iris-web icon indicating copy to clipboard operation
iris-web copied to clipboard
verified publisher icon dfir-iris

Case Object IDs

Open migr19 opened this issue 1 year ago • 4 comments

Where do i find the id values for the available case objects like IOC Types - account, which i need when i add an alert via API. Fo example: ioc_type_id, ioc_tlp_id, asset_type_id, Thanks for help!

migr19 avatar Jul 25 '24 14:07 migr19

Anyone please able to answer?

migr19 avatar Jul 30 '24 19:07 migr19

You can request the API on the following endpoints :

  • GET /manage/ioc-types/list
  • GET /manage/tlp/list
  • GET /manage/asset-type/list

These endpoints are documented in the API documentation: https://docs.dfir-iris.org/latest/_static/iris_api_reference_v2.0.4.html. Although, /manage/tlp/list seems to be missing.

If you have a local instance up, connect in your browser as administrator and get one of the aforementioned url: https://127.0.0.1/manage/ioc-types/list. You could also request with curl as documented here: https://docs.dfir-iris.org/latest/operations/api/. But, the documentation seems not to be entirely up to date with respect to v2.4.11. The curl command will require an ssl certificate, as follows:

curl --cacert ./certificates/web_certificates/iris_dev_cert.pem --header 'Authorization: Bearer B8BA5D730210B50F41C06941582D7965D57319D5685440587F98DFDC45A01594' https://127.0.0.1/manage/ioc-types/list

But the certificate has expired. Ignoring certificate check will still work:

curl --insecure --header 'Authorization: Bearer B8BA5D730210B50F41C06941582D7965D57319D5685440587F98DFDC45A01594' https://127.0.0.1/manage/ioc-types/list

c8y3 avatar Aug 12 '24 08:08 c8y3

Thanks! Is there also a URL for Event Category Ids?

migr19 avatar Dec 06 '24 15:12 migr19

It should be GET /manage/event-categories/list. This endpoint also seems to be missing from the documentation.

c8y3 avatar Jan 15 '25 14:01 c8y3