Update Threat Intelligence Feed - Cloud Security API

{"type":"api","title":"Update Threat Intelligence Feed","meta":{"id":"/apps/pubhub/media/cloud-security-apis-in-eft/83e8a10367d157243cd1c3e478b807cb81262a3d/9c9cc32c-275c-3119-8ff5-3eceac33f676","info":{"title":"Cisco Secure Access Threat Intelligence Feeds API","version":"1.0.0","description":"Create and manage the integration of STIX-TAXII threat intelligence feeds in Secure Access.","contact":{"name":"Cloud Security Developer Community"}},"security":[{"oauthFlow":[]}],"tags":[{"name":"Integrations","description":"Integration management"},{"name":"Secure Access"}],"x-parser-conf":{"overview":{"markdownPath":"secure-access/reference/admin/threat-intelligence-feeds-overview.md","uri":"secure-access-api-reference-threat-intelligence-feeds-overview"}},"openapi":"3.0.3","servers":[{"url":"https://api.sse.cisco.com/{basePath}","variables":{"basePath":{"default":"admin/v2"}}}],"securitySchemes":{"oauthFlow":{"type":"oauth2","description":"The client credential flow.","flows":{"clientCredentials":{"tokenUrl":"https://api.sse.cisco.com/auth/v2/token","scopes":{"admin.integrations.threatfeeds:read":"Read threat intelligence feeds","admin.integrations.threatfeeds:write":"Create, update, or delete threat intelligence feeds"}}}}}},"spec":{"operationId":"updateFeed","summary":"Update Threat Intelligence Feed","description":"Update the properties of a threat intelligence feed integrated in the organization.\n**Note:** If you update the `auth_type`, provide the credentials for the type of authentication.","security":[{"oauthFlow":["admin.integrations.threatfeeds:write"]}],"tags":["Integrations","Secure Access"],"parameters":[{"name":"feedId","in":"path","required":true,"description":"The identifier of the threat intelligence feed or threat intelligence job.\nThe identifier is 24 hex characters.","schema":{"type":"string"},"example":"0000303900000000000001a4","$$ref":"#/components/parameters/feedId"}],"requestBody":{"required":true,"content":{"application/json":{"schema":{"type":"object","description":"You cannot specify both polling_interval and polling_interval_value+polling_interval_unit simultaneously.\nCan update these fields only:\n- `integration_name`\n- `dest_list_id`\n- `auth_type` and `credentials`\n- `polling_interval` or `polling_interval_value` and `polling_interval_unit`","properties":{"integration_name":{"type":"string","description":"The name of the third-party integration.","example":"Anomali ThreatStream Feed","$$ref":"#/components/schemas/integration_name"},"dest_list_id":{"type":"string","description":"The unique identifier of the destination list that the system associates with the threat intelligence feed.","example":"list-abc-123","$$ref":"#/components/schemas/dest_list_id"},"polling_interval":{"type":"string","nullable":true,"description":"The cron expression for the polling schedule.","example":"*/30 * * * *","$$ref":"#/components/schemas/polling_interval"},"polling_interval_value":{"type":"integer","nullable":true,"minimum":1,"description":"The numeric value of the `polling interval`.","example":30,"$$ref":"#/components/schemas/polling_interval_value"},"polling_interval_unit":{"type":"string","nullable":true,"enum":["minutes","hours","days"],"description":"The unit of time for the `polling_interval_value`.\nConstraints: minutes (1-59), hours (1-23), days (1-31).","example":"minutes","$$ref":"#/components/schemas/polling_interval_unit"},"auth_type":{"type":"string","enum":["basic","bearer","api_key"],"description":"The authentication method used with the threat intelligence feed.","example":"basic","$$ref":"#/components/schemas/auth_type"},"credentials":{"type":"object","description":"The properties of the credentials used to authenticate with the threat intelligence feed.","properties":{"username":{"type":"string","description":"The username on the account for the threat intelligence feed.","nullable":true},"password":{"type":"string","description":"The password on the account for the threat intelligence feed.","format":"password","nullable":true},"token":{"type":"string","description":"The access token on the account for the threat intelligence feed.","nullable":true},"api_key":{"type":"string","description":"The API key on the account for the threat intelligence feed.","nullable":true}},"$$ref":"#/components/schemas/credentials"}},"example":{"integration_name":"Updated Feed Name","dest_list_id":"new-list-456"}}}},"$$ref":"#/components/requestBodies/updateFeedRequest"},"responses":{"200":{"description":"OK","content":{"application/json":{"schema":{"type":"object","description":"The properties used to update the threat intelligence feed.","required":["job_id","customer_id","state","feed_vendor"],"properties":{"job_id":{"type":"string","description":"The unique identifier of the job.","example":"0000303900000000000001a4","$$ref":"#/components/schemas/job_id"},"customer_id":{"type":"string","description":"The identifier of the customer or tenant.","example":"12345a","$$ref":"#/components/schemas/customer_id"},"discovery_url":{"type":"string","format":"uri","description":"The discovery URL for the TAXII service.