-
Notifications
You must be signed in to change notification settings - Fork 30
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Showing
11 changed files
with
556 additions
and
5 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,3 +1,13 @@ | ||
nav: | ||
- create.md | ||
- update.md | ||
- update.md | ||
- get.md | ||
- list.md | ||
- run-responder.md | ||
- responder-jobs.md | ||
- create-log.md | ||
- delete-lod.md | ||
- log-run-responder.md | ||
- log-responder-jobs.md | ||
- logs.md | ||
- waiting-tasks.md |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,84 @@ | ||
# Add log | ||
|
||
Add a *Log* to an existing task (requires `manageTask` permission). | ||
|
||
## Query | ||
|
||
```plain | ||
POST /api/case/task/{id}/log | ||
``` | ||
|
||
With: | ||
|
||
- `id`: Task identifier | ||
|
||
## Request Body Example | ||
|
||
!!! Example "" | ||
|
||
```json | ||
{ | ||
"message": "The sandbox hasn't detected any suspicious activity", | ||
"startDate": 1630683608000, | ||
} | ||
``` | ||
|
||
The only required field is `message`. | ||
|
||
|
||
If you want to attach a file to the log, you need to use a multipart request | ||
|
||
!!! Example "" | ||
|
||
|
||
``` | ||
curl -XPOST http://THEHIVE/api/v0/case/task/{taskId}/log -F [email protected] -F _json=' | ||
{ | ||
"message": "The sandbox report" | ||
} | ||
' | ||
``` | ||
|
||
## Response | ||
|
||
### Status codes | ||
|
||
- `201`: if *Log* is created successfully | ||
- `401`: Authentication error | ||
- `403`: Authorization error | ||
|
||
### Response Body Example | ||
|
||
!!! Example "" | ||
|
||
=== "201" | ||
|
||
```json | ||
{ | ||
"id": "~4264", | ||
"_id": "~4264", | ||
"createdBy": "[email protected]", | ||
"createdAt": 1630684502715, | ||
"_type": "case_taskçlog", | ||
"message": "The sandbox hasn't detected any suspicious activity", | ||
"startDate": 1630683608000 | ||
} | ||
``` | ||
|
||
=== "401" | ||
|
||
```json | ||
{ | ||
"type": "AuthenticationError", | ||
"message": "Authentication failure" | ||
} | ||
``` | ||
|
||
=== "403" | ||
|
||
```json | ||
{ | ||
"type": "AuthorizationError", | ||
"message": "Your are not authorized to create Log, you haven't the permission manageTask" | ||
} | ||
``` |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,21 @@ | ||
# Add log | ||
|
||
Add a *Log* to an existing task (requires `manageTask` permission). | ||
|
||
## Query | ||
|
||
```plain | ||
DELETE /api/case/task/log/{id} | ||
``` | ||
|
||
With: | ||
|
||
- `id`: Log identifier | ||
|
||
## Response | ||
|
||
### Status codes | ||
|
||
- `204`: if *Log* is created successfully | ||
- `401`: Authentication error | ||
- `403`: Authorization error |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,65 @@ | ||
# List | ||
|
||
List *Task*s of a case. | ||
|
||
## Query | ||
|
||
```plain | ||
GET /api/case/task/{id} | ||
``` | ||
|
||
with: | ||
|
||
- `id`: id of the task. | ||
|
||
## Response | ||
|
||
### Status codes | ||
|
||
- `200`: if query is run successfully | ||
- `401`: Authentication error | ||
- `404`: The *Task* is not found | ||
|
||
### ResponseBody Example | ||
|
||
!!! Example "" | ||
|
||
=== "201" | ||
|
||
```json | ||
{ | ||
"id": "~4264", | ||
"_id": "~4264", | ||
"createdBy": "[email protected]", | ||
"createdAt": 1630684502715, | ||
"_type": "case_task", | ||
"title": "Malware analysis", | ||
"group": "identification", | ||
"description": "Analysis of the file to identify the malware", | ||
"owner": "[email protected]", | ||
"status": "InProgress", | ||
"flag": false, | ||
"startDate": 1630683608000, | ||
"endDate": 1630684608000, | ||
