Create a new issue

Cortex XSIAM Platform APIs
post /public_api/v1/issue

This endpoint allows users to create a new issue by providing the necessary details. Users can only create one issue at a time.

  • The request must include the following required fields:
    • name
    • description
    • observation_time
    • issue_domain
    • category
    • severity

Required license: Cortex XSIAM Premium or Cortex XSIAM Enterprise or Cortex XSIAM NG SIEM or Cortex XSIAM Enterprise Plus.

Request headers
Authorization String required

{api_key}
Example: authorization_example
x-xdr-auth-id String required

{api_key_id}
Example: xXdrAuthId_example
CLIENT REQUEST
curl -X 'POST'
-H 'Accept: application/json'
-H 'Content-Type: application/json'
-H 'Authorization: authorization_example' -H 'x-xdr-auth-id: xXdrAuthId_example'
'https://api-yourfqdn/public_api/v1/issue'
-d ''
import http.client conn = http.client.HTTPSConnection("api-yourfqdn") payload = "{\"request_data\":{\"issue\":{\"owner\":\"CWP\",\"name\":\"Unauthorized Access Detected\",\"description\":\"An unauthorized login attempt was detected from an unknown IP address.\",\"observation_time\":1700000000000,\"issue_domain\":\"Security\",\"category\":\"CONFIGURATION\",\"asset_ids\":[\"asset-456\"],\"mitre_tactics\":[\"TA0001\",\"TA0002\"],\"mitre_techniques\":[\"T1003\",\"T1059\"],\"type\":\"Threat Intelligence\",\"remediation\":\"Apply security patches and restrict access to affected resources.\",\"extended_description\":\"This alert was triggered due to multiple failed login attempts within a short time frame.\",\"impact\":\"Potential unauthorized system access\",\"initial_evidence\":\"The fine-tuned model llama3, hosted in AWS under the account my_account, was trained on /secrets, which was found to be publicly writable in S3 my_bucket\",\"tags\":[\"critical\",\"network\"],\"is_excluded\":false,\"is_starred\":true,\"assigned_to\":\"security_team_lead\",\"assigned_to_pretty\":\"Alice Smith\",\"severity\":\"HIGH\",\"normalized_fields\":{\"xdm.source.location.country\":[\"US\"],\"xdm.source.ipv4\":[\"192.168.1.1\"],\"xdm.source.host.ipv4_addresses\":[\"192.168.1.2\",\"192.168.1.3\"],\"xdm.source.identity.username\":[\"admin\"],\"xdm.source.process.causality_id\":[\"abc123\"],\"xdm.source.process.command_line\":[\"/usr/bin/process -arg1 -arg2\"],\"xdm.source.process.executable.filename\":\"process_executable\",\"xdm.source.process.name\":[\"process_name\"],\"xdm.source.process.executable.path\":[\"/usr/bin/process_executable\"],\"xdm.source.process.executable.sha256\":[\"f9c7b6e24f7e93d8d3e5c76f8b1b88cd8f17b34a7a4a2e3d5b2dbf09f5b8fdc2\"],\"xdm.source.host.hostname\":\"hostname1\",\"xdm.source.host.os_family\":\"Linux\",\"xdm.source.agent.identifier\":\"agent123\",\"xdm.source.agent.installation_id\":\"installation123\",\"xdm.source.host.fqdn\":\"hostname1.domain.com\",\"xdm.source.process.executable.signature_status\":[\"SIGNATURE_UNAVAILABLE\"],\"xdm.target.file.filename\":[\"target_file.txt\"],\"xdm.target.module.filename\":\"target_module.so\",\"xdm.target.file.sha256\":[\"d4bfc6fabe8d6d1b76e5b441dc8d01758276281f56c929b282ac5c3ee704c431\"],\"xdm.target.module.sha256\":\"7f4eafdad74bfedabf370a3725a5077c\",\"xdm.target.process.command_line\":[\"/usr/bin/target_process -option\"],\"xdm.target.process.executable.sha256\":[\"7b21d50d6270f95b5a2cf582bf94b315cd75a034dd9478c0e5b4089bbd9b59ac\"],\"xdm.target.process.executable.signature_status\":[\"SIGNATURE_UNAVAILABLE\"],\"xdm.target.process.executable.signer\":[\"string\"],\"xdm.target.process.executable.path\":[\"string\"],\"xdm.target.ipv4\":[\"string\"],\"xdm.target.host.ipv4_addresses\":[\"10.0.0.2\",\"10.0.0.3\"],\"xdm.target.host.ipv6_addresses\":[\"string\"],\"xdm.target.ipv6\":[\"10.0.0.2\",\"10.0.0.3\"],\"xdm.target.port\":[8080],\"xdm.target.location.country\":\"US\",\"xdm.target.host.hostname\":\"hostname\",\"xdm.target.identity.username\":\"user1\",\"xdm.target.url\":\"https://example.com\",\"xdm.target.process.executable.filename\":[\"target_process\"],\"xdm.target.process.name\":\"target_process\",\"xdm.target.agent.identifier\":\"target_agent\",\"xdm.target.registry.value\":[\"registry_value\"],\"xdm.target.registry.data\":[\"registry_data\"],\"xdm.target.registry.key\":[\"registry_key\"],\"xdm.email.attachment.sha256\":\"a1b2c3d4e5f6789abcde1234567890f2\",\"xdm.email.attachment.filename\":\"attachment.pdf\",\"xdm.email.sender\":\"sender@example.com\",\"xdm.event.type\":\"Intrusion\",\"xdm.cloud.provider\":\"AWS\",\"xdm.cloud.project\":\"CloudProject1\",\"xdm.cloud.project_id\":\"cloud_project_id_123\",\"xdm.cloud.region\":\"us-east-1\",\"xdm.cloud.function.id\":\"cloud_func_123\",\"xdm.cloud.function.name\":\"cloud_function\",\"xdm.cloud.function.version\":\"v1.0.0\",\"xdm.cloud.function.request_id\":\"req_123\",\"xdm.cloud.function.runtime\":\"nodejs\",\"xdm.observer.unique_identifier\":\"observer123\",\"xdm.observer.type\":\"Server\",\"xdm.observer.sub_type\":\"Linux\",\"xdm.observer.name\":\"Observer 1\",\"xdm.vulnerability.cve_id\":\"CVE-2021-12345\",\"xdm.vulnerability.severity\":\"HIGH\",\"xdm.vulnerability.fix_versions\":[\"1.0.1\",\"1.0.2\"],\"xdm.vulnerability.cve_risk_factors\":[\"Exploitability\",\"Impact\"],\"xdm.vulnerability.cvss_score\":7.8,\"xdm.vulnerability.cvss_vector\":\"AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"xdm.software_package.version\":\"1.0.0\",\"xdm.software_package.purl\":\"pkg:maven/com.example/software@1.0.0\",\"xdm.software_package.layer_id\":\"layer123\",\"xdm.software_package.type\":\"Library\",\"xdm.software_package.installation_type\":\"Automatic\",\"xdm.software_package.package_manager\":\"npm\",\"xdm.software_package.dependency_type\":\"Direct\",\"xdm.software_package.language\":\"JavaScript\",\"xdm.malware.verdict\":\"Malicious\",\"xdm.malware.virus_total_link\":\"https://www.virustotal.com/gui/file/abcd1234\",\"xdm.malware.layer_id\":\"malware_layer123\",\"xdm.secret.secret_type\":\"API Key\",\"xdm.secret.unique_identifier\":\"secret_id_123\",\"xdm.secret.snippet\":\"API Key: 12345\",\"xdm.secret.layer_id\":\"secret_layer123\",\"xdm.file.filename\":\"file.txt\",\"xdm.file.path\":[\"/path/to/file.txt\"],\"xdm.file.sha256\":\"abc1234567890def0987654321\",\"xdm.file.size\":1024,\"xdm.file.last_modified\":1615465123,\"xdm.file.metadata_change_time\":1615465000,\"xdm.file.owner_id\":\"user1\",\"xdm.file.owner_name\":\"fileowner\",\"xdm.file.group_id\":\"group1\",\"xdm.file.group_name\":\"groupname\",\"xdm.file.permissions.owner\":[\"read\",\"write\"],\"xdm.file.permissions.group\":[\"read\"],\"xdm.file.permissions.others\":[\"read\"],\"xdm.file.position.start.line\":1,\"xdm.file.position.start.character\":0,\"xdm.file.position.end.line\":100,\"xdm.file.position.end.character\":80,\"xdm.url\":\"https://example.com\",\"xdm.domain\":\"example.com\",\"xdm.application_protocol\":\"HTTPS\"},\"custom_fields\":{}}}}" headers = { 'Authorization': "SOME_STRING_VALUE", 'x-xdr-auth-id': "SOME_STRING_VALUE", 'content-type': "application/json" } conn.request("POST", "/public_api/v1/issue", payload, headers) res = conn.getresponse() data = res.read() print(data.decode("utf-8"))
