EclecticIQ

eclecticiq is a threat intelligence platform that enables organizations to collect, analyze, and share cyber threat intelligence eclecticiq is a leading threat intelligence platform that enables organizations to detect, analyze, and respond to cyber threats effectively the eclecticiq connector for swimlane turbine allows users to seamlessly integrate threat intelligence data into their security automation workflows by leveraging this integration, swimlane turbine users can automate the creation and retrieval of threat entities and observables, enhancing their ability to manage and respond to security incidents efficiently this integration empowers security teams to streamline threat intelligence operations, reduce manual effort, and improve response times by automating key processes such as entity creation, entity retrieval, and observables management limitations none to date supported versions this eclecticiq connector uses the latest version api additional documents documentation click here https //developers eclecticiq com/reference/get aggregations entities counts prerequisites before you can use the eclecticiq connector for turbine, you'll need access to the eclecticiq api this requires the following http bearer authentication using the following parameters url the endpoint url for accessing the eclecticiq api api key a valid api key to authenticate requests to the eclecticiq platform authentication methods http bearer authentication method url the endpoint url for accessing the eclecticiq api api key a valid api key for authenticating requests to the eclecticiq api capabilities this eclecticiq connector provides the following capabilities create an entity get a list of entities get a list of observables get an entity by id create an entity this action leverages the external (stix) id provided on the payload's data attribute to de duplicate the entity click here https //developers eclecticiq com/reference/post entities get a list of entities retrieves a paginated list of entities with sorting, optional field projection, structured filters, and lucene full text or faceted search click here https //developers eclecticiq com/reference/get entities get a list of observables retrieve observables with pagination, sorting, optional field projection, filters (type, value, sources, entities), and lucene style search click here https //developers eclecticiq com/reference/get observables get an entity by id retrieves an entity by its id the id can be either a stix id or an eclecticiq id click here https //developers eclecticiq com/reference/get entities id configurations http bearer authentication authenticates using bearer token such as a jwt, etc configuration parameters parameter description type required url a url to the target host string required token the api key, token, etc string required verify ssl verify ssl certificate boolean optional http proxy a proxy to route requests through string optional actions create an entity leverage the external stix id in the payload's data attribute to de duplicate and create an entity in eclecticiq endpoint url api/v2/entities method post input argument name type required description data object optional root object for the entity create request (stix data, meta, attachments, internal id) data data object required this object will be validated with a schema selected based on the value of the "type" property if the value doesn't match a specific schema, the schema named "entitydataapischema" will be used data data type string required entity type (stix); required allowed values depend on the selected schema for the payload data data information source object optional stix information source object data data information source identity object optional stix identity reference embedded in the information source data data information source identity type string optional stix identity type data data information source type string optional information source type discriminator (e g information source) data data confidence string optional confidence level data data description string optional main text description of the entity data data id string optional stix id to uniquely identify the object if none is specified on an entity payload then the platform will automatically generate a stix id in the format type uuid data data short description string optional short summary description of the entity data data title string required title of the entity (required) data data description structuring format string optional format identifier for structured description text (if used) data data timestamp string optional entity timestamp (utc iso 8601 format) data data original eiqjson1 entity object optional legacy eclecticiq json v1 entity object payload data meta object optional entity metadata object data meta report template object optional basic metadata of the associated report template data meta report template id number optional report template identifier data meta report template sub title string optional report template subtitle data meta report template super title string optional report template super title data meta half life number optional half life integer data meta source reliability \['string', 'null'] optional source reliability rating, or null data meta tags array optional collection of tag strings applied to the entity data meta tlp color string optional the current tlp value clear and amber strict are accepted as input but converted to tlp v1 on the response side data meta alias string optional user defined title input example {"json body" {"data" {"data" {"type" " ","information source" {"identity" {"type" "identity"},"type" "information source"},"confidence" "high","description" "test description","description structuring format" "string","id" "{https //example com}indicator da747dd9 5564 44e1 aa24 8b527dfb8868","short description" "test ","timestamp" "2016 12 31t16 28 00+00 00","title" "test title","newkey" "new value","original eiqjson1 entity" {"newkey" "new value"}},"meta" {"report template" {"id" 5,"sub title" "test sub title","super title" "test super title"},"half life" 100000,"source reliability" "e","tags" \["test tag"],"tlp color" "green","newkey" "new value","alias" "test alias string","attacks" \["http //localhost/api/v2/attacks/ta0001\ t1078 001"],"estimated observed time" "2016 