Created
August 29, 2023 10:22
-
-
Save evost/4468f8a701c8b58d9013461e6697a953 to your computer and use it in GitHub Desktop.
rstapi-main-swagger.json
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| { | |
| "swagger": "2.0", | |
| "info": { | |
| "version": "1.0.1", | |
| "title": "RST Threat Feed REST API" | |
| }, | |
| "host": "api.rstcloud.net", | |
| "basePath": "/v1", | |
| "schemes": [ | |
| "https" | |
| ], | |
| "paths": { | |
| "/auth/check": { | |
| "get": { | |
| "summary": "an API endpoint to test if authentication is successful or not", | |
| "description": "If http status code 200 is returned, then authentication is successul. If an error is returned, then the auth key needs to be replaced.", | |
| "tags": [ | |
| "Connectivity" | |
| ], | |
| "consumes": [ | |
| "application/json" | |
| ], | |
| "produces": [ | |
| "application/json" | |
| ], | |
| "responses": { | |
| "200": { | |
| "description": "200 response", | |
| "schema": { | |
| "$ref": "#/definitions/CorrectAPIKey" | |
| } | |
| }, | |
| "503": { | |
| "description": "503 access denied", | |
| "schema": { | |
| "$ref": "#/definitions/RST503" | |
| } | |
| } | |
| }, | |
| "security": [{ | |
| "api_key": [] | |
| }] | |
| } | |
| }, | |
| "/ioc": { | |
| "get": { | |
| "summary": "Search for an indicator", | |
| "description": "Look up an indicator (IP, Domain, URL, MD5, SHA1, SHA256) in RST Cloud", | |
| "tags": [ | |
| "RST Threat Feed API" | |
| ], | |
| "produces": [ | |
| "application/json" | |
| ], | |
| "parameters": [{ | |
| "name": "value", | |
| "in": "query", | |
| "required": true, | |
| "type": "string" | |
| }], | |
| "responses": { | |
| "200": { | |
| "description": "200 response: the output always includes: ioc_value, ioc_type, collect, fseen, lseen, description, id, title, score, tags, threat fields. Other fields are populated depending on the type of IoCs requested. Some fields may be present with empty values.", | |
| "schema": { | |
| "$ref": "#/definitions/RSTThreatData" | |
| } | |
| }, | |
| "400": { | |
| "description": "400 response", | |
| "schema": { | |
| "$ref": "#/definitions/RSTIOC400" | |
| } | |
| }, | |
| "503": { | |
| "description": "503 access denied", | |
| "schema": { | |
| "$ref": "#/definitions/RST503" | |
| } | |
| } | |
| }, | |
| "security": [{ | |
| "api_key": [] | |
| }] | |
| }, | |
| "post": { | |
| "summary": "Submit an indicator", | |
| "description": "Submit an indicator to request to include it into the RST Threat Feed", | |
| "tags": [ | |
| "RST Threat Feed API" | |
| ], | |
| "produces": [ | |
| "application/json" | |
| ], | |
| "responses": { | |
| "200": { | |
| "description": "200 response", | |
| "schema": { | |
| "$ref": "#/definitions/RSTIOCSubmit" | |
| } | |
| }, | |
| "400": { | |
| "description": "400 response", | |
| "schema": { | |
| "$ref": "#/definitions/RSTIOC400" | |
| } | |
| }, | |
| "500": { | |
| "description": "500 response", | |
| "schema": { | |
| "$ref": "#/definitions/RSTIOCSubmit500" | |
| } | |
| }, | |
| "503": { | |
| "description": "503 access denied", | |
| "schema": { | |
| "$ref": "#/definitions/RST503" | |
| } | |
| } | |
| }, | |
| "security": [{ | |
| "api_key": [] | |
| }] | |
| }, | |
| "put": { | |
| "summary": "Submit a False Posistive indicator", | |
| "description": "Submit a value that looks like a False Positive indicator to request to exlude it from RST Threat Feed", | |
| "tags": [ | |
| "RST Threat Feed API" | |
| ], | |
| "produces": [ | |
| "application/json" | |
| ], | |
| "responses": { | |
| "200": { | |
| "description": "200 response", | |
| "schema": { | |
| "$ref": "#/definitions/RSTIOCSubmit" | |
