The alert field should be a JSON string containing the alert data with the same fields as POST /alerts.
For adding observables, the observables field should be an array of observables with the following fields:
If a file needs to be uploaded:
- dataType: file
- attachment: {name of the file}
For all other observables type:
- dataType: {type of the observable}
- data: {data of the observable}
The file field should be an array of files to be uploaded and the names of files should match what was defined in the alert data.
---------------------------
Example of the alert field:
{
"title":"Test alert 1",
"description":"Test description 1",
"status": "open",
"count": 1,
"tinyId":"hij",
"severity": 1,
"customFields": {
"test1": "value1",
"test2": "value2"
},
"tlp": 3,
"pap": 3,
"type": "virus",
"source": "virusRef",
"sourceRef": "virusRefRef",
"observables": [
{"dataType": "file", "attachment": "log.txt"},
{"dataType": "ip", "data": "8.8.8.8"},
{"dataType": "file", "attachment": "definition.txt"}
]
}