Dragos

the dragos connector enables seamless integration of dragos' industrial cybersecurity capabilities with the swimlane turbine platform, facilitating automated threat detection and response in ics and ot environments dragos specializes in industrial cybersecurity, providing a robust platform for asset identification, threat detection, and response within industrial control systems (ics) and operational technology (ot) environments the dragos turbine connector enables seamless integration with swimlane turbine, allowing users to automate incident response, manage cases, and enhance asset visibility by leveraging this connector, security teams can efficiently coordinate actions, streamline workflows, and bolster their cyber resilience against industrial threats prerequisites to utilize the dragos connector for turbine, ensure you have the following prerequisites http basic authentication with the following parameters url the endpoint url for the dragos api api key id your unique identifier used as the username for api access api secret key the secret key associated with your api key id, used as the password asset setup this connector requires following assets api key id api secret key id steps to generate the api key id and secret id in the dragos is as below login to dragos platform click + add new api key the generate new api key box expands in the name field, add the name of the api key being added, for example my external app click generate key, and a message box appears note this message box contains the updated name, the id, and the secret use the copy icon to copy the secret warning this is the only time the secret is displayed once this message box is closed, there is no way to retrieve the secret if the secret his lost, then the api key must be deleted and a new api key assigned click ok and the api key is configured capabilities this connector provides the following capabilities create note create zone delete note delete vulnerability detection rule delete zone fetch single case get a page of notifications get asset history events get assets get communications summary get notification details get page vulnerabilities get page vulnerability detection rules get page vulnerability detections get report data and so on notes notificationread permission allow reading of notifications(not including system notifications) notificationsystemtype permission allow reading of system notifications to get detector id in action get results from detector id , run action get notification details configurations dragos api authentication authenticates using api key as username and api secret as password configuration parameters parameter description type required url a url to the target host string required username api key id string required password api secret key string required verify ssl verify ssl certificate boolean optional http proxy a proxy to route requests through string optional actions create note add a note to an open case in dragos where the user is an admin, author, assignee, or watcher requires 'case id' and 'message' endpoint url /cases/cases/{{case id}}/notes method post input argument name type required description path parameters case id number required parameters for the create note action message string optional response message input example {"json body" {"message" "note created"},"path parameters" {"case id" 1}} output parameter type description status code number http status code of the response reason string response reason phrase id number unique identifier caseid number unique identifier generated boolean output field generated author string output field author message string response message referencetype object type of the resource referenceid object unique identifier createdat string output field createdat updatedat string output field updatedat output example {"status code" 200,"response headers" {"alt svc" "h3=\\" 443\\"; ma=2592000","cache control" "max age=0, private, must revalidate","content type" "application/json; charset=utf 8","etag" "w/\\"b1a427116345f8a069b8a1640cada731\\"","server" "caddy","x content type options" "nosniff","x frame options" "sameorigin","x identity id" "61bf8f1c 2679 4e84 8c25 3ffa85b15099","x privileges" "analytic\ read,asset\ map,asset\ read,asset\ write,auth\ identity\ read,baseline\ read, ","x request id" "je1jvv 1vh13pp7fa21 create zone initiates a new zone creation in dragos, triggering asset re zoning with the specified configuration endpoint url /assets/api/v4/createzone method post input argument name type required description headers object optional http headers for the request headers x username string optional username of requester not needed if accessing via gateway service headers x privileges string optional comma separated privilege ids of requester not needed if accessing via gateway service create object optional parameter for create zone create name string required name of the resource create description string optional parameter for create zone create colorhex string optional parameter for create zone create criteria object required parameter for create zone create criteria idoroldidin array optional filters assets by ids (or old ids from pre merge) create criteria attributesmatches object optional filters assets by having attribute(s) with matching values create criteria attributesmatches property1 object optional parameter for create zone create criteria attributesmatches property1 type string optional type of the resource create criteria attributesmatches property2 object optional parameter for create zone create criteria attributesmatches property2 type string optional type of the resource create criteria addressselector object optional filters assets by address criteria create criteria addressselector idin array optional unique identifier create criteria addressselector typein array optional type of the resource create criteria addressselector networkidin array optional unique identifier create criteria addressselector collectorselector object optional parameter for create zone create criteria addressselector collectorselector customerid string optional unique identifier create criteria addressselector collectorselector midpointid string optional unique identifier create criteria addressselector collectorselector collectorid string optional unique identifier create criteria addressselector collectorselector anyof array optional parameter for create zone create criteria addressselector collectorselector allof array optional parameter for create zone create criteria addressselector collectorselector not object optional parameter for create zone input example {"headers" {"x username" "x username","x privileges" "analytic\ read,asset\ map,asset\ read"}} output parameter type description status code number http status code of the response reason string response reason phrase id number unique identifier name string name of the resource description string output field description colorhex string output field colorhex criteria object output field criteria criteria idoroldidin array unique identifier criteria attributesmatches object output field criteria attributesmatches criteria attributesmatches property1 object output field criteria attributesmatches property1 criteria attributesmatches property1 type string type of the resource criteria attributesmatches property2 object output field criteria attributesmatches property2 criteria attributesmatches property2 type string type of the resource criteria addressselector object output field criteria addressselector criteria addressselector idin array unique identifier criteria addressselector typein array type of the resource criteria addressselector networkidin array unique identifier criteria addressselector collectorselector object output field criteria addressselector collectorselector criteria addressselector collectorselector customerid string unique identifier criteria addressselector collectorselector midpointid string unique identifier criteria addressselector collectorselector collectorid string unique identifier criteria addressselector collectorselector anyof array output field criteria addressselector collectorselector anyof criteria addressselector collectorselector allof array output field criteria addressselector collectorselector allof criteria addressselector collectorselector not object output field criteria addressselector collectorselector not criteria addressselector valuematches object value for the parameter output example {"status code" 200,"response headers" {},"reason" "success","json body" {"id" 0,"name" "string","description" "string","colorhex" "#000000","criteria" {"idoroldidin" \[],"attributesmatches" {},"addressselector" {},"createdatbefore" "2019 08 24t14 15 22z","createdatafter" "2019 08 24t14 15 22z","lastseenatbefore" "2019 08 24t14 15 22z","lastseenatafter" "2019 08 24t14 15 22z","textsearch" "string","isdeleted"\ true,"anyof" \[],"allof" \[],"not" {}},"coordinates" {"x" 0,"y" 0,"width" 0,"height" 0},"gr delete note remove a specific note from an open case in dragos, given the correct case and note ids and appropriate user permissions endpoint url /cases/cases/{{case id}}/notes/{{note id}} method delete input argument name type required description path parameters case id number required parameters for the delete note action path parameters note id number required parameters for the delete note action input example {"path