{ "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", "contentVersion": "1.0.0.0", "parameters": { "ConnectorName": { "defaultValue": "GoogleThreatIntelligence-CustomConnector", "type": "String", "metadata": { "description": "Google Threat Intelligence Custom Connector" } }, "BackendService": { "defaultValue": "https://www.virustotal.com/api/v3", "type": "String", "metadata": { "description": "Google Threat Intelligence API" } } }, "functions": [], "variables": {}, "resources": [ { "type": "Microsoft.Web/customApis", "apiVersion": "2016-06-01", "name": "[parameters('ConnectorName')]", "location": "[resourceGroup().location]", "properties": { "connectionParameters": { "api_key": { "type": "securestring" } }, "backendService": { "serviceUrl": "[parameters('BackendService')]" }, "capabilities": [], "brandColor": "#FFFFFF", "description": "This connector provides access to various Google Threat Intelligence API endpoints for retrieving file, IP, domain, and URL analysis reports.", "displayName": "[parameters('ConnectorName')]", "iconUri": "https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Logos/GoogleThreatIntelligence.svg", "swagger": { "swagger": "2.0", "info": { "title": "Google Threat Intelligence", "description": "This connector provides access to various Google Threat Intelligence API endpoints for retrieving file, IP, domain, and URL analysis reports.", "version": "1.0", "contact": { "name": "Google Threat Intelligence", "url": "https://www.virustotal.com/gui/contact-us/support" } }, "x-ms-connector-metadata": [ { "propertyName": "Website", "propertyValue": "https://www.virustotal.com" }, { "propertyName": "Privacy policy", "propertyValue": "https://virustotal.readme.io/docs/historic-privacy-policy" }, { "propertyName": "Categories", "propertyValue": "Data" } ], "host": "www.virustotal.com", "basePath": "/api/v3", "schemes": [ "https" ], "consumes": [], "produces": [], "parameters": { "x-tool": { "name": "x-tool", "in": "header", "type": "string", "required": true, "default": "MSFTSentinel", "x-ms-summary": "Tool Header", "x-ms-visibility": "internal", "description": "Header to identify requests" } }, "paths": { "/files/{id}": { "get": { "summary": "Get File Report", "description": "Retrieve detailed analysis report for a specific file by its ID.", "responses": { "200": { "description": "OK", "schema": { "type": "object", "properties": { "data": { "type": "object", "properties": { "id": { "type": "string", "description": "The unique identifier (SHA-256 hash) of the file." }, "type": { "type": "string", "description": "The type of object being analyzed (in this case, \"file\")." }, "links": { "type": "object", "properties": { "self": { "type": "string", "description": "The URL to retrieve this file's report." } }, "description": "Links to related resources." }, "attributes": { "type": "object", "properties": { "type_extension": { "type": "string", "description": "The file extension (if available)." }, "times_submitted": { "type": "integer", "format": "int32", "description": "The number of times this file has been submitted to Google Threat Intelligence." }, "meaningful_name": { "type": "string", "description": "A human-readable name for the file (if available)." }, "sha1": { "type": "string", "description": "The SHA-1 hash of the file." }, "magic": { "type": "string", "description": "A textual description of the file type, as determined by libmagic." }, "total_votes": { "type": "object", "properties": { "harmless": { "type": "integer", "format": "int32", "description": "The number of votes classifying this file as harmless.", "title": "total votes harmless" }, "malicious": { "type": "integer", "format": "int32", "description": "The number of votes classifying this file as malicious.", "title": "total votes malicious" } }, "description": "Aggregated votes from the community." }, "type_tag": { "type": "string", "description": "A high-level categorization of the file type (e.g., \"PE executable\", \"PDF document\")." }, "last_analysis_stats": { "type": "object", "properties": { "malicious": { "type": "integer", "format": "int32", "description": "The number of antivirus engines that detected the file as malicious in the latest analysis.", "title": "last analysis malicious" }, "suspicious": { "type": "integer", "format": "int32", "description": "The number of antivirus engines that detected the file as suspicious in the latest analysis.", "title": "last analysis suspicious" }, "undetected": { "type": "integer", "format": "int32", "description": "The number of antivirus engines that did not detect any threats in the file in the latest analysis.", "title": "last analysis undetected" }, "harmless": { "type": "integer", "format": "int32", "description": "The number of antivirus engines that explicitly classified the file as harmless in the latest analysis.", "title": "last analysis harmless" }, "timeout": { "type": "integer", "format": "int32", "description": "The number