Execute a workflow for a task - Cisco XDR APIs

{"type":"api","title":"Execute a workflow for a task","meta":{"id":"/apps/pubhub/media/cisco-xdr-api-docs/f4e065ff5977829c89df289df08411f83205f526/c98907ec-ab5b-300c-875e-ed82e1fb4b50","info":{"title":"Playbook","description":"Playbook customization and status retrieval","contact":{"name":"Cisco Security Business Group -- Advanced Threat","email":"cisco-intel-api-support@cisco.com"},"license":{"name":"All Rights Reserved","url":"https://www.cisco.com"},"version":"30-1-9e5e32c8"},"security":[{"oAuth2":["integration:read","private-intel:read","profile:read","inspect:read","users:read","invite:read","enrich:read","oauth:read","response:read","global-intel:read","ao:read","playbook:read"]}],"x-parser-conf":{"serverConfig":"select","overview":{"markdownPath":"reference/playbook/overview.md","uri":"playbook-api-guide"},"disableAuthEditing":true,"exampleAsDefault":true,"oAuth2":{"clientId":"client-546e34fc-c6bf-4951-ac69-f6d7987a7814","clientSecret":"MYw4_E_tBdFwUwrX6WFYKVD5LQrG2k7XrJ5J046wWE0s1gAKCxJ8VA","proxyEnabled":false},"meta":{"useProxy":true}},"openapi":"3.0.1","servers":[{"url":"https://playbook.us.security.cisco.com"}],"securitySchemes":{"oAuth2":{"type":"oauth2","flows":{"clientCredentials":{"tokenUrl":"https://visibility.amp.cisco.com/iroh/oauth2/token","scopes":{"telemetry":"Collect application data for analytics","integration:read":"Manage your modules","private-intel:read":"Access Private Intelligence","admin":"Provide admin privileges","cognitive":"Cognitive Integration","profile:read":"Get your profile information","inspect:read":"Extract Observables and data from text","asset":"Access and modify your assets","event":"Read IROH Events","feedback":"Submit Customer Feedback","sse":"SSE Integration. Manage your Devices.","registry":"Manage registry entries","users:read":"Manage users of your organization","investigation":"Perform threat analysis investigation","invite:read":"Invite users into your organization","casebook":"Access and modify your casebooks","playbook":"Access and modify your playbooks","orbital":"Orbital Integration.","enrich:read":"Query your configured modules for threat intelligence","oauth:read":"Manage OAuth2 Clients","vault":"Grants access to Module Vaults","response:read":"List and execute response actions using configured modules","notification":"Receive notifications from integrations","global-intel:read":"Access AMP Global Intelligence","webhook":"Manage your Webhooks","ao:read":"AO Integration."}}}}}},"spec":{"tags":["Incident"],"summary":"Execute a workflow for a task","parameters":[{"name":"incident-id","in":"path","description":"The short-id for an incident that was previously created in CTIA","required":true,"schema":{"type":"string"}},{"name":"task-id","in":"path","required":true,"schema":{"type":"string","format":"uuid"}}],"requestBody":{"content":{"application/json":{"schema":{"type":"object","properties":{"observables":{"type":"array","description":"A collection of observables to pass through to the workflow","items":{"required":["type","value"],"type":"object","properties":{"type":{"type":"string","example":"hostname"},"value":{"type":"string","example":"example.com"}}}},"assets":{"type":"array","description":"A collection of assets to passthrough to the workflow. Works on the observables of the asset.","items":{"required":["observableType","observables","type","value"],"type":"object","properties":{"type":{"type":"string","example":"device"},"observableType":{"type":"string","example":"hostname"},"value":{"type":"string","example":"example.com"},"observables":{"type":"array","items":{"required":["type","value"],"type":"object","properties":{"type":{"type":"string","example":"hostname"},"value":{"type":"string","example":"example.com"}}}}}}},"types":{"uniqueItems":true,"type":"array","description":"The asset types the workflow can use.","items":{"type":"string","enum":["alert","allow","augment","contain","delete","deny","detonate","distill","get","investigate","locate","mitigate","modify","move","notify","other","pause","query","redirect","remediate","report","response","restart","restore","resume","save","scan","set","snapshot","start","stop","substitute","sync","throttle","update"]}}},"nullable":true,"x-nullable":true}},"application/transit+msgpack":{"schema":{"type":"object","properties":{"observables":{"type":"array","description":"A collection