Update Report¶

PUT /1.2/report/{id}?idType={id_type}

Description¶

Updates a report as specified by given id (id can be TruSTAR report id or external tracking id) and only update fields provided in request body.

Parameters¶

Body must be well formed JSON with the following fields:

Parameter	Required	Description
id	X	TruSTAR report id or external tracking id
idType		`internal` or `external` (defaults to `internal` when not provided)
incidentReport.title	X	Title of the report
incidentReport.reportBody	X	Text content of report
incidentReport.timeBegan		ISO-8601 formatted incident time with timezone, e.g. `2016-09-22T11:38:35+00:00`
incidentReport.distributionType	X	`COMMUNITY` or `ENCLAVE`
enclaveIds		Array of TruSTAR-generated enclave ids (available on Station on same page as API KEY and API SECRET). Use the enclave id, NOT the enclave name.

Responses¶

200 (OK)¶

The raw report data, extracted indicators and other metadata in JSON format.

{
    "reportId": <report_id>,
    "externalTrackingId": <external_id>,
    "reportIndicators": {
        "IP": ["val1", ...],
        "URL": ["val1", ...],
        "MD5": ["val1", ...],
        "SHA1": ["val1", ...],
        "SHA256": ["val1", ...],
        "SOFTWARE": ["val1", ...],
        "CVE": ["val1", ...],
        "EMAIL_ADDRESS": ["val1", ...],
        "MALWARE": ["val1", ...],
        "REGISTRY_KEY": ["val1", ...],
    },
}

400 (Bad Request)¶

{
    "timestamp": <milliseconds since epoc>,
    "status": 400,
    "error": "Bad Request",
    "message": <error detail (e.g. invalid distribution type)>
}

or

{
    "timestamp": <milliseconds since epoc>,
    "status": 400,
    "error": "Forbidden",
    "message": <error detail (e.g. user does not have update permissions)>
}

403 (Forbidden)¶

{
    "timestamp": <milliseconds since epoc>,
    "status": 403,
    "error": "Forbidden",
    "message": <error detail (e.g. user cannot submit enclave reports)>
}

Example Usage¶

Request¶

curl -k -H "Content-Type: application/json" -X PUT -d '{"incidentReport":{"title":"new title", "externalTrackingId": newId1234, "reportBody":"This is a test report body with some indicators: 1.2.3.4, 5.6.7.8, evil.exe, api.evildomain.com, hash d2dd1bcdd6d6cfac59ba9638d2cd886c "}}' -H "Authorization: Bearer {access_token}" "https://api.trustar.co/api/1.2/report"

Response¶

{
    "reportId": "1a23bc4d-5e6f-7890-g123-h456789i0jb",
    "externalTrackingId": "newId1234",
    "reportIndicators": {
        "IP": [
            "1.2.3.4",
            "5.6.7.8"
        ],
        "URL": [
            "api.evildomain.com"
        ],
        "MD5": [
            "d2dd1bcdd6d6cfac59ba9638d2cd886c"
        ]
    }
}