文档首页/ 安全云脑 SecMaster/ API参考/ API/ 威胁情报管理/ 创建威胁情报
更新时间:2024-12-13 GMT+08:00
在线调试
CLI示例
查看PDF
分享

创建威胁情报

功能介绍

创建威胁情报

调用方法

请参见如何调用API

URI

POST /v1/{project_id}/workspaces/{workspace_id}/soc/indicators

表1 路径参数

参数

是否必选

参数类型

描述

project_id

String

项目ID

workspace_id

String

工作空间ID

请求参数

表2 请求Header参数

参数

是否必选

参数类型

描述

X-Auth-Token

String

租户的Token

content-type

String

application/json;charset=UTF-8
表3 请求Body参数

参数

是否必选

参数类型

描述

data_object

CreateIndicatorDetail object

情报详情信息
表4 CreateIndicatorDetail

参数

是否必选

参数类型

描述

data_source

data_source object

数据源信息

verdict

String

威胁度

confidence

Integer

置信度

status

String

状态

labels

String

标签

value

String

granular_marking

String

粒度(保密等级),由高到低:1(首次发现)、2(自产数据)、3(需购买)、4(外网直接查询)

environment

environment object

环境信息

defanged

Boolean

是否失效

first_report_time

String

首次发生时间

last_report_time

String

最近发生时间

id

String

威胁情报ID

indicator_type

indicator_type object

威胁情报类型

name

String

威胁情报名称

dataclass_id

String

数据类ID

workspace_id

String

workspace id

project_id

String

Project id value

dataclass

DataClassRefPojo object

数据类对象信息

create_time

String

Create time

update_time

String

Update time
表5 data_source

参数

是否必选

参数类型

描述

source_type

Integer

current page count

domain_id

String

Id value

project_id

String

Id value

region_id

String

Id value

product_name

String

Id value

product_feature

String

Id value
表6 environment

参数

是否必选

参数类型

描述

vendor_type

String

环境供应商

domain_id

String

租户ID

region_id

String

区域ID

project_id

String

项目ID
表7 indicator_type

参数

是否必选

参数类型

描述

indicator_type

String

威胁情报类型

id

String

情报类型ID
表8 DataClassRefPojo

参数

是否必选

参数类型

描述

id

String

数据类ID

name

String

数据类名称

响应参数

状态码: 200

表9 响应Header参数

参数

参数类型

描述

X-request-id

String

请求ID,格式为:request_uuid-timestamp-hostname
表10 响应Body参数

参数

参数类型

描述

code

String

错误码

message

String

错误信息

data

IndicatorDetail object

情报详情信息
表11 IndicatorDetail

参数

参数类型

描述

id

String

威胁情报ID

name

String

威胁情报名称

data_object

IndicatorDataObjectDetail object

情报详情

workspace_id

String

工作空间ID

project_id

String

项目ID

dataclass_ref

DataClassRefPojo object

数据类对象信息

create_time

String

创建时间

update_time

String

更新时间
表12 IndicatorDataObjectDetail

参数

参数类型

描述

indicator_type

indicator_type object

情报类型对象

value

String

值,如:ip url domain等

update_time

String

更新时间

create_time

String

创建时间

environment

environment object

环境信息

data_source

data_source object

数据源信息

first_report_time

String

首次发生时间

is_deleted

Boolean

是否删除

last_report_time

String

最近发生时间

granular_marking

Integer

粒度(保密等级),由高到低:1(首次发现)、2(自产数据)、3(需购买)、4(外网直接查询)