require 'uri' require 'net/http' require 'openssl' url = URI("https://api-yourfqdn/public_api/v1/issue") http = Net::HTTP.new(url.host, url.port) http.use_ssl = true http.verify_mode = OpenSSL::SSL::VERIFY_NONE request = Net::HTTP::Post.new(url) request["Authorization"] = 'SOME_STRING_VALUE' request["x-xdr-auth-id"] = 'SOME_STRING_VALUE' request["content-type"] = 'application/json' request.body = "{\"request_data\":{\"issue\":{\"owner\":\"CWP\",\"name\":\"Unauthorized Access Detected\",\"description\":\"An unauthorized login attempt was detected from an unknown IP address.\",\"observation_time\":1700000000000,\"issue_domain\":\"Security\",\"category\":\"CONFIGURATION\",\"asset_ids\":[\"asset-456\"],\"mitre_tactics\":[\"TA0001\",\"TA0002\"],\"mitre_techniques\":[\"T1003\",\"T1059\"],\"type\":\"Threat Intelligence\",\"remediation\":\"Apply security patches and restrict access to affected resources.\",\"extended_description\":\"This alert was triggered due to multiple failed login attempts within a short time frame.\",\"impact\":\"Potential unauthorized system access\",\"initial_evidence\":\"The fine-tuned model llama3, hosted in AWS under the account my_account, was trained on /secrets, which was found to be publicly writable in S3 my_bucket\",\"tags\":[\"critical\",\"network\"],\"is_excluded\":false,\"is_starred\":true,\"assigned_to\":\"security_team_lead\",\"assigned_to_pretty\":\"Alice Smith\",\"severity\":\"HIGH\",\"normalized_fields\":{\"xdm.source.location.country\":[\"US\"],\"xdm.source.ipv4\":[\"192.168.1.1\"],\"xdm.source.host.ipv4_addresses\":[\"192.168.1.2\",\"192.168.1.3\"],\"xdm.source.identity.username\":[\"admin\"],\"xdm.source.process.causality_id\":[\"abc123\"],\"xdm.source.process.command_line\":[\"/usr/bin/process -arg1 -arg2\"],\"xdm.source.process.executable.filename\":\"process_executable\",\"xdm.source.process.name\":[\"process_name\"],\"xdm.source.process.executable.path\":[\"/usr/bin/process_executable\"],\"xdm.source.process.executable.sha256\":[\"f9c7b6e24f7e93d8d3e5c76f8b1b88cd8f17b34a7a4a2e3d5b2dbf09f5b8fdc2\"],\"xdm.source.host.hostname\":\"hostname1\",\"xdm.source.host.os_family\":\"Linux\",\"xdm.source.agent.identifier\":\"agent123\",\"xdm.source.agent.installation_id\":\"installation123\",\"xdm.source.host.fqdn\":\"hostname1.domain.com\",\"xdm.source.process.executable.signature_status\":[\"SIGNATURE_UNAVAILABLE\"],\"xdm.target.file.filename\":[\"target_file.txt\"],\"xdm.target.module.filename\":\"target_module.so\",\"xdm.target.file.sha256\":[\"d4bfc6fabe8d6d1b76e5b441dc8d01758276281f56c929b282ac5c3ee704c431\"],\"xdm.target.module.sha256\":\"7f4eafdad74bfedabf370a3725a5077c\",\"xdm.target.process.command_line\":[\"/usr/bin/target_process -option\"],\"xdm.target.process.executable.sha256\":[\"7b21d50d6270f95b5a2cf582bf94b315cd75a034dd9478c0e5b4089bbd9b59ac\"],\"xdm.target.process.executable.signature_status\":[\"SIGNATURE_UNAVAILABLE\"],\"xdm.target.process.executable.signer\":[\"string\"],\"xdm.target.process.executable.path\":[\"string\"],\"xdm.target.ipv4\":[\"string\"],\"xdm.target.host.ipv4_addresses\":[\"10.0.0.2\",\"10.0.0.3\"],\"xdm.target.host.ipv6_addresses\":[\"string\"],\"xdm.target.ipv6\":[\"10.0.0.2\",\"10.0.0.3\"],\"xdm.target.port\":[8080],\"xdm.target.location.country\":\"US\",\"xdm.target.host.hostname\":\"hostname\",\"xdm.target.identity.username\":\"user1\",\"xdm.target.url\":\"https://example.com\",\"xdm.target.process.executable.filename\":[\"target_process\"],\"xdm.target.process.name\":\"target_process\",\"xdm.target.agent.identifier\":\"target_agent\",\"xdm.target.registry.value\":[\"registry_value\"],\"xdm.target.registry.data\":[\"registry_data\"],\"xdm.target.registry.key\":[\"registry_key\"],\"xdm.email.attachment.sha256\":\"a1b2c3d4e5f6789abcde1234567890f2\",\"xdm.email.attachment.filename\":\"attachment.pdf\",\"xdm.email.sender\":\"sender@example.com\",\"xdm.event.type\":\"Intrusion\",\"xdm.cloud.provider\":\"AWS\",\"xdm.cloud.project\":\"CloudProject1\",\"xdm.cloud.project_id\":\"cloud_project_id_123\",\"xdm.cloud.region\":\"us-east-1\",\"xdm.cloud.function.id\":\"cloud_func_123\",\"xdm.cloud.function.name\":\"cloud_function\",\"xdm.cloud.function.version\":\"v1.0.0\",\"xdm.cloud.function.request_id\":\"req_123\",\"xdm.cloud.function.runtime\":\"nodejs\",\"xdm.observer.unique_identifier\":\"observer123\",\"xdm.observer.type\":\"Server\",\"xdm.observer.sub_type\":\"Linux\",\"xdm.observer.name\":\"Observer 1\",\"xdm.vulnerability.cve_id\":\"CVE-2021-12345\",\"xdm.vulnerability.severity\":\"HIGH\",\"xdm.vulnerability.fix_versions\":[\"1.0.1\",\"1.0.2\"],\"xdm.vulnerability.cve_risk_factors\":[\"Exploitability\",\"Impact\"],\"xdm.vulnerability.cvss_score\":7.8,\"xdm.vulnerability.cvss_vector\":\"AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"xdm.software_package.version\":\"1.0.0\",\"xdm.software_package.purl\":\"pkg:maven/com.example/software@1.0.0\",\"xdm.software_package.layer_id\":\"layer123\",\"xdm.software_package.type\":\"Library\",\"xdm.software_package.installation_type\":\"Automatic\",\"xdm.software_package.package_manager\":\"npm\",\"xdm.software_package.dependency_type\":\"Direct\",\"xdm.software_package.language\":\"JavaScript\",\"xdm.malware.verdict\":\"Malicious\",\"xdm.malware.virus_total_link\":\"https://www.virustotal.com/gui/file/abcd1234\",\"xdm.malware.layer_id\":\"malware_layer123\",\"xdm.secret.secret_type\":\"API Key\",\"xdm.secret.unique_identifier\":\"secret_id_123\",\"xdm.secret.snippet\":\"API Key: 12345\",\"xdm.secret.layer_id\":\"secret_layer123\",\"xdm.file.filename\":\"file.txt\",\"xdm.file.path\":[\"/path/to/file.txt\"],\"xdm.file.sha256\":\"abc1234567890def0987654321\",\"xdm.file.size\":1024,\"xdm.file.last_modified\":1615465123,\"xdm.file.metadata_change_time\":1615465000,\"xdm.file.owner_id\":\"user1\",\"xdm.file.owner_name\":\"fileowner\",\"xdm.file.group_id\":\"group1\",\"xdm.file.group_name\":\"groupname\",\"xdm.file.permissions.owner\":[\"read\",\"write\"],\"xdm.file.permissions.group\":[\"read\"],\"xdm.file.permissions.others\":[\"read\"],\"xdm.file.position.start.line\":1,\"xdm.file.position.start.character\":0,\"xdm.file.position.end.line\":100,\"xdm.file.position.end.character\":80,\"xdm.url\":\"https://example.com\",\"xdm.domain\":\"example.com\",\"xdm.application_protocol\":\"HTTPS\"},\"custom_fields\":{}}}}" response = http.request(request) puts response.read_body
const data = JSON.stringify({ "request_data": { "issue": { "owner": "CWP", "name": "Unauthorized Access Detected", "description": "An unauthorized login attempt was detected from an unknown IP address.", "observation_time": 1700000000000, "issue_domain": "Security", "category": "CONFIGURATION", "asset_ids": [ "asset-456" ], "mitre_tactics": [ "TA0001", "TA0002" ], "mitre_techniques": [ "T1003", "T1059" ], "type": "Threat Intelligence", "remediation": "Apply security patches and restrict access to affected resources.", "extended_description": "This alert was triggered due to multiple failed login attempts within a short time frame.", "impact": "Potential unauthorized system access", "initial_evidence": "The fine-tuned model llama3, hosted in AWS under the account my_account, was trained on /secrets, which was found to be publicly writable in S3 my_bucket", "tags": [ "critical", "network" ], "is_excluded": false, "is_starred": true, "assigned_to": "security_team_lead", "assigned_to_pretty": "Alice Smith", "severity": "HIGH", "normalized_fields": { "xdm.source.location.country": [ "US" ], "xdm.source.ipv4": [ "192.168.1.1" ], "xdm.source.host.ipv4_addresses": [ "192.168.1.2", "192.168.1.3" ], "xdm.source.identity.username": [ "admin" ], "xdm.source.process.causality_id": [ "abc123" ], "xdm.source.process.command_line": [ "/usr/bin/process -arg1 -arg2" ], "xdm.source.process.executable.filename": "process_executable", "xdm.source.process.name": [ "process_name" ], "xdm.source.process.executable.path": [ "/usr/bin/process_executable" ], "xdm.source.process.executable.sha256": [ "f9c7b6e24f7e93d8d3e5c76f8b1b88cd8f17b34a7a4a2e3d5b2dbf09f5b8fdc2" ], "xdm.source.host.hostname": "hostname1", "xdm.source.host.os_family": "Linux", "xdm.source.agent.identifier": "agent123", "xdm.source.agent.installation_id": "installation123", "xdm.source.host.fqdn": "hostname1.domain.com", "xdm.source.process.executable.signature_status": [ "SIGNATURE_UNAVAILABLE" ], "xdm.target.file.filename": [ "target_file.txt" ], "xdm.target.module.filename": "target_module.so", "xdm.target.file.sha256": [ "d4bfc6fabe8d6d1b76e5b441dc8d01758276281f56c929b282ac5c3ee704c431" ], "xdm.target.module.sha256": "7f4eafdad74bfedabf370a3725a5077c", "xdm.target.process.command_line": [ "/usr/bin/target_process -option" ], "xdm.target.process.executable.sha256": [ "7b21d50d6270f95b5a2cf582bf94b315cd75a034dd9478c0e5b4089bbd9b59ac" ], "xdm.target.process.executable.signature_status": [ "SIGNATURE_UNAVAILABLE" ], "xdm.target.process.executable.signer": [ "string" ], "xdm.target.process.executable.path": [ "string" ], "xdm.target.ipv4": [ "string" ], "xdm.target.host.ipv4_addresses": [ "10.0.0.2", "10.0.0.3" ], "xdm.target.host.ipv6_addresses": [ "string" ], "xdm.target.ipv6": [ "10.0.0.2", "10.0.0.3" ], "xdm.target.port": [ 8080 ], "xdm.target.location.country": "US", "xdm.target.host.hostname": "hostname", "xdm.target.identity.username": "user1", "xdm.target.url": "https://example.com", "xdm.target.process.executable.filename": [ "target_process" ], "xdm.target.process.name": "target_process", "xdm.target.agent.identifier": "target_agent", "xdm.target.registry.value": [ "registry_value" ], "xdm.target.registry.data": [ "registry_data" ], "xdm.target.registry.key": [ "registry_key" ], "xdm.email.attachment.sha256": "a1b2c3d4e5f6789abcde1234567890f2", "xdm.email.attachment.filename": "attachment.pdf", "xdm.email.sender": "sender@example.com", "xdm.event.type": "Intrusion", "xdm.cloud.provider": "AWS", "xdm.cloud.project": "CloudProject1", "xdm.cloud.project_id": "cloud_project_id_123", "xdm.cloud.region": "us-east-1", "xdm.cloud.function.id": "cloud_func_123", "xdm.cloud.function.name": "cloud_function", "xdm.cloud.function.version": "v1.0.0", "xdm.cloud.function.request_id": "req_123", "xdm.cloud.function.runtime": "nodejs", "xdm.observer.unique_identifier": "observer123", "xdm.observer.type": "Server", "xdm.observer.sub_type": "Linux", "xdm.observer.name": "Observer 1", "xdm.vulnerability.cve_id": "CVE-2021-12345", "xdm.vulnerability.severity": "HIGH", "xdm.vulnerability.fix_versions": [ "1.0.1", "1.0.2" ], "xdm.vulnerability.cve_risk_factors": [ "Exploitability", "Impact" ], "xdm.vulnerability.cvss_score": 7.8, "xdm.vulnerability.cvss_vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "xdm.software_package.version": "1.0.0", "xdm.software_package.purl": "pkg:maven/com.example/software@1.0.0", "xdm.software_package.layer_id": "layer123", "xdm.software_package.type": "Library", "xdm.software_package.installation_type": "Automatic", "xdm.software_package.package_manager": "npm", "xdm.software_package.dependency_type": "Direct", "xdm.software_package.language": "JavaScript", "xdm.malware.verdict": "Malicious", "xdm.malware.virus_total_link": "https://www.virustotal.com/gui/file/abcd1234", "xdm.malware.layer_id": "malware_layer123", "xdm.secret.secret_type": "API Key", "xdm.secret.unique_identifier": "secret_id_123", "xdm.secret.snippet": "API Key: 12345", "xdm.secret.layer_id": "secret_layer123", "xdm.file.filename": "file.txt", "xdm.file.path": [ "/path/to/file.txt" ], "xdm.file.sha256": "abc1234567890def0987654321", "xdm.file.size": 1024, "xdm.file.last_modified": 1615465123, "xdm.file.metadata_change_time": 1615465000, "xdm.file.owner_id": "user1", "xdm.file.owner_name": "fileowner", "xdm.file.group_id": "group1", "xdm.file.group_name": "groupname", "xdm.file.permissions.owner": [ "read", "write" ], "xdm.file.permissions.group": [ "read" ], "xdm.file.permissions.others": [ "read" ], "xdm.file.position.start.line": 1, "xdm.file.position.start.character": 0, "xdm.file.position.end.line": 100, "xdm.file.position.end.character": 80, "xdm.url": "https://example.com", "xdm.domain": "example.com", "xdm.application_protocol": "HTTPS" }, "custom_fields": {} } } }); const xhr = new XMLHttpRequest(); xhr.withCredentials = true; xhr.addEventListener("readystatechange", function () { if (this.readyState === this.DONE) { console.log(this.responseText); } }); xhr.open("POST", "https://api-yourfqdn/public_api/v1/issue"); xhr.setRequestHeader("Authorization", "SOME_STRING_VALUE"); xhr.setRequestHeader("x-xdr-auth-id", "SOME_STRING_VALUE"); xhr.setRequestHeader("content-type", "application/json"); xhr.send(data);
HttpResponse<String> response = Unirest.post("https://api-yourfqdn/public_api/v1/issue") .header("Authorization", "SOME_STRING_VALUE") .header("x-xdr-auth-id", "SOME_STRING_VALUE") .header("content-type", "application/json") .body("{\"request_data\":{\"issue\":{\"owner\":\"CWP\",\"name\":\"Unauthorized Access Detected\",\"description\":\"An unauthorized login attempt was detected from an unknown IP address.\",\"observation_time\":1700000000000,\"issue_domain\":\"Security\",\"category\":\"CONFIGURATION\",\"asset_ids\":[\"asset-456\"],\"mitre_tactics\":[\"TA0001\",\"TA0002\"],\"mitre_techniques\":[\"T1003\",\"T1059\"],\"type\":\"Threat Intelligence\",\"remediation\":\"Apply security patches and restrict access to affected resources.\",\"extended_description\":\"This alert was triggered due to multiple failed login attempts within a short time frame.\",\"impact\":\"Potential unauthorized system access\",\"initial_evidence\":\"The fine-tuned model llama3, hosted in AWS under the account my_account, was trained on /secrets, which was found to be publicly writable in S3 my_bucket\",\"tags\":[\"critical\",\"network\"],\"is_excluded\":false,\"is_starred\":true,\"assigned_to\":\"security_team_lead\",\"assigned_to_pretty\":\"Alice Smith\",\"severity\":\"HIGH\",\"normalized_fields\":{\"xdm.source.location.country\":[\"US\"],\"xdm.source.ipv4\":[\"192.168.1.1\"],\"xdm.source.host.ipv4_addresses\":[\"192.168.1.2\",\"192.168.1.3\"],\"xdm.source.identity.username\":[\"admin\"],\"xdm.source.process.causality_id\":[\"abc123\"],\"xdm.source.process.command_line\":[\"/usr/bin/process -arg1 -arg2\"],\"xdm.source.process.executable.filename\":\"process_executable\",\"xdm.source.process.name\":[\"process_name\"],\"xdm.source.process.executable.path\":[\"/usr/bin/process_executable\"],\"xdm.source.process.executable.sha256\":[\"f9c7b6e24f7e93d8d3e5c76f8b1b88cd8f17b34a7a4a2e3d5b2dbf09f5b8fdc2\"],\"xdm.source.host.hostname\":\"hostname1\",\"xdm.source.host.os_family\":\"Linux\",\"xdm.source.agent.identifier\":\"agent123\",\"xdm.source.agent.installation_id\":\"installation123\",\"xdm.source.host.fqdn\":\"hostname1.domain.com\",\"xdm.source.process.executable.signature_status\":[\"SIGNATURE_UNAVAILABLE\"],\"xdm.target.file.filename\":[\"target_file.txt\"],\"xdm.target.module.filename\":\"target_module.so\",\"xdm.target.file.sha256\":[\"d4bfc6fabe8d6d1b76e5b441dc8d01758276281f56c929b282ac5c3ee704c431\"],\"xdm.target.module.sha256\":\"7f4eafdad74bfedabf370a3725a5077c\",\"xdm.target.process.command_line\":[\"/usr/bin/target_process -option\"],\"xdm.target.process.executable.sha256\":[\"7b21d50d6270f95b5a2cf582bf94b315cd75a034dd9478c0e5b4089bbd9b59ac\"],\"xdm.target.process.executable.signature_status\":[\"SIGNATURE_UNAVAILABLE\"],\"xdm.target.process.executable.signer\":[\"string\"],\"xdm.target.process.executable.path\":[\"string\"],\"xdm.target.ipv4\":[\"string\"],\"xdm.target.host.ipv4_addresses\":[\"10.0.0.2\",\"10.0.0.3\"],\"xdm.target.host.ipv6_addresses\":[\"string\"],\"xdm.target.ipv6\":[\"10.0.0.2\",\"10.0.0.3\"],\"xdm.target.port\":[8080],\"xdm.target.location.country\":\"US\",\"xdm.target.host.hostname\":\"hostname\",\"xdm.target.identity.username\":\"user1\",\"xdm.target.url\":\"https://example.com\",\"xdm.target.process.executable.filename\":[\"target_process\"],\"xdm.target.process.name\":\"target_process\",\"xdm.target.agent.identifier\":\"target_agent\",\"xdm.target.registry.value\":[\"registry_value\"],\"xdm.target.registry.data\":[\"registry_data\"],\"xdm.target.registry.key\":[\"registry_key\"],\"xdm.email.attachment.sha256\":\"a1b2c3d4e5f6789abcde1234567890f2\",\"xdm.email.attachment.filename\":\"attachment.pdf\",\"xdm.email.sender\":\"sender@example.com\",\"xdm.event.type\":\"Intrusion\",\"xdm.cloud.provider\":\"AWS\",\"xdm.cloud.project\":\"CloudProject1\",\"xdm.cloud.project_id\":\"cloud_project_id_123\",\"xdm.cloud.region\":\"us-east-1\",\"xdm.cloud.function.id\":\"cloud_func_123\",\"xdm.cloud.function.name\":\"cloud_function\",\"xdm.cloud.function.version\":\"v1.0.0\",\"xdm.cloud.function.request_id\":\"req_123\",\"xdm.cloud.function.runtime\":\"nodejs\",\"xdm.observer.unique_identifier\":\"observer123\",\"xdm.observer.type\":\"Server\",\"xdm.observer.sub_type\":\"Linux\",\"xdm.observer.name\":\"Observer 1\",\"xdm.vulnerability.cve_id\":\"CVE-2021-12345\",\"xdm.vulnerability.severity\":\"HIGH\",\"xdm.vulnerability.fix_versions\":[\"1.0.1\",\"1.0.2\"],\"xdm.vulnerability.cve_risk_factors\":[\"Exploitability\",\"Impact\"],\"xdm.vulnerability.cvss_score\":7.8,\"xdm.vulnerability.cvss_vector\":\"AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"xdm.software_package.version\":\"1.0.0\",\"xdm.software_package.purl\":\"pkg:maven/com.example/software@1.0.0\",\"xdm.software_package.layer_id\":\"layer123\",\"xdm.software_package.type\":\"Library\",\"xdm.software_package.installation_type\":\"Automatic\",\"xdm.software_package.package_manager\":\"npm\",\"xdm.software_package.dependency_type\":\"Direct\",\"xdm.software_package.language\":\"JavaScript\",\"xdm.malware.verdict\":\"Malicious\",\"xdm.malware.virus_total_link\":\"https://www.virustotal.com/gui/file/abcd1234\",\"xdm.malware.layer_id\":\"malware_layer123\",\"xdm.secret.secret_type\":\"API Key\",\"xdm.secret.unique_identifier\":\"secret_id_123\",\"xdm.secret.snippet\":\"API Key: 12345\",\"xdm.secret.layer_id\":\"secret_layer123\",\"xdm.file.filename\":\"file.txt\",\"xdm.file.path\":[\"/path/to/file.txt\"],\"xdm.file.sha256\":\"abc1234567890def0987654321\",\"xdm.file.size\":1024,\"xdm.file.last_modified\":1615465123,\"xdm.file.metadata_change_time\":1615465000,\"xdm.file.owner_id\":\"user1\",\"xdm.file.owner_name\":\"fileowner\",\"xdm.file.group_id\":\"group1\",\"xdm.file.group_name\":\"groupname\",\"xdm.file.permissions.owner\":[\"read\",\"write\"],\"xdm.file.permissions.group\":[\"read\"],\"xdm.file.permissions.others\":[\"read\"],\"xdm.file.position.start.line\":1,\"xdm.file.position.start.character\":0,\"xdm.file.position.end.line\":100,\"xdm.file.position.end.character\":80,\"xdm.url\":\"https://example.com\",\"xdm.domain\":\"example.com\",\"xdm.application_protocol\":\"HTTPS\"},\"custom_fields\":{}}}}") .asString();
import Foundation let headers = [ "Authorization": "SOME_STRING_VALUE", "x-xdr-auth-id": "SOME_STRING_VALUE", "content-type": "application/json" ] let parameters = ["request_data": ["issue": [ "owner": "CWP", "name": "Unauthorized Access Detected", "description": "An unauthorized login attempt was detected from an unknown IP address.", "observation_time": 1700000000000, "issue_domain": "Security", "category": "CONFIGURATION", "asset_ids": ["asset-456"], "mitre_tactics": ["TA0001", "TA0002"], "mitre_techniques": ["T1003", "T1059"], "type": "Threat Intelligence", "remediation": "Apply security patches and restrict access to affected resources.", "extended_description": "This alert was triggered due to multiple failed login attempts within a short time frame.", "impact": "Potential unauthorized system access", "initial_evidence": "The fine-tuned model llama3, hosted in AWS under the account my_account, was trained on /secrets, which was found to be publicly writable in S3 my_bucket", "tags": ["critical", "network"], "is_excluded": false, "is_starred": true, "assigned_to": "security_team_lead", "assigned_to_pretty": "Alice Smith", "severity": "HIGH", "normalized_fields": [ "xdm.source.location.country": ["US"], "xdm.source.ipv4": ["192.168.1.1"], "xdm.source.host.ipv4_addresses": ["192.168.1.2", "192.168.1.3"], "xdm.source.identity.username": ["admin"], "xdm.source.process.causality_id": ["abc123"], "xdm.source.process.command_line": ["/usr/bin/process -arg1 -arg2"], "xdm.source.process.executable.filename": "process_executable", "xdm.source.process.name": ["process_name"], "xdm.source.process.executable.path": ["/usr/bin/process_executable"], "xdm.source.process.executable.sha256": ["f9c7b6e24f7e93d8d3e5c76f8b1b88cd8f17b34a7a4a2e3d5b2dbf09f5b8fdc2"], "xdm.source.host.hostname": "hostname1", "xdm.source.host.os_family": "Linux", "xdm.source.agent.identifier": "agent123", "xdm.source.agent.installation_id": "installation123", "xdm.source.host.fqdn": "hostname1.domain.com", "xdm.source.process.executable.signature_status": ["SIGNATURE_UNAVAILABLE"], "xdm.target.file.filename": ["target_file.txt"], "xdm.target.module.filename": "target_module.so", "xdm.target.file.sha256": ["d4bfc6fabe8d6d1b76e5b441dc8d01758276281f56c929b282ac5c3ee704c431"], "xdm.target.module.sha256": "7f4eafdad74bfedabf370a3725a5077c", "xdm.target.process.command_line": ["/usr/bin/target_process -option"], "xdm.target.process.executable.sha256": ["7b21d50d6270f95b5a2cf582bf94b315cd75a034dd9478c0e5b4089bbd9b59ac"], "xdm.target.process.executable.signature_status": ["SIGNATURE_UNAVAILABLE"], "xdm.target.process.executable.signer": ["string"], "xdm.target.process.executable.path": ["string"], "xdm.target.ipv4": ["string"], "xdm.target.host.ipv4_addresses": ["10.0.0.2", "10.0.0.3"], "xdm.target.host.ipv6_addresses": ["string"], "xdm.target.ipv6": ["10.0.0.2", "10.0.0.3"], "xdm.target.port": [8080], "xdm.target.location.country": "US", "xdm.target.host.hostname": "hostname", "xdm.target.identity.username": "user1", "xdm.target.url": "https://example.com", "xdm.target.process.executable.filename": ["target_process"], "xdm.target.process.name": "target_process", "xdm.target.agent.identifier": "target_agent", "xdm.target.registry.value": ["registry_value"], "xdm.target.registry.data": ["registry_data"], "xdm.target.registry.key": ["registry_key"], "xdm.email.attachment.sha256": "a1b2c3d4e5f6789abcde1234567890f2", "xdm.email.attachment.filename": "attachment.pdf", "xdm.email.sender": "sender@example.com", "xdm.event.type": "Intrusion", "xdm.cloud.provider": "AWS", "xdm.cloud.project": "CloudProject1", "xdm.cloud.project_id": "cloud_project_id_123", "xdm.cloud.region": "us-east-1", "xdm.cloud.function.id": "cloud_func_123", "xdm.cloud.function.name": "cloud_function", "xdm.cloud.function.version": "v1.0.0", "xdm.cloud.function.request_id": "req_123", "xdm.cloud.function.runtime": "nodejs", "xdm.observer.unique_identifier": "observer123", "xdm.observer.type": "Server", "xdm.observer.sub_type": "Linux", "xdm.observer.name": "Observer 