{"type":"model","meta":{"id":"/apps/pubhub/media/cisco-xdr-api-docs/f4e065ff5977829c89df289df08411f83205f526/b8e2f317-fdde-3c60-a473-916add6130ca","info":{"title":"XDR Findings Container API","version":"1.0.0"},"tags":[{"description":"Operations related to service healthcheck","name":"Healthcheck"},{"description":"Operations for internal use only","name":"Internal"}],"x-parser-conf":{"serverConfig":"select","overview":{"markdownPath":"reference/findings-intake/overview.md","uri":"findings-intake-api-guide"},"disableAuthEditing":true,"exampleAsDefault":true,"oAuth2":{"clientId":"client-546e34fc-c6bf-4951-ac69-f6d7987a7814","clientSecret":"MYw4_E_tBdFwUwrX6WFYKVD5LQrG2k7XrJ5J046wWE0s1gAKCxJ8VA","proxyEnabled":false},"meta":{"useProxy":true}},"openapi":"3.1.0","servers":[{"url":"https://findings.us.security.cisco.com"}],"securitySchemes":{"bearer":{"bearerFormat":"JWT","scheme":"bearer","type":"http"}}},"spec":{"additionalProperties":false,"properties":{"detection_findings":{"additionalProperties":false,"properties":{"attacks":{"items":{"additionalProperties":false,"properties":{"tactic":{"additionalProperties":false,"properties":{"uid":{"enum":["TA0001","TA0002","TA0003","TA0004","TA0005","TA0006","TA0007","TA0008","TA0009","TA0011","TA0010","TA0040","TA0042","TA0043"],"type":["string","null"]}},"required":["uid"],"type":"object","$$ref":"#/components/schemas/Tactic"},"technique":{"additionalProperties":false,"properties":{"uid":{"type":["string","null"]}},"required":["uid"],"type":"object","$$ref":"#/components/schemas/Technique"}},"type":"object","$$ref":"#/components/schemas/Attack"},"maxItems":20,"type":["array","null"]},"confidence":{"enum":["Unknown","Low","High","Medium"],"type":"string"},"dispositions":{"items":{"additionalProperties":false,"properties":{"disposition":{"description":"Disposition","enum":["Unknown","Allowed","Blocked","Quarantined","Isolated","Deleted","Dropped","Custom Action","Approved","Restored","Exonerated","Corrected","Partially Corrected","Uncorrected","Delayed","Detected","No Action","Logged","Tagged","Alert","Count","Reset","Captcha","Challenge","Access Revoked","Rejected","Unauthorized","Error","Other","Terminated","Parent Process Terminated","Suspend Process","Suspend Parent Process"],"type":"string"},"disposition_status":{"description":"Disposition Status","enum":["Unknown","Disabled by Policy","Action Failure","Unsupported Action","Other Error","Audit Mode","Already Applied","Other"],"type":"string"}},"type":"object","$$ref":"#/components/schemas/CiscoDisposition"},"maxItems":10,"type":["array","null"]},"finding_info":{"additionalProperties":false,"properties":{"desc":{"maxLength":5000,"type":"string"},"modified_time":{"description":"Unix timestamp in milliseconds","format":"int64","maximum":4102444800000,"minimum":946684800000,"type":"integer"},"src_url":{"format":"uri","maxLength":2048,"type":"string"},"title":{"maxLength":500,"minLength":1,"type":"string"},"types":{"items":{"enum":["Email","Network"],"type":"string"},"maxItems":1,"minItems":1,"type":["array","null"]},"uid":{"description":"Unique identifier for the finding","type":"string"}},"required":["types"],"type":"object","$$ref":"#/components/schemas/FindingInfo"},"metadata":{"additionalProperties":false,"properties":{"labels":{"default":["intake-api-finding"],"items":{"enum":["regular-finding","non-regular-finding","intake-api-finding"],"type":"string"},"type":["array","null"]}},"type":"object","$$ref":"#/components/schemas/Metadata"},"raw_data":{"maxLength":100000,"type":"string"},"severity":{"enum":["Unknown","Informational","Low","Medium","High","Critical","Fatal"],"type":"string"},"status":{"enum":["Unknown","New","In Progress","Suppressed","Resolved","Archived"],"type":"string"},"time":{"description":"Unix timestamp in