of antivirus engines that timed out during the latest analysis.", "title": "last analysis timeout" }, "confirmed-timeout": { "type": "integer", "format": "int32", "description": "The number of antivirus engines that experienced a confirmed timeout during the latest analysis.", "title": "last analysis confirmed-timeout" }, "failure": { "type": "integer", "format": "int32", "description": "The number of antivirus engines that encountered an error during the latest analysis.", "title": "last analysis failure" }, "type-unsupported": { "type": "integer", "format": "int32", "description": "The number of antivirus engines that do not support the analysis of this file type.", "title": "last analysis type-unsupported" } }, "description": "Statistics from the latest analysis." }, "ssdeep": { "type": "string", "description": "The ssdeep fuzzy hash of the file, used for similarity comparison." }, "type_description": { "type": "string", "description": "A more detailed description of the file type (e.g., \"Microsoft Word Document\")." }, "tlsh": { "type": "string", "description": "The TLSH fuzzy hash of the file, used for similarity comparison." }, "reputation": { "type": "integer", "format": "int32", "description": "The reputation score of the file, calculated based on various factors." }, "sha256": { "type": "string", "description": "The SHA-256 hash of the file." }, "unique_sources": { "type": "integer", "format": "int32", "description": "The number of unique sources from which this file has been submitted." }, "names": { "type": "array", "items": { "type": "string" }, "description": "A list of names associated with the file." }, "tags": { "type": "array", "items": { "type": "string" }, "description": "Tags associated with the file, providing additional context or categorization." }, "last_submission_date": { "type": "integer", "format": "int32", "description": "The Unix timestamp of the last time this file was submitted to Google Threat Intelligence." }, "last_modification_date": { "type": "integer", "format": "int32", "description": "The Unix timestamp of the last modification date of the file (if available)." }, "size": { "type": "integer", "format": "int32", "description": "The size of the file in bytes." }, "md5": { "type": "string", "description": "The MD5 hash of the file." }, "gti_assessment": { "type": "object", "properties": { "severity": { "type": "object", "properties": { "value": { "type": "string", "description": "The severity level assigned by Google Threat Intelligence's GTI (e.g., \"SEVERITY_NONE\", \"SEVERITY_LOW\", etc.).", "title": "severity" } }, "description": "The severity assessment of the file." }, "threat_score": { "type": "object", "properties": { "value": { "type": "integer", "format": "int32", "description": "The threat score assigned by Google Threat Intelligence's GTI, indicating the likelihood of the file being malicious.", "title": "threat score" } }, "description": "The threat score assessment of the file." }, "verdict": { "type": "object", "properties": { "value": { "type": "string", "description": "The overall verdict of the file's analysis by Google Threat Intelligence's GTI (e.g., \"VERDICT_UNDETECTED\", \"VERDICT_MALICIOUS\", etc.).", "title": "verdict" } }, "description": "The overall verdict of the file's analysis." }, "description": { "type": "string", "description": "A textual description of the GTI assessment." } }, "description": "GTI's (Google Threat Intelligence) assessment of the file." } }, "description": "Attributes and metadata associated with the file." } }, "description": "Data containing the file report." } } } }, "default": { "description": "default" } }, "operationId": "get_file", "parameters": [ { "name": "id", "in": "path", "required": true, "type": "string", "x-ms-summary": "File ID", "description": "Hash value of the file", "x-ms-url-encoding": "single" }, { "$ref": "#/parameters/x-tool" } ] } }, "/ip_addresses/{ip}": { "get": { "summary": "Get IP Report", "description": "Retrieve analysis and reputation information about a specific IP address.", "responses": { "200": { "description": "OK", "schema": { "type": "object", "properties": { "data": { "type": "object", "properties": { "id": { "type": "string", "description": "The unique identifier for this IP address report." }, "type": { "type": "string", "description": "The type of object represented." }, "links": { "type": "object", "properties": { "self": { "type": "string", "description": "The URL to retrieve this IP address report." } }, "description": "Links to related resources." }, "attributes": { "type": "object", "properties": { "asn": { "type": "integer", "format": "int32", "description": "The Autonomous System Number (ASN) associated with the IP address." }, "network": { "type": "string", "description": "The network or CIDR block the IP address belongs to." }, "last_https_certificate_date": { "type": "integer", "format": "int32", "description": "The date of the last HTTPS