Get Phishing Submissions¶
POST /1.3/triage/submissions
Description¶
Returns a paginated list of all phishing email submissions that fit the given criteria.
Query String Parameters¶
Parameter | Required | Default | Description |
---|---|---|---|
pageSize | 25 | The number of results per page. Max allowed size is 1000. |
Request Body Parameters¶
Parameter | Required | Default | Description |
---|---|---|---|
from | 24 hours ago | Start of time window as a unix timestamp (milliseconds since epoch). The start of the time window must be within 1 month from the current time. | |
to | current time | End of time window as a unix timestamp (milliseconds since epoch). | |
priorityEventScore | [-1, 0, 1, 2, 3] |
List of priority scores to filter phishing submissions by. | |
status | ["UNRESOLVED"] |
List of email statuses to filter phishing submissions by. | |
enclaveIds | All enclaves the user has READ access to |
Comma-separated list of enclave ids. | |
cursor | pageNumber: 0 |
A Base64-encoded string that contains information on how to retrieve the next page. If you don’t pass a cursor value,
it will default to retrieve the first page.
NOTE: This is a system generated string that is returned as the nextCursor value in the responseMetadata
part of the request response. The cursor value used to retrieve the next page must match the nextCursor
value from the previous response in order to avoid unexpected behavior. |
Response (200)¶
A page of PhishingSubmission objects that meet the specified criteria.
Note: The nextCursor
returned in the responseMetadata
is a system generated string that is returned only if there are
more pages to retrieve. This string is to be used as the cursor
parameter value when performing subsequent requests. If the
nextCursor
value is empty, there are no more pages to fetch for.
Example Usage¶
Request¶
curl -k -X POST -H "Authorization: Bearer {access_token}" -H "Content-Type: application/json" \
-d '{"from" : 1582235870000,"to": 1582245870000,"status":["CONFIRMED"]}' "https://api.trustar.co/api/1.3/triage/submissions?pageSize=2"
Response¶
{
"responseMetadata": {
"totalItems": 10,
"nextCursor": "eyJwYWdlTnVtYmVyIjoxLCJwYWdlU2l6ZSI6Miwib2Zmc2V0Ijo0fQ=="
},
"items":[
{
"submissionId":"2a99ff45-72c5-49ff-b431-ab64239c7916",
"title":"Potential Phishing Email",
"priorityEventScore":"3",
"status": "CONFIRMED",
"context":[
{
"indicatorType": "URL",
"indicatorValue":"www.example.com",
"sourceKey":"crowdstrike_indicator",
"normalizedIndicatorScore":3,
"originalIndicatorScore": {
"name": "Malicious Confidence",
"value": "high"
}
},
{
"indicatorType": "URL",
"indicatorValue":"www.freestuff.com",
"sourceKey":"virustotal",
"normalizedIndicatorScore":3,
"originalIndicatorScore": {
"name": "Risk Score",
"value": "78"
}
}
]
},
{
"submissionId":"7b77ff45-72c5-49ff-b431-ab64239c7916",
"title":"Fwd: New Highly Profitable Indicator - Results are WOW!",
"priorityEventScore":"2",
"status": "CONFIRMED",
"context":[
{
"indicatorType": "URL",
"indicatorValue":"clickhere.com",
"sourceKey":"crowdstrike_indicator",
"normalizedIndicatorScore":2,
"originalIndicatorScore": {
"name": "Malicious Confidence",
"value": "medium"
}
},
{
"indicatorType": "URL",
"indicatorValue":"clickhere.com",
"sourceKey":"virustotal",
"normalizedIndicatorScore":2,
"originalIndicatorScore": {
"name": "Risk Score",
"value": "62"
}
}
]
}
]
}