name

String

名称

id

String

威胁情报ID

project_id

String

项目ID

revoked

Boolean

是否作废

status

String

状态, Open--打开,Closed--关闭, Revoked--作废

verdict

String

威胁度, Black--黑,White--白,Gray--灰

workspace_id

String

工作空间ID

confidence

Integer

置信度,取值范围是80-100
表13 indicator_type

参数

参数类型

描述

indicator_type

String

情报类型

id

String

情报类型ID
表14 environment

参数

参数类型

描述

vendor_type

String

环境供应商

domain_id

String

租户ID

region_id

String

区域ID

project_id

String

项目ID
表15 data_source

参数

参数类型

描述

source_type

Integer

数据源类型,取值范围如下:1 - 云上产品 2 - 第三方产品 3 - 租户私有产品

domain_id

String

租户ID

project_id

String

项目ID

region_id

String

区域ID
表16 DataClassRefPojo

参数

参数类型

描述

id

String

数据类ID

name

String

数据类名称

状态码: 400

表17 响应Header参数

参数

参数类型

描述

X-request-id

String

请求ID,格式为:request_uuid-timestamp-hostname
表18 响应Body参数

参数

参数类型

描述

code

String

错误码

message

String

错误描述

请求示例

创建一条威胁情报,威胁情报名称为“威胁情报名称”,威胁情报版本为1,威胁情报类型为DATA_SOURCE,触发标志为否。

{
  "data_object" : {
    "data_source" : {
      "source_type" : 3,
      "domain_id" : "909494e3-558e-46b6-a9eb-07a8e18ca62f",
      "project_id" : "909494e3-558e-46b6-a9eb-07a8e18ca62f",
      "region_id" : "909494e3-558e-46b6-a9eb-07a8e18ca62f",
      "product_name" : "test",
      "product_feature" : "test"
    },
    "verdict" : "BLACK",
    "confidence" : 4,
    "status" : "OPEN",
    "labels" : "OPEN",
    "value" : "123",
    "granular_marking" : "1",
    "environment" : {
      "vendor_type" : "MyXXX",
      "domain_id" : "909494e3-558e-46b6-a9eb-07a8e18ca62f",
      "region_id" : "909494e3-558e-46b6-a9eb-07a8e18ca62f",
      "project_id" : "909494e3-558e-46b6-a9eb-07a8e18ca62f"
    },
    "defanged" : false,
    "first_report_time" : "2021-01-30T23:00:00Z+0800",
    "last_report_time" : "2021-01-30T23:00:00Z+0800",
    "indicator_type" : {
      "id" : "909494e3-558e-xxxxxx-07a8e18ca6xxx",
      "indicator_type" : "ipv6"
    },
    "name" : "威胁情报名称",
    "dataclass_id" : "28f61af50fc9452aa0ed5ea25c3cc3d3",
    "workspace_id" : "909494e3-558e-46b6-a9eb-07a8e18ca620",
    "project_id" : "909494e3-558e-46b6-a9eb-07a8e18ca62f",
    "dataclass" : {
      "id" : "28f61af50fc9452aa0ed5ea25c3cc3d3",
      "name" : "名称"
    },
    "create_time" : "2021-01-30T23:00:00Z+0800",
    "update_time" : "2021-01-30T23:00:00Z+0800"
  }
}

响应示例

状态码: 200

请求成功响应信息

{
  "code" : 0,
  "message" : "Error message",
  "data" : {
    "id" : "28f61af50fc9452aa0ed5ea25c3cc3d3",
    "name" : "威胁情报名称",
    "data_object" : {
      "indicator_type" : {
        "indicator_type" : "ipv6",
        "id" : "ac794b2dfab9fe8c0676587301a636d3"
      },
      "value" : "ip",
      "data_source" : {
        "domain_id" : "ac7438b990ef4a37b741004eb45e8bf4",
        "project_id" : "5b8bb3c888db498f9eeaf1023f7ba597",
        "region_id" : "cn-xxx-7",
        "source_type" : 1
      },
      "workspace_id" : "909494e3-558e-46b6-a9eb-07a8e18ca620",
      "project_id" : "909494e3-558e-46b6-a9eb-07a8e18ca62f",
      "granular_marking" : 1,
      "first_report_time" : "2023-07-04T16:47:01Z+0800",
      "status" : "Open"
    },
    "dataclass_ref" : {
      "id" : "28f61af50fc9452aa0ed5ea25c3cc3d3",
      "name" : "名称"
    },
    "create_time" : "2021-01-30T23:00:00Z+0800",
    "update_time" : "2021-01-30T23:00:00Z+0800"
  }
}

