Configurations - Cisco XDR APIs

{"type":"model","meta":{"id":"/apps/pubhub/media/cisco-xdr-api-docs/f4e065ff5977829c89df289df08411f83205f526/0aedfab1-f4ca-36de-85d5-679dbd7db871","info":{"title":"IROH-INT Enrich","description":"IROH Integrations: configure and query Threat Response modules","contact":{"name":"Cisco Security Business Group -- Advanced Threat","email":"cisco-intel-api-support@cisco.com"},"license":{"name":"All Rights Reserved","url":"https://www.cisco.com"},"version":"1.0.107"},"security":[{"oAuth2":["integration:read","private-intel:read","profile:read","inspect:read","users:read","invite:read","enrich:read","oauth:read","response:read","global-intel:read","ao:read","playbook:read"]}],"tags":[{"name":"Health","description":"This set of routes allow to check the health of your integrations setup Verify if your modules are setup correctly and if your credentials are correct."},{"name":"Deliberate","description":"This set of routes allow to quickly get answers from your integrations You might use them at the start of any investigation to quickly get answers from your modules if something is bad."},{"name":"Observe","description":"This set of routes allow to get in depth investigation data about a threat You might use them at the start of any investigation to get the full picture and get to know if something has been seen in your environment."},{"name":"Refer","description":"This set of routes allow to get relevant Reference links and quickly pivot pursuing your investigation on a specific product interface. "}],"x-parser-conf":{"serverConfig":"select","overview":{"markdownPath":"reference/enrich/overview.md","uri":"enrich-api-guide"},"disableAuthEditing":true,"exampleAsDefault":true,"oAuth2":{"clientId":"client-546e34fc-c6bf-4951-ac69-f6d7987a7814","clientSecret":"MYw4_E_tBdFwUwrX6WFYKVD5LQrG2k7XrJ5J046wWE0s1gAKCxJ8VA","proxyEnabled":false},"meta":{"useProxy":true}},"openapi":"3.0.1","servers":[{"url":"https://visibility.amp.cisco.com"}],"securitySchemes":{"oAuth2":{"type":"oauth2","flows":{"clientCredentials":{"tokenUrl":"https://visibility.amp.cisco.com/iroh/oauth2/token","scopes":{"telemetry":"Collect application data for analytics","integration:read":"Manage your modules","private-intel:read":"Access Private Intelligence","admin":"Provide admin privileges","cognitive":"Cognitive Integration","profile:read":"Get your profile information","inspect:read":"Extract Observables and data from text","asset":"Access and modify your assets","event":"Read IROH Events","feedback":"Submit Customer Feedback","sse":"SSE Integration. Manage your Devices.","registry":"Manage registry entries","users:read":"Manage users of your organization","investigation":"Perform threat analysis investigation","invite:read":"Invite users into your organization","casebook":"Access and modify your casebooks","playbook":"Access and modify your playbooks","playbook:read":"Access and modify your playbooks","orbital":"Orbital Integration.","enrich:read":"Query your configured modules for threat intelligence","oauth:read":"Manage OAuth2 Clients","vault":"Grants access to Module Vaults","response:read":"List and execute response actions using configured modules","notification":"Receive notifications from integrations","global-intel:read":"Access AMP Global Intelligence","webhook":"Manage your Webhooks","ao:read":"AO Integration."}}}}}},"spec":{"required":["CVE_data_version","nodes"],"type":"object","properties":{"CVE_data_version":{"type":"string","description":"Specifies the version of the CVE (Common Vulnerabilities and Exposures) dictionary used by the vulnerability information provider.","example":"string"},"nodes":{"type":"array","description":"Each `node` in the CTIM standard configuration includes information such as the `operator` (such as \"less than\", or \"greater than or equal to\"), and the `cpe` (Common Platform Enumeration) string which identifies the specific software, `CPE` is a structured naming scheme for IT systems, platforms, and software packages, and it is instrumental in enabling data exchange between different systems.","example":[{"operator":"AND","cpe_match":[{"vulnerable":true,"cpe23Uri":"string","versionStartIncluding":"string","versionEndIncluding":"string","versionStartExcluding":"string","versionEndExcluding":"string"}],"children":[{"operator":"AND","cpe_match":[{"vulnerable":true,"cpe23Uri":"string","versionStartIncluding":"string","versionEndIncluding":"string","versionStartExcluding":"string","versionEndExcluding":"string"}],"negate":true}],"negate":true}],"items":{"required":["operator"],"type":"object","properties":{"operator":{"type":"string","description":"The operator string influences how seqs of cpe matches are related to one