Trigger an Action - Cisco XDR APIs

{"type":"api","title":"Trigger an Action","meta":{"id":"/apps/pubhub/media/cisco-xdr-api-docs/fa9197522b1e6452b6dbfc472555dcc7ceeb71bd/e9fbb387-4438-3b4b-b9f2-c8cb296686dc","info":{"title":"IROH-INT Response","description":"Manage Response from modules","contact":{"name":"Cisco Security Business Group -- Advanced Threat","email":"cisco-intel-api-support@cisco.com"},"license":{"name":"All Rights Reserved","url":"https://www.cisco.com"},"version":"1.0.107"},"security":[{"oAuth2":["integration:read","private-intel:read","profile:read","inspect:read","users:read","invite:read","enrich:read","oauth:read","response:read","global-intel:read","ao:read","playbook:read"]}],"tags":[{"name":"Response","description":"IROH Response"}],"x-parser-conf":{"serverConfig":"select","overview":{"markdownPath":"reference/response/overview.md","uri":"response-api-guide"},"disableAuthEditing":true,"exampleAsDefault":true,"oAuth2":{"clientId":"client-546e34fc-c6bf-4951-ac69-f6d7987a7814","clientSecret":"MYw4_E_tBdFwUwrX6WFYKVD5LQrG2k7XrJ5J046wWE0s1gAKCxJ8VA","proxyEnabled":false},"meta":{"useProxy":true}},"openapi":"3.0.1","servers":[{"url":"https://visibility.amp.cisco.com"}],"securitySchemes":{"oAuth2":{"type":"oauth2","flows":{"clientCredentials":{"tokenUrl":"https://visibility.amp.cisco.com/iroh/oauth2/token","scopes":{"telemetry":"Collect application data for analytics","integration:read":"Manage your modules","private-intel:read":"Access Private Intelligence","admin":"Provide admin privileges","cognitive":"Cognitive Integration","profile:read":"Get your profile information","inspect:read":"Extract Observables and data from text","asset":"Access and modify your assets","event":"Read IROH Events","feedback":"Submit Customer Feedback","sse":"SSE Integration. Manage your Devices.","registry":"Manage registry entries","users:read":"Manage users of your organization","investigation":"Perform threat analysis investigation","invite:read":"Invite users into your organization","casebook":"Access and modify your casebooks","playbook":"Access and modify your playbooks","orbital":"Orbital Integration.","enrich:read":"Query your configured modules for threat intelligence","oauth:read":"Manage OAuth2 Clients","vault":"Grants access to Module Vaults","response:read":"List and execute response actions using configured modules","notification":"Receive notifications from integrations","global-intel:read":"Access AMP Global Intelligence","webhook":"Manage your Webhooks","ao:read":"AO Integration."}}}}}},"spec":{"tags":["Response"],"summary":"Trigger an Action","description":"[required scopes](/iroh/doc/iroh-auth/#scopes): `response/trigger:write`\n\n","parameters":[{"name":"module-instance-id","in":"path","required":true,"schema":{"type":"string"}},{"name":"action-id","in":"path","required":true,"schema":{"type":"string"}},{"name":"observable_type","in":"query","description":"Observable type names","schema":{"type":"string","enum":["file_path","mac_address","trend_micro_id","cybereason_id","process_args","s1_agent_id","device","hostname","certificate_common_name","serial_number","meraki_network_id","url","certificate_serial","meraki_org_id","cisco_cm_id","registry_key","process_path","darktrace_id","process_username","cortex_agent_id","orbital_node_id","process_uid","ngfw_name","user","certificate_issuer","ipv6","email","cisco_uc_id","sha256","crowdstrike_id","sha1","registry_name","md5","ip","domain","email_subject","imei","ngfw_id","amp_computer_guid","ms_machine_id","mutex","processor_id","swc_device_id","registry_path","odns_identity","odns_identity_label","cisco_mid","process_name","pki_serial","meraki_node_sn","email_messageid","imsi","user_agent","process_hash","file_name"]}},{"name":"observable_value","in":"query","schema":{"type":"string"}}],"responses":{"200":{"description":"","content":{"application/json":{"schema":{"type":"object","properties":{"data":{"required":["status"],"type":"object","properties":{"status":{"type":"string","enum":["failure","success"]}},"additionalProperties":false,"$$ref":"#/components/schemas/ActionResult"},"errors":