parameters" {"case id" 1,"note id" 1}} output parameter type description status code number http status code of the response reason string response reason phrase output example {"status code" 200,"response headers" {},"reason" "ok","json body" {}} delete vulnerability detection rule removes a specified vulnerability detection rule from dragos, requiring 'vulnerabilitydetectionruledelete' privilege endpoint url /vulnerabilities/api/v1/vulnerability/detection/rules/delete method post input argument name type required description headers object optional http headers for the request headers x username string optional username of requester not needed if accessing via gateway service headers x privileges string optional comma separated privilege ids of requester not needed if accessing via gateway service uuid string optional unique identifier input example {"json body" {"uuid" "string"},"headers" {"x username" "x username","x privileges" "analytic\ read,asset\ map,asset\ read"}} output parameter type description status code number http status code of the response reason string response reason phrase output example {"status code" 202,"response headers" {},"reason" "accepted","json body" {}} delete zone removes a specified zone from dragos, re zoning associated assets an 'id' for the zone is required endpoint url /assets/api/v4/deletezone method post input argument name type required description headers object optional http headers for the request headers x username string optional username of requester not needed if accessing via gateway service headers x privileges string optional comma separated privilege ids of requester not needed if accessing via gateway service id number optional unique identifier input example {"json body" {"id" 0},"headers" {"x username" "x username","x privileges" "analytic\ read,asset\ map,asset\ read"}} output parameter type description status code number http status code of the response reason string response reason phrase id number unique identifier name string name of the resource description string output field description colorhex string output field colorhex criteria object output field criteria criteria idoroldidin array unique identifier criteria attributesmatches object output field criteria attributesmatches criteria attributesmatches property1 object output field criteria attributesmatches property1 criteria attributesmatches property1 type string type of the resource criteria attributesmatches property2 object output field criteria attributesmatches property2 criteria attributesmatches property2 type string type of the resource criteria addressselector object output field criteria addressselector criteria addressselector idin array unique identifier criteria addressselector typein array type of the resource criteria addressselector networkidin array unique identifier criteria addressselector collectorselector object output field criteria addressselector collectorselector criteria addressselector collectorselector customerid string unique identifier criteria addressselector collectorselector midpointid string unique identifier criteria addressselector collectorselector collectorid string unique identifier criteria addressselector collectorselector anyof array output field criteria addressselector collectorselector anyof criteria addressselector collectorselector allof array output field criteria addressselector collectorselector allof criteria addressselector collectorselector not object output field criteria addressselector collectorselector not criteria addressselector valuematches object value for the parameter output example {"status code" 200,"response headers" {},"reason" "success","json body" {"id" 0,"name" "string","description" "string","colorhex" "#000000","criteria" {"idoroldidin" \[],"attributesmatches" {},"addressselector" {},"createdatbefore" "2019 08 24t14 15 22z","createdatafter" "2019 08 24t14 15 22z","lastseenatbefore" "2019 08 24t14 15 22z","lastseenatafter" "2019 08 24t14 15 22z","textsearch" "string","isdeleted"\ true,"anyof" \[],"allof" \[],"not" {}},"coordinates" {"x" 0,"y" 0,"width" 0,"height" 0},"gr fetches a single case retrieves detailed information for a specific case in dragos using the provided case id, including notes, evidences, and tasks endpoint url /cases/cases/{{id}} method get input argument name type required description path parameters id number required case id input example {"path parameters" {"id" 1}} output parameter type description status code number http status code of the response reason string response reason phrase id number unique identifier name string name of the resource hypothesis object output field hypothesis justification object output field justification visibility string output field visibility status string status value priority number output field priority incident boolean unique identifier creator string output field creator assignee object output field assignee createdat string output field createdat updatedat string output field updatedat notificationids array unique identifier notificationids file name string unique identifier notificationids file string unique identifier watchers string output field watchers evidences array unique identifier evidences id number unique identifier evidences caseid number unique identifier evidences author string unique identifier evidences datatype string response data evidences data string response data notes array output field notes output example {"status code" 200,"response headers" {"alt svc" "h3=\\" 443\\"; ma=2592000","cache control" "max age=0, private, must revalidate","content type" "application/json; charset=utf 8","etag" "w/\\"0b4e0bef532ca790db2dd6a24abaae68\\"","server" "caddy","x content type options" "nosniff","x frame options" "sameorigin","x identity id" "61bf8f1c 2679 4e84 8c25 3ffa85b15099","x privileges" "analytic\ read,asset\ map,asset\ read,asset\ write,auth\ identity\ read,baseline\ read, ","x request id" "o+ +fpuvbw1m4735can get a page of notifications retrieve a specific page of notifications from dragos, filtered according to user defined criteria endpoint url /notifications/api/v2/notification method get input argument name type required description parameters pagenumber number optional parameters for the get a page of notifications action parameters pagesize number optional parameters for the get a page of notifications action parameters sorts string optional the format is comma separated sets of a sort field, colon, and 'a' (for ascending) or 'd' (for descending) parameters sortfield string optional parameters for the get a page of notifications action parameters sortdescending boolean optional parameters for the get a page of notifications action parameters limittotalcount number optional parameters for the get a page of notifications action parameters filter string optional a filter string in fiql format see relevant information on fiql operators and notification selectors in doc parameters resolvechildrendepth boolean optional number of steps deep to recursively resolve child notifications input example {"parameters" {"pagenumber" 1,"pagesize" 12,"sorts" "createdat\ d","sortfield" "id","sortdescending"\ false,"limittotalcount" 50,"filter" "id=ge=5","resolvechildrendepth"\ false}} output parameter type description status code number http status code of the response headers object http headers for the request headers alt svc string http headers for the request headers content type string http headers for the request headers server string http headers for the request headers x identity id string http headers for the request headers x privileges string http headers for the request headers x request id string http headers for the request headers x username string http headers for the request headers date string http headers for the request headers connection string http headers for the request headers transfer encoding string http headers for the request status reason string status value body object request body data body pagenumber number request body data body pagesize number request body data body sorts array request body data body sorts field string request body data body sorts descending boolean request body data body totalcount number request body data body totalpages number request body data body content array request body data body content id number request body data body content assets array request body data body content assets file name string request body data output example {"status code" 200,"headers" {"alt svc" "h3=\\" 443\\"; ma=2592000","content type" "application/json; charset=utf 8","server" "caddy","x identity id" "61bf8f1c 2679 4e84 8c25 3ffa85b15099","x privileges" "analytic\ read,asset\ map,asset\ read,asset\ write,auth\ identity\ read,baseline\ read, ","x request id" "5k3wyzt=3sw1346h++pzgvf22arbqyqf996=1fmovm156=/3i0w12gnui072xfbj","x username" "tp7864","date" "wed, 28 feb 2024 14 26 20 gmt","connection" "close","transfer encoding" "chunked"},"status reason" " get asset history events retrieve the historical events associated with a specific asset in dragos, requiring 'assetread' privilege endpoint url /assets/api/v4/getassethistoryevents method post input argument name type required description headers object optional http headers for the request headers x username string optional username of requester not needed if accessing via gateway service headers x privileges string optional comma separated privilege