TruSTAR API (2.0)
Download OpenAPI specification:Download
Welcome to the TruSTAR REST API documentation!
The TruSTAR REST API allows you to easily build integrations with the TruSTAR Data-Centric Security Automation platform.
To use the API you must generate an OAuth token using your API key and API secret. You can generate or retrieve your API access key and secret from your account settings page on Station.
To request an OAuth token, send a request to the Authentication endpoint, replacing %api-key% and %api-secret% with your API key and secret retrieved above:
curl -k -v -u %api-key%:%api-secret% \
-d "grant_type=client_credentials" \
https://api.trustar.co/oauth/token
This operation generates a security token that can be used to query the public API:
{"access_token":"041c1918-dbe4-47a5-94bf-f13bacf1b0f2","token_type":"bearer","expires_in":599,"scope":"read"}
Note - This token can only be used for up to 10 minutes. Once it has expired, you will need to make this call again to generate a fresh token. If you are programatically accessing the TruSTAR API with
a script, the best practice is to refresh the token before every call. If the previous token has not yet expired, then the https://api.trustar.co/oauth/token endpoint will simply return the same token
as before, so there is no harm in requesting a fresh token before your current one has expired.
Below is an example API call using the token from above:
curl -k -X POST -H "Authorization: Bearer 041c1918-dbe4-47a5-94bf-f13bacf1b0f2" \
"https://api.trustar.co/api/2.0/indicators/search"
Headers
The API accepts 3 headers used to identify the type of client that the user is connecting with:
Client-Type:The name of the client being used (Should be either “API” or “Python_SDK”)Client-Version:The version of the client being used (Should be API version or Python SDK version)Client-Metatag:“curl” if executing curl commands from the command-line, “python script” if using the SDK, or integration name (“Splunk”, “ServiceNow”, “Phantom”, “Jira”, etc.)
Below is an example of a CURL call using these headers:
curl -k -X POST -H "Authorization: Bearer 041c1918-dbe4-47a5-94bf-f13bacf1b0f2" \
-H "Client-Type: API" \
-H "Client-Metatag: curl" \
"https://api.trustar.co/api/2.0/indicators/search"
Client-Type will default to API if the header is not found. The Python SDK is written to send PYTHON_SDK for Client-Type and the corresponding version for Client-Version.
Get Enclaves
Get the list of all enclaves that the user has access to
Authorizations:
Responses
Response Schema: application/json
| name | string The name of the enclave |
| templateName | string The template name of the enclave |
| workflowSupported | boolean Whether the enclave is supported for workflows |
| read | boolean The enclave permission present when the requesting user has READ access |
| create | boolean The enclave permission present when the requesting user has CREATE access |
| update | boolean The enclave permission present when the requesting user has UPDATE access |
| id | string The unique guid of the enclave |
| type | string Enum: "OPEN" "INTERNAL" "CLOSED_CONCRETE" "COMMUNITY" "OTHER" The type of enclave |
Response samples
- 200
[- {
- "name": "string",
- "templateName": "string",
- "workflowSupported": true,
- "read": true,
- "create": true,
- "update": true,
- "id": "string",
- "type": "OPEN"
}
]Parses Entity Terms from Text
Find all of the entity terms that can be found from applying extraction rules on a chunk of text
Authorizations:
Request Body schema: text/plain
Responses
Response Schema: application/json
| entity required | string The value that is used for pattern matching the values to mark as safelisted |
| type required | string Enum: "IP4" "IP6" "CIDR_BLOCK" "EMAIL_ADDRESS" "URL" "MD5" "SHA1" "SHA256" "REGISTRY_KEY" "SOFTWARE" "BITCOIN_ADDRESS" "PHONE_NUMBER" "DOMAIN" The type of safelist entry |
Response samples
- 200
[- {
- "entity": "string",
- "type": "IP4"
}
]Get Safelist Summaries
Get the summaries for all the safelist libraries owned by this company
Authorizations:
Responses
Response Schema: application/json
| guid | string The unique guid of the safelist |
| name | string The description of the safelist |
| companyGuid | string The guid of the company that owns the safelist |
| excerpt | string An excerpt of the safelist entries |
| createdAt | integer <int64> The timestamp (Unix timestamp - milliseconds since epoch) when the safelist was created |
| updatedAt | integer <int64> The timestamp (Unix timestamp - milliseconds since epoch) when the safelist was most recently updated |
| createdBy | string The email address of the user that created the safelist |
| updatedBy | string The email address of the user that most recently updated the safelist |
Response samples
- 200
[- {
- "guid": "string",
- "name": "string",
- "companyGuid": "string",
- "excerpt": "string",
- "createdAt": 0,
- "updatedAt": 0,
- "createdBy": "string",
- "updatedBy": "string"
}
]Add Safelist Library
Create a new safelist library
Authorizations:
Request Body schema: application/json
| name required | string [ 3 .. 120 ] characters The name of the new safelist library |
Responses
Response Schema: application/json
| guid | string The unique guid of the safelist |
| name | string The description of the safelist |
| companyGuid | string The guid of the company that owns the safelist |
| excerpt | string An excerpt of the safelist entries |
| createdAt | integer <int64> The timestamp (Unix timestamp - milliseconds since epoch) when the safelist was created |
| updatedAt | integer <int64> The timestamp (Unix timestamp - milliseconds since epoch) when the safelist was most recently updated |
| createdBy | string The email address of the user that created the safelist |
| updatedBy | string The email address of the user that most recently updated the safelist |
Request samples
- Payload
{- "name": "string"
}Response samples
- 200
{- "guid": "string",
- "name": "string",
- "companyGuid": "string",
- "excerpt": "string",
- "createdAt": 0,
- "updatedAt": 0,
- "createdBy": "string",
- "updatedBy": "string"
}Get Safelist By GUID
Retrieve a safelist library based on its GUID
Authorizations:
path Parameters
| safelistLibraryGuid required | string The guid of the safelist library to retrieve |
Request Body schema: */*
Responses
Response Schema: application/json
| guid | string The unique guid of the safelist |
| name | string The description of the safelist |
| companyGuid | string The guid of the company that owns the safelist |
| excerpt | string An excerpt of the safelist entries |
| createdAt | integer <int64> The timestamp (Unix timestamp - milliseconds since epoch) when the safelist was created |
| updatedAt | integer <int64> The timestamp (Unix timestamp - milliseconds since epoch) when the safelist was most recently updated |
| createdBy | string The email address of the user that created the safelist |
| updatedBy | string The email address of the user that most recently updated the safelist |
Array of objects (SafelistLibraryDetailEntry) [ items ] A list of the entries that the safelist library contains |
Response samples
- 200
