Cofense Triage

the cofense triage connector provides streamlined incident response and threat intelligence capabilities by connecting with the cofense triage phishing response platform cofense triage is a comprehensive phishing response platform that enables security teams to identify, analyze, and mitigate email based threats by integrating with swimlane turbine, users can automate the categorization of reports, creation of threat indicators, and management of response actions directly within the security workflow this connector streamlines incident handling and enhances the efficiency of phishing defense mechanisms, providing a robust defense against sophisticated email threats prerequisites before integrating cofense triage with swimlane turbine, ensure you have the following prerequisites oauth 2 0 client credentials authentication with the following parameters url endpoint for cofense triage api access client id unique identifier for oauth 2 0 authentication client secret confidential key for oauth 2 0 authentication capabilities this connector provides the following capabilities categorize a report create a threat indicator create category create response delete to many relationship delete to one relationship get a category get a cluster get a header get a hostname get a report get a reporter get a response get a rule get a threat indicator and so on installation you will need to generate a cofense triage api token to use this connector to generate the api token open administration > account management > operators in the api token actions column of the superuser who will access the api, click (+) to generate the token for that superuser cofense triage generates the token and displays the token in the api token column you will use the token and associated email address in the asset of this connection filtering lists as explained in the api documentation, the general form of the url is https //hostname/api/public/v2/example resources?filter\[attribute op]=value given that a query string can be of arbitrary size, swimlane accepts a query string with the format filter\[attribute name 1 op]=value 1,value 2 value n\&filter\[attribute name 2 op]=value 1,value 2 value n\&filter\[attribute name n op]=value 1,value 2 value n this string, if given, will be appended to the request query limit results some tasks receive an optional limit parameter when given, buckets of 50 records are going to be returned up to the limit defined filter ops comparison operators eq this is the default comparison operator if no operator is specified returns results when an attribute is equal to the supplied value not eq returns results when an attribute is not equal to the supplied value lt returns results when an attribute is less than the supplied value lteq returns results when an attribute is less than or equal to the supplied value gt returns results when an attribute is greater than the supplied value gteq returns results when an attribute is greater than or equal to the supplied value examples filter\[report count]=5 filter\[report count eq]=5 filter\[report count not eq]=5 filter\[report count not lt]=100 filter\[report count not lteq]=101 filter\[report count not gt]=0 filter\[report count not gteq]=1 filter\[id]=1,2,3,4 filter\[id gteq]=5 string comparison operators the cofense triage api also permits string comparison operators in addition to the standard operators above start returns results when an attribute starts with the supplied value not start returns results when an attribute does not start with the supplied value end returns results when an attribute ends with the supplied value not end returns results when an attribute does not end with the supplied value cont returns results when an attribute contains the supplied value not cont returns results when an attribute does not contain the supplied value examples filter\[subject start]=congratulations filter\[subject not start]=voice filter\[subject end]=urgent payment filter\[subject not end]=payment filter\[subject cont]=gift,present filter\[subject not cont]=notification array comparison operators some resources have an array attribute that contains a list of values array attributes follow a common usage pattern, but the filters supported will vary reference the resource description for available filters any op returns resources where any value in the array matches the standard or string comparison operator ( op ) examples filter\[filenames any]= png filter\[filenames any start]=taco filter\[filenames any end]=png filter\[filenames any cont]=menu tag list comparison operators some resources have a tag list attribute that contains a list of triage tags that were applied to that resource for example, the report resourceʼs categorization tag list attribute contains any tags assigned to a report when the report was processed tag list attributes do not support the standard or string comparison operators attributes of this type support the following comparison operators any returns results when a resource is tagged with any of the specified tags all returns results when a resource is tagged with all of the specified tags none returns results when a resource is not tagged with any of the specified tags examples filter\[categorization tag list any]=tag1 filter\[categorization tag list any]=tag1,tag2 filter\[categorization tag list all]=tag1,tag3 filter\[categorization tag list none]=tag4 spare fieldsets all api resources can be instructed to only return specific attributes in the endpoint's response by using the fields query parameter limiting the amount of returned data in this way can improve the performance of the query the general fields syntax is as follows fields\[type]=attribute type is the name of the resource type attribute is the name of the attribute to return to return multiple attributes, specify attribute as a comma separated list for example fields\[reports]=name,address examples fields\[reports]=subject fields\[reports]=subject,match priority for more information, access the cofense triage api documentation with your cofense triage customer account \[here]\(https //community cofense com) this connector was last tested against product version api version 2 configurations oauth 2 0 client credentials authenticates using oauth 2 0 client credentials configuration parameters parameter description type required url server host address string required client id client id used for authentication string required client secret client secret used for authentication string required verify ssl verify ssl certificate boolean optional http proxy a proxy to route requests through string optional actions categorize a report categorizes a report in cofense triage using the specified report id, allowing for email responses and tagging endpoint url /api/public/v2/reports/{{id}}/categorize method post input argument name type required description id number required the category id data body object required response data data object required response data category id string required a category id property set to the unique identifier of the category outbound template id string optional an outbound template id property set to the unique identifier of the outbound template categorization tags array optional a categorization tags property set to an array of strings containing the tags to apply to the categorized report headers object required http headers for the request content type string required type of the resource output parameter type description status code number http status code of the response reason string response reason phrase example \[ { "status code" 204, "response headers" { "content length" "140", "content type" "application/json", "date" "tue, 19 dec 2023 20 37 23 gmt" }, "reason" "ok" } ] create a threat indicator generates a new threat indicator in cofense triage using the specified data body and headers endpoint url /api/public/v2/threat indicators method post input argument name type required description data body object required response data data object required response data id string optional an id property set to the unique identifier for the object type string required a type property set to threat indicators attributes object required an attributes section containing, at a minimum, these attributes threat level , threat type , and threat value threat level string required parameter for create a threat indicator threat type string required type of the resource threat value string required value for the parameter threat source string optional parameter for create a threat indicator created at string optional parameter for create a threat indicator updated at string optional parameter for create a threat indicator headers object required http headers for the request content type string required type of the resource output parameter type description status code number http status code of the response reason string response reason phrase data object response data id string unique identifier type string type of the resource links object output field links self string output field self attributes object output field attributes threat level string output field threat level threat type string type of the resource threat value string value for the parameter threat source string output field threat source created at string output field created at updated at string output field updated at relationships object output field relationships owner object output field owner links object output field links self string output field self related string output field related data object response data type string type of the resource id string unique identifier comments object output field comments links object output field links self string output field self example \[ { "status code" 201, "response headers" { "content length" "140", "content type" "application/json", "date" "tue, 19 dec 2023 20 37 23 gmt" }, "reason" "ok", "json body" { "data" {} } } ] create category creates a new category in cofense triage with the provided data body and headers endpoint url /api/public/v2/categories method post input argument name type required description data body object required response data data object required response data id string optional an id property set to the unique identifier for the object type string required a type property set to categories attributes object required an attributes section containing, at a minimum, these attributes name , score , and color name string required name of the resource score number required score value