SDK代码示例

SDK代码示例如下。

Java

创建一条威胁情报,威胁情报名称为“威胁情报名称”,威胁情报版本为1,威胁情报类型为DATA_SOURCE,触发标志为否。

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
 
package com.huaweicloud.sdk.test;

import com.huaweicloud.sdk.core.auth.ICredential;
import com.huaweicloud.sdk.core.auth.BasicCredentials;
import com.huaweicloud.sdk.core.exception.ConnectionException;
import com.huaweicloud.sdk.core.exception.RequestTimeoutException;
import com.huaweicloud.sdk.core.exception.ServiceResponseException;
import com.huaweicloud.sdk.secmaster.v2.region.SecMasterRegion;
import com.huaweicloud.sdk.secmaster.v2.*;
import com.huaweicloud.sdk.secmaster.v2.model.*;


public class CreateIndicatorSolution {

    public static void main(String[] args) {
        // The AK and SK used for authentication are hard-coded or stored in plaintext, which has great security risks. It is recommended that the AK and SK be stored in ciphertext in configuration files or environment variables and decrypted during use to ensure security.
        // In this example, AK and SK are stored in environment variables for authentication. Before running this example, set environment variables CLOUD_SDK_AK and CLOUD_SDK_SK in the local environment
        String ak = System.getenv("CLOUD_SDK_AK");
        String sk = System.getenv("CLOUD_SDK_SK");
        String projectId = "{project_id}";

        ICredential auth = new BasicCredentials()
                .withProjectId(projectId)
                .withAk(ak)
                .withSk(sk);

        SecMasterClient client = SecMasterClient.newBuilder()
                .withCredential(auth)
                .withRegion(SecMasterRegion.valueOf("<YOUR REGION>"))
                .build();
        CreateIndicatorRequest request = new CreateIndicatorRequest();
        request.withWorkspaceId("{workspace_id}");
        IndicatorCreateRequest body = new IndicatorCreateRequest();
        DataClassRefPojo dataclassDataObject = new DataClassRefPojo();
        dataclassDataObject.withId("28f61af50fc9452aa0ed5ea25c3cc3d3")
            .withName("名称");
        CreateIndicatorDetailIndicatorType indicatorTypeDataObject = new CreateIndicatorDetailIndicatorType();
        indicatorTypeDataObject.withIndicatorType("ipv6")
            .withId("909494e3-558e-xxxxxx-07a8e18ca6xxx");
        CreateIndicatorDetailEnvironment environmentDataObject = new CreateIndicatorDetailEnvironment();
        environmentDataObject.withVendorType("MyXXX")
            .withDomainId("909494e3-558e-46b6-a9eb-07a8e18ca62f")
            .withRegionId("909494e3-558e-46b6-a9eb-07a8e18ca62f")
            .withProjectId("909494e3-558e-46b6-a9eb-07a8e18ca62f");
        CreateIndicatorDetailDataSource dataSourceDataObject = new CreateIndicatorDetailDataSource();
        dataSourceDataObject.withSourceType(3)
            .withDomainId("909494e3-558e-46b6-a9eb-07a8e18ca62f")
            .withProjectId("909494e3-558e-46b6-a9eb-07a8e18ca62f")
            .withRegionId("909494e3-558e-46b6-a9eb-07a8e18ca62f")
            .withProductName("test")
            .withProductFeature("test");
        CreateIndicatorDetail dataObjectbody = new CreateIndicatorDetail();
        dataObjectbody.withDataSource(dataSourceDataObject)
            .withVerdict("BLACK")
            .withConfidence(4)
            .withStatus("OPEN")
            .withLabels("OPEN")
            .withValue("123")
            .withGranularMarking("1")
            .withEnvironment(environmentDataObject)
            .withDefanged(false)
            .withFirstReportTime("2021-01-30T23:00:00Z+0800")
            .withLastReportTime("2021-01-30T23:00:00Z+0800")
            .withIndicatorType(indicatorTypeDataObject)
            .withName("威胁情报名称")
            .withDataclassId("28f61af50fc9452aa0ed5ea25c3cc3d3")
            .withWorkspaceId("909494e3-558e-46b6-a9eb-07a8e18ca620")
            .withProjectId("909494e3-558e-46b6-a9eb-07a8e18ca62f")
            .withDataclass(dataclassDataObject)
            .withCreateTime("2021-01-30T23:00:00Z+0800")
            .withUpdateTime("2021-01-30T23:00:00Z+0800");
        body.withDataObject(dataObjectbody);
        request.withBody(body);
        try {
            CreateIndicatorResponse response = client.createIndicator(request);
            System.out.println(response.toString());
        } catch (ConnectionException e) {
            e.printStackTrace();
        } catch (RequestTimeoutException e) {
            e.printStackTrace();
        } catch (ServiceResponseException e) {
            e.printStackTrace();
            System.out.println(e.getHttpStatusCode());
            System.out.println(e.getRequestId());
            System.out.println(e.getErrorCode());
            System.out.println(e.getErrorMsg());
        }
    }
}