ids of requester not needed if accessing via gateway service selector object optional parameter for get asset history events selector assetidin array optional unique identifier selector timestampisorafter string optional parameter for get asset history events selector timestampisorbefore string optional parameter for get asset history events selector typein array optional type of the resource selector addressselector object optional parameter for get asset history events selector addressselector idin array optional unique identifier selector addressselector typein array optional type of the resource selector addressselector networkidin array optional unique identifier selector addressselector collectorselector object optional parameter for get asset history events selector addressselector collectorselector customerid string optional unique identifier selector addressselector collectorselector midpointid string optional unique identifier selector addressselector collectorselector collectorid string optional unique identifier selector addressselector collectorselector anyof array optional parameter for get asset history events selector addressselector collectorselector allof array optional parameter for get asset history events selector addressselector collectorselector not object optional parameter for get asset history events selector addressselector valuematches object optional value for the parameter selector addressselector valuematches type string optional type of the resource selector addressselector anyof array optional parameter for get asset history events selector addressselector allof array optional parameter for get asset history events selector addressselector not object optional parameter for get asset history events selector attributenamematches object optional name of the resource input example {"json body" {"selector" {"assetidin" \[0],"timestampisorafter" "2019 08 24t14 15 22z","timestampisorbefore" "2019 08 24t14 15 22z","typein" \["string"],"addressselector" {"idin" \[0],"typein" \["mac"],"networkidin" \["string"],"collectorselector" {"customerid" "string","midpointid" "string","collectorid" "string","anyof" \[{}],"allof" \[{}],"not" {}},"valuematches" {"type" "string"},"anyof" \[{}],"allof" \[{}],"not" {}},"attributenamematches" {"type" "string"},"useridmatches" {"type" "string"},"reasonmatches" {"type" "string"},"allof" \[{}],"anyof" \[{}],"not" {}},"pagination" {"pagenumber" 0,"pagesize" 0,"limittotalcount" 0,"sorts" \[{"field" "type","descending"\ true}]}},"headers" {"x username" "x username","x privileges" "analytic\ read,asset\ map,asset\ read"}} output parameter type description pagenumber number output field pagenumber pagesize number output field pagesize sorts array output field sorts sorts file name string name of the resource sorts file string output field sorts file totalcount number count value totalpages number output field totalpages content array response content content assetid number unique identifier content timestamp string response content content userid string unique identifier content reason string response reason phrase content resolutioncontext object response content content resolutioncontext macsandips array response content content resolutioncontext macsandips addressid number unique identifier content resolutioncontext hostsanddomains array response content content resolutioncontext hostsanddomains file name string name of the resource content resolutioncontext hostsanddomains file string response content content resolutioncontext at string response content content type string type of the resource content addressid number unique identifier content addresscoordinates object response content content addresscoordinates type string type of the resource content addresscoordinates networkid string unique identifier content addresscoordinates value string value for the parameter output example {"pagenumber" 1,"pagesize" 10,"sorts" \[],"totalcount" 284289,"totalpages" 28429,"content" \[{"assetid" 1,"timestamp" "2023 03 02t15 27 24 457z","userid" "sitestore dataflow service","reason" "communications source address","resolutioncontext" {},"type" "created"},{"assetid" 1,"timestamp" "2023 03 02t15 27 24 588z","userid" "sitestore dataflow service","reason" "communications source address","addressid" 9,"addresscoordinates" {},"at" "2023 03 02t15 07 05 695z","type" "address associated"}]} get assets retrieves a list of assets, addresses, and time ranges from dragos with 'assetread' privilege endpoint url /assets/api/v4/getassets method post input argument name type required description headers object optional http headers for the request headers x username string optional username of requester not needed if accessing via gateway service headers x privileges string optional comma separated privilege ids of requester not needed if accessing via gateway service selector object optional parameter for get assets selector idoroldidin array optional unique identifier selector attributesmatches object optional parameter for get assets selector attributesmatches property1 object optional parameter for get assets selector attributesmatches property1 type string optional type of the resource selector attributesmatches property2 object optional parameter for get assets selector attributesmatches property2 type string optional type of the resource selector addressselector object optional parameter for get assets selector addressselector idin array optional unique identifier selector addressselector typein array optional type of the resource selector addressselector networkidin array optional unique identifier selector addressselector collectorselector object optional parameter for get assets selector addressselector collectorselector customerid string optional unique identifier selector addressselector collectorselector midpointid string optional unique identifier selector addressselector collectorselector collectorid string optional unique identifier selector addressselector collectorselector anyof array optional parameter for get assets selector addressselector collectorselector allof array optional parameter for get assets selector addressselector collectorselector not object optional parameter for get assets selector addressselector valuematches object optional value for the parameter selector addressselector valuematches type string optional type of the resource selector addressselector anyof array optional parameter for get assets selector addressselector allof array optional parameter for get assets input example {"headers" {"x username" "x username","x privileges" "analytic\ read,asset\ map,asset\ read"}} output parameter type description status code number http status code of the response reason string response reason phrase pagenumber number output field pagenumber pagesize number output field pagesize sortdescending boolean output field sortdescending totalcount number count value totalpages number output field totalpages totalcountexceededlimit boolean output field totalcountexceededlimit sorts array output field sorts sorts field string output field sorts field sorts descending boolean output field sorts descending content array response content content id number unique identifier content oldids array unique identifier content attributes object response content content createdat string response content content lastseenat string response content content addresses array response content content addresses type string type of the resource content addresses networkid string unique identifier content addresses value string value for the parameter content addresses id number unique identifier content addresses flags array response content content addresses collectors array response content content addresses collectors customerid string unique identifier output example {"status code" 200,"response headers" {},"reason" "success","json body" {"pagenumber" 0,"pagesize" 0,"sortdescending"\ true,"totalcount" 0,"totalpages" 0,"totalcountexceededlimit"\ true,"sorts" \[{}],"content" \[{}]}} get communications summary retrieve a summary of communications data from dragos, with optional filters for time based analysis endpoint url /maps/api/v1/getcommunicationssummary method post input argument name type required description headers object optional http headers for the request headers x username string optional username of requester not needed if accessing via gateway service headers x privileges string optional comma separated privilege ids of requester not needed if accessing via gateway service from string optional parameter for get communications summary to string optional parameter for get communications summary views array optional parameter for get communications summary input example {"json body" {"from" "2019 08 24t14 15 22z","to" "2019 08 24t14 15 22z","views" \["collector"]},"headers" {"x username" "x username","x privileges" "analytic\ read,asset\ map,asset\ read"}} output parameter type description status code number http status code of the response reason string response reason phrase from string output field from to string output field to bycollector array output field bycollector bycollector collector object output field bycollector collector bycollector collector customerid string unique identifier bycollector collector midpointid string unique identifier bycollector collector collectorid string unique identifier bycollector networkid string unique