
]
}
],
"attributes": [
{
"id": 43,
"name": "Confidence",
"value": "75",
"sources": [
{
"id": 1,
"name": "Threat Quotient",
"type": "users",
"pivot": {
"created_at": "0000-00-00 00:00:00",
"updated_at": "0000-00-00 00:00:00"
}
}
]
}
],
"sources": [
{
"id": 62,
"name": "VirusTotal",
"type": "plugins",
"pivot": {
"created_at": "2018-02-19 02:14:29",
"updated_at": "2018-04-04 19:30:59.439000"
}
}
]
}
},
{
"id": 74,
"type_id": 3,
"status_id": 3,
"class": "network",
"hash": "890a7aa3415d8b4fa39d9f51a026b7d8",
"value": "hazel.kilback@hotmail.com",
"description": null,
"last_detected_at": "1992-07-15 20:23:27",
"expires_at": null,
"expired_at": null,
"expires_needs_calc": "Y",
"expires_calculated_at": null,
"created_at": "2018-04-04 19:28:35",
"updated_at": "2018-04-04 19:28:35",
"touched_at": "2018-04-04 19:30:57",
"deleted_at": null,
"sources": [
{
"name": "Customer Admin"
}
],
"pivot": {
"id": 14991,
"src_type": "indicator"",
"src_object_id": 74,
"dest_type": "adversary",
"dest_object_id": 1,
"created_at": "2018-04-04 19:28:35",
"updated_at": "2018-04-04 19:28:35",
"comments": [
{
"id": 56,
"type": "users",
"value": "This link is also important.",
"created_at": "2018-04-04 20:09:29.324000",
"updated_at": "2018-04-04 20:09:29.324000",
"creator_source_id": 8,
"sources": [
{
"id": 8,
"name": "Threat Quotient"
}
]
}
],
"attributes": [
{
"id": 138,
"name": "Confidence",
"value": "75",
"sources": [
{
"id": 2,
"name": "Threat Quotient",
"type": "users",
"pivot": {
"created_at": "0000-00-00 00:00:00",
"updated_at": "0000-00-00 00:00:00"
}
}
]
}
],
"sources": [
{
"id": 200,
"name": "Emerging Threats",
"type": "plugins",
"pivot": {
"created_at": "2018-01-13 11:24:36",
"updated_at": "2018-04-04 19:30:59.439000"
}
}
]
}
}
],
"limit": 2,
"offset": 0
}Response
401Access denied.
Create NewPOST/attachments/{attachment_id}/indicators
Create a link from an Indicator to an Attachment (File).
Example URI
POST /attachments/1/indicators
URI Parameters
- attachment_id
integer(required) Example: 1Attachment ID
Request
Headers
Content-Type: application/json
Authorization: Bearer <access_token>Body
[
{
"id": 2
},
{
"id": 3
}
]Response
201Object was created successfully.
Headers
Content-Type: application/jsonBody
{
"total": 1,
"data": [
{
"id": 202,
"type_id": 2,
"status_id": 3,
"class": "network",
"hash": "bba60e76a34af96122b9f44e67ae8ea7",
"value": "oolson@yahoo.com",
"last_detected_at": "2013-12-13 08:58:00",
"expires_at": null,
"expired_at": null,
"expires_calculated_at": null,
"created_at": "2017-02-28 20:13:19",
"updated_at": "2017-02-28 20:13:19",
"touched_at": "2017-03-02 14:57:32",
"pivot": {
"id": 62397,
"created_at": "2017-03-02 14:57:32",
"updated_at": "2017-03-02 14:57:32"
}
}
]
}Response
400Validation failed.
Headers
Content-Type: application/jsonBody
{
"data": [
{
"errors": {
"id": [
"The id field is required."
]
}
}
]
}Response
401Access denied.
Bulk DeleteDELETE/attachments/{attachment_id}/indicators
Delete multiple Attachment (File) Indicator links.
Example URI
DELETE /attachments/1/indicators
URI Parameters
- attachment_id
integer(required) Example: 1Attachment ID
Request
Headers
Content-Type: application/json
Authorization: Bearer <access_token>Body
[
62351,
62352
]Response
204Object(s) were successfully deleted.
Response
401Access denied.
Attachment Indicator ¶
Get SingleGET/attachments/{attachment_id}/indicators/{object_link_id}{?with}
Get a single Attachment (File) Indicator link.
Example URI
GET /attachments/1/indicators/2?with=sources,pivot.attributes
URI Parameters
- attachment_id
integer(required) Example: 1Attachment ID
- object_link_id
integer(required) Example: 2Object Link ID
- with
string(optional) Example: sources,pivot.attributesA comma-separated list of related objects to include in the response. Options for this endpoint: pivot.comments, pivot.comments.sources, pivot.attributes, pivot.attributes.attribute, pivot.attributes.sources, pivot.sources, sources.
Request
Headers
Authorization: Bearer <access_token>Response
200Object(s) retrieved successfully.
Body
{
"data": {
"id": 24,
"type_id": 3,
"status_id": 3,
"class": "network",
"hash": "bc77846655cdf4c183713a59f8c2a8f1",
"value": "brendon57@hotmail.com",
"description": null,
"last_detected_at": "2002-06-23 14:29:54",
"expires_at": null,
"expired_at": null,
"expires_needs_calc": "Y",
"expires_calculated_at": null,
"created_at": "2018-04-04 19:28:34",
"updated_at": "2018-04-04 19:28:34",
"touched_at": "2018-04-04 19:30:57",
"pivot": {
"id": 14896,
"created_at": "2018-03-09 14:32:27",
"updated_at": "2018-04-04 19:30:29",
"comments": [
{
"id": 54,
"object_link_id": 14896,
"value": "This link is also important.",
"creator_source_id": 8,
"created_at": "2018-04-04 20:05:39",
"updated_at": "2018-04-04 20:05:39",
"sources": [
{
"id": 8,
"type": "users",
"name": "Threat Quotient",
"expire_days": null,
"score": null,
"created_at": "2018-04-04 19:28:33",
"updated_at": "2018-04-04 19:28:33",
"pivot": {
"id": 54,
"creator_source_id": 8
}
}
]
}
],
"attributes": [
{
"id": 43,
"object_link_id": 14896,
"attribute_id": 13,
"value": "75",
"created_at": "2018-02-24 14:33:41",
"updated_at": "-0001-11-30 00:00:00",
"name": "Confidence",
"attribute": {
"id": 13,
"name": "Confidence",
"created_at": "2018-03-28 19:03:33",
"updated_at": "2018-03-24 19:03:33"
},
"sources": [
{
"id": 8,
"type": "users",
"name": "Threat Quotient",
"tlp_id": null,
"created_at": "-0001-11-30 00:00:00",
"updated_at": "-0001-11-30 00:00:00",
"published_at": null,
"pivot": {
"object_link_attribute_id": 43,
"source_id": 8,
"id": 1,
"creator_source_id": 0
}
}
]
}
],
"sources": [
{
"id": 5,
"type": "plugins",
"name": "VirusTotal",
"tlp_id": null,
"created_at": "2018-02-19 02:14:29",
"updated_at": "2018-04-04 19:30:59",
"published_at": null,
"pivot": {
"object_link_id": 14896,
"source_id": 5,
"id": 62,
"creator_source_id": 5
}
}
]
},
"sources": [
{
"id": 3,
"type": "clients",
"name": "ThreatQ",
"tlp_id": null,
"created_at": "2018-04-04 19:28:35",
"updated_at": "2018-04-04 19:28:35",
"published_at": null,
"pivot": {
"indicator_id": 24,
"source_id": 3,
"id": 59,
"creator_source_id": 8
}
}
]
}
}Response
401Access denied.
Response
404Object not found.
DeleteDELETE/attachments/{attachment_id}/indicators/{object_link_id}
Delete an Attachment (File) Indicator link.
Example URI
DELETE /attachments/1/indicators/2
URI Parameters
- attachment_id
integer(required) Example: 1Attachment ID
- object_link_id
integer(required) Example: 2Object Link ID
Request
Headers
Authorization: Bearer <access_token>Response
204Object(s) were successfully deleted.
Response
401Access denied.
Response
404Object not found.
Attachment Indicator Attributes List ¶
Get ListGET/attachments/{attachment_id}/indicators/{object_link_id}/attributes{?limit,offset,sort}
Get a list of Attachment (File) Indicator link Attributes.
Example URI
GET /attachments/1/indicators/2/attributes?limit=500&offset=100&sort=id
URI Parameters
- attachment_id
integer(required) Example: 1Attachment ID
- object_link_id
integer(required) Example: 2Object Link ID
- limit
integer(optional) Example: 500The maximum number of records to retrieve.
- offset
integer(optional) Example: 100Designate the record that will appear first in your retrieved list.
- sort
string(optional) Example: idDesignate the field(s) you want to use to sort the retrieved list. You can prepend each field with a minus sign (-) to reverse the sorting order. This string can be a list of comma-separated values.
Request
Headers
Authorization: Bearer <access_token>Response
200Object(s) retrieved successfully.
Body
{
"total": 2,
"data": [
{
"id": 15067,
"object_link_id": 62326,
"attribute_id": 136,
"value": "Universities",
"created_at": "2018-04-02 17:46:43",
"updated_at": "2018-04-02 17:50:18",
"name": "Industry",
"attribute": {
"id": 136,
"name": "Industry",
"created_at": "2018-04-02 16:25:21",
"updated_at": "2018-04-02 16:25:21"
}
},
{
"id": 15068,
"object_link_id": 62326,
"attribute_id": 136,
"value": "Mining",
"created_at": "2018-04-02 17:52:14",
"updated_at": "2018-04-02 17:52:14",
"name": "Industry",
"attribute": {
"id": 136,
"name": "Industry",
"created_at": "2018-04-02 16:25:21",
"updated_at": "2018-04-02 16:25:21"
}
}
]
}Response
401Access denied.
Create NewPOST/attachments/{attachment_id}/indicators/{object_link_id}/attributes
Create a new Attachment (File) Indicator link Attribute.
Example URI
POST /attachments/1/indicators/2/attributes
URI Parameters
- attachment_id
integer(required) Example: 1Attachment ID
- object_link_id
integer(required) Example: 2Object Link ID
Request
Headers
Content-Type: application/json
Authorization: Bearer <access_token>Body
{
"name": "Port",
"value": "4000",
"sources": [
{
"name": "TQ User",
"tlp": {
"name": "RED"
},
"published_at": "2017-02-28 01:01:01"
}
]
}Response
201Object was created successfully.
Headers
Content-Type: application/jsonBody
{
"data": [
{
"id": 15059,
"object_link_id": 61561,
"attribute_id": 401,
"value": "4000",
"created_at": "2017-03-01 21:47:14",
"updated_at": "2017-03-01 21:47:14",
"deleted_at": null
}
]
}Response
400Validation failed.
Headers
Content-Type: application/jsonBody
{
"errors": [
"Undefined index: value"
]
}Response
401Access denied.
Attachment Indicator Attribute ¶
Get SingleGET/attachments/{attachment_id}/indicators/{object_link_id}/attributes/{object_link_attribute_id}
Get a single Attachment (File) Indicator link Attribute.
Example URI
GET /attachments/1/indicators/2/attributes/3
URI Parameters
- attachment_id
integer(required) Example: 1Attachment ID
- object_link_id
integer(required) Example: 2Object Link ID
- object_link_attribute_id
integer(required) Example: 3Object Link Attribute ID
Request
Headers
Authorization: Bearer <access_token>Response
200Object(s) retrieved successfully.
Body
{
"data": {
"id": 15068,
"object_link_id": 62326,
"attribute_id": 136,
"value": "Mining",
"created_at": "2018-04-02 17:52:14",
"updated_at": "2018-04-02 17:52:14",
"name": "Industry",
"attribute": {
"id": 136,
"name": "Industry",
"created_at": "2018-04-02 16:25:21",
"updated_at": "2018-04-02 16:25:21"
}
}
}Response
401Access denied.
Response
404Object not found.
UpdatePUT/attachments/{attachment_id}/indicators/{object_link_id}/attributes/{object_link_attribute_id}
Update an Attachment (File) Indicator link Attribute.
Example URI
PUT /attachments/1/indicators/2/attributes/3
URI Parameters
- attachment_id
integer(required) Example: 1Attachment ID
- object_link_id
integer(required) Example: 2Object Link ID
- object_link_attribute_id
integer(required) Example: 3Object Link Attribute ID
Request
Headers
Content-Type: application/json
Authorization: Bearer <access_token>Body
{
"value": "New Value",
"tlp": {
"name": "RED"
}
}Response
200Object(s) retrieved successfully.
Body
{
"data": [
{
"id": 15058,
"object_link_id": 61561,
"attribute_id": 14,
"value": "New Value",
"created_at": "2017-01-24 14:54:31",
"updated_at": "2017-03-01 22:13:22",
"deleted_at": null
}
]
}Response
400Validation failed.
Headers
Content-Type: application/jsonBody
{
"errors": [
"Undefined index: value"
]
}Response
401Access denied.
Response
404Object not found.
DeleteDELETE/attachments/{attachment_id}/indicators/{object_link_id}/attributes/{object_link_attribute_id}
Delete an Attachment (File) Indicator link Attribute.
Example URI
DELETE /attachments/1/indicators/2/attributes/3
URI Parameters
- attachment_id
integer(required) Example: 1Attachment ID
- object_link_id
integer(required) Example: 2Object Link ID
- object_link_attribute_id
integer(required) Example: 3Object Link Attribute ID
Request
Headers
Authorization: Bearer <access_token>Response
204Object(s) were successfully deleted.
Response
401Access denied.
Response
404Object not found.
Attachment Indicator Comments List ¶
Get ListGET/attachments/{attachment_id}/indicators/{object_link_id}/comments{?limit,offset,sort,with}
Get a list of Attachment (File) Indicator link Comments.
Example URI
GET /attachments/1/indicators/2/comments?limit=500&offset=100&sort=id&with=sources
URI Parameters
- attachment_id
integer(required) Example: 1Attachment ID
- object_link_id
integer(required) Example: 2Object Link ID
- limit
integer(optional) Example: 500The maximum number of records to retrieve.
- offset
integer(optional) Example: 100Designate the record that will appear first in your retrieved list.
- sort
string(optional) Example: idDesignate the field(s) you want to use to sort the retrieved list. You can prepend each field with a minus sign (-) to reverse the sorting order. This string can be a list of comma-separated values.
- with
string(optional) Example: sourcesA comma-separated list of related objects to include in the response. Options for this endpoint: sources.
Request
Headers
Authorization: Bearer <access_token>Response
200Object(s) retrieved successfully.
Body
{
"total": 2,
"data": [
{
"id": 54,
"object_link_id": 62325,
"value": "This has some suspicious stuff.",
"creator_source_id": 8,
"created_at": "2018-04-02 16:19:51",
"updated_at": "2018-04-02 18:21:06",
"sources": [
{
"id": 8,
"type": "users",
"name": "Threat Quotient",
"expire_days": null,
"score": null,
"created_at": "2018-04-02 15:47:21",
"updated_at": "2018-04-02 15:47:21",
"pivot": {
"id": 54,
"creator_source_id": 8
}
}
]
},
{
"id": 56,
"object_link_id": 62325,
"value": "Compile date: 10/17/2011",
"creator_source_id": 8,
"created_at": "2018-04-02 16:20:25",
"updated_at": "2018-04-02 16:20:25",
"sources": [
{
"id": 8,
"type": "users",
"name": "Threat Quotient",
"expire_days": null,
"score": null,
"created_at": "2018-04-02 15:47:21",
"updated_at": "2018-04-02 15:47:21",
"pivot": {
"id": 56,
"creator_source_id": 8
}
}
]
}
]
}Response
401Access denied.
Create NewPOST/attachments/{attachment_id}/indicators/{object_link_id}/comments
Create a new Attachment (File) Indicator link Comment.
Example URI
POST /attachments/1/indicators/2/comments
URI Parameters
- attachment_id
integer(required) Example: 1Attachment ID
- object_link_id
integer(required) Example: 2Object Link ID
Request
Headers
Content-Type: application/json
Authorization: Bearer <access_token>Body
{
"value": "This is a comment."
}Response
201Object was created successfully.
Headers
Content-Type: application/jsonBody
{
"data": {
"creator_source_id": 5,
"id": 69,
"value": "This is a comment.",
"sources": [
{
"id": 5,
"name": "Threat Quotient"
}
],
"created_at": "2017-03-02 14:12:32",
"updated_at": "2017-03-02 14:12:32"
}
}Response
400Validation failed.
Headers
Content-Type: application/jsonBody
{
"errors": [
"Undefined index: value"
]
}Response
401Access denied.
Attachment Indicator Comment ¶
Get SingleGET/attachments/{attachment_id}/indicators/{object_link_id}/comments/{object_link_comment_id}
Get a single Attachment (File) Indicator link Comment.
Example URI
GET /attachments/1/indicators/2/comments/3
URI Parameters
- attachment_id
integer(required) Example: 1Attachment ID
- object_link_id
integer(required) Example: 2Object Link ID
- object_link_comment_id
integer(required) Example: 3Object Link Comment ID
Request
Headers
Authorization: Bearer <access_token>Response
200Object(s) retrieved successfully.
Body
{
"data": {
"id": 54,
"value": "This is a comment.",
"sources": [
{
"id": 5,
"name": "Threat Quotient"
}
],
"created_at": "2017-03-02 23:18:29",
"updated_at": "2017-03-02 23:18:29"
}
}Response
401Access denied.
Response
404Object not found.
UpdatePUT/attachments/{attachment_id}/indicators/{object_link_id}/comments/{object_link_comment_id}
Update an Attachment (File) Indicator link Comment.
Example URI
PUT /attachments/1/indicators/2/comments/3
URI Parameters
- attachment_id
integer(required) Example: 1Attachment ID
- object_link_id
integer(required) Example: 2Object Link ID
- object_link_comment_id
integer(required) Example: 3Object Link Comment ID
Request
Headers
Content-Type: application/json
Authorization: Bearer <access_token>Body
{
"value": "This is an updated comment."
}Response
201Object was created successfully.
Headers
Content-Type: application/jsonBody
{
"data": {
"creator_source_id": 5,
"value": "This is an updated comment.",
"id": 67,
"sources": [
{
"id": 5,
"name": "Threat Quotient"
}
],
"created_at": "2017-02-28 20:18:50",
"updated_at": "2017-03-02 14:37:49"
}
}Response
400Validation failed.
Headers
Content-Type: application/jsonBody
{
"data": {
"creator_source_id": 5,
"errors": {
"value": [
"The value field is required."
]
}
}
}Response
401Access denied.
Response
404Object not found.
DeleteDELETE/attachments/{attachment_id}/indicators/{object_link_id}/comments/{object_link_comment_id}
Delete an Attachment (File) Indicator link Comment.
Example URI
DELETE /attachments/1/indicators/2/comments/3
URI Parameters
- attachment_id
integer(required) Example: 1Attachment ID
- object_link_id
integer(required) Example: 2Object Link ID
- object_link_comment_id
integer(required) Example: 3Object Link Comment ID
Request
Headers
Authorization: Bearer <access_token>Response
204Object(s) were successfully deleted.
Response
401Access denied.
Response
404Object not found.
Attachment Investigations List ¶
Get ListGET/attachments/{attachment_id}/investigations{?limit,offset,sort,with}
Get a list of Attachment Investigation links.
Example URI
GET /attachments/1/investigations?limit=500&offset=100&sort=id&with=sources,pivot.attributes
URI Parameters
- attachment_id
integer(required) Example: 1Attachment ID
- limit
integer(optional) Example: 500The maximum number of records to retrieve.
- offset
integer(optional) Example: 100Designate the record that will appear first in your retrieved list.
- sort
string(optional) Example: idDesignate the field(s) you want to use to sort the retrieved list. You can prepend each field with a minus sign (-) to reverse the sorting order. This string can be a list of comma-separated values.
- with
string(optional) Example: sources,pivot.attributesA comma-separated list of related objects to include in the response. Options for this endpoint: pivot.comments, pivot.comments.sources, pivot.attributes, pivot.attributes.attribute, pivot.attributes.sources, pivot.sources, sources.
Request
Headers
Authorization: Bearer <access_token>Response
200Object(s) retrieved successfully.
Body
{
"total": 2,
"data": [
{
"id": 1,
"name": "Investigation 1",
"user_id": 1,
"status_id": 2,
"priority_id": 2,
"last_updated_by": 1,
"visible": 1,
"data": "{\"data\": \"This is Investigation data.\", \"data1\": \"more data\"}",
"description": "WTF",
"created_at": "2018-01-31 23:35:59",
"updated_at": "2018-02-05 01:48:53",
"sources": [
{
"name": "Customer Observer"
}
],
"pivot": {
"id": 62324,
"src_type": "adversary",
"src_object_id": 1,
"dest_type": "investigation",
"dest_object_id": 2,
"created_at": "2018-04-02 16:16:38",
"updated_at": "2018-04-02 16:16:38",
"comments": [
{
"id": 54,
"type": "users",
"value": "This link is important.",
"source": "Threat Quotient",
"created_at": "2018-04-02 16:19:51.184000",
"updated_at": "2018-04-02 16:23:40.426000",
"creator_source_id": 8
}
],
"attributes": [
{
"id": 15066,
"name": "Industry",
"value": "Hospitals",
"sources": [
{
"id": 2,
"name": "Threat Quotient",
"type": "users",
"pivot": {
"created_at": "2018-04-02 16:17:00.689000",
"updated_at": "2018-04-02 16:17:00.689000"
}
}
]
}
],
"sources": [
{
"id": 24424,
"name": "Threat Quotient",
"type": "users",
"pivot": {
"created_at": "2018-04-02 16:16:38.663000",
"updated_at": "2018-04-02 16:16:38.663000"
}
}
]
}
},
{
"id": 2,
"name": "Investigation 2",
"user_id": 1,
"status_id": 2,
"priority_id": 2,
"last_updated_by": 1,
"visible": 1,
"data": "{\"data\": \"This is Investigation data.\", \"data1\": \"more data\"}",
"description": "WTF",
"created_at": "2018-01-31 23:35:59",
"updated_at": "2018-02-05 01:48:53",
"sources": [
{
"name": "Customer Observer"
}
],
"pivot": {
"id": 62324,
"src_type": "adversary",
"src_object_id": 2,
"dest_type": "investigation",
"dest_object_id": 2,
"created_at": "2018-04-02 16:16:38",
"updated_at": "2018-04-02 16:16:38",
"comments": [
{
"id": 54,
"type": "users",
"value": "This link is also important.",
"source": "Threat Quotient",
"created_at": "2018-04-02 16:19:51.184000",
"updated_at": "2018-04-02 16:23:40.426000",
"creator_source_id": 8
}
],
"attributes": [
{
"id": 15066,
"name": "Industry",
"value": "Universities",
"sources": [
{
"id": 2,
"name": "Threat Quotient",
"type": "users",
"pivot": {
"created_at": "2018-04-02 16:17:00.689000",
"updated_at": "2018-04-02 16:17:00.689000"
}
}
]
}
],
"sources": [
{
"id": 24424,
"name": "Threat Quotient",
"type": "users",
"pivot": {
"created_at": "2018-04-02 16:16:38.663000",
"updated_at": "2018-04-02 16:16:38.663000"
}
}
]
}
}
],
"limit": 100,
"offset": 0
}Response
401Access denied.
Create NewPOST/attachments/{attachment_id}/investigations
Create a link from an Attachment to an Investigation.
Example URI
POST /attachments/1/investigations
URI Parameters
- attachment_id
integer(required) Example: 1Attachment ID
Request
Headers
Content-Type: application/json
Authorization: Bearer <access_token>Body
[
{
"id": 2
},
{
"id": 3
}
]Response
201Object was created successfully.
Headers
Content-Type: application/jsonBody
{
"total": 1,
"data": [
{
"id": 2,
"name": "Investigation 2",
"user_id": 1,
"status_id": 2,
"priority_id": 2,
"last_updated_by": 1,
"visible": 1,
"data": "{\"data\": \"This is Investigation data.\", \"data1\": \"more data\"}",
"description": "This is an important investigation.",
"created_at": "2018-01-31 23:35:59",
"updated_at": "2018-02-05 01:48:53",
"pivot": {
"id": 62317,
"created_at": "2018-02-05 15:06:27",
"updated_at": "2018-02-05 15:06:27"
}
},
{
"id": 3,
"name": "Investigation 3",
"user_id": 1,
"status_id": 2,
"priority_id": 2,
"last_updated_by": 1,
"visible": 1,
"data": "{\"data\": \"This is Investigation data.\", \"data1\": \"more data\"}",
"description": "This is an important investigation.",
"created_at": "2018-01-31 23:35:59",
"updated_at": "2018-02-05 01:48:53",
"pivot": {
"id": 62318,
"created_at": "2018-02-05 15:06:27",
"updated_at": "2018-02-05 15:06:27"
}
}
]
}Response
400Validation failed.
Headers
Content-Type: application/jsonBody
{
"data": [
{
"errors": {
"id": [
"The id field is required."
]
}
}
]
}Response
401Access denied.
Bulk DeleteDELETE/attachments/{attachment_id}/investigations
Delete multiple Attachment Investigation links. The request should include a list of object_link_ids to be deleted.
Example URI
DELETE /attachments/1/investigations
URI Parameters
- attachment_id
integer(required) Example: 1Attachment ID
Request
Headers
Content-Type: application/json
Authorization: Bearer <access_token>Body
[
62351,
62352
]Response
204Object(s) were successfully deleted.
Response
401Access denied.
Attachment Investigation ¶
Get SingleGET/attachments/{attachment_id}/investigations/{object_link_id}{?with}
Get a single Attachment Investigation link.
Example URI
GET /attachments/1/investigations/2?with=sources,pivot.attributes
URI Parameters
- attachment_id
integer(required) Example: 1Attachment ID
- object_link_id
integer(required) Example: 2Object Link ID
- with
string(optional) Example: sources,pivot.attributesA comma-separated list of related objects to include in the response. Options for this endpoint: pivot.comments, pivot.comments.sources, pivot.attributes, pivot.attributes.attribute, pivot.attributes.sources, pivot.sources, sources.
Request
Headers
Authorization: Bearer <access_token>Response
200Object(s) retrieved successfully.
Body
{
"data": {
"id": 1,
"name": "Investigation 1",
"user_id": 1,
"status_id": 2,
"priority_id": 2,
"last_updated_by": 1,
"visible": 1,
"data": "{\"data\": \"This is Investigation data.\", \"data1\": \"more data\"}",
"description": "WTF",
"created_at": "2018-01-31 23:35:59",
"updated_at": "2018-02-05 01:48:53",
"sources": [
{
"name": "Customer Observer"
}
],
"pivot": {
"id": 62324,
"src_type": "adversary",
"src_object_id": 1,
"dest_type": "investigation",
"dest_object_id": 2,
"created_at": "2018-04-02 16:16:38",
"updated_at": "2018-04-02 16:16:38",
"comments": [
{
"id": 54,
"type": "users",
"value": "This link is important.",
"source": "Threat Quotient",
"created_at": "2018-04-02 16:19:51.184000",
"updated_at": "2018-04-02 16:23:40.426000",
"creator_source_id": 8
}
],
"attributes": [
{
"id": 15066,
"name": "Industry",
"value": "Hospitals",
"sources": [
{
"id": 2,
"name": "Threat Quotient",
"type": "users",
"pivot": {
"created_at": "2018-04-02 16:17:00.689000",
"updated_at": "2018-04-02 16:17:00.689000"
}
}
]
}
],
"sources": [
{
"id": 24424,
"name": "Threat Quotient",
"type": "users",
"pivot": {
"created_at": "2018-04-02 16:16:38.663000",
"updated_at": "2018-04-02 16:16:38.663000"
}
}
]
}
}
}Response
401Access denied.
Response
404Object not found.
DeleteDELETE/attachments/{attachment_id}/investigations/{object_link_id}
Delete an Attachment Investigation link.
Example URI
DELETE /attachments/1/investigations/2
URI Parameters
- attachment_id
integer(required) Example: 1Attachment ID
- object_link_id
integer(required) Example: 2Object Link ID
Request
Headers
Authorization: Bearer <access_token>Response
204Object(s) were successfully deleted.
Response
401Access denied.
Response
404Object not found.
Attachment Investigation Attributes List ¶
Get ListGET/attachments/{attachment_id}/investigations/{object_link_id}/attributes{?limit,offset,sort}
Get a list of Attachment (File) Investigation link Attributes.
Example URI
GET /attachments/1/investigations/2/attributes?limit=500&offset=100&sort=id
URI Parameters
- attachment_id
integer(required) Example: 1Attachment ID
- object_link_id
integer(required) Example: 2Object Link ID
- limit
integer(optional) Example: 500The maximum number of records to retrieve.
- offset
integer(optional) Example: 100Designate the record that will appear first in your retrieved list.
- sort
string(optional) Example: idDesignate the field(s) you want to use to sort the retrieved list. You can prepend each field with a minus sign (-) to reverse the sorting order. This string can be a list of comma-separated values.
Request
Headers
Authorization: Bearer <access_token>Response
200Object(s) retrieved successfully.
Body
{
"total": 2,
"data": [
{
"id": 15067,
"object_link_id": 62326,
"attribute_id": 136,
"value": "Universities",
"created_at": "2018-04-02 17:46:43",
"updated_at": "2018-04-02 17:50:18",
"name": "Industry",
"attribute": {
"id": 136,
"name": "Industry",
"created_at": "2018-04-02 16:25:21",
"updated_at": "2018-04-02 16:25:21"
}
},
{
"id": 15068,
"object_link_id": 62326,
"attribute_id": 136,
"value": "Mining",
"created_at": "2018-04-02 17:52:14",
"updated_at": "2018-04-02 17:52:14",
"name": "Industry",
"attribute": {
"id": 136,
"name": "Industry",
"created_at": "2018-04-02 16:25:21",
"updated_at": "2018-04-02 16:25:21"
}
}
]
}Response
401Access denied.
Create NewPOST/attachments/{attachment_id}/investigations/{object_link_id}/attributes
Create a new Attachment (File) Investigation link Attribute.
Example URI
POST /attachments/1/investigations/2/attributes
URI Parameters
- attachment_id
integer(required) Example: 1Attachment ID
- object_link_id
integer(required) Example: 2Object Link ID
Request
Headers
Content-Type: application/json
Authorization: Bearer <access_token>Body
{
"name": "Port",
"value": "4000",
"sources": [
{
"name": "TQ User",
"tlp": {
"name": "RED"
},
"published_at": "2017-02-28 01:01:01"
}
]
}Response
201Object was created successfully.
Headers
Content-Type: application/jsonBody
{
"data": [
{
"id": 15059,
"object_link_id": 61561,
"attribute_id": 401,
"value": "4000",
"created_at": "2017-03-01 21:47:14",
"updated_at": "2017-03-01 21:47:14",
"deleted_at": null
}
]
}Response
400Validation failed.
Headers
Content-Type: application/jsonBody
{
"errors": [
"Undefined index: value"
]
}Response
401Access denied.
Attachment Investigation Attribute ¶
Get SingleGET/attachments/{attachment_id}/investigations/{object_link_id}/attributes/{object_link_attribute_id}
Get a single Attachment (File) Investigation link Attribute.
Example URI
GET /attachments/1/investigations/2/attributes/3
URI Parameters
- attachment_id
integer(required) Example: 1Attachment ID
- object_link_id
integer(required) Example: 2Object Link ID
- object_link_attribute_id
integer(required) Example: 3Object Link Attribute ID
Request
Headers
Authorization: Bearer <access_token>Response
200Object(s) retrieved successfully.
Body
{
"data": {
"id": 15068,
"object_link_id": 62326,
"attribute_id": 136,
"value": "Mining",
"created_at": "2018-04-02 17:52:14",
"updated_at": "2018-04-02 17:52:14",
"name": "Industry",
"attribute": {
"id": 136,
"name": "Industry",
"created_at": "2018-04-02 16:25:21",
"updated_at": "2018-04-02 16:25:21"
}
}
}Response
401Access denied.
Response
404Object not found.
UpdatePUT/attachments/{attachment_id}/investigations/{object_link_id}/attributes/{object_link_attribute_id}
Update an Attachment (File) Investigation link Attribute.
Example URI
PUT /attachments/1/investigations/2/attributes/3
URI Parameters
- attachment_id
integer(required) Example: 1Attachment ID
- object_link_id
integer(required) Example: 2Object Link ID
- object_link_attribute_id
integer(required) Example: 3Object Link Attribute ID
Request
Headers
Content-Type: application/json
Authorization: Bearer <access_token>Body
{
"value": "New Value",
"tlp": {
"name": "RED"
}
}Response
200Object(s) retrieved successfully.
Body
{
"data": [
{
"id": 15058,
"object_link_id": 61561,
"attribute_id": 14,
"value": "New Value",
"created_at": "2017-01-24 14:54:31",
"updated_at": "2017-03-01 22:13:22",
"deleted_at": null
}
]
}Response
400Validation failed.
Headers
Content-Type: application/jsonBody
{
"errors": [
"Undefined index: value"
]
}Response
401Access denied.
Response
404Object not found.
DeleteDELETE/attachments/{attachment_id}/investigations/{object_link_id}/attributes/{object_link_attribute_id}
Delete an Attachment (File) Investigation link Attribute.
Example URI
DELETE /attachments/1/investigations/2/attributes/3
URI Parameters
- attachment_id
integer(required) Example: 1Attachment ID
- object_link_id
integer(required) Example: 2Object Link ID
- object_link_attribute_id
integer(required) Example: 3Object Link Attribute ID
Request
Headers
Authorization: Bearer <access_token>Response
204Object(s) were successfully deleted.
Response
401Access denied.
Response
404Object not found.
Attachment Investigation Comments List ¶
Get ListGET/attachments/{attachment_id}/investigations/{object_link_id}/comments{?limit,offset,sort,with}
Get a list of Attachment (File) Investigation link Comments.
Example URI
GET /attachments/1/investigations/2/comments?limit=500&offset=100&sort=id&with=sources
URI Parameters
- attachment_id
integer(required) Example: 1Attachment ID
- object_link_id
integer(required) Example: 2Object Link ID
- limit
integer(optional) Example: 500The maximum number of records to retrieve.
- offset
integer(optional) Example: 100Designate the record that will appear first in your retrieved list.
- sort
string(optional) Example: idDesignate the field(s) you want to use to sort the retrieved list. You can prepend each field with a minus sign (-) to reverse the sorting order. This string can be a list of comma-separated values.
- with
string(optional) Example: sourcesA comma-separated list of related objects to include in the response. Options for this endpoint: sources.
Request
Headers
Authorization: Bearer <access_token>Response
200Object(s) retrieved successfully.
Body
{
"total": 2,
"data": [
{
"id": 54,
"object_link_id": 62325,
"value": "This has some suspicious stuff.",
"creator_source_id": 8,
"created_at": "2018-04-02 16:19:51",
"updated_at": "2018-04-02 18:21:06",
"sources": [
{
"id": 8,
"type": "users",
"name": "Threat Quotient",
"expire_days": null,
"score": null,
"created_at": "2018-04-02 15:47:21",
"updated_at": "2018-04-02 15:47:21",
"pivot": {
"id": 54,
"creator_source_id": 8
}
}
]
},
{
"id": 56,
"object_link_id": 62325,
"value": "Compile date: 10/17/2011",
"creator_source_id": 8,
"created_at": "2018-04-02 16:20:25",
"updated_at": "2018-04-02 16:20:25",
"sources": [
{
"id": 8,
"type": "users",
"name": "Threat Quotient",
"expire_days": null,
"score": null,
"created_at": "2018-04-02 15:47:21",
"updated_at": "2018-04-02 15:47:21",
"pivot": {
"id": 56,
"creator_source_id": 8
}
}
]
}
]
}Response
401Access denied.
Create NewPOST/attachments/{attachment_id}/investigations/{object_link_id}/comments
Create a new Attachment (File) Investigation link Comment.
Example URI
POST /attachments/1/investigations/2/comments
URI Parameters
- attachment_id
integer(required) Example: 1Attachment ID
- object_link_id
integer(required) Example: 2Object Link ID
Request
Headers
Content-Type: application/json
Authorization: Bearer <access_token>Body
{
"value": "This is a comment."
}Response
201Object was created successfully.
Headers
Content-Type: application/jsonBody
{
"data": {
"creator_source_id": 5,
"id": 69,
"value": "This is a comment.",
"sources": [
{
"id": 5,
"name": "Threat Quotient"
}
],
"created_at": "2017-03-02 14:12:32",
"updated_at": "2017-03-02 14:12:32"
}
}Response
400Validation failed.
Headers
Content-Type: application/jsonBody
{
"errors": [
"Undefined index: value"
]
}Response
401Access denied.
Attachment Investigation Comment ¶
Get SingleGET/attachments/{attachment_id}/investigations/{object_link_id}/comments/{object_link_comment_id}
Get a single Attachment (File) Investigation link Comment.
Example URI
GET /attachments/1/investigations/2/comments/3
URI Parameters
- attachment_id
integer(required) Example: 1Attachment ID
- object_link_id
integer(required) Example: 2Object Link ID
- object_link_comment_id
integer(required) Example: 3Object Link Comment ID
Request
Headers
Authorization: Bearer <access_token>Response
200Object(s) retrieved successfully.
Body
{
"data": {
"id": 54,
"value": "This is a comment.",
"sources": [
{
"id": 5,
"name": "Threat Quotient"
}
],
"created_at": "2017-03-02 23:18:29",
"updated_at": "2017-03-02 23:18:29"
}
}Response
401Access denied.
Response
404Object not found.
UpdatePUT/attachments/{attachment_id}/investigations/{object_link_id}/comments/{object_link_comment_id}
Update an Attachment (File) Investigation link Comment.
Example URI
PUT /attachments/1/investigations/2/comments/3
URI Parameters
- attachment_id
integer(required) Example: 1Attachment ID
- object_link_id
integer(required) Example: 2Object Link ID
- object_link_comment_id
integer(required) Example: 3Object Link Comment ID
Request
Headers
Content-Type: application/json
Authorization: Bearer <access_token>Body
{
"value": "This is an updated comment."
}Response
201Object was created successfully.
Headers
Content-Type: application/jsonBody
{
"data": {
"creator_source_id": 5,
"value": "This is an updated comment.",
"id": 67,
"sources": [
{
"id": 5,
"name": "Threat Quotient"
}
],
"created_at": "2017-02-28 20:18:50",
"updated_at": "2017-03-02 14:37:49"
}
}Response
400Validation failed.
Headers
Content-Type: application/jsonBody
{
"data": {
"creator_source_id": 5,
"errors": {
"value": [
"The value field is required."
]
}
}
}Response
401Access denied.
Response
404Object not found.
DeleteDELETE/attachments/{attachment_id}/investigations/{object_link_id}/comments/{object_link_comment_id}
Delete an Attachment (File) Investigation link Comment.
Example URI
DELETE /attachments/1/investigations/2/comments/3
URI Parameters
- attachment_id
integer(required) Example: 1Attachment ID
- object_link_id
integer(required) Example: 2Object Link ID
- object_link_comment_id
integer(required) Example: 3Object Link Comment ID
Request
Headers
Authorization: Bearer <access_token>Response
204Object(s) were successfully deleted.
Response
401Access denied.
Response
404Object not found.
Attachment Malware Lock ¶
Attachment Malware LockPUT/attachments/malware-lock/{attachment_id}
Update the malware_lock setting on an Attachment (File).
Example URI
PUT /attachments/malware-lock/1
URI Parameters
- attachment_id
integer(required) Example: 1Attachment ID
Request
Headers
Content-Type: application/json
Authorization: Bearer <access_token>Body
{
"malware_locked": "0"
}Response
201Object was created successfully.
Headers
Content-Type: application/jsonBody
{
"data": {
"id": 2,
"type_id": 2,
"title": "Bad Malware",
"name": "Crazy effing malware!.net.org.exe",
"hash": "350649b5b5fa5436d325cbaf482d52c7",
"content_type_id": 1,
"file_size": 134232,
"malware_locked": 0,
"description": null,
"created_at": "2017-03-15 13:03:07",
"updated_at": "2017-03-16 18:46:10",
"touched_at": "2017-03-16 13:05:54"
}
}Response
401Access denied.
Response
404Object not found.
Attachment Search ¶
Attachment SearchPOST/attachments/query{?limit,offset,sort}
Search the Threat Library for Attachments (Files) using criteria and filters.
Criteria and filters should be formatted in the convention of SOLR query structures.
Criteria Options: mentions, name, title
Filter Options: created_at, updated_at, expires_at, published_at, type_name, source_name, source_created_at, related, tags, attribute
Example URI
POST /attachments/query?limit=500&offset=100&sort=id
URI Parameters
- limit
integer(optional) Example: 500The maximum number of records to retrieve.
- offset
integer(optional) Example: 100Designate the record that will appear first in your retrieved list.
- sort
string(optional) Example: idDesignate the field(s) you want to use to sort the retrieved list. You can prepend each field with a minus sign (-) to reverse the sorting order. This string can be a list of comma-separated values.
Request
Headers
Content-Type: application/json
Authorization: Bearer <access_token>Body
{
"criteria": {
"+or": [
{
"mentions": "phishing"
},
{
"name": {
"+contains": "parsing"
}
},
{
"title": {
"+contains": "parsing"
}
}
]
},
"filters": {
"+and": [
{
"created_at": {
"+lt": "2021-01-27 22:35:00"
}
},
{
"+or": [
{
"expires_at": {
"+gt": "2021-01-26 23:59:59",
"+lt": "2021-01-28 00:00:00"
}
},
{
"expired_at": {
"+gt": "2021-01-26 23:59:59",
"+lt": "2021-01-28 00:00:00"
}
}
]
},
{
"+or": [
{
"type_name": "FireEye Analysis"
}
]
},
{
"+or": [
{
"+and": [
{
"source_name": "Customer Admin"
},
{
"published_at": {
"+lt": "2021-01-27 22:50:00"
}
}
]
}
]
},
{
"+or": [
{
"related": {
"id": 1,
"type": "indicator"
}
}
]
},
{
"+or": [
{
"related": {
"object": "adversary"
}
}
]
},
{
"+or": [
{
"source_name": "Primary Contributor"
}
]
},
{
"+or": [
{
"tags": "Internal"
}
]
},
{
"updated_at": {
"+lt": "2021-01-27 22:51:00"
}
},
{
"+or": [
{
"+and": [
{
"source_name": "Primary Contributor"
},
{
"source_created_at": {
"+lt": "2021-01-27 22:50:00"
}
}
]
}
]
}
],
"+or": [
{
"attribute": {
"name": "Confidence",
"value": "High"
}
}
]
}
}Response
200Object(s) retrieved successfully.
Body
{
"total": 2,
"data": [
{
"path": "9/8/385b698cf73f84e7f1f888a81627cf",
"updated_at": "2021-01-27 19:50:43",
"type_id": 20,
"file_size": "11300",
"title": "parsing-sample.pdf",
"name": "parsing-sample.pdf",
"published_at": "2021-01-27 19:50:43",
"content_type_id": 1,
"placeholder": "0",
"created_at": "2021-01-27 19:50:43",
"hash": "89e17b2f6cd3888864237b0ee10048f0",
"id": 1,
"malware_locked": "0",
"touched_at": "2021-01-27 19:55:20",
"content_type_name": "application/pdf",
"adversaries": [
{
"name": "TOXIC PANDA"
}
],
"type": {
"name": "Spearphish Attachment",
"id": 20
},
"comments": [
{
"updated_at": "2020-12-25 07:02:05",
"value": "Is anyone reading what I'm typing?",
"attachment_id": 1,
"creator_source_id": 10,
"id": 3,
"created_at": "2020-12-25 07:02:05"
}
],
"sources": [
{
"updated_at": "2021-01-27 19:50:43",
"source_id": 5,
"type": "users",
"creator_source_id": 5,
"created_at": "2021-01-27 19:50:43",
"attachment_id": 1,
"id": 1,
"reference_id": 1,
"published_at": "2021-01-27 19:50:43",
"name": "Threat Quotient"
}
],
"content": ""
},
{
"path": "0/a/0bb1e36b529dc8e2387efe5b7585b6",
"updated_at": "2021-01-27 19:50:43",
"type_id": 23,
"file_size": "75",
"title": "Crazy malware!.net.org.exe",
"name": "Crazy malware!.net.org.exe",
"published_at": "2021-01-27 19:50:43",
"content_type_id": 2,
"placeholder": "0",
"created_at": "2021-01-27 19:50:43",
"hash": "dc6080259082066ae67b8323658a079e",
"id": 4,
"malware_locked": "1",
"touched_at": "2021-01-27 19:55:20",
"content_type_name": "text/plain",
"adversaries": [
{
"name": "FLYING KITTEN"
}
],
"type": {
"name": "ThreatQ CSV File",
"id": 23
},
"comments": [
{
"updated_at": "2021-01-16 10:53:39",
"value": "WHOIS Owner",
"attachment_id": 4,
"creator_source_id": 7,
"id": 4,
"created_at": "2021-01-16 10:53:39",
"source_name": "Customer Admin"
}
],
"sources": [
{
"updated_at": "2021-01-27 19:50:43",
"source_id": 5,
"type": "users",
"creator_source_id": 5,
"created_at": "2021-01-27 19:50:43",
"attachment_id": 4,
"id": 4,
"reference_id": 1,
"published_at": "2021-01-27 19:50:43",
"name": "Threat Quotient"
}
],
"content": ""
}
],
"offset": 0,
"limit": 25
}Response
401Access denied.
Attachment Signatures List ¶
Get ListGET/attachments/{attachment_id}/signatures{?limit,offset,sort,with}
Get a list of Attachment (File) Signature links.
Example URI
GET /attachments/1/signatures?limit=500&offset=100&sort=id&with=sources,pivot.attributes
URI Parameters
- attachment_id
integer(required) Example: 1Attachment ID
- limit
integer(optional) Example: 500The maximum number of records to retrieve.
- offset
integer(optional) Example: 100Designate the record that will appear first in your retrieved list.
- sort
string(optional) Example: idDesignate the field(s) you want to use to sort the retrieved list. You can prepend each field with a minus sign (-) to reverse the sorting order. This string can be a list of comma-separated values.
- with
string(optional) Example: sources,pivot.attributesA comma-separated list of related objects to include in the response. Options for this endpoint: pivot.comments, pivot.comments.sources, pivot.attributes, pivot.attributes.attribute, pivot.attributes.sources, pivot.sources, sources.
Request
Headers
Authorization: Bearer <access_token>Response
200Object(s) retrieved successfully.
Body
{
"total": 2,
"data": [
{
"id": 2,
"name": "ET EXPLOIT Borland VisiBroker Smart Agent Heap Overflow (2007937:4)",
"description": "",
"hash": "8cf2e60aeb0b7ed9874f2ed379b3f42d",
"value": "alert udp $EXTERNAL_NET any -> $HOME_NET 14000 (msg:\"ET EXPLOIT Borland VisiBroker Smart Agent Heap Overflow\"; content:\"|44 53 52 65 71 75 65 73 74|\"; pcre:\"/[0-9a-zA-Z]{50}/R\"; reference:bugtraq,28084; reference:url,aluigi.altervista.org/adv/visibroken-adv.txt; reference:url,doc.emergingthreats.net/bin/view/Main/2007937; classtype:successful-dos; sid:2007937; rev:4;)",
"status_id": 3,
"type_id": 6,
"last_detected_at": null,
"created_at": "2018-04-04 19:30:18",
"updated_at": "2018-04-04 19:30:18",
"touched_at": "2018-04-04 23:02:46",
"deleted_at": null,
"sources": [
{
"name": "Threat Quotient"
}
],
"pivot": {
"id": 62261,
"src_type": "signature",
"src_object_id": 2,
"dest_type": "adversary",
"dest_object_id": 1,
"created_at": "2018-04-04 19:30:18",
"updated_at": "2018-04-04 19:30:18",
"comments": [
{
"id": 57,
"type": "users",
"value": "This link is important.",
"created_at": "2018-04-04 23:16:40.155000",
"updated_at": "2018-04-04 23:18:42.648000",
"creator_source_id": 8,
"sources": [
{
"id": 8,
"name": "Threat Quotient"
}
]
}
],
"attributes": [
{
"id": 15080,
"name": "Industry",
"value": "Universities",
"sources": [
{
"id": 3,
"name": "Threat Quotient",
"type": "users",
"pivot": {
"created_at": "0000-00-00 00:00:00",
"updated_at": "0000-00-00 00:00:00"
}
}
]
}
],
"sources": [
{
"id": 24298,
"name": "Threat Quotient",
"type": "users",
"pivot": {
"created_at": "2018-04-04 23:02:46.740000",
"updated_at": "2018-04-04 23:02:46.740000"
}
}
]
}
},
{
"id": 1,
"name": "ET EXPLOIT Arkeia full remote access without password or authentication (2001742:9)",
"description": "",
"hash": "737309fe355ef23e1c03a5e98bc364b5",
"value": "alert tcp $EXTERNAL_NET any -> $HOME_NET 617 (msg:\"ET EXPLOIT Arkeia full remote access without password or authentication\"; flow:to_server,established; content:\"|464F3A20596F75206861766520737563|\"; content:\"|6520636C69656E7420696E666F726D61|\"; reference:url,metasploit.com/research/vulns/arkeia_agent; reference:url,doc.emergingthreats.net/bin/view/Main/2001742; classtype:attempted-admin; sid:2001742; rev:9;)",
"status_id": 3,
"type_id": 6,
"last_detected_at": null,
"created_at": "2018-04-04 19:30:18",
"updated_at": "2018-04-04 19:30:18",
"touched_at": "2018-04-04 23:03:35",
"deleted_at": null,
"sources": [
{
"name": "Threat Quotient"
}
],
"pivot": {
"id": 62262,
"src_type": "signature",
"src_object_id": 1,
"dest_type": "adversary",
"dest_object_id": 1,
"created_at": "2018-04-04 19:30:18",
"updated_at": "2018-04-04 19:30:18",
"comments": [
{
"id": 58,
"type": "users",
"value": "This link is also important.",
"created_at": "2018-04-04 23:16:58.817000",
"updated_at": "2018-04-04 23:16:58.817000",
"creator_source_id": 8,
"sources": [
{
"id": 8,
"name": "Threat Quotient"
}
]
}
],
"attributes": [
{
"id": 15081,
"name": "Industry",
"value": "Mining",
"sources": [
{
"id": 4,
"name": "Threat Quotient",
"type": "users",
"pivot": {
"created_at": "0000-00-00 00:00:00",
"updated_at": "0000-00-00 00:00:00"
}
}
]
}
],
"sources": [
{
"id": 24300,
"name": "Threat Quotient",
"type": "users",
"pivot": {
"created_at": "2018-04-04 23:03:35.975000",
"updated_at": "2018-04-04 23:03:35.975000"
}
}
]
}
}
],
"limit": 100,
"offset": 0
}Response
401Access denied.
Create NewPOST/attachments/{attachment_id}/signatures
Create a link from a (File) Signature to an Attachment.
Example URI
POST /attachments/1/signatures
URI Parameters
- attachment_id
integer(required) Example: 1Attachment ID
Request
Headers
Content-Type: application/json
Authorization: Bearer <access_token>Body
[
{
"id": 2
},
{
"id": 3
}
]Response
201Object was created successfully.
Headers
Content-Type: application/jsonBody
{
"total": 1,
"data": [
{
"id": 202,
"name": "ET EXPLOIT Possible CVE-2014-3704 Drupal SQLi attempt URLENCODE 27 (2019448:1)",
"description": "",
"hash": "32eb2da7b59c7e85fbeec98f90adaf2d",
"value": "alert tcp any any -> $HTTP_SERVERS $HTTP_PORTS (msg:\"ET EXPLOIT Possible CVE-2014-3704 Drupal SQLi attempt URLENCODE 27\"; flow:established,to_server; content:\"%6e%61m%65[\"; nocase; fast_pattern:only; http_client_body; pcre:\"/(?:^|&|Content-Disposition[\\x3a][^\\n]*?name\\s*?=\\s*?[\\x22\\x27])\\%6e\\%61m\\%65\\[[^\\x5d]*?\\W/Pi\"; reference:url,pastebin.com/F2Dk9LbX; classtype:web-application-attack; sid:2019448; rev:1;)",
"status_id": 4,
"type_id": 1,
"last_detected_at": null,
"created_at": "2017-03-02 16:34:40",
"updated_at": "2017-03-02 16:34:40",
"touched_at": "2017-03-02 16:34:41",
"pivot": {
"id": 62337,
"created_at": "2017-03-02 16:43:29",
"updated_at": "2017-03-02 16:43:29"
}
}
]
}Response
400Validation failed.
Headers
Content-Type: application/jsonBody
{
"data": [
{
"errors": {
"id": [
"The id field is required."
]
}
}
]
}Response
401Access denied.
Bulk DeleteDELETE/attachments/{attachment_id}/signatures
Delete multiple Attachment (File) Signature links.
Example URI
DELETE /attachments/1/signatures
URI Parameters
- attachment_id
integer(required) Example: 1Attachment ID
Request
Headers
Content-Type: application/json
Authorization: Bearer <access_token>Body
[
62351,
62352
]Response
204Object(s) were successfully deleted.
Response
401Access denied.
Attachment Signature ¶
Get SingleGET/attachments/{attachment_id}/signatures/{object_link_id}{?with}
Get a single Attachment (File) Signature link.
Example URI
GET /attachments/1/signatures/2?with=sources,pivot.attributes
URI Parameters
- attachment_id
integer(required) Example: 1Attachment ID
- object_link_id
integer(required) Example: 2Object Link ID
- with
string(optional) Example: sources,pivot.attributesA comma-separated list of related objects to include in the response. Options for this endpoint: pivot.comments, pivot.comments.sources, pivot.attributes, pivot.attributes.attribute, pivot.attributes.sources, pivot.sources, sources.
Request
Headers
Authorization: Bearer <access_token>Response
200Object(s) retrieved successfully.
Body
{
"data": {
"id": 2,
"name": "ET EXPLOIT Borland VisiBroker Smart Agent Heap Overflow (2007937:4)",
"description": "",
"hash": "8cf2e60aeb0b7ed9874f2ed379b3f42d",
"value": "alert udp $EXTERNAL_NET any -> $HOME_NET 14000 (msg:\"ET EXPLOIT Borland VisiBroker Smart Agent Heap Overflow\"; content:\"|44 53 52 65 71 75 65 73 74|\"; pcre:\"/[0-9a-zA-Z]{50}/R\"; reference:bugtraq,28084; reference:url,aluigi.altervista.org/adv/visibroken-adv.txt; reference:url,doc.emergingthreats.net/bin/view/Main/2007937; classtype:successful-dos; sid:2007937; rev:4;)",
"status_id": 3,
"type_id": 6,
"last_detected_at": null,
"created_at": "2018-04-04 19:30:18",
"updated_at": "2018-04-04 19:30:18",
"touched_at": "2018-04-04 23:02:46",
"pivot": {
"id": 62261,
"created_at": "2018-04-04 23:02:46",
"updated_at": "2018-04-04 23:02:46",
"comments": [
{
"id": 57,
"object_link_id": 62261,
"value": "This link is important.",
"creator_source_id": 8,
"created_at": "2018-04-04 23:16:40",
"updated_at": "2018-04-04 23:18:42",
"sources": [
{
"id": 8,
"type": "users",
"name": "Threat Quotient",
"expire_days": null,
"score": null,
"created_at": "2018-04-04 19:28:33",
"updated_at": "2018-04-04 19:28:33",
"pivot": {
"id": 57,
"creator_source_id": 8
}
}
]
}
],
"attributes": [
{
"id": 15080,
"object_link_id": 62261,
"attribute_id": 135,
"value": "Universities",
"created_at": "2018-04-04 23:09:28",
"updated_at": "2018-04-04 23:09:28",
"name": "Industry",
"attribute": {
"id": 135,
"name": "Industry",
"created_at": "2018-04-04 20:01:00",
"updated_at": "2018-04-04 20:01:00"
},
"sources": [
{
"id": 8,
"type": "users",
"name": "Threat Quotient",
"tlp_id": null,
"created_at": "-0001-11-30 00:00:00",
"updated_at": "-0001-11-30 00:00:00",
"published_at": null,
"pivot": {
"object_link_attribute_id": 15080,
"source_id": 8,
"id": 3,
"creator_source_id": 0
}
}
]
}
],
"sources": [
{
"id": 8,
"type": "users",
"name": "Threat Quotient",
"tlp_id": null,
"created_at": "2018-04-04 23:02:46",
"updated_at": "2018-04-04 23:02:46",
"published_at": null,
"pivot": {
"object_link_id": 62261,
"source_id": 8,
"id": 24298,
"creator_source_id": 8
}
}
]
},
"sources": [
{
"id": 8,
"type": "users",
"name": "Threat Quotient",
"tlp_id": null,
"created_at": "2018-04-04 19:30:18",
"updated_at": "2018-04-04 19:30:18",
"published_at": null,
"pivot": {
"signature_id": 2,
"source_id": 8,
"id": 2,
"creator_source_id": 8
}
}
]
}
}Response
401Access denied.
Response
404Object not found.
DeleteDELETE/attachments/{attachment_id}/signatures/{object_link_id}
Delete an Attachment (File) Signature link.
Example URI
DELETE /attachments/1/signatures/2
URI Parameters
- attachment_id
integer(required) Example: 1Attachment ID
- object_link_id
integer(required) Example: 2Object Link ID
Request
Headers
Authorization: Bearer <access_token>Response
204Object(s) were successfully deleted.
Response
401Access denied.
Response
404Object not found.
Attachment Signature Attributes List ¶
Get ListGET/attachments/{attachment_id}/signatures/{object_link_id}/attributes{?limit,offset,sort}
Get a list of Attachment (File) Signature link Attributes.
Example URI
GET /attachments/1/signatures/2/attributes?limit=500&offset=100&sort=id
URI Parameters
- attachment_id
integer(required) Example: 1Attachment ID
- object_link_id
integer(required) Example: 2Object Link ID
- limit
integer(optional) Example: 500The maximum number of records to retrieve.
- offset
integer(optional) Example: 100Designate the record that will appear first in your retrieved list.
- sort
string(optional) Example: idDesignate the field(s) you want to use to sort the retrieved list. You can prepend each field with a minus sign (-) to reverse the sorting order. This string can be a list of comma-separated values.
Request
Headers
Authorization: Bearer <access_token>Response
200Object(s) retrieved successfully.
Body
{
"total": 2,
"data": [
{
"id": 15067,
"object_link_id": 62326,
"attribute_id": 136,
"value": "Universities",
"created_at": "2018-04-02 17:46:43",
"updated_at": "2018-04-02 17:50:18",
"name": "Industry",
"attribute": {
"id": 136,
"name": "Industry",
"created_at": "2018-04-02 16:25:21",
"updated_at": "2018-04-02 16:25:21"
}
},
{
"id": 15068,
"object_link_id": 62326,
"attribute_id": 136,
"value": "Mining",
"created_at": "2018-04-02 17:52:14",
"updated_at": "2018-04-02 17:52:14",
"name": "Industry",
"attribute": {
"id": 136,
"name": "Industry",
"created_at": "2018-04-02 16:25:21",
"updated_at": "2018-04-02 16:25:21"
}
}
]
}Response
401Access denied.
Create NewPOST/attachments/{attachment_id}/signatures/{object_link_id}/attributes
Create a new Attachment (File) Signature link Attribute.
Example URI
POST /attachments/1/signatures/2/attributes
URI Parameters
- attachment_id
integer(required) Example: 1Attachment ID
- object_link_id
integer(required) Example: 2Object Link ID
Request
Headers
Content-Type: application/json
Authorization: Bearer <access_token>Body
{
"name": "Port",
"value": "4000",
"sources": [
{
"name": "TQ User",
"tlp": {
"name": "RED"
},
"published_at": "2017-02-28 01:01:01"
}
]
}Response
201Object was created successfully.
Headers
Content-Type: application/jsonBody
{
"data": [
{
"id": 15059,
"object_link_id": 61561,
"attribute_id": 401,
"value": "4000",
"created_at": "2017-03-01 21:47:14",
"updated_at": "2017-03-01 21:47:14",
"deleted_at": null
}
]
}Response
400Validation failed.
Headers
Content-Type: application/jsonBody
{
"errors": [
"Undefined index: value"
]
}Response
401Access denied.
Attachment Signature Attribute ¶
Get SingleGET/attachments/{attachment_id}/signatures/{object_link_id}/attributes/{object_link_attribute_id}
Get a single Attachment (File) Signature link Attribute.
Example URI
GET /attachments/1/signatures/2/attributes/3
URI Parameters
- attachment_id
integer(required) Example: 1Attachment ID
- object_link_id
integer(required) Example: 2Object Link ID
- object_link_attribute_id
integer(required) Example: 3Object Link Attribute ID
Request
Headers
Authorization: Bearer <access_token>Response
200Object(s) retrieved successfully.
Body
{
"data": {
"id": 15068,
"object_link_id": 62326,
"attribute_id": 136,
"value": "Mining",
"created_at": "2018-04-02 17:52:14",
"updated_at": "2018-04-02 17:52:14",
"name": "Industry",
"attribute": {
"id": 136,
"name": "Industry",
"created_at": "2018-04-02 16:25:21",
"updated_at": "2018-04-02 16:25:21"
}
}
}Response
401Access denied.
Response
404Object not found.
UpdatePUT/attachments/{attachment_id}/signatures/{object_link_id}/attributes/{object_link_attribute_id}
Update an Attachment (File) Signature link Attribute.
Example URI
PUT /attachments/1/signatures/2/attributes/3
URI Parameters
- attachment_id
integer(required) Example: 1Attachment ID
- object_link_id
integer(required) Example: 2Object Link ID
- object_link_attribute_id
integer(required) Example: 3Object Link Attribute ID
Request
Headers
Content-Type: application/json
Authorization: Bearer <access_token>Body
{
"value": "New Value",
"tlp": {
"name": "RED"
}
}Response
200Object(s) retrieved successfully.
Body
{
"data": [
{
"id": 15058,
"object_link_id": 61561,
"attribute_id": 14,
"value": "New Value",
"created_at": "2017-01-24 14:54:31",
"updated_at": "2017-03-01 22:13:22",
"deleted_at": null
}
]
}Response
400Validation failed.
Headers
Content-Type: application/jsonBody
{
"errors": [
"Undefined index: value"
]
}Response
401Access denied.
Response
404Object not found.
DeleteDELETE/attachments/{attachment_id}/signatures/{object_link_id}/attributes/{object_link_attribute_id}
Delete an Attachment (File) Signature link Attribute.
Example URI
DELETE /attachments/1/signatures/2/attributes/3
URI Parameters
- attachment_id
integer(required) Example: 1Attachment ID
- object_link_id
integer(required) Example: 2Object Link ID
- object_link_attribute_id
integer(required) Example: 3Object Link Attribute ID
Request
Headers
Authorization: Bearer <access_token>Response
204Object(s) were successfully deleted.
Response
401Access denied.
Response
404Object not found.
Attachment Signature Comments List ¶
Get ListGET/attachments/{attachment_id}/signatures/{object_link_id}/comments{?limit,offset,sort,with}
Get a list of Attachment (File) Signature link Comments.
Example URI
GET /attachments/1/signatures/2/comments?limit=500&offset=100&sort=id&with=sources
URI Parameters
- attachment_id
integer(required) Example: 1Attachment ID
- object_link_id
integer(required) Example: 2Object Link ID
- limit
integer(optional) Example: 500The maximum number of records to retrieve.
- offset
integer(optional) Example: 100Designate the record that will appear first in your retrieved list.
- sort
string(optional) Example: idDesignate the field(s) you want to use to sort the retrieved list. You can prepend each field with a minus sign (-) to reverse the sorting order. This string can be a list of comma-separated values.
- with
string(optional) Example: sourcesA comma-separated list of related objects to include in the response. Options for this endpoint: sources.
Request
Headers
Authorization: Bearer <access_token>Response
200Object(s) retrieved successfully.
Body
{
"total": 2,
"data": [
{
"id": 54,
"object_link_id": 62325,
"value": "This has some suspicious stuff.",
"creator_source_id": 8,
"created_at": "2018-04-02 16:19:51",
"updated_at": "2018-04-02 18:21:06",
"sources": [
{
"id": 8,
"type": "users",
"name": "Threat Quotient",
"expire_days": null,
"score": null,
"created_at": "2018-04-02 15:47:21",
"updated_at": "2018-04-02 15:47:21",
"pivot": {
"id": 54,
"creator_source_id": 8
}
}
]
},
{
"id": 56,
"object_link_id": 62325,
"value": "Compile date: 10/17/2011",
"creator_source_id": 8,
"created_at": "2018-04-02 16:20:25",
"updated_at": "2018-04-02 16:20:25",
"sources": [
{
"id": 8,
"type": "users",
"name": "Threat Quotient",
"expire_days": null,
"score": null,
"created_at": "2018-04-02 15:47:21",
"updated_at": "2018-04-02 15:47:21",
"pivot": {
"id": 56,
"creator_source_id": 8
}
}
]
}
]
}Response
401Access denied.
Create NewPOST/attachments/{attachment_id}/signatures/{object_link_id}/comments
Create a new Attachment (File) Signature link Comment.
Example URI
POST /attachments/1/signatures/2/comments
URI Parameters
- attachment_id
integer(required) Example: 1Attachment ID
- object_link_id
integer(required) Example: 2Object Link ID
Request
Headers
Content-Type: application/json
Authorization: Bearer <access_token>Body
{
"value": "This is a comment."
}Response
201Object was created successfully.
Headers
Content-Type: application/jsonBody
{
"data": {
"creator_source_id": 5,
"id": 69,
"value": "This is a comment.",
"sources": [
{
"id": 5,
"name": "Threat Quotient"
}
],
"created_at": "2017-03-02 14:12:32",
"updated_at": "2017-03-02 14:12:32"
}
}Response
400Validation failed.
Headers
Content-Type: application/jsonBody
{
"errors": [
"Undefined index: value"
]
}Response
401Access denied.
Attachment Signature Comment ¶
Get SingleGET/attachments/{attachment_id}/signatures/{object_link_id}/comments/{object_link_comment_id}
Get a single Attachment (File) Signature link Comment.
Example URI
GET /attachments/1/signatures/2/comments/3
URI Parameters
- attachment_id
integer(required) Example: 1Attachment ID
- object_link_id
integer(required) Example: 2Object Link ID
- object_link_comment_id
integer(required) Example: 3Object Link Comment ID
Request
Headers
Authorization: Bearer <access_token>Response
200Object(s) retrieved successfully.
Body
{
"data": {
"id": 54,
"value": "This is a comment.",
"sources": [
{
"id": 5,
"name": "Threat Quotient"
}
],
"created_at": "2017-03-02 23:18:29",
"updated_at": "2017-03-02 23:18:29"
}
}Response
401Access denied.
Response
404Object not found.
UpdatePUT/attachments/{attachment_id}/signatures/{object_link_id}/comments/{object_link_comment_id}
Update an Attachment (File) Signature link Comment.
Example URI
PUT /attachments/1/signatures/2/comments/3
URI Parameters
- attachment_id
integer(required) Example: 1Attachment ID
- object_link_id
integer(required) Example: 2Object Link ID
- object_link_comment_id
integer(required) Example: 3Object Link Comment ID
Request
Headers
Content-Type: application/json
Authorization: Bearer <access_token>Body
{
"value": "This is an updated comment."
}Response
201Object was created successfully.
Headers
Content-Type: application/jsonBody
{
"data": {
"creator_source_id": 5,
"value": "This is an updated comment.",
"id": 67,
"sources": [
{
"id": 5,
"name": "Threat Quotient"
}
],
"created_at": "2017-02-28 20:18:50",
"updated_at": "2017-03-02 14:37:49"
}
}Response
400Validation failed.
Headers
Content-Type: application/jsonBody
{
"data": {
"creator_source_id": 5,
"errors": {
"value": [
"The value field is required."
]
}
}
}Response
401Access denied.
Response
404Object not found.
DeleteDELETE/attachments/{attachment_id}/signatures/{object_link_id}/comments/{object_link_comment_id}
Delete an Attachment (File) Signature link Comment.
Example URI
DELETE /attachments/1/signatures/2/comments/3
URI Parameters
- attachment_id
integer(required) Example: 1Attachment ID
- object_link_id
integer(required) Example: 2Object Link ID
- object_link_comment_id
integer(required) Example: 3Object Link Comment ID
Request
Headers
Authorization: Bearer <access_token>Response
204Object(s) were successfully deleted.
Response
401Access denied.
Response
404Object not found.
Attachment Sources List ¶
Get ListGET/attachments/{attachment_id}/sources{?limit,offset,sort,with}
Get a list of Attachment (File) Sources.
Example URI
GET /attachments/1/sources?limit=500&offset=100&sort=id&with=attachment,tlp
URI Parameters
- attachment_id
integer(required) Example: 1Attachment ID
- limit
integer(optional) Example: 500The maximum number of records to retrieve.
- offset
integer(optional) Example: 100Designate the record that will appear first in your retrieved list.
- sort
string(optional) Example: idDesignate the field(s) you want to use to sort the retrieved list. You can prepend each field with a minus sign (-) to reverse the sorting order. This string can be a list of comma-separated values.
- with
string(optional) Example: attachment,tlpA comma-separated list of related objects to include in the response. Options for this endpoint: attachment, tlp.
Request
Headers
Authorization: Bearer <access_token>Response
200Object(s) retrieved successfully.
Body
{
"total": 2,
"data": [
{
"id": 1,
"attachment_id": 4,
"source_id": 5,
"creator_source_id": 5,
"tlp_id": null,
"created_at": "2017-03-16 15:01:52",
"updated_at": "2017-03-16 15:01:52",
"published_at": null
},
{
"id": 3,
"attachment_id": 4,
"source_id": 10,
"creator_source_id": 5,
"tlp_id": 1,
"created_at": "2017-03-16 22:18:47",
"updated_at": "2017-03-16 22:18:47",
"published_at": null
}
]
}Response
401Access denied.
Create NewPOST/attachments/{attachment_id}/sources
Create a new Attachment (File) Source.
Example URI
POST /attachments/1/sources
URI Parameters
- attachment_id
integer(required) Example: 1Attachment ID
Request
Headers
Content-Type: application/json
Authorization: Bearer <access_token>Body
{
"name": "Test Source",
"tlp": {
"name": "RED"
}
}Response
201Object was created successfully.
Headers
Content-Type: application/jsonBody
{
"total": 1,
"data": [
{
"id": 3,
"attachment_id": 4,
"source_id": 10,
"creator_source_id": 5,
"tlp_id": 1,
"created_at": "2017-03-16 22:18:47",
"updated_at": "2017-03-16 22:18:47",
"published_at": null,
"deleted_at": null,
"existing": 0,
"name": "Test Source"
}
]
}Response
400Validation failed.
Headers
Content-Type: application/jsonBody
{
"data": [
{
"errors": {
"name": [
"The name field is required."
]
}
}
]
}Response
401Access denied.
Attachment Source ¶
Get SingleGET/attachments/{attachment_id}/sources/{attachment_source_id}
Get a single Attachment (File) Source.
Example URI
GET /attachments/1/sources/2
URI Parameters
- attachment_id
integer(required) Example: 1Attachment ID
- attachment_source_id
integer(required) Example: 2Attachment Source ID
Request
Headers
Authorization: Bearer <access_token>Response
200Object(s) retrieved successfully.
Body
{
"data": {
"id": 1,
"attachment_id": 1,
"source_id": 13,
"creator_source_id": 8,
"tlp_id": 4,
"created_at": "2018-10-30 20:10:24",
"updated_at": "2018-10-30 20:10:24",
"published_at": null
}
}Response
401Access denied.
Response
404Object not found.
UpdatePUT/attachments/{attachment_id}/sources/{attachment_source_id}
Update an Attachment (File) Source.
Example URI
PUT /attachments/1/sources/2
URI Parameters
- attachment_id
integer(required) Example: 1Attachment ID
- attachment_source_id
integer(required) Example: 2Attachment Source ID
Request
Headers
Content-Type: application/json
Authorization: Bearer <access_token>Body
{
"tlp": {
"name": "RED"
}
}Response
200Object(s) retrieved successfully.
Body
{
"data": {
"id": 1,
"attachment_id": 1,
"source_id": 13,
"creator_source_id": 8,
"tlp_id": 4,
"created_at": "2018-10-30 20:10:24",
"updated_at": "2018-10-30 20:10:24",
"published_at": null
}
}Response
401Access denied.
Response
404Object not found.
DeleteDELETE/attachments/{attachment_id}/sources/{attachment_source_id}
Delete an Attachment (File) Source.
Example URI
DELETE /attachments/1/sources/2
URI Parameters
- attachment_id
integer(required) Example: 1Attachment ID
- attachment_source_id
integer(required) Example: 2Attachment Source ID
Request
Headers
Authorization: Bearer <access_token>Response
204Object(s) were successfully deleted.
Response
401Access denied.
Response
404Object not found.
Attachment Tag List ¶
Get ListGET/attachments/{attachment_id}/tags{?limit,offset,sort,with}
Get a list of Attachment (File) Tags (Keywords).
Example URI
GET /attachments/1/tags?limit=500&offset=100&sort=id&with=attachments
URI Parameters
- attachment_id
integer(required) Example: 1Attachment ID
- limit
integer(optional) Example: 500The maximum number of records to retrieve.
- offset
integer(optional) Example: 100Designate the record that will appear first in your retrieved list.
- sort
string(optional) Example: idDesignate the field(s) you want to use to sort the retrieved list. You can prepend each field with a minus sign (-) to reverse the sorting order. This string can be a list of comma-separated values.
- with
string(optional) Example: attachmentsA comma-separated list of related objects to include in the response. Options for this endpoint: attachments.
Request
Headers
Authorization: Bearer <access_token>Response
200Object(s) retrieved successfully.
Body
{
"total": 2,
"data": [
{
"id": 1,
"name": "New Tag Name",
"pivot": {
"object_id": 1,
"tag_id": 1,
"created_at": "2017-03-02 21:22:02",
"updated_at": "2017-03-02 21:22:02"
}
},
{
"id": 2,
"name": "Another New Tag Name",
"pivot": {
"object_id": 1,
"tag_id": 2,
"created_at": "2017-03-02 21:24:30",
"updated_at": "2017-03-02 21:24:30"
}
}
]
}Response
401Access denied.
Create NewPOST/attachments/{attachment_id}/tags
Create a new Attachment (File) Tag (Keyword).
Example URI
POST /attachments/1/tags
URI Parameters
- attachment_id
integer(required) Example: 1Attachment ID
Request
Headers
Content-Type: application/json
Authorization: Bearer <access_token>Body
{
"name": "Tag Name"
}Response
201Object was created successfully.
Headers
Content-Type: application/jsonBody
{
"total": 1,
"data": [
{
"id": 2,
"name": "Tag Name",
"pivot": {
"object_id": 1,
"tag_id": 2,
"created_at": "2017-03-02 21:24:30",
"updated_at": "2017-03-02 21:24:30"
}
}
]
}Response
400Validation failed.
Headers
Content-Type: application/jsonBody
{
"data": {
"errors": {
"name": [
"The name field is required."
]
}
}
}Response
401Access denied.
Attachment Tag ¶
Get SingleGET/attachments/{attachment_id}/tags/{tag_id}{?with}
Get a single Attachment (File) Tag (Keyword).
Example URI
GET /attachments/1/tags/2?with=attachments
URI Parameters
- attachment_id
integer(required) Example: 1Attachment ID
- tag_id
integer(required) Example: 2Tag ID
- with
string(optional) Example: attachmentsA comma-separated list of related objects to include in the response. Options for this endpoint: attachments.
Request
Headers
Authorization: Bearer <access_token>Response
200Object(s) retrieved successfully.
Body
{
"data": {
"id": 1,
"name": "Tag Name",
"pivot": {
"object_id": 1,
"tag_id": 1,
"created_at": "2017-03-02 21:22:02",
"updated_at": "2017-03-02 21:22:02"
}
}
}Response
401Access denied.
Response
404Object not found.
DeleteDELETE/attachments/{attachment_id}/tags/{tag_id}
Delete an Attachment (File) Tag (Keyword).
Example URI
DELETE /attachments/1/tags/2
URI Parameters
- attachment_id
integer(required) Example: 1Attachment ID
- tag_id
integer(required) Example: 2Tag ID
Request
Headers
Authorization: Bearer <access_token>Response
204Object(s) were successfully deleted.
Response
401Access denied.
Response
404Object not found.
Attachment Task List ¶
Get ListGET/attachments/{attachment_id}/tasks{?limit,offset,sort,with}
Get a list of Attachment Task links.
Example URI
GET /attachments/1/tasks?limit=500&offset=100&sort=id&with=pivot.sources,pivot.attributes
URI Parameters
- attachment_id
integer(required) Example: 1Attachment ID
- limit
integer(optional) Example: 500The maximum number of records to retrieve.
- offset
integer(optional) Example: 100Designate the record that will appear first in your retrieved list.
- sort
string(optional) Example: idDesignate the field(s) you want to use to sort the retrieved list. You can prepend each field with a minus sign (-) to reverse the sorting order. This string can be a list of comma-separated values.
- with
string(optional) Example: pivot.sources,pivot.attributesA comma-separated list of related objects to include in the response. Options for this endpoint: pivot.comments, pivot.comments.sources, pivot.attributes, pivot.attributes.attribute, pivot.attributes.sources, pivot.sources.
Request
Headers
Authorization: Bearer <access_token>Response
200Object(s) retrieved successfully.
Body
{
"total": 2,
"data": [
{
"id": 1,
"name": "Investigate",
"description": "This issue should be investigated.",
"status_id": 1,
"priority": "Medium",
"assignee_source_id": 8,
"creator_source_id": 8,
"due_at": "2018-04-10 23:57:08",
"completed_at": null,
"assigned_at": "2018-04-04 23:57:08",
"created_at": "2018-04-04 23:57:08",
"updated_at": "2018-04-04 23:57:29",
"pivot": {
"id": 62263,
"src_type": "adversary",
"src_object_id": 1,
"dest_type": "task",
"dest_object_id": 1,
"created_at": "2018-04-04 23:57:08",
"updated_at": "2018-04-04 23:57:08",
"comments": [
{
"id": 59,
"type": "users",
"value": "This link is also important.",
"created_at": "2018-04-05 00:03:55.818000",
"updated_at": "2018-04-05 00:03:55.818000",
"creator_source_id": 8,
"sources": [
{
"id": 8,
"name": "Threat Quotient"
}
]
}
],
"attributes": [
{
"id": 15082,
"name": "Industry",
"value": "Universities",
"sources": [
{
"id": 5,
"name": "Threat Quotient",
"type": "users",
"pivot": {
"created_at": "0000-00-00 00:00:00",
"updated_at": "0000-00-00 00:00:00"
}
}
]
}
],
"sources": [
{
"id": 24302,
"name": "Threat Quotient",
"type": "users",
"pivot": {
"created_at": "2018-04-04 23:58:35.081000",
"updated_at": "2018-04-04 23:58:35.081000"
}
}
]
}
},
{
"id": 2,
"name": "Research",
"description": "More research should be done on this issue.",
"status_id": 2,
"priority": "High",
"assignee_source_id": 8,
"creator_source_id": 8,
"due_at": "2018-04-10 23:57:08",
"completed_at": null,
"assigned_at": "2018-04-04 23:57:08",
"created_at": "2018-04-04 23:57:08",
"updated_at": "2018-04-04 23:58:19",
"pivot": {
"id": 62264,
"src_type": "adversary",
"src_object_id": 1,
"dest_type": "task",
"dest_object_id": 2,
"created_at": "2018-04-04 23:57:08",
"updated_at": "2018-04-04 23:57:08",
"comments": [
{
"id": 60,
"type": "users",
"value": "This link is important.",
"created_at": "2018-04-05 00:04:02.625000",
"updated_at": "2018-04-05 00:05:12.045000",
"creator_source_id": 8,
"sources": [
{
"id": 8,
"name": "Threat Quotient"
}
]
}
],
"attributes": [
{
"id": 15083,
"name": "Industry",
"value": "Mining",
"sources": [
{
"id": 6,
"name": "Threat Quotient",
"type": "users",
"pivot": {
"created_at": "0000-00-00 00:00:00",
"updated_at": "0000-00-00 00:00:00"
}
}
]
}
],
"sources": [
{
"id": 24304,
"name": "Threat Quotient",
"type": "users",
"pivot": {
"created_at": "2018-04-04 23:58:45.642000",
"updated_at": "2018-04-04 23:58:45.642000"
}
}
]
}
}
],
"limit": 100,
"offset": 0
}Response
401Access denied.
Create NewPOST/attachments/{attachment_id}/tasks
Create a link from a Task to an Attachment.
Example URI
POST /attachments/1/tasks
URI Parameters
- attachment_id
integer(required) Example: 1Attachment ID
Request
Headers
Content-Type: application/json
Authorization: Bearer <access_token>Body
[
{
"id": 2
},
{
"id": 3
}
]Response
201Object was created successfully.
Headers
Content-Type: application/jsonBody
{
"total": 1,
"data": [
{
"id": 2,
"name": "Research",
"description": "More research should be done on this issue.",
"status_id": 2,
"priority": "High",
"assignee_source_id": 8,
"creator_source_id": 8,
"due_at": "2018-04-10 23:57:08",
"completed_at": null,
"assigned_at": "2018-04-04 23:57:08",
"created_at": "2018-04-04 23:57:08",
"updated_at": "2018-04-04 23:58:19",
"pivot": {
"id": 62264,
"created_at": "2018-04-04 23:58:45",
"updated_at": "2018-04-04 23:58:45"
}
}
]
}Response
400Validation failed.
Headers
Content-Type: application/jsonBody
{
"data": [
{
"errors": {
"id": [
"The id field is required."
]
}
}
]
}Response
401Access denied.
Bulk DeleteDELETE/attachments/{attachment_id}/tasks
Delete multiple Attachment Task links. The request should include a list of object_link_ids to be deleted.
Example URI
DELETE /attachments/1/tasks
URI Parameters
- attachment_id
integer(required) Example: 1Attachment ID
Request
Headers
Content-Type: application/json
Authorization: Bearer <access_token>Body
[
62351,
62352
]Response
204Object(s) were successfully deleted.
Response
401Access denied.
Attachment Task ¶
Get SingleGET/attachments/{attachment_id}/tasks/{object_link_id}{?with}
Get a single Attachment Task link.
Example URI
GET /attachments/1/tasks/2?with=pivot.sources,pivot.attributes
URI Parameters
- attachment_id
integer(required) Example: 1Attachment ID
- object_link_id
integer(required) Example: 2Object Link ID
- with
string(optional) Example: pivot.sources,pivot.attributesA comma-separated list of related objects to include in the response. Options for this endpoint: pivot.comments, pivot.comments.sources, pivot.attributes, pivot.attributes.attribute, pivot.attributes.sources, pivot.sources.
Request
Headers
Authorization: Bearer <access_token>Response
200Object(s) retrieved successfully.
Body
{
"data": {
"id": 1,
"name": "Investigate",
"description": "This issue should be investigated.",
"status_id": 1,
"priority": "Medium",
"assignee_source_id": 8,
"creator_source_id": 8,
"due_at": "2018-04-10 23:57:08",
"completed_at": null,
"assigned_at": "2018-04-04 23:57:08",
"created_at": "2018-04-04 23:57:08",
"updated_at": "2018-04-04 23:57:29",
"pivot": {
"id": 62263,
"created_at": "2018-04-04 23:58:35",
"updated_at": "2018-04-04 23:58:35",
"comments": [
{
"id": 59,
"object_link_id": 62263,
"value": "This link is also important.",
"creator_source_id": 8,
"created_at": "2018-04-05 00:03:55",
"updated_at": "2018-04-05 00:03:55",
"sources": [
{
"id": 8,
"type": "users",
"name": "Threat Quotient",
"expire_days": null,
"score": null,
"created_at": "2018-04-04 19:28:33",
"updated_at": "2018-04-04 19:28:33",
"pivot": {
"id": 59,
"creator_source_id": 8
}
}
]
}
],
"attributes": [
{
"id": 15082,
"object_link_id": 62263,
"attribute_id": 135,
"value": "Universities",
"created_at": "2018-04-05 00:00:38",
"updated_at": "2018-04-05 00:00:38",
"name": "Industry",
"attribute": {
"id": 135,
"name": "Industry",
"created_at": "2018-04-04 20:01:00",
"updated_at": "2018-04-04 20:01:00"
},
"sources": [
{
"id": 8,
"type": "users",
"name": "Threat Quotient",
"tlp_id": null,
"created_at": "-0001-11-30 00:00:00",
"updated_at": "-0001-11-30 00:00:00",
"published_at": null,
"pivot": {
"object_link_attribute_id": 15082,
"source_id": 8,
"id": 5,
"creator_source_id": 0
}
}
]
}
],
"sources": [
{
"id": 8,
"type": "users",
"name": "Threat Quotient",
"tlp_id": null,
"created_at": "2018-04-04 23:58:35",
"updated_at": "2018-04-04 23:58:35",
"published_at": null,
"pivot": {
"object_link_id": 62263,
"source_id": 8,
"id": 24302,
"creator_source_id": 8
}
}
]
}
}
}Response
401Access denied.
Response
404Object not found.
DeleteDELETE/attachments/{attachment_id}/tasks/{object_link_id}
Delete an Attachment Task link.
Example URI
DELETE /attachments/1/tasks/2
URI Parameters
- attachment_id
integer(required) Example: 1Attachment ID
- object_link_id
integer(required) Example: 2Object Link ID
Request
Headers
Authorization: Bearer <access_token>Response
204Object(s) were successfully deleted.
Response
401Access denied.
Response
404Object not found.
Attachment Task Attributes List ¶
Get ListGET/attachments/{attachment_id}/tasks/{object_link_id}/attributes{?limit,offset,sort}
Get a list of Attachment (File) Task link Attributes.
Example URI
GET /attachments/1/tasks/2/attributes?limit=500&offset=100&sort=id
URI Parameters
- attachment_id
integer(required) Example: 1Attachment ID
- object_link_id
integer(required) Example: 2Object Link ID
- limit
integer(optional) Example: 500The maximum number of records to retrieve.
- offset
integer(optional) Example: 100Designate the record that will appear first in your retrieved list.
- sort
string(optional) Example: idDesignate the field(s) you want to use to sort the retrieved list. You can prepend each field with a minus sign (-) to reverse the sorting order. This string can be a list of comma-separated values.
Request
Headers
Authorization: Bearer <access_token>Response
200Object(s) retrieved successfully.
Body
{
"total": 2,
"data": [
{
"id": 15067,
"object_link_id": 62326,
"attribute_id": 136,
"value": "Universities",
"created_at": "2018-04-02 17:46:43",
"updated_at": "2018-04-02 17:50:18",
"name": "Industry",
"attribute": {
"id": 136,
"name": "Industry",
"created_at": "2018-04-02 16:25:21",
"updated_at": "2018-04-02 16:25:21"
}
},
{
"id": 15068,
"object_link_id": 62326,
"attribute_id": 136,
"value": "Mining",
"created_at": "2018-04-02 17:52:14",
"updated_at": "2018-04-02 17:52:14",
"name": "Industry",
"attribute": {
"id": 136,
"name": "Industry",
"created_at": "2018-04-02 16:25:21",
"updated_at": "2018-04-02 16:25:21"
}
}
]
}Response
401Access denied.
Create NewPOST/attachments/{attachment_id}/tasks/{object_link_id}/attributes
Create a new Attachment (File) Task link Attribute.
Example URI
POST /attachments/1/tasks/2/attributes
URI Parameters
- attachment_id
integer(required) Example: 1Attachment ID
- object_link_id
integer(required) Example: 2Object Link ID
Request
Headers
Content-Type: application/json
Authorization: Bearer <access_token>Body
{
"name": "Port",
"value": "4000",
"sources": [
{
"name": "TQ User",
"tlp": {
"name": "RED"
},
"published_at": "2017-02-28 01:01:01"
}
]
}Response
201Object was created successfully.
Headers
Content-Type: application/jsonBody
{
"data": [
{
"id": 15059,
"object_link_id": 61561,
"attribute_id": 401,
"value": "4000",
"created_at": "2017-03-01 21:47:14",
"updated_at": "2017-03-01 21:47:14",
"deleted_at": null
}
]
}Response
400Validation failed.
Headers
Content-Type: application/jsonBody
{
"errors": [
"Undefined index: value"
]
}Response
401Access denied.
Attachment Task Attribute ¶
Get SingleGET/attachments/{attachment_id}/tasks/{object_link_id}/attributes/{object_link_attribute_id}
Get a single Attachment (File) Task link Attribute.
Example URI
GET /attachments/1/tasks/2/attributes/3
URI Parameters
- attachment_id
integer(required) Example: 1Attachment ID
- object_link_id
integer(required) Example: 2Object Link ID
- object_link_attribute_id
integer(required) Example: 3Object Link Attribute ID
Request
Headers
Authorization: Bearer <access_token>Response
200Object(s) retrieved successfully.
Body
{
"data": {
"id": 15068,
"object_link_id": 62326,
"attribute_id": 136,
"value": "Mining",
"created_at": "2018-04-02 17:52:14",
"updated_at": "2018-04-02 17:52:14",
"name": "Industry",
"attribute": {
"id": 136,
"name": "Industry",
"created_at": "2018-04-02 16:25:21",
"updated_at": "2018-04-02 16:25:21"
}
}
}Response
401Access denied.
Response
404Object not found.
UpdatePUT/attachments/{attachment_id}/tasks/{object_link_id}/attributes/{object_link_attribute_id}
Update an Attachment (File) Task link Attribute.
Example URI
PUT /attachments/1/tasks/2/attributes/3
URI Parameters
- attachment_id
integer(required) Example: 1Attachment ID
- object_link_id
integer(required) Example: 2Object Link ID
- object_link_attribute_id
integer(required) Example: 3Object Link Attribute ID
Request
Headers
Content-Type: application/json
Authorization: Bearer <access_token>Body
{
"value": "New Value",
"tlp": {
"name": "RED"
}
}Response
200Object(s) retrieved successfully.
Body
{
"data": [
{
"id": 15058,
"object_link_id": 61561,
"attribute_id": 14,
"value": "New Value",
"created_at": "2017-01-24 14:54:31",
"updated_at": "2017-03-01 22:13:22",
"deleted_at": null
}
]
}Response
400Validation failed.
Headers
Content-Type: application/jsonBody
{
"errors": [
"Undefined index: value"
]
}Response
401Access denied.
Response
404Object not found.
DeleteDELETE/attachments/{attachment_id}/tasks/{object_link_id}/attributes/{object_link_attribute_id}
Delete an Attachment (File) Task link Attribute.
Example URI
DELETE /attachments/1/tasks/2/attributes/3
URI Parameters
- attachment_id
integer(required) Example: 1Attachment ID
- object_link_id
integer(required) Example: 2Object Link ID
- object_link_attribute_id
integer(required) Example: 3Object Link Attribute ID
Request
Headers
Authorization: Bearer <access_token>Response
204Object(s) were successfully deleted.
Response
401Access denied.
Response
404Object not found.
Attachment Task Comments List ¶
Get ListGET/attachments/{attachment_id}/tasks/{object_link_id}/comments{?limit,offset,sort,with}
Get a list of Attachment (File) Task link Comments.
Example URI
GET /attachments/1/tasks/2/comments?limit=500&offset=100&sort=id&with=sources
URI Parameters
- attachment_id
integer(required) Example: 1Attachment ID
- object_link_id
integer(required) Example: 2Object Link ID
- limit
integer(optional) Example: 500The maximum number of records to retrieve.
- offset
integer(optional) Example: 100Designate the record that will appear first in your retrieved list.
- sort
string(optional) Example: idDesignate the field(s) you want to use to sort the retrieved list. You can prepend each field with a minus sign (-) to reverse the sorting order. This string can be a list of comma-separated values.
- with
string(optional) Example: sourcesA comma-separated list of related objects to include in the response. Options for this endpoint: sources.
Request
Headers
Authorization: Bearer <access_token>Response
200Object(s) retrieved successfully.
Body
{
"total": 2,
"data": [
{
"id": 54,
"object_link_id": 62325,
"value": "This has some suspicious stuff.",
"creator_source_id": 8,
"created_at": "2018-04-02 16:19:51",
"updated_at": "2018-04-02 18:21:06",
"sources": [
{
"id": 8,
"type": "users",
"name": "Threat Quotient",
"expire_days": null,
"score": null,
"created_at": "2018-04-02 15:47:21",
"updated_at": "2018-04-02 15:47:21",
"pivot": {
"id": 54,
"creator_source_id": 8
}
}
]
},
{
"id": 56,
"object_link_id": 62325,
"value": "Compile date: 10/17/2011",
"creator_source_id": 8,
"created_at": "2018-04-02 16:20:25",
"updated_at": "2018-04-02 16:20:25",
"sources": [
{
"id": 8,
"type": "users",
"name": "Threat Quotient",
"expire_days": null,
"score": null,
"created_at": "2018-04-02 15:47:21",
"updated_at": "2018-04-02 15:47:21",
"pivot": {
"id": 56,
"creator_source_id": 8
}
}
]
}
]
}Response
401Access denied.
Create NewPOST/attachments/{attachment_id}/tasks/{object_link_id}/comments
Create a new Attachment (File) Task link Comment.
Example URI
POST /attachments/1/tasks/2/comments
URI Parameters
- attachment_id
integer(required) Example: 1Attachment ID
- object_link_id
integer(required) Example: 2Object Link ID
Request
Headers
Content-Type: application/json
Authorization: Bearer <access_token>Body
{
"value": "This is a comment."
}Response
201Object was created successfully.
Headers
Content-Type: application/jsonBody
{
"data": {
"creator_source_id": 5,
"id": 69,
"value": "This is a comment.",
"sources": [
{
"id": 5,
"name": "Threat Quotient"
}
],
"created_at": "2017-03-02 14:12:32",
"updated_at": "2017-03-02 14:12:32"
}
}Response
400Validation failed.
Headers
Content-Type: application/jsonBody
{
"errors": [
"Undefined index: value"
]
}Response
401Access denied.
Attachment Task Comment ¶
Get SingleGET/attachments/{attachment_id}/tasks/{object_link_id}/comments/{object_link_comment_id}
Get a single Attachment (File) Task link Comment.
Example URI
GET /attachments/1/tasks/2/comments/3
URI Parameters
- attachment_id
integer(required) Example: 1Attachment ID
- object_link_id
integer(required) Example: 2Object Link ID
- object_link_comment_id
integer(required) Example: 3Object Link Comment ID
Request
Headers
Authorization: Bearer <access_token>Response
200Object(s) retrieved successfully.
Body
{
"data": {
"id": 54,
"value": "This is a comment.",
"sources": [
{
"id": 5,
"name": "Threat Quotient"
}
],
"created_at": "2017-03-02 23:18:29",
"updated_at": "2017-03-02 23:18:29"
}
}Response
401Access denied.
Response
404Object not found.
UpdatePUT/attachments/{attachment_id}/tasks/{object_link_id}/comments/{object_link_comment_id}
Update an Attachment (File) Task link Comment.
Example URI
PUT /attachments/1/tasks/2/comments/3
URI Parameters
- attachment_id
integer(required) Example: 1Attachment ID
- object_link_id
integer(required) Example: 2Object Link ID
- object_link_comment_id
integer(required) Example: 3Object Link Comment ID
Request
Headers
Content-Type: application/json
Authorization: Bearer <access_token>Body
{
"value": "This is an updated comment."
}Response
201Object was created successfully.
Headers
Content-Type: application/jsonBody
{
"data": {
"creator_source_id": 5,
"value": "This is an updated comment.",
"id": 67,
"sources": [
{
"id": 5,
"name": "Threat Quotient"
}
],
"created_at": "2017-02-28 20:18:50",
"updated_at": "2017-03-02 14:37:49"
}
}Response
400Validation failed.
Headers
Content-Type: application/jsonBody
{
"data": {
"creator_source_id": 5,
"errors": {
"value": [
"The value field is required."
]
}
}
}Response
401Access denied.
Response
404Object not found.
DeleteDELETE/attachments/{attachment_id}/tasks/{object_link_id}/comments/{object_link_comment_id}
Delete an Attachment (File) Task link Comment.
Example URI
DELETE /attachments/1/tasks/2/comments/3
URI Parameters
- attachment_id
integer(required) Example: 1Attachment ID
- object_link_id
integer(required) Example: 2Object Link ID
- object_link_comment_id
integer(required) Example: 3Object Link Comment ID
Request
Headers
Authorization: Bearer <access_token>Response
204Object(s) were successfully deleted.
Response
401Access denied.
Response
404Object not found.
Attachment Types List ¶
Get ListGET/attachments/types{?limit,offset,sort,with}
Get a list of Attachment (File) Types.
Example URI
GET /attachments/types?limit=500&offset=100&sort=id&with=plugins,pluginActions
URI Parameters
- limit
integer(optional) Example: 500The maximum number of records to retrieve.
- offset
integer(optional) Example: 100Designate the record that will appear first in your retrieved list.
- sort
string(optional) Example: idDesignate the field(s) you want to use to sort the retrieved list. You can prepend each field with a minus sign (-) to reverse the sorting order. This string can be a list of comma-separated values.
- with
string(optional) Example: plugins,pluginActionsA comma-separated list of related objects to include in the response. Options for this endpoint: plugins, pluginActions.
Request
Headers
Authorization: Bearer <access_token>Response
200Object(s) retrieved successfully.
Body
{
"total": 24,
"data": [
{
"id": 1,
"name": "Cuckoo",
"is_parsable": "Y",
"parser_class": "Cuckoo",
"created_at": "2017-03-20 13:28:41",
"updated_at": "2017-03-20 13:28:41"
},
{
"id": 2,
"name": "CrowdStrike Intelligence",
"is_parsable": "N",
"parser_class": "",
"created_at": "2017-03-20 13:28:41",
"updated_at": "2017-03-20 13:28:41"
},
{
"id": 3,
"name": "Early Warning and Indicator Notice (EWIN)",
"is_parsable": "N",
"parser_class": "",
"created_at": "2017-03-20 13:28:41",
"updated_at": "2017-03-20 13:28:41"
}
]
}Response
401Access denied.
Create NewPOST/attachments/types
Create a new Attachment (File) Type.
Example URI
POST /attachments/types
Request
Headers
Content-Type: application/json
Authorization: Bearer <access_token>Body
{
"name": "New Type",
"is_parsable": "Y",
"parser_class": "Generic"
}Response
201Object was created successfully.
Headers
Content-Type: application/jsonBody
{
"data": {
"is_parsable": "Y",
"name": "New Type",
"parser_class": "Generic",
"updated_at": "2017-03-17 02:03:27",
"created_at": "2017-03-17 02:03:27",
"id": 25
}
}Response
400Validation failed.
Headers
Content-Type: application/jsonBody
{
"data": {
"is_parsable": "N",
"errors": {
"name": [
"The name field is required."
]
}
}
}Response
401Access denied.
Attachment Type ¶
Get SingleGET/attachments/types/{attachment_type_id}{?with}
Get a single Attachment (File) Type.
Example URI
GET /attachments/types/2?with=plugins,pluginActions
URI Parameters
- attachment_type_id
integer(required) Example: 2Attachment Type ID
- with
string(optional) Example: plugins,pluginActionsA comma-separated list of related objects to include in the response. Options for this endpoint: plugins, pluginActions.
Request
Headers
Authorization: Bearer <access_token>Response
200Object(s) retrieved successfully.
Body
{
"data": {
"id": 1,
"name": "Cuckoo",
"is_parsable": "Y",
"parser_class": "Cuckoo",
"created_at": "2017-03-16 13:03:46",
"updated_at": "2017-03-16 13:03:46"
}
}Response
401Access denied.
UpdatePUT/attachments/types/{attachment_type_id}{?with}
Update an Attachment (File) Type.
Example URI
PUT /attachments/types/2?with=plugins,pluginActions
URI Parameters
- attachment_type_id
integer(required) Example: 2Attachment Type ID
- with
string(optional) Example: plugins,pluginActionsA comma-separated list of related objects to include in the response. Options for this endpoint: plugins, pluginActions.
Request
Headers
Content-Type: application/json
Authorization: Bearer <access_token>Body
{
"name": "Updated New Type",
"is_parsable": "N",
"parser_class": ""
}Response
201Object was created successfully.
Headers
Content-Type: application/jsonBody
{
"data": {
"id": 25,
"name": "Updated New Type",
"is_parsable": "N",
"parser_class": "",
"created_at": "2017-03-17 02:03:27",
"updated_at": "2017-03-17 02:14:55"
}
}Response
401Access denied.
Response
404Object not found.
DeleteDELETE/attachments/types/{attachment_type_id}
Delete an Attachment (File) Type.
Example URI
DELETE /attachments/types/2
URI Parameters
- attachment_type_id
integer(required) Example: 2Attachment Type ID
Request
Headers
Authorization: Bearer <access_token>Response
204Object(s) were successfully deleted.
Response
401Access denied.
Response
404Object not found.
Attachment Upload ¶
Get UploadGET/attachments/upload
Check an Attachment (File) upload.
Example URI
GET /attachments/upload
Request
Headers
Authorization: Bearer <access_token>Response
200Object(s) retrieved successfully.
Response
401Access denied.
Response
404Object not found.
Upload NewPOST/attachments/upload
Upload a new Attachment (File).
