-
Notifications
You must be signed in to change notification settings - Fork 15
/
artifact_update.json
87 lines (87 loc) · 3.81 KB
/
artifact_update.json
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
{
"create_time": "2022-05-26T21:13:45.063456+00:00",
"custom_function_id": "202e71446b1780879a3a48f659f0f6c3f6adcd28",
"description": "Update an artifact with the specified attributes. All parameters are optional, except that an artifact_id must be provided and if one of cef_field or cef_value is provided then they must both be provided. Supports all fields available in /rest/artifact. Add any unlisted inputs as dictionary keys in input_json. Unsupported keys will automatically be dropped.",
"draft_mode": false,
"inputs": [
{
"contains_type": [
"phantom artifact id"
],
"description": "ID of the artifact to update, which is required unless artifact_id is a key within input_json",
"input_type": "item",
"name": "artifact_id",
"placeholder": "1234"
},
{
"contains_type": [],
"description": "Change the name of the artifact.",
"input_type": "item",
"name": "name",
"placeholder": "artifact"
},
{
"contains_type": [
""
],
"description": "Change the label of the artifact.",
"input_type": "item",
"name": "label",
"placeholder": "events"
},
{
"contains_type": [],
"description": "Change the severity of the artifact. Typically this is either \"High\", \"Medium\", or \"Low\".",
"input_type": "item",
"name": "severity",
"placeholder": "Medium"
},
{
"contains_type": [],
"description": "The name of the CEF field to populate in the artifact, such as \"destinationAddress\" or \"sourceDnsDomain\". Required only if cef_value is provided.",
"input_type": "item",
"name": "cef_field",
"placeholder": "destinationAddress"
},
{
"contains_type": [
"*"
],
"description": "The value of the CEF field to populate in the artifact, such as the IP address, domain name, or file hash. Required only if cef_field is provided.",
"input_type": "item",
"name": "cef_value",
"placeholder": "192.0.2.192"
},
{
"contains_type": [],
"description": "The CEF data type of the data in cef_value. For example, this could be \"ip\", \"hash\", or \"domain\". Optional, but only operational if cef_field is provided.",
"input_type": "item",
"name": "cef_data_type",
"placeholder": "ip"
},
{
"contains_type": [],
"description": "A comma-separated list of tags to apply to the artifact, which is optional.",
"input_type": "item",
"name": "tags",
"placeholder": "tag1, tag2, tag3"
},
{
"contains_type": [],
"description": "Optional input. Either True or False with default as False. If set to True, existing tags on the indicator record will be replaced by the provided input. If set to False, the new tags will be appended to the existing indicator tags.",
"input_type": "item",
"name": "overwrite_tags",
"placeholder": "True or False"
},
{
"contains_type": [],
"description": "Optional parameter to modify any extra attributes of the artifact. Input_json will be merged with other inputs. In the event of a conflict, input_json will take precedence.",
"input_type": "item",
"name": "input_json",
"placeholder": "{\"source_data_identifier\": \"1234\", \"data\": \"5678\"}"
}
],
"outputs": [],
"platform_version": "5.3.1.84890",
"python_version": "3"
}