API Documentation
Alert
Create Alert with files
Alert
Create Alert with files
The alert field should be a JSON string containing the alert data with the same fields as POST /alerts.
For adding observables, the observables field should be an array of observables with the following fields:
If a file needs to be uploaded:
- dataType: file
- attachment: {name of the file}
For all other observables type:
- dataType: {type of the observable}
- data: {data of the observable}
The file field should be an array of files to be uploaded and the names of files should match what was defined in the alert data.
---------------------------
Example of the alert field:
{
"title":"Test alert 1",
"description":"Test description 1",
"status": "open",
"count": 1,
"tinyId":"hij",
"severity": 1,
"customFields": {
"test1": "value1",
"test2": "value2"
},
"tlp": 3,
"pap": 3,
"type": "virus",
"source": "virusRef",
"sourceRef": "virusRefRef",
"observables": [
{"dataType": "file", "attachment": "log.txt"},
{"dataType": "ip", "data": "8.8.8.8"},
{"dataType": "file", "attachment": "definition.txt"}
]
}
POST
/
alerts-attachments
curl --request POST \
--url https://local.casebender.com:3000/api/alerts-attachments \
--header 'Content-Type: multipart/form-data' \
--header 'X-Api-Key: <api-key>' \
--form 'alert={
"title": "<string>",
"description": "",
"statusValue": "<string>",
"count": 1,
"severity": 2,
"type": "<string>",
"source": "<string>",
"sourceRef": "<string>",
"externalLink": "<string>",
"tlp": 2,
"pap": 2,
"customFields": {},
"teams": [
{
"id": "<string>"
}
],
"tags": [
{
"id": 123
}
],
"organizations": [
{
"id": "<string>"
}
],
"observables": [
{
"dataType": "<string>",
"data": "<string>",
"attachment": "<string>"
}
],
"assigneeId": "<string>",
"clientId": "<string>",
"clientName": "<string>"
}' \
--form 'file=[
"<any>"
]'{
"id": "<string>",
"tinyId": 123,
"title": "<string>",
"description": "<string>",
"statusValue": "<string>",
"status": {
"id": "<string>",
"stage": "New",
"label": "<string>",
"color": "<string>",
"value": "<string>",
"canDelete": true
},
"count": 123,
"severity": 123,
"type": "<string>",
"source": "<string>",
"sourceRef": "<string>",
"externalLink": "<string>",
"tlp": 123,
"pap": 123,
"customFields": {},
"createdAt": "<string>",
"updatedAt": "<string>",
"createdAtLabel": "<string>",
"updatedAtLabel": "<string>",
"severityColor": "<string>",
"severityLabel": "<string>",
"teams": [],
"tags": [],
"organizations": [],
"case": null,
"assignee": null,
"assigneeId": "<string>",
"createdById": "<string>",
"deletedAt": "<string>",
"observables": [],
"visibleToAllOrganizations": true,
"aiInsights": {
"resolutionQuality": 123,
"complianceScore": 123,
"recommendations": [
"<string>"
],
"timeToResolution": 123,
"riskScore": 123,
"category": "<string>",
"trendAnalysis": {
"trend": "increasing",
"confidence": 123
},
"similarCases": [
{
"id": "<string>",
"similarity": 123,
"resolution": "<string>"
}
],
"complianceImpact": {
"frameworks": [
"<string>"
],
"severity": "low",
"details": "<string>"
},
"threatIntel": {
"knownThreatActors": [
"<string>"
],
"relatedMalware": [
"<string>"
],
"iocPatterns": [
"<string>"
],
"riskLevel": "low",
"confidence": 123,
"ttps": [
"<string>"
],
"malwareFamily": "<string>",
"targetedSystems": [
"<string>"
],
"exploitationRisk": 123
},
"patternAnalysis": {
"behavioralPatterns": [
"<string>"
],
"anomalyScore": 123,
"relatedTechniques": [
"<string>"
],
"mitreAttackPaths": [
"<string>"
],
"automationPotential": 123,
"falsePositiveRisk": 123,
"lateralMovementRisk": 123
},
"businessImpact": {
"financialRisk": 123,
"reputationalRisk": 123,
"operationalRisk": 123,
"dataRisk": 123,
"overallImpact": "low",
"estimatedLoss": 123,
"recoveryTime": 123,
"affectedServices": [
"<string>"
]
},
"timeToDetect": 123,
"priorityScore": 123,
"mitreReference": "<string>",
"affectedAssets": [
"<string>"
],
"attackVector": "<string>",
"remediationSteps": [
"<string>"
],
"falsePositiveProbability": 123,
"relatedAlerts": [
{
"id": "<string>",
"type": "<string>",
"severity": 123
}
],
"securityPosture": {
"vulnerabilities": [
{
"id": "<string>",
"cve": "<string>",
"severity": "low",
"description": "<string>",
"remediation": "<string>"
}
],
"exposedServices": [
"<string>"
],
"patchStatus": "up-to-date",
"configurationIssues": [
"<string>"
]
},
"incidentResponse": {
"status": "new",
"assignedTo": "<string>",
"timeline": [
{
"timestamp": 123,
"action": "<string>",
"actor": "<string>"
}
],
"containmentStrategy": "<string>",
"evidenceCollected": [
"<string>"
]
},
"recommendationItems": [
{
"id": "<string>",
"type": "immediate",
