Reports¶
Incident reports are the primary resource in TruSTAR’s data model. Reports can be read, created, updated, and deleted through the API.
Endpoints¶
Schema¶
| Field | Description |
|---|---|
| id | the internal ID of the report (a GUID) |
| externalTrackingId | the external ID of the report (any string, user-defined) |
| created | the time of creation, in milliseconds since epoch |
| updated | the time of the last update, in milliseconds since epoch |
| title | the report title |
| sector.id | the ID of the company’s sector |
| sector.name | the name of the company’s sector |
| sector.label | the label of the company’s sector |
| distributionType | ENCLAVE or COMMUNITY - if COMMUNITY, the report is open to the community.
This field is deprecated, but is retained for backwards compatibility. The Community has been transitioned
to an enclave, so all reports have a distributionType of ENCLAVE. |
| timeBegan | the user-defined time when the incident began, in milliseconds since epoch |
| reportBody | the body of the report |
| enclaveIds | the list of IDs of the enclaves that the report has been submitted to |
Sample JSON¶
{
"id": "cabd7d8c-3aad-46a3-906a-cfd27ad6f965",
"created": 1520829291772,
"updated": 1520829291883,
"timeBegan": 1520829291726,
"title": "Malicious Activity!!!",
"sector": {
"id": 4,
"name": "defense",
"label": "Defense Industrial Base"
},
"distributionType": "ENCLAVE",
"reportBody": "Some malicious thing happened, it had to do with some_malware.exe and 103.255.61.39.",
"enclaveIds": [
"291af346-dbd1-4bc0-9c69-be20af157fb0"
]
}