WARNING: This is a legacy document, please view the latest version
here.
Feed API Definition
Note: <psc-hostname>
is the parent URL for your PSC instance.
Healthcheck
Successful response indicates service reachability.
Request
GET <psc-hostname>/threathunter/feedmgr/healthcheck
Responses
Code |
Description |
Content-Type |
Content |
204 |
service is available |
. |
None |
Create a new feed
Create new feed. Unique feed ID will be assigned by the service.
All IOCs will be converted to IOC_V2. This feed will be owned by the caller. If feedinfo.access
is public
the feed will be available to all organizations.
Request
POST <psc-hostname>/threathunter/feedmgr/v1/feed
Content-Type |
Content |
application/json |
Feed Object |
Responses
Code |
Description |
Content-Type |
Content |
200 |
Feed created |
application/json |
FeedInfo |
400 |
Invalid Feed Request |
: |
None |
Get all feeds
Retrieve all feeds owned by the caller. Provide include_public=true
parameter to also include public community feeds.
Request
GET <psc-hostname>/threathunter/feedmgr/v1/feed
Responses
Code |
Description |
Content-Type |
Content |
200 |
Array of Feeds |
application/json |
{“results”: [Feed]} |
Get Specific Feed
Retrieve feed with feed_id
. This feed must be owned by the caller.
Request
GET <psc-hostname>/threathunter/feedmgr/v1/feed/(feed_id)
Responses
Code |
Description |
Content-Type |
Content |
200 |
Feed |
application/json |
Feed |
Delete Feed
Delete feed with feed_id
. This feed must be owned by the caller.
Request
DELETE <psc-hostname>/threathunter/feedmgr/v1/feed/(feed_id)
Responses
Code |
Description |
Content-Type |
Content |
204 |
Feed Deleted |
: |
None |
400 |
Unknown feed |
: |
None |
Get Feed Info
Retrieve feed info metadata for feed with feed_id
. This feed must be owned by the caller.
Request
GET <psc-hostname>/threathunter/feedmgr/v1/feed/(feed_id)/feedinfo
Responses
Code |
Description |
Content-Type |
Content |
200 |
Feed Info |
application/json |
FeedInfo |
Update Feed Info
Update feed info metadata for feed with feed_id
. This feed must be owned by the caller.
Request
PUT <psc-hostname>/threathunter/feedmgr/v1/feed/(feed_id)/feedinfo
Content-Type |
Content |
application/json |
FeedInfo |
Responses
Code |
Description |
Content-Type |
Content |
200 |
Feed Info Updated |
application/json |
FeedInfo |
400 |
Invalid Feed Request |
: |
None |
Get Threat Reports
Retrieve all the reports for feed with feed_id
. Feed must be owned by the caller.
Request
GET <psc-hostname>/threathunter/feedmgr/v1/feed/(feed_id)/report
Responses
Code |
Description |
Content-Type |
Content |
200 |
Reports array |
application/json |
{“results”: [Report]} |
Replace Reports
Replace reports for feed ID. All IOCs will be converted to IOC_V2. Any existing reports not in the payload will be deleted. Feed must be owned by the caller.
Request
POST <psc-hostname>/threathunter/feedmgr/v1/feed/(feed_id)/report
Content-Type |
Content |
application/json |
{“reports”: [Report]} |
Responses
Code |
Description |
Content-Type |
Content |
200 |
Success |
application/json |
{“success”: boolean*} |
Get Report
Return report with report_id
for feed. Feed must be owned by the caller.
Request
GET <psc-hostname>/threathunter/feedmgr/v1/feed/(feed_id)/report/(report_id)
Responses
Code |
Description |
Content-Type |
Content |
200 |
Report |
application/json |
[Report] |
Update Report
Update report with report_id
for feed. All IOCs will be converted to IOC_V2. Feed must be owned by the caller.
Request
PUT <psc-hostname>/threathunter/feedmgr/v1/feed/(feed_id)/report/(report_id)
Content-Type |
Content |
application/json |
[Report] |
Responses
Code |
Description |
Content-Type |
Content |
200 |
Report |
application/json |
Report |
Delete report
Delete report with report_id
for feed . Feed must be owned by the caller.
Request
DELETE <psc-hostname>/threathunter/feedmgr/v1/feed/(feed_id)/report/(report_id)
Responses
Code |
Description |
Content-Type |
Content |
204 |
report deleted |
: |
None |
Convert Legacy Query
Convert CB Reponse query to ThreatHunter query. This will adjust field names and other syntax to match ThreatHunter Solr requirements.
Request
POST <psc-hostname>/threathunter/feedmgr/v1/query/translate
Legacy query
content-type |
content |
application/json |
{"query": str*}
|
Responses
Code |
Description |
Content-Type |
Content |
200 |
Translated query |
application/json |
{“query”: str*} |
400 |
Unable to convert query due to incompatible fields |
: |
None |
Definitions
NOTE: fields with a *
are required
FeedInfo
{"name": str*,
"owner": str*,
"provider_url": str*,
"summary": str*,
"category": str*,
"access": str*,
"id": str}
QueryIOC
{"index_type": str,
"search_query": str*}
IOCs
{"md5": [str],
"ipv4": [str],
"ipv6": [str],
"dns": [str],
"query": [QueryIOC]}
IOC_V2
{"id": str*,
"match_type": str*,
"values": [str]*,
"field": str,
"link": str}
Report
{"id": str*,
"timestamp": int*,
"title": str*,
"description": str*,
"severity": int*,
"link": str,
"tags": [str],
"iocs": IOCs,
"iocs_v2": [IOC_V2],
"visibility": str}
Feed
{"feedinfo": FeedInfo*,
"reports": [Report]*}