migr19
commented
1 month ago Anyone please able to answer?
Closed migr19 closed 3 weeks ago
migr19
commented
1 month ago Anyone please able to answer?
c8y3
commented
3 weeks ago You can request the API on the following endpoints :
These endpoints are documented in the API documentation: https://docs.dfir-iris.org/latest/_static/iris_api_reference_v2.0.4.html. Although, /manage/tlp/list seems to be missing.
If you have a local instance up, connect in your browser as administrator and get one of the aforementioned url: https://127.0.0.1/manage/ioc-types/list. You could also request with curl as documented here: https://docs.dfir-iris.org/latest/operations/api/. But, the documentation seems not to be entirely up to date with respect to v2.4.11. The curl command will require an ssl certificate, as follows:
curl --cacert ./certificates/web_certificates/iris_dev_cert.pem --header 'Authorization: Bearer B8BA5D730210B50F41C06941582D7965D57319D5685440587F98DFDC45A01594' https://127.0.0.1/manage/ioc-types/listBut the certificate has expired. Ignoring certificate check will still work:
curl --insecure --header 'Authorization: Bearer B8BA5D730210B50F41C06941582D7965D57319D5685440587F98DFDC45A01594' https://127.0.0.1/manage/ioc-types/list
Where do i find the id values for the available case objects like IOC Types - account, which i need when i add an alert via API. Fo example: ioc_type_id, ioc_tlp_id, asset_type_id, Thanks for help!