Reports

Incident reports are the primary resource in TruSTAR’s data model. Reports can be read, created, updated, and deleted through the API.

Schema

Field Description
id the internal ID of the report (a GUID)
externalTrackingId the external ID of the report (any string, user-defined)
created the time of creation, in milliseconds since epoch
updated the time of the last update, in milliseconds since epoch
title the report title
sector.id the ID of the company’s sector
sector.name the name of the company’s sector
sector.label the label of the company’s sector
distributionType ENCLAVE or COMMUNITY - if COMMUNITY, the report is open to the community. This field is deprecated, but is retained for backwards compatibility. The Community has been transitioned to an enclave, so all reports have a distributionType of ENCLAVE.
timeBegan the user-defined time when the incident began, in milliseconds since epoch
reportBody the body of the report
enclaveIds the list of IDs of the enclaves that the report has been submitted to

Sample JSON

{
    "id": "cabd7d8c-3aad-46a3-906a-cfd27ad6f965",
    "created": 1520829291772,
    "updated": 1520829291883,
    "timeBegan": 1520829291726,
    "title": "Malicious Activity!!!",
    "sector": {
        "id": 4,
        "name": "defense",
        "label": "Defense Industrial Base"
    },
    "distributionType": "ENCLAVE",
    "reportBody": "Some malicious thing happened, it had to do with some_malware.exe and 103.255.61.39.",
    "enclaveIds": [
        "291af346-dbd1-4bc0-9c69-be20af157fb0"
    ]
}