| Parameter |
Choices/Defaults |
Comments |
|
action
string
|
Choices:
- Inactive
- Ask
- Prevent
- Detect
|
The indicator's action.
|
|
auto_publish_session
boolean
|
|
Publish the current session if changes have been performed after task completes.
|
|
color
string
|
Choices:
- aquamarine
- black
- blue
- crete blue
- burlywood
- cyan
- dark green
- khaki
- orchid
- dark orange
- dark sea green
- pink
- turquoise
- dark blue
- firebrick
- brown
- forest green
- gold
- dark gold
- gray
- dark gray
- light green
- lemon chiffon
- coral
- sea green
- sky blue
- magenta
- purple
- slate blue
- violet red
- navy blue
- olive
- orange
- red
- sienna
- yellow
|
Color of the object. Should be one of existing colors.
|
|
comments
string
|
|
Comments string.
|
|
details_level
string
|
Choices:
- uid
- standard
- full
|
The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed representation of the object.
|
|
ignore_errors
boolean
|
|
Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored.
|
|
ignore_warnings
boolean
|
|
Apply changes ignoring warnings.
|
|
name
string
/ required
|
|
Object name.
|
|
observables
list
|
|
The indicator's observables.
|
|
comments
string
|
|
Comments string.
|
|
confidence
string
|
Choices:
- low
- medium
- high
- critical
|
The confidence level the indicator has that a real threat has been uncovered.
|
|
domain
string
|
|
The name of a domain.
|
|
ignore_errors
boolean
|
|
Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored.
|
|
ignore_warnings
boolean
|
|
Apply changes ignoring warnings.
|
|
ip_address
string
|
|
A valid IP-Address.
|
|
ip_address_first
string
|
|
A valid IP-Address, the beginning of the range. If you configure this parameter with a value, you must also configure the value of the 'ip-address-last' parameter.
|
|
ip_address_last
string
|
|
A valid IP-Address, the end of the range. If you configure this parameter with a value, you must also configure the value of the 'ip-address-first' parameter.
|
|
mail_cc
string
|
|
A valid E-Mail address, cc field.
|
|
mail_from
string
|
|
A valid E-Mail address, sender field.
|
|
mail_reply_to
string
|
|
A valid E-Mail address, reply-to field.
|
|
mail_subject
string
|
|
Subject of E-Mail.
|
|
mail_to
string
|
|
A valid E-Mail address, recipient filed.
|
|
md5
string
|
|
A valid MD5 sequence.
|
|
name
string
|
|
Object name. Should be unique in the domain.
|
|
product
string
|
|
The software blade that processes the observable, AV - AntiVirus, AB - AntiBot.
|
|
severity
string
|
Choices:
- low
- medium
- high
- critical
|
The severity level of the threat.
|
|
url
string
|
|
A valid URL.
|
|
observables_raw_data
string
|
|
The contents of a file containing the indicator's observables.
|
|
profile_overrides
list
|
|
Profiles in which to override the indicator's default action.
|
|
action
string
|
Choices:
- Inactive
- Ask
- Prevent
- Detect
|
The indicator's action in this profile.
|
|
profile
string
|
|
The profile in which to override the indicator's action.
|
|
state
string
|
Choices:
present ← - absent
|
State of the access rule (present or absent). Defaults to present.
|
|
tags
list
|
|
Collection of tag identifiers.
|
|
version
string
|
|
Version of checkpoint. If not given one, the latest version taken.
|
|
wait_for_task
boolean
|
|
Wait for the task to end. Such as publish task.
|