{- "guid": "string",
- "name": "string",
- "companyGuid": "string",
- "excerpt": "string",
- "createdAt": 0,
- "updatedAt": 0,
- "createdBy": "string",
- "updatedBy": "string",
- "entries": [
- {
- "guid": "string",
- "entity": "string",
- "type": "string",
- "createdBy": "string",
- "createdAt": 0
}
]
}Add Entries to Safelist Library
Add new entries to an existing safelist library
Authorizations:
path Parameters
| safelistLibraryGuid required | string The guid of the safelist library to modify |
Request Body schema: application/json
required | Array of objects (ExtractedEntityTerm) non-empty [ 1 .. 2147483647 ] items [ items non-empty ] A list of safelist library entries to add |
Responses
Response Schema: application/json
| guid | string The unique guid of the safelist |
| name | string The description of the safelist |
| companyGuid | string The guid of the company that owns the safelist |
| excerpt | string An excerpt of the safelist entries |
| createdAt | integer <int64> The timestamp (Unix timestamp - milliseconds since epoch) when the safelist was created |
| updatedAt | integer <int64> The timestamp (Unix timestamp - milliseconds since epoch) when the safelist was most recently updated |
| createdBy | string The email address of the user that created the safelist |
| updatedBy | string The email address of the user that most recently updated the safelist |
Array of objects (SafelistLibraryDetailEntry) [ items ] A list of the entries that the safelist library contains |
Request samples
- Payload
{- "entries": [
- {
- "entity": "string",
- "type": "IP4"
}
]
}Response samples
- 200
{- "guid": "string",
- "name": "string",
- "companyGuid": "string",
- "excerpt": "string",
- "createdAt": 0,
- "updatedAt": 0,
- "createdBy": "string",
- "updatedBy": "string",
- "entries": [
- {
- "guid": "string",
- "entity": "string",
- "type": "string",
- "createdBy": "string",
- "createdAt": 0
}
]
}Delete Entry from Safelist Library
Remove an entry from an existing safelist library
Authorizations:
path Parameters
| safelistLibraryGuid required | string The guid of the safelist library to modify |
| entryGuid required | string The guid of the safelist library entry to delete |
Request Body schema: */*
Responses
Migrate Company Whitelist
Migrate the existing company whitelist into a default safelist library for the company. If the default safelist library already exists, this will make no changes.
Authorizations:
Responses
Response Schema: application/json
| guid | string The unique guid of the safelist |
| name | string The description of the safelist |
| companyGuid | string The guid of the company that owns the safelist |
| excerpt | string An excerpt of the safelist entries |
| createdAt | integer <int64> The timestamp (Unix timestamp - milliseconds since epoch) when the safelist was created |
| updatedAt | integer <int64> The timestamp (Unix timestamp - milliseconds since epoch) when the safelist was most recently updated |
| createdBy | string The email address of the user that created the safelist |
| updatedBy | string The email address of the user that most recently updated the safelist |
Response samples
- 200
[- {
- "guid": "string",
- "name": "string",
- "companyGuid": "string",
- "excerpt": "string",
- "createdAt": 0,
- "updatedAt": 0,
- "createdBy": "string",
- "updatedBy": "string"
}
]Search Indicators
Search for indicators and return a cursor page
Authorizations:
query Parameters
| pageSize | integer <int32> <= 999 Default: 25 |
Request Body schema: application/json
| queryTerm | string the term to search for. If empty, no search term will be applied, and all indicators matching the other filters will be returned. Otherwise, must be at least 3 characters in length. |
| from | integer <int64> start of time window (Unix timestamp - milliseconds since epoch). Time range values must not exceed max size of 1 year. |
| to | integer <int64> end of time window (Unix timestamp - milliseconds since epoch). Time range values must not exceed max size of 1 year. |
| sortColumn | string Enum: "CREATED" "UPDATED" "PROCESSED_AT" the column used to sort the results |
| sortOrder | string Enum: "ASC" "DESC" the order of the sort |
| priorityScores | Array of integers <int32> [ items <int32 > ] only include results with one of the selected priority scores |
| enclaveGuids | Array of strings only include results in one of the selected enclaves |
| types | Array of strings Items Enum: "IP4" "IP6" "DOMAIN" "CIDR_BLOCK" "EMAIL_ADDRESS" "PHONE_NUMBER" "URL" "MD5" "SHA1" "SHA256" "REGISTRY_KEY" "SOFTWARE" "BITCOIN_ADDRESS" only include results of the selected types |
Array of objects (AttributeSearchEntity) [ items ] only include results that have the following attribute values | |
| includedTags | Array of strings only include results that contain one of the following tags |
| excludedTags | Array of strings don't include results that contain any of the following tags |
| cursor | string an id to allow the search to continue from the end point of a previous search |
| includeSafelisted | boolean whether to include safelisted indicators in results |
Responses
Response Schema: application/json
Array of objects (SearchPrioritizedIndicator) [ items ] | |
object (ResponseMetadata) |
Request samples
- Payload
{- "queryTerm": "string",
- "from": 0,
- "to": 0,
- "sortColumn": "CREATED",
- "sortOrder": "ASC",
- "priorityScores": [
- 0
], - "enclaveGuids": [
- "string"
], - "types": [
- "IP4"
], - "attributes": [
- {
- "value": "string",
- "type": "THREAT_ACTOR"
}
], - "includedTags": [
- "string"
], - "excludedTags": [
- "string"
], - "cursor": "string",
- "includeSafelisted": true
}Response samples
- 200
{- "items": [
- {
- "guid": "string",
- "enclaveGuid": "string",
- "workflowGuid": "string",
- "observable": {
- "value": "string",
- "type": "IP4"
}, - "priorityScore": "UNKNOWN",
- "attributes": [
- {
- "value": "string",
- "type": "THREAT_ACTOR"
}
], - "userTags": [
- "string"
], - "submissionTags": [
- "string"
], - "scoreContexts": [
- {
- "enclaveGuid": "string",
- "sourceName": "string",
- "normalizedScore": 0,
- "weight": 0,
- "properties": {
- "property1": [
- "string"
], - "property2": [
- "string"
]
}
}
], - "created": 0,
- "updated": 0,
- "processedAt": 0,
- "validFrom": 0,
- "validUntil": 0,
- "safelisted": true
}
], - "responseMetadata": {
- "nextCursor": "string",
- "totalItems": 0
}
}Alter User Tags
Update the user tags that are associated with an indicator. Note that a tag is always stored in lower case irrespective of input case type
Authorizations:
path Parameters
| guid required | string |
Request Body schema: application/json
| enclaveGuid required | string The guid of the enclave that contains the indicator |
| addedTags | Array of strings unique Set of user tags to be added into the indicator |
| removedTags | Array of strings unique Set of user tags to be removed from the indicator |
Responses
Request samples
- Payload
{- "enclaveGuid": "string",
- "addedTags": [
- "string"
], - "removedTags": [
- "string"
]
}Get Observables For Submission
Find all observables contained in a submission
Authorizations:
query Parameters