Python

创建一条威胁情报,威胁情报名称为“威胁情报名称”,威胁情报版本为1,威胁情报类型为DATA_SOURCE,触发标志为否。

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
 
# coding: utf-8

import os
from huaweicloudsdkcore.auth.credentials import BasicCredentials
from huaweicloudsdksecmaster.v2.region.secmaster_region import SecMasterRegion
from huaweicloudsdkcore.exceptions import exceptions
from huaweicloudsdksecmaster.v2 import *

if __name__ == "__main__":
    # The AK and SK used for authentication are hard-coded or stored in plaintext, which has great security risks. It is recommended that the AK and SK be stored in ciphertext in configuration files or environment variables and decrypted during use to ensure security.
    # In this example, AK and SK are stored in environment variables for authentication. Before running this example, set environment variables CLOUD_SDK_AK and CLOUD_SDK_SK in the local environment
    ak = os.environ["CLOUD_SDK_AK"]
    sk = os.environ["CLOUD_SDK_SK"]
    projectId = "{project_id}"

    credentials = BasicCredentials(ak, sk, projectId)

    client = SecMasterClient.new_builder() \
        .with_credentials(credentials) \
        .with_region(SecMasterRegion.value_of("<YOUR REGION>")) \
        .build()

    try:
        request = CreateIndicatorRequest()
        request.workspace_id = "{workspace_id}"
        dataclassDataObject = DataClassRefPojo(
            id="28f61af50fc9452aa0ed5ea25c3cc3d3",
            name="名称"
        )
        indicatorTypeDataObject = CreateIndicatorDetailIndicatorType(
            indicator_type="ipv6",
            id="909494e3-558e-xxxxxx-07a8e18ca6xxx"
        )
        environmentDataObject = CreateIndicatorDetailEnvironment(
            vendor_type="MyXXX",
            domain_id="909494e3-558e-46b6-a9eb-07a8e18ca62f",
            region_id="909494e3-558e-46b6-a9eb-07a8e18ca62f",
            project_id="909494e3-558e-46b6-a9eb-07a8e18ca62f"
        )
        dataSourceDataObject = CreateIndicatorDetailDataSource(
            source_type=3,
            domain_id="909494e3-558e-46b6-a9eb-07a8e18ca62f",
            project_id="909494e3-558e-46b6-a9eb-07a8e18ca62f",
            region_id="909494e3-558e-46b6-a9eb-07a8e18ca62f",
            product_name="test",
            product_feature="test"
        )
        dataObjectbody = CreateIndicatorDetail(
            data_source=dataSourceDataObject,
            verdict="BLACK",
            confidence=4,
            status="OPEN",
            labels="OPEN",
            value="123",
            granular_marking="1",
            environment=environmentDataObject,
            defanged=False,
            first_report_time="2021-01-30T23:00:00Z+0800",
            last_report_time="2021-01-30T23:00:00Z+0800",
            indicator_type=indicatorTypeDataObject,
            name="威胁情报名称",
            dataclass_id="28f61af50fc9452aa0ed5ea25c3cc3d3",
            workspace_id="909494e3-558e-46b6-a9eb-07a8e18ca620",
            project_id="909494e3-558e-46b6-a9eb-07a8e18ca62f",
            dataclass=dataclassDataObject,
            create_time="2021-01-30T23:00:00Z+0800",
            update_time="2021-01-30T23:00:00Z+0800"
        )
        request.body = IndicatorCreateRequest(
            data_object=dataObjectbody
        )
        response = client.create_indicator(request)
        print(response)
    except exceptions.ClientRequestException as e:
        print(e.status_code)
        print(e.request_id)
        print(e.error_code)
        print(e.error_msg)

