1651 строка
58 KiB
JSON
1651 строка
58 KiB
JSON
{
|
|
"swagger":"2.0",
|
|
"info":{
|
|
"title":"Recorded Future V2",
|
|
"description":"Recorded Future Connector enables access to the Recorded Future Intelligence. The connector has dedicated actions for pulling Recorded Future indicators (IP, Domain, URL, Hash) and associated context (Risk Score, Risk Rules, Intelligence Card Link and High Confidence Evidence Based Links), Vulnerabilities, Recorded Future Alerts and enables access to Recorded Future SOAR API and Fusion Files",
|
|
"contact":{
|
|
"name":"Recorded Future Support",
|
|
"url":"https://support.recordedfuture.com",
|
|
"email":"support@recordedfuture.com"
|
|
},
|
|
"version":"1.0"
|
|
},
|
|
"host":"api.recordedfuture.com",
|
|
"basePath":"/gw/azure",
|
|
"schemes":[
|
|
"https"
|
|
],
|
|
"paths":{
|
|
"/lookup/ip/{ip}":{
|
|
"get":{
|
|
"responses":{
|
|
"200":{
|
|
"description":"Default",
|
|
"schema":{
|
|
"type":"object",
|
|
"properties":{
|
|
"data":{
|
|
"type":"object",
|
|
"properties":{
|
|
"intelCard":{
|
|
"type":"string",
|
|
"description":"Recorded Future Intelligence Card Link",
|
|
"title":"intelCard",
|
|
"x-ms-visibility":"important"
|
|
},
|
|
"risk":{
|
|
"type":"object",
|
|
"properties":{
|
|
"criticalityLabel":{
|
|
"type":"string",
|
|
"description":"Recorded Future Indicator Criticality Level",
|
|
"title":"criticalityLabel",
|
|
"x-ms-visibility":"important"
|
|
},
|
|
"score":{
|
|
"type":"integer",
|
|
"format":"int32",
|
|
"description":"Recorded Future Indicator Risk Score",
|
|
"title":"score",
|
|
"x-ms-visibility":"important"
|
|
},
|
|
"evidenceDetails":{
|
|
"type":"array",
|
|
"items":{
|
|
"type":"object",
|
|
"properties":{
|
|
"mitigationString":{
|
|
"type":"string",
|
|
"description":"Mitigating string",
|
|
"x-ms-visibility":"internal"
|
|
},
|
|
"timestamp":{
|
|
"type":"string",
|
|
"description":"Timestamp",
|
|
"x-ms-visibility":"internal"
|
|
},
|
|
"criticalityLabel":{
|
|
"type":"string",
|
|
"description":"Criticality label",
|
|
"x-ms-visibility":"internal"
|
|
},
|
|
"evidenceString":{
|
|
"type":"string",
|
|
"description":"Recorded Future Risk Rules Evidence Details",
|
|
"title":"evidenceString",
|
|
"x-ms-visibility":"advanced"
|
|
},
|
|
"rule":{
|
|
"type":"string",
|
|
"description":"Recorded Future Indicator Risk Rules",
|
|
"title":"rule",
|
|
"x-ms-visibility":"important"
|
|
},
|
|
"criticality":{
|
|
"type":"integer",
|
|
"format":"int32",
|
|
"description":"Criticality",
|
|
"x-ms-visibility":"internal"
|
|
}
|
|
}
|
|
},
|
|
"description":"Evidence details"
|
|
},
|
|
"riskString":{
|
|
"type":"string",
|
|
"description":"Risk string",
|
|
"x-ms-visibility":"internal"
|
|
},
|
|
"rules":{
|
|
"type":"integer",
|
|
"format":"int32",
|
|
"description":"Rules",
|
|
"x-ms-visibility":"internal"
|
|
},
|
|
"criticality":{
|
|
"type":"integer",
|
|
"format":"int32",
|
|
"description":"Criticality",
|
|
"x-ms-visibility":"internal"
|
|
},
|
|
"riskSummary":{
|
|
"type":"string",
|
|
"description":"Recorded Future Risk Rules Summary",
|
|
"title":"riskSummary",
|
|
"x-ms-visibility":"advanced"
|
|
}
|
|
},
|
|
"description":"Risk"
|
|
},
|
|
"links":{
|
|
"$ref":"#/definitions/Links"
|
|
}
|
|
},
|
|
"description":"Data"
|
|
}
|
|
}
|
|
}
|
|
}
|
|
},
|
|
"summary":"IP Enrichment",
|
|
"description":"IP Enrichment with Recorded Future data",
|
|
"operationId":"IP_E",
|
|
"x-ms-visibility":"important",
|
|
"parameters":[
|
|
{
|
|
"name":"ip",
|
|
"in":"path",
|
|
"required":true,
|
|
"type":"string",
|
|
"x-ms-visibility":"important",
|
|
"description":"The IP address to lookup. Must be a single IP address",
|
|
"x-ms-summary":"IP input",
|
|
"x-ms-url-encoding":"single"
|
|
},
|
|
{
|
|
"name":"fields",
|
|
"in":"query",
|
|
"required":true,
|
|
"type":"string",
|
|
"default":"intelCard,risk,links",
|
|
"x-ms-visibility":"internal"
|
|
}
|
|
]
|
|
}
|
|
},
|
|
"/lookup/domain/{domain}":{
|
|
"get":{
|
|
"responses":{
|
|
"200":{
|
|
"description":"Default",
|
|
"schema":{
|
|
"type":"object",
|
|
"properties":{
|
|
"data":{
|
|
"type":"object",
|
|
"properties":{
|
|
"intelCard":{
|
|
"type":"string",
|
|
"description":"Recorded Future Intelligence Card Link",
|
|
"title":"intelCard",
|
|
"x-ms-visibility":"important"
|
|
},
|
|
"risk":{
|
|
"type":"object",
|
|
"properties":{
|
|
"criticalityLabel":{
|
|
"type":"string",
|
|
"description":"Recorded Future Indicator Criticality Level",
|
|
"title":"criticalityLabel",
|
|
"x-ms-visibility":"important"
|
|
},
|
|
"score":{
|
|
"type":"integer",
|
|
"format":"int32",
|
|
"description":"Recorded Future Indicator Risk Score",
|
|
"title":"score",
|
|
"x-ms-visibility":"important"
|
|
},
|
|
"evidenceDetails":{
|
|
"type":"array",
|
|
"items":{
|
|
"type":"object",
|
|
"properties":{
|
|
"mitigationString":{
|
|
"type":"string",
|
|
"description":"Mitigating string",
|
|
"x-ms-visibility":"internal"
|
|
},
|
|
"timestamp":{
|
|
"type":"string",
|
|
"description":"Timestamp",
|
|
"x-ms-visibility":"internal"
|
|
},
|
|
"criticalityLabel":{
|
|
"type":"string",
|
|
"description":"Criticality label",
|
|
"x-ms-visibility":"internal"
|
|
},
|
|
"evidenceString":{
|
|
"type":"string",
|
|
"description":"Recorded Future Risk Rules Evidence Details",
|
|
"title":"evidenceString",
|
|
"x-ms-visibility":"advanced"
|
|
},
|
|
"rule":{
|
|
"type":"string",
|
|
"description":"Recorded Future Indicator Risk Rules",
|
|
"title":"rule",
|
|
"x-ms-visibility":"advanced"
|
|
},
|
|
"criticality":{
|
|
"type":"integer",
|
|
"format":"int32",
|
|
"description":"Criticality",
|
|
"x-ms-visibility":"internal"
|
|
}
|
|
}
|
|
},
|
|
"description":"Evidence details"
|
|
},
|
|
"riskString":{
|
|
"type":"string",
|
|
"description":"Risk string",
|
|
"x-ms-visibility":"internal"
|
|
},
|
|
"rules":{
|
|
"type":"integer",
|
|
"format":"int32",
|
|
"description":"Rules",
|
|
"x-ms-visibility":"internal"
|
|
},
|
|
"criticality":{
|
|
"type":"integer",
|
|
"format":"int32",
|
|
"description":"Criticality",
|
|
"x-ms-visibility":"internal"
|
|
},
|
|
"riskSummary":{
|
|
"type":"string",
|
|
"description":"Recorded Future Risk Rules Summary",
|
|
"title":"riskSummary",
|
|
"x-ms-visibility":"advanced"
|
|
}
|
|
},
|
|
"description":"Risk"
|
|
},
|
|
"links":{
|
|
"$ref":"#/definitions/Links"
|
|
}
|
|
},
|
|
"description":"Data"
|
|
}
|
|
}
|
|
}
|
|
}
|
|
},
|
|
"summary":"Domain Enrichment",
|
|
"description":"Domain Enrichment with Recorded Future data",
|
|
"operationId":"D_E",
|
|
"x-ms-visibility":"important",
|
|
"parameters":[
|
|
{
|
|
"name":"domain",
|
|
"in":"path",
|
|
"required":true,
|
|
"type":"string",
|
|
"x-ms-visibility":"important",
|
|
"description":"The domain to lookup. Must be a single domain",
|
|
"x-ms-summary":"Domain input",
|
|
"x-ms-url-encoding":"single"
|
|
},
|
|
{
|
|
"name":"fields",
|
|
"in":"query",
|
|
"required":true,
|
|
"type":"string",
|
|
"default":"intelCard,risk,links",
|
|
"x-ms-visibility":"internal"
|
|
}
|
|
]
|
|
}
|
|
},
|
|
"/lookup/url/{url}":{
|
|
"get":{
|
|
"responses":{
|
|
"200":{
|
|
"description":"Default",
|
|
"schema":{
|
|
"type":"object",
|
|
"properties":{
|
|
"data":{
|
|
"type":"object",
|
|
"properties":{
|
|
"risk":{
|
|
"type":"object",
|
|
"properties":{
|
|
"criticalityLabel":{
|
|
"type":"string",
|
|
"description":"Recorded Future Indicator Criticality Level",
|
|
"title":"criticalityLabel",
|
|
"x-ms-visibility":"important"
|
|
},
|
|
"score":{
|
|
"type":"integer",
|
|
"format":"int32",
|
|
"description":"Recorded Future Indicator Risk Score",
|
|
"title":"score",
|
|
"x-ms-visibility":"important"
|
|
},
|
|
"evidenceDetails":{
|
|
"type":"array",
|
|
"items":{
|
|
"type":"object",
|
|
"properties":{
|
|
"mitigationString":{
|
|
"type":"string",
|
|
"description":"Mitigating string",
|
|
"x-ms-visibility":"internal"
|
|
},
|
|
"timestamp":{
|
|
"type":"string",
|
|
"description":"Timestamp",
|
|
"x-ms-visibility":"internal"
|
|
},
|
|
"criticalityLabel":{
|
|
"type":"string",
|
|
"description":"Criticality label",
|
|
"x-ms-visibility":"internal"
|
|
},
|
|
"evidenceString":{
|
|
"type":"string",
|
|
"description":"Recorded Future Risk Rules Evidence Details",
|
|
"title":"evidenceString",
|
|
"x-ms-visibility":"advanced"
|
|
},
|
|
"rule":{
|
|
"type":"string",
|
|
"description":"Recorded Future Indicator Risk Rules",
|
|
"title":"rule",
|
|
"x-ms-visibility":"important"
|
|
},
|
|
"criticality":{
|
|
"type":"integer",
|
|
"format":"int32",
|
|
"description":"Criticality",
|
|
"x-ms-visibility":"internal"
|
|
}
|
|
}
|
|
},
|
|
"description":"Evidence details"
|
|
},
|
|
"riskString":{
|
|
"type":"string",
|
|
"description":"Risk string",
|
|
"x-ms-visibility":"internal"
|
|
},
|
|
"rules":{
|
|
"type":"integer",
|
|
"format":"int32",
|
|
"description":"Rules",
|
|
"x-ms-visibility":"internal"
|
|
},
|
|
"criticality":{
|
|
"type":"integer",
|
|
"format":"int32",
|
|
"description":"Criticality",
|
|
"x-ms-visibility":"internal"
|
|
},
|
|
"riskSummary":{
|
|
"type":"string",
|
|
"description":"Recorded Future Risk Rules Summary",
|
|
"title":"riskSummary",
|
|
"x-ms-visibility":"advanced"
|
|
}
|
|
},
|
|
"description":"Risk"
|
|
},
|
|
"links":{
|
|
"$ref":"#/definitions/Links"
|
|
}
|
|
},
|
|
"description":"Data"
|
|
}
|
|
}
|
|
}
|
|
}
|
|
},
|
|
"summary":"URL Enrichment",
