Update Report¶
PUT /1.2/report/{id}?idType={id_type}
Description¶
Updates a report as specified by given id (id can be TruSTAR report id or external tracking id) and only update fields provided in request body.
Parameters¶
Body must be well formed JSON with the following fields:
Parameter | Required | Description |
---|---|---|
id | X | TruSTAR report id or external tracking id |
idType | internal or external (defaults to internal when not provided) |
|
incidentReport.title | X | Title of the report |
incidentReport.reportBody | X | Text content of report |
incidentReport.timeBegan | ISO-8601 formatted incident time with timezone, e.g. 2016-09-22T11:38:35+00:00 |
|
incidentReport.distributionType | X | COMMUNITY or ENCLAVE |
enclaveIds | Array of TruSTAR-generated enclave ids (available on Station on same page as API KEY and API SECRET). Use the enclave id, NOT the enclave name. |
Responses¶
200 (OK)¶
The raw report data, extracted indicators and other metadata in JSON format.
{
"reportId": <report_id>,
"externalTrackingId": <external_id>,
"reportIndicators": {
"IP": ["val1", ...],
"URL": ["val1", ...],
"MD5": ["val1", ...],
"SHA1": ["val1", ...],
"SHA256": ["val1", ...],
"SOFTWARE": ["val1", ...],
"CVE": ["val1", ...],
"EMAIL_ADDRESS": ["val1", ...],
"MALWARE": ["val1", ...],
"REGISTRY_KEY": ["val1", ...],
},
}
400 (Bad Request)¶
{
"timestamp": <milliseconds since epoc>,
"status": 400,
"error": "Bad Request",
"message": <error detail (e.g. invalid distribution type)>
}
or
{
"timestamp": <milliseconds since epoc>,
"status": 400,
"error": "Forbidden",
"message": <error detail (e.g. user does not have update permissions)>
}
403 (Forbidden)¶
{
"timestamp": <milliseconds since epoc>,
"status": 403,
"error": "Forbidden",
"message": <error detail (e.g. user cannot submit enclave reports)>
}
Example Usage¶
Request¶
curl -k -H "Content-Type: application/json" -X PUT -d '{"incidentReport":{"title":"new title", "externalTrackingId": newId1234, "reportBody":"This is a test report body with some indicators: 1.2.3.4, 5.6.7.8, evil.exe, api.evildomain.com, hash d2dd1bcdd6d6cfac59ba9638d2cd886c "}}' -H "Authorization: Bearer {access_token}" "https://api.trustar.co/api/1.2/report"
Response¶
{
"reportId": "1a23bc4d-5e6f-7890-g123-h456789i0jb",
"externalTrackingId": "newId1234",
"reportIndicators": {
"IP": [
"1.2.3.4",
"5.6.7.8"
],
"URL": [
"api.evildomain.com"
],
"MD5": [
"d2dd1bcdd6d6cfac59ba9638d2cd886c"
]
}
}