| } | |
| }, | |
| "400": { | |
| "description": "400 response", | |
| "schema": { | |
| "$ref": "#/definitions/RSTIOC400" | |
| } | |
| }, | |
| "500": { | |
| "description": "500 response", | |
| "schema": { | |
| "$ref": "#/definitions/RSTIOCSubmit500" | |
| } | |
| }, | |
| "503": { | |
| "description": "503 access denied", | |
| "schema": { | |
| "$ref": "#/definitions/RST503" | |
| } | |
| } | |
| }, | |
| "security": [{ | |
| "api_key": [] | |
| }] | |
| } | |
| }, | |
| "/ip": { | |
| "get": { | |
| "summary": "Get a daily database snapshot of IP Feed", | |
| "description": "Fetch a daily database snapshot of IP Feed in CSV or JSON formats comressed in gzip for a certain date (latest or any custom date)", | |
| "tags": [ | |
| "RST Threat Feed Daily DB Snapshot" | |
| ], | |
| "produces": [ | |
| "application/json" | |
| ], | |
| "parameters": [{ | |
| "name": "Accept", | |
| "in": "header", | |
| "required": false, | |
| "type": "string", | |
| "description": "use the following header:\n\n Accept:\\*/* " | |
| }, | |
| { | |
| "name": "type", | |
| "in": "query", | |
| "required": false, | |
| "type": "string", | |
| "default": "json", | |
| "enum": [ | |
| "json", | |
| "csv" | |
| ] | |
| }, | |
| { | |
| "name": "date", | |
| "in": "query", | |
| "required": false, | |
| "type": "string", | |
| "default": "latest", | |
| "description": "could be either a date in format %Y%m%d or a keyword 'latest' that forces to get the latest file available" | |
| } | |
| ], | |
| "responses": { | |
| "302": { | |
| "description": "302 response will redirect to a presigned URL to download a gzip file from AWS S3 bucket", | |
| "schema": { | |
| "$ref": "#/definitions/emptyFile" | |
| }, | |
| "headers": { | |
| "Location": { | |
| "type": "string", | |
| "description": "a URL to download the gzip file" | |
| } | |
| } | |
| }, | |
| "400": { | |
| "description": "400 response", | |
| "schema": { | |
| "$ref": "#/definitions/RST400" | |
| } | |
| }, | |
| "500": { | |
| "description": "500 response", | |
| "schema": { | |
| "$ref": "#/definitions/RST500" | |
| } | |
| }, | |
| "503": { | |
| "description": "503 access denied", | |
| "schema": { | |
| "$ref": "#/definitions/RST503" | |
| } | |
| } | |
| }, | |
| "security": [{ | |
| "api_key": [] | |
| }] | |
| }, | |
| "head": { | |
| "summary": "Get the latest timestamp for IP Feed", | |
| "description": "Get the latest timestamp for IP Feed file availabe to be downloaded", | |
| "tags": [ | |
| "RST Threat Feed Daily DB Snapshot" | |
| ], | |
| "produces": [ | |
| "application/json" | |
| ], | |
| "parameters": [{ | |
| "name": "Accept", | |
| "in": "header", | |
| "required": true, | |
| "type": "string" | |
| }, | |
| { | |
| "name": "type", | |
| "in": "query", | |
| "required": true, | |
| "type": "string" | |
| } | |
| ], | |
| "responses": { | |
| "200": { | |
| "description": "200 response", | |
| "schema": { | |
| "$ref": "#/definitions/emptyFile" | |
| }, | |
| "headers": { | |
| "Last-Modified": { | |
| "type": "string" | |
| }, | |
| "Content-Length": { | |
| "type": "string" | |
| }, | |
| "Timestamp": { | |
| "type": "string" | |
| }, | |
| "Content-Type": { | |
| "type": "string" | |
| } | |
| } | |
| }, | |
| "400": { | |
| "description": "400 response", | |
| "schema": { | |
| "$ref": "#/definitions/RSTERROR" | |
| } | |
| }, | |
| "500": { | |
| "description": "500 response" | |
| }, | |
| "503": { | |
| "description": "503 access denied", | |
| "schema": { | |
| "$ref": "#/definitions/RST503" | |
| } | |
| } | |
| }, | |
| "security": [{ | |
| "api_key": [] | |
| }] | |
| } | |