Example URI
POST /attachments/upload
Request
Headers
Content-Type: application/json
Authorization: Bearer <access_token>Body
------WebKitFormBoundaryhatA0asEkvcym8Yv
Content-Disposition: form-data; name="resumableChunkNumber"
1
------WebKitFormBoundaryhatA0asEkvcym8Yv
Content-Disposition: form-data; name="resumableChunkSize"
1048576
------WebKitFormBoundaryhatA0asEkvcym8Yv
Content-Disposition: form-data; name="resumableCurrentChunkSize"
266039
------WebKitFormBoundaryhatA0asEkvcym8Yv
Content-Disposition: form-data; name="resumableTotalSize"
266039
------WebKitFormBoundaryhatA0asEkvcym8Yv
Content-Disposition: form-data; name="resumableType"
------WebKitFormBoundaryhatA0asEkvcym8Yv
Content-Disposition: form-data; name="resumableIdentifier"
266039-payload1json
------WebKitFormBoundaryhatA0asEkvcym8Yv
Content-Disposition: form-data; name="resumableFilename"
payload (1).json
------WebKitFormBoundaryhatA0asEkvcym8Yv
Content-Disposition: form-data; name="resumableRelativePath"
payload (1).json
------WebKitFormBoundaryhatA0asEkvcym8Yv
Content-Disposition: form-data; name="resumableTotalChunks"
1
------WebKitFormBoundaryhatA0asEkvcym8Yv
Content-Disposition: form-data; name="file"; filename="blob"
Content-Type: application/octet-stream
------WebKitFormBoundaryhatA0asEkvcym8Yv--
Name
uploadResponse
200Object(s) retrieved successfully.
Body
{}Response
401Access denied.
Attachment Watchlists ¶
Get SingleGET/attachments/{attachment_id}/watchlist
Get an Attachment (File) in the user’s Watchlist.
Example URI
GET /attachments/1/watchlist
URI Parameters
- attachment_id
integer(required) Example: 1Attachment ID
Request
Headers
Authorization: Bearer <access_token>Response
200Object(s) retrieved successfully.
Body
{
"total": 1,
"data": [
{
"id": 1,
"user_id": 1,
"object_type": "attachment",
"object_id": 1,
"created_at": "2017-03-16 19:34:25",
"updated_at": "2017-03-16 19:34:25",
"attachment": {
"id": 1,
"type_id": 1,
"title": "Crazy Bad File",
"name": "crazy-file.exe",
"hash": "f5f39c6886a66686af0950014dffe968",
"content_type_id": 1,
"file_size": 234235236,
"malware_locked": 1,
"description": "This file is crazy bad.",
"created_at": "2017-03-16 13:03:07",
"updated_at": "2017-03-16 16:37:58",
"touched_at": "2017-03-16 16:37:58"
}
}
]
}Response
401Access denied.
Create NewPOST/attachments/{attachment_id}/watchlist
Add an Attachment (File) to the user’s Watchlist.
Example URI
POST /attachments/1/watchlist
URI Parameters
- attachment_id
integer(required) Example: 1Attachment ID
Request
Headers
Authorization: Bearer <access_token>Body
No Request Body.Response
201Object was created successfully.
Headers
Content-Type: application/jsonBody
{
"data": {
"object_type": "attachment",
"user_id": 1,
"object_id": "3",
"updated_at": "2017-03-02 21:50:37",
"created_at": "2017-03-02 21:50:37",
"id": 3
}
}Response
401Access denied.
Attachment Watchlist ¶
Attachment WatchlistDELETE/attachments/{attachment_id}/watchlist/{watchlist_id}
Remove an Attachment (File) from the user’s Watchlist.
Example URI
DELETE /attachments/1/watchlist/2
URI Parameters
- attachment_id
integer(required) Example: 1Attachment ID
- watchlist_id
integer(required) Example: 2Watchlist ID
Request
Headers
Authorization: Bearer <access_token>Response
204Object(s) were successfully deleted.
Response
401Access denied.
Response
404Object not found.
Attachment Watchlist Bulk ¶
Get ListGET/attachments/watchlist
Get all Attachments (Files) in a user’s Watchlist. Only users with administrator privileges can see Watchlists for all users.
Example URI
GET /attachments/watchlist
Request
Headers
Authorization: Bearer <access_token>Response
200Object(s) retrieved successfully.
Body
{
"total": 2,
"data": [
{
"id": 1,
"user_id": 1,
"object_type": "attachment",
"object_id": 1,
"created_at": "2017-03-16 19:34:25",
"updated_at": "2017-03-16 19:34:25",
"attachment": {
"id": 1,
"type_id": 1,
"title": "Crazy Bad File",
"name": "crazy-file.exe",
"hash": "f5f39c6886a66686af0950014dffe968",
"content_type_id": 1,
"file_size": 234235236,
"malware_locked": 1,
"description": "This file is crazy bad.",
"created_at": "2017-03-16 13:03:07",
"updated_at": "2017-03-16 16:37:58",
"touched_at": "2017-03-16 16:37:58"
}
},
{
"id": 2,
"user_id": 1,
"object_type": "attachment",
"object_id": 2,
"created_at": "2017-03-16 19:35:31",
"updated_at": "2017-03-16 19:35:31",
"attachment": {
"id": 2,
"type_id": 2,
"title": "Bad Malware",
"name": "Crazy effing malware!.net.org.exe",
"hash": "350649b5b5fa5436d325cbaf482d52c7",
"content_type_id": 1,
"file_size": 134232,
"malware_locked": 0,
"description": null,
"created_at": "2017-03-15 13:03:07",
"updated_at": "2017-03-16 18:46:10",
"touched_at": "2017-03-16 18:46:10"
}
}
]
}Response
401Access denied.
Create NewPOST/attachments/watchlist
Bulk add Attachments (Files) to the user’s Watchlist.
Example URI
POST /attachments/watchlist
Request
Headers
Content-Type: application/json
Authorization: Bearer <access_token>Body
{
"object_ids": [
5,
6,
7
]
}Response
201Object was created successfully.
Headers
Content-Type: application/jsonBody
{
"data": [
{
"object_type": "attachment",
"user_id": 1,
"object_id": "5",
"updated_at": "2017-03-03 15:56:58",
"created_at": "2017-03-03 15:56:58",
"id": 4
},
{
"object_type": "attachment",
"user_id": 1,
"object_id": "6",
"updated_at": "2017-03-03 15:56:58",
"created_at": "2017-03-03 15:56:58",
"id": 5
},
{
"object_type": "attachment",
"user_id": 1,
"object_id": "7",
"updated_at": "2017-03-03 15:56:58",
"created_at": "2017-03-03 15:56:58",
"id": 6
}
]
}Response
401Access denied.
Attributes ¶
Attribute List ¶
Get ListGET/attributes{?limit,offset,sort,with}
Get a list of Attributes.
Example URI
GET /attributes?limit=500&offset=100&sort=id&with=valueWeights
URI Parameters
- limit
integer(optional) Example: 500The maximum number of records to retrieve.
- offset
integer(optional) Example: 100Designate the record that will appear first in your retrieved list.
- sort
string(optional) Example: idDesignate the field(s) you want to use to sort the retrieved list. You can prepend each field with a minus sign (-) to reverse the sorting order. This string can be a list of comma-separated values.
- with
string(optional) Example: valueWeightsA comma-separated list of related objects to include in the response. Options for this endpoint: valueWeights.
Request
Headers
Authorization: Bearer <access_token>Response
200Object(s) retrieved successfully.
Body
{
"total": 106,
"data": [
{
"id": 1,
"name": "Accessed Time",
"created_at": "2017-02-17 17:02:54",
"updated_at": "2017-03-03 17:03:54"
},
{
"id": 2,
"name": "ASN",
"created_at": "2017-02-22 17:02:54",
"updated_at": "2017-03-02 17:03:54"
},
{
"id": 3,
"name": "Associated File",
"created_at": "2017-02-20 17:02:54",
"updated_at": "2017-03-16 17:03:54"
}
]
}Response
401Access denied.
Create NewPOST/attributes
Create a new Attribute.
Example URI
POST /attributes
Request
Headers
Content-Type: application/json
Authorization: Bearer <access_token>Body
{
"name": "New Attribute"
}Response
201Object was created successfully.
Headers
Content-Type: application/jsonBody
{
"data": {
"name": "New Attribute",
"updated_at": "2017-03-17 18:19:44",
"created_at": "2017-03-17 18:19:44",
"id": 252
}
}Response
400Validation failed.
Headers
Content-Type: application/jsonBody
{
"data": {
"errors": {
"name": [
"The name field is required."
]
}
}
}Response
401Access denied.
Attribute ¶
AttributeGET/attributes/{attribute_id}{?with}
Get a single Attribute.
Example URI
GET /attributes/1?with=valueWeights
URI Parameters
- attribute_id
integer(required) Example: 1Attribute ID
- with
string(optional) Example: valueWeightsA comma-separated list of related objects to include in the response. Options for this endpoint: valueWeights.
Request
Headers
Authorization: Bearer <access_token>Response
200Object(s) retrieved successfully.
Body
{
"data": {
"id": 1,
"name": "Accessed Time",
"created_at": "2017-02-17 17:02:54",
"updated_at": "2017-03-03 17:03:54"
}
}Response
401Access denied.
Response
404Object not found.
Attribute Search ¶
Attribute SearchGET/attributes/search{?name,limit}
Search Attributes by name.
Example URI
GET /attributes/search?name=Date&limit=10
URI Parameters
- name
integer(required) Example: DateAttribute Name
- limit
integer(required) Example: 10The maximum number of records to retrieve.
Request
Headers
Authorization: Bearer <access_token>Response
200Object(s) retrieved successfully.
Body
{
"data": [
{
"id": 11,
"name": "Compilation Date"
},
{
"id": 15,
"name": "Create Date"
},
{
"id": 22,
"name": "Domain Registration Date"
}
]
}Response
401Access denied.
Attribute Value Weights ¶
Get ListGET/attributes/{attribute_id}/value-weight{?limit,offset,sort}
Get a list of Attribute Value Weights.
Example URI
GET /attributes/1/value-weight?limit=500&offset=100&sort=id
URI Parameters
- attribute_id
integer(required) Example: 1Attribute ID
- limit
integer(optional) Example: 500The maximum number of records to retrieve.
- offset
integer(optional) Example: 100Designate the record that will appear first in your retrieved list.
- sort
string(optional) Example: idDesignate the field(s) you want to use to sort the retrieved list. You can prepend each field with a minus sign (-) to reverse the sorting order. This string can be a list of comma-separated values.
Request
Headers
Authorization: Bearer <access_token>Response
200Object(s) retrieved successfully.
Body
{
"total": 2,
"data": [
{
"id": 1,
"attribute_id": 1,
"attribute_value": "2017-01-01 12:00:00",
"score": 2,
"created_at": "-0001-11-30 00:00:00",
"updated_at": "2017-03-17 19:21:41"
},
{
"id": 2,
"attribute_id": 1,
"attribute_value": "2017-02-02 02:00:00",
"score": -1,
"created_at": "-0001-11-30 00:00:00",
"updated_at": "-0001-11-30 00:00:00"
}
]
}Response
401Access denied.
Create NewPOST/attributes/{attribute_id}/value-weight
Create a new Attribute Value Weight.
Example URI
POST /attributes/1/value-weight
URI Parameters
- attribute_id
integer(required) Example: 1Attribute ID
Request
Headers
Content-Type: application/json
Authorization: Bearer <access_token>Body
{
"attribute_value": "2017-03-03 03:00:00",
"score": "5"
}Response
201Object was created successfully.
Headers
Content-Type: application/jsonBody
{
"data": {
"score": "5",
"attribute_id": "1",
"attribute_value": "2017-03-03 03:00:00",
"updated_at": "2017-03-17 19:29:51",
"created_at": "2017-03-17 19:29:51",
"id": 3
}
}Response
400Validation failed.
Headers
Content-Type: application/jsonBody
{
"data": {
"score": 0,
"attribute_id": "1",
"errors": {
"attribute_value": [
"The attribute value field is required."
]
}
}
}Response
401Access denied.
Attribute Value Weight ¶
Get SingleGET/attributes/{attribute_id}/value-weight/{attribute_value_weight_id}
Get a single Attribute Value Weight.
Example URI
GET /attributes/1/value-weight/2
URI Parameters
- attribute_id
integer(required) Example: 1Attribute ID
- attribute_value_weight_id
integer(required) Example: 2Attribute Value Weight ID
Request
Headers
Authorization: Bearer <access_token>Response
200Object(s) retrieved successfully.
Body
{
"data": {
"id": 1,
"attribute_id": 1,
"attribute_value": "2017-01-01 12:00:00",
"score": 2,
"created_at": "-0001-11-30 00:00:00",
"updated_at": "2017-03-17 19:21:41"
}
}Response
401Access denied.
UpdatePUT/attributes/{attribute_id}/value-weight/{attribute_value_weight_id}
Update an Attribute Value Weight.
Example URI
PUT /attributes/1/value-weight/2
URI Parameters
- attribute_id
integer(required) Example: 1Attribute ID
- attribute_value_weight_id
integer(required) Example: 2Attribute Value Weight ID
Request
Headers
Content-Type: application/json
Authorization: Bearer <access_token>Body
{
"attribute_value": "2017-01-02 12:00:00",
"score": "3"
}Response
201Object was created successfully.
Headers
Content-Type: application/jsonBody
{
"data": {
"id": 1,
"attribute_id": 1,
"attribute_value": "2017-01-02 12:00:00",
"score": "3",
"created_at": "-0001-11-30 00:00:00",
"updated_at": "2017-03-17 19:46:33"
}
}Response
401Access denied.
Response
404Object not found.
DeleteDELETE/attributes/{attribute_id}/value-weight/{attribute_value_weight_id}
Delete an Attribute Value Weight.
Example URI
DELETE /attributes/1/value-weight/2
URI Parameters
- attribute_id
integer(required) Example: 1Attribute ID
- attribute_value_weight_id
integer(required) Example: 2Attribute Value Weight ID
Request
Headers
Authorization: Bearer <access_token>Response
204Object(s) were successfully deleted.
Response
401Access denied.
Response
404Object not found.
Attribute Value Weight List ¶
Attribute Value Weight ListGET/attributes/value-weight{?limit,offset,sort}
Get a list of all Attribute Value Weights.
Example URI
GET /attributes/value-weight?limit=500&offset=100&sort=id
URI Parameters
- limit
integer(optional) Example: 500The maximum number of records to retrieve.
- offset
integer(optional) Example: 100Designate the record that will appear first in your retrieved list.
- sort
string(optional) Example: idDesignate the field(s) you want to use to sort the retrieved list. You can prepend each field with a minus sign (-) to reverse the sorting order. This string can be a list of comma-separated values.
Request
Headers
Authorization: Bearer <access_token>Response
200Object(s) retrieved successfully.
Body
{
"total": 3,
"data": [
{
"id": 1,
"attribute_id": 1,
"attribute_value": "2017-01-02 12:00:00",
"score": 3,
"created_at": "2017-03-17 19:42:33",
"updated_at": "2017-03-17 20:05:10"
},
{
"id": 4,
"attribute_id": 5,
"attribute_value": "malware.exe",
"score": 7,
"created_at": "2017-03-17 19:42:33",
"updated_at": "2017-03-17 20:05:15"
},
{
"id": 5,
"attribute_id": 43,
"attribute_value": "90.90.90.90",
"score": -4,
"created_at": "2017-03-17 19:42:33",
"updated_at": "2017-03-17 20:06:03"
}
]
}Response
401Access denied.
Configuration ¶
Configuration List ¶
Get ListGET/configuration{?limit,offset,sort}
Get a list of Configuration parameters.
Example URI
GET /configuration?limit=500&offset=100&sort=id
URI Parameters
- limit
integer(optional) Example: 500The maximum number of records to retrieve.
- offset
integer(optional) Example: 100Designate the record that will appear first in your retrieved list.
- sort
string(optional) Example: idDesignate the field(s) you want to use to sort the retrieved list. You can prepend each field with a minus sign (-) to reverse the sorting order. This string can be a list of comma-separated values.
Request
Headers
Authorization: Bearer <access_token>Response
200Object(s) retrieved successfully.
Body
{
"total": 2,
"data": [
{
"key": "key.1",
"value": "value.1",
"group": "",
"created_at": "2017-03-17 20:42:41",
"updated_at": "2017-03-17 20:42:41"
},
{
"key": "key.2",
"value": "value.2",
"group": "",
"created_at": "2017-03-17 20:42:41",
"updated_at": "2017-03-17 20:42:41"
}
]
}Response
401Access denied.
Create NewPOST/configuration
Create a new Configuration parameter.
Example URI
POST /configuration
Request
Headers
Content-Type: application/json
Authorization: Bearer <access_token>Body
{
"key": "New Key",
"value": "New Value",
"group": "config_group"
}Response
201Object was created successfully.
Headers
Content-Type: application/jsonBody
{
"data": {
"key": "New Key",
"value": "New Value",
"group": "config_group",
"updated_at": "2017-03-17 20:50:20",
"created_at": "2017-03-17 20:50:20"
}
}Response
400Validation failed.
Headers
Content-Type: application/jsonBody
{
"data": {
"errors": {
"key": [
"The key field is required."
]
}
}
}Response
401Access denied.
Proxy Configuration List ¶
Get ListGET/configuration/proxy
Get a list of Proxy Configurations.
Example URI
GET /configuration/proxy
Request
Headers
Authorization: Bearer <access_token>Response
200Object(s) retrieved successfully.
Body
{
"total": 1,
"data": [
{
"name": "internal_proxy_1",
"password": "password",
"password_required": true,
"port": 4000,
"server": "threatq.com",
"username": "threatqUser"
}
]
}Response
401Access denied.
Create NewPOST/configuration/proxy
Create a new Proxy Configuration.
Example URI
POST /configuration/proxy
Request
Headers
Content-Type: application/json
Authorization: Bearer <access_token>Body
{
"name": "internal_proxy_1",
"server": "threatq.com",
"port": "4000",
"password_required": "true",
"username": "threatqUser",
"password": "password"
}Response
201Object was created successfully.
Headers
Content-Type: application/jsonBody
{
"data": {
"name": "internal_proxy_1",
"server": "threatq.com",
"port": 4000,
"password_required": true,
"username": "threatqUser",
"password": "password"
}
}Response
400Validation failed.
Headers
Content-Type: application/jsonBody
{
"errors": {
"name": [
"The name field is required."
],
"server": [
"The server field is required."
]
}
}Response
401Access denied.
Proxy Configuration ¶
Get SingleGET/configuration/proxy/{name}
Get a single Proxy Configuration.
Example URI
GET /configuration/proxy/internal_proxy_1
URI Parameters
- name
string(required) Example: internal_proxy_1Proxy Name
Request
Headers
Authorization: Bearer <access_token>Response
200Object(s) retrieved successfully.
Body
{
"data": {
"name": "internal_proxy_1",
"password": "password",
"password_required": true,
"port": 4000,
"server": "threatq.com",
"username": "threatqUser"
}
}Response
401Access denied.
UpdatePUT/configuration/proxy/{name}
Update a Proxy Configuration.
Example URI
PUT /configuration/proxy/internal_proxy_1
URI Parameters
- name
string(required) Example: internal_proxy_1Proxy Name
Request
Headers
Content-Type: application/json
Authorization: Bearer <access_token>Body
{
"name": "internal_proxy_1",
"server": "threatq.com",
"port": "4001",
"password_required": "true",
"username": "threatqUser1",
"password": "new_password"
}Response
201Object was created successfully.
Headers
Content-Type: application/jsonBody
{
"data": {
"name": "internal_proxy_1",
"password": "new_password",
"password_required": true,
"port": 4001,
"server": "threatq.com",
"username": "threatqUser1"
}
}Response
401Access denied.
Response
404Object not found.
DeleteDELETE/configuration/proxy/{name}
Delete a Proxy Configuration.
Example URI
DELETE /configuration/proxy/internal_proxy_1
URI Parameters
- name
string(required) Example: internal_proxy_1Proxy Name
Request
Headers
Authorization: Bearer <access_token>Response
204Object(s) were successfully deleted.
Response
401Access denied.
Response
404Object not found.
LDAP Configuration List ¶
Get ListGET/configuration/ldap{?limit,offset,sort}
Get a list of LDAP Configuration parameters.
Example URI
GET /configuration/ldap?limit=500&offset=100&sort=id
URI Parameters
- limit
integer(optional) Example: 500The maximum number of records to retrieve.
- offset
integer(optional) Example: 100Designate the record that will appear first in your retrieved list.
- sort
string(optional) Example: idDesignate the field(s) you want to use to sort the retrieved list. You can prepend each field with a minus sign (-) to reverse the sorting order. This string can be a list of comma-separated values.
Request
Headers
Authorization: Bearer <access_token>Response
200Object(s) retrieved successfully.
Body
{
"total": 14,
"data": [
{
"key": "ldap.config.domain",
"value": "threatq.com",
"group": "ldap",
"created_at": "2017-03-18 15:49:34",
"updated_at": "2017-03-18 15:49:34"
},
{
"key": "ldap.config.filter_field_name",
"value": "memberUid",
"group": "ldap",
"created_at": "2017-03-18 15:49:34",
"updated_at": "2017-03-18 15:49:34"
},
{
"key": "ldap.config.group_field_name",
"value": "cn",
"group": "ldap",
"created_at": "2017-03-18 15:49:34",
"updated_at": "2017-03-18 15:49:34"
},
{
"key": "ldap.config.ou",
"value": "tqusers",
"group": "ldap",
"created_at": "2017-03-18 15:49:34",
"updated_at": "2017-03-18 15:49:34"
},
{
"key": "ldap.config.port",
"value": "389",
"group": "ldap",
"created_at": "2017-03-18 15:49:34",
"updated_at": "2017-03-18 15:49:34"
},
{
"key": "ldap.config.server",
"value": "ldap://",
"group": "ldap",
"created_at": "2017-03-18 15:49:34",
"updated_at": "2017-03-18 15:49:34"
},
{
"key": "ldap.config.uid_key",
"value": "uid",
"group": "ldap",
"created_at": "2017-03-18 15:49:34",
"updated_at": "2017-03-18 15:49:34"
},
{
"key": "ldap.config.use_rdn",
"value": "1",
"group": "ldap",
"created_at": "2017-03-18 15:49:34",
"updated_at": "2017-03-18 15:49:34"
},
{
"key": "ldap.config.user_append_domain",
"value": "1",
"group": "ldap",
"created_at": "2017-03-18 15:49:34",
"updated_at": "2017-03-18 15:49:34"
},
{
"key": "ldap.enabled",
"value": "0",
"group": "ldap",
"created_at": "2017-03-18 15:49:34",
"updated_at": "2017-03-18 15:49:34"
},
{
"key": "ldap.group.administrator",
"value": "myAdmin",
"group": "ldap",
"created_at": "2017-03-18 15:49:34",
"updated_at": "2017-03-18 15:49:34"
},
{
"key": "ldap.group.analyst",
"value": "myAnalyst",
"group": "ldap",
"created_at": "2017-03-18 15:49:34",
"updated_at": "2017-03-18 15:49:34"
},
{
"key": "ldap.group.observer",
"value": "myObserver",
"group": "ldap",
"created_at": "2017-03-18 15:49:34",
"updated_at": "2017-03-18 15:49:34"
},
{
"key": "ldap.group.super",
"value": "mySuperUser",
"group": "ldap",
"created_at": "2017-03-18 15:49:34",
"updated_at": "2017-03-18 15:49:34"
}
]
}Response
401Access denied.
Create NewPOST/configuration/ldap
Create a new LDAP Configuration.
Example URI
POST /configuration/ldap
Request
Headers
Content-Type: application/json
Authorization: Bearer <access_token>Body
{
"total": 14,
"data": [
{
"key": "ldap.config.domain",
"value": "threatq.com",
"group": "ldap",
"created_at": "2017-03-18 15:49:34",
"updated_at": "2017-03-18 15:49:34"
},
{
"key": "ldap.config.filter_field_name",
"value": "memberUid",
"group": "ldap",
"created_at": "2017-03-18 15:49:34",
"updated_at": "2017-03-18 15:49:34"
},
{
"key": "ldap.config.group_field_name",
"value": "cn",
"group": "ldap",
"created_at": "2017-03-18 15:49:34",
"updated_at": "2017-03-18 15:49:34"
},
{
"key": "ldap.config.ou",
"value": "tqusers",
"group": "ldap",
"created_at": "2017-03-18 15:49:34",
"updated_at": "2017-03-18 15:49:34"
},
{
"key": "ldap.config.port",
"value": "389",
"group": "ldap",
"created_at": "2017-03-18 15:49:34",
"updated_at": "2017-03-18 15:49:34"
},
{
"key": "ldap.config.server",
"value": "ldap://",
"group": "ldap",
"created_at": "2017-03-18 15:49:34",
"updated_at": "2017-03-18 15:49:34"
},
{
"key": "ldap.config.uid_key",
"value": "uid",
"group": "ldap",
"created_at": "2017-03-18 15:49:34",
"updated_at": "2017-03-18 15:49:34"
},
{
"key": "ldap.config.use_rdn",
"value": "1",
"group": "ldap",
"created_at": "2017-03-18 15:49:34",
"updated_at": "2017-03-18 15:49:34"
},
{
"key": "ldap.config.user_append_domain",
"value": "1",
"group": "ldap",
"created_at": "2017-03-18 15:49:34",
"updated_at": "2017-03-18 15:49:34"
},
{
"key": "ldap.enabled",
"value": "0",
"group": "ldap",
"created_at": "2017-03-18 15:49:34",
"updated_at": "2017-03-18 15:49:34"
},
{
"key": "ldap.group.administrator",
"value": "myAdmin",
"group": "ldap",
"created_at": "2017-03-18 15:49:34",
"updated_at": "2017-03-18 15:49:34"
},
{
"key": "ldap.group.analyst",
"value": "myAnalyst",
"group": "ldap",
"created_at": "2017-03-18 15:49:34",
"updated_at": "2017-03-18 15:49:34"
},
{
"key": "ldap.group.observer",
"value": "myObserver",
"group": "ldap",
"created_at": "2017-03-18 15:49:34",
"updated_at": "2017-03-18 15:49:34"
},
{
"key": "ldap.group.super",
"value": "mySuperUser",
"group": "ldap",
"created_at": "2017-03-18 15:49:34",
"updated_at": "2017-03-18 15:49:34"
}
]
}Response
201Object was created successfully.
Headers
Content-Type: application/jsonBody
{
"total": 14,
"data": [
{
"key": "ldap.enabled",
"group": "ldap",
"value": "0",
"updated_at": "2017-03-18 15:49:34",
"created_at": "2017-03-18 15:49:34"
},
{
"key": "ldap.config.domain",
"group": "ldap",
"value": "threatq.com",
"updated_at": "2017-03-18 15:49:34",
"created_at": "2017-03-18 15:49:34"
},
{
"key": "ldap.config.server",
"group": "ldap",
"value": "ldap://",
"updated_at": "2017-03-18 15:49:34",
"created_at": "2017-03-18 15:49:34"
},
{
"key": "ldap.config.port",
"group": "ldap",
"value": "389",
"updated_at": "2017-03-18 15:49:34",
"created_at": "2017-03-18 15:49:34"
},
{
"key": "ldap.config.ou",
"group": "ldap",
"value": "tqusers",
"updated_at": "2017-03-18 15:49:34",
"created_at": "2017-03-18 15:49:34"
},
{
"key": "ldap.config.uid_key",
"group": "ldap",
"value": "uid",
"updated_at": "2017-03-18 15:49:34",
"created_at": "2017-03-18 15:49:34"
},
{
"key": "ldap.config.use_rdn",
"group": "ldap",
"value": "1",
"updated_at": "2017-03-18 15:49:34",
"created_at": "2017-03-18 15:49:34"
},
{
"key": "ldap.config.user_append_domain",
"group": "ldap",
"value": "1",
"updated_at": "2017-03-18 15:49:34",
"created_at": "2017-03-18 15:49:34"
},
{
"key": "ldap.config.group_field_name",
"group": "ldap",
"value": "cn",
"updated_at": "2017-03-18 15:49:34",
"created_at": "2017-03-18 15:49:34"
},
{
"key": "ldap.config.filter_field_name",
"group": "ldap",
"value": "memberUid",
"updated_at": "2017-03-18 15:49:34",
"created_at": "2017-03-18 15:49:34"
},
{
"key": "ldap.group.super",
"group": "ldap",
"value": "mySuperUser",
"updated_at": "2017-03-18 15:49:34",
"created_at": "2017-03-18 15:49:34"
},
{
"key": "ldap.group.administrator",
"group": "ldap",
"value": "myAdmin",
"updated_at": "2017-03-18 15:49:34",
"created_at": "2017-03-18 15:49:34"
},
{
"key": "ldap.group.analyst",
"group": "ldap",
"value": "myAnalyst",
"updated_at": "2017-03-18 15:49:34",
"created_at": "2017-03-18 15:49:34"
},
{
"key": "ldap.group.observer",
"group": "ldap",
"value": "myObserver",
"updated_at": "2017-03-18 15:49:34",
"created_at": "2017-03-18 15:49:34"
}
]
}Response
400Validation failed.
Headers
Content-Type: application/jsonBody
{
"errors": {
"ldap.enabled": [
"The ldap.enabled field is required."
],
"ldap.config.domain": [
"The ldap.config.domain field is required."
],
"ldap.config.server": [
"The ldap.config.server field is required."
],
"ldap.config.port": [
"The ldap.config.port field is required."
],
"ldap.config.use_rdn": [
"The ldap.config.use rdn field is required."
],
"ldap.config.user_append_domain": [
"The ldap.config.user append domain field is required."
],
"ldap.config.ou": [
"The ldap.config.ou field is required."
],
"ldap.config.group_field_name": [
"The ldap.config.group field name field is required."
],
"ldap.config.filter_field_name": [
"The ldap.config.filter field name field is required."
],
"ldap.config.uid_key": [
"The ldap.config.uid key field is required."
],
"ldap.group.super": [
"The ldap.group.super field is required."
],
"ldap.group.administrator": [
"The ldap.group.administrator field is required."
],
"ldap.group.analyst": [
"The ldap.group.analyst field is required."
],
"ldap.group.observer": [
"The ldap.group.observer field is required."
]
}
}Response
401Access denied.
LDAP Configuration ¶
UpdatePUT/configuration/ldap/{ldap_key}
Update a LDAP Configuration.
Example URI
PUT /configuration/ldap/ldap.config.ou
URI Parameters
- ldap_key
string(required) Example: ldap.config.ouLDAP Key
Request
Headers
Content-Type: application/json
Authorization: Bearer <access_token>Body
{
"value": "users"
}Response
201Object was created successfully.
Headers
Content-Type: application/jsonBody
{
"data": {
"key": "ldap.config.ou",
"value": "users",
"group": "ldap",
"created_at": "2017-03-18 15:49:34",
"updated_at": "2017-03-18 16:11:02"
}
}Response
401Access denied.
Response
404Object not found.
DeleteDELETE/configuration/ldap/{ldap_key}
Delete a LDAP Configuration. Deleting a single key will remove the entire configuration from the database.
Example URI
DELETE /configuration/ldap/ldap.config.ou
URI Parameters
- ldap_key
string(required) Example: ldap.config.ouLDAP Key
Request
Headers
Authorization: Bearer <access_token>Response
204Object(s) were successfully deleted.
Response
401Access denied.
Response
404Object not found.
LDAP Enable ¶
LDAP EnablePUT/configuration/ldap/enable
Enable LDAP.
Example URI
PUT /configuration/ldap/enable
Request
Headers
Authorization: Bearer <access_token>Body
No Request Body.Response
201Object was created successfully.
Headers
Content-Type: application/jsonBody
{
"data": {
"key": "ldap.enabled",
"value": "1",
"group": "ldap",
"created_at": "2017-03-18 15:49:34",
"updated_at": "2017-03-18 16:20:14"
}
}Response
400Validation failed.
Headers
Content-Type: application/jsonBody
{
"errors": [
"LDAP is already enabled."
]
}
{
"errors": [
"LDAP configuration not found."
]
}Response
401Access denied.
LDAP Disable ¶
LDAP DisablePUT/configuration/ldap/disable
Disable LDAP.
Example URI
PUT /configuration/ldap/disable
Request
Headers
Authorization: Bearer <access_token>Body
No Request Body.Response
201Object was created successfully.
Headers
Content-Type: application/jsonBody
{
"data": {
"key": "ldap.enabled",
"value": "0",
"group": "ldap",
"created_at": "2017-03-18 16:30:20",
"updated_at": "2017-03-18 16:32:43"
}
}Response
400Validation failed.
Headers
Content-Type: application/jsonBody
{
"errors": [
"LDAP is already disabled."
]
}
{
"errors": [
"LDAP configuration not found."
]
}Response
401Access denied.
TLP ¶
TLP Enable/DisablePUT/configuration/{tlp.enabled}
Enable or disable TLP.
Example URI
PUT /configuration/tlp.enabled
URI Parameters
- tlp.enabled
string(required) Example: tlp.enabledTLP Key
Request
Headers
Content-Type: application/json
Authorization: Bearer <access_token>Body
{"value":1}
OR
{"value":0}Response
201Object was created successfully.
Headers
Content-Type: application/jsonBody
{
"data": {
"key": "tlp.enabled",
"value": "0",
"group": "",
"created_at": "2018-10-22 08:25:08",
"updated_at": "2018-10-25 09:10:55"
}
}Response
401Access denied.
Expiration Connector List ¶
Expiration Connector ListGET/configuration/expiration/connectors{?limit,offset,sort}
Get a list of Expiration Connector Configurations.
Example URI
GET /configuration/expiration/connectors?limit=500&offset=100&sort=id
URI Parameters
- limit
integer(optional) Example: 500The maximum number of records to retrieve.
- offset
integer(optional) Example: 100Designate the record that will appear first in your retrieved list.
- sort
string(optional) Example: idDesignate the field(s) you want to use to sort the retrieved list. You can prepend each field with a minus sign (-) to reverse the sorting order. This string can be a list of comma-separated values.
Request
Headers
Authorization: Bearer <access_token>Response
200Object(s) retrieved successfully.
Body
{
"total": 2,
"data": [
{
"id": 10,
"name": "CrowdStrike",
"expire_days": 14,
"exceptions": [
{
"type_id": 7,
"expire_days": 25
}
]
},
{
"id": 11,
"name": "iSight Partners",
"expire_days": null,
"exceptions": []
}
]
}Response
401Access denied.
Expiration Connector ¶
Expiration ConnectorPUT/configuration/expiration/connectors
Update an Expiration Connector Configuration.
Example URI
PUT /configuration/expiration/connectors
Request
Headers
Content-Type: application/json
Authorization: Bearer <access_token>Body
[
{
"id": 10,
"name": "CrowdStrike",
"expire_days": 14,
"exceptions": [
{
"type": {
"id": 1,
"name": "CIDR Block",
"class": "network",
"score": null,
"wildcard_matching": "Y",
"created_at": "2017-03-18 00:05:12",
"updated_at": "2017-03-18 00:05:12"
},
"type_id": 1,
"expire_days": 25,
"edit": true
}
],
"expanded": false,
"option": "Automatically Expire Indicators",
"extended": true
},
{
"id": 11,
"name": "iSight Partners",
"expire_days": 0,
"exceptions": [],
"expanded": false,
"option": "Never Expire Indicators"
}
]Response
201Object was created successfully.
Headers
Content-Type: application/jsonBody
{
"data": [
{
"id": 10,
"name": "CrowdStrike",
"expire_days": 14,
"exceptions": [
{
"type": {
"id": 1,
"name": "CIDR Block",
"class": "network",
"score": null,
"wildcard_matching": "Y",
"created_at": "2017-03-18 00:05:12",
"updated_at": "2017-03-18 00:05:12"
},
"type_id": 1,
"expire_days": 25,
"edit": true
}
],
"expanded": false,
"option": "Automatically Expire Indicators",
"extended": true
},
{
"id": 11,
"name": "iSight Partners",
"expire_days": 0,
"exceptions": [],
"expanded": false,
"option": "Never Expire Indicators"
}
]
}Response
401Access denied.
Connectors ¶
Connector List ¶
Get ListGET/connectors{?limit,offset,sort,with}
Get a list of Connectors.
Example URI
GET /connectors?limit=500&offset=100&sort=id&with=category,definition,runLog,tlp
URI Parameters
- limit
integer(optional) Example: 500The maximum number of records to retrieve.
- offset
integer(optional) Example: 100Designate the record that will appear first in your retrieved list.
- sort
string(optional) Example: idDesignate the field(s) you want to use to sort the retrieved list. You can prepend each field with a minus sign (-) to reverse the sorting order. This string can be a list of comma-separated values.
- with
string(optional) Example: category,definition,runLog,tlpA comma-separated list of related objects to include in the response. Options for this endpoint: category, definition, runLog, tlp.
Request
Headers
Authorization: Bearer <access_token>Response
200Object(s) retrieved successfully.
Body
{
"total": 133,
"data": [
{
"id": 1,
"name": "MITRE Enterprise ATT&CK",
"namespace": "threatq.connector.osint.mitre_enterprise_att&ck.MitreEnterpriseAtt&ck",
"version": null,
"custom_fields": "[{\"name\":\"verify_ssl\",\"label\":\"Verify SSL\",\"type\":\"checkbox\",\"default\":true,\"description\":\"If true, specifies that this feed should verify SSL connections with the provider.\"},{\"name\":\"disable_proxies\",\"label\":\"Disable Proxies\",\"type\":\"checkbox\",\"default\":false,\"description\":\"If true, specifies that this feed should not honor any proxies setup in ThreatQuotient.\"},{\"name\":\"save_intrusion_sets_as\",\"label\":\"Save Intrusion Sets as\",\"type\":\"select\",\"description\":\"MITRE releases Threat Actor Data as Intrusion Sets. ThreatQuotient recommends mapping this data to ThreatQ Adversaries in order to create a consolidated profile.\",\"options\":[{\"text\":\"Adversaries\",\"value\":\"Adversaries\",\"default\":true},{\"text\":\"Intrusion Sets\",\"value\":\"Intrusion Sets\",\"default\":false}],\"value\":\"Adversaries\"}]",
"frequency": 86400,
"category_id": 1,
"connector_definition_id": 1,
"indicator_status_id": 2,
"tlp_id": null,
"gate_oauth2_client_id": 5,
"last_import_at": null,
"last_import_count": null,
"is_active": "disabled",
"created_at": "2019-10-23 14:50:59",
"updated_at": "2019-10-23 14:54:41",
"run_log": [],
"definition": {
"id": 1,
"definition_yaml": "This is the CDF YAML.",
"created_at": "2019-10-23 14:54:31",
"updated_at": "2019-10-23 14:54:31"
},
"category": {
"id": 1,
"name": "OSINT",
"created_at": "2019-10-23 14:45:56",
"updated_at": "2019-10-23 14:45:56"
}
},
{
"id": 2,
"name": "My Custom CDF",
"namespace": "threatq.feeds.MyCustomCDF",
"version": "1.0.0",
"custom_fields": "[]",
"frequency": 3600,
"category_id": 1,
"connector_definition_id": 2,
"indicator_status_id": 1,
"tlp_id": null,
"gate_oauth2_client_id": 6,
"last_import_at": null,
"last_import_count": null,
"is_active": "enabled",
"created_at": "2019-10-23 14:51:00",
"updated_at": "2019-10-23 14:51:00",
"run_log": [
{
"run_uuid": "9a289b38-62fa-45c7-bfe2-7dd4de3fcc11",
"connector_id": 2,
"client_id": 1,
"user_id": 1,
"trigger_type": "scheduled",
"since": null,
"until": null,
"expired": 0,
"created_at": "2019-10-23 14:55:39",
"updated_at": "2019-10-23 14:55:39",
"has_files": true
}
],
"definition": {
"id": 2,
"definition_yaml": "This is my custom CDF YAML.",
"created_at": "2019-10-23 14:54:31",
"updated_at": "2019-10-23 14:54:31"
},
"category": {
"id": 1,
"name": "OSINT",
"created_at": "2019-10-23 14:45:56",
"updated_at": "2019-10-23 14:45:56"
}
}
]
}Response
401Access denied.
Create NewPOST/connectors
Create a new Connector.
Example URI
POST /connectors
Request
Headers
Content-Type: application/json
Authorization: Bearer <access_token>Body
{
"category": "STIX/TAXII",
"custom_fields": "[{\"name\":\"version\",\"type\":\"select\",\"options\":[{\"text\":\"1.0\",\"value\":\"1.0\"},{\"text\":\"1.1\",\"value\":\"1.1\"},{\"text\":\"2.0\",\"value\":\"2.0\",\"default\":true}],\"label\":\"TAXII Server Version\",\"description\":\"The version of the TAXII Server to poll for data.\",\"required\":true,\"value\":\"2.0\"},{\"name\":\"feed_url\",\"value\":\"https://cti-taxii.mitre.org/taxii/\",\"label\":\"Discovery Path URL\",\"description\":\"Path to the TAXII Server's Discovery Service\",\"required\":true},{\"name\":\"poll_url\",\"value\":\"\",\"label\":\"Poll URL (Optional)\",\"description\":\"Optional URL specifying a specific endpoint on the TAXII Server to poll for data. If not supplied, the TAXII Client will attempt to determine the appropriate path via the Collections Service.\"},{\"name\":\"collection_name\",\"value\":\"Enterprise ATT&CK\",\"label\":\"Collection Name\",\"description\":\"Name of the collection to poll data from\",\"required\":true},{\"name\":\"disable_proxies\",\"type\":\"checkbox\",\"value\":false,\"label\":\"Disable Proxies\",\"description\":\"If true, specifies that this feed should not honor any proxies setup in ThreatQuotient.\"},{\"name\":\"username\",\"value\":\"\",\"label\":\"Username\",\"description\":\"Basic Authentication Username\"},{\"name\":\"password\",\"value\":\"\",\"type\":\"password\",\"label\":\"Password\",\"description\":\"Basic Authentication Password\"},{\"name\":\"certificate\",\"type\":\"textarea\",\"value\":\"\",\"label\":\"Client Certificate\",\"description\":\"Client Certificate for authentication with the TAXII Server. Only supported by TAXII 1.x.\"},{\"name\":\"private_key\",\"type\":\"textarea\",\"value\":\"\",\"label\":\"Client Key\",\"description\":\"Private Key for authentication with the TAXII Server. Only supported by TAXII 1.x.\"},{\"name\":\"verify_ssl\",\"type\":\"checkbox\",\"value\":true,\"label\":\"Verify SSL\",\"description\":\"Specifies whether the TAXII client should verify a provider's SSL certificate\"},{\"name\":\"host_ca_certificate\",\"type\":\"textarea\",\"value\":\"\",\"label\":\"Host CA Certificate Bundle\",\"description\":\"Used to specify a provider's CA Certificate Bundle to verify SSL against. This denotes that Verify SSL is True.\"}]",
"indicator_status_id": 1,
"is_active": "disabled",
"frequency": 86400,
"name": "MITRE ATT&CK Enterprise Clone",
"namespace": "threatq.feeds.dynamic.taxii.MitreAttCkEnterpriseClone"
}Response
201Object was created successfully.
Headers
Content-Type: application/jsonBody
{
"data": {
"frequency": 86400,
"is_active": "disabled",
"indicator_status_id": 1,
"category_id": 4,
"custom_fields": "[{\"name\":\"version\",\"type\":\"select\",\"options\":[{\"text\":\"1.0\",\"value\":\"1.0\"},{\"text\":\"1.1\",\"value\":\"1.1\"},{\"text\":\"2.0\",\"value\":\"2.0\",\"default\":true}],\"label\":\"TAXII Server Version\",\"description\":\"The version of the TAXII Server to poll for data.\",\"required\":true,\"value\":\"2.0\"},{\"name\":\"feed_url\",\"value\":\"https://cti-taxii.mitre.org/taxii/\",\"label\":\"Discovery Path URL\",\"description\":\"Path to the TAXII Server's Discovery Service\",\"required\":true},{\"name\":\"poll_url\",\"value\":\"\",\"label\":\"Poll URL (Optional)\",\"description\":\"Optional URL specifying a specific endpoint on the TAXII Server to poll for data. If not supplied, the TAXII Client will attempt to determine the appropriate path via the Collections Service.\"},{\"name\":\"collection_name\",\"value\":\"Enterprise ATT&CK\",\"label\":\"Collection Name\",\"description\":\"Name of the collection to poll data from\",\"required\":true},{\"name\":\"disable_proxies\",\"type\":\"checkbox\",\"value\":false,\"label\":\"Disable Proxies\",\"description\":\"If true, specifies that this feed should not honor any proxies setup in ThreatQuotient.\"},{\"name\":\"username\",\"value\":\"\",\"label\":\"Username\",\"description\":\"Basic Authentication Username\"},{\"name\":\"password\",\"value\":\"\",\"type\":\"password\",\"label\":\"Password\",\"description\":\"Basic Authentication Password\"},{\"name\":\"certificate\",\"type\":\"textarea\",\"value\":\"\",\"label\":\"Client Certificate\",\"description\":\"Client Certificate for authentication with the TAXII Server. Only supported by TAXII 1.x.\"},{\"name\":\"private_key\",\"type\":\"textarea\",\"value\":\"\",\"label\":\"Client Key\",\"description\":\"Private Key for authentication with the TAXII Server. Only supported by TAXII 1.x.\"},{\"name\":\"verify_ssl\",\"type\":\"checkbox\",\"value\":true,\"label\":\"Verify SSL\",\"description\":\"Specifies whether the TAXII client should verify a provider's SSL certificate\"},{\"name\":\"host_ca_certificate\",\"type\":\"textarea\",\"value\":\"\",\"label\":\"Host CA Certificate Bundle\",\"description\":\"Used to specify a provider's CA Certificate Bundle to verify SSL against. This denotes that Verify SSL is True.\"}]",
"name": "MITRE ATT&CK Enterprise Clone",
"namespace": "threatq.feeds.dynamic.taxii.MitreAttCkEnterpriseClone",
"gate_oauth2_client_id": 108,
"connector_definition_id": "1",
"updated_at": "2020-06-05 14:55:49",
"created_at": "2020-06-05 14:55:49",
"id": 104,
"category": {
"id": 4,
"name": "STIX/TAXII",
"created_at": "2020-06-05 14:55:48",
"updated_at": "2020-06-05 14:55:48"
},
"gate_oauth2_client": {
"session_timeout_minutes": 60,
"name": "MITRE ATT&CK Enterprise Clone",
"type": "private",
"client_id": "yzcyztm1ztvky2ywogy5odjjoda3ndmw",
"client_secret": "ZWUyMjIzNGRmNmUzMGEzYjk2YmMxYjllMWU1NzFmYTFhODRjYjljNjVlM2U0MDg3",
"updated_at": "2020-06-05 14:55:49",
"created_at": "2020-06-05 14:55:49",
"id": 108
}
}
}Response
400Validation failed.
Headers
Content-Type: application/jsonBody
{
"data": {
"frequency": 3600,
"is_active": "disabled",
"errors": {
"name": [
"The name field is required."
]
}
}
}Response
401Access denied.
Connector ¶
Get SingleGET/connectors/{connector_id}{?with}
Get a single Connector.
Example URI
GET /connectors/1?with=category,definition,runLog,tlp
URI Parameters
- connector_id
integer(required) Example: 1Connector ID
- with
string(optional) Example: category,definition,runLog,tlpA comma-separated list of related objects to include in the response. Options for this endpoint: category, definition, runLog, tlp.
Request
Headers
Authorization: Bearer <access_token>Response
200Object(s) retrieved successfully.
Body
{
"data": {
"id": 1,
"name": "MITRE Enterprise ATT&CK",
"namespace": "threatq.connector.osint.mitre_enterprise_att&ck.MitreEnterpriseAtt&ck",
"version": null,
"custom_fields": "[{\"name\":\"verify_ssl\",\"label\":\"Verify SSL\",\"type\":\"checkbox\",\"default\":true,\"description\":\"If true, specifies that this feed should verify SSL connections with the provider.\"},{\"name\":\"disable_proxies\",\"label\":\"Disable Proxies\",\"type\":\"checkbox\",\"default\":false,\"description\":\"If true, specifies that this feed should not honor any proxies setup in ThreatQuotient.\"},{\"name\":\"save_intrusion_sets_as\",\"label\":\"Save Intrusion Sets as\",\"type\":\"select\",\"description\":\"MITRE releases Threat Actor Data as Intrusion Sets. ThreatQuotient recommends mapping this data to ThreatQ Adversaries in order to create a consolidated profile.\",\"options\":[{\"text\":\"Adversaries\",\"value\":\"Adversaries\",\"default\":true},{\"text\":\"Intrusion Sets\",\"value\":\"Intrusion Sets\",\"default\":false}],\"value\":\"Adversaries\"}]",
"frequency": 86400,
"category_id": 1,
"connector_definition_id": 1,
"indicator_status_id": 2,
"tlp_id": null,
"gate_oauth2_client_id": 5,
"last_import_at": null,
"last_import_count": null,
"is_active": "disabled",
"created_at": "2019-10-23 14:50:59",
"updated_at": "2019-10-23 14:54:41",
"definition": {
"id": 1,
"definition_yaml": "This is the CDF YAML.",
"created_at": "2019-10-23 14:54:31",
"updated_at": "2019-10-23 14:54:31"
},
"category": {
"id": 1,
"name": "OSINT",
"created_at": "2019-10-23 14:45:56",
"updated_at": "2019-10-23 14:45:56"
},
"tlp": null,
"run_log": []
}
}Response
401Access denied.
Response
404Object not found.
UpdatePUT/connectors/{connector_id}{?with}
Update a Connector.
Example URI
PUT /connectors/104?with=category,definition,runLog,tlp
URI Parameters
- connector_id
integer(required) Example: 104Connector ID
- with
string(optional) Example: category,definition,runLog,tlpA comma-separated list of related objects to include in the response. Options for this endpoint: category, definition, runLog, tlp.
Request
Headers
Content-Type: application/json
Authorization: Bearer <access_token>Body
{
"is_active": "enabled"
}Response
201Object was created successfully.
Headers
Content-Type: application/jsonBody
{
"data": {
"id": 104,
"name": "MITRE ATT&CK Enterprise Clone",
"namespace": "threatq.feeds.dynamic.taxii.MitreAttCkEnterpriseClone",
"version": null,
"custom_fields": "[{\"name\":\"version\",\"type\":\"select\",\"options\":[{\"text\":\"1.0\",\"value\":\"1.0\"},{\"text\":\"1.1\",\"value\":\"1.1\"},{\"text\":\"2.0\",\"value\":\"2.0\",\"default\":true}],\"label\":\"TAXII Server Version\",\"description\":\"The version of the TAXII Server to poll for data.\",\"required\":true,\"value\":\"2.0\"},{\"name\":\"feed_url\",\"value\":\"https://cti-taxii.mitre.org/taxii/\",\"label\":\"Discovery Path URL\",\"description\":\"Path to the TAXII Server's Discovery Service\",\"required\":true},{\"name\":\"poll_url\",\"value\":\"\",\"label\":\"Poll URL (Optional)\",\"description\":\"Optional URL specifying a specific endpoint on the TAXII Server to poll for data. If not supplied, the TAXII Client will attempt to determine the appropriate path via the Collections Service.\"},{\"name\":\"collection_name\",\"value\":\"Enterprise ATT&CK\",\"label\":\"Collection Name\",\"description\":\"Name of the collection to poll data from\",\"required\":true},{\"name\":\"disable_proxies\",\"type\":\"checkbox\",\"value\":false,\"label\":\"Disable Proxies\",\"description\":\"If true, specifies that this feed should not honor any proxies setup in ThreatQuotient.\"},{\"name\":\"username\",\"value\":\"\",\"label\":\"Username\",\"description\":\"Basic Authentication Username\"},{\"name\":\"password\",\"value\":\"\",\"type\":\"password\",\"label\":\"Password\",\"description\":\"Basic Authentication Password\"},{\"name\":\"certificate\",\"type\":\"textarea\",\"value\":\"\",\"label\":\"Client Certificate\",\"description\":\"Client Certificate for authentication with the TAXII Server. Only supported by TAXII 1.x.\"},{\"name\":\"private_key\",\"type\":\"textarea\",\"value\":\"\",\"label\":\"Client Key\",\"description\":\"Private Key for authentication with the TAXII Server. Only supported by TAXII 1.x.\"},{\"name\":\"verify_ssl\",\"type\":\"checkbox\",\"value\":true,\"label\":\"Verify SSL\",\"description\":\"Specifies whether the TAXII client should verify a provider's SSL certificate\"},{\"name\":\"host_ca_certificate\",\"type\":\"textarea\",\"value\":\"\",\"label\":\"Host CA Certificate Bundle\",\"description\":\"Used to specify a provider's CA Certificate Bundle to verify SSL against. This denotes that Verify SSL is True.\"}]",
"frequency": 86400,
"category_id": 4,
"connector_definition_id": 1,
"indicator_status_id": 1,
"tlp_id": null,
"gate_oauth2_client_id": 108,
"last_import_at": "2020-06-05 15:05:43",
"last_import_count": null,
"is_active": "enabled",
"is_notifiable": 1,
"created_at": "2020-06-05 14:55:49",
"updated_at": "2020-06-05 15:11:37",
"category": {
"id": 4,
"name": "STIX/TAXII",
"created_at": "2020-06-05 14:55:48",
"updated_at": "2020-06-05 14:55:48"
},
"definition": {
"id": 1,
"definition_yaml": "This is the STIX/TAXII CDF YAML.",
"created_at": "2020-06-04 22:00:55",
"updated_at": "2020-06-04 22:00:55"
},
"tlp": null,
"run_log": []
}
}Response
401Access denied.
Response
404Object not found.
DeleteDELETE/connectors/{connector_id}
Delete a Connector.
Example URI
DELETE /connectors/1
URI Parameters
- connector_id
integer(required) Example: 1Connector ID
Request
Headers
Authorization: Bearer <access_token>Response
204Object(s) were successfully deleted.
Response
401Access denied.
Response
404Object not found.
Connector Categories List ¶
Get ListGET/connectors/categories{?limit,offset,sort,with}
Get a list of Connector Categories.
Example URI
GET /connectors/categories?limit=500&offset=100&sort=id&with=connectors
URI Parameters
- limit
integer(optional) Example: 500The maximum number of records to retrieve.
- offset
integer(optional) Example: 100Designate the record that will appear first in your retrieved list.
- sort
string(optional) Example: idDesignate the field(s) you want to use to sort the retrieved list. You can prepend each field with a minus sign (-) to reverse the sorting order. This string can be a list of comma-separated values.
- with
string(optional) Example: connectorsA comma-separated list of related objects to include in the response. Options for this endpoint: connectors.
Request
Headers
Authorization: Bearer <access_token>Response
200Object(s) retrieved successfully.
Body
{
"total": 4,
"data": [
{
"id": 1,
"name": "OSINT",
"created_at": "2017-03-18 00:05:16",
"updated_at": "2017-03-18 00:05:16"
},
{
"id": 2,
"name": "Commercial",
"created_at": "2017-03-18 00:05:16",
"updated_at": "2017-03-18 00:05:16"
},
{
"id": 3,
"name": "Labs",
"created_at": "2017-03-18 00:05:16",
"updated_at": "2017-03-18 00:05:16"
}
]
}Response
401Access denied.
Create NewPOST/connectors/categories
Create a new Connector Category.
Example URI
POST /connectors/categories
Request
Headers
Content-Type: application/json
Authorization: Bearer <access_token>Body
{
"name": "My Category"
}Response
201Object was created successfully.
Headers
Content-Type: application/jsonBody
{
"data": {
"name": "My Category",
"updated_at": "2017-03-19 23:21:19",
"created_at": "2017-03-19 23:21:19",
"id": 5
}
}Response
400Validation failed.
Headers
Content-Type: application/jsonBody
{
"data": {
"errors": {
"name": [
"The name field is required."
]
}
}
}Response
401Access denied.
Connector Category ¶
Get SingleGET/connectors/categories/{connector_category_id}{?with}
Get a single Connector Category.
Example URI
GET /connectors/categories/2?with=connectors
URI Parameters
- connector_category_id
integer(required) Example: 2Connector Category ID
- with
string(optional) Example: connectorsA comma-separated list of related objects to include in the response. Options for this endpoint: connectors.
Request
Headers
Authorization: Bearer <access_token>Response
200Object(s) retrieved successfully.
Body
{
"data": {
"id": 1,
"name": "OSINT",
"created_at": "2017-03-18 00:05:16",
"updated_at": "2017-03-18 00:05:16"
}
}Response
401Access denied.
Response
404Object not found.
UpdatePUT/connectors/categories/{connector_category_id}{?with}
Update a Connector Category.
Example URI
PUT /connectors/categories/2?with=connectors
URI Parameters
- connector_category_id
integer(required) Example: 2Connector Category ID
- with
string(optional) Example: connectorsA comma-separated list of related objects to include in the response. Options for this endpoint: connectors.
Request
Headers
Content-Type: application/json
Authorization: Bearer <access_token>Body
{
"name": "My Updated Category"
}Response
201Object was created successfully.
Headers
Content-Type: application/jsonBody
{
"data": {
"id": 5,
"name": "My Updated Category",
"created_at": "2017-03-19 23:21:19",
"updated_at": "2017-03-19 23:28:18"
}
}Response
401Access denied.
Response
404Object not found.
DeleteDELETE/connectors/categories/{connector_category_id}
Delete a Connector Category.
Example URI
DELETE /connectors/categories/2
URI Parameters
- connector_category_id
integer(required) Example: 2Connector Category ID
Request
Headers
Authorization: Bearer <access_token>Response
204Object(s) were successfully deleted.
Response
401Access denied.
Response
404Object not found.
Connector Definition List ¶
Get ListGET/connectors/definitions{?limit,offset,sort,with}
Get a list of Connector Definitions.
Example URI
GET /connectors/definitions?limit=500&offset=100&sort=id&with=connectors
URI Parameters
- limit
integer(optional) Example: 500The maximum number of records to retrieve.
- offset
integer(optional) Example: 100Designate the record that will appear first in your retrieved list.
- sort
string(optional) Example: idDesignate the field(s) you want to use to sort the retrieved list. You can prepend each field with a minus sign (-) to reverse the sorting order. This string can be a list of comma-separated values.
- with
string(optional) Example: connectorsA comma-separated list of related objects to include in the response. Options for this endpoint: connectors.
Request
Headers
Authorization: Bearer <access_token>Response
200Object(s) retrieved successfully.
Body
{
"total": 2,
"data": [
{
"id": 1,
"definition_yaml": "This is some YAML.",
"created_at": "2017-10-23 14:54:31",
"updated_at": "2017-10-23 14:54:31",
"connectors": [
{
"id": 1,
"name": "Bambenek Consulting - Murofet Master",
"namespace": "threatq.connector.osint.bambenek.BambenekMurofetMaster",
"custom_fields": "{\"feed_url\": {\"order\": 1, \"value\": \"http://osint.bambenekconsulting.com/feeds/murofet-master.txt\", \"label\": \"Feed URL\"}}",
"frequency": 3600,
"category_id": 1,
"connector_definition_id": 1,
"indicator_status_id": 2,
"tlp_id": null,
"gate_oauth2_client_id": 5,
"last_import_at": null,
"last_import_count": null,
"is_active": "disabled",
"created_at": "2017-10-23 14:50:59",
"updated_at": "2017-10-23 14:54:41"
},
{
"id": 2,
"name": "Bambenek Consulting - Symmi Master",
"namespace": "threatq.connector.osint.bambenek.BambenekSymmiMaster",
"custom_fields": "{\"feed_url\": {\"order\": 1, \"value\": \"http://osint.bambenekconsulting.com/feeds/symmi-master.txt\", \"label\": \"Feed URL\"}}",
"frequency": 3600,
"category_id": 1,
"connector_definition_id": 1,
"indicator_status_id": 1,
"tlp_id": null,
"gate_oauth2_client_id": 6,
"last_import_at": null,
"last_import_count": null,
"is_active": "disabled",
"created_at": "2017-10-23 14:51:00",
"updated_at": "2017-10-23 14:51:00"
}
]
},
{
"id": 2,
"definition_yaml": "This is some more YAML.",
"created_at": "2017-10-23 15:31:34",
"updated_at": "2017-10-23 15:31:34",
"connectors": [
{
"id": 3,
"name": "SecureWorks Dirt Jumper C2 IP Watchlist",
"namespace": "threatq.connector.secureworks.connector.SecureWorksDirtJumperC2IPWatchlist",
"custom_fields": "{\"api_key\": {\"type\": \"password\", \"order\": 1, \"value\": \"\", \"label\": \"Application Key\"}, \"feed_url\": {\"order\": 2, \"value\": \"https://portal.secureworks.com/attackerdb/blackList?Token={token}&type={type}&schemaVersion=v1&format=csv\", \"label\": \"Feed URL\"}}",
"frequency": 3600,
"category_id": 2,
"connector_definition_id": 2,
"indicator_status_id": 1,
"tlp_id": null,
"gate_oauth2_client_id": 7,
"last_import_at": null,
"last_import_count": null,
"is_active": "disabled",
"created_at": "2017-10-23 14:51:00",
"updated_at": "2017-10-23 14:51:00"
}
]
}
]
}Response
401Access denied.
Create NewPOST/connectors/definitions
Create a new Connector Definition.
Example URI
POST /connectors/definitions
Request
Headers
Content-Type: application/json
Authorization: Bearer <access_token>Body
{
"definition_yaml": "This is some YAML."
}Response
201Object was created successfully.
Headers
Content-Type: application/jsonBody
{
"data": {
"definition_yaml": "This is some YAML.",
"updated_at": "2017-10-23 15:31:34",
"created_at": "2017-10-23 15:31:34",
"id": 2
}
}Response
400Validation failed.
Headers
Content-Type: application/jsonBody
{
"data": {
"errors": {
"definition_yaml": [
"The definition yaml field is required."
]
}
}
}Response
401Access denied.
Connector Definition ¶
Get SingleGET/connectors/definitions/{connector_definition_id}{?with}
Get a single Connector Definition.
Example URI
GET /connectors/definitions/2?with=connectors
URI Parameters
- connector_definition_id
integer(required) Example: 2Connector Definition ID
- with
string(optional) Example: connectorsA comma-separated list of related objects to include in the response. Options for this endpoint: connectors.
Request
Headers
Authorization: Bearer <access_token>Response
200Object(s) retrieved successfully.
Body
{
"data": {
"id": 1,
"definition_yaml": "This is some YAML.",
"created_at": "2017-10-23 14:54:31",
"updated_at": "2017-10-23 14:54:31",
"connectors": [
{
"id": 1,
"name": "Bambenek Consulting - Murofet Master",
"namespace": "threatq.connector.osint.bambenek.BambenekMurofetMaster",
"custom_fields": "{\"feed_url\": {\"order\": 1, \"value\": \"http://osint.bambenekconsulting.com/feeds/murofet-master.txt\", \"label\": \"Feed URL\"}}",
"frequency": 3600,
"category_id": 1,
"connector_definition_id": 1,
"indicator_status_id": 2,
"tlp_id": null,
"gate_oauth2_client_id": 5,
"last_import_at": null,
"last_import_count": null,
"is_active": "disabled",
"created_at": "2017-10-23 14:50:59",
"updated_at": "2017-10-23 14:54:41"
},
{
"id": 2,
"name": "Bambenek Consulting - Symmi Master",
"namespace": "threatq.connector.osint.bambenek.BambenekSymmiMaster",
"custom_fields": "{\"feed_url\": {\"order\": 1, \"value\": \"http://osint.bambenekconsulting.com/feeds/symmi-master.txt\", \"label\": \"Feed URL\"}}",
"frequency": 3600,
"category_id": 1,
"connector_definition_id": 1,
"indicator_status_id": 1,
"tlp_id": null,
"gate_oauth2_client_id": 6,
"last_import_at": null,
"last_import_count": null,
"is_active": "disabled",
"created_at": "2017-10-23 14:51:00",
"updated_at": "2017-10-23 14:51:00"
}
]
}
}Response
401Access denied.
Response
404Object not found.
UpdatePUT/connectors/definitions/{connector_definition_id}{?with}
Update a Connector Definition.
Example URI
PUT /connectors/definitions/2?with=connectors
URI Parameters
- connector_definition_id
integer(required) Example: 2Connector Definition ID
- with
string(optional) Example: connectorsA comma-separated list of related objects to include in the response. Options for this endpoint: connectors.
Request
Headers
Content-Type: application/json
Authorization: Bearer <access_token>Body
{
"definition_yaml": "This is some more YAML."
}Response
201Object was created successfully.
Headers
Content-Type: application/jsonBody
{
"data": {
"id": 1,
"definition_yaml": "This is some more YAML.",
"created_at": "2017-10-20 06:57:40",
"updated_at": "2017-10-20 06:59:03"
}
}Response
401Access denied.
Response
404Object not found.
Connector Manual Pull ¶
Connector Manual PullPOST/connectors/{connector_id}/manual
Perform a manual run of a Connector (feed).
Example URI
POST /connectors/1/manual
URI Parameters
- connector_id
integer(required) Example: 1Connector ID
Request
Headers
Content-Type: application/json
Authorization: Bearer <access_token>Body
{
"since": "2017-09-11",
"until": "2017-09-13 01:15:00"
}Response
201Object was created successfully.
Headers
Content-Type: application/jsonBody
{
"data": {
"since": "2017-09-11 00:00:00",
"until": "2017-09-13 01:15:00",
"feed_id": 1,
"feed_name": "Feed",
"run_uuid": "fb543043-9822-11e7-a110-080027981579",
"user_fields": {
"api_key": {
"order": 1,
"value": "",
"label": "API Key"
},
"feed_url": {
"order": 2,
"value": "https://feed.com/{api_key}/reputation.data",
"label": "Feed URL"
}
}
}
}Response
400Validation failed.
Headers
Content-Type: application/jsonBody
{
"errors": [
[
"Connector is disabled."
]
]
}Response
401Access denied.
Connector Run Log List ¶
Get ListGET/connectors/{connector_id}/runs{?limit,offset,sort,with}
Get a list of Connector Run Log entries.
Example URI
GET /connectors/1/runs?limit=500&offset=100&sort=id&with=connector,connectorEvents
URI Parameters
- connector_id
integer(required) Example: 1Connector ID
- limit
integer(optional) Example: 500The maximum number of records to retrieve.
- offset
integer(optional) Example: 100Designate the record that will appear first in your retrieved list.
- sort
string(optional) Example: idDesignate the field(s) you want to use to sort the retrieved list. You can prepend each field with a minus sign (-) to reverse the sorting order. This string can be a list of comma-separated values.
- with
string(optional) Example: connector,connectorEventsA comma-separated list of related objects to include in the response. Options for this endpoint: connector, connectorEvents.
Request
Headers
Authorization: Bearer <access_token>Response
200Object(s) retrieved successfully.
Body
{
"total": 2,
"data": [
{
"run_uuid": "49d210f4-93cd-11e7-888c-080027981579",
"connector_id": 1,
"user_id": 1,
"trigger_type": "scheduled",
"since": "2017-08-17 00:00:00",
"until": "2017-08-18 00:00:00",
"started_at": "2017-09-01 01:01:01",
"completed_at": null,
"created_at": "2017-09-13 20:32:22",
"updated_at": "2017-09-13 20:32:22",
"has_files": false,
"connector_events": [
{
"id": 1,
"run_uuid": "9a289b38-62fa-45c7-bfe2-7dd4de3fcc14",
"message_type_id": 1,
"description": "event description",
"occurred_at": "2017-01-02 03:04:05",
"created_at": "2017-09-28 18:33:28"
}
],
"connector": {
"id": 1,
"name": "Feed",
"namespace": "threatq.feeds.feed",
"custom_fields": "{\"api_key\": {\"type\": \"password\", \"order\": 1, \"value\": \"\", \"label\": \"API Key\"}, \"feed_url\": {\"order\": 2, \"value\": \"https://feed.com/{api_key}/reputation.data\", \"label\": \"Feed URL\"}}",
"frequency": 3600,
"category_id": 1,
"indicator_status_id": 1,
"tlp_id": null,
"gate_oauth2_client_id": 8,
"last_import_at": null,
"last_import_count": null,
"is_active": "disabled",
"created_at": "2017-09-28 18:31:53",
"updated_at": "2017-09-28 18:31:53"
}
},
{
"run_uuid": "b1586939-9497-11e7-888c-080027981579",
"connector_id": 1,
"user_id": 1,
"trigger_type": "manual",
"since": "2017-08-17 00:00:00",
"until": "2017-08-18 00:00:00",
"started_at": "2017-09-01 01:01:01",
"completed_at": null,
"created_at": "2017-09-13 20:31:20",
"updated_at": "2017-09-13 20:31:20",
"has_files": true,
"connector_events": [
{
"id": 1,
"run_uuid": "9a289b38-62fa-45c7-bfe2-7dd4de3fcc14",
"message_type_id": 1,
"description": "event description",
"occurred_at": "2017-01-02 03:04:05",
"created_at": "2017-09-28 18:33:28"
}
],
"connector": {
"id": 1,
"name": "Feed",
"namespace": "threatq.feeds.feed",
"custom_fields": "{\"api_key\": {\"type\": \"password\", \"order\": 1, \"value\": \"\", \"label\": \"API Key\"}, \"feed_url\": {\"order\": 2, \"value\": \"https://feed.com/{api_key}/reputation.data\", \"label\": \"Feed URL\"}}",
"frequency": 3600,
"category_id": 1,
"indicator_status_id": 1,
"tlp_id": null,
"gate_oauth2_client_id": 8,
"last_import_at": null,
"last_import_count": null,
"is_active": "disabled",
"created_at": "2017-09-28 18:31:53",
"updated_at": "2017-09-28 18:31:53"
}
}
]
}Response
401Access denied.
Create NewPOST/connectors/{connector_id}/runs
Create a new Connector Run Log entry.
Example URI
POST /connectors/1/runs
URI Parameters
- connector_id
integer(required) Example: 1Connector ID
Request
Headers
Content-Type: application/json
Authorization: Bearer <access_token>Body
{
"run_uuid": "49d210f4-93cd-11e7-888c-080027981579",
"trigger_type": "scheduled",
"is_periodic": 1,
"since": "2017-08-17 00:00:00",
"until": "2017-08-18 00:00:00",
"started_at": "2017-09-01 01:01:01"
}Response
201Object was created successfully.
Headers
Content-Type: application/jsonBody
{
"data": {
"run_uuid": "49d210f4-93cd-11e7-888c-080027981579",
"connector_id": 1,
"user_id": 1,
"trigger_type": "scheduled",
"since": "2017-08-17 00:00:00",
"until": "2017-08-18 00:00:00",
"started_at": "2017-09-01 01:01:01",
"completed_at": null,
"created_at": "2017-09-13 20:32:22",
"updated_at": "2017-09-13 20:32:22",
"has_files": false
}
}Response
400Validation failed.
Headers
Content-Type: application/jsonBody
{
"errors": {
"run_uuid": [
"The run uuid format is invalid."
]
}
}Response
401Access denied.
Connector Run Log ¶
Get SingleGET/connectors/{connector_id}/runs/{run_uuid}{?with}
Get a single Connector Run Log entry.
Example URI
GET /connectors/1/runs/49d210f4-93cd-11e7-888c-080027981579?with=connector,connectorEvents
URI Parameters
- connector_id
integer(required) Example: 1Connector ID
- run_uuid
string(required) Example: 49d210f4-93cd-11e7-888c-080027981579Run Log UUID
- with
string(optional) Example: connector,connectorEventsA comma-separated list of related objects to include in the response. Options for this endpoint: connector, connectorEvents.
Request
Headers
Authorization: Bearer <access_token>Response
200Object(s) retrieved successfully.
Body
{
"data": {
"run_uuid": "2dc43f6f-9fb0-11e7-bab0-08002737f846",
"connector_id": 60,
"client_id": 1,
"user_id": 1,
"trigger_type": "scheduled",
"since": null,
"until": null,
"created_at": "2017-09-28 18:33:11",
"updated_at": "2017-09-28 18:33:11",
"has_files": true,
"connector": {
"id": 60,
"name": "DigitalShadows",
"namespace": "threatq.feeds.digitalshadows.DigitalShadows",
"custom_fields": "{\"api_key\": {\"type\": \"password\", \"order\": 2, \"value\": \"\", \"label\": \"API Key\"}, \"feed_url\": {\"order\": 3, \"value\": \"https://portal-digitalshadows.com/api\", \"label\": \"Feed URL\"}, \"api_id\": {\"order\": 1, \"value\": \"\", \"label\": \"API ID\"}}",
"frequency": 3600,
"category_id": 2,
"indicator_status_id": 1,
"tlp_id": null,
"gate_oauth2_client_id": 64,
"last_import_at": null,
"last_import_count": null,
"is_active": "disabled",
"created_at": "2017-09-28 18:32:06",
"updated_at": "2017-09-28 18:32:06"
},
"connector_events": [
{
"id": 5,
"run_uuid": "2dc43f6f-9fb0-11e7-bab0-08002737f846",
"message_type_id": 1,
"description": "This is how the event went down.",
"occurred_at": "2017-09-14 19:56:09",
"created_at": "2017-09-28 18:40:41"
}
]
}
}Response
401Access denied.
Response
404Object not found.
UpdatePUT/connectors/{connector_id}/runs/{run_uuid}
Update a Connector Run Log entry.
Example URI
PUT /connectors/1/runs/49d210f4-93cd-11e7-888c-080027981579
URI Parameters
- connector_id
integer(required) Example: 1Connector ID
- run_uuid
string(required) Example: 49d210f4-93cd-11e7-888c-080027981579Run Log UUID
Request
Headers
Content-Type: application/json
Authorization: Bearer <access_token>Body
{
"trigger_type": "scheduled",
"since": "2017-09-01 00:00:00",
"until": "2017-09-05 00:00:00",
"started_at": "2017-09-12 11:00:00",
"completed_at": "2017-09-12 12:00:00"
}Response
201Object was created successfully.
Headers
Content-Type: application/jsonBody
{
"data": {
"run_uuid": "49d210f4-93cd-11e7-888c-080027981579",
"connector_id": 1,
"user_id": 1,
"trigger_type": "scheduled",
"since": "2017-09-01 00:00:00",
"until": "2017-09-05 00:00:00",
"started_at": "2017-09-12 11:00:00",
"completed_at": "2017-09-12 12:00:00",
"created_at": "2017-09-13 20:32:22",
"updated_at": "2017-09-13 20:53:19",
"has_files": false
}
}Response
401Access denied.
Response
404Object not found.
Connector Run Log Event List ¶
Get ListGET/connectors/{connector_id}/runs/{run_uuid}/events{?limit,offset,sort,with}
Get a list of Connector Run Log Events.
Example URI
GET /connectors/1/runs/49d210f4-93cd-11e7-888c-080027981579/events?limit=500&offset=100&sort=id&with=messageType
URI Parameters
- connector_id
integer(required) Example: 1Connector ID
- run_uuid
string(required) Example: 49d210f4-93cd-11e7-888c-080027981579Run Log UUID
- limit
integer(optional) Example: 500The maximum number of records to retrieve.
- offset
integer(optional) Example: 100Designate the record that will appear first in your retrieved list.
- sort
string(optional) Example: idDesignate the field(s) you want to use to sort the retrieved list. You can prepend each field with a minus sign (-) to reverse the sorting order. This string can be a list of comma-separated values.
- with
string(optional) Example: messageTypeA comma-separated list of related objects to include in the response. Options for this endpoint: messageType.
Request
Headers
Authorization: Bearer <access_token>Response
200Object(s) retrieved successfully.
Body
{
"total": 2,
"data": [
"request_0.json",
"response_0.json"
]
}Response
401Access denied.
Response
404Object not found.
Create NewPOST/connectors/{connector_id}/runs/{run_uuid}/events
Create a new Connector Run Log Event.
Example URI
POST /connectors/1/runs/49d210f4-93cd-11e7-888c-080027981579/events
URI Parameters
- connector_id
integer(required) Example: 1Connector ID
- run_uuid
string(required) Example: 49d210f4-93cd-11e7-888c-080027981579Run Log UUID
Request
Headers
Content-Type: application/json
Authorization: Bearer <access_token>Body
{
"message_type_id": "1",
"description": "This is how the event went down.",
"occurred_at": "2017-09-14 19:56:09-00:00"
}Response
201Object was created successfully.
Headers
Content-Type: application/jsonBody
{
"data": {
"run_uuid": "2dc43f6f-9fb0-11e7-bab0-08002737f846",
"message_type_id": "1",
"description": "This is how the event went down.",
"occurred_at": "2017-09-14 19:56:09-00:00",
"id": 5
}
}Response
400Validation failed.
Headers
Content-Type: application/jsonBody
{
"errors": [
"Undefined index: message_type_id"
]
}Response
401Access denied.
Connector Run Log File List ¶
Connector Run Log File ListGET/connectors/{connector_id}/runs/{run_uuid}/files
Get a list of Connector Run Log files.
Example URI
GET /connectors/1/runs/49d210f4-93cd-11e7-888c-080027981579/files
URI Parameters
- connector_id
integer(required) Example: 1Connector ID
- run_uuid
string(required) Example: 49d210f4-93cd-11e7-888c-080027981579Run Log UUID
Request
Headers
Authorization: Bearer <access_token>Response
200Object(s) retrieved successfully.
Body
{
"total": 2,
"data": [
"request_0.json",
"response_0.json"
]
}Response
401Access denied.
Response
404Object not found.
Connector Run Log File Download ¶
Connector Run Log File DownloadPOST/connectors/{connector_id}/runs/{run_uuid}/files/download
Download Connector Run Log files as a zip. Specify desired files in the request, or leave the request empty to pull all files. A password for the zip file can be provided, or will be set to “threatq” by default. Zip filename will come in format “feed-run-<run_uuid>.zip”.
Example URI
POST /connectors/1/runs/49d210f4-93cd-11e7-888c-080027981579/files/download
URI Parameters
- connector_id
integer(required) Example: 1Connector ID
- run_uuid
string(required) Example: 49d210f4-93cd-11e7-888c-080027981579Run Log UUID
Request
Headers
Content-Type: application/json
Authorization: Bearer <access_token>Body
{
"filenames": [
"request_0.txt",
"response_0.txt",
"errors_0.txt"
],
"password": "password"
}Response
200Object(s) retrieved successfully.
Body
Downloaded zip file in format "feed-run-<run_uuid>.zip"Response
401Access denied.
Response
404Object not found.
Connector Run Log Summary ¶
Connector Run Log SummaryGET/connectors/{connector_id}/runs/{run_uuid}/summary
Get a list of object counts for a Connector Run Log.
Example URI
GET /connectors/1/runs/49d210f4-93cd-11e7-888c-080027981579/summary
URI Parameters
- connector_id
integer(required) Example: 1Connector ID
- run_uuid
string(required) Example: 49d210f4-93cd-11e7-888c-080027981579Run Log UUID
Request
Headers
Authorization: Bearer <access_token>Response
200Object(s) retrieved successfully.
Body
{
"data": [
{
"object_type": "adversaries",
"count": 8
},
{
"object_type": "adversary_sources",
"count": 3
},
{
"object_type": "indicator_attributes",
"count": 7
},
{
"object_type": "indicators",
"count": 10
}
]
}Response
401Access denied.
Response
404Object not found.
Custom Objects ¶
Custom Object List ¶
Custom Object ListGET/custom-objects{?limit,offset,sort,with}
Get a list of Custom Objects that have been installed in the system.
Example URI
GET /custom-objects?limit=500&offset=100&sort=id&with=fieldRelations
URI Parameters
- limit
integer(optional) Example: 500The maximum number of records to retrieve.
- offset
integer(optional) Example: 100Designate the record that will appear first in your retrieved list.
- sort
string(optional) Example: idDesignate the field(s) you want to use to sort the retrieved list. You can prepend each field with a minus sign (-) to reverse the sorting order. This string can be a list of comma-separated values.
- with
string(optional) Example: fieldRelationsA comma-separated list of related objects to include in the response. Options for this endpoint: fieldRelations.
Request
Headers
Authorization: Bearer <access_token>Response
200Object(s) retrieved successfully.
Body
{
"total": 2,
"data": [
{
"id": 1,
"object_name": "Attack Pattern",
"object_description": "STIX: Attack Pattern",
"code": "attack_pattern",
"availability": "Available",
"constraints": null,
"created_at": "2018-03-29 19:36:52",
"updated_at": "2018-03-29 19:36:53",
"field_relations": [
{
"id": 1,
"custom_object_id": 1,
"field_id": 1,
"field_display_name": "Name",
"field_definition": null,
"field_status": "Enabled",
"created_at": "2018-03-29 19:36:52",
"updated_at": "2018-03-29 19:36:52",
"field_validation": null
},
{
"id": 2,
"custom_object_id": 1,
"field_id": 3,
"field_display_name": "Object Status",
"field_definition": null,
"field_status": "Enabled",
"created_at": "2018-03-29 19:36:52",
"updated_at": "2018-03-29 19:36:52",
"field_validation": null
},
{
"id": 3,
"custom_object_id": 1,
"field_id": 4,
"field_display_name": "Object Type",
"field_definition": null,
"field_status": "Enabled",
"created_at": "2018-03-29 19:36:52",
"updated_at": "2018-03-29 19:36:52",
"field_validation": null
},
{
"id": 4,
"custom_object_id": 1,
"field_id": 2,
"field_display_name": "Description",
"field_definition": "text",
"field_status": "disabled",
"created_at": "2018-03-29 19:36:52",
"updated_at": "2018-03-29 19:36:52",
"field_validation": null
}
]
},
{
"id": 2,
"object_name": "Campaign",
"object_description": "STIX: Campaign",
"code": "campaign",
"availability": "Available",
"constraints": null,
"created_at": "2018-03-29 19:36:52",
"updated_at": "2018-03-29 19:36:53",
"field_relations": [
{
"id": 5,
"custom_object_id": 2,
"field_id": 1,
"field_display_name": "Name",
"field_definition": null,
"field_status": "Enabled",
"created_at": "2018-03-29 19:36:52",
"updated_at": "2018-03-29 19:36:52",
"field_validation": null
},
{
"id": 6,
"custom_object_id": 2,
"field_id": 3,
"field_display_name": "Object Status",
"field_definition": null,
"field_status": "Enabled",
"created_at": "2018-03-29 19:36:52",
"updated_at": "2018-03-29 19:36:52",
"field_validation": null
},
{
"id": 7,
"custom_object_id": 2,
"field_id": 4,
"field_display_name": "Object Type",
"field_definition": null,
"field_status": "Enabled",
"created_at": "2018-03-29 19:36:52",
"updated_at": "2018-03-29 19:36:52",
"field_validation": null
},
{
"id": 8,
"custom_object_id": 2,
"field_id": 2,
"field_display_name": "Description",
"field_definition": "text",
"field_status": "disabled",
"created_at": "2018-03-29 19:36:52",
"updated_at": "2018-03-29 19:36:52",
"field_validation": null
},
{
"id": 9,
"custom_object_id": 2,
"field_id": 9,
"field_display_name": "Objective",
"field_definition": "text",
"field_status": "disabled",
"created_at": "2018-03-29 19:36:52",
"updated_at": "2018-03-29 19:36:52",
"field_validation": null
},
{
"id": 10,
"custom_object_id": 2,
"field_id": 6,
"field_display_name": "First Seen",
"field_definition": "datetime(3) DEFAULT NULL",
"field_status": "disabled",
"created_at": "2018-03-29 19:36:52",
"updated_at": "2018-03-29 19:36:52",
"field_validation": null
},
{
"id": 11,
"custom_object_id": 2,
"field_id": 7,
"field_display_name": "Last Seen",
"field_definition": "datetime(3) DEFAULT NULL",
"field_status": "disabled",
"created_at": "2018-03-29 19:36:52",
"updated_at": "2018-03-29 19:36:52",
"field_validation": null
}
]
}
]
}Response
401Access denied.
Custom Object ¶
Custom ObjectGET/custom-objects/{custom_object_id}{?with}
Get a single Custom Object that has been installed in the system.
Example URI
GET /custom-objects/1?with=fieldRelations
URI Parameters
- custom_object_id
integer(required) Example: 1Custom Object ID
- with
string(optional) Example: fieldRelationsA comma-separated list of related objects to include in the response. Options for this endpoint: fieldRelations.
Request
Headers
Authorization: Bearer <access_token>Response
200Object(s) retrieved successfully.
Body
{
"data": {
"id": 1,
"object_name": "Attack Pattern",
"object_description": "STIX: Attack Pattern",
"code": "attack_pattern",
"availability": "Available",
"constraints": null,
"created_at": "2018-03-29 19:36:52",
"updated_at": "2018-03-29 19:36:53",
"field_relations": [
{
"id": 1,
"custom_object_id": 1,
"field_id": 1,
"field_display_name": "Name",
"field_definition": null,
"field_status": "Enabled",
"created_at": "2018-03-29 19:36:52",
"updated_at": "2018-03-29 19:36:52",
"field_validation": null
},
{
"id": 2,
"custom_object_id": 1,
"field_id": 3,
"field_display_name": "Object Status",
"field_definition": null,
"field_status": "Enabled",
"created_at": "2018-03-29 19:36:52",
"updated_at": "2018-03-29 19:36:52",
"field_validation": null
},
{
"id": 3,
"custom_object_id": 1,
"field_id": 4,
"field_display_name": "Object Type",
"field_definition": null,
"field_status": "Enabled",
"created_at": "2018-03-29 19:36:52",
"updated_at": "2018-03-29 19:36:52",
"field_validation": null
},
{
"id": 4,
"custom_object_id": 1,
"field_id": 2,
"field_display_name": "Description",
"field_definition": "text",
"field_status": "disabled",
"created_at": "2018-03-29 19:36:52",
"updated_at": "2018-03-29 19:36:52",
"field_validation": null
}
]
}
}Response
401Access denied.
Response
404Object not found.
Custom Object Field List ¶
Custom Object Field ListGET/custom-objects/fields{?limit,offset,sort}
Get a list of Custom Object Fields. These are field types available for use in defining a Custom Object.
Example URI
GET /custom-objects/fields?limit=500&offset=100&sort=id
URI Parameters
- limit
integer(optional) Example: 500The maximum number of records to retrieve.
- offset
integer(optional) Example: 100Designate the record that will appear first in your retrieved list.
- sort
string(optional) Example: idDesignate the field(s) you want to use to sort the retrieved list. You can prepend each field with a minus sign (-) to reverse the sorting order. This string can be a list of comma-separated values.
Request
Headers
Authorization: Bearer <access_token>Response
200Object(s) retrieved successfully.
Body
{
"total": 11,
"data": [
{
"id": 1,
"field_name": "value",
"field_definition": "varchar(128) NOT NULL",
"field_description": "Object Value",
"field_creator": "system",
"field_required": "required",
"created_at": "2018-03-29 19:33:45",
"updated_at": "2018-03-29 19:33:45"
},
{
"id": 2,
"field_name": "description",
"field_definition": "text",
"field_description": "Object Description",
"field_creator": "system",
"field_required": "optional",
"created_at": "2018-03-29 19:33:45",
"updated_at": "2018-03-29 19:33:45"
},
{
"id": 3,
"field_name": "status_id",
"field_definition": "integer",
"field_description": "Object Status",
"field_creator": "system",
"field_required": "required",
"created_at": "2018-03-29 19:33:45",
"updated_at": "2018-03-29 19:33:45"
},
{
"id": 4,
"field_name": "type_id",
"field_definition": "integer",
"field_description": "Object Type",
"field_creator": "system",
"field_required": "required",
"created_at": "2018-03-29 19:33:45",
"updated_at": "2018-03-29 19:33:45"
},
{
"id": 5,
"field_name": "code_block",
"field_definition": "text",
"field_description": "Code block",
"field_creator": "system",
"field_required": "optional",
"created_at": "2018-03-29 19:33:45",
"updated_at": "2018-03-29 19:33:45"
},
{
"id": 6,
"field_name": "started_at",
"field_definition": "datetime(3) DEFAULT NULL",
"field_description": "Start Time",
"field_creator": "system",
"field_required": "optional",
"created_at": "2018-03-29 19:33:45",
"updated_at": "2018-03-29 19:33:45"
},
{
"id": 7,
"field_name": "ended_at",
"field_definition": "datetime(3) DEFAULT NULL",
"field_description": "End Time",
"field_creator": "system",
"field_required": "optional",
"created_at": "2018-03-29 19:33:45",
"updated_at": "2018-03-29 19:33:45"
},
{
"id": 8,
"field_name": "occurred_at",
"field_definition": "datetime(3) DEFAULT NULL",
"field_description": "Date of Occurrence",
"field_creator": "system",
"field_required": "optional",
"created_at": "2018-03-29 19:33:45",
"updated_at": "2018-03-29 19:33:45"
},
{
"id": 9,
"field_name": "objective",
"field_definition": "text",
"field_description": "Objective",
"field_creator": "system",
"field_required": "optional",
"created_at": "2018-03-29 19:33:45",
"updated_at": "2018-03-29 19:33:45"
},
{
"id": 10,
"field_name": "contact_information",
"field_definition": "text",
"field_description": "Contact Information",
"field_creator": "system",
"field_required": "optional",
"created_at": "2018-03-29 19:33:45",
"updated_at": "2018-03-29 19:33:45"
},
{
"id": 11,
"field_name": "pattern",
"field_definition": "text",
"field_description": "Pattern",
"field_creator": "system",
"field_required": "optional",
"created_at": "2018-03-29 19:36:52",
"updated_at": "2018-03-29 19:36:52"
}
]
}Response
401Access denied.
Custom Object Field ¶
Custom Object FieldGET/custom-objects/fields/{custom_object_field_id}
Get a single Custom Object Field. This is a field type available for use in defining a Custom Object.
Example URI
GET /custom-objects/fields/2
URI Parameters
- custom_object_field_id
integer(required) Example: 2Custom Object Field ID
Request
Headers
Authorization: Bearer <access_token>Response
200Object(s) retrieved successfully.
Body
{
"data": {
"id": 1,
"field_name": "value",
"field_definition": "varchar(128) NOT NULL",
"field_description": "Object Value",
"field_creator": "system",
"field_required": "required",
"created_at": "2018-03-29 19:33:45",
"updated_at": "2018-03-29 19:33:45"
}
}Response
401Access denied.
Response
404Object not found.
Custom Object Field Relation List ¶
Custom Object Field Relation ListGET/custom-objects/{custom_object_id}/field-relations{?limit,offset,sort,with}
Get a list of Custom Object Field Relations. These are fields assigned to a Custom Object.
Example URI
GET /custom-objects/1/field-relations?limit=500&offset=100&sort=id&with=field,customObject
URI Parameters
- custom_object_id
integer(required) Example: 1Custom Object ID
- limit
integer(optional) Example: 500The maximum number of records to retrieve.
- offset
integer(optional) Example: 100Designate the record that will appear first in your retrieved list.
- sort
string(optional) Example: idDesignate the field(s) you want to use to sort the retrieved list. You can prepend each field with a minus sign (-) to reverse the sorting order. This string can be a list of comma-separated values.
- with
string(optional) Example: field,customObjectA comma-separated list of related objects to include in the response. Options for this endpoint: field, customObject.
Request
Headers
Authorization: Bearer <access_token>Response
200Object(s) retrieved successfully.
Body
{
"total": 4,
"data": [
{
"id": 1,
"custom_object_id": 1,
"field_id": 1,
"field_display_name": "Name",
"field_definition": null,
"field_status": "Enabled",
"created_at": "2018-03-29 19:36:52",
"updated_at": "2018-03-29 19:36:52",
"field_validation": null,
"field": {
"id": 1,
"field_name": "value",
"field_definition": "varchar(128) NOT NULL",
"field_description": "Object Value",
"field_creator": "system",
"field_required": "required",
"created_at": "2018-03-29 19:33:45",
"updated_at": "2018-03-29 19:33:45"
},
"custom_object": {
"id": 1,
"object_name": "Attack Pattern",
"object_description": "STIX: Attack Pattern",
"code": "attack_pattern",
"availability": "Available",
"constraints": null,
"created_at": "2018-03-29 19:36:52",
"updated_at": "2018-03-29 19:36:53"
}
},
{
"id": 2,
"custom_object_id": 1,
"field_id": 3,
"field_display_name": "Object Status",
"field_definition": null,
"field_status": "Enabled",
"created_at": "2018-03-29 19:36:52",
"updated_at": "2018-03-29 19:36:52",
"field_validation": null,
"field": {
"id": 3,
"field_name": "status_id",
"field_definition": "integer",
"field_description": "Object Status",
"field_creator": "system",
"field_required": "required",
"created_at": "2018-03-29 19:33:45",
"updated_at": "2018-03-29 19:33:45"
},
"custom_object": {
"id": 1,
"object_name": "Attack Pattern",
"object_description": "STIX: Attack Pattern",
"code": "attack_pattern",
"availability": "Available",
"constraints": null,
"created_at": "2018-03-29 19:36:52",
"updated_at": "2018-03-29 19:36:53"
}
},
{
"id": 3,
"custom_object_id": 1,
"field_id": 4,
"field_display_name": "Object Type",
"field_definition": null,
"field_status": "Enabled",
"created_at": "2018-03-29 19:36:52",
"updated_at": "2018-03-29 19:36:52",
"field_validation": null,
"field": {
"id": 4,
"field_name": "type_id",
"field_definition": "integer",
"field_description": "Object Type",
"field_creator": "system",
"field_required": "required",
"created_at": "2018-03-29 19:33:45",
"updated_at": "2018-03-29 19:33:45"
},
"custom_object": {
"id": 1,
"object_name": "Attack Pattern",
"object_description": "STIX: Attack Pattern",
"code": "attack_pattern",
"availability": "Available",
"constraints": null,
"created_at": "2018-03-29 19:36:52",
"updated_at": "2018-03-29 19:36:53"
}
},
{
"id": 4,
"custom_object_id": 1,
"field_id": 2,
"field_display_name": "Description",
"field_definition": "text",
"field_status": "disabled",
"created_at": "2018-03-29 19:36:52",
"updated_at": "2018-03-29 19:36:52",
"field_validation": null,
"field": {
"id": 2,
"field_name": "description",
"field_definition": "text",
"field_description": "Object Description",
"field_creator": "system",
"field_required": "optional",
"created_at": "2018-03-29 19:33:45",
"updated_at": "2018-03-29 19:33:45"
},
"custom_object": {
"id": 1,
"object_name": "Attack Pattern",
"object_description": "STIX: Attack Pattern",
"code": "attack_pattern",
"availability": "Available",
"constraints": null,
"created_at": "2018-03-29 19:36:52",
"updated_at": "2018-03-29 19:36:53"
}
}
]
}Response
401Access denied.
Custom Object Field Relation ¶
Custom Object Field RelationGET/custom-objects/{custom_object_id}/field-relations/{custom_object_field_relation_id}{?with}
Get a single Custom Object Field Relation. This is a field assigned to a Custom Object.
Example URI
GET /custom-objects/1/field-relations/2?with=field,customObject
URI Parameters
- custom_object_id
integer(required) Example: 1Custom Object ID
- custom_object_field_relation_id
integer(required) Example: 2Custom Object Field Relation ID
- with
string(optional) Example: field,customObjectA comma-separated list of related objects to include in the response. Options for this endpoint: field, customObject.
Request
Headers
Authorization: Bearer <access_token>Response
200Object(s) retrieved successfully.
Body
{
"data": {
"id": 1,
"custom_object_id": 1,
"field_id": 1,
"field_display_name": "Name",
"field_definition": null,
"field_status": "Enabled",
"created_at": "2018-03-29 19:36:52",
"updated_at": "2018-03-29 19:36:52",
"field_validation": null,
"field": {
"id": 1,
"field_name": "value",
"field_definition": "varchar(128) NOT NULL",
"field_description": "Object Value",
"field_creator": "system",
"field_required": "required",
"created_at": "2018-03-29 19:33:45",
"updated_at": "2018-03-29 19:33:45"
},
"custom_object": {
"id": 1,
"object_name": "Attack Pattern",
"object_description": "STIX: Attack Pattern",
"code": "attack_pattern",
"availability": "Available",
"constraints": null,
"created_at": "2018-03-29 19:36:52",
"updated_at": "2018-03-29 19:36:53"
}
}
}Response
401Access denied.
Response
404Object not found.
EULA ¶
Active EULA ¶
Get the Active EULAGET/eula{?with}
Get the active EULA - the most recent for the system license type.
Example URI
GET /eula?with=acceptance
URI Parameters
- with
string(optional) Example: acceptanceA comma-separated list of related objects to include in the response. Options for this endpoint: acceptance.
Request
Headers
Authorization: Bearer <access_token>Response
200Object(s) retrieved successfully.
Body
{
"data": {
"id": 1,
"license_type": "ON_PREM_CUST",
"text": "THREATQUOTIENT, INC.\n\nEND USER LICENSE AGREEMENT...",
"version": "2.0",
"hash": "b7f2d56684753bf70f31164c698b0f3f",
"created_at": "2017-04-05 19:59:07",
"updated_at": "2017-04-05 19:59:07",
"acceptance": {
"id": 1,
"user_id": 1,
"eula_id": 1,
"created_at": "2021-03-30 15:21:28",
"updated_at": "2021-03-30 15:21:28"
}
}
}Response
401Access denied.
EULA Acceptance List ¶
Accept EULAPOST/eula/{eula_id}/acceptance
Create a new EULA Acceptance record. This endpoint creates a EULA Acceptance entry for the authenticated user.
Example URI
POST /eula/1/acceptance
URI Parameters
- eula_id
integer(required) Example: 1EULA ID
Request
Body
No Request Body.Response
201Object was created successfully.
Headers
Content-Type: application/jsonBody
{
"data": {
"eula_id": "1",
"user_id": 1,
"updated_at": "2021-03-30 16:03:01",
"created_at": "2021-03-30 16:03:01",
"id": 6
}
}Response
400Validation failed.
Headers
Content-Type: application/jsonBody
{
"data": {
"eula_id": "1",
"user_id": 1,
"errors": {
"eula_id": [
"This eula id has already been taken."
]
}
}
}Response
401Access denied.
Event Imports ¶
Event Imports ¶
Event ImportsPOST/events/import
Create a new Event Import.
Example URI
POST /events/import
Request
Headers
Content-Type: application/json
Authorization: Bearer <access_token>Body
------WebKitFormBoundaryOXZxN3SNueFFAXTP
Content-Disposition: form-data; name="resumableChunkNumber"
1
------WebKitFormBoundaryOXZxN3SNueFFAXTP
Content-Disposition: form-data; name="resumableChunkSize"
1048576
------WebKitFormBoundaryOXZxN3SNueFFAXTP
Content-Disposition: form-data; name="resumableCurrentChunkSize"
307799
------WebKitFormBoundaryOXZxN3SNueFFAXTP
Content-Disposition: form-data; name="resumableTotalSize"
307799
------WebKitFormBoundaryOXZxN3SNueFFAXTP
Content-Disposition: form-data; name="resumableType"
text/plain
------WebKitFormBoundaryOXZxN3SNueFFAXTP
Content-Disposition: form-data; name="resumableIdentifier"
307799-ChronArtewallclockstxt
------WebKitFormBoundaryOXZxN3SNueFFAXTP
Content-Disposition: form-data; name="resumableFilename"
ChronArte wall clocks.txt
------WebKitFormBoundaryOXZxN3SNueFFAXTP
Content-Disposition: form-data; name="resumableRelativePath"
ChronArte wall clocks.txt
------WebKitFormBoundaryOXZxN3SNueFFAXTP
Content-Disposition: form-data; name="resumableTotalChunks"
1
------WebKitFormBoundaryOXZxN3SNueFFAXTP
Content-Disposition: form-data; name="type_id"
1
------WebKitFormBoundaryOXZxN3SNueFFAXTP
Content-Disposition: form-data; name="sources"
[{"name":"me","tlp":{"name":"AMBER"}]
------WebKitFormBoundaryOXZxN3SNueFFAXTP
Content-Disposition: form-data; name="file"; filename="blob"
Content-Type: application/octet-stream
------WebKitFormBoundaryOXZxN3SNueFFAXTP--Response
201Object was created successfully.
Headers
Content-Type: application/jsonBody
{
"data": {
"id": 1
}
}Response
400Validation failed.
Headers
Content-Type: application/jsonBody
{
"data": {
"errors": {
"file": [
"The file field is required when text is not present."
],
"text": [
"The text field is required when file is not present."
]
}
}
}Response
401Access denied.
Event Import ¶
Get SingleGET/events/import/{event_import_id}{?with}
Get a single Event Import.
Example URI
GET /events/import/1?with=attachments,creatorSource
URI Parameters
- event_import_id
integer(required) Example: 1Event Import ID
- with
string(optional) Example: attachments,creatorSourceA comma-separated list of related objects to include in the response. Options for this endpoint: attachments, creatorSource, events, globalAttributes, globalIndicatorAttributes, globalObjectLinks, indicators, indicatorStatus, objectLinks, type.
Request
Headers
Authorization: Bearer <access_token>Response
200Object(s) retrieved successfully.
Body
{
"data": {
"id": 1,
"creator_source_id": 5,
"type_id": 1,
"text": "Delivered-To: architonic@null.otherinbox.com\nReceived: by 10.231.208.4 with SMTP id ga4cs14990ibb;\n",
"source": "me",
"indicator_status_id": 4,
"completed_at": null,
"created_at": "2017-03-22 00:54:34",
"updated_at": "2017-03-22 00:54:34",
"globals": {
"indicators": {
"attributes": []
},
"relations": {}
}
}
}Response
401Access denied.
Response
404Object not found.
UpdatePUT/events/import/{event_import_id}{?with}
Update an Event Import.
Example URI
PUT /events/import/1?with=attachments,creatorSource
URI Parameters
- event_import_id
integer(required) Example: 1Event Import ID
- with
string(optional) Example: attachments,creatorSourceA comma-separated list of related objects to include in the response. Options for this endpoint: attachments, creatorSource, events, globalAttributes, globalIndicatorAttributes, globalObjectLinks, indicators, indicatorStatus, objectLinks, type.
Request
Headers
Content-Type: application/json
Authorization: Bearer <access_token>Body
{
"indicator_status_id": 1,
"globals": {
"indicators": {
"attributes": []
},
"relations": {
"adversaries": [],
"events": [],
"attachments": [],
"indicators": [],
"signatures": []
}
}
}Response
201Object was created successfully.
Headers
Content-Type: application/jsonBody
{
"data": {
"id": 1
}
}Response
401Access denied.
Response
404Object not found.
DeleteDELETE/events/import/{event_import_id}
Delete an Event Import.
Example URI
DELETE /events/import/1
URI Parameters
- event_import_id
integer(required) Example: 1Event Import ID
Request
Headers
Authorization: Bearer <access_token>Response
204Object(s) were successfully deleted.
Response
401Access denied.
Response
404Object not found.
Event Import Attachment ¶
UpdatePUT/events/import/{event_import_id}/attachments/{event_import_attachment_id}
Update an Event Import Attachment.
Example URI
PUT /events/import/1/attachments/2
URI Parameters
- event_import_id
integer(required) Example: 1Event Import ID
- event_import_attachment_id
integer(required) Example: 2Event Import Attachment ID
Request
Headers
Content-Type: application/json
Authorization: Bearer <access_token>Body
{
"title": "Attachment Title",
"type_id": 20
}Response
201Object was created successfully.
Headers
Content-Type: application/jsonBody
{
"data": {
"id": 2,
"import_id": 1,
"type_id": 20,
"title": "Attachment Title",
"name": "Price list ChronArte Quadro.pdf",
"content_type": "application/pdf",
"file_size": 70914,
"source": "me"
}
}Response
401Access denied.
Response
404Object not found.
DeleteDELETE/events/import/{event_import_id}/attachments/{event_import_attachment_id}
Delete an Event Import Attachment.
Example URI
DELETE /events/import/1/attachments/2
URI Parameters
- event_import_id
integer(required) Example: 1Event Import ID
- event_import_attachment_id
integer(required) Example: 2Event Import Attachment ID
Request
Headers
Authorization: Bearer <access_token>Response
204Object(s) were successfully deleted.
Response
401Access denied.
Response
404Object not found.
Event Import Attachments ¶
Event Import AttachmentsDELETE/events/import/{event_import_id}/attachments
Bulk delete Event Import Attachments.
Example URI
DELETE /events/import/1/attachments
URI Parameters
- event_import_id
integer(required) Example: 1Event Import ID
Request
Headers
Authorization: Bearer <access_token>Response
204Object(s) were successfully deleted.
Response
401Access denied.
Response
404Object not found.
Event Import Commit ¶
Event Import CommitGET/events/import/{event_import_id}/commit
Commit an Event Import.
Example URI
GET /events/import/1/commit
URI Parameters
- event_import_id
integer(required) Example: 1Event Import ID
Request
Headers
Authorization: Bearer <access_token>Response
200Object(s) retrieved successfully.
Body
{
"data": {
"events": [
{
"id": 601
}
]
}
}Response
401Access denied.
Response
404Object not found.
Event Import Event List ¶
Get ListGET/events/import/{event_import_id}/events{?limit,offset,sort,with}
Get a list of Event Import Events.
Example URI
GET /events/import/1/events?limit=500&offset=100&sort=id&with=attributes,import
URI Parameters
- event_import_id
integer(required) Example: 1Event Import ID
- limit
integer(optional) Example: 500The maximum number of records to retrieve.
- offset
integer(optional) Example: 100Designate the record that will appear first in your retrieved list.
- sort
string(optional) Example: idDesignate the field(s) you want to use to sort the retrieved list. You can prepend each field with a minus sign (-) to reverse the sorting order. This string can be a list of comma-separated values.
- with
string(optional) Example: attributes,importA comma-separated list of related objects to include in the response. Options for this endpoint: attributes, import, type.
Request
Headers
Authorization: Bearer <access_token>Response
200Object(s) retrieved successfully.
Body
{
"total": 1,
"data": [
{
"id": 1,
"import_id": 1,
"title": "ChronArte wall clocks",
"type_id": 1,
"description": null,
"happened_at": "2011-04-29 13:31:38",
"hash": "214bd740d728a910874f4017a1775b9e",
"sources": [
{
"name": "Source"
}
]
}
]
}Response
401Access denied.
Create NewPOST/events/import/{event_import_id}/events
Create a new Event Import Event.
Example URI
POST /events/import/1/events
URI Parameters
- event_import_id
integer(required) Example: 1Event Import ID
Request
Headers
Content-Type: application/json
Authorization: Bearer <access_token>Body
{
"title": "Event Title",
"type_id": "1",
"description": "Event Description",
"happened_at": "2017-01-01 12:00:00",
"source": {
"name": "Source",
"tlp": {
"name": "AMBER"
}
}
}Response
201Object was created successfully.
Headers
Content-Type: application/jsonBody
{
"data": {
"import_id": "1",
"title": "Event Title",
"type_id": "1",
"description": "Event Description",
"happened_at": "2017-01-01 12:00:00",
"hash": "2fa82c530984cb46f49ca9a06069b008",
"id": 2,
"sources": [
{
"name": "Source"
}
]
}
}Response
400Validation failed.
Headers
Content-Type: application/jsonBody
{
"data": {
"import_id": "1",
"hash": null,
"errors": {
"type_id": [
"The type id field is required."
],
"title": [
"The title field is required."
],
"happened_at": [
"The happened at field is required."
],
"source": [
"The source field is required."
]
},
"sources": []
}
}Response
401Access denied.
Bulk DeleteDELETE/events/import/{event_import_id}/events
Bulk delete Event Import Events.
Example URI
DELETE /events/import/1/events
URI Parameters
- event_import_id
integer(required) Example: 1Event Import ID
Request
Headers
Content-Type: application/json
Authorization: Bearer <access_token>Body
[
291,
292,
293,
299,
301,
303
]Response
204Object(s) were successfully deleted.
Response
401Access denied.
Response
404Object not found.
Event Import Event ¶
Get SingleGET/events/import/{event_import_id}/events/{event_import_event_id}{?with}
Get a single Event Import Event.
Example URI
GET /events/import/1/events/2?with=attributes,import
URI Parameters
- event_import_id
integer(required) Example: 1Event Import ID
- event_import_event_id
integer(required) Example: 2Event Import Event ID
- with
string(optional) Example: attributes,importA comma-separated list of related objects to include in the response. Options for this endpoint: attributes, import, type.
Request
Headers
Authorization: Bearer <access_token>Response
200Object(s) retrieved successfully.
Body
{
"data": {
"id": 2,
"import_id": 1,
"title": "Event Title",
"type_id": 2,
"description": "Event Description",
"happened_at": "2017-02-02 02:00:00",
"hash": "b06f2a5054dc17de1d4b07526ba4f07d",
"sources": [
{
"name": "Source"
}
]
}
}Response
401Access denied.
Response
404Object not found.
UpdatePUT/events/import/{event_import_id}/events/{event_import_event_id}
Update an Event Import Event.
Example URI
PUT /events/import/1/events/2
URI Parameters
- event_import_id
integer(required) Example: 1Event Import ID
- event_import_event_id
integer(required) Example: 2Event Import Event ID
Request
Headers
Content-Type: application/json
Authorization: Bearer <access_token>Body
{
"title": "Updated Event Title",
"type_id": "2",
"description": "Updated Description",
"happened_at": "2017-02-02 02:00:00"
}Response
201Object was created successfully.
Headers
Content-Type: application/jsonBody
{
"data": {
"id": 2,
"import_id": 1,
"title": "Updated Event Title",
"type_id": "2",
"description": "Updated Description",
"happened_at": "2017-02-02 02:00:00",
"hash": "b06f2a5054dc17de1d4b07526ba4f07d",
"sources": [
{
"name": "Source"
}
]
}
}Response
401Access denied.
Response
404Object not found.
DeleteDELETE/events/import/{event_import_id}/events/{event_import_event_id}
Delete an Event Import Event.
Example URI
DELETE /events/import/1/events/2
URI Parameters
- event_import_id
integer(required) Example: 1Event Import ID
- event_import_event_id
integer(required) Example: 2Event Import Event ID
Request
Headers
Authorization: Bearer <access_token>Response
204Object(s) were successfully deleted.
Response
401Access denied.
Response
404Object not found.
Event Import Event Attributes ¶
Get ListGET/events/import/{event_import_id}/event/attributes{?with}
Get a list of Event Import Event Attributes.
Example URI
GET /events/import/1/event/attributes?with=event,import
URI Parameters
- event_import_id
integer(required) Example: 1Event Import ID
- sort:
id(string, optional) - Designate the field(s) you want to use to sort the retrieved list. You can prepend each field with a minus sign (-) to reverse the sorting order. This string can be a list of comma-separated values.
- sort:
- with
string(optional) Example: event,importA comma-separated list of related objects to include in the response. Options for this endpoint: event, import.
Request
Headers
Authorization: Bearer <access_token>Response
200Object(s) retrieved successfully.
Body
{
"total": 3,
"data": [
{
"id": 1,
"import_id": 1,
"event_id": 1,
"name": "Delivered-To",
"value": "architonic@null.otherinbox.com",
"source": "Source"
},
{
"id": 9,
"import_id": 1,
"event_id": 1,
"name": "Mime-Version",
"value": "1.0",
"source": "Source"
},
{
"id": 11,
"import_id": 1,
"event_id": 1,
"name": "Subject",
"value": "ChronArte wall clocks",
"source": "Source"
}
]
}Response
401Access denied.
Create NewPOST/events/import/{event_import_id}/event/attributes
Create a new Event Import Event Attribute.
Example URI
POST /events/import/1/event/attributes
URI Parameters
- event_import_id
integer(required) Example: 1Event Import ID
Request
Headers
Content-Type: application/json
Authorization: Bearer <access_token>Body
{
"name": "Accessed Time",
"value": "2017-01-01 01:01:01",
"source": {
"name": "Source",
"tlp": {
"name": "AMBER"
}
}
}Response
201Object was created successfully.
Headers
Content-Type: application/jsonBody
{
"data": {
"name": "Accessed Time",
"value": "2017-01-01 01:01:01",
"source": "Source",
"import_id": 1,
"event_id": 1,
"id": 13
}
}Response
400Validation failed.
Headers
Content-Type: application/jsonBody
{
"data": {
"import_id": 1,
"event_id": 1,
"errors": {
"name": [
"The name field is required."
],
"value": [
"The value field is required."
],
"source": [
"The source field is required."
]
}
}
}Response
401Access denied.
Bulk DeleteDELETE/events/import/{event_import_id}/event/attributes
Bulk delete Event Import Event Attributes.
Example URI
DELETE /events/import/1/event/attributes
URI Parameters
- event_import_id
integer(required) Example: 1Event Import ID
Request
Headers
Content-Type: application/json
Authorization: Bearer <access_token>Body
[
531,
532,
535,
538,
540,
541
]Response
204Object(s) were successfully deleted.
Response
401Access denied.
Response
404Object not found.
Event Import Event Attribute ¶
Event Import Event AttributeDELETE/events/import/{event_import_id}/event/attributes/{event_import_event_attribute_id}
Delete an Event Import Event Attribute.
Example URI
DELETE /events/import/1/event/attributes/2
URI Parameters
- event_import_id
integer(required) Example: 1Event Import ID
- event_import_event_attribute_id
integer(required) Example: 2Event Import Event Attribute ID
Request
Headers
Authorization: Bearer <access_token>Response
204Object(s) were successfully deleted.
Response
401Access denied.
Response
404Object not found.
Event Import Global Indicator Attributes ¶
Get ListGET/events/import/{event_import_id}/globals/indicators/attributes{?limit,offset,sort,with}
Get a list of Event Import Global Indicator Attributes.
Example URI
GET /events/import/1/globals/indicators/attributes?limit=500&offset=100&sort=id&with=import
URI Parameters
- event_import_id
integer(required) Example: 1Event Import ID
- limit
integer(optional) Example: 500The maximum number of records to retrieve.
- offset
integer(optional) Example: 100Designate the record that will appear first in your retrieved list.
- sort
string(optional) Example: idDesignate the field(s) you want to use to sort the retrieved list. You can prepend each field with a minus sign (-) to reverse the sorting order. This string can be a list of comma-separated values.
- with
string(optional) Example: importA comma-separated list of related objects to include in the response. Options for this endpoint: import.
Request
Headers
Authorization: Bearer <access_token>Response
200Object(s) retrieved successfully.
Body
{
"total": 2,
"data": [
{
"id": 1,
"import_id": 1,
"name": "Accessed Time",
"value": "2017-01-01 01:01:01",
"type": "indicator",
"sources": [
{
"name": "Source"
}
]
},
{
"id": 2,
"import_id": 1,
"name": "Test Attribute 1",
"value": "Test Value 1",
"type": "Indicator",
"sources": [
{
"name": "Source"
}
]
}
]
}Response
401Access denied.
Create NewPOST/events/import/{event_import_id}/globals/indicators/attributes
Create a new Event Import Global Indicator Attribute.
Example URI
POST /events/import/1/globals/indicators/attributes
URI Parameters
- event_import_id
integer(required) Example: 1Event Import ID
Request
Headers
Content-Type: application/json
Authorization: Bearer <access_token>Body
{
"name": "Test Attribute 1",
"value": "Test Value 1",
"source": {
"name": "Source",
"tlp": {
"name": "AMBER"
}
}
}Response
201Object was created successfully.
Headers
Content-Type: application/jsonBody
{
"data": {
"type": "Indicator",
"import_id": "1",
"name": "Test Attribute 1",
"value": "Test Value 1",
"id": 2,
"sources": [
{
"name": "Source"
}
]
}
}Response
400Validation failed.
Headers
Content-Type: application/jsonBody
{
"data": {
"type": "Indicator",
"import_id": "1",
"errors": {
"name": [
"The name field is required."
],
"value": [
"The value field is required."
]
},
"sources": []
}
}Response
401Access denied.
Event Import Global Indicator Attribute ¶
Get SingleGET/events/import/{event_import_id}/globals/indicators/attributes/{event_import_global_indicator_attribute_id}{?with}
Get a single Event Import Global Indicator Attribute.
Example URI
GET /events/import/1/globals/indicators/attributes/2?with=import
URI Parameters
- event_import_id
integer(required) Example: 1Event Import ID
- event_import_global_indicator_attribute_id
integer(required) Example: 2Event Import Global Indicator Attribute ID
- with
string(optional) Example: importA comma-separated list of related objects to include in the response. Options for this endpoint: import.
Request
Headers
Authorization: Bearer <access_token>Response
200Object(s) retrieved successfully.
Body
{
"data": {
"id": 1,
"import_id": 1,
"name": "Accessed Time",
"value": "2017-01-01 01:01:01",
"type": "indicator",
"sources": [
{
"name": "Source"
}
]
}
}Response
401Access denied.
Response
404Object not found.
UpdatePUT/events/import/{event_import_id}/globals/indicators/attributes/{event_import_global_indicator_attribute_id}
Update an Event Import Global Indicator Attribute.
Example URI
PUT /events/import/1/globals/indicators/attributes/2
URI Parameters
- event_import_id
integer(required) Example: 1Event Import ID
- event_import_global_indicator_attribute_id
integer(required) Example: 2Event Import Global Indicator Attribute ID
Request
Headers
Content-Type: application/json
Authorization: Bearer <access_token>Body
{
"value": "2017-02-02 02:02:02",
"type": "Indicator"
}Response
201Object was created successfully.
Headers
Content-Type: application/jsonBody
{
"data": {
"id": 1,
"import_id": 1,
"name": "Accessed Time",
"value": "2017-02-02 02:02:02",
"type": "Indicator",
"sources": [
{
"name": "Source"
}
]
}
}Response
400Validation failed.
Headers
Content-Type: application/jsonBody
{
"data": {
"id": 1,
"import_id": 1,
"name": "Accessed Time",
"value": "2017-01-01 01:01:01",
"type": "indicator",
"errors": {
"type": [
"The selected type is invalid."
]
},
"sources": [
{
"name": "Source"
}
]
}
}Response
401Access denied.
Response
404Object not found.
DeleteDELETE/events/import/{event_import_id}/globals/indicators/attributes/{event_import_global_indicator_attribute_id}
Delete an Event Import Global Indicator Attribute.
Example URI
DELETE /events/import/1/globals/indicators/attributes/2
URI Parameters
- event_import_id
integer(required) Example: 1Event Import ID
- event_import_global_indicator_attribute_id
integer(required) Example: 2Event Import Global Indicator Attribute ID
Request
Headers
Authorization: Bearer <access_token>Response
204Object(s) were successfully deleted.
Response
401Access denied.
Response
404Object not found.
Event Import Indicator Attributes ¶
Event Import Indicator AttributesPOST/events/import/{event_import_id}/indicators/attributes
Create a new Event Import Indicator Attribute.
Example URI
POST /events/import/1/indicators/attributes
URI Parameters
- event_import_id
integer(required) Example: 1Event Import ID
Request
Headers
Content-Type: application/json
Authorization: Bearer <access_token>Body
{
"name": "Test Attribute 1",
"value": "Test Value 1",
"source": {
"name": "Source",
"tlp": {
"name": "AMBER"
}
}
"indicator_ids": [
1,
2
]
}Response
201Object was created successfully.
Headers
Content-Type: application/jsonBody
{
"data": [
{
"name": "Test Attribute 1",
"value": "Test Value 1",
"source": "Source",
"import_id": 1,
"indicator_id": 1,
"id": 2
}
]
}Response
400Validation failed.
Headers
Content-Type: application/jsonBody
{
"data": [
{
"import_id": 1,
"indicator_id": 1,
"errors": {
"name": [
"The name field is required."
],
"value": [
"The value field is required."
]
}
}
]
}Response
401Access denied.
Event Import Indicator Comments ¶
Event Import Indicator CommentsPOST/events/import/{event_import_id}/indicators/comments
Create a new Event Import Indicator Comment.
Example URI
POST /events/import/1/indicators/comments
URI Parameters
- event_import_id
integer(required) Example: 1Event Import ID
Request
Headers
Content-Type: application/json
Authorization: Bearer <access_token>Body
{
"value": "This is a comment.",
"indicator_ids": [
1,
2
]
}Response
201Object was created successfully.
Headers
Content-Type: application/jsonBody
{
"data": [
{
"value": "This is a comment.",
"import_id": 1,
"indicator_id": 8,
"id": 1
},
{
"value": "This is a comment.",
"import_id": 1,
"indicator_id": 20,
"id": 2
}
]
}Response
400Validation failed.
Headers
Content-Type: application/jsonBody
{
"data": [
{
"import_id": 1,
"indicator_id": 1,
"errors": {
"value": [
"The value field is required."
]
}
},
{
"import_id": 1,
"indicator_id": 2,
"errors": {
"value": [
"The value field is required."
]
}
}
]
}Response
401Access denied.
Event Import Indicator List ¶
Get ListGET/events/import/{event_import_id}/indicators{?with}
Get a list of Event Import Indicators.
Example URI
GET /events/import/1/indicators?with=attributes,comments
URI Parameters
- event_import_id
integer(required) Example: 1Event Import ID
- sort:
id(string, optional) - Designate the field(s) you want to use to sort the retrieved list. You can prepend each field with a minus sign (-) to reverse the sorting order. This string can be a list of comma-separated values.
- sort:
- with
string(optional) Example: attributes,commentsA comma-separated list of related objects to include in the response. Options for this endpoint: attributes, comments, import, status, type.
Request
Headers
Authorization: Bearer <access_token>Response
200Object(s) retrieved successfully.
Body
{
"total": 2,
"data": [
{
"id": 1,
"import_id": 1,
"value": "architonic@null.otherinbox.com",
"class": "network",
"type_id": 2,
"hash": "a12d8b4f5622e439651c5f1d7f6500b2",
"status_id": 4,
"whitelisted": "N",
"source": "me",
"indicator_id": null,
"attributes": [],
"comments": []
},
{
"id": 2,
"import_id": 1,
"value": "info@chronarte.ch",
"class": "network",
"type_id": 2,
"hash": "ab0233775a116907756968ef2136534e",
"status_id": 4,
"whitelisted": "N",
"source": "me",
"indicator_id": null,
"attributes": [],
"comments": []
}
]
}Response
401Access denied.
Create NewPOST/events/import/{event_import_id}/indicators
Create a new Event Import Indicator.
Example URI
POST /events/import/1/indicators
URI Parameters
- event_import_id
integer(required) Example: 1Event Import ID
Request
Headers
Content-Type: application/json
Authorization: Bearer <access_token>Body
{
"value": "99.99.99.99",
"type_id": 10,
"status_id": 4,
"source": {
"name": "Source",
"tlp": {
"name": "AMBER"
}
}
}Response
201Object was created successfully.
Headers
Content-Type: application/jsonBody
{
"data": {
"value": "99.99.99.99",
"hash": "d225e18ca84bdaa618f9f00eb2920061",
"type_id": 10,
"status_id": 4,
"source": "Source",
"class": "network",
"import_id": 1,
"id": 23
}
}Response
400Validation failed.
Headers
Content-Type: application/jsonBody
{
"data": {
"import_id": 1,
"errors": {
"value": [
"The value field is required."
],
"class": [
"The class field is required."
],
"type_id": [
"The type id field is required."
],
"hash": [
"The hash field is required."
]
}
}
}Response
401Access denied.
Bulk DeleteDELETE/events/import/{event_import_id}/indicators
Bulk delete Event Import Indicators.
Example URI
DELETE /events/import/1/indicators
URI Parameters
- event_import_id
integer(required) Example: 1Event Import ID
Request
Headers
Content-Type: application/json
Authorization: Bearer <access_token>Body
[
89,
90,
113,
115,
123,
189
]Response
204Object(s) were successfully deleted.
Response
401Access denied.
Response
404Object not found.
Event Import Indicator ¶
UpdatePUT/events/import/{event_import_id}/indicators/{event_import_indicator_id}
Update an Event Import Indicator.
Example URI
PUT /events/import/1/indicators/2
URI Parameters
- event_import_id
integer(required) Example: 1Event Import ID
- event_import_indicator_id
integer(required) Example: 2Event Import Indicator ID
Request
Headers
Content-Type: application/json
Authorization: Bearer <access_token>Body
{
"value": "98.98.98.98",
"status_id": "5"
}Response
201Object was created successfully.
Headers
Content-Type: application/jsonBody
{
"data": {
"id": 20,
"import_id": 1,
"value": "98.98.98.98",
"class": "network",
"type_id": 10,
"hash": "7e7709c4d4f1643c3de70c461b4d1453",
"status_id": "5",
"whitelisted": "N",
"source": "me",
"indicator_id": null
}
}Response
401Access denied.
Response
404Object not found.
DeleteDELETE/events/import/{event_import_id}/indicators/{event_import_indicator_id}
Delete an Event Import Indicator.
Example URI
DELETE /events/import/1/indicators/2
URI Parameters
- event_import_id
integer(required) Example: 1Event Import ID
- event_import_indicator_id
integer(required) Example: 2Event Import Indicator ID
Request
Headers
Authorization: Bearer <access_token>Response
204Object(s) were successfully deleted.
Response
401Access denied.
Response
404Object not found.
Events ¶
Event List ¶
Get ListGET/events{?limit,offset,sort,with}
Get a list of Events.
Example URI
GET /events?limit=500&offset=100&sort=id&with=adversaries,attachments
URI Parameters
- limit
integer(optional) Example: 500The maximum number of records to retrieve.
- offset
integer(optional) Example: 100Designate the record that will appear first in your retrieved list.
- sort
string(optional) Example: idDesignate the field(s) you want to use to sort the retrieved list. You can prepend each field with a minus sign (-) to reverse the sorting order. This string can be a list of comma-separated values.
- with
string(optional) Example: adversaries,attachmentsA comma-separated list of related objects to include in the response. Options for this endpoint: adversaries, attachments, attributes, comments, events, indicators, signatures, sources, spearphish, tags, type, watchlist.
Request
Headers
Authorization: Bearer <access_token>Response
200Object(s) retrieved successfully.
Body
{
"total": 600,
"data": [
{
"id": 1,
"type_id": 1,
"title": "Subject - There was certainly not becoming. 'And that's the jury-box,' thought Alice, as she couldn't answer either.",
"description": "",
"happened_at": "2016-12-29 17:39:59",
"hash": "7566c6f14e7f08746855f851f27ed397",
"created_at": "2016-12-29 17:39:59",
"updated_at": "2016-12-29 17:39:59",
"touched_at": "2017-03-18 00:07:34"
},
{
"id": 2,
"type_id": 1,
"title": "Subject - YOU manage?' Alice asked. 'We called him Tortoise because he.",
"description": "",
"happened_at": "2016-12-21 13:53:23",
"hash": "8ad4cebe15c8fe57fff452faf2ccb32a",
"created_at": "2016-12-21 13:53:23",
"updated_at": "2016-12-21 13:53:23",
"touched_at": "2017-03-18 00:07:34"
},
{
"id": 3,
"type_id": 1,
"title": "Subject - Majesty,' said Two, in a.",
"description": "",
"happened_at": "2016-10-23 16:41:57",
"hash": "149475f8a7491a752dbe9ad1057b5337",
"created_at": "2016-10-23 16:41:57",
"updated_at": "2016-10-23 16:41:57",
"touched_at": "2017-03-18 00:07:34"
}
]
}Response
401Access denied.
Create NewPOST/events
Create a new Event.
Example URI
POST /events
Request
Headers
Content-Type: application/json
Authorization: Bearer <access_token>Body
{
"title": "Event Name",
"type": "Spearphish",
"happened_at": "2017-03-20 01:43:05",
"sources": [
{
"name": "Event Source",
"tlp": {
"name": "AMBER"
}
}
]
}Response
201Object was created successfully.
Headers
Content-Type: application/jsonBody
{
"data": {
"title": "Event Name",
"type_id": 1,
"happened_at": "2017-03-20 01:43:05",
"hash": "e59c3274f3156b10aca1c8962a5880cb",
"updated_at": "2017-03-20 13:35:13",
"created_at": "2017-03-20 13:35:13",
"id": 601,
"type": {
"id": 1,
"name": "Spearphish",
"user_editable": "N",
"created_at": "2017-03-20 13:28:23",
"updated_at": "2017-03-20 13:28:23"
},
"sources": [
{
"type": "other_sources",
"name": "Event Source",
"updated_at": "2017-03-20 13:35:13",
"created_at": "2017-03-20 13:35:13",
"id": 10
}
]
}
}Response
400Validation failed.
Headers
Content-Type: application/jsonBody
{
"data": {
"hash": null,
"errors": {
"type_id": [
"The type id field is required."
],
"title": [
"The title field is required."
],
"happened_at": [
"The happened at field is required."
],
"hash": [
"The hash field is required."
]
}
}
}Response
401Access denied.
Event ¶
Get SingleGET/events/{event_id}{?with}
Get a single Event.
Example URI
GET /events/1?with=adversaries,attachments
URI Parameters
- event_id
integer(required) Example: 1Event ID
- with
string(optional) Example: adversaries,attachmentsA comma-separated list of related objects to include in the response. Options for this endpoint: adversaries, attachments, attributes, comments, events, indicators, signatures, sources, spearphish, tags, type, watchlist.
Request
Headers
Authorization: Bearer <access_token>Response
200Object(s) retrieved successfully.
Body
{
"data": {
"id": 601,
"type_id": 1,
"title": "Event Name",
"description": null,
"happened_at": "2017-03-20 01:43:05",
"hash": "e59c3274f3156b10aca1c8962a5880cb",
"created_at": "2017-03-20 13:35:13",
"updated_at": "2017-03-20 13:35:13",
"touched_at": "2017-03-20 13:35:13"
}
}Response
401Access denied.
Response
404Object not found.
UpdatePUT/events/{event_id}{?with}
Update an Event.
Example URI
PUT /events/1?with=adversaries,attachments
URI Parameters
- event_id
integer(required) Example: 1Event ID
- with
string(optional) Example: adversaries,attachmentsA comma-separated list of related objects to include in the response. Options for this endpoint: adversaries, attachments, attributes, comments, events, indicators, signatures, sources, spearphish, tags, type, watchlist.
Request
Headers
Content-Type: application/json
Authorization: Bearer <access_token>Body
{
"title": "Updated Event Name",
"happened_at": "2017-03-21 01:43:05"
}Response
201Object was created successfully.
Headers
Content-Type: application/jsonBody
{
"data": {
"id": 601,
"type_id": 1,
"title": "Updated Event Name",
"description": null,
"happened_at": "2017-03-21 01:43:05",
"hash": "6f0b2d3b6b4b1060892ce37084908d85",
"created_at": "2017-03-20 13:35:13",
"updated_at": "2017-03-20 13:41:03",
"touched_at": "2017-03-20 13:35:13"
}
}Response
401Access denied.
Response
404Object not found.
DeleteDELETE/events/{event_id}
Delete an Event.
Example URI
DELETE /events/1
URI Parameters
- event_id
integer(required) Example: 1Event ID
Request
Headers
Authorization: Bearer <access_token>Response
204Object(s) were successfully deleted.
Response
401Access denied.
Response
404Object not found.
Event Adversaries List ¶
Get ListGET/events/{event_id}/adversaries{?limit,offset,sort,with}
Get a list of Event Adversary links.
Example URI
GET /events/1/adversaries?limit=500&offset=100&sort=id&with=sources,pivot.attributes
URI Parameters
- event_id
integer(required) Example: 1Event ID
- limit
integer(optional) Example: 500The maximum number of records to retrieve.
- offset
integer(optional) Example: 100Designate the record that will appear first in your retrieved list.
- sort
string(optional) Example: idDesignate the field(s) you want to use to sort the retrieved list. You can prepend each field with a minus sign (-) to reverse the sorting order. This string can be a list of comma-separated values.
- with
string(optional) Example: sources,pivot.attributesA comma-separated list of related objects to include in the response. Options for this endpoint: pivot.comments, pivot.comments.sources, pivot.attributes, pivot.attributes.attribute, pivot.attributes.sources, pivot.sources, sources.
Request
Headers
Authorization: Bearer <access_token>Response
200Object(s) retrieved successfully.
Body
{
"total": 2,
"data": [
{
"id": 2,
"name": "AMOROUS PANDA",
"created_at": "2018-03-24 03:49:31",
"updated_at": "2018-03-24 03:49:31",
"touched_at": "2018-04-02 16:16:38",
"deleted_at": null,
"sources": [
{
"name": "Customer Observer"
}
],
"pivot": {
"id": 62324,
"src_type": "adversary",
"src_object_id": 1,
"dest_type": "adversary",
"dest_object_id": 2,
"created_at": "2018-04-02 16:16:38",
"updated_at": "2018-04-02 16:16:38",
"comments": [
{
"id": 54,
"type": "users",
"value": "This link is important.",
"source": "Threat Quotient",
"created_at": "2018-04-02 16:19:51.184000",
"updated_at": "2018-04-02 16:23:40.426000",
"creator_source_id": 8
}
],
"attributes": [
{
"id": 15066,
"name": "Industry",
"value": "Hospitals",
"sources": [
{
"id": 2,
"name": "Threat Quotient",
"type": "users",
"pivot": {
"created_at": "2018-04-02 16:17:00.689000",
"updated_at": "2018-04-02 16:17:00.689000"
}
}
]
}
],
"sources": [
{
"id": 24424,
"name": "Threat Quotient",
"type": "users",
"pivot": {
"created_at": "2018-04-02 16:16:38.663000",
"updated_at": "2018-04-02 16:16:38.663000"
}
}
]
}
},
{
"id": 3,
"name": "ANCHOR PANDA",
"created_at": "2018-01-08 23:05:37",
"updated_at": "2018-01-08 23:05:37",
"touched_at": "2018-04-02 16:17:00",
"deleted_at": null,
"sources": [
{
"name": "ThreatQ Front End"
},
{
"name": "Domain Tools"
}
],
"pivot": {
"id": 62325,
"src_type": "adversary",
"src_object_id": 1,
"dest_type": "adversary",
"dest_object_id": 3,
"created_at": "2018-04-02 16:17:00",
"updated_at": "2018-04-02 16:17:00",
"comments": [
{
"id": 56,
"type": "users",
"value": "This link is also important.",
"source": "Threat Quotient",
"created_at": "2018-04-02 16:20:25.327000",
"updated_at": "2018-04-02 16:20:25.327000",
"creator_source_id": 8
}
],
"attributes": [
{
"id": 15065,
"name": "Industry",
"value": "Universities",
"sources": [
{
"id": 1,
"name": "Threat Quotient",
"type": "users",
"pivot": {
"created_at": "2018-04-02 16:17:00.689000",
"updated_at": "2018-04-02 16:17:00.689000"
}
}
]
}
],
"sources": [
{
"id": 24426,
"name": "Threat Quotient",
"type": "users",
"pivot": {
"created_at": "2018-04-02 16:17:00.689000",
"updated_at": "2018-04-02 16:17:00.689000"
}
}
]
}
}
],
"limit": 100,
"offset": 0
}Response
401Access denied.
Create NewPOST/events/{event_id}/adversaries
Create a link from an Adversary to an Event.
Example URI
POST /events/1/adversaries
URI Parameters
- event_id
integer(required) Example: 1Event ID
Request
Headers
Content-Type: application/json
Authorization: Bearer <access_token>Body
[
{
"id": 2
},
{
"id": 3
}
]Response
201Object was created successfully.
Headers
Content-Type: application/jsonBody
{
"total": 2,
"data": [
{
"id": 2,
"name": "AMOROUS PANDA",
"created_at": "2017-03-06 14:05:24",
"updated_at": "2017-03-06 14:05:24",
"touched_at": "2017-03-10 19:25:48",
"pivot": {
"id": 62141,
"created_at": "2017-03-10 19:25:48",
"updated_at": "2017-03-10 19:25:48"
}
},
{
"id": 3,
"name": "ANCHOR PANDA",
"created_at": "2016-12-27 13:45:12",
"updated_at": "2016-12-27 13:45:12",
"touched_at": "2017-03-10 19:25:48",
"pivot": {
"id": 62142,
"created_at": "2017-03-10 19:25:48",
"updated_at": "2017-03-10 19:25:48"
}
}
]
}Response
400Validation failed.
Headers
Content-Type: application/jsonBody
{
"data": [
{
"errors": {
"id": [
"The id field is required."
]
}
}
]
}Response
401Access denied.
Bulk DeleteDELETE/events/{event_id}/adversaries
Delete multiple Event Adversary links. The request should include a list of object_link_ids to be deleted.
Example URI
DELETE /events/1/adversaries
URI Parameters
- event_id
integer(required) Example: 1Event ID
Request
Headers
Content-Type: application/json
Authorization: Bearer <access_token>Body
[
62351,
62352
]Response
204Object(s) were successfully deleted.
Response
401Access denied.
Event Adversary ¶
Get SingleGET/events/{event_id}/adversaries/{object_link_id}{?with}
Get a single Event Adversary link.
Example URI
GET /events/1/adversaries/2?with=sources,pivot.attributes
URI Parameters
- event_id
integer(required) Example: 1Event ID
- object_link_id
integer(required) Example: 2Object Link ID
- with
string(optional) Example: sources,pivot.attributesA comma-separated list of related objects to include in the response. Options for this endpoint: pivot.comments, pivot.comments.sources, pivot.attributes, pivot.attributes.attribute, pivot.attributes.sources, pivot.sources, sources.
Request
Headers
Authorization: Bearer <access_token>Response
200Object(s) retrieved successfully.
Body
{
"data": {
"id": 1,
"name": "Advanced Pawn",
"created_at": "2018-01-18 22:47:52",
"updated_at": "2018-01-18 22:47:52",
"touched_at": "2018-04-02 16:17:00",
"pivot": {
"id": 62324,
"created_at": "2018-04-02 16:16:38",
"updated_at": "2018-04-02 16:16:38",
"comments": [
{
"id": 54,
"object_link_id": 62324,
"value": "This link is important.",
"creator_source_id": 8,
"created_at": "2018-04-02 16:19:51",
"updated_at": "2018-04-02 16:23:40",
"sources": [
{
"id": 8,
"type": "users",
"name": "Threat Quotient",
"expire_days": null,
"score": null,
"created_at": "2018-04-02 15:47:21",
"updated_at": "2018-04-02 15:47:21",
"pivot": {
"id": 54,
"creator_source_id": 8
}
}
]
}
],
"attributes": [
{
"id": 15066,
"object_link_id": 62324,
"attribute_id": 136,
"value": "Hospitals",
"created_at": "2018-04-02 16:25:47",
"updated_at": "2018-04-02 16:25:47",
"name": "Industry",
"attribute": {
"id": 136,
"name": "Industry",
"created_at": "2018-04-02 16:25:21",
"updated_at": "2018-04-02 16:25:21"
},
"sources": [
{
"id": 8,
"type": "users",
"name": "Threat Quotient",
"tlp_id": null,
"created_at": "2018-04-02 16:17:00",
"updated_at": "2018-04-02 16:17:00",
"published_at": null,
"pivot": {
"object_link_attribute_id": 15066,
"source_id": 8,
"id": 2,
"creator_source_id": 0
}
}
]
}
],
"sources": [
{
"id": 8,
"type": "users",
"name": "Threat Quotient",
"tlp_id": null,
"created_at": "2018-04-02 16:16:38",
"updated_at": "2018-04-02 16:16:38",
"published_at": null,
"pivot": {
"object_link_id": 62324,
"source_id": 8,
"id": 24424,
"creator_source_id": 8
}
}
]
},
"sources": [
{
"id": 1,
"type": "clients",
"name": "ThreatQ Front End",
"tlp_id": null,
"created_at": "2018-02-05 12:29:56",
"updated_at": "2018-04-02 15:49:40",
"published_at": null,
"pivot": {
"adversary_id": 1,
"source_id": 1,
"id": 1,
"creator_source_id": 1
}
},
{
"id": 7,
"type": "plugins",
"name": "VirusTotal",
"tlp_id": null,
"created_at": "2018-01-31 03:41:47",
"updated_at": "2018-04-02 15:49:40",
"published_at": null,
"pivot": {
"adversary_id": 1,
"source_id": 7,
"id": 2,
"creator_source_id": 7
}
},
{
"id": 8,
"type": "users",
"name": "Threat Quotient",
"tlp_id": null,
"created_at": "2018-03-31 21:31:30",
"updated_at": "2018-04-02 15:49:40",
"published_at": null,
"pivot": {
"adversary_id": 1,
"source_id": 8,
"id": 3,
"creator_source_id": 8
}
}
]
}
}Response
401Access denied.
Response
404Object not found.
DeleteDELETE/events/{event_id}/adversaries/{object_link_id}
Delete an Event Adversary link.
Example URI
DELETE /events/1/adversaries/2
URI Parameters
- event_id
integer(required) Example: 1Event ID
- object_link_id
integer(required) Example: 2Object Link ID
Request
Headers
Authorization: Bearer <access_token>Response
204Object(s) were successfully deleted.
Response
401Access denied.
Response
404Object not found.
Event Adversary Attributes List ¶
Get ListGET/events/{event_id}/adversaries/{object_link_id}/attributes{?limit,offset,sort}
Get a list of Event Adversary link Attributes.
Example URI
GET /events/1/adversaries/2/attributes?limit=500&offset=100&sort=id
URI Parameters
- event_id
integer(required) Example: 1Event ID
- object_link_id
integer(required) Example: 2Object Link ID
- limit
integer(optional) Example: 500The maximum number of records to retrieve.
- offset
integer(optional) Example: 100Designate the record that will appear first in your retrieved list.
- sort
string(optional) Example: idDesignate the field(s) you want to use to sort the retrieved list. You can prepend each field with a minus sign (-) to reverse the sorting order. This string can be a list of comma-separated values.
Request
Headers
Authorization: Bearer <access_token>Response
200Object(s) retrieved successfully.
Body
{
"total": 2,
"data": [
{
"id": 15067,
"object_link_id": 62326,
"attribute_id": 136,
"value": "Universities",
"created_at": "2018-04-02 17:46:43",
"updated_at": "2018-04-02 17:50:18",
"name": "Industry",
"attribute": {
"id": 136,
"name": "Industry",
"created_at": "2018-04-02 16:25:21",
"updated_at": "2018-04-02 16:25:21"
}
},
{
"id": 15068,
"object_link_id": 62326,
"attribute_id": 136,
"value": "Mining",
"created_at": "2018-04-02 17:52:14",
"updated_at": "2018-04-02 17:52:14",
"name": "Industry",
"attribute": {
"id": 136,
"name": "Industry",
"created_at": "2018-04-02 16:25:21",
"updated_at": "2018-04-02 16:25:21"
}
}
]
}Response
401Access denied.
Create NewPOST/events/{event_id}/adversaries/{object_link_id}/attributes
Create a new Event Adversary link Attribute.
Example URI
POST /events/1/adversaries/2/attributes
URI Parameters
- event_id
integer(required) Example: 1Event ID
- object_link_id
integer(required) Example: 2Object Link ID
Request
Headers
Content-Type: application/json
Authorization: Bearer <access_token>Body
{
"name": "Port",
"value": "4000",
"sources": [
{
"name": "TQ User",
"tlp": {
"name": "RED"
},
"published_at": "2017-02-28 01:01:01"
}
]
}Response
201Object was created successfully.
Headers
Content-Type: application/jsonBody
{
"data": [
{
"id": 15059,
"object_link_id": 61561,
"attribute_id": 401,
"value": "4000",
"created_at": "2017-03-01 21:47:14",
"updated_at": "2017-03-01 21:47:14",
"deleted_at": null
}
]
}Response
400Validation failed.
Headers
Content-Type: application/jsonBody
{
"errors": [
"Undefined index: value"
]
}Response
401Access denied.
Event Adversary Attribute ¶
Get SingleGET/events/{event_id}/adversaries/{object_link_id}/attributes/{object_link_attribute_id}
Get a single Event Adversary link Attribute.
Example URI
GET /events/1/adversaries/2/attributes/3
URI Parameters
- event_id
integer(required) Example: 1Event ID
- object_link_id
integer(required) Example: 2Object Link ID
- object_link_attribute_id
integer(required) Example: 3Object Link Attribute ID
Request
Headers
Authorization: Bearer <access_token>Response
200Object(s) retrieved successfully.
Body
{
"data": {
"id": 15068,
"object_link_id": 62326,
"attribute_id": 136,
"value": "Mining",
"created_at": "2018-04-02 17:52:14",
"updated_at": "2018-04-02 17:52:14",
"name": "Industry",
"attribute": {
"id": 136,
"name": "Industry",
"created_at": "2018-04-02 16:25:21",
"updated_at": "2018-04-02 16:25:21"
}
}
}Response
401Access denied.
Response
404Object not found.
UpdatePUT/events/{event_id}/adversaries/{object_link_id}/attributes/{object_link_attribute_id}
Update an Event Adversary link Attribute.
Example URI
PUT /events/1/adversaries/2/attributes/3
URI Parameters
- event_id
integer(required) Example: 1Event ID
- object_link_id
integer(required) Example: 2Object Link ID
- object_link_attribute_id
integer(required) Example: 3Object Link Attribute ID
Request
Headers
Content-Type: application/json
Authorization: Bearer <access_token>Body
{
"value": "New Value",
"tlp": {
"name": "RED"
}
}Response
200Object(s) retrieved successfully.
Body
{
"data": [
{
"id": 15058,
"object_link_id": 61561,
"attribute_id": 14,
"value": "New Value",
"created_at": "2017-01-24 14:54:31",
"updated_at": "2017-03-01 22:13:22",
"deleted_at": null
}
]
}Response
400Validation failed.
Headers
Content-Type: application/jsonBody
{
"errors": [
"Undefined index: value"
]
}Response
401Access denied.
Response
404Object not found.
DeleteDELETE/events/{event_id}/adversaries/{object_link_id}/attributes/{object_link_attribute_id}
Delete an Event Adversary link Attribute.
Example URI
DELETE /events/1/adversaries/2/attributes/3
URI Parameters
- event_id
integer(required) Example: 1Event ID
- object_link_id
integer(required) Example: 2Object Link ID
- object_link_attribute_id
integer(required) Example: 3Object Link Attribute ID
Request
Headers
Authorization: Bearer <access_token>Response
204Object(s) were successfully deleted.
Response
401Access denied.
Response
404Object not found.
Event Adversary Comments List ¶
Get ListGET/events/{event_id}/adversaries/{object_link_id}/comments{?limit,offset,sort,with}
Get a list of Event Adversary link Comments.
Example URI
GET /events/1/adversaries/2/comments?limit=500&offset=100&sort=id&with=sources
URI Parameters
- event_id
integer(required) Example: 1Event ID
- object_link_id
integer(required) Example: 2Object Link ID
- limit
integer(optional) Example: 500The maximum number of records to retrieve.
- offset
integer(optional) Example: 100Designate the record that will appear first in your retrieved list.
- sort
string(optional) Example: idDesignate the field(s) you want to use to sort the retrieved list. You can prepend each field with a minus sign (-) to reverse the sorting order. This string can be a list of comma-separated values.
- with
string(optional) Example: sourcesA comma-separated list of related objects to include in the response. Options for this endpoint: sources.
Request
Headers
Authorization: Bearer <access_token>Response
200Object(s) retrieved successfully.
Body
{
"total": 2,
"data": [
{
"id": 54,
"object_link_id": 62325,
"value": "This has some suspicious stuff.",
"creator_source_id": 8,
"created_at": "2018-04-02 16:19:51",
"updated_at": "2018-04-02 18:21:06",
"sources": [
{
"id": 8,
"type": "users",
"name": "Threat Quotient",
"expire_days": null,
"score": null,
"created_at": "2018-04-02 15:47:21",
"updated_at": "2018-04-02 15:47:21",
"pivot": {
"id": 54,
"creator_source_id": 8
}
}
]
},
{
"id": 56,
"object_link_id": 62325,
"value": "Compile date: 10/17/2011",
"creator_source_id": 8,
"created_at": "2018-04-02 16:20:25",
"updated_at": "2018-04-02 16:20:25",
"sources": [
{
"id": 8,
"type": "users",
"name": "Threat Quotient",
"expire_days": null,
"score": null,
"created_at": "2018-04-02 15:47:21",
"updated_at": "2018-04-02 15:47:21",
"pivot": {
"id": 56,
"creator_source_id": 8
}
}
]
}
]
}Response
401Access denied.
Create NewPOST/events/{event_id}/adversaries/{object_link_id}/comments
Create a new Event Adversary link Comment.
Example URI
POST /events/1/adversaries/2/comments
URI Parameters
- event_id
integer(required) Example: 1Event ID
- object_link_id
integer(required) Example: 2Object Link ID
Request
Headers
Content-Type: application/json
Authorization: Bearer <access_token>Body
{
"value": "This is a comment."
}Response
201Object was created successfully.
Headers
Content-Type: application/jsonBody
{
"data": {
"creator_source_id": 5,
"id": 69,
"value": "This is a comment.",
"sources": [
{
"id": 5,
"name": "Threat Quotient"
}
],
"created_at": "2017-03-02 14:12:32",
"updated_at": "2017-03-02 14:12:32"
}
}Response
400Validation failed.
Headers
Content-Type: application/jsonBody
{
"errors": [
"Undefined index: value"
]
}Response
401Access denied.
Event Adversary Comment ¶
Get SingleGET/events/{event_id}/adversaries/{object_link_id}/comments/{object_link_comment_id}
Get a single Event Adversary link Comment.
Example URI
GET /events/1/adversaries/2/comments/3
URI Parameters
- event_id
integer(required) Example: 1Event ID
- object_link_id
integer(required) Example: 2Object Link ID
- object_link_comment_id
integer(required) Example: 3Object Link Comment ID
Request
Headers
Authorization: Bearer <access_token>Response
200Object(s) retrieved successfully.
Body
{
"data": {
"id": 54,
"value": "This is a comment.",
"sources": [
{
"id": 5,
"name": "Threat Quotient"
}
],
"created_at": "2017-03-02 23:18:29",
"updated_at": "2017-03-02 23:18:29"
}
}Response
401Access denied.
Response
404Object not found.
UpdatePUT/events/{event_id}/adversaries/{object_link_id}/comments/{object_link_comment_id}
Update an Event Adversary link Comment.
Example URI
PUT /events/1/adversaries/2/comments/3
URI Parameters
- event_id
integer(required) Example: 1Event ID
- object_link_id
integer(required) Example: 2Object Link ID
- object_link_comment_id
integer(required) Example: 3Object Link Comment ID
Request
Headers
Content-Type: application/json
Authorization: Bearer <access_token>Body
{
"value": "This is an updated comment."
}Response
201Object was created successfully.
Headers
Content-Type: application/jsonBody
{
"data": {
"creator_source_id": 5,
"value": "This is an updated comment.",
"id": 67,
"sources": [
{
"id": 5,
"name": "Threat Quotient"
}
],
"created_at": "2017-02-28 20:18:50",
"updated_at": "2017-03-02 14:37:49"
}
}Response
400Validation failed.
Headers
Content-Type: application/jsonBody
{
"data": {
"creator_source_id": 5,
"errors": {
"value": [
"The value field is required."
]
}
}
}Response
401Access denied.
Response
404Object not found.
DeleteDELETE/events/{event_id}/adversaries/{object_link_id}/comments/{object_link_comment_id}
Delete an Event Adversary link Comment.
Example URI
DELETE /events/1/adversaries/2/comments/3
URI Parameters
- event_id
integer(required) Example: 1Event ID
- object_link_id
integer(required) Example: 2Object Link ID
- object_link_comment_id
integer(required) Example: 3Object Link Comment ID
Request
Headers
Authorization: Bearer <access_token>Response
204Object(s) were successfully deleted.
Response
401Access denied.
Response
404Object not found.
Event Attachments List ¶
Get ListGET/events/{event_id}/attachments{?limit,offset,sort,with}
Get a list of Event Attachment links.
Example URI
GET /events/1/attachments?limit=500&offset=100&sort=id&with=sources,pivot.attributes
URI Parameters
- event_id
integer(required) Example: 1Event ID
- limit
integer(optional) Example: 500The maximum number of records to retrieve.
- offset
integer(optional) Example: 100Designate the record that will appear first in your retrieved list.
- sort
string(optional) Example: idDesignate the field(s) you want to use to sort the retrieved list. You can prepend each field with a minus sign (-) to reverse the sorting order. This string can be a list of comma-separated values.
- with
string(optional) Example: sources,pivot.attributesA comma-separated list of related objects to include in the response. Options for this endpoint: pivot.comments, pivot.comments.sources, pivot.attributes, pivot.attributes.attribute, pivot.attributes.sources, pivot.sources, sources.
Request
Headers
Authorization: Bearer <access_token>Response
200Object(s) retrieved successfully.
Body
{
"total": 2,
"data": [
{
"id": 2,
"type_id": 19,
"title": "Honeybooboo.sh",
"name": "Honeybooboo.sh",
"hash": "4ece432b22f92461f9c4d2de2656d3e3",
"content_type_id": 2,
"file_size": 75,
"path": "6/b/d/0/d/c/1/2/e/5/d/f/a/0/4/3/e/b/4/9/6/0/9/f/a/4/7/c/4/f/1/0",
"malware_locked": "0",
"placeholder": 0,
"description": null,
"created_at": "2018-04-02 15:47:22",
"updated_at": "2018-04-02 15:47:22",
"touched_at": "2018-04-02 17:39:18",
"deleted_at": null,
"sources": [
{
"name": "Threat Quotient"
}
],
"pivot": {
"id": 62326,
"src_type": "adversary",
"src_object_id": 1,
"dest_type": "attachment",
"dest_object_id": 2,
"created_at": "2018-04-02 17:39:18",
"updated_at": "2018-04-02 17:39:18",
"comments": [
{
"id": 57,
"type": "users",
"value": "This link is important.",
"source": "Threat Quotient",
"created_at": "2018-04-02 17:54:58.936000",
"updated_at": "2018-04-02 17:55:15.039000",
"creator_source_id": 8
}
],
"attributes": [
{
"id": 15067,
"name": "Industry",
"value": "Universities",
"sources": [
{
"id": 3,
"name": "Threat Quotient",
"type": "users",
"pivot": {
"created_at": "2018-04-02 16:17:00.689000",
"updated_at": "2018-04-02 16:17:00.689000"
}
}
]
}
],
"sources": [
{
"id": 24428,
"name": "Threat Quotient",
"type": "users",
"pivot": {
"created_at": "2018-04-02 17:39:18.781000",
"updated_at": "2018-04-02 17:39:18.781000"
}
}
]
}
},
{
"id": 1,
"type_id": 10,
"title": "parsing-sample.pdf",
"name": "parsing-sample.pdf",
"hash": "89e17b2f6cd3888864237b0ee10048f0",
"content_type_id": 1,
"file_size": 11300,
"path": "e/a/f/d/d/7/1/e/5/c/e/1/1/9/b/0/5/6/4/a/6/d/5/9/a/2/3/5/3/1/0/4",
"malware_locked": "0",
"placeholder": 0,
"description": null,
"created_at": "2018-04-02 15:47:22",
"updated_at": "2018-04-02 15:47:22",
"touched_at": "2018-04-02 17:40:48",
"deleted_at": null,
"sources": [
{
"name": "Threat Quotient"
}
],
"pivot": {
"id": 62327,
"src_type": "adversary",
"src_object_id": 1,
"dest_type": "attachment",
"dest_object_id": 1,
"created_at": "2018-04-02 17:40:48",
"updated_at": "2018-04-02 17:40:48",
"comments": [
{
"id": 58,
"type": "users",
"value": "This link is also important.",
"source": "Threat Quotient",
"created_at": "2018-04-02 17:55:30.995000",
"updated_at": "2018-04-02 17:55:30.995000",
"creator_source_id": 8
}
],
"attributes": [
{
"id": 15068,
"name": "Industry",
"value": "Mining",
"sources": [
{
"id": 4,
"name": "Threat Quotient",
"type": "users",
"pivot": {
"created_at": "2018-04-02 16:17:00.689000",
"updated_at": "2018-04-02 16:17:00.689000"
}
}
]
}
],
"sources": [
{
"id": 24430,
"name": "Threat Quotient",
"type": "users",
"pivot": {
"created_at": "2018-04-02 17:40:48.310000",
"updated_at": "2018-04-02 17:40:48.310000"
}
}
]
}
}
],
"limit": 100,
"offset": 0
}Response
401Access denied.
Create NewPOST/events/{event_id}/attachments
Create a link from an Attachment to an Event.
Example URI
POST /events/1/attachments
URI Parameters
- event_id
integer(required) Example: 1Event ID
Request
Headers
Content-Type: application/json
Authorization: Bearer <access_token>Body
[
{
"id": 2
},
{
"id": 3
}
]Response
201Object was created successfully.
Headers
Content-Type: application/jsonBody
{
"total": 1,
"data": [
{
"id": 3,
"type_id": 3,
"title": "EXE like script",
"name": "Honeybooboo.sh",
"hash": "51774564f8d78fbddbfa22e1e7459af4",
"content_type_id": 1,
"file_size": 234234,
"malware_locked": 1,
"description": null,
"created_at": "2017-02-23 20:02:18",
"updated_at": "2017-02-23 20:02:18",
"touched_at": "2017-03-01 16:51:15",
"pivot": {
"id": 62394,
"created_at": "2017-03-01 16:51:15",
"updated_at": "2017-03-01 16:51:15"
}
}
]
}Response
400Validation failed.
Headers
Content-Type: application/jsonBody
{
"data": [
{
"errors": {
"id": [
"The id field is required."
]
}
}
]
}Response
401Access denied.
Bulk DeleteDELETE/events/{event_id}/attachments
Delete multiple Event Attachment links. The request should include a list of object_link_ids to be deleted.
Example URI
DELETE /events/1/attachments
URI Parameters
- event_id
integer(required) Example: 1Event ID
Request
Headers
Content-Type: application/json
Authorization: Bearer <access_token>Body
[
62351,
62352
]Response
204Object(s) were successfully deleted.
Response
401Access denied.
Event Attachment ¶
Get SingleGET/events/{event_id}/attachments/{object_link_id}{?with}
Get a single Event Attachment link.
Example URI
GET /events/1/attachments/2?with=sources,pivot.attributes
URI Parameters
- event_id
integer(required) Example: 1Event ID
- object_link_id
integer(required) Example: 2Object Link ID
- with
string(optional) Example: sources,pivot.attributesA comma-separated list of related objects to include in the response. Options for this endpoint: pivot.comments, pivot.comments.sources, pivot.attributes, pivot.attributes.attribute, pivot.attributes.sources, pivot.sources, sources.
Request
Headers
Authorization: Bearer <access_token>Response
200Object(s) retrieved successfully.
Body
{
"data": {
"id": 2,
"type_id": 19,
"title": "Honeybooboo.sh",
"name": "Honeybooboo.sh",
"hash": "4ece432b22f92461f9c4d2de2656d3e3",
"content_type_id": 2,
"file_size": 75,
"malware_locked": 0,
"placeholder": 0,
"description": null,
"created_at": "2018-04-02 15:47:22",
"updated_at": "2018-04-02 15:47:22",
"touched_at": "2018-04-02 17:39:18",
"pivot": {
"id": 62326,
"created_at": "2018-04-02 17:39:18",
"updated_at": "2018-04-02 17:39:18",
"comments": [
{
"id": 57,
"object_link_id": 62326,
"value": "This link is important.",
"creator_source_id": 8,
"created_at": "2018-04-02 17:54:58",
"updated_at": "2018-04-02 17:55:15",
"sources": [
{
"id": 8,
"type": "users",
"name": "Threat Quotient",
"expire_days": null,
"score": null,
"created_at": "2018-04-02 15:47:21",
"updated_at": "2018-04-02 15:47:21",
"pivot": {
"id": 57,
"creator_source_id": 8
}
}
]
}
],
"attributes": [
{
"id": 15067,
"object_link_id": 62326,
"attribute_id": 136,
"value": "Universities",
"created_at": "2018-04-02 17:46:43",
"updated_at": "2018-04-02 17:50:18",
"name": "Industry",
"attribute": {
"id": 136,
"name": "Industry",
"created_at": "2018-04-02 16:25:21",
"updated_at": "2018-04-02 16:25:21"
},
"sources": [
{
"id": 8,
"type": "users",
"name": "Threat Quotient",
"tlp_id": null,
"created_at": "2018-04-02 16:17:00",
"updated_at": "2018-04-02 16:17:00",
"published_at": null,
"pivot": {
"object_link_attribute_id": 15067,
"source_id": 8,
"id": 3,
"creator_source_id": 0
}
}
]
}
],
"sources": [
{
"id": 8,
"type": "users",
"name": "Threat Quotient",
"tlp_id": null,
"created_at": "2018-04-02 17:39:18",
"updated_at": "2018-04-02 17:39:18",
"published_at": null,
"pivot": {
"object_link_id": 62326,
"source_id": 8,
"id": 24428,
"creator_source_id": 8
}
}
]
},
"sources": [
{
"id": 8,
"type": "users",
"name": "Threat Quotient",
"tlp_id": null,
"created_at": "2018-04-02 15:47:22",
"updated_at": "2018-04-02 15:47:22",
"published_at": null,
"pivot": {
"attachment_id": 2,
"source_id": 8,
"id": 2,
"creator_source_id": 8
}
}
]
}
}Response
401Access denied.
Response
404Object not found.
DeleteDELETE/events/{event_id}/attachments/{object_link_id}
Delete an Event Attachment link.
Example URI
DELETE /events/1/attachments/2
URI Parameters
- event_id
integer(required) Example: 1Event ID
- object_link_id
integer(required) Example: 2Object Link ID
Request
Headers
Authorization: Bearer <access_token>Response
204Object(s) were successfully deleted.
Response
401Access denied.
Response
404Object not found.
Event Attachment Attributes List ¶
Get ListGET/events/{event_id}/attachments/{object_link_id}/attributes{?limit,offset,sort}
Get a list of Event Attachment link Attributes.
Example URI
GET /events/1/attachments/2/attributes?limit=500&offset=100&sort=id
URI Parameters
- event_id
integer(required) Example: 1Event ID
- object_link_id
integer(required) Example: 2Object Link ID
- limit
integer(optional) Example: 500The maximum number of records to retrieve.
- offset
integer(optional) Example: 100Designate the record that will appear first in your retrieved list.
- sort
string(optional) Example: idDesignate the field(s) you want to use to sort the retrieved list. You can prepend each field with a minus sign (-) to reverse the sorting order. This string can be a list of comma-separated values.
Request
Headers
Authorization: Bearer <access_token>Response
200Object(s) retrieved successfully.
Body
{
"total": 2,
"data": [
{
"id": 15067,
"object_link_id": 62326,
"attribute_id": 136,
"value": "Universities",
"created_at": "2018-04-02 17:46:43",
"updated_at": "2018-04-02 17:50:18",
"name": "Industry",
"attribute": {
"id": 136,
"name": "Industry",
"created_at": "2018-04-02 16:25:21",
"updated_at": "2018-04-02 16:25:21"
}
},
{
"id": 15068,
"object_link_id": 62326,
"attribute_id": 136,
"value": "Mining",
"created_at": "2018-04-02 17:52:14",
"updated_at": "2018-04-02 17:52:14",
"name": "Industry",
"attribute": {
"id": 136,
"name": "Industry",
"created_at": "2018-04-02 16:25:21",
"updated_at": "2018-04-02 16:25:21"
}
}
]
}Response
401Access denied.
Create NewPOST/events/{event_id}/attachments/{object_link_id}/attributes
Create a new Event Attachment link Attribute.
Example URI
POST /events/1/attachments/2/attributes
URI Parameters
- event_id
integer(required) Example: 1Event ID
- object_link_id
integer(required) Example: 2Object Link ID
Request
Headers
Content-Type: application/json
Authorization: Bearer <access_token>Body
{
"name": "Port",
"value": "4000",
"sources": [
{
"name": "TQ User",
"tlp": {
"name": "RED"
},
"published_at": "2017-02-28 01:01:01"
}
]
}Response
201Object was created successfully.
Headers
Content-Type: application/jsonBody
{
"data": [
{
"id": 15059,
"object_link_id": 61561,
"attribute_id": 401,
"value": "4000",
"created_at": "2017-03-01 21:47:14",
"updated_at": "2017-03-01 21:47:14",
"deleted_at": null
}
]
}Response
400Validation failed.
Headers
Content-Type: application/jsonBody
{
"errors": [
"Undefined index: value"
]
}Response
401Access denied.
Event Attachment Attribute ¶
Get SingleGET/events/{event_id}/attachments/{object_link_id}/attributes/{object_link_attribute_id}
Get a single Event Attachment link Attribute.
Example URI
GET /events/1/attachments/2/attributes/3
URI Parameters
- event_id
integer(required) Example: 1Event ID
- object_link_id
integer(required) Example: 2Object Link ID
- object_link_attribute_id
integer(required) Example: 3Object Link Attribute ID
Request
Headers
Authorization: Bearer <access_token>Response
200Object(s) retrieved successfully.
Body
{
"data": {
"id": 15068,
"object_link_id": 62326,
"attribute_id": 136,
"value": "Mining",
"created_at": "2018-04-02 17:52:14",
"updated_at": "2018-04-02 17:52:14",
"name": "Industry",
"attribute": {
"id": 136,
"name": "Industry",
"created_at": "2018-04-02 16:25:21",
"updated_at": "2018-04-02 16:25:21"
}
}
}Response
401Access denied.
Response
404Object not found.
UpdatePUT/events/{event_id}/attachments/{object_link_id}/attributes/{object_link_attribute_id}
Update an Event Attachment link Attribute.
Example URI
PUT /events/1/attachments/2/attributes/3
URI Parameters
- event_id
integer(required) Example: 1Event ID
- object_link_id
integer(required) Example: 2Object Link ID
- object_link_attribute_id
integer(required) Example: 3Object Link Attribute ID
Request
Headers
Content-Type: application/json
Authorization: Bearer <access_token>Body
{
"value": "New Value",
"tlp": {
"name": "RED"
}
}Response
200Object(s) retrieved successfully.
Body
{
"data": [
{
"id": 15058,
"object_link_id": 61561,
"attribute_id": 14,
"value": "New Value",
"created_at": "2017-01-24 14:54:31",
"updated_at": "2017-03-01 22:13:22",
"deleted_at": null
}
]
}Response
400Validation failed.
Headers
Content-Type: application/jsonBody
{
"errors": [
"Undefined index: value"
]
}Response
401Access denied.
Response
404Object not found.
DeleteDELETE/events/{event_id}/attachments/{object_link_id}/attributes/{object_link_attribute_id}
Delete an Event Attachment link Attribute.
Example URI
DELETE /events/1/attachments/2/attributes/3
URI Parameters
- event_id
integer(required) Example: 1Event ID
- object_link_id
integer(required) Example: 2Object Link ID
- object_link_attribute_id
integer(required) Example: 3Object Link Attribute ID
Request
Headers
Authorization: Bearer <access_token>Response
204Object(s) were successfully deleted.
Response
401Access denied.
Response
404Object not found.
Event Attachment Comments List ¶
Get ListGET/events/{event_id}/attachments/{object_link_id}/comments{?limit,offset,sort,with}
Get a list of Event Attachment link Comments.
Example URI
GET /events/1/attachments/2/comments?limit=500&offset=100&sort=id&with=sources
URI Parameters
- event_id
integer(required) Example: 1Event ID
- object_link_id
integer(required) Example: 2Object Link ID
- limit
integer(optional) Example: 500The maximum number of records to retrieve.
- offset
integer(optional) Example: 100Designate the record that will appear first in your retrieved list.
- sort
string(optional) Example: idDesignate the field(s) you want to use to sort the retrieved list. You can prepend each field with a minus sign (-) to reverse the sorting order. This string can be a list of comma-separated values.
- with
string(optional) Example: sourcesA comma-separated list of related objects to include in the response. Options for this endpoint: sources.
Request
Headers
Authorization: Bearer <access_token>Response
200Object(s) retrieved successfully.
Body
{
"total": 2,
"data": [
{
"id": 54,
"object_link_id": 62325,
"value": "This has some suspicious stuff.",
"creator_source_id": 8,
"created_at": "2018-04-02 16:19:51",
"updated_at": "2018-04-02 18:21:06",
"sources": [
{
"id": 8,
"type": "users",
"name": "Threat Quotient",
"expire_days": null,
"score": null,
"created_at": "2018-04-02 15:47:21",
"updated_at": "2018-04-02 15:47:21",
"pivot": {
"id": 54,
"creator_source_id": 8
}
}
]
},
{
"id": 56,
"object_link_id": 62325,
"value": "Compile date: 10/17/2011",
"creator_source_id": 8,
"created_at": "2018-04-02 16:20:25",
"updated_at": "2018-04-02 16:20:25",
"sources": [
{
"id": 8,
"type": "users",
"name": "Threat Quotient",
"expire_days": null,
"score": null,
"created_at": "2018-04-02 15:47:21",
"updated_at": "2018-04-02 15:47:21",
"pivot": {
"id": 56,
"creator_source_id": 8
}
}
]
}
]
}Response
401Access denied.
Create NewPOST/events/{event_id}/attachments/{object_link_id}/comments
Create a new Event Attachment link Comment.
Example URI
POST /events/1/attachments/2/comments
URI Parameters
- event_id
integer(required) Example: 1Event ID
- object_link_id
integer(required) Example: 2Object Link ID
Request
Headers
Content-Type: application/json
Authorization: Bearer <access_token>Body
{
"value": "This is a comment."
}Response
201Object was created successfully.
Headers
Content-Type: application/jsonBody
{
"data": {
"creator_source_id": 5,
"id": 69,
"value": "This is a comment.",
"sources": [
{
"id": 5,
"name": "Threat Quotient"
}
],
"created_at": "2017-03-02 14:12:32",
"updated_at": "2017-03-02 14:12:32"
}
}Response
400Validation failed.
Headers
Content-Type: application/jsonBody
{
"errors": [
"Undefined index: value"
]
}Response
401Access denied.
Event Attachment Comment ¶
Get SingleGET/events/{event_id}/attachments/{object_link_id}/comments/{object_link_comment_id}
Get a single Event Attachment link Comment.
Example URI
GET /events/1/attachments/2/comments/3
URI Parameters
- event_id
integer(required) Example: 1Event ID
- object_link_id
integer(required) Example: 2Object Link ID
- object_link_comment_id
integer(required) Example: 3Object Link Comment ID
Request
Headers
Authorization: Bearer <access_token>Response
200Object(s) retrieved successfully.
Body
{
"data": {
"id": 54,
"value": "This is a comment.",
"sources": [
{
"id": 5,
"name": "Threat Quotient"
}
],
"created_at": "2017-03-02 23:18:29",
"updated_at": "2017-03-02 23:18:29"
}
}Response
401Access denied.
Response
404Object not found.
UpdatePUT/events/{event_id}/attachments/{object_link_id}/comments/{object_link_comment_id}
Update an Event Attachment link Comment.
Example URI
PUT /events/1/attachments/2/comments/3
URI Parameters
- event_id
integer(required) Example: 1Event ID
- object_link_id
integer(required) Example: 2Object Link ID
- object_link_comment_id
integer(required) Example: 3Object Link Comment ID
Request
Headers
Content-Type: application/json
Authorization: Bearer <access_token>Body
{
"value": "This is an updated comment."
}Response
201Object was created successfully.
Headers
Content-Type: application/jsonBody
{
"data": {
"creator_source_id": 5,
"value": "This is an updated comment.",
"id": 67,
"sources": [
{
"id": 5,
"name": "Threat Quotient"
}
],
"created_at": "2017-02-28 20:18:50",
"updated_at": "2017-03-02 14:37:49"
}
}Response
400Validation failed.
Headers
Content-Type: application/jsonBody
{
"data": {
"creator_source_id": 5,
"errors": {
"value": [
"The value field is required."
]
}
}
}Response
401Access denied.
Response
404Object not found.
DeleteDELETE/events/{event_id}/attachments/{object_link_id}/comments/{object_link_comment_id}
Delete an Event Attachment link Comment.
Example URI
DELETE /events/1/attachments/2/comments/3
URI Parameters
- event_id
integer(required) Example: 1Event ID
- object_link_id
integer(required) Example: 2Object Link ID
- object_link_comment_id
integer(required) Example: 3Object Link Comment ID
Request
Headers
Authorization: Bearer <access_token>Response
204Object(s) were successfully deleted.
Response
401Access denied.
Response
404Object not found.
Event Attributes List ¶
Get ListGET/events/{event_id}/attributes{?limit,offset,sort,with}
Get a list of Event Attributes.
Example URI
GET /events/1/attributes?limit=500&offset=100&sort=id&with=attribute,sources
URI Parameters
- event_id
integer(required) Example: 1Event ID
- limit
integer(optional) Example: 500The maximum number of records to retrieve.
- offset
integer(optional) Example: 100Designate the record that will appear first in your retrieved list.
- sort
string(optional) Example: idDesignate the field(s) you want to use to sort the retrieved list. You can prepend each field with a minus sign (-) to reverse the sorting order. This string can be a list of comma-separated values.
- with
string(optional) Example: attribute,sourcesA comma-separated list of related objects to include in the response. Options for this endpoint: attribute, sources.
Request
Headers
Authorization: Bearer <access_token>Response
200Object(s) retrieved successfully.
Body
{
"total": 10,
"data": [
{
"id": 1,
"event_id": 1,
"attribute_id": 244,
"value": "by 10.49.73.202 with SMTP id n10mr985440qev.55.1366601039211;",
"created_at": "2017-03-12 06:16:22",
"updated_at": "2017-03-20 13:30:25",
"touched_at": "2017-03-20 13:30:25",
"name": "X-Received",
"attribute": {
"id": 244,
"name": "X-Received",
"created_at": "2017-03-20 13:30:25",
"updated_at": "2017-03-20 13:30:25"
}
},
{
"id": 2,
"event_id": 1,
"attribute_id": 245,
"value": "198.13.119.91 smtp.rmopen.com bounce-33802-13249804149-wchiang=vt.edu@rmopen.com 2 pass",
"created_at": "2017-01-18 09:00:26",
"updated_at": "2017-03-20 13:30:25",
"touched_at": "2017-03-20 13:30:25",
"name": "X-Mirapoint-Received-SPF",
"attribute": {
"id": 245,
"name": "X-Mirapoint-Received-SPF",
"created_at": "2017-03-20 13:30:25",
"updated_at": "2017-03-20 13:30:25"
}
},
{
"id": 3,
"event_id": 1,
"attribute_id": 246,
"value": "UCE(300)",
"created_at": "2017-03-09 17:48:10",
"updated_at": "2017-03-20 13:30:25",
"touched_at": "2017-03-20 13:30:25",
"name": "X-Junkmail",
"attribute": {
"id": 246,
"name": "X-Junkmail",
"created_at": "2017-03-20 13:30:25",
"updated_at": "2017-03-20 13:30:25"
}
}
]
}Response
401Access denied.
Create NewPOST/events/{event_id}/attributes
Create a new Event Attribute.
Example URI
POST /events/1/attributes
URI Parameters
- event_id
integer(required) Example: 1Event ID
Request
Headers
Content-Type: application/json
Authorization: Bearer <access_token>Body
{
"name": "Port",
"value": "4000",
"sources": [
{
"name": "TQ User",
"tlp": {
"name": "RED"
},
"published_at": "2017-02-28 01:01:01"
}
]
}Response
201Object was created successfully.
Headers
Content-Type: application/jsonBody
{
"total": 1,
"data": [
{
"id": 2001,
"event_id": 1,
"attribute_id": 252,
"value": "Test Value 1",
"created_at": "2017-03-20 18:29:35",
"updated_at": "2017-03-20 18:29:35",
"touched_at": "2017-03-20 18:29:35",
"name": "Test Attribute 1",
"attribute": {
"id": 252,
"name": "Test Attribute 1",
"created_at": "2017-03-20 18:29:35",
"updated_at": "2017-03-20 18:29:35"
}
}
]
}Response
401Access denied.
Event Attribute ¶
Get SingleGET/events/{event_id}/attributes/{event_attribute_id}{?with}
Get a single Event Attribute.
Example URI
GET /events/1/attributes/2?with=attribute,sources
URI Parameters
- event_id
integer(required) Example: 1Event ID
- event_attribute_id
integer(required) Example: 2Event Attribute ID
- with
string(optional) Example: attribute,sourcesA comma-separated list of related objects to include in the response. Options for this endpoint: attribute, sources.
Request
Headers
Authorization: Bearer <access_token>Response
200Object(s) retrieved successfully.
Body
{
"data": {
"id": 9,
"event_id": 1,
"attribute_id": 251,
"value": "197.228.129.69",
"created_at": "2016-12-27 21:30:21",
"updated_at": "2017-03-20 13:30:25",
"touched_at": "2017-03-20 13:30:25",
"name": "X-Originator",
"attribute": {
"id": 251,
"name": "X-Originator",
"created_at": "2017-03-20 13:30:25",
"updated_at": "2017-03-20 13:30:25"
}
}
}Response
401Access denied.
Response
404Object not found.
UpdatePUT/events/{event_id}/attributes/{event_attribute_id}{?with}
Update an Event Attribute.
Example URI
PUT /events/1/attributes/2?with=attribute,sources
URI Parameters
- event_id
integer(required) Example: 1Event ID
- event_attribute_id
integer(required) Example: 2Event Attribute ID
- with
string(optional) Example: attribute,sourcesA comma-separated list of related objects to include in the response. Options for this endpoint: attribute, sources.
Request
Headers
Content-Type: application/json
Authorization: Bearer <access_token>Body
{
"value": "New Value",
"tlp": {
"name": "RED"
}
}Response
201Object was created successfully.
Headers
Content-Type: application/jsonBody
{
"data": {
"id": 9,
"event_id": 1,
"attribute_id": 251,
"value": "New Value",
"created_at": "2016-12-27 21:30:21",
"updated_at": "2017-03-21 12:53:55",
"touched_at": "2017-03-20 13:30:25",
"name": "X-Originator",
"attribute": {
"id": 251,
"name": "X-Originator",
"created_at": "2017-03-20 13:30:25",
"updated_at": "2017-03-20 13:30:25"
}
}
}Response
400Validation failed.
Headers
Content-Type: application/jsonBody
{
"data": {
"event_id": "1",
"attribute_id": "9",
"errors": {
"value": [
"The value field is required."
]
},
"name": "Campaign ID",
"attribute": {
"id": 9,
"name": "Campaign ID",
"created_at": "2017-03-04 13:03:02",
"updated_at": "2017-02-18 13:02:02"
}
}
}Response
401Access denied.
Response
404Object not found.
DeleteDELETE/events/{event_id}/attributes/{event_attribute_id}
Delete an Event Attribute.
Example URI
DELETE /events/1/attributes/2
URI Parameters
- event_id
integer(required) Example: 1Event ID
- event_attribute_id
integer(required) Example: 2Event Attribute ID
Request
Headers
Authorization: Bearer <access_token>Response
204Object(s) were successfully deleted.
Response
401Access denied.
Response
404Object not found.
Event Attribute Source ¶
UpdatePUT/events/{event_id}/attributes/{event_attribute_id}/sources/{event_attribute_source_id}
Update an Event Attribute Source.
Example URI
PUT /events/1/attributes/2/sources/3
URI Parameters
- event_id
integer(required) Example: 1Event ID
- event_attribute_id
integer(required) Example: 2Event Attribute ID
- event_attribute_source_id
integer(required) Example: 3Event Attribute Source ID
Request
Headers
Content-Type: application/json
Authorization: Bearer <access_token>Body
{
"tlp": {
"name": "RED"
}
}Response
200Object(s) retrieved successfully.
Body
{
"data": {
"id": 1,
"event_attribute_id": 1,
"source_id": 8,
"tlp_id": 1,
"created_at": "2018-09-20 21:22:20",
"updated_at": "2018-09-20 21:23:46",
"published_at": "2017-01-01 01:01:01",
"creator_source_id": 8
}
}Response
401Access denied.
Response
404Object not found.
DeleteDELETE/events/{event_id}/attributes/{event_attribute_id}/sources/{event_attribute_source_id}
Delete an Event Attribute Source.
Example URI
DELETE /events/1/attributes/2/sources/3
URI Parameters
- event_id
integer(required) Example: 1Event ID
- event_attribute_id
integer(required) Example: 2Event Attribute ID
- event_attribute_source_id
integer(required) Example: 3Event Attribute Source ID
Request
Headers
Authorization: Bearer <access_token>Response
204Object(s) were successfully deleted.
Response
401Access denied.
Response
404Object not found.
Event Comments List ¶
Get ListGET/events/{event_id}/comments{?limit,offset,sort,with}
Get a list of Event Comments.
Example URI
GET /events/1/comments?limit=500&offset=100&sort=id&with=event,sources
URI Parameters
- event_id
integer(required) Example: 1Event ID
- limit
integer(optional) Example: 500The maximum number of records to retrieve.
- offset
integer(optional) Example: 100Designate the record that will appear first in your retrieved list.
- sort
string(optional) Example: idDesignate the field(s) you want to use to sort the retrieved list. You can prepend each field with a minus sign (-) to reverse the sorting order. This string can be a list of comma-separated values.
- with
string(optional) Example: event,sourcesA comma-separated list of related objects to include in the response. Options for this endpoint: event, sources.
Request
Headers
Authorization: Bearer <access_token>Response
200Object(s) retrieved successfully.
Body
{
"total": 2,
"data": [
{
"id": 55,
"event_id": 1,
"value": "This event has some suspicious stuff.",
"creator_source_id": 5,
"created_at": "2017-03-20 15:01:56",
"updated_at": "2017-03-20 15:01:56"
},
{
"id": 56,
"event_id": 1,
"value": "This event is really suspicious.",
"creator_source_id": 5,
"created_at": "2017-03-20 15:02:06",
"updated_at": "2017-03-20 15:02:45"
}
]
}Response
401Access denied.
Create NewPOST/events/{event_id}/comments
Create a new Event Comment.
Example URI
POST /events/1/comments
URI Parameters
- event_id
integer(required) Example: 1Event ID
Request
Headers
Content-Type: application/json
Authorization: Bearer <access_token>Body
{
"value": "This is a comment."
}Response
201Object was created successfully.
Headers
Content-Type: application/jsonBody
{
"data": {
"id": 57,
"event_id": 1,
"value": "This is a comment.",
"creator_source_id": 5,
"created_at": "2017-03-20 15:11:25",
"updated_at": "2017-03-20 15:11:25",
"sources": [
{
"id": 5,
"type": "users",
"name": "Threat Quotient",
"expire_days": null,
"score": null,
"created_at": "2017-03-20 13:29:01",
"updated_at": "2017-03-20 13:29:01",
"pivot": {
"id": 57,
"creator_source_id": 5
}
}
]
}
}Response
400Validation failed.
Headers
Content-Type: application/jsonBody
{
"data": {
"creator_source_id": 5,
"event_id": "1",
"errors": {
"value": [
"The value field is required."
]
}
}
}Response
401Access denied.
Event Comment ¶
UpdatePUT/events/{event_id}/comments/{event_comment_id}{?with}
Update an Event Comment.
Example URI
PUT /events/1/comments/2?with=event,sources
URI Parameters
- event_id
integer(required) Example: 1Event ID
- event_comment_id
integer(required) Example: 2Event Comment ID
- with
string(optional) Example: event,sourcesA comma-separated list of related objects to include in the response. Options for this endpoint: event, sources.
Request
Headers
Content-Type: application/json
Authorization: Bearer <access_token>Body
{
"value": "This is an updated comment."
}Response
201Object was created successfully.
Headers
Content-Type: application/jsonBody
{
"data": {
"id": 62,
"event_id": 1,
"value": "This is an updated comment.",
"creator_source_id": 5,
"created_at": "2017-03-01 19:46:23",
"updated_at": "2017-03-01 20:06:04",
"sources": [
{
"id": 5,
"type": "users",
"name": "Threat Quotient",
"expire_days": null,
"score": null,
"created_at": "2017-02-28 20:13:18",
"updated_at": "2017-02-28 20:13:18",
"pivot": {
"id": 62,
"creator_source_id": 5
}
}
]
}
}Response
400Validation failed.
Headers
Content-Type: application/jsonBody
{
"errors": [
"The current authenticated owner is not the owner of this comment."
]
}Response
401Access denied.
Response
404Object not found.
DeleteDELETE/events/{event_id}/comments/{event_comment_id}
Delete an Event Comment.
Example URI
DELETE /events/1/comments/2
URI Parameters
- event_id
integer(required) Example: 1Event ID
- event_comment_id
integer(required) Example: 2Event Comment ID
Request
Headers
Authorization: Bearer <access_token>Response
204Object(s) were successfully deleted.
Response
401Access denied.
Response
404Object not found.
Event Comment Short ¶
Get SingleGET/events/comments/{event_comment_id}{?with}
Get a single Event Comment.
Example URI
GET /events/comments/2?with=event,sources
URI Parameters
- event_comment_id
integer(required) Example: 2Event Comment ID
- with
string(optional) Example: event,sourcesA comma-separated list of related objects to include in the response. Options for this endpoint: event, sources.
Request
Headers
Authorization: Bearer <access_token>Response
200Object(s) retrieved successfully.
Body
{
"data": {
"id": 54,
"value": "This is a comment.",
"sources": [
{
"id": 5,
"name": "Threat Quotient"
}
],
"created_at": "2017-03-02 23:18:29",
"updated_at": "2017-03-02 23:18:29"
}
}Response
401Access denied.
Response
404Object not found.
UpdatePUT/events/comments/{event_comment_id}{?with}
Update an Event Comment.
Example URI
PUT /events/comments/2?with=event,sources
URI Parameters
- event_comment_id
integer(required) Example: 2Event Comment ID
- with
string(optional) Example: event,sourcesA comma-separated list of related objects to include in the response. Options for this endpoint: event, sources.
Request
Headers
Content-Type: application/json
Authorization: Bearer <access_token>Body
{
"value": "This is an updated comment."
}Response
201Object was created successfully.
Headers
Content-Type: application/jsonBody
{
"data": {
"id": 62,
"event_id": 1,
"value": "This is an updated comment.",
"creator_source_id": 5,
"created_at": "2017-03-01 19:46:23",
"updated_at": "2017-03-01 20:06:04",
"sources": [
{
"id": 5,
"type": "users",
"name": "Threat Quotient",
"expire_days": null,
"score": null,
"created_at": "2017-02-28 20:13:18",
"updated_at": "2017-02-28 20:13:18",
"pivot": {
"id": 62,
"creator_source_id": 5
}
}
]
}
}Response
400Validation failed.
Headers
Content-Type: application/jsonBody
{
"errors": [
"The current authenticated owner is not the owner of this comment."
]
}Response
401Access denied.
Response
404Object not found.
DeleteDELETE/events/comments/{event_comment_id}
Delete an Event Comment.
Example URI
DELETE /events/comments/2
URI Parameters
- event_comment_id
integer(required) Example: 2Event Comment ID
Request
Headers
Authorization: Bearer <access_token>Response
204Object(s) were successfully deleted.
Response
401Access denied.
Response
404Object not found.
Event Consume ¶
Event ConsumePOST/events/consume
Consume a list of Event objects.
Required fields: title, happened_at, type
Optional fields: description, published_at, tlp (an object with a name field) or tlp_id, sources, attributes, comments, and tags.
Relations can also be included as optional fields in the request: adversaries, attachments, attack_pattern, campaign, course_of_action, events, exploit_target, identity, incident, indicators, intrusion_set, malware, report, signatures, tool, ttp, and vulnerability.
When including relations, if the relation is of the same type as the endpoint used (e.g. related events on Event Consume), the relation can be defined using the required fields. Otherwise, relations must be created in advance and the resulting IDs should be used in the request.
Note: Objects that already exist in the system will not be duplicated, any new context in the request will be added to the existing object. This endpoint does not fail on validation - any errors will be included in the response object.
Example URI
POST /events/consume
Request
Headers
Content-Type: application/json
Authorization: Bearer <access_token>Body
[
{
"title": "Campaign: Triage_MSSP_21652 (9206)",
"happened_at": "2017-06-06 15:53:39",
"type": "Malware",
"tlp": {
"name": "WHITE"
},
"touched_at": "2017-06-20 12:01:48",
"published_at": "2017-01-01 00:00:00",
"events": [
{
"title": "Campaign: Triage_MSSP_21652 (9210)",
"happened_at": "2017-06-07 14:23:30",
"type": "Malware"
}
],
"comments": [
{
"value": "Found this during the investigation."
}
]
},
{
"title": "Campaign: Triage_MSSP_21652 (9207)",
"happened_at": "2017-05-04 10:33:21",
"type": "Malware",
"tlp_id": 3,
"attributes": [
{
"name": "Industry",
"value": "Hospitals"
}
],
"indicators": [
{
"id": 3
},
{
"id": 4
}
]
},
{
"title": "Campaign: Triage_MSSP_21652 (9208)",
"happened_at": "2018-01-06 08:54:00",
"type": "Malware",
"description": "Ongoing",
"sources": [
{
"name": "Digital Shadows",
"tlp": "AMBER"
}
],
"tags": [
{
"name": "Internal"
}
]
}
]Response
201Object was created successfully.
Headers
Content-Type: application/jsonBody
{
"total": 4,
"data": [
{
"title": "Campaign: Triage_MSSP_21652 (9206)",
"happened_at": "2017-06-06 15:53:39",
"type_id": 5,
"type": "malware",
"id": 603
},
{
"title": "Campaign: Triage_MSSP_21652 (9207)",
"happened_at": "2017-05-04 10:33:21",
"type_id": 5,
"type": "malware",
"id": 604
},
{
"title": "Campaign: Triage_MSSP_21652 (9208)",
"happened_at": "2018-01-06 08:54:00",
"type_id": 5,
"type": "malware",
"id": 606
},
{
"title": "Campaign: Triage_MSSP_21652 (9210)",
"happened_at": "2017-06-07 14:23:30",
"type_id": 5,
"type": "malware",
"id": 605
}
]
}Response
401Access denied.
Event Events List ¶
Get ListGET/events/{event_id}/events{?limit,offset,sort,with}
Get a list of Event Event links.
Example URI
GET /events/1/events?limit=500&offset=100&sort=id&with=sources,pivot.attributes
URI Parameters
- event_id
integer(required) Example: 1Event ID
- limit
integer(optional) Example: 500The maximum number of records to retrieve.
- offset
integer(optional) Example: 100Designate the record that will appear first in your retrieved list.
- sort
string(optional) Example: idDesignate the field(s) you want to use to sort the retrieved list. You can prepend each field with a minus sign (-) to reverse the sorting order. This string can be a list of comma-separated values.
- with
string(optional) Example: sources,pivot.attributesA comma-separated list of related objects to include in the response. Options for this endpoint: pivot.comments, pivot.comments.sources, pivot.attributes, pivot.attributes.attribute, pivot.attributes.sources, pivot.sources, sources.
Request
Headers
Authorization: Bearer <access_token>Response
200Object(s) retrieved successfully.
Body
{
"total": 2,
"data": [
{
"id": 13,
"type_id": 1,
"title": "Origin - http://halvorson.com/quia-reprehenderit-ullam-aut-accusantium-iusto-voluptas-omnis",
"description": "",
"happened_at": "2018-01-25 03:17:53",
"hash": "0ba76d18a6e5350a8e5979b5676bc8c8",
"created_at": "2018-01-25 03:17:53",
"updated_at": "2018-01-25 03:17:53",
"touched_at": "2018-04-03 15:34:22",
"deleted_at": null,
"sources": [
{
"name": "Threat Quotient"
}
],
"pivot": {
"id": 61077,
"src_type": "adversary",
"src_object_id": 1,
"dest_type": "event",
"dest_object_id": 13,
"created_at": "2018-02-26 00:36:06",
"updated_at": "2018-04-03 15:34:20",
"comments": [
{
"id": 55,
"type": "users",
"value": "This is important.",
"source": "Threat Quotient",
"created_at": "2018-04-04 14:42:46.690000",
"updated_at": "2018-04-04 14:42:46.690000",
"creator_source_id": 8
}
],
"attributes": [
{
"id": 14948,
"name": "Industry",
"value": "Universities",
"sources": [
{
"id": 1,
"name": "Threat Quotient",
"type": "users",
"pivot": {
"created_at": "0000-00-00 00:00:00",
"updated_at": "0000-00-00 00:00:00"
}
}
]
}
],
"sources": [
{
"id": 22414,
"name": "Threat Quotient",
"type": "clients",
"pivot": {
"created_at": "2018-03-05 22:01:33",
"updated_at": "2018-04-03 15:34:22.693000"
}
}
]
}
},
{
"id": 46,
"type_id": 1,
"title": "Origin - http://kling.com/voluptate-nihil-sit-est-aut",
"description": "",
"happened_at": "2017-12-31 23:17:05",
"hash": "e2e96a1516420fc05ad8ac04de52bd89",
"created_at": "2017-12-31 23:17:05",
"updated_at": "2017-12-31 23:17:05",
"touched_at": "2018-04-03 15:34:22",
"deleted_at": null,
"sources": [
{
"name": "Domain Tools"
},
{
"name": "Emerging Threats"
},
{
"name": "VirusTotal"
}
],
"pivot": {
"id": 61144,
"src_type": "adversary",
"src_object_id": 1,
"dest_type": "event",
"dest_object_id": 46,
"created_at": "2018-03-01 23:54:52",
"updated_at": "2018-04-03 15:34:20",
"comments": [
{
"id": 56,
"type": "users",
"value": "This is also important.",
"source": "Threat Quotient",
"created_at": "2018-04-04 14:43:10.692000",
"updated_at": "2018-04-04 14:43:10.692000",
"creator_source_id": 8
}
],
"attributes": [
{
"id": 14949,
"name": "Industry",
"value": "Mining",
"sources": [
{
"id": 2,
"name": "Threat Quotient",
"type": "users",
"pivot": {
"created_at": "0000-00-00 00:00:00",
"updated_at": "0000-00-00 00:00:00"
}
}
]
}
],
"sources": [
{
"id": 22513,
"name": "Threat Quotient",
"type": "users",
"pivot": {
"created_at": "2018-02-24 09:36:30",
"updated_at": "2018-04-03 15:34:22.693000"
}
},
{
"id": 22514,
"name": "Customer Observer",
"type": "users",
"pivot": {
"created_at": "2018-02-25 22:27:11",
"updated_at": "2018-04-03 15:34:22.693000"
}
}
]
}
}
],
"limit": 100,
"offset": 0
}Response
401Access denied.
Create NewPOST/events/{event_id}/events
Create a link from an Event to another Event.
Example URI
POST /events/1/events
URI Parameters
- event_id
integer(required) Example: 1Event ID
Request
Headers
Content-Type: application/json
Authorization: Bearer <access_token>Body
[
{
"id": 2
},
{
"id": 3
}
]Response
201Object was created successfully.
Headers
Content-Type: application/jsonBody
{
"total": 1,
"data": [
{
"id": 202,
"type_id": 2,
"title": "Origin - http://www.durgan.biz/vel-omnis-impedit-at-quod-quasi-reiciendis.html",
"description": "",
"happened_at": "2016-12-05 20:01:48",
"hash": "d13e682a5d567d51b99f676b7bdef980",
"created_at": "2016-12-05 20:01:48",
"updated_at": "2016-12-05 20:01:48",
"touched_at": "2017-02-28 20:14:59",
"pivot": {
"id": 62396,
"created_at": "2017-03-01 20:55:10",
"updated_at": "2017-03-01 20:55:10"
}
}
]
}Response
400Validation failed.
Headers
Content-Type: application/jsonBody
{
"data": [
{
"errors": {
"id": [
"The id field is required."
]
}
}
]
}Response
401Access denied.
Bulk DeleteDELETE/events/{event_id}/events
Delete multiple Event Event links. The request should include a list of object_link_ids to be deleted.
Example URI
DELETE /events/1/events
URI Parameters
- event_id
integer(required) Example: 1Event ID
Request
Headers
Content-Type: application/json
Authorization: Bearer <access_token>Body
[
62351,
62352
]Response
204Object(s) were successfully deleted.
Response
401Access denied.
Event Event ¶
Get SingleGET/events/{event_id}/events/{object_link_id}{?with}
Get a single Event Event link.
Example URI
GET /events/1/events/2?with=sources,pivot.attributes
URI Parameters
- event_id
integer(required) Example: 1Event ID
- object_link_id
integer(required) Example: 2Object Link ID
- with
string(optional) Example: sources,pivot.attributesA comma-separated list of related objects to include in the response. Options for this endpoint: pivot.comments, pivot.comments.sources, pivot.attributes, pivot.attributes.attribute, pivot.attributes.sources, pivot.sources, sources.
Request
Headers
Authorization: Bearer <access_token>Response
200Object(s) retrieved successfully.
Body
{
"data": {
"id": 13,
"type_id": 1,
"title": "Origin - http://halvorson.com/quia-reprehenderit-ullam-aut-accusantium-iusto-voluptas-omnis",
"description": "",
"happened_at": "2018-01-25 03:17:53",
"hash": "0ba76d18a6e5350a8e5979b5676bc8c8",
"created_at": "2018-01-25 03:17:53",
"updated_at": "2018-01-25 03:17:53",
"touched_at": "2018-04-03 15:34:22",
"pivot": {
"id": 61077,
"created_at": "2018-02-26 00:36:06",
"updated_at": "2018-04-03 15:34:20",
"comments": [
{
"id": 55,
"object_link_id": 61077,
"value": "This is important.",
"creator_source_id": 8,
"created_at": "2018-04-04 14:42:46",
"updated_at": "2018-04-04 14:42:46",
"sources": [
{
"id": 8,
"type": "users",
"name": "Threat Quotient",
"expire_days": null,
"score": null,
"created_at": "2018-04-03 15:31:57",
"updated_at": "2018-04-03 15:31:57",
"pivot": {
"id": 55,
"creator_source_id": 8
}
}
]
}
],
"attributes": [
{
"id": 14948,
"object_link_id": 61077,
"attribute_id": 135,
"value": "Universities",
"created_at": "2018-04-04 14:38:39",
"updated_at": "2018-04-04 14:38:39",
"name": "Industry",
"attribute": {
"id": 135,
"name": "Industry",
"created_at": "2018-04-03 19:41:04",
"updated_at": "2018-04-03 19:41:04"
},
"sources": [
{
"id": 8,
"type": "users",
"name": "Threat Quotient",
"tlp_id": null,
"created_at": "-0001-11-30 00:00:00",
"updated_at": "-0001-11-30 00:00:00",
"published_at": null,
"pivot": {
"object_link_attribute_id": 14948,
"source_id": 8,
"id": 1,
"creator_source_id": 0
}
}
]
}
],
"sources": [
{
"id": 2,
"type": "clients",
"name": "Threat Quotient",
"tlp_id": null,
"created_at": "2018-03-05 22:01:33",
"updated_at": "2018-04-03 15:34:22",
"published_at": null,
"pivot": {
"object_link_id": 61077,
"source_id": 2,
"id": 22414,
"creator_source_id": 2
}
}
]
},
"sources": [
{
"id": 8,
"type": "users",
"name": "Threat Quotient",
"tlp_id": null,
"created_at": "2018-02-24 22:23:15",
"updated_at": "2018-04-03 15:34:22",
"published_at": null,
"pivot": {
"event_id": 13,
"source_id": 8,
"id": 27,
"creator_source_id": 8
}
}
]
}
}Response
401Access denied.
Response
404Object not found.
DeleteDELETE/events/{event_id}/events/{object_link_id}
Delete an Event Event link.
Example URI
DELETE /events/1/events/2
URI Parameters
- event_id
integer(required) Example: 1Event ID
- object_link_id
integer(required) Example: 2Object Link ID
Request
Headers
Authorization: Bearer <access_token>Response
204Object(s) were successfully deleted.
Response
401Access denied.
Response
404Object not found.
Event Event Attributes List ¶
Get ListGET/events/{event_id}/events/{object_link_id}/attributes{?limit,offset,sort}
Get a list of Event Event link Attributes.
Example URI
GET /events/1/events/2/attributes?limit=500&offset=100&sort=id
URI Parameters
- event_id
integer(required) Example: 1Event ID
- object_link_id
integer(required) Example: 2Object Link ID
- limit
integer(optional) Example: 500The maximum number of records to retrieve.
- offset
integer(optional) Example: 100Designate the record that will appear first in your retrieved list.
- sort
string(optional) Example: idDesignate the field(s) you want to use to sort the retrieved list. You can prepend each field with a minus sign (-) to reverse the sorting order. This string can be a list of comma-separated values.
Request
Headers
Authorization: Bearer <access_token>Response
200Object(s) retrieved successfully.
Body
{
"total": 2,
"data": [
{
"id": 15067,
"object_link_id": 62326,
"attribute_id": 136,
"value": "Universities",
"created_at": "2018-04-02 17:46:43",
"updated_at": "2018-04-02 17:50:18",
"name": "Industry",
"attribute": {
"id": 136,
"name": "Industry",
"created_at": "2018-04-02 16:25:21",
"updated_at": "2018-04-02 16:25:21"
}
},
{
"id": 15068,
"object_link_id": 62326,
"attribute_id": 136,
"value": "Mining",
"created_at": "2018-04-02 17:52:14",
"updated_at": "2018-04-02 17:52:14",
"name": "Industry",
"attribute": {
"id": 136,
"name": "Industry",
"created_at": "2018-04-02 16:25:21",
"updated_at": "2018-04-02 16:25:21"
}
}
]
}Response
401Access denied.
Create NewPOST/events/{event_id}/events/{object_link_id}/attributes
Create a new Event Event link Attribute.
Example URI
POST /events/1/events/2/attributes
URI Parameters
- event_id
integer(required) Example: 1Event ID
- object_link_id
integer(required) Example: 2Object Link ID
Request
Headers
Content-Type: application/json
Authorization: Bearer <access_token>Body
{
"name": "Port",
"value": "4000",
"sources": [
{
"name": "TQ User",
"tlp": {
"name": "RED"
},
"published_at": "2017-02-28 01:01:01"
}
]
}Response
201Object was created successfully.
Headers
Content-Type: application/jsonBody
{
"data": [
{
"id": 15059,
"object_link_id": 61561,
"attribute_id": 401,
"value": "4000",
"created_at": "2017-03-01 21:47:14",
"updated_at": "2017-03-01 21:47:14",
"deleted_at": null
}
]
}Response
400Validation failed.
Headers
Content-Type: application/jsonBody
{
"errors": [
"Undefined index: value"
]
}Response
401Access denied.
Event Event Attribute ¶
Get SingleGET/events/{event_id}/events/{object_link_id}/attributes/{object_link_attribute_id}
Get a single Event Event link Attribute.
Example URI
GET /events/1/events/2/attributes/3
URI Parameters
- event_id
integer(required) Example: 1Event ID
- object_link_id
integer(required) Example: 2Object Link ID
- object_link_attribute_id
integer(required) Example: 3Object Link Attribute ID
Request
Headers
Authorization: Bearer <access_token>Response
200Object(s) retrieved successfully.
Body
{
"data": {
"id": 15068,
"object_link_id": 62326,
"attribute_id": 136,
"value": "Mining",
"created_at": "2018-04-02 17:52:14",
"updated_at": "2018-04-02 17:52:14",
"name": "Industry",
"attribute": {
"id": 136,
"name": "Industry",
"created_at": "2018-04-02 16:25:21",
"updated_at": "2018-04-02 16:25:21"
}
}
}Response
401Access denied.
Response
404Object not found.
UpdatePUT/events/{event_id}/events/{object_link_id}/attributes/{object_link_attribute_id}
Update an Event Event link Attribute.
Example URI
PUT /events/1/events/2/attributes/3
URI Parameters
- event_id
integer(required) Example: 1Event ID
- object_link_id
integer(required) Example: 2Object Link ID
- object_link_attribute_id
integer(required) Example: 3Object Link Attribute ID
Request
Headers
Content-Type: application/json
Authorization: Bearer <access_token>Body
{
"value": "New Value",
"tlp": {
"name": "RED"
}
}Response
200Object(s) retrieved successfully.
Body
{
"data": [
{
"id": 15058,
"object_link_id": 61561,
"attribute_id": 14,
"value": "New Value",
"created_at": "2017-01-24 14:54:31",
"updated_at": "2017-03-01 22:13:22",
"deleted_at": null
}
]
}Response
400Validation failed.
Headers
Content-Type: application/jsonBody
{
"errors": [
"Undefined index: value"
]
}Response
401Access denied.
Response
404Object not found.
DeleteDELETE/events/{event_id}/events/{object_link_id}/attributes/{object_link_attribute_id}
Delete an Event Event link Attribute.
Example URI
DELETE /events/1/events/2/attributes/3
URI Parameters
- event_id
integer(required) Example: 1Event ID
- object_link_id
integer(required) Example: 2Object Link ID
- object_link_attribute_id
integer(required) Example: 3Object Link Attribute ID
Request
Headers
Authorization: Bearer <access_token>Response
204Object(s) were successfully deleted.