|
|
"description":"URL Enrichment with Recorded Future data",
|
|
"operationId":"U_E",
|
|
"x-ms-visibility":"important",
|
|
"parameters":[
|
|
{
|
|
"name":"url",
|
|
"in":"path",
|
|
"required":true,
|
|
"type":"string",
|
|
"x-ms-visibility":"important",
|
|
"description":"The URL to lookup. Must be a single URL",
|
|
"x-ms-summary":"URL input",
|
|
"x-ms-url-encoding":"single"
|
|
},
|
|
{
|
|
"name":"fields",
|
|
"in":"query",
|
|
"required":true,
|
|
"type":"string",
|
|
"default":"intelCard,risk,links",
|
|
"x-ms-visibility":"internal"
|
|
}
|
|
]
|
|
}
|
|
},
|
|
"/lookup/hash/{hash}":{
|
|
"get":{
|
|
"responses":{
|
|
"200":{
|
|
"description":"Default",
|
|
"schema":{
|
|
"type":"object",
|
|
"properties":{
|
|
"data":{
|
|
"type":"object",
|
|
"properties":{
|
|
"intelCard":{
|
|
"type":"string",
|
|
"description":"Recorded Future Intelligence Card Link",
|
|
"title":"intelCard",
|
|
"x-ms-visibility":"important"
|
|
},
|
|
"risk":{
|
|
"type":"object",
|
|
"properties":{
|
|
"criticalityLabel":{
|
|
"type":"string",
|
|
"description":"Recorded Future Indicator Criticality Level",
|
|
"title":"criticalityLabel",
|
|
"x-ms-visibility":"important"
|
|
},
|
|
"score":{
|
|
"type":"integer",
|
|
"format":"int32",
|
|
"description":"Recorded Future Indicator Risk Score",
|
|
"title":"score",
|
|
"x-ms-visibility":"important"
|
|
},
|
|
"evidenceDetails":{
|
|
"type":"array",
|
|
"items":{
|
|
"type":"object",
|
|
"properties":{
|
|
"mitigationString":{
|
|
"type":"string",
|
|
"description":"Mitigating string",
|
|
"x-ms-visibility":"internal"
|
|
},
|
|
"timestamp":{
|
|
"type":"string",
|
|
"description":"Timestamp",
|
|
"x-ms-visibility":"internal"
|
|
},
|
|
"criticalityLabel":{
|
|
"type":"string",
|
|
"description":"Criticality label",
|
|
"x-ms-visibility":"internal"
|
|
},
|
|
"evidenceString":{
|
|
"type":"string",
|
|
"description":"Recorded Future Risk Rules Evidence Details",
|
|
"title":"evidenceString",
|
|
"x-ms-visibility":"advanced"
|
|
},
|
|
"rule":{
|
|
"type":"string",
|
|
"description":"Recorded Future Indicator Risk Rules",
|
|
"title":"rule",
|
|
"x-ms-visibility":"important"
|
|
},
|
|
"criticality":{
|
|
"type":"integer",
|
|
"format":"int32",
|
|
"description":"Criticality",
|
|
"x-ms-visibility":"internal"
|
|
}
|
|
}
|
|
},
|
|
"description":"Evidence details"
|
|
},
|
|
"riskString":{
|
|
"type":"string",
|
|
"description":"Risk string",
|
|
"x-ms-visibility":"internal"
|
|
},
|
|
"rules":{
|
|
"type":"integer",
|
|
"format":"int32",
|
|
"description":"Rules",
|
|
"x-ms-visibility":"internal"
|
|
},
|
|
"criticality":{
|
|
"type":"integer",
|
|
"format":"int32",
|
|
"description":"Criticality",
|
|
"x-ms-visibility":"internal"
|
|
},
|
|
"riskSummary":{
|
|
"type":"string",
|
|
"description":"Recorded Future Risk Rules Summary",
|
|
"title":"riskSummary",
|
|
"x-ms-visibility":"advanced"
|
|
}
|
|
},
|
|
"description":"Risk"
|
|
},
|
|
"links":{
|
|
"$ref":"#/definitions/Links"
|
|
}
|
|
},
|
|
"description":"Data"
|
|
}
|
|
}
|
|
}
|
|
}
|
|
},
|
|
"summary":"Hash Enrichment",
|
|
"description":"Hash Enrichment with Recorded Future data",
|
|
"operationId":"H_E",
|
|
"x-ms-visibility":"important",
|
|
"parameters":[
|
|
{
|
|
"name":"hash",
|
|
"in":"path",
|
|
"required":true,
|
|
"type":"string",
|
|
"x-ms-visibility":"important",
|
|
"description":"The HASH to lookup. Must be a single HASH",
|
|
"x-ms-summary":"HASH input",
|
|
"x-ms-url-encoding":"single"
|
|
},
|
|
{
|
|
"name":"fields",
|
|
"in":"query",
|
|
"required":true,
|
|
"type":"string",
|
|
"default":"intelCard,risk,links",
|
|
"x-ms-visibility":"internal"
|
|
}
|
|
]
|
|
}
|
|
},
|
|
"/lookup/vulnerability/{id}":{
|
|
"get":{
|
|
"responses":{
|
|
"200":{
|
|
"description":"Default",
|
|
"schema":{
|
|
"type":"object",
|
|
"properties":{
|
|
"data":{
|
|
"type":"object",
|
|
"properties":{
|
|
"intelCard":{
|
|
"type":"string",
|
|
"description":"Recorded Future Intelligence Card Link",
|
|
"title":"intelCard",
|
|
"x-ms-visibility":"important"
|
|
},
|
|
"risk":{
|
|
"type":"object",
|
|
"properties":{
|
|
"criticalityLabel":{
|
|
"type":"string",
|
|
"description":"Recorded Future Vulnerability Criticality Level",
|
|
"title":"criticalityLabel",
|
|
"x-ms-visibility":"important"
|
|
},
|
|
"score":{
|
|
"type":"integer",
|
|
"format":"int32",
|
|
"description":"Recorded Future Vulnerability Risk Score",
|
|
"title":"score",
|
|
"x-ms-visibility":"important"
|
|
},
|
|
"evidenceDetails":{
|
|
"type":"array",
|
|
"items":{
|
|
"type":"object",
|
|
"properties":{
|
|
"mitigationString":{
|
|
"type":"string",
|
|
"description":"Mitigating string",
|
|
