IntelReference¶

Contents

IntelReference
- Summary
- Create
- Read Single
- Read Multiple
- Read Indicators
- Update
- Delete

Summary¶

Resource	Operation	Description
Indicator	GET /api/intel/reference/(int:intel_reference_id)/indicators	Gets a paginated list of the indicators associated with the intel reference.
IntelReference	POST /api/intel/reference	Creates a new intel reference.
	GET /api/intel/reference/(int:intel_reference_id)	Gets a single intel reference given its ID.
	GET /api/intel/reference	Gets a paginated list of all the intel references.
	PUT /api/intel/reference/(int:intel_reference_id)	Updates an existing intel reference.
	DELETE /api/intel/reference/(int:intel_reference_id)	Deletes an intel reference.

Create¶

JSON Schema

Required parameters are in bold.

NOTE: While only reference and source are listed as required parameters, there is a requirement not listed in the schema. You must either supply the username parameter OR your API key in the Authorization header. This is what is used to link the intel reference to the user who created it.

type	object
properties
reference	type	string
	maxLength	512
	minLength	1
source	type	string
	maxLength	255
	minLength	1
username	type	string
	maxLength	255
	minLength	1
additionalProperties	False

POST /api/intel/reference¶

Creates a new intel reference.

Example request:

POST /intel/reference HTTP/1.1
Host: 127.0.0.1
Content-Type: application/json

{
  "reference": "http://yourwiki.com/page-for-the-event",
  "source": "Your company",
  "username": "your_SIP_username"
}

Example response:

HTTP/1.1 201 Created
Content-Type: application/json

{
  "id": 1,
  "reference": "http://yourwiki.com/page-for-the-event",
  "source": "Your company",
  "username": "your_SIP_username"
}

Request Headers

Authorization – Optional Apikey value

Response Headers

Content-Type – application/json

Status Codes

201 Created – Intel reference created
400 Bad Request – JSON does not match the schema
401 Unauthorized – Invalid role to perform this action
401 Unauthorized – Username is inactive
401 Unauthorized – You must supply either username or API key
404 Not Found – Source not found
404 Not Found – User not found by API key
404 Not Found – Username not found
409 Conflict – Intel reference already exists

Read Single¶

GET /api/intel/reference/(int: intel_reference_id)¶

Gets a single intel reference given its ID.

Example request:

GET /intel/reference/1 HTTP/1.1
Host: 127.0.0.1
Accept: application/json

Example response:

HTTP/1.1 200 OK
Content-Type: application/json

{
  "id": 1,
  "reference": "http://yourwiki.com/page-for-the-event",
  "source": "Your company",
  "username": "your_SIP_username"
}

Request Headers

Authorization – Optional Apikey value

Response Headers

Content-Type – application/json

Status Codes

200 OK – Intel source found
401 Unauthorized – Invalid role to perform this action
404 Not Found – Intel source ID not found

Read Multiple¶

GET /api/intel/reference¶

Gets a paginated list of all the intel references.

Example request:

GET /intel/reference HTTP/1.1
Host: 127.0.0.1
Accept: application/json

Example response:

HTTP/1.1 200 OK
Content-Type: application/json

{
  "_links": {
    "next": null,
    "prev": null,
    "self": "/api/intel/reference?page=1&per_page=10"
  },
  "_meta": {
    "page": 1,
    "per_page": 10,
    "total_items": 3,
    "total_pages": 1
  },
  "items": [
    {
      "id": 1,
      "reference": "http://yourwiki.com/page-for-the-event",
      "source": "Your company",
      "user": "your_SIP_username"
    },
    {
      "id": 2,
      "reference": "http://yourwiki.com/event2",
      "source": "Your company",
      "user": "your_SIP_username"
    },
    {
      "id": 3,
      "reference": "http://somehelpfulblog.com/malware-analysis",
      "source": "OSINT",
      "user": "your_SIP_username"
    }
  ]
}

Request Headers

Authorization – Optional Apikey value

Response Headers

Content-Type – application/json

Status Codes

200 OK – Intel references found
401 Unauthorized – Invalid role to perform this action

Read Indicators¶

GET /api/intel/reference/(int: intel_reference_id)/indicators¶

Gets a paginated list of the indicators associated with the intel reference.

