Edit Indicator

Cortex XSOAR API
post /indicator/edit Show code example 
CURL
curl -X POST \
-H "Authorization: [[apiKey]]"  \ 
-H "Accept: application/json" \
 -H "Content-Type: application/json,application/xml" \
"https://hostname:443/indicator/edit" \
 -d '{
  "modifiedTime" : "2000-01-23T04:56:07.000+00:00",
  "deletedFeedFetchTime" : "2000-01-23T04:56:07.000+00:00",
  "sizeInBytes" : 5,
  "relatedIncCount" : 7,
  "primaryTerm" : 6,
  "investigationIDs" : [ "investigationIDs", "investigationIDs" ],
  "expirationStatus" : "expirationStatus",
  "indicator_type" : "indicator_type",
  "syncHash" : "syncHash",
  "source" : "source",
  "manualSetTime" : "2000-01-23T04:56:07.000+00:00",
  "manualExpirationTime" : "2000-01-23T04:56:07.000+00:00",
  "calculatedTime" : "2000-01-23T04:56:07.000+00:00",
  "highlight" : {
    "key" : [ "highlight", "highlight" ]
  },
  "score" : 1,
  "manuallyEditedFields" : [ "manuallyEditedFields", "manuallyEditedFields" ],
  "lastReputationRun" : "2000-01-23T04:56:07.000+00:00",
  "modified" : "2000-01-23T04:56:07.000+00:00",
  "moduleToFeedMap" : {
    "key" : {
      "modifiedTime" : "2000-01-23T04:56:07.000+00:00",
      "sourceInstance" : "sourceInstance",
      "comments" : [ {
        "created" : "2000-01-23T04:56:07.000+00:00",
        "id" : "id",
        "user" : "user",
        "content" : "content"
      }, {
        "created" : "2000-01-23T04:56:07.000+00:00",
        "id" : "id",
        "user" : "user",
        "content" : "content"
      } ],
      "classifierId" : "classifierId",
      "reliability" : "reliability",
      "mapperId" : "mapperId",
      "expirationPolicy" : "expirationPolicy",
      "mapperVersion" : 5,
      "rawJSON" : {
        "key" : "{}"
      },
      "type" : "type",
      "isEnrichment" : true,
      "relationships" : [ {
        "entityA" : "entityA",
        "entityB" : "entityB",
        "instance" : "instance",
        "reverseName" : "reverseName",
        "entityBType" : "entityBType",
        "reliability" : "reliability",
        "entityAType" : "entityAType",
        "entityAFamily" : "entityAFamily",
        "type" : "type",
        "entityBFamily" : "entityBFamily",
        "name" : "name",
        "startTime" : "2000-01-23T04:56:07.000+00:00",
        "id" : "id",
        "fields" : {
          "key" : "{}"
        },
        "brand" : "brand"
      }, {
        "entityA" : "entityA",
        "entityB" : "entityB",
        "instance" : "instance",
        "reverseName" : "reverseName",
        "entityBType" : "entityBType",
        "reliability" : "reliability",
        "entityAType" : "entityAType",
        "entityAFamily" : "entityAFamily",
        "type" : "type",
        "entityBFamily" : "entityBFamily",
        "name" : "name",
        "startTime" : "2000-01-23T04:56:07.000+00:00",
        "id" : "id",
        "fields" : {
          "key" : "{}"
        },
        "brand" : "brand"
      } ],
      "score" : 2,
      "bypassExclusionList" : true,
      "sourceBrand" : "sourceBrand",
      "expirationInterval" : 5,
      "fetchTime" : "2000-01-23T04:56:07.000+00:00",
      "ExpirationSource" : {
        "instance" : "instance",
        "expirationInterval" : 6,
        "expirationPolicy" : "expirationPolicy",
        "source" : "source",
        "moduleId" : "moduleId",
        "brand" : "brand",
        "user" : "user",
        "setTime" : "2000-01-23T04:56:07.000+00:00"
      },
      "fields" : {
        "key" : "{}"
      },
      "moduleId" : "moduleId",
      "classifierVersion" : 1,
      "value" : "value",
      "timestamp" : "2000-01-23T04:56:07.000+00:00"
    }
  },
  "id" : "id",
  "setBy" : "setBy",
  "value" : "value",
  "aggregatedReliability" : "aggregatedReliability",
  "timestamp" : "2000-01-23T04:56:07.000+00:00",
  "manualScore" : true,
  "numericId" : 1,
  "sequenceNumber" : 4,