"x-ms-visibility":"internal"
|
|
},
|
|
"timestamp":{
|
|
"type":"string",
|
|
"description":"Timestamp",
|
|
"x-ms-visibility":"internal"
|
|
},
|
|
"criticalityLabel":{
|
|
"type":"string",
|
|
"description":"Criticality label",
|
|
"x-ms-visibility":"internal"
|
|
},
|
|
"evidenceString":{
|
|
"type":"string",
|
|
"description":"Recorded Future Risk Rules Evidence Details",
|
|
"title":"evidenceString",
|
|
"x-ms-visibility":"advanced"
|
|
},
|
|
"rule":{
|
|
"type":"string",
|
|
"description":"Recorded Future Vulnerability Risk Rules",
|
|
"title":"rule",
|
|
"x-ms-visibility":"important"
|
|
},
|
|
"criticality":{
|
|
"type":"integer",
|
|
"format":"int32",
|
|
"description":"Criticality",
|
|
"x-ms-visibility":"internal"
|
|
}
|
|
}
|
|
},
|
|
"description":"Evidence details"
|
|
},
|
|
"riskString":{
|
|
"type":"string",
|
|
"description":"Risk string",
|
|
"x-ms-visibility":"internal"
|
|
},
|
|
"rules":{
|
|
"type":"integer",
|
|
"format":"int32",
|
|
"description":"Rules",
|
|
"x-ms-visibility":"internal"
|
|
},
|
|
"criticality":{
|
|
"type":"integer",
|
|
"format":"int32",
|
|
"description":"Criticality",
|
|
"x-ms-visibility":"internal"
|
|
},
|
|
"riskSummary":{
|
|
"type":"string",
|
|
"description":"Recorded Future Risk Rules Summary",
|
|
"title":"riskSummary",
|
|
"x-ms-visibility":"advanced"
|
|
}
|
|
},
|
|
"description":"Risk"
|
|
},
|
|
"links":{
|
|
"$ref":"#/definitions/Links"
|
|
}
|
|
},
|
|
"description":"Data"
|
|
}
|
|
}
|
|
}
|
|
}
|
|
},
|
|
"summary":"Vulnerability Enrichment",
|
|
"description":"Vulnerability Enrichment with Recorded Future data",
|
|
"parameters":[
|
|
{
|
|
"name":"id",
|
|
"in":"path",
|
|
"required":true,
|
|
"type":"string",
|
|
"x-ms-visibility":"important",
|
|
"description":"The Vulnerability ID (CVE, name) to lookup. Must be a single Vulnerability ID (CVE, name)",
|
|
"x-ms-summary":"Vulnerability ID (CVE, name) input",
|
|
"x-ms-url-encoding":"single"
|
|
},
|
|
{
|
|
"name":"fields",
|
|
"in":"query",
|
|
"required":true,
|
|
"type":"string",
|
|
"default":"intelCard,risk,links",
|
|
"x-ms-visibility":"internal"
|
|
}
|
|
],
|
|
"operationId":"Vuln_E",
|
|
"x-ms-visibility":"advanced"
|
|
}
|
|
},
|
|
"/alert/rules":{
|
|
"get":{
|
|
"responses":{
|
|
"200":{
|
|
"description":"Default",
|
|
"schema":{
|
|
"type":"object",
|
|
"properties":{
|
|
"data":{
|
|
"type":"object",
|
|
"properties":{
|
|
"results":{
|
|
"type":"array",
|
|
"items":{
|
|
"type":"object",
|
|
"properties":{
|
|
"title":{
|
|
"type":"string",
|
|
"description":"Title",
|
|
"title":"Alert Rule Title",
|
|
"x-ms-visibility":"advanced"
|
|
},
|
|
"id":{
|
|
"type":"string",
|
|
"description":"Id",
|
|
"title":"Alert Rule ID",
|
|
"x-ms-visibility":"important"
|
|
}
|
|
}
|
|
},
|
|
"description":"Results"
|
|
}
|
|
},
|
|
"description":"Data"
|
|
},
|
|
"counts":{
|
|
"type":"object",
|
|
"properties":{
|
|
"returned":{
|
|
"type":"integer",
|
|
"format":"int32",
|
|
"description":"Returned",
|
|
"title":"Returned Number of Alert Rules",
|
|
"x-ms-visibility":"advanced"
|
|
},
|
|
"total":{
|
|
"type":"integer",
|
|
"format":"int32",
|
|
"description":"Total",
|
|
"title":"Total Number of Alert Rules",
|
|
"x-ms-visibility":"advanced"
|
|
}
|
|
},
|
|
"description":"Counts"
|
|
}
|
|
}
|
|
}
|
|
}
|
|
},
|
|
"summary":"Search Alert Rules",
|
|
"description":"Search Recorded Future UI Alert Rules",
|
|
"operationId":"Alert_Rules_Search",
|
|
"x-ms-visibility":"advanced",
|
|
"parameters":[
|
|
{
|
|
"name":"freetext",
|
|
"in":"query",
|
|
"required":false,
|
|
"type":"string",
|
|
"description":"Freetext search for Alert Rule Name",
|
|
"x-ms-visibility":"advanced",
|
|
"x-ms-summary":"Freetext search"
|
|
},
|
|
{
|
|
"name":"limit",
|
|
"in":"query",
|
|
"required":false,
|
|
"type":"integer",
|
|
"default":10,
|
|
"x-ms-visibility":"advanced",
|
|
"description":"Maximum number of records",
|
|
"x-ms-summary":"Maximum number of records"
|
|
}
|
|
]
|
|
}
|
|
},
|
|
"/alert/search":{
|
|
"get":{
|
|
"responses":{
|
|
"200":{
|
|
"description":"Default",
|
|
"schema":{
|
|
"$ref":"#/definitions/AlertSearch"
|
|
}
|
|
}
|
|
},
|
|
"summary":"Search Alert Notifications",
|
|
"operationId":"Alert_Not_Search",
|
|
"x-ms-visibility":"advanced",
|
|
"parameters":[
|
|
{
|
|
"name":"triggered",
|
|
"in":"query",
|
|
"required":false,
|
|
"type":"string",
|
|
"description":"All Elasticsearch compatible date formats are valid.",
|
|
"x-ms-summary":"Triggered",
|
|
"x-ms-visibility":"advanced"
|
|
},
|
|
{
|
|
"name":"alertRule",
|
|
"in":"query",
|
|
"required":true,
|
|
"type":"string",
|
|
"description":"Alert Rule ID",
|
|
"x-ms-visibility":"important",
|
|