| submissionId required | string The unique Id of the submission |
| idType | string Default: "INTERNAL" Enum: "INTERNAL" "EXTERNAL" "UNRECOGNIZED" The type of the specified Id |
| enclaveGuid | string The guid of the enclave containing the submission |
| pageSize | integer <int32> <= 999 Default: 100 |
| pageNumber | integer <int32> Default: 0 |
Request Body schema: */*
Responses
Response Schema: application/json
Array of objects (ObservableDto) [ items ] | |
object (Pageable) | |
| numberOfElements | integer <int32> |
| first | boolean |
object (Sort) | |
| last | boolean |
| size | integer <int32> |
| number | integer <int32> |
| empty | boolean |
Response samples
- 200
{- "content": [
- {
- "value": "string",
- "type": "IP4"
}
], - "pageable": {
- "unpaged": true,
- "pageNumber": 0,
- "pageSize": 0,
- "paged": true,
- "sort": {
- "unsorted": true,
- "sorted": true,
- "empty": true
}, - "offset": 0
}, - "numberOfElements": 0,
- "first": true,
- "sort": {
- "unsorted": true,
- "sorted": true,
- "empty": true
}, - "last": true,
- "size": 0,
- "number": 0,
- "empty": true
}Search Observables
Search observables according to specified criteria
Authorizations:
query Parameters
| pageSize | integer <int32> <= 999 Default: 25 |
Request Body schema: application/json
| queryTerm | string the term to search for. If empty, no search term will be applied, and all indicators matching the other filters will be returned. Otherwise, must be at least 3 characters in length. |
| from | integer <int64> start of time window (Unix timestamp - milliseconds since epoch). Time range values must not exceed max size of 1 year. |
| to | integer <int64> end of time window (Unix timestamp - milliseconds since epoch). Time range values must not exceed max size of 1 year. |
| sortColumn | string Enum: "FIRST_SEEN" "LAST_SEEN" the column used to sort the results |
| sortOrder | string Enum: "ASC" "DESC" the order of the sort |
| enclaveGuids | Array of strings only include results in one of the selected enclaves, if specified; otherwise, all enclaves the user has READ access to are applied by default |
| types | Array of strings Items Enum: "IP4" "IP6" "DOMAIN" "CIDR_BLOCK" "EMAIL_ADDRESS" "PHONE_NUMBER" "URL" "MD5" "SHA1" "SHA256" "REGISTRY_KEY" "SOFTWARE" "BITCOIN_ADDRESS" only include results of the selected types, if specified; otherwise, all types are applied by default |
| includedTags | Array of strings [ 0 .. 20 ] items only include results that contain one of the following tags |
| excludedTags | Array of strings [ 0 .. 20 ] items don't include results that contain any of the following tags |
| cursor | string an id to allow the search to continue from the end point of a previous search |
Responses
Response Schema: application/json
Array of objects (SearchObservable) [ items ] | |
object (ResponseMetadata) |
Request samples
- Payload
{- "queryTerm": "string",
- "from": 0,
- "to": 0,
- "sortColumn": "FIRST_SEEN",
- "sortOrder": "ASC",
- "enclaveGuids": [
- "string"
], - "types": [
- "IP4"
], - "includedTags": [
- "string"
], - "excludedTags": [
- "string"
], - "cursor": "string"
}Response samples
- 200
{- "items": [
- {
- "type": "IP4",
- "value": "string",
- "firstSeen": 0,
- "lastSeen": 0,
- "enclaveGuids": [
- "string"
], - "tags": [
- "string"
]
}
], - "responseMetadata": {
- "nextCursor": "string",
- "totalItems": 0
}
}Add/Remove tags from observable.
Adds or removes tags from a given observable and enclave.
Authorizations:
Request Body schema: application/json
| observableValue required | string Observable value to tag or un-tag. |
| enclaveGuid required | string The enclave guid where the indicator will be tagged or tag removed from. |
| addedTags | Array of strings [ 0 .. 20 ] items unique List of tags to be added to observable. Existent tags will be ignored. Max number of tags is: 20 |
| removedTags | Array of strings [ 0 .. 20 ] items unique List of tags to be removed from observable. Non-existent tags will be ignored. Max number of tags is: 20 |
Responses
Response Schema: application/json
| addedTags | Array of strings unique Tags correctly created. |
| removedTags | Array of strings unique Tags correctly deleted. |
Request samples
- Payload
{- "observableValue": "string",
- "enclaveGuid": "string",
- "addedTags": [
- "string"
], - "removedTags": [
- "string"
]
}Response samples
- 200
{- "addedTags": [
- "string"
], - "removedTags": [
- "string"
]
}Search submissions
Search for submissions (intel, events and indicators) and return a cursor page
Authorizations:
query Parameters
| pageSize | integer <int32> <= 999 Default: 25 |
Request Body schema: application/json
| queryTerm | string The term to search for. If empty, no search term will be applied, and all results matching the other filters will be returned. Otherwise, must be at least 3 characters in length. |
| from | integer <int64> start of time window (Unix timestamp - milliseconds since epoch). Time range values must not exceed max size of 1 year. |
| to | integer <int64> end of time window (Unix timestamp - milliseconds since epoch). Time range values must not exceed max size of 1 year. |
| enclaveGuids | Array of strings unique Only include results in one of the selected enclaves. |
| includedTags | Array of strings [ 0 .. 20 ] items unique Only include results that contain one of the following tags. Maximum number of tags: 20 |
| excludedTags | Array of strings [ 0 .. 20 ] items unique Do not include results that contain any of the following tags. Maximum number of tags: 20 |
| cursor | string ID to allow the search to continue from the end point of a previous search |
| sortColumn | string Enum: "CREATED" "UPDATED" The column used to sort the results |
Responses
Response Schema: application/json
Array of objects (SearchSubmission) [ items ] | |
object (ResponseMetadata) |
Request samples
- Payload
{- "queryTerm": "string",
- "from": 0,
- "to": 0,
- "enclaveGuids": [
- "string"
], - "includedTags": [
- "string"
], - "excludedTags": [
- "string"
], - "cursor": "string",
- "sortColumn": "CREATED"
}Response samples
- 200
{- "items": [
- {
- "guid": "string",
- "enclaveGuid": "string",
- "title": "string",
- "created": 0,
- "updated": 0,
- "tags": [
- "string"
]
}
], - "responseMetadata": {
- "nextCursor": "string",
- "totalItems": 0
}
}Get Submission Status
Find and return the processing status of the submission
Authorizations:
path Parameters
| id required | string The unique Id of the submission |
Request Body schema: */*
Responses
Response Schema: application/json
| id | string The ID of the submission |
| status | string Enum: "SUBMISSION_PROCESSING" "SUBMISSION_SUCCESS" "SUBMISSION_FAILURE" "UNKNOWN" The processing status of the submission |
| errorMessage | string The error that occurred if the submission failed to be fully processed. This value will only be present if the status is SUBMISSION_FAILURE |
Response samples
- 200
{- "id": "string",
- "status": "SUBMISSION_PROCESSING",
- "errorMessage": "string"
}Redact Submission
Redact a submission using your company’s redaction library. All terms from your current redaction library will be applied to the title and body of your submission.