certificate seen for this IP address (Unix timestamp)." }, "country": { "type": "string", "description": "The country associated with the IP address." }, "as_owner": { "type": "string", "description": "The name of the organization that owns the ASN associated with the IP address." }, "reputation": { "type": "integer", "format": "int32", "description": "The reputation score of the IP address (-100 to 100)." }, "total_votes": { "type": "object", "properties": { "harmless": { "type": "integer", "format": "int32", "description": "The number of votes classifying the IP address as harmless.", "title": "total votes harmless" }, "malicious": { "type": "integer", "format": "int32", "description": "The number of votes classifying the IP address as malicious.", "title": "total votes malicious" } }, "description": "The breakdown of votes on the IP address's maliciousness." }, "whois": { "type": "string", "description": "The raw WHOIS data for the IP address." }, "tags": { "type": "array", "items": {}, "description": "Tags associated with the IP address based on community analysis." }, "last_analysis_stats": { "type": "object", "properties": { "malicious": { "type": "integer", "format": "int32", "description": "The number of engines that detected the IP address as malicious.", "title": "last analysis malicious" }, "suspicious": { "type": "integer", "format": "int32", "description": "The number of engines that detected the IP address as suspicious.", "title": "last analysis suspicious" }, "undetected": { "type": "integer", "format": "int32", "description": "The number of engines that did not detect the IP address as malicious or suspicious.", "title": "last analysis undetected" }, "harmless": { "type": "integer", "format": "int32", "description": "The number of engines that detected the IP address as harmless.", "title": "last analysis harmless" }, "timeout": { "type": "integer", "format": "int32", "description": "The number of engines that timed out during the analysis of the IP address.", "title": "last analysis timeout" } }, "description": "Statistics from the last analysis of the IP address." }, "whois_date": { "type": "integer", "format": "int32", "description": "The date the WHOIS data was last updated." }, "regional_internet_registry": { "type": "string", "description": "The Regional Internet Registry (RIR) responsible for the IP address." }, "last_modification_date": { "type": "integer", "format": "int32", "description": "The date the IP address report was last modified." }, "continent": { "type": "string", "description": "The continent where the IP address is located." }, "gti_assessment": { "type": "object", "properties": { "severity": { "type": "object", "properties": { "value": { "type": "string", "description": "The severity level assigned by GTI.", "title": "severity" } }, "description": "The severity level assigned by GTI." }, "threat_score": { "type": "object", "properties": { "value": { "type": "integer", "format": "int32", "description": "The threat score assigned by GTI (0-100).", "title": "threat score" } }, "description": "The threat score assigned by GTI (0-100)." }, "verdict": { "type": "object", "properties": { "value": { "type": "string", "description": "The overall verdict from GTI.", "title": "verdict" } }, "description": "The overall verdict from GTI." }, "contributing_factors": { "type": "object", "properties": { "mandiant_confidence_score": { "type": "integer", "format": "int32", "description": "The confidence score assigned by Mandiant (0-100)." }, "normalised_categories": { "type": "array", "items": { "type": "string" }, "description": "Normalized categories associated with the IP address." }, "pervasive_indicator": { "type": "boolean", "description": "Indicates if the IP address is a pervasive indicator." }, "safebrowsing_verdict": { "type": "string", "description": "The verdict from Google Safe Browsing." } }, "description": "Factors contributing to the GTI assessment." }, "description": { "type": "string", "description": "A description of the GTI assessment." } }, "description": "Google Threat Intelligence (GTI) assessment of the IP address." } }, "description": "attributes" } }, "description": "data" } } } }, "default": { "description": "default" } }, "operationId": "get_ip", "parameters": [ { "name": "ip", "in": "path", "required": true, "type": "string", "x-ms-summary": "Ip address", "description": "Ip address to obtain the report", "x-ms-url-encoding": "single" }, { "$ref": "#/parameters/x-tool" } ] } }, "/domains/{id}": { "get": { "summary": "Get Domain Report", "description": "Retrieve analysis and reputation information about a specific domain.", "responses": { "200": { "description": "OK", "schema": { "type": "object", "properties": { "data": { "type": "object", "properties": { "id": { "type": "string", "description": "The id of the domain" }, "type": { "type": "string", "description": "The type of the