BundleImportBundleCoasOpenC2Coa - Cisco XDR APIs

{"type":"model","meta":{"id":"/apps/pubhub/media/cisco-xdr-api-docs/f4e065ff5977829c89df289df08411f83205f526/d7d3e58b-2412-342e-a80a-991bae0c0b01","info":{"title":"PrivateIntel Service","description":"A proxy to private-intel CTIA with various IROH hooks","contact":{"name":"Cisco Security Business Group -- Advanced Threat","email":"cisco-intel-api-support@cisco.com"},"license":{"name":"All Rights Reserved","url":"https://www.cisco.com"},"version":"1.0.107"},"security":[{"oAuth2":["integration:read","private-intel:read","profile:read","inspect:read","users:read","invite:read","enrich:read","oauth:read","response:read","global-intel:read","ao:read","playbook:read"]}],"tags":[{"name":"Private Intel","description":"Access private-intel"}],"x-parser-conf":{"serverConfig":"select","overview":{"markdownPath":"reference/incident-management/overview.md","uri":"incident-management-api-guide"},"disableAuthEditing":true,"exampleAsDefault":true,"oAuth2":{"clientId":"client-546e34fc-c6bf-4951-ac69-f6d7987a7814","clientSecret":"MYw4_E_tBdFwUwrX6WFYKVD5LQrG2k7XrJ5J046wWE0s1gAKCxJ8VA","proxyEnabled":false},"meta":{"useProxy":true}},"openapi":"3.0.1","servers":[{"url":"https://visibility.amp.cisco.com"}],"securitySchemes":{"oAuth2":{"type":"oauth2","flows":{"clientCredentials":{"tokenUrl":"https://visibility.amp.cisco.com/iroh/oauth2/token","scopes":{"telemetry":"Collect application data for analytics","integration:read":"Manage your modules","private-intel:read":"Access Private Intelligence","admin":"Provide admin privileges","cognitive":"Cognitive Integration","profile:read":"Get your profile information","inspect:read":"Extract Observables and data from text","asset":"Access and modify your assets","event":"Read IROH Events","feedback":"Submit Customer Feedback","sse":"SSE Integration. Manage your Devices.","registry":"Manage registry entries","users:read":"Manage users of your organization","investigation":"Perform threat analysis investigation","invite:read":"Invite users into your organization","casebook":"Access and modify your casebooks","playbook":"Access and modify your playbooks","orbital":"Orbital Integration.","enrich:read":"Query your configured modules for threat intelligence","oauth:read":"Manage OAuth2 Clients","vault":"Grants access to Module Vaults","response:read":"List and execute response actions using configured modules","notification":"Receive notifications from integrations","global-intel:read":"Access AMP Global Intelligence","webhook":"Manage your Webhooks","ao:read":"AO Integration."}}}}}},"spec":{"type":"object","properties":{"type":{"type":"string","example":"structured_coa","enum":["structured_coa"]},"id":{"type":"string","description":"String with at most 1024 characters.","example":"string"},"action":{"type":"object","properties":{"type":{"type":"string","example":"alert","enum":["stop","save","delete","remediate","redirect","alert","query","augment","snapshot","update","allow","scan","investigate","modify","sync","start","pause","deny","substitute","distill","move","restart","other","detonate","response","set","notify","report","restore","get","throttle","mitigate","resume","locate","contain"]}},"additionalProperties":false,"example":{"type":"alert"},"$$ref":"#/components/schemas/BundleImportBundleCoasOpenC2CoaAction"},"target":{"type":"object","properties":{"type":{"type":"string","example":"amp_computer_guid"},"specifiers":{"type":"string","description":"Observable types that can be acted upon.","example":"string"}},"additionalProperties":false,"example":{"type":"amp_computer_guid","specifiers":"string"},"$$ref":"#/components/schemas/BundleImportBundleCoasOpenC2CoaTarget"},"actuator":{"type":"object","properties":{"type":{"type":"string","example":"endpoint","enum":["endpoint.sensor","process.network-scanner","network.switch","network.security_manager","process.vulnerability-scanner","network.hub","network.ids","network.firewall","process","network.sense_making","process.sandbox","network.modem","process.email-service","process.dns-server","network.vpn","process.connection-scanner","network.nic","endpoint.printer","network.gateway","process.reputation-service","process.remediation-service","network","process.virtualization-service","network.ips","endpoint.smart-meter","endpoint.digital-telephone-handset","endpoint.workstation","endpoint.server","network.wap","endpoint.laptop","process.aaa-server","process.directory-service","endpoint.pos-terminal","network.bridge","other","process.file-scanner","network.proxy","endpoint","process.location-service","network.sensor","endpoint.smart-phone","network.hips","process.anti-virus-scanner","endpoint.tablet","network.guard","network.router"]},"specifiers":{"type":"array","description":"List