Authorizations:
Request Body schema: application/json
| title required | string The title of the submission |
| content required | string The content of the submission |
Responses
Response Schema: application/json
| title required | string The title of the submission |
| content required | string The content of the submission |
Request samples
- Payload
{- "title": "string",
- "content": "string"
}Response samples
- 200
{- "title": "string",
- "content": "string"
}Alter Submission Tags
Bulk add and remove tags to/from a submission. Added tags that already exist on the submission, and removed tags that do not exist on the submission, will be ignored.
Authorizations:
Request Body schema: application/json
| idType | string Enum: "INTERNAL" "EXTERNAL" Type of the ID used to identity the submission. |
| enclaveId | string Enclave ID of the submission. This is only required when using EXTERNAL ID type. |
| addedTags | Array of strings unique Tags to be added to the submission. Existing tags will be ignored. |
| removedTags | Array of strings unique Tags to be removed from the submission. Non existing tags will be ignored. |
Responses
Response Schema: application/json
| id | string The ID of the submission |
| submissionVersion | integer <int32> The version of the submission as of the last operation performed |
Array of objects (SubmissionWarningDto) [ items ] |
Request samples
- Payload
{- "idType": "INTERNAL",
- "enclaveId": "string",
- "addedTags": [
- "string"
], - "removedTags": [
- "string"
]
}Response samples
- 200
{- "id": "string",
- "submissionVersion": 0,
- "warnings": [
- {
- "observable": {
- "value": "string",
- "type": "IP4"
}, - "field": "string",
- "value": "string",
- "message": "string"
}
]
}Upsert Submission
Update a submission if it already exists or create a new one if it doesn't
Authorizations:
query Parameters
| id | string The unique Id of the submission to upsert |
| idType | string Default: "INTERNAL" Enum: "INTERNAL" "EXTERNAL" "UNRECOGNIZED" The type of the specified Id |
| enclaveGuid | string The guid of the enclave containing the submission to upsert.It is required when idType is EXTERNAL |
| mode | string Default: "OVERRIDE" Enum: "OVERRIDE" "APPEND" The update mode |
Request Body schema: application/json
| guid | string The guid of the submission. Should be null for write operations. |
| title required | string The title of the submission |
| content required | string The content of the submission |
| enclaveGuid required | string The guid of the enclave the submission belongs to |
| externalId | string The submission's unique ID in the original data source. This field is optional, but if used then it must be unique in the namespace for that data source. |
| externalUrl | string A URL linking to the original object of the submission in the external source |
required | Array of objects (TagDto) [ 0 .. 20 ] items unique [ items ] A set of tags applied to the submission. It is required but can be empty. |
| timestamp | integer <int64> A user-defined timestamp |
| submissionVersion | integer <int32> The last known version of the submission |
| created | integer <int64> When the submission was created in Submission Service. Long (epoch millis) |
| updated | integer <int64> When the submission was updated in Submission Service. Long (epoch millis) |
Responses
Response Schema: application/json
| id | string The ID of the submission |
| submissionVersion | integer <int32> The version of the submission as of the last operation performed |
Array of objects (SubmissionWarningDto) [ items ] |
Request samples
- Payload
{- "guid": "string",
- "title": "string",
- "content": "string",
- "enclaveGuid": "string",
- "externalId": "string",
- "externalUrl": "string",
- "tags": [
- {
- "name": "string"
}
], - "timestamp": 0,
- "submissionVersion": 0,
- "created": 0,
- "updated": 0
}Response samples
- 200
{- "id": "string",
- "submissionVersion": 0,
- "warnings": [
- {
- "observable": {
- "value": "string",
- "type": "IP4"
}, - "field": "string",
- "value": "string",
- "message": "string"
}
]
}Find Event Submission
Find and return a specific event submission
Authorizations:
query Parameters
| id required | string The unique Id of the submission to find |
| idType | string Default: "INTERNAL" Enum: "INTERNAL" "EXTERNAL" "UNRECOGNIZED" The type of the specified Id |
| enclaveGuid | string The guid of the enclave containing the submission to find. It is required when idType is EXTERNAL |
Request Body schema: */*
Responses
Response Schema: application/json
| guid | string The guid of the submission. Should be null for write operations. |
| title required | string The title of the submission |
| content required | string The content of the submission |
| enclaveGuid required | string The guid of the enclave the submission belongs to |
| externalId | string The submission's unique ID in the original data source. This field is optional, but if used then it must be unique in the namespace for that data source. |
| externalUrl | string A URL linking to the original object of the submission in the external source |
required | Array of objects (TagDto) [ 0 .. 20 ] items unique [ items ] A set of tags applied to the submission. It is required but can be empty. |
| timestamp | integer <int64> A user-defined timestamp |
| submissionVersion | integer <int32> The last known version of the submission |
| created | integer <int64> When the submission was created in Submission Service. Long (epoch millis) |
| updated | integer <int64> When the submission was updated in Submission Service. Long (epoch millis) |
Response samples
- 200
{- "guid": "string",
- "title": "string",
- "content": "string",
- "enclaveGuid": "string",
- "externalId": "string",
- "externalUrl": "string",
- "tags": [
- {
- "name": "string"
}
], - "timestamp": 0,
- "submissionVersion": 0,
- "created": 0,
- "updated": 0
}Update Event Submission
Update the data in an existing event submission
Authorizations:
query Parameters
| id required | string The unique Id of the submission to update |
| idType | string Default: "INTERNAL" Enum: "INTERNAL" "EXTERNAL" "UNRECOGNIZED" The type of the specified Id |
| enclaveGuid | string The guid of the enclave containing the submission to update. It is required when idType is EXTERNAL |
Request Body schema: application/json
| guid | string The guid of the submission. Should be null for write operations. |
| title required | string The title of the submission |
| content required | string The content of the submission |
| enclaveGuid required | string The guid of the enclave the submission belongs to |
| externalId | string The submission's unique ID in the original data source. This field is optional, but if used then it must be unique in the namespace for that data source. |
| externalUrl | string A URL linking to the original object of the submission in the external source |
required | Array of objects (TagDto) [ 0 .. 20 ] items unique [ items ] A set of tags applied to the submission. It is required but can be empty. |
| timestamp | integer <int64> A user-defined timestamp |
| submissionVersion | integer <int32> The last known version of the submission |
| created | integer <int64> When the submission was created in Submission Service. Long (epoch millis) |
| updated | integer <int64> When the submission was updated in Submission Service. Long (epoch millis) |