domain" }, "links": { "type": "object", "properties": { "self": { "type": "string", "description": "The url to retrieve this domain report." } }, "description": "links to related resources." }, "attributes": { "type": "object", "properties": { "total_votes": { "type": "object", "properties": { "harmless": { "type": "integer", "format": "int32", "description": "The count of votes indicating the domain is safe.", "title": "total votes harmless" }, "malicious": { "type": "integer", "format": "int32", "description": "The count of votes suggesting the domain is harmful.", "title": "total votes malicious" } }, "description": "his object provides a summary of community votes regarding the domain's potential maliciousness." }, "reputation": { "type": "integer", "format": "int32", "description": "A numerical score ranging from -100 to 100, reflecting the domain's overall reputation based on various factors." }, "whois": { "type": "string", "description": "The raw WHOIS data associated with the domain, containing registration details and contact information." }, "last_https_certificate_date": { "type": "integer", "format": "int32", "description": "The Unix timestamp indicating when the last HTTPS certificate for this domain was observed." }, "last_dns_records_date": { "type": "integer", "format": "int32", "description": "The Unix timestamp representing the last time DNS records were fetched for this domain." }, "registrar": { "type": "string", "description": "The entity responsible for registering the domain name." }, "last_modification_date": { "type": "integer", "format": "int32", "description": "The Unix timestamp showing when the domain report was last updated." }, "creation_date": { "type": "integer", "format": "int32", "description": "The Unix timestamp marking the domain's initial registration date." }, "tags": { "type": "array", "items": {}, "description": "An array of tags assigned to the domain based on community analysis and observations." }, "last_update_date": { "type": "integer", "format": "int32", "description": "The Unix timestamp indicating the most recent update to the domain's information." }, "last_analysis_stats": { "type": "object", "properties": { "malicious": { "type": "integer", "format": "int32", "description": "The number of analysis engines flagging the domain as malicious.", "title": "last analysis malicious" }, "suspicious": { "type": "integer", "format": "int32", "description": "The count of engines raising suspicion about the domain.", "title": "last analysis suspicious" }, "undetected": { "type": "integer", "format": "int32", "description": "The number of engines that didn't detect any malicious or suspicious activity.", "title": "last analysis undetected" }, "harmless": { "type": "integer", "format": "int32", "description": "The count of engines explicitly classifying the domain as safe.", "title": "last analysis harmless" }, "timeout": { "type": "integer", "format": "int32", "description": "The number of engines that timed out during the analysis.", "title": "last analysis timeout" } }, "description": "Statistics derived from the latest analysis of the domain." }, "gti_assessment": { "type": "object", "properties": { "severity": { "type": "object", "properties": { "value": { "type": "string", "description": "The severity level assigned by GTI.", "title": "severity" } }, "description": "The severity level assigned by GTI." }, "threat_score": { "type": "object", "properties": { "value": { "type": "integer", "format": "int32", "description": "The threat score assigned by GTI (0-100).", "title": "threat score" } }, "description": "The threat score assigned by GTI (0-100)." }, "verdict": { "type": "object", "properties": { "value": { "type": "string", "description": "The overall verdict from GTI.", "title": "verdict" } }, "description": "The overall verdict from GTI." }, "contributing_factors": { "type": "object", "properties": { "mandiant_confidence_score": { "type": "integer", "format": "int32", "description": "The confidence score assigned by Mandiant (0-100)." }, "normalised_categories": { "type": "array", "items": { "type": "string" }, "description": "Normalized categories associated with the IP address." }, "pervasive_indicator": { "type": "boolean", "description": "Indicates if the IP address is a pervasive indicator." }, "safebrowsing_verdict": { "type": "string", "description": "The verdict from Google Safe Browsing." } }, "description": "Factors contributing to the GTI assessment." }, "description": { "type": "string", "description": "A description of the GTI assessment." } }, "description": "Google Threat Intelligence (GTI) assessment of the IP address." } }, "description": "attributes" } }, "description": "data" } } } }, "default": { "description": "default" } }, "operationId": "get_domain", "parameters": [ { "name": "id", "in": "path", "required": true, "type": "string", "x-ms-summary": "Domain name", "description": "Domain to obtain the