another.","example":"AND","enum":["AND","OR"]},"cpe_match":{"type":"array","example":[{"vulnerable":true,"cpe23Uri":"string","versionStartIncluding":"string","versionEndIncluding":"string","versionStartExcluding":"string","versionEndExcluding":"string"}],"items":{"required":["cpe23Uri","vulnerable"],"type":"object","properties":{"vulnerable":{"type":"boolean","example":true},"cpe23Uri":{"type":"string","description":"A text representation of a software or hardware platform.","example":"string"},"versionStartIncluding":{"type":"string","description":"A string representing the lower bound(inclusive) of version in the CPE.","example":"string"},"versionEndIncluding":{"type":"string","description":"A string representing the upper bound(inclusive) of version in the CPE.","example":"string"},"versionStartExcluding":{"type":"string","description":"A string representing the lower bound(exclusive) of version in the CPE.","example":"string"},"versionEndExcluding":{"type":"string","description":"A string representing the upper bound(exclusive) of version in the CPE.","example":"string"}},"additionalProperties":false,"example":{"vulnerable":true,"cpe23Uri":"string","versionStartIncluding":"string","versionEndIncluding":"string","versionStartExcluding":"string","versionEndExcluding":"string"},"$$ref":"#/components/schemas/CPEMatch"}},"children":{"type":"array","example":[{"operator":"AND","cpe_match":[{"vulnerable":true,"cpe23Uri":"string","versionStartIncluding":"string","versionEndIncluding":"string","versionStartExcluding":"string","versionEndExcluding":"string"}],"negate":true}],"items":{"required":["cpe_match","operator"],"type":"object","properties":{"operator":{"type":"string","description":"The operator string influences how seqs of cpe matches are related to one another.","example":"AND","enum":["AND","OR"]},"cpe_match":{"type":"array","example":[{"vulnerable":true,"cpe23Uri":"string","versionStartIncluding":"string","versionEndIncluding":"string","versionStartExcluding":"string","versionEndExcluding":"string"}],"items":{"required":["cpe23Uri","vulnerable"],"type":"object","properties":{"vulnerable":{"type":"boolean","example":true},"cpe23Uri":{"type":"string","description":"A text representation of a software or hardware platform.","example":"string"},"versionStartIncluding":{"type":"string","description":"A string representing the lower bound(inclusive) of version in the CPE.","example":"string"},"versionEndIncluding":{"type":"string","description":"A string representing the upper bound(inclusive) of version in the CPE.","example":"string"},"versionStartExcluding":{"type":"string","description":"A string representing the lower bound(exclusive) of version in the CPE.","example":"string"},"versionEndExcluding":{"type":"string","description":"A string representing the upper bound(exclusive) of version in the CPE.","example":"string"}},"additionalProperties":false,"example":{"vulnerable":true,"cpe23Uri":"string","versionStartIncluding":"string","versionEndIncluding":"string","versionStartExcluding":"string","versionEndExcluding":"string"},"$$ref":"#/components/schemas/CPEMatch"}},"negate":{"type":"boolean","description":"Negates operator when true.","example":true}},"additionalProperties":false,"example":{"operator":"AND","cpe_match":[{"vulnerable":true,"cpe23Uri":"string","versionStartIncluding":"string","versionEndIncluding":"string","versionStartExcluding":"string","versionEndExcluding":"string"}],"negate":true},"$$ref":"#/components/schemas/CPELeafNode"}},"negate":{"type":"boolean","description":"Negates operator when true.","example":true}},"additionalProperties":false,"example":{"operator":"AND","cpe_match":[{"vulnerable":true,"cpe23Uri":"string","versionStartIncluding":"string","versionEndIncluding":"string","versionStartExcluding":"string","versionEndExcluding":"string"}],"children":[{"operator":"AND","cpe_match":[{"vulnerable":true,"cpe23Uri":"string","versionStartIncluding":"string","versionEndIncluding":"string","versionStartExcluding":"string","versionEndExcluding":"string"}],"negate":true}],"negate":true},"$$ref":"#/components/schemas/CPENode"}}},"additionalProperties":false,"description":"Represents a list of affected versions or configurations of a software component that is impacted by a vulnerability. \nBy tracking the affected software components and versions, defenders can identify which systems are potentially exposed to an attack, and apply appropriate mitigations.","example":{"CVE_data_version":"string","nodes":[{"operator":"AND","cpe_match":[{"vulnerable":true,"cpe23Uri":"string","versionStartIncluding":"string","versionEndIncluding":"string","versionStartExcluding":"string","versionEndExcluding":"string"}],"children":[{"operator":"AND","cpe_match":[{"vulnerable":true,"cpe23Uri":"string","versionStartIncluding":"string","versionEndIncluding":"string","versionStartExcluding":"string","versionEndExcluding":"string"}],"negate":true}],"negate":true}]},"$$ref":"#/components/schemas/Configurations","title":"Configurations"}}