Responses
Response Schema: application/json
| id | string The ID of the submission |
| submissionVersion | integer <int32> The version of the submission as of the last operation performed |
Array of objects (SubmissionWarningDto) [ items ] |
Request samples
- Payload
{- "guid": "string",
- "title": "string",
- "content": "string",
- "enclaveGuid": "string",
- "externalId": "string",
- "externalUrl": "string",
- "tags": [
- {
- "name": "string"
}
], - "timestamp": 0,
- "submissionVersion": 0,
- "created": 0,
- "updated": 0
}Response samples
- 200
{- "id": "string",
- "submissionVersion": 0,
- "warnings": [
- {
- "observable": {
- "value": "string",
- "type": "IP4"
}, - "field": "string",
- "value": "string",
- "message": "string"
}
]
}Create Event Submission
Create a new event submission
Authorizations:
Request Body schema: application/json
| guid | string The guid of the submission. Should be null for write operations. |
| title required | string The title of the submission |
| content required | string The content of the submission |
| enclaveGuid required | string The guid of the enclave the submission belongs to |
| externalId | string The submission's unique ID in the original data source. This field is optional, but if used then it must be unique in the namespace for that data source. |
| externalUrl | string A URL linking to the original object of the submission in the external source |
required | Array of objects (TagDto) [ 0 .. 20 ] items unique [ items ] A set of tags applied to the submission. It is required but can be empty. |
| timestamp | integer <int64> A user-defined timestamp |
| submissionVersion | integer <int32> The last known version of the submission |
| created | integer <int64> When the submission was created in Submission Service. Long (epoch millis) |
| updated | integer <int64> When the submission was updated in Submission Service. Long (epoch millis) |
Responses
Response Schema: application/json
| id | string The ID of the submission |
| submissionVersion | integer <int32> The version of the submission as of the last operation performed |
Array of objects (SubmissionWarningDto) [ items ] |
Request samples
- Payload
{- "guid": "string",
- "title": "string",
- "content": "string",
- "enclaveGuid": "string",
- "externalId": "string",
- "externalUrl": "string",
- "tags": [
- {
- "name": "string"
}
], - "timestamp": 0,
- "submissionVersion": 0,
- "created": 0,
- "updated": 0
}Response samples
- 200
{- "id": "string",
- "submissionVersion": 0,
- "warnings": [
- {
- "observable": {
- "value": "string",
- "type": "IP4"
}, - "field": "string",
- "value": "string",
- "message": "string"
}
]
}Delete Event Submission
Delete an existing event submission
Authorizations:
query Parameters
| id required | string The unique Id of the submission to delete |
| idType | string Default: "INTERNAL" Enum: "INTERNAL" "EXTERNAL" "UNRECOGNIZED" The type of the specified Id |
| enclaveGuid | string The guid of the enclave containing the submission to delete. It is required when idType is EXTERNAL |
Request Body schema: */*
Responses
Upsert Submission
Update a submission if it already exists or create a new one if it doesn't
Authorizations:
query Parameters
| id | string The unique Id of the submission to upsert |
| idType | string Default: "INTERNAL" Enum: "INTERNAL" "EXTERNAL" "UNRECOGNIZED" The type of the specified Id |
| enclaveGuid | string The guid of the enclave containing the submission to upsert |
| mode | string Default: "OVERRIDE" Enum: "OVERRIDE" "APPEND" The update mode |
Request Body schema: application/json
| id | string The Id of the submission. Should be null for write operations. |
| title required | string The title of the submission |
required | object (IndicatorContentDto) The content of the submission |
| enclaveGuid required | string The guid of the enclave the submission belongs to |
| externalId | string The submission's unique ID in the original data source. This field is optional, but if used then it must be unique in the namespace for that data source. |
| externalUrl | string A URL linking to the original object of the submission in the external source |
| timestamp | integer <int64> A user-defined timestamp |
| created | integer <int64> When the submission was created in Submission Service. Long (epoch millis) |
| updated | integer <int64> When the submission was updated in Submission Service. Long (epoch millis) |
| tags required | Array of strings [ 0 .. 20 ] items A set of tags applied to the submission. It is required but can be empty. |
| submissionVersion | integer <int32> The last known version of the submission |
| rawContent | string The raw content of the submission |
Responses
Response Schema: application/json
| id | string The ID of the submission |
| submissionVersion | integer <int32> The version of the submission as of the last operation performed |
Array of objects (SubmissionWarningDto) [ items ] |
Request samples
- Payload
{- "id": "string",
- "title": "string",
- "content": {
- "indicators": [
- {
- "observable": {
- "value": "string",
- "type": "IP4"
}, - "validFrom": 0,
- "validTo": 0,
- "maliciousScore": "BENIGN",
- "confidenceScore": "LOW",
- "attributes": [
- {
- "entity": {
- "value": "string",
- "type": "THREAT_ACTOR"
}, - "validFrom": 0,
- "validTo": 0,
- "confidenceScore": "LOW"
}
], - "relatedObservables": [
- {
- "entity": {
- "value": "string",
- "type": "IP4"
}, - "validFrom": 0,
- "validTo": 0,
- "confidenceScore": "LOW"
}
], - "tags": [
- "string"
], - "properties": {
- "property1": "string",
- "property2": "string"
}
}
]
}, - "enclaveGuid": "string",
- "externalId": "string",
- "externalUrl": "string",
- "timestamp": 0,
- "created": 0,
- "updated": 0,
- "tags": [
- "string"
], - "submissionVersion": 0,
- "rawContent": "string"
}Response samples
- 200
{- "id": "string",
- "submissionVersion": 0,
- "warnings": [
- {
- "observable": {
- "value": "string",
- "type": "IP4"
}, - "field": "string",
- "value": "string",
- "message": "string"
}
]
}Find Submission
Find and return a specific submission
Authorizations:
query Parameters
| id required | string The unique Id of the submission to find |
| idType | string Default: "INTERNAL" Enum: "INTERNAL" "EXTERNAL" "UNRECOGNIZED" The type of the specified Id |
| enclaveGuid | string The guid of the enclave containing the submission to find |
| includeContent | boolean Default: false Whether to include the content in the return value |
Request Body schema: */*
Responses
Response Schema: application/json
| id | string The Id of the submission. Should be null for write operations. |
| title required | string The title of the submission |
required | object (IndicatorContentDto) The content of the submission |
| enclaveGuid required | string The guid of the enclave the submission belongs to |
| externalId | string The submission's unique ID in the original data source. This field is optional, but if used then it must be unique in the namespace for that data source. |
| externalUrl | string A URL linking to the original object of the submission in the external source |
| timestamp | integer <int64> A user-defined timestamp |
| created | integer <int64> When the submission was created in Submission Service. Long (epoch millis) |
| updated | integer <int64> When the submission was updated in Submission Service. Long (epoch millis) |
