IntelReference¶
Summary¶
Resource |
Operation |
Description |
---|---|---|
Indicator |
GET /api/intel/reference/(int:intel_reference_id)/indicators |
Gets a paginated list of the indicators associated with the intel reference. |
IntelReference |
Creates a new intel reference. |
|
Gets a single intel reference given its ID. |
||
Gets a paginated list of all the intel references. |
||
Updates an existing intel reference. |
||
Deletes an intel reference. |
Create¶
JSON Schema
Required parameters are in bold.
NOTE: While only reference and source are listed as required parameters, there is a requirement not listed in the schema. You must either supply the username parameter OR your API key in the Authorization header. This is what is used to link the intel reference to the user who created it.
type |
object |
|
properties |
||
|
type |
string |
maxLength |
512 |
|
minLength |
1 |
|
|
type |
string |
maxLength |
255 |
|
minLength |
1 |
|
|
type |
string |
maxLength |
255 |
|
minLength |
1 |
|
additionalProperties |
False |
-
POST
/api/intel/reference
¶ Creates a new intel reference.
Example request:
POST /intel/reference HTTP/1.1 Host: 127.0.0.1 Content-Type: application/json { "reference": "http://yourwiki.com/page-for-the-event", "source": "Your company", "username": "your_SIP_username" }
Example response:
HTTP/1.1 201 Created Content-Type: application/json { "id": 1, "reference": "http://yourwiki.com/page-for-the-event", "source": "Your company", "username": "your_SIP_username" }
- Request Headers
Authorization – Optional Apikey value
- Response Headers
Content-Type – application/json
- Status Codes
201 Created – Intel reference created
400 Bad Request – JSON does not match the schema
401 Unauthorized – Invalid role to perform this action
401 Unauthorized – Username is inactive
401 Unauthorized – You must supply either username or API key
404 Not Found – Source not found
404 Not Found – User not found by API key
404 Not Found – Username not found
409 Conflict – Intel reference already exists
Read Single¶
-
GET
/api/intel/reference/
(int: intel_reference_id)¶ Gets a single intel reference given its ID.
Example request:
GET /intel/reference/1 HTTP/1.1 Host: 127.0.0.1 Accept: application/json
Example response:
HTTP/1.1 200 OK Content-Type: application/json { "id": 1, "reference": "http://yourwiki.com/page-for-the-event", "source": "Your company", "username": "your_SIP_username" }
- Request Headers
Authorization – Optional Apikey value
- Response Headers
Content-Type – application/json
- Status Codes
200 OK – Intel source found
401 Unauthorized – Invalid role to perform this action
404 Not Found – Intel source ID not found
Read Multiple¶
-
GET
/api/intel/reference
¶ Gets a paginated list of all the intel references.
Example request:
GET /intel/reference HTTP/1.1 Host: 127.0.0.1 Accept: application/json
Example response:
HTTP/1.1 200 OK Content-Type: application/json { "_links": { "next": null, "prev": null, "self": "/api/intel/reference?page=1&per_page=10" }, "_meta": { "page": 1, "per_page": 10, "total_items": 3, "total_pages": 1 }, "items": [ { "id": 1, "reference": "http://yourwiki.com/page-for-the-event", "source": "Your company", "user": "your_SIP_username" }, { "id": 2, "reference": "http://yourwiki.com/event2", "source": "Your company", "user": "your_SIP_username" }, { "id": 3, "reference": "http://somehelpfulblog.com/malware-analysis", "source": "OSINT", "user": "your_SIP_username" } ] }
- Request Headers
Authorization – Optional Apikey value
- Response Headers
Content-Type – application/json
- Status Codes
200 OK – Intel references found
401 Unauthorized – Invalid role to perform this action
Read Indicators¶
-
GET
/api/intel/reference/
(int: intel_reference_id)/indicators
¶ Gets a paginated list of the indicators associated with the intel reference.
Example request:
GET /intel/reference/1/indicators HTTP/1.1 Host: 127.0.0.1 Accept: application/json
Example response:
HTTP/1.1 200 OK Content-Type: application/json { "_links": { "next": null, "prev": null, "self": "/api/intel/reference/1/indicators?page=1&per_page=10" }, "_meta": { "page": 1, "per_page": 10, "total_items": 1, "total_pages": 1 }, "items": [ { "all_children": [], "all_equal": [], "campaigns": [ { "aliases": [], "created_time": "Thu, 28 Feb 2019 17:10:44 GMT", "id": 1, "modified_time": "Thu, 28 Feb 2019 17:10:44 GMT", "name": "LOLcats" }, { "aliases": [], "created_time": "Fri, 01 Mar 2019 17:58:45 GMT", "id": 2, "modified_time": "Fri, 01 Mar 2019 17:58:45 GMT", "name": "Derpsters" } ], "case_sensitive": false, "children": [], "confidence": "LOW", "created_time": "Fri, 01 Mar 2019 18:00:51 GMT", "equal": [], "id": 2, "impact": "LOW", "modified_time": "Fri, 01 Mar 2019 18:00:51 GMT", "parent": null, "references": [ { "id": 1, "reference": "http://yourwiki.com/page-for-the-event", "source": "Your company", "user": "your_SIP_username" }, { "id": 3, "reference": "http://somehelpfulblog.com/malware-analysis", "source": "OSINT", "user": "your_SIP_username" } ], "status": "NEW", "substring": false, "tags": ["from_address", "phish"], "type": "Email - Address", "user": "your_SIP_username", "value": "badguy@evil.com" } ] }
- Request Headers
Authorization – Optional Apikey value
- Response Headers
Content-Type – application/json
- Status Codes
200 OK – Indicators found
401 Unauthorized – Invalid role to perform this action
Update¶
JSON Schema
Required parameters are in bold.
type |
object |
|
properties |
||
|
type |
string |
maxLength |
512 |
|
minLength |
1 |
|
|
type |
string |
maxLength |
255 |
|
minLength |
1 |
|
|
type |
string |
maxLength |
255 |
|
minLength |
1 |
|
additionalProperties |
False |
-
PUT
/api/intel/reference/
(int: intel_reference_id)¶ Updates an existing intel reference.
Example request:
PUT /intel/source/1 HTTP/1.1 Host: 127.0.0.1 Content-Type: application/json { "reference": "d41d8cd98f00b204e9800998ecf8427e" }
Example response:
HTTP/1.1 200 OK Content-Type: application/json { "id": 1, "reference": "d41d8cd98f00b204e9800998ecf8427e", "source": "Your company", "username": "your_SIP_username" }
- Request Headers
Authorization – Optional Apikey value
- Response Headers
Content-Type – application/json
- Status Codes
200 OK – Intel reference updated
400 Bad Request – JSON does not match the schema
401 Unauthorized – Invalid role to perform this action
401 Unauthorized – Username is inactive
404 Not Found – Intel reference ID not found
404 Not Found – Intel source not found
404 Not Found – Username not found
409 Conflict – Intel reference already exists
Delete¶
-
DELETE
/api/intel/reference/
(int: intel_reference_id)¶ Deletes an intel reference.
Example request:
DELETE /intel/reference/1 HTTP/1.1 Host: 127.0.0.1
Example response:
HTTP/1.1 204 No Content
- Request Headers
Authorization – Optional Apikey value
- Status Codes
204 No Content – Intel reference deleted
401 Unauthorized – Invalid role to perform this action
404 Not Found – Intel reference ID not found
409 Conflict – Unable to delete intel reference due to foreign key constraints