Whitelist Indicator¶
POST /1.3/whitelist
Description¶
Whitelist a list of indicator values for the user’s company.
Parameters¶
The request should include a JSON body that is an array of indicator values. The indicator type of these values will be determined by our system.
Response (200)¶
A list of Indicator objects, each representing an indicator that was whitelisted. The indicators are not guaranteed to be in the same order as those that were submitted.
Warning
Only IOCs that are both confirmed IOCs by TruSTAR IOC-identification (“extraction”) engine and added to the company whitelist will be returned in the endpoint response. If an IOC is submitted but not received in the response then code should assume that the IOC was not successfully added to the whitelist and have a plan for handling that case appropriately.
Example Usage¶
Request¶
curl -k -H "Content-Type: application/json" -X POST -d \
'["evil.com", "101.43.52.224"]' -H "Authorization: Bearer {access_token}" \
"https://api.trustar.co/api/1.3/whitelist"
Response¶
[
{
"indicatorType": "URL",
"value": "evil.com"
},
{
"indicatorType": "IP",
"value": "101.43.52.224"
}
]