Successful response indicates service reachability.
RBAC Permissions Required
| Permission (.notation name) | Operation(s) |
|---|---|
| No Permissions Required | N/A |
Request
GET <psc-hostname>/threathunter/feedmgr/healthcheck
Responses
| Code | Description | Content-Type | Content |
|---|---|---|---|
| 204 | service is available | . | None |
Retrieve all feeds owned by the caller. Provide include_public=true parameter to also include public community feeds.
RBAC Permissions Required
| Permission (.notation name) | Operation(s) |
|---|---|
threathunter.feeds |
READ |
Request
GET <psc-hostname>/threathunter/feedmgr/v2/orgs/(org_key)/feeds
Responses
| Code | Description | Content-Type | Content |
|---|---|---|---|
| 200 | Array of Feeds | application/json | {“results”: [Feed]} |
Retrieve feed with feed_id. This feed must be owned by the caller.
RBAC Permissions Required
| Permission (.notation name) | Operation(s) |
|---|---|
threathunter.feeds |
READ |
Request
GET <psc-hostname>/threathunter/feedmgr/v2/orgs/(org_key)/feeds/(feed_id)
Responses
| Code | Description | Content-Type | Content |
|---|---|---|---|
| 200 | Feed | application/json | Feed |
Create new private feed. Unique feed ID will be assigned by the service. All IOCs will be converted to IOC_V2. This feed will be owned by the caller. The feed will be available to only the org that created it.
RBAC Permissions Required
| Permission (.notation name) | Operation(s) |
|---|---|
threathunter.feeds |
CREATE |
Request
POST <psc-hostname>/threathunter/feedmgr/v2/orgs/(org_key)/feeds
| Content-Type | Content |
|---|---|
| application/json | Feed |
Responses
| Code | Description | Content-Type | Content |
|---|---|---|---|
| 200 | Feed created | application/json | FeedInfo |
| 400 | Invalid Feed Request | : | None |
Create public feed. Unique feed ID will be assigned by the service. All IOCs will be converted to IOC_V2. This feed will be owned by the caller. The feed will be available to all organizations.
RBAC Permissions Required
| Permission (.notation name) | Operation(s) |
|---|---|
threathunter.feeds |
CREATE |
Request
POST <psc-hostname>/threathunter/feedmgr/v2/orgs/(org_key)/feeds/public
| Content-Type | Content |
|---|---|
| application/json | Feed |
Responses
| Code | Description | Content-Type | Content |
|---|---|---|---|
| 200 | Feed created | application/json | FeedInfo |
| 400 | Invalid Feed Request | : | None |
Delete feed with feed_id. This feed must be owned by the caller.
RBAC Permissions Required
| Permission (.notation name) | Operation(s) |
|---|---|
threathunter.feeds |
DELETE |
Request
DELETE <psc-hostname>/threathunter/feedmgr/v2/orgs/(org_key)/feeds/(feed_id)
Responses
| Code | Description | Content-Type | Content |
|---|---|---|---|
| 204 | Feed Deleted | : | None |
| 400 | Unknown feed | : | None |
Retrieve feed info metadata for feed with feed_id. This feed must be owned by the caller.
RBAC Permissions Required
| Permission (.notation name) | Operation(s) |
|---|---|
threathunter.feeds |
READ |
Request
GET <psc-hostname>/threathunter/feedmgr/v2/orgs/(org_key)/feeds/(feed_id)/feedinfo
Responses
| Code | Description | Content-Type | Content |
|---|---|---|---|
| 200 | Feed Info | application/json | FeedInfo |
Update feed info metadata for feed with feed_id. This feed must be owned by the caller.
RBAC Permissions Required
| Permission (.notation name) | Operation(s) |
|---|---|
threathunter.feeds |
UPDATE |
Request
PUT <psc-hostname>/threathunter/feedmgr/v2/orgs/(org_key)/feeds/(feed_id)/feedinfo
| Content-Type | Content |
|---|---|
| application/json | FeedInfo |
Responses
| Code | Description | Content-Type | Content |
|---|---|---|---|
| 200 | Feed Info Updated | application/json | FeedInfo |
| 400 | Invalid Feed Request | : | None |
Retrieve all the reports for feed with feed_id. Feed must be owned by the caller.
