Investigation Events - Cisco XDR APIs

{"type":"api","title":"Investigation Events","meta":{"id":"/apps/pubhub/media/cisco-xdr-api-docs/fa9197522b1e6452b6dbfc472555dcc7ceeb71bd/f4d118ae-a2d7-3c4b-98c4-c1e55e1f5e68","info":{"title":"Conure v2","description":"Cisco XDR Incidents and Investigation API","contact":{"name":"Cisco Security Business Group -- Advanced Threat","email":"cisco-intel-api-support@cisco.com"},"license":{"name":"All Rights Reserved","url":"https://www.cisco.com"},"version":"51-1-6bee0d16"},"security":[{"oAuth2":["integration:read","private-intel:read","profile:read","inspect:read","users:read","invite:read","enrich:read","oauth:read","response:read","global-intel:read","ao:read"]}],"x-parser-conf":{"serverConfig":"select","overview":{"markdownPath":"reference/conure/overview.md","uri":"incidents-and-investigations-api-guide"},"disableAuthEditing":true,"exampleAsDefault":true,"oAuth2":{"clientId":"client-546e34fc-c6bf-4951-ac69-f6d7987a7814","clientSecret":"MYw4_E_tBdFwUwrX6WFYKVD5LQrG2k7XrJ5J046wWE0s1gAKCxJ8VA","proxyEnabled":false},"meta":{"useProxy":true}},"openapi":"3.0.1","servers":[{"url":"https://conure.us.security.cisco.com/{basePath}","variables":{"basePath":{"default":""}}}],"securitySchemes":{"oAuth2":{"type":"oauth2","flows":{"clientCredentials":{"tokenUrl":"https://visibility.amp.cisco.com/iroh/oauth2/token","scopes":{"telemetry":"Collect application data for analytics","integration:read":"Manage your modules","private-intel:read":"Access Private Intelligence","admin":"Provide admin privileges","cognitive":"Cognitive Integration","profile:read":"Get your profile information","inspect:read":"Extract Observables and data from text","asset":"Access and modify your assets","event":"Read IROH Events","feedback":"Submit Customer Feedback","sse":"SSE Integration. Manage your Devices.","registry":"Manage registry entries","users:read":"Manage users of your organization","investigation":"Perform threat analysis investigation","invite:read":"Invite users into your organization","casebook":"Access and modify your casebooks","orbital":"Orbital Integration.","enrich:read":"Query your configured modules for threat intelligence","oauth:read":"Manage OAuth2 Clients","vault":"Grants access to Module Vaults","response:read":"List and execute response actions using configured modules","notification":"Receive notifications from integrations","vglobal-intel:read":"Access AMP Global Intelligence","webhook":"Manage your Webhooks","ao:read":"AO Integration."}}}}}},"spec":{"tags":["Investigation Data"],"summary":"Investigation Events","parameters":[{"name":"investigation-id","description":"The short-id for an investigation.","in":"path","required":true,"schema":{"type":"string","format":"uuid"}}],"responses":{"200":{"description":"","content":{"application/json":{"schema":{"required":["events"],"type":"object","properties":{"events":{"type":"array","items":{"required":["confidence","count","id","notable","observables","observed_time","original","relations","targets","type"],"type":"object","properties":{"confidence":{"type":"string","enum":["High","Info","Low","Medium","None","Unknown"]},"count":{"minimum":0,"type":"integer","format":"int64"},"id":{"type":"string","x-anyOf":[{"type":"string"},{"type":"string","format":"uuid"}]},"observed_time":{"required":["start_time"],"type":"object","properties":{"start_time":{"type":"string"},"end_time":{"type":"string","nullable":true}}},"type":{"type":"string","enum":["sighting"]},"context":{"type":"object","nullable":true},"data":{"required":["columns","rows"],"type":"object","properties":{"columns":{"type":"array","items":{"required":["name","type"],"type":"object","properties":{"name":{"type":"string"},"type":{"type":"string","enum":["integer","markdown","number","observable","string","url"]},"description":{"type":"string","nullable":true},"required":{"type":"boolean"},"short_description":{"type":"string","nullable":true}}}},"rows":{"type":"array","items":{"type":"object"}},"row_count":{"minimum":0,"type":"integer","format":"int64"}}},"external_ids":{"type":"array","items":{"type":"string"}},"external_references":{"type":"array","items":{"required":["source_name"],"type":"object","properties":{"source_name":{"type":"string"},"hashes":{"type":"array","items":{"type":"string"}},"url":{"type":"string"},"description":{"type":"string"},"external_id":{"type":"string"}}}},"internal":{"type":"boolean"},"language":{"type":"string"},"revision":{"minimum":0,"type":"integer","format":"int64"},"resolution":{"type":"string","enum":["allowed","blocked","contained","detected"]},"sensor":{"type":"string","enum":["Endpoint","endpoint","endpoint.digital-telephone-handset","endpoint.laptop","endpoint.pos-terminal","endpoint.printer","endpoint.sensor","endpoint.server","endpoint.smart-meter","endpoint.smart-phone","endpoint.tablet","endpoint.workstation","network","network.bridge","network.firewall","network.gateway","network.guard","network.hips","network.hub","network.ids","network.ips","network.modem","network.nic","network.proxy","network.router","network.security_manager","network.sense_making","network.sensor","network.switch","network.vpn","network.wap","process","process.aaa-server","process.anti-virus-scanner","process.connection-scanner","process.directory-service","process.dns-server","process.email-service","process.file-scanner","process.location-service","process.network-scanner","process.remediation-service","process.reputation-service","process.sandbox","process.virtualization-service","process.vulnerability-scanner"]},"sensor_coordinates":{"required":["observables","type"],"type":"object","properties":{"observables":{"type":"array","items":{"required":["type","value"],"type":"object","properties":{"type":{"type":"string"},"value":{"type":"string"}}}},"os":{"type":"string"},"type":{"type":"string","enum":["Endpoint","endpoint","endpoint.digital-telephone-handset","endpoint.laptop","endpoint.pos-terminal","endpoint.printer","endpoint.sensor","endpoint.server","endpoint.smart-meter","endpoint.smart-phone","endpoint.tablet","endpoint.workstation","network","network.bridge","network.firewall","network.gateway","network.guard","network.hips","network.hub","network.ids","network.ips","network.modem","network.nic","network.proxy","network.router","network.security_manager","network.sense_making","network.sensor","network.switch","network.vpn","network.wap","process","process.aaa-server","process.anti-virus-scanner","process.connection-scanner","process.directory-service","process.dns-server","process.email-service","process.file-scanner","process.location-service","process.network-scanner","process.remediation-service","process.reputation-service","process.sandbox","process.virtualization-service","process.vulnerability-scanner"]}}},"severity":{"type":"string","enum":["Critical","High","Info","Low","Medium","None","Unknown"]},"short_description":{"type":"string"},"source":{"type":"string"},"source_uri":{"type":"string"},"timestamp":{"type":"string"},"title":{"type":"string"},"compacted_entities":{"uniqueItems":true,"type":"array","items":{"required":["investigated","observables","type"],"type":"object","properties":{"type":{"type":"string"},"value":{"type":"string","nullable":true},"disposition":{"type":"integer","format":"int64","nullable":true},"investigated":{"type":"boolean","nullable":true},"observables":{"type":"array","items":{"required":["type","value"],"type":"object","properties":{"type":{"type":"string"},"value":{"type":"string"},"properties":{"uniqueItems":true,"type":"array","items":{"type":"object","additionalProperties":{"type":"object"}}},"is_asset":{"type":"boolean"},"modules":{"uniqueItems":true,"type":"array","items":{"type":"string","nullable":true}},"sources":{"uniqueItems":true,"type":"array","items":{"type":"string","nullable":true}},"observables":{"type":"array","items":{"type":"object","additionalProperties":{"type":"object"}},"x-anyOf":[{"type":"array","items":{"type":"object","additionalProperties":{}}},{"type":"array","items":{"type":"object","additionalProperties":{}},"uniqueItems":true}]},"disposition":{"type":"integer","format":"int64"},"investigated":{"type":"boolean"},"asset_id":{"type":"string"},"sightings":{"uniqueItems":true,"type":"array","items":{"type":"string"}},"observed_times":{"uniqueItems":true,"type":"array","items":{"type":"string"}}}},"x-anyOf":[{"type":"array","items":{"type":"object","properties":{"type":{"type":"string"},"value":{"type":"string"},"properties":{"type":"array","items":{"type":"object","additionalProperties":{}},"uniqueItems":true},"is_asset":{"type":"boolean"},"modules":{"type":"array","items":{"type":"string","x-nullable":true},"uniqueItems":true},"sources":{"type":"array","items":{"type":"string","x-nullable":true},"uniqueItems":true},"observables":{"type":"array","items":{"type":"object","additionalProperties":{}},"x-anyOf":[{"type":"array","items":{"type":"object","additionalProperties":{}}},{"type":"array","items":{"type":"object","additionalProperties":{}},"uniqueItems":true}]},"disposition":{"type":"integer","format":"int64"},"investigated":{"type":"boolean"},"asset_id":{"type":"string"},"sightings":{"type":"array","items":{"type":"string"},"uniqueItems":true},"observed_times":{"type":"array","items":{"type":"string"},"uniqueItems":true}},"required":["type","value"]}},{"type":"array","items":{"type":"object","properties":{"type":{"type":"string"},"value":{"type":"string"},"properties":{"type":"array","items":{"type":"object","additionalProperties":{}},"uniqueItems":true},"is_asset":{"type":"boolean"},"modules":{"type":"array","items":{"type":"string","x-nullable":true},"uniqueItems":true},"sources":{"type":"array","items":{"type":"string","x-nullable":true},"uniqueItems":true},"observables":{"type":"array","items":{"type":"object","additionalProperties":{}},"x-anyOf":[{"type":"array","items":{"type":"object","additionalProperties":{}}},{"type":"array","items":{"type":"object","additionalProperties":{}},"uniqueItems":true}]},"disposition":{"type":"integer","format":"int64"},"investigated":{"type":"boolean"},"asset_id":{"type":"string"},"sightings":{"type":"array","items":{"type":"string"},"uniqueItems":true},"observed_times":{"type":"array","items":{"type":"string"},"uniqueItems":true}},"required":["type","value"]},"uniqueItems":true}]}}}},"compacted_relations":{"uniqueItems":true,"type":"array","items":{"required":["related","relation","source"],"type":"object","properties":{"source":{"required":["investigated","observables","type"],"type":"object","properties":{"type":{"type":"string"},"value":{"type":"string","nullable":true},"disposition":{"type":"integer","format":"int64","nullable":true},"investigated":{"type":"boolean","nullable":true},"observables":{"type":"array","items":{"required":["type","value"],"type":"object","properties":{"type":{"type":"string"},"value":{"type":"string"},"properties":{"uniqueItems":true,"type":"array","items":{"type":"object","additionalProperties":{"type":"object"}}},"is_asset":{"type":"boolean"},"modules":{"uniqueItems":true,"type":"array","items":{"type":"string","nullable":true}},"sources":{"uniqueItems":true,"type":"array","items":{"type":"string","nullable":true}},"observables":{"type":"array","items":{"type":"object","additionalProperties":{"type":"object"}},"x-anyOf":[{"type":"array","items":{"type":"object","additionalProperties":{}}},{"type":"array","items":{"type":"object","additionalProperties":{}},"uniqueItems":true}]},"disposition":{"type":"integer","format":"int64"},"investigated":{"type":"boolean"},"asset_id":{"type":"string"},"sightings":{"uniqueItems":true,"type":"array","items":{"type":"string"}},"observed_times":{"uniqueItems":true,"type":"array","items":{"type":"string"}}}},"x-anyOf":[{"type":"array","items":{"type":"object","properties":{"type":{"type":"string"},"value":{"type":"string"},"properties":{"type":"array","items":{"type":"object","additionalProperties":{}},"uniqueItems":true},"is_asset":{"type":"boolean"},"modules":{"type":"array","items":{"type":"string","x-nullable":true},"uniqueItems":true},"sources":{"type":"array","items":{"type":"string","x-nullable":true},"uniqueItems":true},"observables":{"type":"array","items":{"type":"object","additionalProperties":{}},"x-anyOf":[{"type":"array","items":{"type":"object","additionalProperties":{}}},{"type":"array","items":{"type":"object","additionalProperties":{}},"uniqueItems":true}]},"disposition":{"type":"integer","format":"int64"},"investigated":{"type":"boolean"},"asset_id":{"type":"string"},"sightings":{"type":"array","items":{"type":"string"},"uniqueItems":true},"observed_times":{"type":"array","items":{"type":"string"},"uniqueItems":true}},"required":["type","value"]}},{"type":"array","items":{"type":"object","properties":{"type":{"type":"string"},"value":{"type":"string"},"properties":{"type":"array","items":{"type":"object","additionalProperties":{}},"uniqueItems":true},"is_asset":{"type":"boolean"},"modules":{"type":"array","items":{"type":"string","x-nullable":true},"uniqueItems":true},"sources":{"type":"array","items":{"type":"string","x-nullable":true},"uniqueItems":true},"observables":{"type":"array","items":{"type":"object","additionalProperties":{}},"x-anyOf":[{"type":"array","items":{"type":"object","additionalProperties":{}}},{"type":"array","items":{"type":"object","additionalProperties":{}},"uniqueItems":true}]},"disposition":{"type":"integer","format":"int64"},"investigated":{"type":"boolean"},"asset_id":{"type":"string"},"sightings":{"type":"array","items":{"type":"string"},"uniqueItems":true},"observed_times":{"type":"array","items":{"type":"string"},"uniqueItems":true}},"required":["type","value"]},"uniqueItems":true}]}}},"related":{"required":["investigated","observables","type"],"type":"object","properties":{"type":{"type":"string"},"value":{"type":"string","nullable":true},"disposition":{"type":"integer","format":"int64","nullable":true},"investigated":{"type":"boolean","nullable":true},"observables":{"type":"array","items":{"required":["type","value"],"type":"object","properties":{"type":{"type":"string"},"value":{"type":"string"},"properties":{"uniqueItems":true,"type":"array","items":{"type":"object","additionalProperties":{"type":"object"}}},"is_asset":{"type":"boolean"},"modules":{"uniqueItems":true,"type":"array","items":{"type":"string","nullable":true}},"sources":{"uniqueItems":true,"type":"array","items":{"type":"string","nullable":true}},"observables":{"type":"array","items":{"type":"object","additionalProperties":{"type":"object"}},"x-anyOf":[{"type":"array","items":{"type":"object","additionalProperties":{}}},{"type":"array","items":{"type":"object","additionalProperties":{}},"uniqueItems":true}]},"disposition":{"type":"integer","format":"int64"},"investigated":{"type":"boolean"},"asset_id":{"type":"string"},"sightings":{"uniqueItems":true,"type":"array","items":{"type":"string"}},"observed_times":{"uniqueItems":true,"type":"array","items":{"type":"string"}}}},"x-anyOf":[{"type":"array","items":{"type":"object","properties":{"type":{"type":"string"},"value":{"type":"string"},"properties":{"type":"array","items":{"type":"object","additionalProperties":{}},"uniqueItems":true},"is_asset":{"type":"boolean"},"modules":{"type":"array","items":{"type":"string","x-nullable":true},"uniqueItems":true},"sources":{"type":"array","items":{"type":"string","x-nullable":true},"uniqueItems":true},"observables":{"type":"array","items":{"type":"object","additionalProperties":{}},"x-anyOf":[{"type":"array","items":{"type":"object","additionalProperties":{}}},{"type":"array","items":{"type":"object","additionalProperties":{}},"uniqueItems":true}]},"disposition":{"type":"integer","format":"int64"},"investigated":{"type":"boolean"},"asset_id":{"type":"string"},"sightings":{"type":"array","items":{"type":"string"},"uniqueItems":true},"observed_times":{"type":"array","items":{"type":"string"},"uniqueItems":true}},"required":["type","value"]}},{"type":"array","items":{"type":"object","properties":{"type":{"type":"string"},"value":{"type":"string"},"properties":{"type":"array","items":{"type":"object","additionalProperties":{}},"uniqueItems":true},"is_asset":{"type":"boolean"},"modules":{"type":"array","items":{"type":"string","x-nullable":true},"uniqueItems":true},"sources":{"type":"array","items":{"type":"string","x-nullable":true},"uniqueItems":true},"observables":{"type":"array","items":{"type":"object","additionalProperties":{}},"x-anyOf":[{"type":"array","items":{"type":"object","additionalProperties":{}}},{"type":"array","items":{"type":"object","additionalProperties":{}},"uniqueItems":true}]},"disposition":{"type":"integer","format":"int64"},"investigated":{"type":"boolean"},"asset_id":{"type":"string"},"sightings":{"type":"array","items":{"type":"string"},"uniqueItems":true},"observed_times":{"type":"array","items":{"type":"string"},"uniqueItems":true}},"required":["type","value"]},"uniqueItems":true}]}}},"relation":{"type":"string"},"origin":{"type":"string"}}}},"tlp":{"type":"string","enum":["amber","green","red","white"]},"notability":{"type":"object","properties":{"first_seen_target":{"required":["label","targets"],"type":"object","properties":{"label":{"type":"string"},"targets":{"uniqueItems":true,"type":"array","items":{"type":"object"}}}},"severity":{"required":["label"],"type":"object","properties":{"label":{"type":"string"}}},"mitre-attack":{"required":["label"],"type":"object","properties":{"label":{"type":"string"}}},"first_seen_indicator":{"required":["indicators","label"],"type":"object","properties":{"label":{"type":"string"},"indicators":{"uniqueItems":true,"type":"array","items":{"type":"object"}}}},"original_event":{"required":["label"],"type":"object","properties":{"label":{"type":"string"}}}}},"mitreData":{"uniqueItems":true,"type":"array","items":{"required":["id","phase_name","priority","title","url","value"],"type":"object","properties":{"id":{"type":"string","enum":["TA0004","TA0010","TA0005","TA0001","TA0009","TA0002","TA0040","TA0043","TA0011","TA0008","TA0042","TA0006","TA0007","TA0003"]},"value":{"type":"string","enum":["TA0004","TA0010","TA0005","TA0001","TA0009","TA0002","TA0040","TA0043","TA0011","TA0008","TA0042","TA0006","TA0007","TA0003"]},"phase_name":{"type":"string","enum":["privilege-escalation","exfiltration","defense-evasion","initial-access","collection","execution","impact","reconnaissance","command-and-control","lateral-movement","resource-development","credential-access","discovery","persistence"]},"priority":{"type":"integer"},"url":{"type":"string","enum":["https://attack.mitre.org/tactics/TA0004/","https://attack.mitre.org/tactics/TA0010/","https://attack.mitre.org/tactics/TA0005/","https://attack.mitre.org/tactics/TA0001/","https://attack.mitre.org/tactics/TA0009/","https://attack.mitre.org/tactics/TA0002/","https://attack.mitre.org/tactics/TA0040/","https://attack.mitre.org/tactics/TA0043/","https://attack.mitre.org/tactics/TA0011/","https://attack.mitre.org/tactics/TA0008/","https://attack.mitre.org/tactics/TA0042/","https://attack.mitre.org/tactics/TA0006/","https://attack.mitre.org/tactics/TA0007/","https://attack.mitre.org/tactics/TA0003/"]},"title":{"type":"string","enum":["Privilege Escalation","Exfiltration","Defense Evasion","Initial Access","Collection","Execution","Impact","Reconnaissance","Command and Control","Lateral Movement","Resource Development","Credential Access","Discovery","Persistence"]}}}},"notable":{"type":"boolean"},"original":{"type":"boolean"},"indicators":{"type":"array","items":{"type":"object"}},"investigationId":{"type":"string","nullable":true},"investigationShortDescription":{"type":"string","nullable":true},"investigationSource":{"type":"string","nullable":true},"targets":{"type":"array","items":{"required":["asset_id","is_asset","observableType","observables","properties","type","value"],"type":"object","properties":{"type":{"type":"string"},"value":{"type":"string"},"asset_value":{"minimum":0,"type":"integer","format":"int64","nullable":true},"is_asset":{"type":"boolean","description":"Always true for targets.","example":true},"observableType":{"type":"string"},"observables":{"uniqueItems":true,"type":"array","items":{"required":["type","value"],"type":"object","properties":{"type":{"type":"string"},"value":{"type":"string"}}}},"asset_id":{"type":"string","nullable":true},"properties":{"uniqueItems":true,"type":"array","items":{"required":["name","value"],"type":"object","properties":{"name":{"type":"string"},"value":{"type":"string","x-anyOf":[{"type":"string"},{"type":"integer","format":"int64"},{"type":"array","items":{}}]}}}}}}},"relations":{"type":"array","items":{"required":["origin","related","relation","source"],"type":"object","properties":{"origin":{"type":"string"},"relation":{"type":"string"},"related":{"required":["disposition","investigated","is_asset","title","type","value"],"type":"object","properties":{"type":{"type":"string"},"value":{"type":"string"},"disposition":{"type":"integer"},"title":{"type":"string"},"internal":{"type":"boolean"},"sources":{"type":"array","nullable":true,"items":{"type":"string"}},"is_asset":{"type":"boolean","description":"Always false for non-target observables.","example":false},"investigated":{"type":"boolean"}},"x-anyOf":[{"type":"object","properties":{"type":{"type":"string"},"value":{"type":"string"},"disposition":{"type":"integer","enum":[1,2,3,4,5]},"title":{"type":"string"},"internal":{"type":"boolean"},"sources":{"type":"array","items":{"type":"string"},"x-nullable":true},"is_asset":{"type":"boolean","example":false,"description":"Always false for non-target observables."},"investigated":{"type":"boolean"}},"required":["type","value","disposition","title","is_asset","investigated"]},{"type":"object","properties":{"type":{"type":"string"},"value":{"type":"string"},"asset_value":{"type":"integer","format":"int64","minimum":0,"x-nullable":true},"is_asset":{"type":"boolean","example":true,"description":"Always true for targets."},"observableType":{"type":"string"},"observables":{"type":"array","items":{"type":"object","properties":{"type":{"type":"string"},"value":{"type":"string"}},"required":["type","value"]},"uniqueItems":true},"asset_id":{"type":"string","x-nullable":true},"properties":{"type":"array","items":{"type":"object","properties":{"name":{"type":"string"},"value":{"type":"string","x-anyOf":[{"type":"string"},{"type":"integer","format":"int64"},{"type":"array","items":{}}]}},"required":["name","value"]},"uniqueItems":true}},"required":["type","value","is_asset","observableType","observables","asset_id","properties"]}]},"source":{"required":["disposition","investigated","is_asset","title","type","value"],"type":"object","properties":{"type":{"type":"string"},"value":{"type":"string"},"disposition":{"type":"integer"},"title":{"type":"string"},"internal":{"type":"boolean"},"sources":{"type":"array","nullable":true,"items":{"type":"string"}},"is_asset":{"type":"boolean","description":"Always false for non-target observables.","example":false},"investigated":{"type":"boolean"}},"x-anyOf":[{"type":"object","properties":{"type":{"type":"string"},"value":{"type":"string"},"disposition":{"type":"integer","enum":[1,2,3,4,5]},"title":{"type":"string"},"internal":{"type":"boolean"},"sources":{"type":"array","items":{"type":"string"},"x-nullable":true},"is_asset":{"type":"boolean","example":false,"description":"Always false for non-target observables."},"investigated":{"type":"boolean"}},"required":["type","value","disposition","title","is_asset","investigated"]},{"type":"object","properties":{"type":{"type":"string"},"value":{"type":"string"},"asset_value":{"type":"integer","format":"int64","minimum":0,"x-nullable":true},"is_asset":{"type":"boolean","example":true,"description":"Always true for targets."