POST /v1/threatIntel/datastore/indicators/normalized
Uploads a list indicators in a Sumo normalized format.
Servers
- https://api.au.sumologic.com/api/
- https://api.ca.sumologic.com/api/
- https://api.de.sumologic.com/api/
- https://api.eu.sumologic.com/api/
- https://api.fed.sumologic.com/api/
- https://api.jp.sumologic.com/api/
- https://api.kr.sumologic.com/api/
- https://api.in.sumologic.com/api/
- https://api.sumologic.com/api/
- https://api.us2.sumologic.com/api/
Request headers
| Name | Type | Required | Description |
|---|---|---|---|
Content-Type |
String | Yes |
The media type of the request body.
Default value: "application/json" |
Request body fields
| Name | Type | Required | Description |
|---|---|---|---|
indicators[] |
Array | Yes |
The list of normalized threat intel indicators to upload. |
indicators[].id |
String | Yes |
ID of the indicator |
indicators[].source |
String | Yes |
User-provided text to identify the source of the indicator |
indicators[].confidence |
Integer | Yes |
Confidence that the creator has in the correctness of their data, where 100 is highest |
indicators[].updated |
String | No |
When this indicator was most recently updated in Sumo. Timestamp in UTC in RFC3339 format. |
indicators[].validFrom |
String | Yes |
Beginning time this indicator is valid. Timestamp in UTC in RFC3339 format. |
indicators[].type |
String | Yes |
Type of indicator |
indicators[].threatType |
String | Yes |
Type of indicator ( https://docs.oasis-open.org/cti/stix/v2.1/os/stix-v2.1-os.html#_cvhfwe3t9vuo ) |
indicators[].indicator |
String | Yes |
Value of the indicator |
indicators[].killChain |
String | No |
Kill Chain as a comma separated list. |
indicators[].fields |
Object | No |
Flattened fields from the original indicator object (e.g. flattened STIX fields) |
indicators[].validUntil |
String | No |
Time at which this indicator expires. If not set, the indicator never expires. . Timestamp in UTC in RFC3339 format. |
indicators[].actors |
String | No |
Actors as a comma separated list. |
How to start integrating
- Add HTTP Task to your workflow definition.
- Search for the API you want to integrate with and click on the name.
- This loads the API reference documentation and prepares the Http request settings.
- Click Test request to test run your request to the API and see the API's response.