of observables to pass through to the workflow","items":{"required":["type","value"],"type":"object","properties":{"type":{"type":"string","example":"hostname"},"value":{"type":"string","example":"example.com"}}}},"assets":{"type":"array","description":"A collection of assets to passthrough to the workflow. Works on the observables of the asset.","items":{"required":["observableType","observables","type","value"],"type":"object","properties":{"type":{"type":"string","example":"device"},"observableType":{"type":"string","example":"hostname"},"value":{"type":"string","example":"example.com"},"observables":{"type":"array","items":{"required":["type","value"],"type":"object","properties":{"type":{"type":"string","example":"hostname"},"value":{"type":"string","example":"example.com"}}}}}}},"types":{"uniqueItems":true,"type":"array","description":"The asset types the workflow can use.","items":{"type":"string","enum":["alert","allow","augment","contain","delete","deny","detonate","distill","get","investigate","locate","mitigate","modify","move","notify","other","pause","query","redirect","remediate","report","response","restart","restore","resume","save","scan","set","snapshot","start","stop","substitute","sync","throttle","update"]}}},"nullable":true,"x-nullable":true}},"application/transit+json":{"schema":{"type":"object","properties":{"observables":{"type":"array","description":"A collection of observables to pass through to the workflow","items":{"required":["type","value"],"type":"object","properties":{"type":{"type":"string","example":"hostname"},"value":{"type":"string","example":"example.com"}}}},"assets":{"type":"array","description":"A collection of assets to passthrough to the workflow. Works on the observables of the asset.","items":{"required":["observableType","observables","type","value"],"type":"object","properties":{"type":{"type":"string","example":"device"},"observableType":{"type":"string","example":"hostname"},"value":{"type":"string","example":"example.com"},"observables":{"type":"array","items":{"required":["type","value"],"type":"object","properties":{"type":{"type":"string","example":"hostname"},"value":{"type":"string","example":"example.com"}}}}}}},"types":{"uniqueItems":true,"type":"array","description":"The asset types the workflow can use.","items":{"type":"string","enum":["alert","allow","augment","contain","delete","deny","detonate","distill","get","investigate","locate","mitigate","modify","move","notify","other","pause","query","redirect","remediate","report","response","restart","restore","resume","save","scan","set","snapshot","start","stop","substitute","sync","throttle","update"]}}},"nullable":true,"x-nullable":true}},"application/edn":{"schema":{"type":"object","properties":{"observables":{"type":"array","description":"A collection of observables to pass through to the workflow","items":{"required":["type","value"],"type":"object","properties":{"type":{"type":"string","example":"hostname"},"value":{"type":"string","example":"example.com"}}}},"assets":{"type":"array","description":"A collection of assets to passthrough to the workflow. Works on the observables of the asset.","items":{"required":["observableType","observables","type","value"],"type":"object","properties":{"type":{"type":"string","example":"device"},"observableType":{"type":"string","example":"hostname"},"value":{"type":"string","example":"example.com"},"observables":{"type":"array","items":{"required":["type","value"],"type":"object","properties":{"type":{"type":"string","example":"hostname"},"value":{"type":"string","example":"example.com"}}}}}}},"types":{"uniqueItems":true,"type":"array","description":"The asset types the workflow can use.","items":{"type":"string","enum":["alert","allow","augment","contain","delete","deny","detonate","distill","get","investigate","locate","mitigate","modify","move","notify","other","pause","query","redirect","remediate","report","response","restart","restore","resume","save","scan","set","snapshot","start","stop","substitute","sync","throttle","update"]}}},"nullable":true,"x-nullable":true}}},"required":false},"responses":{"200":{"description":"","content":{"application/json":{"schema":{"required":["content","entity_url","event_time","event_type","id","meta","title","user_id"],"type":"object","properties":{"id":{"type":"string","format":"uuid"},"content":{"type":"string","description":"A markdown string with starting information about the workflow."