Skip to content

Latest commit

 

History

History
288 lines (268 loc) · 15.8 KB

README.md

File metadata and controls

288 lines (268 loc) · 15.8 KB
Raw

Documentation for API Endpoints

All URIs are relative to https://hostname:443

Method HTTP request Description
add_ad_hoc_task POST /inv-playbook/task/add/{investigationId} Add ad-hoc task
close_incidents_batch POST /incident/batchClose Batch close incidents
complete_task POST /inv-playbook/task/complete [Deprecated] Complete a task
complete_task_v2 POST /v2/inv-playbook/task/complete Complete a task
copy_script POST /automation/copy Copy automation
create_docker_image POST /settings/docker-images Create Image
create_feed_indicators_json POST /indicators/feed/json Create feed indicators from JSON
create_incident POST /incident Create single incident
create_incident_json POST /incident/json Create incident from JSON
create_incidents_batch POST /incident/batch Batch create incidents
create_or_update_incident_type POST /incidenttype Create new Incident Type
delete_ad_hoc_task POST /inv-playbook/task/delete/{investigationId}/{invPBTaskId} Delete ad-hoc task
delete_automation_script POST /automation/delete Delete existing automation
delete_evidence_op POST /evidence/delete delete evidence
delete_incidents_batch POST /incident/batchDelete Batch delete incidents
delete_indicators_batch POST /indicators/batchDelete Batch whitelist or delete indicators
delete_widget DELETE /widgets/{id} Remove existing widget
download_file GET /entry/download/{entryid} Download file
download_latest_report GET /reports/{id}/latest Get latest report by ID
edit_ad_hoc_task POST /inv-playbook/task/edit/{investigationId} Edit ad-hoc task
entry_export_artifact POST /entry/exportArtifact Export Artifact
execute_report POST /report/{id}/{requestId}/execute Execute report
export_incidents_to_csv_batch POST /incident/batch/exportToCsv Batch export incidents to csv
export_indicators_to_csv_batch POST /indicators/batch/exportToCsv Batch export indicators to csv
export_indicators_to_stix_batch POST /indicators/batch/export/stix Batch export indicators to STIX
get_all_reports GET /reports Get all reports
get_all_widgets GET /widgets
get_audits POST /settings/audits Get Audits
get_automation_scripts POST /automation/search Search Automation (aka scripts)
get_docker_images GET /settings/docker-images Get Docker Images
get_entry_artifact GET /entry/artifact/{id} Get entry artifact
get_incident_as_csv GET /incident/csv/{id} Get incident as CSV
get_incidents_fields_by_incident_type GET /incidentfields/associatedTypes/{type} Get all incident fields associated with incident type
get_indicators_as_csv GET /indicators/csv/{id} Get indicators as CSV
get_indicators_as_stix GET /indicators/stix/v2/{id} Get indicators as STIX V2
get_report_by_id GET /reports/{id} Get report by ID
get_stats_for_dashboard POST /statistics/dashboards/query Get Dashboard Statistics
get_stats_for_widget POST /statistics/widgets/query Get Widget Statistics
get_widget GET /widgets/{id} Get widget by ID
import_classifier POST /classifier/import Import a classifier
import_dashboard POST /dashboards/import Import a dashboard
import_incident_fields POST /incidentfields/import Import an incidents field
import_incident_types_handler POST /incidenttypes/import Import an incident type
import_layout POST /v2/layouts/import Import a layout
import_playbook POST /playbook/save/yaml Import and override playbook
import_reputation_handler POST /reputation/import Import a reputation type
import_script POST /automation/import Upload an automation
import_widget POST /widgets/import Import a widget
incident_file_upload POST /incident/upload/{id}
indicator_whitelist POST /indicator/whitelist Whitelists or deletes Indicator
indicators_create POST /indicator/create Create Indicator
indicators_create_batch POST /indicators/upload Create indicators
indicators_edit POST /indicator/edit Edit Indicator
indicators_search POST /indicators/search Search indicators
integration_upload POST /settings/integration-conf/upload Upload an integration
investigation_add_entries_sync POST /entry/execute/sync Create new entry in existing investigation
investigation_add_entry_handler POST /entry Create new entry in existing investigation
investigation_add_formatted_entry_handler POST /entry/formatted Create new formatted entry in existing investigation
revoke_user_api_key POST /apikeys/revoke/user/{username}
save_evidence POST /evidence Save evidence
save_or_update_script POST /automation Create or update automation
save_widget POST /widgets Add or update a widget
search_evidence POST /evidence/search Search evidence
search_incidents POST /incidents/search Search incidents by filter
search_investigations POST /investigations/search Search investigations by filter
simple_complete_task POST /inv-playbook/task/complete/simple Complete task simple (no file)
submit_task_form POST /v2/inv-playbook/task/form/submit Complete a task
task_add_comment POST /inv-playbook/task/note/add Task add comment
task_assign POST /inv-playbook/task/assign Assign task
task_set_due POST /inv-playbook/task/due Set task due date
task_un_complete POST /inv-playbook/task/uncomplete Un complete a task
update_entry_note POST /entry/note Mark entry as note
update_entry_tags_op POST /entry/tags Set entry tags
upload_content_packs POST /contentpacks/installed/upload Upload a Pack as zip file. The zip file maybe a single Pack or a zip containing multiple zipped Packs (a zip of zips)
upload_report POST /reports/upload Upload report file to Demisto

Documentation For Models

Documentation For Authorization

api_key

  • Type: API key
  • API key parameter name: Authorization
  • Location: HTTP header

csrf_token

  • Type: API key
  • API key parameter name: X-XSRF-TOKEN
  • Location: HTTP header

x-xdr-auth-id

  • Type: API key
  • API key parameter name: x-xdr-auth-id
  • Location: HTTP header