Help Center/ SecMaster/ API Reference/ API/ Indicator Management/ Creating an Indicator
Updated on 2025-03-20 GMT+08:00
View PDF

Creating an Indicator

Function

Creating an Indicator

Calling Method

For details, see Calling APIs.

URI

POST /v1/{project_id}/workspaces/{workspace_id}/soc/indicators

Table 1 Path Parameters

Parameter

Mandatory

Type

Description

project_id

Yes

String

Project ID.

workspace_id

Yes

String

Workspace ID

Request Parameters

Table 2 Request header parameters

Parameter

Mandatory

Type

Description

X-Auth-Token

Yes

String

Token of the tenant.

content-type

Yes

String

application/json;charset=UTF-8
Table 3 Request body parameters

Parameter

Mandatory

Type

Description

data_object

Yes

CreateIndicatorDetail object

Indicator details.
Table 4 CreateIndicatorDetail

Parameter

Mandatory

Type

Description

data_source

Yes

data_source object

Data source.

verdict

Yes

String

Threat Rating

confidence

No

Integer

Confidence level

status

No

String

Status

labels

No

String

Tag.

value

Yes

String

Value.

granular_marking

Yes

String

Confidentiality level. 1 -- First discovery; 2 -- Self-produced data; 3 -- Purchase required; and 4 -- Direct query from the external network.

environment

Yes

environment object

Environment Info

defanged

Yes

Boolean

Still valid?

first_report_time

Yes

String

First Occurred At

last_report_time

No

String

Last occurred.

id

No

String

Indicator ID.

indicator_type

Yes

indicator_type object

Indicator type statistics.

name

Yes

String

Indicator name.

dataclass_id

No

String

Data class ID.

workspace_id

Yes

String

workspace id

project_id

No

String

Project id value

dataclass

No

DataClassRefPojo object

Data class object information.

create_time

No

String

Create time

update_time

No

String

Update time
Table 5 data_source

Parameter

Mandatory

Type

Description

source_type

Yes

Integer

current page count

domain_id

Yes

String

Id value

project_id

Yes

String

Id value

region_id

Yes

String

Id value

product_name

Yes

String

Id value

product_feature

Yes

String

Id value
Table 6 environment

Parameter

Mandatory

Type

Description

vendor_type

Yes

String

Environment suppliers

domain_id

Yes

String

Tenant ID.

region_id

Yes

String

Region ID

project_id

Yes

String

Project ID.
Table 7 indicator_type

Parameter

Mandatory

Type

Description

indicator_type

Yes

String

Metric Type

id

Yes

String

Indicator type ID.
Table 8 DataClassRefPojo

Parameter

Mandatory

Type

Description

id

Yes

String

Data class ID.

name

No

String

Data class name.

Response Parameters

Status code: 200

Table 9 Response header parameters

Parameter

Type

Description

X-request-id

String

Request ID, in the format request_uuid-timestamp-hostname.
Table 10 Response body parameters

Parameter

Type

Description

code

String

Error code

message

String

Error Message

data

IndicatorDetail object

Indicator details.
Table 11 IndicatorDetail

Parameter

Type

Description

id

String

Indicator ID.

name

String

Indicator name.

data_object

IndicatorDataObjectDetail object

Indicator details

workspace_id

String

Workspace ID

project_id

String

Project ID.

dataclass_ref

DataClassRefPojo object

Data class object information.

create_time

String

Creation time.

update_time

String

Update time.
Table 12 IndicatorDataObjectDetail

Parameter

Type

Description

indicator_type

indicator_type object

Indicator type object.

value

String

Value, for example, ip url domain.

update_time

String

Update time.

create_time

String

Creation time.

environment

environment object

Environment Info

data_source

data_source object

Data source.

first_report_time

String

First Occurred At

is_deleted

Boolean

Delete

last_report_time

String

Last occurred.

granular_marking

Integer

Confidentiality level. 1 -- First discovery; 2 -- Self-produced data; 3 -- Purchase required; and 4 -- Direct query from the external network.

name

String

Name.

id

String

Indicator ID.

project_id

String

Project ID.

revoked

Boolean

Whether to discard.

status

String

Status. The options are Open, Closed, and Revoked.

verdict

String

Threat degree. The options are Black, White, and Gray.

workspace_id

String

Workspace ID

confidence

Integer

Confidence. The value range is 80 to 100.
Table 13 indicator_type

Parameter

Type

Description

indicator_type

String

Indicator type.

id

String

Indicator type ID.
Table 14 environment

Parameter

Type

Description

vendor_type

String

Environment suppliers

domain_id

String

Tenant ID.

region_id

String

Region ID

project_id

String

Project ID.
Table 15 data_source

Parameter

Type

Description

source_type

Integer

Data source type. The options are as follows-- 1- cloud product 2- Third-party product 3- Tenant product

domain_id

String

Tenant ID.

project_id

String

Project ID.

region_id

String

Region ID
Table 16 DataClassRefPojo

Parameter

Type

Description

id

String

Data class ID.

name

String

Data class name.

