{"type":"model","meta":{"id":"/apps/pubhub/media/cisco-xdr-api-docs/f4e065ff5977829c89df289df08411f83205f526/d7d3e58b-2412-342e-a80a-991bae0c0b01","info":{"title":"PrivateIntel Service","description":"A proxy to private-intel CTIA with various IROH hooks","contact":{"name":"Cisco Security Business Group -- Advanced Threat","email":"cisco-intel-api-support@cisco.com"},"license":{"name":"All Rights Reserved","url":"https://www.cisco.com"},"version":"1.0.107"},"security":[{"oAuth2":["integration:read","private-intel:read","profile:read","inspect:read","users:read","invite:read","enrich:read","oauth:read","response:read","global-intel:read","ao:read","playbook:read"]}],"tags":[{"name":"Private Intel","description":"Access private-intel"}],"x-parser-conf":{"serverConfig":"select","overview":{"markdownPath":"reference/incident-management/overview.md","uri":"incident-management-api-guide"},"disableAuthEditing":true,"exampleAsDefault":true,"oAuth2":{"clientId":"client-546e34fc-c6bf-4951-ac69-f6d7987a7814","clientSecret":"MYw4_E_tBdFwUwrX6WFYKVD5LQrG2k7XrJ5J046wWE0s1gAKCxJ8VA","proxyEnabled":false},"meta":{"useProxy":true}},"openapi":"3.0.1","servers":[{"url":"https://visibility.amp.cisco.com"}],"securitySchemes":{"oAuth2":{"type":"oauth2","flows":{"clientCredentials":{"tokenUrl":"https://visibility.amp.cisco.com/iroh/oauth2/token","scopes":{"telemetry":"Collect application data for analytics","integration:read":"Manage your modules","private-intel:read":"Access Private Intelligence","admin":"Provide admin privileges","cognitive":"Cognitive Integration","profile:read":"Get your profile information","inspect:read":"Extract Observables and data from text","asset":"Access and modify your assets","event":"Read IROH Events","feedback":"Submit Customer Feedback","sse":"SSE Integration. Manage your Devices.","registry":"Manage registry entries","users:read":"Manage users of your organization","investigation":"Perform threat analysis investigation","invite:read":"Invite users into your organization","casebook":"Access and modify your casebooks","playbook":"Access and modify your playbooks","orbital":"Orbital Integration.","enrich:read":"Query your configured modules for threat intelligence","oauth:read":"Manage OAuth2 Clients","vault":"Grants access to Module Vaults","response:read":"List and execute response actions using configured modules","notification":"Receive notifications from integrations","global-intel:read":"Access AMP Global Intelligence","webhook":"Manage your Webhooks","ao:read":"AO Integration."}}}}}},"spec":{"type":"object","properties":{"process_guid":{"type":"integer","format":"int64","example":10},"registry_data":{"type":"string","description":"String with at most 5000 characters.","example":"string"},"time":{"type":"object","properties":{"start_time":{"type":"string","description":"Time of the observation. If the observation was made over a period of time, than this field indicates the start of that period.","format":"date-time","example":"2016-01-01T01:01:01Z"},"end_time":{"type":"string","description":"If the observation was made over a period of time, than this field indicates the end of that period.","format":"date-time","example":"2016-01-01T01:01:01Z"}},"additionalProperties":{"type":"object"},"description":"Period of time when a cyber observation is valid. `start_time` must come before `end_time` (if specified).","example":{"start_time":"2016-01-01T01:01:01.000Z","end_time":"2016-01-01T01:01:01.000Z"},"$$ref":"#/components/schemas/IncidentSummarySearchResultsContextSightingsContextRegistrySetEventsTime"},"type":{"type":"string","example":"RegistrySetEvent","enum":["RegistrySetEvent"]},"registry_data_length":{"type":"integer","format":"int64","example":10},"registry_value":{"type":"string","description":"String with at most 2048 characters.","example":"string"},"registry_key":{"type":"string","description":"String with at most 1024 characters.","example":"string"},"process_name":{"type":"string","description":"String with at most 1024 characters.","example":"string"},"process_id":{"type":"integer","format":"int64","example":10},"process_username":{"type":"string","description":"String with at most 1024 characters.","example":"string"}},"additionalProperties":{"type":"object"},"example":{"process_guid":10,"registry_data":"string","time":{"start_time":"2016-01-01T01:01:01.000Z","end_time":"2016-01-01T01:01:01.000Z"},"type":"RegistrySetEvent","registry_data_length":10,"registry_value":"string","registry_key":"string","process_name":"string","process_id":10,"process_username":"string"},"$$ref":"#/components/schemas/IncidentSummarySearchResultsContextSightingsContextRegistrySetEvents","title":"IncidentSummarySearchResultsContextSightingsContextRegistrySetEvents"}}