"description": "<string>",
"priority": 123,
"status": "pending",
"implementationComplexity": "low",
"estimatedEffort": 123,
"dependencies": [
"<string>"
]
}
],
"processingStatus": "pending"
},
"primaryAlertId": "<string>"
}Authorizations
Body
multipart/form-data
Required range:
1 <= x <= 4Required range:
x > 0Required range:
0 <= x <= 4Required range:
0 <= x <= 4Response
200
application/json
Successful response
Required string length:
1Available options:
low, medium, high, critical Available options:
low, medium, high, critical Available options:
low, medium, high, critical Available options:
up-to-date, outdated, critical Available options:
new, investigating, contained, resolved Available options:
immediate, short-term, long-term Available options:
pending, accepted, rejected, implemented Available options:
low, medium, high Available options:
pending, completed, failed curl --request POST \
--url https://local.casebender.com:3000/api/alerts-attachments \
--header 'Content-Type: multipart/form-data' \
--header 'X-Api-Key: <api-key>' \
--form 'alert={
"title": "<string>",
"description": "",
"statusValue": "<string>",
"count": 1,
"severity": 2,
"type": "<string>",
"source": "<string>",
"sourceRef": "<string>",
"externalLink": "<string>",
"tlp": 2,
"pap": 2,
"customFields": {},
"teams": [
{
"id": "<string>"
}
],
"tags": [
{
"id": 123
}
],
"organizations": [
{
"id": "<string>"
}
],
"observables": [
{
"dataType": "<string>",
"data": "<string>",
"attachment": "<string>"
}
],
"assigneeId": "<string>",
"clientId": "<string>",
"clientName": "<string>"
}' \
--form 'file=[
"<any>"
]'{
"id": "<string>",
"tinyId": 123,
"title": "<string>",
"description": "<string>",
"statusValue": "<string>",
"status": {
"id": "<string>",
"stage": "New",
"label": "<string>",
"color": "<string>",
"value": "<string>",
"canDelete": true
},
"count": 123,
"severity": 123,
"type": "<string>",
"source": "<string>",
"sourceRef": "<string>",
"externalLink": "<string>",
"tlp": 123,
"pap": 123,
"customFields": {},
"createdAt": "<string>",
"updatedAt": "<string>",
"createdAtLabel": "<string>",
"updatedAtLabel": "<string>",
"severityColor": "<string>",
"severityLabel": "<string>",
"teams": [],
"tags": [],
"organizations": [],
"case": null,
"assignee": null,
"assigneeId": "<string>",
"createdById": "<string>",
"deletedAt": "<string>",
"observables": [],
"visibleToAllOrganizations": true,
"aiInsights": {
"resolutionQuality": 123,
"complianceScore": 123,
"recommendations": [
"<string>"
],
"timeToResolution": 123,
"riskScore": 123,
"category": "<string>",
"trendAnalysis": {
"trend": "increasing",
"confidence": 123
},
"similarCases": [
{
"id": "<string>",
"similarity": 123,
"resolution": "<string>"
}
],
"complianceImpact": {
"frameworks": [
"<string>"
],
"severity": "low",
"details": "<string>"
},
"threatIntel": {
"knownThreatActors": [
"<string>"
],
"relatedMalware": [
"<string>"
],
"iocPatterns": [
"<string>"
],
"riskLevel": "low",
"confidence": 123,
"ttps": [
"<string>"
],
"malwareFamily": "<string>",
"targetedSystems": [
"<string>"
],
"exploitationRisk": 123
},
"patternAnalysis": {
"behavioralPatterns": [
"<string>"
],
"anomalyScore": 123,
"relatedTechniques": [
"<string>"
],
"mitreAttackPaths": [
"<string>"
],
"automationPotential": 123,
"falsePositiveRisk": 123,
"lateralMovementRisk": 123
},
"businessImpact": {
"financialRisk": 123,
"reputationalRisk": 123,
"operationalRisk": 123,
"dataRisk": 123,
"overallImpact": "low",
"estimatedLoss": 123,
"recoveryTime": 123,
"affectedServices": [
"<string>"
]
},
"timeToDetect": 123,
"priorityScore": 123,
"mitreReference": "<string>",
"affectedAssets": [
"<string>"
],
"attackVector": "<string>",
"remediationSteps": [
"<string>"
],
"falsePositiveProbability": 123,
"relatedAlerts": [
{
"id": "<string>",
"type": "<string>",
"severity": 123
}
],
"securityPosture": {
"vulnerabilities": [
{
"id": "<string>",
"cve": "<string>",
"severity": "low",
"description": "<string>",
"remediation": "<string>"
}
],
"exposedServices": [
"<string>"
],
"patchStatus": "up-to-date",
"configurationIssues": [
"<string>"
]
},
"incidentResponse": {
"status": "new",
"assignedTo": "<string>",
"timeline": [
{
"timestamp": 123,
"action": "<string>",
"actor": "<string>"
}
],
"containmentStrategy": "<string>",
"evidenceCollected": [
"<string>"
]
},
"recommendationItems": [
{
"id": "<string>",
"type": "immediate",
"description": "<string>",
"priority": 123,
"status": "pending",
"implementationComplexity": "low",
"estimatedEffort": 123,
"dependencies": [
"<string>"
]
}
],
"processingStatus": "pending"
},
"primaryAlertId": "<string>"
}