1", "xdm.vulnerability.cve_id": "CVE-2021-12345", "xdm.vulnerability.severity": "HIGH", "xdm.vulnerability.fix_versions": ["1.0.1", "1.0.2"], "xdm.vulnerability.cve_risk_factors": ["Exploitability", "Impact"], "xdm.vulnerability.cvss_score": 7.8, "xdm.vulnerability.cvss_vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "xdm.software_package.version": "1.0.0", "xdm.software_package.purl": "pkg:maven/com.example/software@1.0.0", "xdm.software_package.layer_id": "layer123", "xdm.software_package.type": "Library", "xdm.software_package.installation_type": "Automatic", "xdm.software_package.package_manager": "npm", "xdm.software_package.dependency_type": "Direct", "xdm.software_package.language": "JavaScript", "xdm.malware.verdict": "Malicious", "xdm.malware.virus_total_link": "https://www.virustotal.com/gui/file/abcd1234", "xdm.malware.layer_id": "malware_layer123", "xdm.secret.secret_type": "API Key", "xdm.secret.unique_identifier": "secret_id_123", "xdm.secret.snippet": "API Key: 12345", "xdm.secret.layer_id": "secret_layer123", "xdm.file.filename": "file.txt", "xdm.file.path": ["/path/to/file.txt"], "xdm.file.sha256": "abc1234567890def0987654321", "xdm.file.size": 1024, "xdm.file.last_modified": 1615465123, "xdm.file.metadata_change_time": 1615465000, "xdm.file.owner_id": "user1", "xdm.file.owner_name": "fileowner", "xdm.file.group_id": "group1", "xdm.file.group_name": "groupname", "xdm.file.permissions.owner": ["read", "write"], "xdm.file.permissions.group": ["read"], "xdm.file.permissions.others": ["read"], "xdm.file.position.start.line": 1, "xdm.file.position.start.character": 0, "xdm.file.position.end.line": 100, "xdm.file.position.end.character": 80, "xdm.url": "https://example.com", "xdm.domain": "example.com", "xdm.application_protocol": "HTTPS" ], "custom_fields": [] ]]] as [String : Any] let postData = JSONSerialization.data(withJSONObject: parameters, options: []) let request = NSMutableURLRequest(url: NSURL(string: "https://api-yourfqdn/public_api/v1/issue")! as URL, cachePolicy: .useProtocolCachePolicy, timeoutInterval: 10.0) request.httpMethod = "POST" request.allHTTPHeaderFields = headers request.httpBody = postData as Data let session = URLSession.shared let dataTask = session.dataTask(with: request as URLRequest, completionHandler: { (data, response, error) -> Void in if (error != nil) { print(error) } else { let httpResponse = response as? HTTPURLResponse print(httpResponse) } }) dataTask.resume()
<?php $curl = curl_init(); curl_setopt_array($curl, [ CURLOPT_URL => "https://api-yourfqdn/public_api/v1/issue", CURLOPT_RETURNTRANSFER => true, CURLOPT_ENCODING => "", CURLOPT_MAXREDIRS => 10, CURLOPT_TIMEOUT => 30, CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1, CURLOPT_CUSTOMREQUEST => "POST", CURLOPT_POSTFIELDS => "{\"request_data\":{\"issue\":{\"owner\":\"CWP\",\"name\":\"Unauthorized Access Detected\",\"description\":\"An unauthorized login attempt was detected from an unknown IP address.\",\"observation_time\":1700000000000,\"issue_domain\":\"Security\",\"category\":\"CONFIGURATION\",\"asset_ids\":[\"asset-456\"],\"mitre_tactics\":[\"TA0001\",\"TA0002\"],\"mitre_techniques\":[\"T1003\",\"T1059\"],\"type\":\"Threat Intelligence\",\"remediation\":\"Apply security patches and restrict access to affected resources.\",\"extended_description\":\"This alert was triggered due to multiple failed login attempts within a short time frame.\",\"impact\":\"Potential unauthorized system access\",\"initial_evidence\":\"The fine-tuned model llama3, hosted in AWS under the account my_account, was trained on /secrets, which was found to be publicly writable in S3 my_bucket\",\"tags\":[\"critical\",\"network\"],\"is_excluded\":false,\"is_starred\":true,\"assigned_to\":\"security_team_lead\",\"assigned_to_pretty\":\"Alice Smith\",\"severity\":\"HIGH\",\"normalized_fields\":{\"xdm.source.location.country\":[\"US\"],\"xdm.source.ipv4\":[\"192.168.1.1\"],\"xdm.source.host.ipv4_addresses\":[\"192.168.1.2\",\"192.168.1.3\"],\"xdm.source.identity.username\":[\"admin\"],\"xdm.source.process.causality_id\":[\"abc123\"],\"xdm.source.process.command_line\":[\"/usr/bin/process -arg1 -arg2\"],\"xdm.source.process.executable.filename\":\"process_executable\",\"xdm.source.process.name\":[\"process_name\"],\"xdm.source.process.executable.path\":[\"/usr/bin/process_executable\"],\"xdm.source.process.executable.sha256\":[\"f9c7b6e24f7e93d8d3e5c76f8b1b88cd8f17b34a7a4a2e3d5b2dbf09f5b8fdc2\"],\"xdm.source.host.hostname\":\"hostname1\",\"xdm.source.host.os_family\":\"Linux\",\"xdm.source.agent.identifier\":\"agent123\",\"xdm.source.agent.installation_id\":\"installation123\",\"xdm.source.host.fqdn\":\"hostname1.domain.com\",\"xdm.source.process.executable.signature_status\":[\"SIGNATURE_UNAVAILABLE\"],\"xdm.target.file.filename\":[\"target_file.txt\"],\"xdm.target.module.filename\":\"target_module.so\",\"xdm.target.file.sha256\":[\"d4bfc6fabe8d6d1b76e5b441dc8d01758276281f56c929b282ac5c3ee704c431\"],\"xdm.target.module.sha256\":\"7f4eafdad74bfedabf370a3725a5077c\",\"xdm.target.process.command_line\":[\"/usr/bin/target_process -option\"],\"xdm.target.process.executable.sha256\":[\"7b21d50d6270f95b5a2cf582bf94b315cd75a034dd9478c0e5b4089bbd9b59ac\"],\"xdm.target.process.executable.signature_status\":[\"SIGNATURE_UNAVAILABLE\"],\"xdm.target.process.executable.signer\":[\"string\"],\"xdm.target.process.executable.path\":[\"string\"],\"xdm.target.ipv4\":[\"string\"],\"xdm.target.host.ipv4_addresses\":[\"10.0.0.2\",\"10.0.0.3\"],\"xdm.target.host.ipv6_addresses\":[\"string\"],\"xdm.target.ipv6\":[\"10.0.0.2\",\"10.0.0.3\"],\"xdm.target.port\":[8080],\"xdm.target.location.country\":\"US\",\"xdm.target.host.hostname\":\"hostname\",\"xdm.target.identity.username\":\"user1\",\"xdm.target.url\":\"https://example.com\",\"xdm.target.process.executable.filename\":[\"target_process\"],\"xdm.target.process.name\":\"target_process\",\"xdm.target.agent.identifier\":\"target_agent\",\"xdm.target.registry.value\":[\"registry_value\"],\"xdm.target.registry.data\":[\"registry_data\"],\"xdm.target.registry.key\":[\"registry_key\"],\"xdm.email.attachment.sha256\":\"a1b2c3d4e5f6789abcde1234567890f2\",\"xdm.email.attachment.filename\":\"attachment.pdf\",\"xdm.email.sender\":\"sender@example.com\",\"xdm.event.type\":\"Intrusion\",\"xdm.cloud.provider\":\"AWS\",\"xdm.cloud.project\":\"CloudProject1\",\"xdm.cloud.project_id\":\"cloud_project_id_123\",\"xdm.cloud.region\":\"us-east-1\",\"xdm.cloud.function.id\":\"cloud_func_123\",\"xdm.cloud.function.name\":\"cloud_function\",\"xdm.cloud.function.version\":\"v1.0.0\",\"xdm.cloud.function.request_id\":\"req_123\",\"xdm.cloud.function.runtime\":\"nodejs\",\"xdm.observer.unique_identifier\":\"observer123\",\"xdm.observer.type\":\"Server\",\"xdm.observer.sub_type\":\"Linux\",\"xdm.observer.name\":\"Observer 