Create an Observable
POST/workspace/:ws_id/case_management/table/observables
Adds a new Observable record.
Request
Path Parameters
Workspace ID
- application/json
Body
required
Observable Data
Possible values: [Unknown, Hostname, IP Address, MAC Address, User Name, Email Address, URL String, File Name, Hash, Process Name, Resource UID, Port, Subnet, Command Line, Country, Process ID, HTTP User-Agent, CWE Object: uid, CVE Object: uid, User Credential ID, Endpoint, User, Email, Uniform Resource Locator, File, Process, Geo Location, Container, Registry Key, Registry Value, Fingerprint, Other]
Possible values: [Unknown, Benign, Suspicious, Malicious]
Responses
- 200
- 400
OK
- */*
- Schema
- Example (from schema)
Schema
Possible values: [Unknown, Hostname, IP Address, MAC Address, User Name, Email Address, URL String, File Name, Hash, Process Name, Resource UID, Port, Subnet, Command Line, Country, Process ID, HTTP User-Agent, CWE Object: uid, CVE Object: uid, User Credential ID, Endpoint, User, Email, Uniform Resource Locator, File, Process, Geo Location, Container, Registry Key, Registry Value, Fingerprint, Other]
Possible values: [Unknown, Benign, Suspicious, Malicious]
{
"content": "1.1.1.1",
"description": "Suspicious IP address observed in network traffic",
"enrichment_data": "{\"VirusTotal-Score\":\"value\"}",
"name": "Suspicious IP Address",
"type": "IP Address",
"verdict": "Suspicious"
}
Failed to create record
- */*
- Schema
- Example (from schema)
Schema
{
"data": {},
"details": "string",
"identifier": "string",
"message": "string",
"status": 404,
"user_error": {}
}