Response
401Access denied.
Response
404Object not found.
Event Event Comments List ¶
Get ListGET/events/{event_id}/events/{object_link_id}/comments{?limit,offset,sort,with}
Get a list of Event Event link Comments.
Example URI
GET /events/1/events/2/comments?limit=500&offset=100&sort=id&with=sources
URI Parameters
- event_id
integer(required) Example: 1Event ID
- object_link_id
integer(required) Example: 2Object Link ID
- limit
integer(optional) Example: 500The maximum number of records to retrieve.
- offset
integer(optional) Example: 100Designate the record that will appear first in your retrieved list.
- sort
string(optional) Example: idDesignate the field(s) you want to use to sort the retrieved list. You can prepend each field with a minus sign (-) to reverse the sorting order. This string can be a list of comma-separated values.
- with
string(optional) Example: sourcesA comma-separated list of related objects to include in the response. Options for this endpoint: sources.
Request
Headers
Authorization: Bearer <access_token>Response
200Object(s) retrieved successfully.
Body
{
"total": 2,
"data": [
{
"id": 54,
"object_link_id": 62325,
"value": "This has some suspicious stuff.",
"creator_source_id": 8,
"created_at": "2018-04-02 16:19:51",
"updated_at": "2018-04-02 18:21:06",
"sources": [
{
"id": 8,
"type": "users",
"name": "Threat Quotient",
"expire_days": null,
"score": null,
"created_at": "2018-04-02 15:47:21",
"updated_at": "2018-04-02 15:47:21",
"pivot": {
"id": 54,
"creator_source_id": 8
}
}
]
},
{
"id": 56,
"object_link_id": 62325,
"value": "Compile date: 10/17/2011",
"creator_source_id": 8,
"created_at": "2018-04-02 16:20:25",
"updated_at": "2018-04-02 16:20:25",
"sources": [
{
"id": 8,
"type": "users",
"name": "Threat Quotient",
"expire_days": null,
"score": null,
"created_at": "2018-04-02 15:47:21",
"updated_at": "2018-04-02 15:47:21",
"pivot": {
"id": 56,
"creator_source_id": 8
}
}
]
}
]
}Response
401Access denied.
Create NewPOST/events/{event_id}/events/{object_link_id}/comments
Create a new Event Event link Comment.
Example URI
POST /events/1/events/2/comments
URI Parameters
- event_id
integer(required) Example: 1Event ID
- object_link_id
integer(required) Example: 2Object Link ID
Request
Headers
Content-Type: application/json
Authorization: Bearer <access_token>Body
{
"value": "This is a comment."
}Response
201Object was created successfully.
Headers
Content-Type: application/jsonBody
{
"data": {
"creator_source_id": 5,
"id": 69,
"value": "This is a comment.",
"sources": [
{
"id": 5,
"name": "Threat Quotient"
}
],
"created_at": "2017-03-02 14:12:32",
"updated_at": "2017-03-02 14:12:32"
}
}Response
400Validation failed.
Headers
Content-Type: application/jsonBody
{
"errors": [
"Undefined index: value"
]
}Response
401Access denied.
Event Event Comment ¶
Get SingleGET/events/{event_id}/events/{object_link_id}/comments/{object_link_comment_id}
Get a single Event Event link Comment.
Example URI
GET /events/1/events/2/comments/3
URI Parameters
- event_id
integer(required) Example: 1Event ID
- object_link_id
integer(required) Example: 2Object Link ID
- object_link_comment_id
integer(required) Example: 3Object Link Comment ID
Request
Headers
Authorization: Bearer <access_token>Response
200Object(s) retrieved successfully.
Body
{
"data": {
"id": 54,
"value": "This is a comment.",
"sources": [
{
"id": 5,
"name": "Threat Quotient"
}
],
"created_at": "2017-03-02 23:18:29",
"updated_at": "2017-03-02 23:18:29"
}
}Response
401Access denied.
Response
404Object not found.
UpdatePUT/events/{event_id}/events/{object_link_id}/comments/{object_link_comment_id}
Update an Event Event link Comment.
Example URI
PUT /events/1/events/2/comments/3
URI Parameters
- event_id
integer(required) Example: 1Event ID
- object_link_id
integer(required) Example: 2Object Link ID
- object_link_comment_id
integer(required) Example: 3Object Link Comment ID
Request
Headers
Content-Type: application/json
Authorization: Bearer <access_token>Body
{
"value": "This is an updated comment."
}Response
201Object was created successfully.
Headers
Content-Type: application/jsonBody
{
"data": {
"creator_source_id": 5,
"value": "This is an updated comment.",
"id": 67,
"sources": [
{
"id": 5,
"name": "Threat Quotient"
}
],
"created_at": "2017-02-28 20:18:50",
"updated_at": "2017-03-02 14:37:49"
}
}Response
400Validation failed.
Headers
Content-Type: application/jsonBody
{
"data": {
"creator_source_id": 5,
"errors": {
"value": [
"The value field is required."
]
}
}
}Response
401Access denied.
Response
404Object not found.
DeleteDELETE/events/{event_id}/events/{object_link_id}/comments/{object_link_comment_id}
Delete an Event Event link Comment.
Example URI
DELETE /events/1/events/2/comments/3
URI Parameters
- event_id
integer(required) Example: 1Event ID
- object_link_id
integer(required) Example: 2Object Link ID
- object_link_comment_id
integer(required) Example: 3Object Link Comment ID
Request
Headers
Authorization: Bearer <access_token>Response
204Object(s) were successfully deleted.
Response
401Access denied.
Response
404Object not found.
Event Indicators List ¶
Get ListGET/events/{event_id}/indicators{?limit,offset,sort,with}
Get a list of Event Indicator links.
Example URI
GET /events/1/indicators?limit=500&offset=100&sort=id&with=sources,pivot.attributes
URI Parameters
- event_id
integer(required) Example: 1Event ID
- limit
integer(optional) Example: 500The maximum number of records to retrieve.
- offset
integer(optional) Example: 100Designate the record that will appear first in your retrieved list.
- sort
string(optional) Example: idDesignate the field(s) you want to use to sort the retrieved list. You can prepend each field with a minus sign (-) to reverse the sorting order. This string can be a list of comma-separated values.
- with
string(optional) Example: sources,pivot.attributesA comma-separated list of related objects to include in the response. Options for this endpoint: pivot.comments, pivot.comments.sources, pivot.attributes, pivot.attributes.attribute, pivot.attributes.sources, pivot.sources, sources.
Request
Headers
Authorization: Bearer <access_token>Response
200Object(s) retrieved successfully.
Body
{
"total": 2,
"data": [
{
"id": 24,
"type_id": 3,
"status_id": 3,
"class": "network",
"hash": "bc77846655cdf4c183713a59f8c2a8f1",
"value": "brendon57@hotmail.com",
"description": null,
"last_detected_at": "2002-06-23 14:29:54",
"expires_at": null,
"expired_at": null,
"expires_needs_calc": "Y",
"expires_calculated_at": null,
"created_at": "2018-04-04 19:28:34",
"updated_at": "2018-04-04 19:28:34",
"touched_at": "2018-04-04 19:30:57",
"deleted_at": null,
"sources": [
{
"name": "ThreatQ Example Feed"
}
],
"pivot": {
"id": 14896,
"src_type": "indicator",
"src_object_id": 24,
"dest_type": "adversary",
"dest_object_id": 1,
"created_at": "2018-04-04 19:28:34",
"updated_at": "2018-04-04 19:28:34",
"comments": [
{
"id": 54,
"type": "users",
"value": "This link is important.",
"created_at": "2018-04-04 20:05:39.284000",
"updated_at": "2018-04-04 20:05:39.284000",
"creator_source_id": 8,
"sources": [
{
"id": 8,
"name": "Threat Quotient"
}
]
}
],
"attributes": [
{
"id": 43,
"name": "Confidence",
"value": "75",
"sources": [
{
"id": 1,
"name": "Threat Quotient",
"type": "users",
"pivot": {
"created_at": "0000-00-00 00:00:00",
"updated_at": "0000-00-00 00:00:00"
}
}
]
}
],
"sources": [
{
"id": 62,
"name": "VirusTotal",
"type": "plugins",
"pivot": {
"created_at": "2018-02-19 02:14:29",
"updated_at": "2018-04-04 19:30:59.439000"
}
}
]
}
},
{
"id": 74,
"type_id": 3,
"status_id": 3,
"class": "network",
"hash": "890a7aa3415d8b4fa39d9f51a026b7d8",
"value": "hazel.kilback@hotmail.com",
"description": null,
"last_detected_at": "1992-07-15 20:23:27",
"expires_at": null,
"expired_at": null,
"expires_needs_calc": "Y",
"expires_calculated_at": null,
"created_at": "2018-04-04 19:28:35",
"updated_at": "2018-04-04 19:28:35",
"touched_at": "2018-04-04 19:30:57",
"deleted_at": null,
"sources": [
{
"name": "Customer Admin"
}
],
"pivot": {
"id": 14991,
"src_type": "indicator"",
"src_object_id": 74,
"dest_type": "adversary",
"dest_object_id": 1,
"created_at": "2018-04-04 19:28:35",
"updated_at": "2018-04-04 19:28:35",
"comments": [
{
"id": 56,
"type": "users",
"value": "This link is also important.",
"created_at": "2018-04-04 20:09:29.324000",
"updated_at": "2018-04-04 20:09:29.324000",
"creator_source_id": 8,
"sources": [
{
"id": 8,
"name": "Threat Quotient"
}
]
}
],
"attributes": [
{
"id": 138,
"name": "Confidence",
"value": "75",
"sources": [
{
"id": 2,
"name": "Threat Quotient",
"type": "users",
"pivot": {
"created_at": "0000-00-00 00:00:00",
"updated_at": "0000-00-00 00:00:00"
}
}
]
}
],
"sources": [
{
"id": 200,
"name": "Emerging Threats",
"type": "plugins",
"pivot": {
"created_at": "2018-01-13 11:24:36",
"updated_at": "2018-04-04 19:30:59.439000"
}
}
]
}
}
],
"limit": 2,
"offset": 0
}Response
401Access denied.
Create NewPOST/events/{event_id}/indicators
Create a link from an Indicator to an Event.
Example URI
POST /events/1/indicators
URI Parameters
- event_id
integer(required) Example: 1Event ID
Request
Headers
Content-Type: application/json
Authorization: Bearer <access_token>Body
[
{
"id": 2
},
{
"id": 3
}
]Response
201Object was created successfully.
Headers
Content-Type: application/jsonBody
{
"total": 1,
"data": [
{
"id": 202,
"type_id": 2,
"status_id": 3,
"class": "network",
"hash": "bba60e76a34af96122b9f44e67ae8ea7",
"value": "oolson@yahoo.com",
"last_detected_at": "2013-12-13 08:58:00",
"expires_at": null,
"expired_at": null,
"expires_calculated_at": null,
"created_at": "2017-02-28 20:13:19",
"updated_at": "2017-02-28 20:13:19",
"touched_at": "2017-03-02 14:57:32",
"pivot": {
"id": 62397,
"created_at": "2017-03-02 14:57:32",
"updated_at": "2017-03-02 14:57:32"
}
}
]
}Response
400Validation failed.
Headers
Content-Type: application/jsonBody
{
"data": [
{
"errors": {
"id": [
"The id field is required."
]
}
}
]
}Response
401Access denied.
Bulk DeleteDELETE/events/{event_id}/indicators
Delete multiple Event Indicator links. The request should include a list of object_link_ids to be deleted.
Example URI
DELETE /events/1/indicators
URI Parameters
- event_id
integer(required) Example: 1Event ID
Request
Headers
Content-Type: application/json
Authorization: Bearer <access_token>Body
[
62351,
62352
]Response
204Object(s) were successfully deleted.
Response
401Access denied.
Event Indicator ¶
Get SingleGET/events/{event_id}/indicators/{object_link_id}{?with}
Get a single Event Indicator link.
Example URI
GET /events/1/indicators/2?with=sources,pivot.attributes
URI Parameters
- event_id
integer(required) Example: 1Event ID
- object_link_id
integer(required) Example: 2Object Link ID
- with
string(optional) Example: sources,pivot.attributesA comma-separated list of related objects to include in the response. Options for this endpoint: pivot.comments, pivot.comments.sources, pivot.attributes, pivot.attributes.attribute, pivot.attributes.sources, pivot.sources, sources.
Request
Headers
Authorization: Bearer <access_token>Response
200Object(s) retrieved successfully.
Body
{
"data": {
"id": 24,
"type_id": 3,
"status_id": 3,
"class": "network",
"hash": "bc77846655cdf4c183713a59f8c2a8f1",
"value": "brendon57@hotmail.com",
"description": null,
"last_detected_at": "2002-06-23 14:29:54",
"expires_at": null,
"expired_at": null,
"expires_needs_calc": "Y",
"expires_calculated_at": null,
"created_at": "2018-04-04 19:28:34",
"updated_at": "2018-04-04 19:28:34",
"touched_at": "2018-04-04 19:30:57",
"pivot": {
"id": 14896,
"created_at": "2018-03-09 14:32:27",
"updated_at": "2018-04-04 19:30:29",
"comments": [
{
"id": 54,
"object_link_id": 14896,
"value": "This link is also important.",
"creator_source_id": 8,
"created_at": "2018-04-04 20:05:39",
"updated_at": "2018-04-04 20:05:39",
"sources": [
{
"id": 8,
"type": "users",
"name": "Threat Quotient",
"expire_days": null,
"score": null,
"created_at": "2018-04-04 19:28:33",
"updated_at": "2018-04-04 19:28:33",
"pivot": {
"id": 54,
"creator_source_id": 8
}
}
]
}
],
"attributes": [
{
"id": 43,
"object_link_id": 14896,
"attribute_id": 13,
"value": "75",
"created_at": "2018-02-24 14:33:41",
"updated_at": "-0001-11-30 00:00:00",
"name": "Confidence",
"attribute": {
"id": 13,
"name": "Confidence",
"created_at": "2018-03-28 19:03:33",
"updated_at": "2018-03-24 19:03:33"
},
"sources": [
{
"id": 8,
"type": "users",
"name": "Threat Quotient",
"tlp_id": null,
"created_at": "-0001-11-30 00:00:00",
"updated_at": "-0001-11-30 00:00:00",
"published_at": null,
"pivot": {
"object_link_attribute_id": 43,
"source_id": 8,
"id": 1,
"creator_source_id": 0
}
}
]
}
],
"sources": [
{
"id": 5,
"type": "plugins",
"name": "VirusTotal",
"tlp_id": null,
"created_at": "2018-02-19 02:14:29",
"updated_at": "2018-04-04 19:30:59",
"published_at": null,
"pivot": {
"object_link_id": 14896,
"source_id": 5,
"id": 62,
"creator_source_id": 5
}
}
]
},
"sources": [
{
"id": 3,
"type": "clients",
"name": "ThreatQ",
"tlp_id": null,
"created_at": "2018-04-04 19:28:35",
"updated_at": "2018-04-04 19:28:35",
"published_at": null,
"pivot": {
"indicator_id": 24,
"source_id": 3,
"id": 59,
"creator_source_id": 8
}
}
]
}
}Response
401Access denied.
Response
404Object not found.
DeleteDELETE/events/{event_id}/indicators/{object_link_id}
Delete an Event Indicator link.
Example URI
DELETE /events/1/indicators/2
URI Parameters
- event_id
integer(required) Example: 1Event ID
- object_link_id
integer(required) Example: 2Object Link ID
Request
Headers
Authorization: Bearer <access_token>Response
204Object(s) were successfully deleted.
Response
401Access denied.
Response
404Object not found.
Event Indicator Attributes List ¶
Get ListGET/events/{event_id}/indicators/{object_link_id}/attributes{?limit,offset,sort}
Get a list of Event Indicator link Attributes.
Example URI
GET /events/1/indicators/2/attributes?limit=500&offset=100&sort=id
URI Parameters
- event_id
integer(required) Example: 1Event ID
- object_link_id
integer(required) Example: 2Object Link ID
- limit
integer(optional) Example: 500The maximum number of records to retrieve.
- offset
integer(optional) Example: 100Designate the record that will appear first in your retrieved list.
- sort
string(optional) Example: idDesignate the field(s) you want to use to sort the retrieved list. You can prepend each field with a minus sign (-) to reverse the sorting order. This string can be a list of comma-separated values.
Request
Headers
Authorization: Bearer <access_token>Response
200Object(s) retrieved successfully.
Body
{
"total": 2,
"data": [
{
"id": 15067,
"object_link_id": 62326,
"attribute_id": 136,
"value": "Universities",
"created_at": "2018-04-02 17:46:43",
"updated_at": "2018-04-02 17:50:18",
"name": "Industry",
"attribute": {
"id": 136,
"name": "Industry",
"created_at": "2018-04-02 16:25:21",
"updated_at": "2018-04-02 16:25:21"
}
},
{
"id": 15068,
"object_link_id": 62326,
"attribute_id": 136,
"value": "Mining",
"created_at": "2018-04-02 17:52:14",
"updated_at": "2018-04-02 17:52:14",
"name": "Industry",
"attribute": {
"id": 136,
"name": "Industry",
"created_at": "2018-04-02 16:25:21",
"updated_at": "2018-04-02 16:25:21"
}
}
]
}Response
401Access denied.
Create NewPOST/events/{event_id}/indicators/{object_link_id}/attributes
Create a new Event Indicator link Attribute.
Example URI
POST /events/1/indicators/2/attributes
URI Parameters
- event_id
integer(required) Example: 1Event ID
- object_link_id
integer(required) Example: 2Object Link ID
Request
Headers
Content-Type: application/json
Authorization: Bearer <access_token>Body
{
"name": "Port",
"value": "4000",
"sources": [
{
"name": "TQ User",
"tlp": {
"name": "RED"
},
"published_at": "2017-02-28 01:01:01"
}
]
}Response
201Object was created successfully.
Headers
Content-Type: application/jsonBody
{
"data": [
{
"id": 15059,
"object_link_id": 61561,
"attribute_id": 401,
"value": "4000",
"created_at": "2017-03-01 21:47:14",
"updated_at": "2017-03-01 21:47:14",
"deleted_at": null
}
]
}Response
400Validation failed.
Headers
Content-Type: application/jsonBody
{
"errors": [
"Undefined index: value"
]
}Response
401Access denied.
Event Indicator Attribute ¶
Get SingleGET/events/{event_id}/indicators/{object_link_id}/attributes/{object_link_attribute_id}
Get a single Event Indicator link Attribute.
Example URI
GET /events/1/indicators/2/attributes/3
URI Parameters
- event_id
integer(required) Example: 1Event ID
- object_link_id
integer(required) Example: 2Object Link ID
- object_link_attribute_id
integer(required) Example: 3Object Link Attribute ID
Request
Headers
Authorization: Bearer <access_token>Response
200Object(s) retrieved successfully.
Body
{
"data": {
"id": 15068,
"object_link_id": 62326,
"attribute_id": 136,
"value": "Mining",
"created_at": "2018-04-02 17:52:14",
"updated_at": "2018-04-02 17:52:14",
"name": "Industry",
"attribute": {
"id": 136,
"name": "Industry",
"created_at": "2018-04-02 16:25:21",
"updated_at": "2018-04-02 16:25:21"
}
}
}Response
401Access denied.
Response
404Object not found.
UpdatePUT/events/{event_id}/indicators/{object_link_id}/attributes/{object_link_attribute_id}
Update an Event Indicator link Attribute.
Example URI
PUT /events/1/indicators/2/attributes/3
URI Parameters
- event_id
integer(required) Example: 1Event ID
- object_link_id
integer(required) Example: 2Object Link ID
- object_link_attribute_id
integer(required) Example: 3Object Link Attribute ID
Request
Headers
Content-Type: application/json
Authorization: Bearer <access_token>Body
{
"value": "New Value",
"tlp": {
"name": "RED"
}
}Response
200Object(s) retrieved successfully.
Body
{
"data": [
{
"id": 15058,
"object_link_id": 61561,
"attribute_id": 14,
"value": "New Value",
"created_at": "2017-01-24 14:54:31",
"updated_at": "2017-03-01 22:13:22",
"deleted_at": null
}
]
}Response
400Validation failed.
Headers
Content-Type: application/jsonBody
{
"errors": [
"Undefined index: value"
]
}Response
401Access denied.
Response
404Object not found.
DeleteDELETE/events/{event_id}/indicators/{object_link_id}/attributes/{object_link_attribute_id}
Delete an Event Indicator link Attribute.
Example URI
DELETE /events/1/indicators/2/attributes/3
URI Parameters
- event_id
integer(required) Example: 1Event ID
- object_link_id
integer(required) Example: 2Object Link ID
- object_link_attribute_id
integer(required) Example: 3Object Link Attribute ID
Request
Headers
Authorization: Bearer <access_token>Response
204Object(s) were successfully deleted.
Response
401Access denied.
Response
404Object not found.
Event Indicator Comments List ¶
Get ListGET/events/{event_id}/indicators/{object_link_id}/comments{?limit,offset,sort,with}
Get a list of Event Indicator link Comments.
Example URI
GET /events/1/indicators/2/comments?limit=500&offset=100&sort=id&with=sources
URI Parameters
- event_id
integer(required) Example: 1Event ID
- object_link_id
integer(required) Example: 2Object Link ID
- limit
integer(optional) Example: 500The maximum number of records to retrieve.
- offset
integer(optional) Example: 100Designate the record that will appear first in your retrieved list.
- sort
string(optional) Example: idDesignate the field(s) you want to use to sort the retrieved list. You can prepend each field with a minus sign (-) to reverse the sorting order. This string can be a list of comma-separated values.
- with
string(optional) Example: sourcesA comma-separated list of related objects to include in the response. Options for this endpoint: sources.
Request
Headers
Authorization: Bearer <access_token>Response
200Object(s) retrieved successfully.
Body
{
"total": 2,
"data": [
{
"id": 54,
"object_link_id": 62325,
"value": "This has some suspicious stuff.",
"creator_source_id": 8,
"created_at": "2018-04-02 16:19:51",
"updated_at": "2018-04-02 18:21:06",
"sources": [
{
"id": 8,
"type": "users",
"name": "Threat Quotient",
"expire_days": null,
"score": null,
"created_at": "2018-04-02 15:47:21",
"updated_at": "2018-04-02 15:47:21",
"pivot": {
"id": 54,
"creator_source_id": 8
}
}
]
},
{
"id": 56,
"object_link_id": 62325,
"value": "Compile date: 10/17/2011",
"creator_source_id": 8,
"created_at": "2018-04-02 16:20:25",
"updated_at": "2018-04-02 16:20:25",
"sources": [
{
"id": 8,
"type": "users",
"name": "Threat Quotient",
"expire_days": null,
"score": null,
"created_at": "2018-04-02 15:47:21",
"updated_at": "2018-04-02 15:47:21",
"pivot": {
"id": 56,
"creator_source_id": 8
}
}
]
}
]
}Response
401Access denied.
Create NewPOST/events/{event_id}/indicators/{object_link_id}/comments
Create a new Event Indicator link Comment.
Example URI
POST /events/1/indicators/2/comments
URI Parameters
- event_id
integer(required) Example: 1Event ID
- object_link_id
integer(required) Example: 2Object Link ID
Request
Headers
Content-Type: application/json
Authorization: Bearer <access_token>Body
{
"value": "This is a comment."
}Response
201Object was created successfully.
Headers
Content-Type: application/jsonBody
{
"data": {
"creator_source_id": 5,
"id": 69,
"value": "This is a comment.",
"sources": [
{
"id": 5,
"name": "Threat Quotient"
}
],
"created_at": "2017-03-02 14:12:32",
"updated_at": "2017-03-02 14:12:32"
}
}Response
400Validation failed.
Headers
Content-Type: application/jsonBody
{
"errors": [
"Undefined index: value"
]
}Response
401Access denied.
Event Indicator Comment ¶
Get SingleGET/events/{event_id}/indicators/{object_link_id}/comments/{object_link_comment_id}
Get a single Event Indicator link Comment.
Example URI
GET /events/1/indicators/2/comments/3
URI Parameters
- event_id
integer(required) Example: 1Event ID
- object_link_id
integer(required) Example: 2Object Link ID
- object_link_comment_id
integer(required) Example: 3Object Link Comment ID
Request
Headers
Authorization: Bearer <access_token>Response
200Object(s) retrieved successfully.
Body
{
"data": {
"id": 54,
"value": "This is a comment.",
"sources": [
{
"id": 5,
"name": "Threat Quotient"
}
],
"created_at": "2017-03-02 23:18:29",
"updated_at": "2017-03-02 23:18:29"
}
}Response
401Access denied.
Response
404Object not found.
UpdatePUT/events/{event_id}/indicators/{object_link_id}/comments/{object_link_comment_id}
Update an Event Indicator link Comment.
Example URI
PUT /events/1/indicators/2/comments/3
URI Parameters
- event_id
integer(required) Example: 1Event ID
- object_link_id
integer(required) Example: 2Object Link ID
- object_link_comment_id
integer(required) Example: 3Object Link Comment ID
Request
Headers
Content-Type: application/json
Authorization: Bearer <access_token>Body
{
"value": "This is an updated comment."
}Response
201Object was created successfully.
Headers
Content-Type: application/jsonBody
{
"data": {
"creator_source_id": 5,
"value": "This is an updated comment.",
"id": 67,
"sources": [
{
"id": 5,
"name": "Threat Quotient"
}
],
"created_at": "2017-02-28 20:18:50",
"updated_at": "2017-03-02 14:37:49"
}
}Response
400Validation failed.
Headers
Content-Type: application/jsonBody
{
"data": {
"creator_source_id": 5,
"errors": {
"value": [
"The value field is required."
]
}
}
}Response
401Access denied.
Response
404Object not found.
DeleteDELETE/events/{event_id}/indicators/{object_link_id}/comments/{object_link_comment_id}
Delete an Event Indicator link Comment.
Example URI
DELETE /events/1/indicators/2/comments/3
URI Parameters
- event_id
integer(required) Example: 1Event ID
- object_link_id
integer(required) Example: 2Object Link ID
- object_link_comment_id
integer(required) Example: 3Object Link Comment ID
Request
Headers
Authorization: Bearer <access_token>Response
204Object(s) were successfully deleted.
Response
401Access denied.
Response
404Object not found.
Event Investigations List ¶
Get ListGET/events/{event_id}/investigations{?limit,offset,sort,with}
Get a list of Event Investigation links.
Example URI
GET /events/1/investigations?limit=500&offset=100&sort=id&with=sources,pivot.attributes
URI Parameters
- event_id
integer(required) Example: 1Event ID
- limit
integer(optional) Example: 500The maximum number of records to retrieve.
- offset
integer(optional) Example: 100Designate the record that will appear first in your retrieved list.
- sort
string(optional) Example: idDesignate the field(s) you want to use to sort the retrieved list. You can prepend each field with a minus sign (-) to reverse the sorting order. This string can be a list of comma-separated values.
- with
string(optional) Example: sources,pivot.attributesA comma-separated list of related objects to include in the response. Options for this endpoint: pivot.comments, pivot.comments.sources, pivot.attributes, pivot.attributes.attribute, pivot.attributes.sources, pivot.sources, sources.
Request
Headers
Authorization: Bearer <access_token>Response
200Object(s) retrieved successfully.
Body
{
"total": 2,
"data": [
{
"id": 1,
"name": "Investigation 1",
"user_id": 1,
"status_id": 2,
"priority_id": 2,
"last_updated_by": 1,
"visible": 1,
"data": "{\"data\": \"This is Investigation data.\", \"data1\": \"more data\"}",
"description": "WTF",
"created_at": "2018-01-31 23:35:59",
"updated_at": "2018-02-05 01:48:53",
"sources": [
{
"name": "Customer Observer"
}
],
"pivot": {
"id": 62324,
"src_type": "adversary",
"src_object_id": 1,
"dest_type": "investigation",
"dest_object_id": 2,
"created_at": "2018-04-02 16:16:38",
"updated_at": "2018-04-02 16:16:38",
"comments": [
{
"id": 54,
"type": "users",
"value": "This link is important.",
"source": "Threat Quotient",
"created_at": "2018-04-02 16:19:51.184000",
"updated_at": "2018-04-02 16:23:40.426000",
"creator_source_id": 8
}
],
"attributes": [
{
"id": 15066,
"name": "Industry",
"value": "Hospitals",
"sources": [
{
"id": 2,
"name": "Threat Quotient",
"type": "users",
"pivot": {
"created_at": "2018-04-02 16:17:00.689000",
"updated_at": "2018-04-02 16:17:00.689000"
}
}
]
}
],
"sources": [
{
"id": 24424,
"name": "Threat Quotient",
"type": "users",
"pivot": {
"created_at": "2018-04-02 16:16:38.663000",
"updated_at": "2018-04-02 16:16:38.663000"
}
}
]
}
},
{
"id": 2,
"name": "Investigation 2",
"user_id": 1,
"status_id": 2,
"priority_id": 2,
"last_updated_by": 1,
"visible": 1,
"data": "{\"data\": \"This is Investigation data.\", \"data1\": \"more data\"}",
"description": "WTF",
"created_at": "2018-01-31 23:35:59",
"updated_at": "2018-02-05 01:48:53",
"sources": [
{
"name": "Customer Observer"
}
],
"pivot": {
"id": 62324,
"src_type": "adversary",
"src_object_id": 2,
"dest_type": "investigation",
"dest_object_id": 2,
"created_at": "2018-04-02 16:16:38",
"updated_at": "2018-04-02 16:16:38",
"comments": [
{
"id": 54,
"type": "users",
"value": "This link is also important.",
"source": "Threat Quotient",
"created_at": "2018-04-02 16:19:51.184000",
"updated_at": "2018-04-02 16:23:40.426000",
"creator_source_id": 8
}
],
"attributes": [
{
"id": 15066,
"name": "Industry",
"value": "Universities",
"sources": [
{
"id": 2,
"name": "Threat Quotient",
"type": "users",
"pivot": {
"created_at": "2018-04-02 16:17:00.689000",
"updated_at": "2018-04-02 16:17:00.689000"
}
}
]
}
],
"sources": [
{
"id": 24424,
"name": "Threat Quotient",
"type": "users",
"pivot": {
"created_at": "2018-04-02 16:16:38.663000",
"updated_at": "2018-04-02 16:16:38.663000"
}
}
]
}
}
],
"limit": 100,
"offset": 0
}Response
401Access denied.
Create NewPOST/events/{event_id}/investigations
Create a link from an Event to an Investigation.
Example URI
POST /events/1/investigations
URI Parameters
- event_id
integer(required) Example: 1Event ID
Request
Headers
Content-Type: application/json
Authorization: Bearer <access_token>Body
[
{
"id": 2
},
{
"id": 3
}
]Response
201Object was created successfully.
Headers
Content-Type: application/jsonBody
{
"total": 1,
"data": [
{
"id": 2,
"name": "Investigation 2",
"user_id": 1,
"status_id": 2,
"priority_id": 2,
"last_updated_by": 1,
"visible": 1,
"data": "{\"data\": \"This is Investigation data.\", \"data1\": \"more data\"}",
"description": "This is an important investigation.",
"created_at": "2018-01-31 23:35:59",
"updated_at": "2018-02-05 01:48:53",
"pivot": {
"id": 62317,
"created_at": "2018-02-05 15:06:27",
"updated_at": "2018-02-05 15:06:27"
}
},
{
"id": 3,
"name": "Investigation 3",
"user_id": 1,
"status_id": 2,
"priority_id": 2,
"last_updated_by": 1,
"visible": 1,
"data": "{\"data\": \"This is Investigation data.\", \"data1\": \"more data\"}",
"description": "This is an important investigation.",
"created_at": "2018-01-31 23:35:59",
"updated_at": "2018-02-05 01:48:53",
"pivot": {
"id": 62318,
"created_at": "2018-02-05 15:06:27",
"updated_at": "2018-02-05 15:06:27"
}
}
]
}Response
400Validation failed.
Headers
Content-Type: application/jsonBody
{
"data": [
{
"errors": {
"id": [
"The id field is required."
]
}
}
]
}Response
401Access denied.
Bulk DeleteDELETE/events/{event_id}/investigations
Delete multiple Event Investigation links. The request should include a list of object_link_ids to be deleted.
Example URI
DELETE /events/1/investigations
URI Parameters
- event_id
integer(required) Example: 1Event ID
Request
Headers
Content-Type: application/json
Authorization: Bearer <access_token>Body
[
62351,
62352
]Response
204Object(s) were successfully deleted.
Response
401Access denied.
Event Investigation ¶
Get SingleGET/events/{event_id}/investigations/{object_link_id}{?with}
Get a single Event Investigation link.
Example URI
GET /events/1/investigations/2?with=sources,pivot.attributes
URI Parameters
- event_id
integer(required) Example: 1Event ID
- object_link_id
integer(required) Example: 2Object Link ID
- with
string(optional) Example: sources,pivot.attributesA comma-separated list of related objects to include in the response. Options for this endpoint: pivot.comments, pivot.comments.sources, pivot.attributes, pivot.attributes.attribute, pivot.attributes.sources, pivot.sources, sources.
Request
Headers
Authorization: Bearer <access_token>Response
200Object(s) retrieved successfully.
Body
{
"data": {
"id": 1,
"name": "Investigation 1",
"user_id": 1,
"status_id": 2,
"priority_id": 2,
"last_updated_by": 1,
"visible": 1,
"data": "{\"data\": \"This is Investigation data.\", \"data1\": \"more data\"}",
"description": "WTF",
"created_at": "2018-01-31 23:35:59",
"updated_at": "2018-02-05 01:48:53",
"sources": [
{
"name": "Customer Observer"
}
],
"pivot": {
"id": 62324,
"src_type": "adversary",
"src_object_id": 1,
"dest_type": "investigation",
"dest_object_id": 2,
"created_at": "2018-04-02 16:16:38",
"updated_at": "2018-04-02 16:16:38",
"comments": [
{
"id": 54,
"type": "users",
"value": "This link is important.",
"source": "Threat Quotient",
"created_at": "2018-04-02 16:19:51.184000",
"updated_at": "2018-04-02 16:23:40.426000",
"creator_source_id": 8
}
],
"attributes": [
{
"id": 15066,
"name": "Industry",
"value": "Hospitals",
"sources": [
{
"id": 2,
"name": "Threat Quotient",
"type": "users",
"pivot": {
"created_at": "2018-04-02 16:17:00.689000",
"updated_at": "2018-04-02 16:17:00.689000"
}
}
]
}
],
"sources": [
{
"id": 24424,
"name": "Threat Quotient",
"type": "users",
"pivot": {
"created_at": "2018-04-02 16:16:38.663000",
"updated_at": "2018-04-02 16:16:38.663000"
}
}
]
}
}
}Response
401Access denied.
Response
404Object not found.
DeleteDELETE/events/{event_id}/investigations/{object_link_id}
Delete an Event Investigation link.
Example URI
DELETE /events/1/investigations/2
URI Parameters
- event_id
integer(required) Example: 1Event ID
- object_link_id
integer(required) Example: 2Object Link ID
Request
Headers
Authorization: Bearer <access_token>Response
204Object(s) were successfully deleted.
Response
401Access denied.
Response
404Object not found.
Event Investigation Attributes List ¶
Get ListGET/events/{event_id}/investigations/{object_link_id}/attributes{?limit,offset,sort}
Get a list of Event Investigation link Attributes.
Example URI
GET /events/1/investigations/2/attributes?limit=500&offset=100&sort=id
URI Parameters
- event_id
integer(required) Example: 1Event ID
- object_link_id
integer(required) Example: 2Object Link ID
- limit
integer(optional) Example: 500The maximum number of records to retrieve.
- offset
integer(optional) Example: 100Designate the record that will appear first in your retrieved list.
- sort
string(optional) Example: idDesignate the field(s) you want to use to sort the retrieved list. You can prepend each field with a minus sign (-) to reverse the sorting order. This string can be a list of comma-separated values.
Request
Headers
Authorization: Bearer <access_token>Response
200Object(s) retrieved successfully.
Body
{
"total": 2,
"data": [
{
"id": 15067,
"object_link_id": 62326,
"attribute_id": 136,
"value": "Universities",
"created_at": "2018-04-02 17:46:43",
"updated_at": "2018-04-02 17:50:18",
"name": "Industry",
"attribute": {
"id": 136,
"name": "Industry",
"created_at": "2018-04-02 16:25:21",
"updated_at": "2018-04-02 16:25:21"
}
},
{
"id": 15068,
"object_link_id": 62326,
"attribute_id": 136,
"value": "Mining",
"created_at": "2018-04-02 17:52:14",
"updated_at": "2018-04-02 17:52:14",
"name": "Industry",
"attribute": {
"id": 136,
"name": "Industry",
"created_at": "2018-04-02 16:25:21",
"updated_at": "2018-04-02 16:25:21"
}
}
]
}Response
401Access denied.
Create NewPOST/events/{event_id}/investigations/{object_link_id}/attributes
Create a new Event Investigation link Attribute.
Example URI
POST /events/1/investigations/2/attributes
URI Parameters
- event_id
integer(required) Example: 1Event ID
- object_link_id
integer(required) Example: 2Object Link ID
Request
Headers
Content-Type: application/json
Authorization: Bearer <access_token>Body
{
"name": "Port",
"value": "4000",
"sources": [
{
"name": "TQ User",
"tlp": {
"name": "RED"
},
"published_at": "2017-02-28 01:01:01"
}
]
}Response
201Object was created successfully.
Headers
Content-Type: application/jsonBody
{
"data": [
{
"id": 15059,
"object_link_id": 61561,
"attribute_id": 401,
"value": "4000",
"created_at": "2017-03-01 21:47:14",
"updated_at": "2017-03-01 21:47:14",
"deleted_at": null
}
]
}Response
400Validation failed.
Headers
Content-Type: application/jsonBody
{
"errors": [
"Undefined index: value"
]
}Response
401Access denied.
Event Investigation Attribute ¶
Get SingleGET/events/{event_id}/investigations/{object_link_id}/attributes/{object_link_attribute_id}
Get a single Event Investigation link Attribute.
Example URI
GET /events/1/investigations/2/attributes/3
URI Parameters
- event_id
integer(required) Example: 1Event ID
- object_link_id
integer(required) Example: 2Object Link ID
- object_link_attribute_id
integer(required) Example: 3Object Link Attribute ID
Request
Headers
Authorization: Bearer <access_token>Response
200Object(s) retrieved successfully.
Body
{
"data": {
"id": 15068,
"object_link_id": 62326,
"attribute_id": 136,
"value": "Mining",
"created_at": "2018-04-02 17:52:14",
"updated_at": "2018-04-02 17:52:14",
"name": "Industry",
"attribute": {
"id": 136,
"name": "Industry",
"created_at": "2018-04-02 16:25:21",
"updated_at": "2018-04-02 16:25:21"
}
}
}Response
401Access denied.
Response
404Object not found.
UpdatePUT/events/{event_id}/investigations/{object_link_id}/attributes/{object_link_attribute_id}
Update an Event Investigation link Attribute.
Example URI
PUT /events/1/investigations/2/attributes/3
URI Parameters
- event_id
integer(required) Example: 1Event ID
- object_link_id
integer(required) Example: 2Object Link ID
- object_link_attribute_id
integer(required) Example: 3Object Link Attribute ID
Request
Headers
Content-Type: application/json
Authorization: Bearer <access_token>Body
{
"value": "New Value",
"tlp": {
"name": "RED"
}
}Response
200Object(s) retrieved successfully.
Body
{
"data": [
{
"id": 15058,
"object_link_id": 61561,
"attribute_id": 14,
"value": "New Value",
"created_at": "2017-01-24 14:54:31",
"updated_at": "2017-03-01 22:13:22",
"deleted_at": null
}
]
}Response
400Validation failed.
Headers
Content-Type: application/jsonBody
{
"errors": [
"Undefined index: value"
]
}Response
401Access denied.
Response
404Object not found.
DeleteDELETE/events/{event_id}/investigations/{object_link_id}/attributes/{object_link_attribute_id}
Delete an Event Investigation link Attribute.
Example URI
DELETE /events/1/investigations/2/attributes/3
URI Parameters
- event_id
integer(required) Example: 1Event ID
- object_link_id
integer(required) Example: 2Object Link ID
- object_link_attribute_id
integer(required) Example: 3Object Link Attribute ID
Request
Headers
Authorization: Bearer <access_token>Response
204Object(s) were successfully deleted.
Response
401Access denied.
Response
404Object not found.
Event Investigation Comments List ¶
Get ListGET/events/{event_id}/investigations/{object_link_id}/comments{?limit,offset,sort,with}
Get a list of Event Investigation link Comments.
Example URI
GET /events/1/investigations/2/comments?limit=500&offset=100&sort=id&with=sources
URI Parameters
- event_id
integer(required) Example: 1Event ID
- object_link_id
integer(required) Example: 2Object Link ID
- limit
integer(optional) Example: 500The maximum number of records to retrieve.
- offset
integer(optional) Example: 100Designate the record that will appear first in your retrieved list.
- sort
string(optional) Example: idDesignate the field(s) you want to use to sort the retrieved list. You can prepend each field with a minus sign (-) to reverse the sorting order. This string can be a list of comma-separated values.
- with
string(optional) Example: sourcesA comma-separated list of related objects to include in the response. Options for this endpoint: sources.
Request
Headers
Authorization: Bearer <access_token>Response
200Object(s) retrieved successfully.
Body
{
"total": 2,
"data": [
{
"id": 54,
"object_link_id": 62325,
"value": "This has some suspicious stuff.",
"creator_source_id": 8,
"created_at": "2018-04-02 16:19:51",
"updated_at": "2018-04-02 18:21:06",
"sources": [
{
"id": 8,
"type": "users",
"name": "Threat Quotient",
"expire_days": null,
"score": null,
"created_at": "2018-04-02 15:47:21",
"updated_at": "2018-04-02 15:47:21",
"pivot": {
"id": 54,
"creator_source_id": 8
}
}
]
},
{
"id": 56,
"object_link_id": 62325,
"value": "Compile date: 10/17/2011",
"creator_source_id": 8,
"created_at": "2018-04-02 16:20:25",
"updated_at": "2018-04-02 16:20:25",
"sources": [
{
"id": 8,
"type": "users",
"name": "Threat Quotient",
"expire_days": null,
"score": null,
"created_at": "2018-04-02 15:47:21",
"updated_at": "2018-04-02 15:47:21",
"pivot": {
"id": 56,
"creator_source_id": 8
}
}
]
}
]
}Response
401Access denied.
Create NewPOST/events/{event_id}/investigations/{object_link_id}/comments
Create a new Event Investigation link Comment.
Example URI
POST /events/1/investigations/2/comments
URI Parameters
- event_id
integer(required) Example: 1Event ID
- object_link_id
integer(required) Example: 2Object Link ID
Request
Headers
Content-Type: application/json
Authorization: Bearer <access_token>Body
{
"value": "This is a comment."
}Response
201Object was created successfully.
Headers
Content-Type: application/jsonBody
{
"data": {
"creator_source_id": 5,
"id": 69,
"value": "This is a comment.",
"sources": [
{
"id": 5,
"name": "Threat Quotient"
}
],
"created_at": "2017-03-02 14:12:32",
"updated_at": "2017-03-02 14:12:32"
}
}Response
400Validation failed.
Headers
Content-Type: application/jsonBody
{
"errors": [
"Undefined index: value"
]
}Response
401Access denied.
Event Investigation Comment ¶
Get SingleGET/events/{event_id}/investigations/{object_link_id}/comments/{object_link_comment_id}
Get a single Event Investigation link Comment.
Example URI
GET /events/1/investigations/2/comments/3
URI Parameters
- event_id
integer(required) Example: 1Event ID
- object_link_id
integer(required) Example: 2Object Link ID
- object_link_comment_id
integer(required) Example: 3Object Link Comment ID
Request
Headers
Authorization: Bearer <access_token>Response
200Object(s) retrieved successfully.
Body
{
"data": {
"id": 54,
"value": "This is a comment.",
"sources": [
{
"id": 5,
"name": "Threat Quotient"
}
],
"created_at": "2017-03-02 23:18:29",
"updated_at": "2017-03-02 23:18:29"
}
}Response
401Access denied.
Response
404Object not found.
UpdatePUT/events/{event_id}/investigations/{object_link_id}/comments/{object_link_comment_id}
Update an Event Investigation link Comment.
Example URI
PUT /events/1/investigations/2/comments/3
URI Parameters
- event_id
integer(required) Example: 1Event ID
- object_link_id
integer(required) Example: 2Object Link ID
- object_link_comment_id
integer(required) Example: 3Object Link Comment ID
Request
Headers
Content-Type: application/json
Authorization: Bearer <access_token>Body
{
"value": "This is an updated comment."
}Response
201Object was created successfully.
Headers
Content-Type: application/jsonBody
{
"data": {
"creator_source_id": 5,
"value": "This is an updated comment.",
"id": 67,
"sources": [
{
"id": 5,
"name": "Threat Quotient"
}
],
"created_at": "2017-02-28 20:18:50",
"updated_at": "2017-03-02 14:37:49"
}
}Response
400Validation failed.
Headers
Content-Type: application/jsonBody
{
"data": {
"creator_source_id": 5,
"errors": {
"value": [
"The value field is required."
]
}
}
}Response
401Access denied.
Response
404Object not found.
DeleteDELETE/events/{event_id}/investigations/{object_link_id}/comments/{object_link_comment_id}
Delete an Event Investigation link Comment.
Example URI
DELETE /events/1/investigations/2/comments/3
URI Parameters
- event_id
integer(required) Example: 1Event ID
- object_link_id
integer(required) Example: 2Object Link ID
- object_link_comment_id
integer(required) Example: 3Object Link Comment ID
Request
Headers
Authorization: Bearer <access_token>Response
204Object(s) were successfully deleted.
Response
401Access denied.
Response
404Object not found.
Event Search ¶
Event SearchPOST/events/query{?limit,offset,sort}
Search the Threat Library for Events using criteria and filters.
Criteria and filters should be formatted in the convention of SOLR query structures.
Criteria Options: mentions, title
Filter Options: created_at, updated_at, expires_at, published_at, type_name, source_name, source_created_at, related, tags, attribute
Example URI
POST /events/query?limit=500&offset=100&sort=id
URI Parameters
- limit
integer(optional) Example: 500The maximum number of records to retrieve.
- offset
integer(optional) Example: 100Designate the record that will appear first in your retrieved list.
- sort
string(optional) Example: idDesignate the field(s) you want to use to sort the retrieved list. You can prepend each field with a minus sign (-) to reverse the sorting order. This string can be a list of comma-separated values.
Request
Headers
Content-Type: application/json
Authorization: Bearer <access_token>Body
{
"criteria": {
"+or": [
{
"mentions": "email"
},
{
"title": {
"+contains": "Subject"
}
}
]
},
"filters": {
"+and": [
{
"created_at": {
"+lt": "2021-01-27 22:35:00"
}
},
{
"+or": [
{
"expires_at": {
"+gt": "2021-01-26 23:59:59",
"+lt": "2021-01-28 00:00:00"
}
},
{
"expired_at": {
"+gt": "2021-01-26 23:59:59",
"+lt": "2021-01-28 00:00:00"
}
}
]
},
{
"+or": [
{
"type_name": "Spearphish"
}
]
},
{
"+or": [
{
"+and": [
{
"source_name": "Customer Admin"
},
{
"published_at": {
"+lt": "2021-01-27 22:50:00"
}
}
]
}
]
},
{
"+or": [
{
"related": {
"id": 1,
"type": "indicator"
}
}
]
},
{
"+or": [
{
"related": {
"object": "adversary"
}
}
]
},
{
"+or": [
{
"source_name": "Primary Contributor"
}
]
},
{
"+or": [
{
"tags": "Internal"
}
]
},
{
"updated_at": {
"+lt": "2021-01-27 22:51:00"
}
},
{
"+or": [
{
"+and": [
{
"source_name": "Primary Contributor"
},
{
"source_created_at": {
"+lt": "2021-01-27 22:50:00"
}
}
]
}
]
}
],
"+or": [
{
"attribute": {
"name": "Confidence",
"value": "High"
}
}
]
}
}Response
200Object(s) retrieved successfully.
Body
{
"total": 2,
"data": [
{
"updated_at": "2020-09-13 18:36:45",
"description": "",
"title": "Subject - Because he knows it teases.' CHORUS. (In which the March Hare. 'It was the only one.",
"published_at": "2020-09-13 18:36:45",
"type_id": 1,
"happened_at": "2020-09-13 18:36:45",
"touched_at": "2021-01-27 19:55:25",
"created_at": "2020-09-13 18:36:45",
"id": 27,
"hash": "d1b0a81f1ce25ad37880a662eaf88178",
"adversaries": [
{
"name": "TOXIC PANDA"
}
],
"type": {
"name": "Spearphish",
"id": 1
},
"attributes": [
{
"created_at": "2020-12-25 09:06:15",
"touched_at": "2021-01-27 19:53:25",
"event_id": 27,
"id": 261,
"updated_at": "2021-01-27 19:53:25",
"attribute_id": 99,
"name": "X-Received",
"value": "by 10.49.73.202 with SMTP id n10mr985440qev.55.1366601039211;"
}
],
"sources": [
{
"updated_at": "2021-01-27 19:55:25",
"source_id": 5,
"type": "users",
"creator_source_id": 5,
"event_id": 27,
"created_at": "2021-01-13 19:56:04",
"id": 53,
"reference_id": 1,
"published_at": "2021-01-13 19:56:04",
"name": "Threat Quotient"
}
]
},
{
"updated_at": "2020-11-06 17:30:21",
"description": "",
"title": "Subject - I want to get through the wood..",
"published_at": "2020-11-06 17:30:21",
"type_id": 1,
"happened_at": "2020-11-06 17:30:21",
"touched_at": "2021-01-27 19:55:25",
"created_at": "2020-11-06 17:30:21",
"id": 26,
"hash": "5f5dde6b20c721be99f19a2fa001fce0",
"adversaries": [
{
"name": "FLYING KITTEN"
}
],
"type": {
"name": "Spearphish",
"id": 1
},
"attributes": [
{
"created_at": "2021-01-23 07:55:21",
"touched_at": "2021-01-27 19:53:25",
"event_id": 26,
"id": 251,
"updated_at": "2021-01-27 19:53:25",
"attribute_id": 99,
"name": "X-Received",
"value": "by 10.49.73.202 with SMTP id n10mr985440qev.55.1366601039211;"
}
],
"sources": [
{
"updated_at": "2021-01-27 19:55:25",
"source_id": 2,
"type": "clients",
"creator_source_id": 2,
"event_id": 26,
"created_at": "2021-01-07 18:33:36",
"id": 51,
"reference_id": 2,
"published_at": "2021-01-07 18:33:36",
"name": "Threat Quotient"
}
]
}
],
"offset": 0,
"limit": 25
}Response
401Access denied.
Event Signatures List ¶
Get ListGET/events/{event_id}/signatures{?limit,offset,sort,with}
Get a list of Event Signature links.
Example URI
GET /events/1/signatures?limit=500&offset=100&sort=id&with=sources,pivot.attributes
URI Parameters
- event_id
integer(required) Example: 1Event ID
- limit
integer(optional) Example: 500The maximum number of records to retrieve.
- offset
integer(optional) Example: 100Designate the record that will appear first in your retrieved list.
- sort
string(optional) Example: idDesignate the field(s) you want to use to sort the retrieved list. You can prepend each field with a minus sign (-) to reverse the sorting order. This string can be a list of comma-separated values.
- with
string(optional) Example: sources,pivot.attributesA comma-separated list of related objects to include in the response. Options for this endpoint: pivot.comments, pivot.comments.sources, pivot.attributes, pivot.attributes.attribute, pivot.attributes.sources, pivot.sources, sources.
Request
Headers
Authorization: Bearer <access_token>Response
200Object(s) retrieved successfully.
Body
{
"total": 2,
"data": [
{
"id": 2,
"name": "ET EXPLOIT Borland VisiBroker Smart Agent Heap Overflow (2007937:4)",
"description": "",
"hash": "8cf2e60aeb0b7ed9874f2ed379b3f42d",
"value": "alert udp $EXTERNAL_NET any -> $HOME_NET 14000 (msg:\"ET EXPLOIT Borland VisiBroker Smart Agent Heap Overflow\"; content:\"|44 53 52 65 71 75 65 73 74|\"; pcre:\"/[0-9a-zA-Z]{50}/R\"; reference:bugtraq,28084; reference:url,aluigi.altervista.org/adv/visibroken-adv.txt; reference:url,doc.emergingthreats.net/bin/view/Main/2007937; classtype:successful-dos; sid:2007937; rev:4;)",
"status_id": 3,
"type_id": 6,
"last_detected_at": null,
"created_at": "2018-04-04 19:30:18",
"updated_at": "2018-04-04 19:30:18",
"touched_at": "2018-04-04 23:02:46",
"deleted_at": null,
"sources": [
{
"name": "Threat Quotient"
}
],
"pivot": {
"id": 62261,
"src_type": "signature",
"src_object_id": 2,
"dest_type": "adversary",
"dest_object_id": 1,
"created_at": "2018-04-04 19:30:18",
"updated_at": "2018-04-04 19:30:18",
"comments": [
{
"id": 57,
"type": "users",
"value": "This link is important.",
"created_at": "2018-04-04 23:16:40.155000",
"updated_at": "2018-04-04 23:18:42.648000",
"creator_source_id": 8,
"sources": [
{
"id": 8,
"name": "Threat Quotient"
}
]
}
],
"attributes": [
{
"id": 15080,
"name": "Industry",
"value": "Universities",
"sources": [
{
"id": 3,
"name": "Threat Quotient",
"type": "users",
"pivot": {
"created_at": "0000-00-00 00:00:00",
"updated_at": "0000-00-00 00:00:00"
}
}
]
}
],
"sources": [
{
"id": 24298,
"name": "Threat Quotient",
"type": "users",
"pivot": {
"created_at": "2018-04-04 23:02:46.740000",
"updated_at": "2018-04-04 23:02:46.740000"
}
}
]
}
},
{
"id": 1,
"name": "ET EXPLOIT Arkeia full remote access without password or authentication (2001742:9)",
"description": "",
"hash": "737309fe355ef23e1c03a5e98bc364b5",
"value": "alert tcp $EXTERNAL_NET any -> $HOME_NET 617 (msg:\"ET EXPLOIT Arkeia full remote access without password or authentication\"; flow:to_server,established; content:\"|464F3A20596F75206861766520737563|\"; content:\"|6520636C69656E7420696E666F726D61|\"; reference:url,metasploit.com/research/vulns/arkeia_agent; reference:url,doc.emergingthreats.net/bin/view/Main/2001742; classtype:attempted-admin; sid:2001742; rev:9;)",
"status_id": 3,
"type_id": 6,
"last_detected_at": null,
"created_at": "2018-04-04 19:30:18",
"updated_at": "2018-04-04 19:30:18",
"touched_at": "2018-04-04 23:03:35",
"deleted_at": null,
"sources": [
{
"name": "Threat Quotient"
}
],
"pivot": {
"id": 62262,
"src_type": "signature",
"src_object_id": 1,
"dest_type": "adversary",
"dest_object_id": 1,
"created_at": "2018-04-04 19:30:18",
"updated_at": "2018-04-04 19:30:18",
"comments": [
{
"id": 58,
"type": "users",
"value": "This link is also important.",
"created_at": "2018-04-04 23:16:58.817000",
"updated_at": "2018-04-04 23:16:58.817000",
"creator_source_id": 8,
"sources": [
{
"id": 8,
"name": "Threat Quotient"
}
]
}
],
"attributes": [
{
"id": 15081,
"name": "Industry",
"value": "Mining",
"sources": [
{
"id": 4,
"name": "Threat Quotient",
"type": "users",
"pivot": {
"created_at": "0000-00-00 00:00:00",
"updated_at": "0000-00-00 00:00:00"
}
}
]
}
],
"sources": [
{
"id": 24300,
"name": "Threat Quotient",
"type": "users",
"pivot": {
"created_at": "2018-04-04 23:03:35.975000",
"updated_at": "2018-04-04 23:03:35.975000"
}
}
]
}
}
],
"limit": 100,
"offset": 0
}Response
401Access denied.
Create NewPOST/events/{event_id}/signatures
Create a link from a Signature to an Event.
Example URI
POST /events/1/signatures
URI Parameters
- event_id
integer(required) Example: 1Event ID
Request
Headers
Content-Type: application/json
Authorization: Bearer <access_token>Body
[
{
"id": 2
},
{
"id": 3
}
]Response
201Object was created successfully.
Headers
Content-Type: application/jsonBody
{
"total": 1,
"data": [
{
"id": 202,
"name": "ET EXPLOIT Possible CVE-2014-3704 Drupal SQLi attempt URLENCODE 27 (2019448:1)",
"description": "",
"hash": "32eb2da7b59c7e85fbeec98f90adaf2d",
"value": "alert tcp any any -> $HTTP_SERVERS $HTTP_PORTS (msg:\"ET EXPLOIT Possible CVE-2014-3704 Drupal SQLi attempt URLENCODE 27\"; flow:established,to_server; content:\"%6e%61m%65[\"; nocase; fast_pattern:only; http_client_body; pcre:\"/(?:^|&|Content-Disposition[\\x3a][^\\n]*?name\\s*?=\\s*?[\\x22\\x27])\\%6e\\%61m\\%65\\[[^\\x5d]*?\\W/Pi\"; reference:url,pastebin.com/F2Dk9LbX; classtype:web-application-attack; sid:2019448; rev:1;)",
"status_id": 4,
"type_id": 1,
"last_detected_at": null,
"created_at": "2017-03-02 16:34:40",
"updated_at": "2017-03-02 16:34:40",
"touched_at": "2017-03-02 16:34:41",
"pivot": {
"id": 62337,
"created_at": "2017-03-02 16:43:29",
"updated_at": "2017-03-02 16:43:29"
}
}
]
}Response
400Validation failed.
Headers
Content-Type: application/jsonBody
{
"data": [
{
"errors": {
"id": [
"The id field is required."
]
}
}
]
}Response
401Access denied.
Bulk DeleteDELETE/events/{event_id}/signatures
Delete multiple Event Signature links. The request should include a list of object_link_ids to be deleted.
Example URI
DELETE /events/1/signatures
URI Parameters
- event_id
integer(required) Example: 1Event ID
Request
Headers
Content-Type: application/json
Authorization: Bearer <access_token>Body
[
62351,
62352
]Response
204Object(s) were successfully deleted.
Response
401Access denied.
Event Signature ¶
Get SingleGET/events/{event_id}/signatures/{object_link_id}{?with}
Get a single Event Signature link.
Example URI
GET /events/1/signatures/2?with=sources,pivot.attributes
URI Parameters
- event_id
integer(required) Example: 1Event ID
- object_link_id
integer(required) Example: 2Object Link ID
- with
string(optional) Example: sources,pivot.attributesA comma-separated list of related objects to include in the response. Options for this endpoint: pivot.comments, pivot.comments.sources, pivot.attributes, pivot.attributes.attribute, pivot.attributes.sources, pivot.sources, sources.
Request
Headers
Authorization: Bearer <access_token>Response
200Object(s) retrieved successfully.
Body
{
"data": {
"id": 2,
"name": "ET EXPLOIT Borland VisiBroker Smart Agent Heap Overflow (2007937:4)",
"description": "",
"hash": "8cf2e60aeb0b7ed9874f2ed379b3f42d",
"value": "alert udp $EXTERNAL_NET any -> $HOME_NET 14000 (msg:\"ET EXPLOIT Borland VisiBroker Smart Agent Heap Overflow\"; content:\"|44 53 52 65 71 75 65 73 74|\"; pcre:\"/[0-9a-zA-Z]{50}/R\"; reference:bugtraq,28084; reference:url,aluigi.altervista.org/adv/visibroken-adv.txt; reference:url,doc.emergingthreats.net/bin/view/Main/2007937; classtype:successful-dos; sid:2007937; rev:4;)",
"status_id": 3,
"type_id": 6,
"last_detected_at": null,
"created_at": "2018-04-04 19:30:18",
"updated_at": "2018-04-04 19:30:18",
"touched_at": "2018-04-04 23:02:46",
"pivot": {
"id": 62261,
"created_at": "2018-04-04 23:02:46",
"updated_at": "2018-04-04 23:02:46",
"comments": [
{
"id": 57,
"object_link_id": 62261,
"value": "This link is important.",
"creator_source_id": 8,
"created_at": "2018-04-04 23:16:40",
"updated_at": "2018-04-04 23:18:42",
"sources": [
{
"id": 8,
"type": "users",
"name": "Threat Quotient",
"expire_days": null,
"score": null,
"created_at": "2018-04-04 19:28:33",
"updated_at": "2018-04-04 19:28:33",
"pivot": {
"id": 57,
"creator_source_id": 8
}
}
]
}
],
"attributes": [
{
"id": 15080,
"object_link_id": 62261,
"attribute_id": 135,
"value": "Universities",
"created_at": "2018-04-04 23:09:28",
"updated_at": "2018-04-04 23:09:28",
"name": "Industry",
"attribute": {
"id": 135,
"name": "Industry",
"created_at": "2018-04-04 20:01:00",
"updated_at": "2018-04-04 20:01:00"
},
"sources": [
{
"id": 8,
"type": "users",
"name": "Threat Quotient",
"tlp_id": null,
"created_at": "-0001-11-30 00:00:00",
"updated_at": "-0001-11-30 00:00:00",
"published_at": null,
"pivot": {
"object_link_attribute_id": 15080,
"source_id": 8,
"id": 3,
"creator_source_id": 0
}
}
]
}
],
"sources": [
{
"id": 8,
"type": "users",
"name": "Threat Quotient",
"tlp_id": null,
"created_at": "2018-04-04 23:02:46",
"updated_at": "2018-04-04 23:02:46",
"published_at": null,
"pivot": {
"object_link_id": 62261,
"source_id": 8,
"id": 24298,
"creator_source_id": 8
}
}
]
},
"sources": [
{
"id": 8,
"type": "users",
"name": "Threat Quotient",
"tlp_id": null,
"created_at": "2018-04-04 19:30:18",
"updated_at": "2018-04-04 19:30:18",
"published_at": null,
"pivot": {
"signature_id": 2,
"source_id": 8,
"id": 2,
"creator_source_id": 8
}
}
]
}
}Response
401Access denied.
Response
404Object not found.
DeleteDELETE/events/{event_id}/signatures/{object_link_id}
Delete an Event Signature link.
Example URI
DELETE /events/1/signatures/2
URI Parameters
- event_id
integer(required) Example: 1Event ID
- object_link_id
integer(required) Example: 2Object Link ID
Request
Headers
Authorization: Bearer <access_token>Response
204Object(s) were successfully deleted.
Response
401Access denied.
Response
404Object not found.
Event Signature Attributes List ¶
Get ListGET/events/{event_id}/signatures/{object_link_id}/attributes{?limit,offset,sort}
Get a list of Event Signature link Attributes.
Example URI
GET /events/1/signatures/2/attributes?limit=500&offset=100&sort=id
URI Parameters
- event_id
integer(required) Example: 1Event ID
- object_link_id
integer(required) Example: 2Object Link ID
- limit
integer(optional) Example: 500The maximum number of records to retrieve.
- offset
integer(optional) Example: 100Designate the record that will appear first in your retrieved list.
- sort
string(optional) Example: idDesignate the field(s) you want to use to sort the retrieved list. You can prepend each field with a minus sign (-) to reverse the sorting order. This string can be a list of comma-separated values.
Request
Headers
Authorization: Bearer <access_token>Response
200Object(s) retrieved successfully.
Body
{
"total": 2,
"data": [
{
"id": 15067,
"object_link_id": 62326,
"attribute_id": 136,
"value": "Universities",
"created_at": "2018-04-02 17:46:43",
"updated_at": "2018-04-02 17:50:18",
"name": "Industry",
"attribute": {
"id": 136,
"name": "Industry",
"created_at": "2018-04-02 16:25:21",
"updated_at": "2018-04-02 16:25:21"
}
},
{
"id": 15068,
"object_link_id": 62326,
"attribute_id": 136,
"value": "Mining",
"created_at": "2018-04-02 17:52:14",
"updated_at": "2018-04-02 17:52:14",
"name": "Industry",
"attribute": {
"id": 136,
"name": "Industry",
"created_at": "2018-04-02 16:25:21",
"updated_at": "2018-04-02 16:25:21"
}
}
]
}Response
401Access denied.
Create NewPOST/events/{event_id}/signatures/{object_link_id}/attributes
Create a new Event Signature link Attribute.
Example URI
POST /events/1/signatures/2/attributes
URI Parameters
- event_id
integer(required) Example: 1Event ID
- object_link_id
integer(required) Example: 2Object Link ID
Request
Headers
Content-Type: application/json
Authorization: Bearer <access_token>Body
{
"name": "Port",
"value": "4000",
"sources": [
{
"name": "TQ User",
"tlp": {
"name": "RED"
},
"published_at": "2017-02-28 01:01:01"
}
]
}Response
201Object was created successfully.
Headers
Content-Type: application/jsonBody
{
"data": [
{
"id": 15059,
"object_link_id": 61561,
"attribute_id": 401,
"value": "4000",
"created_at": "2017-03-01 21:47:14",
"updated_at": "2017-03-01 21:47:14",
"deleted_at": null
}
]
}Response
400Validation failed.
Headers
Content-Type: application/jsonBody
{
"errors": [
"Undefined index: value"
]
}Response
401Access denied.
Event Signature Attribute ¶
Get SingleGET/events/{event_id}/signatures/{object_link_id}/attributes/{object_link_attribute_id}
Get a single Event Signature link Attribute.
Example URI
GET /events/1/signatures/2/attributes/3
URI Parameters
- event_id
integer(required) Example: 1Event ID
- object_link_id
integer(required) Example: 2Object Link ID
- object_link_attribute_id
integer(required) Example: 3Object Link Attribute ID
Request
Headers
Authorization: Bearer <access_token>Response
200Object(s) retrieved successfully.
Body
{
"data": {
"id": 15068,
"object_link_id": 62326,
"attribute_id": 136,
"value": "Mining",
"created_at": "2018-04-02 17:52:14",
"updated_at": "2018-04-02 17:52:14",
"name": "Industry",
"attribute": {
"id": 136,
"name": "Industry",
"created_at": "2018-04-02 16:25:21",
"updated_at": "2018-04-02 16:25:21"
}
}
}Response
401Access denied.
Response
404Object not found.
UpdatePUT/events/{event_id}/signatures/{object_link_id}/attributes/{object_link_attribute_id}
Update an Event Signature link Attribute.
Example URI
PUT /events/1/signatures/2/attributes/3
URI Parameters
- event_id
integer(required) Example: 1Event ID
- object_link_id
integer(required) Example: 2Object Link ID
- object_link_attribute_id
integer(required) Example: 3Object Link Attribute ID
Request
Headers
Content-Type: application/json
Authorization: Bearer <access_token>Body
{
"value": "New Value",
"tlp": {
"name": "RED"
}
}Response
200Object(s) retrieved successfully.
Body
{
"data": [
{
"id": 15058,
"object_link_id": 61561,
"attribute_id": 14,
"value": "New Value",
"created_at": "2017-01-24 14:54:31",
"updated_at": "2017-03-01 22:13:22",
"deleted_at": null
}
]
}Response
400Validation failed.
Headers
Content-Type: application/jsonBody
{
"errors": [
"Undefined index: value"
]
}Response
401Access denied.
Response
404Object not found.
DeleteDELETE/events/{event_id}/signatures/{object_link_id}/attributes/{object_link_attribute_id}
Delete an Event Signature link Attribute.
Example URI
DELETE /events/1/signatures/2/attributes/3
URI Parameters
- event_id
integer(required) Example: 1Event ID
- object_link_id
integer(required) Example: 2Object Link ID
- object_link_attribute_id
integer(required) Example: 3Object Link Attribute ID
Request
Headers
Authorization: Bearer <access_token>Response
204Object(s) were successfully deleted.
Response
401Access denied.
Response
404Object not found.
Event Signature Comments List ¶
Get ListGET/events/{event_id}/signatures/{object_link_id}/comments{?limit,offset,sort,with}
Get a list of Event Signature link Comments.
Example URI
GET /events/1/signatures/2/comments?limit=500&offset=100&sort=id&with=sources
URI Parameters
- event_id
integer(required) Example: 1Event ID
- object_link_id
integer(required) Example: 2Object Link ID
- limit
integer(optional) Example: 500The maximum number of records to retrieve.
- offset
integer(optional) Example: 100Designate the record that will appear first in your retrieved list.
- sort
string(optional) Example: idDesignate the field(s) you want to use to sort the retrieved list. You can prepend each field with a minus sign (-) to reverse the sorting order. This string can be a list of comma-separated values.
- with
string(optional) Example: sourcesA comma-separated list of related objects to include in the response. Options for this endpoint: sources.
Request
Headers
Authorization: Bearer <access_token>Response
200Object(s) retrieved successfully.
Body
{
"total": 2,
"data": [
{
"id": 54,
"object_link_id": 62325,
"value": "This has some suspicious stuff.",
"creator_source_id": 8,
"created_at": "2018-04-02 16:19:51",
"updated_at": "2018-04-02 18:21:06",
"sources": [
{
"id": 8,
"type": "users",
"name": "Threat Quotient",
"expire_days": null,
"score": null,
"created_at": "2018-04-02 15:47:21",
"updated_at": "2018-04-02 15:47:21",
"pivot": {
"id": 54,
"creator_source_id": 8
}
}
]
},
{
"id": 56,
"object_link_id": 62325,
"value": "Compile date: 10/17/2011",
"creator_source_id": 8,
"created_at": "2018-04-02 16:20:25",
"updated_at": "2018-04-02 16:20:25",
"sources": [
{
"id": 8,
"type": "users",
"name": "Threat Quotient",
"expire_days": null,
"score": null,
"created_at": "2018-04-02 15:47:21",
"updated_at": "2018-04-02 15:47:21",
"pivot": {
"id": 56,
"creator_source_id": 8
}
}
]
}
]
}Response
401Access denied.
Create NewPOST/events/{event_id}/signatures/{object_link_id}/comments
Create a new Event Signature link Comment.
Example URI
POST /events/1/signatures/2/comments
URI Parameters
- event_id
integer(required) Example: 1Event ID
- object_link_id
integer(required) Example: 2Object Link ID
Request
Headers
Content-Type: application/json
Authorization: Bearer <access_token>Body
{
"value": "This is a comment."
}Response
201Object was created successfully.
Headers
Content-Type: application/jsonBody
{
"data": {
"creator_source_id": 5,
"id": 69,
"value": "This is a comment.",
"sources": [
{
"id": 5,
"name": "Threat Quotient"
}
],
"created_at": "2017-03-02 14:12:32",
"updated_at": "2017-03-02 14:12:32"
}
}Response
400Validation failed.
Headers
Content-Type: application/jsonBody
{
"errors": [
"Undefined index: value"
]
}Response
401Access denied.
Event Signature Comment ¶
Get SingleGET/events/{event_id}/signatures/{object_link_id}/comments/{object_link_comment_id}
Get a single Event Signature link Comment.
Example URI
GET /events/1/signatures/2/comments/3
URI Parameters
- event_id
integer(required) Example: 1Event ID
- object_link_id
integer(required) Example: 2Object Link ID
- object_link_comment_id
integer(required) Example: 3Object Link Comment ID
Request
Headers
Authorization: Bearer <access_token>Response
200Object(s) retrieved successfully.
Body
{
"data": {
"id": 54,
"value": "This is a comment.",
"sources": [
{
"id": 5,
"name": "Threat Quotient"
}
],
"created_at": "2017-03-02 23:18:29",
"updated_at": "2017-03-02 23:18:29"
}
}Response
401Access denied.
Response
404Object not found.
UpdatePUT/events/{event_id}/signatures/{object_link_id}/comments/{object_link_comment_id}
Update an Event Signature link Comment.
Example URI
PUT /events/1/signatures/2/comments/3
URI Parameters
- event_id
integer(required) Example: 1Event ID
- object_link_id
integer(required) Example: 2Object Link ID
- object_link_comment_id
integer(required) Example: 3Object Link Comment ID
Request
Headers
Content-Type: application/json
Authorization: Bearer <access_token>Body
{
"value": "This is an updated comment."
}Response
201Object was created successfully.
Headers
Content-Type: application/jsonBody
{
"data": {
"creator_source_id": 5,
"value": "This is an updated comment.",
"id": 67,
"sources": [
{
"id": 5,
"name": "Threat Quotient"
}
],
"created_at": "2017-02-28 20:18:50",
"updated_at": "2017-03-02 14:37:49"
}
}Response
400Validation failed.
Headers
Content-Type: application/jsonBody
{
"data": {
"creator_source_id": 5,
"errors": {
"value": [
"The value field is required."
]
}
}
}Response
401Access denied.
Response
404Object not found.
DeleteDELETE/events/{event_id}/signatures/{object_link_id}/comments/{object_link_comment_id}
Delete an Event Signature link Comment.
Example URI
DELETE /events/1/signatures/2/comments/3
URI Parameters
- event_id
integer(required) Example: 1Event ID
- object_link_id
integer(required) Example: 2Object Link ID
- object_link_comment_id
integer(required) Example: 3Object Link Comment ID
Request
Headers
Authorization: Bearer <access_token>Response
204Object(s) were successfully deleted.
Response
401Access denied.
Response
404Object not found.
Event Sources ¶
Get ListGET/events/{event_id}/sources{?limit,offset,sort,with}
Get a list of Event Sources.
Example URI
GET /events/1/sources?limit=500&offset=100&sort=id&with=event,tlp
URI Parameters
- event_id
integer(required) Example: 1Event ID
- limit
integer(optional) Example: 500The maximum number of records to retrieve.
- offset
integer(optional) Example: 100Designate the record that will appear first in your retrieved list.
- sort
string(optional) Example: idDesignate the field(s) you want to use to sort the retrieved list. You can prepend each field with a minus sign (-) to reverse the sorting order. This string can be a list of comma-separated values.
- with
string(optional) Example: event,tlpA comma-separated list of related objects to include in the response. Options for this endpoint: event, tlp.
Request
Headers
Authorization: Bearer <access_token>Response
200Object(s) retrieved successfully.
Body
{
"total": 2,
"data": [
{
"id": 1,
"event_id": 1,
"source_id": 6,
"creator_source_id": 6,
"tlp_id": null,
"created_at": "2017-01-29 22:59:11",
"updated_at": "2017-03-20 13:30:53",
"published_at": null
},
{
"id": 2,
"event_id": 1,
"source_id": 7,
"creator_source_id": 7,
"tlp_id": null,
"created_at": "2016-12-26 17:11:35",
"updated_at": "2017-03-20 13:30:53",
"published_at": null
}
]
}Response
401Access denied.
Create NewPOST/events/{event_id}/sources
Create a new Event Source.
Example URI
POST /events/1/sources
URI Parameters
- event_id
integer(required) Example: 1Event ID
Request
Headers
Content-Type: application/json
Authorization: Bearer <access_token>Body
{
"name": "Test Source",
"tlp": {
"name": "RED"
}
}Response
201Object was created successfully.
Headers
Content-Type: application/jsonBody
{
"total": 1,
"data": [
{
"id": 1176,
"event_id": 1,
"source_id": 11,
"creator_source_id": 5,
"tlp_id": 1,
"created_at": "2017-03-20 14:46:45",
"updated_at": "2017-03-20 14:46:45",
"published_at": null,
"deleted_at": null,
"existing": 0,
"name": "Test Source"
}
]
}Response
400Validation failed.
Headers
Content-Type: application/jsonBody
{
"data": [
{
"errors": {
"name": [
"The name field is required."
]
}
}
]
}Response
401Access denied.
Event Source ¶
Get SingleGET/events/{event_id}/sources/{event_source_id}
Get a single Event Source.
Example URI
GET /events/1/sources/2
URI Parameters
- event_id
integer(required) Example: 1Event ID
- event_source_id
integer(required) Example: 2Event Source ID
Request
Headers
Authorization: Bearer <access_token>Response
200Object(s) retrieved successfully.
Body
{
"data": {
"id": 1,
"event_id": 1,
"source_id": 13,
"creator_source_id": 8,
"tlp_id": 4,
"created_at": "2018-10-30 20:10:24",
"updated_at": "2018-10-30 20:10:24",
"published_at": null
}
}Response
401Access denied.
Response
404Object not found.
UpdatePUT/events/{event_id}/sources/{event_source_id}
Update an Event Source.
Example URI
PUT /events/1/sources/2
URI Parameters
- event_id
integer(required) Example: 1Event ID
- event_source_id
integer(required) Example: 2Event Source ID
Request
Headers
Content-Type: application/json
Authorization: Bearer <access_token>Body
{
"tlp": {
"name": "RED"
}
}Response
200Object(s) retrieved successfully.
Body
{
"data": {
"id": 1,
"event_id": 1,
"source_id": 13,
"creator_source_id": 8,
"tlp_id": 4,
"created_at": "2018-10-30 20:10:24",
"updated_at": "2018-10-30 20:10:24",
"published_at": null
}
}Response
401Access denied.
Response
404Object not found.
DeleteDELETE/events/{event_id}/sources/{event_source_id}
Delete an Event Source.
Example URI
DELETE /events/1/sources/2
URI Parameters
- event_id
integer(required) Example: 1Event ID
- event_source_id
integer(required) Example: 2Event Source ID
Request
Headers
Authorization: Bearer <access_token>Response
204Object(s) were successfully deleted.
Response
401Access denied.
Response
404Object not found.
Event Tag List ¶
Get ListGET/events/{event_id}/tags{?limit,offset,sort,with}
Get a list of Event Tags.
Example URI
GET /events/1/tags?limit=500&offset=100&sort=id&with=events
URI Parameters
- event_id
integer(required) Example: 1Event ID
- limit
integer(optional) Example: 500The maximum number of records to retrieve.
- offset
integer(optional) Example: 100Designate the record that will appear first in your retrieved list.
- sort
string(optional) Example: idDesignate the field(s) you want to use to sort the retrieved list. You can prepend each field with a minus sign (-) to reverse the sorting order. This string can be a list of comma-separated values.
- with
string(optional) Example: eventsA comma-separated list of related objects to include in the response. Options for this endpoint: events.
Request
Headers
Authorization: Bearer <access_token>Response
200Object(s) retrieved successfully.
Body
{
"total": 2,
"data": [
{
"id": 1,
"name": "New Tag Name",
"pivot": {
"object_id": 1,
"tag_id": 1,
"created_at": "2017-03-02 21:22:02",
"updated_at": "2017-03-02 21:22:02"
}
},
{
"id": 2,
"name": "Another New Tag Name",
"pivot": {
"object_id": 1,
"tag_id": 2,
"created_at": "2017-03-02 21:24:30",
"updated_at": "2017-03-02 21:24:30"
}
}
]
}Response
401Access denied.
Create NewPOST/events/{event_id}/tags
Create a new Event Tag.
Example URI
POST /events/1/tags
URI Parameters
- event_id
integer(required) Example: 1Event ID
Request
Headers
Content-Type: application/json
Authorization: Bearer <access_token>Body
{
"name": "Tag Name"
}Response
201Object was created successfully.
Headers
Content-Type: application/jsonBody
{
"total": 1,
"data": [
{
"id": 2,
"name": "Tag Name",
"pivot": {
"object_id": 1,
"tag_id": 2,
"created_at": "2017-03-02 21:24:30",
"updated_at": "2017-03-02 21:24:30"
}
}
]
}Response
400Validation failed.
Headers
Content-Type: application/jsonBody
{
"data": {
"errors": {
"name": [
"The name field is required."
]
}
}
}Response
401Access denied.
Event Tag ¶
Get SingleGET/events/{event_id}/tags/{tag_id}{?with}
Get a single Event Tag.
Example URI
GET /events/1/tags/2?with=events
URI Parameters
- event_id
integer(required) Example: 1Event ID
- tag_id
integer(required) Example: 2Tag ID
- with
string(optional) Example: eventsA comma-separated list of related objects to include in the response. Options for this endpoint: events.
Request
Headers
Authorization: Bearer <access_token>Response
200Object(s) retrieved successfully.
Body
{
"data": {
"id": 1,
"name": "Tag Name",
"pivot": {
"object_id": 1,
"tag_id": 1,
"created_at": "2017-03-02 21:22:02",
"updated_at": "2017-03-02 21:22:02"
}
}
}Response
401Access denied.
Response
404Object not found.
DeleteDELETE/events/{event_id}/tags/{tag_id}
Delete an Event Tag.
Example URI
DELETE /events/1/tags/2
URI Parameters
- event_id
integer(required) Example: 1Event ID
- tag_id
integer(required) Example: 2Tag ID
Request
Headers
Authorization: Bearer <access_token>Response
204Object(s) were successfully deleted.
Response
401Access denied.
Response
404Object not found.
Event Task List ¶
Get ListGET/events/{event_id}/tasks{?limit,offset,sort,with}
Get a list of Event Task links.
Example URI
GET /events/1/tasks?limit=500&offset=100&sort=id&with=pivot.sources,pivot.attributes
URI Parameters
- event_id
integer(required) Example: 1Event ID
- limit
integer(optional) Example: 500The maximum number of records to retrieve.
- offset
integer(optional) Example: 100Designate the record that will appear first in your retrieved list.
- sort
string(optional) Example: idDesignate the field(s) you want to use to sort the retrieved list. You can prepend each field with a minus sign (-) to reverse the sorting order. This string can be a list of comma-separated values.
- with
string(optional) Example: pivot.sources,pivot.attributesA comma-separated list of related objects to include in the response. Options for this endpoint: pivot.comments, pivot.comments.sources, pivot.attributes, pivot.attributes.attribute, pivot.attributes.sources, pivot.sources.
Request
Headers
Authorization: Bearer <access_token>Response
200Object(s) retrieved successfully.
Body
{
"total": 2,
"data": [
{
"id": 1,
"name": "Investigate",
"description": "This issue should be investigated.",
"status_id": 1,
"priority": "Medium",
"assignee_source_id": 8,
"creator_source_id": 8,
"due_at": "2018-04-10 23:57:08",
"completed_at": null,
"assigned_at": "2018-04-04 23:57:08",
"created_at": "2018-04-04 23:57:08",
"updated_at": "2018-04-04 23:57:29",
"pivot": {
"id": 62263,
"src_type": "adversary",
"src_object_id": 1,
"dest_type": "task",
"dest_object_id": 1,
"created_at": "2018-04-04 23:57:08",
"updated_at": "2018-04-04 23:57:08",
"comments": [
{
"id": 59,
"type": "users",
"value": "This link is also important.",
"created_at": "2018-04-05 00:03:55.818000",
"updated_at": "2018-04-05 00:03:55.818000",
"creator_source_id": 8,
"sources": [
{
"id": 8,
"name": "Threat Quotient"
}
]
}
],
"attributes": [
{
"id": 15082,
"name": "Industry",
"value": "Universities",
"sources": [
{
"id": 5,
"name": "Threat Quotient",
"type": "users",
"pivot": {
"created_at": "0000-00-00 00:00:00",
"updated_at": "0000-00-00 00:00:00"
}
}
]
}
],
"sources": [
{
"id": 24302,
"name": "Threat Quotient",
"type": "users",
"pivot": {
"created_at": "2018-04-04 23:58:35.081000",
"updated_at": "2018-04-04 23:58:35.081000"
}
}
]
}
},
{
"id": 2,
"name": "Research",
"description": "More research should be done on this issue.",
"status_id": 2,
"priority": "High",
"assignee_source_id": 8,
"creator_source_id": 8,
"due_at": "2018-04-10 23:57:08",
"completed_at": null,
"assigned_at": "2018-04-04 23:57:08",
"created_at": "2018-04-04 23:57:08",
"updated_at": "2018-04-04 23:58:19",
"pivot": {
"id": 62264,
"src_type": "adversary",
"src_object_id": 1,
"dest_type": "task",
"dest_object_id": 2,
"created_at": "2018-04-04 23:57:08",
"updated_at": "2018-04-04 23:57:08",
"comments": [
{
"id": 60,
"type": "users",
"value": "This link is important.",
"created_at": "2018-04-05 00:04:02.625000",
"updated_at": "2018-04-05 00:05:12.045000",
"creator_source_id": 8,
"sources": [
{
"id": 8,
"name": "Threat Quotient"
}
]
}
],
"attributes": [
{
"id": 15083,
"name": "Industry",
"value": "Mining",
"sources": [
{
"id": 6,
"name": "Threat Quotient",
"type": "users",
"pivot": {
"created_at": "0000-00-00 00:00:00",
"updated_at": "0000-00-00 00:00:00"
}
}
]
}
],
"sources": [
{
"id": 24304,
"name": "Threat Quotient",
"type": "users",
"pivot": {
"created_at": "2018-04-04 23:58:45.642000",
"updated_at": "2018-04-04 23:58:45.642000"
}
}
]
}
}
],
"limit": 100,
"offset": 0
}Response
401Access denied.
Create NewPOST/events/{event_id}/tasks
Create a link from a Task to an Event.
Example URI
POST /events/1/tasks
URI Parameters
- event_id
integer(required) Example: 1Event ID
Request
Headers
Content-Type: application/json
Authorization: Bearer <access_token>Body
[
{
"id": 2
},
{
"id": 3
}
]Response
201Object was created successfully.
Headers
Content-Type: application/jsonBody
{
"total": 1,
"data": [
{
"id": 2,
"name": "Research",
"description": "More research should be done on this issue.",
"status_id": 2,
"priority": "High",
"assignee_source_id": 8,
"creator_source_id": 8,
"due_at": "2018-04-10 23:57:08",
"completed_at": null,
"assigned_at": "2018-04-04 23:57:08",
"created_at": "2018-04-04 23:57:08",
"updated_at": "2018-04-04 23:58:19",
"pivot": {
"id": 62264,
"created_at": "2018-04-04 23:58:45",
"updated_at": "2018-04-04 23:58:45"
}
}
]
}Response
400Validation failed.
Headers
Content-Type: application/jsonBody
{
"data": [
{
"errors": {
"id": [
"The id field is required."
]
}
}
]
}Response
401Access denied.
Bulk DeleteDELETE/events/{event_id}/tasks
Delete multiple Event Task links. The request should include a list of object_link_ids to be deleted.
Example URI
DELETE /events/1/tasks
URI Parameters
- event_id
integer(required) Example: 1Event ID
Request
Headers
Content-Type: application/json
Authorization: Bearer <access_token>Body
[
62351,
62352
]Response
204Object(s) were successfully deleted.
Response
401Access denied.
Event Task ¶
Get SingleGET/events/{event_id}/tasks/{object_link_id}{?with}
Get a single Event Task link.
Example URI
GET /events/1/tasks/2?with=pivot.sources,pivot.attributes
URI Parameters
- event_id
integer(required) Example: 1Event ID
- object_link_id
integer(required) Example: 2Object Link ID
- with
string(optional) Example: pivot.sources,pivot.attributesA comma-separated list of related objects to include in the response. Options for this endpoint: pivot.comments, pivot.comments.sources, pivot.attributes, pivot.attributes.attribute, pivot.attributes.sources, pivot.sources.
Request
Headers
Authorization: Bearer <access_token>Response
200Object(s) retrieved successfully.
Body
{
"data": {
"id": 1,
"name": "Investigate",
"description": "This issue should be investigated.",
"status_id": 1,
"priority": "Medium",
"assignee_source_id": 8,
"creator_source_id": 8,
"due_at": "2018-04-10 23:57:08",
"completed_at": null,
"assigned_at": "2018-04-04 23:57:08",
"created_at": "2018-04-04 23:57:08",
"updated_at": "2018-04-04 23:57:29",
"pivot": {
"id": 62263,
"created_at": "2018-04-04 23:58:35",
"updated_at": "2018-04-04 23:58:35",
"comments": [
{
"id": 59,
"object_link_id": 62263,
"value": "This link is also important.",
"creator_source_id": 8,
"created_at": "2018-04-05 00:03:55",
"updated_at": "2018-04-05 00:03:55",
"sources": [
{
"id": 8,
"type": "users",
"name": "Threat Quotient",
"expire_days": null,
"score": null,
"created_at": "2018-04-04 19:28:33",
"updated_at": "2018-04-04 19:28:33",
"pivot": {
"id": 59,
"creator_source_id": 8
}
}
]
}
],
"attributes": [
{
"id": 15082,
"object_link_id": 62263,
"attribute_id": 135,
"value": "Universities",
"created_at": "2018-04-05 00:00:38",
"updated_at": "2018-04-05 00:00:38",
"name": "Industry",
"attribute": {
"id": 135,
"name": "Industry",
"created_at": "2018-04-04 20:01:00",
"updated_at": "2018-04-04 20:01:00"
},
"sources": [
{
"id": 8,
"type": "users",
"name": "Threat Quotient",
"tlp_id": null,
"created_at": "-0001-11-30 00:00:00",
"updated_at": "-0001-11-30 00:00:00",
"published_at": null,
"pivot": {
"object_link_attribute_id": 15082,
"source_id": 8,
"id": 5,
"creator_source_id": 0
}
}
]
}
],
"sources": [
{
"id": 8,
"type": "users",
"name": "Threat Quotient",
"tlp_id": null,
"created_at": "2018-04-04 23:58:35",
"updated_at": "2018-04-04 23:58:35",
"published_at": null,
"pivot": {
"object_link_id": 62263,
"source_id": 8,
"id": 24302,
"creator_source_id": 8
}
}
]
}
}
}Response
401Access denied.
Response
404Object not found.
DeleteDELETE/events/{event_id}/tasks/{object_link_id}
Delete an Event Task link.
Example URI
DELETE /events/1/tasks/2
URI Parameters
- event_id
integer(required) Example: 1Event ID
- object_link_id
integer(required) Example: 2Object Link ID
Request
Headers
Authorization: Bearer <access_token>Response
204Object(s) were successfully deleted.
Response
401Access denied.
Response
404Object not found.
Event Task Attributes List ¶
Get ListGET/events/{event_id}/tasks/{object_link_id}/attributes{?limit,offset,sort}
Get a list of Event Task link Attributes.
Example URI
GET /events/1/tasks/2/attributes?limit=500&offset=100&sort=id
URI Parameters
- event_id
integer(required) Example: 1Event ID
- object_link_id
integer(required) Example: 2Object Link ID
- limit
integer(optional) Example: 500The maximum number of records to retrieve.
- offset
integer(optional) Example: 100Designate the record that will appear first in your retrieved list.
- sort
string(optional) Example: idDesignate the field(s) you want to use to sort the retrieved list. You can prepend each field with a minus sign (-) to reverse the sorting order. This string can be a list of comma-separated values.
Request
Headers
Authorization: Bearer <access_token>Response
200Object(s) retrieved successfully.
Body
{
"total": 2,
"data": [
{
"id": 15067,
"object_link_id": 62326,
"attribute_id": 136,
"value": "Universities",
"created_at": "2018-04-02 17:46:43",
"updated_at": "2018-04-02 17:50:18",
"name": "Industry",
"attribute": {
"id": 136,
"name": "Industry",
"created_at": "2018-04-02 16:25:21",
"updated_at": "2018-04-02 16:25:21"
}
},
{
"id": 15068,
"object_link_id": 62326,
"attribute_id": 136,
"value": "Mining",
"created_at": "2018-04-02 17:52:14",
"updated_at": "2018-04-02 17:52:14",
"name": "Industry",
"attribute": {
"id": 136,
"name": "Industry",
"created_at": "2018-04-02 16:25:21",
"updated_at": "2018-04-02 16:25:21"
}
}
]
}Response
401Access denied.
Create NewPOST/events/{event_id}/tasks/{object_link_id}/attributes
Create a new Event Task link Attribute.
Example URI
POST /events/1/tasks/2/attributes
URI Parameters
- event_id
integer(required) Example: 1Event ID
- object_link_id
integer(required) Example: 2Object Link ID
Request
Headers
Content-Type: application/json
Authorization: Bearer <access_token>Body
{
"name": "Port",
"value": "4000",
"sources": [
{
"name": "TQ User",
"tlp": {
"name": "RED"
},
"published_at": "2017-02-28 01:01:01"
}
]
}Response
201Object was created successfully.
Headers
Content-Type: application/jsonBody
{
"data": [
{
"id": 15059,
"object_link_id": 61561,
"attribute_id": 401,
"value": "4000",
"created_at": "2017-03-01 21:47:14",
"updated_at": "2017-03-01 21:47:14",
"deleted_at": null
}
]
}Response
400Validation failed.
Headers
Content-Type: application/jsonBody
{
"errors": [
"Undefined index: value"
]
}Response
401Access denied.
Event Task Attribute ¶
Get SingleGET/events/{event_id}/tasks/{object_link_id}/attributes/{object_link_attribute_id}
Get a single Event Task link Attribute.
Example URI
GET /events/1/tasks/2/attributes/3
URI Parameters
- event_id
integer(required) Example: 1Event ID
- object_link_id
integer(required) Example: 2Object Link ID
- object_link_attribute_id
integer(required) Example: 3Object Link Attribute ID
Request
Headers
Authorization: Bearer <access_token>Response
200Object(s) retrieved successfully.
Body
{
"data": {
"id": 15068,
"object_link_id": 62326,
"attribute_id": 136,
"value": "Mining",
"created_at": "2018-04-02 17:52:14",
"updated_at": "2018-04-02 17:52:14",
"name": "Industry",
"attribute": {
"id": 136,
"name": "Industry",
"created_at": "2018-04-02 16:25:21",
"updated_at": "2018-04-02 16:25:21"
}
}
}Response
401Access denied.
Response
404Object not found.
UpdatePUT/events/{event_id}/tasks/{object_link_id}/attributes/{object_link_attribute_id}
Update an Event Task link Attribute.
Example URI
PUT /events/1/tasks/2/attributes/3
URI Parameters
- event_id
integer(required) Example: 1Event ID
- object_link_id
integer(required) Example: 2Object Link ID
- object_link_attribute_id
integer(required) Example: 3Object Link Attribute ID
Request
Headers
Content-Type: application/json
Authorization: Bearer <access_token>Body
{
"value": "New Value",
"tlp": {
"name": "RED"
}
}Response
200Object(s) retrieved successfully.
Body
{
"data": [
{
"id": 15058,
"object_link_id": 61561,
"attribute_id": 14,
"value": "New Value",
"created_at": "2017-01-24 14:54:31",
"updated_at": "2017-03-01 22:13:22",
"deleted_at": null
}
]
}Response
400Validation failed.
Headers
Content-Type: application/jsonBody
{
"errors": [
"Undefined index: value"
]
}Response
401Access denied.
Response
404Object not found.
DeleteDELETE/events/{event_id}/tasks/{object_link_id}/attributes/{object_link_attribute_id}
Delete an Event Task link Attribute.
Example URI
DELETE /events/1/tasks/2/attributes/3
URI Parameters
- event_id
integer(required) Example: 1Event ID
- object_link_id
integer(required) Example: 2Object Link ID
- object_link_attribute_id
integer(required) Example: 3Object Link Attribute ID
Request
Headers
Authorization: Bearer <access_token>Response
204Object(s) were successfully deleted.
Response
401Access denied.
Response
404Object not found.
Event Task Comments List ¶
Get ListGET/events/{event_id}/tasks/{object_link_id}/comments{?limit,offset,sort,with}
Get a list of Event Task link Comments.
Example URI
GET /events/1/tasks/2/comments?limit=500&offset=100&sort=id&with=sources
URI Parameters
- event_id
integer(required) Example: 1Event ID
- object_link_id
integer(required) Example: 2Object Link ID
- limit
integer(optional) Example: 500The maximum number of records to retrieve.
- offset
integer(optional) Example: 100Designate the record that will appear first in your retrieved list.
- sort
string(optional) Example: idDesignate the field(s) you want to use to sort the retrieved list. You can prepend each field with a minus sign (-) to reverse the sorting order. This string can be a list of comma-separated values.
- with
string(optional) Example: sourcesA comma-separated list of related objects to include in the response. Options for this endpoint: sources.
Request
Headers
Authorization: Bearer <access_token>Response
200Object(s) retrieved successfully.
Body
{
"total": 2,
"data": [
{
"id": 54,
"object_link_id": 62325,
"value": "This has some suspicious stuff.",
"creator_source_id": 8,
"created_at": "2018-04-02 16:19:51",
"updated_at": "2018-04-02 18:21:06",
"sources": [
{
"id": 8,
"type": "users",
"name": "Threat Quotient",
"expire_days": null,
"score": null,
"created_at": "2018-04-02 15:47:21",
"updated_at": "2018-04-02 15:47:21",
"pivot": {
"id": 54,
"creator_source_id": 8
}
}
]
},
{
"id": 56,
"object_link_id": 62325,
"value": "Compile date: 10/17/2011",
"creator_source_id": 8,
"created_at": "2018-04-02 16:20:25",
"updated_at": "2018-04-02 16:20:25",
"sources": [
{
"id": 8,
"type": "users",
"name": "Threat Quotient",
"expire_days": null,
"score": null,
"created_at": "2018-04-02 15:47:21",
"updated_at": "2018-04-02 15:47:21",
"pivot": {
"id": 56,
"creator_source_id": 8
}
}
]
}
]
}Response
401Access denied.
Create NewPOST/events/{event_id}/tasks/{object_link_id}/comments
Create a new Event Task link Comment.
Example URI
POST /events/1/tasks/2/comments
URI Parameters
- event_id
integer(required) Example: 1Event ID
- object_link_id
integer(required) Example: 2Object Link ID
Request
Headers
Content-Type: application/json
Authorization: Bearer <access_token>Body
{
"value": "This is a comment."
}Response
201Object was created successfully.
Headers
Content-Type: application/jsonBody
{
"data": {
"creator_source_id": 5,
"id": 69,
"value": "This is a comment.",
"sources": [
{
"id": 5,
"name": "Threat Quotient"
}
],
"created_at": "2017-03-02 14:12:32",
"updated_at": "2017-03-02 14:12:32"
}
}Response
400Validation failed.
Headers
Content-Type: application/jsonBody
{
"errors": [
"Undefined index: value"
]
}Response
401Access denied.
Event Task Comment ¶
Get SingleGET/events/{event_id}/tasks/{object_link_id}/comments/{object_link_comment_id}
Get a single Event Task link Comment.
Example URI
GET /events/1/tasks/2/comments/3
URI Parameters
- event_id
integer(required) Example: 1Event ID
- object_link_id
integer(required) Example: 2Object Link ID
- object_link_comment_id
integer(required) Example: 3Object Link Comment ID
Request
Headers
Authorization: Bearer <access_token>Response
200Object(s) retrieved successfully.
Body
{
"data": {
"id": 54,
"value": "This is a comment.",
"sources": [
{
"id": 5,
"name": "Threat Quotient"
}
],
"created_at": "2017-03-02 23:18:29",
"updated_at": "2017-03-02 23:18:29"
}
}Response
401Access denied.
Response
404Object not found.
UpdatePUT/events/{event_id}/tasks/{object_link_id}/comments/{object_link_comment_id}
Update an Event Task link Comment.
Example URI
PUT /events/1/tasks/2/comments/3
URI Parameters
- event_id
integer(required) Example: 1Event ID
- object_link_id
integer(required) Example: 2Object Link ID
- object_link_comment_id
integer(required) Example: 3Object Link Comment ID
Request
Headers
Content-Type: application/json
Authorization: Bearer <access_token>Body
{
"value": "This is an updated comment."
}Response
201Object was created successfully.
Headers
Content-Type: application/jsonBody
{
"data": {
"creator_source_id": 5,
"value": "This is an updated comment.",
"id": 67,
"sources": [
{
"id": 5,
"name": "Threat Quotient"
}
],
"created_at": "2017-02-28 20:18:50",
"updated_at": "2017-03-02 14:37:49"
}
}Response
400Validation failed.
Headers
Content-Type: application/jsonBody
{
"data": {
"creator_source_id": 5,
"errors": {
"value": [
"The value field is required."
]
}
}
}Response
401Access denied.
Response
404Object not found.
DeleteDELETE/events/{event_id}/tasks/{object_link_id}/comments/{object_link_comment_id}
Delete an Event Task link Comment.
Example URI
DELETE /events/1/tasks/2/comments/3
URI Parameters
- event_id
integer(required) Example: 1Event ID
- object_link_id
integer(required) Example: 2Object Link ID
- object_link_comment_id
integer(required) Example: 3Object Link Comment ID
Request
Headers
Authorization: Bearer <access_token>Response
204Object(s) were successfully deleted.
Response
401Access denied.
Response
404Object not found.
Event Types List ¶
Get ListGET/event/types{?limit,offset,sort,with}
Get a list of Event Types.
Example URI
GET /event/types?limit=500&offset=100&sort=id&with=events,plugins
URI Parameters
- limit
integer(optional) Example: 500The maximum number of records to retrieve.
- offset
integer(optional) Example: 100Designate the record that will appear first in your retrieved list.
- sort
string(optional) Example: idDesignate the field(s) you want to use to sort the retrieved list. You can prepend each field with a minus sign (-) to reverse the sorting order. This string can be a list of comma-separated values.
- with
string(optional) Example: events,pluginsA comma-separated list of related objects to include in the response. Options for this endpoint: events, plugins, pluginActions, pluginObjectTypes.
Request
Headers
Authorization: Bearer <access_token>Response
200Object(s) retrieved successfully.
Body
{
"total": 13,
"data": [
{
"id": 1,
"name": "Spearphish",
"user_editable": "N",
"created_at": "2017-03-20 13:28:23",
"updated_at": "2017-03-20 13:28:23"
},
{
"id": 2,
"name": "Watering Hole",
"user_editable": "N",
"created_at": "2017-03-20 13:28:23",
"updated_at": "2017-03-20 13:28:23"
},
{
"id": 3,
"name": "SQL Injection Attack",
"user_editable": "N",
"created_at": "2017-03-20 13:28:23",
"updated_at": "2017-03-20 13:28:23"
},
{
"id": 4,
"name": "DoS Attack",
"user_editable": "N",
"created_at": "2017-03-20 13:28:23",
"updated_at": "2017-03-20 13:28:23"
}
]
}Response
401Access denied.