Go

创建一条威胁情报,威胁情报名称为“威胁情报名称”,威胁情报版本为1,威胁情报类型为DATA_SOURCE,触发标志为否。

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
 
package main

import (
	"fmt"
	"github.com/huaweicloud/huaweicloud-sdk-go-v3/core/auth/basic"
    secmaster "github.com/huaweicloud/huaweicloud-sdk-go-v3/services/secmaster/v2"
	"github.com/huaweicloud/huaweicloud-sdk-go-v3/services/secmaster/v2/model"
    region "github.com/huaweicloud/huaweicloud-sdk-go-v3/services/secmaster/v2/region"
)

func main() {
    // The AK and SK used for authentication are hard-coded or stored in plaintext, which has great security risks. It is recommended that the AK and SK be stored in ciphertext in configuration files or environment variables and decrypted during use to ensure security.
    // In this example, AK and SK are stored in environment variables for authentication. Before running this example, set environment variables CLOUD_SDK_AK and CLOUD_SDK_SK in the local environment
    ak := os.Getenv("CLOUD_SDK_AK")
    sk := os.Getenv("CLOUD_SDK_SK")
    projectId := "{project_id}"

    auth := basic.NewCredentialsBuilder().
        WithAk(ak).
        WithSk(sk).
        WithProjectId(projectId).
        Build()

    client := secmaster.NewSecMasterClient(
        secmaster.SecMasterClientBuilder().
            WithRegion(region.ValueOf("<YOUR REGION>")).
            WithCredential(auth).
            Build())

    request := &model.CreateIndicatorRequest{}
	request.WorkspaceId = "{workspace_id}"
	nameDataclass:= "名称"
	dataclassDataObject := &model.DataClassRefPojo{
		Id: "28f61af50fc9452aa0ed5ea25c3cc3d3",
		Name: &nameDataclass,
	}
	indicatorTypeDataObject := &model.CreateIndicatorDetailIndicatorType{
		IndicatorType: "ipv6",
		Id: "909494e3-558e-xxxxxx-07a8e18ca6xxx",
	}
	environmentDataObject := &model.CreateIndicatorDetailEnvironment{
		VendorType: "MyXXX",
		DomainId: "909494e3-558e-46b6-a9eb-07a8e18ca62f",
		RegionId: "909494e3-558e-46b6-a9eb-07a8e18ca62f",
		ProjectId: "909494e3-558e-46b6-a9eb-07a8e18ca62f",
	}
	dataSourceDataObject := &model.CreateIndicatorDetailDataSource{
		SourceType: int32(3),
		DomainId: "909494e3-558e-46b6-a9eb-07a8e18ca62f",
		ProjectId: "909494e3-558e-46b6-a9eb-07a8e18ca62f",
		RegionId: "909494e3-558e-46b6-a9eb-07a8e18ca62f",
		ProductName: "test",
		ProductFeature: "test",
	}
	confidenceDataObject:= int32(4)
	statusDataObject:= "OPEN"
	labelsDataObject:= "OPEN"
	lastReportTimeDataObject:= "2021-01-30T23:00:00Z+0800"
	dataclassIdDataObject:= "28f61af50fc9452aa0ed5ea25c3cc3d3"
	projectIdDataObject:= "909494e3-558e-46b6-a9eb-07a8e18ca62f"
	createTimeDataObject:= "2021-01-30T23:00:00Z+0800"
	updateTimeDataObject:= "2021-01-30T23:00:00Z+0800"
	dataObjectbody := &model.CreateIndicatorDetail{
		DataSource: dataSourceDataObject,
		Verdict: "BLACK",
		Confidence: &confidenceDataObject,
		Status: &statusDataObject,
		Labels: &labelsDataObject,
		Value: "123",
		GranularMarking: "1",
		Environment: environmentDataObject,
		Defanged: false,
		FirstReportTime: "2021-01-30T23:00:00Z+0800",
		LastReportTime: &lastReportTimeDataObject,
		IndicatorType: indicatorTypeDataObject,
		Name: "威胁情报名称",
		DataclassId: &dataclassIdDataObject,
		WorkspaceId: "909494e3-558e-46b6-a9eb-07a8e18ca620",
		ProjectId: &projectIdDataObject,
		Dataclass: dataclassDataObject,
		CreateTime: &createTimeDataObject,
		UpdateTime: &updateTimeDataObject,
	}
	request.Body = &model.IndicatorCreateRequest{
		DataObject: dataObjectbody,
	}
	response, err := client.CreateIndicator(request)
	if err == nil {
        fmt.Printf("%+v\n", response)
    } else {
        fmt.Println(err)
    }
}

更多

更多编程语言的SDK代码示例,请参见API Explorer的代码示例页签,可生成自动对应的SDK代码示例。

状态码

状态码

描述

200

请求成功响应信息

400

请求失败响应信息

错误码

请参见错误码

父主题: 威胁情报管理