malicious boolean optional parameter for create category color string required parameter for create category headers object required http headers for the request content type string required type of the resource output parameter type description status code number http status code of the response reason string response reason phrase data object response data id string unique identifier type string type of the resource links object output field links self string output field self attributes object output field attributes name string name of the resource score number score value malicious boolean output field malicious color string output field color archived boolean output field archived created at string output field created at updated at string output field updated at relationships object output field relationships playbooks object output field playbooks links object output field links self string output field self related string output field related reports object output field reports links object output field links self string output field self related string output field related example \[ { "status code" 201, "response headers" { "content length" "140", "content type" "application/json", "date" "tue, 19 dec 2023 20 37 23 gmt" }, "reason" "ok", "json body" { "data" {} } } ] create response creates a new response in cofense triage using the specified data body, enabling targeted incident handling endpoint url /api/public/v2/responses method post input argument name type required description data body object required response data data object required response data id string optional unique identifier type string required type of the resource attributes object required parameter for create response name string required name of the resource subject string required parameter for create response body string required request body data output parameter type description status code number http status code of the response reason string response reason phrase data links self string response data data attributes bcc address string response data data type string response data data id number response data data relationships one clicks links self string response data data attributes cc address string response data raw json string output field raw json data attributes description string response data data attributes to other number response data data attributes to reporter number response data data attributes attach original number response data data relationships one clicks links related string response data data attributes updated at string response data data attributes to other address string response data data attributes name string response data data attributes created at string response data data attributes subject string response data data attributes body string response data example \[ { "status code" 200, "response headers" { "content length" "140", "content type" "application/json", "date" "tue, 19 dec 2023 20 37 23 gmt" }, "reason" "ok", "json body" { "data links self" "data links self", "data attributes bcc address" "data attributes bcc address", "data type" "data type", "data id" 1, "data relationships one clicks links self" "data relationships one clicks links self", "data attributes cc address" "data attributes cc address", "raw json" "raw json", "data attributes description" "data attributes description", "data attributes to other" 1, "data attributes to reporter" 2, "data attributes attach original" 3, "data relationships one clicks links related" "data relationships one clicks links related", "data attributes updated at" "data attributes updated at", "data attributes to other address" "data attributes to other address", "data attributes name" "data attributes name" } } ] delete to many relationship removes a specified to many relationship in cofense triage using resource type, id, and relationship name endpoint url /api/public/v2/{{resource type}}/{{id}}/relationships/{{relationship name}} method delete input argument name type required description resource type string required the value identified in the type section of the resource description id string required the resource id relationship name string required the plural name of the related resource, e g "categories", not "category" data body object required response data data array required response data id string required an id property set to the unique identifier for the related resource type string required a type property set to the type of the related resource headers object required http headers for the request content type string required type of the resource output parameter type description status code number http status code of the response reason string response reason phrase example \[ { "status code" 204, "response headers" { "content length" "140", "content type" "application/json", "date" "tue, 19 dec 2023 20 37 23 gmt" }, "reason" "ok" } ] delete to one relationship removes a specified to one relationship in cofense triage using the provided resource type, id, and relationship name endpoint url /api/public/v2/{{resource type}}/{{id}}/relationships/{{relationship name}} method delete input argument name type required description resource type string required the value identified in the type section of the resource description id string required the resource id relationship name string required the singular name of the related resource, e g "category", not "categories" output parameter type description status code number http status code of the response reason string response reason phrase example \[ { "status code" 204, "response headers" { "content length" "140", "content type" "application/json", "date" "tue, 19 dec 2023 20 37 23 gmt" }, "reason" "ok" } ] get a category retrieve detailed information for a specific category in cofense triage using the provided id endpoint url /api/public/v2/categories/{{id}} method get input argument name type required description id string required category resource id fields string optional optional field to apply to the list, i e fields\[type]=attribute output parameter type description status code number http status code of the response reason string response reason phrase data object response data id string unique identifier type string type of the resource links object output field links self string output field self attributes object output field attributes name string name of the resource score number score value malicious boolean output field malicious color string output field color archived boolean output field archived created at string output field created at updated at string output field updated at relationships object output field relationships playbooks object output field playbooks links object output field links self string output field self related string output field related reports object output field reports links object output field links self string output field self related string output field related example \[ { "status code" 200, "response headers" { "content length" "140", "content type" "application/json", "date" "tue, 19 dec 2023 20 37 23 gmt" }, "reason" "ok", "json body" { "data" {} } } ] get a cluster retrieves a specific cluster from cofense triage using the provided unique identifier (id) endpoint url /api/public/v2/clusters/{{id}} method get input argument name type required description id string required the id of the cluster to fetch fields string optional optional field to apply to the list, i e fields\[type]=attribute output parameter type description status code number http status code of the response reason string response reason phrase data object response data id string unique identifier type string type of the resource links object output field links self string output field self attributes object output field attributes risk score number score value first reported at string output field first reported at oldest unprocessed reported at string output field oldest unprocessed reported at last reported at string output field last reported at last received at string output field last received at last from address string output field last from address last subject string output field last subject average reporter reputation string output field average reporter reputation match priority number output field match priority tags array output field tags host source string output field host source attachments count number count value unprocessed reports count number count value processed reports count number count value total reports count number count value rules count number count value urls count number url endpoint for the request example \[ { "status code" 200, "response headers" { "content length" "140", "content type" "application/json", "date" "tue, 19 dec 2023 20 37 23 gmt" }, "reason" "ok", "json body" { "data" {} } } ] get a header retrieves header information for a specified id in cofense triage, utilizing the provided path parameter endpoint url /api/public/v2/headers/{{id}} method get input argument name type required description id string required the header id fields string optional optional field to apply to the list, i e fields\[type]=attribute output parameter type description status code number http status code of the response reason string response reason phrase data object response data id string unique identifier type string type of the resource links object output field links self string output field self attributes object output field attributes key string output field key value string value for the parameter created at string output field created at updated at string output field updated at relationships object output field relationships reports object output field reports links object output field links self string output field self related string output field related example \[ { "status code" 200, "response headers" { "content length" "140", "content type" "application/json", "date" "tue, 19 dec 2023 20 37 23 gmt" }, "reason" "ok", "json body" { "data" {} } } ] get a hostname retrieve detailed host information for a specified id from cofense triage using path parameters endpoint url /api/public/v2/hostnames/{{id}} method get input argument name type required description id string required the host id fields string optional optional field to apply to the list, i e fields\[type]=attribute output parameter type description status code number http status code of the response reason string response reason phrase data object response data id string unique identifier type string type of the resource