| }, | |
| "/domain": { | |
| "get": { | |
| "summary": "Get a daily database snapshot of Domain Feed", | |
| "description": "Fetch a daily database snapshot of Domain Feed in CSV or JSON formats comressed in gzip for a certain date (latest or any custom date)", | |
| "tags": [ | |
| "RST Threat Feed Daily DB Snapshot" | |
| ], | |
| "produces": [ | |
| "application/json" | |
| ], | |
| "parameters": [{ | |
| "name": "Accept", | |
| "in": "header", | |
| "required": false, | |
| "type": "string", | |
| "description": "use the following header:\n\n Accept:\\*/* " | |
| }, | |
| { | |
| "name": "type", | |
| "in": "query", | |
| "required": false, | |
| "type": "string", | |
| "default": "json", | |
| "enum": [ | |
| "json", | |
| "csv" | |
| ] | |
| }, | |
| { | |
| "name": "date", | |
| "in": "query", | |
| "required": false, | |
| "type": "string", | |
| "default": "latest", | |
| "description": "could be either a date in format %Y%m%d or a keyword 'latest' that forces to get the latest file available" | |
| } | |
| ], | |
| "responses": { | |
| "302": { | |
| "description": "302 response will redirect to a presigned URL to download the gzip file", | |
| "schema": { | |
| "$ref": "#/definitions/emptyFile" | |
| }, | |
| "headers": { | |
| "Location": { | |
| "type": "string", | |
| "description": "a URL to download the gzip file" | |
| } | |
| } | |
| }, | |
| "400": { | |
| "description": "400 response", | |
| "schema": { | |
| "$ref": "#/definitions/RST400" | |
| } | |
| }, | |
| "500": { | |
| "description": "500 response", | |
| "schema": { | |
| "$ref": "#/definitions/RST500" | |
| } | |
| }, | |
| "503": { | |
| "description": "503 access denied", | |
| "schema": { | |
| "$ref": "#/definitions/RST503" | |
| } | |
| } | |
| }, | |
| "security": [{ | |
| "api_key": [] | |
| }] | |
| }, | |
| "head": { | |
| "summary": "Get the latest timestamp for Domain Feed", | |
| "description": "Get the latest timestamp for Domain Feed file availabe to be downloaded", | |
| "tags": [ | |
| "RST Threat Feed Daily DB Snapshot" | |
| ], | |
| "produces": [ | |
| "application/json" | |
| ], | |
| "parameters": [{ | |
| "name": "Accept", | |
| "in": "header", | |
| "required": true, | |
| "type": "string" | |
| }, | |
| { | |
| "name": "type", | |
| "in": "query", | |
| "required": true, | |
| "type": "string" | |
| } | |
| ], | |
| "responses": { | |
| "200": { | |
| "description": "200 response", | |
| "schema": { | |
| "$ref": "#/definitions/emptyFile" | |
| }, | |
| "headers": { | |
| "Last-Modified": { | |
| "type": "string" | |
| }, | |
| "Content-Length": { | |
| "type": "string" | |
| }, | |
| "Timestamp": { | |
| "type": "string" | |
| }, | |
| "Content-Type": { | |
| "type": "string" | |
| } | |
| } | |
| }, | |
| "400": { | |
| "description": "400 response", | |
| "schema": { | |
| "$ref": "#/definitions/RSTERROR" | |
| } | |
| }, | |
| "500": { | |
| "description": "500 response" | |
| }, | |
| "503": { | |
| "description": "503 access denied", | |
| "schema": { | |
| "$ref": "#/definitions/RST503" | |
| } | |
| } | |
| }, | |
| "security": [{ | |
| "api_key": [] | |
| }] | |
| } | |
| }, | |
| "/url": { | |
| "get": { | |
| "summary": "Get a daily database snapshot of URL Feed", | |
| "description": "Fetch a daily database snapshot of URL Feed in CSV or JSON formats comressed in gzip for a certain date (latest or any custom date)", | |
| "tags": [ | |
| "RST Threat Feed Daily DB Snapshot" | |
| ], | |
| "produces": [ | |
| "application/json" | |
| ], | |
| "parameters": [{ | |
| "name": "Accept", | |
| "in": "header", | |
| "required": false, | |
| "type": "string", | |
