Creating an Indicator

Function

Calling Method

For details, see Calling APIs.

URI

POST /v1/{project_id}/workspaces/{workspace_id}/soc/indicators

**Table 1** Path Parameters
Parameter	Mandatory	Type	Description
project_id	Yes	String	Project ID.
workspace_id	Yes	String	Workspace ID

Request Parameters

**Table 2** Request header parameters
Parameter	Mandatory	Type	Description
X-Auth-Token	Yes	String	Token of the tenant.
content-type	Yes	String	application/json;charset=UTF-8

**Table 3** Request body parameters
Parameter	Mandatory	Type	Description
data_object	Yes	CreateIndicatorDetail object	Indicator details.

**Table 4** CreateIndicatorDetail
Parameter	Mandatory	Type	Description
data_source	Yes	data_source object	Data source.
verdict	Yes	String	Threat Rating
confidence	No	Integer	Confidence level
status	No	String	Status
labels	No	String	Tag.
value	Yes	String	Value.
granular_marking	Yes	String	Confidentiality level. 1 -- First discovery; 2 -- Self-produced data; 3 -- Purchase required; and 4 -- Direct query from the external network.
environment	Yes	environment object	Environment Info
defanged	Yes	Boolean	Still valid?
first_report_time	Yes	String	First Occurred At
last_report_time	No	String	Last occurred.
id	No	String	Indicator ID.
indicator_type	Yes	indicator_type object	Indicator type statistics.
name	Yes	String	Indicator name.
dataclass_id	No	String	Data class ID.
workspace_id	Yes	String	workspace id
project_id	No	String	Project id value
dataclass	No	DataClassRefPojo object	Data class object information.
create_time	No	String	Create time
update_time	No	String	Update time

**Table 5** data_source
Parameter	Mandatory	Type	Description
source_type	Yes	Integer	current page count
domain_id	Yes	String	Id value
project_id	Yes	String	Id value
region_id	Yes	String	Id value
product_name	Yes	String	Id value
product_feature	Yes	String	Id value

**Table 6** environment
Parameter	Mandatory	Type	Description
vendor_type	Yes	String	Environment suppliers
domain_id	Yes	String	Tenant ID.
region_id	Yes	String	Region ID
project_id	Yes	String	Project ID.

**Table 7** indicator_type
Parameter	Mandatory	Type	Description
indicator_type	Yes	String	Metric Type
id	Yes	String	Indicator type ID.

**Table 8** DataClassRefPojo
Parameter	Mandatory	Type	Description
id	Yes	String	Data class ID.
name	No	String	Data class name.

Response Parameters

Status code: 200

**Table 9** Response header parameters
Parameter	Type	Description
X-request-id	String	Request ID, in the format request_uuid-timestamp-hostname.

**Table 10** Response body parameters
Parameter	Type	Description
code	String	Error code
message	String	Error Message
data	IndicatorDetail object	Indicator details.

**Table 11** IndicatorDetail
Parameter	Type	Description
id	String	Indicator ID.
name	String	Indicator name.
data_object	IndicatorDataObjectDetail object	Indicator details
workspace_id	String	Workspace ID
project_id	String	Project ID.
dataclass_ref	DataClassRefPojo object	Data class object information.
create_time	String	Creation time.
update_time	String	Update time.

**Table 12** IndicatorDataObjectDetail
Parameter	Type	Description
indicator_type	indicator_type object	Indicator type object.
value	String	Value, for example, ip url domain.
update_time	String	Update time.
create_time	String	Creation time.
environment	environment object	Environment Info
data_source	data_source object	Data source.
first_report_time	String	First Occurred At
is_deleted	Boolean	Delete
last_report_time	String	Last occurred.
granular_marking	Integer	Confidentiality level. 1 -- First discovery; 2 -- Self-produced data; 3 -- Purchase required; and 4 -- Direct query from the external network.
name	String	Name.
id	String	Indicator ID.
project_id	String	Project ID.
revoked	Boolean	Whether to discard.
status	String	Status. The options are Open, Closed, and Revoked.
verdict	String	Threat degree. The options are Black, White, and Gray.
workspace_id	String	Workspace ID
confidence	Integer	Confidence. The value range is 80 to 100.

**Table 13** indicator_type
Parameter	Type	Description
indicator_type	String	Indicator type.
id	String	Indicator type ID.

**Table 14** environment
Parameter	Type	Description
vendor_type	String	Environment suppliers
domain_id	String	Tenant ID.
region_id	String	Region ID
project_id	String	Project ID.