report", "x-ms-url-encoding": "single" }, { "$ref": "#/parameters/x-tool" } ] } }, "/urls/{id}": { "get": { "summary": "Get URL Report", "description": "Retrieve analysis and reputation information about a specific URL.", "responses": { "200": { "description": "OK", "schema": { "type": "object", "properties": { "data": { "type": "object", "properties": { "id": { "type": "string", "description": "The id of the url" }, "type": { "type": "string", "description": "The type of object being analyzed" }, "links": { "type": "object", "properties": { "self": { "type": "string", "description": "Url to retrieve this url report" } }, "description": "Links to related resources" }, "attributes": { "type": "object", "properties": { "last_final_url": { "type": "string", "description": "The final URL after any redirects." }, "total_votes": { "type": "object", "properties": { "harmless": { "type": "integer", "format": "int32", "description": "Number of votes indicating the URL is safe.", "title": "total votes harmless" }, "malicious": { "type": "integer", "format": "int32", "description": "Number of votes indicating the URL is harmful.", "title": "total votes malicious" } }, "description": "The breakdown of votes from the Google Threat Intelligence community on whether the URL is considered harmless or malicious." }, "tags": { "type": "array", "items": {}, "description": "Community-assigned tags providing additional context or categorization for the URL." }, "times_submitted": { "type": "integer", "format": "int32", "description": "The total number of times this URL has been submitted to Google Threat Intelligence for analysis." }, "last_modification_date": { "type": "integer", "format": "int32", "description": "The date (in Unix timestamp format) when the URL report was last modified." }, "reputation": { "type": "integer", "format": "int32", "description": "A score ranging from -100 to 100, representing the URL's reputation based on various factors and community assessments." }, "last_analysis_date": { "type": "integer", "format": "int32", "description": "The date (in Unix timestamp format) when the last analysis of the URL was performed." }, "last_analysis_stats": { "type": "object", "properties": { "malicious": { "type": "integer", "format": "int32", "description": "The number of engines that detected the URL as malicious.", "title": "last analysis malicious" }, "suspicious": { "type": "integer", "format": "int32", "description": "The number of engines that flagged the URL as suspicious.", "title": "last analysis suspicious" }, "undetected": { "type": "integer", "format": "int32", "description": "The number of engines that did not detect any threats in the URL.", "title": "last analysis undetected" }, "harmless": { "type": "integer", "format": "int32", "description": "The number of engines that explicitly classified the URL as harmless.", "title": "last analysis harmless" }, "timeout": { "type": "integer", "format": "int32", "description": "The number of engines that timed out during the analysis.", "title": "last analysis timeout" } }, "description": "A summary of the results from the most recent analysis of the URL by different antivirus engines." }, "last_submission_date": { "type": "integer", "format": "int32", "description": "he date (in Unix timestamp format) when the URL was last submitted for analysis." }, "url": { "type": "string", "description": "The actual URL that was analyzed." }, "first_submission_date": { "type": "integer", "format": "int32", "description": "The date (in Unix timestamp format) of the very first time this URL was submitted to Google Threat Intelligence." }, "title": { "type": "string", "description": "The title or webpage name extracted from the URL" }, "gti_assessment": { "type": "object", "properties": { "severity": { "type": "object", "properties": { "value": { "type": "string", "description": "The severity level assigned by GTI.", "title": "severity" } }, "description": "The severity level assigned by GTI." }, "threat_score": { "type": "object", "properties": { "value": { "type": "integer", "format": "int32", "description": "The threat score assigned by GTI (0-100).", "title": "threat score" } }, "description": "The threat score assigned by GTI (0-100)." }, "verdict": { "type": "object", "properties": { "value": { "type": "string", "description": "The overall verdict from GTI.", "title": "verdict" } }, "description": "The overall verdict from GTI." }, "contributing_factors": { "type": "object", "properties": { "mandiant_confidence_score": { "type": "integer", "format": "int32", "description": "The confidence score assigned by Mandiant (0-100)." }, "normalised_categories": { "type": "array", "items": { "type": "string" }, "description": "Normalized categories associated with the IP address." }, "pervasive_indicator": { "type": "boolean", "description": "Indicates if the IP address is a pervasive indicator." }, "safebrowsing_verdict": { "type": "string", "description": "The verdict from Google Safe