Issue
Trying to pull threat data over API can be a complicated process. Knowing the data types that are exposed in the API can be very helpful for an end user.
Environment
Red Canary Threat APIs
Resolution
The Schema can be found in "Schema Definitions" section of https://go.my.redcanary.co/openapi/v3/docs/index.html. Under this section the threat data is listed under activity_timelines.ActivityOccurred. The elements are defined as follow:
activity_timelines.ActivityOccurred:
object type: string
type of object
attributes: object
Attributes of the resource
occurred_at: string (date-time)
The time that the activity occurred
analyst_notes: string
Notes regarding this activity recorded by the analyst
type: string
The type of activity that occurred
is_indicator_of_compromise: boolean
If the activity was denoted as an indicator of compromise
file_modification: primitive_activities.FileModification
File modification activity that occurred
network_connection: primitive_activities.NetworkConnection
Network connection activity that occurred
registry_modification: primitive_activities.RegistryModification
Registry modification activity that occurred
process_execution: primitive_activities.ProcessExecution
Process execution that occurred
module_load: primitive_activities.ModuleLoad
Module loading activity that occurred
Comments
0 comments
Please sign in to leave a comment.