Status code: 400

Table 17 Response header parameters

Parameter

Type

Description

X-request-id

String

Request ID, in the format request_uuid-timestamp-hostname.
Table 18 Response body parameters

Parameter

Type

Description

code

String

Error Code

message

String

Error Description

Example Requests

Create an indicator. The indicator name is Indicator Name, indicator version is 1, indicator type is DATA_SOURCE, and Trigger Flag is NO.

{
  "data_object" : {
    "data_source" : {
      "source_type" : 3,
      "domain_id" : "909494e3-558e-46b6-a9eb-07a8e18ca62f",
      "project_id" : "909494e3-558e-46b6-a9eb-07a8e18ca62f",
      "region_id" : "909494e3-558e-46b6-a9eb-07a8e18ca62f",
      "product_name" : "test",
      "product_feature" : "test"
    },
    "verdict" : "BLACK",
    "confidence" : 4,
    "status" : "OPEN",
    "labels" : "OPEN",
    "value" : "{}",
    "granular_marking" : "1",
    "environment" : {
      "vendor_type" : "MyXXX",
      "domain_id" : "909494e3-558e-46b6-a9eb-07a8e18ca62f",
      "region_id" : "909494e3-558e-46b6-a9eb-07a8e18ca62f",
      "project_id" : "909494e3-558e-46b6-a9eb-07a8e18ca62f"
    },
    "defanged" : false,
    "first_report_time" : "2021-01-30T23:00:00Z+0800",
    "last_report_time" : "2021-01-30T23:00:00Z+0800",
    "id" : "28f61af50fc9452aa0ed5ea25c3cc3d3",
    "indicator_type" : { },
    "name" : "Indicator name.",
    "dataclass_id" : "28f61af50fc9452aa0ed5ea25c3cc3d3",
    "workspace_id" : "909494e3-558e-46b6-a9eb-07a8e18ca620",
    "project_id" : "909494e3-558e-46b6-a9eb-07a8e18ca62f",
    "dataclass" : {
      "id" : "28f61af50fc9452aa0ed5ea25c3cc3d3",
      "name" : "Name."
    },
    "create_time" : "2021-01-30T23:00:00Z+0800",
    "update_time" : "2021-01-30T23:00:00Z+0800"
  }
}

Example Responses

Status code: 200

Response when the request is successful.

{
  "code" : 0,
  "message" : "Error message",
  "data" : {
    "id" : "28f61af50fc9452aa0ed5ea25c3cc3d3",
    "name" : "Indicator name.",
    "data_object" : {
      "indicator_type" : {
        "indicator_type" : "ipv6",
        "id" : "ac794b2dfab9fe8c0676587301a636d3"
      },
      "value" : "ip",
      "data_source" : {
        "domain_id" : "ac7438b990ef4a37b741004eb45e8bf4",
        "project_id" : "5b8bb3c888db498f9eeaf1023f7ba597",
        "region_id" : "cn-xxx-7",
        "source_type" : 1
      },
      "workspace_id" : "909494e3-558e-46b6-a9eb-07a8e18ca620",
      "project_id" : "909494e3-558e-46b6-a9eb-07a8e18ca62f",
      "granular_marking" : 1,
      "first_report_time" : "2023-07-04T16:47:01Z+0800",
      "status" : "Open"
    },
    "dataclass_ref" : {
      "id" : "28f61af50fc9452aa0ed5ea25c3cc3d3",
      "name" : "Name."
    },
    "create_time" : "2021-01-30T23:00:00Z+0800",
    "update_time" : "2021-01-30T23:00:00Z+0800"
  }
}

Status Codes

Status Code

Description

200

Response when the request is successful.

400

Response when the request failed.

Error Codes

See Error Codes.

Parent Topic: Indicator Management