Skip to content

Commit

Permalink
#9 update and format
Browse files Browse the repository at this point in the history
  • Loading branch information
@jeromeleonard
jeromeleonard committed Aug 31, 2021
1 parent 3ca8a65 commit 5571f57
Show file tree
Hide file tree
Showing 6 changed files with 366 additions and 9 deletions.
4 changes: 3 additions & 1 deletion docs/thehive/api/case-template/.pages
View file
Original file line number Diff line number Diff line change
@@ -1,3 +1,5 @@
nav:
- list.md
- create.md
- update.md
- update.md
- delete.md
177 changes: 170 additions & 7 deletions docs/thehive/api/case-template/create.md
View file
Original file line number Diff line number Diff line change
@@ -1,21 +1,184 @@
# Create

Create a *Case Templates*.

## Query

```plain
POST /api/v1/query?name=organisation-case-templates
```

```
### Request Body Example

!!! Example ""

## Request Body Example
```json
{
"name": "MISPEvent",
"titlePrefix": "",
"severity": 2,
"tlp": 2,
"pap": 2,
"tags": [
"hunting"
],
"tasks": [
{
"order": 0,
"title": "Search for IOCs on Mail gateway logs",
"group": "default",
"description": "Run queries in Mail gateway logs and look for IOcs of type IP, email addresses, hostnames, free text. "
},
{
"order": 1,
"title": "Search for IOCs on Firewall logs",
"group": "default",
"description": "Run queries in firewall logs and look for IOcs of type IP, port"
},
{
"order": 2,
"title": "Search for IOCs on Web proxy logs",
"group": "default",
"description": "Run queries in web proxy logs and look for IOcs of type IP, domain, hostname, user-agent"
}
],
"customFields": {
"hits": {
"integer": null,
"order": 1
}
},
"description": "Check if IOCs shared by the community have been seen on the network",
"displayName": "MISP"
}
```

```json
With:

```
- `id`: Organisation identifier of Name

## Response

### Status codes

- `201`: if query is run successfully
- `401`: Authentication error
- `403`: Authorization error

### Response Body Example

!!! Example ""

=== "200"

```json
[
...
{
"_id": "~910319824",
"_type": "CaseTemplate",
"_createdBy": "[email protected]",
"_updatedBy": "[email protected]",
"_createdAt": 1620297081745,
"_updatedAt": 1620389292177,
"name": "Phishing",
"displayName": "Phishing",
"titlePrefix": "Phishing -",
"description": "Phishing attempt has succeed.",
"severity": 2,
"tags": [
"category:Phishing"
],
"flag": false,
"tlp": 2,
"pap": 2,
"customFields": [],
"tasks": [
{
"_id": "~677056528",
"_type": "Task",
"_createdBy": "[email protected]",
"_createdAt": 1620389292172,
"title": "Initial alert",
"group": "default",
"description": "-What happened?\n-When does it happened?\n-How did it happened?\n-How did we detected the anomaly/alert/incident?",
"status": "Waiting",
"flag": false,
"order": 0,
"extraData": {}
},
{
"_id": "~677060624",
"_type": "Task",
"_createdBy": "[email protected]",
"_createdAt": 1620389292173,
"title": "Remediation",
"group": "default",
"description": "Explain here all the actions performed to contain and remediate the threat.",
"status": "Waiting",
"flag": false,
"order": 3,
"extraData": {}
},
{
"_id": "~677064720",
"_type": "Task",
"_createdBy": "[email protected]",
"_createdAt": 1620389292174,
"title": "Lessons learnt",
"group": "default",
"description": "Write here the lessons learnt for the case.",
"status": "Waiting",
"flag": false,
"order": 4,
"extraData": {}
},
{
"_id": "~706662512",
"_type": "Task",
"_createdBy": "[email protected]",
"_createdAt": 1620389292171,
"title": "Notification / Communication",
"group": "default",
"description": "Write here all the communications related to this case",
"status": "Waiting",
"flag": false,
"order": 2,
"extraData": {}
},
{
"_id": "~789033176",
"_type": "Task",
"_createdBy": "[email protected]",
"_createdAt": 1620389292174,
"title": "Analysis",
"group": "default",
"description": "-Technical analysis of the incident\n-Current impact\n-Potential damages due to the incident\n-...",
"status": "Waiting",
"flag": false,
"order": 1,
"extraData": {}
}
]
}
...
]
```

=== "401"

## Response Body Example
```json
{
"type": "AuthenticationError",
"message": "Authentication failure"
}
```