| tags required | Array of strings [ 0 .. 20 ] items A set of tags applied to the submission. It is required but can be empty. |
| submissionVersion | integer <int32> The last known version of the submission |
| rawContent | string The raw content of the submission |
Response samples
- 200
{- "id": "string",
- "title": "string",
- "content": {
- "indicators": [
- {
- "observable": {
- "value": "string",
- "type": "IP4"
}, - "validFrom": 0,
- "validTo": 0,
- "maliciousScore": "BENIGN",
- "confidenceScore": "LOW",
- "attributes": [
- {
- "entity": {
- "value": "string",
- "type": "THREAT_ACTOR"
}, - "validFrom": 0,
- "validTo": 0,
- "confidenceScore": "LOW"
}
], - "relatedObservables": [
- {
- "entity": {
- "value": "string",
- "type": "IP4"
}, - "validFrom": 0,
- "validTo": 0,
- "confidenceScore": "LOW"
}
], - "tags": [
- "string"
], - "properties": {
- "property1": "string",
- "property2": "string"
}
}
]
}, - "enclaveGuid": "string",
- "externalId": "string",
- "externalUrl": "string",
- "timestamp": 0,
- "created": 0,
- "updated": 0,
- "tags": [
- "string"
], - "submissionVersion": 0,
- "rawContent": "string"
}Update Submission
Update the data in an existing submission
Authorizations:
query Parameters
| id required | string The unique Id of the submission to update |
| idType | string Default: "INTERNAL" Enum: "INTERNAL" "EXTERNAL" "UNRECOGNIZED" The type of the specified Id |
| enclaveGuid | string The guid of the enclave containing the submission to update |
Request Body schema: application/json
| id | string The Id of the submission. Should be null for write operations. |
| title required | string The title of the submission |
required | object (IndicatorContentDto) The content of the submission |
| enclaveGuid required | string The guid of the enclave the submission belongs to |
| externalId | string The submission's unique ID in the original data source. This field is optional, but if used then it must be unique in the namespace for that data source. |
| externalUrl | string A URL linking to the original object of the submission in the external source |
| timestamp | integer <int64> A user-defined timestamp |
| created | integer <int64> When the submission was created in Submission Service. Long (epoch millis) |
| updated | integer <int64> When the submission was updated in Submission Service. Long (epoch millis) |
| tags required | Array of strings [ 0 .. 20 ] items A set of tags applied to the submission. It is required but can be empty. |
| submissionVersion | integer <int32> The last known version of the submission |
| rawContent | string The raw content of the submission |
Responses
Response Schema: application/json
| id | string The ID of the submission |
| submissionVersion | integer <int32> The version of the submission as of the last operation performed |
Array of objects (SubmissionWarningDto) [ items ] |
Request samples
- Payload
{- "id": "string",
- "title": "string",
- "content": {
- "indicators": [
- {
- "observable": {
- "value": "string",
- "type": "IP4"
}, - "validFrom": 0,
- "validTo": 0,
- "maliciousScore": "BENIGN",
- "confidenceScore": "LOW",
- "attributes": [
- {
- "entity": {
- "value": "string",
- "type": "THREAT_ACTOR"
}, - "validFrom": 0,
- "validTo": 0,
- "confidenceScore": "LOW"
}
], - "relatedObservables": [
- {
- "entity": {
- "value": "string",
- "type": "IP4"
}, - "validFrom": 0,
- "validTo": 0,
- "confidenceScore": "LOW"
}
], - "tags": [
- "string"
], - "properties": {
- "property1": "string",
- "property2": "string"
}
}
]
}, - "enclaveGuid": "string",
- "externalId": "string",
- "externalUrl": "string",
- "timestamp": 0,
- "created": 0,
- "updated": 0,
- "tags": [
- "string"
], - "submissionVersion": 0,
- "rawContent": "string"
}Response samples
- 200
{- "id": "string",
- "submissionVersion": 0,
- "warnings": [
- {
- "observable": {
- "value": "string",
- "type": "IP4"
}, - "field": "string",
- "value": "string",
- "message": "string"
}
]
}Create Submission
Create a new submission
Authorizations:
Request Body schema: application/json
| id | string The Id of the submission. Should be null for write operations. |
| title required | string The title of the submission |
required | object (IndicatorContentDto) The content of the submission |
| enclaveGuid required | string The guid of the enclave the submission belongs to |
| externalId | string The submission's unique ID in the original data source. This field is optional, but if used then it must be unique in the namespace for that data source. |
| externalUrl | string A URL linking to the original object of the submission in the external source |
| timestamp | integer <int64> A user-defined timestamp |
| created | integer <int64> When the submission was created in Submission Service. Long (epoch millis) |
| updated | integer <int64> When the submission was updated in Submission Service. Long (epoch millis) |
| tags required | Array of strings [ 0 .. 20 ] items A set of tags applied to the submission. It is required but can be empty. |
| submissionVersion | integer <int32> The last known version of the submission |
| rawContent | string The raw content of the submission |
Responses
Response Schema: application/json
| id | string The ID of the submission |
| submissionVersion | integer <int32> The version of the submission as of the last operation performed |
Array of objects (SubmissionWarningDto) [ items ] |
Request samples
- Payload
{- "id": "string",
- "title": "string",
- "content": {
- "indicators": [
- {
- "observable": {
- "value": "string",
- "type": "IP4"
}, - "validFrom": 0,
- "validTo": 0,
- "maliciousScore": "BENIGN",
- "confidenceScore": "LOW",
- "attributes": [
- {
- "entity": {
- "value": "string",
- "type": "THREAT_ACTOR"
}, - "validFrom": 0,
- "validTo": 0,
- "confidenceScore": "LOW"
}
], - "relatedObservables": [
- {
- "entity": {
- "value": "string",
- "type": "IP4"
}, - "validFrom": 0,
- "validTo": 0,
- "confidenceScore": "LOW"
}
], - "tags": [
- "string"
], - "properties": {
- "property1": "string",
- "property2": "string"
}
}
]
}, - "enclaveGuid": "string",
- "externalId": "string",
- "externalUrl": "string",
- "timestamp": 0,
- "created": 0,
- "updated": 0,
- "tags": [
- "string"
], - "submissionVersion": 0,
- "rawContent": "string"
}Response samples
- 200
{- "id": "string",
- "submissionVersion": 0,
- "warnings": [
- {
- "observable": {
- "value": "string",
- "type": "IP4"
}, - "field": "string",
- "value": "string",
- "message": "string"
}
]
}Delete Submission
Delete an existing submission
Authorizations:
query Parameters
| id required | string The unique Id of the submission to delete |
| idType | string Default: "INTERNAL" Enum: "INTERNAL" "EXTERNAL" "UNRECOGNIZED" The type of the specified Id |
| enclaveGuid | string The guid of the enclave containing the submission to delete |
Request Body schema: */*
Responses
Find Intelligence Submission
Find and return a specific Intelligence submission
Authorizations:
query Parameters
| id required | string The unique Id of the intelligence submission to find |
| idType | string Default: "INTERNAL" Enum: "INTERNAL" "EXTERNAL" "UNRECOGNIZED" The type of the specified Id |
| enclaveGuid | string The guid of the enclave containing the intelligence submission to find. It is required when idType is EXTERNAL |
Request Body schema: */*
Responses
