Create an Observable

POST

workspace

{ws_id}

case_management

table

observables

curl --request POST \
  --url https://app.blinkops.com/api/v1/workspace/{ws_id}/case_management/table/observables \
  --header 'BLINK-API-KEY: <api-key>' \
  --header 'Content-Type: */*' \
  --data '{
  "content": "1.1.1.1",
  "description": "Suspicious IP address observed in network traffic",
  "enrichment_data": "{\"VirusTotal-Score\":\"value\"}",
  "name": "Suspicious IP Address",
  "type": "IP Address",
  "verdict": "Suspicious"
}'

{
  "content": "1.1.1.1",
  "description": "Suspicious IP address observed in network traffic",
  "enrichment_data": "{\"VirusTotal-Score\":\"value\"}",
  "name": "Suspicious IP Address",
  "type": "IP Address",
  "verdict": "Suspicious"
}

Authorizations

BLINK-API-KEY

string

header

required

Use your API key to access BlinkOps API. To generate an API key, please log in to your BlinkOps account and navigate to the API Keys section in the user settings page. Add the generated key to your request headers as BLINK-API-KEY.

Path Parameters

ws_id

string

required

Workspace ID

Body

*/*

Observable Data

content

string

Example:

"1.1.1.1"

description

string

Example:

"Suspicious IP address observed in network traffic"

enrichment_data

string

Example:

"{\"VirusTotal-Score\":\"value\"}"

name

string

Example:

"Suspicious IP Address"

type

enum<string>

Available options:

Unknown,

Hostname,

IP Address,

MAC Address,

User Name,

Email Address,

URL String,

File Name,

Hash,

Process Name,

Resource UID,

Port,

Subnet,

Command Line,

Country,

Process ID,

HTTP User-Agent,

CWE Object: uid,

CVE Object: uid,

User Credential ID,

Endpoint,

User,

Email,

Uniform Resource Locator,

File,

Process,

Geo Location,

Container,

Registry Key,

Registry Value,

Fingerprint,

Other

Example:

"IP Address"

verdict

enum<string>

Available options:

Unknown,

Benign,

Suspicious,

Malicious

Example:

"Suspicious"

Response

200

*/*

content

string

Example:

"1.1.1.1"

description

string

Example:

"Suspicious IP address observed in network traffic"

enrichment_data

string

Example:

"{\"VirusTotal-Score\":\"value\"}"

name

string

Example:

"Suspicious IP Address"

type

enum<string>

Available options:

Unknown,

Hostname,

IP Address,

MAC Address,

User Name,

Email Address,

URL String,

File Name,

Hash,

Process Name,

Resource UID,

Port,

Subnet,

Command Line,

Country,

Process ID,

HTTP User-Agent,

CWE Object: uid,

CVE Object: uid,

User Credential ID,

Endpoint,

User,

Email,

Uniform Resource Locator,

File,

Process,

Geo Location,

Container,

Registry Key,

Registry Value,

Fingerprint,

Other

Example:

"IP Address"

verdict

enum<string>

Available options:

Unknown,

Benign,

Suspicious,

Malicious

Example:

"Suspicious"

Was this page helpful?

Update a Case Update an Observable

curl --request POST \
  --url https://app.blinkops.com/api/v1/workspace/{ws_id}/case_management/table/observables \
  --header 'BLINK-API-KEY: <api-key>' \
  --header 'Content-Type: */*' \
  --data '{
  "content": "1.1.1.1",
  "description": "Suspicious IP address observed in network traffic",
  "enrichment_data": "{\"VirusTotal-Score\":\"value\"}",
  "name": "Suspicious IP Address",
  "type": "IP Address",
  "verdict": "Suspicious"
}'

{
  "content": "1.1.1.1",
  "description": "Suspicious IP address observed in network traffic",
  "enrichment_data": "{\"VirusTotal-Score\":\"value\"}",
  "name": "Suspicious IP Address",
  "type": "IP Address",
  "verdict": "Suspicious"
}

Get Started

API

Connections

Workflows

Case Management

Users

Groups

Executions

Workspaces

Authorizations

Path Parameters

Body

Response