STIX :: Extract · Customer Self-Service

Use this API to extract suspicious objects from uploaded STIX files to the User-Defined Suspicious Object list.

HTTP Request

PUT /SuspiciousObjectsBackend/UserDefinedSOResource
/STIXExtraction HTTP/1.1

Parameters

Important:

The HTTP request body must contain all required parameters.

Name	Type	Description	Value
Required Parameters
FileHashIDList	String	Extracts suspicious objects from uploaded files with the specified file hash IDs	Default value: []
ScanType	String	Indicates the scan action to perform on detected suspicious objects	Default value: {}
File	String	The scan action to perform on suspicious file detections	1: Log 2: Block 3: Quarantine
IP	String	The scan action to perform on suspicious IP address detections	1: Log 2: Block 3: Quarantine
URL	String	The scan action to perform on suspicious URL detections	1: Log 2: Block 3: Quarantine
Domain	String	The scan action to perform on suspicious domain detections	1: Log 2: Block 3: Quarantine

HTTP Request Example

PUT /SuspiciousObjectsBackend/UserDefinedSOResource
/STIXExtraction HTTP/1.1

HTTP Request Body

Specify a JSON object containing the following HTTP header and request body:

HTTP header:

Important:

This API only supports the following Content-Type.
The authorization header is only required for external HTTP requests.

Field Name	Value
Content-Type	application/json;charset=utf-8
Authorization	Bearer {Generated JWT authentication token}

Request body:

{
    "param":{
        "FileHashIDList":[
            "0F386D54-FF3C-4885-A438-CFFD635C0BA3",
            "0050562D-9B96-5A43-62FE-03C3141324F8"
        ],
        "ScanType":{
           "File":3,
           "IP":1,
           "URL":2,
           "Domain":1
        }
    }
}

Response

If successful, this method returns an HTTP status code of "200", result code of "1", and a response body with the following structure:

{
  "Data":
    [
     {
      "FileHashID": "2A15F09D5C2779DEE7D42BE0F7959688E5329A16",
      "ExtractingStatus" : 1,
      "ExtractionErrorMessage": ""
     },
     {
      "FileHashID": "2A15F09D5C2779DEE7D42BE0F7959688E5329A16",
      "ExtractingStatus" : -5,
      "ExtractionErrorMessage": "Database insert unsuccessful"
     }
    ],
  "Meta":{
      "Result":"1",
      "ErrorCode":"",
      "ErrorMsg":""
  }
}

If partially successful, this method returns an HTTP status code of "206" and the following result codes:

Result Code	Description
-999	Unknown error
-9	Maximum file count exceeded
-6	Extraction in progress
-5	Database insert unsuccessful
-3	Parameter validation unsuccessful
1	Not all objects extracted successfully

For more information about API responses and descriptions of response codes, see the following topics: