Update Report¶
PUT /1.3/reports/{id}
Description¶
Update the report with the specified ID. Either the internal TruSTAR report ID or an external tracking ID can be used. Only the fields passed in the JSON body will be updated. All others will be left unchanged. “title” and “reportBody” are required. Fields passed in the JSON body with empty/null/None values will be treated as if they weren’t passed in the JSON body at all in that the values Station currently has for those attributes for that report will not be modified at all. They will not be changed to null.
Warning
If a report contains more than 500 indicators, it will be rejected with a 413 (payload too large) error code.
See here for details.
Parameters¶
URL Path Parameters¶
| Parameter | Required | Default | Description |
|---|---|---|---|
| id | X | TruSTAR report id or external tracking id |
URL Query Parameters¶
| Parameter | Required | Default | Description |
|---|---|---|---|
| idType | internal |
internal or external |
Request Body¶
The request JSON body should be a Report object.
Specifically, the body must be well formed json with the following fields:
| Parameter | Required | Default | Description |
|---|---|---|---|
| title | X | Title of the report | |
| reportBody | X | Text content of report | |
| externalTrackingId | null |
External tracking ID provided by user. Must be unique across all reports for a given company. | |
| externalUrl | null |
URL for the external report that this originated from, if one exists. Limit 500 alphanumeric characters. | |
| timeBegan | current time | ISO-8601 formatted incident time with timezone, e.g. 2016-09-22T11:38:35+00:00 |
|
| distributionType | ENCLAVE |
COMMUNITY or ENCLAVE |
|
| enclaveIds | If the distribution type is ENCLAVE |
Array of TruSTAR-generated enclave ids (available on Station under settings or through the GET /enclaves endpoint).
Use the enclave ID, NOT the enclave name. |
Response (200)¶
No content.
Example Usage¶
Request¶
curl -k -H "Content-Type: application/json" -X PUT -d \
'{"title":"new title", "externalTrackingId": newId1234, "reportBody":"This is a test report body with some indicators: 1.2.3.4, 5.6.7.8, evil.exe, api.evildomain.com, hash d2dd1bcdd6d6cfac59ba9638d2cd886c "}' \
-H "Authorization: Bearer {access_token}" "https://api.trustar.co/api/1.3/reports/oldId1234?idType=external"
Response¶
No content.