Skip to content

Commit

Permalink
#10 update and format
Browse files Browse the repository at this point in the history
  • Loading branch information
@jeromeleonard
jeromeleonard committed Aug 31, 2021
1 parent 0647f0a commit e1c0748
Show file tree
Hide file tree
Showing 4 changed files with 189 additions and 64 deletions.
13 changes: 12 additions & 1 deletion docs/thehive/api/alert/.pages
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,17 @@
nav:
- list.md
- create.md
- update.md
- read.md
- delete.md
- promote-as-case.md
- merge.md
- merge.md
- similar-cases.md
- list-observables.md
- add-observable.md
- update-observable.md
- delete-observable.md
- run-responder.md
- list-responder-jobs.md


92 changes: 48 additions & 44 deletions docs/thehive/api/alert/create.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -11,22 +11,24 @@ POST /api/alert

## Request Body Example

```json
{
"artifacts": [],
"description": "Imported from MISP Event #1311.",
"severity": 0,
"source": "misp server",
"sourceRef": "1311",
"tags": [
!!! Example ""

```json
{
"artifacts": [],
"description": "Imported from MISP Event #1311.",
"severity": 0,
"source": "misp server",
"sourceRef": "1311",
"tags": [
"tlp:white",
"type:OSINT"
],
"title": "CISA.gov - AA21-062A Mitigate Microsoft Exchange Server Vulnerabilities",
"tlp": 0,
"type": "MISP Event"
}
```
],
"title": "CISA.gov - AA21-062A Mitigate Microsoft Exchange Server Vulnerabilities",
"tlp": 0,
"type": "MISP Event"
}
```

The following fields are required:

Expand All @@ -44,35 +46,37 @@ The following fields are required:

### Response Body Example

```json
{
"_id": "~987889880",
"id": "~987889880",
"createdBy": "[email protected]",
"updatedBy": null,
"createdAt": 1630323713949,
"updatedAt": null,
"_type": "alert",
"type": "misp event",
"source": "misp server",
"sourceRef": "1311-2",
"externalLink": null,
"case": null,
"title": "CISA.gov - AA21-062A Mitigate Microsoft Exchange Server Vulnerabilities",
"description": "Imported from MISP Event #1311.",
"severity": 0,
"date": 1630323713937,
"tags": [
!!! Example ""

```json
{
"_id": "~987889880",
"id": "~987889880",
"createdBy": "[email protected]",
"updatedBy": null,
"createdAt": 1630323713949,
"updatedAt": null,
"_type": "alert",
"type": "misp event",
"source": "misp server",
"sourceRef": "1311-2",
"externalLink": null,
"case": null,
"title": "CISA.gov - AA21-062A Mitigate Microsoft Exchange Server Vulnerabilities",
"description": "Imported from MISP Event #1311.",
"severity": 0,
"date": 1630323713937,
"tags": [
"tlp:pwhite",
"type:OSINT",
],
"tlp": 0,
"pap": 2,
"status": "New",
"follow": true,
"customFields": {},
"caseTemplate": null,
"artifacts": [],
"similarCases": []
}
```
],
"tlp": 0,
"pap": 2,
"status": "New",
"follow": true,
"customFields": {},
"caseTemplate": null,
"artifacts": [],
"similarCases": []
}
```
15 changes: 4 additions & 11 deletions docs/thehive/api/alert/delete.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -8,16 +8,9 @@ Delete an *Alert*.
DELETE /api/alert/{id}?force=1
```

## Response

## Request Body Example
### Status codes

```json

```


## Response Body Example

```json

```
- `204`: if *Alert* is deleted successfully
- `401`: Authentication error
133 changes: 125 additions & 8 deletions docs/thehive/api/alert/update.md
View file
Original file line number Diff line number Diff line change
@@ -1,23 +1,140 @@
# Update

Update an existing Alert, like add observables, mark as read, update status ...
Update an *Alert*.

## Query

```plain
PATCH /api/alert/{id}
```

```
with:

- `id`: id of the Alert

## Request Body Example
## Request Body Example

```json
!!! Example ""

```json
{
"description": "SIEM automated alert: the user [email protected] has posted information on a known phishing url. "
}
```

```
## Response

### Status codes

- `200`: if *Alert* is updated successfully
- `401`: Authentication error

## Response Body Example
### Response Body Example

```json
!!! Example ""

```
```json
{
"_id": "~624443400",
"id": "~624443400",
"createdBy": "[email protected]",
"updatedBy": null,
"createdAt": 1620373264377,
"updatedAt": null,
"_type": "alert",
"type": "external",
"source": "SIEM",
"sourceRef": "47e379",
"externalLink": null,
"case": null,
"title": "User posted information on known phishing URL",
"description": "SIEM automated alert: the user [email protected] has posted information on a known phishing url. ",
"severity": 2,
"date": 1620373264000,
"tags": [
"source:siem",
"log-source:proxy"
],
"tlp": 3,
"pap": 2,
"status": "Ignored",
"follow": true,
"customFields": {
"businessUnit": {
"string": "Finance"
},
"location": {
"string": "Sydney"
}
},
"caseTemplate": null,
"artifacts": [
{
"_id": "~665772152",
"id": "~665772152",
"createdBy": "[email protected]",
"createdAt": 1620373264410,
"_type": "case_artifact",
"dataType": "username",
"data": "[email protected]",
"startDate": 1620373264410,
"tlp": 2,
"tags": [],
"ioc": false,
"sighted": false,
"reports": {},
"stats": {}
},
{
"_id": "~677015568",
"id": "~677015568",
"createdBy": "[email protected]",
"createdAt": 1620373264398,
"_type": "case_artifact",
"dataType": "domain",
"data": "pl-getbuys.icu",
"startDate": 1620373264398,
"tlp": 2,
"tags": [],
"ioc": false,
"sighted": false,
"reports": {},
"stats": {}
},
{
"_id": "~677019664",
"id": "~677019664",
"createdBy": "[email protected]",
"createdAt": 1620373264405,
"_type": "case_artifact",
"dataType": "mail",
"data": "[email protected]",
"startDate": 1620373264405,
"tlp": 2,
"tags": [],
"ioc": false,
"sighted": false,
"reports": {},
"stats": {}
},
{
"_id": "~706650224",
"id": "~706650224",
"createdBy": "[email protected]",
"createdAt": 1620373264391,
"_type": "case_artifact",
"dataType": "url",
"data": "https://poczta.pl-getbuys.icu/",
"startDate": 1620373264391,
"tlp": 2,
"tags": [],
"ioc": false,
"sighted": false,
"message": "http method: POST",
"reports": {},
"stats": {}
}
],
"similarCases": []
}
```

0 comments on commit e1c0748

Please sign in to comment.