Get Indicator Metadata¶
POST /1.3/indicators/metadata
Warning
This endpoint has replaced GET /1.3/indicators/{value}/metadata and GET /1.3/indicators/metadata, which have been deprecated.
Description¶
Provide metadata associated with an indicator, including: indicatorType, value, priorityLevel, noteCount, sightings, firstSeen, lastSeen, enclaveIds, tags (each tag contains guid, name, and enclaveId attributes), source, notes, and guid. The metadata is determined based on the enclaves the user making the request has READ access to. The source attribute will only be returned if the indicator was submitted to Station through the “Submit Indicators” endpoint (POST /1.3/indicators) (docs here: https://docs.trustar.co/api/v13/indicators/submit_indicators.html ). If the indicator was extracted from a report that the user submitted to Station, it will not have a source attribute.
The request method must be POST because a JSON body is required for the request.
Parameters¶
Query String Parameters¶
| Parameter | Required | Default | Description |
|---|---|---|---|
| enclaveIds | all of the user’s enclaves | A list of enclave IDs to restrict to. All information returned will pertain only to these enclaves. |
Request Body Parameters¶
The request JSON body must be a well-formed JSON list, where each entry is an object with the following values.
| Parameter | Required | Default | Description |
|---|---|---|---|
| value | X | The indicator value to query. | |
| indicatorType | The indicator type. This parameter is only necessary in rare cases where an indicator value has been associated with multiple types due to context. |
Note
If the indicatorType field is used, it must be present for all entries in the list.
Response (200)¶
An indicator metadata object containing the metadata for the requested indicator.
Example Usage¶
“indicatorType” not specified:
curl -k -H "Content-Type: application/json" -X POST -d '[{"value":"1.2.3.4"}, {"value":"www.example.com"}]' -H "Authorization: Bearer {token}" "https://api.trustar.co/api/1.3/indicators/metadata"
“indicatorType” specified:
curl -k -H "Content-Type: application/json" -X POST -d '[{"value":"1.2.3.4", "indicatorType":"IP"}, {"value":"www.example.com", "indicatorType":"URL"]' -H "Authorization: Bearer {token}" "https://api.trustar.co/api/1.3/indicators/metadata"
Request Body¶
[
{
"value": "1.2.3.4"
},
{
"value": "www.example.com"
}
]
Response¶
[
{
"indicatorType": "IP",
"value": "1.2.3.4",
"priorityLevel": "LOW",
"noteCount": 3,
"sightings": 6,
"firstSeen": 1532495940000,
"lastSeen": 1532495940000,
"enclaveIds": [
"4dfb66f8-1dfc-406d-a0ed-b517ff043053"
],
"tags": [
{
"guid": "c05436cf-db96-41a9-b4bc-d182befcf961",
"name": "tag_2",
"enclaveId": "4dfb66f8-1dfc-406d-a0ed-b517ff043053"
},
{
"guid": "aaa4968c-39c9-4c2f-9591-5fa140fa388c",
"name": "tag_1",
"enclaveId": "4dfb66f8-1dfc-406d-a0ed-b517ff043053"
}
],
"source": "Somewhere",
"notes": [
"First note.", "Second note.", "Third note."
],
"guid": "IP|1.2.3.4"
},
{
"indicatorType": "URL",
"value": "www.example.com",
"priorityLevel": "LOW"
"noteCount": 3,
"sightings": 8,
"lastSeen": 1532495940000,
"enclaveIds": [
"4dfb66f8-1dfc-406d-a0ed-b517ff043053"
],
"tags": [
{
"guid": "7cf538a8-f8d5-469d-9dbb-9b3762ea7dbb",
"name": "a_different_tag",
"enclaveId": "4dfb66f8-1dfc-406d-a0ed-b517ff043053"
},
{
"guid": "c05436cf-db96-41a9-b4bc-d182befcf961",
"name": "tag_2",
"enclaveId": "4dfb66f8-1dfc-406d-a0ed-b517ff043053"
},
{
"guid": "aaa4968c-39c9-4c2f-9591-5fa140fa388c",
"name": "tag_1",
"enclaveId": "4dfb66f8-1dfc-406d-a0ed-b517ff043053"
}
],
"source": "Somewhere else",
"notes": [
"This is a note.", "This is a second note.", "This is third note."
],
"guid": "URL|www.example.com"
}
]