"x-ms-summary":"Alert Rule ID"
|
|
},
|
|
{
|
|
"name":"limit",
|
|
"in":"query",
|
|
"required":false,
|
|
"type":"integer",
|
|
"default":10,
|
|
"x-ms-visibility":"advanced",
|
|
"description":"Maximum number of records",
|
|
"x-ms-summary":"Maximum number of records"
|
|
},
|
|
{
|
|
"name":"from",
|
|
"in":"query",
|
|
"required":false,
|
|
"type":"integer",
|
|
"description":"Records from offset",
|
|
"x-ms-visibility":"advanced",
|
|
"x-ms-summary":"Records from offset"
|
|
}
|
|
],
|
|
"description":"Search Alert Notifications"
|
|
}
|
|
},
|
|
"/alert/{id}":{
|
|
"get":{
|
|
"responses":{
|
|
"200":{
|
|
"description":"Default",
|
|
"schema":{
|
|
"$ref":"#/definitions/AlertLookup"
|
|
}
|
|
}
|
|
},
|
|
"summary":"Lookup Alert Notification",
|
|
"description":"Lookup Alert Notification",
|
|
"operationId":"Alert_Not_Lookup",
|
|
"parameters":[
|
|
{
|
|
"name":"id",
|
|
"in":"path",
|
|
"required":true,
|
|
"type":"string",
|
|
"description":"Alert Notification ID",
|
|
"x-ms-visibility":"important",
|
|
"x-ms-summary":"Alert Notification ID",
|
|
"x-ms-url-encoding":"single"
|
|
}
|
|
],
|
|
"x-ms-visibility":"advanced"
|
|
}
|
|
},
|
|
"/fusion/files":{
|
|
"get":{
|
|
"responses":{
|
|
"200":{
|
|
"description":"Default",
|
|
"schema":{
|
|
"type":"array",
|
|
"items":{
|
|
"type":"object",
|
|
"properties":{
|
|
"Name":{
|
|
"type":"string"
|
|
},
|
|
"Risk":{
|
|
"type":"integer"
|
|
},
|
|
"RiskString":{
|
|
"type":"string"
|
|
},
|
|
"EvidenceDetails":{
|
|
"type":"object",
|
|
"properties":{
|
|
"EvidenceDetails":{
|
|
"type":"array",
|
|
"items":{
|
|
"type":"object",
|
|
"properties":{
|
|
"Rule":{
|
|
"type":"string"
|
|
},
|
|
"EvidenceString":{
|
|
"type":"string"
|
|
},
|
|
"CriticalityLabel":{
|
|
"type":"string"
|
|
},
|
|
"Timestamp":{
|
|
"type":"integer"
|
|
},
|
|
"MitigationString":{
|
|
"type":"string"
|
|
},
|
|
"Criticality":{
|
|
"type":"integer"
|
|
}
|
|
}
|
|
}
|
|
}
|
|
}
|
|
}
|
|
}
|
|
}
|
|
}
|
|
}
|
|
},
|
|
"summary":"Recorded Future RiskLists and SCF Download",
|
|
"description":"Recorded Future RiskList & Security Control Feeds Download",
|
|
"operationId":"R_List_D",
|
|
"x-ms-visibility":"important",
|
|
"parameters":[
|
|
{
|
|
"name":"path",
|
|
"in":"query",
|
|
"required":true,
|
|
"type":"string",
|
|
"x-ms-visibility":"important",
|
|
"enum":[
|
|
"/public/MicrosoftAzure/ip_default.json",
|
|
"/public/MicrosoftAzure/ip_gt_90.json",
|
|
"/public/MicrosoftAzure/ip_active_c2.json",
|
|
"/public/MicrosoftAzure/ip_current_c2.json",
|
|
"/public/MicrosoftAzure/ip_botnet.json",
|
|
"/public/MicrosoftAzure/ip_insikt.json",
|
|
"/public/MicrosoftAzure/ip_phishing.json",
|
|
"/public/MicrosoftAzure/domain_default.json",
|
|
"/public/MicrosoftAzure/domain_gt_90.json",
|
|
"/public/MicrosoftAzure/domain_c2_dns.json",
|
|
"/public/MicrosoftAzure/domain_ransomware_payment.json",
|
|
"/public/MicrosoftAzure/domain_recent_weaponized.json",
|
|
"/public/MicrosoftAzure/domain_insikt.json",
|
|
"/public/MicrosoftAzure/domain_covid_lure.json",
|
|
"/public/MicrosoftAzure/domain_phishing.json",
|
|
"/public/MicrosoftAzure/url_gt_90.json",
|
|
"/public/MicrosoftAzure/url_c2.json",
|
|
"/public/MicrosoftAzure/url_ransomware_distribution.json",
|
|
"/public/MicrosoftAzure/url_compromised.json",
|
|
"/public/MicrosoftAzure/url_insikt.json",
|
|
"/public/MicrosoftAzure/url_malware_verdict.json",
|
|
"/public/MicrosoftAzure/hash_targeting_vulns.json",
|
|
"/public/MicrosoftAzure/hash_observed_testing.json",
|
|
"/public/MicrosoftAzure/hash_malware_ssl.json",
|
|
"/public/MicrosoftAzure/vuln_default.json",
|
|
"/public/MicrosoftAzure/vuln_gt_90.json",
|
|
"/public/MicrosoftAzure/vuln_recent_active_malware.json",
|
|
"/public/MicrosoftAzure/vuln_recent_exploit_kit.json",
|
|
"/public/MicrosoftAzure/vuln_recent_ransomware.json",
|
|
"/public/MicrosoftAzure/vuln_recent_rat.json",
|
|
"/public/MicrosoftAzure/vuln_recent_poc_remote.json",
|
|
"/public/MicrosoftAzure/vuln_recent_exploit_dev_itw.json",
|
|
"/public/MicrosoftAzure/vuln_exploited_itw_malware.json",
|
|
"/public/MicrosoftAzure/vuln_critical_cyber_signal.json",
|
|
"/public/prevent/c2_communicating_ips.json",
|
|
"/public/prevent/weaponized_domains.json",
|
|
"/public/prevent/weaponized_urls.json",
|
|
"/public/ukraine/ukraine_russia_ip.csv",
|
|
"/public/ukraine/ukraine_russia_domain.csv",
|
|
"/public/ukraine/ukraine_russia_hash.csv",
|
|
"/public/ukraine/ukraine_russia_url.csv"
|
|
],
|
|
"x-ms-editor-options":{
|
|
"items":[
|
|
{
|
|
"title":"IP - Default RiskList",
|
|
"value":"/public/MicrosoftAzure/ip_default.json"
|
|
},
|
|
{
|
|
"title":"IP - 90+ (Very Malicious) RiskList",
|
|