"order": 3, | ||
"dueDate": 1630694608000 | ||
} | ||
``` | ||
|
||
=== "401" | ||
|
||
```json | ||
{ | ||
"type": "AuthenticationError", | ||
"message": "Authentication failure" | ||
} | ||
``` | ||
|
||
=== "404" | ||
|
||
```json | ||
{ | ||
"type": "AuthenticationError", | ||
"message": "Task not found" | ||
} | ||
``` |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,54 @@ | ||
# List responder actions | ||
|
||
List actions run on a log. | ||
|
||
## Query | ||
|
||
```plain | ||
GET /api/connector/cortex/action/case_task_log/{id} | ||
``` | ||
|
||
With: | ||
|
||
- `id`: Log identifier | ||
|
||
## Response | ||
|
||
### Status codes | ||
|
||
- `200`: if query is run successfully | ||
- `401`: Authentication error | ||
|
||
### Response Body Example | ||
|
||
!!! Example "" | ||
|
||
=== "200" | ||
|
||
```json | ||
[ | ||
{ | ||
"responderId": "25dcbbb69d50dd5a5ae4bd55f4ca5903", | ||
"responderName": "reponderName_1_0", | ||
"responderDefinition": "reponderName_1_0", | ||
"cortexId": "local-cortex", | ||
"cortexJobId": "408-unsB3SwW9-eEPXXW", | ||
"objectType": "Log", | ||
"objectId": "~25313328", | ||
"status": "Success", | ||
"startDate": 1630917246993, | ||
"endDate": 1630917254406, | ||
"operations": "[]", | ||
"report": "{\"summary\":{\"taxonomies\":[]},\"full\":null,\"success\":true,\"artifacts\":[],\"operations\":[],\\\"message\\\":\\\"Ok\\\",\\\"parameters\\\":{\\\"organisation\\\":\\\"StrangeBee\\\",\\\"user\\\":\\\"[email protected]\\\"},\\\"config\\\":{\\\"proxy_https\\\":null,\\\"cacerts\\\":null,\\\"check_tlp\\\":false,\\\"max_tlp\\\":2,\\\"check_pap\\\":false,\\\"max_pap\\\":2,\\\"jobTimeout\\\":30,\\\"proxy_http\\\":null}}\"}" | ||
} | ||
] | ||
``` | ||
|
||
=== "401" | ||
|
||
```json | ||
{ | ||
"type": "AuthenticationError", | ||
"message": "Authentication failure" | ||
} | ||
``` |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,82 @@ | ||
# Run responder | ||
|
||
Run a responder on a *Log* (requires `manageAction` permission). | ||
|
||
## Query | ||
|
||
```plain | ||
POST /api/connector/cortex/action | ||
``` | ||
|
||
## Request Body Example | ||
|
||
!!! Example "" | ||
|
||
```json | ||
{ | ||
"responderId": "25dcbbb69d50dd5a5ae4bd55f4ca5903", | ||
"cortexId": "local-cortex", | ||
"objectType": "case_task_log", | ||
"objectId": "~11123" | ||
} | ||
``` | ||
|
||
The required fields are `responderId`, `objectType` and `objectId`. | ||
|
||
## Response | ||
|
||
### Status codes | ||
|
||
- `201`: if responder is started successfully | ||
- `401`: Authentication error | ||
- `403`: Authorization error | ||
- `404`: Log is not found | ||
|
||
### Response Body Example | ||
|
||
!!! Example "" | ||
|
||
=== "201" | ||
|
||
```json | ||
{ | ||
"responderId": "25dcbbb69d50dd5a5ae4bd55f4ca5903", | ||
"responderName": "reponderName_1_0", | ||
"responderDefinition": "reponderName_1_0", | ||
"cortexId": "local-cortex", | ||
"cortexJobId": "408-unsB3SwW9-eEPXXW", | ||
"objectType": "Log", | ||
"objectId": "~25313328", | ||
"status": "Waiting", | ||
"startDate": 1630917246993, | ||
"operations": "[]", | ||
"report": "{}" | ||
} | ||
``` | ||
|
||
=== "401" | ||
|
||
```json | ||
{ | ||
"type": "AuthenticationError", | ||
"message": "Authentication failure" | ||
} | ||
``` | ||
|
||
=== "403" | ||
|
||
```json | ||
{ | ||
"type": "AuthorizationError", | ||
"message": "Your are not authorized to create action, you haven't the permission manageTask" | ||
} | ||
``` | ||
|
||
=== "404" | ||
|
||
```json | ||
{ | ||
"type": "AuthenticationError", | ||
"message": "Log not found" | ||
} | ||
``` |
Oops, something went wrong.