identifier bycollector protocolid string unique identifier bycollector zoneid number unique identifier bycollector addressescommunicatingwithnetworkids array unique identifier bycollector addressescommunicatingwithzoneids array unique identifier bycollector protocolids array unique identifier bycollector communicationsbytes number output field bycollector communicationsbytes bycollector communicationspackets number output field bycollector communicationspackets bynetworkid array unique identifier bynetworkid collector object unique identifier bynetworkid collector customerid string unique identifier bynetworkid collector midpointid string unique identifier bynetworkid collector collectorid string unique identifier bynetworkid networkid string unique identifier bynetworkid protocolid string unique identifier bynetworkid zoneid number unique identifier output example {"status code" 200,"response headers" {},"reason" "ok","json body" {"from" "2019 08 24t14 15 22z","to" "2019 08 24t14 15 22z","bycollector" \[{}],"bynetworkid" \[{}],"byprotocolid" \[{}],"byzoneid" \[{}],"total" {"collector" {},"networkid" "string","protocolid" "string","zoneid" 0,"addressescommunicatingwithnetworkids" \[],"addressescommunicatingwithzoneids" \[],"protocolids" \[],"communicationsbytes" 0,"communicationspackets" 0}}} get notification details retrieve detailed information for a specific dragos notification using the unique identifier provided in path parameters endpoint url /notifications/api/v2/notification/{{id}} method get input argument name type required description path parameters id number required id of the notification parameters resolvechildrendepth number optional number of steps deep to recursively resolve child notifications parameters includeconversations boolean optional whether conversations should be included with the notification, default is true input example {"parameters" {"resolvechildrendepth" 1,"includeconversations"\ true},"path parameters" {"id" 1}} output parameter type description status code number http status code of the response reason string response reason phrase id number unique identifier assets array output field assets assets file name string name of the resource assets file string output field assets file createdat string output field createdat matchedruleids array unique identifier matchedruleids file name string unique identifier matchedruleids file string unique identifier reviewed boolean output field reviewed retained boolean output field retained type string type of the resource detectionquads array output field detectionquads count number count value source string output field source summary string output field summary content string response content detectorid string unique identifier occurredat string output field occurredat severity number output field severity analyticeventid string unique identifier sourceindex string output field sourceindex sourceidfield string unique identifier sourceids array unique identifier output example {"status code" 200,"response headers" {"alt svc" "h3=\\" 443\\"; ma=2592000","content type" "application/json; charset=utf 8","server" "caddy","x identity id" "61bf8f1c 2679 4e84 8c25 3ffa85b15099","x privileges" "analytic\ read,asset\ map,asset\ read,asset\ write,auth\ identity\ read,baseline\ read, "},"reason" "ok","json body" {"id" 1,"assets" \[],"createdat" "2023 03 02t15 27 24z","matchedruleids" \[],"reviewed"\ false,"retained"\ false,"type" "network analytic","detectionquads" \["threat behavior"],"cou get page of vulnerabilities retrieve a paginated list of vulnerabilities from dragos, requiring the 'vulnerabilityread' privilege endpoint url /vulnerabilities/api/v1/vulnerability method post input argument name type required description headers object optional http headers for the request headers x username string optional username of requester not needed if accessing via gateway service headers x privileges string optional comma separated privilege ids of requester not needed if accessing via gateway service selector object optional parameter for get page of vulnerabilities selector idin array optional filters by id in list selector valuematches object optional filters by matching value selector valuematches type string required type of the resource selector valuematches field string required value for the parameter selector valuematches exact string required value for the parameter selector anyof array optional list of other selectors to combine as an or; only allowed if no other fields specified selector allof array optional list of other selectors to combine as an and; only allowed if no other fields specified pagination object optional parameter for get page of vulnerabilities pagination pagenumber number optional parameter for get page of vulnerabilities pagination pagesize number optional parameter for get page of vulnerabilities pagination limittotalcount number optional an optional limit of total count to avoid counting large data sets pagination sorts array optional parameter for get page of vulnerabilities input example {"json body" {"selector" {"idin" \["string"],"valuematches" {"type" "string"},"anyof" \[{}],"allof" \[{}]},"pagination" {"pagenumber" 0,"pagesize" 0,"limittotalcount" 0,"sorts" \["string"]}},"headers" {"x username" "x username","x privileges" "analytic\ read,asset\ map,asset\ read"}} output parameter type description status code number http status code of the response reason string response reason phrase pagenumber number output field pagenumber pagesize number output field pagesize totalcount number count value totalpages number output field totalpages content array response content content \@timestamp string response content content labels string response content content message string response content content tags string response content content host object response content content observer object response content content related object response content content threat object response content content vulnerability object response content output example {"status code" 200,"response headers" {},"reason" "ok","json body" {"pagenumber" 0,"pagesize" 0,"totalcount" 0,"totalpages" 0,"content" \[{}]}} get page of vulnerability detection rules retrieve a specific page of vulnerability detection rules from dragos, requiring 'vulnerabilitydetectionruleread' privilege endpoint url /vulnerabilities/api/v1/vulnerability/detection/rules method post input argument name type required description headers object optional http headers for the request headers x username string optional username of requester not needed if accessing via gateway service headers x privileges string optional comma separated privilege ids of requester not needed if accessing via gateway service selector object optional parameter for get page of vulnerability detection rules selector idin array optional filters by id in list selector valuematches object optional filters by matching value selector valuematches type string optional type of the resource selector anyof array optional list of other selectors to combine as an or; only allowed if no other fields specified selector allof array optional list of other selectors to combine as an and; only allowed if no other fields specified pagination object optional parameter for get page of vulnerability detection rules pagination pagenumber number optional parameter for get page of vulnerability detection rules pagination pagesize number optional parameter for get page of vulnerability detection rules pagination limittotalcount number optional an optional limit of total count to avoid counting large data sets pagination sorts array optional parameter for get page of vulnerability detection rules input example {"json body" {"selector" {"idin" \["string"],"valuematches" {"type" "string"},"anyof" \[{}],"allof" \[{}]},"pagination" {"pagenumber" 0,"pagesize" 0,"limittotalcount" 0,"sorts" \["string"]}},"headers" {"x username" "x username","x privileges" "analytic\ read,asset\ map,asset\ read"}} output parameter type description status code number http status code of the response reason string response reason phrase pagenumber number output field pagenumber pagesize number output field pagesize totalcount number count value totalpages number output field totalpages content array response content content selector object response content content selector idin array unique identifier content selector valuematches object filters by matching value content selector valuematches type string type of the resource content selector valuematches field string value for the parameter content selector valuematches exact string value for the parameter content selector anyof array response content content selector allof array response content content actions array response content content actions type string type of the resource content name string name of the resource content description string response content content category string response content content license string response content content reference string response content content expiration string response content content uuid string unique identifier content author string response content output example {"status code" 200,"response headers" {},"reason" "ok","json body" {"pagenumber" 0,"pagesize" 0,"totalcount" 0,"totalpages" 0,"content" \[{}]}} get page vulnerability detections retrieve a page of vulnerability detection data from dragos, requiring 'vulnerabilitydetectionread' privilege