Get Reports

GET /1.3/reports

Description

Returns a page of incident reports matching the specified filters. All parameters are optional: if nothing is specified, the latest 25 reports accessible by the user will be returned (matching the view the user would have by logging into Station). The from and to parameters, if provided, filter reports based on their updated times, not their created times. Although the response object contains a pageNumber field, this value will always be 0. The way to obtain the next page, for this endpoint, is by adjusting the from and to parameters.

Note

This endpoint will only return reports from a time window of maximum size of 1 day. If you give a time window larger than 1 day, it will pull reports starting at 1 day before the “to” date, through the “to” date.

Parameters

Parameter Required Default Description
from   1 day ago start of time window (Unix timestamp - milliseconds since epoch). Values more than 1 day before to will be truncated to reduce the time range to a max size of 1 day.
to   current time end of time window (Unix timestamp - milliseconds since epoch)
distributionType   ENCLAVE ENCLAVE or COMMUNITY - whether to search for reports in the community, or only in enclaves
enclaveIds   All enclaves the user has READ access to Comma separated list of enclave ids to search for reports in. Even if distributionType is COMMUNITY, these enclaves will still be searched as well.
tags     a list of names of tags to filter by; only reports containing ALL of these tags will be returned
excludedTags     reports containing ANY of these tags will be excluded from the results.

Response (200)

A page of Report objects, sorted by updated time, descending.

Example Usage

Request

curl -k -H "Authorization: Bearer {access_token}" \
   "https://api.trustar.co/api/1.3/reports?from=1517559481424&to=1517561080714&tag=a,b&excludedTags=c,d"

Response

{
    "items": [
        {
            "id": "00618551-1924-431d-8e05-ca8eeeec2dcb",
            "created": 1517561071043,
            "updated": 1517561080713,
            "title": "Hit by malware",
            "sector": {
              "id": 8,
              "name": "defense",
              "label": "Defense Industrial Base"
             },
            "distributionType": "ENCLAVE",
            "timeBegan": 1517561071028,
            "reportBody": "We got hit with the WANNACRY virus the other day.",
            "externalTrackingId": "Malware-192",
            "enclaveIds": [
                "012858f0-264b-11e8-b467-0ed5f89f718b"
            ]
        },
        {
            "id": "a9e5ebd9-26c4-4683-b75c-e3976f33f206",
            "created": 1517559481323,
            "updated": 1517559481425,
            "title": "Do we have WANNACRY?",
            "sector": {
              "id": 8,
              "name": "entertainment",
              "label": "Entertainment Co."
            },
            "distributionType": "ENCLAVE",
            "timeBegan": 1517559477175,
            "reportBody": "We think we might have WANNACRY...",
            "externalTrackingId": "Wannacry-028",
            "enclaveIds": [
                "012858f0-264b-11e8-b467-0ed5f89f718b"
            ]
        }
    ],
    "hasNext": false,
    "pageSize": 25,
    "pageNumber": 0
}