1\",\"xdm.vulnerability.cve_id\":\"CVE-2021-12345\",\"xdm.vulnerability.severity\":\"HIGH\",\"xdm.vulnerability.fix_versions\":[\"1.0.1\",\"1.0.2\"],\"xdm.vulnerability.cve_risk_factors\":[\"Exploitability\",\"Impact\"],\"xdm.vulnerability.cvss_score\":7.8,\"xdm.vulnerability.cvss_vector\":\"AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"xdm.software_package.version\":\"1.0.0\",\"xdm.software_package.purl\":\"pkg:maven/com.example/software@1.0.0\",\"xdm.software_package.layer_id\":\"layer123\",\"xdm.software_package.type\":\"Library\",\"xdm.software_package.installation_type\":\"Automatic\",\"xdm.software_package.package_manager\":\"npm\",\"xdm.software_package.dependency_type\":\"Direct\",\"xdm.software_package.language\":\"JavaScript\",\"xdm.malware.verdict\":\"Malicious\",\"xdm.malware.virus_total_link\":\"https://www.virustotal.com/gui/file/abcd1234\",\"xdm.malware.layer_id\":\"malware_layer123\",\"xdm.secret.secret_type\":\"API Key\",\"xdm.secret.unique_identifier\":\"secret_id_123\",\"xdm.secret.snippet\":\"API Key: 12345\",\"xdm.secret.layer_id\":\"secret_layer123\",\"xdm.file.filename\":\"file.txt\",\"xdm.file.path\":[\"/path/to/file.txt\"],\"xdm.file.sha256\":\"abc1234567890def0987654321\",\"xdm.file.size\":1024,\"xdm.file.last_modified\":1615465123,\"xdm.file.metadata_change_time\":1615465000,\"xdm.file.owner_id\":\"user1\",\"xdm.file.owner_name\":\"fileowner\",\"xdm.file.group_id\":\"group1\",\"xdm.file.group_name\":\"groupname\",\"xdm.file.permissions.owner\":[\"read\",\"write\"],\"xdm.file.permissions.group\":[\"read\"],\"xdm.file.permissions.others\":[\"read\"],\"xdm.file.position.start.line\":1,\"xdm.file.position.start.character\":0,\"xdm.file.position.end.line\":100,\"xdm.file.position.end.character\":80,\"xdm.url\":\"https://example.com\",\"xdm.domain\":\"example.com\",\"xdm.application_protocol\":\"HTTPS\"},\"custom_fields\":{}}}}", CURLOPT_HTTPHEADER => [ "Authorization: SOME_STRING_VALUE", "content-type: application/json", "x-xdr-auth-id: SOME_STRING_VALUE" ], ]); $response = curl_exec($curl); $err = curl_error($curl); curl_close($curl); if ($err) { echo "cURL Error #:" . $err; } else { echo $response; }
CURL *hnd = curl_easy_init(); curl_easy_setopt(hnd, CURLOPT_CUSTOMREQUEST, "POST"); curl_easy_setopt(hnd, CURLOPT_URL, "https://api-yourfqdn/public_api/v1/issue"); struct curl_slist *headers = NULL; headers = curl_slist_append(headers, "Authorization: SOME_STRING_VALUE"); headers = curl_slist_append(headers, "x-xdr-auth-id: SOME_STRING_VALUE"); headers = curl_slist_append(headers, "content-type: application/json"); curl_easy_setopt(hnd, CURLOPT_HTTPHEADER, headers); curl_easy_setopt(hnd, CURLOPT_POSTFIELDS, "{\"request_data\":{\"issue\":{\"owner\":\"CWP\",\"name\":\"Unauthorized Access Detected\",\"description\":\"An unauthorized login attempt was detected from an unknown IP address.\",\"observation_time\":1700000000000,\"issue_domain\":\"Security\",\"category\":\"CONFIGURATION\",\"asset_ids\":[\"asset-456\"],\"mitre_tactics\":[\"TA0001\",\"TA0002\"],\"mitre_techniques\":[\"T1003\",\"T1059\"],\"type\":\"Threat Intelligence\",\"remediation\":\"Apply security patches and restrict access to affected resources.\",\"extended_description\":\"This alert was triggered due to multiple failed login attempts within a short time frame.\",\"impact\":\"Potential unauthorized system access\",\"initial_evidence\":\"The fine-tuned model llama3, hosted in AWS under the account my_account, was trained on /secrets, which was found to be publicly writable in S3 my_bucket\",\"tags\":[\"critical\",\"network\"],\"is_excluded\":false,\"is_starred\":true,\"assigned_to\":\"security_team_lead\",\"assigned_to_pretty\":\"Alice Smith\",\"severity\":\"HIGH\",\"normalized_fields\":{\"xdm.source.location.country\":[\"US\"],\"xdm.source.ipv4\":[\"192.168.1.1\"],\"xdm.source.host.ipv4_addresses\":[\"192.168.1.2\",\"192.168.1.3\"],\"xdm.source.identity.username\":[\"admin\"],\"xdm.source.process.causality_id\":[\"abc123\"],\"xdm.source.process.command_line\":[\"/usr/bin/process -arg1 -arg2\"],\"xdm.source.process.executable.filename\":\"process_executable\",\"xdm.source.process.name\":[\"process_name\"],\"xdm.source.process.executable.path\":[\"/usr/bin/process_executable\"],\"xdm.source.process.executable.sha256\":[\"f9c7b6e24f7e93d8d3e5c76f8b1b88cd8f17b34a7a4a2e3d5b2dbf09f5b8fdc2\"],\"xdm.source.host.hostname\":\"hostname1\",\"xdm.source.host.os_family\":\"Linux\",\"xdm.source.agent.identifier\":\"agent123\",\"xdm.source.agent.installation_id\":\"installation123\",\"xdm.source.host.fqdn\":\"hostname1.domain.com\",\"xdm.source.process.executable.signature_status\":[\"SIGNATURE_UNAVAILABLE\"],\"xdm.target.file.filename\":[\"target_file.txt\"],\"xdm.target.module.filename\":\"target_module.so\",\"xdm.target.file.sha256\":[\"d4bfc6fabe8d6d1b76e5b441dc8d01758276281f56c929b282ac5c3ee704c431\"],\"xdm.target.module.sha256\":\"7f4eafdad74bfedabf370a3725a5077c\",\"xdm.target.process.command_line\":[\"/usr/bin/target_process -option\"],\"xdm.target.process.executable.sha256\":[\"7b21d50d6270f95b5a2cf582bf94b315cd75a034dd9478c0e5b4089bbd9b59ac\"],\"xdm.target.process.executable.signature_status\":[\"SIGNATURE_UNAVAILABLE\"],\"xdm.target.process.executable.signer\":[\"string\"],\"xdm.target.process.executable.path\":[\"string\"],\"xdm.target.ipv4\":[\"string\"],\"xdm.target.host.ipv4_addresses\":[\"10.0.0.2\",\"10.0.0.3\"],\"xdm.target.host.ipv6_addresses\":[\"string\"],\"xdm.target.ipv6\":[\"10.0.0.2\",\"10.0.0.3\"],\"xdm.target.port\":[8080],\"xdm.target.location.country\":\"US\",\"xdm.target.host.hostname\":\"hostname\",\"xdm.target.identity.username\":\"user1\",\"xdm.target.url\":\"https://example.com\",\"xdm.target.process.executable.filename\":[\"target_process\"],\"xdm.target.process.name\":\"target_process\",\"xdm.target.agent.identifier\":\"target_agent\",\"xdm.target.registry.value\":[\"registry_value\"],\"xdm.target.registry.data\":[\"registry_data\"],\"xdm.target.registry.key\":[\"registry_key\"],\"xdm.email.attachment.sha256\":\"a1b2c3d4e5f6789abcde1234567890f2\",\"xdm.email.attachment.filename\":\"attachment.pdf\",\"xdm.email.sender\":\"sender@example.com\",\"xdm.event.type\":\"Intrusion\",\"xdm.cloud.provider\":\"AWS\",\"xdm.cloud.project\":\"CloudProject1\",\"xdm.cloud.project_id\":\"cloud_project_id_123\",\"xdm.cloud.region\":\"us-east-1\",\"xdm.cloud.function.id\":\"cloud_func_123\",\"xdm.cloud.function.name\":\"cloud_function\",\"xdm.cloud.function.version\":\"v1.0.0\",\"xdm.cloud.function.request_id\":\"req_123\",\"xdm.cloud.function.runtime\":\"nodejs\",\"xdm.observer.unique_identifier\":\"observer123\",\"xdm.observer.type\":\"Server\",\"xdm.observer.sub_type\":\"Linux\",\"xdm.observer.name\":\"Observer 1\",\"xdm.vulnerability.cve_id\":\"CVE-2021-12345\",\"xdm.vulnerability.severity\":\"HIGH\",\"xdm.vulnerability.fix_versions\":[\"1.0.1\",\"1.0.2\"],\"xdm.vulnerability.cve_risk_factors\":[\"Exploitability\",\"Impact\"],\"xdm.vulnerability.cvss_score\":7.8,\"xdm.vulnerability.cvss_vector\":\"AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"xdm.software_package.version\":\"1.0.0\",\"xdm.software_package.purl\":\"pkg:maven/com.example/software@1.0.0\",\"xdm.software_package.layer_id\":\"layer123\",\"xdm.software_package.type\":\"Library\",\"xdm.software_package.installation_type\":\"Automatic\",\"xdm.software_package.package_manager\":\"npm\",\"xdm.software_package.dependency_type\":\"Direct\",\"xdm.software_package.language\":\"JavaScript\",\"xdm.malware.verdict\":\"Malicious\",\"xdm.malware.virus_total_link\":\"https://www.virustotal.com/gui/file/abcd1234\",\"xdm.malware.layer_id\":\"malware_layer123\",\"xdm.secret.secret_type\":\"API Key\",\"xdm.secret.unique_identifier\":\"secret_id_123\",\"xdm.secret.snippet\":\"API Key: 12345\",\"xdm.secret.layer_id\":\"secret_layer123\",\"xdm.file.filename\":\"file.txt\",\"xdm.file.path\":[\"/path/to/file.txt\"],\"xdm.file.sha256\":\"abc1234567890def0987654321\",\"xdm.file.size\":1024,\"xdm.file.last_modified\":1615465123,\"xdm.file.metadata_change_time\":1615465000,\"xdm.file.owner_id\":\"user1\",\"xdm.file.owner_name\":\"fileowner\",\"xdm.file.group_id\":\"group1\",\"xdm.file.group_name\":\"groupname\",\"xdm.file.permissions.owner\":[\"read\",\"write\"],\"xdm.file.permissions.group\":[\"read\"],\"xdm.file.permissions.others\":[\"read\"],\"xdm.file.position.start.line\":1,\"xdm.file.position.start.character\":0,\"xdm.file.position.end.line\":100,\"xdm.file.position.end.character\":80,\"xdm.url\":\"https://example.com\",\"xdm.domain\":\"example.com\",\"xdm.application_protocol\":\"HTTPS\"},\"custom_fields\":{}}}}"); CURLcode ret = curl_easy_perform(hnd);
