Create Incident Bundle
POST https://visibility.{{xdr_api_domain}}/iroh/private-intel/bundle/import?external-key-prefixes=xdrauto
Request Params
| Key | Datatype | Required | Description |
|---|---|---|---|
external-key-prefixes | string |
Request Body
{"source"=>"My Secret Intel Source", "incidents"=>[{"description"=>"Description of the incident. Up to 5,000 characters", "schema_version"=>"1.0.11", "type"=>"incident", "source"=>"My Secret Intel Source", "short_description"=>"Shorter description of the incident. Up to 2,048 characters", "title"=>"Title for the incident (for the incident list). Up to 1,024 characters", "incident_time"=>{"discovered"=>"2023-07-19T17:47:59Z", "opened"=>"2023-07-19T17:47:59Z"}, "status"=>"New", "tlp"=>"amber", "confidence"=>"High", "severity"=>"Critical", "id"=>"transient:xdrauto-incident-e2fd4279b8110536dd1369ebefda25c8412f0f3d1d0e0ad8ce57c614ad9f5975", "techniques"=>["T1036"], "tactics"=>["TA0002", "TA0005"]}], "sightings"=>[{"confidence"=>"High", "observables"=>[{"value"=>"b99d61d874728edc0918ca0eb10eab93d381e7367e377406e65963366c874450", "type"=>"sha256"}, {"value"=>"C:\\Windows\\System32\\cmd.exe", "type"=>"file_path"}, {"value"=>"10.0.36.82", "type"=>"ip"}], "targets"=>[{"type"=>"endpoint", "observables"=>[{"value"=>"my-computer", "type"=>"hostname"}, {"value"=>"192.168.10.20", "type"=>"ip"}, {"value"=>"00:E2:7D:26:24:E9", "type"=>"mac_address"}], "observed_time"=>{"start_time"=>"2023-04-09T13:31:02.000Z", "end_time"=>"2023-04-09T13:31:02.000Z"}}], "external_ids"=>["xdrauto-sighting-edb9e2b4aa3fa0a310490e8042961518e5b266edabf59398b8333fb32189416b"], "id"=>"transient:xdrauto-sighting-edb9e2b4aa3fa0a310490e8042961518e5b266edabf59398b8333fb32189416b", "description"=>"Description of the sighting", "title"=>"Suspicious activity found on host my-computer", "source"=>"My Secret Intel Source", "type"=>"sighting", "observed_time"=>{"start_time"=>"2023-07-19"}, "tlp"=>"amber", "severity"=>"Critical"}], "relationships"=>[{"external_ids"=>["xdrauto-relationship-40e329a09ce1bf3e84b357a616c0f865ac8511eb"], "source_ref"=>"transient:xdrauto-sighting-edb9e2b4aa3fa0a310490e8042961518e5b266edabf59398b8333fb32189416b", "target_ref"=>"transient:xdrauto-incident-e2fd4279b8110536dd1369ebefda25c8412f0f3d1d0e0ad8ce57c614ad9f5975", "source"=>"My Secret Intel Source", "relationship_type"=>"member-of", "type"=>"relationship", "id"=>"transient:xdrauto-relationship-40e329a09ce1bf3e84b357a616c0f865ac8511eb"}]}