Get Phishing Submissions

POST /1.3/triage/submissions

Description

Returns a paginated list of all phishing email submissions that fit the given criteria.

Query String Parameters

Parameter Required Default Description
pageSize   25 The number of results per page. Max allowed size is 1000.

Request Body Parameters

Parameter Required Default Description
from   24 hours ago Start of time window as a unix timestamp (milliseconds since epoch). The start of the time window must be within 1 month from the current time.
to   current time End of time window as a unix timestamp (milliseconds since epoch).
priorityEventScore   [-1, 0, 1, 2, 3] List of priority scores to filter phishing submissions by.
status   ["UNRESOLVED"] List of email statuses to filter phishing submissions by.
enclaveIds   All enclaves the user has READ access to Comma-separated list of enclave ids.
cursor   pageNumber: 0 A Base64-encoded string that contains information on how to retrieve the next page. If you don’t pass a cursor value, it will default to retrieve the first page. NOTE: This is a system generated string that is returned as the nextCursor value in the responseMetadata part of the request response. The cursor value used to retrieve the next page must match the nextCursor value from the previous response in order to avoid unexpected behavior.

Response (200)

A page of PhishingSubmission objects that meet the specified criteria.

Note: The nextCursor returned in the responseMetadata is a system generated string that is returned only if there are more pages to retrieve. This string is to be used as the cursor parameter value when performing subsequent requests. If the nextCursor value is empty, there are no more pages to fetch for.

Example Usage

Request

curl -k -X POST -H "Authorization: Bearer {access_token}" -H "Content-Type: application/json" \
-d '{"from" : 1582235870000,"to": 1582245870000,"status":["CONFIRMED"]}' "https://api.trustar.co/api/1.3/triage/submissions?pageSize=2"

Response

{
    "responseMetadata": {
        "totalItems": 10,
        "nextCursor": "eyJwYWdlTnVtYmVyIjoxLCJwYWdlU2l6ZSI6Miwib2Zmc2V0Ijo0fQ=="
    },
    "items":[
        {
            "submissionId":"2a99ff45-72c5-49ff-b431-ab64239c7916",
            "title":"Potential Phishing Email",
            "priorityEventScore":"3",
            "status": "CONFIRMED",
            "context":[
                {
                    "indicatorType": "URL",
                    "indicatorValue":"www.example.com",
                    "sourceKey":"crowdstrike_indicator",
                    "normalizedIndicatorScore":3,
                    "originalIndicatorScore": {
                        "name": "Malicious Confidence",
                        "value": "high"
                    }
                },
                {
                    "indicatorType": "URL",
                    "indicatorValue":"www.freestuff.com",
                    "sourceKey":"virustotal",
                    "normalizedIndicatorScore":3,
                    "originalIndicatorScore": {
                        "name": "Risk Score",
                        "value": "78"
                    }
                }
            ]
        },
        {
            "submissionId":"7b77ff45-72c5-49ff-b431-ab64239c7916",
            "title":"Fwd: New Highly Profitable Indicator - Results are WOW!",
            "priorityEventScore":"2",
            "status": "CONFIRMED",
            "context":[
                {
                    "indicatorType": "URL",
                    "indicatorValue":"clickhere.com",
                    "sourceKey":"crowdstrike_indicator",
                    "normalizedIndicatorScore":2,
                    "originalIndicatorScore": {
                        "name": "Malicious Confidence",
                        "value": "medium"
                    }
                },
                {
                    "indicatorType": "URL",
                    "indicatorValue":"clickhere.com",
                    "sourceKey":"virustotal",
                    "normalizedIndicatorScore":2,
                    "originalIndicatorScore": {
                        "name": "Risk Score",
                        "value": "62"
                    }
                }
            ]
        }
    ]
}