var client = new RestClient("https://api-yourfqdn/public_api/v1/issue"); var request = new RestRequest(Method.POST); request.AddHeader("Authorization", "SOME_STRING_VALUE"); request.AddHeader("x-xdr-auth-id", "SOME_STRING_VALUE"); request.AddHeader("content-type", "application/json"); request.AddParameter("application/json", "{\"request_data\":{\"issue\":{\"owner\":\"CWP\",\"name\":\"Unauthorized Access Detected\",\"description\":\"An unauthorized login attempt was detected from an unknown IP address.\",\"observation_time\":1700000000000,\"issue_domain\":\"Security\",\"category\":\"CONFIGURATION\",\"asset_ids\":[\"asset-456\"],\"mitre_tactics\":[\"TA0001\",\"TA0002\"],\"mitre_techniques\":[\"T1003\",\"T1059\"],\"type\":\"Threat Intelligence\",\"remediation\":\"Apply security patches and restrict access to affected resources.\",\"extended_description\":\"This alert was triggered due to multiple failed login attempts within a short time frame.\",\"impact\":\"Potential unauthorized system access\",\"initial_evidence\":\"The fine-tuned model llama3, hosted in AWS under the account my_account, was trained on /secrets, which was found to be publicly writable in S3 my_bucket\",\"tags\":[\"critical\",\"network\"],\"is_excluded\":false,\"is_starred\":true,\"assigned_to\":\"security_team_lead\",\"assigned_to_pretty\":\"Alice Smith\",\"severity\":\"HIGH\",\"normalized_fields\":{\"xdm.source.location.country\":[\"US\"],\"xdm.source.ipv4\":[\"192.168.1.1\"],\"xdm.source.host.ipv4_addresses\":[\"192.168.1.2\",\"192.168.1.3\"],\"xdm.source.identity.username\":[\"admin\"],\"xdm.source.process.causality_id\":[\"abc123\"],\"xdm.source.process.command_line\":[\"/usr/bin/process -arg1 -arg2\"],\"xdm.source.process.executable.filename\":\"process_executable\",\"xdm.source.process.name\":[\"process_name\"],\"xdm.source.process.executable.path\":[\"/usr/bin/process_executable\"],\"xdm.source.process.executable.sha256\":[\"f9c7b6e24f7e93d8d3e5c76f8b1b88cd8f17b34a7a4a2e3d5b2dbf09f5b8fdc2\"],\"xdm.source.host.hostname\":\"hostname1\",\"xdm.source.host.os_family\":\"Linux\",\"xdm.source.agent.identifier\":\"agent123\",\"xdm.source.agent.installation_id\":\"installation123\",\"xdm.source.host.fqdn\":\"hostname1.domain.com\",\"xdm.source.process.executable.signature_status\":[\"SIGNATURE_UNAVAILABLE\"],\"xdm.target.file.filename\":[\"target_file.txt\"],\"xdm.target.module.filename\":\"target_module.so\",\"xdm.target.file.sha256\":[\"d4bfc6fabe8d6d1b76e5b441dc8d01758276281f56c929b282ac5c3ee704c431\"],\"xdm.target.module.sha256\":\"7f4eafdad74bfedabf370a3725a5077c\",\"xdm.target.process.command_line\":[\"/usr/bin/target_process -option\"],\"xdm.target.process.executable.sha256\":[\"7b21d50d6270f95b5a2cf582bf94b315cd75a034dd9478c0e5b4089bbd9b59ac\"],\"xdm.target.process.executable.signature_status\":[\"SIGNATURE_UNAVAILABLE\"],\"xdm.target.process.executable.signer\":[\"string\"],\"xdm.target.process.executable.path\":[\"string\"],\"xdm.target.ipv4\":[\"string\"],\"xdm.target.host.ipv4_addresses\":[\"10.0.0.2\",\"10.0.0.3\"],\"xdm.target.host.ipv6_addresses\":[\"string\"],\"xdm.target.ipv6\":[\"10.0.0.2\",\"10.0.0.3\"],\"xdm.target.port\":[8080],\"xdm.target.location.country\":\"US\",\"xdm.target.host.hostname\":\"hostname\",\"xdm.target.identity.username\":\"user1\",\"xdm.target.url\":\"https://example.com\",\"xdm.target.process.executable.filename\":[\"target_process\"],\"xdm.target.process.name\":\"target_process\",\"xdm.target.agent.identifier\":\"target_agent\",\"xdm.target.registry.value\":[\"registry_value\"],\"xdm.target.registry.data\":[\"registry_data\"],\"xdm.target.registry.key\":[\"registry_key\"],\"xdm.email.attachment.sha256\":\"a1b2c3d4e5f6789abcde1234567890f2\",\"xdm.email.attachment.filename\":\"attachment.pdf\",\"xdm.email.sender\":\"sender@example.com\",\"xdm.event.type\":\"Intrusion\",\"xdm.cloud.provider\":\"AWS\",\"xdm.cloud.project\":\"CloudProject1\",\"xdm.cloud.project_id\":\"cloud_project_id_123\",\"xdm.cloud.region\":\"us-east-1\",\"xdm.cloud.function.id\":\"cloud_func_123\",\"xdm.cloud.function.name\":\"cloud_function\",\"xdm.cloud.function.version\":\"v1.0.0\",\"xdm.cloud.function.request_id\":\"req_123\",\"xdm.cloud.function.runtime\":\"nodejs\",\"xdm.observer.unique_identifier\":\"observer123\",\"xdm.observer.type\":\"Server\",\"xdm.observer.sub_type\":\"Linux\",\"xdm.observer.name\":\"Observer 1\",\"xdm.vulnerability.cve_id\":\"CVE-2021-12345\",\"xdm.vulnerability.severity\":\"HIGH\",\"xdm.vulnerability.fix_versions\":[\"1.0.1\",\"1.0.2\"],\"xdm.vulnerability.cve_risk_factors\":[\"Exploitability\",\"Impact\"],\"xdm.vulnerability.cvss_score\":7.8,\"xdm.vulnerability.cvss_vector\":\"AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"xdm.software_package.version\":\"1.0.0\",\"xdm.software_package.purl\":\"pkg:maven/com.example/software@1.0.0\",\"xdm.software_package.layer_id\":\"layer123\",\"xdm.software_package.type\":\"Library\",\"xdm.software_package.installation_type\":\"Automatic\",\"xdm.software_package.package_manager\":\"npm\",\"xdm.software_package.dependency_type\":\"Direct\",\"xdm.software_package.language\":\"JavaScript\",\"xdm.malware.verdict\":\"Malicious\",\"xdm.malware.virus_total_link\":\"https://www.virustotal.com/gui/file/abcd1234\",\"xdm.malware.layer_id\":\"malware_layer123\",\"xdm.secret.secret_type\":\"API Key\",\"xdm.secret.unique_identifier\":\"secret_id_123\",\"xdm.secret.snippet\":\"API Key: 12345\",\"xdm.secret.layer_id\":\"secret_layer123\",\"xdm.file.filename\":\"file.txt\",\"xdm.file.path\":[\"/path/to/file.txt\"],\"xdm.file.sha256\":\"abc1234567890def0987654321\",\"xdm.file.size\":1024,\"xdm.file.last_modified\":1615465123,\"xdm.file.metadata_change_time\":1615465000,\"xdm.file.owner_id\":\"user1\",\"xdm.file.owner_name\":\"fileowner\",\"xdm.file.group_id\":\"group1\",\"xdm.file.group_name\":\"groupname\",\"xdm.file.permissions.owner\":[\"read\",\"write\"],\"xdm.file.permissions.group\":[\"read\"],\"xdm.file.permissions.others\":[\"read\"],\"xdm.file.position.start.line\":1,\"xdm.file.position.start.character\":0,\"xdm.file.position.end.line\":100,\"xdm.file.position.end.character\":80,\"xdm.url\":\"https://example.com\",\"xdm.domain\":\"example.com\",\"xdm.application_protocol\":\"HTTPS\"},\"custom_fields\":{}}}}", ParameterType.RequestBody); IRestResponse response = client.Execute(request);
Body parameters
required
application/json
request_dataobject
issueobject
ownerstring
Example:"CWP"
namestringrequired
Example:"Unauthorized Access Detected"
descriptionstringrequired
Example:"An unauthorized login attempt was detected from an unknown IP address."
observation_timeintegerrequiredint64
Example:1700000000000
issue_domainstringrequired

