ビュー:

Use this API to extract suspicious objects from uploaded OpenIOC files to the User-Defined Suspicious Object list.

HTTP Request

PUT /SuspiciousObjectsBackend/UserDefinedSOResource
/OpenIOCExtraction HTTP/1.1

Parameters

Important:

The HTTP request body must contain all required parameters.

Name

Type

Description

Value

Required Parameters

FileHashIDList

String

Extracts suspicious objects from uploaded files with the specified file hash IDs

  

ScanType

String

Indicates the scan action to perform on detected suspicious objects

  

File

String

The scan action to perform on suspicious file detections

  • 1: Log

  • 2: Block

  • 3: Quarantine

IP

String

The scan action to perform on suspicious IP address detections

  • 1: Log

  • 2: Block

  • 3: Quarantine

URL

String

The scan action to perform on suspicious URL detections

  • 1: Log

  • 2: Block

  • 3: Quarantine

Domain

String

The scan action to perform on suspicious domain detections

  • 1: Log

  • 2: Block

  • 3: Quarantine

HTTP Request Example

PUT /SuspiciousObjectsBackend/UserDefinedSOResource
/OpenIOCExtraction HTTP/1.1

HTTP Request Body

Specify a JSON object containing the following HTTP header and request body:

  • HTTP header:

    Important:

    • This API only supports the following Content-Type.

    • The authorization header is only required for external HTTP requests.

    Field Name

    Value

    Content-Type

    application/json;charset=utf-8

    Authorization

    Bearer {Generated JWT authentication token}

  • Request body:

    {
    "param":{
        "FileHashIDList":[
            "0F386D54-FF3C-4885-A438-CFFD635C0BA3",
            "0050562D-9B96-5A43-62FE-03C3141324F8"
        ],
        "ScanType":{
           "File":3,
           "IP":2,
           "URL":1,
           "Domain":1
        }
    }
}

Response

If successful, this method returns an HTTP status code of "200", result code of "1", and a response body with the following structure:

{
  "Data":
    [
     {
      "FileHashID": "2A15F09D5C2779DEE7D42BE0F7959688E5329A16",
      "ExtractingStatus" : 1,
      "ExtractionErrorMessage": ""
     },
     {
      "FileHashID": "2A15F09D5C2779DEE7D42BE0F7959688E5329A16",
      "ExtractingStatus" : -5,
      "ExtractionErrorMessage": "Database insert unsuccessful"
     }
    ],
  "Meta":{
     "Result":"1",
     "ErrorCode":"",
     "ErrorMsg":""
  }
}

If partially successful, this method returns an HTTP status code of "206" and the following result codes:

Result Code

Description

-999

Unknown error

-9

Maximum file count exceeded

-6

Extraction in progress

-5

Database insert unsuccessful

-3

Parameter validation unsuccessful

1

Not all objects extracted successfully

For more information about API responses and descriptions of response codes, see the following topics:

Parent topic: OpenIOC APIs