"value":"/public/MicrosoftAzure/ip_gt_90.json"
|
|
},
|
|
{
|
|
"title":"IP - Actively Communicating C&C Server",
|
|
"value":"/public/MicrosoftAzure/ip_active_c2.json"
|
|
},
|
|
{
|
|
"title":"IP - Current C&C Server",
|
|
"value":"/public/MicrosoftAzure/ip_current_c2.json"
|
|
},
|
|
{
|
|
"title":"IP - Recent Botnet Traffic",
|
|
"value":"/public/MicrosoftAzure/ip_botnet.json"
|
|
},
|
|
{
|
|
"title":"IP - Recently Reported by Insikt Group",
|
|
"value":"/public/MicrosoftAzure/ip_insikt.json"
|
|
},
|
|
{
|
|
"title":"IP - Phishing Host",
|
|
"value":"/public/MicrosoftAzure/ip_phishing.json"
|
|
},
|
|
{
|
|
"title":"IP - Ukraine Russia Conflict",
|
|
"value":"/public/ukraine/ukraine_russia_ip.csv"
|
|
},
|
|
{
|
|
"title":"DOMAIN - Default RiskList",
|
|
"value":"/public/MicrosoftAzure/domain_default.json"
|
|
},
|
|
{
|
|
"title":"DOMAIN - 90+ (Very Malicious) RiskList",
|
|
"value":"/public/MicrosoftAzure/domain_gt_90.json"
|
|
},
|
|
{
|
|
"title":"DOMAIN - C&C DNS Name",
|
|
"value":"/public/MicrosoftAzure/domain_c2_dns.json"
|
|
},
|
|
{
|
|
"title":"DOMAIN - Ransomware Payment DNS Name",
|
|
"value":"/public/MicrosoftAzure/domain_ransomware_payment.json"
|
|
},
|
|
{
|
|
"title":"DOMAIN - Recently Active Weaponized Domain",
|
|
"value":"/public/MicrosoftAzure/domain_recent_weaponized.json"
|
|
},
|
|
{
|
|
"title":"DOMAIN - Recently Reported by Insikt Group",
|
|
"value":"/public/MicrosoftAzure/domain_insikt.json"
|
|
},
|
|
{
|
|
"title":"DOMAIN - Recent COVID-19-Related Domain Lure: Malicious",
|
|
"value":"/public/MicrosoftAzure/domain_covid_lure.json"
|
|
},
|
|
{
|
|
"title":"DOMAIN - Recent Phishing Lure: Malicious",
|
|
"value":"/public/MicrosoftAzure/domain_phishing.json"
|
|
},
|
|
{
|
|
"title":"DOMAIN - Ukraine Russia Conflict",
|
|
"value":"/public/ukraine/ukraine_russia_domain.csv"
|
|
},
|
|
{
|
|
"title":"URL - 90+ (Very Malicious) RiskList",
|
|
"value":"/public/MicrosoftAzure/url_gt_90.json"
|
|
},
|
|
{
|
|
"title":"URL - C&C URL",
|
|
"value":"/public/MicrosoftAzure/url_c2.json"
|
|
},
|
|
{
|
|
"title":"URL - Ransomware Distribution URL",
|
|
"value":"/public/MicrosoftAzure/url_ransomware_distribution.json"
|
|
},
|
|
{
|
|
"title":"URL - Compromised URL",
|
|
"value":"/public/MicrosoftAzure/url_compromised.json"
|
|
},
|
|
{
|
|
"title":"URL - Recently Reported by Insikt Group",
|
|
"value":"/public/MicrosoftAzure/url_insikt.json"
|
|
},
|
|
{
|
|
"title":"URL - Positive Malware Verdict",
|
|
"value":"/public/MicrosoftAzure/url_malware_verdict.json"
|
|
},
|
|
{
|
|
"title":"URL - Ukraine Russia Conflict",
|
|
"value":"/public/ukraine/ukraine_russia_url.csv"
|
|
},
|
|
{
|
|
"title":"HASH - Recently Active Targeting Vulnerabilities in the Wild",
|
|
"value":"/public/MicrosoftAzure/hash_targeting_vulns.json"
|
|
},
|
|
{
|
|
"title":"HASH - Observed in Underground Virus Testing Sites ",
|
|
"value":"/public/MicrosoftAzure/hash_observed_testing.json"
|
|
},
|
|
{
|
|
"title":"HASH - Malware SSL Certificate Fingerprint",
|
|
"value":"/public/MicrosoftAzure/hash_malware_ssl.json"
|
|
},
|
|
{
|
|
"title":"HASH - Ukraine Russia Conflict",
|
|
"value":"/public/ukraine/ukraine_russia_hash.csv"
|
|
},
|
|
{
|
|
"title":"(SCF) Security Control Feed: Command and Control IPs",
|
|
"value":"/public/prevent/c2_communicating_ips.json"
|
|
},
|
|
{
|
|
"title":"(SCF) Security Control Feed: Weaponized Domains",
|
|
"value":"/public/prevent/weaponized_domains.json"
|
|
},
|
|
{
|
|
"title":"(SCF) Security Control Feed: Weaponized URLs",
|
|
"value":"/public/prevent/weaponized_urls.json"
|
|
},
|
|
{
|
|
"title":"VULNERABILITY - Default RiskList",
|
|
"value":"/public/MicrosoftAzure/vuln_default.json"
|
|
},
|
|
{
|
|
"title":"VULNERABILITY - 90+ (Very Malicious) RiskList",
|
|
"value":"/public/MicrosoftAzure/vuln_gt_90.json"
|
|
},
|
|
{
|
|
"title":"VULNERABILITY - Exploited in the Wild by Recently Active Malware",
|
|
"value":"/public/MicrosoftAzure/vuln_recent_active_malware.json"
|
|
},
|
|
{
|
|
"title":"VULNERABILITY - Recently Linked to Exploit Kit",
|
|
"value":"/public/MicrosoftAzure/vuln_recent_exploit_kit.json"
|
|
},
|
|
{
|
|
"title":"VULNERABILITY - Recently Linked to Ransomware",
|
|
"value":"/public/MicrosoftAzure/vuln_recent_ransomware.json"
|
|
},
|
|
{
|
|
"title":"VULNERABILITY - Recently Linked to Remote Access Trojan",
|
|
"value":"/public/MicrosoftAzure/vuln_recent_rat.json"
|
|
},
|
|
{
|
|
"title":"VULNERABILITY - Recent Verified Proof of Concept Available Using Remote Execution",
|
|
"value":"/public/MicrosoftAzure/vuln_recent_poc_remote.json"
|
|
},
|
|
{
|
|
"title":"VULNERABILITY - Recently Observed Exploit/Tool Development in the Wild",