},"user_id":{"type":"string","description":"The user who initiated the workflow.","nullable":true,"example":"org-virtual-user-abcdef"},"title":{"type":"string","description":"Executed Workflow for Document and Notify","example":"Executed Workflow for Document and Notify"},"entity_url":{"type":"string","description":"A link to display on the event.","nullable":true,"example":"https://xdr.int.iroh.site/automate/runs/028L3SUZON9CK10YLshABO5xtYk0ICTqjr8"},"event_time":{"type":"string","format":"date-time","example":"2023-10-18T20:16:06Z"},"event_type":{"type":"string","description":"The type of event that occurred.","enum":["auto/workflow/task/start/success"]},"meta":{"type":"object","properties":{"workflow":{"required":["input"],"type":"object","properties":{"input":{"required":["observables"],"type":"object","properties":{"observables":{"type":"array","items":{"required":["type","value"],"type":"object","properties":{"type":{"type":"string"},"value":{"type":"string"}}}}}}}}},"nullable":true}}}},"application/transit+msgpack":{"schema":{"required":["content","entity_url","event_time","event_type","id","meta","title","user_id"],"type":"object","properties":{"id":{"type":"string","format":"uuid"},"content":{"type":"string","description":"A markdown string with starting information about the workflow."},"user_id":{"type":"string","description":"The user who initiated the workflow.","nullable":true,"example":"org-virtual-user-abcdef"},"title":{"type":"string","description":"Executed Workflow for Document and Notify","example":"Executed Workflow for Document and Notify"},"entity_url":{"type":"string","description":"A link to display on the event.","nullable":true,"example":"https://xdr.int.iroh.site/automate/runs/028L3SUZON9CK10YLshABO5xtYk0ICTqjr8"},"event_time":{"type":"string","format":"date-time","example":"2023-10-18T20:16:06Z"},"event_type":{"type":"string","description":"The type of event that occurred.","enum":["auto/workflow/task/start/success"]},"meta":{"type":"object","properties":{"workflow":{"required":["input"],"type":"object","properties":{"input":{"required":["observables"],"type":"object","properties":{"observables":{"type":"array","items":{"required":["type","value"],"type":"object","properties":{"type":{"type":"string"},"value":{"type":"string"}}}}}}}}},"nullable":true}}}},"application/transit+json":{"schema":{"required":["content","entity_url","event_time","event_type","id","meta","title","user_id"],"type":"object","properties":{"id":{"type":"string","format":"uuid"},"content":{"type":"string","description":"A markdown string with starting information about the workflow."},"user_id":{"type":"string","description":"The user who initiated the workflow.","nullable":true,"example":"org-virtual-user-abcdef"},"title":{"type":"string","description":"Executed Workflow for Document and Notify","example":"Executed Workflow for Document and Notify"},"entity_url":{"type":"string","description":"A link to display on the event.","nullable":true,"example":"https://xdr.int.iroh.site/automate/runs/028L3SUZON9CK10YLshABO5xtYk0ICTqjr8"},"event_time":{"type":"string","format":"date-time","example":"2023-10-18T20:16:06Z"},"event_type":{"type":"string","description":"The type of event that occurred.","enum":["auto/workflow/task/start/success"]},"meta":{"type":"object","properties":{"workflow":{"required":["input"],"type":"object","properties":{"input":{"required":["observables"],"type":"object","properties":{"observables":{"type":"array","items":{"required":["type","value"],"type":"object","properties":{"type":{"type":"string"},"value":{"type":"string"}}}}}}}}},"nullable":true}}}},"application/edn":{"schema":{"required":["content","entity_url","event_time","event_type","id","meta","title","user_id"],"type":"object","properties":{"id":{"type":"string","format":"uuid"},"content":{"type":"string","description":"A markdown string with starting information about the workflow."