Get Report Details

GET /1.2/report/{id}?idType={id_type}

Description

Return the raw report data, extracted indicators, correlation count for a TruSTAR report given its internal report id or external tracking id.

Parameters

Parameter Required Description
id X TruSTAR report id or external tracking id
idType   internal or external (defaults to internal when not provided)

Responses

200 (OK)

The raw report data, and extracted indicators in JSON format.

{
    "id": <report_id>,
    "created": <time when report was created (epoch milliseconds)>,
    "updated": <time when report was last updated (epoch milliseconds)>,
    "title": <title of the report>,
    "sector": {
        "name": <name of the sector>,
        "label": <label of sector>
    },
    "distributionType": <distribution type>,
    "enclaves": [
        {
            "id": <enclave id>,
            "name": <enclave name>
        }
    ],
    "reportBody": <content of the report submitted>,
    "correlationCount": <number of reports that correlate with this report>,
    "indicators": [
        {
            "indicatorType": <indicator type>,
            "value": <indicator value>
        }
    ]
}

400 (Bad Request)

{
    "timestamp": <milliseconds since epoc>,
    "status": 400,
    "error": "Bad Request",
    "message": <error detail (e.g. id parameter is not provided)>
}

Example Usage

Request

curl -k -X GET -H "Authorization: Bearer {access_token}" "https://api.trustar.co/api/1.2/report/1234?idType=external"

Response

{
    "id": "b11d4516-9935-4be7-9d6a-4940b564d32e",
    "externalId": "1234",
    "created": 1501175290467,
    "updated": 1501175290467,
    "title": "Test",
    "sector": {
        "name": "health",
        "label": "Health"
    },
    "distributionType": "ENCLAVE",
    "enclaves": [
        {
            "id": "08b2a4cd-1c38-4be1-b641-8e5b607e2075",
            "name": "Enclave A"
        },
        {
            "id": "50f6024f-927f-467a-8e61-c443c5a544c3",
            "name": "Enclave B"
        }
    ],
    "timeBegan": 1501175280256,
    "reportBody": "google.com malware.exe 103.255.61.39",
    "correlationCount": 258,
    "indicators": [
        {
            "indicatorType": "SOFTWARE",
            "value": "malware.exe"
        },
        {
            "indicatorType": "IP",
            "value": "103.255.61.39"
        }
    ],
    "indicatorsCount": 2
}