CURLcurl -X POST \ -H "Authorization: [[apiKey]]" \ -H "Accept: application/json" \ -H "Content-Type: application/json,application/xml" \ "https://hostname:443/evidence" \ -d '{ "dbotCreatedBy" : "dbotCreatedBy", "sizeInBytes" : 2, "primaryTerm" : 5, "roles" : [ "roles", "roles" ], "description" : "description", "syncHash" : "syncHash", "entryId" : "entryId", "highlight" : { "key" : [ "highlight", "highlight" ] }, "markedDate" : "2000-01-23T04:56:07.000+00:00", "modified" : "2000-01-23T04:56:07.000+00:00", "xsoarReadOnlyRoles" : [ "xsoarReadOnlyRoles", "xsoarReadOnlyRoles" ], "id" : "id", "markedBy" : "markedBy", "allReadWrite" : true, "numericId" : 1, "sequenceNumber" : 5, "previousAllRead" : true, "previousRoles" : [ "previousRoles", "previousRoles" ], "occurred" : "2000-01-23T04:56:07.000+00:00", "created" : "2000-01-23T04:56:07.000+00:00", "indexName" : "indexName", "xsoarHasReadOnlyRole" : true, "xsoarPreviousReadOnlyRoles" : [ "xsoarPreviousReadOnlyRoles", "xsoarPreviousReadOnlyRoles" ], "cacheVersn" : 6, "sortValues" : [ "sortValues", "sortValues" ], "version" : 7, "tags" : [ "tags", "tags" ], "ShardID" : 0, "previousAllReadWrite" : true, "tagsRaw" : [ "tagsRaw", "tagsRaw" ], "allRead" : true, "hasRole" : true, "incidentId" : "incidentId", "taskId" : "taskId", "fetched" : "2000-01-23T04:56:07.000+00:00" }' \ -d '' 123456789 true true 123456789 2000-01-23T04:56:07.000Z aeiou aeiou aeiou 2000-01-23T04:56:07.000Z true UNDEFINED_EXAMPLE_VALUE aeiou aeiou aeiou aeiou 2000-01-23T04:56:07.000Z 2000-01-23T04:56:07.000Z 123456789 2000-01-23T04:56:07.000Z true true aeiou 123456789 aeiou 123456789 123456789 aeiou aeiou aeiou aeiou aeiou 123456789 true aeiou aeiou
Save an evidence entity
To update evidence custom fields you should lowercase them and remove all spaces. For example: Scan IP -> scanip