milliseconds","format":"int64","maximum":4102444800000,"minimum":946684800000,"type":"integer"}},"required":["finding_info","time"],"type":"object","$$ref":"#/components/schemas/DetectionFinding"},"email_activity":{"items":{"additionalProperties":false,"properties":{"activity_name":{"enum":["Send","Receive","Scan","Trace"],"type":"string"},"direction":{"enum":["Unknown","Inbound","Outbound","Internal","Other"],"type":"string"},"dispositions":{"items":{"additionalProperties":false,"properties":{"disposition":{"description":"Disposition","enum":["Unknown","Allowed","Blocked","Quarantined","Isolated","Deleted","Dropped","Custom Action","Approved","Restored","Exonerated","Corrected","Partially Corrected","Uncorrected","Delayed","Detected","No Action","Logged","Tagged","Alert","Count","Reset","Captcha","Challenge","Access Revoked","Rejected","Unauthorized","Error","Other","Terminated","Parent Process Terminated","Suspend Process","Suspend Parent Process"],"type":"string"},"disposition_status":{"description":"Disposition Status","enum":["Unknown","Disabled by Policy","Action Failure","Unsupported Action","Other Error","Audit Mode","Already Applied","Other"],"type":"string"}},"type":"object","$$ref":"#/components/schemas/CiscoDisposition"},"maxItems":10,"type":["array","null"]},"dst_endpoint":{"additionalProperties":false,"properties":{"ip":{"description":"IP address of the endpoint, either IPv4 or IPv6.","type":["string","null"]}},"type":"object","$$ref":"#/components/schemas/EmailEndpoint"},"email":{"additionalProperties":false,"properties":{"cc":{"description":"Items should be valid email addresses.","items":{"type":["string","null"]},"maxItems":50,"type":["array","null"]},"delivered_to_list":{"description":"Items should be valid email addresses.","items":{"type":["string","null"]},"maxItems":50,"type":["array","null"]},"files":{"items":{"additionalProperties":false,"properties":{"hashes":{"items":{"additionalProperties":false,"properties":{"algorithm":{"enum":["Unknown","MD5","SHA-1","SHA-256","SHA-512","CTPH","TLSH","quickXorHash","Other"],"type":"string"},"value":{"maxLength":128,"minLength":1,"type":"string"}},"required":["value"],"type":"object","$$ref":"#/components/schemas/Fingerprint"},"maxItems":10,"type":["array","null"]},"name":{"maxLength":255,"minLength":1,"type":"string"},"size":{"format":"int64","maximum":107374182400,"minimum":0,"type":"integer"},"type":{"enum":["Unknown","Regular File","Folder","Character Device","Block Device","Local Socket","Named Pipe","Symbolic Link","Other"],"type":"string"}},"required":["name"],"type":"object","$$ref":"#/components/schemas/File"},"maxItems":20,"type":["array","null"]},"from_list":{"description":"Items should be valid email addresses.","items":{"type":["string","null"]},"maxItems":10,"minItems":1,"type":["array","null"]},"message_uid":{"maxLength":255,"type":"string"},"raw_header":{"maxLength":10000,"type":"string"},"reply_to_mailboxes":{"items":{"type":"string"},"maxItems":10,"type":["array","null"]},"sender":{"description":"Email address of the sender.","type":["string","null"]},"subject":{"maxLength":998,"type":"string"},"to":{"description":"Items should be valid email addresses.","items":{"type":["string","null"]},"maxItems":50,"minItems":1,"type":["array","null"]},"urls":{"items":{"format":"uri","type":"string"},"maxItems":100,"type":["array","null"]},"x_originating_ip":{"description":"Identifying the emails originating IP address, either IPv4 or IPv6.","items":{"type":["string","null"]},"maxItems":10,"type":["array","null"]}},"required":["from_list","message_uid","to"],"type":"object","$$ref":"#/components/schemas/Email"},"src_endpoint":{"additionalProperties":false,"properties":{"ip":{"description":"IP address of the endpoint, either IPv4 or IPv6.","type":["string","null"]}},"type":"object","$$ref":"#/components/schemas/EmailEndpoint"},"time":{"description":"Unix timestamp in