links object output field links self string output field self attributes object output field attributes hostname string name of the resource risk score number score value created at string output field created at updated at string output field updated at relationships object output field relationships domain object output field domain links object output field links self string output field self related string output field related data object response data type string type of the resource id string unique identifier clusters object output field clusters links object output field links self string output field self related string output field related reports object output field reports example \[ { "status code" 200, "response headers" { "content length" "140", "content type" "application/json", "date" "tue, 19 dec 2023 20 37 23 gmt" }, "reason" "ok", "json body" { "data" {} } } ] get a report retrieves detailed information for a specific report in cofense triage using the unique identifier provided endpoint url /api/public/v2/reports/{{id}} method get input argument name type required description id string required the report id fields string optional optional field to apply to the list, i e fields\[type]=attribute output parameter type description status code number http status code of the response reason string response reason phrase data object response data id string unique identifier type string type of the resource links object output field links self string output field self attributes object output field attributes location string output field location risk score number score value from address string output field from address subject string output field subject received at string output field received at reported at string output field reported at raw headers string http headers for the request text body string request body data html body string request body data md5 string output field md5 sha256 string output field sha256 match priority number output field match priority attachments count number count value comments count number count value rules count number count value urls count number url endpoint for the request tags array output field tags example \[ { "status code" 200, "response headers" { "content length" "140", "content type" "application/json", "date" "tue, 19 dec 2023 20 37 23 gmt" }, "reason" "ok", "json body" { "data" {} } } ] get a reporter retrieves detailed information for a specific reporter in cofense triage using their unique id endpoint url /api/public/v2/reporters/{{id}} method get input argument name type required description id string required the reporter id fields string optional optional field to apply to the list, i e fields\[type]=attribute output parameter type description status code number http status code of the response reason string response reason phrase data object response data id string unique identifier type string type of the resource links object output field links self string output field self attributes object output field attributes email string output field email reports count number count value last reported at string output field last reported at reputation score number score value vip boolean output field vip created at string output field created at updated at string output field updated at relationships object output field relationships clusters object output field clusters links object output field links self string output field self related string output field related reports object output field reports links object output field links self string output field self related string output field related example \[ { "status code" 200, "response headers" { "content length" "140", "content type" "application/json", "date" "tue, 19 dec 2023 20 37 23 gmt" }, "reason" "ok", "json body" { "data" {} } } ] get a response retrieves a specific response from cofense triage using the provided unique identifier (id) endpoint url /api/public/v2/responses/{{id}} method get input argument name type required description id string required the response id output parameter type description status code number http status code of the response reason string response reason phrase attributes attach original number output field attributes attach original links self string output field links self attributes name string name of the resource raw json string output field raw json attributes body string request body data attributes subject string output field attributes subject attributes to reporter number output field attributes to reporter relationships one clicks links related string output field relationships one clicks links related relationships one clicks links self string output field relationships one clicks links self id number unique identifier attributes updated at string output field attributes updated at type string type of the resource attributes to other number output field attributes to other attributes created at string output field attributes created at example \[ { "status code" 200, "response headers" { "content length" "140", "content type" "application/json", "date" "tue, 19 dec 2023 20 37 23 gmt" }, "reason" "ok", "json body" { "attributes attach original" 1, "links self" "links self", "attributes name" "attributes name", "raw json" "raw json", "attributes body" "attributes body", "attributes subject" "attributes subject", "attributes to reporter" 1, "relationships one clicks links related" "relationships one clicks links related", "relationships one clicks links self" "relationships one clicks links self", "id" 1, "attributes updated at" "attributes updated at", "type" "type", "attributes to other" 2, "attributes created at" "attributes created at" } } ] get a rule retrieves a specific cofense triage rule by its unique identifier (id) endpoint url /api/public/v2/rules/{{id}} method get input argument name type required description id string required the id of the rule to fetch fields string optional optional field to apply to the list, i e fields\[type]=attribute output parameter type description status code number http status code of the response reason string response reason phrase data object response data id string unique identifier type string type of the resource links object output field links self string output field self attributes object output field attributes name string name of the resource description string output field description priority number output field priority tags array output field tags scope string output field scope author name string name of the resource rule context string output field rule context active boolean output field active content string response content time to live string output field time to live share with cofense boolean output field share with cofense reports count number count value imported at string output field imported at created at string output field created at updated at string output field updated at relationships object output field relationships cluster context object output field cluster context example \[ { "status code" 200, "response headers" { "content length" "140", "content type" "application/json", "date" "tue, 19 dec 2023 20 37 23 gmt" }, "reason" "ok", "json body" { "data" {} } } ] get a threat indicator retrieve a specific threat indicator from cofense triage using the provided unique identifier endpoint url /api/public/v2/threat indicators/{{id}} method get input argument name type required description id string required the id of the indicator to fetch fields string optional parameter for get a threat indicator output parameter type description status code number http status code of the response reason string response reason phrase data object response data id string unique identifier type string type of the resource links object output field links self string output field self attributes object output field attributes threat level string output field threat level threat type string type of the resource threat value string value for the parameter threat source string output field threat source created at string output field created at updated at string output field updated at relationships object output field relationships owner object output field owner links object output field links self string output field self related string output field related data object response data type string type of the resource id string unique identifier comments object output field comments links object output field links self string output field self example \[ { "status code" 200, "response headers" { "content length" "140", "content type" "application/json", "date" "tue, 19 dec 2023 20 37 23 gmt" }, "reason" "ok", "json body" { "data" {} } } ] get a url retrieves detailed information for a specific url in cofense triage using the unique identifier (id) provided endpoint url /api/public/v2/urls/{{id}} method get input argument name type required description id string required the url id fields string optional parameter for get a url output parameter type description status code number http status code of the response reason string response reason phrase data object response data id string unique identifier type string type of the resource links object output field links self string output field self attributes object output field attributes url string url endpoint for the request risk score number score value created at string output field created at updated at string output field updated at relationships object output field relationships domain object output field domain links object output field links self string output field self related string output field related hostname object name of the resource links object output field links self string output field self related string output field related data object response data type string type of the resource id string unique identifier clusters object output field clusters example \[ { "status code" 200, "response headers" { "content length" "140", "content type" "application/json", "date" "tue, 19 dec 2023 20 37 23 gmt" }, "reason" "ok", "json body" { "data" {} } } ] get an attachment retrieves a specific attachment from cofense triage using the provided resource id endpoint url /api/public/v2/attachments/{{id}} method get input argument name type required description id string required id of the resource to which the attachment belongs fields string optional parameter for get an attachment output parameter type description status code number http status code of the response reason string response reason