Create NewPOST/event/types
Create a new Event Type.
Example URI
POST /event/types
Request
Headers
Content-Type: application/json
Authorization: Bearer <access_token>Body
{
"name": "New Type",
"user_editable": "Y"
}Response
201Object was created successfully.
Headers
Content-Type: application/jsonBody
{
"data": {
"name": "New Type",
"user_editable": "Y",
"updated_at": "2017-03-21 13:12:46",
"created_at": "2017-03-21 13:12:46",
"id": 14
}
}Response
400Validation failed.
Headers
Content-Type: application/jsonBody
{
"data": {
"errors": {
"name": [
"The name field is required."
]
}
}
}Response
401Access denied.
Event Type ¶
Get SingleGET/event/types/{event_type_id}{?with}
Get a single Event Type.
Example URI
GET /event/types/2?with=events,plugins
URI Parameters
- event_type_id
integer(required) Example: 2Event Type ID
- with
string(optional) Example: events,pluginsA comma-separated list of related objects to include in the response. Options for this endpoint: events, plugins, pluginActions, pluginObjectTypes.
Request
Headers
Authorization: Bearer <access_token>Response
200Object(s) retrieved successfully.
Body
{
"data": {
"id": 1,
"name": "Spearphish",
"user_editable": "N",
"created_at": "2017-03-20 13:28:23",
"updated_at": "2017-03-20 13:28:23"
}
}Response
401Access denied.
UpdatePUT/event/types/{event_type_id}{?with}
Update an Event Type.
Example URI
PUT /event/types/2?with=events,plugins
URI Parameters
- event_type_id
integer(required) Example: 2Event Type ID
- with
string(optional) Example: events,pluginsA comma-separated list of related objects to include in the response. Options for this endpoint: events, plugins, pluginActions, pluginObjectTypes.
Request
Headers
Content-Type: application/json
Authorization: Bearer <access_token>Body
{
"name": "Updated New Type"
}Response
201Object was created successfully.
Headers
Content-Type: application/jsonBody
{
"data": {
"id": 14,
"name": "Updated New Type",
"user_editable": "Y",
"created_at": "2017-03-21 13:12:46",
"updated_at": "2017-03-21 13:24:04"
}
}Response
400Validation failed.
Headers
Content-Type: application/jsonBody
{
"errors": [
"The user_editable field prevents this action."
]
}Response
401Access denied.
Response
404Object not found.
DeleteDELETE/event/types/{event_type_id}
Delete an Event Type.
Example URI
DELETE /event/types/2
URI Parameters
- event_type_id
integer(required) Example: 2Event Type ID
Request
Headers
Authorization: Bearer <access_token>Response
204Object(s) were successfully deleted.
Response
401Access denied.
Response
404Object not found.
Event Watchlists ¶
Get SingleGET/events/{event_id}/watchlist
Get an Event in a user’s Watchlist.
Example URI
GET /events/1/watchlist
URI Parameters
- event_id
integer(required) Example: 1Event ID
Request
Headers
Authorization: Bearer <access_token>Response
200Object(s) retrieved successfully.
Body
{
"total": 1,
"data": [
{
"id": 1,
"user_id": 1,
"object_type": "event",
"object_id": 229,
"created_at": "2017-03-20 14:01:10",
"updated_at": "2017-03-20 14:01:10",
"event": {
"id": 229,
"type_id": 2,
"title": "Origin - http://prohaska.com/dolore-debitis-nihil-molestiae-cupiditate-sint-amet",
"description": "",
"happened_at": "2017-03-14 16:46:21",
"hash": "6f42c58a46c0956ad89b6d323aa7858c",
"created_at": "2017-03-14 16:46:21",
"updated_at": "2017-03-14 16:46:21",
"touched_at": "2017-03-20 13:30:53"
}
}
]
}Response
401Access denied.
Create NewPOST/events/{event_id}/watchlist
Add an Event to the user’s Watchlist.
Example URI
POST /events/1/watchlist
URI Parameters
- event_id
integer(required) Example: 1Event ID
Request
Headers
Authorization: Bearer <access_token>Body
No Request Body.Response
201Object was created successfully.
Headers
Content-Type: application/jsonBody
{
"data": {
"object_type": "event",
"user_id": 1,
"object_id": "1",
"updated_at": "2017-03-20 14:03:16",
"created_at": "2017-03-20 14:03:16",
"id": 4
}
}Response
401Access denied.
Event Watchlist ¶
Event WatchlistDELETE/events/{event_id}/watchlist/{watchlist_id}
Remove an Event from the user’s Watchlist.
Example URI
DELETE /events/1/watchlist/2
URI Parameters
- event_id
integer(required) Example: 1Event ID
- watchlist_id
integer(required) Example: 2Watchlist ID
Request
Headers
Authorization: Bearer <access_token>Response
204Object(s) were successfully deleted.
Response
401Access denied.
Response
404Object not found.
Event Watchlist Bulk ¶
Get ListGET/events/watchlist
Get all Events in a user’s Watchlist. Only users with administrator privileges can see Watchlists for all users.
Example URI
GET /events/watchlist
Request
Headers
Authorization: Bearer <access_token>Response
200Object(s) retrieved successfully.
Body
{
"total": 3,
"data": [
{
"id": 1,
"user_id": 1,
"object_type": "event",
"object_id": 229,
"created_at": "2017-03-20 14:01:10",
"updated_at": "2017-03-20 14:01:10",
"event": {
"id": 229,
"type_id": 2,
"title": "Origin - http://prohaska.com/dolore-debitis-nihil-molestiae-cupiditate-sint-amet",
"description": "",
"happened_at": "2017-03-14 16:46:21",
"hash": "6f42c58a46c0956ad89b6d323aa7858c",
"created_at": "2017-03-14 16:46:21",
"updated_at": "2017-03-14 16:46:21",
"touched_at": "2017-03-20 13:30:53"
}
},
{
"id": 2,
"user_id": 1,
"object_type": "event",
"object_id": 255,
"created_at": "2017-03-20 14:01:18",
"updated_at": "2017-03-20 14:01:18",
"event": {
"id": 255,
"type_id": 2,
"title": "Origin - https://parker.com/sunt-autem-aliquam-voluptas-dicta-culpa-tempore.html",
"description": "",
"happened_at": "2017-03-14 06:22:53",
"hash": "0b69e7093e150047c669a1bb085e8d1e",
"created_at": "2017-03-14 06:22:53",
"updated_at": "2017-03-14 06:22:53",
"touched_at": "2017-03-20 13:30:53"
}
},
{
"id": 3,
"user_id": 1,
"object_type": "event",
"object_id": 468,
"created_at": "2017-03-20 14:01:32",
"updated_at": "2017-03-20 14:01:32",
"event": {
"id": 468,
"type_id": 3,
"title": "SQL - 64J)6Yo//]78,i",
"description": "",
"happened_at": "2017-03-14 00:04:09",
"hash": "6feb5fc4aab0678d4f4047016cb7c053",
"created_at": "2017-03-14 00:04:09",
"updated_at": "2017-03-14 00:04:09",
"touched_at": "2017-03-20 13:30:54"
}
}
]
}Response
401Access denied.
Create NewPOST/events/watchlist
Bulk add Events to the user’s Watchlist.
Example URI
POST /events/watchlist
Request
Headers
Content-Type: application/json
Authorization: Bearer <access_token>Body
{
"object_ids": [
5,
6,
7
]
}Response
201Object was created successfully.
Headers
Content-Type: application/jsonBody
{
"data": [
{
"object_type": "event",
"user_id": 1,
"object_id": "5",
"updated_at": "2017-03-20 14:11:38",
"created_at": "2017-03-20 14:11:38",
"id": 5
},
{
"object_type": "event",
"user_id": 1,
"object_id": "6",
"updated_at": "2017-03-20 14:11:38",
"created_at": "2017-03-20 14:11:38",
"id": 6
},
{
"object_type": "event",
"user_id": 1,
"object_id": "7",
"updated_at": "2017-03-20 14:11:38",
"created_at": "2017-03-20 14:11:38",
"id": 7
}
]
}Response
401Access denied.
Exports ¶
Generate Export ¶
Export GETGET/export/{name}{?token,limit}
Generate an Export via GET request.
Example URI
GET /export/fqdn?token=WFiD3vMUhrn78GDMX8ld1RBHH9rJpLSt&limit=500
URI Parameters
- name
string(required) Example: fqdnExport name.
- token
string(required) Example: WFiD3vMUhrn78GDMX8ld1RBHH9rJpLStExport configuration token.
- limit
integer(optional) Example: 500The maximum number of records to retrieve.
Request
Headers
Authorization: Bearer <access_token>Response
200Object(s) retrieved successfully.
Body
fecko.es
telemetry.soundcloud.com
logentries.com
assetdrafting.com.au
teksoft.pro
warrendotwarren.url.ph
goldenlifewomen.com
foothillsofhemet.com
advstrk.com
yx9k5.bazaltbeton.netResponse
401Access denied.
Response
404Object not found.
Export POSTPOST/export/{name}{?token,limit}
Generate an Export via POST request.
Example URI
POST /export/fqdn?token=WFiD3vMUhrn78GDMX8ld1RBHH9rJpLSt&limit=500
URI Parameters
- name
string(required) Example: fqdnExport name.
- token
string(required) Example: WFiD3vMUhrn78GDMX8ld1RBHH9rJpLStExport configuration token.
- limit
integer(optional) Example: 500The maximum number of records to retrieve.
Request
Headers
Content-Type: application/json
Authorization: Bearer <access_token>Body
{
"token": "WFiD3vMUhrn78GDMX8ld1RBHH9rJpLSt",
"limit": "10"
}Response
200Object(s) retrieved successfully.
Body
fecko.es
telemetry.soundcloud.com
logentries.com
assetdrafting.com.au
teksoft.pro
warrendotwarren.url.ph
goldenlifewomen.com
foothillsofhemet.com
advstrk.com
yx9k5.bazaltbeton.netResponse
401Access denied.
Response
404Object not found.
Exporters ¶
Exporter List ¶
Get ListGET/exporters{?limit,offset,sort,with}
Get a list of Exporters.
Example URI
GET /exporters?limit=500&offset=100&sort=id&with=dataType,deliveryType
URI Parameters
- limit
integer(optional) Example: 500The maximum number of records to retrieve.
- offset
integer(optional) Example: 100Designate the record that will appear first in your retrieved list.
- sort
string(optional) Example: idDesignate the field(s) you want to use to sort the retrieved list. You can prepend each field with a minus sign (-) to reverse the sorting order. This string can be a list of comma-separated values.
- with
string(optional) Example: dataType,deliveryTypeA comma-separated list of related objects to include in the response. Options for this endpoint: dataType, deliveryType, config.
Request
Headers
Authorization: Bearer <access_token>Response
200Object(s) retrieved successfully.
Body
{
"total": 24,
"data": [
{
"id": 1,
"name": "ArcSight",
"description": "ArcSight Description",
"delivery_type_id": 1,
"export_data_type_id": 8,
"export_definition": "{assign \"encodeCEF_find\" array('\\\\','|','=','\\\\r','\\\\n')}\n{assign \"encodeCEF_replace\" array('\\\\\\\\','\\\\|','\\\\=','\\\\\\\\r','\\\\\\\\n')}\n{foreach $data as $indicator}\n{if $indicator.deleted eq 'Y'}\nCEF:0|ThreatQuotient|ThreatQ|1.0|20|ThreatQ {$indicator.type} Indicator Remove|1|cs1Label=Status cs1=Disabled dst={$indicator.value|replace:$encodeCEF_find:$encodeCEF_replace} msg=ThreatQ Indicator - {$indicator.value|replace:$encodeCEF_find:$encodeCEF_replace} cn1Label=ThreatQ ID cn1={$indicator.id}\n\n{else}\nCEF:0|ThreatQuotient|ThreatQ|1.0|19|ThreatQ {$indicator.type} Indicator Add|1|cs1Label=Status cs1={$indicator.status} dst={$indicator.value|replace:$encodeCEF_find:$encodeCEF_replace} msg={$indicator.value|replace:$encodeCEF_find:$encodeCEF_replace} cn1Label=ThreatQ ID cn1={$indicator.id} deviceCustomDate1Label=Export Time deviceCustomDate1={$smarty.now|date_format:'%Y-%m-%d %H:%M:%S'} cs2Label=ThreatQ URL cs2=https://{$http_host}/indicators/{$indicator.id}/details cs3Label=Source Document cs3={foreach $indicator.Sources item=source name=Sources}{$source.value}{if $smarty.foreach.Sources.last == false},{/if}{/foreach}\n\n{/if}\n{/foreach}",
"parameters": "indicator.status=Active&indicator.type=Email Address&indicator.type=Email Attachment&indicator.type=Email Subject&indicator.type=FQDN&indicator.type=IP Address&indicator.type=String&indicator.type=User-agent&indicator.type=URL&indicator.type=URL Path&indicator.type=X-Mailer&indicator.class=network",
"url": "arcsight",
"user_editable": "N",
"enabled": "Y",
"created_at": "2017-04-05 19:59:08",
"updated_at": "2017-04-05 19:59:08"
},
{
"id": 2,
"name": "ArcSight Email Address",
"description": "ArcSight Email Address Description\nEmail Address delete is Type 6",
"delivery_type_id": 1,
"export_data_type_id": 8,
"export_definition": "{assign \"encodeCEF_find\" array('\\\\','|','=','\\\\r','\\\\n')}\n{assign \"encodeCEF_replace\" array('\\\\\\\\','\\\\|','\\\\=','\\\\\\\\r','\\\\\\\\n')}\n{foreach $data as $indicator}\n{if $indicator.deleted eq 'Y'}\nCEF:0|ThreatQuotient|ThreatQ|1.0|6|ThreatQ {$indicator.type} Indicator Remove|1|cs1Label=Status cs1=Disabled dst={$indicator.value|replace:$encodeCEF_find:$encodeCEF_replace} msg=ThreatQ Indicator - {$indicator.value|replace:$encodeCEF_find:$encodeCEF_replace} cn1Label=ThreatQ ID cn1={$indicator.id}\n\n{else}\nCEF:0|ThreatQuotient|ThreatQ|1.0|5|ThreatQ {$indicator.type} Indicator Add|1|cs1Label=Status cs1={$indicator.status} dst={$indicator.value|replace:$encodeCEF_find:$encodeCEF_replace} msg={$indicator.value|replace:$encodeCEF_find:$encodeCEF_replace} cn1Label=ThreatQ ID cn1={$indicator.id} deviceCustomDate1Label=Export Time deviceCustomDate1={$smarty.now|date_format:'%Y-%m-%d %H:%M:%S'} cs2Label=ThreatQ URL cs2=https://{$http_host}/indicators/{$indicator.id}/details cs3Label=Source Document cs3={foreach $indicator.Sources item=source name=Sources}{$source.value}{if $smarty.foreach.Sources.last == false},{/if}{/foreach}\n\n{/if}\n{/foreach}",
"parameters": "indicator.status=Active&indicator.type=Email Address&indicator.class=network",
"url": "arcsightemail",
"user_editable": "N",
"enabled": "Y",
"created_at": "2017-04-05 19:59:08",
"updated_at": "2017-04-05 19:59:08"
}
]
}Response
401Access denied.
Create NewPOST/exporters
Create a new Exporter.
Example URI
POST /exporters
Request
Headers
Content-Type: application/json
Authorization: Bearer <access_token>Body
{
"name": "Exporter Name",
"description": "Exporter Description",
"delivery_type_id": "1",
"export_data_type_id": "1",
"export_definition": "{foreach $data as $indicator} {$indicator.value},{$indicator.type},{$indicator.status}{/foreach}",
"user_editable": "Y",
"enabled": "Y"
}Response
201Object was created successfully.
Headers
Content-Type: application/jsonBody
{
"data": {
"name": "Exporter Name",
"description": "Exporter Description",
"delivery_type_id": "1",
"export_data_type_id": "1",
"export_definition": "{foreach $data as $indicator} {$indicator.value},{$indicator.type},{$indicator.status}{/foreach}",
"user_editable": "Y",
"enabled": "Y",
"url": "2e990a2ba845e306d44b83b8d7955857",
"updated_at": "2017-04-07 17:41:02",
"created_at": "2017-04-07 17:41:02",
"id": 26
}
}Response
400Validation failed.
Headers
Content-Type: application/jsonBody
{
"data": {
"errors": {
"name": [
"The name field is required."
],
"delivery_type_id": [
"The delivery type id field is required."
],
"export_data_type_id": [
"The export data type id field is required."
],
"export_definition": [
"The export definition field is required."
]
}
}
}Response
401Access denied.
Exporter ¶
Get SingleGET/exporters/{exporter_id}{?with}
Get a single Exporter.
Example URI
GET /exporters/1?with=dataType,deliveryType
URI Parameters
- exporter_id
integer(required) Example: 1Exporter ID
- with
string(optional) Example: dataType,deliveryTypeA comma-separated list of related objects to include in the response. Options for this endpoint: dataType, deliveryType, config.
Request
Headers
Authorization: Bearer <access_token>Response
200Object(s) retrieved successfully.
Body
{
"data": {
"id": 26,
"name": "Exporter Name",
"description": "Exporter Description",
"delivery_type_id": 1,
"export_data_type_id": 1,
"export_definition": "{foreach $data as $indicator} {$indicator.value},{$indicator.type},{$indicator.status}{/foreach}",
"parameters": null,
"url": "2e990a2ba845e306d44b83b8d7955857",
"user_editable": "Y",
"enabled": "Y",
"created_at": "2017-04-07 17:41:02",
"updated_at": "2017-04-07 17:41:02"
}
}Response
401Access denied.
Response
404Object not found.
UpdatePUT/exporters/{exporter_id}{?with}
Update an Exporter.
Example URI
PUT /exporters/1?with=dataType,deliveryType
URI Parameters
- exporter_id
integer(required) Example: 1Exporter ID
- with
string(optional) Example: dataType,deliveryTypeA comma-separated list of related objects to include in the response. Options for this endpoint: dataType, deliveryType, config.
Request
Headers
Content-Type: application/json
Authorization: Bearer <access_token>Body
{
"name": "Updated Exporter Name",
"description": "Updated Exporter Description",
"export_data_type_id": "1",
"export_definition": "{foreach $data as $indicator} {$indicator.value},{$indicator.type},{$indicator.status}{/foreach}",
"enabled": "Y",
"parameters": "indicator.status=Active"
}Response
201Object was created successfully.
Headers
Content-Type: application/jsonBody
{
"data": {
"id": 26,
"name": "Updated Exporter Name",
"description": "Updated Exporter Description",
"delivery_type_id": 1,
"export_data_type_id": "2",
"export_definition": "{foreach $data as $indicator} {$indicator.value},{$indicator.type},{$indicator.status}{/foreach}",
"parameters": "indicator.status=Active",
"url": "2e990a2ba845e306d44b83b8d7955857",
"user_editable": "Y",
"enabled": "Y",
"created_at": "2017-04-07 17:41:02",
"updated_at": "2017-04-07 18:20:06"
}
}Response
401Access denied.
Response
404Object not found.
DeleteDELETE/exporters/{exporter_id}
Delete an Exporter.
Example URI
DELETE /exporters/1
URI Parameters
- exporter_id
integer(required) Example: 1Exporter ID
Request
Headers
Authorization: Bearer <access_token>Response
204Object(s) were successfully deleted.
Response
401Access denied.
Response
404Object not found.
Exporter Config List ¶
Get ListGET/exporters/{exporter_id}/config{?limit,offset,sort,with}
Get a list of Exporter Configurations.
Example URI
GET /exporters/1/config?limit=500&offset=100&sort=id&with=exporter
URI Parameters
- exporter_id
integer(required) Example: 1Exporter ID
- limit
integer(optional) Example: 500The maximum number of records to retrieve.
- offset
integer(optional) Example: 100Designate the record that will appear first in your retrieved list.
- sort
string(optional) Example: idDesignate the field(s) you want to use to sort the retrieved list. You can prepend each field with a minus sign (-) to reverse the sorting order. This string can be a list of comma-separated values.
- with
string(optional) Example: exporterA comma-separated list of related objects to include in the response. Options for this endpoint: exporter.
Request
Headers
Authorization: Bearer <access_token>Response
200Object(s) retrieved successfully.
Body
{
"total": 2,
"data": [
{
"id": 1,
"exporter_id": 1,
"name": "ContentType",
"value": "text/plain",
"created_at": "2017-04-05 19:59:08",
"updated_at": "2017-04-05 19:59:08"
},
{
"id": 2,
"exporter_id": 1,
"name": "Token",
"value": "gkqGDs2K3hKHyRp4nRi6ily5fqdGWiG7",
"created_at": "2017-04-05 19:59:08",
"updated_at": "2017-04-05 19:59:08"
}
]
}Response
401Access denied.
Create NewPOST/exporters/{exporter_id}/config
Create a new Exporter Configuration.
Example URI
POST /exporters/1/config
URI Parameters
- exporter_id
integer(required) Example: 1Exporter ID
Request
Headers
Content-Type: application/json
Authorization: Bearer <access_token>Body
{
"name": "Config Name",
"value": "Config Value"
}Response
201Object was created successfully.
Headers
Content-Type: application/jsonBody
{
"data": {
"exporter_id": "1",
"name": "Config Name",
"value": "Config Value",
"updated_at": "2017-04-10 14:52:28",
"created_at": "2017-04-10 14:52:28",
"id": 53
}
}Response
400Validation failed.
Headers
Content-Type: application/jsonBody
{
"data": {
"exporter_id": "1",
"errors": {
"name": [
"The name field is required."
],
"value": [
"The value field is required."
]
}
}
}Response
401Access denied.
Exporter Config ¶
Get SingleGET/exporters/{exporter_id}/config/{exporter_config_id}{?with}
Get a single Exporter Configuration.
Example URI
GET /exporters/1/config/2?with=exporter
URI Parameters
- exporter_id
integer(required) Example: 1Exporter ID
- exporter_config_id
integer(required) Example: 2Exporter Config ID
- with
string(optional) Example: exporterA comma-separated list of related objects to include in the response. Options for this endpoint: exporter.
Request
Headers
Authorization: Bearer <access_token>Response
200Object(s) retrieved successfully.
Body
{
"data": {
"id": 1,
"exporter_id": 1,
"name": "ContentType",
"value": "text/plain",
"created_at": "2017-04-05 19:59:08",
"updated_at": "2017-04-05 19:59:08"
}
}Response
401Access denied.
Response
404Object not found.
UpdatePUT/exporters/{exporter_id}/config/{exporter_config_id}{?with}
Update an Exporter Configuration.
Example URI
PUT /exporters/1/config/2?with=exporter
URI Parameters
- exporter_id
integer(required) Example: 1Exporter ID
- exporter_config_id
integer(required) Example: 2Exporter Config ID
- with
string(optional) Example: exporterA comma-separated list of related objects to include in the response. Options for this endpoint: exporter.
Request
Headers
Content-Type: application/json
Authorization: Bearer <access_token>Body
{
"name": "Updated Config Name",
"value": "Updated Config Value"
}Response
201Object was created successfully.
Headers
Content-Type: application/jsonBody
{
"data": {
"exporter_id": "1",
"name": "Updated Config Name",
"value": "Updated Config Value",
"updated_at": "2017-04-12 18:51:48",
"created_at": "2017-04-10 14:52:28",
"id": 53
}
}Response
401Access denied.
Response
404Object not found.
DeleteDELETE/exporters/{exporter_id}/config/{exporter_config_id}
Delete an Exporter Configuration.
Example URI
DELETE /exporters/1/config/2
URI Parameters
- exporter_id
integer(required) Example: 1Exporter ID
- exporter_config_id
integer(required) Example: 2Exporter Config ID
Request
Headers
Authorization: Bearer <access_token>Response
204Object(s) were successfully deleted.
Response
401Access denied.
Response
404Object not found.
Exporter Config Short List ¶
Get ListGET/exporters/config{?limit,offset,sort,with}
Get a list of Exporter Configurations.
Example URI
GET /exporters/config?limit=500&offset=100&sort=id&with=exporter
URI Parameters
- limit
integer(optional) Example: 500The maximum number of records to retrieve.
- offset
integer(optional) Example: 100Designate the record that will appear first in your retrieved list.
- sort
string(optional) Example: idDesignate the field(s) you want to use to sort the retrieved list. You can prepend each field with a minus sign (-) to reverse the sorting order. This string can be a list of comma-separated values.
- with
string(optional) Example: exporterA comma-separated list of related objects to include in the response. Options for this endpoint: exporter.
Request
Headers
Authorization: Bearer <access_token>Response
200Object(s) retrieved successfully.
Body
{
"total": 53,
"data": [
{
"id": 1,
"exporter_id": 1,
"name": "ContentType",
"value": "text/plain",
"created_at": "2017-04-05 19:59:08",
"updated_at": "2017-04-05 19:59:08"
},
{
"id": 2,
"exporter_id": 1,
"name": "Token",
"value": "gkqGDs2K3hKHyRp4nRi6ily5fqdGWiG7",
"created_at": "2017-04-05 19:59:08",
"updated_at": "2017-04-05 19:59:08"
},
{
"id": 3,
"exporter_id": 2,
"name": "ContentType",
"value": "text/plain",
"created_at": "2017-04-05 19:59:08",
"updated_at": "2017-04-05 19:59:08"
}
]
}Response
401Access denied.
Create NewPOST/exporters/config
Create a new Exporter Configuration.
Example URI
POST /exporters/config
Request
Headers
Content-Type: application/json
Authorization: Bearer <access_token>Body
{
"name": "Config Name",
"value": "Config Value",
"exporter_id": "5"
}Response
201Object was created successfully.
Headers
Content-Type: application/jsonBody
{
"data": {
"exporter_id": "1",
"name": "Config Name",
"value": "Config Value",
"updated_at": "2017-04-10 14:52:28",
"created_at": "2017-04-10 14:52:28",
"id": 53
}
}Response
400Validation failed.
Headers
Content-Type: application/jsonBody
{
"data": {
"errors": {
"exporter_id": [
"The exporter id field is required."
],
"name": [
"The name field is required."
],
"value": [
"The value field is required."
]
}
}
}Response
401Access denied.
Exporter Config Short ¶
Get SingleGET/exporters/config/{exporter_config_id}{?with}
Get a single Exporter Configuration.
Example URI
GET /exporters/config/2?with=exporter
URI Parameters
- exporter_config_id
integer(required) Example: 2Exporter Config ID
- with
string(optional) Example: exporterA comma-separated list of related objects to include in the response. Options for this endpoint: exporter.
Request
Headers
Authorization: Bearer <access_token>Response
200Object(s) retrieved successfully.
Body
{
"data": {
"id": 1,
"exporter_id": 1,
"name": "ContentType",
"value": "text/plain",
"created_at": "2017-04-05 19:59:08",
"updated_at": "2017-04-05 19:59:08"
}
}Response
401Access denied.
Response
404Object not found.
UpdatePUT/exporters/config/{exporter_config_id}{?with}
Update an Exporter Configuration.
Example URI
PUT /exporters/config/2?with=exporter
URI Parameters
- exporter_config_id
integer(required) Example: 2Exporter Config ID
- with
string(optional) Example: exporterA comma-separated list of related objects to include in the response. Options for this endpoint: exporter.
Request
Headers
Content-Type: application/json
Authorization: Bearer <access_token>Body
{
"name": "Updated Config Name",
"value": "Updated Config Value"
}Response
201Object was created successfully.
Headers
Content-Type: application/jsonBody
{
"data": {
"exporter_id": "1",
"name": "Updated Config Name",
"value": "Updated Config Value",
"updated_at": "2017-04-12 18:51:48",
"created_at": "2017-04-10 14:52:28",
"id": 53
}
}Response
401Access denied.
Response
404Object not found.
DeleteDELETE/exporters/config/{exporter_config_id}
Delete an Exporter Configuration.
Example URI
DELETE /exporters/config/2
URI Parameters
- exporter_config_id
integer(required) Example: 2Exporter Config ID
Request
Headers
Authorization: Bearer <access_token>Response
204Object(s) were successfully deleted.
Response
401Access denied.
Response
404Object not found.
Exporter Config Content Types ¶
Exporter Config Content TypesGET/exporters/config/contenttypes
Get a list of Exporter Configuration Content Types.
Example URI
GET /exporters/config/contenttypes
Request
Headers
Authorization: Bearer <access_token>Response
200Object(s) retrieved successfully.
Body
{
"total": 3,
"data": [
{
"name": "ContentType",
"value": "text/plain"
},
{
"name": "ContentType",
"value": "text/json"
},
{
"name": "ContentType",
"value": "text/csv"
}
]
}Response
401Access denied.
Exporter Duplicate ¶
Exporter DuplicateGET/exporters/{exporter_id}/duplicate
Make a duplicate copy of an Export.
Example URI
GET /exporters/1/duplicate
URI Parameters
- exporter_id
integer(required) Example: 1Exporter ID
Request
Headers
Authorization: Bearer <access_token>Response
201Object was created successfully.
Headers
Content-Type: application/jsonBody
{
"data": {
"name": "Exporter Name Copy",
"description": "Exporter Description",
"delivery_type_id": 1,
"export_data_type_id": 1,
"export_definition": "{foreach $data as $indicator} {$indicator.value},{$indicator.type},{$indicator.status}{/foreach}",
"parameters": "indicator.status=Active",
"url": "df9715202db414fe2c3fd7cf8371f96e",
"user_editable": "Y",
"enabled": "N",
"updated_at": "2017-04-07 18:49:41",
"created_at": "2017-04-07 18:49:41",
"id": 28,
"config": []
}
}Response
401Access denied.
Exporter Data Type Field List ¶
Exporter Data Type Field ListGET/exporters/datatypefields{?limit,offset,sort,with}
Get a list of Exporter Data Type Fields.
Example URI
GET /exporters/datatypefields?limit=500&offset=100&sort=id&with=dataType
URI Parameters
- limit
integer(optional) Example: 500The maximum number of records to retrieve.
- offset
integer(optional) Example: 100Designate the record that will appear first in your retrieved list.
- sort
string(optional) Example: idDesignate the field(s) you want to use to sort the retrieved list. You can prepend each field with a minus sign (-) to reverse the sorting order. This string can be a list of comma-separated values.
- with
string(optional) Example: dataTypeA comma-separated list of related objects to include in the response. Options for this endpoint: dataType.
Request
Headers
Authorization: Bearer <access_token>Response
200Object(s) retrieved successfully.
Body
{
"total": 162,
"data": [
{
"id": 1,
"export_data_type_id": 1,
"name": "Adversary Created",
"description": "When the Adversary was created",
"sql_definition": "ADV.created_at",
"sql_column_alias": "created",
"template_definition": "adversary.created",
"created_at": "2017-04-05 19:59:07",
"updated_at": "2017-04-05 19:59:07"
},
{
"id": 2,
"export_data_type_id": 1,
"name": "Adversary Deleted",
"description": "Has the Adversary been deleted?",
"sql_definition": "IF(ADV.deleted_at IS NULL, 'N', 'Y')",
"sql_column_alias": "deleted",
"template_definition": "adversary.deleted",
"created_at": "2017-04-05 19:59:07",
"updated_at": "2017-04-05 19:59:07"
}
]
}Response
401Access denied.
Exporter Data Type Field ¶
Exporter Data Type FieldGET/exporters/datatypefields/{exporter_data_type_field_id}{?with}
Get a single Exporter Data Type Field.
Example URI
GET /exporters/datatypefields/1?with=dataType
URI Parameters
- exporter_data_type_field_id
integer(required) Example: 1Exporter Data Type Field ID
- with
string(optional) Example: dataTypeA comma-separated list of related objects to include in the response. Options for this endpoint: dataType.
Request
Headers
Authorization: Bearer <access_token>Response
200Object(s) retrieved successfully.
Body
{
"data": {
"id": 1,
"name": "Adversaries",
"base_table_definition": "select [fields] from adversaries ADV left join (select substring_index(group_concat(ADVD.value_id order by ADVD.created_at desc), ',', 1) as value_id, ADVD.adversary_id, max(ADVD.created_at) from adversary_descriptions ADVD group by ADVD.adversary_id) ADVD on ADV.id = ADVD.adversary_id left join adversary_description_values ADVDV on ADVD.value_id = ADVDV.id where 1 = 1 [where] group by ADV.id",
"differential_field": "ADV.updated_at",
"created_at": "2017-04-05 19:59:07",
"updated_at": "2017-04-05 19:59:07"
}
}Response
401Access denied.
Response
404Object not found.
Exporter Data Type List ¶
Exporter Data Type ListGET/exporters/datatypes{?limit,offset,sort,with}
Get a list of Exporter Data Types.
Example URI
GET /exporters/datatypes?limit=500&offset=100&sort=id&with=dataTypeFields,exporters
URI Parameters
- limit
integer(optional) Example: 500The maximum number of records to retrieve.
- offset
integer(optional) Example: 100Designate the record that will appear first in your retrieved list.
- sort
string(optional) Example: idDesignate the field(s) you want to use to sort the retrieved list. You can prepend each field with a minus sign (-) to reverse the sorting order. This string can be a list of comma-separated values.
- with
string(optional) Example: dataTypeFields,exportersA comma-separated list of related objects to include in the response. Options for this endpoint: dataTypeFields, exporters.
Request
Headers
Authorization: Bearer <access_token>Response
200Object(s) retrieved successfully.
Body
{
"total": 13,
"data": [
{
"id": 1,
"name": "Adversaries",
"base_table_definition": "select [fields] from adversaries ADV left join (select substring_index(group_concat(ADVD.value_id order by ADVD.created_at desc), ',', 1) as value_id, ADVD.adversary_id, max(ADVD.created_at) from adversary_descriptions ADVD group by ADVD.adversary_id) ADVD on ADV.id = ADVD.adversary_id left join adversary_description_values ADVDV on ADVD.value_id = ADVDV.id where 1 = 1 [where] group by ADV.id",
"differential_field": "ADV.updated_at",
"created_at": "2017-04-05 19:59:07",
"updated_at": "2017-04-05 19:59:07"
},
{
"id": 2,
"name": "AdversariesWithRelated",
"base_table_definition": "select [fields] from adversaries ADV left join (select substring_index(group_concat(ADVD.value_id order by ADVD.created_at desc), ',', 1) as value_id, ADVD.adversary_id, max(ADVD.created_at) from adversary_descriptions ADVD group by ADVD.adversary_id) ADVD on ADV.id = ADVD.adversary_id left join adversary_description_values ADVDV on ADVD.value_id = ADVDV.id left join adversary_sources ADVSO on ADV.id = ADVSO.adversary_id and ADVSO.deleted_at is null left join sources S on ADVSO.source_id = S.id left join adversary_attributes ADVA on ADV.id = ADVA.adversary_id and ADVA.deleted_at is null left join attributes A ON ADVA.attribute_id = A.id left join object_links OL on ((OL.src_type = 'indicator' and OL.dest_type = 'adversary' and ADV.id = OL.dest_object_id) or (OL.dest_type in('adversary', 'event', 'attachment') and OL.src_type = 'adversary' and ADV.id = OL.src_object_id)) and OL.deleted_at is null and OL.dest_deleted <> 'Y' and \tOL.src_deleted <> 'Y' left join indicators I on OL.src_object_id = I.id and OL.src_type = 'indicator' left join adversaries ADVOL on OL.dest_object_id = ADVOL.id and OL.src_type = 'adversary' and OL.dest_type = 'adversary' left join events E on OL.dest_object_id = E.id and OL.dest_type = 'event' left join attachments ATT on OL.dest_object_id = ATT.id and OL.dest_type = 'attachment' where 1 = 1 [where] group by ADV.id",
"differential_field": "ADV.updated_at",
"created_at": "2017-04-05 19:59:07",
"updated_at": "2017-04-05 19:59:07"
}
]
}Response
401Access denied.
Exporter Data Type ¶
Exporter Data TypeGET/exporters/datatypes/{exporter_data_type_id}{?with}
Get a single Exporter Data Type.
Example URI
GET /exporters/datatypes/1?with=dataTypeFields,exporters
URI Parameters
- exporter_data_type_id
integer(required) Example: 1Exporter Data Type ID
- with
string(optional) Example: dataTypeFields,exportersA comma-separated list of related objects to include in the response. Options for this endpoint: dataTypeFields, exporters.
Request
Headers
Authorization: Bearer <access_token>Response
200Object(s) retrieved successfully.
Body
{
"data": {
"id": 1,
"name": "Adversaries",
"base_table_definition": "select [fields] from adversaries ADV left join (select substring_index(group_concat(ADVD.value_id order by ADVD.created_at desc), ',', 1) as value_id, ADVD.adversary_id, max(ADVD.created_at) from adversary_descriptions ADVD group by ADVD.adversary_id) ADVD on ADV.id = ADVD.adversary_id left join adversary_description_values ADVDV on ADVD.value_id = ADVDV.id where 1 = 1 [where] group by ADV.id",
"differential_field": "ADV.updated_at",
"created_at": "2017-04-05 19:59:07",
"updated_at": "2017-04-05 19:59:07"
}
}Response
401Access denied.
Response
404Object not found.
Exporter Delivery Type Config Option List ¶
Exporter Delivery Type Config Option ListGET/exporters/deliverytypes/{exporter_delivery_type_id}/configoptions{?limit,offset,sort,with}
Get a list of Exporter Delivery Type Config Options for an Exporter Delivery Type ID.
Example URI
GET /exporters/deliverytypes/1/configoptions?limit=500&offset=100&sort=id&with=deliveryType
URI Parameters
- exporter_delivery_type_id
integer(required) Example: 1Exporter Delivery Type ID
- limit
integer(optional) Example: 500The maximum number of records to retrieve.
- offset
integer(optional) Example: 100Designate the record that will appear first in your retrieved list.
- sort
string(optional) Example: idDesignate the field(s) you want to use to sort the retrieved list. You can prepend each field with a minus sign (-) to reverse the sorting order. This string can be a list of comma-separated values.
- with
string(optional) Example: deliveryTypeA comma-separated list of related objects to include in the response. Options for this endpoint: deliveryType.
Request
Headers
Authorization: Bearer <access_token>Response
200Object(s) retrieved successfully.
Body
{
"total": 2,
"data": [
{
"id": 1,
"export_delivery_type_id": 1,
"name": "ContentType",
"type": "string:255",
"created_at": "2017-04-05 19:59:08",
"updated_at": "2017-04-05 19:59:08"
},
{
"id": 2,
"export_delivery_type_id": 1,
"name": "token",
"type": "token",
"created_at": "2017-04-05 19:59:08",
"updated_at": "2017-04-05 19:59:08"
}
]
}Response
401Access denied.
Response
404Object not found.
Exporter Delivery Type Config Option ¶
Exporter Delivery Type Config OptionGET/exporters/deliverytypes/configoptions/{export_delivery_type_config_option_id}{?with}
Get a single Exporter Delivery Type Config Option.
Example URI
GET /exporters/deliverytypes/configoptions/1?with=deliveryType
URI Parameters
- export_delivery_type_config_option_id
integer(required) Example: 1Exporter Delivery Type Config Option ID
- with
string(optional) Example: deliveryTypeA comma-separated list of related objects to include in the response. Options for this endpoint: deliveryType.
Request
Headers
Authorization: Bearer <access_token>Response
200Object(s) retrieved successfully.
Body
{
"data": {
"id": 1,
"export_delivery_type_id": 1,
"name": "ContentType",
"type": "string:255",
"created_at": "2017-04-05 19:59:08",
"updated_at": "2017-04-05 19:59:08"
}
}Response
401Access denied.
Response
404Object not found.
Exporter Delivery Type List ¶
Exporter Delivery Type ListGET/exporters/deliverytypes{?limit,offset,sort,with}
Get a list of Exporter Delivery Types.
Example URI
GET /exporters/deliverytypes?limit=500&offset=100&sort=id&with=configOptions,exporters
URI Parameters
- limit
integer(optional) Example: 500The maximum number of records to retrieve.
- offset
integer(optional) Example: 100Designate the record that will appear first in your retrieved list.
- sort
string(optional) Example: idDesignate the field(s) you want to use to sort the retrieved list. You can prepend each field with a minus sign (-) to reverse the sorting order. This string can be a list of comma-separated values.
- with
string(optional) Example: configOptions,exportersA comma-separated list of related objects to include in the response. Options for this endpoint: configOptions, exporters.
Request
Headers
Authorization: Bearer <access_token>Response
200Object(s) retrieved successfully.
Body
{
"total": 1,
"data": [
{
"id": 1,
"name": "HTTP Pull",
"direction": "F",
"created_at": "2017-04-05 19:59:08",
"updated_at": "2017-04-05 19:59:08"
}
]
}Response
401Access denied.
Exporter Delivery Type ¶
Exporter Delivery TypeGET/exporters/deliverytypes/{exporter_delivery_type_id}{?with}
Get a single Exporter Delivery Type.
Example URI
GET /exporters/deliverytypes/1?with=configOptions,exporters
URI Parameters
- exporter_delivery_type_id
integer(required) Example: 1Exporter Delivery Type ID
- with
string(optional) Example: configOptions,exportersA comma-separated list of related objects to include in the response. Options for this endpoint: configOptions, exporters.
Request
Headers
Authorization: Bearer <access_token>Response
200Object(s) retrieved successfully.
Body
{
"data": {
"id": 1,
"name": "HTTP Pull",
"direction": "F",
"created_at": "2017-04-05 19:59:08",
"updated_at": "2017-04-05 19:59:08"
}
}Response
401Access denied.
Response
404Object not found.
File Content Types ¶
File Content Type List ¶
Get ListGET/files/content-types{?limit,offset,sort}
Get a list of File Content Types.
Example URI
GET /files/content-types?limit=500&offset=100&sort=id
URI Parameters
- limit
integer(optional) Example: 500The maximum number of records to retrieve.
- offset
integer(optional) Example: 100Designate the record that will appear first in your retrieved list.
- sort
string(optional) Example: idDesignate the field(s) you want to use to sort the retrieved list. You can prepend each field with a minus sign (-) to reverse the sorting order. This string can be a list of comma-separated values.
Request
Headers
Authorization: Bearer <access_token>Response
200Object(s) retrieved successfully.
Body
{
"total": 2,
"data": [
{
"id": 1,
"name": "application/pdf",
"is_parsable": 1,
"created_at": "2017-04-05 19:59:21",
"updated_at": "2017-04-05 19:59:21"
},
{
"id": 2,
"name": "application/json",
"is_parsable": 1,
"created_at": "2017-04-11 14:56:33",
"updated_at": "2017-04-11 14:56:33"
}
]
}Response
401Access denied.
Create NewPOST/files/content-types
Create a new File Content Type.
Example URI
POST /files/content-types
Request
Headers
Content-Type: application/json
Authorization: Bearer <access_token>Body
{
"name": "application/json",
"is_parsable": "1"
}Response
201Object was created successfully.
Headers
Content-Type: application/jsonBody
{
"data": {
"is_parsable": "1",
"name": "application/json",
"updated_at": "2017-04-11 14:56:33",
"created_at": "2017-04-11 14:56:33",
"id": 2
}
}Response
400Validation failed.
Headers
Content-Type: application/jsonBody
{
"data": {
"is_parsable": 0,
"errors": {
"name": [
"The name field is required."
]
}
}
}Response
401Access denied.
File Content Type ¶
UpdatePUT/files/content-types/{content_type_id}
Update an File Content Type.
Example URI
PUT /files/content-types/1
URI Parameters
- content_type_id
integer(required) Example: 1Content Type ID
Request
Headers
Content-Type: application/json
Authorization: Bearer <access_token>Body
{
"is_parsable": 0
}Response
201Object was created successfully.
Headers
Content-Type: application/jsonBody
{
"data": {
"id": 2,
"name": "application/json",
"is_parsable": 0,
"created_at": "2017-04-11 14:56:33",
"updated_at": "2017-04-11 15:06:05"
}
}Response
401Access denied.
Response
404Object not found.
DeleteDELETE/files/content-types/{content_type_id}
Delete an File Content Type.
Example URI
DELETE /files/content-types/1
URI Parameters
- content_type_id
integer(required) Example: 1Content Type ID
Request
Headers
Authorization: Bearer <access_token>Response
204Object(s) were successfully deleted.
Response
401Access denied.
Response
404Object not found.
Imports ¶
Import List ¶
Get ListGET/imports{?limit,offset,sort,with}
Get a list of pending Imports.
Example URI
GET /imports?limit=500&offset=100&sort=id&with=attributes,indicators
URI Parameters
- limit
integer(optional) Example: 500The maximum number of records to retrieve.
- offset
integer(optional) Example: 100Designate the record that will appear first in your retrieved list.
- sort
string(optional) Example: idDesignate the field(s) you want to use to sort the retrieved list. You can prepend each field with a minus sign (-) to reverse the sorting order. This string can be a list of comma-separated values.
- with
string(optional) Example: attributes,indicatorsA comma-separated list of related objects to include in the response. Options for this endpoint: attributes, indicators, events, objectLinks, source.
Request
Headers
Authorization: Bearer <access_token>Response
200Object(s) retrieved successfully.
Body
{
"total": 1,
"data": [
{
"id": 1,
"original_filename": "import_payload.json",
"file_description": null,
"file_type": 6,
"attachment_id": null,
"import_text": "99.99.99.99\n99.99.99.98\n99.99.99.97\n99.99.99.96\n99.99.99.95",
"import_size": 3507,
"import_type": 6,
"delete_after_import": null,
"import_source": null,
"indicator_global_status": null,
"source_id": 5,
"completed_at": null,
"created_at": "2017-04-12 19:34:00",
"updated_at": "2017-04-12 19:34:00"
}
]
}Response
401Access denied.
Create NewPOST/imports
Create a new Import. Accepts a body of text, a file, or an Attachment ID.
Example URI
POST /imports
Request
Headers
Content-Type: application/json
Authorization: Bearer <access_token>Body
{
"content_type_id": 6,
"normalize": "Y",
"text": "99.99.99.99\n99.99.99.98\n99.99.99.97\n99.99.99.96\n99.99.99.95"
}
OR
{
"content_type_id": 6,
"normalize": "Y",
"attachment_id": 1
}
OR
------WebKitFormBoundaryPPjlkESLx9wSvvvc
Content-Disposition: form-data; name="resumableChunkNumber"
1
------WebKitFormBoundaryPPjlkESLx9wSvvvc
Content-Disposition: form-data; name="resumableChunkSize"
1048576
------WebKitFormBoundaryPPjlkESLx9wSvvvc
Content-Disposition: form-data; name="resumableCurrentChunkSize"
3507
------WebKitFormBoundaryPPjlkESLx9wSvvvc
Content-Disposition: form-data; name="resumableTotalSize"
3507
------WebKitFormBoundaryPPjlkESLx9wSvvvc
Content-Disposition: form-data; name="resumableType"
application/json
------WebKitFormBoundaryPPjlkESLx9wSvvvc
Content-Disposition: form-data; name="resumableIdentifier"
3507-cs_payloads_to_api_doomstone_shortjson
------WebKitFormBoundaryPPjlkESLx9wSvvvc
Content-Disposition: form-data; name="resumableFilename"
cs_payloads_to_api_doomstone_short.json
------WebKitFormBoundaryPPjlkESLx9wSvvvc
Content-Disposition: form-data; name="resumableRelativePath"
cs_payloads_to_api_doomstone_short.json
------WebKitFormBoundaryPPjlkESLx9wSvvvc
Content-Disposition: form-data; name="resumableTotalChunks"
1
------WebKitFormBoundaryPPjlkESLx9wSvvvc
Content-Disposition: form-data; name="content_type_id"
6
------WebKitFormBoundaryPPjlkESLx9wSvvvc
Content-Disposition: form-data; name="normalize"
Y
------WebKitFormBoundaryPPjlkESLx9wSvvvc
Content-Disposition: form-data; name="file"; filename="blob"
Content-Type: application/octet-stream
------WebKitFormBoundaryPPjlkESLx9wSvvvc--Response
200Object(s) retrieved successfully.
Body
{
"data": {
"original_filename": "import_payload.json",
"import_text": "99.99.99.99\n99.99.99.98\n99.99.99.97\n99.99.99.96\n99.99.99.95",
"import_size": 3507,
"source_id": 5,
"import_type": "6",
"file_type": "6",
"updated_at": "2017-04-12 19:34:00",
"created_at": "2017-04-12 19:34:00",
"id": 1
}
}Response
400Validation failed.
Headers
Content-Type: application/jsonBody
{
"errors": {
"file": [
"The file field is required when none of text / attachment id are present."
],
"text": [
"The text field is required when none of file / attachment id are present."
],
"content_type_id": [
"The content type id field is required."
],
"attachment_id": [
"The attachment id field is required when none of file / text are present."
]
}
}Response
401Access denied.
Import ¶
Get SingleGET/imports/{import_id}
Get a single Import.
Example URI
GET /imports/1
URI Parameters
- import_id
integer(required) Example: 1Import ID
Request
Headers
Authorization: Bearer <access_token>Response
200Object(s) retrieved successfully.
Body
{
"data": {
"id": 1,
"original_filename": "import_payload.json",
"file_description": null,
"file_type": 6,
"attachment_id": null,
"import_text": "import_payload.json",
"import_size": 3507,
"import_type": 6,
"delete_after_import": null,
"import_source": null,
"indicator_global_status": null,
"source_id": 5,
"completed_at": null,
"created_at": "2017-04-12 19:34:00",
"updated_at": "2017-04-12 19:34:00",
"attributes": []
}
}Response
401Access denied.
Response
404Object not found.
UpdatePUT/imports/{import_id}
Update an Import.
Example URI
PUT /imports/1
URI Parameters
- import_id
integer(required) Example: 1Import ID
Request
Headers
Content-Type: application/json
Authorization: Bearer <access_token>Body
{
"delete_after_import": 0,
"file_description": null,
"import_source": "Source",
"file_type": 6,
"indicator_global_status": 4,
"apply_attributes": [
{
"name": "IP Address",
"value": "99.99.99.99",
"sources": [
{
"name": "Source",
"tlp": {
"name": "GREEN"
}
}
]
}
]
}Response
201Object was created successfully.
Headers
Content-Type: application/jsonBody
{
"data": {
"id": 1,
"original_filename": "import_payload.json",
"file_description": null,
"file_type": 6,
"attachment_id": null,
"import_text": "99.99.99.99\n99.99.99.98\n99.99.99.97\n99.99.99.96\n99.99.99.95",
"import_size": 3507,
"import_type": 6,
"delete_after_import": 0,
"import_source": "Source",
"indicator_global_status": 4,
"source_id": 5,
"completed_at": null,
"created_at": "2017-04-12 19:34:00",
"updated_at": "2017-04-12 20:11:30"
}
}Response
400Validation failed.
Headers
Content-Type: application/jsonBody
{
"errors": {
"import_source": [
"The import source field is required."
]
}
}Response
401Access denied.
Response
404Object not found.
DeleteDELETE/imports/{import_id}
Delete an Import.
Example URI
DELETE /imports/1
URI Parameters
- import_id
integer(required) Example: 1Import ID
Request
Headers
Authorization: Bearer <access_token>Response
204Object(s) were successfully deleted.
Response
401Access denied.
Response
404Object not found.
Import Commit ¶
Import CommitGET/imports/{import_id}/commit
Commit an Import to the database.
Example URI
GET /imports/1/commit
URI Parameters
- import_id
integer(required) Example: 1Import ID
Request
Headers
Authorization: Bearer <access_token>Response
200Object(s) retrieved successfully.
Body
{
"data": "Import Complete!"
}Response
401Access denied.
Import Events ¶
Import EventsGET/imports/{import_id}/events{?limit,offset,sort,with}
Get a list of Import Events.
Example URI
GET /imports/1/events?limit=500&offset=100&sort=id&with=attributes,type
URI Parameters
- import_id
integer(required) Example: 1Import ID
- limit
integer(optional) Example: 500The maximum number of records to retrieve.
- offset
integer(optional) Example: 100Designate the record that will appear first in your retrieved list.
- sort
string(optional) Example: idDesignate the field(s) you want to use to sort the retrieved list. You can prepend each field with a minus sign (-) to reverse the sorting order. This string can be a list of comma-separated values.
- with
string(optional) Example: attributes,typeA comma-separated list of related objects to include in the response. Options for this endpoint: attributes, type.
Request
Headers
Authorization: Bearer <access_token>Response
200Object(s) retrieved successfully.
Body
{
"total": 2,
"data": [
{
"id": 1,
"import_id": 1,
"title": "Event 1",
"description": "Event Description",
"type_id": 1,
"happened_at": "2017-01-01 12:00:00",
"status_id": 1,
"source": "Source",
"whitelisted": "N",
"duplicate": "N",
"type": {
"id": 1,
"name": "Spearphish",
"user_editable": "N",
"created_at": "2017-04-13 13:28:41",
"updated_at": "2017-04-13 13:28:41"
}
},
{
"id": 2,
"import_id": 1,
"title": "Event 2",
"description": "Event Description",
"type_id": 1,
"happened_at": "2017-01-01 12:00:00",
"status_id": 1,
"source": "Source",
"whitelisted": "N",
"duplicate": "N",
"type": {
"id": 1,
"name": "Spearphish",
"user_editable": "N",
"created_at": "2017-04-13 13:28:41",
"updated_at": "2017-04-13 13:28:41"
}
}
]
}Response
401Access denied.
Import Indicator List ¶
Get ListGET/imports/{import_id}/indicators{?with}
Get a list of Import Indicators.
Example URI
GET /imports/1/indicators?with=attributes,comments
URI Parameters
- import_id
integer(required) Example: 1Import ID
- sort:
id(string, optional) - Designate the field(s) you want to use to sort the retrieved list. You can prepend each field with a minus sign (-) to reverse the sorting order. This string can be a list of comma-separated values.
- sort:
- with
string(optional) Example: attributes,commentsA comma-separated list of related objects to include in the response. Options for this endpoint: attributes, comments, objectLinks.
Request
Headers
Authorization: Bearer <access_token>Response
200Object(s) retrieved successfully.
Body
{
"total": 1131,
"data": [
{
"id": 1,
"import_id": 1,
"value": "Domains@web.com",
"hash": "3194dc6a69077c04d40ef568e396266b",
"type_id": 2,
"status_id": 4,
"source": "Source",
"import_event_id": null,
"whitelisted": "N",
"duplicate": "N",
"duplicate_indicator_id": null,
"created_indicator_id": null,
"parent_import_indicator_hash": null,
"attributes": [],
"comments": []
},
{
"id": 2,
"import_id": 1,
"value": "252850817@qq.com",
"hash": "e7f9b7765657f0b90449f027722d19f0",
"type_id": 2,
"status_id": 4,
"source": "Source",
"import_event_id": null,
"whitelisted": "N",
"duplicate": "N",
"duplicate_indicator_id": null,
"created_indicator_id": null,
"parent_import_indicator_hash": null,
"attributes": [],
"comments": []
},
...
]
}Response
401Access denied.
Create NewPOST/imports/{import_id}/indicators
Create a new Import Indicator.
Example URI
POST /imports/1/indicators
URI Parameters
- import_id
integer(required) Example: 1Import ID
Request
Headers
Content-Type: application/json
Authorization: Bearer <access_token>Body
{
"value": "99.99.99.97",
"type_id": "10",
"source": {
"name": "Adversary source",
"tlp": {
"name": "WHITE"
}
},
"whitelisted": "N"
}Response
200Object(s) retrieved successfully.
Body
{
"data": [
{
"value": "99.99.99.97",
"hash": "7e7709c4d4f1643c3de70c461b4d1453",
"type_id": 10,
"status_id": 4,
"source": "Source",
"whitelisted": "N",
"import_id": 1,
"id": 1133,
"type": {
"id": 10,
"name": "IP Address",
"class": "network",
"score": null,
"wildcard_matching": "N",
"created_at": "2017-04-13 16:28:54",
"updated_at": "2017-04-13 16:28:54"
}
}
]
}Response
400Validation failed.
Headers
Content-Type: application/jsonBody
{
"data": {
"errors": {
"value": [
"The value field is required."
]
}
}
}Response
401Access denied.
Import Indicator ¶
UpdatePUT/imports/{import_id}/indicators/{import_indicator_id}
Update an Import Indicator.
Example URI
PUT /imports/1/indicators/2
URI Parameters
- import_id
integer(required) Example: 1Import ID
- import_indicator_id
integer(required) Example: 2Import Indicator ID
Request
Headers
Content-Type: application/json
Authorization: Bearer <access_token>Body
{
"value": "99.99.99.96",
"type_id": "10",
"status_id": "2",
"source": {
"name": "Adversary source",
"tlp": {
"name": "GREEN"
}
},
"whitelisted": "Y"
}Response
200Object(s) retrieved successfully.
Body
{
"data": {
"id": 1133,
"import_id": 1,
"value": "99.99.99.96",
"hash": "3f560465e1b9a5e1fee97b2fbf45de16",
"type_id": 10,
"status_id": 2,
"source": "New Source",
"import_event_id": null,
"whitelisted": "Y",
"duplicate": "N",
"duplicate_indicator_id": null,
"created_indicator_id": null,
"parent_import_indicator_hash": null,
"type": {
"id": 10,
"name": "IP Address",
"class": "network",
"score": null,
"wildcard_matching": "N",
"created_at": "2017-04-13 16:28:54",
"updated_at": "2017-04-13 16:28:54"
}
}
}Response
401Access denied.
Response
404Object not found.
DeleteDELETE/imports/{import_id}/indicators/{import_indicator_id}
Delete an Import Indicator.
Example URI
DELETE /imports/1/indicators/2
URI Parameters
- import_id
integer(required) Example: 1Import ID
- import_indicator_id
integer(required) Example: 2Import Indicator ID
Request
Headers
Authorization: Bearer <access_token>Response
204Object(s) were successfully deleted.
Response
401Access denied.
Response
404Object not found.
Import Indicator Bulk Delete ¶
Import Indicator Bulk DeleteDELETE/imports/{import_id}/indicators
Delete all Import Indicators.
Example URI
DELETE /imports/1/indicators
URI Parameters
- import_id
integer(required) Example: 1Import ID
Request
Headers
Authorization: Bearer <access_token>Response
204Object(s) were successfully deleted.
Response
401Access denied.
Response
404Object not found.
Import Indicator Attribute List ¶
Get ListGET/imports/{import_id}/indicators/{import_indicator_id}/attributes{?limit,offset,sort}
Get a list of Import Indicator Attributes.
Example URI
GET /imports/1/indicators/2/attributes?limit=500&offset=100&sort=id
URI Parameters
- import_id
integer(required) Example: 1Import ID
- import_indicator_id
integer(required) Example: 2Import Indicator ID
- limit
integer(optional) Example: 500The maximum number of records to retrieve.
- offset
integer(optional) Example: 100Designate the record that will appear first in your retrieved list.
- sort
string(optional) Example: idDesignate the field(s) you want to use to sort the retrieved list. You can prepend each field with a minus sign (-) to reverse the sorting order. This string can be a list of comma-separated values.
Request
Headers
Authorization: Bearer <access_token>Response
200Object(s) retrieved successfully.
Body
{
"total": 2,
"data": [
{
"id": 1,
"import_indicator_id": 178,
"name": "Scheme",
"value": "http",
"source": null
},
{
"id": 266,
"import_indicator_id": 178,
"name": "Attribute Name",
"value": "Attribute Value",
"source": "Source"
}
]
}Response
401Access denied.
Create NewPOST/imports/{import_id}/indicators/{import_indicator_id}/attributes
Create a new Import Indicator Attribute.
Example URI
POST /imports/1/indicators/2/attributes
URI Parameters
- import_id
integer(required) Example: 1Import ID
- import_indicator_id
integer(required) Example: 2Import Indicator ID
Request
Headers
Content-Type: application/json
Authorization: Bearer <access_token>Body
{
"name": "Attribute Name",
"value": "Attribute Value",
"source": {
"name": "Source",
"tlp": {
"name": "RED"
}
}
}Response
200Object(s) retrieved successfully.
Body
{
"data": {
"name": "Attribute Name",
"value": "Attribute Value",
"source": "Source",
"import_indicator_id": 178,
"id": 266
}
}Response
400Validation failed.
Headers
Content-Type: application/jsonBody
{
"data": {
"errors": {
"name": [
"The name field is required."
],
"value": [
"The value field is required."
]
}
}
}Response
401Access denied.
Import Indicator Attribute Delete ¶
Import Indicator Attribute DeleteDELETE/imports/{import_id}/indicators/{import_indicator_id}/attributes/{import_indicator_attribute_id}
Delete an Import Indicator Attribute.
Example URI
DELETE /imports/1/indicators/2/attributes/3
URI Parameters
- import_id
integer(required) Example: 1Import ID
- import_indicator_id
integer(required) Example: 2Import Indicator ID
- import_indicator_attribute_id
integer(required) Example: 3Import Indicator Attribute ID
Request
Headers
Authorization: Bearer <access_token>Response
204Object(s) were successfully deleted.
Response
401Access denied.
Response
404Object not found.
Import Indicator Comment Delete ¶
Import Indicator Comment DeleteDELETE/imports/{import_id}/indicators/{import_indicator_id}/comments/{import_indicator_comment_id}
Delete an Import Indicator Comment.
Example URI
DELETE /imports/1/indicators/2/comments/3
URI Parameters
- import_id
integer(required) Example: 1Import ID
- import_indicator_id
integer(required) Example: 2Import Indicator ID
- import_indicator_comment_id
integer(required) Example: 3Import Indicator Comment ID
Request
Headers
Authorization: Bearer <access_token>Response
204Object(s) were successfully deleted.
Response
401Access denied.
Response
404Object not found.
Import Indicator ObjectLink Bulk Store ¶
Import Indicator ObjectLink Bulk StorePOST/imports/{import_id}/indicators/objectlinks
Create a new Import Indicator ObjectLink.
Example URI
POST /imports/1/indicators/objectlinks
URI Parameters
- import_id
integer(required) Example: 1Import ID
Request
Headers
Content-Type: application/json
Authorization: Bearer <access_token>Body
{
"indicator_ids": [
1,
3
],
"relations": {
"adversaries": [],
"events": [],
"attachments": [],
"indicators": [
{
"id": 3257,
"value": "37.135.247.104"
},
{
"id": 1,
"value": "37.139.40.0/21"
}
],
"signatures": []
}
}Response
201Object was created successfully.
Headers
Content-Type: application/jsonBody
{
"data": [
{
"dest_type": "indicator",
"dest_id": 3257,
"import_id": 1,
"src_type": "import_indicator",
"import_src_id": 1,
"id": 2,
"indicator": {
"id": 3257,
"type_id": 10,
"status_id": 1,
"class": "network",
"hash": "012d89a4aad7843dd425d2da7ca4c0c9",
"value": "37.135.247.104",
"last_detected_at": "1984-11-01 04:21:39",
"expires_at": null,
"expired_at": null,
"expires_calculated_at": null,
"created_at": "2017-04-13 16:29:55",
"updated_at": "2017-04-13 16:29:55",
"touched_at": "2017-04-13 16:33:50"
}
},
{
"dest_type": "indicator",
"dest_id": 1,
"import_id": 1,
"src_type": "import_indicator",
"import_src_id": 1,
"id": 3,
"indicator": {
"id": 1,
"type_id": 1,
"status_id": 5,
"class": "network",
"hash": "4aba5ab07a3bda558d5d725a09d93ba6",
"value": "37.139.40.0/21",
"last_detected_at": "2005-01-25 19:07:44",
"expires_at": null,
"expired_at": null,
"expires_calculated_at": null,
"created_at": "2017-04-13 16:29:28",
"updated_at": "2017-04-13 16:29:28",
"touched_at": "2017-04-13 16:33:46"
}
},
{
"dest_type": "indicator",
"dest_id": 3257,
"import_id": 1,
"src_type": "import_indicator",
"import_src_id": 3,
"id": 4,
"indicator": {
"id": 3257,
"type_id": 10,
"status_id": 1,
"class": "network",
"hash": "012d89a4aad7843dd425d2da7ca4c0c9",
"value": "37.135.247.104",
"last_detected_at": "1984-11-01 04:21:39",
"expires_at": null,
"expired_at": null,
"expires_calculated_at": null,
"created_at": "2017-04-13 16:29:55",
"updated_at": "2017-04-13 16:29:55",
"touched_at": "2017-04-13 16:33:50"
}
},
{
"dest_type": "indicator",
"dest_id": 1,
"import_id": 1,
"src_type": "import_indicator",
"import_src_id": 3,
"id": 5,
"indicator": {
"id": 1,
"type_id": 1,
"status_id": 5,
"class": "network",
"hash": "4aba5ab07a3bda558d5d725a09d93ba6",
"value": "37.139.40.0/21",
"last_detected_at": "2005-01-25 19:07:44",
"expires_at": null,
"expired_at": null,
"expires_calculated_at": null,
"created_at": "2017-04-13 16:29:28",
"updated_at": "2017-04-13 16:29:28",
"touched_at": "2017-04-13 16:33:46"
}
}
]
}Response
401Access denied.
Response
404Object not found.
Import Indicator ObjectLink Delete ¶
Import Indicator ObjectLink DeleteDELETE/imports/{import_id}/indicators/{import_indicator_id}/objectlinks/{import_object_link_id}
Delete an Import Indicator ObjectLink.
Example URI
DELETE /imports/1/indicators/2/objectlinks/3
URI Parameters
- import_id
integer(required) Example: 1Import ID
- import_indicator_id
integer(required) Example: 2Import Indicator ID
- import_object_link_id
integer(required) Example: 3Import ObjectLink ID
Request
Headers
Authorization: Bearer <access_token>Response
204Object(s) were successfully deleted.
Response
401Access denied.
Response
404Object not found.
Import Indicator ObjectLink Attributes ¶
UpdatePUT/imports/{import_id}/indicators/{import_indicator_id}/objectlinks/{import_object_link_id}/attributes/{import_object_link_attribute_id}
Update an Import Indicator ObjectLink Attribute.
Example URI
PUT /imports/1/indicators/2/objectlinks/3/attributes/4
URI Parameters
- import_id
integer(required) Example: 1Import ID
- import_indicator_id
integer(required) Example: 2Import Indicator ID
- import_object_link_id
integer(required) Example: 3Import ObjectLink ID
- import_object_link_attribute_id
integer(required) Example: 4Import ObjectLink Attribute ID
Request
Headers
Content-Type: application/json
Authorization: Bearer <access_token>Body
{
"name": "Updated Attribute Name",
"value": "Updated Attribute Value"
}Response
201Object was created successfully.
Headers
Content-Type: application/jsonBody
{
"data": {
"id": 1,
"import_id": 1,
"object_link_id": 1,
"name": "Updated Attribute Name",
"value": "Updated Attribute Value"
}
}Response
401Access denied.
Response
404Object not found.
DeleteDELETE/imports/{import_id}/indicators/{import_indicator_id}/objectlinks/{import_object_link_id}/attributes/{import_object_link_attribute_id}
Delete an Import Indicator ObjectLink Attribute.
Example URI
DELETE /imports/1/indicators/2/objectlinks/3/attributes/4
URI Parameters
- import_id
integer(required) Example: 1Import ID
- import_indicator_id
integer(required) Example: 2Import Indicator ID
- import_object_link_id
integer(required) Example: 3Import ObjectLink ID
- import_object_link_attribute_id
integer(required) Example: 4Import ObjectLink Attribute ID
Request
Headers
Authorization: Bearer <access_token>Response
204Object(s) were successfully deleted.
Response
401Access denied.
Response
404Object not found.
Import Indicator ObjectLink Comments ¶
UpdatePUT/imports/{import_id}/indicators/{import_indicator_id}/objectlinks/{import_object_link_id}/comments/{import_object_link_comment_id}
Update an Import Indicator ObjectLink Comment.
Example URI
PUT /imports/1/indicators/2/objectlinks/3/comments/4
URI Parameters
- import_id
integer(required) Example: 1Import ID
- import_indicator_id
integer(required) Example: 2Import Indicator ID
- import_object_link_id
integer(required) Example: 3Import ObjectLink ID
- import_object_link_comment_id
integer(required) Example: 4Import ObjectLink Comment ID
Request
Headers
Content-Type: application/json
Authorization: Bearer <access_token>Body
{
"value": "This is an updated comment."
}Response
201Object was created successfully.
Headers
Content-Type: application/jsonBody
{
"data": {
"id": 1,
"import_id": 1,
"object_link_id": 1,
"value": "This is an updated comment."
}
}Response
401Access denied.
Response
404Object not found.
DeleteDELETE/imports/{import_id}/indicators/{import_indicator_id}/objectlinks/{import_object_link_id}/comments/{import_object_link_comment_id}
Delete an Import Indicator ObjectLink Comment.
Example URI
DELETE /imports/1/indicators/2/objectlinks/3/comments/4
URI Parameters
- import_id
integer(required) Example: 1Import ID
- import_indicator_id
integer(required) Example: 2Import Indicator ID
- import_object_link_id
integer(required) Example: 3Import ObjectLink ID
- import_object_link_comment_id
integer(required) Example: 4Import ObjectLink Comment ID
Request
Headers
Authorization: Bearer <access_token>Response
204Object(s) were successfully deleted.
Response
401Access denied.
Response
404Object not found.
Indicators ¶
Indicator List ¶
Get ListGET/indicators{?limit,offset,sort,with}
Get a list of Indicators.
Example URI
GET /indicators?limit=500&offset=100&sort=id&with=adversaries,attachments
URI Parameters
- limit
integer(optional) Example: 500The maximum number of records to retrieve.
- offset
integer(optional) Example: 100Designate the record that will appear first in your retrieved list.
- sort
string(optional) Example: idDesignate the field(s) you want to use to sort the retrieved list. You can prepend each field with a minus sign (-) to reverse the sorting order. This string can be a list of comma-separated values.
- with
string(optional) Example: adversaries,attachmentsA comma-separated list of related objects to include in the response. Options for this endpoint: adversaries, attachments, attributes, comments, events, indicators, score, signatures, sources, status, tags, type, watchlist.
Request
Headers
Authorization: Bearer <access_token>Response
200Object(s) retrieved successfully.
Body
{
"total": 7481,
"data": [
{
"id": 1,
"type_id": 1,
"status_id": 1,
"class": "network",
"hash": "4aba5ab07a3bda558d5d725a09d93ba6",
"value": "37.139.40.0/21",
"last_detected_at": "2016-06-03 12:41:02",
"expires_at": null,
"expired_at": null,
"expires_calculated_at": null,
"created_at": "2017-04-14 13:36:31",
"updated_at": "2017-04-14 13:36:31",
"touched_at": "2017-04-14 13:48:31"
},
{
"id": 2,
"type_id": 1,
"status_id": 2,
"class": "network",
"hash": "0c7ec33474db30aa8f160840768a7adc",
"value": "62.76.40.0/21",
"last_detected_at": "2008-11-08 12:55:25",
"expires_at": null,
"expired_at": "2017-04-14 13:36:31",
"expires_calculated_at": null,
"created_at": "2017-04-14 13:36:31",
"updated_at": "2017-04-14 13:36:31",
"touched_at": "2017-04-14 13:48:31"
},
{
"id": 3,
"type_id": 1,
"status_id": 3,
"class": "network",
"hash": "a163b0d14775955cb9a1a81fa9e291ce",
"value": "62.76.176.0/22",
"last_detected_at": "2002-04-09 23:40:05",
"expires_at": null,
"expired_at": null,
"expires_calculated_at": null,
"created_at": "2017-04-14 13:36:31",
"updated_at": "2017-04-14 13:36:31",
"touched_at": "2017-04-14 13:48:31"
}
]
}Response
401Access denied.
Create NewPOST/indicators
Create a new Indicator.
Example URI
POST /indicators
Request
Headers
Content-Type: application/json
Authorization: Bearer <access_token>Body
[
{
"class": "network",
"value": "115.47.67.155",
"type_id": "10",
"status_id": 2,
"sources": [
{
"name": "Source",
"tlp": {
"name": "GREEN"
},
"published_at": "2016-07-18 02:00:00"
}
],
"attributes": [
{
"name": "Confidence",
"value": "High",
"sources": [
{
"name": "Source",
"tlp": {
"name": "GREEN"
},
"published_at": "2016-07-18 02:00:00"
}
]
},
{
"name": "Port",
"value": "4000"
},
{
"name": "Scheme",
"value": "https"
}
]
}
]Response
201Object was created successfully.
Headers
Content-Type: application/jsonBody
{
"total": 1,
"data": [
{
"id": 7908,
"type_id": 10,
"status_id": 2,
"class": "network",
"hash": "f9ebf8ab2aa46929ff3bb6136d255173",
"value": "115.47.67.155",
"last_detected_at": null,
"expires_at": null,
"expired_at": null,
"expires_calculated_at": null,
"created_at": "2017-04-14 19:05:47",
"updated_at": "2017-04-14 19:05:47",
"touched_at": "2017-04-14 19:05:47",
"existing": "N",
"type": {
"id": 10,
"name": "IP Address",
"class": "network",
"score": null,
"wildcard_matching": "N",
"created_at": "2017-04-14 19:01:07",
"updated_at": "2017-04-14 19:01:07"
},
"sources": [
{
"type": "other_sources",
"name": "Source",
"updated_at": "2017-04-14 19:05:47",
"created_at": "2017-04-14 19:05:47",
"id": 10
}
],
"attributes": [
{
"value": "High",
"indicator_id": 7908,
"id": 41255,
"attribute_id": 13,
"created_at": "2017-04-14 19:05:47",
"updated_at": "2017-04-14 19:05:47",
"name": "Confidence",
"attribute": {
"id": 13,
"name": "Confidence",
"created_at": "2017-04-07 19:04:42",
"updated_at": "2017-03-29 19:03:42"
},
"sources": [
{
"id": 10,
"type": "other_sources",
"name": "Source",
"expire_days": null,
"score": null,
"created_at": "2017-04-14 19:05:47",
"updated_at": "2017-04-14 19:05:47"
}
]
},
{
"value": "4000",
"indicator_id": 7908,
"id": 41256,
"attribute_id": 66,
"created_at": "2017-04-14 19:05:48",
"updated_at": "2017-04-14 19:05:48",
"name": "Port",
"attribute": {
"id": 66,
"name": "Port",
"created_at": "2017-03-31 19:03:42",
"updated_at": "2017-04-04 19:04:42"
}
},
{
"value": "https",
"indicator_id": 7908,
"id": 41257,
"attribute_id": 254,
"created_at": "2017-04-14 19:05:48",
"updated_at": "2017-04-14 19:05:48",
"name": "Scheme",
"attribute": {
"id": 254,
"name": "Scheme",
"created_at": "2017-04-14 19:05:48",
"updated_at": "2017-04-14 19:05:48"
}
}
]
}
]
}Response
400Validation failed.
Headers
Content-Type: application/jsonBody
{
"data": {
"errors": {
"type_id": [
"The type id field is required."
],
"status_id": [
"The status id field is required."
],
"class": [
"Class not provided or could not be inferred from type."
],
"value": [
"The value field is required."
]
}
}
}Response
401Access denied.
Indicator ¶
Get SingleGET/indicators/{indicator_id}{?with}
Get a single Indicator.
Example URI
GET /indicators/1?with=adversaries,attachments
URI Parameters
- indicator_id
integer(required) Example: 1Indicator ID
- with
string(optional) Example: adversaries,attachmentsA comma-separated list of related objects to include in the response. Options for this endpoint: adversaries, attachments, attributes, comments, events, indicators, score, signatures, sources, status, tags, type, watchlist.
Request
Headers
Authorization: Bearer <access_token>Response
200Object(s) retrieved successfully.
Body
{
"data": {
"id": 1,
"type_id": 1,
"status_id": 1,
"class": "network",
"hash": "4aba5ab07a3bda558d5d725a09d93ba6",
"value": "37.139.40.0/21",
"last_detected_at": "2016-06-03 12:41:02",
"expires_at": null,
"expired_at": null,
"expires_calculated_at": null,
"created_at": "2017-04-14 13:36:31",
"updated_at": "2017-04-14 13:36:31",
"touched_at": "2017-04-14 13:48:31"
}
}Response
401Access denied.
Response
404Object not found.
UpdatePUT/indicators/{indicator_id}{?with}
Update an Indicator.
Example URI
PUT /indicators/1?with=adversaries,attachments
URI Parameters
- indicator_id
integer(required) Example: 1Indicator ID
- with
string(optional) Example: adversaries,attachmentsA comma-separated list of related objects to include in the response. Options for this endpoint: adversaries, attachments, attributes, comments, events, indicators, score, signatures, sources, status, tags, type, watchlist.
Request
Headers
Content-Type: application/json
Authorization: Bearer <access_token>Body
{
"value": "115.47.67.154",
"status_id": 2,
"sources": [
{
"name": "Another Source",
"tlp": {
"name": "GREEN"
},
"published_at": "2016-07-18 02:00:00"
}
],
"attributes": [
{
"name": "Another Attribute",
"value": "Another Attribute Value",
"sources": [
{
"name": "Another Source",
"tlp": {
"name": "GREEN"
},
"published_at": "2016-07-18 02:00:00"
}
]
}
]
}Response
201Object was created successfully.
Headers
Content-Type: application/jsonBody
{
"data": {
"id": 7908,
"type_id": 10,
"status_id": 2,
"class": "network",
"hash": "67b2be742b2e5153effd488b78f22994",
"value": "115.47.67.154",
"last_detected_at": null,
"expires_at": null,
"expired_at": null,
"expires_calculated_at": null,
"created_at": "2017-04-14 18:45:24",
"updated_at": "2017-04-14 18:48:56",
"touched_at": "2017-04-14 18:45:24",
"sources": [
{
"type": "other_sources",
"name": "Another Source",
"updated_at": "2017-04-14 18:48:56",
"created_at": "2017-04-14 18:48:56",
"id": 11
}
],
"attributes": [
{
"value": "Another Attribute Value",
"indicator_id": 7908,
"id": 40902,
"attribute_id": 255,
"created_at": "2017-04-14 18:48:57",
"updated_at": "2017-04-14 18:48:57",
"name": "Another Attribute",
"attribute": {
"id": 255,
"name": "Another Attribute",
"created_at": "2017-04-14 18:48:57",
"updated_at": "2017-04-14 18:48:57"
},
"sources": [
{
"id": 11,
"type": "other_sources",
"name": "Another Source",
"expire_days": null,
"score": null,
"created_at": "2017-04-14 18:48:56",
"updated_at": "2017-04-14 18:48:56"
}
]
}
]
}
}Response
401Access denied.
Response
404Object not found.
DeleteDELETE/indicators/{indicator_id}
Delete an Indicator.
Example URI
DELETE /indicators/1
URI Parameters
- indicator_id
integer(required) Example: 1Indicator ID
Request
Headers
Authorization: Bearer <access_token>Response
204Object(s) were successfully deleted.
Response
401Access denied.
Response
404Object not found.
Indicator Adversaries List ¶
Get ListGET/indicators/{indicator_id}/adversaries{?limit,offset,sort,with}
Get a list of Indicator Adversary links.
Example URI
GET /indicators/1/adversaries?limit=500&offset=100&sort=id&with=sources,pivot.attributes
URI Parameters
- indicator_id
integer(required) Example: 1Indicator ID
- limit
integer(optional) Example: 500The maximum number of records to retrieve.
- offset
integer(optional) Example: 100Designate the record that will appear first in your retrieved list.
- sort
string(optional) Example: idDesignate the field(s) you want to use to sort the retrieved list. You can prepend each field with a minus sign (-) to reverse the sorting order. This string can be a list of comma-separated values.
- with
string(optional) Example: sources,pivot.attributesA comma-separated list of related objects to include in the response. Options for this endpoint: pivot.comments, pivot.comments.sources, pivot.attributes, pivot.attributes.attribute, pivot.attributes.sources, pivot.sources, sources.
Request
Headers
Authorization: Bearer <access_token>Response
200Object(s) retrieved successfully.
Body
{
"total": 2,
"data": [
{
"id": 2,
"name": "AMOROUS PANDA",
"created_at": "2018-03-24 03:49:31",
"updated_at": "2018-03-24 03:49:31",
"touched_at": "2018-04-02 16:16:38",
"deleted_at": null,
"sources": [
{
"name": "Customer Observer"
}
],
"pivot": {
"id": 62324,
"src_type": "adversary",
"src_object_id": 1,
"dest_type": "adversary",
"dest_object_id": 2,
"created_at": "2018-04-02 16:16:38",
"updated_at": "2018-04-02 16:16:38",
"comments": [
{
"id": 54,
"type": "users",
"value": "This link is important.",
"source": "Threat Quotient",
"created_at": "2018-04-02 16:19:51.184000",
"updated_at": "2018-04-02 16:23:40.426000",
"creator_source_id": 8
}
],
"attributes": [
{
"id": 15066,
"name": "Industry",
"value": "Hospitals",
"sources": [
{
"id": 2,
"name": "Threat Quotient",
"type": "users",
"pivot": {
"created_at": "2018-04-02 16:17:00.689000",
"updated_at": "2018-04-02 16:17:00.689000"
}
}
]
}
],
"sources": [
{
"id": 24424,
"name": "Threat Quotient",
"type": "users",
"pivot": {
"created_at": "2018-04-02 16:16:38.663000",
"updated_at": "2018-04-02 16:16:38.663000"
}
}
]
}
},
{
"id": 3,
"name": "ANCHOR PANDA",
"created_at": "2018-01-08 23:05:37",
"updated_at": "2018-01-08 23:05:37",
"touched_at": "2018-04-02 16:17:00",
"deleted_at": null,
"sources": [
{
"name": "ThreatQ Front End"
},
{
"name": "Domain Tools"
}
],
"pivot": {
"id": 62325,
"src_type": "adversary",
"src_object_id": 1,
"dest_type": "adversary",
"dest_object_id": 3,
"created_at": "2018-04-02 16:17:00",
"updated_at": "2018-04-02 16:17:00",
"comments": [
{
"id": 56,
"type": "users",
"value": "This link is also important.",
"source": "Threat Quotient",
"created_at": "2018-04-02 16:20:25.327000",
"updated_at": "2018-04-02 16:20:25.327000",
"creator_source_id": 8
}
],
"attributes": [
{
"id": 15065,
"name": "Industry",
"value": "Universities",
"sources": [
{
"id": 1,
"name": "Threat Quotient",
"type": "users",
"pivot": {
"created_at": "2018-04-02 16:17:00.689000",
"updated_at": "2018-04-02 16:17:00.689000"
}
}
]
}
],
"sources": [
{
"id": 24426,
"name": "Threat Quotient",
"type": "users",
"pivot": {
"created_at": "2018-04-02 16:17:00.689000",
"updated_at": "2018-04-02 16:17:00.689000"
}
}
]
}
}
],
"limit": 100,
"offset": 0
}Response
401Access denied.
Create NewPOST/indicators/{indicator_id}/adversaries
Create a link from an Adversary to an Indicator.
Example URI
POST /indicators/1/adversaries
URI Parameters
- indicator_id
integer(required) Example: 1Indicator ID
Request
Headers
Content-Type: application/json
Authorization: Bearer <access_token>Body
[
{
"id": 2
},
{
"id": 3
}
]Response
201Object was created successfully.
Headers
Content-Type: application/jsonBody
{
"total": 2,
"data": [
{
"id": 2,
"name": "AMOROUS PANDA",
"created_at": "2017-03-06 14:05:24",
"updated_at": "2017-03-06 14:05:24",
"touched_at": "2017-03-10 19:25:48",
"pivot": {
"id": 62141,
"created_at": "2017-03-10 19:25:48",
"updated_at": "2017-03-10 19:25:48"
}
},
{
"id": 3,
"name": "ANCHOR PANDA",
"created_at": "2016-12-27 13:45:12",
"updated_at": "2016-12-27 13:45:12",
"touched_at": "2017-03-10 19:25:48",
"pivot": {
"id": 62142,
"created_at": "2017-03-10 19:25:48",
"updated_at": "2017-03-10 19:25:48"
}
}
]
}Response
400Validation failed.
Headers
Content-Type: application/jsonBody
{
"data": [
{
"errors": {
"id": [
"The id field is required."
]
}
}
]
}Response
401Access denied.
Bulk DeleteDELETE/indicators/{indicator_id}/adversaries
Delete multiple Indicator Adversary links. The request should include a list of object_link_ids to be deleted.
Example URI
DELETE /indicators/1/adversaries
URI Parameters
- indicator_id
integer(required) Example: 1Indicator ID
Request
Headers
Content-Type: application/json
Authorization: Bearer <access_token>Body
[
62351,
62352
]Response
204Object(s) were successfully deleted.
Response
401Access denied.
Indicator Adversary ¶
Get SingleGET/indicators/{indicator_id}/adversaries/{object_link_id}{?with}
Get a single Indicator Adversary link.
Example URI
GET /indicators/1/adversaries/2?with=sources,pivot.attributes
URI Parameters
- indicator_id
integer(required) Example: 1Indicator ID
- object_link_id
integer(required) Example: 2Object Link ID
- with
string(optional) Example: sources,pivot.attributesA comma-separated list of related objects to include in the response. Options for this endpoint: pivot.comments, pivot.comments.sources, pivot.attributes, pivot.attributes.attribute, pivot.attributes.sources, pivot.sources, sources.
Request
Headers
Authorization: Bearer <access_token>Response
200Object(s) retrieved successfully.
Body
{
"data": {
"id": 1,
"name": "Advanced Pawn",
"created_at": "2018-01-18 22:47:52",
"updated_at": "2018-01-18 22:47:52",
"touched_at": "2018-04-02 16:17:00",
"pivot": {
"id": 62324,
"created_at": "2018-04-02 16:16:38",
"updated_at": "2018-04-02 16:16:38",
"comments": [
{
"id": 54,
"object_link_id": 62324,
"value": "This link is important.",
"creator_source_id": 8,
"created_at": "2018-04-02 16:19:51",
"updated_at": "2018-04-02 16:23:40",
"sources": [
{
"id": 8,
"type": "users",
"name": "Threat Quotient",
"expire_days": null,
"score": null,
"created_at": "2018-04-02 15:47:21",
"updated_at": "2018-04-02 15:47:21",
"pivot": {
"id": 54,
"creator_source_id": 8
}
}
]
}
],
"attributes": [
{
"id": 15066,
"object_link_id": 62324,
"attribute_id": 136,
"value": "Hospitals",
"created_at": "2018-04-02 16:25:47",
"updated_at": "2018-04-02 16:25:47",
"name": "Industry",
"attribute": {
"id": 136,
"name": "Industry",
"created_at": "2018-04-02 16:25:21",
"updated_at": "2018-04-02 16:25:21"
},
"sources": [
{
"id": 8,
"type": "users",
"name": "Threat Quotient",
"tlp_id": null,
"created_at": "2018-04-02 16:17:00",
"updated_at": "2018-04-02 16:17:00",
"published_at": null,
"pivot": {
"object_link_attribute_id": 15066,
"source_id": 8,
"id": 2,
"creator_source_id": 0
}
}
]
}
],
"sources": [
{
"id": 8,
"type": "users",
"name": "Threat Quotient",
"tlp_id": null,
"created_at": "2018-04-02 16:16:38",
"updated_at": "2018-04-02 16:16:38",
"published_at": null,
"pivot": {
"object_link_id": 62324,
"source_id": 8,
"id": 24424,
"creator_source_id": 8
}
}
]
},
"sources": [
{
"id": 1,
"type": "clients",
"name": "ThreatQ Front End",
"tlp_id": null,
"created_at": "2018-02-05 12:29:56",
"updated_at": "2018-04-02 15:49:40",
"published_at": null,
"pivot": {
"adversary_id": 1,
"source_id": 1,
"id": 1,
"creator_source_id": 1
}
},
{
"id": 7,
"type": "plugins",
"name": "VirusTotal",
"tlp_id": null,
"created_at": "2018-01-31 03:41:47",
"updated_at": "2018-04-02 15:49:40",
"published_at": null,
"pivot": {
"adversary_id": 1,
"source_id": 7,
"id": 2,
"creator_source_id": 7
}
},
{
"id": 8,
"type": "users",
"name": "Threat Quotient",
"tlp_id": null,
"created_at": "2018-03-31 21:31:30",
"updated_at": "2018-04-02 15:49:40",
"published_at": null,
"pivot": {
"adversary_id": 1,
"source_id": 8,
"id": 3,
"creator_source_id": 8
}
}
]
}
}Response
401Access denied.
Response
404Object not found.
DeleteDELETE/indicators/{indicator_id}/adversaries/{object_link_id}
Delete an Indicator Adversary link.
Example URI
DELETE /indicators/1/adversaries/2
URI Parameters
- indicator_id
integer(required) Example: 1Indicator ID
- object_link_id
integer(required) Example: 2Object Link ID
Request
Headers
Authorization: Bearer <access_token>Response
204Object(s) were successfully deleted.
Response
401Access denied.
Response
404Object not found.
Indicator Adversary Attributes List ¶
Get ListGET/indicators/{indicator_id}/adversaries/{object_link_id}/attributes{?limit,offset,sort}
Get a list of Indicator Adversary link Attributes.
Example URI
GET /indicators/1/adversaries/2/attributes?limit=500&offset=100&sort=id
URI Parameters
- indicator_id
integer(required) Example: 1Indicator ID
- object_link_id
integer(required) Example: 2Object Link ID
- limit
integer(optional) Example: 500The maximum number of records to retrieve.
- offset
integer(optional) Example: 100Designate the record that will appear first in your retrieved list.
- sort
string(optional) Example: idDesignate the field(s) you want to use to sort the retrieved list. You can prepend each field with a minus sign (-) to reverse the sorting order. This string can be a list of comma-separated values.
Request
Headers
Authorization: Bearer <access_token>Response
200Object(s) retrieved successfully.
Body
{
"total": 2,
"data": [
{
"id": 15067,
"object_link_id": 62326,
"attribute_id": 136,
"value": "Universities",
"created_at": "2018-04-02 17:46:43",
"updated_at": "2018-04-02 17:50:18",
"name": "Industry",
"attribute": {
"id": 136,
"name": "Industry",
"created_at": "2018-04-02 16:25:21",
"updated_at": "2018-04-02 16:25:21"
}
},
{
"id": 15068,
"object_link_id": 62326,
"attribute_id": 136,
"value": "Mining",
"created_at": "2018-04-02 17:52:14",
"updated_at": "2018-04-02 17:52:14",
"name": "Industry",
"attribute": {
"id": 136,
"name": "Industry",
"created_at": "2018-04-02 16:25:21",
"updated_at": "2018-04-02 16:25:21"
}
}
]
}Response
401Access denied.
Create NewPOST/indicators/{indicator_id}/adversaries/{object_link_id}/attributes
Create a new Indicator Adversary link Attribute.
Example URI
POST /indicators/1/adversaries/2/attributes
URI Parameters
- indicator_id
integer(required) Example: 1Indicator ID
- object_link_id
integer(required) Example: 2Object Link ID
Request
Headers
Content-Type: application/json
Authorization: Bearer <access_token>Body
{
"name": "Port",
"value": "4000",
"sources": [
{
"name": "TQ User",
"tlp": {
"name": "RED"
},
"published_at": "2017-02-28 01:01:01"
}
]
}Response
201Object was created successfully.
Headers
Content-Type: application/jsonBody
{
"data": [
{
"id": 15059,
"object_link_id": 61561,
"attribute_id": 401,
"value": "4000",
"created_at": "2017-03-01 21:47:14",
"updated_at": "2017-03-01 21:47:14",
"deleted_at": null
}
]
}Response
400Validation failed.
Headers
Content-Type: application/jsonBody
{
"errors": [
"Undefined index: value"
]
}Response
401Access denied.
Indicator Adversary Attribute ¶
Get SingleGET/indicators/{indicator_id}/adversaries/{object_link_id}/attributes/{object_link_attribute_id}
Get a single Indicator Adversary link Attribute.
Example URI
GET /indicators/1/adversaries/2/attributes/3
URI Parameters
- indicator_id
integer(required) Example: 1Indicator ID
- object_link_id
integer(required) Example: 2Object Link ID
- object_link_attribute_id
integer(required) Example: 3Object Link Attribute ID
Request
Headers
Authorization: Bearer <access_token>Response
200Object(s) retrieved successfully.
Body
{
"data": {
"id": 15068,
"object_link_id": 62326,
"attribute_id": 136,
"value": "Mining",
"created_at": "2018-04-02 17:52:14",
"updated_at": "2018-04-02 17:52:14",
"name": "Industry",
"attribute": {
"id": 136,
"name": "Industry",
"created_at": "2018-04-02 16:25:21",
"updated_at": "2018-04-02 16:25:21"
}
}
}Response
401Access denied.
Response
404Object not found.
UpdatePUT/indicators/{indicator_id}/adversaries/{object_link_id}/attributes/{object_link_attribute_id}
Update an Indicator Adversary link Attribute.
Example URI
PUT /indicators/1/adversaries/2/attributes/3
URI Parameters
- indicator_id
integer(required) Example: 1Indicator ID
- object_link_id
integer(required) Example: 2Object Link ID
- object_link_attribute_id
integer(required) Example: 3Object Link Attribute ID
Request
Headers
Content-Type: application/json
Authorization: Bearer <access_token>Body
{
"value": "New Value",
"tlp": {
"name": "RED"
}
}Response
200Object(s) retrieved successfully.
Body
{
"data": [
{
"id": 15058,
"object_link_id": 61561,
"attribute_id": 14,
"value": "New Value",
"created_at": "2017-01-24 14:54:31",
"updated_at": "2017-03-01 22:13:22",
"deleted_at": null
}
]
}Response
400Validation failed.
Headers
Content-Type: application/jsonBody
{
"errors": [
"Undefined index: value"
]
}Response
401Access denied.
Response
404Object not found.
DeleteDELETE/indicators/{indicator_id}/adversaries/{object_link_id}/attributes/{object_link_attribute_id}
Delete an Indicator Adversary link Attribute.
Example URI
DELETE /indicators/1/adversaries/2/attributes/3
URI Parameters
- indicator_id
integer(required) Example: 1Indicator ID
- object_link_id
integer(required) Example: 2Object Link ID
- object_link_attribute_id
integer(required) Example: 3Object Link Attribute ID
Request
Headers
Authorization: Bearer <access_token>Response
204Object(s) were successfully deleted.
Response
401Access denied.
Response
404Object not found.
Indicator Adversary Comments List ¶
Get ListGET/indicators/{indicator_id}/adversaries/{object_link_id}/comments{?limit,offset,sort,with}
Get a list of Indicator Adversary link Comments.
Example URI
GET /indicators/1/adversaries/2/comments?limit=500&offset=100&sort=id&with=sources
URI Parameters
- indicator_id
integer(required) Example: 1Indicator ID
- object_link_id
integer(required) Example: 2Object Link ID
- limit
integer(optional) Example: 500The maximum number of records to retrieve.
- offset
integer(optional) Example: 100Designate the record that will appear first in your retrieved list.
- sort
string(optional) Example: idDesignate the field(s) you want to use to sort the retrieved list. You can prepend each field with a minus sign (-) to reverse the sorting order. This string can be a list of comma-separated values.
- with
string(optional) Example: sourcesA comma-separated list of related objects to include in the response. Options for this endpoint: sources.
Request
Headers
Authorization: Bearer <access_token>Response
200Object(s) retrieved successfully.
Body
{
"total": 2,
"data": [
{
"id": 54,
"object_link_id": 62325,
"value": "This has some suspicious stuff.",
"creator_source_id": 8,
"created_at": "2018-04-02 16:19:51",
"updated_at": "2018-04-02 18:21:06",
"sources": [
{
"id": 8,
"type": "users",
"name": "Threat Quotient",
"expire_days": null,
"score": null,
"created_at": "2018-04-02 15:47:21",
"updated_at": "2018-04-02 15:47:21",
"pivot": {
"id": 54,
"creator_source_id": 8
}
}
]
},
{
"id": 56,
"object_link_id": 62325,
"value": "Compile date: 10/17/2011",
"creator_source_id": 8,
"created_at": "2018-04-02 16:20:25",
"updated_at": "2018-04-02 16:20:25",
"sources": [
{
"id": 8,
"type": "users",
"name": "Threat Quotient",
"expire_days": null,
"score": null,
"created_at": "2018-04-02 15:47:21",
"updated_at": "2018-04-02 15:47:21",
"pivot": {
"id": 56,
"creator_source_id": 8
}
}
]
}
]
}Response
401Access denied.
Create NewPOST/indicators/{indicator_id}/adversaries/{object_link_id}/comments
Create a new Indicator Adversary link Comment.
Example URI
POST /indicators/1/adversaries/2/comments
URI Parameters
- indicator_id
integer(required) Example: 1Indicator ID
- object_link_id
integer(required) Example: 2Object Link ID
Request
Headers
Content-Type: application/json
Authorization: Bearer <access_token>Body
{
"value": "This is a comment."
}Response
201Object was created successfully.
Headers
Content-Type: application/jsonBody
{
"data": {
"creator_source_id": 5,
"id": 69,
"value": "This is a comment.",
"sources": [
{
"id": 5,
"name": "Threat Quotient"
}
],
"created_at": "2017-03-02 14:12:32",
"updated_at": "2017-03-02 14:12:32"
}
}Response
400Validation failed.
Headers
Content-Type: application/jsonBody
{
"errors": [
"Undefined index: value"
]
}Response
401Access denied.
Indicator Adversary Comment ¶
Get SingleGET/indicators/{indicator_id}/adversaries/{object_link_id}/comments/{object_link_comment_id}
Get a single Indicator Adversary link Comment.
Example URI
GET /indicators/1/adversaries/2/comments/3
URI Parameters
- indicator_id
integer(required) Example: 1Indicator ID
- object_link_id
integer(required) Example: 2Object Link ID
- object_link_comment_id
integer(required) Example: 3Object Link Comment ID
Request
Headers
Authorization: Bearer <access_token>Response
200Object(s) retrieved successfully.
Body
{
"data": {
"id": 54,
"value": "This is a comment.",
"sources": [
{
"id": 5,
"name": "Threat Quotient"
}
],
"created_at": "2017-03-02 23:18:29",
"updated_at": "2017-03-02 23:18:29"
}
}Response
401Access denied.
Response
404Object not found.
UpdatePUT/indicators/{indicator_id}/adversaries/{object_link_id}/comments/{object_link_comment_id}
Update an Indicator Adversary link Comment.
Example URI
PUT /indicators/1/adversaries/2/comments/3
URI Parameters
- indicator_id
integer(required) Example: 1Indicator ID
- object_link_id
integer(required) Example: 2Object Link ID
- object_link_comment_id
integer(required) Example: 3Object Link Comment ID
Request
Headers
Content-Type: application/json
Authorization: Bearer <access_token>Body
{
"value": "This is an updated comment."
}Response
201Object was created successfully.
Headers
Content-Type: application/jsonBody
{
"data": {
"creator_source_id": 5,
"value": "This is an updated comment.",
"id": 67,
"sources": [
{
"id": 5,
"name": "Threat Quotient"
}
],
"created_at": "2017-02-28 20:18:50",
"updated_at": "2017-03-02 14:37:49"
}
}Response
400Validation failed.
Headers
Content-Type: application/jsonBody
{
"data": {
"creator_source_id": 5,
"errors": {
"value": [
"The value field is required."
]
}
}
}Response
401Access denied.
Response
404Object not found.
DeleteDELETE/indicators/{indicator_id}/adversaries/{object_link_id}/comments/{object_link_comment_id}
Delete an Indicator Adversary link Comment.
Example URI
DELETE /indicators/1/adversaries/2/comments/3
URI Parameters
- indicator_id
integer(required) Example: 1Indicator ID
- object_link_id
integer(required) Example: 2Object Link ID
- object_link_comment_id
integer(required) Example: 3Object Link Comment ID
Request
Headers
Authorization: Bearer <access_token>Response
204Object(s) were successfully deleted.
Response
401Access denied.
Response
404Object not found.
Indicator Attachments List ¶
Get ListGET/indicators/{indicator_id}/attachments{?limit,offset,sort,with}
Get a list of Indicator Attachment links.
Example URI
GET /indicators/1/attachments?limit=500&offset=100&sort=id&with=sources,pivot.attributes
URI Parameters
- indicator_id
integer(required) Example: 1Indicator ID
- limit
integer(optional) Example: 500The maximum number of records to retrieve.
- offset
integer(optional) Example: 100Designate the record that will appear first in your retrieved list.
- sort
string(optional) Example: idDesignate the field(s) you want to use to sort the retrieved list. You can prepend each field with a minus sign (-) to reverse the sorting order. This string can be a list of comma-separated values.
- with
string(optional) Example: sources,pivot.attributesA comma-separated list of related objects to include in the response. Options for this endpoint: pivot.comments, pivot.comments.sources, pivot.attributes, pivot.attributes.attribute, pivot.attributes.sources, pivot.sources, sources.
Request
Headers
Authorization: Bearer <access_token>Response
200Object(s) retrieved successfully.