Browsing." } }, "description": "Factors contributing to the GTI assessment." }, "description": { "type": "string", "description": "A description of the GTI assessment." } }, "description": "Google Threat Intelligence (GTI) assessment of the IP address." } }, "description": "attributes" } }, "description": "data" } } } }, "default": { "description": "default" } }, "operationId": "get_url", "parameters": [ { "name": "id", "in": "path", "required": true, "type": "string", "x-ms-summary": "URL id", "description": "URL id to obtain the report", "x-ms-url-encoding": "single" }, { "$ref": "#/parameters/x-tool" } ] } }, "/files/": { "post": { "summary": "Upload File", "description": "Upload a file for analysis.", "consumes": [ "multipart/form-data" ], "parameters": [ { "in": "formData", "name": "file", "description": "The file to upload for analysis", "required": true, "type": "file", "x-ms-summary": "File" }, { "$ref": "#/parameters/x-tool" } ], "responses": { "default": { "description": "default", "schema": {} } }, "operationId": "post_file" } }, "/analyses/{id}": { "get": { "summary": "Retrieve information about a file or URL analysis", "description": "Get the status and results of a file or URL analysis.", "responses": { "200": { "description": "OK", "schema": { "type": "object", "properties": { "data": { "type": "object", "properties": { "id": { "type": "string", "description": "The unique identifier for this analysis request." }, "type": { "type": "string", "description": "Indicates the type of analysis performed, either \"file\" or \"url\"." }, "links": { "type": "object", "properties": { "self": { "type": "string", "description": "The URL to retrieve the analysis information itself." }, "item": { "type": "string", "description": "The URL to access the analyzed file or URL." } }, "description": "Provides URLs related to the analysis." }, "attributes": { "type": "object", "properties": { "stats": { "type": "object", "properties": { "malicious": { "type": "integer", "format": "int32", "description": "The number of engines that flagged the item as malicious." }, "suspicious": { "type": "integer", "format": "int32", "description": "The number of engines that flagged the item as malicious." }, "undetected": { "type": "integer", "format": "int32", "description": "The number of engines that didn't detect any threats." }, "harmless": { "type": "integer", "format": "int32", "description": "The number of engines that explicitly classified the item as harmless." }, "timeout": { "type": "integer", "format": "int32", "description": "The number of engines that timed out during the analysis." }, "confirmed-timeout": { "type": "integer", "format": "int32", "description": "The number of engines that experienced a confirmed timeout." }, "failure": { "type": "integer", "format": "int32", "description": "The number of engines that encountered an error during analysis." }, "type-unsupported": { "type": "integer", "format": "int32", "description": "The number of engines that don't support analyzing this type of item." } }, "description": "Summarizes the detection results from various antivirus engines." }, "date": { "type": "integer", "format": "int32", "description": "The date (in Unix timestamp format) when the analysis was completed." }, "status": { "type": "string", "description": "The current status of the analysis." } }, "description": "attributes" } }, "description": "data" } } } }, "default": { "description": "default" } }, "operationId": "retrieve_url_file", "parameters": [ { "name": "id", "in": "path", "required": true, "type": "string", "x-ms-summary": "Id of the analysis", "description": "Analysis id to obtain the report", "x-ms-url-encoding": "single" }, { "$ref": "#/parameters/x-tool" } ] } }, "/urls": { "post": { "summary": "Analyse URL", "description": "Submit a URL for analysis.", "consumes": [ "multipart/form-data" ], "responses": { "200": { "description": "OK", "schema": { "type": "object", "properties": { "data": { "type": "object", "properties": { "type": { "type": "string", "description": "type" }, "id": { "type": "string", "description": "id" } }, "description": "data" } } } }, "default": { "description": "default" } }, "operationId": "analyze_url", "parameters": [ { "name": "url", "in": "formData", "required": true, "type": "string", "description": "URL to scan", "x-ms-summary": "URL", "x-ms-url-encoding": "single" }, { "$ref": "#/parameters/x-tool" } ] } }, "/threat_lists/{category}/{timestamp}": { "get": { "summary": "Get threat list", "description": "Obtain list of threats given the category of the threats and the timestamp of the desired