  "comments" : [ {
    "numericId" : 1,
    "sequenceNumber" : 5,
    "sizeInBytes" : 2,
    "created" : "2000-01-23T04:56:07.000+00:00",
    "indexName" : "indexName",
    "primaryTerm" : 5,
    "cacheVersn" : 6,
    "syncHash" : "syncHash",
    "source" : "source",
    "type" : "type",
    "sortValues" : [ "sortValues", "sortValues" ],
    "version" : 7,
    "content" : "content",
    "entryId" : "entryId",
    "highlight" : {
      "key" : [ "highlight", "highlight" ]
    },
    "modified" : "2000-01-23T04:56:07.000+00:00",
    "id" : "id",
    "category" : "category",
    "user" : "user"
  }, {
    "numericId" : 1,
    "sequenceNumber" : 5,
    "sizeInBytes" : 2,
    "created" : "2000-01-23T04:56:07.000+00:00",
    "indexName" : "indexName",
    "primaryTerm" : 5,
    "cacheVersn" : 6,
    "syncHash" : "syncHash",
    "source" : "source",
    "type" : "type",
    "sortValues" : [ "sortValues", "sortValues" ],
    "version" : 7,
    "content" : "content",
    "entryId" : "entryId",
    "highlight" : {
      "key" : [ "highlight", "highlight" ]
    },
    "modified" : "2000-01-23T04:56:07.000+00:00",
    "id" : "id",
    "category" : "category",
    "user" : "user"
  } ],
  "created" : "2000-01-23T04:56:07.000+00:00",
  "firstSeen" : "2000-01-23T04:56:07.000+00:00",
  "indexName" : "indexName",
  "expirationSource" : {
    "instance" : "instance",
    "expirationInterval" : 6,
    "expirationPolicy" : "expirationPolicy",
    "source" : "source",
    "moduleId" : "moduleId",
    "brand" : "brand",
    "user" : "user",
    "setTime" : "2000-01-23T04:56:07.000+00:00"
  },
  "insightCache" : {
    "numericId" : 3,
    "sequenceNumber" : 7,
    "sizeInBytes" : 1,
    "scores" : {
      "key" : {
        "score" : 4,
        "isTypedIndicator" : true,
        "contentFormat" : "contentFormat",
        "reliability" : "reliability",
        "scoreChangeTimestamp" : "2000-01-23T04:56:07.000+00:00",
        "context" : {
          "key" : "{}"
        },
        "type" : "type",
        "content" : "content",
        "timestamp" : "2000-01-23T04:56:07.000+00:00"
      }
    },
    "created" : "2000-01-23T04:56:07.000+00:00",
    "indexName" : "indexName",
    "primaryTerm" : 2,
    "cacheVersn" : 9,
    "syncHash" : "syncHash",
    "sortValues" : [ "sortValues", "sortValues" ],
    "version" : 1,
    "highlight" : {
      "key" : [ "highlight", "highlight" ]
    },
    "modified" : "2000-01-23T04:56:07.000+00:00",
    "id" : "id"
  },
  "cacheVersn" : 0,
  "lastSeenEntryID" : "lastSeenEntryID",
  "sortValues" : [ "sortValues", "sortValues" ],
  "version" : 9,
  "CustomFields" : {
    "key" : "{}"
  },
  "sourceInstances" : [ "sourceInstances", "sourceInstances" ],
  "lastSeen" : "2000-01-23T04:56:07.000+00:00",
  "isPreventable" : true,
  "firstSeenEntryID" : "firstSeenEntryID",
  "sourceBrands" : [ "sourceBrands", "sourceBrands" ],
  "comment" : "comment",
  "expiration" : "2000-01-23T04:56:07.000+00:00",
  "account" : "account",
  "isShared" : true,
  "isDetectable" : true
}' \
 -d '
  UNDEFINED_EXAMPLE_VALUE
  aeiou
  aeiou
  123456789
  2000-01-23T04:56:07.000Z
  aeiou
  2000-01-23T04:56:07.000Z
  2000-01-23T04:56:07.000Z
  2000-01-23T04:56:07.000Z
  aeiou
  2000-01-23T04:56:07.000Z
  aeiou
  UNDEFINED_EXAMPLE_VALUE
  aeiou
  aeiou
  aeiou
  aeiou
  true
  true
  true
  2000-01-23T04:56:07.000Z
  2000-01-23T04:56:07.000Z
  aeiou
  2000-01-23T04:56:07.000Z
  true
  2000-01-23T04:56:07.000Z
  aeiou
  2000-01-23T04:56:07.000Z
  2000-01-23T04:56:07.000Z
  UNDEFINED_EXAMPLE_VALUE
  123456789
  123456789
  123456789
  123456789
  123456789
  aeiou
  123456789
  aeiou
  aeiou
  aeiou
  aeiou
  aeiou
  2000-01-23T04:56:07.000Z
  aeiou
  123456789
'
Edit an indicator entity To update indicator custom fields you should lowercase them and remove all spaces. For example: Scan IP -> scanip