Response Schema: application/json
| guid | string The guid of the submission. Should be null for write operations. |
| title required | string The title of the submission |
| content required | string The content of the submission |
| enclaveGuid required | string The guid of the enclave the submission belongs to |
| externalId | string The submission's unique ID in the original data source. This field is optional, but if used then it must be unique in the namespace for that data source. |
| externalUrl | string A URL linking to the original object of the submission in the external source |
required | Array of objects (TagDto) [ 0 .. 20 ] items unique [ items ] A set of tags applied to the submission. It is required but can be empty. |
| timestamp | integer <int64> A user-defined timestamp |
| submissionVersion | integer <int32> The last known version of the submission |
| created | integer <int64> When the submission was created in Submission Service. Long (epoch millis) |
| updated | integer <int64> When the submission was updated in Submission Service. Long (epoch millis) |
Response samples
- 200
{- "guid": "string",
- "title": "string",
- "content": "string",
- "enclaveGuid": "string",
- "externalId": "string",
- "externalUrl": "string",
- "tags": [
- {
- "name": "string"
}
], - "timestamp": 0,
- "submissionVersion": 0,
- "created": 0,
- "updated": 0
}Update Intelligence Submission
Update the data in an existing intelligence submission
Authorizations:
query Parameters
| id required | string The unique Id of the intelligence submission to update |
| idType | string Default: "INTERNAL" Enum: "INTERNAL" "EXTERNAL" "UNRECOGNIZED" The type of the specified Id |
| enclaveGuid | string The guid of the enclave containing the intelligence submission to update. It is required when idType is EXTERNAL |
Request Body schema: application/json
| guid | string The guid of the submission. Should be null for write operations. |
| title required | string The title of the submission |
| content required | string The content of the submission |
| enclaveGuid required | string The guid of the enclave the submission belongs to |
| externalId | string The submission's unique ID in the original data source. This field is optional, but if used then it must be unique in the namespace for that data source. |
| externalUrl | string A URL linking to the original object of the submission in the external source |
required | Array of objects (TagDto) [ 0 .. 20 ] items unique [ items ] A set of tags applied to the submission. It is required but can be empty. |
| timestamp | integer <int64> A user-defined timestamp |
| submissionVersion | integer <int32> The last known version of the submission |
| created | integer <int64> When the submission was created in Submission Service. Long (epoch millis) |
| updated | integer <int64> When the submission was updated in Submission Service. Long (epoch millis) |
Responses
Response Schema: application/json
| id | string The ID of the submission |
| submissionVersion | integer <int32> The version of the submission as of the last operation performed |
Array of objects (SubmissionWarningDto) [ items ] |
Request samples
- Payload
{- "guid": "string",
- "title": "string",
- "content": "string",
- "enclaveGuid": "string",
- "externalId": "string",
- "externalUrl": "string",
- "tags": [
- {
- "name": "string"
}
], - "timestamp": 0,
- "submissionVersion": 0,
- "created": 0,
- "updated": 0
}Response samples
- 200
{- "id": "string",
- "submissionVersion": 0,
- "warnings": [
- {
- "observable": {
- "value": "string",
- "type": "IP4"
}, - "field": "string",
- "value": "string",
- "message": "string"
}
]
}Create an Intelligence Submission
Create a new intelligence submission
Authorizations:
Request Body schema: application/json
| guid | string The guid of the submission. Should be null for write operations. |
| title required | string The title of the submission |
| content required | string The content of the submission |
| enclaveGuid required | string The guid of the enclave the submission belongs to |
| externalId | string The submission's unique ID in the original data source. This field is optional, but if used then it must be unique in the namespace for that data source. |
| externalUrl | string A URL linking to the original object of the submission in the external source |
required | Array of objects (TagDto) [ 0 .. 20 ] items unique [ items ] A set of tags applied to the submission. It is required but can be empty. |
| timestamp | integer <int64> A user-defined timestamp |
| submissionVersion | integer <int32> The last known version of the submission |
| created | integer <int64> When the submission was created in Submission Service. Long (epoch millis) |
| updated | integer <int64> When the submission was updated in Submission Service. Long (epoch millis) |
Responses
Response Schema: application/json
| id | string The ID of the submission |
| submissionVersion | integer <int32> The version of the submission as of the last operation performed |
Array of objects (SubmissionWarningDto) [ items ] |
Request samples
- Payload
{- "guid": "string",
- "title": "string",
- "content": "string",
- "enclaveGuid": "string",
- "externalId": "string",
- "externalUrl": "string",
- "tags": [
- {
- "name": "string"
}
], - "timestamp": 0,
- "submissionVersion": 0,
- "created": 0,
- "updated": 0
}Response samples
- 200
{- "id": "string",
- "submissionVersion": 0,
- "warnings": [
- {
- "observable": {
- "value": "string",
- "type": "IP4"
}, - "field": "string",
- "value": "string",
- "message": "string"
}
]
}Delete Intelligence Submission
Delete an existing Intelligence submission
Authorizations:
query Parameters
| id required | string The unique Id of the intelligence submission to delete |
| idType | string Default: "INTERNAL" Enum: "INTERNAL" "EXTERNAL" "UNRECOGNIZED" The type of the specified Id |
| enclaveGuid | string The guid of the enclave containing the intelligence submission to delete. It is required when idType is EXTERNAL |
Request Body schema: */*
Responses
Upsert Intelligence Submission
Update an intelligence submission if it already exists or create a new one if it doesn't
Authorizations:
query Parameters
| id | string The unique Id of the intelligence submission to upsert |
| idType | string Default: "INTERNAL" Enum: "INTERNAL" "EXTERNAL" "UNRECOGNIZED" The type of the specified Id |
| enclaveGuid | string The guid of the enclave containing the intelligence submission to upsert.It is required when idType is EXTERNAL |
| mode | string Default: "OVERRIDE" Enum: "OVERRIDE" "APPEND" The update mode |
Request Body schema: application/json
| guid | string The guid of the submission. Should be null for write operations. |
| title required | string The title of the submission |
| content required | string The content of the submission |
| enclaveGuid required | string The guid of the enclave the submission belongs to |
| externalId | string The submission's unique ID in the original data source. This field is optional, but if used then it must be unique in the namespace for that data source. |
| externalUrl | string A URL linking to the original object of the submission in the external source |
required | Array of objects (TagDto) [ 0 .. 20 ] items unique [ items ] A set of tags applied to the submission. It is required but can be empty. |