},"observableType":{"type":"string"},"observables":{"type":"array","items":{"type":"object","properties":{"type":{"type":"string"},"value":{"type":"string"}},"required":["type","value"]},"uniqueItems":true},"asset_id":{"type":"string","x-nullable":true},"properties":{"type":"array","items":{"type":"object","properties":{"name":{"type":"string"},"value":{"type":"string","x-anyOf":[{"type":"string"},{"type":"integer","format":"int64"},{"type":"array","items":{}}]}},"required":["name","value"]},"uniqueItems":true}},"required":["type","value","is_asset","observableType","observables","asset_id","properties"]}]},"origin_uri":{"type":"string"},"relation_info":{"type":"object"}}}},"observables":{"type":"array","items":{"required":["disposition","investigated","is_asset","title","type","value"],"type":"object","properties":{"type":{"type":"string"},"value":{"type":"string"},"disposition":{"type":"integer"},"title":{"type":"string"},"internal":{"type":"boolean"},"sources":{"type":"array","nullable":true,"items":{"type":"string"}},"is_asset":{"type":"boolean","description":"Always false for non-target observables.","example":false},"investigated":{"type":"boolean"}}}}}}}}}},"application/transit+msgpack":{"schema":{"required":["events"],"type":"object","properties":{"events":{"type":"array","items":{"required":["confidence","count","id","notable","observables","observed_time","original","relations","targets","type"],"type":"object","properties":{"confidence":{"type":"string","enum":["High","Info","Low","Medium","None","Unknown"]},"count":{"minimum":0,"type":"integer","format":"int64"},"id":{"type":"string","x-anyOf":[{"type":"string"},{"type":"string","format":"uuid"}]},"observed_time":{"required":["start_time"],"type":"object","properties":{"start_time":{"type":"string"},"end_time":{"type":"string","nullable":true}}},"type":{"type":"string","enum":["sighting"]},"context":{"type":"object","nullable":true},"data":{"required":["columns","rows"],"type":"object","properties":{"columns":{"type":"array","items":{"required":["name","type"],"type":"object","properties":{"name":{"type":"string"},"type":{"type":"string","enum":["integer","markdown","number","observable","string","url"]},"description":{"type":"string","nullable":true},"required":{"type":"boolean"},"short_description":{"type":"string","nullable":true}}}},"rows":{"type":"array","items":{"type":"object"}},"row_count":{"minimum":0,"type":"integer","format":"int64"}}},"external_ids":{"type":"array","items":{"type":"string"}},"external_references":{"type":"array","items":{"required":["source_name"],"type":"object","properties":{"source_name":{"type":"string"},"hashes":{"type":"array","items":{"type":"string"}},"url":{"type":"string"},"description":{"type":"string"},"external_id":{"type":"string"}}}},"internal":{"type":"boolean"},"language":{"type":"string"},"revision":{"minimum":0,"type":"integer","format":"int64"},"resolution":{"type":"string","enum":["allowed","blocked","contained","detected"]},"sensor":{"type":"string","enum":["Endpoint","endpoint","endpoint.digital-telephone-handset","endpoint.laptop","endpoint.pos-terminal","endpoint.printer","endpoint.sensor","endpoint.server","endpoint.smart-meter","endpoint.smart-phone","endpoint.tablet","endpoint.workstation","network","network.bridge","network.firewall","network.gateway","network.guard","network.hips","network.hub","network.ids","network.ips","network.modem","network.nic","network.proxy","network.router","network.security_manager","network.sense_making","network.sensor","network.switch","network.vpn","network.wap","process","process.aaa-server","process.anti-virus-scanner","process.connection-scanner","process.directory-service","process.dns-server","process.email-service","process.file-scanner","process.location-service","process.network-scanner","process.remediation-service","process.reputation-service","process.sandbox","process.virtualization-service","process.vulnerability-scanner"]},"sensor_coordinates":{"required":["observables","type"],"type":"object","properties":{"observables":{"type":"array","items":{"required":["type","value"],"type":"object","properties":{"type":{"type":"string"},"value":{"type":"string"}}}},"os":{"type":"string"},"type":{"type":"string","enum":["Endpoint","endpoint","endpoint.digital-telephone-handset","endpoint.laptop","endpoint.pos-terminal","endpoint.printer","endpoint.sensor","endpoint.server","endpoint.smart-meter","endpoint.smart-phone","endpoint.tablet","endpoint.workstation","network","network.bridge","network.firewall","network.gateway","network.guard","network.hips","network.hub","network.ids","network.ips","network.modem","network.nic","network.proxy","network.router","network.security_manager","network.sense_making","network.sensor","network.switch","network.vpn","network.wap","process","process.aaa-server","process.anti-virus-scanner","process.connection-scanner","process.directory-service","process.dns-server","process.email-service","process.file-scanner","process.location-service","process.network-scanner","process.remediation-service","process.reputation-service","process.sandbox","process.virtualization-service","process.vulnerability-scanner"]}}},"severity":{"type":"string","enum":["Critical","High","Info","Low","Medium","None","Unknown"]},"short_description":{"type":"string"},"source":{"type":"string"},"source_uri":{"type":"string"},"timestamp":{"type":"string"},"title":{"type":"string"},"compacted_entities":{"uniqueItems":true,"type":"array","items":{"required":["investigated","observables","type"],"type":"object","properties":{"type":{"type":"string"},"value":{"type":"string","nullable":true},"disposition":{"type":"integer","format":"int64","nullable":true},"investigated":{"type":"boolean","nullable":true},"observables":{"type":"array","items":{"required":["type","value"],"type":"object","properties":{"type":{"type":"string"},"value":{"type":"string"},"properties":{"uniqueItems":true,"type":"array","items":{"type":"object","additionalProperties":{"type":"object"}}},"is_asset":{"type":"boolean"},"modules":{"uniqueItems":true,"type":"array","items":{"type":"string","nullable":true}},"sources":{"uniqueItems":true,"type":"array","items":{"type":"string","nullable":true}},"observables":{"type":"array","items":{"type":"object","additionalProperties":{"type":"object"}},"x-anyOf":[{"type":"array","items":{"type":"object","additionalProperties":{}}},{"type":"array","items":{"type":"object","additionalProperties":{}},"uniqueItems":true}]},"disposition":{"type":"integer","format":"int64"},"investigated":{"type":"boolean"},"asset_id":{"type":"string"},"sightings":{"uniqueItems":true,"type":"array","items":{"type":"string"}},"observed_times":{"uniqueItems":true,"type":"array","items":{"type":"string"}}}},"x-anyOf":[{"type":"array","items":{"type":"object","properties":{"type":{"type":"string"},"value":{"type":"string"},"properties":{"type":"array","items":{"type":"object","additionalProperties":{}},"uniqueItems":true},"is_asset":{"type":"boolean"},"modules":{"type":"array","items":{"type":"string","x-nullable":true},"uniqueItems":true},"sources":{"type":"array","items":{"type":"string","x-nullable":true},"uniqueItems":true},"observables":{"type":"array","items":{"type":"object","additionalProperties":{}},"x-anyOf":[{"type":"array","items":{"type":"object","additionalProperties":{}}},{"type":"array","items":{"type":"object","additionalProperties":{}},"uniqueItems":true}]},"disposition":{"type":"integer","format":"int64"},"investigated":{"type":"boolean"},"asset_id":{"type":"string"},"sightings":{"type":"array","items":{"type":"string"},"uniqueItems":true},"observed_times":{"type":"array","items":{"type":"string"},"uniqueItems":true}},"required":["type","value"]}},{"type":"array","items":{"type":"object","properties":{"type":{"type":"string"},"value":{"type":"string"},"properties":{"type":"array","items":{"type":"object","additionalProperties":{}},"uniqueItems":true},"is_asset":{"type":"boolean"},"modules":{"type":"array","items":{"type":"string","x-nullable":true},"uniqueItems":true},"sources":{"type":"array","items":{"type":"string","x-nullable":true},"uniqueItems":true},"observables":{"type":"array","items":{"type":"object","additionalProperties":{}},"x-anyOf":[{"type":"array","items":{"type":"object","additionalProperties":{}}},{"type":"array","items":{"type":"object","additionalProperties":{}},"uniqueItems":true}]},"disposition":{"type":"integer","format":"int64"},"investigated":{"type":"boolean"},"asset_id":{"type":"string"},"sightings":{"type":"array","items":{"type":"string"},"uniqueItems":true},"observed_times":{"type":"array","items":{"type":"string"},"uniqueItems":true}},"required":["type","value"]},"uniqueItems":true}]}}}},"compacted_relations":{"uniqueItems":true,"type":"array","items":{"required":["related","relation","source"],"type":"object","properties":{"source":{"required":["investigated","observables","type"],"type":"object","properties":{"type":{"type":"string"},"value":{"type":"string","nullable":true},"disposition":{"type":"integer","format":"int64","nullable":true},"investigated":{"type":"boolean","nullable":true},"observables":{"type":"array","items":{"required":["type","value"],"type":"object","properties":{"type":{"type":"string"},"value":{"type":"string"},"properties":{"uniqueItems":true,"type":"array","items":{"type":"object","additionalProperties":{"type":"object"}}},"is_asset":{"type":"boolean"},"modules":{"uniqueItems":true,"type":"array","items":{"type":"string","nullable":true}},"sources":{"uniqueItems":true,"type":"array","items":{"type":"string","nullable":true}},"observables":{"type":"array","items":{"type":"object","additionalProperties":{"type":"object"}},"x-anyOf":[{"type":"array","items":{"type":"object","additionalProperties":{}}},{"type":"array","items":{"type":"object","additionalProperties":{}},"uniqueItems":true}]},"disposition":{"type":"integer","format":"int64"},"investigated":{"type":"boolean"},"asset_id":{"type":"string"},"sightings":{"uniqueItems":true,"type":"array","items":{"type":"string"}},"observed_times":{"uniqueItems":true,"type":"array","items":{"type":"string"}}}},"x-anyOf":[{"type":"array","items":{"type":"object","properties":{"type":{"type":"string"},"value":{"type":"string"},"properties":{"type":"array","items":{"type":"object","additionalProperties":{}},"uniqueItems":true},"is_asset":{"type":"boolean"},"modules":{"type":"array","items":{"type":"string","x-nullable":true},"uniqueItems":true},"sources":{"type":"array","items":{"type":"string","x-nullable":true},"uniqueItems":true},"observables":{"type":"array","items":{"type":"object","additionalProperties":{}},"x-anyOf":[{"type":"array","items":{"type":"object","additionalProperties":{}}},{"type":"array","items":{"type":"object","additionalProperties":{}},"uniqueItems":true}]},"disposition":{"type":"integer","format":"int64"},"investigated":{"type":"boolean"},"asset_id":{"type":"string"},"sightings":{"type":"array","items":{"type":"string"},"uniqueItems":true},"observed_times":{"type":"array","items":{"type":"string"},"uniqueItems":true}},"required":["type","value"]}},{"type":"array","items":{"type":"object","properties":{"type":{"type":"string"},"value":{"type":"string"},"properties":{"type":"array","items":{"type":"object","additionalProperties":{}},"uniqueItems":true},"is_asset":{"type":"boolean"},"modules":{"type":"array","items":{"type":"string","x-nullable":true},"uniqueItems":true},"sources":{"type":"array","items":{"type":"string","x-nullable":true},"uniqueItems":true},"observables":{"type":"array","items":{"type":"object","additionalProperties":{}},"x-anyOf":[{"type":"array","items":{"type":"object","additionalProperties":{}}},{"type":"array","items":{"type":"object","additionalProperties":{}},"uniqueItems":true}]},"disposition":{"type":"integer","format":"int64"},"investigated":{"type":"boolean"},"asset_id":{"type":"string"},"sightings":{"type":"array","items":{"type":"string"},"uniqueItems":true},"observed_times":{"type":"array","items":{"type":"string"},"uniqueItems":true}},"required":["type","value"]},"uniqueItems":true}]}}},"related":{"required":["investigated","observables","type"],"type":"object","properties":{"type":{"type":"string"},"value":{"type":"string","nullable":true},"disposition":{"type":"integer","format":"int64","nullable":true},"investigated":{"type":"boolean","nullable":true},"observables":{"type":"array","items":{"required":["type","value"],"type":"object","properties":{"type":{"type":"string"},"value":{"type":"string"},"properties":{"uniqueItems":true,"type":"array","items":{"type":"object","additionalProperties":{"type":"object"}}},"is_asset":{"type":"boolean"},"modules":{"uniqueItems":true,"type":"array","items":{"type":"string","nullable":true}},"sources":{"uniqueItems":true,"type":"array","items":{"type":"string","nullable":true}},"observables":{"type":"array","items":{"type":"object","additionalProperties":{"type":"object"}},"x-anyOf":[{"type":"array","items":{"type":"object","additionalProperties":{}}},{"type":"array","items":{"type":"object","additionalProperties":{}},"uniqueItems":true}]},"disposition":{"type":"integer","format":"int64"},"investigated":{"type":"boolean"},"asset_id":{"type":"string"},"sightings":{"uniqueItems":true,"type":"array","items":{"type":"string"}},"observed_times":{"uniqueItems":true,"type":"array","items":{"type":"string"}}}},"x-anyOf":[{"type":"array","items":{"type":"object","properties":{"type":{"type":"string"},"value":{"type":"string"},"properties":{"type":"array","items":{"type":"object","additionalProperties":{}},"uniqueItems":true},"is_asset":{"type":"boolean"},"modules":{"type":"array","items":{"type":"string","x-nullable":true},"uniqueItems":true},"sources":{"type":"array","items":{"type":"string","x-nullable":true},"uniqueItems":true},"observables":{"type":"array","items":{"type":"object","additionalProperties":{}},"x-anyOf":[{"type":"array","items":{"type":"object","additionalProperties":{}}},{"type":"array","items":{"type":"object","additionalProperties":{}},"uniqueItems":true}]},"disposition":{"type":"integer","format":"int64"},"investigated":{"type":"boolean"},"asset_id":{"type":"string"},"sightings":{"type":"array","items":{"type":"string"},"uniqueItems":true},"observed_times":{"type":"array","items":{"type":"string"},"uniqueItems":true}},"required":["type","value"]}},{"type":"array","items":{"type":"object","properties":{"type":{"type":"string"},"value":{"type":"string"},"properties":{"type":"array","items":{"type":"object","additionalProperties":{}},"uniqueItems":true},"is_asset":{"type":"boolean"},"modules":{"type":"array","items":{"type":"string","x-nullable":true},"uniqueItems":true},"sources":{"type":"array","items":{"type":"string","x-nullable":true},"uniqueItems":true},"observables":{"type":"array","items":{"type":"object","additionalProperties":{}},"x-anyOf":[{"type":"array","items":{"type":"object","additionalProperties":{}}},{"type":"array","items":{"type":"object","additionalProperties":{}},"uniqueItems":true}]},"disposition":{"type":"integer","format":"int64"},"investigated":{"type":"boolean"},"asset_id":{"type":"string"},"sightings":{"type":"array","items":{"type":"string"},"uniqueItems":true},"observed_times":{"type":"array","items":{"type":"string"},"uniqueItems":true}},"required":["type","value"]},"uniqueItems":true}]}}},"relation":{"type":"string"},"origin":{"type":"string"}}}},"tlp":{"type":"string","enum":["amber","green","red","white"]},"notability":{"type":"object","properties":{"first_seen_target":{"required":["label","targets"],"type":"object","properties":{"label":{"type":"string"},"targets":{"uniqueItems":true,"type":"array","items":{"type":"object"}}}},"severity":{"required":["label"],"type":"object","properties":{"label":{"type":"string"}}},"mitre-attack":{"required":["label"],"type":"object","properties":{"label":{"type":"string"}}},"first_seen_indicator":{"required":["indicators","label"],"type":"object","properties":{"label":{"type":"string"},"indicators":{"uniqueItems":true,"type":"array","items":{"type":"object"}}}},"original_event":{"required":["label"],"type":"object","properties":{"label":{"type":"string"}}}}},"mitreData":{"uniqueItems":true,"type":"array","items":{"required":["id","phase_name","priority","title","url","value"],"type":"object","properties":{"id":{"type":"string","enum":["TA0004","TA0010","TA0005","TA0001","TA0009","TA0002","TA0040","TA0043","TA0011","TA0008","TA0042","TA0006","TA0007","TA0003"]},"value":{"type":"string","enum":["TA0004","TA0010","TA0005","TA0001","TA0009","TA0002","TA0040","TA0043","TA0011","TA0008","TA0042","TA0006","TA0007","TA0003"]},"phase_name":{"type":"string","enum":["privilege-escalation","exfiltration","defense-evasion","initial-access","collection","execution","impact","reconnaissance","command-and-control","lateral-movement","resource-development","credential-access","discovery","persistence"]},"priority":{"type":"integer"},"url":{"type":"string","enum":["https://attack.mitre.org/tactics/TA0004/","https://attack.mitre.org/tactics/TA0010/","https://attack.mitre.org/tactics/TA0005/","https://attack.mitre.org/tactics/TA0001/","https://attack.mitre.org/tactics/TA0009/","https://attack.mitre.org/tactics/TA0002/","https://attack.mitre.org/tactics/TA0040/","https://attack.mitre.org/tactics/TA0043/","https://attack.mitre.org/tactics/TA0011/","https://attack.mitre.org/tactics/TA0008/","https://attack.mitre.org/tactics/TA0042/","https://attack.mitre.org/tactics/TA0006/","https://attack.mitre.org/tactics/TA0007/","https://attack.mitre.org/tactics/TA0003/"]},"title":{"type":"string","enum":["Privilege Escalation","Exfiltration","Defense Evasion","Initial Access","Collection","Execution","Impact","Reconnaissance","Command and Control","Lateral Movement","Resource Development","Credential Access","Discovery","Persistence"]}}}},"notable":{"type":"boolean"},"original":{"type":"boolean"},"indicators":{"type":"array","items":{"type":"object"}},"investigationId":{"type":"string","nullable":true},"investigationShortDescription":{"type":"string","nullable":true},"investigationSource":{"type":"string","nullable":true},"targets":{"type":"array","items":{"required":["asset_id","is_asset","observableType","observables","properties","type","value"],"type":"object","properties":{"type":{"type":"string"},"value":{"type":"string"},"asset_value":{"minimum":0,"type":"integer","format":"int64","nullable":true},"is_asset":{"type":"boolean","description":"Always true for targets.","example":true},"observableType":{"type":"string"},"observables":{"uniqueItems":true,"type":"array","items":{"required":["type","value"],"type":"object","properties":{"type":{"type":"string"},"value":{"type":"string"}}}},"asset_id":{"type":"string","nullable":true},"properties":{"uniqueItems":true,"type":"array","items":{"required":["name","value"],"type":"object","properties":{"name":{"type":"string"},"value":{"type":"string","x-anyOf":[{"type":"string"},{"type":"integer","format":"int64"},{"type":"array","items":{}}]}}}}}}},"relations":{"type":"array","items":{"required":["origin","related","relation","source"],"type":"object","properties":{"origin":{"type":"string"},"relation":{"type":"string"},"related":{"required":["disposition","investigated","is_asset","title","type","value"],"type":"object","properties":{"type":{"type":"string"},"value":{"type":"string"},"disposition":{"type":"integer"},"title":{"type":"string"},"internal":{"type":"boolean"},"sources":{"type":"array","nullable":true,"items":{"type":"string"}},"is_asset":{"type":"boolean","description":"Always false for non-target observables.","example":false},"investigated":{"type":"boolean"}},"x-anyOf":[{"type":"object","properties":{"type":{"type":"string"},"value":{"type":"string"},"disposition":{"type":"integer","enum":[1,2,3,4,5]},"title":{"type":"string"},"internal":{"type":"boolean"},"sources":{"type":"array","items":{"type":"string"},"x-nullable":true},"is_asset":{"type":"boolean","example":false,"description":"Always false for non-target observables."},"investigated":{"type":"boolean"}},"required":["type","value","disposition","title","is_asset","investigated"]},{"type":"object","properties":{"type":{"type":"string"},"value":{"type":"string"},"asset_value":{"type":"integer","format":"int64","minimum":0,"x-nullable":true},"is_asset":{"type":"boolean","example":true,"description":"Always true for targets."},"observableType":{"type":"string"},"observables":{"type":"array","items":{"type":"object","properties":{"type":{"type":"string"},"value":{"type":"string"}},"required":["type","value"]},"uniqueItems":true},"asset_id":{"type":"string","x-nullable":true},"properties":{"type":"array","items":{"type":"object","properties":{"name":{"type":"string"},"value":{"type":"string","x-anyOf":[{"type":"string"},{"type":"integer","format":"int64"},{"type":"array","items":{}}]}},"required":["name","value"]},"uniqueItems":true}},"required":["type","value","is_asset","observableType","observables","asset_id","properties"]}]},"source":{"required":["disposition","investigated","is_asset","title","type","value"],"type":"object","properties":{"type":{"type":"string"},"value":{"type":"string"},"disposition":{"type":"integer"},"title":{"type":"string"},"internal":{"type":"boolean"},"sources":{"type":"array","nullable":true,"items":{"type":"string"}},"is_asset":{"type":"boolean","description":"Always false for non-target observables.","example":false},"investigated":{"type":"boolean"}},"x-anyOf":[{"type":"object","properties":{"type":{"type":"string"},"value":{"type":"string"},"disposition":{"type":"integer","enum":[1,2,3,4,5]},"title":{"type":"string"},"internal":{"type":"boolean"},"sources":{"type":"array","items":{"type":"string"},"x-nullable":true},"is_asset":{"type":"boolean","example":false,"description":"Always false for non-target observables."},"investigated":{"type":"boolean"}},"required":["type","value","disposition","title","is_asset","investigated"]},{"type":"object","properties":{"type":{"type":"string"},"value":{"type":"string"},"asset_value":{"type":"integer","format":"int64","minimum":0,"x-nullable":true},"is_asset":{"type":"boolean","example":true,"description":"Always true for targets."},"observableType":{"type":"string"},"observables":{"type":"array","items":{"type":"object","properties":{"type":{"type":"string"},"value":{"type":"string"}},"required":["type","value"]},"uniqueItems":true},"asset_id":{"type":"string","x-nullable":true},"properties":{"type":"array","items":{"type":"object","properties":{"name":{"type":"string"},"value":{"type":"string","x-anyOf":[{"type":"string"},{"type":"integer","format":"int64"},{"type":"array","items":{}}]}},"required":["name","value"]},"uniqueItems":true}},"required":["type","value","is_asset","observableType","observables","asset_id","properties"]}]},"origin_uri":{"type":"string"},"relation_info":{"type":"object"}}}},"observables":{"type":"array","items":{"required":["disposition","investigated","is_asset","title","type","value"],"type":"object","properties":{"type":{"type":"string"},"value":{"type":"string"},"disposition":{"type":"integer"},"title":{"type":"string"},"internal":{"type":"boolean"},"sources":{"type":"array","nullable":true,"items":{"type":"string"}},"is_asset":{"type":"boolean","description":"Always false for non-target observables.","example":false},"investigated":{"type":"boolean"}}}}}}}}}},"application/transit+json":{"schema":{"required":["events"],"type":"object","properties":{"events":{"type":"array","items":{"required":["confidence","count","id","notable","observables","observed_time","original","relations","targets","type"],"type":"object","properties":{"confidence":{"type":"string","enum":["High","Info","Low","Medium","None","Unknown"]},"count":{"minimum":0,"type":"integer","format":"int64"},"id":{"type":"string","x-anyOf":[{"type":"string"},{"type":"string","format":"uuid"}]},"observed_time":{"required":["start_time"],"type":"object","properties":{"start_time":{"type":"string"},"end_time":{"type":"string","nullable":true}}},"type":{"type":"string","enum":["sighting"]},"context":{"type":"object","nullable":true},"data":{"required":["columns","rows"],"type":"object","properties":{"columns":{"type":"array","items":{"required":["name","type"],"type":"object","properties":{"name":{"type":"string"},"type":{"type":"string","enum":["integer","markdown","number","observable","string","url"]},"description":{"type":"string","nullable":true},"required":{"type":"boolean"},"short_description":{"type":"string","nullable":true}}}},"rows":{"type":"array","items":{"type":"object"}},"row_count":{"minimum":0,"type":"integer","format":"int64"}}},"external_ids":{"type":"array","items":{"type":"string"}},"external_references":{"type":"array","items":{"required":["source_name"],"type":"object","properties":{"source_name":{"type":"string"},"hashes":{"type":"array","items":{"type":"string"}},"url":{"type":"string"},"description":{"type":"string"},"external_id":{"type":"string"}}}},"internal":{"type":"boolean"},"language":{"type":"string"},"revision":{"minimum":0,"type":"integer","format":"int64"},"resolution":{"type":"string","enum":["allowed","blocked","