of additional properties describing the actuator.","example":["string"],"items":{"type":"string"}}},"additionalProperties":false,"example":{"type":"endpoint","specifiers":["string"]},"$$ref":"#/components/schemas/BundleImportBundleCoasOpenC2CoaActuator"},"modifiers":{"type":"object","properties":{"response":{"type":"string","example":"acknowledge","enum":["query","status","acknowledge","command-ref"]},"method":{"type":"array","example":["acl"],"items":{"type":"string","enum":["blackhole","unauthenticated","suspend","graceful","hibernate","whitelist","honeypot","immediate","spawn","blacklist","acl","segmentation","authenticated"]}},"additional_properties":{"type":"object","properties":{"context":{"type":"string","description":"String with at most 1024 characters.","example":"string"}},"additionalProperties":false,"example":{"context":"string"},"$$ref":"#/components/schemas/BundleImportBundleCoasOpenC2CoaModifiersAdditionalProperties"},"time":{"type":"object","properties":{"start_time":{"type":"string","description":"If not present, the valid time position of the indicator does not have an upper bound.","format":"date-time","example":"2016-01-01T01:01:01Z"},"end_time":{"type":"string","description":"If end_time is not present, then the valid time position of the object does not have an upper bound.","format":"date-time","example":"2016-01-01T01:01:01Z"}},"additionalProperties":false,"description":"Period of time when a cyber observation is valid.","example":{"start_time":"2016-01-01T01:01:01.000Z","end_time":"2016-01-01T01:01:01.000Z"},"$$ref":"#/components/schemas/ValidTime"},"frequency":{"type":"string","description":"String with at most 1024 characters.","example":"string"},"duration":{"type":"string","description":"Schema definition for all date or timestamp values. Serialized as a string, the field should follow the rules of the [ISO8601](https://en.wikipedia.org/wiki/ISO_8601) standard.","format":"date-time","example":"2016-01-01T01:01:01Z"},"source":{"type":"string","description":"String with at most 1024 characters.","example":"string"},"search":{"type":"string","example":"cve","enum":["vendor_bulletin","patch","signature","cve"]},"option":{"type":"string","description":"String with at most 1024 characters.","example":"string"},"id":{"type":"string","description":"String with at most 1024 characters.","example":"string"},"location":{"type":"string","example":"internal","enum":["internal","perimeter"]},"delay":{"type":"string","description":"Schema definition for all date or timestamp values. Serialized as a string, the field should follow the rules of the [ISO8601](https://en.wikipedia.org/wiki/ISO_8601) standard.","format":"date-time","example":"2016-01-01T01:01:01Z"},"destination":{"type":"string","example":"copy-to","enum":["modify-to","set-to","copy-to","move-to","save-to","restore-point","report-to"]}},"additionalProperties":false,"example":{"response":"acknowledge","method":["acl"],"additional_properties":{"context":"string"},"time":{"start_time":"2016-01-01T01:01:01.000Z","end_time":"2016-01-01T01:01:01.000Z"},"frequency":"string","duration":"2016-01-01T01:01:01.000Z","source":"string","search":"cve","option":"string","id":"string","location":"internal","delay":"2016-01-01T01:01:01.000Z","destination":"copy-to"},"$$ref":"#/components/schemas/ModifierType"}},"additionalProperties":false,"example":{"type":"structured_coa","id":"string","action":{"type":"alert"},"target":{"type":"amp_computer_guid","specifiers":"string"},"actuator":{"type":"endpoint","specifiers":["string"]},"modifiers":{"response":"acknowledge","method":["acl"],"additional_properties":{"context":"string"},"time":{"start_time":"2016-01-01T01:01:01.000Z","end_time":"2016-01-01T01:01:01.000Z"},"frequency":"string","duration":"2016-01-01T01:01:01.000Z","source":"string","search":"cve","option":"string","id":"string","location":"internal","delay":"2016-01-01T01:01:01.000Z","destination":"copy-to"}},"$$ref":"#/components/schemas/BundleImportBundleCoasOpenC2Coa","title":"BundleImportBundleCoasOpenC2Coa"}}