\nThe discovery URL must end with a trailing slash.\nFor more information, see the TAXII 2.1 standard, section 4.1.","example":"https://limo.anomali.com/taxii2/","$$ref":"#/components/schemas/discovery_url"},"root_url":{"type":"string","format":"uri","description":"The root URL for the TAXII API.\nThe root URL must end with a trailing slash.\nFor more information, see the TAXII 2.1 standard, section 4.2.","example":"https://limo.anomali.com/api1/","$$ref":"#/components/schemas/root_url"},"collection_name":{"type":"string","description":"The name of the collection provided by the threat intelligence feed.","example":"Indicators","$$ref":"#/components/schemas/collection_name"},"collection_id":{"type":"string","format":"uuid","pattern":"^[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-4[0-9a-fA-F]{3}-[89abAB][0-9a-fA-F]{3}-[0-9a-fA-F]{12}$","description":"The unique ID (UUID) of the TAXII collection.\nThe collection ID must be a valid UUID v4 as specified in the \nTAXII standard v2.1 Section 5.2.1.","example":"91a7b528-80eb-42ed-a74d-c6fbd5a26116","$$ref":"#/components/schemas/collection_id"},"auth_id":{"type":"string","description":"The identifier of the encrypted credentials.","$$ref":"#/components/schemas/auth_id"},"polling_interval":{"type":"string","nullable":true,"description":"The cron expression for the polling schedule.","example":"*/30 * * * *","$$ref":"#/components/schemas/polling_interval"},"window_duration":{"type":"integer","description":"The number of seconds that represents the polling window.","example":300,"$$ref":"#/components/schemas/window_duration"},"feed_vendor":{"type":"string","description":"The name of the vendor that provides the threat intelligence feed.","example":"Anomali","$$ref":"#/components/schemas/feed_vendor"},"state":{"type":"string","description":"The state of a threat intelligence feed job.","enum":["draft","active","paused","disabled"],"example":"active","$$ref":"#/components/schemas/state"},"created_at":{"type":"string","format":"date-time","description":"The date and time when the system created the threat intelligence feed.\nTimestamp created using the ISO 8601 format with UTC timezone.","example":"2026-01-04T15:30:00.000000Z","$$ref":"#/components/schemas/created_at"},"updated_at":{"type":"string","format":"date-time","description":"The date and time when the system updated the threat intelligence feed.\nTimestamp created using the ISO 8601 format with UTC timezone.","example":"2026-01-04T16:45:00.000000Z","$$ref":"#/components/schemas/updated_at"}},"example":{"job_id":"0000303900000000000001a4","customer_id":"12345","discovery_url":"https://limo.anomali.com/taxii2/","root_url":"https://limo.anomali.com/api1/","collection_name":"Indicators","collection_id":"91a7b528-80eb-42ed-a74d-c6fbd5a26116","polling_interval":"*/30 * * * *","feed_vendor":"anomali","state":"active","created_at":"2026-01-04T15:30:00.000000Z","updated_at":"2026-03-10T12:00:00.000000Z"},"$$ref":"#/components/schemas/updateFeedResponse"}}}},"400":{"description":"Bad Request","headers":{"Content-Type":{"schema":{"type":"string"},"description":"The MIME content type of the response body.","example":"application/json","$$ref":"#/components/headers/Content-Type"},"Date":{"schema":{"type":"string","pattern":"^[0-90-90-90-9-0-90-9-0-90-9T0-90-9:0-90-9:0-90-9Z]+$"},"description":"The date and time (ISO 8601-formatted timestamp) when the system returned the response.","example":"2023-03-14T18:34:25Z","$$ref":"#/components/headers/Date"}},"content":{"application/json":{"schema":{"type":"object","properties":{"error_id":{"type":"string","description":"Error message explaining the reason for failure.","example":"Forbidden"},"http_status":{"type":"integer","description":"The HTTP status code returned in the response.","example":403}}},"examples":{"example_one":{"summary":"Bad Request","value":{"title":"Bad Request","description":"Invalid discovery URL format","http_status":400,"error_id":"err-20260310-a1b2c3d4","error_code":"VALIDATION_ERROR"}},"invalidRequest":{"summary":"Bad