contained","detected"]},"sensor":{"type":"string","enum":["Endpoint","endpoint","endpoint.digital-telephone-handset","endpoint.laptop","endpoint.pos-terminal","endpoint.printer","endpoint.sensor","endpoint.server","endpoint.smart-meter","endpoint.smart-phone","endpoint.tablet","endpoint.workstation","network","network.bridge","network.firewall","network.gateway","network.guard","network.hips","network.hub","network.ids","network.ips","network.modem","network.nic","network.proxy","network.router","network.security_manager","network.sense_making","network.sensor","network.switch","network.vpn","network.wap","process","process.aaa-server","process.anti-virus-scanner","process.connection-scanner","process.directory-service","process.dns-server","process.email-service","process.file-scanner","process.location-service","process.network-scanner","process.remediation-service","process.reputation-service","process.sandbox","process.virtualization-service","process.vulnerability-scanner"]},"sensor_coordinates":{"required":["observables","type"],"type":"object","properties":{"observables":{"type":"array","items":{"required":["type","value"],"type":"object","properties":{"type":{"type":"string"},"value":{"type":"string"}}}},"os":{"type":"string"},"type":{"type":"string","enum":["Endpoint","endpoint","endpoint.digital-telephone-handset","endpoint.laptop","endpoint.pos-terminal","endpoint.printer","endpoint.sensor","endpoint.server","endpoint.smart-meter","endpoint.smart-phone","endpoint.tablet","endpoint.workstation","network","network.bridge","network.firewall","network.gateway","network.guard","network.hips","network.hub","network.ids","network.ips","network.modem","network.nic","network.proxy","network.router","network.security_manager","network.sense_making","network.sensor","network.switch","network.vpn","network.wap","process","process.aaa-server","process.anti-virus-scanner","process.connection-scanner","process.directory-service","process.dns-server","process.email-service","process.file-scanner","process.location-service","process.network-scanner","process.remediation-service","process.reputation-service","process.sandbox","process.virtualization-service","process.vulnerability-scanner"]}}},"severity":{"type":"string","enum":["Critical","High","Info","Low","Medium","None","Unknown"]},"short_description":{"type":"string"},"source":{"type":"string"},"source_uri":{"type":"string"},"timestamp":{"type":"string"},"title":{"type":"string"},"compacted_entities":{"uniqueItems":true,"type":"array","items":{"required":["investigated","observables","type"],"type":"object","properties":{"type":{"type":"string"},"value":{"type":"string","nullable":true},"disposition":{"type":"integer","format":"int64","nullable":true},"investigated":{"type":"boolean","nullable":true},"observables":{"type":"array","items":{"required":["type","value"],"type":"object","properties":{"type":{"type":"string"},"value":{"type":"string"},"properties":{"uniqueItems":true,"type":"array","items":{"type":"object","additionalProperties":{"type":"object"}}},"is_asset":{"type":"boolean"},"modules":{"uniqueItems":true,"type":"array","items":{"type":"string","nullable":true}},"sources":{"uniqueItems":true,"type":"array","items":{"type":"string","nullable":true}},"observables":{"type":"array","items":{"type":"object","additionalProperties":{"type":"object"}},"x-anyOf":[{"type":"array","items":{"type":"object","additionalProperties":{}}},{"type":"array","items":{"type":"object","additionalProperties":{}},"uniqueItems":true}]},"disposition":{"type":"integer","format":"int64"},"investigated":{"type":"boolean"},"asset_id":{"type":"string"},"sightings":{"uniqueItems":true,"type":"array","items":{"type":"string"}},"observed_times":{"uniqueItems":true,"type":"array","items":{"type":"string"}}}},"x-anyOf":[{"type":"array","items":{"type":"object","properties":{"type":{"type":"string"},"value":{"type":"string"},"properties":{"type":"array","items":{"type":"object","additionalProperties":{}},"uniqueItems":true},"is_asset":{"type":"boolean"},"modules":{"type":"array","items":{"type":"string","x-nullable":true},"uniqueItems":true},"sources":{"type":"array","items":{"type":"string","x-nullable":true},"uniqueItems":true},"observables":{"type":"array","items":{"type":"object","additionalProperties":{}},"x-anyOf":[{"type":"array","items":{"type":"object","additionalProperties":{}}},{"type":"array","items":{"type":"object","additionalProperties":{}},"uniqueItems":true}]},"disposition":{"type":"integer","format":"int64"},"investigated":{"type":"boolean"},"asset_id":{"type":"string"},"sightings":{"type":"array","items":{"type":"string"},"uniqueItems":true},"observed_times":{"type":"array","items":{"type":"string"},"uniqueItems":true}},"required":["type","value"]}},{"type":"array","items":{"type":"object","properties":{"type":{"type":"string"},"value":{"type":"string"},"properties":{"type":"array","items":{"type":"object","additionalProperties":{}},"uniqueItems":true},"is_asset":{"type":"boolean"},"modules":{"type":"array","items":{"type":"string","x-nullable":true},"uniqueItems":true},"sources":{"type":"array","items":{"type":"string","x-nullable":true},"uniqueItems":true},"observables":{"type":"array","items":{"type":"object","additionalProperties":{}},"x-anyOf":[{"type":"array","items":{"type":"object","additionalProperties":{}}},{"type":"array","items":{"type":"object","additionalProperties":{}},"uniqueItems":true}]},"disposition":{"type":"integer","format":"int64"},"investigated":{"type":"boolean"},"asset_id":{"type":"string"},"sightings":{"type":"array","items":{"type":"string"},"uniqueItems":true},"observed_times":{"type":"array","items":{"type":"string"},"uniqueItems":true}},"required":["type","value"]},"uniqueItems":true}]}}}},"compacted_relations":{"uniqueItems":true,"type":"array","items":{"required":["related","relation","source"],"type":"object","properties":{"source":{"required":["investigated","observables","type"],"type":"object","properties":{"type":{"type":"string"},"value":{"type":"string","nullable":true},"disposition":{"type":"integer","format":"int64","nullable":true},"investigated":{"type":"boolean","nullable":true},"observables":{"type":"array","items":{"required":["type","value"],"type":"object","properties":{"type":{"type":"string"},"value":{"type":"string"},"properties":{"uniqueItems":true,"type":"array","items":{"type":"object","additionalProperties":{"type":"object"}}},"is_asset":{"type":"boolean"},"modules":{"uniqueItems":true,"type":"array","items":{"type":"string","nullable":true}},"sources":{"uniqueItems":true,"type":"array","items":{"type":"string","nullable":true}},"observables":{"type":"array","items":{"type":"object","additionalProperties":{"type":"object"}},"x-anyOf":[{"type":"array","items":{"type":"object","additionalProperties":{}}},{"type":"array","items":{"type":"object","additionalProperties":{}},"uniqueItems":true}]},"disposition":{"type":"integer","format":"int64"},"investigated":{"type":"boolean"},"asset_id":{"type":"string"},"sightings":{"uniqueItems":true,"type":"array","items":{"type":"string"}},"observed_times":{"uniqueItems":true,"type":"array","items":{"type":"string"}}}},"x-anyOf":[{"type":"array","items":{"type":"object","properties":{"type":{"type":"string"},"value":{"type":"string"},"properties":{"type":"array","items":{"type":"object","additionalProperties":{}},"uniqueItems":true},"is_asset":{"type":"boolean"},"modules":{"type":"array","items":{"type":"string","x-nullable":true},"uniqueItems":true},"sources":{"type":"array","items":{"type":"string","x-nullable":true},"uniqueItems":true},"observables":{"type":"array","items":{"type":"object","additionalProperties":{}},"x-anyOf":[{"type":"array","items":{"type":"object","additionalProperties":{}}},{"type":"array","items":{"type":"object","additionalProperties":{}},"uniqueItems":true}]},"disposition":{"type":"integer","format":"int64"},"investigated":{"type":"boolean"},"asset_id":{"type":"string"},"sightings":{"type":"array","items":{"type":"string"},"uniqueItems":true},"observed_times":{"type":"array","items":{"type":"string"},"uniqueItems":true}},"required":["type","value"]}},{"type":"array","items":{"type":"object","properties":{"type":{"type":"string"},"value":{"type":"string"},"properties":{"type":"array","items":{"type":"object","additionalProperties":{}},"uniqueItems":true},"is_asset":{"type":"boolean"},"modules":{"type":"array","items":{"type":"string","x-nullable":true},"uniqueItems":true},"sources":{"type":"array","items":{"type":"string","x-nullable":true},"uniqueItems":true},"observables":{"type":"array","items":{"type":"object","additionalProperties":{}},"x-anyOf":[{"type":"array","items":{"type":"object","additionalProperties":{}}},{"type":"array","items":{"type":"object","additionalProperties":{}},"uniqueItems":true}]},"disposition":{"type":"integer","format":"int64"},"investigated":{"type":"boolean"},"asset_id":{"type":"string"},"sightings":{"type":"array","items":{"type":"string"},"uniqueItems":true},"observed_times":{"type":"array","items":{"type":"string"},"uniqueItems":true}},"required":["type","value"]},"uniqueItems":true}]}}},"related":{"required":["investigated","observables","type"],"type":"object","properties":{"type":{"type":"string"},"value":{"type":"string","nullable":true},"disposition":{"type":"integer","format":"int64","nullable":true},"investigated":{"type":"boolean","nullable":true},"observables":{"type":"array","items":{"required":["type","value"],"type":"object","properties":{"type":{"type":"string"},"value":{"type":"string"},"properties":{"uniqueItems":true,"type":"array","items":{"type":"object","additionalProperties":{"type":"object"}}},"is_asset":{"type":"boolean"},"modules":{"uniqueItems":true,"type":"array","items":{"type":"string","nullable":true}},"sources":{"uniqueItems":true,"type":"array","items":{"type":"string","nullable":true}},"observables":{"type":"array","items":{"type":"object","additionalProperties":{"type":"object"}},"x-anyOf":[{"type":"array","items":{"type":"object","additionalProperties":{}}},{"type":"array","items":{"type":"object","additionalProperties":{}},"uniqueItems":true}]},"disposition":{"type":"integer","format":"int64"},"investigated":{"type":"boolean"},"asset_id":{"type":"string"},"sightings":{"uniqueItems":true,"type":"array","items":{"type":"string"}},"observed_times":{"uniqueItems":true,"type":"array","items":{"type":"string"}}}},"x-anyOf":[{"type":"array","items":{"type":"object","properties":{"type":{"type":"string"},"value":{"type":"string"},"properties":{"type":"array","items":{"type":"object","additionalProperties":{}},"uniqueItems":true},"is_asset":{"type":"boolean"},"modules":{"type":"array","items":{"type":"string","x-nullable":true},"uniqueItems":true},"sources":{"type":"array","items":{"type":"string","x-nullable":true},"uniqueItems":true},"observables":{"type":"array","items":{"type":"object","additionalProperties":{}},"x-anyOf":[{"type":"array","items":{"type":"object","additionalProperties":{}}},{"type":"array","items":{"type":"object","additionalProperties":{}},"uniqueItems":true}]},"disposition":{"type":"integer","format":"int64"},"investigated":{"type":"boolean"},"asset_id":{"type":"string"},"sightings":{"type":"array","items":{"type":"string"},"uniqueItems":true},"observed_times":{"type":"array","items":{"type":"string"},"uniqueItems":true}},"required":["type","value"]}},{"type":"array","items":{"type":"object","properties":{"type":{"type":"string"},"value":{"type":"string"},"properties":{"type":"array","items":{"type":"object","additionalProperties":{}},"uniqueItems":true},"is_asset":{"type":"boolean"},"modules":{"type":"array","items":{"type":"string","x-nullable":true},"uniqueItems":true},"sources":{"type":"array","items":{"type":"string","x-nullable":true},"uniqueItems":true},"observables":{"type":"array","items":{"type":"object","additionalProperties":{}},"x-anyOf":[{"type":"array","items":{"type":"object","additionalProperties":{}}},{"type":"array","items":{"type":"object","additionalProperties":{}},"uniqueItems":true}]},"disposition":{"type":"integer","format":"int64"},"investigated":{"type":"boolean"},"asset_id":{"type":"string"},"sightings":{"type":"array","items":{"type":"string"},"uniqueItems