Issue domain. Note: The create request uses issue_domain as the field name, while the search response returns this value as domain.

Example:"Security"
categorystringrequired
Example:"CONFIGURATION"
asset_idsarray[string]
Example:["asset-456"]
mitre_tacticsarray[string]
Example:["TA0001","TA0002"]
mitre_techniquesarray[string]
Example:["T1003","T1059"]
typestring
Example:"Threat Intelligence"
remediationstring
Example:"Apply security patches and restrict access to affected resources."
extended_descriptionstring
Example:"This alert was triggered due to multiple failed login attempts within a short time frame."
impactstring
Example:"Potential unauthorized system access"
initial_evidencestring
Example:"The fine-tuned model llama3, hosted in AWS under the account my_account, was trained on /secrets, which was found to be publicly writable in S3 my_bucket"
tagsarray[string]
Example:["critical","network"]
is_excludedboolean
is_starredboolean
Example:true
assigned_tostring
Example:"security_team_lead"
assigned_to_prettystring
Example:"Alice Smith"
severitystring (Enum)required
Example:"HIGH"
Allowed values:"INFO""LOW""MEDIUM""HIGH""CRITICAL"
normalized_fieldsobject
xdm.source.location.countryarray[string]
Example:["US"]
xdm.source.ipv4array[string]
Example:["192.168.1.1"]
xdm.source.host.ipv4_addressesarray[string]
Example:["192.168.1.2","192.168.1.3"]
xdm.source.identity.usernamearray[string]
Example:["admin"]
xdm.source.process.causality_idarray[string]
Example:["abc123"]
xdm.source.process.command_linearray[string]
Example:["/usr/bin/process -arg1 -arg2"]
xdm.source.process.executable.filenamestring
Example:"process_executable"
xdm.source.process.namearray[string]
Example:["process_name"]
xdm.source.process.executable.patharray[string]
Example:["/usr/bin/process_executable"]
xdm.source.process.executable.sha256array[string]
Example:["f9c7b6e24f7e93d8d3e5c76f8b1b88cd8f17b34a7a4a2e3d5b2dbf09f5b8fdc2"]
xdm.source.host.hostnamestring
Example:"hostname1"
xdm.source.host.os_familystring
Example:"Linux"
xdm.source.agent.identifierstring
Example:"agent123"
xdm.source.agent.installation_idstring
Example:"installation123"
xdm.source.host.fqdnstring
Example:"hostname1.domain.com"
xdm.source.process.executable.signature_statusarray[string]
Example:["SIGNATURE_UNAVAILABLE"]
xdm.target.file.filenamearray[string]
Example:["target_file.txt"]
xdm.target.module.filenamestring
Example:"target_module.so"
xdm.target.file.sha256array[string]
Example:["d4bfc6fabe8d6d1b76e5b441dc8d01758276281f56c929b282ac5c3ee704c431"]
xdm.target.module.sha256string
Example:"7f4eafdad74bfedabf370a3725a5077c"
xdm.target.process.command_linearray[string]
Example:["/usr/bin/target_process -option"]
xdm.target.process.executable.sha256array[string]
Example:["7b21d50d6270f95b5a2cf582bf94b315cd75a034dd9478c0e5b4089bbd9b59ac"]
xdm.target.process.executable.signature_statusarray[string]
Example:["SIGNATURE_UNAVAILABLE"]
xdm.target.process.executable.signerarray[string]
xdm.target.process.executable.patharray[string]
xdm.target.ipv4array[string]
xdm.target.host.ipv4_addressesarray[string]
Example:["10.0.0.2","10.0.0.3"]
xdm.target.host.ipv6_addressesarray[string]
xdm.target.ipv6array[string]
Example:["10.0.0.2","10.0.0.3"]
xdm.target.portarray[integer]
Example:[8080]
xdm.target.location.countrystring
Example:"US"
xdm.target.host.hostnamestring
Example:"hostname"
xdm.target.identity.usernamestring
Example:"user1"
xdm.target.urlstring
Example:"https://example.com"
xdm.target.process.executable.filenamearray[string]
Example:["target_process"]
xdm.target.process.namestring
Example:"target_process"
xdm.target.agent.identifierstring
Example:"target_agent"
xdm.target.registry.valuearray[string]
Example:["registry_value"]
xdm.target.registry.dataarray[string]
Example:["registry_data"]
xdm.target.registry.keyarray[string]
Example:["registry_key"]
xdm.email.attachment.sha256string
Example:"a1b2c3d4e5f6789abcde1234567890f2"
xdm.email.attachment.filenamestring
Example:"attachment.pdf"
xdm.email.senderstring
Example:"sender@example.com"
xdm.event.typestring
Example:"Intrusion"
xdm.cloud.providerstring
Example:"AWS"
xdm.cloud.projectstring
Example:"CloudProject1"
xdm.cloud.project_idstring
Example:"cloud_project_id_123"
xdm.cloud.regionstring
Example:"us-east-1"
xdm.cloud.function.idstring
Example:"cloud_func_123"
xdm.cloud.function.namestring
Example:"cloud_function"
xdm.cloud.function.versionstring
Example:"v1.0.0"
xdm.cloud.function.request_idstring
Example:"req_123"
xdm.cloud.function.runtimestring
Example:"nodejs"
xdm.observer.unique_identifierstring
Example:"observer123"
xdm.observer.typestring
Example:"Server"
xdm.observer.sub_typestring
Example:"Linux"
xdm.observer.namestring
Example:"Observer 1"
xdm.vulnerability.cve_idstring
Example:"CVE-2021-12345"
xdm.vulnerability.severitystring (Enum)
Example:"HIGH"
Allowed values:"INFO""LOW""MEDIUM""HIGH""CRITICAL"
xdm.vulnerability.fix_versionsarray[string]
Example:["1.0.1","1.0.2"]
xdm.vulnerability.cve_risk_factorsarray[string]
Example:["Exploitability","Impact"]
xdm.vulnerability.cvss_scorenumberfloat
Example:7.8
xdm.vulnerability.cvss_vectorstring
Example:"AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
xdm.software_package.versionstring
Example:"1.0.0"
xdm.software_package.purlstring
Example:"pkg:maven/com.example/software@1.0.0"
xdm.software_package.layer_idstring
Example:"layer123"
xdm.software_package.typestring
Example:"Library"
xdm.software_package.installation_typestring
Example:"Automatic"
xdm.software_package.package_managerstring
Example:"npm"
xdm.software_package.dependency_typestring
Example:"Direct"
xdm.software_package.languagestring
Example:"JavaScript"
xdm.malware.verdictstring
Example:"Malicious"
xdm.malware.virus_total_linkstring
Example:"https://www.virustotal.com/gui/file/abcd1234"
xdm.malware.layer_idstring
Example:"malware_layer123"
xdm.secret.secret_typestring
Example:"API Key"
xdm.secret.unique_identifierstring
Example:"secret_id_123"
xdm.secret.snippetstring
Example:"API Key: 12345"
xdm.secret.layer_idstring
Example:"secret_layer123"
xdm.file.filenamestring
Example:"file.txt"
xdm.file.patharray[string]
Example:["/path/to/file.txt"]
xdm.file.sha256string
Example:"abc1234567890def0987654321"
xdm.file.sizeinteger
Example:1024
xdm.file.last_modifiedinteger
Example:1615465123
xdm.file.metadata_change_timeinteger
Example:1615465000
xdm.file.owner_idstring
Example:"user1"
xdm.file.owner_namestring
Example:"fileowner"
xdm.file.group_idstring
Example:"group1"
xdm.file.group_namestring
Example:"groupname"
xdm.file.permissions.ownerarray[string]
Example:["read","write"]
xdm.file.permissions.grouparray[string]
Example:["read"]
xdm.file.permissions.othersarray[string]
Example:["read"]
xdm.file.position.start.lineinteger
Example:1
xdm.file.position.start.characterinteger
xdm.file.position.end.lineinteger
Example:100
xdm.file.position.end.characterinteger
Example:80
xdm.urlstring
Example:"https://example.com"
xdm.domainstring
Example:"example.com"
xdm.application_protocolstring
Example:"HTTPS"
custom_fieldsobject
REQUEST
{ "request_data": { "issue": { "name": "Unauthorized Access Detected", "description": "An unauthorized login attempt was detected from an unknown IP address.", "observation_time": 1700000000000, "issue_domain": "Security", "category": "CONFIGURATION", "severity": "HIGH" } } }
{ "request_data": { "issue": { "name": "Publicly Exposed Database", "description": "PostgreSQL database instance is publicly accessible on port 5432.", "observation_time": 1700000000000, "issue_domain": "Posture", "category": "CONFIGURATION", "severity": "CRITICAL", "owner": "CWP", "type": "Posture", "remediation": "Restrict database access to private subnets only.", "impact": "Potential unauthorized access to sensitive data.", "extended_description": "The database instance has a security group allowing inbound traffic from 0.0.0.0/0 on port 5432.", "initial_evidence": "Security group sg-12345 allows inbound TCP/5432 from 0.0.0.0/0", "asset_ids": [ "asset-db-001" ], "mitre_tactics": [ "TA0001" ], "mitre_techniques": [ "T1190" ], "tags": [ "critical", "database", "public-access" ], "assigned_to": "security_team_lead", "assigned_to_pretty": "Alice Smith", "is_starred": true, "is_excluded": false } } }
Responses

Issue created successfully

Body
application/json
external_idstring
detection_methodstring
RESPONSE
{ "external_id": "7c96737d50f74c7b9487450426e9eafb", "detection_method": "CREATE_ALERT_PUBLIC_API" }

Bad request

Body
application/json
errorstring
Example:"Invalid request data"
RESPONSE
{ "error": "Invalid request data" }

Unauthorized access

Body
application/json
errorstring
Example:"Unauthorized request"
RESPONSE
{ "error": "Unauthorized request" }

Internal server error

Body
application/json
errorstring
Example:"Internal server error"
RESPONSE
{ "error": "Internal server error" }