phrase data object response data id string unique identifier type string type of the resource links object output field links self string output field self attributes object output field attributes filename string name of the resource size number output field size is child boolean output field is child created at string output field created at updated at string output field updated at relationships object output field relationships attachment payload object output field attachment payload links object output field links self string output field self related string output field related data object response data type string type of the resource id string unique identifier parent object output field parent links object output field links self string output field self related string output field related example \[ { "status code" 200, "response headers" { "content length" "140", "content type" "application/json", "date" "tue, 19 dec 2023 20 37 23 gmt" }, "reason" "ok", "json body" { "data" {} } } ] get an operator retrieves details for a specific operator in cofense triage using the provided unique id endpoint url /api/public/v2/operators/{{id}} method get input argument name type required description id string required the id of the operator to fetch fields string optional optional field, i e fields\[type]=attribute output parameter type description status code number http status code of the response reason string response reason phrase data object response data id string unique identifier type string type of the resource links object output field links self string output field self attributes object output field attributes email string output field email first name string name of the resource last name string name of the resource nickname string name of the resource time zone string output field time zone permissions object output field permissions triage string output field triage vision string output field vision sso enabled boolean output field sso enabled two factor enabled boolean output field two factor enabled locked boolean output field locked sign in count number count value last sign in at string output field last sign in at password changed at string output field password changed at created at string output field created at updated at string output field updated at relationships object output field relationships example \[ { "status code" 200, "response headers" { "content length" "140", "content type" "application/json", "date" "tue, 19 dec 2023 20 37 23 gmt" }, "reason" "ok", "json body" { "data" {} } } ] get attachment list retrieve a list of attachments from cofense triage for further analysis or processing endpoint url /api/public/v2/attachments method get input argument name type required description page string optional optional page to apply to the list i e page\[number]=value1\&page\[size]=value2 page\[number] is the page number to return the default is 1 page\[size] is the number of returned objects to display per page valid values are 1 through 200 the default is 20 sort string optional optional sorting filter to apply to the list; must be a comma separated string to sort an attribute in descending order, prefix the attribute with a hyphen (for example, sort= name) filter string optional optional filter to apply to the list; more than one filter can be defined, i e filter\[attribute1 op]=value1\&filter\[attribute2 op]=value2 see readme for further details limit number optional maximum number of results to return defaults to all results fields string optional optional field to apply to the list, i e fields\[type]=attribute output parameter type description status code number http status code of the response reason string response reason phrase data array response data id string unique identifier type string type of the resource links object output field links self string output field self attributes object output field attributes filename string name of the resource size number output field size is child boolean output field is child created at string output field created at updated at string output field updated at relationships object output field relationships attachment payload object output field attachment payload links object output field links self string output field self related string output field related data object response data type string type of the resource id string unique identifier parent object output field parent links object output field links self string output field self related string output field related example \[ { "status code" 200, "response headers" { "content length" "140", "content type" "application/json", "date" "tue, 19 dec 2023 20 37 23 gmt" }, "reason" "ok", "json body" { "data" \[] } } ] get attachment payload retrieves the payload of an attachment from cofense triage using a specified id endpoint url /api/public/v2/attachment payloads/{{id}} method get input argument name type required description id string required id of the resource to which the attachment payload belongs fields string optional optional field to apply to the list, i e fields\[type]=attribute output parameter type description status code number http status code of the response reason string response reason phrase data object response data id string unique identifier type string type of the resource links object output field links self string output field self attributes object output field attributes mime type string type of the resource md5 string output field md5 sha256 string output field sha256 risk score number score value created at string output field created at updated at string output field updated at relationships object output field relationships attachments object output field attachments links object output field links self string output field self related string output field related clusters object output field clusters links object output field links self string output field self related string output field related integration submissions object output field integration submissions links object output field links example \[ { "status code" 200, "response headers" { "content length" "140", "content type" "application/json", "date" "tue, 19 dec 2023 20 37 23 gmt" }, "reason" "ok", "json body" { "data" {} } } ] get attachment payload list retrieve a list of attachment payloads from cofense triage for analysis or processing endpoint url /api/public/v2/attachment payloads method get input argument name type required description page string optional optional page to apply to the list i e page\[number]=value1\&page\[size]=value2 page\[number] is the page number to return the default is 1 page\[size] is the number of returned objects to display per page valid values are 1 through 200 the default is 20 sort string optional optional sorting filter to apply to the list; must be a comma separated string to sort an attribute in descending order, prefix the attribute with a hyphen (for example, sort= d) filter string optional optional filter to apply to the list; more than one filter can be defined, i e filter\[attribute1 op]=value1\&filter\[attribute2 op]=value2 see readme for further details limit number optional maximum number of results to return defaults to all results fields string optional optional field to apply to the list, i e fields\[type]=attribute output parameter type description status code number http status code of the response reason string response reason phrase data array response data id string unique identifier type string type of the resource links object output field links self string output field self attributes object output field attributes mime type string type of the resource md5 string output field md5 sha256 string output field sha256 risk score number score value created at string output field created at updated at string output field updated at relationships object output field relationships attachments object output field attachments links object output field links self string output field self related string output field related clusters object output field clusters links object output field links self string output field self related string output field related integration submissions object output field integration submissions links object output field links example \[ { "status code" 200, "response headers" { "content length" "140", "content type" "application/json", "date" "tue, 19 dec 2023 20 37 23 gmt" }, "reason" "ok", "json body" { "data" \[] } } ] get category list retrieve and classify a list of categories from cofense triage to organize reports effectively endpoint url /api/public/v2/categories method get input argument name type required description page string optional optional page to apply to the list i e page\[number]=value1\&page\[size]=value2 page\[number] is the page number to return the default is 1 page\[size] is the number of returned objects to display per page valid values are 1 through 200 the default is 20 sort string optional optional sorting filter to apply to the list; must be a comma separated string to sort an attribute in descending order, prefix the attribute with a hyphen (for example, sort= d) filter string optional optional filter to apply to the list; more than one filter can be defined, i e filter\[attribute1 op]=value1\&filter\[attribute2 op]=value2 see readme for further details limit number optional maximum number of results to return defaults to all results fields string optional optional field to apply to the list, i e fields\[type]=attribute output parameter type description status code number http status code of the response reason string response reason phrase data array response data id string unique identifier type string type of the resource links object output field links self string output field self attributes object output field attributes name string name of the resource score number score value malicious boolean output field malicious color string output field color archived boolean output field archived created at string output field created at updated at string output field updated at relationships object output field relationships playbooks object output field playbooks links object output field links self string output field self related string output field related reports object output field reports links object output field links self string output field self related string output field related example \[ { "status code" 200, "response headers" { "content length" "140", "content type" "application/json", "date" "tue, 19 dec 2023 20 37 23 