Find Correlated Reports

GET /1.3/reports/correlated

Description

Returns a paginated list of all reports that contain any of the provided indicator values.

Parameters

Parameter Required Default Description
indicators X   indicator value of any type; i.e. an IP address, email address, URL, MD5, SHA1, SHA256, Registry Key, Malware name, etc.
enclaveIds   All enclaves the user has READ access to. A comma-separated list of enclave IDs. Only reports in these enclaves will be returned.
distributionType   ENCLAVE Only reports with this distribution type will be returned (ENCLAVE or COMMUNITY).
pageNumber   0 which page of the result set to get
pageSize   25 the number of results per page

Response (200)

A page of Report.

Example Usage

Request

curl -k -H "Authorization: Bearer {access_token}" \
   "https://api.trustar.co/api/1.3/reports/correlated?indicators=WANNACRY&enclaveIds=012858f0-264b-11e8-b467-0ed5f89f718b,p2k958f0-264b-11e8-b467-0ed5f89l2s9u"

Response

{
    "items": [
        {
            "id": "00618551-1924-431d-8e05-ca8eeeec2dcb",
            "created": 1517561071043,
            "updated": 1517561080713,
            "title": "Hit by malware",
            "distributionType": "ENCLAVE",
            "timeBegan": 1517561071028,
            "reportBody": "We got hit with the WANNACRY virus the other day.",
            "enclaveIds": [
                "012858f0-264b-11e8-b467-0ed5f89f718b"
            ]
        },
        {
            "id": "a9e5ebd9-26c4-4683-b75c-e3976f33f206",
            "created": 1517559481323,
            "updated": 1517559481425,
            "title": "Do we have WANNACRY?",
            "distributionType": "ENCLAVE",
            "timeBegan": 1517559477175,
            "reportBody": "We think we might have WANNACRY...",
            "enclaveIds": [
                "012858f0-264b-11e8-b467-0ed5f89f718b"
            ]
        }
    ],
    "hasNext": false,
    "pageSize": 25,
    "pageNumber": 0
}