":true},"observed_times":{"type":"array","items":{"type":"string"},"uniqueItems":true}},"required":["type","value"]},"uniqueItems":true}]}}},"relation":{"type":"string"},"origin":{"type":"string"}}}},"tlp":{"type":"string","enum":["amber","green","red","white"]},"notability":{"type":"object","properties":{"first_seen_target":{"required":["label","targets"],"type":"object","properties":{"label":{"type":"string"},"targets":{"uniqueItems":true,"type":"array","items":{"type":"object"}}}},"severity":{"required":["label"],"type":"object","properties":{"label":{"type":"string"}}},"mitre-attack":{"required":["label"],"type":"object","properties":{"label":{"type":"string"}}},"first_seen_indicator":{"required":["indicators","label"],"type":"object","properties":{"label":{"type":"string"},"indicators":{"uniqueItems":true,"type":"array","items":{"type":"object"}}}},"original_event":{"required":["label"],"type":"object","properties":{"label":{"type":"string"}}}}},"mitreData":{"uniqueItems":true,"type":"array","items":{"required":["id","phase_name","priority","title","url","value"],"type":"object","properties":{"id":{"type":"string","enum":["TA0004","TA0010","TA0005","TA0001","TA0009","TA0002","TA0040","TA0043","TA0011","TA0008","TA0042","TA0006","TA0007","TA0003"]},"value":{"type":"string","enum":["TA0004","TA0010","TA0005","TA0001","TA0009","TA0002","TA0040","TA0043","TA0011","TA0008","TA0042","TA0006","TA0007","TA0003"]},"phase_name":{"type":"string","enum":["privilege-escalation","exfiltration","defense-evasion","initial-access","collection","execution","impact","reconnaissance","command-and-control","lateral-movement","resource-development","credential-access","discovery","persistence"]},"priority":{"type":"integer"},"url":{"type":"string","enum":["https://attack.mitre.org/tactics/TA0004/","https://attack.mitre.org/tactics/TA0010/","https://attack.mitre.org/tactics/TA0005/","https://attack.mitre.org/tactics/TA0001/","https://attack.mitre.org/tactics/TA0009/","https://attack.mitre.org/tactics/TA0002/","https://attack.mitre.org/tactics/TA0040/","https://attack.mitre.org/tactics/TA0043/","https://attack.mitre.org/tactics/TA0011/","https://attack.mitre.org/tactics/TA0008/","https://attack.mitre.org/tactics/TA0042/","https://attack.mitre.org/tactics/TA0006/","https://attack.mitre.org/tactics/TA0007/","https://attack.mitre.org/tactics/TA0003/"]},"title":{"type":"string","enum":["Privilege Escalation","Exfiltration","Defense Evasion","Initial Access","Collection","Execution","Impact","Reconnaissance","Command and Control","Lateral Movement","Resource Development","Credential Access","Discovery","Persistence"]}}}},"notable":{"type":"boolean"},"original":{"type":"boolean"},"indicators":{"type":"array","items":{"type":"object"}},"investigationId":{"type":"string","nullable":true},"investigationShortDescription":{"type":"string","nullable":true},"investigationSource":{"type":"string","nullable":true},"targets":{"type":"array","items":{"required":["asset_id","is_asset","observableType","observables","properties","type","value"],"type":"object","properties":{"type":{"type":"string"},"value":{"type":"string"},"asset_value":{"minimum":0,"type":"integer","format":"int64","nullable":true},"is_asset":{"type":"boolean","description":"Always true for targets.","example":true},"observableType":{"type":"string"},"observables":{"uniqueItems":true,"type":"array","items":{"required":["type","value"],"type":"object","properties":{"type":{"type":"string"},"value":{"type":"string"}}}},"asset_id":{"type":"string","nullable":true},"properties":{"uniqueItems":true,"type":"array","items":{"required":["name","value"],"type":"object","properties":{"name":{"type":"string"},"value":{"type":"string","x-anyOf":[{"type":"string"},{"type":"integer","format":"int64"},{"type":"array","items":{}}]}}}}}}},"relations":{"type":"array","items":{"required":["origin","related","relation","source"],"type":"object","properties":{"origin":{"type":"string"},"relation":{"type":"string"},"related":{"required":["disposition","investigated","is_asset","title","type","value"],"type":"object","properties":{"type":{"type":"string"},"value":{"type":"string"},"disposition":{"type":"integer"},"title":{"type":"string"},"internal":{"type":"boolean"},"sources":{"type":"array","nullable":true,"items":{"type":"string"}},"is_asset":{"type":"boolean","description":"Always false for non-target observables.","example":false},"investigated":{"type":"boolean"}},"x-anyOf":[{"type":"object","properties":{"type":{"type":"string"},"value":{"type":"string"},"disposition":{"type":"integer","enum":[1,2,3,4,5]},"title":{"type":"string"},"internal":{"type":"boolean"},"sources":{"type":"array","items":{"type":"string"},"x-nullable":true},"is_asset":{"type":"boolean","example":false,"description":"Always false for non-target observables."},"investigated":{"type":"boolean"}},"required":["type","value","disposition","title","is_asset","investigated"]},{"type":"object","properties":{"type":{"type":"string"},"value":{"type":"string"},"asset_value":{"type":"integer","format":"int64","minimum":0,"x-nullable":true},"is_asset":{"type":"boolean","example":true,"description":"Always true for targets."},"observableType":{"type":"string"},"observables":{"type":"array","items":{"type":"object","properties":{"type":{"type":"string"},"value":{"type":"string"}},"required":["type","value"]},"uniqueItems":true},"asset_id":{"type":"string","x-nullable":true},"properties":{"type":"array","items":{"type":"object","properties":{"name":{"type":"string"},"value":{"type":"string","x-anyOf":[{"type":"string"},{"type":"integer","format":"int64"},{"type":"array","items":{}}]}},"required":["name","value"]},"uniqueItems":true}},"required":["type","value","is_asset","observableType","observables","asset_id","properties"]}]},"source":{"required":["disposition","investigated","is_asset","title","type","value"],"type":"object","properties":{"type":{"type":"string"},"value":{"type":"string"},"disposition":{"type":"integer"},"title":{"type":"string"},"internal":{"type":"boolean"},"sources":{"type":"array","nullable":true,"items":{"type":"string"}},"is_asset":{"type":"boolean","description":"Always false for non-target observables.","example":false},"investigated":{"type":"boolean"}},"x-anyOf":[{"type":"object","properties":{"type":{"type":"string"},"value":{"type":"string"},"disposition":{"type":"integer","enum":[1,2,3,4,5]},"title":{"type":"string"},"internal":{"type":"boolean"},"sources":{"type":"array","items":{"type":"string"},"x-nullable":true},"is_asset":{"type":"boolean","example":false,"description":"Always false for non-target observables."},"investigated":{"type":"boolean"}},"required":["type","value","disposition","title","is_asset","investigated"]},{"type":"object","properties":{"type":{"type":"string"},"value":{"type":"string"},"asset_value":{"type":"integer","format":"int64","minimum":0,"x-nullable":true},"is_asset":{"type":"boolean","example":true,"description":"Always true for targets."},"observableType":{"type":"string"},"observables":{"type":"array","items":{"type":"object","properties":{"type":{"type":"string"},"value":{"type":"string"}},"required":["type","value"]},"uniqueItems":true},"asset_id":{"type":"string","x-nullable":true},"properties":{"type":"array","items":{"type":"object","properties":{"name":{"type":"string"},"value":{"type":"string","x-anyOf":[{"type":"string"},{"type":"integer","format":"int64"},{"type":"array","items":{}}]}},"required":["name","value"]},"uniqueItems":true}},"required":["type","value","is_asset","observableType","observables","asset_id","properties"]}]},"origin_uri":{"type":"string"},"relation_info":{"type":"object"}}}},"observables":{"type":"array","items":{"required":["disposition","investigated","is_asset","title","type","value"],"type":"object","properties":{"type":{"type":"string"},"value":{"type":"string"},"disposition":{"type":"integer"},"title":{"type":"string"},"internal":{"type":"boolean"},"sources":{"type":"array","nullable":true,"items":{"type":"string"}},"is_asset":{"type":"boolean","description":"Always false for non-target observables.","example":false},"investigated":{"type":"boolean"}}}}}}}}}},"application/edn":{"schema":{"required":["events"],"type":"object","properties":{"events":{"type":"array","items":{"required":["confidence","count","id","notable","observables","observed_time","original","relations","targets","type"],"type":"object","properties":{"confidence":{"type":"string","enum":["High","Info","Low","Medium","None","Unknown"]},"count":{"minimum":0,"type":"integer","format":"int64"},"id":{"type":"string","x-anyOf":[{"type":"string"},{"type":"string","format":"uuid"}]},"observed_time":{"required":["start_time"],"type":"object","properties":{"start_time":{"type":"string"},"end_time":{"type":"string","nullable":true}}},"type":{"type":"string","enum":["sighting"]},"context":{"type":"object","nullable":true},"data":{"required":["columns","rows"],"type":"object","properties":{"columns":{"type":"array","items":{"required":["name","type"],"type":"object","properties":{"name":{"type":"string"},"type":{"type":"string","enum":["integer","markdown","number","observable","string","url"]},"description":{"type":"string","nullable":true},"required":{"type":"boolean"},"short_description":{"type":"string","nullable":true}}}},"rows":{"type":"array","items":{"type":"object"}},"row_count":{"minimum":0,"type":"integer","format":"int64"}}},"external_ids":{"type":"array","items":{"type":"string"}},"external_references":{"type":"array","items":{"required":["source_name"],"type":"object","properties":{"source_name":{"type":"string"},"hashes":{"type":"array","items":{"type":"string"}},"url":{"type":"string"},"description":{"type":"string"},"external_id":{"type":"string"}}}},"internal":{"type":"boolean"},"language":{"type":"string"},"revision":{"minimum":0,"type":"integer","format":"int64"},"resolution":{"type":"string","enum":["allowed","blocked","contained","detected"]},"sensor":{"type":"string","enum":["Endpoint","endpoint","endpoint.digital-telephone-handset","endpoint.laptop","endpoint.pos-terminal","endpoint.printer","endpoint.sensor","endpoint.server","endpoint.smart-meter","endpoint.smart-phone","endpoint.tablet","endpoint.workstation","network","network.bridge","network.firewall","network.gateway","network.guard","network.hips","network.hub","network.ids","network.ips","network.modem","network.nic","network.proxy","network.router","network.security_manager","network.sense_making","network.sensor","network.switch","network.vpn","network.wap","process","process.aaa-server","process.anti-virus-scanner","process.connection-scanner","process.directory-service","process.dns-server","process.email-service","process.file-scanner","process.location-service","process.network-scanner","process.remediation-service","process.reputation-service","process.sandbox","process.virtualization-service","process.vulnerability-scanner"]},"sensor_coordinates":{"required":["observables","type"],"type":"object","properties":{"observables":{"type":"array","items":{"required":["type","value"],"type":"object","properties":{"type":{"type":"string"},"value":{"type":"string"}}}},"os":{"type":"string"},"type":{"type":"string","enum":["Endpoint","endpoint","endpoint.digital-telephone-handset","endpoint.laptop","endpoint.pos-terminal","endpoint.printer","endpoint.sensor","endpoint.server","endpoint.smart-meter","endpoint.smart-phone","endpoint.tablet","endpoint.workstation","network","network.bridge","network.firewall","network.gateway","network.guard","network.hips","network.hub","network.ids","network.ips","network.modem","network.nic","network.proxy","network.router","network.security_manager","network.sense_making","network.sensor","network.switch","network.vpn","network.wap","process","process.aaa-server","process.anti-virus-scanner","process.connection-scanner","process.directory-service","process.dns-server","process.email-service","process.file-scanner","process.location-service","process.network-scanner","process.remediation-service","process.reputation-service","process.sandbox","process.virtualization-service","process.vulnerability-scanner"]}}},"severity":{"type":"string","enum":["Critical","High","Info","Low","