Here is what I'm trying:
curl -k -u user:password -H 'Content-Type: application/json' -XPOST https://xxx/api/connector/cortex/action -d '{"cortexId": "Cortex", "objectId": "~1188056", "objectType": "case_artifact", "responderId": "MSDefender-IsolateMachine_1_0"}'
And this is the response:
{"responderId":"MSDefender-IsolateMachine_1_0","responderName":"-","responderDefinition":"-","cortexId":"Cortex","cortexJobId":"-","objectType":"Observable","objectId":"~1188056","status":"Waiting","startDate":1695041124055,"endDate":1695041124055,"operations":"[]","report":"{}"}
Within Cortex I don't see anything in the Jobs History and if I check out the observable within TheHive I can find this Responder Report:
play.api.libs.json.JsResultException: JsResultException(errors:List((,List(JsonValidationError(List('id' is undefined on json object, available keys are type, message),List())))))
Do I have to use something different as the responderId and how can I find that ID?
Request Type
Question
Work Environment
Question
I would like to run a responder via the TheHive API but I can't get it working. When I run it via the GUI on an observable it works just fine.
I've check out the API documentation: https://docs.strangebee.com/thehive/api-docs/#operation/Create%20an%20action
Here is what I'm trying:
curl -k -u user:password -H 'Content-Type: application/json' -XPOST https://xxx/api/connector/cortex/action -d '{"cortexId": "Cortex", "objectId": "~1188056", "objectType": "case_artifact", "responderId": "MSDefender-IsolateMachine_1_0"}'
And this is the response:
{"responderId":"MSDefender-IsolateMachine_1_0","responderName":"-","responderDefinition":"-","cortexId":"Cortex","cortexJobId":"-","objectType":"Observable","objectId":"~1188056","status":"Waiting","startDate":1695041124055,"endDate":1695041124055,"operations":"[]","report":"{}"}
Within Cortex I don't see anything in the Jobs History and if I check out the observable within TheHive I can find this Responder Report:
play.api.libs.json.JsResultException: JsResultException(errors:List((,List(JsonValidationError(List('id' is undefined on json object, available keys are type, message),List())))))
Do I have to use something different as the responderId and how can I find that ID?