Body
{
"total": 2,
"data": [
{
"id": 2,
"type_id": 19,
"title": "Honeybooboo.sh",
"name": "Honeybooboo.sh",
"hash": "4ece432b22f92461f9c4d2de2656d3e3",
"content_type_id": 2,
"file_size": 75,
"path": "6/b/d/0/d/c/1/2/e/5/d/f/a/0/4/3/e/b/4/9/6/0/9/f/a/4/7/c/4/f/1/0",
"malware_locked": "0",
"placeholder": 0,
"description": null,
"created_at": "2018-04-02 15:47:22",
"updated_at": "2018-04-02 15:47:22",
"touched_at": "2018-04-02 17:39:18",
"deleted_at": null,
"sources": [
{
"name": "Threat Quotient"
}
],
"pivot": {
"id": 62326,
"src_type": "adversary",
"src_object_id": 1,
"dest_type": "attachment",
"dest_object_id": 2,
"created_at": "2018-04-02 17:39:18",
"updated_at": "2018-04-02 17:39:18",
"comments": [
{
"id": 57,
"type": "users",
"value": "This link is important.",
"source": "Threat Quotient",
"created_at": "2018-04-02 17:54:58.936000",
"updated_at": "2018-04-02 17:55:15.039000",
"creator_source_id": 8
}
],
"attributes": [
{
"id": 15067,
"name": "Industry",
"value": "Universities",
"sources": [
{
"id": 3,
"name": "Threat Quotient",
"type": "users",
"pivot": {
"created_at": "2018-04-02 16:17:00.689000",
"updated_at": "2018-04-02 16:17:00.689000"
}
}
]
}
],
"sources": [
{
"id": 24428,
"name": "Threat Quotient",
"type": "users",
"pivot": {
"created_at": "2018-04-02 17:39:18.781000",
"updated_at": "2018-04-02 17:39:18.781000"
}
}
]
}
},
{
"id": 1,
"type_id": 10,
"title": "parsing-sample.pdf",
"name": "parsing-sample.pdf",
"hash": "89e17b2f6cd3888864237b0ee10048f0",
"content_type_id": 1,
"file_size": 11300,
"path": "e/a/f/d/d/7/1/e/5/c/e/1/1/9/b/0/5/6/4/a/6/d/5/9/a/2/3/5/3/1/0/4",
"malware_locked": "0",
"placeholder": 0,
"description": null,
"created_at": "2018-04-02 15:47:22",
"updated_at": "2018-04-02 15:47:22",
"touched_at": "2018-04-02 17:40:48",
"deleted_at": null,
"sources": [
{
"name": "Threat Quotient"
}
],
"pivot": {
"id": 62327,
"src_type": "adversary",
"src_object_id": 1,
"dest_type": "attachment",
"dest_object_id": 1,
"created_at": "2018-04-02 17:40:48",
"updated_at": "2018-04-02 17:40:48",
"comments": [
{
"id": 58,
"type": "users",
"value": "This link is also important.",
"source": "Threat Quotient",
"created_at": "2018-04-02 17:55:30.995000",
"updated_at": "2018-04-02 17:55:30.995000",
"creator_source_id": 8
}
],
"attributes": [
{
"id": 15068,
"name": "Industry",
"value": "Mining",
"sources": [
{
"id": 4,
"name": "Threat Quotient",
"type": "users",
"pivot": {
"created_at": "2018-04-02 16:17:00.689000",
"updated_at": "2018-04-02 16:17:00.689000"
}
}
]
}
],
"sources": [
{
"id": 24430,
"name": "Threat Quotient",
"type": "users",
"pivot": {
"created_at": "2018-04-02 17:40:48.310000",
"updated_at": "2018-04-02 17:40:48.310000"
}
}
]
}
}
],
"limit": 100,
"offset": 0
}Response
401Access denied.
Create NewPOST/indicators/{indicator_id}/attachments
Create a link from an Attachment to an Indicator.
Example URI
POST /indicators/1/attachments
URI Parameters
- indicator_id
integer(required) Example: 1Indicator ID
Request
Headers
Content-Type: application/json
Authorization: Bearer <access_token>Body
[
{
"id": 2
},
{
"id": 3
}
]Response
201Object was created successfully.
Headers
Content-Type: application/jsonBody
{
"total": 1,
"data": [
{
"id": 3,
"type_id": 3,
"title": "EXE like script",
"name": "Honeybooboo.sh",
"hash": "51774564f8d78fbddbfa22e1e7459af4",
"content_type_id": 1,
"file_size": 234234,
"malware_locked": 1,
"description": null,
"created_at": "2017-02-23 20:02:18",
"updated_at": "2017-02-23 20:02:18",
"touched_at": "2017-03-01 16:51:15",
"pivot": {
"id": 62394,
"created_at": "2017-03-01 16:51:15",
"updated_at": "2017-03-01 16:51:15"
}
}
]
}Response
400Validation failed.
Headers
Content-Type: application/jsonBody
{
"data": [
{
"errors": {
"id": [
"The id field is required."
]
}
}
]
}Response
401Access denied.
Bulk DeleteDELETE/indicators/{indicator_id}/attachments
Delete multiple Indicator Attachment links. The request should include a list of object_link_ids to be deleted.
Example URI
DELETE /indicators/1/attachments
URI Parameters
- indicator_id
integer(required) Example: 1Indicator ID
Request
Headers
Content-Type: application/json
Authorization: Bearer <access_token>Body
[
62351,
62352
]Response
204Object(s) were successfully deleted.
Response
401Access denied.
Indicator Attachment ¶
Get SingleGET/indicators/{indicator_id}/attachments/{object_link_id}{?with}
Get a single Indicator Attachment link.
Example URI
GET /indicators/1/attachments/2?with=sources,pivot.attributes
URI Parameters
- indicator_id
integer(required) Example: 1Indicator ID
- object_link_id
integer(required) Example: 2Object Link ID
- with
string(optional) Example: sources,pivot.attributesA comma-separated list of related objects to include in the response. Options for this endpoint: pivot.comments, pivot.comments.sources, pivot.attributes, pivot.attributes.attribute, pivot.attributes.sources, pivot.sources, sources.
Request
Headers
Authorization: Bearer <access_token>Response
200Object(s) retrieved successfully.
Body
{
"data": {
"id": 2,
"type_id": 19,
"title": "Honeybooboo.sh",
"name": "Honeybooboo.sh",
"hash": "4ece432b22f92461f9c4d2de2656d3e3",
"content_type_id": 2,
"file_size": 75,
"malware_locked": 0,
"placeholder": 0,
"description": null,
"created_at": "2018-04-02 15:47:22",
"updated_at": "2018-04-02 15:47:22",
"touched_at": "2018-04-02 17:39:18",
"pivot": {
"id": 62326,
"created_at": "2018-04-02 17:39:18",
"updated_at": "2018-04-02 17:39:18",
"comments": [
{
"id": 57,
"object_link_id": 62326,
"value": "This link is important.",
"creator_source_id": 8,
"created_at": "2018-04-02 17:54:58",
"updated_at": "2018-04-02 17:55:15",
"sources": [
{
"id": 8,
"type": "users",
"name": "Threat Quotient",
"expire_days": null,
"score": null,
"created_at": "2018-04-02 15:47:21",
"updated_at": "2018-04-02 15:47:21",
"pivot": {
"id": 57,
"creator_source_id": 8
}
}
]
}
],
"attributes": [
{
"id": 15067,
"object_link_id": 62326,
"attribute_id": 136,
"value": "Universities",
"created_at": "2018-04-02 17:46:43",
"updated_at": "2018-04-02 17:50:18",
"name": "Industry",
"attribute": {
"id": 136,
"name": "Industry",
"created_at": "2018-04-02 16:25:21",
"updated_at": "2018-04-02 16:25:21"
},
"sources": [
{
"id": 8,
"type": "users",
"name": "Threat Quotient",
"tlp_id": null,
"created_at": "2018-04-02 16:17:00",
"updated_at": "2018-04-02 16:17:00",
"published_at": null,
"pivot": {
"object_link_attribute_id": 15067,
"source_id": 8,
"id": 3,
"creator_source_id": 0
}
}
]
}
],
"sources": [
{
"id": 8,
"type": "users",
"name": "Threat Quotient",
"tlp_id": null,
"created_at": "2018-04-02 17:39:18",
"updated_at": "2018-04-02 17:39:18",
"published_at": null,
"pivot": {
"object_link_id": 62326,
"source_id": 8,
"id": 24428,
"creator_source_id": 8
}
}
]
},
"sources": [
{
"id": 8,
"type": "users",
"name": "Threat Quotient",
"tlp_id": null,
"created_at": "2018-04-02 15:47:22",
"updated_at": "2018-04-02 15:47:22",
"published_at": null,
"pivot": {
"attachment_id": 2,
"source_id": 8,
"id": 2,
"creator_source_id": 8
}
}
]
}
}Response
401Access denied.
Response
404Object not found.
DeleteDELETE/indicators/{indicator_id}/attachments/{object_link_id}
Delete an Indicator Attachment link.
Example URI
DELETE /indicators/1/attachments/2
URI Parameters
- indicator_id
integer(required) Example: 1Indicator ID
- object_link_id
integer(required) Example: 2Object Link ID
Request
Headers
Authorization: Bearer <access_token>Response
204Object(s) were successfully deleted.
Response
401Access denied.
Response
404Object not found.
Indicator Attachment Attributes List ¶
Get ListGET/indicators/{indicator_id}/attachments/{object_link_id}/attributes{?limit,offset,sort}
Get a list of Indicator Attachment link Attributes.
Example URI
GET /indicators/1/attachments/2/attributes?limit=500&offset=100&sort=id
URI Parameters
- indicator_id
integer(required) Example: 1Indicator ID
- object_link_id
integer(required) Example: 2Object Link ID
- limit
integer(optional) Example: 500The maximum number of records to retrieve.
- offset
integer(optional) Example: 100Designate the record that will appear first in your retrieved list.
- sort
string(optional) Example: idDesignate the field(s) you want to use to sort the retrieved list. You can prepend each field with a minus sign (-) to reverse the sorting order. This string can be a list of comma-separated values.
Request
Headers
Authorization: Bearer <access_token>Response
200Object(s) retrieved successfully.
Body
{
"total": 2,
"data": [
{
"id": 15067,
"object_link_id": 62326,
"attribute_id": 136,
"value": "Universities",
"created_at": "2018-04-02 17:46:43",
"updated_at": "2018-04-02 17:50:18",
"name": "Industry",
"attribute": {
"id": 136,
"name": "Industry",
"created_at": "2018-04-02 16:25:21",
"updated_at": "2018-04-02 16:25:21"
}
},
{
"id": 15068,
"object_link_id": 62326,
"attribute_id": 136,
"value": "Mining",
"created_at": "2018-04-02 17:52:14",
"updated_at": "2018-04-02 17:52:14",
"name": "Industry",
"attribute": {
"id": 136,
"name": "Industry",
"created_at": "2018-04-02 16:25:21",
"updated_at": "2018-04-02 16:25:21"
}
}
]
}Response
401Access denied.
Create NewPOST/indicators/{indicator_id}/attachments/{object_link_id}/attributes
Create a new Indicator Attachment link Attribute.
Example URI
POST /indicators/1/attachments/2/attributes
URI Parameters
- indicator_id
integer(required) Example: 1Indicator ID
- object_link_id
integer(required) Example: 2Object Link ID
Request
Headers
Content-Type: application/json
Authorization: Bearer <access_token>Body
{
"name": "Port",
"value": "4000",
"sources": [
{
"name": "TQ User",
"tlp": {
"name": "RED"
},
"published_at": "2017-02-28 01:01:01"
}
]
}Response
201Object was created successfully.
Headers
Content-Type: application/jsonBody
{
"data": [
{
"id": 15059,
"object_link_id": 61561,
"attribute_id": 401,
"value": "4000",
"created_at": "2017-03-01 21:47:14",
"updated_at": "2017-03-01 21:47:14",
"deleted_at": null
}
]
}Response
400Validation failed.
Headers
Content-Type: application/jsonBody
{
"errors": [
"Undefined index: value"
]
}Response
401Access denied.
Indicator Attachment Attribute ¶
Get SingleGET/indicators/{indicator_id}/attachments/{object_link_id}/attributes/{object_link_attribute_id}
Get a single Indicator Attachment link Attribute.
Example URI
GET /indicators/1/attachments/2/attributes/3
URI Parameters
- indicator_id
integer(required) Example: 1Indicator ID
- object_link_id
integer(required) Example: 2Object Link ID
- object_link_attribute_id
integer(required) Example: 3Object Link Attribute ID
Request
Headers
Authorization: Bearer <access_token>Response
200Object(s) retrieved successfully.
Body
{
"data": {
"id": 15068,
"object_link_id": 62326,
"attribute_id": 136,
"value": "Mining",
"created_at": "2018-04-02 17:52:14",
"updated_at": "2018-04-02 17:52:14",
"name": "Industry",
"attribute": {
"id": 136,
"name": "Industry",
"created_at": "2018-04-02 16:25:21",
"updated_at": "2018-04-02 16:25:21"
}
}
}Response
401Access denied.
Response
404Object not found.
UpdatePUT/indicators/{indicator_id}/attachments/{object_link_id}/attributes/{object_link_attribute_id}
Update an Indicator Attachment link Attribute.
Example URI
PUT /indicators/1/attachments/2/attributes/3
URI Parameters
- indicator_id
integer(required) Example: 1Indicator ID
- object_link_id
integer(required) Example: 2Object Link ID
- object_link_attribute_id
integer(required) Example: 3Object Link Attribute ID
Request
Headers
Content-Type: application/json
Authorization: Bearer <access_token>Body
{
"value": "New Value",
"tlp": {
"name": "RED"
}
}Response
200Object(s) retrieved successfully.
Body
{
"data": [
{
"id": 15058,
"object_link_id": 61561,
"attribute_id": 14,
"value": "New Value",
"created_at": "2017-01-24 14:54:31",
"updated_at": "2017-03-01 22:13:22",
"deleted_at": null
}
]
}Response
400Validation failed.
Headers
Content-Type: application/jsonBody
{
"errors": [
"Undefined index: value"
]
}Response
401Access denied.
Response
404Object not found.
DeleteDELETE/indicators/{indicator_id}/attachments/{object_link_id}/attributes/{object_link_attribute_id}
Delete an Indicator Attachment link Attribute.
Example URI
DELETE /indicators/1/attachments/2/attributes/3
URI Parameters
- indicator_id
integer(required) Example: 1Indicator ID
- object_link_id
integer(required) Example: 2Object Link ID
- object_link_attribute_id
integer(required) Example: 3Object Link Attribute ID
Request
Headers
Authorization: Bearer <access_token>Response
204Object(s) were successfully deleted.
Response
401Access denied.
Response
404Object not found.
Indicator Attachment Comments List ¶
Get ListGET/indicators/{indicator_id}/attachments/{object_link_id}/comments{?limit,offset,sort,with}
Get a list of Indicator Attachment link Comments.
Example URI
GET /indicators/1/attachments/2/comments?limit=500&offset=100&sort=id&with=sources
URI Parameters
- indicator_id
integer(required) Example: 1Indicator ID
- object_link_id
integer(required) Example: 2Object Link ID
- limit
integer(optional) Example: 500The maximum number of records to retrieve.
- offset
integer(optional) Example: 100Designate the record that will appear first in your retrieved list.
- sort
string(optional) Example: idDesignate the field(s) you want to use to sort the retrieved list. You can prepend each field with a minus sign (-) to reverse the sorting order. This string can be a list of comma-separated values.
- with
string(optional) Example: sourcesA comma-separated list of related objects to include in the response. Options for this endpoint: sources.
Request
Headers
Authorization: Bearer <access_token>Response
200Object(s) retrieved successfully.
Body
{
"total": 2,
"data": [
{
"id": 54,
"object_link_id": 62325,
"value": "This has some suspicious stuff.",
"creator_source_id": 8,
"created_at": "2018-04-02 16:19:51",
"updated_at": "2018-04-02 18:21:06",
"sources": [
{
"id": 8,
"type": "users",
"name": "Threat Quotient",
"expire_days": null,
"score": null,
"created_at": "2018-04-02 15:47:21",
"updated_at": "2018-04-02 15:47:21",
"pivot": {
"id": 54,
"creator_source_id": 8
}
}
]
},
{
"id": 56,
"object_link_id": 62325,
"value": "Compile date: 10/17/2011",
"creator_source_id": 8,
"created_at": "2018-04-02 16:20:25",
"updated_at": "2018-04-02 16:20:25",
"sources": [
{
"id": 8,
"type": "users",
"name": "Threat Quotient",
"expire_days": null,
"score": null,
"created_at": "2018-04-02 15:47:21",
"updated_at": "2018-04-02 15:47:21",
"pivot": {
"id": 56,
"creator_source_id": 8
}
}
]
}
]
}Response
401Access denied.
Create NewPOST/indicators/{indicator_id}/attachments/{object_link_id}/comments
Create a new Indicator Attachment link Comment.
Example URI
POST /indicators/1/attachments/2/comments
URI Parameters
- indicator_id
integer(required) Example: 1Indicator ID
- object_link_id
integer(required) Example: 2Object Link ID
Request
Headers
Content-Type: application/json
Authorization: Bearer <access_token>Body
{
"value": "This is a comment."
}Response
201Object was created successfully.
Headers
Content-Type: application/jsonBody
{
"data": {
"creator_source_id": 5,
"id": 69,
"value": "This is a comment.",
"sources": [
{
"id": 5,
"name": "Threat Quotient"
}
],
"created_at": "2017-03-02 14:12:32",
"updated_at": "2017-03-02 14:12:32"
}
}Response
400Validation failed.
Headers
Content-Type: application/jsonBody
{
"errors": [
"Undefined index: value"
]
}Response
401Access denied.
Indicator Attachment Comment ¶
Get SingleGET/indicators/{indicator_id}/attachments/{object_link_id}/comments/{object_link_comment_id}
Get a single Indicator Attachment link Comment.
Example URI
GET /indicators/1/attachments/2/comments/3
URI Parameters
- indicator_id
integer(required) Example: 1Indicator ID
- object_link_id
integer(required) Example: 2Object Link ID
- object_link_comment_id
integer(required) Example: 3Object Link Comment ID
Request
Headers
Authorization: Bearer <access_token>Response
200Object(s) retrieved successfully.
Body
{
"data": {
"id": 54,
"value": "This is a comment.",
"sources": [
{
"id": 5,
"name": "Threat Quotient"
}
],
"created_at": "2017-03-02 23:18:29",
"updated_at": "2017-03-02 23:18:29"
}
}Response
401Access denied.
Response
404Object not found.
UpdatePUT/indicators/{indicator_id}/attachments/{object_link_id}/comments/{object_link_comment_id}
Update an Indicator Attachment link Comment.
Example URI
PUT /indicators/1/attachments/2/comments/3
URI Parameters
- indicator_id
integer(required) Example: 1Indicator ID
- object_link_id
integer(required) Example: 2Object Link ID
- object_link_comment_id
integer(required) Example: 3Object Link Comment ID
Request
Headers
Content-Type: application/json
Authorization: Bearer <access_token>Body
{
"value": "This is an updated comment."
}Response
201Object was created successfully.
Headers
Content-Type: application/jsonBody
{
"data": {
"creator_source_id": 5,
"value": "This is an updated comment.",
"id": 67,
"sources": [
{
"id": 5,
"name": "Threat Quotient"
}
],
"created_at": "2017-02-28 20:18:50",
"updated_at": "2017-03-02 14:37:49"
}
}Response
400Validation failed.
Headers
Content-Type: application/jsonBody
{
"data": {
"creator_source_id": 5,
"errors": {
"value": [
"The value field is required."
]
}
}
}Response
401Access denied.
Response
404Object not found.
DeleteDELETE/indicators/{indicator_id}/attachments/{object_link_id}/comments/{object_link_comment_id}
Delete an Indicator Attachment link Comment.
Example URI
DELETE /indicators/1/attachments/2/comments/3
URI Parameters
- indicator_id
integer(required) Example: 1Indicator ID
- object_link_id
integer(required) Example: 2Object Link ID
- object_link_comment_id
integer(required) Example: 3Object Link Comment ID
Request
Headers
Authorization: Bearer <access_token>Response
204Object(s) were successfully deleted.
Response
401Access denied.
Response
404Object not found.
Indicator Attributes List ¶
Get ListGET/indicators/{indicator_id}/attributes{?limit,offset,sort,with}
Get a list of Indicator Attributes.
Example URI
GET /indicators/1/attributes?limit=500&offset=100&sort=id&with=attribute,sources
URI Parameters
- indicator_id
integer(required) Example: 1Indicator ID
- limit
integer(optional) Example: 500The maximum number of records to retrieve.
- offset
integer(optional) Example: 100Designate the record that will appear first in your retrieved list.
- sort
string(optional) Example: idDesignate the field(s) you want to use to sort the retrieved list. You can prepend each field with a minus sign (-) to reverse the sorting order. This string can be a list of comma-separated values.
- with
string(optional) Example: attribute,sourcesA comma-separated list of related objects to include in the response. Options for this endpoint: attribute, sources.
Request
Headers
Authorization: Bearer <access_token>Response
200Object(s) retrieved successfully.
Body
{
"total": 7,
"data": [
{
"id": 1,
"indicator_id": 1,
"attribute_id": 8,
"value": "~DF2.tmp",
"created_at": "2017-02-14 03:24:28",
"updated_at": "2017-02-14 03:24:28",
"touched_at": "2017-04-14 19:02:49",
"name": "C2",
"attribute": {
"id": 8,
"name": "C2",
"created_at": "2017-03-22 19:03:42",
"updated_at": "2017-04-09 19:04:42"
}
},
{
"id": 2,
"indicator_id": 1,
"attribute_id": 68,
"value": "mshttp.dll",
"created_at": "2017-04-10 06:35:29",
"updated_at": "2017-04-10 06:35:29",
"touched_at": "2017-04-14 19:02:49",
"name": "Registrant",
"attribute": {
"id": 68,
"name": "Registrant",
"created_at": "2017-03-21 19:03:42",
"updated_at": "2017-03-21 19:03:42"
}
},
{
"id": 3,
"indicator_id": 1,
"attribute_id": 34,
"value": "Win32%2FInstallMonetizer.AY",
"created_at": "2017-03-07 10:10:29",
"updated_at": "2017-03-07 10:10:29",
"touched_at": "2017-04-14 19:02:49",
"name": "File Extension",
"attribute": {
"id": 34,
"name": "File Extension",
"created_at": "2017-03-16 19:03:42",
"updated_at": "2017-03-17 19:03:42"
}
}
]
}Response
401Access denied.
Create NewPOST/indicators/{indicator_id}/attributes
Create a new Indicator Attribute.
Example URI
POST /indicators/1/attributes
URI Parameters
- indicator_id
integer(required) Example: 1Indicator ID
Request
Headers
Content-Type: application/json
Authorization: Bearer <access_token>Body
{
"name": "Port",
"value": "4000",
"sources": [
{
"name": "TQ User",
"tlp": {
"name": "RED"
},
"published_at": "2017-02-28 01:01:01"
}
]
}Response
201Object was created successfully.
Headers
Content-Type: application/jsonBody
{
"total": 1,
"data": [
{
"value": "Test Value",
"indicator_id": 1,
"id": 41258,
"attribute_id": 255,
"created_at": "2017-04-16 00:34:25",
"updated_at": "2017-04-16 00:34:25",
"name": "Test Attribute",
"attribute": {
"id": 255,
"name": "Test Attribute",
"created_at": "2017-04-16 00:34:25",
"updated_at": "2017-04-16 00:34:25"
},
"sources": [
{
"id": 11,
"type": "other_sources",
"name": "Test Source",
"tlp_id": 1,
"created_at": "2017-04-16 00:34:25",
"updated_at": "2017-04-16 00:34:25",
"published_at": "2017-02-28 00:00:00",
"pivot": {
"indicator_attribute_id": 41258,
"source_id": 11,
"id": 151,
"creator_source_id": 5
}
}
]
}
]
}Response
401Access denied.
Indicator Attribute ¶
Get SingleGET/indicators/{indicator_id}/attributes/{indicator_attribute_id}{?with}
Get a single Indicator Attribute.
Example URI
GET /indicators/1/attributes/2?with=attribute,sources
URI Parameters
- indicator_id
integer(required) Example: 1Indicator ID
- indicator_attribute_id
integer(required) Example: 2Indicator Attribute ID
- with
string(optional) Example: attribute,sourcesA comma-separated list of related objects to include in the response. Options for this endpoint: attribute, sources.
Request
Headers
Authorization: Bearer <access_token>Response
200Object(s) retrieved successfully.
Body
{
"data": {
"id": 41258,
"indicator_id": 1,
"attribute_id": 255,
"value": "Test Value",
"created_at": "2017-04-16 00:34:25",
"updated_at": "2017-04-16 00:34:25",
"touched_at": "2017-04-16 00:34:25",
"name": "Test Attribute",
"attribute": {
"id": 255,
"name": "Test Attribute",
"created_at": "2017-04-16 00:34:25",
"updated_at": "2017-04-16 00:34:25"
}
}
}Response
401Access denied.
Response
404Object not found.
UpdatePUT/indicators/{indicator_id}/attributes/{indicator_attribute_id}{?with}
Update an Indicator Attribute.
Example URI
PUT /indicators/1/attributes/2?with=attribute,sources
URI Parameters
- indicator_id
integer(required) Example: 1Indicator ID
- indicator_attribute_id
integer(required) Example: 2Indicator Attribute ID
- with
string(optional) Example: attribute,sourcesA comma-separated list of related objects to include in the response. Options for this endpoint: attribute, sources.
Request
Headers
Content-Type: application/json
Authorization: Bearer <access_token>Body
{
"value": "New Value",
"tlp": {
"name": "RED"
}
}Response
201Object was created successfully.
Headers
Content-Type: application/jsonBody
{
"data": {
"id": 41258,
"indicator_id": 1,
"attribute_id": 255,
"value": "New Value",
"created_at": "2017-04-16 00:34:25",
"updated_at": "2017-04-16 00:44:03",
"touched_at": "2017-04-16 00:34:25",
"name": "Test Attribute",
"attribute": {
"id": 255,
"name": "Test Attribute",
"created_at": "2017-04-16 00:34:25",
"updated_at": "2017-04-16 00:34:25"
}
}
}Response
400Validation failed.
Headers
Content-Type: application/jsonBody
{
"data": {
"indicator_id": "1",
"attribute_id": "41258",
"errors": {
"value": [
"The value field is required."
]
},
"name": null,
"attribute": null
}
}Response
401Access denied.
Response
404Object not found.
DeleteDELETE/indicators/{indicator_id}/attributes/{indicator_attribute_id}
Delete an Indicator Attribute.
Example URI
DELETE /indicators/1/attributes/2
URI Parameters
- indicator_id
integer(required) Example: 1Indicator ID
- indicator_attribute_id
integer(required) Example: 2Indicator Attribute ID
Request
Headers
Authorization: Bearer <access_token>Response
204Object(s) were successfully deleted.
Response
401Access denied.
Response
404Object not found.
Indicator Attribute Source ¶
UpdatePUT/indicators/{indicator_id}/attributes/{indicator_attribute_id}/sources/{indicator_attribute_source_id}
Update an Indicator Attribute Source.
Example URI
PUT /indicators/1/attributes/2/sources/3
URI Parameters
- indicator_id
integer(required) Example: 1Indicator ID
- indicator_attribute_id
integer(required) Example: 2Indicator Attribute ID
- indicator_attribute_source_id
integer(required) Example: 3Indicator Attribute Source ID
Request
Headers
Content-Type: application/json
Authorization: Bearer <access_token>Body
{
"tlp": {
"name": "RED"
}
}Response
200Object(s) retrieved successfully.
Body
{
"data": {
"id": 1,
"indicator_attribute_id": 1,
"source_id": 8,
"tlp_id": 1,
"created_at": "2018-09-20 21:22:20",
"updated_at": "2018-09-20 21:23:46",
"published_at": "2017-01-01 01:01:01",
"creator_source_id": 8
}
}Response
401Access denied.
Response
404Object not found.
DeleteDELETE/indicators/{indicator_id}/attributes/{indicator_attribute_id}/sources/{indicator_attribute_source_id}
Delete an Indicator Attribute Source.
Example URI
DELETE /indicators/1/attributes/2/sources/3
URI Parameters
- indicator_id
integer(required) Example: 1Indicator ID
- indicator_attribute_id
integer(required) Example: 2Indicator Attribute ID
- indicator_attribute_source_id
integer(required) Example: 3Indicator Attribute Source ID
Request
Headers
Authorization: Bearer <access_token>Response
204Object(s) were successfully deleted.
Response
401Access denied.
Response
404Object not found.
Indicator Bulk Details ¶
Indicator Bulk DetailsPOST/indicators/bulk-details
Get a list of Indicator Details.
Example URI
POST /indicators/bulk-details
Request
Headers
Content-Type: application/json
Authorization: Bearer <access_token>Body
[
1,
2
]Response
200Object(s) retrieved successfully.
Body
{
"total": 2,
"data": [
{
"id": 1,
"type_id": 1,
"status_id": 1,
"class": "network",
"hash": "4aba5ab07a3bda558d5d725a09d93ba6",
"value": "37.139.40.0/21",
"last_detected_at": "2015-12-06 08:46:27",
"expires_at": null,
"expired_at": null,
"expires_calculated_at": "2017-04-16 01:07:43",
"created_at": "2017-04-14 19:01:43",
"updated_at": "2017-04-16 01:07:43",
"touched_at": "2017-04-16 01:07:43",
"score": null,
"status": {
"id": 1,
"name": "Active",
"description": "Poses a threat and is being exported to detection tools.",
"user_editable": "N",
"visible": "Y",
"include_in_export": "Y",
"protected": "Y",
"created_at": "2017-04-14 19:01:43",
"updated_at": "2017-04-16 01:07:43"
},
"type": {
"id": 1,
"name": "CIDR Block",
"class": "network",
"score": null,
"wildcard_matching": "Y",
"created_at": "2017-04-14 19:01:07",
"updated_at": "2017-04-14 19:01:07",
"plugins": []
},
"watchlist": [],
"sources": [
{
"id": 6,
"type": "users",
"name": "Threat Quotient Feeds",
"tlp_id": null,
"created_at": "2017-04-14 19:01:43",
"updated_at": "2017-04-14 19:01:43",
"published_at": null,
"pivot": {
"indicator_id": 1,
"source_id": 6,
"id": 1,
"creator_source_id": 5
}
},
{
"id": 9,
"type": "users",
"name": "Primary Contributor",
"tlp_id": null,
"created_at": "2017-04-14 19:01:43",
"updated_at": "2017-04-14 19:01:43",
"published_at": null,
"pivot": {
"indicator_id": 1,
"source_id": 9,
"id": 2,
"creator_source_id": 5
}
},
{
"id": 10,
"type": "other_sources",
"name": "Source",
"tlp_id": null,
"created_at": "2017-04-16 01:07:43",
"updated_at": "2017-04-16 01:07:43",
"published_at": null,
"pivot": {
"indicator_id": 1,
"source_id": 10,
"id": 18714,
"creator_source_id": 0
}
}
],
"comments": [],
"attributes": [
{
"id": 1,
"indicator_id": 1,
"attribute_id": 8,
"value": "~DF2.tmp",
"created_at": "2017-02-14 03:24:28",
"updated_at": "2017-02-14 03:24:28",
"touched_at": "2017-02-14 03:24:28",
"name": "C2",
"attribute": {
"id": 8,
"name": "C2",
"created_at": "2017-03-22 19:03:42",
"updated_at": "2017-04-09 19:04:42"
},
"sources": [
{
"id": 5,
"type": "users",
"name": "Threat Quotient",
"tlp_id": null,
"created_at": "2017-04-14 19:02:36",
"updated_at": "2017-04-14 19:02:36",
"published_at": "2017-04-14 19:02:36",
"pivot": {
"indicator_attribute_id": 1,
"source_id": 5,
"id": 1,
"creator_source_id": 5
}
}
]
},
{
"id": 2,
"indicator_id": 1,
"attribute_id": 68,
"value": "mshttp.dll",
"created_at": "2017-04-10 06:35:29",
"updated_at": "2017-04-10 06:35:29",
"touched_at": "2017-04-10 06:35:29",
"name": "Registrant",
"attribute": {
"id": 68,
"name": "Registrant",
"created_at": "2017-03-21 19:03:42",
"updated_at": "2017-03-21 19:03:42"
},
"sources": [
{
"id": 5,
"type": "users",
"name": "Threat Quotient",
"tlp_id": null,
"created_at": "2017-04-14 19:02:36",
"updated_at": "2017-04-14 19:02:36",
"published_at": "2017-04-14 19:02:36",
"pivot": {
"indicator_attribute_id": 2,
"source_id": 5,
"id": 2,
"creator_source_id": 5
}
}
]
},
{
"id": 3,
"indicator_id": 1,
"attribute_id": 34,
"value": "Win32%2FInstallMonetizer.AY",
"created_at": "2017-03-07 10:10:29",
"updated_at": "2017-03-07 10:10:29",
"touched_at": "2017-03-07 10:10:29",
"name": "File Extension",
"attribute": {
"id": 34,
"name": "File Extension",
"created_at": "2017-03-16 19:03:42",
"updated_at": "2017-03-17 19:03:42"
},
"sources": [
{
"id": 5,
"type": "users",
"name": "Threat Quotient",
"tlp_id": null,
"created_at": "2017-04-14 19:02:36",
"updated_at": "2017-04-14 19:02:36",
"published_at": "2017-04-14 19:02:36",
"pivot": {
"indicator_attribute_id": 3,
"source_id": 5,
"id": 3,
"creator_source_id": 5
}
}
]
},
{
"id": 4,
"indicator_id": 1,
"attribute_id": 97,
"value": "sysfiles",
"created_at": "2017-03-26 22:56:01",
"updated_at": "2017-03-26 22:56:01",
"touched_at": "2017-03-26 22:56:01",
"name": "Version",
"attribute": {
"id": 97,
"name": "Version",
"created_at": "2017-03-29 19:03:42",
"updated_at": "2017-04-06 19:04:42"
},
"sources": [
{
"id": 5,
"type": "users",
"name": "Threat Quotient",
"tlp_id": null,
"created_at": "2017-04-14 19:02:36",
"updated_at": "2017-04-14 19:02:36",
"published_at": "2017-04-14 19:02:36",
"pivot": {
"indicator_attribute_id": 4,
"source_id": 5,
"id": 4,
"creator_source_id": 5
}
}
]
},
{
"id": 5,
"indicator_id": 1,
"attribute_id": 35,
"value": "PC bitmap, Windows 3.x format, 497 x 497 x 24",
"created_at": "2017-03-23 06:16:10",
"updated_at": "2017-03-23 06:16:10",
"touched_at": "2017-03-23 06:16:10",
"name": "File Identifier",
"attribute": {
"id": 35,
"name": "File Identifier",
"created_at": "2017-04-06 19:04:42",
"updated_at": "2017-03-30 19:03:42"
},
"sources": [
{
"id": 5,
"type": "users",
"name": "Threat Quotient",
"tlp_id": null,
"created_at": "2017-04-14 19:02:36",
"updated_at": "2017-04-14 19:02:36",
"published_at": "2017-04-14 19:02:36",
"pivot": {
"indicator_attribute_id": 5,
"source_id": 5,
"id": 5,
"creator_source_id": 5
}
}
]
},
{
"id": 6,
"indicator_id": 1,
"attribute_id": 97,
"value": "XML 1.0 document, UTF-8 Unicode (with BOM) text, with CRLF line terminators",
"created_at": "2017-02-12 16:21:53",
"updated_at": "2017-02-12 16:21:53",
"touched_at": "2017-02-12 16:21:53",
"name": "Version",
"attribute": {
"id": 97,
"name": "Version",
"created_at": "2017-03-29 19:03:42",
"updated_at": "2017-04-06 19:04:42"
},
"sources": [
{
"id": 5,
"type": "users",
"name": "Threat Quotient",
"tlp_id": null,
"created_at": "2017-04-14 19:02:36",
"updated_at": "2017-04-14 19:02:36",
"published_at": "2017-04-14 19:02:36",
"pivot": {
"indicator_attribute_id": 6,
"source_id": 5,
"id": 6,
"creator_source_id": 5
}
}
]
},
{
"id": 7,
"indicator_id": 1,
"attribute_id": 58,
"value": "Trojan.Win32.PCPerformer.BB",
"created_at": "2017-01-20 10:25:16",
"updated_at": "2017-01-20 10:25:16",
"touched_at": "2017-01-20 10:25:16",
"name": "Network Identifier",
"attribute": {
"id": 58,
"name": "Network Identifier",
"created_at": "2017-04-11 19:04:42",
"updated_at": "2017-04-07 19:04:42"
},
"sources": [
{
"id": 5,
"type": "users",
"name": "Threat Quotient",
"tlp_id": null,
"created_at": "2017-04-14 19:02:36",
"updated_at": "2017-04-14 19:02:36",
"published_at": "2017-04-14 19:02:36",
"pivot": {
"indicator_attribute_id": 7,
"source_id": 5,
"id": 7,
"creator_source_id": 5
}
}
]
},
{
"id": 41258,
"indicator_id": 1,
"attribute_id": 255,
"value": "New Value",
"created_at": "2017-04-16 00:34:25",
"updated_at": "2017-04-16 00:44:03",
"touched_at": "2017-04-16 00:44:03",
"name": "Test Attribute",
"attribute": {
"id": 255,
"name": "Test Attribute",
"created_at": "2017-04-16 00:34:25",
"updated_at": "2017-04-16 00:34:25"
},
"sources": [
{
"id": 5,
"type": "users",
"name": "Threat Quotient",
"tlp_id": 0,
"created_at": "2017-04-16 00:44:03",
"updated_at": "2017-04-16 00:44:03",
"published_at": "2017-04-16 00:44:03",
"pivot": {
"indicator_attribute_id": 41258,
"source_id": 5,
"id": 152,
"creator_source_id": 5
},
"tlp": {
"id": null,
"name": null,
"description": null,
"value": null,
"user_editable": null,
"created_at": null,
"updated_at": null
}
},
{
"id": 11,
"type": "other_sources",
"name": "Test Source",
"tlp_id": 1,
"created_at": "2017-04-16 00:34:25",
"updated_at": "2017-04-16 00:34:25",
"published_at": "2017-04-16 00:34:25",
"pivot": {
"indicator_attribute_id": 41258,
"source_id": 11,
"id": 151,
"creator_source_id": 5
},
"tlp": {
"id": 1,
"name": "RED",
"description": "Red",
"value": 0,
"user_editable": "N",
"created_at": "2017-04-14 19:01:11",
"updated_at": "2017-04-14 19:01:11"
}
}
]
},
{
"id": 41259,
"indicator_id": 1,
"attribute_id": 13,
"value": "High",
"created_at": "2017-04-16 01:07:43",
"updated_at": "2017-04-16 01:07:43",
"touched_at": "2017-04-16 01:07:43",
"name": "Confidence",
"attribute": {
"id": 13,
"name": "Confidence",
"created_at": "2017-04-07 19:04:42",
"updated_at": "2017-03-29 19:03:42"
},
"sources": [
{
"id": 5,
"type": "users",
"name": "Threat Quotient",
"tlp_id": null,
"created_at": "2017-04-16 01:07:43",
"updated_at": "2017-04-16 01:07:43",
"published_at": "2017-04-16 01:07:43",
"pivot": {
"indicator_attribute_id": 41259,
"source_id": 5,
"id": 154,
"creator_source_id": 5
}
}
]
},
{
"id": 41260,
"indicator_id": 1,
"attribute_id": 66,
"value": "4000",
"created_at": "2017-04-16 01:07:43",
"updated_at": "2017-04-16 01:07:43",
"touched_at": "2017-04-16 01:07:43",
"name": "Port",
"attribute": {
"id": 66,
"name": "Port",
"created_at": "2017-03-31 19:03:42",
"updated_at": "2017-04-04 19:04:42"
},
"sources": [
{
"id": 5,
"type": "users",
"name": "Threat Quotient",
"tlp_id": null,
"created_at": "2017-04-16 01:07:43",
"updated_at": "2017-04-16 01:07:43",
"published_at": "2017-04-16 01:07:43",
"pivot": {
"indicator_attribute_id": 41260,
"source_id": 5,
"id": 155,
"creator_source_id": 5
}
}
]
},
{
"id": 41261,
"indicator_id": 1,
"attribute_id": 254,
"value": "http",
"created_at": "2017-04-16 01:07:43",
"updated_at": "2017-04-16 01:07:43",
"touched_at": "2017-04-16 01:07:43",
"name": "Scheme",
"attribute": {
"id": 254,
"name": "Scheme",
"created_at": "2017-04-14 19:05:48",
"updated_at": "2017-04-14 19:05:48"
},
"sources": [
{
"id": 5,
"type": "users",
"name": "Threat Quotient",
"tlp_id": null,
"created_at": "2017-04-16 01:07:43",
"updated_at": "2017-04-16 01:07:43",
"published_at": "2017-04-16 01:07:43",
"pivot": {
"indicator_attribute_id": 41261,
"source_id": 5,
"id": 156,
"creator_source_id": 5
}
}
]
}
],
"adversaries": [
{
"id": 119,
"name": "OpLastResort",
"created_at": "2017-03-10 18:39:43",
"updated_at": "2017-03-10 18:39:43",
"touched_at": "2017-03-10 18:39:43",
"pivot": {
"id": 14842,
"created_at": "2017-02-02 14:09:35",
"updated_at": "2017-04-14 19:03:23"
},
"sources": [
{
"id": 4,
"type": "clients",
"name": "ThreatQ Scoring Plugin Access",
"tlp_id": null,
"created_at": "2017-02-09 05:30:09",
"updated_at": "2017-04-14 19:03:42",
"published_at": "2017-04-14 19:03:42",
"pivot": {
"adversary_id": 119,
"source_id": 4,
"id": 1,
"creator_source_id": 4
}
}
]
},
{
"id": 1,
"name": "Advanced Pawn",
"created_at": "2017-02-26 08:39:20",
"updated_at": "2017-02-26 08:39:20",
"touched_at": "2017-02-26 08:39:20",
"pivot": {
"id": 62391,
"created_at": "2017-04-16 01:07:43",
"updated_at": "2017-04-16 01:07:43"
},
"sources": [
{
"id": 5,
"type": "users",
"name": "Threat Quotient",
"tlp_id": null,
"created_at": "2017-04-16 01:07:43",
"updated_at": "2017-04-16 01:07:43",
"published_at": "2017-04-16 01:07:43",
"pivot": {
"adversary_id": 1,
"source_id": 5,
"id": 24253,
"creator_source_id": 5
}
}
]
}
],
"attachments": [
{
"id": 1,
"type_id": 1,
"title": "Crazy File",
"name": "crazy-file.exe",
"hash": "f5f39c6886a66686af0950014dffe968",
"content_type_id": 1,
"file_size": 234235236,
"malware_locked": 1,
"created_at": "2017-04-14 19:04:42",
"updated_at": "2017-04-14 19:04:42",
"touched_at": "2017-04-14 19:04:42",
"pivot": {
"id": 1,
"created_at": "2017-03-07 12:15:19",
"updated_at": "2017-04-14 19:03:18"
},
"sources": []
},
{
"id": 2,
"type_id": 2,
"title": "Bad Malware",
"name": "Crazy effing malware!.net.org.exe",
"hash": "350649b5b5fa5436d325cbaf482d52c7",
"content_type_id": 1,
"file_size": 134232,
"malware_locked": 1,
"created_at": "2017-04-13 19:04:42",
"updated_at": "2017-04-13 19:04:42",
"touched_at": "2017-04-13 19:04:42",
"pivot": {
"id": 2,
"created_at": "2017-01-22 06:30:28",
"updated_at": "2017-04-14 19:03:18"
},
"sources": []
},
{
"id": 3,
"type_id": 3,
"title": "EXE like script",
"name": "Honeybooboo.sh",
"hash": "51774564f8d78fbddbfa22e1e7459af4",
"content_type_id": 1,
"file_size": 234234,
"malware_locked": 1,
"created_at": "2017-04-09 19:04:42",
"updated_at": "2017-04-09 19:04:42",
"touched_at": "2017-04-09 19:04:42",
"pivot": {
"id": 3,
"created_at": "2017-02-08 10:06:50",
"updated_at": "2017-04-14 19:03:18"
},
"sources": []
}
],
"events": [
{
"id": 108,
"type_id": 1,
"title": "Subject - I wonder what I was.",
"description": "",
"happened_at": "2017-01-31 07:56:14",
"hash": "ce88a4c27ce2921f43d257b2039f6f34",
"created_at": "2017-01-31 07:56:14",
"updated_at": "2017-01-31 07:56:14",
"touched_at": "2017-01-31 07:56:14",
"pivot": {
"id": 29859,
"created_at": "2017-02-27 05:21:19",
"updated_at": "2017-04-14 19:03:30"
},
"sources": []
}
],
"indicators": [
{
"id": 7353,
"type_id": 1,
"status_id": 1,
"class": "network",
"hash": "4aba5ab07a3bda558d5d725a09d93ba6",
"value": "37.139.40.0/21",
"last_detected_at": "2015-12-06 08:46:27",
"expires_at": null,
"expired_at": null,
"expires_calculated_at": "2017-04-16 01:07:43",
"created_at": "2017-04-14 19:01:43",
"updated_at": "2017-04-16 01:07:43",
"touched_at": "2017-04-16 01:07:43",
"pivot": {
"id": 44904,
"created_at": "2017-02-12 16:06:49",
"updated_at": "2017-04-14 19:03:35"
},
"type": {
"id": 1,
"name": "CIDR Block",
"class": "network",
"score": null,
"wildcard_matching": "Y",
"created_at": "2017-04-14 19:01:07",
"updated_at": "2017-04-14 19:01:07",
"plugins": []
},
"sources": []
}
],
"signatures": []
},
{
"id": 2,
"type_id": 1,
"status_id": 1,
"class": "network",
"hash": "0c7ec33474db30aa8f160840768a7adc",
"value": "62.76.40.0/21",
"last_detected_at": "1991-08-15 05:56:05",
"expires_at": null,
"expired_at": null,
"expires_calculated_at": "2017-04-16 01:07:43",
"created_at": "2017-04-14 19:01:43",
"updated_at": "2017-04-16 01:07:43",
"touched_at": "2017-04-16 01:07:43",
"score": null,
"status": {
"id": 1,
"name": "Active",
"description": "Poses a threat and is being exported to detection tools.",
"user_editable": "N",
"visible": "Y",
"include_in_export": "Y",
"protected": "Y",
"created_at": "2017-04-14 19:01:43",
"updated_at": "2017-04-16 01:07:43"
},
"type": {
"id": 1,
"name": "CIDR Block",
"class": "network",
"score": null,
"wildcard_matching": "Y",
"created_at": "2017-04-14 19:01:07",
"updated_at": "2017-04-14 19:01:07",
"plugins": []
},
"watchlist": [],
"sources": [
{
"id": 6,
"type": "users",
"name": "Threat Quotient Feeds",
"tlp_id": null,
"created_at": "2017-04-14 19:01:43",
"updated_at": "2017-04-14 19:01:43",
"published_at": null,
"pivot": {
"indicator_id": 2,
"source_id": 6,
"id": 5,
"creator_source_id": 5
}
},
{
"id": 7,
"type": "users",
"name": "Customer Admin",
"tlp_id": null,
"created_at": "2017-04-14 19:01:43",
"updated_at": "2017-04-14 19:01:43",
"published_at": null,
"pivot": {
"indicator_id": 2,
"source_id": 7,
"id": 3,
"creator_source_id": 5
}
},
{
"id": 8,
"type": "users",
"name": "Customer Observer",
"tlp_id": null,
"created_at": "2017-04-14 19:01:43",
"updated_at": "2017-04-14 19:01:43",
"published_at": null,
"pivot": {
"indicator_id": 2,
"source_id": 8,
"id": 4,
"creator_source_id": 5
}
},
{
"id": 9,
"type": "users",
"name": "Primary Contributor",
"tlp_id": null,
"created_at": "2017-04-14 19:01:43",
"updated_at": "2017-04-14 19:01:43",
"published_at": null,
"pivot": {
"indicator_id": 2,
"source_id": 9,
"id": 6,
"creator_source_id": 5
}
},
{
"id": 10,
"type": "other_sources",
"name": "Source",
"tlp_id": null,
"created_at": "2017-04-16 01:07:43",
"updated_at": "2017-04-16 01:07:43",
"published_at": null,
"pivot": {
"indicator_id": 2,
"source_id": 10,
"id": 18715,
"creator_source_id": 0
}
}
],
"comments": [],
"attributes": [
{
"id": 8,
"indicator_id": 2,
"attribute_id": 62,
"value": "SHeur4.BMEQ",
"created_at": "2017-03-22 08:44:10",
"updated_at": "2017-03-22 08:44:10",
"touched_at": "2017-03-22 08:44:10",
"name": "Nick Crazy Value",
"attribute": {
"id": 62,
"name": "Nick Crazy Value",
"created_at": "2017-03-15 19:03:42",
"updated_at": "2017-04-12 19:04:42"
},
"sources": [
{
"id": 5,
"type": "users",
"name": "Threat Quotient",
"tlp_id": null,
"created_at": "2017-04-14 19:02:36",
"updated_at": "2017-04-14 19:02:36",
"published_at": "2017-04-14 19:02:36",
"pivot": {
"indicator_attribute_id": 8,
"source_id": 5,
"id": 8,
"creator_source_id": 5
}
}
]
},
{
"id": 41262,
"indicator_id": 2,
"attribute_id": 13,
"value": "High",
"created_at": "2017-04-16 01:07:43",
"updated_at": "2017-04-16 01:07:43",
"touched_at": "2017-04-16 01:07:43",
"name": "Confidence",
"attribute": {
"id": 13,
"name": "Confidence",
"created_at": "2017-04-07 19:04:42",
"updated_at": "2017-03-29 19:03:42"
},
"sources": [
{
"id": 5,
"type": "users",
"name": "Threat Quotient",
"tlp_id": null,
"created_at": "2017-04-16 01:07:43",
"updated_at": "2017-04-16 01:07:43",
"published_at": "2017-04-16 01:07:43",
"pivot": {
"indicator_attribute_id": 41262,
"source_id": 5,
"id": 157,
"creator_source_id": 5
}
}
]
},
{
"id": 41263,
"indicator_id": 2,
"attribute_id": 66,
"value": "4000",
"created_at": "2017-04-16 01:07:43",
"updated_at": "2017-04-16 01:07:43",
"touched_at": "2017-04-16 01:07:43",
"name": "Port",
"attribute": {
"id": 66,
"name": "Port",
"created_at": "2017-03-31 19:03:42",
"updated_at": "2017-04-04 19:04:42"
},
"sources": [
{
"id": 5,
"type": "users",
"name": "Threat Quotient",
"tlp_id": null,
"created_at": "2017-04-16 01:07:43",
"updated_at": "2017-04-16 01:07:43",
"published_at": "2017-04-16 01:07:43",
"pivot": {
"indicator_attribute_id": 41263,
"source_id": 5,
"id": 158,
"creator_source_id": 5
}
}
]
},
{
"id": 41264,
"indicator_id": 2,
"attribute_id": 254,
"value": "http",
"created_at": "2017-04-16 01:07:43",
"updated_at": "2017-04-16 01:07:43",
"touched_at": "2017-04-16 01:07:43",
"name": "Scheme",
"attribute": {
"id": 254,
"name": "Scheme",
"created_at": "2017-04-14 19:05:48",
"updated_at": "2017-04-14 19:05:48"
},
"sources": [
{
"id": 5,
"type": "users",
"name": "Threat Quotient",
"tlp_id": null,
"created_at": "2017-04-16 01:07:43",
"updated_at": "2017-04-16 01:07:43",
"published_at": "2017-04-16 01:07:43",
"pivot": {
"indicator_attribute_id": 41264,
"source_id": 5,
"id": 159,
"creator_source_id": 5
}
}
]
}
],
"adversaries": [
{
"id": 76,
"name": "Kimsuky Operation",
"created_at": "2017-01-26 13:41:19",
"updated_at": "2017-01-26 13:41:19",
"touched_at": "2017-01-26 13:41:19",
"pivot": {
"id": 14843,
"created_at": "2017-01-31 15:57:50",
"updated_at": "2017-04-14 19:03:23"
},
"sources": [
{
"id": 9,
"type": "users",
"name": "Primary Contributor",
"tlp_id": null,
"created_at": "2017-03-05 16:04:51",
"updated_at": "2017-04-14 19:03:42",
"published_at": "2017-04-14 19:03:42",
"pivot": {
"adversary_id": 76,
"source_id": 9,
"id": 2,
"creator_source_id": 9
}
}
]
},
{
"id": 1,
"name": "Advanced Pawn",
"created_at": "2017-02-26 08:39:20",
"updated_at": "2017-02-26 08:39:20",
"touched_at": "2017-02-26 08:39:20",
"pivot": {
"id": 62392,
"created_at": "2017-04-16 01:07:43",
"updated_at": "2017-04-16 01:07:43"
},
"sources": [
{
"id": 5,
"type": "users",
"name": "Threat Quotient",
"tlp_id": null,
"created_at": "2017-04-16 01:07:43",
"updated_at": "2017-04-16 01:07:43",
"published_at": "2017-04-16 01:07:43",
"pivot": {
"adversary_id": 1,
"source_id": 5,
"id": 24254,
"creator_source_id": 5
}
}
]
}
],
"attachments": [
{
"id": 1,
"type_id": 1,
"title": "Crazy File",
"name": "crazy-file.exe",
"hash": "f5f39c6886a66686af0950014dffe968",
"content_type_id": 1,
"file_size": 234235236,
"malware_locked": 1,
"created_at": "2017-04-14 19:04:42",
"updated_at": "2017-04-14 19:04:42",
"touched_at": "2017-04-14 19:04:42",
"pivot": {
"id": 4,
"created_at": "2017-03-22 08:13:03",
"updated_at": "2017-04-14 19:03:18"
},
"sources": []
},
{
"id": 2,
"type_id": 2,
"title": "Bad Malware",
"name": "Crazy effing malware!.net.org.exe",
"hash": "350649b5b5fa5436d325cbaf482d52c7",
"content_type_id": 1,
"file_size": 134232,
"malware_locked": 1,
"created_at": "2017-04-13 19:04:42",
"updated_at": "2017-04-13 19:04:42",
"touched_at": "2017-04-13 19:04:42",
"pivot": {
"id": 5,
"created_at": "2017-03-29 04:58:07",
"updated_at": "2017-04-14 19:03:18"
},
"sources": []
},
{
"id": 3,
"type_id": 3,
"title": "EXE like script",
"name": "Honeybooboo.sh",
"hash": "51774564f8d78fbddbfa22e1e7459af4",
"content_type_id": 1,
"file_size": 234234,
"malware_locked": 1,
"created_at": "2017-04-09 19:04:42",
"updated_at": "2017-04-09 19:04:42",
"touched_at": "2017-04-09 19:04:42",
"pivot": {
"id": 6,
"created_at": "2017-03-17 04:30:55",
"updated_at": "2017-04-14 19:03:18"
},
"sources": []
}
],
"events": [
{
"id": 426,
"type_id": 3,
"title": "SQL - rtkI]qXnH$C=H\\mO=#XeUW:@lP@$+q",
"description": "",
"happened_at": "2017-01-31 12:36:11",
"hash": "6e9e81caa58bc0b63acb48f22d5aa630",
"created_at": "2017-01-31 12:36:11",
"updated_at": "2017-01-31 12:36:11",
"touched_at": "2017-01-31 12:36:11",
"pivot": {
"id": 29860,
"created_at": "2017-02-16 14:46:42",
"updated_at": "2017-04-14 19:03:30"
},
"sources": []
},
{
"id": 480,
"type_id": 3,
"title": "SQL - q2*Wi;Qb`^Y7J",
"description": "",
"happened_at": "2017-01-02 04:51:11",
"hash": "5da31ff654083069061f8fac4113bf97",
"created_at": "2017-01-02 04:51:11",
"updated_at": "2017-01-02 04:51:11",
"touched_at": "2017-01-02 04:51:11",
"pivot": {
"id": 29861,
"created_at": "2017-02-12 02:59:58",
"updated_at": "2017-04-14 19:03:30"
},
"sources": []
}
],
"indicators": [
{
"id": 1869,
"type_id": 1,
"status_id": 1,
"class": "network",
"hash": "0c7ec33474db30aa8f160840768a7adc",
"value": "62.76.40.0/21",
"last_detected_at": "1991-08-15 05:56:05",
"expires_at": null,
"expired_at": null,
"expires_calculated_at": "2017-04-16 01:07:43",
"created_at": "2017-04-14 19:01:43",
"updated_at": "2017-04-16 01:07:43",
"touched_at": "2017-04-16 01:07:43",
"pivot": {
"id": 44905,
"created_at": "2017-02-07 07:28:45",
"updated_at": "2017-04-14 19:03:35"
},
"type": {
"id": 1,
"name": "CIDR Block",
"class": "network",
"score": null,
"wildcard_matching": "Y",
"created_at": "2017-04-14 19:01:07",
"updated_at": "2017-04-14 19:01:07",
"plugins": []
},
"sources": []
},
{
"id": 5958,
"type_id": 1,
"status_id": 1,
"class": "network",
"hash": "0c7ec33474db30aa8f160840768a7adc",
"value": "62.76.40.0/21",
"last_detected_at": "1991-08-15 05:56:05",
"expires_at": null,
"expired_at": null,
"expires_calculated_at": "2017-04-16 01:07:43",
"created_at": "2017-04-14 19:01:43",
"updated_at": "2017-04-16 01:07:43",
"touched_at": "2017-04-16 01:07:43",
"pivot": {
"id": 44906,
"created_at": "2017-04-12 05:19:17",
"updated_at": "2017-04-14 19:03:35"
},
"type": {
"id": 1,
"name": "CIDR Block",
"class": "network",
"score": null,
"wildcard_matching": "Y",
"created_at": "2017-04-14 19:01:07",
"updated_at": "2017-04-14 19:01:07",
"plugins": []
},
"sources": []
},
{
"id": 814,
"type_id": 1,
"status_id": 1,
"class": "network",
"hash": "0c7ec33474db30aa8f160840768a7adc",
"value": "62.76.40.0/21",
"last_detected_at": "1991-08-15 05:56:05",
"expires_at": null,
"expired_at": null,
"expires_calculated_at": "2017-04-16 01:07:43",
"created_at": "2017-04-14 19:01:43",
"updated_at": "2017-04-16 01:07:43",
"touched_at": "2017-04-16 01:07:43",
"pivot": {
"id": 46502,
"created_at": "2017-03-17 18:16:19",
"updated_at": "2017-04-14 19:03:35"
},
"type": {
"id": 1,
"name": "CIDR Block",
"class": "network",
"score": null,
"wildcard_matching": "Y",
"created_at": "2017-04-14 19:01:07",
"updated_at": "2017-04-14 19:01:07",
"plugins": []
},
"sources": []
}
],
"signatures": []
}
]
}Response
400Validation failed.
Headers
Content-Type: application/jsonBody
{
"errors": [
"A list of Indicator ids is required."
]
}Response
401Access denied.
Indicator Bulk Update ¶
Indicator Bulk UpdatePUT/indicators/bulk
Update multiple Indicators.
Example URI
PUT /indicators/bulk
Request
Headers
Content-Type: application/json
Authorization: Bearer <access_token>Body
{
"status_id": 2,
"source": "Source",
"attributes": [
{
"name": "Confidence",
"value": "High"
},
{
"name": "Port",
"value": "4000"
},
{
"name": "Scheme",
"value": "http"
}
],
"relations": [
{
"id": "1",
"object": "adversary",
"value": "Advanced Pawn"
}
],
"ids": [
1,
2,
3
],
"expire_days": "2"
}Response
201Object was created successfully.
Headers
Content-Type: application/jsonBody
{
"total": 3,
"data": [
{
"id": 1,
"type_id": 1,
"status_id": 1,
"class": "network",
"hash": "4aba5ab07a3bda558d5d725a09d93ba6",
"value": "37.139.40.0/21",
"last_detected_at": "2015-12-06 08:46:27",
"expires_at": null,
"expired_at": null,
"expires_calculated_at": "2017-04-16 01:07:43",
"created_at": "2017-04-14 19:01:43",
"updated_at": "2017-04-16 01:07:43",
"touched_at": "2017-04-16 01:07:43",
"sources": [
{
"id": 6,
"type": "users",
"name": "Threat Quotient Feeds",
"tlp_id": null,
"created_at": "2017-04-14 19:01:43",
"updated_at": "2017-04-14 19:01:43",
"published_at": null,
"pivot": {
"indicator_id": 1,
"source_id": 6,
"id": 1,
"creator_source_id": 5
}
},
{
"id": 9,
"type": "users",
"name": "Primary Contributor",
"tlp_id": null,
"created_at": "2017-04-14 19:01:43",
"updated_at": "2017-04-14 19:01:43",
"published_at": null,
"pivot": {
"indicator_id": 1,
"source_id": 9,
"id": 2,
"creator_source_id": 5
}
}
],
"attributes": [
{
"value": "High",
"indicator_id": 1,
"id": 41259,
"name": "Confidence",
"attribute": {
"name": "Confidence"
}
},
{
"value": "4000",
"indicator_id": 1,
"id": 41260,
"name": "Port",
"attribute": {
"name": "Port"
}
},
{
"value": "http",
"indicator_id": 1,
"id": 41261,
"name": "Scheme",
"attribute": {
"name": "Scheme"
}
}
],
"object_links": [
{
"src_type": "indicator",
"src_object_id": 1,
"dest_type": "adversary",
"dest_object_id": "1"
}
]
},
{
"id": 2,
"type_id": 1,
"status_id": 1,
"class": "network",
"hash": "0c7ec33474db30aa8f160840768a7adc",
"value": "62.76.40.0/21",
"last_detected_at": "1991-08-15 05:56:05",
"expires_at": null,
"expired_at": null,
"expires_calculated_at": "2017-04-16 01:07:43",
"created_at": "2017-04-14 19:01:43",
"updated_at": "2017-04-16 01:07:43",
"touched_at": "2017-04-16 01:07:43",
"sources": [
{
"id": 6,
"type": "users",
"name": "Threat Quotient Feeds",
"tlp_id": null,
"created_at": "2017-04-14 19:01:43",
"updated_at": "2017-04-14 19:01:43",
"published_at": null,
"pivot": {
"indicator_id": 2,
"source_id": 6,
"id": 5,
"creator_source_id": 5
}
},
{
"id": 7,
"type": "users",
"name": "Customer Admin",
"tlp_id": null,
"created_at": "2017-04-14 19:01:43",
"updated_at": "2017-04-14 19:01:43",
"published_at": null,
"pivot": {
"indicator_id": 2,
"source_id": 7,
"id": 3,
"creator_source_id": 5
}
},
{
"id": 8,
"type": "users",
"name": "Customer Observer",
"tlp_id": null,
"created_at": "2017-04-14 19:01:43",
"updated_at": "2017-04-14 19:01:43",
"published_at": null,
"pivot": {
"indicator_id": 2,
"source_id": 8,
"id": 4,
"creator_source_id": 5
}
},
{
"id": 9,
"type": "users",
"name": "Primary Contributor",
"tlp_id": null,
"created_at": "2017-04-14 19:01:43",
"updated_at": "2017-04-14 19:01:43",
"published_at": null,
"pivot": {
"indicator_id": 2,
"source_id": 9,
"id": 6,
"creator_source_id": 5
}
}
],
"attributes": [
{
"value": "High",
"indicator_id": 2,
"id": 41262,
"name": "Confidence",
"attribute": {
"name": "Confidence"
}
},
{
"value": "4000",
"indicator_id": 2,
"id": 41263,
"name": "Port",
"attribute": {
"name": "Port"
}
},
{
"value": "http",
"indicator_id": 2,
"id": 41264,
"name": "Scheme",
"attribute": {
"name": "Scheme"
}
}
],
"object_links": [
{
"src_type": "indicator",
"src_object_id": 2,
"dest_type": "adversary",
"dest_object_id": "1"
}
]
},
{
"id": 3,
"type_id": 1,
"status_id": 1,
"class": "network",
"hash": "a163b0d14775955cb9a1a81fa9e291ce",
"value": "62.76.176.0/22",
"last_detected_at": "1985-08-12 20:08:15",
"expires_at": null,
"expired_at": null,
"expires_calculated_at": "2017-04-16 01:07:43",
"created_at": "2017-04-14 19:01:43",
"updated_at": "2017-04-16 01:07:43",
"touched_at": "2017-04-16 01:07:43",
"sources": [
{
"id": 3,
"type": "clients",
"name": "ThreatQ Example Feed",
"tlp_id": null,
"created_at": "2017-04-14 19:01:43",
"updated_at": "2017-04-14 19:01:43",
"published_at": null,
"pivot": {
"indicator_id": 3,
"source_id": 3,
"id": 7,
"creator_source_id": 5
}
},
{
"id": 7,
"type": "users",
"name": "Customer Admin",
"tlp_id": null,
"created_at": "2017-04-14 19:01:43",
"updated_at": "2017-04-14 19:01:43",
"published_at": null,
"pivot": {
"indicator_id": 3,
"source_id": 7,
"id": 8,
"creator_source_id": 5
}
}
],
"attributes": [
{
"value": "High",
"indicator_id": 3,
"id": 41265,
"name": "Confidence",
"attribute": {
"name": "Confidence"
}
},
{
"value": "4000",
"indicator_id": 3,
"id": 41266,
"name": "Port",
"attribute": {
"name": "Port"
}
},
{
"value": "http",
"indicator_id": 3,
"id": 41267,
"name": "Scheme",
"attribute": {
"name": "Scheme"
}
}
],
"object_links": [
{
"src_type": "indicator",
"src_object_id": 3,
"dest_type": "adversary",
"dest_object_id": "1"
}
]
}
]
}Response
401Access denied.
Response
500Internal Server Error.
Body
{
"errors": [
"Undefined index: ids"
]
}Indicator Comments List ¶
Get ListGET/indicators/{indicator_id}/comments{?limit,offset,sort,with}
Get a list of Indicator Comments.
Example URI
GET /indicators/1/comments?limit=500&offset=100&sort=id&with=indicator,sources
URI Parameters
- indicator_id
integer(required) Example: 1Indicator ID
- limit
integer(optional) Example: 500The maximum number of records to retrieve.
- offset
integer(optional) Example: 100Designate the record that will appear first in your retrieved list.
- sort
string(optional) Example: idDesignate the field(s) you want to use to sort the retrieved list. You can prepend each field with a minus sign (-) to reverse the sorting order. This string can be a list of comma-separated values.
- with
string(optional) Example: indicator,sourcesA comma-separated list of related objects to include in the response. Options for this endpoint: indicator, sources.
Request
Headers
Authorization: Bearer <access_token>Response
200Object(s) retrieved successfully.
Body
{
"total": 2,
"data": [
{
"id": 54,
"indicator_id": 1,
"value": "This is a comment.",
"creator_source_id": 5,
"created_at": "2017-04-16 14:39:28",
"updated_at": "2017-04-16 14:44:26"
},
{
"id": 55,
"indicator_id": 1,
"value": "This is another comment.",
"creator_source_id": 5,
"created_at": "2017-04-16 14:51:50",
"updated_at": "2017-04-16 14:51:50"
}
]
}Response
401Access denied.
Create NewPOST/indicators/{indicator_id}/comments
Create a new Indicator Comment.
Example URI
POST /indicators/1/comments
URI Parameters
- indicator_id
integer(required) Example: 1Indicator ID
Request
Headers
Content-Type: application/json
Authorization: Bearer <access_token>Body
{
"value": "This is a comment."
}Response
201Object was created successfully.
Headers
Content-Type: application/jsonBody
{
"data": {
"id": 54,
"indicator_id": 1,
"value": "This is a comment.",
"creator_source_id": 5,
"created_at": "2017-04-16 14:39:28",
"updated_at": "2017-04-16 14:39:28",
"sources": [
{
"id": 5,
"type": "users",
"name": "Threat Quotient",
"expire_days": null,
"score": null,
"created_at": "2017-04-14 19:01:42",
"updated_at": "2017-04-14 19:01:42",
"pivot": {
"id": 54,
"creator_source_id": 5
}
}
]
}
}Response
400Validation failed.
Headers
Content-Type: application/jsonBody
{
"data": {
"creator_source_id": 5,
"indicator_id": "1",
"errors": {
"value": [
"The value field is required."
]
}
}
}Response
401Access denied.
Indicator Comment ¶
UpdatePUT/indicators/{indicator_id}/comments/{indicator_comment_id}{?with}
Update an Indicator Comment.
Example URI
PUT /indicators/1/comments/2?with=indicator,sources
URI Parameters
- indicator_id
integer(required) Example: 1Indicator ID
- indicator_comment_id
integer(required) Example: 2Indicator Comment ID
- with
string(optional) Example: indicator,sourcesA comma-separated list of related objects to include in the response. Options for this endpoint: indicator, sources.
Request
Headers
Content-Type: application/json
Authorization: Bearer <access_token>Body
{
"value": "This is an updated comment."
}Response
201Object was created successfully.
Headers
Content-Type: application/jsonBody
{
"data": {
"id": 54,
"indicator_id": 1,
"value": "This is an updated comment.",
"creator_source_id": 5,
"created_at": "2017-04-16 14:39:28",
"updated_at": "2017-04-16 14:44:26",
"sources": [
{
"id": 5,
"type": "users",
"name": "Threat Quotient",
"expire_days": null,
"score": null,
"created_at": "2017-04-14 19:01:42",
"updated_at": "2017-04-14 19:01:42",
"pivot": {
"id": 54,
"creator_source_id": 5
}
}
]
}
}Response
400Validation failed.
Headers
Content-Type: application/jsonBody
{
"errors": [
"The current authenticated owner is not the owner of this comment."
]
}Response
401Access denied.
Response
404Object not found.
DeleteDELETE/indicators/{indicator_id}/comments/{indicator_comment_id}
Delete an Indicator Comment.
Example URI
DELETE /indicators/1/comments/2
URI Parameters
- indicator_id
integer(required) Example: 1Indicator ID
- indicator_comment_id
integer(required) Example: 2Indicator Comment ID
Request
Headers
Authorization: Bearer <access_token>Response
204Object(s) were successfully deleted.
Response
401Access denied.
Response
404Object not found.
Indicator Comment Short ¶
Get SingleGET/indicators/comments/{indicator_comment_id}{?with}
Get a single Indicator Comment.
Example URI
GET /indicators/comments/2?with=indicator,sources
URI Parameters
- indicator_comment_id
integer(required) Example: 2Indicator Comment ID
- with
string(optional) Example: indicator,sourcesA comma-separated list of related objects to include in the response. Options for this endpoint: indicator, sources.
Request
Headers
Authorization: Bearer <access_token>Response
200Object(s) retrieved successfully.
Body
{
"data": {
"id": 54,
"value": "This is a comment.",
"sources": [
{
"id": 5,
"name": "Threat Quotient"
}
],
"created_at": "2017-03-02 23:18:29",
"updated_at": "2017-03-02 23:18:29"
}
}Response
401Access denied.
Response
404Object not found.
UpdatePUT/indicators/comments/{indicator_comment_id}{?with}
Update an Indicator Comment.
Example URI
PUT /indicators/comments/2?with=indicator,sources
URI Parameters
- indicator_comment_id
integer(required) Example: 2Indicator Comment ID
- with
string(optional) Example: indicator,sourcesA comma-separated list of related objects to include in the response. Options for this endpoint: indicator, sources.
Request
Headers
Content-Type: application/json
Authorization: Bearer <access_token>Body
{
"value": "This is an updated comment."
}Response
201Object was created successfully.
Headers
Content-Type: application/jsonBody
{
"data": {
"id": 54,
"indicator_id": 1,
"value": "This is an updated comment.",
"creator_source_id": 5,
"created_at": "2017-04-16 14:39:28",
"updated_at": "2017-04-16 14:44:26",
"sources": [
{
"id": 5,
"type": "users",
"name": "Threat Quotient",
"expire_days": null,
"score": null,
"created_at": "2017-04-14 19:01:42",
"updated_at": "2017-04-14 19:01:42",
"pivot": {
"id": 54,
"creator_source_id": 5
}
}
]
}
}Response
400Validation failed.
Headers
Content-Type: application/jsonBody
{
"errors": [
"The current authenticated owner is not the owner of this comment."
]
}Response
401Access denied.
Response
404Object not found.
DeleteDELETE/indicators/comments/{indicator_comment_id}
Delete an Indicator Comment.
Example URI
DELETE /indicators/comments/2
URI Parameters
- indicator_comment_id
integer(required) Example: 2Indicator Comment ID
Request
Headers
Authorization: Bearer <access_token>Response
204Object(s) were successfully deleted.
Response
401Access denied.
Response
404Object not found.
Indicator Consume ¶
Indicator ConsumePOST/indicators/consume
Consume a list of Indicator objects.
Required fields: value, type_id, status_id
Optional fields: description, last_detected_at, published_at, tlp (an object with a name field) or tlp_id, sources, attributes, comments, and tags
Relations can also be included as optional fields in the request: adversaries, attachments, attack_pattern, campaign, course_of_action, events, exploit_target, identity, incident, indicators, intrusion_set, malware, report, signatures, tool, ttp, and vulnerability.
When including relations, if the relation is of the same type as the endpoint used (e.g. related indicators on Indicator Consume), the relation can be defined using the required fields. Otherwise, relations must be created in advance and the resulting IDs should be used in the request.
Note: Objects that already exist in the system will not be duplicated, any new context in the request will be added to the existing object. This endpoint does not fail on validation - any errors will be included in the response object.
Example URI
POST /indicators/consume
Request
Headers
Content-Type: application/json
Authorization: Bearer <access_token>Body
[
{
"status_id": 1,
"type_id": 7,
"value": "badf0rm.net",
"tlp": {
"name": "WHITE"
},
"touched_at": "2017-06-20 12:01:48",
"published_at": "2017-01-01 00:00:00",
"indicators": [
{
"status_id": 1,
"type_id": 7,
"value": "an0therb@df0rm.net"
}
],
"comments": [
{
"value": "Found this during the investigation."
}
]
},
{
"type_id": 10,
"status_id": 2,
"value": "99.99.99.99",
"last_detected_at": "2019-07-11 11:31:55",
"tlp_id": 3,
"attributes": [
{
"name": "Industry",
"value": "Hospitals"
}
],
"adversaries": [
{
"id": 3
},
{
"id": 4
}
]
},
{
"type_id": 11,
"status_id": 3,
"value": "supp0rt@go0g1e.c0m",
"description": "Phishing email sender",
"sources": [
{
"name": "Digital Shadows",
"tlp": "AMBER"
}
],
"tags": [
{
"name": "Internal"
}
]
}
]Response
201Object was created successfully.
Headers
Content-Type: application/jsonBody
{
"total": 4,
"data": [
{
"type_id": 7,
"value": "badf0rm.net",
"published_at": "2017-01-01 00:00:00",
"type": "FQDN",
"hash": "e3e8b8c437ca6c8fcc7825ebbc91925d",
"id": 7199
},
{
"type_id": 10,
"value": "99.99.99.99",
"type": "IP Address",
"hash": "d225e18ca84bdaa618f9f00eb2920061",
"id": 7200
},
{
"type_id": 5,
"value": "supp0rt@go0g1e.c0m",
"description": "Phishing email sender",
"type": "Email Address",
"hash": "40922922c965cc4e61cb0770041d4344",
"id": 7202
},
{
"type_id": 7,
"value": "an0therb@df0rm.net",
"type": "FQDN",
"hash": "4df07c971acc8d7cf819b60c54f81fcd",
"id": 7201
}
]
}Response
401Access denied.
Indicator Details ¶
Indicator DetailsGET/indicators/{indicator_id}/details
Get an Indicator’s Details.
Example URI
GET /indicators/1/details
URI Parameters
- indicator_id
integer(required) Example: 1Indicator ID
Request
Headers
Authorization: Bearer <access_token>Response
200Object(s) retrieved successfully.
Body
{
"data": {
"id": 1,
"type_id": 1,
"status_id": 1,
"class": "network",
"hash": "4aba5ab07a3bda558d5d725a09d93ba6",
"value": "37.139.40.0/21",
"last_detected_at": "2015-12-06 08:46:27",
"expires_at": null,
"expired_at": null,
"expires_calculated_at": "2017-04-16 01:07:43",
"created_at": "2017-04-14 19:01:43",
"updated_at": "2017-04-16 01:07:43",
"touched_at": "2017-04-16 14:51:50",
"score": null,
"sources": [
{
"id": 6,
"type": "users",
"name": "Threat Quotient Feeds",
"tlp_id": null,
"created_at": "2017-04-14 19:01:43",
"updated_at": "2017-04-14 19:01:43",
"published_at": null,
"pivot": {
"indicator_id": 1,
"source_id": 6,
"id": 1,
"creator_source_id": 5
}
},
{
"id": 9,
"type": "users",
"name": "Primary Contributor",
"tlp_id": null,
"created_at": "2017-04-14 19:01:43",
"updated_at": "2017-04-14 19:01:43",
"published_at": null,
"pivot": {
"indicator_id": 1,
"source_id": 9,
"id": 2,
"creator_source_id": 5
}
},
{
"id": 10,
"type": "other_sources",
"name": "Source",
"tlp_id": null,
"created_at": "2017-04-16 01:07:43",
"updated_at": "2017-04-16 01:07:43",
"published_at": null,
"pivot": {
"indicator_id": 1,
"source_id": 10,
"id": 18714,
"creator_source_id": 0
}
}
],
"status": {
"id": 1,
"name": "Active",
"description": "Poses a threat and is being exported to detection tools.",
"user_editable": "N",
"visible": "Y",
"include_in_export": "Y",
"protected": "Y",
"created_at": "2017-04-14 19:01:30",
"updated_at": "2017-04-14 19:01:30"
},
"watchlist": [],
"adversaries": [
{
"id": 1,
"name": "Advanced Pawn",
"created_at": "2017-02-26 08:39:20",
"updated_at": "2017-02-26 08:39:20",
"touched_at": "2017-04-16 01:07:43",
"pivot": {
"id": 62391,
"created_at": "2017-04-16 01:07:43",
"updated_at": "2017-04-16 01:07:43"
},
"sources": [
{
"id": 2,
"type": "clients",
"name": "ThreatQ API",
"tlp_id": null,
"created_at": "2017-03-26 22:00:46",
"updated_at": "2017-04-14 19:03:41",
"published_at": null,
"pivot": {
"adversary_id": 1,
"source_id": 2,
"id": 1,
"creator_source_id": 2
}
},
{
"id": 4,
"type": "clients",
"name": "ThreatQ Scoring Plugin Access",
"tlp_id": null,
"created_at": "2017-02-06 01:09:20",
"updated_at": "2017-04-14 19:03:41",
"published_at": null,
"pivot": {
"adversary_id": 1,
"source_id": 4,
"id": 2,
"creator_source_id": 4
}
},
{
"id": 5,
"type": "users",
"name": "Threat Quotient",
"tlp_id": null,
"created_at": "2017-03-02 02:16:10",
"updated_at": "2017-04-14 19:03:41",
"published_at": null,
"pivot": {
"adversary_id": 1,
"source_id": 5,
"id": 3,
"creator_source_id": 5
}
}
]
},
{
"id": 119,
"name": "OpLastResort",
"created_at": "2017-03-10 18:39:43",
"updated_at": "2017-03-10 18:39:43",
"touched_at": "2017-04-14 19:03:41",
"pivot": {
"id": 14842,
"created_at": "2017-02-02 14:09:35",
"updated_at": "2017-04-14 19:03:23"
},
"sources": [
{
"id": 4,
"type": "clients",
"name": "ThreatQ Scoring Plugin Access",
"tlp_id": null,
"created_at": "2017-03-27 06:40:18",
"updated_at": "2017-04-14 19:03:41",
"published_at": null,
"pivot": {
"adversary_id": 119,
"source_id": 4,
"id": 240,
"creator_source_id": 4
}
},
{
"id": 6,
"type": "users",
"name": "Threat Quotient Feeds",
"tlp_id": null,
"created_at": "2017-01-23 18:37:03",
"updated_at": "2017-04-14 19:03:41",
"published_at": null,
"pivot": {
"adversary_id": 119,
"source_id": 6,
"id": 241,
"creator_source_id": 6
}
},
{
"id": 9,
"type": "users",
"name": "Primary Contributor",
"tlp_id": null,
"created_at": "2017-04-09 04:28:54",
"updated_at": "2017-04-14 19:03:41",
"published_at": null,
"pivot": {
"adversary_id": 119,
"source_id": 9,
"id": 242,
"creator_source_id": 9
}
}
]
}
],
"attachments": [
{
"id": 1,
"type_id": 1,
"title": "Crazy File",
"name": "crazy-file.exe",
"hash": "f5f39c6886a66686af0950014dffe968",
"content_type_id": 1,
"file_size": 234235236,
"malware_locked": 1,
"description": null,
"created_at": "2017-04-14 19:04:42",
"updated_at": "2017-04-14 19:04:42",
"touched_at": "2017-04-14 19:03:41",
"pivot": {
"id": 1,
"created_at": "2017-03-07 12:15:19",
"updated_at": "2017-04-14 19:03:18"
},
"sources": []
},
{
"id": 2,
"type_id": 2,
"title": "Bad Malware",
"name": "Crazy effing malware!.net.org.exe",
"hash": "350649b5b5fa5436d325cbaf482d52c7",
"content_type_id": 1,
"file_size": 134232,
"malware_locked": 1,
"description": null,
"created_at": "2017-04-13 19:04:42",
"updated_at": "2017-04-13 19:04:42",
"touched_at": "2017-04-14 19:03:41",
"pivot": {
"id": 2,
"created_at": "2017-01-22 06:30:28",
"updated_at": "2017-04-14 19:03:18"
},
"sources": []
},
{
"id": 3,
"type_id": 3,
"title": "EXE like script",
"name": "Honeybooboo.sh",
"hash": "51774564f8d78fbddbfa22e1e7459af4",
"content_type_id": 1,
"file_size": 234234,
"malware_locked": 1,
"description": null,
"created_at": "2017-04-09 19:04:42",
"updated_at": "2017-04-09 19:04:42",
"touched_at": "2017-04-14 19:03:41",
"pivot": {
"id": 3,
"created_at": "2017-02-08 10:06:50",
"updated_at": "2017-04-14 19:03:18"
},
"sources": []
}
],
"attributes": [
{
"id": 1,
"indicator_id": 1,
"attribute_id": 8,
"value": "~DF2.tmp",
"created_at": "2017-02-14 03:24:28",
"updated_at": "2017-02-14 03:24:28",
"touched_at": "2017-04-14 19:02:49",
"name": "C2",
"sources": [
{
"id": 5,
"type": "users",
"name": "Threat Quotient",
"tlp_id": null,
"created_at": "2017-04-14 19:02:36",
"updated_at": "2017-04-14 19:02:36",
"published_at": null,
"pivot": {
"indicator_attribute_id": 1,
"source_id": 5,
"id": 1,
"creator_source_id": 5
}
}
],
"attribute": {
"id": 8,
"name": "C2",
"created_at": "2017-03-22 19:03:42",
"updated_at": "2017-04-09 19:04:42"
}
},
{
"id": 2,
"indicator_id": 1,
"attribute_id": 68,
"value": "mshttp.dll",
"created_at": "2017-04-10 06:35:29",
"updated_at": "2017-04-10 06:35:29",
"touched_at": "2017-04-14 19:02:49",
"name": "Registrant",
"sources": [
{
"id": 5,
"type": "users",
"name": "Threat Quotient",
"tlp_id": null,
"created_at": "2017-04-14 19:02:36",
"updated_at": "2017-04-14 19:02:36",
"published_at": null,
"pivot": {
"indicator_attribute_id": 2,
"source_id": 5,
"id": 2,
"creator_source_id": 5
}
}
],
"attribute": {
"id": 68,
"name": "Registrant",
"created_at": "2017-03-21 19:03:42",
"updated_at": "2017-03-21 19:03:42"
}
},
{
"id": 3,
"indicator_id": 1,
"attribute_id": 34,
"value": "Win32%2FInstallMonetizer.AY",
"created_at": "2017-03-07 10:10:29",
"updated_at": "2017-03-07 10:10:29",
"touched_at": "2017-04-14 19:02:49",
"name": "File Extension",
"sources": [
{
"id": 5,
"type": "users",
"name": "Threat Quotient",
"tlp_id": null,
"created_at": "2017-04-14 19:02:36",
"updated_at": "2017-04-14 19:02:36",
"published_at": null,
"pivot": {
"indicator_attribute_id": 3,
"source_id": 5,
"id": 3,
"creator_source_id": 5
}
}
],
"attribute": {
"id": 34,
"name": "File Extension",
"created_at": "2017-03-16 19:03:42",
"updated_at": "2017-03-17 19:03:42"
}
},
{
"id": 4,
"indicator_id": 1,
"attribute_id": 97,
"value": "sysfiles",
"created_at": "2017-03-26 22:56:01",
"updated_at": "2017-03-26 22:56:01",
"touched_at": "2017-04-14 19:02:49",
"name": "Version",
"sources": [
{
"id": 5,
"type": "users",
"name": "Threat Quotient",
"tlp_id": null,
"created_at": "2017-04-14 19:02:36",
"updated_at": "2017-04-14 19:02:36",
"published_at": null,
"pivot": {
"indicator_attribute_id": 4,
"source_id": 5,
"id": 4,
"creator_source_id": 5
}
}
],
"attribute": {
"id": 97,
"name": "Version",
"created_at": "2017-03-29 19:03:42",
"updated_at": "2017-04-06 19:04:42"
}
},
{
"id": 5,
"indicator_id": 1,
"attribute_id": 35,
"value": "PC bitmap, Windows 3.x format, 497 x 497 x 24",
"created_at": "2017-03-23 06:16:10",
"updated_at": "2017-03-23 06:16:10",
"touched_at": "2017-04-14 19:02:49",
"name": "File Identifier",
"sources": [
{
"id": 5,
"type": "users",
"name": "Threat Quotient",
"tlp_id": null,
"created_at": "2017-04-14 19:02:36",
"updated_at": "2017-04-14 19:02:36",
"published_at": null,
"pivot": {
"indicator_attribute_id": 5,
"source_id": 5,
"id": 5,
"creator_source_id": 5
}
}
],
"attribute": {
"id": 35,
"name": "File Identifier",
"created_at": "2017-04-06 19:04:42",
"updated_at": "2017-03-30 19:03:42"
}
},
{
"id": 6,
"indicator_id": 1,
"attribute_id": 97,
"value": "XML 1.0 document, UTF-8 Unicode (with BOM) text, with CRLF line terminators",
"created_at": "2017-02-12 16:21:53",
"updated_at": "2017-02-12 16:21:53",
"touched_at": "2017-04-14 19:02:49",
"name": "Version",
"sources": [
{
"id": 5,
"type": "users",
"name": "Threat Quotient",
"tlp_id": null,
"created_at": "2017-04-14 19:02:36",
"updated_at": "2017-04-14 19:02:36",
"published_at": null,
"pivot": {
"indicator_attribute_id": 6,
"source_id": 5,
"id": 6,
"creator_source_id": 5
}
}
],
"attribute": {
"id": 97,
"name": "Version",
"created_at": "2017-03-29 19:03:42",
"updated_at": "2017-04-06 19:04:42"
}
},
{
"id": 7,
"indicator_id": 1,
"attribute_id": 58,
"value": "Trojan.Win32.PCPerformer.BB",
"created_at": "2017-01-20 10:25:16",
"updated_at": "2017-01-20 10:25:16",
"touched_at": "2017-04-14 19:02:49",
"name": "Network Identifier",
"sources": [
{
"id": 5,
"type": "users",
"name": "Threat Quotient",
"tlp_id": null,
"created_at": "2017-04-14 19:02:36",
"updated_at": "2017-04-14 19:02:36",
"published_at": null,
"pivot": {
"indicator_attribute_id": 7,
"source_id": 5,
"id": 7,
"creator_source_id": 5
}
}
],
"attribute": {
"id": 58,
"name": "Network Identifier",
"created_at": "2017-04-11 19:04:42",
"updated_at": "2017-04-07 19:04:42"
}
},
{
"id": 41258,
"indicator_id": 1,
"attribute_id": 255,
"value": "New Value",
"created_at": "2017-04-16 00:34:25",
"updated_at": "2017-04-16 00:44:03",
"touched_at": "2017-04-16 00:44:03",
"name": "Test Attribute",
"sources": [
{
"id": 5,
"type": "users",
"name": "Threat Quotient",
"tlp_id": 0,
"created_at": "2017-04-16 00:44:03",
"updated_at": "2017-04-16 00:44:03",
"published_at": null,
"pivot": {
"indicator_attribute_id": 41258,
"source_id": 5,
"id": 152,
"creator_source_id": 5
}
},
{
"id": 11,
"type": "other_sources",
"name": "Test Source",
"tlp_id": 1,
"created_at": "2017-04-16 00:34:25",
"updated_at": "2017-04-16 00:34:25",
"published_at": "2017-02-28 00:00:00",
"pivot": {
"indicator_attribute_id": 41258,
"source_id": 11,
"id": 151,
"creator_source_id": 5
},
"tlp": {
"id": 1,
"name": "RED",
"description": "Red",
"value": 0,
"user_editable": "N",
"created_at": "2017-04-14 19:01:11",
"updated_at": "2017-04-14 19:01:11"
}
}
],
"attribute": {
"id": 255,
"name": "Test Attribute",
"created_at": "2017-04-16 00:34:25",
"updated_at": "2017-04-16 00:34:25"
}
},
{
"id": 41259,
"indicator_id": 1,
"attribute_id": 13,
"value": "High",
"created_at": "2017-04-16 01:07:43",
"updated_at": "2017-04-16 01:07:43",
"touched_at": "2017-04-16 01:07:43",
"name": "Confidence",
"sources": [
{
"id": 5,
"type": "users",
"name": "Threat Quotient",
"tlp_id": null,
"created_at": "2017-04-16 01:07:43",
"updated_at": "2017-04-16 01:07:43",
"published_at": null,
"pivot": {
"indicator_attribute_id": 41259,
"source_id": 5,
"id": 154,
"creator_source_id": 5
}
}
],
"attribute": {
"id": 13,
"name": "Confidence",
"created_at": "2017-04-07 19:04:42",
"updated_at": "2017-03-29 19:03:42"
}
},
{
"id": 41260,
"indicator_id": 1,
"attribute_id": 66,
"value": "4000",
"created_at": "2017-04-16 01:07:43",
"updated_at": "2017-04-16 01:07:43",
"touched_at": "2017-04-16 01:07:43",
"name": "Port",
"sources": [
{
"id": 5,
"type": "users",
"name": "Threat Quotient",
"tlp_id": null,
"created_at": "2017-04-16 01:07:43",
"updated_at": "2017-04-16 01:07:43",
"published_at": null,
"pivot": {
"indicator_attribute_id": 41260,
"source_id": 5,
"id": 155,
"creator_source_id": 5
}
}
],
"attribute": {
"id": 66,
"name": "Port",
"created_at": "2017-03-31 19:03:42",
"updated_at": "2017-04-04 19:04:42"
}
},
{
"id": 41261,
"indicator_id": 1,
"attribute_id": 254,
"value": "http",
"created_at": "2017-04-16 01:07:43",
"updated_at": "2017-04-16 01:07:43",
"touched_at": "2017-04-16 01:07:43",
"name": "Scheme",
"sources": [
{
"id": 5,
"type": "users",
"name": "Threat Quotient",
"tlp_id": null,
"created_at": "2017-04-16 01:07:43",
"updated_at": "2017-04-16 01:07:43",
"published_at": null,
"pivot": {
"indicator_attribute_id": 41261,
"source_id": 5,
"id": 156,
"creator_source_id": 5
}
}
],
"attribute": {
"id": 254,
"name": "Scheme",
"created_at": "2017-04-14 19:05:48",
"updated_at": "2017-04-14 19:05:48"
}
}
],
"comments": [
{
"id": 54,
"indicator_id": 1,
"value": "This indicator is really suspicious.",
"creator_source_id": 5,
"created_at": "2017-04-16 14:39:28",
"updated_at": "2017-04-16 14:44:26",
"sources": [
{
"id": 5,
"type": "users",
"name": "Threat Quotient",
"expire_days": null,
"score": null,
"created_at": "2017-04-14 19:01:42",
"updated_at": "2017-04-14 19:01:42",
"pivot": {
"id": 54,
"creator_source_id": 5
}
}
]
},
{
"id": 55,
"indicator_id": 1,
"value": "This is another comment.",
"creator_source_id": 5,
"created_at": "2017-04-16 14:51:50",
"updated_at": "2017-04-16 14:51:50",
"sources": [
{
"id": 5,
"type": "users",
"name": "Threat Quotient",
"expire_days": null,
"score": null,
"created_at": "2017-04-14 19:01:42",
"updated_at": "2017-04-14 19:01:42",
"pivot": {
"id": 55,
"creator_source_id": 5
}
}
]
}
],
"events": [
{
"id": 108,
"type_id": 1,
"title": "Subject - I wonder what I was.",
"description": "",
"happened_at": "2017-01-31 07:56:14",
"hash": "ce88a4c27ce2921f43d257b2039f6f34",
"created_at": "2017-01-31 07:56:14",
"updated_at": "2017-01-31 07:56:14",
"touched_at": "2017-04-14 19:03:43",
"pivot": {
"id": 29859,
"created_at": "2017-02-27 05:21:19",
"updated_at": "2017-04-14 19:03:30"
},
"sources": [
{
"id": 4,
"type": "clients",
"name": "ThreatQ Scoring Plugin Access",
"tlp_id": null,
"created_at": "2017-01-22 06:33:45",
"updated_at": "2017-04-14 19:03:43",
"published_at": null,
"pivot": {
"event_id": 108,
"source_id": 4,
"id": 233,
"creator_source_id": 4
}
}
],
"type": {
"id": 1,
"name": "Spearphish",
"user_editable": "N",
"created_at": "2017-04-14 19:01:09",
"updated_at": "2017-04-14 19:01:09"
}
}
],
"indicators": [
{
"id": 7353,
"type_id": 20,
"status_id": 4,
"class": "network",
"hash": "7156f2fb545942cab40741af564201be",
"value": "guiltiest.realitytv.mobi/topic/31277-pond-caveats-decries-stripes-remedial-unrepentant-allegiances/",
"last_detected_at": "1978-10-09 12:04:58",
"expires_at": null,
"expired_at": null,
"expires_calculated_at": null,
"created_at": "2017-04-14 19:02:44",
"updated_at": "2017-04-14 19:02:44",
"touched_at": "2017-04-14 19:03:40",
"pivot": {
"id": 44904,
"created_at": "2017-02-12 16:06:49",
"updated_at": "2017-04-14 19:03:35"
},
"sources": [
{
"id": 1,
"type": "clients",
"name": "ThreatQ Front End",
"tlp_id": null,
"created_at": "2017-04-14 19:02:46",
"updated_at": "2017-04-14 19:02:46",
"published_at": null,
"pivot": {
"indicator_id": 7353,
"source_id": 1,
"id": 17524,
"creator_source_id": 5
}
},
{
"id": 6,
"type": "users",
"name": "Threat Quotient Feeds",
"tlp_id": null,
"created_at": "2017-04-14 19:02:46",
"updated_at": "2017-04-14 19:02:46",
"published_at": null,
"pivot": {
"indicator_id": 7353,
"source_id": 6,
"id": 17525,
"creator_source_id": 5
}
},
{
"id": 7,
"type": "users",
"name": "Customer Admin",
"tlp_id": null,
"created_at": "2017-04-14 19:02:46",
"updated_at": "2017-04-14 19:02:46",
"published_at": null,
"pivot": {
"indicator_id": 7353,
"source_id": 7,
"id": 17523,
"creator_source_id": 5
}
}
],
"type": {
"id": 20,
"name": "URL",
"class": "network",
"score": null,
"wildcard_matching": "Y",
"created_at": "2017-04-14 19:01:07",
"updated_at": "2017-04-14 19:01:07",
"plugins": []
}
}
],
"type": {
"id": 1,
"name": "CIDR Block",
"class": "network",
"score": null,
"wildcard_matching": "Y",
"created_at": "2017-04-14 19:01:07",
"updated_at": "2017-04-14 19:01:07",
"plugins": []
},
"signatures": []
}
}Response
401Access denied.
Response
404Object not found.
Indicator Events List ¶
Get ListGET/indicators/{indicator_id}/events{?limit,offset,sort,with}
Get a list of Indicator Event links.
Example URI
GET /indicators/1/events?limit=500&offset=100&sort=id&with=sources,pivot.attributes
URI Parameters
- indicator_id
integer(required) Example: 1Indicator ID
- limit
integer(optional) Example: 500The maximum number of records to retrieve.
- offset
integer(optional) Example: 100Designate the record that will appear first in your retrieved list.
- sort
string(optional) Example: idDesignate the field(s) you want to use to sort the retrieved list. You can prepend each field with a minus sign (-) to reverse the sorting order. This string can be a list of comma-separated values.
- with
string(optional) Example: sources,pivot.attributesA comma-separated list of related objects to include in the response. Options for this endpoint: pivot.comments, pivot.comments.sources, pivot.attributes, pivot.attributes.attribute, pivot.attributes.sources, pivot.sources, sources.
Request
Headers
Authorization: Bearer <access_token>Response
200Object(s) retrieved successfully.
Body
{
"total": 2,
"data": [
{
"id": 13,
"type_id": 1,
"title": "Origin - http://halvorson.com/quia-reprehenderit-ullam-aut-accusantium-iusto-voluptas-omnis",
"description": "",
"happened_at": "2018-01-25 03:17:53",
"hash": "0ba76d18a6e5350a8e5979b5676bc8c8",
"created_at": "2018-01-25 03:17:53",
"updated_at": "2018-01-25 03:17:53",
"touched_at": "2018-04-03 15:34:22",
"deleted_at": null,
"sources": [
{
"name": "Threat Quotient"
}
],
"pivot": {
"id": 61077,
"src_type": "adversary",
"src_object_id": 1,
"dest_type": "event",
"dest_object_id": 13,
"created_at": "2018-02-26 00:36:06",
"updated_at": "2018-04-03 15:34:20",
"comments": [
{
"id": 55,
"type": "users",
"value": "This is important.",
"source": "Threat Quotient",
"created_at": "2018-04-04 14:42:46.690000",
"updated_at": "2018-04-04 14:42:46.690000",
"creator_source_id": 8
}
],
"attributes": [
{
"id": 14948,
"name": "Industry",
"value": "Universities",
"sources": [
{
"id": 1,
"name": "Threat Quotient",
"type": "users",
"pivot": {
"created_at": "0000-00-00 00:00:00",
"updated_at": "0000-00-00 00:00:00"
}
}
]
}
],
"sources": [
{
"id": 22414,
"name": "Threat Quotient",
"type": "clients",
"pivot": {
"created_at": "2018-03-05 22:01:33",
"updated_at": "2018-04-03 15:34:22.693000"
}
}
]
}
},
{
"id": 46,
"type_id": 1,
"title": "Origin - http://kling.com/voluptate-nihil-sit-est-aut",
"description": "",
"happened_at": "2017-12-31 23:17:05",
"hash": "e2e96a1516420fc05ad8ac04de52bd89",
"created_at": "2017-12-31 23:17:05",
"updated_at": "2017-12-31 23:17:05",
"touched_at": "2018-04-03 15:34:22",
"deleted_at": null,
"sources": [
{
"name": "Domain Tools"
},
{
"name": "Emerging Threats"
},
{
"name": "VirusTotal"
}
],
"pivot": {
"id": 61144,
"src_type": "adversary",
"src_object_id": 1,
"dest_type": "event",
"dest_object_id": 46,
"created_at": "2018-03-01 23:54:52",
"updated_at": "2018-04-03 15:34:20",
"comments": [
{
"id": 56,
"type": "users",
"value": "This is also important.",
"source": "Threat Quotient",
"created_at": "2018-04-04 14:43:10.692000",
"updated_at": "2018-04-04 14:43:10.692000",
"creator_source_id": 8
}
],
"attributes": [
{
"id": 14949,
"name": "Industry",
"value": "Mining",
"sources": [
{
"id": 2,
"name": "Threat Quotient",
"type": "users",
"pivot": {
"created_at": "0000-00-00 00:00:00",
"updated_at": "0000-00-00 00:00:00"
}
}
]
}
],
"sources": [
{
"id": 22513,
"name": "Threat Quotient",
"type": "users",
"pivot": {
"created_at": "2018-02-24 09:36:30",
"updated_at": "2018-04-03 15:34:22.693000"
}
},
{
"id": 22514,
"name": "Customer Observer",
"type": "users",
"pivot": {
"created_at": "2018-02-25 22:27:11",
"updated_at": "2018-04-03 15:34:22.693000"
}
}
]
}
}
],
"limit": 100,
"offset": 0
}Response
401Access denied.
Create NewPOST/indicators/{indicator_id}/events
Create a link from an Indicator to an Event.
Example URI
POST /indicators/1/events
URI Parameters
- indicator_id
integer(required) Example: 1Indicator ID
Request
Headers
Content-Type: application/json
Authorization: Bearer <access_token>Body
[
{
"id": 2
},
{
"id": 3
}
]Response
201Object was created successfully.
Headers
Content-Type: application/jsonBody
{
"total": 1,
"data": [
{
"id": 202,
"type_id": 2,
"title": "Origin - http://www.durgan.biz/vel-omnis-impedit-at-quod-quasi-reiciendis.html",
"description": "",
"happened_at": "2016-12-05 20:01:48",
"hash": "d13e682a5d567d51b99f676b7bdef980",
"created_at": "2016-12-05 20:01:48",
"updated_at": "2016-12-05 20:01:48",
"touched_at": "2017-02-28 20:14:59",
"pivot": {
"id": 62396,
"created_at": "2017-03-01 20:55:10",
"updated_at": "2017-03-01 20:55:10"
}
}
]
}Response
400Validation failed.
Headers
Content-Type: application/jsonBody
{
"data": [
{
"errors": {
"id": [
"The id field is required."
]
}
}
]
}Response
401Access denied.
Bulk DeleteDELETE/indicators/{indicator_id}/events
Delete multiple Indicator Event links. The request should include a list of object_link_ids to be deleted.
Example URI
DELETE /indicators/1/events
URI Parameters
- indicator_id
integer(required) Example: 1Indicator ID
Request
Headers
Content-Type: application/json
Authorization: Bearer <access_token>Body
[
62351,
62352
]Response
204Object(s) were successfully deleted.
Response
401Access denied.
Indicator Event ¶
Get SingleGET/indicators/{indicator_id}/events/{object_link_id}{?with}
Get a single Indicator Event link.
Example URI
GET /indicators/1/events/2?with=sources,pivot.attributes
URI Parameters
- indicator_id
integer(required) Example: 1Indicator ID
- object_link_id
integer(required) Example: 2Object Link ID
- with
string(optional) Example: sources,pivot.attributesA comma-separated list of related objects to include in the response. Options for this endpoint: pivot.comments, pivot.comments.sources, pivot.attributes, pivot.attributes.attribute, pivot.attributes.sources, pivot.sources, sources.
Request
Headers
Authorization: Bearer <access_token>Response
200Object(s) retrieved successfully.
