POST /v1/threatIntel/datastore/indicators/stix
Uploads a list indicators in in a STIX 2.x json format.
Servers
- https://api.au.sumologic.com/api/
- https://api.ca.sumologic.com/api/
- https://api.de.sumologic.com/api/
- https://api.eu.sumologic.com/api/
- https://api.fed.sumologic.com/api/
- https://api.jp.sumologic.com/api/
- https://api.kr.sumologic.com/api/
- https://api.in.sumologic.com/api/
- https://api.sumologic.com/api/
- https://api.us2.sumologic.com/api/
Request headers
| Name | Type | Required | Description |
|---|---|---|---|
Content-Type |
String | Yes |
The media type of the request body.
Default value: "application/json" |
Request body fields
| Name | Type | Required | Description |
|---|---|---|---|
source |
String | Yes |
User-provided text to identify the source of the indicator |
indicators[] |
Array | Yes |
The list of stix threat intel indicators to upload. |
indicators[].indicator_types[] |
Array | No |
A set of categorizations for this indicator. |
indicators[].revoked |
Boolean | No |
The revoked property is only used by STIX Objects that support versioning and indicates whether the object has been revoked. |
indicators[].kill_chain_phases[] |
Array | No |
The list of Kill Chain Phases for which this Attack Pattern is used |
indicators[].kill_chain_phases[].phase_name |
String | No |
The name of the phase in the kill chain. The value of this property SHOULD be all lowercase and SHOULD use hyphens instead of spaces or underscores as word separators |
indicators[].kill_chain_phases[].kill_chain_name |
String | Yes |
The name of the kill chain. The value of this property SHOULD be all lowercase and SHOULD use hyphens instead of spaces or underscores as word separators |
indicators[].labels[] |
Array | No |
The labels property specifies a set of terms used to describe this object. The terms are user-defined or trust-group defined and their meaning is outside the scope of this specification and MAY be ignored. |
indicators[].description |
String | No |
A human readable description |
indicators[].valid_from |
String | Yes |
The time from which this Indicator is considered a valid indicator of the behaviors it is related or represents. |
indicators[].modified |
String | Yes |
The time from which this Indicator is considered a valid indicator of the behaviors it is related or represents. |
indicators[].created_by_ref |
String | No |
Identifier of type identity |
indicators[].extensions |
Object | No |
Specifies any extensions of the object, as a dictionary |
indicators[].extensions.name |
Object | No | |
indicators[].extensions.name.revoked |
Boolean | No |
The revoked property is only used by STIX Objects that support versioning and indicates whether the object has been revoked. |
indicators[].extensions.name.labels[] |
Array | No |
The labels property specifies a set of terms used to describe this object. The terms are user-defined or trust-group defined and their meaning is outside the scope of this specification and MAY be ignored. |
indicators[].extensions.name.description |
String | No |
A human readable description |
indicators[].extensions.name.modified |
String | Yes |
The time from which this Indicator is considered a valid indicator of the behaviors it is related or represents. |
indicators[].extensions.name.created_by_ref |
String | Yes |
Identifier of type identity |
indicators[].extensions.name.id |
String | Yes |
The ID of the indicator |
indicators[].extensions.name.external_references[] |
Array | No |
A list of external references which refer to non-STIX information. This property MAY be used to provide one or more Vulnerability identifiers, such as a CVE ID |
indicators[].extensions.name.external_references[].external_id |
String | No |
An identifier for the external reference content |
indicators[].extensions.name.external_references[].description |
String | No |
A human readable description |
indicators[].extensions.name.external_references[].source_name |
String | Yes |
The name of the source that the external-reference is defined within |
indicators[].extensions.name.external_references[].url |
String | No |
A URL reference to an external resource |
indicators[].extensions.name.external_references[].hashes |
Object | No |
Specifies a dictionary of hashes for the contents of the url |
indicators[].extensions.name.created |
String | Yes |
The time from which this Indicator is considered a valid indicator of the behaviors it is related or represents. |
indicators[].extensions.name.name |
String | Yes |
The name of the object |
indicators[].extensions.name.extension_properties[] |
Array | No |
This property contains the list of new property names that are added to an object by an extension |