| timestamp | integer <int64> A user-defined timestamp |
| submissionVersion | integer <int32> The last known version of the submission |
| created | integer <int64> When the submission was created in Submission Service. Long (epoch millis) |
| updated | integer <int64> When the submission was updated in Submission Service. Long (epoch millis) |
Responses
Response Schema: application/json
| id | string The ID of the submission |
| submissionVersion | integer <int32> The version of the submission as of the last operation performed |
Array of objects (SubmissionWarningDto) [ items ] |
Request samples
- Payload
{- "guid": "string",
- "title": "string",
- "content": "string",
- "enclaveGuid": "string",
- "externalId": "string",
- "externalUrl": "string",
- "tags": [
- {
- "name": "string"
}
], - "timestamp": 0,
- "submissionVersion": 0,
- "created": 0,
- "updated": 0
}Response samples
- 200
{- "id": "string",
- "submissionVersion": 0,
- "warnings": [
- {
- "observable": {
- "value": "string",
- "type": "IP4"
}, - "field": "string",
- "value": "string",
- "message": "string"
}
]
}Get Workflows
Get the workflows for this company
Authorizations:
query Parameters
| type | string workflow type using as a filter. Exact match. |
| name | string workflow name using as filter. Partial match. |
| createdFrom | integer <int64> The result will include workflows created from this date.If it is null will be retrieved from the beginning. |
| createdTo | integer <int64> The result will include workflows created up to this date.If it is null will be retrieved up-to now. |
| updatedFrom | integer <int64> The result will include workflows updated from this date.If it is null will be retrieved from the beginning. |
| updatedTo | integer <int64> The result will include workflows updated up to this date.If it is null will be retrieved up-to now. |
Request Body schema: */*
Responses
Response Schema: application/json
Array of objects (WorkflowDtoResponse) [ items ] The content returned by the search | |
object (Pageable) | |
| totalPages | integer <int32> The total number of pages for this data set |
| totalElements | integer <int64> The total number of elements for this data set |
| numberOfElements | integer <int32> The number of elements returned in this page |
| first | boolean Whether this is the first page in the data set |
object (Sort) | |
| last | boolean Whether this is the last page in the data set |
| empty | boolean Whether this page is empty |
| size | integer <int32> The number of elements returned in this page |
| number | integer <int32> The page number |
Response samples
- 200
{- "content": [
- {
- "guid": "string",
- "name": "string",
- "created": 0,
- "updated": 0,
- "workflowConfig": {
- "type": "INDICATOR_PRIORITIZATION",
- "workflowSource": { },
- "workflowDestination": { }
}, - "safelistGuids": [
- "string"
]
}
], - "pageable": {
- "unpaged": true,
- "pageNumber": 0,
- "pageSize": 0,
- "paged": true,
- "sort": {
- "unsorted": true,
- "sorted": true,
- "empty": true
}, - "offset": 0
}, - "totalPages": 0,
- "totalElements": 0,
- "numberOfElements": 0,
- "first": true,
- "sort": {
- "unsorted": true,
- "sorted": true,
- "empty": true
}, - "last": true,
- "empty": true,
- "size": 0,
- "number": 0
}Create Workflow
Create a new workflow. A company cannot create more than 5 workflows. There cannot be more than 10 source enclaves per workflow.
Authorizations:
Request Body schema: application/json
| name required | string [ 3 .. 120 ] characters The name of the workflow |
required | object (WorkflowConfigIWorkflowSourceIWorkflowDestination) The workflow configuration |
| safelistGuids required | Array of strings unique The set of safelist library guids to associate with the workflow |
Responses
Response Schema: application/json
| guid | string The unique guid for the workflow |
| name | string The name of the workflow |
| created | integer <int64> The timestamp (epoch millisecond time) when the workflow was created |
| updated | integer <int64> The timestamp (epoch millisecond time) when the workflow was most recently updated |
object (WorkflowConfigIWorkflowSourceIWorkflowDestination) The workflow configuration | |
| safelistGuids | Array of strings unique A set of guids corresponding to the safelist libraries that are used in this workflow |
Request samples
- Payload
{- "name": "string",
- "workflowConfig": {
- "type": "INDICATOR_PRIORITIZATION",
- "workflowSource": { },
- "workflowDestination": { }
}, - "safelistGuids": [
- "string"
]
}Response samples
- 200
{- "guid": "string",
- "name": "string",
- "created": 0,
- "updated": 0,
- "workflowConfig": {
- "type": "INDICATOR_PRIORITIZATION",
- "workflowSource": { },
- "workflowDestination": { }
}, - "safelistGuids": [
- "string"
]
}Get Workflow by GUID
Retrieve the workflow for the GUID
Authorizations:
path Parameters
| workflowGuid required | string The unique guid for the workflow |
Request Body schema: */*
Responses
Response Schema: application/json
| guid | string The unique guid for the workflow |
| name | string The name of the workflow |
| created | integer <int64> The timestamp (epoch millisecond time) when the workflow was created |
| updated | integer <int64> The timestamp (epoch millisecond time) when the workflow was most recently updated |
object (WorkflowConfigIWorkflowSourceIWorkflowDestination) The workflow configuration | |
| safelistGuids | Array of strings unique A set of guids corresponding to the safelist libraries that are used in this workflow |
Response samples
- 200
{- "guid": "string",
- "name": "string",
- "created": 0,
- "updated": 0,
- "workflowConfig": {
- "type": "INDICATOR_PRIORITIZATION",
- "workflowSource": { },
- "workflowDestination": { }
}, - "safelistGuids": [
- "string"
]
}Update Workflow
Update an existing workflow. A company cannot create more than 5 workflows. There cannot be more than 10 source enclaves per workflow.
Authorizations:
path Parameters
| workflowGuid required | string The unique guid for the workflow |
Request Body schema: application/json
| name required | string [ 3 .. 120 ] characters The name of the workflow |
required | object (WorkflowConfigIWorkflowSourceIWorkflowDestination) The workflow configuration |
| safelistGuids required | Array of strings unique The set of safelist library guids to associate with the workflow |
Responses
Response Schema: application/json
| guid | string The unique guid for the workflow |
| name | string The name of the workflow |
| created | integer <int64> The timestamp (epoch millisecond time) when the workflow was created |
| updated | integer <int64> The timestamp (epoch millisecond time) when the workflow was most recently updated |
object (WorkflowConfigIWorkflowSourceIWorkflowDestination) The workflow configuration | |
| safelistGuids | Array of strings unique A set of guids corresponding to the safelist libraries that are used in this workflow |
Request samples
- Payload
{- "name": "string",
- "workflowConfig": {
- "type": "INDICATOR_PRIORITIZATION",
- "workflowSource": { },
- "workflowDestination": { }
}, - "safelistGuids": [
- "string"
]
}Response samples
- 200
{- "guid": "string",
- "name": "string",
- "created": 0,
- "updated": 0,
- "workflowConfig": {
- "type": "INDICATOR_PRIORITIZATION",
- "workflowSource": { },
- "workflowDestination": { }
}, - "safelistGuids": [
- "string"
]
}