endpoint url /vulnerabilities/api/v1/vulnerability/detection method post input argument name type required description headers object optional http headers for the request headers x username string optional username of requester not needed if accessing via gateway service headers x privileges string optional comma separated privilege ids of requester not needed if accessing via gateway service selector object optional parameter for get page vulnerability detections selector idin array optional filters by id in list selector valuematches object optional filters by matching value selector valuematches type string required type of the resource selector valuematches field string required value for the parameter selector valuematches exact string required value for the parameter selector anyof array optional list of other selectors to combine as an or; only allowed if no other fields specified selector allof array optional list of other selectors to combine as an and; only allowed if no other fields specified pagination object optional parameter for get page vulnerability detections pagination pagenumber number optional parameter for get page vulnerability detections pagination pagesize number optional parameter for get page vulnerability detections pagination limittotalcount number optional an optional limit of total count to avoid counting large data sets pagination sorts array optional parameter for get page vulnerability detections input example {"json body" {"selector" {"idin" \["string"],"valuematches" {"type" "string"},"anyof" \[{}],"allof" \[{}]},"pagination" {"pagenumber" 0,"pagesize" 0,"limittotalcount" 0,"sorts" \["string"]}},"headers" {"x username" "x username","x privileges" "analytic\ read,asset\ map,asset\ read"}} output parameter type description status code number http status code of the response reason string response reason phrase pagenumber number output field pagenumber pagesize number output field pagesize totalcount number count value totalpages number output field totalpages content array response content content \@timestamp string response content content labels string response content content message string response content content tags string response content content observer object response content content vulnerability object response content content hardware object response content content package object response content content os object response content content host object response content content event object response content content related object response content output example {"status code" 200,"response headers" {},"reason" "ok","json body" {"pagenumber" 0,"pagesize" 0,"totalcount" 0,"totalpages" 0,"content" \[{}]}} get report retrieves a specific dragos report using the 'reportid' from path parameters; 'report read' privilege needed endpoint url /reports/api/v2/report/{{reportid}} method get input argument name type required description path parameters reportid number required the report's id headers object required http headers for the request headers x username string required requester's identity headers x privileges string required requester's privileges input example {"path parameters" {"reportid" 1},"headers" {"x username" "tp7864","x privileges" "analytic\ read,asset\ map,asset\ read,asset\ write,auth\ identity\ read,baseline\ read"}} output parameter type description status code number http status code of the response reason string response reason phrase id number unique identifier name string name of the resource description string output field description state string output field state failurereason string response reason phrase createdtime string time value generationstartedtime string time value generationcompletedtime string time value generationprogress number output field generationprogress parameters type string parameters for the get report action parameters formats array parameters for the get report action files object output field files output example {"status code" 200,"response headers" {},"reason" "success","json body" {"id" 0,"name" "string","description" "string","state" "ready to generate","failurereason" "string","createdtime" "2019 08 24t14 15 22z","generationstartedtime" "2019 08 24t14 15 22z","generationcompletedtime" "2019 08 24t14 15 22z","generationprogress" 0,"parameters" {"type" "ioc","formats" \[]},"files" {}}} get report data retrieves specified report data from dragos using 'reportid' and 'format', ensuring 'report read' privilege and header parameters are set endpoint url /reports/api/v2/report/{{reportid}}/{{format}} method get input argument name type required description path parameters reportid string required the report's id path parameters format string required parameters for the get report data action headers object required http headers for the request headers x username string required requester's identity headers x privileges string required requester's privileges input example {"path parameters" {"reportid" "1","format" "csv"},"headers" {"x username" "x username","x privileges" "analytic\ read,asset\ map,asset\ read"}} output parameter type description status code number http status code of the response reason string response reason phrase id number unique identifier name string name of the resource description string output field description state string output field state failurereason string response reason phrase createdtime string time value generationstartedtime string time value generationcompletedtime string time value generationprogress number output field generationprogress parameters type string parameters for the get report data action parameters formats array parameters for the get report data action files object output field files files property1 number output field files property1 files property2 number output field files property2 output example {"status code" 200,"response headers" {},"reason" "success","json body" {"id" 0,"name" "string","description" "string","state" "ready to generate","failurereason" "string","createdtime" "2019 08 24t14 15 22z","generationstartedtime" "2019 08 24t14 15 22z","generationcompletedtime" "2019 08 24t14 15 22z","generationprogress" 0,"parameters" {"type" "ioc","formats" \[]},"files" {"property1" 0,"property2" 0}}} get results from detector id retrieve detection results from dragos using a specified detector id endpoint url /analytics/analyticmetadata/{{detector id}} method get input argument name type required description path parameters detector id string required parameters for the get results from detector id action input example {"path parameters" {"detector id" "7205ebab ff5c 499b 9f87 f648e7b2f438"}} output parameter type description status code number http status code of the response reason string response reason phrase display name string name of the resource engine string output field engine description string output field description silent boolean output field silent type string type of the resource id string unique identifier metadata object response data metadata detection quad array response data metadata kill chain array response data metadata attack tactic array response data metadata attack technique array response data metadata date source array response data metadata purdue layer array response data metadata intelligence report array response data metadata activity group array response data metadata tool array response data metadata asset type array response data metadata vendor array response data metadata protocols array response data metadata notifications array response data metadata notifications summary string response data metadata notifications message string response data output example {"status code" 200,"response headers" {"alt svc" "h3=\\" 443\\"; ma=2592000","content type" "application/json; charset=utf 8","server" "caddy","x identity id" "61bf8f1c 2679 4e84 8c25 3ffa85b15099","x privileges" "analytic\ read,asset\ map,asset\ read,asset\ write,auth\ identity\ read,baseline\ read, "},"reason" "ok","json body" {"display name" "arp scan","engine" "bro","description" "arp scanning can be use to discover live hosts ","silent"\ false,"type" "detection","id" "1bf8f1c 2679 4e84 8c25 3ffa85b get snapshot retrieves metadata and data for a specified snapshot in dragos, requiring 'assetsnapshotread' privilege endpoint url /maps/api/v1/getsnapshot method post input argument name type required description headers object optional http headers for the request headers x username string optional username of requester not needed if accessing via gateway service headers x privileges string optional comma separated privilege ids of requester not needed if accessing via gateway service id number optional id of the snapshot to get view object optional parameter for get snapshot view\ type string optional type of the resource fetchfreshassetattributes boolean optional whether to pull fresh asset attributes from ais input example {"json body" {"id" 0,"view" {"type" "base"},"fetchfreshassetattributes"\ true},"headers" {"x username" "x username","x privileges" "analytic\ read,asset\ map,asset\ read"}} output parameter type description status code number http status code of the response reason string response reason phrase metadata object response data metadata id number response data metadata generationfilter object response data metadata generationfilter assetselector object response data metadata generationfilter assetselector id