|
|
"value":"/public/MicrosoftAzure/vuln_recent_exploit_dev_itw.json"
|
|
},
|
|
{
|
|
"title":"VULNERABILITY - Exploited in the Wild by Malware",
|
|
"value":"/public/MicrosoftAzure/vuln_exploited_itw_malware.json"
|
|
},
|
|
{
|
|
"title":"VULNERABILITY - Cyber Exploit Signal: Critical",
|
|
"value":"/public/MicrosoftAzure/vuln_critical_cyber_signal.json"
|
|
}
|
|
]
|
|
},
|
|
"description":"Path to file",
|
|
"x-ms-summary":"Path to file"
|
|
}
|
|
]
|
|
}
|
|
},
|
|
"/soar/lookup":{
|
|
"post":{
|
|
"responses":{
|
|
"200":{
|
|
"description":"Default",
|
|
"schema":{
|
|
"type":"object",
|
|
"properties":{
|
|
"counts":{
|
|
"type":"object",
|
|
"properties":{
|
|
"returned":{
|
|
"type":"integer"
|
|
},
|
|
"total":{
|
|
"type":"integer"
|
|
}
|
|
}
|
|
},
|
|
"data":{
|
|
"type":"object",
|
|
"properties":{
|
|
"results":{
|
|
"type":"array",
|
|
"items":{
|
|
"type":"object",
|
|
"properties":{
|
|
"entity":{
|
|
"type":"object",
|
|
"properties":{
|
|
"id":{
|
|
"type":"string"
|
|
},
|
|
"name":{
|
|
"type":"string"
|
|
},
|
|
"type":{
|
|
"type":"string"
|
|
}
|
|
}
|
|
},
|
|
"risk":{
|
|
"type":"object",
|
|
"properties":{
|
|
"context":{
|
|
"type":"object"
|
|
},
|
|
"level":{
|
|
"type":"number"
|
|
},
|
|
"rule":{
|
|
"type":"object"
|
|
},
|
|
"score":{
|
|
"type":"number"
|
|
}
|
|
}
|
|
}
|
|
}
|
|
}
|
|
}
|
|
}
|
|
}
|
|
}
|
|
}
|
|
}
|
|
},
|
|
"summary":"SOAR API - Look up multiple entities",
|
|
"description":"SOAR API - Look up multiple entities (Specific Access is Required)",
|
|
"operationId":"Soar_Bulk_Lookup",
|
|
"x-ms-visibility":"important",
|
|
"consumes":[
|
|
"application/json"
|
|
],
|
|
"parameters":[
|
|
{
|
|
"name":"body",
|
|
"in":"body",
|
|
"required":false,
|
|
"schema":{
|
|
"type":"object",
|
|
"properties":{
|
|
"ip":{
|
|
"type":"array",
|
|
"items":{
|
|
"type":"string",
|
|
"description":"An IP or array of IPs: array[string]",
|
|
"title":"IP",
|
|
"x-ms-visibility":"important"
|
|
},
|
|
"description":"Ip"
|
|
},
|
|
"url":{
|
|
"type":"array",
|
|
"items":{
|
|
"type":"string",
|
|
"description":"An URL or array of URLs: array[string]",
|
|
"title":"URL",
|
|
"x-ms-visibility":"important"
|
|
},
|
|
"description":"Url"
|
|
},
|
|
"domain":{
|
|
"type":"array",
|
|
"items":{
|
|
"type":"string",
|
|
"description":"A domain or array of domains: array[string]",
|
|
"title":"Domain",
|
|
"x-ms-visibility":"important"
|
|
},
|
|
"description":"Domain"
|
|
},
|
|
"hash":{
|
|
"type":"array",
|
|
"items":{
|
|
"type":"string",
|
|
"description":"A hash or array of hashes: array[string]",
|
|
"title":"HASH",
|
|
"x-ms-visibility":"advanced"
|
|
},
|
|
"description":"Hash"
|
|
},
|
|
"vulnerability":{
|
|
"type":"array",
|
|
"items":{
|
|
"type":"string",
|
|
"description":"A vulnerability ID or an array of vulnerability IDs: array[string]",
|
|
"title":"Vulnerability",
|
|
"x-ms-visibility":"advanced"
|
|
},
|
|
"description":"Vulnerability"
|
|
}
|
|
}
|
|
}
|
|
}
|
|
]
|
|
}
|
|
}
|
|
},
|
|
"x-ms-connector-metadata":[
|
|
{
|
|
"propertyName":"Website",
|
|
"propertyValue":"https://www.recordedfuture.com"
|
|
},
|
|
{
|
|
"propertyName":"Privacy Policy",
|
|
"propertyValue":"https://www.recordedfuture.com/privacy-policy/"
|
|
},
|
|
{
|
|
"propertyName":"Categories",
|
|
"propertyValue":"AI;Data"
|
|
}
|
|
],
|
|
"definitions":{
|
|
"Links":{
|
|
"type":"object",
|
|
"title":"links",
|
|
"description":"High Confidence Evidence Based Links",
|
|
"x-ms-visibility":"important",
|
|
"properties":{
|
|
"technical":{
|
|
"type":"object",
|
|
"title":"technical",
|
|
"description":"Technical links generated through network traffic analysis, malware analysis, infrastructure analysis and more",
|
|
"x-ms-visibility":"important",
|
|
"properties":{
|
|
"start_date":{
|
|
"type":"string",
|
|
"title":"startDate",
|
|
"description":"Link start date",
|
|
"x-ms-visibility":"important"
|
|
},
|
|
"stop_date":{
|
|
"type":"string",
|
|
"title":"stopDate",
|
|
"description":"Link stop date",
|
|
"x-ms-visibility":"important"
|
|
},
|
|
"entities":{
|
|
"type":"array",
|
|
"title":"entities",
|
|
"description":"Related entities",
|
|
"x-ms-visibility":"important",
|
|
"items":{
|
|
"$ref":"#/definitions/LinkEntities"
|
|
}
|
|
}
|
|
}
|
|
},
|
|
"research":{
|
|
"type":"object",
|
|
"title":"research",
|
|
"description":"Research links discovered by Insikt Group",
|
|
"x-ms-visibility":"important",
|
|
"properties":{
|
|
"start_date":{
|
|
"type":"string",
|
|
"title":"startDate",
|
|
"description":"Link start date",
|
|
"x-ms-visibility":"important"
|
|
},
|
|
"stop_date":{
|
|
"type":"string",
|
|
"title":"stopDate",
|
|
