Qodex.ai

Create Sighting

POST https://private.intel.{{xdr_api_domain}}/ctia/sighting

Request Body

{"description"=>"Description of the sighting", "observables"=>[{"value"=>"cisco.com", "type"=>"domain"}], "type"=>"sighting", "source"=>"My Secret Intel Source", "targets"=>[{"type"=>"string", "observables"=>[{"value"=>"My-PC-01", "type"=>"hostname"}], "observed_time"=>{"start_time"=>"2023-07-13T20:16:28.640Z", "end_time"=>"2023-07-13T20:16:28.640Z"}, "os"=>"Windows 11"}], "short_description"=>"A host connected to a monitored domain", "title"=>"Connection to monitored domain", "severity"=>"Medium", "tlp"=>"white", "confidence"=>"High", "observed_time"=>{"start_time"=>"2023-07-13T20:16:28.640Z", "end_time"=>"2023-07-13T20:16:28.640Z"}}