Medium","None","Unknown"]},"short_description":{"type":"string"},"source":{"type":"string"},"source_uri":{"type":"string"},"timestamp":{"type":"string"},"title":{"type":"string"},"compacted_entities":{"uniqueItems":true,"type":"array","items":{"required":["investigated","observables","type"],"type":"object","properties":{"type":{"type":"string"},"value":{"type":"string","nullable":true},"disposition":{"type":"integer","format":"int64","nullable":true},"investigated":{"type":"boolean","nullable":true},"observables":{"type":"array","items":{"required":["type","value"],"type":"object","properties":{"type":{"type":"string"},"value":{"type":"string"},"properties":{"uniqueItems":true,"type":"array","items":{"type":"object","additionalProperties":{"type":"object"}}},"is_asset":{"type":"boolean"},"modules":{"uniqueItems":true,"type":"array","items":{"type":"string","nullable":true}},"sources":{"uniqueItems":true,"type":"array","items":{"type":"string","nullable":true}},"observables":{"type":"array","items":{"type":"object","additionalProperties":{"type":"object"}},"x-anyOf":[{"type":"array","items":{"type":"object","additionalProperties":{}}},{"type":"array","items":{"type":"object","additionalProperties":{}},"uniqueItems":true}]},"disposition":{"type":"integer","format":"int64"},"investigated":{"type":"boolean"},"asset_id":{"type":"string"},"sightings":{"uniqueItems":true,"type":"array","items":{"type":"string"}},"observed_times":{"uniqueItems":true,"type":"array","items":{"type":"string"}}}},"x-anyOf":[{"type":"array","items":{"type":"object","properties":{"type":{"type":"string"},"value":{"type":"string"},"properties":{"type":"array","items":{"type":"object","additionalProperties":{}},"uniqueItems":true},"is_asset":{"type":"boolean"},"modules":{"type":"array","items":{"type":"string","x-nullable":true},"uniqueItems":true},"sources":{"type":"array","items":{"type":"string","x-nullable":true},"uniqueItems":true},"observables":{"type":"array","items":{"type":"object","additionalProperties":{}},"x-anyOf":[{"type":"array","items":{"type":"object","additionalProperties":{}}},{"type":"array","items":{"type":"object","additionalProperties":{}},"uniqueItems":true}]},"disposition":{"type":"integer","format":"int64"},"investigated":{"type":"boolean"},"asset_id":{"type":"string"},"sightings":{"type":"array","items":{"type":"string"},"uniqueItems":true},"observed_times":{"type":"array","items":{"type":"string"},"uniqueItems":true}},"required":["type","value"]}},{"type":"array","items":{"type":"object","properties":{"type":{"type":"string"},"value":{"type":"string"},"properties":{"type":"array","items":{"type":"object","additionalProperties":{}},"uniqueItems":true},"is_asset":{"type":"boolean"},"modules":{"type":"array","items":{"type":"string","x-nullable":true},"uniqueItems":true},"sources":{"type":"array","items":{"type":"string","x-nullable":true},"uniqueItems":true},"observables":{"type":"array","items":{"type":"object","additionalProperties":{}},"x-anyOf":[{"type":"array","items":{"type":"object","additionalProperties":{}}},{"type":"array","items":{"type":"object","additionalProperties":{}},"uniqueItems":true}]},"disposition":{"type":"integer","format":"int64"},"investigated":{"type":"boolean"},"asset_id":{"type":"string"},"sightings":{"type":"array","items":{"type":"string"},"uniqueItems":true},"observed_times":{"type":"array","items":{"type":"string"},"uniqueItems":true}},"required":["type","value"]},"uniqueItems":true}]}}}},"compacted_relations":{"uniqueItems":true,"type":"array","items":{"required":["related","relation","source"],"type":"object","properties":{"source":{"required":["investigated","observables","type"],"type":"object","properties":{"type":{"type":"string"},"value":{"type":"string","nullable":true},"disposition":{"type":"integer","format":"int64","nullable":true},"investigated":{"type":"boolean","nullable":true},"observables":{"type":"array","items":{"required":["type","value"],"type":"object","properties":{"type":{"type":"string"},"value":{"type":"string"},"properties":{"uniqueItems":true,"type":"array","items":{"type":"object","additionalProperties":{"type":"object"}}},"is_asset":{"type":"boolean"},"modules":{"uniqueItems":true,"type":"array","items":{"type":"string","nullable":true}},"sources":{"uniqueItems":true,"type":"array","items":{"type":"string","nullable":true}},"observables":{"type":"array","items":{"type":"object","additionalProperties":{"type":"object"}},"x-anyOf":[{"type":"array","items":{"type":"object","additionalProperties":{}}},{"type":"array","items":{"type":"object","additionalProperties":{}},"uniqueItems":true}]},"disposition":{"type":"integer","format":"int64"},"investigated":{"type":"boolean"},"asset_id":{"type":"string"},"sightings":{"uniqueItems":true,"type":"array","items":{"type":"string"}},"observed_times":{"uniqueItems":true,"type":"array","items":{"type":"string"}}}},"x-anyOf":[{"type":"array","items":{"type":"object","properties":{"type":{"type":"string"},"value":{"type":"string"},"properties":{"type":"array","items":{"type":"object","additionalProperties":{}},"uniqueItems":true},"is_asset":{"type":"boolean"},"modules":{"type":"array","items":{"type":"string","x-nullable":true},"uniqueItems":true},"sources":{"type":"array","items":{"type":"string","x-nullable":true},"uniqueItems":true},"observables":{"type":"array","items":{"type":"object","additionalProperties":{}},"x-anyOf":[{"type":"array","items":{"type":"object","additionalProperties":{}}},{"type":"array","items":{"type":"object","additionalProperties":{}},"uniqueItems":true}]},"disposition":{"type":"integer","format":"int64"},"investigated":{"type":"boolean"},"asset_id":{"type":"string"},"sightings":{"type":"array","items":{"type":"string"},"uniqueItems":true},"observed_times":{"type":"array","items":{"type":"string"},"uniqueItems":true}},"required":["type","value"]}},{"type":"array","items":{"type":"object","properties":{"type":{"type":"string"},"value":{"type":"string"},"properties":{"type":"array","items":{"type":"object","additionalProperties":{}},"uniqueItems":true},"is_asset":{"type":"boolean"},"modules":{"type":"array","items":{"type":"string","x-nullable":true},"uniqueItems":true},"sources":{"type":"array","items":{"type":"string","x-nullable":true},"uniqueItems":true},"observables":{"type":"array","items":{"type":"object","additionalProperties":{}},"x-anyOf":[{"type":"array","items":{"type":"object","additionalProperties":{}}},{"type":"array","items":{"type":"object","additionalProperties":{}},"uniqueItems":true}]},"disposition":{"type":"integer","format":"int64"},"investigated":{"type":"boolean"},"asset_id":{"type":"string"},"sightings":{"type":"array","items":{"type":"string"},"uniqueItems":true},"observed_times":{"type":"array","items":{"type":"string"},"uniqueItems":true}},"required":["type","value"]},"uniqueItems":true}]}}},"related":{"required":["investigated","observables","type"],"type":"object","properties":{"type":{"type":"string"},"value":{"type":"string","nullable":true},"disposition":{"type":"integer","format":"int64","nullable":true},"investigated":{"type":"boolean","nullable":true},"observables":{"type":"array","items":{"required":["type","value"],"type":"object","properties":{"type":{"type":"string"},"value":{"type":"string"},"properties":{"uniqueItems":true,"type":"array","items":{"type":"object","additionalProperties":{"type":"object"}}},"is_asset":{"type":"boolean"},"modules":{"uniqueItems":true,"type":"array","items":{"type":"string","nullable":true}},"sources":{"uniqueItems":true,"type":"array","items":{"type":"string","nullable":true}},"observables":{"type":"array","items":{"type":"object","additionalProperties":{"type":"object"}},"x-anyOf":[{"type":"array","items":{"type":"object","additionalProperties":{}}},{"type":"array","items":{"type":"object","additionalProperties":{}},"uniqueItems":true}]},"disposition":{"type":"integer","format":"int64"},"investigated":{"type":"boolean"},"asset_id":{"type":"string"},"sightings":{"uniqueItems":true,"type":"array","items":{"type":"string"}},"observed_times":{"uniqueItems":true,"type":"array","items":{"type":"string"}}}},"x-anyOf":[{"type":"array","items":{"type":"object","properties":{"type":{"type":"string"},"value":{"type":"string"},"properties":{"type":"array","items":{"type":"object","additionalProperties":{}},"uniqueItems":true},"is_asset":{"type":"boolean"},"modules":{"type":"array","items":{"type":"string","x-nullable":true},"uniqueItems":true},"sources":{"type":"array","items":{"type":"string","x-nullable":true},"uniqueItems":true},"observables":{"type":"array","items":{"type":"object","additionalProperties":{}},"x-anyOf":[{"type":"array","items":{"type":"object","additionalProperties":{}}},{"type":"array","items":{"type":"object","additionalProperties":{}},"uniqueItems":true}]},"disposition":{"type":"integer","format":"int64"},"investigated":{"type":"boolean"},"asset_id":{"type":"string"},"sightings":{"type":"array","items":{"type":"string"},"uniqueItems":true},"observed_times":{"type":"array","items":{"type":"string"},"uniqueItems":true}},"required":["type","value"]}},{"type":"array","items":{"type":"object","properties":{"type":{"type":"string"},"value":{"type":"string"},"properties":{"type":"array","items":{"type":"object","additionalProperties":{}},"uniqueItems":true},"is_asset":{"type":"boolean"},"modules":{"type":"array","items":{"type":"string","x-nullable":true},"uniqueItems":true},"sources":{"type":"array","items":{"type":"string","x-nullable":true},"uniqueItems":true},"observables":{"type":"array","items":{"type":"object","additionalProperties":{}},"x-anyOf":[{"type":"array","items":{"type":"object","additionalProperties":{}}},{"type":"array","items":{"type":"object","additionalProperties":{}},"uniqueItems":true}]},"disposition":{"type":"integer","format":"int64"},"investigated":{"type":"boolean"},"asset_id":{"type":"string"},"sightings":{"type":"array","items":{"type":"string"},"uniqueItems":true},"observed_times":{"type":"array","items":{"type":"string"},"uniqueItems":true}},"required":["type","value"]},"uniqueItems":true}]}}},"relation":{"type":"string"},"origin":{"type":"string"}}}},"tlp":{"type":"string","enum":["amber","green","red","white"]},"notability":{"type":"object","properties":{"first_seen_target":{"required":["label","targets"],"type":"object","properties":{"label":{"type":"string"},"targets":{"uniqueItems":true,"type":"array","items":{"type":"object"}}}},"severity":{"required":["label"],"type":"object","properties":{"label":{"type":"string"}}},"mitre-attack":{"required":["label"],"type":"object","properties":{"label":{"type":"string"}}},"first_seen_indicator":{"required":["indicators","label"],"type":"object","properties":{"label":{"type":"string"},"indicators":{"uniqueItems":true,"type":"array","items":{"type":"object"}}}},"original_event":{"required":["label"],"type":"object","properties":{"label":{"type":"string"}}}}},"mitreData":{"uniqueItems":true,"type":"array","items":{"required":["id","phase_name","priority","title","url","value"],"type":"object","properties":{"id":{"type":"string","enum":["TA0004","TA0010","TA0005","TA0001","TA0009","TA0002","TA0040","TA0043","TA0011","TA0008","TA0042","TA0006","TA0007","TA0003"]},"value":{"type":"string","enum":["TA0004","TA0010","TA0005","TA0001","TA0009","TA0002","TA0040","TA0043","TA0011","TA0008","TA0042","TA0006","TA0007","TA0003"]},"phase_name":{"type":"string","enum":["privilege-escalation","exfiltration","defense-evasion","initial-access","collection","execution","impact","reconnaissance","command-and-control","lateral-movement","resource-development","credential-access","discovery","persistence"]},"priority":{"type":"integer"},"url":{"type":"string","enum":["https://attack.mitre.org/tactics/TA0004/","https://attack.mitre.org/tactics/TA0010/","https://attack.mitre.org/tactics/TA0005/","https://attack.mitre.org/tactics/TA0001/","https://attack.mitre.org/tactics/TA0009/","https://attack.mitre.org/tactics/TA0002/","https://attack.mitre.org/tactics/TA0040/","https://attack.mitre.org/tactics/TA0043/","https://attack.mitre.org/tactics/TA0011/","https://attack.mitre.org/tactics/TA0008/","https://attack.mitre.org/tactics/TA0042/","https://attack.mitre.org/tactics/TA0006/","https://attack.mitre.org/tactics/TA0007/","https://attack.mitre.org/tactics/TA0003/"]},"title":{"type":"string","enum":["Privilege