Update Report¶
PUT /1.3/reports/{id}
Description¶
Update the report with the specified ID. Either the internal TruSTAR report ID or an external tracking ID can be used.
Note
No partial updates are allowed. To update a report, first pull the existing report, make the desired edits, then
pass the edited JSON to this endpoint. Leaving fields as null will either result in error, or overwrite fields
with null values if null is valid for that field.
Warning
If a report contains more than 2000 indicators, it will be rejected with a 413 (payload too large) error code.
See here for details.
Note
This endpoint will respond as soon as the report has been stored, but it has not necessarily gone through all stages of processing. Report enrichment will occur over time. Some endpoints may respond 404 if a report is requested that has just recently been submitted.
Parameters¶
URL Path Parameters¶
| Parameter | Required | Default | Description |
|---|---|---|---|
| id | X | TruSTAR report ID or external tracking ID |
URL Query Parameters¶
| Parameter | Required | Default | Description |
|---|---|---|---|
| idType | internal |
internal or external |
Request Body¶
The request JSON body should be a Report object.
Specifically, the body must be well formed json with the following fields:
| Parameter | Required | Default | Description |
|---|---|---|---|
| title | X | Title of the report | |
| reportBody | X | Text content of report | |
| externalTrackingId | null |
External tracking ID provided by user. Must be unique across all reports for a given company and enclave. | |
| externalUrl | null |
URL for the external report that this originated from, if one exists. Limit 500 alphanumeric characters. | |
| timeBegan | current time | ISO-8601 formatted incident time with timezone, e.g. 2016-09-22T11:38:35+00:00 |
|
| enclaveIds | X | Array of exactly one enclave ID (available on Station under settings or through the GET /enclaves endpoint).
Use the enclave ID, NOT the enclave name. After removing support for single enclave submission, this
parameter must remain a list to ensure backwards compatibility. |
Response (200)¶
No content.
Example Usage¶
Request¶
curl -k -H "Content-Type: application/json" -X POST -d \
'{"title":"curl api-report", "reportBody":"This is a test report body with some indicators: 1.2.3.4, evil.exe, api.evildomain.com, hash d2dd1bcdd6d6cfac59ba9638d2cd886c ", "externalTrackingId": "M-1234", "timeBegan":"2016-09-22T11:38:35+00:00", "enclaveIds":["e27b914b-b1ee-4d25-b4b2-d50db5208b4d"]}' \
-H "Authorization: Bearer {access_token}" "https://api.trustar.co/api/1.3/reports/oldId1234?idType=external"
Response¶
No content.