| "description": "use the following header:\n\n Accept:\\*/* " | |
| }, | |
| { | |
| "name": "type", | |
| "in": "query", | |
| "required": false, | |
| "type": "string", | |
| "default": "json", | |
| "enum": [ | |
| "json", | |
| "csv" | |
| ] | |
| }, | |
| { | |
| "name": "date", | |
| "in": "query", | |
| "required": false, | |
| "type": "string", | |
| "default": "latest", | |
| "description": "could be either a date in format %Y%m%d or a keyword 'latest' that forces to get the latest file available" | |
| } | |
| ], | |
| "responses": { | |
| "302": { | |
| "description": "302 response will redirect to a presigned URL to download the gzip file", | |
| "schema": { | |
| "$ref": "#/definitions/emptyFile" | |
| }, | |
| "headers": { | |
| "Location": { | |
| "type": "string", | |
| "description": "a URL to download the gzip file" | |
| } | |
| } | |
| }, | |
| "400": { | |
| "description": "400 response", | |
| "schema": { | |
| "$ref": "#/definitions/RST400" | |
| } | |
| }, | |
| "500": { | |
| "description": "500 response", | |
| "schema": { | |
| "$ref": "#/definitions/RST500" | |
| } | |
| }, | |
| "503": { | |
| "description": "503 access denied", | |
| "schema": { | |
| "$ref": "#/definitions/RST503" | |
| } | |
| } | |
| }, | |
| "security": [{ | |
| "api_key": [] | |
| }] | |
| }, | |
| "head": { | |
| "summary": "Get the latest timestamp for URL Feed", | |
| "description": "Get the latest timestamp for URL Feed file availabe to be downloaded", | |
| "tags": [ | |
| "RST Threat Feed Daily DB Snapshot" | |
| ], | |
| "produces": [ | |
| "application/json" | |
| ], | |
| "parameters": [{ | |
| "name": "Accept", | |
| "in": "header", | |
| "required": true, | |
| "type": "string" | |
| }, | |
| { | |
| "name": "type", | |
| "in": "query", | |
| "required": true, | |
| "type": "string" | |
| } | |
| ], | |
| "responses": { | |
| "200": { | |
| "description": "200 response", | |
| "schema": { | |
| "$ref": "#/definitions/emptyFile" | |
| }, | |
| "headers": { | |
| "Last-Modified": { | |
| "type": "string" | |
| }, | |
| "Content-Length": { | |
| "type": "string" | |
| }, | |
| "Timestamp": { | |
| "type": "string" | |
| }, | |
| "Content-Type": { | |
| "type": "string" | |
| } | |
| } | |
| }, | |
| "400": { | |
| "description": "400 response", | |
| "schema": { | |
| "$ref": "#/definitions/RSTERROR" | |
| } | |
| }, | |
| "500": { | |
| "description": "500 response" | |
| }, | |
| "503": { | |
| "description": "503 access denied", | |
| "schema": { | |
| "$ref": "#/definitions/RST503" | |
| } | |
| } | |
| }, | |
| "security": [{ | |
| "api_key": [] | |
| }] | |
| } | |
| }, | |
| "/hash": { | |
| "get": { | |
| "summary": "Get a daily database snapshot of Hash Feed", | |
| "description": "Fetch a daily database snapshot of Hash Feed in CSV or JSON formats comressed in gzip for a certain date (latest or any custom date)", | |
| "tags": [ | |
| "RST Threat Feed Daily DB Snapshot" | |
| ], | |
| "produces": [ | |
| "application/json" | |
| ], | |
| "parameters": [{ | |
| "name": "Accept", | |
| "in": "header", | |
| "required": false, | |
| "type": "string", | |
| "description": "use the following header:\n\n Accept:\\*/* " | |
| }, | |
| { | |
| "name": "type", | |
| "in": "query", | |
| "required": false, | |
| "type": "string", | |
| "default": "json", | |
| "enum": [ | |
| "json", | |
| "csv" | |
| ] | |
| }, | |
| { | |
| "name": "date", | |
| "in": "query", | |
| "required": false, | |
| "type": "string", | |
| "default": "latest", | |
| "description": "could be either a date in format %Y%m%d or a keyword 'latest' that forces to get the latest file available" | |