indicators[].extensions.name.object_marking_refs[] |
Array | No |
The object_marking_refs property specifies a list of id properties of marking-definition objects that apply to this object. |
indicators[].extensions.name.extension_types[] |
Array | Yes |
This property specifies one or more extension types contained within this extension |
indicators[].extensions.name.schema |
String | Yes |
The normative definition of the extension, either as a URL or as plain text explaining the definition |
indicators[].extensions.name.version |
String | Yes |
The version of this extension |
indicators[].extensions.name.type |
String | Yes |
The type property identifies the type of object |
indicators[].extensions.name.spec_version |
String | Yes |
The STIX version |
indicators[].extensions.name.granular_markings[] |
Array | No |
The granular_markings property specifies a list of granular markings applied to this object |
indicators[].extensions.name.granular_markings[].lang |
String | No |
The lang property identifies the language of the text identified by this marking |
indicators[].extensions.name.granular_markings[].selectors[] |
Array | Yes |
The selectors property specifies a list of selectors for content contained within the STIX Object in which this property appears |
indicators[].extensions.name.granular_markings[].marking_ref |
String | No |
The marking_ref property specifies the ID of the marking-definition object that describes the marking |
indicators[].id |
String | Yes |
The ID of the indicator |
indicators[].lang |
String | No |
The lang property identifies the language of the text content in this object. When present, it MUST be a language code conformant to [RFC5646]. If the property is not present, then the language of the content is en (English) |
indicators[].confidence |
Integer | No |
Confidence that the creator has in the correctness of their data, where 100 is highest |
indicators[].external_references[] |
Array | No |
A list of external references which refer to non-STIX information. This property MAY be used to provide one or more Vulnerability identifiers, such as a CVE ID |
indicators[].external_references[].external_id |
String | No |
An identifier for the external reference content |
indicators[].external_references[].description |
String | No |
A human readable description |
indicators[].external_references[].source_name |
String | Yes |
The name of the source that the external-reference is defined within |
indicators[].external_references[].url |
String | No |
A URL reference to an external resource |
indicators[].external_references[].hashes |
Object | No |
Specifies a dictionary of hashes for the contents of the url |
indicators[].created |
String | Yes |
The time from which this Indicator is considered a valid indicator of the behaviors it is related or represents. |
indicators[].name |
String | No |
The name of the object |
indicators[].pattern_type |
String | Yes |
The type of pattern |
indicators[].object_marking_refs[] |
Array | No |
The object_marking_refs property specifies a list of id properties of marking-definition objects that apply to this object. |
indicators[].valid_until |
String | No |
The time at which this Indicator should no longer be considered a valid indicator of the behaviors it is related to or represents. |
indicators[].type |
String | Yes |
The type property identifies the type of STIX Object. |
indicators[].spec_version |
String | Yes |
The STIX version |
indicators[].pattern |
String | Yes |
The detection pattern for this Indicator expressed as a STIX patter. |
indicators[].granular_markings[] |
Array | No |
The granular_markings property specifies a list of granular markings applied to this object |
indicators[].granular_markings[].lang |
String | No |
The lang property identifies the language of the text identified by this marking |
indicators[].granular_markings[].selectors[] |
Array | Yes |
The selectors property specifies a list of selectors for content contained within the STIX Object in which this property appears |
indicators[].granular_markings[].marking_ref |
String | No |
The marking_ref property specifies the ID of the marking-definition object that describes the marking |
indicators[].pattern_version |
String | No |
The version of the pattern language that is used for the data in the pattern property which MUST match the type of pattern data included in the pattern property. |
How to start integrating
- Add HTTP Task to your workflow definition.
- Search for the API you want to integrate with and click on the name.
- This loads the API reference documentation and prepares the Http request settings.
- Click Test request to test run your request to the API and see the API's response.