{"type":"model","meta":{"id":"/apps/pubhub/media/cisco-xdr-api-docs/f4e065ff5977829c89df289df08411f83205f526/d7d3e58b-2412-342e-a80a-991bae0c0b01","info":{"title":"PrivateIntel Service","description":"A proxy to private-intel CTIA with various IROH hooks","contact":{"name":"Cisco Security Business Group -- Advanced Threat","email":"cisco-intel-api-support@cisco.com"},"license":{"name":"All Rights Reserved","url":"https://www.cisco.com"},"version":"1.0.107"},"security":[{"oAuth2":["integration:read","private-intel:read","profile:read","inspect:read","users:read","invite:read","enrich:read","oauth:read","response:read","global-intel:read","ao:read","playbook:read"]}],"tags":[{"name":"Private Intel","description":"Access private-intel"}],"x-parser-conf":{"serverConfig":"select","overview":{"markdownPath":"reference/incident-management/overview.md","uri":"incident-management-api-guide"},"disableAuthEditing":true,"exampleAsDefault":true,"oAuth2":{"clientId":"client-546e34fc-c6bf-4951-ac69-f6d7987a7814","clientSecret":"MYw4_E_tBdFwUwrX6WFYKVD5LQrG2k7XrJ5J046wWE0s1gAKCxJ8VA","proxyEnabled":false},"meta":{"useProxy":true}},"openapi":"3.0.1","servers":[{"url":"https://visibility.amp.cisco.com"}],"securitySchemes":{"oAuth2":{"type":"oauth2","flows":{"clientCredentials":{"tokenUrl":"https://visibility.amp.cisco.com/iroh/oauth2/token","scopes":{"telemetry":"Collect application data for analytics","integration:read":"Manage your modules","private-intel:read":"Access Private Intelligence","admin":"Provide admin privileges","cognitive":"Cognitive Integration","profile:read":"Get your profile information","inspect:read":"Extract Observables and data from text","asset":"Access and modify your assets","event":"Read IROH Events","feedback":"Submit Customer Feedback","sse":"SSE Integration. Manage your Devices.","registry":"Manage registry entries","users:read":"Manage users of your organization","investigation":"Perform threat analysis investigation","invite:read":"Invite users into your organization","casebook":"Access and modify your casebooks","playbook":"Access and modify your playbooks","orbital":"Orbital Integration.","enrich:read":"Query your configured modules for threat intelligence","oauth:read":"Manage OAuth2 Clients","vault":"Grants access to Module Vaults","response:read":"List and execute response actions using configured modules","notification":"Receive notifications from integrations","global-intel:read":"Access AMP Global Intelligence","webhook":"Manage your Webhooks","ao:read":"AO Integration."}}}}}},"spec":{"type":"object","properties":{"parent_process_name":{"type":"string","description":"String with at most 1024 characters.","example":"string"},"byte_count_in":{"type":"integer","format":"int64","example":10},"process_guid":{"type":"integer","format":"int64","example":10},"process_path":{"type":"string","description":"String with at most 1024 characters.","example":"string"},"traffic":{"type":"object","properties":{"destination_host_name":{"type":"string","example":"string"},"protocol":{"type":"integer","description":"The IP [protocol id](https://www.iana.org/assignments/protocol-numbers/protocol-numbers.xhtml)","format":"int64","example":10},"source_ip":{"type":"string","example":"string"},"destination_subnet":{"type":"string","example":"string"},"destination_ip":{"type":"string","example":"string"},"source_subnet":{"type":"string","example":"string"},"destination_port":{"type":"integer","format":"int64","example":10},"direction":{"type":"string","example":"incoming","enum":["incoming","outgoing"]},"source_port":{"type":"integer","format":"int64","example":10}},"additionalProperties":{"type":"object"},"example":{"destination_host_name":"string","protocol":10,"source_ip":"string","destination_subnet":"string","destination_ip":"string","source_subnet":"string","destination_port":10,"direction":"incoming","source_port":10},"$$ref":"#/components/schemas/IncidentSummarySearchResultsContextSightingsContextNetflowEventsTraffic"},"flow_time":{"type":"string","description":"Schema definition for all date or timestamp values. Serialized as a string, the field should follow the rules of the [ISO8601](https://en.wikipedia.org/wiki/ISO_8601) standard.","format":"date-time","example":"2016-01-01T01:01:01Z"},"time":{"type":"object","properties":{"start_time":{"type":"string","description":"Time of the observation. If the observation was made over a period of time, than this field indicates the start of that period.","format":"date-time","example":"2016-01-01T01:01:01Z"},"end_time":{"type":"string","description":"If the observation was made over a period of time, than this field indicates the end of that period.","format":"date-time","example":"2016-01-01T01:01:01Z"}},"additionalProperties":{"type":"object"},"description":"Period of time when a cyber observation is valid. `start_time` must come before `end_time` (if specified).","example":{"start_time":"2016-01-01T01:01:01.000Z","end_time":"2016-01-01T01:01:01.000Z"},"$$ref":"#/components/schemas/IncidentSummarySearchResultsContextSightingsContextNetflowEventsTime"},"parent_process_account":{"type":"string","description":"String with at most 1024 characters.","example":"string"},"type":{"type":"string","example":"NetflowEvent","enum":["NetflowEvent"]},"process_account_type":{"type":"string","description":"String with at most 1024 characters.","example":"string"},"parent_process_path":{"type":"string","description":"String with at most 1024 characters.","example":"string"},"parent_process_id":{"type":"integer","format":"int64","example":10},"parent_process_args":{"type":"string","description":"String with at most 1024 characters.","example":"string"},"process_name":{"type":"string","description":"String with at most 1024 characters.","example":"string"},"process_account":{"type":"string","description":"String with at most 1024 characters.","example":"string"},"parent_process_account_type":{"type":"string","description":"String with at most 1024 characters.","example":"string"},"process_hash":{"type":"string","description":"String with at most 1024 characters.","example":"string"},"process_id":{"type":"integer","format":"int64","example":10},"parent_process_hash":{"type":"string","description":"String with at most 1024 characters.","example":"string"},"process_username":{"type":"string","description":"String with at most 1024 characters.","example":"string"},"byte_count_out":{"type":"integer","format":"int64","example":10},"process_args":{"type":"string","description":"String with at most 1024 characters.","example":"string"}},"additionalProperties":{"type":"object"},"example":{"parent_process_name":"string","byte_count_in":10,"process_guid":10,"process_path":"string","traffic":{"destination_host_name":"string","protocol":10,"source_ip":"string","destination_subnet":"string","destination_ip":"string","source_subnet":"string","destination_port":10,"direction":"incoming","source_port":10},"flow_time":"2016-01-01T01:01:01.000Z","time":{"start_time":"2016-01-01T01:01:01.000Z","end_time":"2016-01-01T01:01:01.000Z"},"parent_process_account":"string","type":"NetflowEvent","process_account_type":"string","parent_process_path":"string","parent_process_id":10,"parent_process_args":"string","process_name":"string","process_account":"string","parent_process_account_type":"string","process_hash":"string","process_id":10,"parent_process_hash":"string","process_username":"string","byte_count_out":10,"process_args":"string"},"$$ref":"#/components/schemas/IncidentSummarySearchResultsContextSightingsContextNetflowEvents","title":"IncidentSummarySearchResultsContextSightingsContextNetflowEvents"}}