Escalation","Exfiltration","Defense Evasion","Initial Access","Collection","Execution","Impact","Reconnaissance","Command and Control","Lateral Movement","Resource Development","Credential Access","Discovery","Persistence"]}}}},"notable":{"type":"boolean"},"original":{"type":"boolean"},"indicators":{"type":"array","items":{"type":"object"}},"investigationId":{"type":"string","nullable":true},"investigationShortDescription":{"type":"string","nullable":true},"investigationSource":{"type":"string","nullable":true},"targets":{"type":"array","items":{"required":["asset_id","is_asset","observableType","observables","properties","type","value"],"type":"object","properties":{"type":{"type":"string"},"value":{"type":"string"},"asset_value":{"minimum":0,"type":"integer","format":"int64","nullable":true},"is_asset":{"type":"boolean","description":"Always true for targets.","example":true},"observableType":{"type":"string"},"observables":{"uniqueItems":true,"type":"array","items":{"required":["type","value"],"type":"object","properties":{"type":{"type":"string"},"value":{"type":"string"}}}},"asset_id":{"type":"string","nullable":true},"properties":{"uniqueItems":true,"type":"array","items":{"required":["name","value"],"type":"object","properties":{"name":{"type":"string"},"value":{"type":"string","x-anyOf":[{"type":"string"},{"type":"integer","format":"int64"},{"type":"array","items":{}}]}}}}}}},"relations":{"type":"array","items":{"required":["origin","related","relation","source"],"type":"object","properties":{"origin":{"type":"string"},"relation":{"type":"string"},"related":{"required":["disposition","investigated","is_asset","title","type","value"],"type":"object","properties":{"type":{"type":"string"},"value":{"type":"string"},"disposition":{"type":"integer"},"title":{"type":"string"},"internal":{"type":"boolean"},"sources":{"type":"array","nullable":true,"items":{"type":"string"}},"is_asset":{"type":"boolean","description":"Always false for non-target observables.","example":false},"investigated":{"type":"boolean"}},"x-anyOf":[{"type":"object","properties":{"type":{"type":"string"},"value":{"type":"string"},"disposition":{"type":"integer","enum":[1,2,3,4,5]},"title":{"type":"string"},"internal":{"type":"boolean"},"sources":{"type":"array","items":{"type":"string"},"x-nullable":true},"is_asset":{"type":"boolean","example":false,"description":"Always false for non-target observables."},"investigated":{"type":"boolean"}},"required":["type","value","disposition","title","is_asset","investigated"]},{"type":"object","properties":{"type":{"type":"string"},"value":{"type":"string"},"asset_value":{"type":"integer","format":"int64","minimum":0,"x-nullable":true},"is_asset":{"type":"boolean","example":true,"description":"Always true for targets."},"observableType":{"type":"string"},"observables":{"type":"array","items":{"type":"object","properties":{"type":{"type":"string"},"value":{"type":"string"}},"required":["type","value"]},"uniqueItems":true},"asset_id":{"type":"string","x-nullable":true},"properties":{"type":"array","items":{"type":"object","properties":{"name":{"type":"string"},"value":{"type":"string","x-anyOf":[{"type":"string"},{"type":"integer","format":"int64"},{"type":"array","items":{}}]}},"required":["name","value"]},"uniqueItems":true}},"required":["type","value","is_asset","observableType","observables","asset_id","properties"]}]},"source":{"required":["disposition","investigated","is_asset","title","type","value"],"type":"object","properties":{"type":{"type":"string"},"value":{"type":"string"},"disposition":{"type":"integer"},"title":{"type":"string"},"internal":{"type":"boolean"},"sources":{"type":"array","nullable":true,"items":{"type":"string"}},"is_asset":{"type":"boolean","description":"Always false for non-target observables.","example":false},"investigated":{"type":"boolean"}},"x-anyOf":[{"type":"object","properties":{"type":{"type":"string"},"value":{"type":"string"},"disposition":{"type":"integer","enum":[1,2,3,4,5]},"title":{"type":"string"},"internal":{"type":"boolean"},"sources":{"type":"array","items":{"type":"string"},"x-nullable":true},"is_asset":{"type":"boolean","example":false,"description":"Always false for non-target observables."},"investigated":{"type":"boolean"}},"required":["type","value","disposition","title","is_asset","investigated"]},{"type":"object","properties":{"type":{"type":"string"},"value":{"type":"string"},"asset_value":{"type":"integer","format":"int64","minimum":0,"x-nullable":true},"is_asset":{"type":"boolean","example":true,"description":"Always true for targets."},"observableType":{"type":"string"},"observables":{"type":"array","items":{"type":"object","properties":{"type":{"type":"string"},"value":{"type":"string"}},"required":["type","value"]},"uniqueItems":true},"asset_id":{"type":"string","x-nullable":true},"properties":{"type":"array","items":{"type":"object","properties":{"name":{"type":"string"},"value":{"type":"string","x-anyOf":[{"type":"string"},{"type":"integer","format":"int64"},{"type":"array","items":{}}]}},"required":["name","value"]},"uniqueItems":true}},"required":["type","value","is_asset","observableType","observables","asset_id","properties"]}]},"origin_uri":{"type":"string"},"relation_info":{"type":"object"}}}},"observables":{"type":"array","items":{"required":["disposition","investigated","is_asset","title","type","value"],"type":"object","properties":{"type":{"type":"string"},"value":{"type":"string"},"disposition":{"type":"integer"},"title":{"type":"string"},"internal":{"type":"boolean"},"sources":{"type":"array","nullable":true,"items":{"type":"string"}},"is_asset":{"type":"boolean","description":"Always false for non-target observables.","example":false},"investigated":{"type":"boolean"}}}}}}}}}}}},"400":{"description":"","content":{"application/json":{"schema":{"required":["message"],"type":"object","properties":{"message":{"type":"object"}}}},"application/transit+msgpack":{"schema":{"required":["message"],"type":"object","properties":{"message":{"type":"object"}}}},"application/transit+json":{"schema":{"required":["message"],"type":"object","properties":{"message":{"type":"object"}}}},"application/edn":{"schema":{"required":["message"],"type":"object","properties":{"message":{"type":"object"}}}}}},"401":{"description":"","content":{"application/json":{"schema":{"required":["message"],"type":"object","properties":{"message":{"type":"string","enum":["Unauthorized"]}}}},"application/transit+msgpack":{"schema":{"required":["message"],"type":"object","properties":{"message":{"type":"string","enum":["Unauthorized"]}}}},"application/transit+json":{"schema":{"required":["message"],"type":"object","properties":{"message":{"type":"string","enum":["Unauthorized"]}}}},"application/edn":{"schema":{"required":["message"],"type":"object","properties":{"message":{"type":"string","enum":["Unauthorized"]}}}}}},"403":{"description":"","content":{"application/json":{"schema":{"required":["message"],"type":"object","properties":{"message":{"type":"string","enum":["Forbidden"]}}}},"application/transit+msgpack":{"schema":{"required":["message"],"type":"object","properties":{"message":{"type":"string","enum":["Forbidden"]}}}},"application/transit+json":{"schema":{"required":["message"],"type":"object","properties":{"message":{"type":"string","enum":["Forbidden"]}}}},"application/edn":{"schema":{"required":["message"],"type":"object","properties":{"message":{"type":"string","enum":["Forbidden"]}}}}}},"404":{"description":"","content":{"application/json":{"schema":{"required":["message"],"type":"object","properties":{"message":{"type":"string","enum":["Not Found"]}}}},"application/transit+msgpack":{"schema":{"required":["message"],"type":"object","properties":{"message":{"type":"string","enum":["Not Found"]}}}},"application/transit+json":{"schema":{"required":["message"],"type":"object","properties":{"message":{"type":"string","enum":["Not Found"]}}}},"application/edn":{"schema":{"required":["message"],"type":"object","properties":{"message":{"type":"string","enum":["Not Found"]}}}}}},"405":{"description":"","content":{"application/json":{"schema":{"required":["message"],"type":"object","properties":{"message":{"type":"string","enum":["Method Not Allowed"]}}}},"application/transit+msgpack":{"schema":{"required":["message"],"type":"object","properties":{"message":{"type":"string","enum":["Method Not Allowed"]}}}},"application/transit+json":{"schema":{"required":["message"],"type":"object","properties":{"message":{"type":"string","enum":["Method Not Allowed"]}}}},"application/edn":{"schema":{"required":["message"],"type":"object","properties":{"message":{"type":"string","enum":["Method Not Allowed"]}}}}}},"406":{"description":"","content":{"application/json":{"schema":{"required":["message"],"type":"object","properties":{"message":{"type":"string","enum":["Not Acceptable"]}}}},"application/transit+msgpack":{"schema":{"required":["message"],"type":"object","properties":{"message":{"type":"string","enum":["Not Acceptable"]}}}},"application/transit+json":{"schema":{"required":["message"],"type":"object","properties":{"message":{"type":"string","enum":["Not Acceptable"]}}}},"application/edn":{"schema":{"required":["message"],"type":"object","properties":{"message":{"type":"string","enum":["Not Acceptable"]}}}}}},"429":{"description":"","content":{"application/json":{"schema":{"required":["message"],"type":"object","properties":{"message":{"type":"string","enum":["Too many requests"]}}}},"application/transit+msgpack":{"schema":{"required":["message"],"type":"object","properties":{"message":{"type":"string","enum":["Too many requests"]}}}},"application/transit+json":{"schema":{"required":["message"],"type":"object","properties":{"message":{"type":"string","enum":["Too many requests"]}}}},"application/edn":{"schema":{"required":["message"],"type":"object","properties":{"message":{"type":"string","enum":["Too many requests"]}}}}}},"500":{"description":"","content":{"application/json":{"schema":{"required":["message"],"type":"object","properties":{"message":{"type":"string","enum":["exception","default exception","sql exception","JSON too large","schema","external_request"]},"exception":{"type":"string","example":"SqlException"},"data":{"type":"object","description":"Any specific error information passed by custom errors.","example":""},"uri":{"type":"string","description":"The URI the error was seen at","example":"/global/v1/incident/?/incident-summary"}}}},"application/transit+msgpack":{"schema":{"required":["message"],"type":"object","properties":{"message":{"type":"string","enum":["exception","default exception","sql exception","JSON too large","schema","external_request"]},"exception":{"type":"string","example":"SqlException"},"data":{"type":"object","description":"Any specific error information passed by custom errors.","example":""},"uri":{"type":"string","description":"The URI the error was seen at","example":"/global/v1/incident/?/incident-summary"}}}},"application/transit+json":{"schema":{"required":["message"],"type":"object","properties":{"message":{"type":"string","enum":["exception","default exception","sql exception","JSON too large","schema","external_request"]},"exception":{"type":"string","example":"SqlException"},"data":{"type":"object","description":"Any specific error information passed by custom errors.","example":""},"uri":{"type":"string","description":"The URI the error was seen at","example":"/global/v1/incident/?/incident-summary"}}}},"application/edn":{"schema":{"required":["message"],"type":"object","properties":{"message":{"type":"string","enum":["exception","default exception","sql exception","JSON too large","schema","external_request"]},"exception":{"type":"string","example":"SqlException"},"data":{"type":"object","description":"Any specific error information passed by custom errors.","example":""},"uri":{"type":"string","description":"The URI the error was seen at","example":"/global/v1/incident/?/incident-summary"}}}}}}},"security":[{"JWT-Bearer":[]},{"oauth2":[]}],"method":"get","path":"/v2/investigation/{investigation-id}/events"}}