Submit Indicators¶
-
TruStar.submit_indicators(indicators, enclave_ids=None, tags=None)¶ Submit indicators directly. The indicator field
valueis required; all other metadata fields are optional:firstSeen,lastSeen,sightings,notes, andsource. The submission must specify enclaves for the indicators to be submitted to, and can optionally specify tags to assign to all the indicators in the submission, and/or include individual tags in each Indicator (which will take precedence over the submission tags). The tags can be existing or new, and are identified bynameandenclaveId. (Passing the GUID of an existing tag is not allowed.nameandenclaveIdmust be specified for each tag.)This function uses the API endpoint discussed here: https://docs.trustar.co/api/v13/indicators/submit_indicators.html Note that Indicator class attribute names are often slightly different from the API endpoint’s parameters. (EX: The Indicator class’s
first_seenattribute corresponds to the API endpoint’sfirstSeenparameter.)Parameters: - indicators (list(Indicator)) – a list of Indicator objects. Indicator’s
valueis required, all other attributes can be Null. These Indicator attributes can be modified / updated using this function:value,first_seen,last_seen,sightings,source,notes, andtags. No other Indicator attributes can be modified in TruSTAR by using this function. - enclave_ids (list(string)) – a list of enclave IDs.
- tags (list(Tag)) – a list of Tag objects that will be applied to ALL indicators in the submission. All tags’ “id” attribute must be None. All tags’ “enclave_id” attribute must contain at least one enclave ID.
- indicators (list(Indicator)) – a list of Indicator objects. Indicator’s