**Table 15** data_source
Parameter	Type	Description
source_type	Integer	Data source type. The options are as follows-- 1- cloud product 2- Third-party product 3- Tenant product
domain_id	String	Tenant ID.
project_id	String	Project ID.
region_id	String	Region ID

**Table 16** DataClassRefPojo
Parameter	Type	Description
id	String	Data class ID.
name	String	Data class name.

Status code: 400

**Table 17** Response header parameters
Parameter	Type	Description
X-request-id	String	Request ID, in the format request_uuid-timestamp-hostname.

**Table 18** Response body parameters
Parameter	Type	Description
code	String	Error Code
message	String	Error Description

Example Requests

Create an indicator. The indicator name is Indicator Name, indicator version is 1, indicator type is DATA_SOURCE, and Trigger Flag is NO.

{
  "data_object" : {
    "data_source" : {
      "source_type" : 3,
      "domain_id" : "909494e3-558e-46b6-a9eb-07a8e18ca62f",
      "project_id" : "909494e3-558e-46b6-a9eb-07a8e18ca62f",
      "region_id" : "909494e3-558e-46b6-a9eb-07a8e18ca62f",
      "product_name" : "test",
      "product_feature" : "test"
    },
    "verdict" : "BLACK",
    "confidence" : 4,
    "status" : "OPEN",
    "labels" : "OPEN",
    "value" : "{}",
    "granular_marking" : "1",
    "environment" : {
      "vendor_type" : "MyXXX",
      "domain_id" : "909494e3-558e-46b6-a9eb-07a8e18ca62f",
      "region_id" : "909494e3-558e-46b6-a9eb-07a8e18ca62f",
      "project_id" : "909494e3-558e-46b6-a9eb-07a8e18ca62f"
    },
    "defanged" : false,
    "first_report_time" : "2021-01-30T23:00:00Z+0800",
    "last_report_time" : "2021-01-30T23:00:00Z+0800",
    "id" : "28f61af50fc9452aa0ed5ea25c3cc3d3",
    "indicator_type" : { },
    "name" : "Indicator name.",
    "dataclass_id" : "28f61af50fc9452aa0ed5ea25c3cc3d3",
    "workspace_id" : "909494e3-558e-46b6-a9eb-07a8e18ca620",
    "project_id" : "909494e3-558e-46b6-a9eb-07a8e18ca62f",
    "dataclass" : {
      "id" : "28f61af50fc9452aa0ed5ea25c3cc3d3",
      "name" : "Name."
    },
    "create_time" : "2021-01-30T23:00:00Z+0800",
    "update_time" : "2021-01-30T23:00:00Z+0800"
  }
}

Example Responses

Status code: 200

Response when the request is successful.

{
  "code" : 0,
  "message" : "Error message",
  "data" : {
    "id" : "28f61af50fc9452aa0ed5ea25c3cc3d3",
    "name" : "Indicator name.",
    "data_object" : {
      "indicator_type" : {
        "indicator_type" : "ipv6",
        "id" : "ac794b2dfab9fe8c0676587301a636d3"
      },
      "value" : "ip",
      "data_source" : {
        "domain_id" : "ac7438b990ef4a37b741004eb45e8bf4",
        "project_id" : "5b8bb3c888db498f9eeaf1023f7ba597",
        "region_id" : "cn-xxx-7",
        "source_type" : 1
      },
      "workspace_id" : "909494e3-558e-46b6-a9eb-07a8e18ca620",
      "project_id" : "909494e3-558e-46b6-a9eb-07a8e18ca62f",
      "granular_marking" : 1,
      "first_report_time" : "2023-07-04T16:47:01Z+0800",
      "status" : "Open"
    },
    "dataclass_ref" : {
      "id" : "28f61af50fc9452aa0ed5ea25c3cc3d3",
      "name" : "Name."
    },
    "create_time" : "2021-01-30T23:00:00Z+0800",
    "update_time" : "2021-01-30T23:00:00Z+0800"
  }
}

Status Codes

Status Code	Description
200	Response when the request is successful.
400	Response when the request failed.

Error Codes

See Error Codes.

Parent Topic: Indicator Management

Previous topic: Query the intelligence indicator list

Next topic: Deleting an Indicator

Feedback

Was this page helpful?

Helpful Not helpful

Provide feedback

Thank you very much for your feedback. We will continue working to improve the documentation.

The system is busy. Please try again later.