object response data metadata generationfilter assetselector createdat object response data metadata generationfilter assetselector lastseenat object response data metadata generationfilter assetselector attributes object response data metadata generationfilter assetselector attributes property1 object response data metadata generationfilter assetselector attributes property2 object response data metadata generationfilter assetselector address object response data metadata generationfilter assetselector address id object response data metadata generationfilter assetselector address type object response data metadata generationfilter assetselector address networkid object response data metadata generationfilter assetselector address value object response data metadata generationfilter assetselector address collector object response data metadata generationfilter assetselector address anyof array response data metadata generationfilter assetselector address allof array response data metadata generationfilter assetselector anyof array response data metadata generationfilter assetselector allof array response data metadata generationfilter communicationsselector object response data metadata generationfilter communicationsselector addressid object response data metadata generationfilter communicationsselector originatorports object response data output example {"metadata" {"id" 123,"generationfilter" {"assetselector" {},"communicationsselector" {},"limitassetcount" 123},"bins" \[{}],"frommin" "string","tomax" "string","composite"\ true,"ephemeral"\ true,"retention" {"deleteafter" "string"},"createdat" "string","state" "string","statechangedat" "string","metrics" {"generationmilliseconds" 123,"generationstatistics" {},"databytes" 123,"total" {},"byzoneid" \[],"bynetworkid" \[],"bycollector" \[],"byprotocolid" \[]}},"view" {"type" "string"}} get snapshot metadata retrieves metadata for a specified snapshot in dragos using the 'id', requiring 'assetsnapshotread' privilege endpoint url /maps/api/v1/getsnapshotmetadata method post input argument name type required description headers object optional http headers for the request headers x username string optional username of requester not needed if accessing via gateway service headers x privileges string optional comma separated privilege ids of requester not needed if accessing via gateway service id number optional id of the snapshot to get input example {"json body" {"id" 0},"headers" {"x username" "x username","x privileges" "analytic\ read,asset\ map,asset\ read"}} output parameter type description status code number http status code of the response reason string response reason phrase id number unique identifier generationfilter object output field generationfilter generationfilter assetselector object output field generationfilter assetselector generationfilter assetselector id object unique identifier generationfilter assetselector createdat object output field generationfilter assetselector createdat generationfilter assetselector lastseenat object output field generationfilter assetselector lastseenat generationfilter assetselector attributes object output field generationfilter assetselector attributes generationfilter assetselector address object output field generationfilter assetselector address generationfilter assetselector anyof array output field generationfilter assetselector anyof generationfilter assetselector allof array output field generationfilter assetselector allof generationfilter communicationsselector object output field generationfilter communicationsselector generationfilter communicationsselector addressid object unique identifier generationfilter communicationsselector originatorports object output field generationfilter communicationsselector originatorports generationfilter communicationsselector responderports object output field generationfilter communicationsselector responderports generationfilter communicationsselector protocolid object unique identifier generationfilter communicationsselector ipprotocolid object unique identifier generationfilter communicationsselector bytes object output field generationfilter communicationsselector bytes generationfilter communicationsselector packets object output field generationfilter communicationsselector packets generationfilter communicationsselector anyof array output field generationfilter communicationsselector anyof generationfilter communicationsselector allof array output field generationfilter communicationsselector allof generationfilter limitassetcount number count value bins array output field bins bins id number unique identifier output example {"id" 123,"generationfilter" {"assetselector" {"id" {},"createdat" {},"lastseenat" {},"attributes" {},"address" {},"anyof" \[],"allof" \[]},"communicationsselector" {"addressid" {},"originatorports" {},"responderports" {},"protocolid" {},"ipprotocolid" {},"bytes" {},"packets" {},"anyof" \[],"allof" \[]},"limitassetcount" 123},"bins" \[{"id" 123,"from" "string","to" "string"}],"frommin" "string","tomax" "string","composite"\ true,"ephemeral"\ true,"retention" {"deleteafter" "string"},"createdat" "string get snapshot metadata page retrieves a page of snapshot metadata from dragos, requiring 'assetsnapshotread' privilege for access endpoint url /maps/api/v1/getsnapshotmetadatapage method post input argument name type required description headers object optional http headers for the request headers x username string optional username of requester not needed if accessing via gateway service headers x privileges string optional comma separated privilege ids of requester not needed if accessing via gateway service selector object optional parameter for get snapshot metadata page pagination object optional parameter for get snapshot metadata page pagination pagenumber number optional parameter for get snapshot metadata page pagination pagesize number optional parameter for get snapshot metadata page pagination sortdescending boolean optional parameter for get snapshot metadata page pagination sortfield string optional parameter for get snapshot metadata page input example {"json body" {"selector" {},"pagination" {"pagenumber" 0,"pagesize" 0,"sortdescending"\ true,"sortfield" "id"}},"headers" {"x username" "x username","x privileges" "analytic\ read,asset\ map,asset\ read"}} output parameter type description status code number http status code of the response reason string response reason phrase pagenumber number output field pagenumber pagesize number output field pagesize sortdescending boolean output field sortdescending totalcount number count value totalpages number output field totalpages sortfield string output field sortfield content array response content content id number unique identifier content generationfilter object response content content generationfilter assetselector object response content content generationfilter assetselector id object unique identifier content generationfilter assetselector createdat object response content content generationfilter assetselector lastseenat object response content content generationfilter assetselector attributes object response content content generationfilter assetselector address object response content content generationfilter assetselector anyof array response content content generationfilter assetselector allof array response content content generationfilter communicationsselector object response content content generationfilter limitassetcount number response content content bins array response content content bins id number unique identifier content bins from string response content content bins to string response content output example {"pagenumber" 123,"pagesize" 123,"sortdescending"\ true,"totalcount" 123,"totalpages" 123,"sortfield" "string","content" \[{"id" 123,"generationfilter" {},"bins" \[],"frommin" "string","tomax" "string","composite"\ true,"ephemeral"\ true,"retention" {},"createdat" "string","state" "string","statechangedat" "string","metrics" {}}]} get zones retrieve a comprehensive list of zones from dragos, detailing attributes and status for each zone endpoint url /assets/api/v4/getzones method post input argument name type required description headers object optional http headers for the request headers x username string optional username of requester not needed if accessing via gateway service headers x privileges string optional comma separated privilege ids of requester not needed if accessing via gateway service input example {"json body" {},"headers" {"x username" "x username","x privileges" "analytic\ read,asset\ map,asset\ read"}} output parameter type description status code number http status code of the response reason string response reason phrase output example {"status code" 200,"response headers" {},"reason" "success","json body" \[{"id" 0,"name" "string","description" "string","colorhex" "#000000","criteria" {},"coordinates" {},"grouplabel" "string","metadata" {}}]} list evidences from case retrieve evidence items from a specific case in dragos, requiring the case id and accessible by permitted roles endpoint url /cases/cases/{{case id}}/evidences method get input argument name type required description path parameters case id number required case id input example {"path parameters" {"case id" 1}} output parameter type description status code number http status code of the response reason string response reason phrase output