Feed API Definition
Note: <psc-hostname>
is the parent URL for your PSC instance.
Successful response indicates service reachability.
Request
GET <psc-hostname>/threathunter/feedmgr/healthcheck
Responses
Code | Description | Content-Type | Content |
---|---|---|---|
204 | service is available | . | None |
Retrieve all feeds owned by the caller. Provide include_public=true
parameter to also include public community feeds.
Request
GET <psc-hostname>/threathunter/feedmgr/v2/orgs/(org_key)/feeds
Responses
Code | Description | Content-Type | Content |
---|---|---|---|
200 | Array of Feeds | application/json | {“results”: [Feed]} |
Retrieve feed with feed_id
. This feed must be owned by the caller.
Request
GET <psc-hostname>/threathunter/feedmgr/v2/orgs/(org_key)/feeds/(feed_id)
Responses
Code | Description | Content-Type | Content |
---|---|---|---|
200 | Feed | application/json | Feed |
Create new private feed. Unique feed ID will be assigned by the service. All IOCs will be converted to IOC_V2. This feed will be owned by the caller. The feed will be available to only the org that created it.
Request
POST <psc-hostname>/threathunter/feedmgr/v2/orgs/(org_key)/feeds
Content-Type | Content |
---|---|
application/json | Feed |
Responses
Code | Description | Content-Type | Content |
---|---|---|---|
200 | Feed created | application/json | FeedInfo |
400 | Invalid Feed Request | : | None |
Create public feed. Unique feed ID will be assigned by the service. All IOCs will be converted to IOC_V2. This feed will be owned by the caller. The feed will be available to all organizations.
Request
POST <psc-hostname>/threathunter/feedmgr/v2/orgs/(org_key)/feeds/public
Content-Type | Content |
---|---|
application/json | Feed |
Responses
Code | Description | Content-Type | Content |
---|---|---|---|
200 | Feed created | application/json | FeedInfo |
400 | Invalid Feed Request | : | None |
Delete feed with feed_id
. This feed must be owned by the caller.
Request
DELETE <psc-hostname>/threathunter/feedmgr/v2/orgs/(org_key)/feeds/(feed_id)
Responses
Code | Description | Content-Type | Content |
---|---|---|---|
204 | Feed Deleted | : | None |
400 | Unknown feed | : | None |
Retrieve feed info metadata for feed with feed_id
. This feed must be owned by the caller.
Request
GET <psc-hostname>/threathunter/feedmgr/v2/orgs/(org_key)/feeds/(feed_id)/feedinfo
Responses
Code | Description | Content-Type | Content |
---|---|---|---|
200 | Feed Info | application/json | FeedInfo |
Update feed info metadata for feed with feed_id
. This feed must be owned by the caller.
Request
PUT <psc-hostname>/threathunter/feedmgr/v2/orgs/(org_key)/feeds/(feed_id)/feedinfo
Content-Type | Content |
---|---|
application/json | FeedInfo |
Responses
Code | Description | Content-Type | Content |
---|---|---|---|
200 | Feed Info Updated | application/json | FeedInfo |
400 | Invalid Feed Request | : | None |
Retrieve all the reports for feed with feed_id
. Feed must be owned by the caller.
Request
GET <psc-hostname>/threathunter/feedmgr/v2/orgs/(org_key)/feeds/(feed_id)/reports
Responses
Code | Description | Content-Type | Content |
---|---|---|---|
200 | Reports array | application/json | {“results”: [Report]} |
Replace reports for feed ID. All IOCs will be converted to IOC_V2. Any existing reports not in the payload will be deleted. Feed must be owned by the caller.
Request
POST <psc-hostname>/threathunter/feedmgr/v2/orgs/(org_key)/feeds/(feed_id)/reports
Content-Type | Content |
---|---|
application/json | {“reports”: [Report]} |
Responses
Code | Description | Content-Type | Content |
---|---|---|---|
200 | Success | application/json | {“success”: boolean*} |
Return report with report_id
for feed. Feed must be owned by the caller.
Request
GET <psc-hostname>/threathunter/feedmgr/v2/orgs/(org_key)/feeds/(feed_id)/reports/(report_id)
Responses
Code | Description | Content-Type | Content |
---|---|---|---|
200 | Report | application/json | [Report] |
Update report with report_id
for feed. All IOCs will be converted to IOC_V2. Feed must be owned by the caller.
Request
PUT <psc-hostname>/threathunter/feedmgr/v2/orgs/(org_key)/feeds/(feed_id)/reports/(report_id)
Content-Type | Content |
---|---|
application/json | [Report] |
Responses
Code | Description | Content-Type | Content |
---|---|---|---|
200 | Report | application/json | Report |
Delete report with report_id
for feed . Feed must be owned by the caller.
Request
DELETE <psc-hostname>/threathunter/feedmgr/v2/orgs/(org_key)/feeds/(feed_id)/reports/(report_id)
Responses
Code | Description | Content-Type | Content |
---|---|---|---|
204 | report deleted | : | None |
Convert CB Reponse query to ThreatHunter query. This will adjust field names and other syntax to match ThreatHunter Solr requirements.
Request
POST <psc-hostname>/threathunter/feedmgr/v2/query/translate
content-type | content |
---|---|
application/json | {"query": str*} |
Responses
Code | Description | Content-Type | Content |
---|---|---|---|
200 | Translated query | application/json | {“query”: str*} |
400 | Unable to convert query due to incompatible fields | : | None |
NOTE: fields with ‘*’ are required
{"name": str*,
"owner": str*,
"provider_url": str*,
"summary": str*,
"category": str*,
"source_label": str,
"access": str,
"id": str}
{"index_type": str,
"search_query": str*}
{"md5": [str],
"ipv4": [str],
"ipv6": [str],
"dns": [str],
"query": [QueryIOC]}
{"id": str*,
"match_type": str*,
"values": [str]*,
"field": str,
"link": str}
{"id": str*,
"timestamp": int*,
"title": str*,
"description": str*,
"severity": int*,
"link": str,
"tags": [str],
"iocs": IOCs,
"iocs_v2": [IOC_V2],
"visibility": str}
{"feedinfo": FeedInfo*,
"reports": [Report]*}