Find Correlated Reports¶
GET /1.3/reports/correlated
Description¶
Returns a paginated list of all reports that contain any of the provided indicator values.
Note
Indicator values submitted to this endpoint should be values that are known to exist in TruSTAR - they should have come from either the get-indicators-for-report or search-indicators endpoint. IOC values that do not exist in TruSTAR will cause the call to fail.
Warning
This endpoint uses query-string params, not a JSON body. URL and domain IOCs will cause calls to this endpoint to fail. Strip them out of the list of indicators before submitting.
Warning
Queries to this endpoint take a long time to process. To avoid timeouts, submit small lists of indicator values (recommend 25 or fewer) to this endpoint.
Parameters¶
| Parameter | Required | Default | Description |
|---|---|---|---|
| indicators | X | Indicator values. Adhere to warnings and notes above. | |
| enclaveIds | All enclaves the user has READ access to. | A comma-separated list of enclave IDs. Only reports in these enclaves will be returned. | |
| pageNumber | 0 |
which page of the result set to get | |
| pageSize | 25 |
the number of results per page |
Example Usage¶
Request¶
curl -k -H "Authorization: Bearer {access_token}" \
"https://api.trustar.co/api/1.3/reports/correlated?indicators=WANNACRY&enclaveIds=012858f0-264b-11e8-b467-0ed5f89f718b,p2k958f0-264b-11e8-b467-0ed5f89l2s9u"
Response¶
{
"items": [
{
"id": "00618551-1924-431d-8e05-ca8eeeec2dcb",
"created": 1517561071043,
"updated": 1517561080713,
"title": "Hit by malware",
"distributionType": "ENCLAVE",
"timeBegan": 1517561071028,
"reportBody": "We got hit with the WANNACRY virus the other day.",
"enclaveIds": [
"012858f0-264b-11e8-b467-0ed5f89f718b"
]
},
{
"id": "a9e5ebd9-26c4-4683-b75c-e3976f33f206",
"created": 1517559481323,
"updated": 1517559481425,
"title": "Do we have WANNACRY?",
"distributionType": "ENCLAVE",
"timeBegan": 1517559477175,
"reportBody": "We think we might have WANNACRY...",
"enclaveIds": [
"012858f0-264b-11e8-b467-0ed5f89f718b"
]
}
],
"hasNext": false,
"pageSize": 25,
"pageNumber": 0
}