gmt" }, "reason" "ok", "json body" { "data" \[] } } ] get comments lists all comments within cofense triage, providing a comprehensive overview of user feedback and annotations endpoint url /api/public/v2/comments method get input argument name type required description sort string optional parameter for get comments filter\[tags any] string optional parameter for get comments filter\[created at gt] string optional parameter for get comments page\[size] string optional parameter for get comments output parameter type description status code number http status code of the response reason string response reason phrase data array response data file name string name of the resource file string output field file meta object output field meta record count number count value page count number count value links object output field links first string output field first last string output field last example \[ { "status code" 200, "response headers" { "date" "mon, 02 sep 2024 08 51 33 gmt", "content type" "application/vnd api+json", "transfer encoding" "chunked", "connection" "keep alive", "x frame options" "sameorigin", "x xss protection" "1; mode=block", "x content type options" "nosniff", "x download options" "noopen", "x permitted cross domain policies" "none", "referrer policy" "strict origin when cross origin", "vary" "accept, origin", "etag" "w/\\"acbbf2b0841e547967b280c8f81aff6f\\"", "cache control" "max age=0, private, must revalidate", "content security policy report only" "default src 'self' triage insights cofense triage com; font src 'self' data ; im ", "x request id" "cb702bdb 99e1 4cd5 9d54 25a8e1f19338" }, "reason" "ok", "json body" { "data" \[], "meta" {}, "links" {} } } ] get download original file retrieve the original file from cofense triage using a specific resource id endpoint url /api/public/v2/reports/{{id}}/download method get input argument name type required description id string required the report id output parameter type description status code number http status code of the response reason string response reason phrase file array output field file file name string name of the resource file string output field file example \[ { "status code" 200, "response headers" { "content length" "140", "content type" "application/json", "date" "tue, 19 dec 2023 20 37 23 gmt" }, "reason" "ok", "file" \[] } ] get download preview(jpg) retrieve a jpeg preview of a report from cofense triage using the provided report id endpoint url /api/public/v2/reports/{{id}}/download jpg method get input argument name type required description id string required the report id output parameter type description status code number http status code of the response reason string response reason phrase example \[ { "status code" 200, "response headers" { "content length" "140", "content type" "application/json", "date" "tue, 19 dec 2023 20 37 23 gmt" }, "reason" "ok", "json body" {} } ] get download preview(png) retrieve a png preview of a specific report from cofense triage using the provided report id endpoint url /api/public/v2/reports/{{id}}/download png method get input argument name type required description id string required the report id output parameter type description status code number http status code of the response reason string response reason phrase example \[ { "status code" 200, "response headers" { "content length" "140", "content type" "application/json", "date" "tue, 19 dec 2023 20 37 23 gmt" }, "reason" "ok", "json body" {} } ] get email preview image (png) downloads a png preview image of an email from cofense triage using a unique identifier endpoint url /api/public/v2/reports/{{id}}/download png method get input argument name type required description id string required the id of the report containing the email to generate the preview from output parameter type description status code number http status code of the response reason string response reason phrase file array output field file file name string name of the resource file string output field file example \[ { "status code" 200, "response headers" { "content length" "140", "content type" "application/json", "date" "tue, 19 dec 2023 20 37 23 gmt" }, "reason" "ok", "file" \[] } ] get header list retrieves a list of email headers from cofense triage for further analysis endpoint url /api/public/v2/headers method get input argument name type required description page string optional optional page to apply to the list i e page\[number]=value1\&page\[size]=value2 page\[number] is the page number to return the default is 1 page\[size] is the number of returned objects to display per page valid values are 1 through 200 the default is 20 sort string optional optional sorting filter to apply to the list; must be a comma separated string to sort an attribute in descending order, prefix the attribute with a hyphen (for example, sort= name) filter string optional optional filter to apply to the list; more than one filter can be defined, i e filter\[attribute1 op]=value1\&filter\[attribute2 op]=value2 see readme for further details limit number optional maximum number of results to return defaults to all results fields string optional optional field to apply to the list, i e fields\[type]=attribute output parameter type description status code number http status code of the response reason string response reason phrase data array response data id string unique identifier type string type of the resource links object output field links self string output field self attributes object output field attributes key string output field key value string value for the parameter created at string output field created at updated at string output field updated at relationships object output field relationships reports object output field reports links object output field links self string output field self related string output field related example \[ { "status code" 200, "response headers" { "content length" "140", "content type" "application/json", "date" "tue, 19 dec 2023 20 37 23 gmt" }, "reason" "ok", "json body" { "data" \[] } } ] get hostnames list retrieve a comprehensive list of hostnames from cofense triage for enhanced analysis or investigative purposes endpoint url /api/public/v2/hostnames method get input argument name type required description page string optional optional page to apply to the list i e page\[number]=value1\&page\[size]=value2 page\[number] is the page number to return the default is 1 page\[size] is the number of returned objects to display per page valid values are 1 through 200 the default is 20 sort string optional optional sorting filter to apply to the list; must be a comma separated string to sort an attribute in descending order, prefix the attribute with a hyphen (for example, sort= d) filter string optional optional filter to apply to the list; more than one filter can be defined, i e filter\[attribute1 op]=value1\&filter\[attribute2 op]=value2 see readme for further details limit number optional maximum number of results to return defaults to all results fields string optional optional field to apply to the list, i e fields\[type]=attribute output parameter type description status code number http status code of the response reason string response reason phrase data array response data id string unique identifier type string type of the resource links object output field links self string output field self attributes object output field attributes hostname string name of the resource risk score number score value created at string output field created at updated at string output field updated at relationships object output field relationships domain object output field domain links object output field links self string output field self related string output field related data object response data type string type of the resource id string unique identifier clusters object output field clusters links object output field links self string output field self related string output field related reports object output field reports example \[ { "status code" 200, "response headers" { "content length" "140", "content type" "application/json", "date" "tue, 19 dec 2023 20 37 23 gmt" }, "reason" "ok", "json body" { "data" \[] } } ] get relationship to many retrieves to many relationship data for a specified resource in cofense triage, utilizing the relationship name, id, and resource type endpoint url /api/public/v2/{{resource type}}/{{id}}/{{relationship name}} method get input argument name type required description relationship name string required the plural name of the related resource id string required the resource id resource type string required the value identified in the type section of the resource description output parameter type description status code number http status code of the response reason string response reason phrase attributes updated at string output field attributes updated at relationships reports links related string output field relationships reports links related links self string output field links self attributes score number score value type string type of the resource raw json string output field raw json relationships reports links self string output field relationships reports links self relationships one clicks links self string output field relationships one clicks links self attributes malicious number output field attributes malicious attributes color string output field attributes color relationships one clicks links related string output field relationships one clicks links related attributes created at string output field attributes created at attributes name string name of the resource id number unique identifier attributes archived number output field attributes archived example \[ { "status code" 200, "response headers" { "content length" "140", "content type" "application/json", "date" "tue, 19 dec 2023 20 37 23 gmt" }, "reason" "ok", "json body" { "attributes updated at" "attributes updated at", "relationships reports links related" "relationships reports links related", "links self" "links self", "attributes score" 1, "type" "type", "raw json" "raw json", "relationships reports links self" "relationships reports links self", "relationships one clicks links self" "relationships one clicks links self", "attributes malicious" 3, "attributes color" "attributes color", "relationships one clicks links related" "relationships one clicks links related", "attributes created at" "attributes created at", "attributes name" "attributes name", "id" 1, "attributes