Get Report Details¶
GET /1.2/report/{id}?idType={id_type}
Description¶
Return the raw report data, extracted indicators, correlation count for a TruSTAR report given its internal report id or external tracking id.
Parameters¶
| Parameter | Required | Description |
|---|---|---|
| id | X | TruSTAR report id or external tracking id |
| idType | internal or external (defaults to internal when not provided) |
Responses¶
200 (OK)¶
The raw report data, and extracted indicators in JSON format.
{
"id": <report_id>,
"created": <time when report was created (epoch milliseconds)>,
"updated": <time when report was last updated (epoch milliseconds)>,
"title": <title of the report>,
"sector": {
"name": <name of the sector>,
"label": <label of sector>
},
"distributionType": <distribution type>,
"enclaves": [
{
"id": <enclave id>,
"name": <enclave name>
}
],
"reportBody": <content of the report submitted>,
"correlationCount": <number of reports that correlate with this report>,
"indicators": [
{
"indicatorType": <indicator type>,
"value": <indicator value>
}
]
}
400 (Bad Request)¶
{
"timestamp": <milliseconds since epoc>,
"status": 400,
"error": "Bad Request",
"message": <error detail (e.g. id parameter is not provided)>
}
Example Usage¶
Request¶
curl -k -X GET -H "Authorization: Bearer {access_token}" "https://api.trustar.co/api/1.2/report/1234?idType=external"
Response¶
{
"id": "b11d4516-9935-4be7-9d6a-4940b564d32e",
"externalId": "1234",
"created": 1501175290467,
"updated": 1501175290467,
"title": "Test",
"sector": {
"name": "health",
"label": "Health"
},
"distributionType": "ENCLAVE",
"enclaves": [
{
"id": "08b2a4cd-1c38-4be1-b641-8e5b607e2075",
"name": "Enclave A"
},
{
"id": "50f6024f-927f-467a-8e61-c443c5a544c3",
"name": "Enclave B"
}
],
"timeBegan": 1501175280256,
"reportBody": "google.com malware.exe 103.255.61.39",
"correlationCount": 258,
"indicators": [
{
"indicatorType": "SOFTWARE",
"value": "malware.exe"
},
{
"indicatorType": "IP",
"value": "103.255.61.39"
}
],
"indicatorsCount": 2
}