{"type":"array","items":{"required":["code","message","module_instance_id","module_type_id","type"],"type":"object","properties":{"module_instance_id":{"type":"string"},"module_type_id":{"type":"string"},"module_instance_state":{"type":"string"},"code":{"type":"string"},"message":{"type":"string"},"type":{"type":"string","enum":["fatal","warning","error"]},"module":{"type":"string"}},"additionalProperties":false,"$$ref":"#/components/schemas/ErrorMessage"}}},"additionalProperties":false,"$$ref":"#/components/schemas/EnvelopedActionResult"}},"application/x-yaml":{"schema":{"type":"object","properties":{"data":{"required":["status"],"type":"object","properties":{"status":{"type":"string","enum":["failure","success"]}},"additionalProperties":false,"$$ref":"#/components/schemas/ActionResult"},"errors":{"type":"array","items":{"required":["code","message","module_instance_id","module_type_id","type"],"type":"object","properties":{"module_instance_id":{"type":"string"},"module_type_id":{"type":"string"},"module_instance_state":{"type":"string"},"code":{"type":"string"},"message":{"type":"string"},"type":{"type":"string","enum":["fatal","warning","error"]},"module":{"type":"string"}},"additionalProperties":false,"$$ref":"#/components/schemas/ErrorMessage"}}},"additionalProperties":false,"$$ref":"#/components/schemas/EnvelopedActionResult"}},"application/edn":{"schema":{"type":"object","properties":{"data":{"required":["status"],"type":"object","properties":{"status":{"type":"string","enum":["failure","success"]}},"additionalProperties":false,"$$ref":"#/components/schemas/ActionResult"},"errors":{"type":"array","items":{"required":["code","message","module_instance_id","module_type_id","type"],"type":"object","properties":{"module_instance_id":{"type":"string"},"module_type_id":{"type":"string"},"module_instance_state":{"type":"string"},"code":{"type":"string"},"message":{"type":"string"},"type":{"type":"string","enum":["fatal","warning","error"]},"module":{"type":"string"}},"additionalProperties":false,"$$ref":"#/components/schemas/ErrorMessage"}}},"additionalProperties":false,"$$ref":"#/components/schemas/EnvelopedActionResult"}},"application/transit+json":{"schema":{"type":"object","properties":{"data":{"required":["status"],"type":"object","properties":{"status":{"type":"string","enum":["failure","success"]}},"additionalProperties":false,"$$ref":"#/components/schemas/ActionResult"},"errors":{"type":"array","items":{"required":["code","message","module_instance_id","module_type_id","type"],"type":"object","properties":{"module_instance_id":{"type":"string"},"module_type_id":{"type":"string"},"module_instance_state":{"type":"string"},"code":{"type":"string"},"message":{"type":"string"},"type":{"type":"string","enum":["fatal","warning","error"]},"module":{"type":"string"}},"additionalProperties":false,"$$ref":"#/components/schemas/ErrorMessage"}}},"additionalProperties":false,"$$ref":"#/components/schemas/EnvelopedActionResult"}},"application/transit+msgpack":{"schema":{"type":"object","properties":{"data":{"required":["status"],"type":"object","properties":{"status":{"type":"string","enum":["failure","success"]}},"additionalProperties":false,"$$ref":"#/components/schemas/ActionResult"},"errors":{"type":"array","items":{"required":["code","message","module_instance_id","module_type_id","type"],"type":"object","properties":{"module_instance_id":{"type":"string"},"module_type_id":{"type":"string"},"module_instance_state":{"type":"string"},"code":{"type":"string"},"message":{"type":"string"},"type":{"type":"string","enum":["fatal","warning","error"]},"module":{"type":"string"}},"additionalProperties":false,"$$ref":"#/components/schemas/ErrorMessage"}}},"additionalProperties":false,"$$ref":"#/components/schemas/EnvelopedActionResult"}}}}},"x-no-doc":false,"security":[{"oAuth2":["integration:read","private-intel:read","profile:read","inspect:read","users:read","invite:read","enrich:read","oauth:read","response:read","global-intel:read","ao:read","playbook:read"]}],"method":"post","path":"/iroh/iroh-response/respond/trigger/{module-instance-id}/{action-id}"}}