milliseconds","format":"int64","maximum":4102444800000,"minimum":946684800000,"type":"integer"}},"required":["email","time"],"type":"object","$$ref":"#/components/schemas/EmailActivity"},"type":["array","null"]},"network_activity":{"items":{"additionalProperties":false,"properties":{"activity_name":{"enum":["Unknown","Open","Close","Reset","Fail","Refuse","Traffic","Listen"],"type":"string"},"actor":{"additionalProperties":false,"properties":{"user":{"additionalProperties":false,"properties":{"email_addr":{"type":["string","null"]},"name":{"type":"string"}},"type":"object","$$ref":"#/components/schemas/User"}},"type":"object","$$ref":"#/components/schemas/Actor"},"connection_info":{"additionalProperties":false,"properties":{"direction":{"enum":["Unknown","Inbound","Outbound","Lateral","Other"],"type":"string"},"protocol_num":{"description":"Protocol Number","enum":[1,2,4,6,17,41],"format":"int64","type":"integer"},"protocol_ver_id":{"description":"Protocol Version","enum":[0,4,6],"format":"int64","type":"integer"}},"type":"object","$$ref":"#/components/schemas/NetworkConnectionInfo"},"dispositions":{"items":{"additionalProperties":false,"properties":{"disposition":{"description":"Disposition","enum":["Unknown","Allowed","Blocked","Quarantined","Isolated","Deleted","Dropped","Custom Action","Approved","Restored","Exonerated","Corrected","Partially Corrected","Uncorrected","Delayed","Detected","No Action","Logged","Tagged","Alert","Count","Reset","Captcha","Challenge","Access Revoked","Rejected","Unauthorized","Error","Other","Terminated","Parent Process Terminated","Suspend Process","Suspend Parent Process"],"type":"string"},"disposition_status":{"description":"Disposition Status","enum":["Unknown","Disabled by Policy","Action Failure","Unsupported Action","Other Error","Audit Mode","Already Applied","Other"],"type":"string"}},"type":"object","$$ref":"#/components/schemas/CiscoDisposition"},"type":["array","null"]},"dst_endpoint":{"description":"Either DstEndpoint or SrcEndpoint must be specified","additionalProperties":false,"properties":{"hostname":{"format":"hostname","type":"string"},"ip":{"description":"IP address of the endpoint, either IPv4 or IPv6.","type":["string","null"]},"mac":{"pattern":"^([0-9A-Fa-f]{2}[:-]){5}([0-9A-Fa-f]{2})$","type":"string"},"port":{"format":"int64","maximum":65535,"minimum":1,"type":"integer"},"proxy_endpoint":{"additionalProperties":false,"properties":{"ip":{"description":"IP address of the proxy endpont, either IPv4 or IPv6.","type":["string","null"]}},"type":"object","$$ref":"#/components/schemas/NetworkProxy"}},"type":"object","$$ref":"#/components/schemas/NetworkEndpoint"},"src_endpoint":{"description":"Either DstEndpoint or SrcEndpoint must be specified","additionalProperties":false,"properties":{"hostname":{"format":"hostname","type":"string"},"ip":{"description":"IP address of the endpoint, either IPv4 or IPv6.","type":["string","null"]},"mac":{"pattern":"^([0-9A-Fa-f]{2}[:-]){5}([0-9A-Fa-f]{2})$","type":"string"},"port":{"format":"int64","maximum":65535,"minimum":1,"type":"integer"},"proxy_endpoint":{"additionalProperties":false,"properties":{"ip":{"description":"IP address of the proxy endpont, either IPv4 or IPv6.","type":["string","null"]}},"type":"object","$$ref":"#/components/schemas/NetworkProxy"}},"type":"object","$$ref":"#/components/schemas/NetworkEndpoint"},"time":{"description":"Unix timestamp in milliseconds","format":"int64","maximum":4102444800000,"minimum":946684800000,"type":"integer"},"traffic":{"additionalProperties":false,"properties":{"bytes_in":{"format":"int64","minimum":0,"type":"integer"},"bytes_out":{"format":"int64","minimum":0,"type":"integer"},"packets_in":{"format":"int64","minimum":0,"type":"integer"},"packets_out":{"format":"int64","minimum":0,"type":"integer"}},"type":"object","$$ref":"#/components/schemas/NetworkTraffic"},"url":{"format":"uri","type":"string"}},"required":["time"],"type":"object","$$ref":"#/components/schemas/NetworkActivity"},"type":["array","null"]}},"required":["detection_findings"],"type":"object","title":"CustomFindingEventsRequest"}}