Get Reports

GET /1.2/reports?from={from_time}&to={to_time}&distributionType={distribution_type}&enclaveIds={enclave_id1,enclave_id2,...}&submittedBy={submitted_by}&tag={tag_name}

Description

Returns incident reports matching the specified filters. All parameters are optional: if nothing is specified, the latest 25 reports accessible by the user will be returned (therefore matching the view the user would have by logging into Station).

Parameters

Parameter Required Description
from   start of time window (Unix timestamp - seconds since epoch)
to   end of time window (Unix timestamp - seconds since epoch)
distributionType   filters by distribution type: COMMUNITY or ENCLAVE, otherwise should be left blank
enclaveIds   comma separated list of enclave ids, when requesting enclave reports
submittedBy   filters by ownership: ME or OTHERS, otherwise should be left blank
tag   the name of a tag to filter by (Note: the tag cannot exist in more than one of the requested enclaves)

Responses

200 (OK)

{
    "status": status of the query,
    "pageSize": amount of records returned per page,
    "totalPages": how many pages are returned by this query,
    "pageNumber": current page number,
    "moreResults": if more results are available,
    "totalElements": count of elements returned by this query,
    "data": {
        "reports" : [
            {
                "id": report_id,
                "created": time when report was created,
                "updated": time when report was updated,
                "title": title of the report,
                "timeBegan": time when the incident began,
                "reportBody": content of the report submitted to TruSTAR,
                "sector": {
                    "name": name of sector,
                    "label": label of sector,
                },
                "distributionType": "COMMUNITY" or "ENCLAVE",
                "indicators": [
                    {
                        "indicatorType": "IP", "URL", etc,
                        "value": indicator value,
                    }
                ]
            }
        ]
    }
}

A JSON object with standard metadata and a data field with an array of matching incident reports. Each incident report includes the following fields: id, created, updated, title, sector, distributionType, enclaves, reportBody, and indicators. The reports are sorted based on updated time. Also the from and to timestamps, if provided, filter reports based on their updated times, not their created times.

Please note that the field correlationCount is not provided in this case. To obtain it, you must issue a single call for the specific report

400 (Bad Request)

{
    "timestamp": milliseconds since epoc,
    "status": 400,
    "error": "Bad Request",
    "message": error detail (e.g. from epoch value is higher than to; invalid param value, etc)
}

Example Usage

Request

curl -k -H "Authorization: Bearer {access_token}" "https://api.trustar.co/api/1.2/reports?from=1500142249&to=1500401449"

Response

{
    "status": "Success",
    "pageSize": 25,
    "totalPages": 1,
    "pageNumber": 0,
    "moreResults": false,
    "totalElements": 5,
    "data": {
        "reports": [
            {
                "id": "5207f5f9-047f-4192-994d-e876c120ff78",
                "created": 1500574637966,
                "updated": 1500574637966,
                "title": "Malware sample",
                "sector": {
                    "label": "Education",
                    "name": "education"
                },
                "timeBegan": 1485941025000,
                "reportBody": "Malware traffic detected on 103.255.61.39",
                "enclaves": [
                    {
                        "id": "e630ceb0-9f4d-4b0c-8ee4-d2942251f897",
                        "name": "SOMA"
                    }
                ],
                "distributionType": "ENCLAVE",
                "indicators": [
                    {
                        "indicatorType": "IP",
                        "value": "103.255.61.39"
                    }
                ],
                "indicatorsCount": 1
            }
        ]
    }
}