{ "swagger": "2.0", "info": { "version": "1.0", "title": "MSRC Engage API" }, "host": "api.msrc.microsoft.com", "basePath": "/engage", "schemes": [ "https" ], "security": [ { "apiKeyHeader": [] }, { "apiKeyQuery": [] } ], "paths": { "/pentest": { "post": { "description": "An API for submitting Azure Service customer-driven penetration testing notifications in a derivative of the CARS (Cloud Abuse Reporting Schema) as JSON", "operationId": "Pentest Notification", "consumes": [ "application/json" ], "parameters": [ { "in": "body", "name": "body", "description": "Derivation of the Cloud Abuse Reporting Schema", "required": false, "schema": { "$ref": "#/definitions/Body" } } ], "responses": { "202": { "description": "Accepted" }, "400": { "description": "Bad Request" } } } }, "/cars": { "post": { "description": "An API for submitting Abuse or CERT reports in the CARS (Cloud Abuse Reporting Schema) as JSON", "operationId": "CERT Report", "consumes": [ "application/json" ], "parameters": [ { "in": "body", "name": "body", "description": "Cloud Abuse Reporting Schema", "required": true, "schema": { "example": "{\n \"reporterInfo\": {\n \"reporterEmail\": \"reporter_email@email.com\",\n \"reporterName\": \"John Smith\",\n \"reporterPhone\": \"555-555-5555\",\n \"reporterOrg\": \"Contoso\",\n \"discloseEmail\": \"TRUE||FALSE\",\n \"reporterNotes\": \"Sources are at liberty to elaborate on what their organization does if it's relevant to their reports as a whole.\"\n },\n \"reports\": [\n {\n \"report\": {\n \"batchID\": \"Group/Campaign Identifier\",\n \"relatedCases\": [ \"ID\", \"ID\", \"...\" ],\n \"reportNotes\": \"This is a brief summary of what I have found...\",\n \"TLP\": \"AMBER||GREEN||WHITE\",\n \"disclosureNotes\": \"Sources are at liberty to specify additional intended limits of the sharing: these must be adhered to.\",\n \"threats\": [\n {\n \"threat\": {\n \"threatType\": \"Activity||Content\",\n \"threatSubType\": \"CNC||FRAUD||DOS||SPAM||MALWARE||INTRUSION_ATTEMPT||PORT_SCAN||WEB_CRAWL||PHISHING||THREAT_TYPE_UNSPECIFIED\",\n \"sampleType\":\"Base64\",\n \"sourceIp\": \"1.1.1.1\",\n \"destinationIp\": \"2.2.2.2\",\n \"sourcePort\": \"PORT\",\n \"destinationPort\": \"PORT\",\n \"sourceUrl\": \"URL\",\n \"destinationUrl\": \"URL\",\n \"protocol\": \"PROTOCOL_NUMBER\",\n \"byteCount\": \"BYTES\",\n \"packetCount\": \"PACKETS\",\n \"date\": \"yyyy-mm-dd\",\n \"time\": \"00:00:00\",\n \"timeZone\": \"-0000\",\n \"sample\": \"logs of observed activity; must be of type specified above\"\n }\n }\n ]\n }\n }\n ]\n}" } } ], "responses": { "202": { "description": "Accepted" }, "400": { "description": "Bad Request" } } } } }, "securityDefinitions": { "apiKeyHeader": { "type": "apiKey", "name": "api-key", "in": "header" }, "apiKeyQuery": { "type": "apiKey", "name": "subscription-key", "in": "query" } }, "definitions": { "Body": { "example": "{\n \"reporterInfo\": {\n \"reporterEmail\": \"reporter_email@email.com\",\n \"reporterName\": \"John Smith\",\n \"reporterPhone\": \"555-555-5555\",\n \"reporterOrg\": \"Contoso\",\n \"discloseEmail\": \"TRUE||FALSE\",\n \"reporterNotes\": \"Sources are at liberty to elaborate on what their organization does if it's relevant to their reports as a whole.\"\n },\n \"reports\": [\n {\n \"report\": {\n \"batchID\": \"Group/Campaign Identifier\",\n \"relatedCases\": [ \"ID\", \"ID\", \"...\" ],\n \"reportNotes\": \"This is a brief summary of what I have found...\",\n \"TLP\": \"AMBER||GREEN||WHITE\",\n \"disclosureNotes\": \"Sources are at liberty to specify additional intended limits of the sharing: these must be adhered to.\",\n \"threats\": [\n {\n \"threat\": {\n \"threatType\": \"Activity||Content\",\n \"threatSubType\": \"CNC||FRAUD||DOS||SPAM||MALWARE||INTRUSION_ATTEMPT||PORT_SCAN||WEB_CRAWL||PHISHING||THREAT_TYPE_UNSPECIFIED\",\n \"sampleType\":\"Base64\",\n \"sourceIp\": \"1.1.1.1\",\n \"destinationIp\": \"2.2.2.2\",\n \"sourcePort\": \"PORT\",\n \"destinationPort\": \"PORT\",\n \"sourceUrl\": \"URL\",\n \"destinationUrl\": \"URL\",\n \"protocol\": \"PROTOCOL_NUMBER\",\n \"byteCount\": \"BYTES\",\n \"packetCount\": \"PACKETS\",\n \"date\": \"yyyy-mm-dd\",\n \"time\": \"00:00:00\",\n \"timeZone\": \"-0000\",\n \"sample\": \"logs of observed activity; must be of type specified above\"\n }\n }\n ]\n }\n }\n ]\n}" } } }