hour.", "responses": { "200": { "description": "default", "schema": { "type": "object", "properties": { "sourcesystem": { "type": "string", "description": "sourcesystem" }, "indicators": { "type": "array", "items": { "type": "object", "properties": { "spec_version": { "type": "string", "description": "spec_version" }, "created_by_ref": { "type": "string", "description": "created_by_ref" }, "id": { "type": "string", "description": "id" }, "type": { "type": "string", "description": "type" }, "created": { "type": "string", "description": "created" }, "modified": { "type": "string", "description": "modified" }, "name": { "type": "string", "description": "name" }, "valid_from": { "type": "string", "description": "valid_from" }, "pattern_type": { "type": "string", "description": "pattern_type" }, "pattern": { "type": "string", "description": "pattern" }, "extensions": { "type": "object", "properties": { "entension-definition--d4ff44e6-a017-5b6d-ac64-3d18ba052642": { "type": "object", "properties": { "verdict": { "type": "object", "properties": { "value": { "type": "string", "description": "value" } }, "description": "verdict" }, "threat_score": { "type": "object", "properties": { "value": { "type": "integer", "format": "int32", "description": "value" } }, "description": "threat_score" }, "severity": { "type": "object", "properties": { "value": { "type": "string", "description": "value" } }, "description": "severity" } }, "description": "entension-definition--d4ff44e6-a017-5b6d-ac64-3d18ba052642" } }, "description": "extensions" } } }, "description": "indicators" } } } }, "default": { "description": "default" } }, "operationId": "get_threat_list", "parameters": [ { "name": "category", "in": "path", "required": true, "type": "string", "x-ms-summary": "category", "description": "Name of the category", "x-ms-url-encoding": "single" }, { "name": "timestamp", "in": "path", "required": true, "type": "string", "x-ms-summary": "timestamp", "description": "Timestamp in format YYYYMMDDHH", "x-ms-url-encoding": "single" }, { "name": "format", "in": "query", "required": false, "type": "string", "default": "stix-sentinel-api", "x-ms-visibility": "internal", "x-ms-summary": "format", "description": "Format of the response" }, { "$ref": "#/parameters/x-tool" } ] } }, "/ioc_stream": { "get": { "summary": "Get IoC Stream list", "description": "Obtain list of threats given the source and the timestamp of the desired hour.", "responses": { "200": { "description": "default", "schema": { "type": "object", "properties": { "type": { "type": "string", "description": "type" }, "id": { "type": "string", "description": "id" }, "objects": { "type": "array", "items": { "type": "object", "properties": { "spec_version": { "type": "string", "description": "spec_version" }, "created_by_ref": { "type": "string", "description": "created_by_ref" }, "id": { "type": "string", "description": "id" }, "type": { "type": "string", "description": "type" }, "created": { "type": "string", "description": "created" }, "modified": { "type": "string", "description": "modified" }, "name": { "type": "string", "description": "name" }, "valid_from": { "type": "string", "description": "valid_from" }, "pattern_type": { "type": "string", "description": "pattern_type" }, "pattern": { "type": "string", "description": "pattern" }, "extensions": { "type": "object", "properties": { "entension-definition--d4ff44e6-a017-5b6d-ac64-3d18ba052642": { "type": "object", "properties": { "verdict": { "type": "object", "properties": { "value": { "type": "string", "description": "value" } }, "description": "verdict" }, "threat_score": { "type": "object", "properties": { "value": { "type": "integer", "format": "int32", "description": "value" } }, "description": "threat_score" }, "severity": { "type": "object", "properties": { "value": { "type": "string", "description": "value" } }, "description": "severity" } }, "description": "entension-definition--d4ff44e6-a017-5b6d-ac64-3d18ba052642" } }, "description": "extensions" } } }, "description": "indicators" }, "extensions": { "type": "object", "description": "extensions", "properties": { "extension-definition--e0e2bd88-8e87-52d5-b822-3fdd60918598": { "type": "object", "description": "extensions-definition", "properties": { "meta": { "type": "object", "description": "meta", "properties": { "cursor": { "type": "string", "description": "Current cursor" }, "next": { "type": "string", "description": "Next url" } } } } } } } } } }, "default": { "description": "default" } }, "operationId": "get_ioc_stream", "parameters": [ { "name": "filter", "in": "query", "required": true, "type": "string", "x-ms-summary": "filter", "description": "Filter to the ioc stream search" }, { "name": "cursor", "in": "query", "required": false, "type": "string", "x-ms-summary": "cursor", "description": "Cursor to the next batch of iocs" }, { "name": "output_format", "in": "query", "required": true, "type": "string", "default": "stix", "x-ms-visibility": "internal", "x-ms-summary": "output_format", "description": "Format of the response" }, { "$ref": "#/parameters/x-tool" } ] } } }, "definitions": {}, "responses": {}, "securityDefinitions": { "api_key": { "type": "apiKey", "in": "header", "name": "x-apikey" } }, "security": [ { "api_key": [] } ], "tags": [] } } } ], "outputs": {} }