},"user_id":{"type":"string","description":"The user who initiated the workflow.","nullable":true,"example":"org-virtual-user-abcdef"},"title":{"type":"string","description":"Executed Workflow for Document and Notify","example":"Executed Workflow for Document and Notify"},"entity_url":{"type":"string","description":"A link to display on the event.","nullable":true,"example":"https://xdr.int.iroh.site/automate/runs/028L3SUZON9CK10YLshABO5xtYk0ICTqjr8"},"event_time":{"type":"string","format":"date-time","example":"2023-10-18T20:16:06Z"},"event_type":{"type":"string","description":"The type of event that occurred.","enum":["auto/workflow/task/start/success"]},"meta":{"type":"object","properties":{"workflow":{"required":["input"],"type":"object","properties":{"input":{"required":["observables"],"type":"object","properties":{"observables":{"type":"array","items":{"required":["type","value"],"type":"object","properties":{"type":{"type":"string"},"value":{"type":"string"}}}}}}}}},"nullable":true}}}}}},"400":{"description":"","content":{"application/json":{"schema":{"required":["message"],"type":"object","properties":{"message":{"type":"object"}}}},"application/transit+msgpack":{"schema":{"required":["message"],"type":"object","properties":{"message":{"type":"object"}}}},"application/transit+json":{"schema":{"required":["message"],"type":"object","properties":{"message":{"type":"object"}}}},"application/edn":{"schema":{"required":["message"],"type":"object","properties":{"message":{"type":"object"}}}}}},"401":{"description":"","content":{"application/json":{"schema":{"required":["message"],"type":"object","properties":{"message":{"type":"string","enum":["Unauthorized"]}}}},"application/transit+msgpack":{"schema":{"required":["message"],"type":"object","properties":{"message":{"type":"string","enum":["Unauthorized"]}}}},"application/transit+json":{"schema":{"required":["message"],"type":"object","properties":{"message":{"type":"string","enum":["Unauthorized"]}}}},"application/edn":{"schema":{"required":["message"],"type":"object","properties":{"message":{"type":"string","enum":["Unauthorized"]}}}}}},"403":{"description":"","content":{"application/json":{"schema":{"required":["message"],"type":"object","properties":{"message":{"type":"string","enum":["Forbidden"]}}}},"application/transit+msgpack":{"schema":{"required":["message"],"type":"object","properties":{"message":{"type":"string","enum":["Forbidden"]}}}},"application/transit+json":{"schema":{"required":["message"],"type":"object","properties":{"message":{"type":"string","enum":["Forbidden"]}}}},"application/edn":{"schema":{"required":["message"],"type":"object","properties":{"message":{"type":"string","enum":["Forbidden"]}}}}}},"404":{"description":"","content":{}},"405":{"description":"","content":{}},"406":{"description":"","content":{}},"412":{"description":"","content":{"application/json":{"schema":{"type":"object","nullable":true,"x-nullable":true}},"application/transit+msgpack":{"schema":{"type":"object","nullable":true,"x-nullable":true}},"application/transit+json":{"schema":{"type":"object","nullable":true,"x-nullable":true}},"application/edn":{"schema":{"type":"object","nullable":true,"x-nullable":true}}}},"422":{"description":"","content":{"application/json":{"schema":{"required":["message"],"type":"object","properties":{"message":{"type":"string","enum":["error_task_not_executable"]}}}},"application/transit+msgpack":{"schema":{"required":["message"],"type":"object","properties":{"message":{"type":"string","enum":["error_task_not_executable"]}}}},"application/transit+json":{"schema":{"required":["message"],"type":"object","properties":{"message":{"type":"string","enum":["error_task_not_executable"]}}}},"application/edn":{"schema":{"required":["message"],"type":"object","properties":{"message":{"type":"string","enum":["error_task_not_executable"]}}}}}},"500":{"description":"","content":{"application/json":{"schema":{"required":["message"],"type":"object","properties":{"message":{"type":"object"},"exception":{"type":"string"},"data":{"type":"object"},"uri":{"type":"string"}}}},"application/transit+msgpack":{"schema":{"required":["message"],"type":"object","properties":{"message":{"type":"object"},"exception":{"type":"string"},"data":{"type":"object"},"uri":{"type":"string"}}}},"application/transit+json":{"schema":{"required":["message"],"type":"object","properties":{"message":{"type":"object"},"exception":{"type":"string"},"data":{"type":"object"},"uri":{"type":"string"}}}},"application/edn":{"schema":{"required":["message"],"type":"object","properties":{"message":{"type":"object"},"exception":{"type":"string"},"data":{"type":"object"},"uri":{"type":"string"}}}}}}},"security":[{"JWT-Bearer":[]},{"JWT-Bearer":[]}],"x-codegen-request-body-name":"body","method":"post","path":"/v1/incident/{incident-id}/task/{task-id}/execute"}}