Body
{
"data": {
"id": 13,
"type_id": 1,
"title": "Origin - http://halvorson.com/quia-reprehenderit-ullam-aut-accusantium-iusto-voluptas-omnis",
"description": "",
"happened_at": "2018-01-25 03:17:53",
"hash": "0ba76d18a6e5350a8e5979b5676bc8c8",
"created_at": "2018-01-25 03:17:53",
"updated_at": "2018-01-25 03:17:53",
"touched_at": "2018-04-03 15:34:22",
"pivot": {
"id": 61077,
"created_at": "2018-02-26 00:36:06",
"updated_at": "2018-04-03 15:34:20",
"comments": [
{
"id": 55,
"object_link_id": 61077,
"value": "This is important.",
"creator_source_id": 8,
"created_at": "2018-04-04 14:42:46",
"updated_at": "2018-04-04 14:42:46",
"sources": [
{
"id": 8,
"type": "users",
"name": "Threat Quotient",
"expire_days": null,
"score": null,
"created_at": "2018-04-03 15:31:57",
"updated_at": "2018-04-03 15:31:57",
"pivot": {
"id": 55,
"creator_source_id": 8
}
}
]
}
],
"attributes": [
{
"id": 14948,
"object_link_id": 61077,
"attribute_id": 135,
"value": "Universities",
"created_at": "2018-04-04 14:38:39",
"updated_at": "2018-04-04 14:38:39",
"name": "Industry",
"attribute": {
"id": 135,
"name": "Industry",
"created_at": "2018-04-03 19:41:04",
"updated_at": "2018-04-03 19:41:04"
},
"sources": [
{
"id": 8,
"type": "users",
"name": "Threat Quotient",
"tlp_id": null,
"created_at": "-0001-11-30 00:00:00",
"updated_at": "-0001-11-30 00:00:00",
"published_at": null,
"pivot": {
"object_link_attribute_id": 14948,
"source_id": 8,
"id": 1,
"creator_source_id": 0
}
}
]
}
],
"sources": [
{
"id": 2,
"type": "clients",
"name": "Threat Quotient",
"tlp_id": null,
"created_at": "2018-03-05 22:01:33",
"updated_at": "2018-04-03 15:34:22",
"published_at": null,
"pivot": {
"object_link_id": 61077,
"source_id": 2,
"id": 22414,
"creator_source_id": 2
}
}
]
},
"sources": [
{
"id": 8,
"type": "users",
"name": "Threat Quotient",
"tlp_id": null,
"created_at": "2018-02-24 22:23:15",
"updated_at": "2018-04-03 15:34:22",
"published_at": null,
"pivot": {
"event_id": 13,
"source_id": 8,
"id": 27,
"creator_source_id": 8
}
}
]
}
}Response
401Access denied.
Response
404Object not found.
DeleteDELETE/indicators/{indicator_id}/events/{object_link_id}
Delete an Indicator Event link.
Example URI
DELETE /indicators/1/events/2
URI Parameters
- indicator_id
integer(required) Example: 1Indicator ID
- object_link_id
integer(required) Example: 2Object Link ID
Request
Headers
Authorization: Bearer <access_token>Response
204Object(s) were successfully deleted.
Response
401Access denied.
Response
404Object not found.
Indicator Event Attributes List ¶
Get ListGET/indicators/{indicator_id}/events/{object_link_id}/attributes{?limit,offset,sort}
Get a list of Indicator Event link Attributes.
Example URI
GET /indicators/1/events/2/attributes?limit=500&offset=100&sort=id
URI Parameters
- indicator_id
integer(required) Example: 1Indicator ID
- object_link_id
integer(required) Example: 2Object Link ID
- limit
integer(optional) Example: 500The maximum number of records to retrieve.
- offset
integer(optional) Example: 100Designate the record that will appear first in your retrieved list.
- sort
string(optional) Example: idDesignate the field(s) you want to use to sort the retrieved list. You can prepend each field with a minus sign (-) to reverse the sorting order. This string can be a list of comma-separated values.
Request
Headers
Authorization: Bearer <access_token>Response
200Object(s) retrieved successfully.
Body
{
"total": 2,
"data": [
{
"id": 15067,
"object_link_id": 62326,
"attribute_id": 136,
"value": "Universities",
"created_at": "2018-04-02 17:46:43",
"updated_at": "2018-04-02 17:50:18",
"name": "Industry",
"attribute": {
"id": 136,
"name": "Industry",
"created_at": "2018-04-02 16:25:21",
"updated_at": "2018-04-02 16:25:21"
}
},
{
"id": 15068,
"object_link_id": 62326,
"attribute_id": 136,
"value": "Mining",
"created_at": "2018-04-02 17:52:14",
"updated_at": "2018-04-02 17:52:14",
"name": "Industry",
"attribute": {
"id": 136,
"name": "Industry",
"created_at": "2018-04-02 16:25:21",
"updated_at": "2018-04-02 16:25:21"
}
}
]
}Response
401Access denied.
Create NewPOST/indicators/{indicator_id}/events/{object_link_id}/attributes
Create a new Indicator Event link Attribute.
Example URI
POST /indicators/1/events/2/attributes
URI Parameters
- indicator_id
integer(required) Example: 1Indicator ID
- object_link_id
integer(required) Example: 2Object Link ID
Request
Headers
Content-Type: application/json
Authorization: Bearer <access_token>Body
{
"name": "Port",
"value": "4000",
"sources": [
{
"name": "TQ User",
"tlp": {
"name": "RED"
},
"published_at": "2017-02-28 01:01:01"
}
]
}Response
201Object was created successfully.
Headers
Content-Type: application/jsonBody
{
"data": [
{
"id": 15059,
"object_link_id": 61561,
"attribute_id": 401,
"value": "4000",
"created_at": "2017-03-01 21:47:14",
"updated_at": "2017-03-01 21:47:14",
"deleted_at": null
}
]
}Response
400Validation failed.
Headers
Content-Type: application/jsonBody
{
"errors": [
"Undefined index: value"
]
}Response
401Access denied.
Indicator Event Attribute ¶
Get SingleGET/indicators/{indicator_id}/events/{object_link_id}/attributes/{object_link_attribute_id}
Get a single Indicator Event link Attribute.
Example URI
GET /indicators/1/events/2/attributes/3
URI Parameters
- indicator_id
integer(required) Example: 1Indicator ID
- object_link_id
integer(required) Example: 2Object Link ID
- object_link_attribute_id
integer(required) Example: 3Object Link Attribute ID
Request
Headers
Authorization: Bearer <access_token>Response
200Object(s) retrieved successfully.
Body
{
"data": {
"id": 15068,
"object_link_id": 62326,
"attribute_id": 136,
"value": "Mining",
"created_at": "2018-04-02 17:52:14",
"updated_at": "2018-04-02 17:52:14",
"name": "Industry",
"attribute": {
"id": 136,
"name": "Industry",
"created_at": "2018-04-02 16:25:21",
"updated_at": "2018-04-02 16:25:21"
}
}
}Response
401Access denied.
Response
404Object not found.
UpdatePUT/indicators/{indicator_id}/events/{object_link_id}/attributes/{object_link_attribute_id}
Update an Indicator Event link Attribute.
Example URI
PUT /indicators/1/events/2/attributes/3
URI Parameters
- indicator_id
integer(required) Example: 1Indicator ID
- object_link_id
integer(required) Example: 2Object Link ID
- object_link_attribute_id
integer(required) Example: 3Object Link Attribute ID
Request
Headers
Content-Type: application/json
Authorization: Bearer <access_token>Body
{
"value": "New Value",
"tlp": {
"name": "RED"
}
}Response
200Object(s) retrieved successfully.
Body
{
"data": [
{
"id": 15058,
"object_link_id": 61561,
"attribute_id": 14,
"value": "New Value",
"created_at": "2017-01-24 14:54:31",
"updated_at": "2017-03-01 22:13:22",
"deleted_at": null
}
]
}Response
400Validation failed.
Headers
Content-Type: application/jsonBody
{
"errors": [
"Undefined index: value"
]
}Response
401Access denied.
Response
404Object not found.
DeleteDELETE/indicators/{indicator_id}/events/{object_link_id}/attributes/{object_link_attribute_id}
Delete an Indicator Event link Attribute.
Example URI
DELETE /indicators/1/events/2/attributes/3
URI Parameters
- indicator_id
integer(required) Example: 1Indicator ID
- object_link_id
integer(required) Example: 2Object Link ID
- object_link_attribute_id
integer(required) Example: 3Object Link Attribute ID
Request
Headers
Authorization: Bearer <access_token>Response
204Object(s) were successfully deleted.
Response
401Access denied.
Response
404Object not found.
Indicator Event Comments List ¶
Get ListGET/indicators/{indicator_id}/events/{object_link_id}/comments{?limit,offset,sort,with}
Get a list of Indicator Event link Comments.
Example URI
GET /indicators/1/events/2/comments?limit=500&offset=100&sort=id&with=sources
URI Parameters
- indicator_id
integer(required) Example: 1Indicator ID
- object_link_id
integer(required) Example: 2Object Link ID
- limit
integer(optional) Example: 500The maximum number of records to retrieve.
- offset
integer(optional) Example: 100Designate the record that will appear first in your retrieved list.
- sort
string(optional) Example: idDesignate the field(s) you want to use to sort the retrieved list. You can prepend each field with a minus sign (-) to reverse the sorting order. This string can be a list of comma-separated values.
- with
string(optional) Example: sourcesA comma-separated list of related objects to include in the response. Options for this endpoint: sources.
Request
Headers
Authorization: Bearer <access_token>Response
200Object(s) retrieved successfully.
Body
{
"total": 2,
"data": [
{
"id": 54,
"object_link_id": 62325,
"value": "This has some suspicious stuff.",
"creator_source_id": 8,
"created_at": "2018-04-02 16:19:51",
"updated_at": "2018-04-02 18:21:06",
"sources": [
{
"id": 8,
"type": "users",
"name": "Threat Quotient",
"expire_days": null,
"score": null,
"created_at": "2018-04-02 15:47:21",
"updated_at": "2018-04-02 15:47:21",
"pivot": {
"id": 54,
"creator_source_id": 8
}
}
]
},
{
"id": 56,
"object_link_id": 62325,
"value": "Compile date: 10/17/2011",
"creator_source_id": 8,
"created_at": "2018-04-02 16:20:25",
"updated_at": "2018-04-02 16:20:25",
"sources": [
{
"id": 8,
"type": "users",
"name": "Threat Quotient",
"expire_days": null,
"score": null,
"created_at": "2018-04-02 15:47:21",
"updated_at": "2018-04-02 15:47:21",
"pivot": {
"id": 56,
"creator_source_id": 8
}
}
]
}
]
}Response
401Access denied.
Create NewPOST/indicators/{indicator_id}/events/{object_link_id}/comments
Create a new Indicator Event link Comment.
Example URI
POST /indicators/1/events/2/comments
URI Parameters
- indicator_id
integer(required) Example: 1Indicator ID
- object_link_id
integer(required) Example: 2Object Link ID
Request
Headers
Content-Type: application/json
Authorization: Bearer <access_token>Body
{
"value": "This is a comment."
}Response
201Object was created successfully.
Headers
Content-Type: application/jsonBody
{
"data": {
"creator_source_id": 5,
"id": 69,
"value": "This is a comment.",
"sources": [
{
"id": 5,
"name": "Threat Quotient"
}
],
"created_at": "2017-03-02 14:12:32",
"updated_at": "2017-03-02 14:12:32"
}
}Response
400Validation failed.
Headers
Content-Type: application/jsonBody
{
"errors": [
"Undefined index: value"
]
}Response
401Access denied.
Indicator Event Comment ¶
Get SingleGET/indicators/{indicator_id}/events/{object_link_id}/comments/{object_link_comment_id}
Get a single Indicator Event link Comment.
Example URI
GET /indicators/1/events/2/comments/3
URI Parameters
- indicator_id
integer(required) Example: 1Indicator ID
- object_link_id
integer(required) Example: 2Object Link ID
- object_link_comment_id
integer(required) Example: 3Object Link Comment ID
Request
Headers
Authorization: Bearer <access_token>Response
200Object(s) retrieved successfully.
Body
{
"data": {
"id": 54,
"value": "This is a comment.",
"sources": [
{
"id": 5,
"name": "Threat Quotient"
}
],
"created_at": "2017-03-02 23:18:29",
"updated_at": "2017-03-02 23:18:29"
}
}Response
401Access denied.
Response
404Object not found.
UpdatePUT/indicators/{indicator_id}/events/{object_link_id}/comments/{object_link_comment_id}
Update an Indicator Event link Comment.
Example URI
PUT /indicators/1/events/2/comments/3
URI Parameters
- indicator_id
integer(required) Example: 1Indicator ID
- object_link_id
integer(required) Example: 2Object Link ID
- object_link_comment_id
integer(required) Example: 3Object Link Comment ID
Request
Headers
Content-Type: application/json
Authorization: Bearer <access_token>Body
{
"value": "This is an updated comment."
}Response
201Object was created successfully.
Headers
Content-Type: application/jsonBody
{
"data": {
"creator_source_id": 5,
"value": "This is an updated comment.",
"id": 67,
"sources": [
{
"id": 5,
"name": "Threat Quotient"
}
],
"created_at": "2017-02-28 20:18:50",
"updated_at": "2017-03-02 14:37:49"
}
}Response
400Validation failed.
Headers
Content-Type: application/jsonBody
{
"data": {
"creator_source_id": 5,
"errors": {
"value": [
"The value field is required."
]
}
}
}Response
401Access denied.
Response
404Object not found.
DeleteDELETE/indicators/{indicator_id}/events/{object_link_id}/comments/{object_link_comment_id}
Delete an Indicator Event link Comment.
Example URI
DELETE /indicators/1/events/2/comments/3
URI Parameters
- indicator_id
integer(required) Example: 1Indicator ID
- object_link_id
integer(required) Example: 2Object Link ID
- object_link_comment_id
integer(required) Example: 3Object Link Comment ID
Request
Headers
Authorization: Bearer <access_token>Response
204Object(s) were successfully deleted.
Response
401Access denied.
Response
404Object not found.
Indicator Expiration ¶
Indicator ExpirationPUT/indicators/{indicator_id}/expiration
Bump an Indicator’s Expiration date by a number of days.
Example URI
PUT /indicators/1/expiration
URI Parameters
- indicator_id
integer(required) Example: 1Indicator ID
Request
Headers
Content-Type: application/json
Authorization: Bearer <access_token>Body
{
"days": 10
}Response
201Object was created successfully.
Headers
Content-Type: application/jsonBody
{
"data": {
"expires_at": "2017-05-08 00:00:00"
}
}Response
500Internal Server Error.
Body
{
"errors": {
"days": [
"The days field is required."
]
}
}
{
"errors": {
"days": [
"The days must be an integer."
]
}
}Response
401Access denied.
Response
404Object not found.
Indicator Indicators List ¶
Get ListGET/indicators/{indicator_id}/indicators{?limit,offset,sort,with}
Get a list of Indicator Indicator links.
Example URI
GET /indicators/1/indicators?limit=500&offset=100&sort=id&with=sources,pivot.attributes
URI Parameters
- indicator_id
integer(required) Example: 1Indicator ID
- limit
integer(optional) Example: 500The maximum number of records to retrieve.
- offset
integer(optional) Example: 100Designate the record that will appear first in your retrieved list.
- sort
string(optional) Example: idDesignate the field(s) you want to use to sort the retrieved list. You can prepend each field with a minus sign (-) to reverse the sorting order. This string can be a list of comma-separated values.
- with
string(optional) Example: sources,pivot.attributesA comma-separated list of related objects to include in the response. Options for this endpoint: pivot.comments, pivot.comments.sources, pivot.attributes, pivot.attributes.attribute, pivot.attributes.sources, pivot.sources, sources.
Request
Headers
Authorization: Bearer <access_token>Response
200Object(s) retrieved successfully.
Body
{
"total": 2,
"data": [
{
"id": 24,
"type_id": 3,
"status_id": 3,
"class": "network",
"hash": "bc77846655cdf4c183713a59f8c2a8f1",
"value": "brendon57@hotmail.com",
"description": null,
"last_detected_at": "2002-06-23 14:29:54",
"expires_at": null,
"expired_at": null,
"expires_needs_calc": "Y",
"expires_calculated_at": null,
"created_at": "2018-04-04 19:28:34",
"updated_at": "2018-04-04 19:28:34",
"touched_at": "2018-04-04 19:30:57",
"deleted_at": null,
"sources": [
{
"name": "ThreatQ Example Feed"
}
],
"pivot": {
"id": 14896,
"src_type": "indicator",
"src_object_id": 24,
"dest_type": "adversary",
"dest_object_id": 1,
"created_at": "2018-04-04 19:28:34",
"updated_at": "2018-04-04 19:28:34",
"comments": [
{
"id": 54,
"type": "users",
"value": "This link is important.",
"created_at": "2018-04-04 20:05:39.284000",
"updated_at": "2018-04-04 20:05:39.284000",
"creator_source_id": 8,
"sources": [
{
"id": 8,
"name": "Threat Quotient"
}
]
}
],
"attributes": [
{
"id": 43,
"name": "Confidence",
"value": "75",
"sources": [
{
"id": 1,
"name": "Threat Quotient",
"type": "users",
"pivot": {
"created_at": "0000-00-00 00:00:00",
"updated_at": "0000-00-00 00:00:00"
}
}
]
}
],
"sources": [
{
"id": 62,
"name": "VirusTotal",
"type": "plugins",
"pivot": {
"created_at": "2018-02-19 02:14:29",
"updated_at": "2018-04-04 19:30:59.439000"
}
}
]
}
},
{
"id": 74,
"type_id": 3,
"status_id": 3,
"class": "network",
"hash": "890a7aa3415d8b4fa39d9f51a026b7d8",
"value": "hazel.kilback@hotmail.com",
"description": null,
"last_detected_at": "1992-07-15 20:23:27",
"expires_at": null,
"expired_at": null,
"expires_needs_calc": "Y",
"expires_calculated_at": null,
"created_at": "2018-04-04 19:28:35",
"updated_at": "2018-04-04 19:28:35",
"touched_at": "2018-04-04 19:30:57",
"deleted_at": null,
"sources": [
{
"name": "Customer Admin"
}
],
"pivot": {
"id": 14991,
"src_type": "indicator"",
"src_object_id": 74,
"dest_type": "adversary",
"dest_object_id": 1,
"created_at": "2018-04-04 19:28:35",
"updated_at": "2018-04-04 19:28:35",
"comments": [
{
"id": 56,
"type": "users",
"value": "This link is also important.",
"created_at": "2018-04-04 20:09:29.324000",
"updated_at": "2018-04-04 20:09:29.324000",
"creator_source_id": 8,
"sources": [
{
"id": 8,
"name": "Threat Quotient"
}
]
}
],
"attributes": [
{
"id": 138,
"name": "Confidence",
"value": "75",
"sources": [
{
"id": 2,
"name": "Threat Quotient",
"type": "users",
"pivot": {
"created_at": "0000-00-00 00:00:00",
"updated_at": "0000-00-00 00:00:00"
}
}
]
}
],
"sources": [
{
"id": 200,
"name": "Emerging Threats",
"type": "plugins",
"pivot": {
"created_at": "2018-01-13 11:24:36",
"updated_at": "2018-04-04 19:30:59.439000"
}
}
]
}
}
],
"limit": 2,
"offset": 0
}Response
401Access denied.
Create NewPOST/indicators/{indicator_id}/indicators
Create a link from an Indicator to another Indicator.
Example URI
POST /indicators/1/indicators
URI Parameters
- indicator_id
integer(required) Example: 1Indicator ID
Request
Headers
Content-Type: application/json
Authorization: Bearer <access_token>Body
[
{
"id": 2
},
{
"id": 3
}
]Response
201Object was created successfully.
Headers
Content-Type: application/jsonBody
{
"total": 1,
"data": [
{
"id": 202,
"type_id": 2,
"status_id": 3,
"class": "network",
"hash": "bba60e76a34af96122b9f44e67ae8ea7",
"value": "oolson@yahoo.com",
"last_detected_at": "2013-12-13 08:58:00",
"expires_at": null,
"expired_at": null,
"expires_calculated_at": null,
"created_at": "2017-02-28 20:13:19",
"updated_at": "2017-02-28 20:13:19",
"touched_at": "2017-03-02 14:57:32",
"pivot": {
"id": 62397,
"created_at": "2017-03-02 14:57:32",
"updated_at": "2017-03-02 14:57:32"
}
}
]
}Response
400Validation failed.
Headers
Content-Type: application/jsonBody
{
"data": [
{
"errors": {
"id": [
"The id field is required."
]
}
}
]
}Response
401Access denied.
Bulk DeleteDELETE/indicators/{indicator_id}/indicators
Delete multiple Indicator Indicator links. The request should include a list of object_link_ids to be deleted.
Example URI
DELETE /indicators/1/indicators
URI Parameters
- indicator_id
integer(required) Example: 1Indicator ID
Request
Headers
Content-Type: application/json
Authorization: Bearer <access_token>Body
[
62351,
62352
]Response
204Object(s) were successfully deleted.
Response
401Access denied.
Indicator Indicator ¶
Get SingleGET/indicators/{indicator_id}/indicators/{object_link_id}{?with}
Get a single Indicator Indicator link.
Example URI
GET /indicators/1/indicators/2?with=sources,pivot.attributes
URI Parameters
- indicator_id
integer(required) Example: 1Indicator ID
- object_link_id
integer(required) Example: 2Object Link ID
- with
string(optional) Example: sources,pivot.attributesA comma-separated list of related objects to include in the response. Options for this endpoint: pivot.comments, pivot.comments.sources, pivot.attributes, pivot.attributes.attribute, pivot.attributes.sources, pivot.sources, sources.
Request
Headers
Authorization: Bearer <access_token>Response
200Object(s) retrieved successfully.
Body
{
"data": {
"id": 24,
"type_id": 3,
"status_id": 3,
"class": "network",
"hash": "bc77846655cdf4c183713a59f8c2a8f1",
"value": "brendon57@hotmail.com",
"description": null,
"last_detected_at": "2002-06-23 14:29:54",
"expires_at": null,
"expired_at": null,
"expires_needs_calc": "Y",
"expires_calculated_at": null,
"created_at": "2018-04-04 19:28:34",
"updated_at": "2018-04-04 19:28:34",
"touched_at": "2018-04-04 19:30:57",
"pivot": {
"id": 14896,
"created_at": "2018-03-09 14:32:27",
"updated_at": "2018-04-04 19:30:29",
"comments": [
{
"id": 54,
"object_link_id": 14896,
"value": "This link is also important.",
"creator_source_id": 8,
"created_at": "2018-04-04 20:05:39",
"updated_at": "2018-04-04 20:05:39",
"sources": [
{
"id": 8,
"type": "users",
"name": "Threat Quotient",
"expire_days": null,
"score": null,
"created_at": "2018-04-04 19:28:33",
"updated_at": "2018-04-04 19:28:33",
"pivot": {
"id": 54,
"creator_source_id": 8
}
}
]
}
],
"attributes": [
{
"id": 43,
"object_link_id": 14896,
"attribute_id": 13,
"value": "75",
"created_at": "2018-02-24 14:33:41",
"updated_at": "-0001-11-30 00:00:00",
"name": "Confidence",
"attribute": {
"id": 13,
"name": "Confidence",
"created_at": "2018-03-28 19:03:33",
"updated_at": "2018-03-24 19:03:33"
},
"sources": [
{
"id": 8,
"type": "users",
"name": "Threat Quotient",
"tlp_id": null,
"created_at": "-0001-11-30 00:00:00",
"updated_at": "-0001-11-30 00:00:00",
"published_at": null,
"pivot": {
"object_link_attribute_id": 43,
"source_id": 8,
"id": 1,
"creator_source_id": 0
}
}
]
}
],
"sources": [
{
"id": 5,
"type": "plugins",
"name": "VirusTotal",
"tlp_id": null,
"created_at": "2018-02-19 02:14:29",
"updated_at": "2018-04-04 19:30:59",
"published_at": null,
"pivot": {
"object_link_id": 14896,
"source_id": 5,
"id": 62,
"creator_source_id": 5
}
}
]
},
"sources": [
{
"id": 3,
"type": "clients",
"name": "ThreatQ",
"tlp_id": null,
"created_at": "2018-04-04 19:28:35",
"updated_at": "2018-04-04 19:28:35",
"published_at": null,
"pivot": {
"indicator_id": 24,
"source_id": 3,
"id": 59,
"creator_source_id": 8
}
}
]
}
}Response
401Access denied.
Response
404Object not found.
DeleteDELETE/indicators/{indicator_id}/indicators/{object_link_id}
Delete an Indicator Indicator link.
Example URI
DELETE /indicators/1/indicators/2
URI Parameters
- indicator_id
integer(required) Example: 1Indicator ID
- object_link_id
integer(required) Example: 2Object Link ID
Request
Headers
Authorization: Bearer <access_token>Response
204Object(s) were successfully deleted.
Response
401Access denied.
Response
404Object not found.
Indicator Indicator Attributes List ¶
Get ListGET/indicators/{indicator_id}/indicators/{object_link_id}/attributes{?limit,offset,sort}
Get a list of Indicator Indicator link Attributes.
Example URI
GET /indicators/1/indicators/2/attributes?limit=500&offset=100&sort=id
URI Parameters
- indicator_id
integer(required) Example: 1Indicator ID
- object_link_id
integer(required) Example: 2Object Link ID
- limit
integer(optional) Example: 500The maximum number of records to retrieve.
- offset
integer(optional) Example: 100Designate the record that will appear first in your retrieved list.
- sort
string(optional) Example: idDesignate the field(s) you want to use to sort the retrieved list. You can prepend each field with a minus sign (-) to reverse the sorting order. This string can be a list of comma-separated values.
Request
Headers
Authorization: Bearer <access_token>Response
200Object(s) retrieved successfully.
Body
{
"total": 2,
"data": [
{
"id": 15067,
"object_link_id": 62326,
"attribute_id": 136,
"value": "Universities",
"created_at": "2018-04-02 17:46:43",
"updated_at": "2018-04-02 17:50:18",
"name": "Industry",
"attribute": {
"id": 136,
"name": "Industry",
"created_at": "2018-04-02 16:25:21",
"updated_at": "2018-04-02 16:25:21"
}
},
{
"id": 15068,
"object_link_id": 62326,
"attribute_id": 136,
"value": "Mining",
"created_at": "2018-04-02 17:52:14",
"updated_at": "2018-04-02 17:52:14",
"name": "Industry",
"attribute": {
"id": 136,
"name": "Industry",
"created_at": "2018-04-02 16:25:21",
"updated_at": "2018-04-02 16:25:21"
}
}
]
}Response
401Access denied.
Create NewPOST/indicators/{indicator_id}/indicators/{object_link_id}/attributes
Create a new Indicator Indicator link Attribute.
Example URI
POST /indicators/1/indicators/2/attributes
URI Parameters
- indicator_id
integer(required) Example: 1Indicator ID
- object_link_id
integer(required) Example: 2Object Link ID
Request
Headers
Content-Type: application/json
Authorization: Bearer <access_token>Body
{
"name": "Port",
"value": "4000",
"sources": [
{
"name": "TQ User",
"tlp": {
"name": "RED"
},
"published_at": "2017-02-28 01:01:01"
}
]
}Response
201Object was created successfully.
Headers
Content-Type: application/jsonBody
{
"data": [
{
"id": 15059,
"object_link_id": 61561,
"attribute_id": 401,
"value": "4000",
"created_at": "2017-03-01 21:47:14",
"updated_at": "2017-03-01 21:47:14",
"deleted_at": null
}
]
}Response
400Validation failed.
Headers
Content-Type: application/jsonBody
{
"errors": [
"Undefined index: value"
]
}Response
401Access denied.
Indicator Indicator Attribute ¶
Get SingleGET/indicators/{indicator_id}/indicators/{object_link_id}/attributes/{object_link_attribute_id}
Get a single Indicator Indicator link Attribute.
Example URI
GET /indicators/1/indicators/2/attributes/3
URI Parameters
- indicator_id
integer(required) Example: 1Indicator ID
- object_link_id
integer(required) Example: 2Object Link ID
- object_link_attribute_id
integer(required) Example: 3Object Link Attribute ID
Request
Headers
Authorization: Bearer <access_token>Response
200Object(s) retrieved successfully.
Body
{
"data": {
"id": 15068,
"object_link_id": 62326,
"attribute_id": 136,
"value": "Mining",
"created_at": "2018-04-02 17:52:14",
"updated_at": "2018-04-02 17:52:14",
"name": "Industry",
"attribute": {
"id": 136,
"name": "Industry",
"created_at": "2018-04-02 16:25:21",
"updated_at": "2018-04-02 16:25:21"
}
}
}Response
401Access denied.
Response
404Object not found.
UpdatePUT/indicators/{indicator_id}/indicators/{object_link_id}/attributes/{object_link_attribute_id}
Update an Indicator Indicator link Attribute.
Example URI
PUT /indicators/1/indicators/2/attributes/3
URI Parameters
- indicator_id
integer(required) Example: 1Indicator ID
- object_link_id
integer(required) Example: 2Object Link ID
- object_link_attribute_id
integer(required) Example: 3Object Link Attribute ID
Request
Headers
Content-Type: application/json
Authorization: Bearer <access_token>Body
{
"value": "New Value",
"tlp": {
"name": "RED"
}
}Response
200Object(s) retrieved successfully.
Body
{
"data": [
{
"id": 15058,
"object_link_id": 61561,
"attribute_id": 14,
"value": "New Value",
"created_at": "2017-01-24 14:54:31",
"updated_at": "2017-03-01 22:13:22",
"deleted_at": null
}
]
}Response
400Validation failed.
Headers
Content-Type: application/jsonBody
{
"errors": [
"Undefined index: value"
]
}Response
401Access denied.
Response
404Object not found.
DeleteDELETE/indicators/{indicator_id}/indicators/{object_link_id}/attributes/{object_link_attribute_id}
Delete an Indicator Indicator link Attribute.
Example URI
DELETE /indicators/1/indicators/2/attributes/3
URI Parameters
- indicator_id
integer(required) Example: 1Indicator ID
- object_link_id
integer(required) Example: 2Object Link ID
- object_link_attribute_id
integer(required) Example: 3Object Link Attribute ID
Request
Headers
Authorization: Bearer <access_token>Response
204Object(s) were successfully deleted.
Response
401Access denied.
Response
404Object not found.
Indicator Indicator Comments List ¶
Get ListGET/indicators/{indicator_id}/indicators/{object_link_id}/comments{?limit,offset,sort,with}
Get a list of Indicator Indicator link Comments.
Example URI
GET /indicators/1/indicators/2/comments?limit=500&offset=100&sort=id&with=sources
URI Parameters
- indicator_id
integer(required) Example: 1Indicator ID
- object_link_id
integer(required) Example: 2Object Link ID
- limit
integer(optional) Example: 500The maximum number of records to retrieve.
- offset
integer(optional) Example: 100Designate the record that will appear first in your retrieved list.
- sort
string(optional) Example: idDesignate the field(s) you want to use to sort the retrieved list. You can prepend each field with a minus sign (-) to reverse the sorting order. This string can be a list of comma-separated values.
- with
string(optional) Example: sourcesA comma-separated list of related objects to include in the response. Options for this endpoint: sources.
Request
Headers
Authorization: Bearer <access_token>Response
200Object(s) retrieved successfully.
Body
{
"total": 2,
"data": [
{
"id": 54,
"object_link_id": 62325,
"value": "This has some suspicious stuff.",
"creator_source_id": 8,
"created_at": "2018-04-02 16:19:51",
"updated_at": "2018-04-02 18:21:06",
"sources": [
{
"id": 8,
"type": "users",
"name": "Threat Quotient",
"expire_days": null,
"score": null,
"created_at": "2018-04-02 15:47:21",
"updated_at": "2018-04-02 15:47:21",
"pivot": {
"id": 54,
"creator_source_id": 8
}
}
]
},
{
"id": 56,
"object_link_id": 62325,
"value": "Compile date: 10/17/2011",
"creator_source_id": 8,
"created_at": "2018-04-02 16:20:25",
"updated_at": "2018-04-02 16:20:25",
"sources": [
{
"id": 8,
"type": "users",
"name": "Threat Quotient",
"expire_days": null,
"score": null,
"created_at": "2018-04-02 15:47:21",
"updated_at": "2018-04-02 15:47:21",
"pivot": {
"id": 56,
"creator_source_id": 8
}
}
]
}
]
}Response
401Access denied.
Create NewPOST/indicators/{indicator_id}/indicators/{object_link_id}/comments
Create a new Indicator Indicator link Comment.
Example URI
POST /indicators/1/indicators/2/comments
URI Parameters
- indicator_id
integer(required) Example: 1Indicator ID
- object_link_id
integer(required) Example: 2Object Link ID
Request
Headers
Content-Type: application/json
Authorization: Bearer <access_token>Body
{
"value": "This is a comment."
}Response
201Object was created successfully.
Headers
Content-Type: application/jsonBody
{
"data": {
"creator_source_id": 5,
"id": 69,
"value": "This is a comment.",
"sources": [
{
"id": 5,
"name": "Threat Quotient"
}
],
"created_at": "2017-03-02 14:12:32",
"updated_at": "2017-03-02 14:12:32"
}
}Response
400Validation failed.
Headers
Content-Type: application/jsonBody
{
"errors": [
"Undefined index: value"
]
}Response
401Access denied.
Indicator Indicator Comment ¶
Get SingleGET/indicators/{indicator_id}/indicators/{object_link_id}/comments/{object_link_comment_id}
Get a single Indicator Indicator link Comment.
Example URI
GET /indicators/1/indicators/2/comments/3
URI Parameters
- indicator_id
integer(required) Example: 1Indicator ID
- object_link_id
integer(required) Example: 2Object Link ID
- object_link_comment_id
integer(required) Example: 3Object Link Comment ID
Request
Headers
Authorization: Bearer <access_token>Response
200Object(s) retrieved successfully.
Body
{
"data": {
"id": 54,
"value": "This is a comment.",
"sources": [
{
"id": 5,
"name": "Threat Quotient"
}
],
"created_at": "2017-03-02 23:18:29",
"updated_at": "2017-03-02 23:18:29"
}
}Response
401Access denied.
Response
404Object not found.
UpdatePUT/indicators/{indicator_id}/indicators/{object_link_id}/comments/{object_link_comment_id}
Update an Indicator Indicator link Comment.
Example URI
PUT /indicators/1/indicators/2/comments/3
URI Parameters
- indicator_id
integer(required) Example: 1Indicator ID
- object_link_id
integer(required) Example: 2Object Link ID
- object_link_comment_id
integer(required) Example: 3Object Link Comment ID
Request
Headers
Content-Type: application/json
Authorization: Bearer <access_token>Body
{
"value": "This is an updated comment."
}Response
201Object was created successfully.
Headers
Content-Type: application/jsonBody
{
"data": {
"creator_source_id": 5,
"value": "This is an updated comment.",
"id": 67,
"sources": [
{
"id": 5,
"name": "Threat Quotient"
}
],
"created_at": "2017-02-28 20:18:50",
"updated_at": "2017-03-02 14:37:49"
}
}Response
400Validation failed.
Headers
Content-Type: application/jsonBody
{
"data": {
"creator_source_id": 5,
"errors": {
"value": [
"The value field is required."
]
}
}
}Response
401Access denied.
Response
404Object not found.
DeleteDELETE/indicators/{indicator_id}/indicators/{object_link_id}/comments/{object_link_comment_id}
Delete an Indicator Indicator link Comment.
Example URI
DELETE /indicators/1/indicators/2/comments/3
URI Parameters
- indicator_id
integer(required) Example: 1Indicator ID
- object_link_id
integer(required) Example: 2Object Link ID
- object_link_comment_id
integer(required) Example: 3Object Link Comment ID
Request
Headers
Authorization: Bearer <access_token>Response
204Object(s) were successfully deleted.
Response
401Access denied.
Response
404Object not found.
Indicator Investigations List ¶
Get ListGET/indicators/{indicator_id}/investigations{?limit,offset,sort,with}
Get a list of Indicator Investigation links.
Example URI
GET /indicators/1/investigations?limit=500&offset=100&sort=id&with=sources,pivot.attributes
URI Parameters
- indicator_id
integer(required) Example: 1Indicator ID
- limit
integer(optional) Example: 500The maximum number of records to retrieve.
- offset
integer(optional) Example: 100Designate the record that will appear first in your retrieved list.
- sort
string(optional) Example: idDesignate the field(s) you want to use to sort the retrieved list. You can prepend each field with a minus sign (-) to reverse the sorting order. This string can be a list of comma-separated values.
- with
string(optional) Example: sources,pivot.attributesA comma-separated list of related objects to include in the response. Options for this endpoint: pivot.comments, pivot.comments.sources, pivot.attributes, pivot.attributes.attribute, pivot.attributes.sources, pivot.sources, sources.
Request
Headers
Authorization: Bearer <access_token>Response
200Object(s) retrieved successfully.
Body
{
"total": 2,
"data": [
{
"id": 1,
"name": "Investigation 1",
"user_id": 1,
"status_id": 2,
"priority_id": 2,
"last_updated_by": 1,
"visible": 1,
"data": "{\"data\": \"This is Investigation data.\", \"data1\": \"more data\"}",
"description": "WTF",
"created_at": "2018-01-31 23:35:59",
"updated_at": "2018-02-05 01:48:53",
"sources": [
{
"name": "Customer Observer"
}
],
"pivot": {
"id": 62324,
"src_type": "adversary",
"src_object_id": 1,
"dest_type": "investigation",
"dest_object_id": 2,
"created_at": "2018-04-02 16:16:38",
"updated_at": "2018-04-02 16:16:38",
"comments": [
{
"id": 54,
"type": "users",
"value": "This link is important.",
"source": "Threat Quotient",
"created_at": "2018-04-02 16:19:51.184000",
"updated_at": "2018-04-02 16:23:40.426000",
"creator_source_id": 8
}
],
"attributes": [
{
"id": 15066,
"name": "Industry",
"value": "Hospitals",
"sources": [
{
"id": 2,
"name": "Threat Quotient",
"type": "users",
"pivot": {
"created_at": "2018-04-02 16:17:00.689000",
"updated_at": "2018-04-02 16:17:00.689000"
}
}
]
}
],
"sources": [
{
"id": 24424,
"name": "Threat Quotient",
"type": "users",
"pivot": {
"created_at": "2018-04-02 16:16:38.663000",
"updated_at": "2018-04-02 16:16:38.663000"
}
}
]
}
},
{
"id": 2,
"name": "Investigation 2",
"user_id": 1,
"status_id": 2,
"priority_id": 2,
"last_updated_by": 1,
"visible": 1,
"data": "{\"data\": \"This is Investigation data.\", \"data1\": \"more data\"}",
"description": "WTF",
"created_at": "2018-01-31 23:35:59",
"updated_at": "2018-02-05 01:48:53",
"sources": [
{
"name": "Customer Observer"
}
],
"pivot": {
"id": 62324,
"src_type": "adversary",
"src_object_id": 2,
"dest_type": "investigation",
"dest_object_id": 2,
"created_at": "2018-04-02 16:16:38",
"updated_at": "2018-04-02 16:16:38",
"comments": [
{
"id": 54,
"type": "users",
"value": "This link is also important.",
"source": "Threat Quotient",
"created_at": "2018-04-02 16:19:51.184000",
"updated_at": "2018-04-02 16:23:40.426000",
"creator_source_id": 8
}
],
"attributes": [
{
"id": 15066,
"name": "Industry",
"value": "Universities",
"sources": [
{
"id": 2,
"name": "Threat Quotient",
"type": "users",
"pivot": {
"created_at": "2018-04-02 16:17:00.689000",
"updated_at": "2018-04-02 16:17:00.689000"
}
}
]
}
],
"sources": [
{
"id": 24424,
"name": "Threat Quotient",
"type": "users",
"pivot": {
"created_at": "2018-04-02 16:16:38.663000",
"updated_at": "2018-04-02 16:16:38.663000"
}
}
]
}
}
],
"limit": 100,
"offset": 0
}Response
401Access denied.
Create NewPOST/indicators/{indicator_id}/investigations
Create a link from an Indicator to an Investigation.
Example URI
POST /indicators/1/investigations
URI Parameters
- indicator_id
integer(required) Example: 1Indicator ID
Request
Headers
Content-Type: application/json
Authorization: Bearer <access_token>Body
[
{
"id": 2
},
{
"id": 3
}
]Response
201Object was created successfully.
Headers
Content-Type: application/jsonBody
{
"total": 1,
"data": [
{
"id": 2,
"name": "Investigation 2",
"user_id": 1,
"status_id": 2,
"priority_id": 2,
"last_updated_by": 1,
"visible": 1,
"data": "{\"data\": \"This is Investigation data.\", \"data1\": \"more data\"}",
"description": "This is an important investigation.",
"created_at": "2018-01-31 23:35:59",
"updated_at": "2018-02-05 01:48:53",
"pivot": {
"id": 62317,
"created_at": "2018-02-05 15:06:27",
"updated_at": "2018-02-05 15:06:27"
}
},
{
"id": 3,
"name": "Investigation 3",
"user_id": 1,
"status_id": 2,
"priority_id": 2,
"last_updated_by": 1,
"visible": 1,
"data": "{\"data\": \"This is Investigation data.\", \"data1\": \"more data\"}",
"description": "This is an important investigation.",
"created_at": "2018-01-31 23:35:59",
"updated_at": "2018-02-05 01:48:53",
"pivot": {
"id": 62318,
"created_at": "2018-02-05 15:06:27",
"updated_at": "2018-02-05 15:06:27"
}
}
]
}Response
400Validation failed.
Headers
Content-Type: application/jsonBody
{
"data": [
{
"errors": {
"id": [
"The id field is required."
]
}
}
]
}Response
401Access denied.
Bulk DeleteDELETE/indicators/{indicator_id}/investigations
Delete multiple Indicator Investigation links. The request should include a list of object_link_ids to be deleted.
Example URI
DELETE /indicators/1/investigations
URI Parameters
- indicator_id
integer(required) Example: 1Indicator ID
Request
Headers
Content-Type: application/json
Authorization: Bearer <access_token>Body
[
62351,
62352
]Response
204Object(s) were successfully deleted.
Response
401Access denied.
Indicator Investigation ¶
Get SingleGET/indicators/{indicator_id}/investigations/{object_link_id}{?with}
Get a single Indicator Investigation link.
Example URI
GET /indicators/1/investigations/2?with=sources,pivot.attributes
URI Parameters
- indicator_id
integer(required) Example: 1Indicator ID
- object_link_id
integer(required) Example: 2Object Link ID
- with
string(optional) Example: sources,pivot.attributesA comma-separated list of related objects to include in the response. Options for this endpoint: pivot.comments, pivot.comments.sources, pivot.attributes, pivot.attributes.attribute, pivot.attributes.sources, pivot.sources, sources.
Request
Headers
Authorization: Bearer <access_token>Response
200Object(s) retrieved successfully.
Body
{
"data": {
"id": 1,
"name": "Investigation 1",
"user_id": 1,
"status_id": 2,
"priority_id": 2,
"last_updated_by": 1,
"visible": 1,
"data": "{\"data\": \"This is Investigation data.\", \"data1\": \"more data\"}",
"description": "WTF",
"created_at": "2018-01-31 23:35:59",
"updated_at": "2018-02-05 01:48:53",
"sources": [
{
"name": "Customer Observer"
}
],
"pivot": {
"id": 62324,
"src_type": "adversary",
"src_object_id": 1,
"dest_type": "investigation",
"dest_object_id": 2,
"created_at": "2018-04-02 16:16:38",
"updated_at": "2018-04-02 16:16:38",
"comments": [
{
"id": 54,
"type": "users",
"value": "This link is important.",
"source": "Threat Quotient",
"created_at": "2018-04-02 16:19:51.184000",
"updated_at": "2018-04-02 16:23:40.426000",
"creator_source_id": 8
}
],
"attributes": [
{
"id": 15066,
"name": "Industry",
"value": "Hospitals",
"sources": [
{
"id": 2,
"name": "Threat Quotient",
"type": "users",
"pivot": {
"created_at": "2018-04-02 16:17:00.689000",
"updated_at": "2018-04-02 16:17:00.689000"
}
}
]
}
],
"sources": [
{
"id": 24424,
"name": "Threat Quotient",
"type": "users",
"pivot": {
"created_at": "2018-04-02 16:16:38.663000",
"updated_at": "2018-04-02 16:16:38.663000"
}
}
]
}
}
}Response
401Access denied.
Response
404Object not found.
DeleteDELETE/indicators/{indicator_id}/investigations/{object_link_id}
Delete an Indicator Investigation link.
Example URI
DELETE /indicators/1/investigations/2
URI Parameters
- indicator_id
integer(required) Example: 1Indicator ID
- object_link_id
integer(required) Example: 2Object Link ID
Request
Headers
Authorization: Bearer <access_token>Response
204Object(s) were successfully deleted.
Response
401Access denied.
Response
404Object not found.
Indicator Investigation Attributes List ¶
Get ListGET/indicators/{indicator_id}/investigations/{object_link_id}/attributes{?limit,offset,sort}
Get a list of Indicator Investigation link Attributes.
Example URI
GET /indicators/1/investigations/2/attributes?limit=500&offset=100&sort=id
URI Parameters
- indicator_id
integer(required) Example: 1Indicator ID
- object_link_id
integer(required) Example: 2Object Link ID
- limit
integer(optional) Example: 500The maximum number of records to retrieve.
- offset
integer(optional) Example: 100Designate the record that will appear first in your retrieved list.
- sort
string(optional) Example: idDesignate the field(s) you want to use to sort the retrieved list. You can prepend each field with a minus sign (-) to reverse the sorting order. This string can be a list of comma-separated values.
Request
Headers
Authorization: Bearer <access_token>Response
200Object(s) retrieved successfully.
Body
{
"total": 2,
"data": [
{
"id": 15067,
"object_link_id": 62326,
"attribute_id": 136,
"value": "Universities",
"created_at": "2018-04-02 17:46:43",
"updated_at": "2018-04-02 17:50:18",
"name": "Industry",
"attribute": {
"id": 136,
"name": "Industry",
"created_at": "2018-04-02 16:25:21",
"updated_at": "2018-04-02 16:25:21"
}
},
{
"id": 15068,
"object_link_id": 62326,
"attribute_id": 136,
"value": "Mining",
"created_at": "2018-04-02 17:52:14",
"updated_at": "2018-04-02 17:52:14",
"name": "Industry",
"attribute": {
"id": 136,
"name": "Industry",
"created_at": "2018-04-02 16:25:21",
"updated_at": "2018-04-02 16:25:21"
}
}
]
}Response
401Access denied.
Create NewPOST/indicators/{indicator_id}/investigations/{object_link_id}/attributes
Create a new Indicator Investigation link Attribute.
Example URI
POST /indicators/1/investigations/2/attributes
URI Parameters
- indicator_id
integer(required) Example: 1Indicator ID
- object_link_id
integer(required) Example: 2Object Link ID
Request
Headers
Content-Type: application/json
Authorization: Bearer <access_token>Body
{
"name": "Port",
"value": "4000",
"sources": [
{
"name": "TQ User",
"tlp": {
"name": "RED"
},
"published_at": "2017-02-28 01:01:01"
}
]
}Response
201Object was created successfully.
Headers
Content-Type: application/jsonBody
{
"data": [
{
"id": 15059,
"object_link_id": 61561,
"attribute_id": 401,
"value": "4000",
"created_at": "2017-03-01 21:47:14",
"updated_at": "2017-03-01 21:47:14",
"deleted_at": null
}
]
}Response
400Validation failed.
Headers
Content-Type: application/jsonBody
{
"errors": [
"Undefined index: value"
]
}Response
401Access denied.
Indicator Investigation Attribute ¶
Get SingleGET/indicators/{indicator_id}/investigations/{object_link_id}/attributes/{object_link_attribute_id}
Get a single Indicator Investigation link Attribute.
Example URI
GET /indicators/1/investigations/2/attributes/3
URI Parameters
- indicator_id
integer(required) Example: 1Indicator ID
- object_link_id
integer(required) Example: 2Object Link ID
- object_link_attribute_id
integer(required) Example: 3Object Link Attribute ID
Request
Headers
Authorization: Bearer <access_token>Response
200Object(s) retrieved successfully.
Body
{
"data": {
"id": 15068,
"object_link_id": 62326,
"attribute_id": 136,
"value": "Mining",
"created_at": "2018-04-02 17:52:14",
"updated_at": "2018-04-02 17:52:14",
"name": "Industry",
"attribute": {
"id": 136,
"name": "Industry",
"created_at": "2018-04-02 16:25:21",
"updated_at": "2018-04-02 16:25:21"
}
}
}Response
401Access denied.
Response
404Object not found.
UpdatePUT/indicators/{indicator_id}/investigations/{object_link_id}/attributes/{object_link_attribute_id}
Update an Indicator Investigation link Attribute.
Example URI
PUT /indicators/1/investigations/2/attributes/3
URI Parameters
- indicator_id
integer(required) Example: 1Indicator ID
- object_link_id
integer(required) Example: 2Object Link ID
- object_link_attribute_id
integer(required) Example: 3Object Link Attribute ID
Request
Headers
Content-Type: application/json
Authorization: Bearer <access_token>Body
{
"value": "New Value",
"tlp": {
"name": "RED"
}
}Response
200Object(s) retrieved successfully.
Body
{
"data": [
{
"id": 15058,
"object_link_id": 61561,
"attribute_id": 14,
"value": "New Value",
"created_at": "2017-01-24 14:54:31",
"updated_at": "2017-03-01 22:13:22",
"deleted_at": null
}
]
}Response
400Validation failed.
Headers
Content-Type: application/jsonBody
{
"errors": [
"Undefined index: value"
]
}Response
401Access denied.
Response
404Object not found.
DeleteDELETE/indicators/{indicator_id}/investigations/{object_link_id}/attributes/{object_link_attribute_id}
Delete an Indicator Investigation link Attribute.
Example URI
DELETE /indicators/1/investigations/2/attributes/3
URI Parameters
- indicator_id
integer(required) Example: 1Indicator ID
- object_link_id
integer(required) Example: 2Object Link ID
- object_link_attribute_id
integer(required) Example: 3Object Link Attribute ID
Request
Headers
Authorization: Bearer <access_token>Response
204Object(s) were successfully deleted.
Response
401Access denied.
Response
404Object not found.
Indicator Investigation Comments List ¶
Get ListGET/indicators/{indicator_id}/investigations/{object_link_id}/comments{?limit,offset,sort,with}
Get a list of Indicator Investigation link Comments.
Example URI
GET /indicators/1/investigations/2/comments?limit=500&offset=100&sort=id&with=sources
URI Parameters
- indicator_id
integer(required) Example: 1Indicator ID
- object_link_id
integer(required) Example: 2Object Link ID
- limit
integer(optional) Example: 500The maximum number of records to retrieve.
- offset
integer(optional) Example: 100Designate the record that will appear first in your retrieved list.
- sort
string(optional) Example: idDesignate the field(s) you want to use to sort the retrieved list. You can prepend each field with a minus sign (-) to reverse the sorting order. This string can be a list of comma-separated values.
- with
string(optional) Example: sourcesA comma-separated list of related objects to include in the response. Options for this endpoint: sources.
Request
Headers
Authorization: Bearer <access_token>Response
200Object(s) retrieved successfully.
Body
{
"total": 2,
"data": [
{
"id": 54,
"object_link_id": 62325,
"value": "This has some suspicious stuff.",
"creator_source_id": 8,
"created_at": "2018-04-02 16:19:51",
"updated_at": "2018-04-02 18:21:06",
"sources": [
{
"id": 8,
"type": "users",
"name": "Threat Quotient",
"expire_days": null,
"score": null,
"created_at": "2018-04-02 15:47:21",
"updated_at": "2018-04-02 15:47:21",
"pivot": {
"id": 54,
"creator_source_id": 8
}
}
]
},
{
"id": 56,
"object_link_id": 62325,
"value": "Compile date: 10/17/2011",
"creator_source_id": 8,
"created_at": "2018-04-02 16:20:25",
"updated_at": "2018-04-02 16:20:25",
"sources": [
{
"id": 8,
"type": "users",
"name": "Threat Quotient",
"expire_days": null,
"score": null,
"created_at": "2018-04-02 15:47:21",
"updated_at": "2018-04-02 15:47:21",
"pivot": {
"id": 56,
"creator_source_id": 8
}
}
]
}
]
}Response
401Access denied.
Create NewPOST/indicators/{indicator_id}/investigations/{object_link_id}/comments
Create a new Indicator Investigation link Comment.
Example URI
POST /indicators/1/investigations/2/comments
URI Parameters
- indicator_id
integer(required) Example: 1Indicator ID
- object_link_id
integer(required) Example: 2Object Link ID
Request
Headers
Content-Type: application/json
Authorization: Bearer <access_token>Body
{
"value": "This is a comment."
}Response
201Object was created successfully.
Headers
Content-Type: application/jsonBody
{
"data": {
"creator_source_id": 5,
"id": 69,
"value": "This is a comment.",
"sources": [
{
"id": 5,
"name": "Threat Quotient"
}
],
"created_at": "2017-03-02 14:12:32",
"updated_at": "2017-03-02 14:12:32"
}
}Response
400Validation failed.
Headers
Content-Type: application/jsonBody
{
"errors": [
"Undefined index: value"
]
}Response
401Access denied.
Indicator Investigation Comment ¶
Get SingleGET/indicators/{indicator_id}/investigations/{object_link_id}/comments/{object_link_comment_id}
Get a single Indicator Investigation link Comment.
Example URI
GET /indicators/1/investigations/2/comments/3
URI Parameters
- indicator_id
integer(required) Example: 1Indicator ID
- object_link_id
integer(required) Example: 2Object Link ID
- object_link_comment_id
integer(required) Example: 3Object Link Comment ID
Request
Headers
Authorization: Bearer <access_token>Response
200Object(s) retrieved successfully.
Body
{
"data": {
"id": 54,
"value": "This is a comment.",
"sources": [
{
"id": 5,
"name": "Threat Quotient"
}
],
"created_at": "2017-03-02 23:18:29",
"updated_at": "2017-03-02 23:18:29"
}
}Response
401Access denied.
Response
404Object not found.
UpdatePUT/indicators/{indicator_id}/investigations/{object_link_id}/comments/{object_link_comment_id}
Update an Indicator Investigation link Comment.
Example URI
PUT /indicators/1/investigations/2/comments/3
URI Parameters
- indicator_id
integer(required) Example: 1Indicator ID
- object_link_id
integer(required) Example: 2Object Link ID
- object_link_comment_id
integer(required) Example: 3Object Link Comment ID
Request
Headers
Content-Type: application/json
Authorization: Bearer <access_token>Body
{
"value": "This is an updated comment."
}Response
201Object was created successfully.
Headers
Content-Type: application/jsonBody
{
"data": {
"creator_source_id": 5,
"value": "This is an updated comment.",
"id": 67,
"sources": [
{
"id": 5,
"name": "Threat Quotient"
}
],
"created_at": "2017-02-28 20:18:50",
"updated_at": "2017-03-02 14:37:49"
}
}Response
400Validation failed.
Headers
Content-Type: application/jsonBody
{
"data": {
"creator_source_id": 5,
"errors": {
"value": [
"The value field is required."
]
}
}
}Response
401Access denied.
Response
404Object not found.
DeleteDELETE/indicators/{indicator_id}/investigations/{object_link_id}/comments/{object_link_comment_id}
Delete an Indicator Investigation link Comment.
Example URI
DELETE /indicators/1/investigations/2/comments/3
URI Parameters
- indicator_id
integer(required) Example: 1Indicator ID
- object_link_id
integer(required) Example: 2Object Link ID
- object_link_comment_id
integer(required) Example: 3Object Link Comment ID
Request
Headers
Authorization: Bearer <access_token>Response
204Object(s) were successfully deleted.
Response
401Access denied.
Response
404Object not found.
Indicators Scorable ¶
Indicators ScorablePOST/indicators/scorable
Get a list of Scorable Indicators. These are indicators with a score configuration hash that does not match the one provided in the request, or indicators that have not yet been scored. Two of the request parameters are optional: total and indicator_ids. Omitting the total field or setting it to true will include the total number of indicators that require scoring in the response. The indicator_ids field can be used when only a specific set of indicators needs to be checked for compliance with the provided score configuration hash.
Example URI
POST /indicators/scorable
Request
Headers
Content-Type: application/json
Authorization: Bearer <access_token>Body
{
"score_config_hash": "c6fcba728776065714a03679dccdc5a56496cd7a",
"limit": "100",
"offset": "0",
"total": true,
"indicator_ids": [
1,
2,
3
]
}Response
200Object(s) retrieved successfully.
Body
{
"total": 3,
"data": [
{
"id": 1,
"type_id": 1,
"adversaries": [
79
],
"attributes": [
{
"id": 83,
"value": "tmp.edb"
}
],
"sources": [
1,
6,
7,
8
]
},
{
"id": 2,
"type_id": 1,
"adversaries": [
95,
148
],
"attributes": [],
"sources": [
1,
3,
8
]
},
{
"id": 3,
"type_id": 1,
"adversaries": [
103,
106,
173
],
"attributes": [],
"sources": [
5
]
}
],
"indicator_total": 7481
}Response
401Access denied.
Indicator Score ¶
Get SingleGET/indicator/{indicator_id}/scores{?limit,offset,sort}
Get an Indicator’s Score.
Example URI
GET /indicator/1/scores?limit=500&offset=100&sort=id
URI Parameters
- indicator_id
integer(required) Example: 1Indicator ID
- limit
integer(optional) Example: 500The maximum number of records to retrieve.
- offset
integer(optional) Example: 100Designate the record that will appear first in your retrieved list.
- sort
string(optional) Example: idDesignate the field(s) you want to use to sort the retrieved list. You can prepend each field with a minus sign (-) to reverse the sorting order. This string can be a list of comma-separated values.
Request
Headers
Authorization: Bearer <access_token>Response
200Object(s) retrieved successfully.
Body
{
"total": 1,
"data": [
{
"indicator_id": 1,
"generated_score": "27.00",
"manual_score": null,
"score_config_hash": "e04099df3d49edff3e9dc7e1482af3aa4b52e5b6",
"created_at": "2017-04-17 05:14:58",
"updated_at": "2017-04-17 07:01:58"
}
]
}Response
401Access denied.
Create NewPOST/indicator/scores
Score an Indicator.
Example URI
POST /indicator/scores
Request
Headers
Content-Type: application/json
Authorization: Bearer <access_token>Body
{
"generated_score": 14,
"manual_score": "1",
"score_config_hash": "aaf4c61ddcc5e8a2dabede0f3b482cd9aea9434d"
}Response
201Object was created successfully.
Headers
Content-Type: application/jsonBody
{
"data": {
"indicator_id": "1",
"generated_score": 14,
"manual_score": "1",
"score_config_hash": "aaf4c61ddcc5e8a2dabede0f3b482cd9aea9434d",
"updated_at": "2017-04-17 07:35:11",
"created_at": "2017-04-17 07:35:11"
}
}Response
400Validation failed.
Headers
Content-Type: application/jsonBody
{
"data": {
"indicator_id": "1",
"errors": {
"indicator_id": [
"The indicator id has already been taken."
]
}
}
}Response
401Access denied.
Indicator Score Update ¶
Indicator Score UpdatePUT/indicator/{indicator_id}/scores
Update an Indicator Score.
Example URI
PUT /indicator/1/scores
URI Parameters
- indicator_id
integer(required) Example: 1Indicator ID
Request
Headers
Content-Type: application/json
Authorization: Bearer <access_token>Body
{
"generated_score": "8.4",
"manual_score": "4"
}Response
201Object was created successfully.
Headers
Content-Type: application/jsonBody
{
"data": {
"indicator_id": 1,
"generated_score": "8.4",
"manual_score": "4",
"score_config_hash": "e04099df3d49edff3e9dc7e1482af3aa4b52e5b6",
"created_at": "2017-04-17 05:14:58",
"updated_at": "2017-04-17 07:41:50"
}
}Response
401Access denied.
Response
404Object not found.
Indicator Score Bulk ¶
Get AllGET/indicator/scores{?limit,offset,sort}
Get a list of Indicators and their Scores.
Example URI
GET /indicator/scores?limit=500&offset=100&sort=id
URI Parameters
- limit
integer(optional) Example: 500The maximum number of records to retrieve.
- offset
integer(optional) Example: 100Designate the record that will appear first in your retrieved list.
- sort
string(optional) Example: idDesignate the field(s) you want to use to sort the retrieved list. You can prepend each field with a minus sign (-) to reverse the sorting order. This string can be a list of comma-separated values.
Request
Headers
Authorization: Bearer <access_token>Response
200Object(s) retrieved successfully.
Body
{
"total": 7481,
"data": [
{
"indicator_id": 1,
"generated_score": "72.00",
"manual_score": null,
"score_config_hash": "c6fcba728776065714a03679dccdc5a56496cd7a",
"created_at": "2017-04-17 05:14:58",
"updated_at": "2017-04-17 05:14:58"
},
{
"indicator_id": 2,
"generated_score": "15.00",
"manual_score": "2",
"score_config_hash": "c6fcba728776065714a03679dccdc5a56496cd7a",
"created_at": "2017-04-17 05:14:58",
"updated_at": "2017-04-17 05:14:58"
},
{
"indicator_id": 3,
"generated_score": "8.00",
"manual_score": "9",
"score_config_hash": "c6fcba728776065714a03679dccdc5a56496cd7a",
"created_at": "2017-04-17 05:14:58",
"updated_at": "2017-04-17 05:14:58"
}
]
}Response
401Access denied.
Bulk CreatePOST/indicator/scores
Score a list of Indicators.
Example URI
POST /indicator/scores
Request
Headers
Content-Type: application/json
Authorization: Bearer <access_token>Body
[
{
"generated_score": "17",
"indicator_id": "1",
"score_config_hash": "e04099df3d49edff3e9dc7e1482af3aa4b52e5b6"
},
{
"generated_score": "117",
"indicator_id": "2",
"score_config_hash": "e04099df3d49edff3e9dc7e1482af3aa4b52e5b6"
},
{
"generated_score": "0",
"indicator_id": "3",
"score_config_hash": "e04099df3d49edff3e9dc7e1482af3aa4b52e5b6"
},
{
"generated_score": "100",
"indicator_id": "4",
"score_config_hash": "e04099df3d49edff3e9dc7e1482af3aa4b52e5b6"
}
]Response
200Object(s) retrieved successfully.
Body
{
"total": 4,
"data": [
{
"indicator_id": 1,
"generated_score": "17.00",
"manual_score": null,
"score_config_hash": "e04099df3d49edff3e9dc7e1482af3aa4b52e5b6",
"created_at": "2017-04-17 05:14:58",
"updated_at": "2017-04-17 07:01:58"
},
{
"indicator_id": 2,
"generated_score": "100.00",
"manual_score": null,
"score_config_hash": "e04099df3d49edff3e9dc7e1482af3aa4b52e5b6",
"created_at": "2017-04-17 05:14:58",
"updated_at": "2017-04-17 07:01:58"
},
{
"indicator_id": 3,
"generated_score": "0.00",
"manual_score": null,
"score_config_hash": "e04099df3d49edff3e9dc7e1482af3aa4b52e5b6",
"created_at": "2017-04-17 05:14:58",
"updated_at": "2017-04-17 07:01:58"
},
{
"indicator_id": 4,
"generated_score": "100.00",
"manual_score": null,
"score_config_hash": "e04099df3d49edff3e9dc7e1482af3aa4b52e5b6",
"created_at": "2017-04-17 05:14:58",
"updated_at": "2017-04-17 07:01:58"
}
],
"current_score_config_hash": "ea6d0bc09a1be3978090fd621ef759ca2e3aa75c"
}Response
400Validation failed.
Headers
Content-Type: application/jsonBody
{
"data": {
"errors": {
"indicator_id": [
"The indicator id field is required."
]
}
}
}Response
401Access denied.
Indicator Score Overview ¶
Indicator Score OverviewGET/indicator/scores/overview
Get a breakdown of the number of Indicators by Score Range.
Example URI
GET /indicator/scores/overview
Request
Headers
Authorization: Bearer <access_token>Response
200Object(s) retrieved successfully.
Body
{
"total": 7481,
"data": [
{
"id": 5,
"name": "Very Low",
"min_value": 0,
"max_value": 4,
"created_at": "2017-04-17 04:35:21",
"updated_at": "2017-04-17 04:35:21",
"total": 81
},
{
"id": 4,
"name": "Low",
"min_value": 5,
"max_value": 6,
"created_at": "2017-04-17 04:35:21",
"updated_at": "2017-04-17 04:35:21",
"total": 2000
},
{
"id": 3,
"name": "Medium",
"min_value": 7,
"max_value": 8,
"created_at": "2017-04-17 04:35:21",
"updated_at": "2017-04-17 04:35:21",
"total": 3000
},
{
"id": 2,
"name": "High",
"min_value": 9,
"max_value": 9,
"created_at": "2017-04-17 04:35:21",
"updated_at": "2017-04-17 04:35:21",
"total": 2000
},
{
"id": 1,
"name": "Very High",
"min_value": 10,
"max_value": "*",
"created_at": "2017-04-17 04:35:21",
"updated_at": "2017-04-17 04:35:21",
"total": 400
},
{
"id": null,
"name": "Unscored",
"min_value": null,
"max_value": null,
"total": 0
}
]
}Response
401Access denied.
Indicator Basic Search ¶
Indicator Basic SearchGET/indicators/search{?limit,offset,value,with}
Search for Indicators with a value like the one provided in the request.
Example URI
GET /indicators/search?limit=500&offset=100&value=%test%&with=adversaries,sources
URI Parameters
- limit
integer(optional) Example: 500The maximum number of records to retrieve.
- offset
integer(optional) Example: 100Designate the record that will appear first in your retrieved list.
- value
integer(required) Example: %test%Indicator Value, % is wildcard
- with
string(optional) Example: adversaries,sourcesA comma-separated list of related objects to include in the response. Options for this endpoint: adversaries, sources.
Request
Headers
Authorization: Bearer <access_token>Response
200Object(s) retrieved successfully.
Body
{
"total": 9,
"data": [
{
"id": 478,
"value": "Copia Titulo Propiedad Estudio Juridico-02513696.jpg...rar",
"hash": "21a7bdb9806004702bcd794130825dc7",
"class": "network",
"type_id": 3,
"status_id": 4,
"last_detected_at": "2010-02-05T15:29:57Z",
"created_at": "2017-04-17 04:35:36",
"updated_at": "2017-04-17 04:35:36",
"touched_at": "2017-04-17 04:37:42",
"type": {
"id": 3,
"name": "Email Attachment"
},
"status": {
"id": 4,
"name": "Review",
"description": "Requires further analysis."
}
},
{
"id": 557,
"value": "_gpj.ArrestedXSuspects.rar",
"hash": "34a32284a591589b8915589eded9f002",
"class": "network",
"type_id": 3,
"status_id": 4,
"last_detected_at": "1990-11-26T10:48:57Z",
"created_at": "2017-04-17 04:35:37",
"updated_at": "2017-04-17 04:35:37",
"touched_at": "2017-04-17 04:37:45",
"type": {
"id": 3,
"name": "Email Attachment"
},
"status": {
"id": 4,
"name": "Review",
"description": "Requires further analysis."
}
},
{
"id": 558,
"value": "KingXhamadXonXofficialXvisitXtoX.rar",
"hash": "c6d7e371738b182572eee8e4c5fcda2d",
"class": "network",
"type_id": 3,
"status_id": 4,
"last_detected_at": "1998-03-31T04:17:08Z",
"created_at": "2017-04-17 04:35:37",
"updated_at": "2017-04-17 04:35:37",
"touched_at": "2017-04-17 04:37:46",
"type": {
"id": 3,
"name": "Email Attachment"
},
"status": {
"id": 4,
"name": "Review",
"description": "Requires further analysis."
}
}
],
"limit": 3,
"offset": 0
}Response
401Access denied.
Indicator Search ¶
Indicator SearchPOST/indicators/query{?limit,offset,sort}
Search the Threat Library for Indicators using criteria and filters.
Criteria and filters should be formatted in the convention of SOLR query structures.
Criteria Options: mentions, value
Filter Options: created_at, updated_at, expires_at, published_at, cidr_ipv4, type_name, score, source_name, source_created_at, status_name, related, tags, attribute
Example URI
POST /indicators/query?limit=500&offset=100&sort=id
URI Parameters
- limit
integer(optional) Example: 500The maximum number of records to retrieve.
- offset
integer(optional) Example: 100Designate the record that will appear first in your retrieved list.
- sort
string(optional) Example: idDesignate the field(s) you want to use to sort the retrieved list. You can prepend each field with a minus sign (-) to reverse the sorting order. This string can be a list of comma-separated values.
Request
Headers
Content-Type: application/json
Authorization: Bearer <access_token>Body
{
"criteria": {
"+or": [
{
"mentions": "org"
},
{
"value": {
"+contains": "test.com"
}
}
]
},
"filters": {
"+and": [
{
"created_at": {
"+lt": "2021-01-27 22:35:00"
}
},
{
"+or": [
{
"expires_at": {
"+gt": "2021-01-26 23:59:59",
"+lt": "2021-01-28 00:00:00"
}
},
{
"expired_at": {
"+gt": "2021-01-26 23:59:59",
"+lt": "2021-01-28 00:00:00"
}
}
]
},
{
"+or": [
{
"type_name": "FQDN"
}
]
},
{
"+or": [
{
"status_name": "Active"
}
]
},
{
"+or": [
{
"cidr_ipv4": "19.34.212.155/8"
}
]
},
{
"+or": [
{
"score": {
"+gte": 6,
"+lte": 8
}
}
]
},
{
"+or": [
{
"+and": [
{
"source_name": "Customer Admin"
},
{
"published_at": {
"+lt": "2021-01-27 22:50:00"
}
}
]
}
]
},
{
"+or": [
{
"related": {
"id": 1,
"type": "indicator"
}
}
]
},
{
"+or": [
{
"related": {
"object": "adversary"
}
}
]
},
{
"+or": [
{
"source_name": "Primary Contributor"
}
]
},
{
"+or": [
{
"tags": "Internal"
}
]
},
{
"updated_at": {
"+lt": "2021-01-27 22:51:00"
}
},
{
"+or": [
{
"+and": [
{
"source_name": "Primary Contributor"
},
{
"source_created_at": {
"+lt": "2021-01-27 22:50:00"
}
}
]
}
]
}
],
"+or": [
{
"attribute": {
"name": "Confidence",
"value": "High"
}
}
]
}
}Response
200Object(s) retrieved successfully.
Body
{
"total": 2,
"data": [
{
"class": "network",
"score": 0,
"value": "warrendotwarren.url.ph",
"expires_calculated_at": "2021-01-27 19:55:16",
"touched_at": "2021-01-27 19:55:14",
"id": 1401,
"updated_at": "2021-01-27 19:51:09",
"published_at": "2021-01-27 19:51:09",
"last_detected_at": "1983-02-15 16:34:02",
"created_at": "2021-01-27 19:51:09",
"status_id": 1,
"hash": "b3a1ed7baf47437c246b50dbe6eec2d2",
"type_id": 11,
"adversaries": [
{
"name": "Operation Windigo"
}
],
"type": {
"name": "FQDN",
"id": 11,
"class": "network"
},
"status": {
"name": "Active",
"id": 1,
"description": "Poses a threat and is being exported to detection tools."
},
"attributes": [
{
"value": "V.159709932c",
"created_at": "2021-01-25 23:04:06",
"indicator_id": 1401,
"updated_at": "2021-01-25 23:04:06",
"attribute_id": 32,
"id": 7711,
"touched_at": "2021-01-27 19:53:01",
"name": "Encryption Obfuscation"
}
],
"sources": [
{
"indicator_id": 1401,
"indicator_status_id": 1,
"published_at": "2021-01-27 19:51:11",
"source_id": 5,
"id": 3563,
"created_at": "2021-01-27 19:51:11",
"source_type": "users",
"creator_source_id": 5,
"indicator_type_id": 11,
"reference_id": 1,
"updated_at": "2021-01-27 19:51:11",
"name": "Threat Quotient"
}
]
},
{
"class": "network",
"score": 0,
"value": "gongbujx.com",
"touched_at": "2021-01-27 19:55:07",
"id": 1400,
"updated_at": "2021-01-27 19:51:09",
"published_at": "2021-01-27 19:51:09",
"last_detected_at": "1998-12-04 20:10:32",
"created_at": "2021-01-27 19:51:09",
"status_id": 2,
"hash": "05a9c4a6678bb19e083a8a1470c835e7",
"expired_at": "2021-01-27 19:51:09",
"type_id": 11,
"adversaries": [
{
"name": "SUNRISE PANDA"
}
],
"type": {
"name": "FQDN",
"id": 11,
"class": "network"
},
"status": {
"name": "Expired",
"id": 2,
"description": "No longer poses a serious threat."
},
"attributes": [
{
"value": "JS%2FiFrame.bsn",
"created_at": "2020-11-01 14:48:55",
"indicator_id": 1400,
"updated_at": "2020-11-01 14:48:55",
"attribute_id": 67,
"id": 7706,
"touched_at": "2021-01-27 19:53:01",
"name": "Query String"
}
],
"sources": [
{
"indicator_id": 1400,
"indicator_status_id": 2,
"published_at": "2021-01-27 19:51:11",
"source_id": 2,
"id": 3558,
"created_at": "2021-01-27 19:51:11",
"source_type": "clients",
"creator_source_id": 5,
"indicator_type_id": 11,
"reference_id": 2,
"updated_at": "2021-01-27 19:51:11",
"name": "Threat Quotient"
}
]
}
],
"offset": 0,
"limit": 25
}Response
401Access denied.
Indicator Signatures List ¶
Get ListGET/indicators/{indicator_id}/signatures{?limit,offset,sort,with}
Get a list of Indicator Signature links.
Example URI
GET /indicators/1/signatures?limit=500&offset=100&sort=id&with=sources,pivot.attributes
URI Parameters
- indicator_id
integer(required) Example: 1Indicator ID
- limit
integer(optional) Example: 500The maximum number of records to retrieve.
- offset
integer(optional) Example: 100Designate the record that will appear first in your retrieved list.
- sort
string(optional) Example: idDesignate the field(s) you want to use to sort the retrieved list. You can prepend each field with a minus sign (-) to reverse the sorting order. This string can be a list of comma-separated values.
- with
string(optional) Example: sources,pivot.attributesA comma-separated list of related objects to include in the response. Options for this endpoint: pivot.comments, pivot.comments.sources, pivot.attributes, pivot.attributes.attribute, pivot.attributes.sources, pivot.sources, sources.
Request
Headers
Authorization: Bearer <access_token>Response
200Object(s) retrieved successfully.
Body
{
"total": 2,
"data": [
{
"id": 2,
"name": "ET EXPLOIT Borland VisiBroker Smart Agent Heap Overflow (2007937:4)",
"description": "",
"hash": "8cf2e60aeb0b7ed9874f2ed379b3f42d",
"value": "alert udp $EXTERNAL_NET any -> $HOME_NET 14000 (msg:\"ET EXPLOIT Borland VisiBroker Smart Agent Heap Overflow\"; content:\"|44 53 52 65 71 75 65 73 74|\"; pcre:\"/[0-9a-zA-Z]{50}/R\"; reference:bugtraq,28084; reference:url,aluigi.altervista.org/adv/visibroken-adv.txt; reference:url,doc.emergingthreats.net/bin/view/Main/2007937; classtype:successful-dos; sid:2007937; rev:4;)",
"status_id": 3,
"type_id": 6,
"last_detected_at": null,
"created_at": "2018-04-04 19:30:18",
"updated_at": "2018-04-04 19:30:18",
"touched_at": "2018-04-04 23:02:46",
"deleted_at": null,
"sources": [
{
"name": "Threat Quotient"
}
],
"pivot": {
"id": 62261,
"src_type": "signature",
"src_object_id": 2,
"dest_type": "adversary",
"dest_object_id": 1,
"created_at": "2018-04-04 19:30:18",
"updated_at": "2018-04-04 19:30:18",
"comments": [
{
"id": 57,
"type": "users",
"value": "This link is important.",
"created_at": "2018-04-04 23:16:40.155000",
"updated_at": "2018-04-04 23:18:42.648000",
"creator_source_id": 8,
"sources": [
{
"id": 8,
"name": "Threat Quotient"
}
]
}
],
"attributes": [
{
"id": 15080,
"name": "Industry",
"value": "Universities",
"sources": [
{
"id": 3,
"name": "Threat Quotient",
"type": "users",
"pivot": {
"created_at": "0000-00-00 00:00:00",
"updated_at": "0000-00-00 00:00:00"
}
}
]
}
],
"sources": [
{
"id": 24298,
"name": "Threat Quotient",
"type": "users",
"pivot": {
"created_at": "2018-04-04 23:02:46.740000",
"updated_at": "2018-04-04 23:02:46.740000"
}
}
]
}
},
{
"id": 1,
"name": "ET EXPLOIT Arkeia full remote access without password or authentication (2001742:9)",
"description": "",
"hash": "737309fe355ef23e1c03a5e98bc364b5",
"value": "alert tcp $EXTERNAL_NET any -> $HOME_NET 617 (msg:\"ET EXPLOIT Arkeia full remote access without password or authentication\"; flow:to_server,established; content:\"|464F3A20596F75206861766520737563|\"; content:\"|6520636C69656E7420696E666F726D61|\"; reference:url,metasploit.com/research/vulns/arkeia_agent; reference:url,doc.emergingthreats.net/bin/view/Main/2001742; classtype:attempted-admin; sid:2001742; rev:9;)",
"status_id": 3,
"type_id": 6,
"last_detected_at": null,
"created_at": "2018-04-04 19:30:18",
"updated_at": "2018-04-04 19:30:18",
"touched_at": "2018-04-04 23:03:35",
"deleted_at": null,
"sources": [
{
"name": "Threat Quotient"
}
],
"pivot": {
"id": 62262,
"src_type": "signature",
"src_object_id": 1,
"dest_type": "adversary",
"dest_object_id": 1,
"created_at": "2018-04-04 19:30:18",
"updated_at": "2018-04-04 19:30:18",
"comments": [
{
"id": 58,
"type": "users",
"value": "This link is also important.",
"created_at": "2018-04-04 23:16:58.817000",
"updated_at": "2018-04-04 23:16:58.817000",
"creator_source_id": 8,
"sources": [
{
"id": 8,
"name": "Threat Quotient"
}
]
}
],
"attributes": [
{
"id": 15081,
"name": "Industry",
"value": "Mining",
"sources": [
{
"id": 4,
"name": "Threat Quotient",
"type": "users",
"pivot": {
"created_at": "0000-00-00 00:00:00",
"updated_at": "0000-00-00 00:00:00"
}
}
]
}
],
"sources": [
{
"id": 24300,
"name": "Threat Quotient",
"type": "users",
"pivot": {
"created_at": "2018-04-04 23:03:35.975000",
"updated_at": "2018-04-04 23:03:35.975000"
}
}
]
}
}
],
"limit": 100,
"offset": 0
}Response
401Access denied.
Create NewPOST/indicators/{indicator_id}/signatures
Create a link from an Indicator to a Signature.
Example URI
POST /indicators/1/signatures
URI Parameters
- indicator_id
integer(required) Example: 1Indicator ID
Request
Headers
Content-Type: application/json
Authorization: Bearer <access_token>Body
[
{
"id": 2
},
{
"id": 3
}
]Response
201Object was created successfully.
Headers
Content-Type: application/jsonBody
{
"total": 1,
"data": [
{
"id": 202,
"name": "ET EXPLOIT Possible CVE-2014-3704 Drupal SQLi attempt URLENCODE 27 (2019448:1)",
"description": "",
"hash": "32eb2da7b59c7e85fbeec98f90adaf2d",
"value": "alert tcp any any -> $HTTP_SERVERS $HTTP_PORTS (msg:\"ET EXPLOIT Possible CVE-2014-3704 Drupal SQLi attempt URLENCODE 27\"; flow:established,to_server; content:\"%6e%61m%65[\"; nocase; fast_pattern:only; http_client_body; pcre:\"/(?:^|&|Content-Disposition[\\x3a][^\\n]*?name\\s*?=\\s*?[\\x22\\x27])\\%6e\\%61m\\%65\\[[^\\x5d]*?\\W/Pi\"; reference:url,pastebin.com/F2Dk9LbX; classtype:web-application-attack; sid:2019448; rev:1;)",
"status_id": 4,
"type_id": 1,
"last_detected_at": null,
"created_at": "2017-03-02 16:34:40",
"updated_at": "2017-03-02 16:34:40",
"touched_at": "2017-03-02 16:34:41",
"pivot": {
"id": 62337,
"created_at": "2017-03-02 16:43:29",
"updated_at": "2017-03-02 16:43:29"
}
}
]
}Response
400Validation failed.
Headers
Content-Type: application/jsonBody
{
"data": [
{
"errors": {
"id": [
"The id field is required."
]
}
}
]
}Response
401Access denied.
Bulk DeleteDELETE/indicators/{indicator_id}/signatures
Delete multiple Indicator Signature links. The request should include a list of object_link_ids to be deleted.
Example URI
DELETE /indicators/1/signatures
URI Parameters
- indicator_id
integer(required) Example: 1Indicator ID
Request
Headers
Content-Type: application/json
Authorization: Bearer <access_token>Body
[
62351,
62352
]Response
204Object(s) were successfully deleted.
Response
401Access denied.
Indicator Signature ¶
Get SingleGET/indicators/{indicator_id}/signatures/{object_link_id}{?with}
Get a single Indicator Signature link.
Example URI
GET /indicators/1/signatures/2?with=sources,pivot.attributes
URI Parameters
- indicator_id
integer(required) Example: 1Indicator ID
- object_link_id
integer(required) Example: 2Object Link ID
- with
string(optional) Example: sources,pivot.attributesA comma-separated list of related objects to include in the response. Options for this endpoint: pivot.comments, pivot.comments.sources, pivot.attributes, pivot.attributes.attribute, pivot.attributes.sources, pivot.sources, sources.
Request
Headers
Authorization: Bearer <access_token>Response
200Object(s) retrieved successfully.
Body
{
"data": {
"id": 2,
"name": "ET EXPLOIT Borland VisiBroker Smart Agent Heap Overflow (2007937:4)",
"description": "",
"hash": "8cf2e60aeb0b7ed9874f2ed379b3f42d",
"value": "alert udp $EXTERNAL_NET any -> $HOME_NET 14000 (msg:\"ET EXPLOIT Borland VisiBroker Smart Agent Heap Overflow\"; content:\"|44 53 52 65 71 75 65 73 74|\"; pcre:\"/[0-9a-zA-Z]{50}/R\"; reference:bugtraq,28084; reference:url,aluigi.altervista.org/adv/visibroken-adv.txt; reference:url,doc.emergingthreats.net/bin/view/Main/2007937; classtype:successful-dos; sid:2007937; rev:4;)",
"status_id": 3,
"type_id": 6,
"last_detected_at": null,
"created_at": "2018-04-04 19:30:18",
"updated_at": "2018-04-04 19:30:18",
"touched_at": "2018-04-04 23:02:46",
"pivot": {
"id": 62261,
"created_at": "2018-04-04 23:02:46",
"updated_at": "2018-04-04 23:02:46",
"comments": [
{
"id": 57,
"object_link_id": 62261,
"value": "This link is important.",
"creator_source_id": 8,
"created_at": "2018-04-04 23:16:40",
"updated_at": "2018-04-04 23:18:42",
"sources": [
{
"id": 8,
"type": "users",
"name": "Threat Quotient",
"expire_days": null,
"score": null,
"created_at": "2018-04-04 19:28:33",
"updated_at": "2018-04-04 19:28:33",
"pivot": {
"id": 57,
"creator_source_id": 8
}
}
]
}
],
"attributes": [
{
"id": 15080,
"object_link_id": 62261,
"attribute_id": 135,
"value": "Universities",
"created_at": "2018-04-04 23:09:28",
"updated_at": "2018-04-04 23:09:28",
"name": "Industry",
"attribute": {
"id": 135,
"name": "Industry",
"created_at": "2018-04-04 20:01:00",
"updated_at": "2018-04-04 20:01:00"
},
"sources": [
{
"id": 8,
"type": "users",
"name": "Threat Quotient",
"tlp_id": null,
"created_at": "-0001-11-30 00:00:00",
"updated_at": "-0001-11-30 00:00:00",
"published_at": null,
"pivot": {
"object_link_attribute_id": 15080,
"source_id": 8,
"id": 3,
"creator_source_id": 0
}
}
]
}
],
"sources": [
{
"id": 8,
"type": "users",
"name": "Threat Quotient",
"tlp_id": null,
"created_at": "2018-04-04 23:02:46",
"updated_at": "2018-04-04 23:02:46",
"published_at": null,
"pivot": {
"object_link_id": 62261,
"source_id": 8,
"id": 24298,
"creator_source_id": 8
}
}
]
},
"sources": [
{
"id": 8,
"type": "users",
"name": "Threat Quotient",
"tlp_id": null,
"created_at": "2018-04-04 19:30:18",
"updated_at": "2018-04-04 19:30:18",
"published_at": null,
"pivot": {
"signature_id": 2,
"source_id": 8,
"id": 2,
"creator_source_id": 8
}
}
]
}
}Response
401Access denied.
Response
404Object not found.
DeleteDELETE/indicators/{indicator_id}/signatures/{object_link_id}
Delete an Indicator Signature link.
Example URI
DELETE /indicators/1/signatures/2
URI Parameters
- indicator_id
integer(required) Example: 1Indicator ID
- object_link_id
integer(required) Example: 2Object Link ID
Request
Headers
Authorization: Bearer <access_token>Response
204Object(s) were successfully deleted.
Response
401Access denied.
Response
404Object not found.
Indicator Signature Attributes List ¶
Get ListGET/indicators/{indicator_id}/signatures/{object_link_id}/attributes{?limit,offset,sort}
Get a list of Indicator Signature link Attributes.
Example URI
GET /indicators/1/signatures/2/attributes?limit=500&offset=100&sort=id
URI Parameters
- indicator_id
integer(required) Example: 1Indicator ID
- object_link_id
integer(required) Example: 2Object Link ID
- limit
integer(optional) Example: 500The maximum number of records to retrieve.
- offset
integer(optional) Example: 100Designate the record that will appear first in your retrieved list.
- sort
string(optional) Example: idDesignate the field(s) you want to use to sort the retrieved list. You can prepend each field with a minus sign (-) to reverse the sorting order. This string can be a list of comma-separated values.
Request
Headers
Authorization: Bearer <access_token>Response
200Object(s) retrieved successfully.
Body
{
"total": 2,
"data": [
{
"id": 15067,
"object_link_id": 62326,
"attribute_id": 136,
"value": "Universities",
"created_at": "2018-04-02 17:46:43",
"updated_at": "2018-04-02 17:50:18",
"name": "Industry",
"attribute": {
"id": 136,
"name": "Industry",
"created_at": "2018-04-02 16:25:21",
"updated_at": "2018-04-02 16:25:21"
}
},
{
"id": 15068,
"object_link_id": 62326,
"attribute_id": 136,
"value": "Mining",
"created_at": "2018-04-02 17:52:14",
"updated_at": "2018-04-02 17:52:14",
"name": "Industry",
"attribute": {
"id": 136,
"name": "Industry",
"created_at": "2018-04-02 16:25:21",
"updated_at": "2018-04-02 16:25:21"
}
}
]
}Response
401Access denied.
Create NewPOST/indicators/{indicator_id}/signatures/{object_link_id}/attributes
Create a new Indicator Signature link Attribute.
Example URI
POST /indicators/1/signatures/2/attributes
URI Parameters
- indicator_id
integer(required) Example: 1Indicator ID
- object_link_id
integer(required) Example: 2Object Link ID
Request
Headers
Content-Type: application/json
Authorization: Bearer <access_token>Body
{
"name": "Port",
"value": "4000",
"sources": [
{
"name": "TQ User",
"tlp": {
"name": "RED"
},
"published_at": "2017-02-28 01:01:01"
}
]
}Response
201Object was created successfully.
Headers
Content-Type: application/jsonBody
{
"data": [
{
"id": 15059,
"object_link_id": 61561,
"attribute_id": 401,
"value": "4000",
"created_at": "2017-03-01 21:47:14",
"updated_at": "2017-03-01 21:47:14",
"deleted_at": null
}
]
}Response
400Validation failed.
Headers
Content-Type: application/jsonBody
{
"errors": [
"Undefined index: value"
]
}Response
401Access denied.
Indicator Signature Attribute ¶
Get SingleGET/indicators/{indicator_id}/signatures/{object_link_id}/attributes/{object_link_attribute_id}
Get a single Indicator Signature link Attribute.
Example URI
GET /indicators/1/signatures/2/attributes/3
URI Parameters
- indicator_id
integer(required) Example: 1Indicator ID
- object_link_id
integer(required) Example: 2Object Link ID
- object_link_attribute_id
integer(required) Example: 3Object Link Attribute ID
Request
Headers
Authorization: Bearer <access_token>Response
200Object(s) retrieved successfully.
Body
{
"data": {
"id": 15068,
"object_link_id": 62326,
"attribute_id": 136,
"value": "Mining",
"created_at": "2018-04-02 17:52:14",
"updated_at": "2018-04-02 17:52:14",
"name": "Industry",
"attribute": {
"id": 136,
"name": "Industry",
"created_at": "2018-04-02 16:25:21",
"updated_at": "2018-04-02 16:25:21"
}
}
}Response
401Access denied.
Response
404Object not found.
UpdatePUT/indicators/{indicator_id}/signatures/{object_link_id}/attributes/{object_link_attribute_id}
Update an Indicator Signature link Attribute.
Example URI
PUT /indicators/1/signatures/2/attributes/3
URI Parameters
- indicator_id
integer(required) Example: 1Indicator ID
- object_link_id
integer(required) Example: 2Object Link ID
- object_link_attribute_id
integer(required) Example: 3Object Link Attribute ID
Request
Headers
Content-Type: application/json
Authorization: Bearer <access_token>Body
{
"value": "New Value",
"tlp": {
"name": "RED"
}
}Response
200Object(s) retrieved successfully.
Body
{
"data": [
{
"id": 15058,
"object_link_id": 61561,
"attribute_id": 14,
"value": "New Value",
"created_at": "2017-01-24 14:54:31",
"updated_at": "2017-03-01 22:13:22",
"deleted_at": null
}
]
}Response
400Validation failed.
Headers
Content-Type: application/jsonBody
{
"errors": [
"Undefined index: value"
]
}Response
401Access denied.
Response
404Object not found.
DeleteDELETE/indicators/{indicator_id}/signatures/{object_link_id}/attributes/{object_link_attribute_id}
Delete an Indicator Signature link Attribute.
Example URI
DELETE /indicators/1/signatures/2/attributes/3
URI Parameters
- indicator_id
integer(required) Example: 1Indicator ID
- object_link_id
integer(required) Example: 2Object Link ID
- object_link_attribute_id
integer(required) Example: 3Object Link Attribute ID
Request
Headers
Authorization: Bearer <access_token>Response
204Object(s) were successfully deleted.
Response
401Access denied.
Response
404Object not found.
Indicator Signature Comments List ¶
Get ListGET/indicators/{indicator_id}/signatures/{object_link_id}/comments{?limit,offset,sort,with}
Get a list of Indicator Signature link Comments.
Example URI
GET /indicators/1/signatures/2/comments?limit=500&offset=100&sort=id&with=sources
URI Parameters
- indicator_id
integer(required) Example: 1Indicator ID
- object_link_id
integer(required) Example: 2Object Link ID
- limit
integer(optional) Example: 500The maximum number of records to retrieve.
- offset
integer(optional) Example: 100Designate the record that will appear first in your retrieved list.
- sort
string(optional) Example: idDesignate the field(s) you want to use to sort the retrieved list. You can prepend each field with a minus sign (-) to reverse the sorting order. This string can be a list of comma-separated values.
- with
string(optional) Example: sourcesA comma-separated list of related objects to include in the response. Options for this endpoint: sources.
Request
Headers
Authorization: Bearer <access_token>Response
200Object(s) retrieved successfully.
Body
{
"total": 2,
"data": [
{
"id": 54,
"object_link_id": 62325,
"value": "This has some suspicious stuff.",
"creator_source_id": 8,
"created_at": "2018-04-02 16:19:51",
"updated_at": "2018-04-02 18:21:06",
"sources": [
{
"id": 8,
"type": "users",
"name": "Threat Quotient",
"expire_days": null,
"score": null,
"created_at": "2018-04-02 15:47:21",
"updated_at": "2018-04-02 15:47:21",
"pivot": {
"id": 54,
"creator_source_id": 8
}
}
]
},
{
"id": 56,
"object_link_id": 62325,
"value": "Compile date: 10/17/2011",
"creator_source_id": 8,
"created_at": "2018-04-02 16:20:25",
"updated_at": "2018-04-02 16:20:25",
"sources": [
{
"id": 8,
"type": "users",
"name": "Threat Quotient",
"expire_days": null,
"score": null,
"created_at": "2018-04-02 15:47:21",
"updated_at": "2018-04-02 15:47:21",
"pivot": {
"id": 56,
"creator_source_id": 8
}
}
]
}
]
}Response
401Access denied.
Create NewPOST/indicators/{indicator_id}/signatures/{object_link_id}/comments
Create a new Indicator Signature link Comment.
Example URI
POST /indicators/1/signatures/2/comments
URI Parameters
- indicator_id
integer(required) Example: 1Indicator ID
- object_link_id
integer(required) Example: 2Object Link ID
Request
Headers
Content-Type: application/json
Authorization: Bearer <access_token>Body
{
"value": "This is a comment."
}Response
201Object was created successfully.
Headers
Content-Type: application/jsonBody
{
"data": {
"creator_source_id": 5,
"id": 69,
"value": "This is a comment.",
"sources": [
{
"id": 5,
"name": "Threat Quotient"
}
],
"created_at": "2017-03-02 14:12:32",
"updated_at": "2017-03-02 14:12:32"
}
}Response
400Validation failed.
Headers
Content-Type: application/jsonBody
{
"errors": [
"Undefined index: value"
]
}Response
401Access denied.
Indicator Signature Comment ¶
Get SingleGET/indicators/{indicator_id}/signatures/{object_link_id}/comments/{object_link_comment_id}
Get a single Indicator Signature link Comment.
Example URI
GET /indicators/1/signatures/2/comments/3
URI Parameters
- indicator_id
integer(required) Example: 1Indicator ID
- object_link_id
integer(required) Example: 2Object Link ID
- object_link_comment_id
integer(required) Example: 3Object Link Comment ID
Request
Headers
Authorization: Bearer <access_token>Response
200Object(s) retrieved successfully.
Body
{
"data": {
"id": 54,
"value": "This is a comment.",
"sources": [
{
"id": 5,
"name": "Threat Quotient"
}
],
"created_at": "2017-03-02 23:18:29",
"updated_at": "2017-03-02 23:18:29"
}
}Response
401Access denied.
Response
404Object not found.
UpdatePUT/indicators/{indicator_id}/signatures/{object_link_id}/comments/{object_link_comment_id}
Update an Indicator Signature link Comment.
Example URI
PUT /indicators/1/signatures/2/comments/3
URI Parameters
- indicator_id
integer(required) Example: 1Indicator ID
- object_link_id
integer(required) Example: 2Object Link ID
- object_link_comment_id
integer(required) Example: 3Object Link Comment ID
Request
Headers
Content-Type: application/json
Authorization: Bearer <access_token>Body
{
"value": "This is an updated comment."
}Response
201Object was created successfully.
Headers
Content-Type: application/jsonBody
{
"data": {
"creator_source_id": 5,
"value": "This is an updated comment.",
"id": 67,
"sources": [
{
"id": 5,
"name": "Threat Quotient"
}
],
"created_at": "2017-02-28 20:18:50",
"updated_at": "2017-03-02 14:37:49"
}
}Response
400Validation failed.
Headers
Content-Type: application/jsonBody
{
"data": {
"creator_source_id": 5,
"errors": {
"value": [
"The value field is required."
]
}
}
}Response
401Access denied.
Response
404Object not found.
DeleteDELETE/indicators/{indicator_id}/signatures/{object_link_id}/comments/{object_link_comment_id}
Delete an Indicator Signature link Comment.
Example URI
DELETE /indicators/1/signatures/2/comments/3
URI Parameters
- indicator_id
integer(required) Example: 1Indicator ID
- object_link_id
integer(required) Example: 2Object Link ID
- object_link_comment_id
integer(required) Example: 3Object Link Comment ID
Request
Headers
Authorization: Bearer <access_token>Response
204Object(s) were successfully deleted.
Response
401Access denied.
Response
404Object not found.
Indicator Sources ¶
Get ListGET/indicators/{indicator_id}/sources{?limit,offset,sort,with}
Get a list of Indicator Sources.
Example URI
GET /indicators/1/sources?limit=500&offset=100&sort=id&with=indicator,tlp
URI Parameters
- indicator_id
integer(required) Example: 1Indicator ID
- limit
integer(optional) Example: 500The maximum number of records to retrieve.
- offset
integer(optional) Example: 100Designate the record that will appear first in your retrieved list.
- sort
string(optional) Example: idDesignate the field(s) you want to use to sort the retrieved list. You can prepend each field with a minus sign (-) to reverse the sorting order. This string can be a list of comma-separated values.
- with
string(optional) Example: indicator,tlpA comma-separated list of related objects to include in the response. Options for this endpoint: indicator, tlp.
Request
Headers
Authorization: Bearer <access_token>Response
200Object(s) retrieved successfully.
Body
{
"total": 4,
"data": [
{
"id": 2,
"indicator_id": 1,
"source_id": 1,
"creator_source_id": 5,
"tlp_id": 2,
"created_at": "2017-04-17 04:35:35",
"updated_at": "2017-04-17 04:35:35",
"published_at": null
},
{
"id": 3,
"indicator_id": 1,
"source_id": 6,
"creator_source_id": 5,
"tlp_id": null,
"created_at": "2017-04-17 04:35:35",
"updated_at": "2017-04-17 04:35:35",
"published_at": "2017-04-17 04:35:35"
},
{
"id": 1,
"indicator_id": 1,
"source_id": 7,
"creator_source_id": 5,
"tlp_id": 3,
"created_at": "2017-04-17 04:35:35",
"updated_at": "2017-04-17 04:35:35",
"published_at": "2017-03-17 04:35:35"
},
{
"id": 4,
"indicator_id": 1,
"source_id": 8,
"creator_source_id": 5,
"tlp_id": null,
"created_at": "2017-04-17 04:35:35",
"updated_at": "2017-04-17 04:35:35",
"published_at": null
}
]
}Response
401Access denied.
Create NewPOST/indicators/{indicator_id}/sources
Create a new Indicator Source.
Example URI
POST /indicators/1/sources
URI Parameters
- indicator_id
integer(required) Example: 1Indicator ID
Request
Headers
Content-Type: application/json
Authorization: Bearer <access_token>Body
{
"name": "Test Source",
"tlp": {
"name": "RED"
}
}Response
201Object was created successfully.
Headers
Content-Type: application/jsonBody
{
"total": 1,
"data": [
{
"id": 18987,
"indicator_id": 1,
"source_id": 10,
"creator_source_id": 5,
"tlp_id": 1,
"created_at": "2017-04-17 09:11:31",
"updated_at": "2017-04-17 09:11:31",
"published_at": null,
"deleted_at": null,
"existing": 0,
"name": "Test Source"
}
]
}Response
400Validation failed.
Headers
Content-Type: application/jsonBody
{
"data": [
{
"errors": {
"name": [
"The name field is required."
]
}
}
]
}Response
401Access denied.
Indicator Source ¶
Get SingleGET/indicators/{indicator_id}/sources/{indicator_source_id}
Get a single Indicator Source.
Example URI
GET /indicators/1/sources/2
URI Parameters
- indicator_id
integer(required) Example: 1Indicator ID
- indicator_source_id
integer(required) Example: 2Indicator Source ID
Request
Headers
Authorization: Bearer <access_token>Response
200Object(s) retrieved successfully.
Body
{
"data": {
"id": 1,
"indicator_id": 1,
"source_id": 13,
"creator_source_id": 8,
"tlp_id": 4,
"created_at": "2018-10-30 20:10:24",
"updated_at": "2018-10-30 20:10:24",
"published_at": null
}
}Response
401Access denied.
Response
404Object not found.
UpdatePUT/indicators/{indicator_id}/sources/{indicator_source_id}
Update an Indicator Source.
Example URI
PUT /indicators/1/sources/2
URI Parameters
- indicator_id
integer(required) Example: 1Indicator ID
- indicator_source_id
integer(required) Example: 2Indicator Source ID
Request
Headers
Content-Type: application/json
Authorization: Bearer <access_token>Body
{
"tlp": {
"name": "RED"
}
}Response
200Object(s) retrieved successfully.
Body
{
"data": {
"id": 1,
"indicator_id": 1,
"source_id": 13,
"creator_source_id": 8,
"tlp_id": 4,
"created_at": "2018-10-30 20:10:24",
"updated_at": "2018-10-30 20:10:24",
"published_at": null
}
}Response
401Access denied.
Response
404Object not found.
DeleteDELETE/indicators/{indicator_id}/sources/{indicator_source_id}
Delete an Indicator Source.
Example URI
DELETE /indicators/1/sources/2
URI Parameters
- indicator_id
integer(required) Example: 1Indicator ID
- indicator_source_id
integer(required) Example: 2Indicator Source ID
Request
Headers
Authorization: Bearer <access_token>Response
204Object(s) were successfully deleted.
Response
401Access denied.
Response
404Object not found.
Indicator Statuses List ¶
Get ListGET/indicator/statuses{?limit,offset,sort,with}
Get a list of Indicator Statuses.
Example URI
GET /indicator/statuses?limit=500&offset=100&sort=id&with=indicators
URI Parameters
- limit
integer(optional) Example: 500The maximum number of records to retrieve.