"description":"Link stop date",
|
|
"x-ms-visibility":"important"
|
|
},
|
|
"entities":{
|
|
"type":"array",
|
|
"title":"entities",
|
|
"description":"Related entities",
|
|
"x-ms-visibility":"important",
|
|
"items":{
|
|
"$ref":"#/definitions/LinkEntities"
|
|
}
|
|
}
|
|
}
|
|
}
|
|
}
|
|
},
|
|
"LinkEntities":{
|
|
"type":"object",
|
|
"properties":{
|
|
"type":{
|
|
"type":"string",
|
|
"title":"type",
|
|
"description":"Enitity type",
|
|
"x-ms-visibility":"important"
|
|
},
|
|
"name":{
|
|
"type":"string",
|
|
"title":"name",
|
|
"description":"Entity name",
|
|
"x-ms-visibility":"important"
|
|
},
|
|
"score":{
|
|
"type":"integer",
|
|
"title":"score",
|
|
"description":"Risk score",
|
|
"x-ms-visibility":"important"
|
|
},
|
|
"category":{
|
|
"type":"string",
|
|
"title":"category",
|
|
"description":"Entity category",
|
|
"x-ms-visibility":"important"
|
|
}
|
|
}
|
|
},
|
|
"AlertSearch":{
|
|
"type":"object",
|
|
"properties":{
|
|
"data":{
|
|
"type":"object",
|
|
"properties":{
|
|
"results":{
|
|
"type":"array",
|
|
"items":{
|
|
"type":"object",
|
|
"properties":{
|
|
"review":{
|
|
"$ref":"#/definitions/AlertReview"
|
|
},
|
|
"url":{
|
|
"$ref":"#/definitions/AlertURL"
|
|
},
|
|
"rule":{
|
|
"$ref":"#/definitions/AlertRule"
|
|
},
|
|
"triggered":{
|
|
"$ref":"#/definitions/AlertTriggered"
|
|
},
|
|
"id":{
|
|
"$ref":"#/definitions/AlertID"
|
|
},
|
|
"title":{
|
|
"$ref":"#/definitions/AlertTitle"
|
|
},
|
|
"type":{
|
|
"$ref":"#/definitions/AlertType"
|
|
}
|
|
}
|
|
}
|
|
}
|
|
}
|
|
},
|
|
"counts":{
|
|
"type":"object",
|
|
"properties":{
|
|
"returned":{
|
|
"type":"integer"
|
|
},
|
|
"total":{
|
|
"type":"integer"
|
|
}
|
|
}
|
|
}
|
|
}
|
|
},
|
|
"AlertLookup":{
|
|
"type":"object",
|
|
"properties":{
|
|
"data":{
|
|
"type":"object",
|
|
"properties":{
|
|
"review":{
|
|
"$ref":"#/definitions/AlertReview"
|
|
},
|
|
"entities":{
|
|
"$ref":"#/definitions/AlertEntities"
|
|
},
|
|
"url":{
|
|
"$ref":"#/definitions/AlertURL"
|
|
},
|
|
"rule":{
|
|
"$ref":"#/definitions/AlertRule"
|
|
},
|
|
"triggered":{
|
|
"$ref":"#/definitions/AlertTriggered"
|
|
},
|
|
"id":{
|
|
"$ref":"#/definitions/AlertID"
|
|
},
|
|
"counts":{
|
|
"type":"object",
|
|
"properties":{
|
|
"references":{
|
|
"type":"integer"
|
|
},
|
|
"entities":{
|
|
"type":"integer"
|
|
},
|
|
"documents":{
|
|
"type":"integer"
|
|
}
|
|
}
|
|
},
|
|
"title":{
|
|
"$ref":"#/definitions/AlertTitle"
|
|
},
|
|
"type":{
|
|
"$ref":"#/definitions/AlertType"
|
|
}
|
|
}
|
|
}
|
|
}
|
|
},
|
|
"AlertReview":{
|
|
"type":"object",
|
|
"properties":{
|
|
"assignee":{
|
|
"type":"string"
|
|
},
|
|
"status":{
|
|
"type":"string"
|
|
},
|
|
"noteDate":{
|
|
"type":"string"
|
|
},
|
|
"noteAuthor":{
|
|
"type":"string"
|
|
},
|
|
"note":{
|
|
"type":"string"
|
|
}
|
|
}
|
|
},
|
|
"AlertEntities":{
|
|
"type":"array",
|
|
"items":{
|
|
"type":"object",
|
|
"properties":{
|
|
"trend":{
|
|
"type":"object",
|
|
"additionalProperties":true
|
|
},
|
|
"documents":{
|
|
"type":"array",
|
|
"items":{
|
|
"type":"object",
|
|
"properties":{
|
|
"references":{
|
|
"type":"array",
|
|
"items":{
|
|
"type":"object",
|
|
"properties":{
|
|
"fragment":{
|
|
"type":"string"
|
|
},
|
|
"entities":{
|
|
"type":"array",
|
|
"items":{
|
|
"type":"object",
|
|
"properties":{
|
|
"id":{
|
|
"type":"string"
|
|
},
|
|
"name":{
|
|
"type":"string"
|
|
},
|
|
"type":{
|
|
"type":"string"
|
|
}
|
|
}
|
|
}
|
|
},
|
|
"language":{
|
|
"type":"string"
|
|
}
|
|
}
|
|
}
|
|
},
|
|
"source":{
|
|
"type":"object",
|
|
"properties":{
|
|
"id":{
|
|
"type":"string"
|
|
},
|
|
"name":{
|
|
"type":"string"
|
|
},
|
|
"type":{
|
|
"type":"string"
|
|
}
|
|
}
|
|
},
|
|
"title":{
|
|
"type":"string"
|
|
},
|
|
"url":{
|
|
"type":"string"
|
|
}
|
|
}
|
|
}
|
|
},
|
|
"risk":{
|
|
"type":"object",
|
|
"additionalProperties":true
|
|
},
|
|
"entity":{
|
|
"type":"object",
|
|
"properties":{
|
|
"id":{
|
|
"type":"string"
|
|
},
|
|
"name":{
|
|
"type":"string"
|
|
},
|
|
"type":{
|
|
"type":"string"
|
|
}
|
|
}
|
|
}
|
|
}
|
|
}
|
|
},
|
|
"AlertURL":{
|
|
"type":"string"
|
|
},
|
|
"AlertRule":{
|
|
"type":"object",
|
|
"properties":{
|
|
"name":{
|
|
"type":"string"
|
|
},
|
|
"id":{
|
|
"type":"string"
|
|
},
|
|
"url":{
|
|
"type":"string"
|
|
}
|
|
}
|
|
},
|
|
"AlertTriggered":{
|
|
"type":"string"
|
|
},
|
|
"AlertID":{
|
|
"type":"string"
|
|
},
|
|
"AlertTitle":{
|
|
"type":"string"
|
|
},
|
|
"AlertType":{
|
|
"type":"string"
|
|
}
|
|
},
|
|
"securityDefinitions":{
|
|
"API Key":{
|
|
"type":"apiKey",
|
|
"in":"header",
|
|
"name":"X-RFToken"
|
|
}
|
|
},
|
|
"security":[
|
|
{
|
|
"API Key":[
|
|
|
|
]
|
|
}
|
|
]
|
|
}
|