Example request:

GET /intel/reference/1/indicators HTTP/1.1
Host: 127.0.0.1
Accept: application/json

Example response:

HTTP/1.1 200 OK
Content-Type: application/json

{
  "_links": {
    "next": null,
    "prev": null,
    "self": "/api/intel/reference/1/indicators?page=1&per_page=10"
  },
  "_meta": {
    "page": 1,
    "per_page": 10,
    "total_items": 1,
    "total_pages": 1
  },
  "items": [
    {
      "all_children": [],
      "all_equal": [],
      "campaigns": [
        {
          "aliases": [],
          "created_time": "Thu, 28 Feb 2019 17:10:44 GMT",
          "id": 1,
          "modified_time": "Thu, 28 Feb 2019 17:10:44 GMT",
          "name": "LOLcats"
        },
        {
          "aliases": [],
          "created_time": "Fri, 01 Mar 2019 17:58:45 GMT",
          "id": 2,
          "modified_time": "Fri, 01 Mar 2019 17:58:45 GMT",
          "name": "Derpsters"
        }
      ],
      "case_sensitive": false,
      "children": [],
      "confidence": "LOW",
      "created_time": "Fri, 01 Mar 2019 18:00:51 GMT",
      "equal": [],
      "id": 2,
      "impact": "LOW",
      "modified_time": "Fri, 01 Mar 2019 18:00:51 GMT",
      "parent": null,
      "references": [
        {
          "id": 1,
          "reference": "http://yourwiki.com/page-for-the-event",
          "source": "Your company",
          "user": "your_SIP_username"
        },
        {
          "id": 3,
          "reference": "http://somehelpfulblog.com/malware-analysis",
          "source": "OSINT",
          "user": "your_SIP_username"
        }
      ],
      "status": "NEW",
      "substring": false,
      "tags": ["from_address", "phish"],
      "type": "Email - Address",
      "user": "your_SIP_username",
      "value": "badguy@evil.com"
    }
  ]
}

Request Headers

Authorization – Optional Apikey value

Response Headers

Content-Type – application/json

Status Codes

200 OK – Indicators found
401 Unauthorized – Invalid role to perform this action

Update¶

JSON Schema

Required parameters are in bold.

type	object
properties
reference	type	string
	maxLength	512
	minLength	1
source	type	string
	maxLength	255
	minLength	1
username	type	string
	maxLength	255
	minLength	1
additionalProperties	False

PUT /api/intel/reference/(int: intel_reference_id)¶

Updates an existing intel reference.

Example request:

PUT /intel/source/1 HTTP/1.1
Host: 127.0.0.1
Content-Type: application/json

{
  "reference": "d41d8cd98f00b204e9800998ecf8427e"
}

Example response:

HTTP/1.1 200 OK
Content-Type: application/json

{
  "id": 1,
  "reference": "d41d8cd98f00b204e9800998ecf8427e",
  "source": "Your company",
  "username": "your_SIP_username"
}

Request Headers

Authorization – Optional Apikey value

Response Headers

Content-Type – application/json

Status Codes

200 OK – Intel reference updated
400 Bad Request – JSON does not match the schema
401 Unauthorized – Invalid role to perform this action
401 Unauthorized – Username is inactive
404 Not Found – Intel reference ID not found
404 Not Found – Intel source not found
404 Not Found – Username not found
409 Conflict – Intel reference already exists

Delete¶

DELETE /api/intel/reference/(int: intel_reference_id)¶

Deletes an intel reference.

Example request:

DELETE /intel/reference/1 HTTP/1.1
Host: 127.0.0.1

Example response:

HTTP/1.1 204 No Content

Request Headers

Authorization – Optional Apikey value

Status Codes

204 No Content – Intel reference deleted
401 Unauthorized – Invalid role to perform this action
404 Not Found – Intel reference ID not found
409 Conflict – Unable to delete intel reference due to foreign key constraints

IntelReference¶

Summary¶

Create¶

Read Single¶

Read Multiple¶

Read Indicators¶

Update¶

Delete¶

SIP

Navigation

Related Topics