- offset
integer(optional) Example: 100Designate the record that will appear first in your retrieved list.
- sort
string(optional) Example: idDesignate the field(s) you want to use to sort the retrieved list. You can prepend each field with a minus sign (-) to reverse the sorting order. This string can be a list of comma-separated values.
- with
string(optional) Example: indicatorsA comma-separated list of related objects to include in the response. Options for this endpoint: indicators.
Request
Headers
Authorization: Bearer <access_token>Response
200Object(s) retrieved successfully.
Body
{
"total": 5,
"data": [
{
"id": 1,
"name": "Active",
"description": "Poses a threat and is being exported to detection tools.",
"user_editable": "N",
"visible": "Y",
"include_in_export": "Y",
"protected": "Y",
"created_at": "2017-04-17 04:35:21",
"updated_at": "2017-04-17 04:35:21"
},
{
"id": 2,
"name": "Expired",
"description": "No longer poses a serious threat.",
"user_editable": "N",
"visible": "Y",
"include_in_export": "Y",
"protected": "N",
"created_at": "2017-04-17 04:35:21",
"updated_at": "2017-04-17 04:35:21"
},
{
"id": 3,
"name": "Indirect",
"description": "Associated to an active indicator or event (i.e. pDNS).",
"user_editable": "N",
"visible": "Y",
"include_in_export": "Y",
"protected": "N",
"created_at": "2017-04-17 04:35:21",
"updated_at": "2017-04-17 04:35:21"
},
{
"id": 4,
"name": "Review",
"description": "Requires further analysis.",
"user_editable": "N",
"visible": "Y",
"include_in_export": "Y",
"protected": "N",
"created_at": "2017-04-17 04:35:21",
"updated_at": "2017-04-17 04:35:21"
},
{
"id": 5,
"name": "Whitelisted",
"description": "Poses NO risk and should never be deployed.",
"user_editable": "N",
"visible": "Y",
"include_in_export": "N",
"protected": "Y",
"created_at": "2017-04-17 04:35:21",
"updated_at": "2017-04-17 04:35:21"
}
]
}Response
401Access denied.
Create NewPOST/indicator/statuses
Create a new Indicator Status.
Example URI
POST /indicator/statuses
Request
Headers
Content-Type: application/json
Authorization: Bearer <access_token>Body
{
"name": "Custom Status",
"description": "A custom status",
"user_editable": "Y",
"include_in_export": "Y",
"protected": "N"
}Response
201Object was created successfully.
Headers
Content-Type: application/jsonBody
{
"data": {
"name": "Custom Status",
"user_editable": "Y",
"include_in_export": "Y",
"protected": "N",
"description": "A custom status",
"updated_at": "2017-04-17 09:39:12",
"created_at": "2017-04-17 09:39:12",
"id": 6
}
}Response
401Access denied.
Indicator Status ¶
Get SingleGET/indicator/statuses/{indicator_status_id}{?with}
Get a single Indicator Status.
Example URI
GET /indicator/statuses/2?with=indicators
URI Parameters
- indicator_status_id
integer(required) Example: 2Indicator Status ID
- with
string(optional) Example: indicatorsA comma-separated list of related objects to include in the response. Options for this endpoint: indicators.
Request
Headers
Authorization: Bearer <access_token>Response
200Object(s) retrieved successfully.
Body
{
"data": {
"id": 1,
"name": "Active",
"description": "Poses a threat and is being exported to detection tools.",
"user_editable": "N",
"visible": "Y",
"include_in_export": "Y",
"protected": "Y",
"created_at": "2017-04-17 04:35:21",
"updated_at": "2017-04-17 04:35:21"
}
}Response
401Access denied.
Response
404Object not found.
UpdatePUT/indicator/statuses/{indicator_status_id}{?with}
Update an Indicator Status.
Example URI
PUT /indicator/statuses/2?with=indicators
URI Parameters
- indicator_status_id
integer(required) Example: 2Indicator Status ID
- with
string(optional) Example: indicatorsA comma-separated list of related objects to include in the response. Options for this endpoint: indicators.
Request
Headers
Content-Type: application/json
Authorization: Bearer <access_token>Body
{
"name": "Updated Custom Status",
"description": "An updated custom status",
"user_editable": "N",
"include_in_export": "N",
"protected": "Y"
}Response
201Object was created successfully.
Headers
Content-Type: application/jsonBody
{
"data": {
"id": 6,
"name": "Updated Custom Status",
"description": "An updated custom status",
"user_editable": "N",
"visible": "Y",
"include_in_export": "N",
"protected": "Y",
"created_at": "2017-04-17 09:39:12",
"updated_at": "2017-04-17 09:44:30"
}
}Response
401Access denied.
Response
404Object not found.
DeleteDELETE/indicator/statuses/{indicator_status_id}
Delete an Indicator Status.
Example URI
DELETE /indicator/statuses/2
URI Parameters
- indicator_status_id
integer(required) Example: 2Indicator Status ID
Request
Headers
Authorization: Bearer <access_token>Response
204Object(s) were successfully deleted.
Response
401Access denied.
Response
404Object not found.
Indicator Tag List ¶
Get ListGET/indicators/{indicator_id}/tags{?limit,offset,sort,with}
Get a list of Indicator Tags.
Example URI
GET /indicators/1/tags?limit=500&offset=100&sort=id&with=indicators
URI Parameters
- indicator_id
integer(required) Example: 1Indicator ID
- limit
integer(optional) Example: 500The maximum number of records to retrieve.
- offset
integer(optional) Example: 100Designate the record that will appear first in your retrieved list.
- sort
string(optional) Example: idDesignate the field(s) you want to use to sort the retrieved list. You can prepend each field with a minus sign (-) to reverse the sorting order. This string can be a list of comma-separated values.
- with
string(optional) Example: indicatorsA comma-separated list of related objects to include in the response. Options for this endpoint: indicators.
Request
Headers
Authorization: Bearer <access_token>Response
200Object(s) retrieved successfully.
Body
{
"total": 2,
"data": [
{
"id": 1,
"name": "New Tag Name",
"pivot": {
"object_id": 1,
"tag_id": 1,
"created_at": "2017-03-02 21:22:02",
"updated_at": "2017-03-02 21:22:02"
}
},
{
"id": 2,
"name": "Another New Tag Name",
"pivot": {
"object_id": 1,
"tag_id": 2,
"created_at": "2017-03-02 21:24:30",
"updated_at": "2017-03-02 21:24:30"
}
}
]
}Response
401Access denied.
Create NewPOST/indicators/{indicator_id}/tags
Create a new Indicator Tag.
Example URI
POST /indicators/1/tags
URI Parameters
- indicator_id
integer(required) Example: 1Indicator ID
Request
Headers
Content-Type: application/json
Authorization: Bearer <access_token>Body
{
"name": "Tag Name"
}Response
201Object was created successfully.
Headers
Content-Type: application/jsonBody
{
"total": 1,
"data": [
{
"id": 2,
"name": "Tag Name",
"pivot": {
"object_id": 1,
"tag_id": 2,
"created_at": "2017-03-02 21:24:30",
"updated_at": "2017-03-02 21:24:30"
}
}
]
}Response
400Validation failed.
Headers
Content-Type: application/jsonBody
{
"data": {
"errors": {
"name": [
"The name field is required."
]
}
}
}Response
401Access denied.
Indicator Tag ¶
Get SingleGET/indicators/{indicator_id}/tags/{tag_id}{?with}
Get a single Indicator Tag.
Example URI
GET /indicators/1/tags/2?with=indicators
URI Parameters
- indicator_id
integer(required) Example: 1Indicator ID
- tag_id
integer(required) Example: 2Tag ID
- with
string(optional) Example: indicatorsA comma-separated list of related objects to include in the response. Options for this endpoint: indicators.
Request
Headers
Authorization: Bearer <access_token>Response
200Object(s) retrieved successfully.
Body
{
"data": {
"id": 1,
"name": "Tag Name",
"pivot": {
"object_id": 1,
"tag_id": 1,
"created_at": "2017-03-02 21:22:02",
"updated_at": "2017-03-02 21:22:02"
}
}
}Response
401Access denied.
Response
404Object not found.
DeleteDELETE/indicators/{indicator_id}/tags/{tag_id}
Delete an Indicator Tag.
Example URI
DELETE /indicators/1/tags/2
URI Parameters
- indicator_id
integer(required) Example: 1Indicator ID
- tag_id
integer(required) Example: 2Tag ID
Request
Headers
Authorization: Bearer <access_token>Response
204Object(s) were successfully deleted.
Response
401Access denied.
Response
404Object not found.
Indicator Task List ¶
Get ListGET/indicators/{indicator_id}/tasks{?limit,offset,sort,with}
Get a list of Indicator Task links.
Example URI
GET /indicators/1/tasks?limit=500&offset=100&sort=id&with=pivot.sources,pivot.attributes
URI Parameters
- indicator_id
integer(required) Example: 1Indicator ID
- limit
integer(optional) Example: 500The maximum number of records to retrieve.
- offset
integer(optional) Example: 100Designate the record that will appear first in your retrieved list.
- sort
string(optional) Example: idDesignate the field(s) you want to use to sort the retrieved list. You can prepend each field with a minus sign (-) to reverse the sorting order. This string can be a list of comma-separated values.
- with
string(optional) Example: pivot.sources,pivot.attributesA comma-separated list of related objects to include in the response. Options for this endpoint: pivot.comments, pivot.comments.sources, pivot.attributes, pivot.attributes.attribute, pivot.attributes.sources, pivot.sources.
Request
Headers
Authorization: Bearer <access_token>Response
200Object(s) retrieved successfully.
Body
{
"total": 2,
"data": [
{
"id": 1,
"name": "Investigate",
"description": "This issue should be investigated.",
"status_id": 1,
"priority": "Medium",
"assignee_source_id": 8,
"creator_source_id": 8,
"due_at": "2018-04-10 23:57:08",
"completed_at": null,
"assigned_at": "2018-04-04 23:57:08",
"created_at": "2018-04-04 23:57:08",
"updated_at": "2018-04-04 23:57:29",
"pivot": {
"id": 62263,
"src_type": "adversary",
"src_object_id": 1,
"dest_type": "task",
"dest_object_id": 1,
"created_at": "2018-04-04 23:57:08",
"updated_at": "2018-04-04 23:57:08",
"comments": [
{
"id": 59,
"type": "users",
"value": "This link is also important.",
"created_at": "2018-04-05 00:03:55.818000",
"updated_at": "2018-04-05 00:03:55.818000",
"creator_source_id": 8,
"sources": [
{
"id": 8,
"name": "Threat Quotient"
}
]
}
],
"attributes": [
{
"id": 15082,
"name": "Industry",
"value": "Universities",
"sources": [
{
"id": 5,
"name": "Threat Quotient",
"type": "users",
"pivot": {
"created_at": "0000-00-00 00:00:00",
"updated_at": "0000-00-00 00:00:00"
}
}
]
}
],
"sources": [
{
"id": 24302,
"name": "Threat Quotient",
"type": "users",
"pivot": {
"created_at": "2018-04-04 23:58:35.081000",
"updated_at": "2018-04-04 23:58:35.081000"
}
}
]
}
},
{
"id": 2,
"name": "Research",
"description": "More research should be done on this issue.",
"status_id": 2,
"priority": "High",
"assignee_source_id": 8,
"creator_source_id": 8,
"due_at": "2018-04-10 23:57:08",
"completed_at": null,
"assigned_at": "2018-04-04 23:57:08",
"created_at": "2018-04-04 23:57:08",
"updated_at": "2018-04-04 23:58:19",
"pivot": {
"id": 62264,
"src_type": "adversary",
"src_object_id": 1,
"dest_type": "task",
"dest_object_id": 2,
"created_at": "2018-04-04 23:57:08",
"updated_at": "2018-04-04 23:57:08",
"comments": [
{
"id": 60,
"type": "users",
"value": "This link is important.",
"created_at": "2018-04-05 00:04:02.625000",
"updated_at": "2018-04-05 00:05:12.045000",
"creator_source_id": 8,
"sources": [
{
"id": 8,
"name": "Threat Quotient"
}
]
}
],
"attributes": [
{
"id": 15083,
"name": "Industry",
"value": "Mining",
"sources": [
{
"id": 6,
"name": "Threat Quotient",
"type": "users",
"pivot": {
"created_at": "0000-00-00 00:00:00",
"updated_at": "0000-00-00 00:00:00"
}
}
]
}
],
"sources": [
{
"id": 24304,
"name": "Threat Quotient",
"type": "users",
"pivot": {
"created_at": "2018-04-04 23:58:45.642000",
"updated_at": "2018-04-04 23:58:45.642000"
}
}
]
}
}
],
"limit": 100,
"offset": 0
}Response
401Access denied.
Create NewPOST/indicators/{indicator_id}/tasks
Create a link from a Task to an Indicator.
Example URI
POST /indicators/1/tasks
URI Parameters
- indicator_id
integer(required) Example: 1Indicator ID
Request
Headers
Content-Type: application/json
Authorization: Bearer <access_token>Body
[
{
"id": 2
},
{
"id": 3
}
]Response
201Object was created successfully.
Headers
Content-Type: application/jsonBody
{
"total": 1,
"data": [
{
"id": 2,
"name": "Research",
"description": "More research should be done on this issue.",
"status_id": 2,
"priority": "High",
"assignee_source_id": 8,
"creator_source_id": 8,
"due_at": "2018-04-10 23:57:08",
"completed_at": null,
"assigned_at": "2018-04-04 23:57:08",
"created_at": "2018-04-04 23:57:08",
"updated_at": "2018-04-04 23:58:19",
"pivot": {
"id": 62264,
"created_at": "2018-04-04 23:58:45",
"updated_at": "2018-04-04 23:58:45"
}
}
]
}Response
400Validation failed.
Headers
Content-Type: application/jsonBody
{
"data": [
{
"errors": {
"id": [
"The id field is required."
]
}
}
]
}Response
401Access denied.
Bulk DeleteDELETE/indicators/{indicator_id}/tasks
Delete multiple Indicator Task links. The request should include a list of object_link_ids to be deleted.
Example URI
DELETE /indicators/1/tasks
URI Parameters
- indicator_id
integer(required) Example: 1Indicator ID
Request
Headers
Content-Type: application/json
Authorization: Bearer <access_token>Body
[
62351,
62352
]Response
204Object(s) were successfully deleted.
Response
401Access denied.
Indicator Task ¶
Get SingleGET/indicators/{indicator_id}/tasks/{object_link_id}{?with}
Get a single Indicator Task link.
Example URI
GET /indicators/1/tasks/2?with=pivot.sources,pivot.attributes
URI Parameters
- indicator_id
integer(required) Example: 1Indicator ID
- object_link_id
integer(required) Example: 2Object Link ID
- with
string(optional) Example: pivot.sources,pivot.attributesA comma-separated list of related objects to include in the response. Options for this endpoint: pivot.comments, pivot.comments.sources, pivot.attributes, pivot.attributes.attribute, pivot.attributes.sources, pivot.sources.
Request
Headers
Authorization: Bearer <access_token>Response
200Object(s) retrieved successfully.
Body
{
"data": {
"id": 1,
"name": "Investigate",
"description": "This issue should be investigated.",
"status_id": 1,
"priority": "Medium",
"assignee_source_id": 8,
"creator_source_id": 8,
"due_at": "2018-04-10 23:57:08",
"completed_at": null,
"assigned_at": "2018-04-04 23:57:08",
"created_at": "2018-04-04 23:57:08",
"updated_at": "2018-04-04 23:57:29",
"pivot": {
"id": 62263,
"created_at": "2018-04-04 23:58:35",
"updated_at": "2018-04-04 23:58:35",
"comments": [
{
"id": 59,
"object_link_id": 62263,
"value": "This link is also important.",
"creator_source_id": 8,
"created_at": "2018-04-05 00:03:55",
"updated_at": "2018-04-05 00:03:55",
"sources": [
{
"id": 8,
"type": "users",
"name": "Threat Quotient",
"expire_days": null,
"score": null,
"created_at": "2018-04-04 19:28:33",
"updated_at": "2018-04-04 19:28:33",
"pivot": {
"id": 59,
"creator_source_id": 8
}
}
]
}
],
"attributes": [
{
"id": 15082,
"object_link_id": 62263,
"attribute_id": 135,
"value": "Universities",
"created_at": "2018-04-05 00:00:38",
"updated_at": "2018-04-05 00:00:38",
"name": "Industry",
"attribute": {
"id": 135,
"name": "Industry",
"created_at": "2018-04-04 20:01:00",
"updated_at": "2018-04-04 20:01:00"
},
"sources": [
{
"id": 8,
"type": "users",
"name": "Threat Quotient",
"tlp_id": null,
"created_at": "-0001-11-30 00:00:00",
"updated_at": "-0001-11-30 00:00:00",
"published_at": null,
"pivot": {
"object_link_attribute_id": 15082,
"source_id": 8,
"id": 5,
"creator_source_id": 0
}
}
]
}
],
"sources": [
{
"id": 8,
"type": "users",
"name": "Threat Quotient",
"tlp_id": null,
"created_at": "2018-04-04 23:58:35",
"updated_at": "2018-04-04 23:58:35",
"published_at": null,
"pivot": {
"object_link_id": 62263,
"source_id": 8,
"id": 24302,
"creator_source_id": 8
}
}
]
}
}
}Response
401Access denied.
Response
404Object not found.
DeleteDELETE/indicators/{indicator_id}/tasks/{object_link_id}
Delete an Indicator Task link.
Example URI
DELETE /indicators/1/tasks/2
URI Parameters
- indicator_id
integer(required) Example: 1Indicator ID
- object_link_id
integer(required) Example: 2Object Link ID
Request
Headers
Authorization: Bearer <access_token>Response
204Object(s) were successfully deleted.
Response
401Access denied.
Response
404Object not found.
Indicator Task Attributes List ¶
Get ListGET/indicators/{indicator_id}/tasks/{object_link_id}/attributes{?limit,offset,sort}
Get a list of Indicator Task link Attributes.
Example URI
GET /indicators/1/tasks/2/attributes?limit=500&offset=100&sort=id
URI Parameters
- indicator_id
integer(required) Example: 1Indicator ID
- object_link_id
integer(required) Example: 2Object Link ID
- limit
integer(optional) Example: 500The maximum number of records to retrieve.
- offset
integer(optional) Example: 100Designate the record that will appear first in your retrieved list.
- sort
string(optional) Example: idDesignate the field(s) you want to use to sort the retrieved list. You can prepend each field with a minus sign (-) to reverse the sorting order. This string can be a list of comma-separated values.
Request
Headers
Authorization: Bearer <access_token>Response
200Object(s) retrieved successfully.
Body
{
"total": 2,
"data": [
{
"id": 15067,
"object_link_id": 62326,
"attribute_id": 136,
"value": "Universities",
"created_at": "2018-04-02 17:46:43",
"updated_at": "2018-04-02 17:50:18",
"name": "Industry",
"attribute": {
"id": 136,
"name": "Industry",
"created_at": "2018-04-02 16:25:21",
"updated_at": "2018-04-02 16:25:21"
}
},
{
"id": 15068,
"object_link_id": 62326,
"attribute_id": 136,
"value": "Mining",
"created_at": "2018-04-02 17:52:14",
"updated_at": "2018-04-02 17:52:14",
"name": "Industry",
"attribute": {
"id": 136,
"name": "Industry",
"created_at": "2018-04-02 16:25:21",
"updated_at": "2018-04-02 16:25:21"
}
}
]
}Response
401Access denied.
Create NewPOST/indicators/{indicator_id}/tasks/{object_link_id}/attributes
Create a new Indicator Task link Attribute.
Example URI
POST /indicators/1/tasks/2/attributes
URI Parameters
- indicator_id
integer(required) Example: 1Indicator ID
- object_link_id
integer(required) Example: 2Object Link ID
Request
Headers
Content-Type: application/json
Authorization: Bearer <access_token>Body
{
"name": "Port",
"value": "4000",
"sources": [
{
"name": "TQ User",
"tlp": {
"name": "RED"
},
"published_at": "2017-02-28 01:01:01"
}
]
}Response
201Object was created successfully.
Headers
Content-Type: application/jsonBody
{
"data": [
{
"id": 15059,
"object_link_id": 61561,
"attribute_id": 401,
"value": "4000",
"created_at": "2017-03-01 21:47:14",
"updated_at": "2017-03-01 21:47:14",
"deleted_at": null
}
]
}Response
400Validation failed.
Headers
Content-Type: application/jsonBody
{
"errors": [
"Undefined index: value"
]
}Response
401Access denied.
Indicator Task Attribute ¶
Get SingleGET/indicators/{indicator_id}/tasks/{object_link_id}/attributes/{object_link_attribute_id}
Get a single Indicator Task link Attribute.
Example URI
GET /indicators/1/tasks/2/attributes/3
URI Parameters
- indicator_id
integer(required) Example: 1Indicator ID
- object_link_id
integer(required) Example: 2Object Link ID
- object_link_attribute_id
integer(required) Example: 3Object Link Attribute ID
Request
Headers
Authorization: Bearer <access_token>Response
200Object(s) retrieved successfully.
Body
{
"data": {
"id": 15068,
"object_link_id": 62326,
"attribute_id": 136,
"value": "Mining",
"created_at": "2018-04-02 17:52:14",
"updated_at": "2018-04-02 17:52:14",
"name": "Industry",
"attribute": {
"id": 136,
"name": "Industry",
"created_at": "2018-04-02 16:25:21",
"updated_at": "2018-04-02 16:25:21"
}
}
}Response
401Access denied.
Response
404Object not found.
UpdatePUT/indicators/{indicator_id}/tasks/{object_link_id}/attributes/{object_link_attribute_id}
Update an Indicator Task link Attribute.
Example URI
PUT /indicators/1/tasks/2/attributes/3
URI Parameters
- indicator_id
integer(required) Example: 1Indicator ID
- object_link_id
integer(required) Example: 2Object Link ID
- object_link_attribute_id
integer(required) Example: 3Object Link Attribute ID
Request
Headers
Content-Type: application/json
Authorization: Bearer <access_token>Body
{
"value": "New Value",
"tlp": {
"name": "RED"
}
}Response
200Object(s) retrieved successfully.
Body
{
"data": [
{
"id": 15058,
"object_link_id": 61561,
"attribute_id": 14,
"value": "New Value",
"created_at": "2017-01-24 14:54:31",
"updated_at": "2017-03-01 22:13:22",
"deleted_at": null
}
]
}Response
400Validation failed.
Headers
Content-Type: application/jsonBody
{
"errors": [
"Undefined index: value"
]
}Response
401Access denied.
Response
404Object not found.
DeleteDELETE/indicators/{indicator_id}/tasks/{object_link_id}/attributes/{object_link_attribute_id}
Delete an Indicator Task link Attribute.
Example URI
DELETE /indicators/1/tasks/2/attributes/3
URI Parameters
- indicator_id
integer(required) Example: 1Indicator ID
- object_link_id
integer(required) Example: 2Object Link ID
- object_link_attribute_id
integer(required) Example: 3Object Link Attribute ID
Request
Headers
Authorization: Bearer <access_token>Response
204Object(s) were successfully deleted.
Response
401Access denied.
Response
404Object not found.
Indicator Task Comments List ¶
Get ListGET/indicators/{indicator_id}/tasks/{object_link_id}/comments{?limit,offset,sort,with}
Get a list of Indicator Task link Comments.
Example URI
GET /indicators/1/tasks/2/comments?limit=500&offset=100&sort=id&with=sources
URI Parameters
- indicator_id
integer(required) Example: 1Indicator ID
- object_link_id
integer(required) Example: 2Object Link ID
- limit
integer(optional) Example: 500The maximum number of records to retrieve.
- offset
integer(optional) Example: 100Designate the record that will appear first in your retrieved list.
- sort
string(optional) Example: idDesignate the field(s) you want to use to sort the retrieved list. You can prepend each field with a minus sign (-) to reverse the sorting order. This string can be a list of comma-separated values.
- with
string(optional) Example: sourcesA comma-separated list of related objects to include in the response. Options for this endpoint: sources.
Request
Headers
Authorization: Bearer <access_token>Response
200Object(s) retrieved successfully.
Body
{
"total": 2,
"data": [
{
"id": 54,
"object_link_id": 62325,
"value": "This has some suspicious stuff.",
"creator_source_id": 8,
"created_at": "2018-04-02 16:19:51",
"updated_at": "2018-04-02 18:21:06",
"sources": [
{
"id": 8,
"type": "users",
"name": "Threat Quotient",
"expire_days": null,
"score": null,
"created_at": "2018-04-02 15:47:21",
"updated_at": "2018-04-02 15:47:21",
"pivot": {
"id": 54,
"creator_source_id": 8
}
}
]
},
{
"id": 56,
"object_link_id": 62325,
"value": "Compile date: 10/17/2011",
"creator_source_id": 8,
"created_at": "2018-04-02 16:20:25",
"updated_at": "2018-04-02 16:20:25",
"sources": [
{
"id": 8,
"type": "users",
"name": "Threat Quotient",
"expire_days": null,
"score": null,
"created_at": "2018-04-02 15:47:21",
"updated_at": "2018-04-02 15:47:21",
"pivot": {
"id": 56,
"creator_source_id": 8
}
}
]
}
]
}Response
401Access denied.
Create NewPOST/indicators/{indicator_id}/tasks/{object_link_id}/comments
Create a new Indicator Task link Comment.
Example URI
POST /indicators/1/tasks/2/comments
URI Parameters
- indicator_id
integer(required) Example: 1Indicator ID
- object_link_id
integer(required) Example: 2Object Link ID
Request
Headers
Content-Type: application/json
Authorization: Bearer <access_token>Body
{
"value": "This is a comment."
}Response
201Object was created successfully.
Headers
Content-Type: application/jsonBody
{
"data": {
"creator_source_id": 5,
"id": 69,
"value": "This is a comment.",
"sources": [
{
"id": 5,
"name": "Threat Quotient"
}
],
"created_at": "2017-03-02 14:12:32",
"updated_at": "2017-03-02 14:12:32"
}
}Response
400Validation failed.
Headers
Content-Type: application/jsonBody
{
"errors": [
"Undefined index: value"
]
}Response
401Access denied.
Indicator Task Comment ¶
Get SingleGET/indicators/{indicator_id}/tasks/{object_link_id}/comments/{object_link_comment_id}
Get a single Indicator Task link Comment.
Example URI
GET /indicators/1/tasks/2/comments/3
URI Parameters
- indicator_id
integer(required) Example: 1Indicator ID
- object_link_id
integer(required) Example: 2Object Link ID
- object_link_comment_id
integer(required) Example: 3Object Link Comment ID
Request
Headers
Authorization: Bearer <access_token>Response
200Object(s) retrieved successfully.
Body
{
"data": {
"id": 54,
"value": "This is a comment.",
"sources": [
{
"id": 5,
"name": "Threat Quotient"
}
],
"created_at": "2017-03-02 23:18:29",
"updated_at": "2017-03-02 23:18:29"
}
}Response
401Access denied.
Response
404Object not found.
UpdatePUT/indicators/{indicator_id}/tasks/{object_link_id}/comments/{object_link_comment_id}
Update an Indicator Task link Comment.
Example URI
PUT /indicators/1/tasks/2/comments/3
URI Parameters
- indicator_id
integer(required) Example: 1Indicator ID
- object_link_id
integer(required) Example: 2Object Link ID
- object_link_comment_id
integer(required) Example: 3Object Link Comment ID
Request
Headers
Content-Type: application/json
Authorization: Bearer <access_token>Body
{
"value": "This is an updated comment."
}Response
201Object was created successfully.
Headers
Content-Type: application/jsonBody
{
"data": {
"creator_source_id": 5,
"value": "This is an updated comment.",
"id": 67,
"sources": [
{
"id": 5,
"name": "Threat Quotient"
}
],
"created_at": "2017-02-28 20:18:50",
"updated_at": "2017-03-02 14:37:49"
}
}Response
400Validation failed.
Headers
Content-Type: application/jsonBody
{
"data": {
"creator_source_id": 5,
"errors": {
"value": [
"The value field is required."
]
}
}
}Response
401Access denied.
Response
404Object not found.
DeleteDELETE/indicators/{indicator_id}/tasks/{object_link_id}/comments/{object_link_comment_id}
Delete an Indicator Task link Comment.
Example URI
DELETE /indicators/1/tasks/2/comments/3
URI Parameters
- indicator_id
integer(required) Example: 1Indicator ID
- object_link_id
integer(required) Example: 2Object Link ID
- object_link_comment_id
integer(required) Example: 3Object Link Comment ID
Request
Headers
Authorization: Bearer <access_token>Response
204Object(s) were successfully deleted.
Response
401Access denied.
Response
404Object not found.
Indicator Types List ¶
Get ListGET/indicator/types{?limit,offset,sort,with}
Get a list of Indicator Types.
Example URI
GET /indicator/types?limit=500&offset=100&sort=id&with=indicators,plugins
URI Parameters
- limit
integer(optional) Example: 500The maximum number of records to retrieve.
- offset
integer(optional) Example: 100Designate the record that will appear first in your retrieved list.
- sort
string(optional) Example: idDesignate the field(s) you want to use to sort the retrieved list. You can prepend each field with a minus sign (-) to reverse the sorting order. This string can be a list of comma-separated values.
- with
string(optional) Example: indicators,pluginsA comma-separated list of related objects to include in the response. Options for this endpoint: indicators, plugins, pluginActions, pluginObjectTypes.
Request
Headers
Authorization: Bearer <access_token>Response
200Object(s) retrieved successfully.
Body
{
"total": 24,
"data": [
{
"id": 1,
"name": "CIDR Block",
"class": "network",
"score": null,
"wildcard_matching": "Y",
"created_at": "2017-04-17 04:34:56",
"updated_at": "2017-04-17 04:34:56"
},
{
"id": 2,
"name": "Email Address",
"class": "network",
"score": null,
"wildcard_matching": "Y",
"created_at": "2017-04-17 04:34:56",
"updated_at": "2017-04-17 04:34:56"
},
{
"id": 3,
"name": "Email Attachment",
"class": "network",
"score": null,
"wildcard_matching": "Y",
"created_at": "2017-04-17 04:34:56",
"updated_at": "2017-04-17 04:34:56"
}
]
}Response
401Access denied.
Create NewPOST/indicator/types
Create a new Indicator Type.
Example URI
POST /indicator/types
Request
Headers
Content-Type: application/json
Authorization: Bearer <access_token>Body
{
"score": "7",
"name": "New Type",
"class": "network"
}Response
201Object was created successfully.
Headers
Content-Type: application/jsonBody
{
"data": {
"score": "7",
"name": "New Type",
"class": "network",
"updated_at": "2017-04-17 09:59:53",
"created_at": "2017-04-17 09:59:53",
"id": 25
}
}Response
400Validation failed.
Headers
Content-Type: application/jsonBody
{
"data": {
"errors": {
"name": [
"The name field is required."
],
"class": [
"The class field is required."
]
}
}
}Response
401Access denied.
Indicator Type ¶
Get SingleGET/indicator/types/{indicator_type_id}{?with}
Get a single Indicator Type.
Example URI
GET /indicator/types/2?with=indicators,plugins
URI Parameters
- indicator_type_id
integer(required) Example: 2Indicator Type ID
- with
string(optional) Example: indicators,pluginsA comma-separated list of related objects to include in the response. Options for this endpoint: indicators, plugins, pluginActions, pluginObjectTypes.
Request
Headers
Authorization: Bearer <access_token>Response
200Object(s) retrieved successfully.
Body
{
"data": {
"id": 1,
"name": "CIDR Block",
"class": "network",
"score": null,
"wildcard_matching": "Y",
"created_at": "2017-04-17 04:34:56",
"updated_at": "2017-04-17 04:34:56"
}
}Response
401Access denied.
Response
404Object not found.
UpdatePUT/indicator/types/{indicator_type_id}{?with}
Update an Indicator Type.
Example URI
PUT /indicator/types/2?with=indicators,plugins
URI Parameters
- indicator_type_id
integer(required) Example: 2Indicator Type ID
- with
string(optional) Example: indicators,pluginsA comma-separated list of related objects to include in the response. Options for this endpoint: indicators, plugins, pluginActions, pluginObjectTypes.
Request
Headers
Content-Type: application/json
Authorization: Bearer <access_token>Body
{
"score": "4",
"name": "Updated Type",
"class": "host"
}Response
201Object was created successfully.
Headers
Content-Type: application/jsonBody
{
"data": {
"id": 25,
"name": "Updated Type",
"class": "host",
"score": "4",
"wildcard_matching": "Y",
"created_at": "2017-04-17 09:59:53",
"updated_at": "2017-04-17 10:04:24",
"plugins": []
}
}Response
401Access denied.
Response
404Object not found.
DeleteDELETE/indicator/types/{indicator_type_id}
Delete an Indicator Type.
Example URI
DELETE /indicator/types/2
URI Parameters
- indicator_type_id
integer(required) Example: 2Indicator Type ID
Request
Headers
Authorization: Bearer <access_token>Response
204Object(s) were successfully deleted.
Response
401Access denied.
Response
404Object not found.
Indicator Watchlists ¶
Get SingleGET/indicators/{indicator_id}/watchlist
Get an Indicator in a user’s Watchlist.
Example URI
GET /indicators/1/watchlist
URI Parameters
- indicator_id
integer(required) Example: 1Indicator ID
Request
Headers
Authorization: Bearer <access_token>Response
200Object(s) retrieved successfully.
Body
{
"total": 1,
"data": [
{
"id": 4,
"user_id": 1,
"object_type": "indicator",
"object_id": 1,
"created_at": "2017-04-17 10:20:14",
"updated_at": "2017-04-17 10:20:14",
"indicator": {
"id": 1,
"type_id": 1,
"status_id": 5,
"class": "network",
"hash": "4aba5ab07a3bda558d5d725a09d93ba6",
"value": "37.139.40.0/21",
"last_detected_at": "1980-06-05 03:08:01",
"expires_at": "2017-05-08 00:00:00",
"expired_at": null,
"expires_calculated_at": "2017-04-17 04:41:31",
"created_at": "2017-04-17 04:35:35",
"updated_at": "2017-04-17 04:41:31",
"touched_at": "2017-04-17 09:12:13"
}
}
]
}Response
401Access denied.
Create NewPOST/indicators/{indicator_id}/watchlist
Add an Indicator to the user’s Watchlist.
Example URI
POST /indicators/1/watchlist
URI Parameters
- indicator_id
integer(required) Example: 1Indicator ID
Request
Headers
Authorization: Bearer <access_token>Body
No Request Body.Response
201Object was created successfully.
Headers
Content-Type: application/jsonBody
{
"data": {
"object_type": "indicator",
"user_id": 1,
"object_id": "1",
"updated_at": "2017-04-17 10:20:14",
"created_at": "2017-04-17 10:20:14",
"id": 4
}
}Response
401Access denied.
Indicator Watchlist ¶
Indicator WatchlistDELETE/indicators/{indicator_id}/watchlist/{watchlist_id}
Remove an Indicator from the user’s Watchlist.
Example URI
DELETE /indicators/1/watchlist/2
URI Parameters
- indicator_id
integer(required) Example: 1Indicator ID
- watchlist_id
integer(required) Example: 2Watchlist ID
Request
Headers
Authorization: Bearer <access_token>Response
204Object(s) were successfully deleted.
Response
401Access denied.
Response
404Object not found.
Indicator Watchlist Bulk ¶
Get ListGET/indicators/watchlist
Get all Indicators in a user’s Watchlist. Only users with administrator privileges can see Watchlists for all users.
Example URI
GET /indicators/watchlist
Request
Headers
Authorization: Bearer <access_token>Response
200Object(s) retrieved successfully.
Body
{
"total": 3,
"data": [
{
"id": 1,
"user_id": 1,
"object_type": "indicator",
"object_id": 5,
"created_at": "2017-04-17 10:14:03",
"updated_at": "2017-04-17 10:14:03",
"indicator": {
"id": 5,
"type_id": 1,
"status_id": 4,
"class": "network",
"hash": "ae1ca1c71341cb398c95a19ee90a2d91",
"value": "62.76.182.0/23",
"last_detected_at": "2008-05-19 02:32:11",
"expires_at": null,
"expired_at": null,
"expires_calculated_at": null,
"created_at": "2017-04-17 04:35:35",
"updated_at": "2017-04-17 04:35:35",
"touched_at": "2017-04-17 07:34:31"
}
},
{
"id": 2,
"user_id": 1,
"object_type": "indicator",
"object_id": 6,
"created_at": "2017-04-17 10:14:03",
"updated_at": "2017-04-17 10:14:03",
"indicator": {
"id": 6,
"type_id": 1,
"status_id": 3,
"class": "network",
"hash": "c29d544c60ea24c8aaa4d7bb8e628938",
"value": "62.76.184.0/21",
"last_detected_at": "2012-02-10 08:25:28",
"expires_at": null,
"expired_at": null,
"expires_calculated_at": null,
"created_at": "2017-04-17 04:35:35",
"updated_at": "2017-04-17 04:35:35",
"touched_at": "2017-04-17 07:35:11"
}
},
{
"id": 3,
"user_id": 1,
"object_type": "indicator",
"object_id": 7,
"created_at": "2017-04-17 10:14:03",
"updated_at": "2017-04-17 10:14:03",
"indicator": {
"id": 7,
"type_id": 1,
"status_id": 4,
"class": "network",
"hash": "9bed599bac77d581bd01872112479cb1",
"value": "85.143.160.0/21",
"last_detected_at": "1982-09-05 02:19:35",
"expires_at": null,
"expired_at": null,
"expires_calculated_at": null,
"created_at": "2017-04-17 04:35:35",
"updated_at": "2017-04-17 04:35:35",
"touched_at": "2017-04-17 05:14:58"
}
}
]
}Response
401Access denied.
Create NewPOST/indicators/watchlist
Bulk add Indicators to the user’s Watchlist.
Example URI
POST /indicators/watchlist
Request
Headers
Content-Type: application/json
Authorization: Bearer <access_token>Body
{
"object_ids": [
5,
6,
7
]
}Response
201Object was created successfully.
Headers
Content-Type: application/jsonBody
{
"data": [
{
"object_type": "indicator",
"user_id": 1,
"object_id": "5",
"updated_at": "2017-04-17 10:14:03",
"created_at": "2017-04-17 10:14:03",
"id": 1
},
{
"object_type": "indicator",
"user_id": 1,
"object_id": "6",
"updated_at": "2017-04-17 10:14:03",
"created_at": "2017-04-17 10:14:03",
"id": 2
},
{
"object_type": "indicator",
"user_id": 1,
"object_id": "7",
"updated_at": "2017-04-17 10:14:03",
"created_at": "2017-04-17 10:14:03",
"id": 3
}
]
}Response
401Access denied.
Investigations ¶
Investigation List ¶
Get ListGET/investigations{?limit,offset,sort,with}
Get a list of Investigations.
Example URI
GET /investigations?limit=500&offset=100&sort=id&with=adversaries,attachments
URI Parameters
- limit
integer(optional) Example: 500The maximum number of records to retrieve.
- offset
integer(optional) Example: 100Designate the record that will appear first in your retrieved list.
- sort
string(optional) Example: idDesignate the field(s) you want to use to sort the retrieved list. You can prepend each field with a minus sign (-) to reverse the sorting order. This string can be a list of comma-separated values.
- with
string(optional) Example: adversaries,attachmentsA comma-separated list of related objects to include in the response. Options for this endpoint: adversaries, attachments, attributes, comments, events, indicators, investigations, nodes, priority, signatures, sources, status, tags, tasks, timelines, viewpoints.
Request
Headers
Authorization: Bearer <access_token>Response
200Object(s) retrieved successfully.
Body
{
"total": 2,
"data": [
{
"id": 1,
"name": "Investigation 1",
"user_id": 1,
"status_id": 2,
"priority_id": 1,
"last_updated_by": 1,
"visible": 0,
"data": "{\"data\": \"This is Investigation data.\"}",
"description": "A description of the Investigation.",
"created_at": "2018-01-31 23:35:53",
"updated_at": "2018-02-02 16:34:29",
"priority": {
"id": 1,
"name": "Normal",
"description": "Investigation has a normal priority.",
"user_editable": "N",
"created_at": "2018-01-31 23:26:37",
"updated_at": "2018-01-31 23:26:37"
},
"status": {
"id": 2,
"name": "Closed",
"description": "Investigation is complete.",
"user_editable": "N",
"created_at": "2018-01-31 23:26:37",
"updated_at": "2018-01-31 23:26:37"
}
},
{
"id": 2,
"name": "Investigation 2",
"user_id": 1,
"status_id": 2,
"priority_id": 1,
"last_updated_by": 1,
"visible": 0,
"data": "{\"data\": \"This is Investigation data.\"}",
"description": "A description of the Investigation.",
"created_at": "2018-01-31 23:35:59",
"updated_at": "2018-01-31 23:35:59",
"priority": {
"id": 1,
"name": "Normal",
"description": "Investigation has a normal priority.",
"user_editable": "N",
"created_at": "2018-01-31 23:26:37",
"updated_at": "2018-01-31 23:26:37"
},
"status": {
"id": 2,
"name": "Closed",
"description": "Investigation is complete.",
"user_editable": "N",
"created_at": "2018-01-31 23:26:37",
"updated_at": "2018-01-31 23:26:37"
}
}
]
}Response
401Access denied.
Create NewPOST/investigations
Create a new Investigation.
Example URI
POST /investigations
Request
Headers
Content-Type: application/json
Authorization: Bearer <access_token>Body
{
"name": "Investigation 3",
"description": "A description of the Investigation.",
"priority_id": 1,
"status_id": 2,
"data": "{\"data\": \"This is Investigation data.\"}",
"visible": 0
}Response
201Object was created successfully.
Headers
Content-Type: application/jsonBody
{
"data": {
"visible": "0",
"name": "Investigation 3",
"description": "A description of the Investigation.",
"priority_id": 1,
"status_id": 2,
"data": "{\"data\": \"This is Investigation data.\"}",
"last_updated_by": 1,
"user_id": 1,
"updated_at": "2018-02-28 16:35:06",
"created_at": "2018-02-28 16:35:06",
"id": 6
}
}Response
400Validation failed.
Headers
Content-Type: application/jsonBody
{
"data": {
"visible": "0",
"name": "Investigation 3",
"description": "A description of the Investigation.",
"priority_id": 1,
"status_id": 2,
"data": "{\"data\": \"This is Investigation data.\"}",
"last_updated_by": 1,
"errors": {
"name": [
"The name has already been taken."
]
}
}
}Response
401Access denied.
Investigation ¶
Get SingleGET/investigations/{investigation_id}{?with}
Get a single Investigation.
Example URI
GET /investigations/1?with=adversaries,attachments
URI Parameters
- investigation_id
integer(required) Example: 1Investigation ID
- with
string(optional) Example: adversaries,attachmentsA comma-separated list of related objects to include in the response. Options for this endpoint: adversaries, attachments, attributes, comments, events, indicators, investigations, nodes, priority, signatures, sources, status, tags, tasks, timelines, viewpoints.
Request
Headers
Authorization: Bearer <access_token>Response
200Object(s) retrieved successfully.
Body
{
"data": {
"id": 1,
"name": "Investigation 2",
"user_id": 1,
"status_id": 2,
"priority_id": 1,
"last_updated_by": 1,
"visible": 0,
"data": "{\"data\": \"This is Investigation data.\"}",
"description": "A description of the Investigation.",
"created_at": "2018-01-31 23:35:53",
"updated_at": "2018-02-02 16:34:29",
"priority": {
"id": 1,
"name": "Normal",
"description": "Investigation has a normal priority.",
"user_editable": "N",
"created_at": "2018-01-31 23:26:37",
"updated_at": "2018-01-31 23:26:37"
},
"status": {
"id": 2,
"name": "Closed",
"description": "Investigation is complete.",
"user_editable": "N",
"created_at": "2018-01-31 23:26:37",
"updated_at": "2018-01-31 23:26:37"
}
}
}Response
401Access denied.
Response
404Object not found.
UpdatePUT/investigations/{investigation_id}{?with}
Update a Investigation.
Example URI
PUT /investigations/1?with=adversaries,attachments
URI Parameters
- investigation_id
integer(required) Example: 1Investigation ID
- with
string(optional) Example: adversaries,attachmentsA comma-separated list of related objects to include in the response. Options for this endpoint: adversaries, attachments, attributes, comments, events, indicators, investigations, nodes, priority, signatures, sources, status, tags, tasks, timelines, viewpoints.
Request
Headers
Content-Type: application/json
Authorization: Bearer <access_token>Body
{
"name": "Investigation 3",
"description": "This description was updated.",
"priority_id": "2",
"status_id": 2,
"data": "{\"data\": \"This is updated Investigation data.\"}",
"visible": "1"
}Response
201Object was created successfully.
Headers
Content-Type: application/jsonBody
{
"data": {
"id": 2,
"name": "Investigation 3",
"user_id": 1,
"status_id": 2,
"priority_id": 2,
"last_updated_by": 1,
"visible": 1,
"data": "{\"data\": \"This is updated Investigation data.\"}",
"description": "This description was updated.",
"created_at": "2018-01-31 23:35:59",
"updated_at": "2018-02-05 01:48:53"
}
}Response
401Access denied.
Response
404Object not found.
DeleteDELETE/investigations/{investigation_id}
Delete a Investigation.
Example URI
DELETE /investigations/1
URI Parameters
- investigation_id
integer(required) Example: 1Investigation ID
Request
Headers
Authorization: Bearer <access_token>Response
204Object(s) were successfully deleted.
Response
401Access denied.
Response
404Object not found.
Investigation Adversaries List ¶
Get ListGET/investigations/{investigation_id}/adversaries{?limit,offset,sort,with}
Get a list of Investigation Adversary links.
Example URI
GET /investigations/1/adversaries?limit=500&offset=100&sort=id&with=sources,pivot.attributes
URI Parameters
- investigation_id
integer(required) Example: 1Investigation ID
- limit
integer(optional) Example: 500The maximum number of records to retrieve.
- offset
integer(optional) Example: 100Designate the record that will appear first in your retrieved list.
- sort
string(optional) Example: idDesignate the field(s) you want to use to sort the retrieved list. You can prepend each field with a minus sign (-) to reverse the sorting order. This string can be a list of comma-separated values.
- with
string(optional) Example: sources,pivot.attributesA comma-separated list of related objects to include in the response. Options for this endpoint: pivot.comments, pivot.comments.sources, pivot.attributes, pivot.attributes.attribute, pivot.attributes.sources, pivot.sources, sources.
Request
Headers
Authorization: Bearer <access_token>Response
200Object(s) retrieved successfully.
Body
{
"total": 2,
"data": [
{
"id": 2,
"name": "AMOROUS PANDA",
"created_at": "2018-03-24 03:49:31",
"updated_at": "2018-03-24 03:49:31",
"touched_at": "2018-04-02 16:16:38",
"deleted_at": null,
"sources": [
{
"name": "Customer Observer"
}
],
"pivot": {
"id": 62324,
"src_type": "adversary",
"src_object_id": 1,
"dest_type": "adversary",
"dest_object_id": 2,
"created_at": "2018-04-02 16:16:38",
"updated_at": "2018-04-02 16:16:38",
"comments": [
{
"id": 54,
"type": "users",
"value": "This link is important.",
"source": "Threat Quotient",
"created_at": "2018-04-02 16:19:51.184000",
"updated_at": "2018-04-02 16:23:40.426000",
"creator_source_id": 8
}
],
"attributes": [
{
"id": 15066,
"name": "Industry",
"value": "Hospitals",
"sources": [
{
"id": 2,
"name": "Threat Quotient",
"type": "users",
"pivot": {
"created_at": "2018-04-02 16:17:00.689000",
"updated_at": "2018-04-02 16:17:00.689000"
}
}
]
}
],
"sources": [
{
"id": 24424,
"name": "Threat Quotient",
"type": "users",
"pivot": {
"created_at": "2018-04-02 16:16:38.663000",
"updated_at": "2018-04-02 16:16:38.663000"
}
}
]
}
},
{
"id": 3,
"name": "ANCHOR PANDA",
"created_at": "2018-01-08 23:05:37",
"updated_at": "2018-01-08 23:05:37",
"touched_at": "2018-04-02 16:17:00",
"deleted_at": null,
"sources": [
{
"name": "ThreatQ Front End"
},
{
"name": "Domain Tools"
}
],
"pivot": {
"id": 62325,
"src_type": "adversary",
"src_object_id": 1,
"dest_type": "adversary",
"dest_object_id": 3,
"created_at": "2018-04-02 16:17:00",
"updated_at": "2018-04-02 16:17:00",
"comments": [
{
"id": 56,
"type": "users",
"value": "This link is also important.",
"source": "Threat Quotient",
"created_at": "2018-04-02 16:20:25.327000",
"updated_at": "2018-04-02 16:20:25.327000",
"creator_source_id": 8
}
],
"attributes": [
{
"id": 15065,
"name": "Industry",
"value": "Universities",
"sources": [
{
"id": 1,
"name": "Threat Quotient",
"type": "users",
"pivot": {
"created_at": "2018-04-02 16:17:00.689000",
"updated_at": "2018-04-02 16:17:00.689000"
}
}
]
}
],
"sources": [
{
"id": 24426,
"name": "Threat Quotient",
"type": "users",
"pivot": {
"created_at": "2018-04-02 16:17:00.689000",
"updated_at": "2018-04-02 16:17:00.689000"
}
}
]
}
}
],
"limit": 100,
"offset": 0
}Response
401Access denied.
Create NewPOST/investigations/{investigation_id}/adversaries
Create a link from an Adversary to an Investigation.
Example URI
POST /investigations/1/adversaries
URI Parameters
- investigation_id
integer(required) Example: 1Investigation ID
Request
Headers
Content-Type: application/json
Authorization: Bearer <access_token>Body
[
{
"id": 2
},
{
"id": 3
}
]Response
201Object was created successfully.
Headers
Content-Type: application/jsonBody
{
"total": 2,
"data": [
{
"id": 2,
"name": "AMOROUS PANDA",
"created_at": "2017-03-06 14:05:24",
"updated_at": "2017-03-06 14:05:24",
"touched_at": "2017-03-10 19:25:48",
"pivot": {
"id": 62141,
"created_at": "2017-03-10 19:25:48",
"updated_at": "2017-03-10 19:25:48"
}
},
{
"id": 3,
"name": "ANCHOR PANDA",
"created_at": "2016-12-27 13:45:12",
"updated_at": "2016-12-27 13:45:12",
"touched_at": "2017-03-10 19:25:48",
"pivot": {
"id": 62142,
"created_at": "2017-03-10 19:25:48",
"updated_at": "2017-03-10 19:25:48"
}
}
]
}Response
400Validation failed.
Headers
Content-Type: application/jsonBody
{
"data": [
{
"errors": {
"id": [
"The id field is required."
]
}
}
]
}Response
401Access denied.
Bulk DeleteDELETE/investigations/{investigation_id}/adversaries
Delete multiple Investigation Adversary links. The request should include a list of object_link_ids to be deleted.
Example URI
DELETE /investigations/1/adversaries
URI Parameters
- investigation_id
integer(required) Example: 1Investigation ID
Request
Headers
Content-Type: application/json
Authorization: Bearer <access_token>Body
[
62351,
62352
]Response
204Object(s) were successfully deleted.
Response
401Access denied.
Investigation Adversary ¶
Get SingleGET/investigations/{investigation_id}/adversaries/{object_link_id}{?with}
Get a single Investigation Adversary link.
Example URI
GET /investigations/1/adversaries/2?with=sources,pivot.attributes
URI Parameters
- investigation_id
integer(required) Example: 1Investigation ID
- object_link_id
integer(required) Example: 2Object Link ID
- with
string(optional) Example: sources,pivot.attributesA comma-separated list of related objects to include in the response. Options for this endpoint: pivot.comments, pivot.comments.sources, pivot.attributes, pivot.attributes.attribute, pivot.attributes.sources, pivot.sources, sources.
Request
Headers
Authorization: Bearer <access_token>Response
200Object(s) retrieved successfully.
Body
{
"data": {
"id": 1,
"name": "Advanced Pawn",
"created_at": "2018-01-18 22:47:52",
"updated_at": "2018-01-18 22:47:52",
"touched_at": "2018-04-02 16:17:00",
"pivot": {
"id": 62324,
"created_at": "2018-04-02 16:16:38",
"updated_at": "2018-04-02 16:16:38",
"comments": [
{
"id": 54,
"object_link_id": 62324,
"value": "This link is important.",
"creator_source_id": 8,
"created_at": "2018-04-02 16:19:51",
"updated_at": "2018-04-02 16:23:40",
"sources": [
{
"id": 8,
"type": "users",
"name": "Threat Quotient",
"expire_days": null,
"score": null,
"created_at": "2018-04-02 15:47:21",
"updated_at": "2018-04-02 15:47:21",
"pivot": {
"id": 54,
"creator_source_id": 8
}
}
]
}
],
"attributes": [
{
"id": 15066,
"object_link_id": 62324,
"attribute_id": 136,
"value": "Hospitals",
"created_at": "2018-04-02 16:25:47",
"updated_at": "2018-04-02 16:25:47",
"name": "Industry",
"attribute": {
"id": 136,
"name": "Industry",
"created_at": "2018-04-02 16:25:21",
"updated_at": "2018-04-02 16:25:21"
},
"sources": [
{
"id": 8,
"type": "users",
"name": "Threat Quotient",
"tlp_id": null,
"created_at": "2018-04-02 16:17:00",
"updated_at": "2018-04-02 16:17:00",
"published_at": null,
"pivot": {
"object_link_attribute_id": 15066,
"source_id": 8,
"id": 2,
"creator_source_id": 0
}
}
]
}
],
"sources": [
{
"id": 8,
"type": "users",
"name": "Threat Quotient",
"tlp_id": null,
"created_at": "2018-04-02 16:16:38",
"updated_at": "2018-04-02 16:16:38",
"published_at": null,
"pivot": {
"object_link_id": 62324,
"source_id": 8,
"id": 24424,
"creator_source_id": 8
}
}
]
},
"sources": [
{
"id": 1,
"type": "clients",
"name": "ThreatQ Front End",
"tlp_id": null,
"created_at": "2018-02-05 12:29:56",
"updated_at": "2018-04-02 15:49:40",
"published_at": null,
"pivot": {
"adversary_id": 1,
"source_id": 1,
"id": 1,
"creator_source_id": 1
}
},
{
"id": 7,
"type": "plugins",
"name": "VirusTotal",
"tlp_id": null,
"created_at": "2018-01-31 03:41:47",
"updated_at": "2018-04-02 15:49:40",
"published_at": null,
"pivot": {
"adversary_id": 1,
"source_id": 7,
"id": 2,
"creator_source_id": 7
}
},
{
"id": 8,
"type": "users",
"name": "Threat Quotient",
"tlp_id": null,
"created_at": "2018-03-31 21:31:30",
"updated_at": "2018-04-02 15:49:40",
"published_at": null,
"pivot": {
"adversary_id": 1,
"source_id": 8,
"id": 3,
"creator_source_id": 8
}
}
]
}
}Response
401Access denied.
Response
404Object not found.
DeleteDELETE/investigations/{investigation_id}/adversaries/{object_link_id}
Delete a Investigation Adversary link.
Example URI
DELETE /investigations/1/adversaries/2
URI Parameters
- investigation_id
integer(required) Example: 1Investigation ID
- object_link_id
integer(required) Example: 2Object Link ID
Request
Headers
Authorization: Bearer <access_token>Response
204Object(s) were successfully deleted.
Response
401Access denied.
Response
404Object not found.
Investigation Adversary Attributes List ¶
Get ListGET/investigations/{investigation_id}/adversaries/{object_link_id}/attributes{?limit,offset,sort}
Get a list of Investigation Adversary link Attributes.
Example URI
GET /investigations/1/adversaries/2/attributes?limit=500&offset=100&sort=id
URI Parameters
- investigation_id
integer(required) Example: 1Investigation ID
- object_link_id
integer(required) Example: 2Object Link ID
- limit
integer(optional) Example: 500The maximum number of records to retrieve.
- offset
integer(optional) Example: 100Designate the record that will appear first in your retrieved list.
- sort
string(optional) Example: idDesignate the field(s) you want to use to sort the retrieved list. You can prepend each field with a minus sign (-) to reverse the sorting order. This string can be a list of comma-separated values.
Request
Headers
Authorization: Bearer <access_token>Response
200Object(s) retrieved successfully.
Body
{
"total": 2,
"data": [
{
"id": 15067,
"object_link_id": 62326,
"attribute_id": 136,
"value": "Universities",
"created_at": "2018-04-02 17:46:43",
"updated_at": "2018-04-02 17:50:18",
"name": "Industry",
"attribute": {
"id": 136,
"name": "Industry",
"created_at": "2018-04-02 16:25:21",
"updated_at": "2018-04-02 16:25:21"
}
},
{
"id": 15068,
"object_link_id": 62326,
"attribute_id": 136,
"value": "Mining",
"created_at": "2018-04-02 17:52:14",
"updated_at": "2018-04-02 17:52:14",
"name": "Industry",
"attribute": {
"id": 136,
"name": "Industry",
"created_at": "2018-04-02 16:25:21",
"updated_at": "2018-04-02 16:25:21"
}
}
]
}Response
401Access denied.
Create NewPOST/investigations/{investigation_id}/adversaries/{object_link_id}/attributes
Create a new Investigation Adversary link Attribute.
Example URI
POST /investigations/1/adversaries/2/attributes
URI Parameters
- investigation_id
integer(required) Example: 1Investigation ID
- object_link_id
integer(required) Example: 2Object Link ID
Request
Headers
Content-Type: application/json
Authorization: Bearer <access_token>Body
{
"name": "Port",
"value": "4000",
"sources": [
{
"name": "TQ User",
"tlp": {
"name": "RED"
},
"published_at": "2017-02-28 01:01:01"
}
]
}Response
201Object was created successfully.
Headers
Content-Type: application/jsonBody
{
"data": [
{
"id": 15059,
"object_link_id": 61561,
"attribute_id": 401,
"value": "4000",
"created_at": "2017-03-01 21:47:14",
"updated_at": "2017-03-01 21:47:14",
"deleted_at": null
}
]
}Response
400Validation failed.
Headers
Content-Type: application/jsonBody
{
"errors": [
"Undefined index: value"
]
}Response
401Access denied.
Investigation Adversary Attribute ¶
Get SingleGET/investigations/{investigation_id}/adversaries/{object_link_id}/attributes/{object_link_attribute_id}
Get a single Investigation Adversary link Attribute.
Example URI
GET /investigations/1/adversaries/2/attributes/3
URI Parameters
- investigation_id
integer(required) Example: 1Investigation ID
- object_link_id
integer(required) Example: 2Object Link ID
- object_link_attribute_id
integer(required) Example: 3Object Link Attribute ID
Request
Headers
Authorization: Bearer <access_token>Response
200Object(s) retrieved successfully.
Body
{
"data": {
"id": 15068,
"object_link_id": 62326,
"attribute_id": 136,
"value": "Mining",
"created_at": "2018-04-02 17:52:14",
"updated_at": "2018-04-02 17:52:14",
"name": "Industry",
"attribute": {
"id": 136,
"name": "Industry",
"created_at": "2018-04-02 16:25:21",
"updated_at": "2018-04-02 16:25:21"
}
}
}Response
401Access denied.
Response
404Object not found.
UpdatePUT/investigations/{investigation_id}/adversaries/{object_link_id}/attributes/{object_link_attribute_id}
Update an Investigation Adversary link Attribute.
Example URI
PUT /investigations/1/adversaries/2/attributes/3
URI Parameters
- investigation_id
integer(required) Example: 1Investigation ID
- object_link_id
integer(required) Example: 2Object Link ID
- object_link_attribute_id
integer(required) Example: 3Object Link Attribute ID
Request
Headers
Content-Type: application/json
Authorization: Bearer <access_token>Body
{
"value": "New Value",
"tlp": {
"name": "RED"
}
}Response
200Object(s) retrieved successfully.
Body
{
"data": [
{
"id": 15058,
"object_link_id": 61561,
"attribute_id": 14,
"value": "New Value",
"created_at": "2017-01-24 14:54:31",
"updated_at": "2017-03-01 22:13:22",
"deleted_at": null
}
]
}Response
400Validation failed.
Headers
Content-Type: application/jsonBody
{
"errors": [
"Undefined index: value"
]
}Response
401Access denied.
Response
404Object not found.
DeleteDELETE/investigations/{investigation_id}/adversaries/{object_link_id}/attributes/{object_link_attribute_id}
Delete an Investigation Adversary link Attribute.
Example URI
DELETE /investigations/1/adversaries/2/attributes/3
URI Parameters
- investigation_id
integer(required) Example: 1Investigation ID
- object_link_id
integer(required) Example: 2Object Link ID
- object_link_attribute_id
integer(required) Example: 3Object Link Attribute ID
Request
Headers
Authorization: Bearer <access_token>Response
204Object(s) were successfully deleted.
Response
401Access denied.
Response
404Object not found.
Investigation Adversary Comments List ¶
Get ListGET/investigations/{investigation_id}/adversaries/{object_link_id}/comments{?limit,offset,sort,with}
Get a list of Investigation Adversary link Comments.
Example URI
GET /investigations/1/adversaries/2/comments?limit=500&offset=100&sort=id&with=sources
URI Parameters
- investigation_id
integer(required) Example: 1Investigation ID
- object_link_id
integer(required) Example: 2Object Link ID
- limit
integer(optional) Example: 500The maximum number of records to retrieve.
- offset
integer(optional) Example: 100Designate the record that will appear first in your retrieved list.
- sort
string(optional) Example: idDesignate the field(s) you want to use to sort the retrieved list. You can prepend each field with a minus sign (-) to reverse the sorting order. This string can be a list of comma-separated values.
- with
string(optional) Example: sourcesA comma-separated list of related objects to include in the response. Options for this endpoint: sources.
Request
Headers
Authorization: Bearer <access_token>Response
200Object(s) retrieved successfully.
Body
{
"total": 2,
"data": [
{
"id": 54,
"object_link_id": 62325,
"value": "This has some suspicious stuff.",
"creator_source_id": 8,
"created_at": "2018-04-02 16:19:51",
"updated_at": "2018-04-02 18:21:06",
"sources": [
{
"id": 8,
"type": "users",
"name": "Threat Quotient",
"expire_days": null,
"score": null,
"created_at": "2018-04-02 15:47:21",
"updated_at": "2018-04-02 15:47:21",
"pivot": {
"id": 54,
"creator_source_id": 8
}
}
]
},
{
"id": 56,
"object_link_id": 62325,
"value": "Compile date: 10/17/2011",
"creator_source_id": 8,
"created_at": "2018-04-02 16:20:25",
"updated_at": "2018-04-02 16:20:25",
"sources": [
{
"id": 8,
"type": "users",
"name": "Threat Quotient",
"expire_days": null,
"score": null,
"created_at": "2018-04-02 15:47:21",
"updated_at": "2018-04-02 15:47:21",
"pivot": {
"id": 56,
"creator_source_id": 8
}
}
]
}
]
}Response
401Access denied.
Create NewPOST/investigations/{investigation_id}/adversaries/{object_link_id}/comments
Create a new Investigation Adversary link Comment.
Example URI
POST /investigations/1/adversaries/2/comments
URI Parameters
- investigation_id
integer(required) Example: 1Investigation ID
- object_link_id
integer(required) Example: 2Object Link ID
Request
Headers
Content-Type: application/json
Authorization: Bearer <access_token>Body
{
"value": "This is a comment."
}Response
201Object was created successfully.
Headers
Content-Type: application/jsonBody
{
"data": {
"creator_source_id": 5,
"id": 69,
"value": "This is a comment.",
"sources": [
{
"id": 5,
"name": "Threat Quotient"
}
],
"created_at": "2017-03-02 14:12:32",
"updated_at": "2017-03-02 14:12:32"
}
}Response
400Validation failed.
Headers
Content-Type: application/jsonBody
{
"errors": [
"Undefined index: value"
]
}Response
401Access denied.
Investigation Adversary Comment ¶
Get SingleGET/investigations/{investigation_id}/adversaries/{object_link_id}/comments/{object_link_comment_id}
Get a single Investigation Adversary link Comment.
Example URI
GET /investigations/1/adversaries/2/comments/3
URI Parameters
- investigation_id
integer(required) Example: 1Investigation ID
- object_link_id
integer(required) Example: 2Object Link ID
- object_link_comment_id
integer(required) Example: 3Object Link Comment ID
Request
Headers
Authorization: Bearer <access_token>Response
200Object(s) retrieved successfully.
Body
{
"data": {
"id": 54,
"value": "This is a comment.",
"sources": [
{
"id": 5,
"name": "Threat Quotient"
}
],
"created_at": "2017-03-02 23:18:29",
"updated_at": "2017-03-02 23:18:29"
}
}Response
401Access denied.
Response
404Object not found.
UpdatePUT/investigations/{investigation_id}/adversaries/{object_link_id}/comments/{object_link_comment_id}
Update an Investigation Adversary link Comment.
Example URI
PUT /investigations/1/adversaries/2/comments/3
URI Parameters
- investigation_id
integer(required) Example: 1Investigation ID
- object_link_id
integer(required) Example: 2Object Link ID
- object_link_comment_id
integer(required) Example: 3Object Link Comment ID
Request
Headers
Content-Type: application/json
Authorization: Bearer <access_token>Body
{
"value": "This is an updated comment."
}Response
201Object was created successfully.
Headers
Content-Type: application/jsonBody
{
"data": {
"creator_source_id": 5,
"value": "This is an updated comment.",
"id": 67,
"sources": [
{
"id": 5,
"name": "Threat Quotient"
}
],
"created_at": "2017-02-28 20:18:50",
"updated_at": "2017-03-02 14:37:49"
}
}Response
400Validation failed.
Headers
Content-Type: application/jsonBody
{
"data": {
"creator_source_id": 5,
"errors": {
"value": [
"The value field is required."
]
}
}
}Response
401Access denied.
Response
404Object not found.
DeleteDELETE/investigations/{investigation_id}/adversaries/{object_link_id}/comments/{object_link_comment_id}
Delete an Investigation Adversary link Comment.
Example URI
DELETE /investigations/1/adversaries/2/comments/3
URI Parameters
- investigation_id
integer(required) Example: 1Investigation ID
- object_link_id
integer(required) Example: 2Object Link ID
- object_link_comment_id
integer(required) Example: 3Object Link Comment ID
Request
Headers
Authorization: Bearer <access_token>Response
204Object(s) were successfully deleted.
Response
401Access denied.
Response
404Object not found.
Investigation Attachments List ¶
Get ListGET/investigations/{investigation_id}/attachments{?limit,offset,sort,with}
Get a list of Investigation Attachment links.
Example URI
GET /investigations/1/attachments?limit=500&offset=100&sort=id&with=sources,pivot.attributes
URI Parameters
- investigation_id
integer(required) Example: 1Investigation ID
- limit
integer(optional) Example: 500The maximum number of records to retrieve.
- offset
integer(optional) Example: 100Designate the record that will appear first in your retrieved list.
- sort
string(optional) Example: idDesignate the field(s) you want to use to sort the retrieved list. You can prepend each field with a minus sign (-) to reverse the sorting order. This string can be a list of comma-separated values.
- with
string(optional) Example: sources,pivot.attributesA comma-separated list of related objects to include in the response. Options for this endpoint: pivot.comments, pivot.comments.sources, pivot.attributes, pivot.attributes.attribute, pivot.attributes.sources, pivot.sources, sources.
Request
Headers
Authorization: Bearer <access_token>Response
200Object(s) retrieved successfully.
Body
{
"total": 2,
"data": [
{
"id": 2,
"type_id": 19,
"title": "Honeybooboo.sh",
"name": "Honeybooboo.sh",
"hash": "4ece432b22f92461f9c4d2de2656d3e3",
"content_type_id": 2,
"file_size": 75,
"path": "6/b/d/0/d/c/1/2/e/5/d/f/a/0/4/3/e/b/4/9/6/0/9/f/a/4/7/c/4/f/1/0",
"malware_locked": "0",
"placeholder": 0,
"description": null,
"created_at": "2018-04-02 15:47:22",
"updated_at": "2018-04-02 15:47:22",
"touched_at": "2018-04-02 17:39:18",
"deleted_at": null,
"sources": [
{
"name": "Threat Quotient"
}
],
"pivot": {
"id": 62326,
"src_type": "adversary",
"src_object_id": 1,
"dest_type": "attachment",
"dest_object_id": 2,
"created_at": "2018-04-02 17:39:18",
"updated_at": "2018-04-02 17:39:18",
"comments": [
{
"id": 57,
"type": "users",
"value": "This link is important.",
"source": "Threat Quotient",
"created_at": "2018-04-02 17:54:58.936000",
"updated_at": "2018-04-02 17:55:15.039000",
"creator_source_id": 8
}
],
"attributes": [
{
"id": 15067,
"name": "Industry",
"value": "Universities",
"sources": [
{
"id": 3,
"name": "Threat Quotient",
"type": "users",
"pivot": {
"created_at": "2018-04-02 16:17:00.689000",
"updated_at": "2018-04-02 16:17:00.689000"
}
}
]
}
],
"sources": [
{
"id": 24428,
"name": "Threat Quotient",
"type": "users",
"pivot": {
"created_at": "2018-04-02 17:39:18.781000",
"updated_at": "2018-04-02 17:39:18.781000"
}
}
]
}
},
{
"id": 1,
"type_id": 10,
"title": "parsing-sample.pdf",
"name": "parsing-sample.pdf",
"hash": "89e17b2f6cd3888864237b0ee10048f0",
"content_type_id": 1,
"file_size": 11300,
"path": "e/a/f/d/d/7/1/e/5/c/e/1/1/9/b/0/5/6/4/a/6/d/5/9/a/2/3/5/3/1/0/4",
"malware_locked": "0",
"placeholder": 0,
"description": null,
"created_at": "2018-04-02 15:47:22",
"updated_at": "2018-04-02 15:47:22",
"touched_at": "2018-04-02 17:40:48",
"deleted_at": null,
"sources": [
{
"name": "Threat Quotient"
}
],
"pivot": {
"id": 62327,
"src_type": "adversary",
"src_object_id": 1,
"dest_type": "attachment",
"dest_object_id": 1,
"created_at": "2018-04-02 17:40:48",
"updated_at": "2018-04-02 17:40:48",
"comments": [
{
"id": 58,
"type": "users",
"value": "This link is also important.",
"source": "Threat Quotient",
"created_at": "2018-04-02 17:55:30.995000",
"updated_at": "2018-04-02 17:55:30.995000",
"creator_source_id": 8
}
],
"attributes": [
{
"id": 15068,
"name": "Industry",
"value": "Mining",
"sources": [
{
"id": 4,
"name": "Threat Quotient",
"type": "users",
"pivot": {
"created_at": "2018-04-02 16:17:00.689000",
"updated_at": "2018-04-02 16:17:00.689000"
}
}
]
}
],
"sources": [
{
"id": 24430,
"name": "Threat Quotient",
"type": "users",
"pivot": {
"created_at": "2018-04-02 17:40:48.310000",
"updated_at": "2018-04-02 17:40:48.310000"
}
}
]
}
}
],
"limit": 100,
"offset": 0
}Response
401Access denied.
Create NewPOST/investigations/{investigation_id}/attachments
Create a link from an Attachment to a Investigation.
Example URI
POST /investigations/1/attachments
URI Parameters
- investigation_id
integer(required) Example: 1Investigation ID
Request
Headers
Content-Type: application/json
Authorization: Bearer <access_token>Body
[
{
"id": 2
},
{
"id": 3
}
]Response
201Object was created successfully.
Headers
Content-Type: application/jsonBody
{
"total": 1,
"data": [
{
"id": 3,
"type_id": 3,
"title": "EXE like script",
"name": "Honeybooboo.sh",
"hash": "51774564f8d78fbddbfa22e1e7459af4",
"content_type_id": 1,
"file_size": 234234,
"malware_locked": 1,
"description": null,
"created_at": "2017-02-23 20:02:18",
"updated_at": "2017-02-23 20:02:18",
"touched_at": "2017-03-01 16:51:15",
"pivot": {
"id": 62394,
"created_at": "2017-03-01 16:51:15",
"updated_at": "2017-03-01 16:51:15"
}
}
]
}Response
400Validation failed.
Headers
Content-Type: application/jsonBody
{
"data": [
{
"errors": {
"id": [
"The id field is required."
]
}
}
]
}Response
401Access denied.
Bulk DeleteDELETE/investigations/{investigation_id}/attachments
Delete multiple Investigation Attachment links. The request should include a list of object_link_ids to be deleted.
Example URI
DELETE /investigations/1/attachments
URI Parameters
- investigation_id
integer(required) Example: 1Investigation ID
Request
Headers
Content-Type: application/json
Authorization: Bearer <access_token>Body
[
62351,
62352
]Response
204Object(s) were successfully deleted.
Response
401Access denied.
Investigation Attachment ¶
Get SingleGET/investigations/{investigation_id}/attachments/{object_link_id}{?with}
Get a single Investigation Attachment link.
Example URI
GET /investigations/1/attachments/2?with=sources,pivot.attributes
URI Parameters
- investigation_id
integer(required) Example: 1Investigation ID
- object_link_id
integer(required) Example: 2Object Link ID
- with
string(optional) Example: sources,pivot.attributesA comma-separated list of related objects to include in the response. Options for this endpoint: pivot.comments, pivot.comments.sources, pivot.attributes, pivot.attributes.attribute, pivot.attributes.sources, pivot.sources, sources.
Request
Headers
Authorization: Bearer <access_token>Response
200Object(s) retrieved successfully.
Body
{
"data": {
"id": 2,
"type_id": 19,
"title": "Honeybooboo.sh",
"name": "Honeybooboo.sh",
"hash": "4ece432b22f92461f9c4d2de2656d3e3",
"content_type_id": 2,
"file_size": 75,
"malware_locked": 0,
"placeholder": 0,
"description": null,
"created_at": "2018-04-02 15:47:22",
"updated_at": "2018-04-02 15:47:22",
"touched_at": "2018-04-02 17:39:18",
"pivot": {
"id": 62326,
"created_at": "2018-04-02 17:39:18",
"updated_at": "2018-04-02 17:39:18",
"comments": [
{
"id": 57,
"object_link_id": 62326,
"value": "This link is important.",
"creator_source_id": 8,
"created_at": "2018-04-02 17:54:58",
"updated_at": "2018-04-02 17:55:15",
"sources": [
{
"id": 8,
"type": "users",
"name": "Threat Quotient",
"expire_days": null,
"score": null,
"created_at": "2018-04-02 15:47:21",
"updated_at": "2018-04-02 15:47:21",
"pivot": {
"id": 57,
"creator_source_id": 8
}
}
]
}
],
"attributes": [
{
"id": 15067,
"object_link_id": 62326,
"attribute_id": 136,
"value": "Universities",
"created_at": "2018-04-02 17:46:43",
"updated_at": "2018-04-02 17:50:18",
"name": "Industry",
"attribute": {
"id": 136,
"name": "Industry",
"created_at": "2018-04-02 16:25:21",
"updated_at": "2018-04-02 16:25:21"
},
"sources": [
{
"id": 8,
"type": "users",
"name": "Threat Quotient",
"tlp_id": null,
"created_at": "2018-04-02 16:17:00",
"updated_at": "2018-04-02 16:17:00",
"published_at": null,
"pivot": {
"object_link_attribute_id": 15067,
"source_id": 8,
"id": 3,
"creator_source_id": 0
}
}
]
}
],
"sources": [
{
"id": 8,
"type": "users",
"name": "Threat Quotient",
"tlp_id": null,
"created_at": "2018-04-02 17:39:18",
"updated_at": "2018-04-02 17:39:18",
"published_at": null,
"pivot": {
"object_link_id": 62326,
"source_id": 8,
"id": 24428,
"creator_source_id": 8
}
}
]
},
"sources": [
{
"id": 8,
"type": "users",
"name": "Threat Quotient",
"tlp_id": null,
"created_at": "2018-04-02 15:47:22",
"updated_at": "2018-04-02 15:47:22",
"published_at": null,
"pivot": {
"attachment_id": 2,
"source_id": 8,
"id": 2,
"creator_source_id": 8
}
}
]
}
}Response
401Access denied.
Response
404Object not found.
DeleteDELETE/investigations/{investigation_id}/attachments/{object_link_id}
Delete a Investigation Attachment link.
Example URI
DELETE /investigations/1/attachments/2
URI Parameters
- investigation_id
integer(required) Example: 1Investigation ID
- object_link_id
integer(required) Example: 2Object Link ID
Request
Headers
Authorization: Bearer <access_token>Response
204Object(s) were successfully deleted.
Response
401Access denied.
Response
404Object not found.
Investigation Attachment Attributes List ¶
Get ListGET/investigations/{investigation_id}/attachments/{object_link_id}/attributes{?limit,offset,sort}
Get a list of Investigation Attachment link Attributes.
Example URI
GET /investigations/1/attachments/2/attributes?limit=500&offset=100&sort=id
URI Parameters
- investigation_id
integer(required) Example: 1Investigation ID
- object_link_id
integer(required) Example: 2Object Link ID
- limit
integer(optional) Example: 500The maximum number of records to retrieve.
- offset
integer(optional) Example: 100Designate the record that will appear first in your retrieved list.
- sort
string(optional) Example: idDesignate the field(s) you want to use to sort the retrieved list. You can prepend each field with a minus sign (-) to reverse the sorting order. This string can be a list of comma-separated values.
Request
Headers
Authorization: Bearer <access_token>Response
200Object(s) retrieved successfully.
Body
{
"total": 2,
"data": [
{
"id": 15067,
"object_link_id": 62326,
"attribute_id": 136,
"value": "Universities",
"created_at": "2018-04-02 17:46:43",
"updated_at": "2018-04-02 17:50:18",
"name": "Industry",
"attribute": {
"id": 136,
"name": "Industry",
"created_at": "2018-04-02 16:25:21",
"updated_at": "2018-04-02 16:25:21"
}
},
{
"id": 15068,
"object_link_id": 62326,
"attribute_id": 136,
"value": "Mining",
"created_at": "2018-04-02 17:52:14",
"updated_at": "2018-04-02 17:52:14",
"name": "Industry",
"attribute": {
"id": 136,
"name": "Industry",
"created_at": "2018-04-02 16:25:21",
"updated_at": "2018-04-02 16:25:21"
}
}
]
}Response
401Access denied.
Create NewPOST/investigations/{investigation_id}/attachments/{object_link_id}/attributes
Create a new Investigation Attachment link Attribute.
Example URI
POST /investigations/1/attachments/2/attributes
URI Parameters
- investigation_id
integer(required) Example: 1Investigation ID
- object_link_id
integer(required) Example: 2Object Link ID
Request
Headers
Content-Type: application/json
Authorization: Bearer <access_token>Body
{
"name": "Port",
"value": "4000",
"sources": [
{
"name": "TQ User",
"tlp": {
"name": "RED"
},
"published_at": "2017-02-28 01:01:01"
}
]
}Response
201Object was created successfully.
Headers
Content-Type: application/jsonBody
{
"data": [
{
"id": 15059,
"object_link_id": 61561,
"attribute_id": 401,
"value": "4000",
"created_at": "2017-03-01 21:47:14",
"updated_at": "2017-03-01 21:47:14",
"deleted_at": null
}
]
}Response
400Validation failed.
Headers
Content-Type: application/jsonBody
{
"errors": [
"Undefined index: value"
]
}Response
401Access denied.
Investigation Attachment Attribute ¶
Get SingleGET/investigations/{investigation_id}/attachments/{object_link_id}/attributes/{object_link_attribute_id}
Get a single Investigation Attachment link Attribute.
Example URI
GET /investigations/1/attachments/2/attributes/3
URI Parameters
- investigation_id
integer(required) Example: 1Investigation ID
- object_link_id
integer(required) Example: 2Object Link ID
- object_link_attribute_id
integer(required) Example: 3Object Link Attribute ID
Request
Headers
Authorization: Bearer <access_token>Response
200Object(s) retrieved successfully.
Body
{
"data": {
"id": 15068,
"object_link_id": 62326,
"attribute_id": 136,
"value": "Mining",
"created_at": "2018-04-02 17:52:14",
"updated_at": "2018-04-02 17:52:14",
"name": "Industry",
"attribute": {
"id": 136,
"name": "Industry",
"created_at": "2018-04-02 16:25:21",
"updated_at": "2018-04-02 16:25:21"
}
}
}Response
401Access denied.
Response
404Object not found.
UpdatePUT/investigations/{investigation_id}/attachments/{object_link_id}/attributes/{object_link_attribute_id}
Update an Investigation Attachment link Attribute.
Example URI
PUT /investigations/1/attachments/2/attributes/3
URI Parameters
- investigation_id
integer(required) Example: 1Investigation ID
- object_link_id
integer(required) Example: 2Object Link ID
- object_link_attribute_id
integer(required) Example: 3Object Link Attribute ID
Request
Headers
Content-Type: application/json
Authorization: Bearer <access_token>Body
{
"value": "New Value",
"tlp": {
"name": "RED"
}
}Response
200Object(s) retrieved successfully.
Body
{
"data": [
{
"id": 15058,
"object_link_id": 61561,
"attribute_id": 14,
"value": "New Value",
"created_at": "2017-01-24 14:54:31",
"updated_at": "2017-03-01 22:13:22",
"deleted_at": null
}
]
}Response
400Validation failed.
Headers
Content-Type: application/jsonBody
{
"errors": [
"Undefined index: value"
]
}Response
401Access denied.
Response
404Object not found.
DeleteDELETE/investigations/{investigation_id}/attachments/{object_link_id}/attributes/{object_link_attribute_id}
Delete an Investigation Attachment link Attribute.
Example URI
DELETE /investigations/1/attachments/2/attributes/3
URI Parameters
- investigation_id
integer(required) Example: 1Investigation ID
- object_link_id
integer(required) Example: 2Object Link ID
- object_link_attribute_id
integer(required) Example: 3Object Link Attribute ID
Request
Headers
Authorization: Bearer <access_token>Response
204Object(s) were successfully deleted.
Response
401Access denied.
Response
404Object not found.
Investigation Attachment Comments List ¶
Get ListGET/investigations/{investigation_id}/attachments/{object_link_id}/comments{?limit,offset,sort,with}
Get a list of Investigation Attachment link Comments.
Example URI
GET /investigations/1/attachments/2/comments?limit=500&offset=100&sort=id&with=sources
URI Parameters
- investigation_id
integer(required) Example: 1Investigation ID
- object_link_id
integer(required) Example: 2Object Link ID
- limit
integer(optional) Example: 500The maximum number of records to retrieve.
- offset
integer(optional) Example: 100Designate the record that will appear first in your retrieved list.
- sort
string(optional) Example: idDesignate the field(s) you want to use to sort the retrieved list. You can prepend each field with a minus sign (-) to reverse the sorting order. This string can be a list of comma-separated values.
- with
string(optional) Example: sourcesA comma-separated list of related objects to include in the response. Options for this endpoint: sources.
Request
Headers
Authorization: Bearer <access_token>Response
200Object(s) retrieved successfully.
Body
{
"total": 2,
"data": [
{
"id": 54,
"object_link_id": 62325,
"value": "This has some suspicious stuff.",
"creator_source_id": 8,
"created_at": "2018-04-02 16:19:51",
"updated_at": "2018-04-02 18:21:06",
"sources": [
{
"id": 8,
"type": "users",
"name": "Threat Quotient",
"expire_days": null,
"score": null,
"created_at": "2018-04-02 15:47:21",
"updated_at": "2018-04-02 15:47:21",
"pivot": {
"id": 54,
"creator_source_id": 8
}
}
]
},
{
"id": 56,
"object_link_id": 62325,
"value": "Compile date: 10/17/2011",
"creator_source_id": 8,
"created_at": "2018-04-02 16:20:25",
"updated_at": "2018-04-02 16:20:25",
"sources": [
{
"id": 8,
"type": "users",
"name": "Threat Quotient",
"expire_days": null,
"score": null,
"created_at": "2018-04-02 15:47:21",
"updated_at": "2018-04-02 15:47:21",
"pivot": {
"id": 56,
"creator_source_id": 8
}
}
]
}
]
}Response
401Access denied.
Create NewPOST/investigations/{investigation_id}/attachments/{object_link_id}/comments
Create a new Investigation Attachment link Comment.
Example URI
POST /investigations/1/attachments/2/comments
URI Parameters
- investigation_id
integer(required) Example: 1Investigation ID
- object_link_id
integer(required) Example: 2Object Link ID
Request
Headers
Content-Type: application/json
Authorization: Bearer <access_token>Body
{
"value": "This is a comment."
}Response
201Object was created successfully.
Headers
Content-Type: application/jsonBody
{
"data": {
"creator_source_id": 5,
"id": 69,
"value": "This is a comment.",
"sources": [
{
"id": 5,
"name": "Threat Quotient"
}
],
"created_at": "2017-03-02 14:12:32",
"updated_at": "2017-03-02 14:12:32"
}
}Response
400Validation failed.
Headers
Content-Type: application/jsonBody
{
"errors": [
"Undefined index: value"
]
}Response
401Access denied.
Investigation Attachment Comment ¶
Get SingleGET/investigations/{investigation_id}/attachments/{object_link_id}/comments/{object_link_comment_id}
Get a single Investigation Attachment link Comment.
Example URI
GET /investigations/1/attachments/2/comments/3
URI Parameters
- investigation_id
integer(required) Example: 1Investigation ID
- object_link_id
integer(required) Example: 2Object Link ID
- object_link_comment_id
integer(required) Example: 3Object Link Comment ID
Request
Headers
Authorization: Bearer <access_token>Response
200Object(s) retrieved successfully.
Body
{
"data": {
"id": 54,
"value": "This is a comment.",
"sources": [
{
"id": 5,
"name": "Threat Quotient"
}
],
"created_at": "2017-03-02 23:18:29",
"updated_at": "2017-03-02 23:18:29"
}
}Response
401Access denied.
Response
404Object not found.
UpdatePUT/investigations/{investigation_id}/attachments/{object_link_id}/comments/{object_link_comment_id}
Update an Investigation Attachment link Comment.
Example URI
PUT /investigations/1/attachments/2/comments/3
URI Parameters
- investigation_id
integer(required) Example: 1Investigation ID
- object_link_id
integer(required) Example: 2Object Link ID
- object_link_comment_id
integer(required) Example: 3Object Link Comment ID
Request
Headers
Content-Type: application/json
Authorization: Bearer <access_token>Body
{
"value": "This is an updated comment."
}Response
201Object was created successfully.
Headers
Content-Type: application/jsonBody
{
"data": {
"creator_source_id": 5,
"value": "This is an updated comment.",
"id": 67,
"sources": [
{
"id": 5,
"name": "Threat Quotient"
}
],
"created_at": "2017-02-28 20:18:50",
"updated_at": "2017-03-02 14:37:49"
}
}Response
400Validation failed.
Headers
Content-Type: application/jsonBody
{
"data": {
"creator_source_id": 5,
"errors": {
"value": [
"The value field is required."
]
}
}
}Response
401Access denied.
Response
404Object not found.
DeleteDELETE/investigations/{investigation_id}/attachments/{object_link_id}/comments/{object_link_comment_id}
Delete an Investigation Attachment link Comment.
Example URI
DELETE /investigations/1/attachments/2/comments/3
URI Parameters
- investigation_id
integer(required) Example: 1Investigation ID
- object_link_id
integer(required) Example: 2Object Link ID
- object_link_comment_id
integer(required) Example: 3Object Link Comment ID
Request
Headers
Authorization: Bearer <access_token>Response
204Object(s) were successfully deleted.
Response
401Access denied.
Response
404Object not found.
Investigation Attributes List ¶
Get ListGET/investigations/{investigation_id}/attributes{?limit,offset,sort,with}
Get a list of Investigation Attributes.
Example URI
GET /investigations/1/attributes?limit=500&offset=100&sort=id&with=attribute,sources
URI Parameters
- investigation_id
integer(required) Example: 1Investigation ID
- limit
integer(optional) Example: 500The maximum number of records to retrieve.
- offset
integer(optional) Example: 100Designate the record that will appear first in your retrieved list.
- sort
string(optional) Example: idDesignate the field(s) you want to use to sort the retrieved list. You can prepend each field with a minus sign (-) to reverse the sorting order. This string can be a list of comma-separated values.
- with
string(optional) Example: attribute,sourcesA comma-separated list of related objects to include in the response. Options for this endpoint: attribute, sources.
Request
Headers
Authorization: Bearer <access_token>Response
200Object(s) retrieved successfully.
Body
{
"total": 2,
"data": [
{
"id": 1,
"investigation_id": 1,
"attribute_id": 252,
"value": "Test Value",
"created_at": "2017-04-22 16:29:11",
"updated_at": "2017-04-22 16:29:11",
"name": "Test Attribute",
"attribute": {
"id": 252,
"name": "Test Attribute",
"created_at": "2017-04-22 16:29:11",
"updated_at": "2017-04-22 16:29:11"
}
},
{
"id": 2,
"investigation_id": 1,
"attribute_id": 253,
"value": "Another Test Value",
"created_at": "2017-04-22 16:29:28",
"updated_at": "2017-04-22 16:29:28",
"name": "Another Test Attribute",
"attribute": {
"id": 253,
"name": "Another Test Attribute",
"created_at": "2017-04-22 16:29:28",
"updated_at": "2017-04-22 16:29:28"
}
}
]
}Response
401Access denied.
Create NewPOST/investigations/{investigation_id}/attributes
Create a new Investigation Attribute.
Example URI
POST /investigations/1/attributes
URI Parameters
- investigation_id
integer(required) Example: 1Investigation ID
Request
Headers
Content-Type: application/json
Authorization: Bearer <access_token>Body
{
"name": "Port",
"value": "4000",
"sources": [
{
"name": "TQ User",
"tlp": {
"name": "RED"
},
"published_at": "2017-02-28 01:01:01"
}
]
}Response
201Object was created successfully.
Headers
Content-Type: application/jsonBody
{
"total": 1,
"data": [
{
"value": "Test Value",
"investigation_id": 1,
"id": 1,
"attribute_id": 252,
"created_at": "2017-04-22 16:29:11",
"updated_at": "2017-04-22 16:29:11",
"name": "Test Attribute",
"attribute": {
"id": 252,
"name": "Test Attribute",
"created_at": "2017-04-22 16:29:11",
"updated_at": "2017-04-22 16:29:11"
},
"sources": [
{
"id": 12,
"type": "other_sources",
"name": "Test Source",
"tlp_id": 1,
"created_at": "2017-04-22 16:29:11",
"updated_at": "2017-04-22 16:29:11",
"published_at": "2017-02-28 00:00:00",
"pivot": {
"investigation_attribute_id": 1,
"source_id": 12,
"id": 1,
"creator_source_id": 5
}
}
]
}
]
}Response
401Access denied.
Investigation Attribute ¶
Get SingleGET/investigations/{investigation_id}/attributes/{investigation_attribute_id}{?with}
Get a single Investigation Attribute.
Example URI
GET /investigations/1/attributes/2?with=attribute,sources
URI Parameters
- investigation_id
integer(required) Example: 1Investigation ID
- investigation_attribute_id
integer(required) Example: 2Investigation Attribute ID
- with
string(optional) Example: attribute,sourcesA comma-separated list of related objects to include in the response. Options for this endpoint: attribute, sources.
Request
Headers
Authorization: Bearer <access_token>Response
200Object(s) retrieved successfully.
Body
{
"data": {
"id": 1,
"investigation_id": 1,
"attribute_id": 252,
"value": "Test Value",
"created_at": "2017-04-22 16:29:11",
"updated_at": "2017-04-22 16:29:11",
"name": "Test Attribute",
"attribute": {
"id": 252,
"name": "Test Attribute",
"created_at": "2017-04-22 16:29:11",
"updated_at": "2017-04-22 16:29:11"
}
}
}Response
401Access denied.
Response
404Object not found.
UpdatePUT/investigations/{investigation_id}/attributes/{investigation_attribute_id}{?with}
Update an Investigation Attribute.
Example URI
PUT /investigations/1/attributes/2?with=attribute,sources
URI Parameters
- investigation_id
integer(required) Example: 1Investigation ID
- investigation_attribute_id
integer(required) Example: 2Investigation Attribute ID
- with
string(optional) Example: attribute,sourcesA comma-separated list of related objects to include in the response. Options for this endpoint: attribute, sources.
Request
Headers
Content-Type: application/json
Authorization: Bearer <access_token>Body
{
"value": "New Value",
"tlp": {
"name": "RED"
}
}Response
201Object was created successfully.
Headers
Content-Type: application/jsonBody
{
"data": {
"id": 1,
"investigation_id": 1,
"attribute_id": 252,
"value": "New Value",
"created_at": "2017-04-22 16:29:11",
"updated_at": "2017-04-22 16:36:27",
"name": "Test Attribute",
"attribute": {
"id": 252,
"name": "Test Attribute",
"created_at": "2017-04-22 16:29:11",
"updated_at": "2017-04-22 16:29:11"
}
}
}Response
400Validation failed.
Headers
Content-Type: application/jsonBody
{
"data": {
"investigation_id": "1",
"attribute_id": "1",
"errors": {
"value": [
"The value field is required."
]
},
"name": "Accessed Time",
"attribute": {
"id": 1,
"name": "Accessed Time",
"created_at": "2017-04-21 00:04:37",
"updated_at": "2017-03-31 00:03:37"
}
}
}Response
401Access denied.
Response
404Object not found.
DeleteDELETE/investigations/{investigation_id}/attributes/{investigation_attribute_id}
Delete an Investigation Attribute.
Example URI
DELETE /investigations/1/attributes/2
URI Parameters
- investigation_id
integer(required) Example: 1Investigation ID
- investigation_attribute_id
integer(required) Example: 2Investigation Attribute ID
Request
Headers
Authorization: Bearer <access_token>Response
204Object(s) were successfully deleted.
Response
401Access denied.
Response
404Object not found.
Investigation Attribute Source ¶
Investigation Attribute SourceDELETE/investigations/{investigation_id}/attributes/{investigation_attribute_id}/sources/{investigation_attribute_source_id}
Delete an Investigation Attribute Source.
Example URI
DELETE /investigations/1/attributes/2/sources/3
URI Parameters
- investigation_id
integer(required) Example: 1Investigation ID
- investigation_attribute_id
integer(required) Example: 2Investigation Attribute ID
- investigation_attribute_source_id
integer(required) Example: 3Investigation Attribute Source ID
Request
Headers
Authorization: Bearer <access_token>Response
204Object(s) were successfully deleted.
Response
401Access denied.
Response
404Object not found.
Investigation Comments List ¶
Get ListGET/investigations/{investigation_id}/comments{?limit,offset,sort,with}
Get a list of Investigation Comments.
Example URI
GET /investigations/1/comments?limit=500&offset=100&sort=id&with=investigation,sources
URI Parameters
- investigation_id
integer(required) Example: 1Investigation ID
- limit
integer(optional) Example: 500The maximum number of records to retrieve.
- offset
integer(optional) Example: 100Designate the record that will appear first in your retrieved list.
- sort
string(optional) Example: idDesignate the field(s) you want to use to sort the retrieved list. You can prepend each field with a minus sign (-) to reverse the sorting order. This string can be a list of comma-separated values.
- with
string(optional) Example: investigation,sourcesA comma-separated list of related objects to include in the response. Options for this endpoint: investigation, sources.
Request
Headers
Authorization: Bearer <access_token>Response
200Object(s) retrieved successfully.
Body
{
"total": 2,
"data": [
{
"id": 1,
"investigation_id": 1,
"value": "This is a comment.",
"creator_source_id": 5,
"created_at": "2017-04-23 17:38:32",
"updated_at": "2017-04-23 17:40:24"
},
{
"id": 2,
"investigation_id": 1,
"value": "This is another comment.",
"creator_source_id": 5,
"created_at": "2017-04-23 17:38:37",
"updated_at": "2017-04-23 17:38:37"
}
]
}Response
401Access denied.
Create NewPOST/investigations/{investigation_id}/comments
Create a new Investigation Comment.
Example URI
POST /investigations/1/comments
URI Parameters
- investigation_id
integer(required) Example: 1Investigation ID
Request
Headers
Content-Type: application/json
Authorization: Bearer <access_token>Body
{
"value": "This is a comment."
}Response
201Object was created successfully.
Headers
Content-Type: application/jsonBody
{
"data": {
"id": 1,
"investigation_id": 1,
"value": "This is a comment.",
"creator_source_id": 5,
"created_at": "2017-04-23 17:38:32",
"updated_at": "2017-04-23 17:38:32",
"sources": [
{
"id": 5,
"type": "users",
"name": "Threat Quotient",
"expire_days": null,
"score": null,
"created_at": "2017-04-22 00:09:37",
"updated_at": "2017-04-22 00:09:37",
"pivot": {
"id": 1,
"creator_source_id": 5
}
}
]
}
}Response
400Validation failed.
Headers
Content-Type: application/jsonBody
{
"data": {
"creator_source_id": 5,
"investigation_id": "1",
"errors": {
"value": [
"The value field is required."
]
}
}
}Response
401Access denied.
Investigation Comment ¶
UpdatePUT/investigations/{investigation_id}/comments/{investigation_comment_id}{?with}
Update an Investigation Comment.
Example URI
PUT /investigations/1/comments/2?with=investigation,sources
URI Parameters
- investigation_id
integer(required) Example: 1Investigation ID
- investigation_comment_id
integer(required) Example: 2Investigation Comment ID
- with
string(optional) Example: investigation,sourcesA comma-separated list of related objects to include in the response. Options for this endpoint: investigation, sources.
Request
Headers
Content-Type: application/json
Authorization: Bearer <access_token>Body
{
"value": "This is an updated comment."
}Response
201Object was created successfully.
Headers
Content-Type: application/jsonBody
{
"data": {
"id": 1,
"investigation_id": 1,
"value": "This is an updated comment.",
"creator_source_id": 5,
"created_at": "2017-04-23 17:38:32",
"updated_at": "2017-04-23 17:40:24",
"sources": [
{
"id": 5,
"type": "users",
"name": "Threat Quotient",
"expire_days": null,
"score": null,
"created_at": "2017-04-22 00:09:37",
"updated_at": "2017-04-22 00:09:37",
"pivot": {
"id": 1,
"creator_source_id": 5
}
}
]
}
}Response
400Validation failed.
Headers
Content-Type: application/jsonBody
{
"errors": [
"The current authenticated owner is not the owner of this comment."
]
}Response
401Access denied.
Response
404Object not found.
DeleteDELETE/investigations/{investigation_id}/comments/{investigation_comment_id}
Delete an Investigation Comment.
Example URI
DELETE /investigations/1/comments/2
URI Parameters
- investigation_id
integer(required) Example: 1Investigation ID
- investigation_comment_id
integer(required) Example: 2Investigation Comment ID
Request
Headers
Authorization: Bearer <access_token>Response
204Object(s) were successfully deleted.
Response
401Access denied.
Response
404Object not found.
Investigation Comment Short ¶
Get SingleGET/investigations/comments/{investigation_comment_id}{?with}
Get a single Investigation Comment.
Example URI
GET /investigations/comments/2?with=investigation,sources
URI Parameters
- investigation_comment_id
integer(required) Example: 2Investigation Comment ID
- with
string(optional) Example: investigation,sourcesA comma-separated list of related objects to include in the response. Options for this endpoint: investigation, sources.
Request
Headers
Authorization: Bearer <access_token>Response
200Object(s) retrieved successfully.
Body
{
"data": {
"id": 54,
"value": "This is a comment.",
"sources": [
{
"id": 5,
"name": "Threat Quotient"
}
],
"created_at": "2017-03-02 23:18:29",
"updated_at": "2017-03-02 23:18:29"
}
}Response
401Access denied.
Response
404Object not found.
UpdatePUT/investigations/comments/{investigation_comment_id}{?with}
Update an Investigation Comment.
Example URI
PUT /investigations/comments/2?with=investigation,sources
URI Parameters
- investigation_comment_id
integer(required) Example: 2Investigation Comment ID
- with
string(optional) Example: investigation,sourcesA comma-separated list of related objects to include in the response. Options for this endpoint: investigation, sources.
Request
Headers
Content-Type: application/json
Authorization: Bearer <access_token>Body
{
"value": "This is an updated comment."
}Response
201Object was created successfully.
Headers
Content-Type: application/jsonBody
{
"data": {
"id": 1,
"investigation_id": 1,
"value": "This is an updated comment.",
"creator_source_id": 5,
"created_at": "2017-04-23 17:38:32",
"updated_at": "2017-04-23 17:40:24",
"sources": [
{
"id": 5,
"type": "users",
"
Import Indicator Comment List ¶
/imports/{import_id}/indicators/{import_indicator_id}/comments{?limit,offset,sort}Get a list of Import Indicator Comments.
Example URI
integer(required) Example: 1Import ID
integer(required) Example: 2Import Indicator ID
integer(optional) Example: 500The maximum number of records to retrieve.
integer(optional) Example: 100Designate the record that will appear first in your retrieved list.
string(optional) Example: idDesignate the field(s) you want to use to sort the retrieved list. You can prepend each field with a minus sign (-) to reverse the sorting order. This string can be a list of comma-separated values.
Headers
Authorization: Bearer <access_token>200Object(s) retrieved successfully.
Body
{ "total": 2, "data": [ { "id": 1, "import_indicator_id": 178, "value": "This is a comment." }, { "id": 2, "import_indicator_id": 178, "value": "This is another comment." } ] }401Access denied.
/imports/{import_id}/indicators/{import_indicator_id}/commentsCreate a new Import Indicator Comment.
Example URI
integer(required) Example: 1Import ID
integer(required) Example: 2Import Indicator ID
Headers
Content-Type: application/jsonAuthorization: Bearer <access_token>
Body
{ "value": "This is a comment." }200Object(s) retrieved successfully.
Body
{ "data": { "value": "This is a comment.", "import_indicator_id": 178, "id": 1 } }400Validation failed.
Headers
Content-Type: application/jsonBody
{ "data": { "errors": { "value": [ "The value field is required." ] } } }401Access denied.