| } | |
| ], | |
| "responses": { | |
| "302": { | |
| "description": "302 response will redirect to a presigned URL to download the gzip file", | |
| "schema": { | |
| "$ref": "#/definitions/emptyFile" | |
| }, | |
| "headers": { | |
| "Location": { | |
| "type": "string", | |
| "description": "a URL to download the gzip file" | |
| } | |
| } | |
| }, | |
| "400": { | |
| "description": "400 response", | |
| "schema": { | |
| "$ref": "#/definitions/RST400" | |
| } | |
| }, | |
| "500": { | |
| "description": "500 response", | |
| "schema": { | |
| "$ref": "#/definitions/RST500" | |
| } | |
| }, | |
| "503": { | |
| "description": "503 access denied", | |
| "schema": { | |
| "$ref": "#/definitions/RST503" | |
| } | |
| } | |
| }, | |
| "security": [{ | |
| "api_key": [] | |
| }] | |
| }, | |
| "head": { | |
| "summary": "Get the latest timestamp for Hash Feed", | |
| "description": "Get the latest timestamp for Hash Feed file availabe to be downloaded", | |
| "tags": [ | |
| "RST Threat Feed Daily DB Snapshot" | |
| ], | |
| "produces": [ | |
| "application/json" | |
| ], | |
| "parameters": [{ | |
| "name": "Accept", | |
| "in": "header", | |
| "required": true, | |
| "type": "string" | |
| }, | |
| { | |
| "name": "type", | |
| "in": "query", | |
| "required": true, | |
| "type": "string" | |
| } | |
| ], | |
| "responses": { | |
| "200": { | |
| "description": "200 response", | |
| "schema": { | |
| "$ref": "#/definitions/emptyFile" | |
| }, | |
| "headers": { | |
| "Last-Modified": { | |
| "type": "string" | |
| }, | |
| "Content-Length": { | |
| "type": "string" | |
| }, | |
| "Timestamp": { | |
| "type": "string" | |
| }, | |
| "Content-Type": { | |
| "type": "string" | |
| } | |
| } | |
| }, | |
| "400": { | |
| "description": "400 response", | |
| "schema": { | |
| "$ref": "#/definitions/RSTERROR" | |
| } | |
| }, | |
| "500": { | |
| "description": "500 response" | |
| }, | |
| "503": { | |
| "description": "503 access denied", | |
| "schema": { | |
| "$ref": "#/definitions/RST503" | |
| } | |
| } | |
| }, | |
| "security": [{ | |
| "api_key": [] | |
| }] | |
| } | |
| }, | |
| "/reports/bulletin": { | |
| "get": { | |
| "summary": "Get a JSON list of TI reports for a given date", | |
| "description": "A successful execution will send a redirect to an S3 bucket to download a corresponding PDF", | |
| "tags": [ | |
| "RST Report Hub" | |
| ], | |
| "parameters": [{ | |
| "name": "date", | |
| "description": "date string using the yyyymmdd format", | |
| "in": "header", | |
| "required": true, | |
| "type": "string" | |
| }], | |
| "responses": { | |
| "200": { | |
| "description": "Successful response", | |
| "schema": { | |
| "$ref": "#/definitions/REPORT" | |
| } | |
| }, | |
| "400": { | |
| "description": "400 response", | |
| "schema": { | |
| "$ref": "#/definitions/RST400" | |
| } | |
| }, | |
| "404": { | |
| "description": "404 response", | |
| "schema": { | |
| "$ref": "#/definitions/RST404" | |
| } | |
| }, | |
| "500": { | |
| "description": "500 response", | |
| "schema": { | |
| "$ref": "#/definitions/RST500" | |
| } | |
| }, | |
| "503": { | |
| "description": "503 access denied", | |
| "schema": { | |
| "$ref": "#/definitions/RST503" | |
| } | |
| } | |
| }, | |
| "security": [{ | |
| "api_key": [] | |
| }] | |
| } | |
| }, | |
| "/reports/bulletin/pdf": { | |
| "get": { | |
| "summary": "Get an individual PDF report", | |
| "description": "A successful execution is a redirect being sent by the server to an AWS S3 bucket to download a corresponding PDF", | |
| "tags": [ | |
| "RST Report Hub" | |
| ], | |
| "parameters": [{ | |
