Whitelist Indicator

POST /1.3/whitelist

Description

Whitelist a list of indicator values for the user’s company.

Parameters

The request should include a JSON body that is an array of indicator values. The indicator type of these values will be determined by our system.

Response (200)

A list of Indicator objects, each representing an indicator that was whitelisted. The indicators are not guaranteed to be in the same order as those that were submitted.

Warning

Only IOCs that are both confirmed IOCs by TruSTAR IOC-identification (“extraction”) engine and added to the company whitelist will be returned in the endpoint response. If an IOC is submitted but not received in the response then code should assume that the IOC was not successfully added to the whitelist and have a plan for handling that case appropriately.

Example Usage

Request

curl -k -H "Content-Type: application/json" -X POST -d \
     '["evil.com", "101.43.52.224"]' -H "Authorization: Bearer {access_token}" \
     "https://api.trustar.co/api/1.3/whitelist"

Response

[
    {
        "indicatorType": "URL",
        "value": "evil.com"
    },
    {
        "indicatorType": "IP",
        "value": "101.43.52.224"
    }
]