12 31t16 28 00+00 00","estimated threat end time" "2016 12 31t16 28 00+00 00","estimated threat start time" "2016 12 31t16 28 00+00 00","taxonomies" \["http //localhost/api/v2/taxonomies/1"]},"attachments" \["http //localhost/api/v2/entities/attachments/1"],"datasets" \["http //localhost/api/v2/datasets/1"],"observables" \["http //localhost/api/v2/observables/1"],"sources" \["http //localhost/api/v2/sources/a86de6e0 af20 4a57 93d9 826e1ef4a47a"],"id" "a86de6e0 af20 4a57 93d9 826e1ef4a47a"}}} output parameter type description status code number http status code of the response reason string response reason phrase data object response data data attachments array response data data created at string response data data created by string response data data data object response data data data aliases array response data data data aliases value string response data data data confidence string response data data data description string response data data data description structuring format string response data data data external references array response data data data external references description string response data data data external references external id string response data data data external references hashes object response data data data external references hashes additionalprop string response data data data external references source name string response data data data external references url string response data data data handling array response data data data handling controlled structure string response data data data handling id string response data data data handling idref string response data data data handling information source object response data data data handling information source description string response data output example {"status code" 202,"response headers" {},"reason" "created","json body" {"data" {"attachments" \[],"created at" "2025 12 23t09 58 48+00 00","created by" "http //localhost/api/v2/users/74306","data" {},"datasets" \[],"id" "57e91639 92e9 47e1 bfb3 162d2e16aef1","incoming feed" "http //localhost/api/v2/incoming feeds/12260","last updated at" "2021 09 11t11 42 03+00 00","meta" {},"observables" \[],"outgoing feeds" \[],"relevancy" 410,"sources" \[]}}} get a list of entities retrieve a paginated list of entities in eclecticiq with sorting, optional field projection, structured filters, and lucene full text or faceted search endpoint url api/v2/entities method get input argument name type required description parameters limit number optional maximum number of items to be returned (int32) parameters offset number optional return results starting from the specified zero based index (int32) parameters sort string optional comma separated list of fields to sort on prefix a field with the minus " " sign to apply descending sort parameters data boolean optional set to false to retrieve only the count of objects matching the query; otherwise full result data is returned parameters attributes string optional comma separated list of attributes to return nested attributes are separated by dots (e g data title) parameters filter\[id] string optional filter by entity internal uuid parameters filter\[type] string optional filter by entity type parameters filter\[data id] string optional filter by stix id parameters filter\[data title] string optional filter by title parameters filter\[data description] string optional filter by description parameters filter\[data test mechanisms test mechanism type] string optional filter by test mechanism type parameters filter\[data producer identity] string optional filter by producer identity parameters filter\[data producer roles] string optional filter by producer roles parameters filter\[meta alias] string optional filter by entity alias parameters filter\[meta half life] string optional filter by entity half life parameters filter\[sources] string optional filter by source(s) parameters filter\[incoming feed] string optional filter by incoming feed id/url parameters filter\[outgoing feeds] string optional filter by outgoing feed ids/urls parameters filter\[meta source reliability] string optional filter by entity source reliability (admiralty scale letter) parameters filter\[meta tags] string optional filter by tags parameters filter\[meta taxonomies] string optional filter by taxonomy node ids/urls parameters filter\[meta is unresolved idref] string optional filter by unresolved idref flag to exclude all unresolved entities, use filter\[!meta is unresolved idref]=true on the api parameters filter\[meta tlp color] string optional filter by tlp color clear and amber strict may be accepted as input and mapped on the server parameters filter\[meta attacks] string optional filter by mitre att\&ck ids/urls the filter follows parent relationships if an entity is classified with a technique, filtering on the parent tactic still includes that entity parameters filter\[attack classifications] string optional filter by mitre att\&ck ids/urls for explicit classifications only filtering on a parent tactic does not include entities classified only with a child technique input example {"parameters" {"limit" 26,"offset" 495,"sort" "id","data"\ true,"attributes" "data description,meta tags,id","filter\[id]" "6f3c1dc4 9d3e 4959 98d1 d3a1803040d9","filter\[type]" "attack pattern","filter\[data id]" "{https //d440jsdt example com}indicator 5d8d2f67 2511 447c bb11 64d35a32aae2","filter\[data title]" "zzyfgg1a ee4fxd title","filter\[data description]" "random description oz14do1fsi5ireunxjbt ","filter\[data test mechanisms test mechanism type]" "yara","filter\[data producer identity]" "http //localhost/api/v2/sources/f015be5a be3f 40b9 92cd 20f9f06376e7","filter\[data producer roles]" "reporter","filter\[meta alias]" "alias l8yfkh","filter\[meta half life]" "86400","filter\[sources]" "http //localhost/api/v2/sources/7e2539fc 7612 413f b784 6e3fea683665","filter\[incoming feed]" "http //localhost/api/v2/incoming feeds/43738","filter\[outgoing feeds]" "http //localhost/api/v2/outgoing feeds/77285","filter\[meta source reliability]" "c","filter\[meta tags]" "rch8k,p062a,ssd38,9www8","filter\[meta taxonomies]" "http //localhost/api/v2/taxonomies/87436,http //localhost/api/v2/taxonomies/70569","filter\[meta is unresolved idref]" "false","filter\[meta tlp color]" "red","filter\[meta attacks]" "http //localhost/api/v2/attacks/ta0002\ t1084 4","filter\[attack classifications]" "http //localhost/api/v2/attacks/ta0001\ t1051","filter\[datasets]" "http //localhost/api/v2/datasets/81290","filter\[observables]" "http //localhost/api/v2/observables/95810","filter\[ lucene search]" "attached files "}} output parameter type description status code number http status code of the response reason string response reason phrase data array response data data attachments array response data data created at string response data data created by string response data data data object response data data data aliases array response data data data aliases value string response data data data confidence string response data data data description string response data data data description structuring format string response data data data external references array response data data data external references description string response data data data external references external id string response data data data external references source name string response data data data external references url string response data data data handling array response data data data handling controlled structure string response data data data handling id string response data data data handling idref string response data data data handling information source object response data data data handling information source description string response data data data handling information source description structuring format string response data data data handling information source identity object response data output example {"status code" 200,"response headers" {},"reason" "ok","json body" {"data" \[{}]}} get a list of observables retrieve a list of observables from eclecticiq with options for pagination, sorting, field projection, filters, and lucene style search endpoint url api/v2/observables method get input argument name type required description parameters limit number optional maximum number of items to be returned (int32) parameters offset number optional return results starting from the specified zero based index (int32) parameters sort string optional comma separated list of fields to sort on prefix a field with the minus " " sign to apply descending sort parameters data boolean optional set to false to retrieve only the count of objects matching the query; otherwise full result data is returned parameters attributes string optional comma separated list of attributes to return use dots for nested attributes (e g data title) parameters filter\[type] string optional filter by observable type parameters filter\[value] string optional filter by observable value parameters filter\[sources] string optional filter by source id/url parameters filter\[entities] string optional filter by related entity id/url parameters filter\[ lucene search] string optional full text or faceted search with logic operators such as and and or input example {"parameters" {"limit" 12,"offset" 0,"sort" "field 1","data"\ true,"attributes" "field 1","filter\[type]" "test type","filter\[value]" "test value","filter\[sources]" "test sources","filter\[entities]" "test entities","filter\[ lucene search]" "field 1\ value and field 2\ other"}} output parameter type description status code number http status code of the response reason string response reason phrase data array response data data created at string response data data entities array response data data id number response data data last updated at string response data data meta object response data data meta link type string response data data meta maliciousness string response data data meta risk score string response data data meta additionalprop object response data data sources array response data data type string response data data value string response data output example {"status code" 200,"response headers" {},"reason" "ok","json body" {"data" \[{}]}} get an entity by id retrieve an entity using its stix or eclecticiq id requires the 'id' as a path parameter endpoint url api/v2/entities/{{id}} method get input argument name type required description parameters attributes string optional comma separated list of attributes to be returned nested attributes are separated by dots e g data title path parameters id string required entity id it can be either a stix id or an eclecticiq id input example {"parameters" {"attributes" "data title,meta alias,data id"},"path parameters" {"id" "1"}} output parameter type description status code number http status code of the response reason string response reason phrase data object response data data attachments array response data data created at string response data data created by string response data data data object response data data data aliases array response data data data aliases value string response data data data confidence string response data data data description string response data data data description structuring format string response data data data external references array response data data data external references description string response data data data external references external id string response data data data external references source name string response data data data external references url string response data data data external references hashes object response data data data external references hashes additionalprop string response data data data handling array response data data data handling controlled structure string response data data data handling id string response data data data handling idref string response data data data handling information source object response data data data handling information source description string response data output example {"status code" 200,"response headers" {},"reason" "ok","json body" {"data" {"attachments" \[],"created at" "2026 03 03t04 18 53+00 00","created by" "http //localhost/api/v2/users/18341","data" {},"datasets" \[],"id" "2d3f8587 0f63 4833 b7ff 134e97bd2f8f","incoming feed" "http //localhost/api/v2/incoming feeds/65270","last updated at" "2026 03 02t17 01 14 647z","meta" {},"observables" \[],"outgoing feeds" \[],"relevancy" 151,"sources" \[]}}} response headers header description example content type the media type of the resource application/json date the date and time at which the message was originated thu, 01 jan 2024 00 00 00 gmt