example {"status code" 200,"response headers" {"alt svc" "h3=\\" 443\\"; ma=2592000","cache control" "max age=0, private, must revalidate","content type" "application/json; charset=utf 8","etag" "w/\\"49d28362723562024cd4c788aab9b05d\\"","server" "caddy","x content type options" "nosniff","x frame options" "sameorigin","x identity id" "61bf8f1c 2679 4e84 8c25 3ffa85b15099","x privileges" "analytic\ read,asset\ map,asset\ read,asset\ write,auth\ identity\ read,baseline\ read, ","x request id" "8niq8z7/thwtw3nv82q list notes from a case retrieve all notes associated with a given case id in dragos for users with specific privileges endpoint url /cases/cases/{{case id}}/notes method get input argument name type required description path parameters case id number required parameters for the list notes from a case action input example {"path parameters" {"case id" 1}} output parameter type description status code number http status code of the response reason string response reason phrase output example {"status code" 200,"response headers" {"alt svc" "h3=\\" 443\\"; ma=2592000","cache control" "max age=0, private, must revalidate","content type" "application/json; charset=utf 8","etag" "w/\\"465c975a3297a25173d3c2b284f638c0\\"","server" "caddy","x content type options" "nosniff","x frame options" "sameorigin","x identity id" "61bf8f1c 2679 4e84 8c25 3ffa85b15099","x privileges" "analytic\ read,asset\ map,asset\ read,asset\ write,auth\ identity\ read,baseline\ read, ","x request id" "5vyck6pw0g g7+6tfrp list report retrieves a paginated list of reports from dragos, requiring 'report read' privilege for access includes necessary headers endpoint url /reports/api/v2/report method get input argument name type required description parameters pagenumber number optional parameters for the list report action parameters pagesize number optional parameters for the list report action parameters sortdescending boolean optional parameters for the list report action parameters sortfield string optional parameters for the list report action parameters includeid array optional parameters for the list report action parameters excludeid array optional parameters for the list report action parameters includetype array optional parameters for the list report action parameters excludetype array optional parameters for the list report action parameters includestate array optional parameters for the list report action parameters excludestate array optional parameters for the list report action parameters createdtimeatorafter string optional parameters for the list report action parameters createdtimeatorbefore string optional parameters for the list report action parameters generationstartedtimeatorafter string optional parameters for the list report action parameters generationstartedtimeatorbefore string optional parameters for the list report action parameters generationcompletedtimeatorafter string optional parameters for the list report action parameters generationcompletedtimeatorbefore string optional parameters for the list report action headers object required http headers for the request headers x username string required requester's identity headers x privileges string required requester's privileges input example {"parameters" {"pagenumber" 1,"pagesize" 10,"sortdescending"\ true,"sortfield" "id","includeid" \[1,2,3],"excludeid" \[1,2,3],"includetype" \["ioc","assetinventory"],"excludetype" \["ioc","assetinventory"],"includestate" \["ready to generate"],"excludestate" \["generating"],"createdtimeatorafter" "2023 06 29t01 46 30z","createdtimeatorbefore" "2023 06 29t01 46 30z","generationstartedtimeatorafter" "2023 06 29t01 46 30z","generationstartedtimeatorbefore" "2023 06 29t01 46 30z","generationcompletedtimeatorafter" "2023 06 29t01 46 30z","generationcompletedtimeatorbefore" "2023 06 29t01 46 30z"},"headers" {"x username" "x username","x privileges" "analytic\ read,asset\ map,asset\ read"}} output parameter type description status code number http status code of the response reason string response reason phrase pagenumber number output field pagenumber pagesize number output field pagesize sorts array output field sorts sorts descending boolean output field sorts descending sorts field string output field sorts field totalcount number count value totalpages number output field totalpages content array response content content id number unique identifier content name string name of the resource content description string response content content state string response content content failurereason string response reason phrase content createdtime string response content content generationstartedtime string response content content generationcompletedtime string response content content generationprogress number response content content parameters type string parameters for the list report action content parameters formats array parameters for the list report action content files object response content content files property1 number response content content files property2 number response content output example {"status code" 200,"response headers" {},"reason" "success","json body" {"pagenumber" 1,"pagesize" 1,"sorts" \[{}],"totalcount" 0,"totalpages" 0,"content" \[{}]}} update case updates specific attributes of a dragos case for admins, assignees, or creators using the 'id' path parameter endpoint url /cases/cases/{{id}} method patch input argument name type required description path parameters id number required case id name string optional name hypothesis string optional hypothesis for case justification string optional justification priority number optional priority level (0 is the lowest) notificationids array optional notification ids are comma separated string or array of integers input example {"json body" {"name" "integrity case","hypothesis" "hypothesis for case","justification" "justification","priority" 0,"notificationids" \[0,1,2]},"path parameters" {"id" 1}} output parameter type description status code number http status code of the response reason string response reason phrase output example {"status code" 200,"response headers" {},"reason" "ok","json body" {}} update note updates a note for an open case in dragos, requiring message content along with note and case identifiers endpoint url /cases/cases/{{case id}}/notes/{{id}} method patch input argument name type required description path parameters case id number required parameters for the update note action path parameters id number required note id message string optional message input example {"json body" {"message" "cyber security"},"path parameters" {"case id" 1,"id" 1}} output parameter type description status code number http status code of the response headers object http headers for the request headers alt svc string http headers for the request headers cache control string http headers for the request headers content type string http headers for the request headers etag string http headers for the request headers server string http headers for the request headers x content type options string http headers for the request headers x frame options string http headers for the request headers x identity id string http headers for the request headers x privileges string http headers for the request headers x request id string http headers for the request headers x runtime string http headers for the request headers x username string http headers for the request headers x xss protection string http headers for the request headers date string http headers for the request headers connection string http headers for the request headers transfer encoding string http headers for the request status reason string status value body object request body data body id number request body data body caseid number request body data body generated boolean request body data body author string request body data body message string request body data output example {"status code" 200,"headers" {"alt svc" "h3=\\" 443\\"; ma=2592000","cache control" "max age=0, private, must revalidate","content type" "application/json; charset=utf 8","etag" "w/\\"aaba14bd2f6d36cda98410747ea0255f\\"","server" "caddy","x content type options" "nosniff","x frame options" "sameorigin","x identity id" "61bf8f1c 2679 4e84 8c25 3ffa85b15099","x privileges" "analytic\ read,asset\ map,asset\ read,asset\ write,auth\ identity\ read,baseline\ read, ","x request id" "p+8czg0kzgj9cd=nx9 xi/c//5g9 update vulnerability detection rule updates an existing vulnerability detection rule in dragos platform using a unique identifier (uuid) requires 'vulnerabilitydetectionruleupdate' privilege endpoint url /vulnerabilities/api/v1/vulnerability/detection/rules/update method post input argument name type required description headers object optional http headers for the request headers x username string optional username of requester not needed if accessing via gateway service headers x privileges string optional comma separated privilege ids of requester not needed if accessing via gateway service selector object optional parameter for update vulnerability detection rule selector idin array optional unique identifier selector valuematches object optional value for the parameter selector valuematches type string required type of the resource selector valuematches field string required value for the parameter selector anyof array optional list of other selectors to combine as an or; only allowed if no other fields specified selector allof array optional list of other selectors to combine as an and; only allowed if no other fields specified actions array optional parameter for update vulnerability detection rule actions type string required type of the resource actions risk number optional parameter for update vulnerability detection rule name string optional name of the resource description string optional parameter for update vulnerability detection rule category string optional parameter for update vulnerability detection rule license string optional parameter for update vulnerability detection rule reference string optional parameter for update vulnerability detection rule expiration string optional parameter for update vulnerability detection rule uuid string optional unique identifier input example {"json body" {"selector" {"idin" \["string"],"valuematches" {"type" "exact","field" "string"},"anyof" \[{}],"allof" \[{}]},"actions" \[{"type" "updaterisk","risk" 30}],"name" "string","description" "string","category" "string","license" "string","reference" "string","expiration" "2019 08 24","uuid" "string"},"headers" {"x username" "","x privileges" ""}} output parameter type description status code number http status code of the response reason string response reason phrase selector object output field selector selector idin array unique identifier selector valuematches object value for the parameter selector valuematches type string type of the resource selector anyof array output field selector anyof selector allof array output field selector allof actions array output field actions actions type string type of the resource name string name of the resource description string output field description category string output field category license string output field license reference string output field reference expiration string output field expiration uuid string unique identifier author string output field author lastmodifiedby string output field lastmodifiedby lastmodifiedat string output field lastmodifiedat createdat string output field createdat version number output field version output example {"status code" 200,"response headers" {},"reason" "ok","json body" {"selector" {"idin" \[],"valuematches" {},"anyof" \[],"allof" \[]},"actions" \[{}],"name" "string","description" "string","category" "string","license" "string","reference" "string","expiration" "2019 08 24","uuid" "string","author" "string","lastmodifiedby" "string","lastmodifiedat" "2019 08 24t14 15 22z","createdat" "2019 08 24t14 15 22z","version" 0}} update zone updates a zone's attributes in dragos, including name, description, color, and criteria, triggering asset re zoning endpoint url /assets/api/v4/updatezone method post input argument name type required description headers object optional http headers for the request headers x username string optional http headers for the request headers x privileges string optional http headers for the request id number optional unique identifier update object optional date value update name string optional name of the resource update description string required parameter for update zone update colorhex string optional parameter for update zone update criteria object optional parameter for update zone update criteria idoroldidin array optional unique identifier update criteria attributesmatches object optional parameter for update zone update criteria attributesmatches property1 object optional parameter for update zone update criteria attributesmatches property1 type string optional type of the resource update criteria attributesmatches property2 object optional parameter for update zone update criteria attributesmatches property2 type string optional type of the resource update criteria addressselector object optional parameter for update zone update criteria addressselector idin array optional unique identifier update criteria addressselector typein array optional type of the resource update criteria addressselector networkidin array optional unique identifier update criteria addressselector collectorselector object optional parameter for update zone update criteria addressselector collectorselector customerid string optional unique identifier update criteria addressselector collectorselector midpointid string optional unique identifier update criteria addressselector collectorselector collectorid string optional unique identifier update criteria addressselector collectorselector anyof array optional parameter for update zone update criteria addressselector collectorselector allof array optional parameter for update zone input example {"json body" {"id" 0,"update" {"name" "string","description" "string","colorhex" "string","criteria" {"idoroldidin" \[0],"attributesmatches" {"property1" {"type" "string"},"property2" {"type" "string"}},"addressselector" {"idin" \[0],"typein" \["mac"],"networkidin" \["string"],"collectorselector" {"customerid" "string","midpointid" "string","collectorid" "string","anyof" \[{}],"allof" \[{}],"not" {}},"valuematches" {"type" "string"},"anyof" \[{}],"allof" \[{}],"not" {},"associationtimerangeoverlaps" {"from" "2019 08 24t14 15 22z","to" "2019 08 24t14 15 22z"}},"createdatbefore" "2019 08 24t14 15 22z","createdatafter" "2019 08 24t14 15 22z","lastseenatbefore" "2019 08 24t14 15 22z","lastseenatafter" "2019 08 24t14 15 22z","textsearch" "string","isdeleted"\ true,"anyof" \[{}],"allof" \[{}],"not" {}},"coordinates" {"x" 0,"y" 0,"width" 0,"height" 0},"grouplabel" "string"}},"headers" {"x username" "x username","x privileges" "analytic\ read,asset\ map,asset\ read"}} output parameter type description status code number http status code of the response reason string response reason phrase id number unique identifier name string name of the resource description string output field description colorhex string output field colorhex criteria object output field criteria criteria idoroldidin array unique identifier criteria attributesmatches object output field criteria attributesmatches criteria attributesmatches property1 object output field criteria attributesmatches property1 criteria attributesmatches property1 type string type of the resource criteria attributesmatches property2 object output field criteria attributesmatches property2 criteria attributesmatches property2 type string type of the resource criteria addressselector object output field criteria addressselector criteria addressselector idin array unique identifier criteria addressselector typein array type of the resource criteria addressselector networkidin array unique identifier criteria addressselector collectorselector object output field criteria addressselector collectorselector criteria addressselector collectorselector customerid string unique identifier criteria addressselector collectorselector midpointid string unique identifier criteria addressselector collectorselector collectorid string unique identifier criteria addressselector collectorselector anyof array output field criteria addressselector collectorselector anyof criteria addressselector collectorselector allof array output field criteria addressselector collectorselector allof criteria addressselector collectorselector not object output field criteria addressselector collectorselector not criteria addressselector valuematches object value for the parameter output example {"status code" 200,"response headers" {},"reason" "success","json body" {"id" 0,"name" "string","description" "string","colorhex" "#000000","criteria" {"idoroldidin" \[],"attributesmatches" {},"addressselector" {},"createdatbefore" "2019 08 24t14 15 22z","createdatafter" "2019 08 24t14 15 22z","lastseenatbefore" "2019 08 24t14 15 22z","lastseenatafter" "2019 08 24t14 15 22z","textsearch" "string","isdeleted"\ true,"anyof" \[],"allof" \[],"not" {}},"coordinates" {"x" 0,"y" 0,"width" 0,"height" 0},"gr response headers header description example alt svc http response header alt svc h3=" 443 "; ma=2592000 cache control directives for caching mechanisms max age=0, private, must revalidate content type the media type of the resource application/json date the date and time at which the message was originated thu, 01 jan 2024 00 00 00 gmt etag an identifier for a specific version of a resource w/"49d28362723562024cd4c788aab9b05d" server information about the software used by the origin server caddy transfer encoding http response header transfer encoding chunked x content type options http response header x content type options nosniff x frame options http response header x frame options sameorigin x identity id http response header x identity id 61bf8f1c 2679 4e84 8c25 3ffa85b15099 x privileges http response header x privileges analytic \ read ,asset \ map ,asset \ read ,asset \ write ,auth\ identity \ read ,baseline \ read ,baseline \ update ,case \ create ,case \ read ,file \ upload ,network \ read ,notification \ read ,notification\ rule \ read ,notification \ update ,playbook \ create ,playbook \ read ,report \ read ,report \ write ,sensor \ read ,tasking\ capture \ create ,tasking \ read ,vulnerability\ log \ read ,vulnerability \ read ,vulnerability\ rule \ read x request id a unique identifier for the request 5vyck6pw0g g7+6tfrp mj5wxeijz4zxrn =t+lw1ai1+=//pr z742ijbkdv28v x runtime http response header x runtime 0 035914 x username http response header x username tp7864 x xss protection http response header x xss protection 1; mode=block