```json
=== "403"

```
```json
{
"type": "AuthorizationError",
"message": "Your are not authorized to create custom field, you haven't the permission manageCustomField"
}
```
22 changes: 22 additions & 0 deletions docs/thehive/api/case-template/delete.md
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,22 @@
# Delete

Delete a *Case Templates*.

## Query

```plain
DELETE /api/case/template/{id}
```

With:

- `id`: *Case template* identifier


## Response

### Status codes

- `200`: if Case Template is deleted successfully
- `401`: Authentication error
- `403`: Authorization error
170 changes: 170 additions & 0 deletions docs/thehive/api/case-template/list.md
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,170 @@
# Get / List

List *Case Templates*.

## Query

```plain
POST /api/v1/query?name=organisation-case-templates
```

### Request Body Example

!!! Example ""

```json
{
"query": [
{
"_name": "getOrganisation",
"idOrName": "{id}"
},
{
"_name": "caseTemplates"
},
{
"_name": "sort",
"_fields": [
{
"displayName": "asc"
}
]
},
{
"_name": "page",
"from": 0,
"to": 15
}
]
}
```

With:

- `id`: Organisation identifier of Name

## Response

### Status codes

- `200`: if query is run successfully
- `401`: Authentication error
- `403`: Authorization error

### Response Body Example

!!! Example ""

=== "200"

```json
[
...
{
"_id": "~910319824",
"_type": "CaseTemplate",
"_createdBy": "[email protected]",
"_updatedBy": "[email protected]",
"_createdAt": 1620297081745,
"_updatedAt": 1620389292177,
"name": "Phishing",
"displayName": "Phishing",
"titlePrefix": "Phishing -",
"description": "Phishing attempt has succeed.",
"severity": 2,
"tags": [
"category:Phishing"
],
"flag": false,
"tlp": 2,
"pap": 2,
"customFields": [],
"tasks": [
{
"_id": "~677056528",
"_type": "Task",
"_createdBy": "[email protected]",
"_createdAt": 1620389292172,
"title": "Initial alert",
"group": "default",
"description": "-What happened?\n-When does it happened?\n-How did it happened?\n-How did we detected the anomaly/alert/incident?",
"status": "Waiting",
"flag": false,
"order": 0,
"extraData": {}
},
{
"_id": "~677060624",
"_type": "Task",
"_createdBy": "[email protected]",
"_createdAt": 1620389292173,
"title": "Remediation",
"group": "default",
"description": "Explain here all the actions performed to contain and remediate the threat.",
"status": "Waiting",
"flag": false,
"order": 3,
"extraData": {}
},
{
"_id": "~677064720",
"_type": "Task",
"_createdBy": "[email protected]",
"_createdAt": 1620389292174,
"title": "Lessons learnt",
"group": "default",
"description": "Write here the lessons learnt for the case.",
"status": "Waiting",
"flag": false,
"order": 4,
"extraData": {}
},
{
"_id": "~706662512",
"_type": "Task",
"_createdBy": "[email protected]",
"_createdAt": 1620389292171,
"title": "Notification / Communication",
"group": "default",
"description": "Write here all the communications related to this case",
"status": "Waiting",
"flag": false,
"order": 2,
"extraData": {}
},
{
"_id": "~789033176",
"_type": "Task",
"_createdBy": "[email protected]",
"_createdAt": 1620389292174,
"title": "Analysis",
"group": "default",
"description": "-Technical analysis of the incident\n-Current impact\n-Potential damages due to the incident\n-...",
"status": "Waiting",
"flag": false,
"order": 1,
"extraData": {}
}
]
}
...
]
```

=== "401"

```json
{
"type": "AuthenticationError",
"message": "Authentication failure"
}
```

=== "403"

```json
{
"type": "AuthorizationError",
"message": "Your are not authorized to create custom field, you haven't the permission manageCustomField"
}
```
Loading

0 comments on commit 5571f57

Please sign in to comment.