| "name": "id", | |
| "in": "header", | |
| "required": true, | |
| "type": "string" | |
| }], | |
| "responses": { | |
| "302": { | |
| "description": "302 response redirects to a presigned URL to download a PDF file from the AWS S3 bucket", | |
| "schema": { | |
| "$ref": "#/definitions/emptyFile" | |
| }, | |
| "headers": { | |
| "Location": { | |
| "type": "string", | |
| "description": "a URL to download the PDF file" | |
| } | |
| } | |
| }, | |
| "400": { | |
| "description": "400 response", | |
| "schema": { | |
| "$ref": "#/definitions/RST400" | |
| } | |
| }, | |
| "404": { | |
| "description": "404 response", | |
| "schema": { | |
| "$ref": "#/definitions/RST404" | |
| } | |
| }, | |
| "500": { | |
| "description": "500 response", | |
| "schema": { | |
| "$ref": "#/definitions/RST500" | |
| } | |
| }, | |
| "503": { | |
| "description": "503 access denied", | |
| "schema": { | |
| "$ref": "#/definitions/RST503" | |
| } | |
| } | |
| }, | |
| "security": [{ | |
| "api_key": [] | |
| }] | |
| } | |
| }, | |
| "/whois/{domain}": { | |
| "get": { | |
| "summary": "Get WHOIS information for a given domain name", | |
| "description": "Get actual WHOIS information for a given domain name (cached up to 24 hours)", | |
| "tags": [ | |
| "RST Whois API" | |
| ], | |
| "parameters": [{ | |
| "name": "domain", | |
| "in": "path", | |
| "required": true, | |
| "type": "string" | |
| }], | |
| "responses": { | |
| "200": { | |
| "description": "200 response", | |
| "schema": { | |
| "$ref": "#/definitions/RSTWhoisData" | |
| } | |
| }, | |
| "400": { | |
| "description": "400 response", | |
| "schema": { | |
| "$ref": "#/definitions/RSTWHOIS400" | |
| } | |
| }, | |
| "503": { | |
| "description": "503 access denied", | |
| "schema": { | |
| "$ref": "#/definitions/RST503" | |
| } | |
| } | |
| }, | |
| "security": [{ | |
| "api_key": [] | |
| }] | |
| } | |
| } | |
| }, | |
| "securityDefinitions": { | |
| "api_key": { | |
| "type": "apiKey", | |
| "name": "x-api-key", | |
| "in": "header" | |
| } | |
| }, | |
| "definitions": { | |
| "CorrectAPIKey": { | |
| "type": "object", | |
| "properties": { | |
| "check": { | |
| "type": "object", | |
| "properties": { | |
| "name": { | |
| "type": "string", | |
| "example": "CheckApiKey" | |
| }, | |
| "status": { | |
| "type": "string", | |
| "example": "valid" | |
| } | |
| } | |
| } | |
| } | |
| }, | |
| "RSTWhoisData": { | |
| "type": "object", | |
| "properties": { | |
| "status": { | |
| "type": "string", | |
| "example": "registered" | |
| }, | |
| "registered?": { | |
| "type": "string", | |
| "example": "true" | |
| }, | |
| "created_on": { | |
| "type": "string", | |
| "example": "2022-01-01 00:00:00" | |
| }, | |
| "updated_on": { | |
| "type": "string", | |
| "example": "2022-01-01 00:00:00" | |
| }, | |
| "expires_on": { | |
| "type": "string", | |
| "example": "2023-01-01 00:00:00" | |
| }, | |
| "age": { | |
| "type": "integer", | |
| "example": 365 | |
| }, | |
| "registrar": { | |
| "type": "string", | |
| "example": "Registrar Name" | |
| }, | |
| "registrant": { | |
| "type": "string", | |
| "example": "Registrant Name" | |
| }, | |
| "nameservers": { | |
| "type": "string", | |
| "example": "ns1.domain.com,ns2.domain.com" | |
| } | |
| } | |
| }, | |
| "RSTThreatData": { | |
| "type": "object", | |
| "properties": { | |
| "ioc_value": { | |
| "type": "string", | |
| "example": "domain.local" | |
| }, | |
| "ioc_type": { | |
| "type": "string", | |
| "example": "domain" | |
| }, | |
| "id": { | |
| "type": "string", | |
| "example": "UUID" | |
| }, | |
| "title": { | |
| "type": "string", | |