request","value":{"title":"Bad Request","description":"Invalid job definition","http_status":400,"error_id":"err-20260310-a1b2c3d4","error_code":"VALIDATION_ERROR"}},"vendorLimit":{"summary":"Vendor limit exceeded","value":{"title":"Vendor Limit Exceeded","description":"Maximum 5 active jobs allowed for vendor 'pulsedive'","http_status":400,"error_id":"err-20260310-b2c3d4e5","error_code":"VENDOR_LIMIT_EXCEEDED"}}}}},"$$ref":"#/components/responses/400Error"},"401":{"description":"Unauthorized","content":{"application/json":{"example":{"Error":"Authentication required"}}}},"403":{"description":"Forbidden","headers":{"Content-Type":{"schema":{"type":"string"},"description":"The MIME content type of the response body.","example":"application/json","$$ref":"#/components/headers/Content-Type"},"Date":{"schema":{"type":"string","pattern":"^[0-90-90-90-9-0-90-9-0-90-9T0-90-9:0-90-9:0-90-9Z]+$"},"description":"The date and time (ISO 8601-formatted timestamp) when the system returned the response.","example":"2023-03-14T18:34:25Z","$$ref":"#/components/headers/Date"}},"content":{"application/json":{"schema":{"type":"object","properties":{"error_id":{"type":"string","description":"Error message explaining the reason for failure.","example":"Forbidden"},"http_status":{"type":"integer","description":"The HTTP status code returned in the response.","example":403}}}}},"$$ref":"#/components/responses/403Error"},"404":{"description":"Not Found","headers":{"Content-Type":{"schema":{"type":"string"},"description":"The MIME content type of the response body.","example":"application/json","$$ref":"#/components/headers/Content-Type"},"Date":{"schema":{"type":"string","pattern":"^[0-90-90-90-9-0-90-9-0-90-9T0-90-9:0-90-9:0-90-9Z]+$"},"description":"The date and time (ISO 8601-formatted timestamp) when the system returned the response.","example":"2023-03-14T18:34:25Z","$$ref":"#/components/headers/Date"}},"content":{"application/json":{"schema":{"type":"object","properties":{"error_id":{"type":"string","description":"Error message explaining the reason for failure.","example":"Not Found"},"http_status":{"type":"integer","description":"The HTTP status code returned in the response.","example":404}}},"example":{"title":"Not Found","description":"TAXII discovery endpoint not found","http_status":404,"error_id":"err-20260310-d4e5f6a7","error_code":"TAXII_UPSTREAM_ERROR"}}},"$$ref":"#/components/responses/404Error"},"422":{"description":"Unprocessable Entity - Request validation error","content":{"application/json":{"example":{"title":"Validation Error","description":"1 validation error(s): body.integration_name","http_status":422,"error_id":"err-20260310-b2c3d4e5","error_code":"REQUEST_VALIDATION_ERROR","details":{"errors":[{"field":"body.integration_name","message":"Potentially dangerous input detected","type":"value_error"}]}}}}},"429":{"description":"Too Many Requests","headers":{"Content-Type":{"schema":{"type":"string"},"description":"The MIME content type of the response body.","example":"application/json","$$ref":"#/components/headers/Content-Type"},"Date":{"schema":{"type":"string","pattern":"^[0-90-90-90-9-0-90-9-0-90-9T0-90-9:0-90-9:0-90-9Z]+$"},"description":"The date and time (ISO 8601-formatted timestamp) when the system returned the response.","example":"2023-03-14T18:34:25Z","$$ref":"#/components/headers/Date"}},"content":{"application/json":{"example":{"Error":"Rate limit exceeded"}}},"$$ref":"#/components/responses/429Error"},"500":{"description":"Internal Server Error","headers":{"Content-Type":{"schema":{"type":"string"},"description":"The MIME content type of the response body.","example":"application/json","$$ref":"#/components/headers/Content-Type"},"Date":{"schema":{"type":"string","pattern":"^[0-90-90-90-9-0-90-9-0-90-9T0-90-9:0-90-9:0-90-9Z]+$"},"description":"The date and time (ISO 8601-formatted timestamp) when the system returned the response.","example":"2023-03-14T18:34:25Z","$$ref":"#/components/headers/Date"}},"content":{"application/json":{"schema":{"type":"object","properties":{"error_id":{"type":"string","description":"Error message explaining the reason for failure.","example":"Internal Server Error"},"http_status":{"type":"integer","description":"The HTTP status code returned in the response.","example":500}},"example":{"title":"Internal Server Error","description":"An unexpected error occurred","http_status":500,"error_id":"err-20260310-f6a7b8c9"}}}},"$$ref":"#/components/responses/500Error"}},"__originalOperationId":"updateFeed","method":"patch","path":"/integrations/threatFeeds/feeds/{feedId}"}}