archived" 2 } } ] get relationship to one retrieves to one relationship data in cofense triage by specifying the relationship name, id, and resource type endpoint url /api/public/v2/{{resource type}}/{{id}}/{{relationship name}} method get input argument name type required description relationship name string required the singular name of the related resource, e g "category", not "categories" id string required the resource id resource type string required the value identified in the type section of the resource description output parameter type description status code number http status code of the response reason string response reason phrase attributes updated at string output field attributes updated at relationships reports links related string output field relationships reports links related links self string output field links self attributes score number score value type string type of the resource raw json string output field raw json relationships reports links self string output field relationships reports links self relationships one clicks links self string output field relationships one clicks links self attributes malicious number output field attributes malicious attributes color string output field attributes color relationships one clicks links related string output field relationships one clicks links related attributes created at string output field attributes created at attributes name string name of the resource id number unique identifier attributes archived number output field attributes archived example \[ { "status code" 200, "response headers" { "content length" "140", "content type" "application/json", "date" "tue, 19 dec 2023 20 37 23 gmt" }, "reason" "ok", "json body" { "attributes updated at" "attributes updated at", "relationships reports links related" "relationships reports links related", "links self" "links self", "attributes score" 1, "type" "type", "raw json" "raw json", "relationships reports links self" "relationships reports links self", "relationships one clicks links self" "relationships one clicks links self", "attributes malicious" 3, "attributes color" "attributes color", "relationships one clicks links related" "relationships one clicks links related", "attributes created at" "attributes created at", "attributes name" "attributes name", "id" 1, "attributes archived" 2 } } ] get report list retrieve a detailed list of reports from cofense triage, including identifiers, status, and threat levels endpoint url /api/public/v2/reports method get input argument name type required description page string optional optional page to apply to the list i e page\[number]=value1\&page\[size]=value2 page\[number] is the page number to return the default is 1 page\[size] is the number of returned objects to display per page valid values are 1 through 200 the default is 20 sort string optional optional sorting filter to apply to the list; must be a comma separated string to sort an attribute in descending order, prefix the attribute with a hyphen (for example, sort= d) filter string optional optional filter to apply to the list; more than one filter can be defined, i e filter\[attribute1 op]=value1\&filter\[attribute2 op]=value2 see readme for further details limit number optional maximum number of results to return defaults to all results fields string optional optional field to apply to the list, i e fields\[type]=attribute output parameter type description status code number http status code of the response reason string response reason phrase data array response data id string unique identifier type string type of the resource links object output field links self string output field self attributes object output field attributes location string output field location risk score number score value from address string output field from address subject string output field subject received at string output field received at reported at string output field reported at raw headers string http headers for the request text body string request body data html body string request body data md5 string output field md5 sha256 string output field sha256 match priority number output field match priority attachments count number count value comments count number count value rules count number count value urls count number url endpoint for the request tags array output field tags example \[ { "status code" 200, "response headers" { "content length" "140", "content type" "application/json", "date" "tue, 19 dec 2023 20 37 23 gmt" }, "reason" "ok", "json body" { "data" \[] } } ] get reporter list retrieve a detailed list of reporters from cofense triage, including contact information and report history endpoint url /api/public/v2/reporters method get input argument name type required description page string optional optional page to apply to the list i e page\[number]=value1\&page\[size]=value2 page\[number] is the page number to return the default is 1 page\[size] is the number of returned objects to display per page valid values are 1 through 200 the default is 20 sort string optional optional sorting filter to apply to the list; must be a comma separated string to sort an attribute in descending order, prefix the attribute with a hyphen (for example, sort= d) filter string optional optional filter to apply to the list; more than one filter can be defined, i e filter\[attribute1 op]=value1\&filter\[attribute2 op]=value2 see readme for further details limit number optional maximum number of results to return defaults to all results fields string optional optional field to apply to the list, i e fields\[type]=attribute output parameter type description status code number http status code of the response reason string response reason phrase data array response data id string unique identifier type string type of the resource links object output field links self string output field self attributes object output field attributes email string output field email reports count number count value last reported at string output field last reported at reputation score number score value vip boolean output field vip created at string output field created at updated at string output field updated at relationships object output field relationships clusters object output field clusters links object output field links self string output field self related string output field related reports object output field reports links object output field links self string output field self related string output field related example \[ { "status code" 200, "response headers" { "content length" "140", "content type" "application/json", "date" "tue, 19 dec 2023 20 37 23 gmt" }, "reason" "ok", "json body" { "data" \[] } } ] get response list retrieve an overview of all available response actions from cofense triage endpoint url /api/public/v2/responses method get input argument name type required description page string optional optional page to apply to the list i e page\[number]=value1\&page\[size]=value2 page\[number] is the page number to return the default is 1 page\[size] is the number of returned objects to display per page valid values are 1 through 200 the default is 20 sort string optional optional sorting filter to apply to the list; must be a comma separated string to sort an attribute in descending order, prefix the attribute with a hyphen (for example, sort= d) filter string optional optional filter to apply to the list; more than one filter can be defined, i e filter\[attribute1 op]=value1\&filter\[attribute2 op]=value2 see readme for further details limit number optional maximum number of results to return defaults to all results fields string optional optional field to apply to the list, i e fields\[type]=attribute output parameter type description status code number http status code of the response reason string response reason phrase attributes attach original number output field attributes attach original attributes to other number output field attributes to other links self string output field links self type string type of the resource raw json string output field raw json attributes updated at string output field attributes updated at attributes subject string output field attributes subject attributes to reporter number output field attributes to reporter relationships one clicks links related string output field relationships one clicks links related id number unique identifier relationships one clicks links self string output field relationships one clicks links self attributes name string name of the resource attributes body string request body data attributes created at string output field attributes created at example \[ { "status code" 200, "response headers" { "content length" "140", "content type" "application/json", "date" "tue, 19 dec 2023 20 37 23 gmt" }, "reason" "ok", "json body" { "attributes attach original" 1, "attributes to other" 1, "links self" "links self", "type" "type", "raw json" "raw json", "attributes updated at" "attributes updated at", "attributes subject" "attributes subject", "attributes to reporter" 1, "relationships one clicks links related" "relationships one clicks links related", "id" 1, "relationships one clicks links self" "relationships one clicks links self", "attributes name" "attributes name", "attributes body" "attributes body", "attributes created at" "attributes created at" } } ] get rule list fetches the list of rules from cofense triage for analysis and processing endpoint url /api/public/v2/rules method get input argument name type required description page string optional optional page to apply to the list i e page\[number]=value1\&page\[size]=value2 page\[number] is the page number to return the default is 1 page\[size] is the number of returned objects to display per page valid values are 1 through 200 the default is 20 sort string optional optional sorting filter to apply to the list; must be a comma separated string to sort an attribute in descending order, prefix the attribute with a hyphen (for example, sort= d) filter string optional optional filter to apply to the list; more than one filter can be defined, i e filter\[attribute1 op]=value1\&filter\[attribute2 op]=value2 see readme for further details limit number optional maximum number of results to return defaults to all results fields string optional optional field to apply to the list, i e fields\[type]=attribute output parameter type description status code number http status code of the response reason string response reason phrase data array response data id string unique identifier type string type of the resource links object output field links self string output field self attributes object output field attributes name string name of the resource description string output field description priority number output field priority tags array output field tags scope string output field scope author name string name of the resource rule context string output field rule context active boolean output field active content string response content time to live string output field time to live share with cofense boolean output field share with cofense reports count number count value imported at string output field imported at created at string output field created at updated at string output field updated at relationships object output field relationships cluster context object output field cluster context example \[ { "status code" 200, "response headers" { "content length" "140", "content type" "application/json", "date" "tue, 19 dec 2023 20 37 23 gmt" }, "reason" "ok", "json body" { "data" \[] } } ] get status retrieve the current operational health and performance metrics from cofense triage endpoint url /api/public/v2/system/status method get output parameter type description status code number http status code of the response reason string response reason phrase data object response data health object output field health cpu usage percent string output field cpu usage percent memory in kilobytes object output field memory in kilobytes total memory number output field total memory used memory number output field used memory active memory number output field active memory inactive memory number output field inactive memory free memory number output field free memory partition used percent object output field partition used percent /dev/mapper/triage root string output field /dev/mapper/triage root devtmpfs string output field devtmpfs /dev/sda1 string output field /dev/sda1 /dev/mapper/triage pgsqldumps string output field /dev/mapper/triage pgsqldumps /dev/mapper/triage varlibpgsql string output field /dev/mapper/triage varlibpgsql /dev/mapper/triage srv string output field /dev/mapper/triage srv /dev/mapper/triage pgsqlbu string output field /dev/mapper/triage pgsqlbu last time ingested string output field last time ingested last user login string output field last user login license expiration string output field license expiration status object status value mail account worker boolean output field mail account worker postgresql boolean output field postgresql example \[ { "status code" 200, "response headers" { "content length" "140", "content type" "application/json", "date" "tue, 19 dec 2023 20 37 23 gmt" }, "reason" "ok", "json body" { "data" {} } } ] get threat indicator list retrieve a list of indicators of compromise (iocs) classified as malicious, suspicious, or benign from cofense triage endpoint url /api/public/v2/threat indicators method get input argument name type required description page string optional optional page to apply to the list i e page\[number]=value1\&page\[size]=value2 page\[number] is the page number to return the default is 1 page\[size] is the number of returned objects to display per page valid values are 1 through 200 the default is 20 sort string optional optional sorting filter to apply to the list; must be a comma separated string to sort an attribute in descending order, prefix the attribute with a hyphen (for example, sort= d) filter string optional optional filter to apply to the list; more than one filter can be defined, i e filter\[attribute1 op]=value1\&filter\[attribute2 op]=value2 see readme for further details limit number optional maximum number of results to return defaults to all results fields string optional optional field to apply to the list, i e fields\[type]=attribute output parameter type description status code number http status code of the response reason string response reason phrase data array response data id string unique identifier type string type of the resource links object output field links self string output field self attributes object output field attributes threat level string output field threat level threat type string type of the resource threat value string value for the parameter threat source string output field threat source created at string output field created at updated at string output field updated at relationships object output field relationships owner object output field owner links object output field links self string output field self related string output field related data object response data type string type of the resource id string unique identifier comments object output field comments links object output field links self string output field self example \[ { "status code" 200, "response headers" { "content length" "140", "content type" "application/json", "date" "tue, 19 dec 2023 20 37 23 gmt" }, "reason" "ok", "json body" { "data" \[] } } ] get url list retrieve a comprehensive list of urls from cofense triage for subsequent analysis or action endpoint url /api/public/v2/urls method get input argument name type required description page string optional optional page to apply to the list i e page\[number]=value1\&page\[size]=value2 page\[number] is the page number to return the default is 1 page\[size] is the number of returned objects to display per page valid values are 1 through 200 the default is 20 sort string optional optional sorting filter to apply to the list; must be a comma separated string to sort an attribute in descending order, prefix the attribute with a hyphen (for example, sort= d) filter string optional optional filter to apply to the list; more than one filter can be defined, i e filter\[attribute1 op]=value1\&filter\[attribute2 op]=value2 see readme for further details limit number optional maximum number of results to return defaults to all results fields string optional optional field to apply to the list, i e fields\[type]=attribute output parameter type description status code number http status code of the response reason string response reason phrase data array response data id string unique identifier type string type of the resource links object output field links self string output field self attributes object output field attributes url string url endpoint for the request risk score number score value created at string output field created at updated at string output field updated at relationships object output field relationships domain object output field domain links object output field links self string output field self related string output field related hostname object name of the resource links object output field links self string output field self related string output field related data object response data type string type of the resource id string unique identifier clusters object output field clusters example \[ { "status code" 200, "response headers" { "content length" "140", "content type" "application/json", "date" "tue, 19 dec 2023 20 37 23 gmt" }, "reason" "ok", "json body" { "data" \[] } } ] update a category updates a specific cofense triage category by id, requiring path parameters and data body with attributes endpoint url /api/public/v2/categories/{{id}} method put input argument name type required description id string required the category id data body object required response data data object required response data id string required an id property set to the unique identifier for the object type string required a type property set to categories attributes object required an attributes section containing the attributes to update name string optional name of the resource score number optional score value malicious boolean optional parameter for update a category color string optional parameter for update a category headers object required http headers for the request content type string required type of the resource output parameter type description status code number http status code of the response reason string response reason phrase data object response data id string unique identifier type string type of the resource links object output field links self string output field self attributes object output field attributes name string name of the resource score number score value malicious boolean output field malicious color string output field color archived boolean output field archived created at string output field created at updated at string output field updated at relationships object output field relationships playbooks object output field playbooks links object output field links self string output field self related string output field related reports object output field reports links object output field links self string output field self related string output field related example \[ { "status code" 200, "response headers" { "content length" "140", "content type" "application/json", "date" "tue, 19 dec 2023 20 37 23 gmt" }, "reason" "ok", "json body" { "data" {} } } ] update a report updates a specific cofense triage report by id with provided attributes, including path parameters and data body endpoint url /api/public/v2/reports/{{id}} method put input argument name type required description id string required the report id data body object required response data data object required response data id string required an id property set to the unique identifier for the object type string required a type property set to reports attributes object required an attributes section containing the attributes to update tags array required parameter for update a report headers object required http headers for the request content type string required type of the resource output parameter type description status code number http status code of the response reason string response reason phrase data object response data id string unique identifier type string type of the resource links object output field links self string output field self attributes object output field attributes location string output field location risk score number score value from address string output field from address subject string output field subject received at string output field received at reported at string output field reported at raw headers string http headers for the request text body string request body data html body string request body data md5 string output field md5 sha256 string output field sha256 match priority number output field match priority attachments count number count value comments count number count value rules count number count value urls count number url endpoint for the request tags array output field tags example \[ { "status code" 200, "response headers" { "content length" "140", "content type" "application/json", "date" "tue, 19 dec 2023 20 37 23 gmt" }, "reason" "ok", "json body" { "data" {} } } ] update a response updates a specific response in cofense triage using the provided id and attributes, including path parameters and data body endpoint url /api/public/v2/responses/{{id}} method put input argument name type required description id string required the response id data body object required response data data object required response data id string required unique identifier type string required type of the resource attributes object required parameter for update a response name string optional name of the resource description string optional parameter for update a response to reporter boolean optional parameter for update a response headers object required http headers for the request content type string required type of the resource output parameter type description status code number http status code of the response reason string response reason phrase data links self string response data data attributes bcc address string response data data type string response data data id number response data data relationships one clicks links self string response data data attributes cc address string response data raw json string output field raw json data attributes description string response data data attributes to other number response data data attributes to reporter number response data data attributes attach original number response data data relationships one clicks links related string response data data attributes updated at string response data data attributes to other address string response data data attributes name string response data data attributes created at string response data data attributes subject string response data data attributes body string response data example \[ { "status code" 200, "response headers" { "content length" "140", "content type" "application/json", "date" "tue, 19 dec 2023 20 37 23 gmt" }, "reason" "ok", "json body" { "data links self" "data links self", "data attributes bcc address" "data attributes bcc address", "data type" "data type", "data id" 1, "data relationships one clicks links self" "data relationships one clicks links self", "data attributes cc address" "data attributes cc address", "raw json" "raw json", "data attributes description" "data attributes description", "data attributes to other" 2, "data attributes to reporter" 3, "data attributes attach original" 4, "data relationships one clicks links related" "data relationships one clicks links related", "data attributes updated at" "data attributes updated at", "data attributes to other address" "data attributes to other address", "data attributes name" "data attributes name" } } ] update a threat indicator updates a specific threat indicator in cofense triage using the provided id and attribute data, including necessary headers endpoint url /api/public/v2/threat indicators/{{id}} method put input argument name type required description id string required the id of the indicator to fetch data body object required response data data object required response data id string required an id property set to the unique identifier for the object type string required a type property set to threat indicators attributes object required an attributes section containing the attributes to update threat level string required parameter for update a threat indicator threat source string required parameter for update a threat indicator headers object required http headers for the request content type string required type of the resource output parameter type description status code number http status code of the response reason string response reason phrase data object response data id string unique identifier type string type of the resource links object output field links self string output field self attributes object output field attributes threat level string output field threat level threat type string type of the resource threat value string value for the parameter threat source string output field threat source created at string output field created at updated at string output field updated at relationships object output field relationships owner object output field owner links object output field links self string output field self related string output field related data object response data type string type of the resource id string unique identifier comments object output field comments links object output field links self string output field self example \[ { "status code" 200, "response headers" { "content length" "140", "content type" "application/json", "date" "tue, 19 dec 2023 20 37 23 gmt" }, "reason" "ok", "json body" { "data" {} } } ] update to many relationship updates a 'to many' relationship for a specified resource in cofense triage using path parameters and a data body endpoint url /api/public/v2/{{resource type}}/{{id}}/relationships/{{relationship name}} method post input argument name type required description resource type string required resource type is the value identified in the type section of the resource description id string required resource id is the unique identifier of an instance of the resource relationship name string required relationship name is the name of the relationship the plural name of the related resource, e g "categories", not "category" data body object required response data data array required response data id string required an id property set to the unique identifier for the related resource type string required a type property set to the type of the related resource headers object required http headers for the request content type string required type of the resource output parameter type description status code number http status code of the response reason string response reason phrase example \[ { "status code" 204, "response headers" { "content length" "140", "content type" "application/json", "date" "tue, 19 dec 2023 20 37 23 gmt" }, "reason" "ok" } ] update to one relationship updates a specific to one relationship in cofense triage using the provided resource type, id, and relationship name endpoint url /api/public/v2/{{resource type}}/{{id}}/relationships/{{relationship name}} method patch input argument name type required description resource type string required the value identified in the type section of the resource description id string required set to the unique identifier for the related resource relationship name string required relationship name is the name of the relationship the singular name of the related resource, e g "category", not "categories" data body object required response data data object required response data id string required an id property set to the unique identifier for the related resource type string required property set to the type of the related resource output parameter type description status code number http status code of the response reason string response reason phrase example \[ { "status code" 204, "response headers" { "content length" "140", "content type" "application/json", "date" "tue, 19 dec 2023 20 37 23 gmt" }, "reason" "ok" } ] response headers header description example alt svc http response header alt svc h3=" 443 "; ma=86400 cache control directives for caching mechanisms max age=0, private, must revalidate cf cache status http response header cf cache status dynamic cf ray http response header cf ray 8bcc4241ecfca053 sin connection http response header connection keep alive content encoding http response header content encoding gzip content length the length of the response body in bytes 140 content security policy report only http response header content security policy report only default src 'self' triage insights cofense triage com; font src 'self' data ; img src 'self' data content triage insights cofense triage com data triage insights cofense triage com pendo static 5635959691542528 storage googleapis com; object src 'none'; script src 'self' 'unsafe inline' 'unsafe eval' triage insights cofense triage com; style src 'self'; style src attr 'self' 'unsafe inline'; script src attr 'self' 'unsafe inline'; style src elem 'self' 'unsafe inline' content triage insights cofense triage com pendo static 5635959691542528 storage googleapis com; script src elem 'self' 'unsafe inline' content triage insights cofense triage com data triage insights cofense triage com; connect src 'self' data triage insights cofense triage com api feedback us pendo io; report uri /csp report content type the media type of the resource application/json date the date and time at which the message was originated tue, 19 dec 2023 20 37 23 gmt etag an identifier for a specific version of a resource w/"acbbf2b0841e547967b280c8f81aff6f" nel http response header nel {"success fraction" 0 ,"report to" "cf nel","max age" 604800 } referrer policy http response header referrer policy strict origin when cross origin report to http response header report to {"endpoints" \[{"url" " https //a nel cloudflare com/report/v4?s=%2bcmx2o%2fh7vcp9pf1ztt14qjgankfk2onrzq3tyx1umyo2%2btvqi23ukefvl4hqoznu4ioldstsshwljkezn8mkdxxanxfbsqotlemmjzo7k8qz%2bkcohryj%2fa%2f2oxpzuxu%2f9xc2ttclc5uj2nugg%3d%3d"}],"group" "cf nel","max age https //a nel cloudflare com/report/v4?s=%2bcmx2o%2fh7vcp9pf1ztt14qjgankfk2onrzq3tyx1umyo2%2btvqi23ukefvl4hqoznu4ioldstsshwljkezn8mkdxxanxfbsqotlemmjzo7k8qz%2bkcohryj%2fa%2f2oxpzuxu%2f9xc2ttclc5uj2nugg%3d%3d"}],"group" "cf nel","max age " 604800 } server information about the software used by the origin server cloudflare strict transport security http response header strict transport security max age=63072000; includesubdomains transfer encoding http response header transfer encoding chunked vary http response header vary accept, origin x content type options http response header x content type options nosniff x download options http response header x download options noopen x frame options http response header x frame options sameorigin x permitted cross domain policies http response header x permitted cross domain policies none x request id a unique identifier for the request cb702bdb 99e1 4cd5 9d54 25a8e1f19338 x runtime http response header x runtime 0 025454 x served by http response header x served by triage curbsidebrewing dev