| "example": "RST Threat feed. IOC: domain.local" | |
| }, | |
| "description": { | |
| "type": "string" | |
| }, | |
| "collect": { | |
| "type": "integer" | |
| }, | |
| "fseen": { | |
| "type": "integer" | |
| }, | |
| "lseen": { | |
| "type": "integer" | |
| }, | |
| "tags": { | |
| "type": "object", | |
| "example": [ | |
| "malware", | |
| "phishing" | |
| ] | |
| }, | |
| "threat": { | |
| "type": "object", | |
| "example": [ | |
| "emotet" | |
| ] | |
| } | |
| } | |
| }, | |
| "RSTIOCSubmit": { | |
| "type": "object", | |
| "properties": { | |
| "ioc_value": { | |
| "type": "string", | |
| "example": "domain.local" | |
| }, | |
| "status": { | |
| "type": "string", | |
| "example": "submitted" | |
| } | |
| } | |
| }, | |
| "RSTIOCSubmit500": { | |
| "type": "object", | |
| "properties": { | |
| "ioc_value": { | |
| "type": "string", | |
| "example": "domain.local" | |
| }, | |
| "status": { | |
| "type": "string", | |
| "example": "Server Error" | |
| } | |
| } | |
| }, | |
| "RST400": { | |
| "type": "object", | |
| "properties": { | |
| "error": { | |
| "type": "string", | |
| "example": "Bad Request" | |
| } | |
| } | |
| }, | |
| "RST404": { | |
| "type": "object", | |
| "properties": { | |
| "error": { | |
| "type": "string", | |
| "example": "Not Found" | |
| } | |
| } | |
| }, | |
| "RSTWHOIS400": { | |
| "type": "string", | |
| "example": "Bad Request" | |
| }, | |
| "RST500": { | |
| "type": "object", | |
| "properties": { | |
| "error": { | |
| "type": "string", | |
| "example": "Unexpected Server Exception" | |
| } | |
| } | |
| }, | |
| "RSTIOC400": { | |
| "type": "object", | |
| "properties": { | |
| "ioc_value": { | |
| "type": "string", | |
| "example": "domain.local" | |
| }, | |
| "status": { | |
| "type": "string", | |
| "example": "Bad Request" | |
| } | |
| } | |
| }, | |
| "RST503": { | |
| "type": "object", | |
| "properties": { | |
| "message": { | |
| "type": "string", | |
| "example": "Forbidden" | |
| } | |
| } | |
| }, | |
| "RSTERROR": { | |
| "type": "object", | |
| "properties": { | |
| "message": { | |
| "type": "string" | |
| } | |
| } | |
| }, | |
| "REPORT": { | |
| "type": "array", | |
| "items": { | |
| "type": "object", | |
| "properties": { | |
| "id": { | |
| "type": "string" | |
| }, | |
| "date": { | |
| "type": "string" | |
| }, | |
| "url": { | |
| "type": "string" | |
| }, | |
| "title": { | |
| "type": "string" | |
| }, | |
| "img": { | |
| "type": "string" | |
| }, | |
| "threats": { | |
| "type": "array", | |
| "items": { | |
| "type": "string" | |
| } | |
| }, | |
| "ttps": { | |
| "type": "array", | |
| "items": { | |
| "type": "string" | |
| } | |
| }, | |
| "detects": { | |
| "type": "object", | |
| "properties": { | |
| "yara": { | |
| "type": "boolean" | |
| }, | |
| "sigma": { | |
| "type": "boolean" | |
| } | |
| } | |
| }, | |
| "iocs": { | |
| "type": "object", | |
| "properties": { | |
| "ip": { | |
| "type": "array", | |
| "items": { | |
| "type": "string" | |
| } | |
| }, | |
| "domain": { | |
| "type": "array", | |
| "items": { | |
| "type": "string" | |
| } | |
| }, | |
| "url": { | |
| "type": "array", | |
| "items": { | |
| "type": "string" | |
| } | |
| }, | |
| "hash": { | |
| "type": "array", | |
| "items": { | |
| "type": "object", | |
| "properties": { | |
| "md5": { | |
| "type": "string" | |
| }, | |
| "sha1": { | |
| "type": "string" | |
| }, | |
| "sha256": { | |
| "type": "string" | |
| } | |
| } | |
| } | |
| } | |
| } | |
| } | |
| } | |
| } | |
| }, | |
| "emptyFile": { | |
| "type": "object", | |
| "title": "an empty response" | |
| } | |
| } | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment