Submit Report¶
POST /1.3/reports
Description¶
Submit a new incident report, and receive the ID it has been assigned in TruSTAR’s system. The ID can be used to find the report through Station, or issue subsequent calls on the API.
Note that that a report cannot be tagged during submission. Tags can only be applied afterwards, through a separate call.
Warning
If a report contains more than 500 indicators, it will be rejected with a 413 (payload too large) error code.
See here for details.
Parameters¶
The request JSON body should be a Report object.
Specifically, the body must be well formed json with the following fields:
| Parameter | Required | Default | Description |
|---|---|---|---|
| title | X | Title of the report | |
| reportBody | X | Text content of report | |
| externalTrackingId | null |
External tracking ID provided by user. Must be unique across all reports for a given company. | |
| externalUrl | null |
URL for the external report that this originated from, if one exists. Limit 500 alphanumeric characters. | |
| timeBegan | current time | ISO-8601 formatted incident time with timezone, e.g. 2016-09-22T11:38:35+00:00 |
|
| distributionType | X | COMMUNITY (will disregard any enclaveIds) or ENCLAVE (must include enclaveIds) |
|
| enclaveIds | Must be included if the distribution type is ENCLAVE |
Non-empty array of TruSTAR-generated enclave ids (available on Station under settings or through the GET /enclaves endpoint).
Use the enclave ID, NOT the enclave name. |
Response (200)¶
The ID (a GUID) that the report has been assigned in TruSTAR’s system.
Example Usage¶
Request¶
curl -k -H "Content-Type: application/json" -X POST -d \
'{"title":"curl api-report", "reportBody":"This is a test report body with some indicators: 1.2.3.4, evil.exe, api.evildomain.com, hash d2dd1bcdd6d6cfac59ba9638d2cd886c ", "externalTrackingId": "M-1234", "timeBegan":"2016-09-22T11:38:35+00:00", "distributionType": "ENCLAVE", "enclaveIds":["e27b914b-b1ee-4d25-b4b2-d50db5208b4d", "ac6a0d17-7350-4410-bc57-9699521db992"]}' \
-H "Authorization: Bearer {access_token}" "https://api.trustar.co/api/1.3/reports"
Response¶
81f89c56-265a-11e8-b467-0ed5f89f718b