RBAC Permissions Required
| Permission (.notation name) | Operation(s) |
|---|---|
threathunter.feeds |
READ |
Request
GET <psc-hostname>/threathunter/feedmgr/v2/orgs/(org_key)/feeds/(feed_id)/reports
Responses
| Code | Description | Content-Type | Content |
|---|---|---|---|
| 200 | Reports array | application/json | {“results”: [Report]} |
Replace reports for feed ID. All IOCs will be converted to IOC_V2. Any existing reports not in the payload will be deleted. Feed must be owned by the caller.
RBAC Permissions Required
| Permission (.notation name) | Operation(s) |
|---|---|
threathunter.feeds |
CREATE |
Request
POST <psc-hostname>/threathunter/feedmgr/v2/orgs/(org_key)/feeds/(feed_id)/reports
| Content-Type | Content |
|---|---|
| application/json | {“reports”: [Report]} |
Responses
| Code | Description | Content-Type | Content |
|---|---|---|---|
| 200 | Success | application/json | {“success”: boolean*} |
Return report with report_id for feed. Feed must be owned by the caller.
RBAC Permissions Required
| Permission (.notation name) | Operation(s) |
|---|---|
threathunter.feeds |
READ |
Request
GET <psc-hostname>/threathunter/feedmgr/v2/orgs/(org_key)/feeds/(feed_id)/reports/(report_id)
Responses
| Code | Description | Content-Type | Content |
|---|---|---|---|
| 200 | Report | application/json | [Report] |
Update report with report_id for feed. All IOCs will be converted to IOC_V2. Feed must be owned by the caller.
RBAC Permissions Required
| Permission (.notation name) | Operation(s) |
|---|---|
threathunter.feeds |
UPDATE |
Request
PUT <psc-hostname>/threathunter/feedmgr/v2/orgs/(org_key)/feeds/(feed_id)/reports/(report_id)
| Content-Type | Content |
|---|---|
| application/json | [Report] |
Responses
| Code | Description | Content-Type | Content |
|---|---|---|---|
| 200 | Report | application/json | Report |
Delete report with report_id for feed . Feed must be owned by the caller.
RBAC Permissions Required
| Permission (.notation name) | Operation(s) |
|---|---|
threathunter.feeds |
DELETE |
Request
DELETE <psc-hostname>/threathunter/feedmgr/v2/orgs/(org_key)/feeds/(feed_id)/reports/(report_id)
Responses
| Code | Description | Content-Type | Content |
|---|---|---|---|
| 204 | report deleted | : | None |
Convert CB Reponse query to ThreatHunter query. This will adjust field names and other syntax to match ThreatHunter Solr requirements.
RBAC Permissions Required
| Permission (.notation name) | Operation(s) |
|---|---|
threathunter.feeds |
READ |
Request
POST <psc-hostname>/threathunter/feedmgr/v2/query/translate
| content-type | content |
|---|---|
| application/json | {"query": str*} |
Responses
| Code | Description | Content-Type | Content |
|---|---|---|---|
| 200 | Translated query | application/json | {“query”: str*} |
| 400 | Unable to convert query due to incompatible fields | : | None |
NOTE: fields with ‘*’ are required
{"name": str*,
"owner": str*,
"provider_url": str*,
"summary": str*,
"category": str*,
"source_label": str,
"access": str,
"id": str}
{"index_type": str,
"search_query": str*}
{"md5": [str],
"ipv4": [str],
"ipv6": [str],
"dns": [str],
"query": [QueryIOC]}
{"id": str*,
"match_type": str*,
"values": [str]*,
"field": str,
"link": str}
{"id": str*,
"timestamp": int*,
"title": str*,
"description": str*,
"severity": int*,
"link": str,
"tags": [str],
"iocs": IOCs,
"iocs_v2": [IOC_V2],
"visibility": str}
{"feedinfo": FeedInfo*,
"reports": [Report]*}