-
Notifications
You must be signed in to change notification settings - Fork 11
REST API
stmtstk edited this page Jan 19, 2021
·
4 revisions
S-TIP RS provides REST API. You can access to STIX (XML or JSON) data via API.
| HTTP format | URL | operation |
|---|---|---|
| GET | /api/v1/stix_files | Get STIX file list. |
| POST | /api/v1/stix_files | Add STIX file. |
| DELETE | /api/v1/stix_files_package_id/<package_id> | Delete STIX file. |
| DELETE | /api/v1/stix_files/<mongo_id> | Delete STIX file. |
| GET | /api/v1/stix_files/<id> | Get STIX file information specified by id. |
| GET | /api/v1/stix_files/<id>/stix | Get STIX file contents specified by id. |
| GET | /api/v1/stix_files_package_id/<package_id>/stix | Get the stix content that you specify by package_id. |
| GET | /api/v1/stix_files_package_id/<package_id>/related_packages | Get related CTI with a specified package_id from the S-TIP database like graph view function. |
| POST | /api/v1/stix_files_v2/<observed_data_id>/sighting | Add STIXv2 observed data specified by observed_data_id. |
| GET | /api/v1/stix_files_v2/<object_refs>/language_contents | Get a language content. |
| POST | /api/v1/stix_files_v2/<object_refs>/language_contents | Post a launguage content. |
| GET | /api/v1/stix_files_v2/search_bundle&match[object_id]=<object_id> | Get a bundle id by object_id. If no query is specified, get a list which contains all bundle id. |
| GET | /api/v1/stix_files_v2/object/<object_id> | Get an object content by object_id. |
| DELETE | /api/v1/stix_files_v2/object/<object_id> | Delete a STIX content which contains an object whose id is object_id. |
| GET | /api/v1/sns/feeds | Get a feed list in S-TIP SNS. |
| GET | /api/v1/sns/attaches | Get the attachment files list in S-TIP SNS. |
| GET | /api/v1/sns/contents | Get post content in S-TIP SNS. |
Python code below adds STIX file example to S-TIP by the following command:
$ python post_stix.py https://[s-tip address]:10001/api/v1/stix_files admin \
[admin's api key] apt_test /tmp/test.xml
# -*- coding: utf-8 -*-
import os
import sys
import json
import requests
import argparse
##############################
# post_stix.py
# Add STIX file to S-TIP
##############################
# 1st argument: URL
# e.g. https://[s-tip address]/:10001/api/v1/stix_files
# 2nd argument: username
# e.g. admin
# 3rd argument: api_key
# You can get api_key by clicking the "Hello, xxxx" area in S-TIP RS.
# 4th argument: community_name
# It is necessary to create community above in S-TIP RS in advance.
# e.g. api_test
# It is necessary to create community above in S-TIP RS in advance.
# 5th argument: attachment STIX file
# e.g. /tmp/test.xml
##############################
# option:
# -p package name
##############################
if __name__ == '__main__':
parser = argparse.ArgumentParser(description = 'Post STIX Script')
parser.add_argument('-p','--package_name',help='package name(option)')
parser.add_argument('url',help='url')
parser.add_argument('user_name',help='user name')
parser.add_argument('apikey',help='apikey')
parser.add_argument('community_name',help='community name')
parser.add_argument('attachments',help='attachments file')
args = parser.parse_args()
# credential
headers = {
'username': args.user_name,
'apikey': args.apikey,
}
# upload info
data = {
'community_name' : args.community_name
}
if args.package_name is not None:
data['package_name'] = args.package_name
# upload file
files = {}
files['stix'] = open(args.attachments)
# send request
r = requests.post(
args.url,
headers=headers,
data=data,
files=files,
verify=False)
# response analysis
b = json.loads(r.text)
if r.status_code != 201:
print 'Request Failed (%s, %s).' % (r.status_code,b['userMessage'])
sys.exit(os.EX_UNAVAILABLE)
else:
print 'Success!'
sys.exit(os.EX_OK)
This example deletes the specified STIX file and records from S-TIP Repository System Database.
Python code below deletes STIX file example to S-TIP by the following command:
$ python delete_stix.py https://[s-tip address]:10001/api/v1/stix_files_package_id/<package_id> admin \
[admin's api key]
delete_stix.py file is located at "stip-rs/bin".
GET /api/v1/stix_files_package_id/<package_id>/related_packages
The response format is below.
[
{
"package_id": ,
"package_name": ,
"exact": 3 (number of same value pair (integer)
},
....
]
If there are no related packages, this API returns [].
API returns 201 code if API execution succeeded.
Below is a status code 500 error example.
Request Failed (500, duplicate package_id:s-tip:Package-190a016b-1dfa-4255-be7b-f855a7c0xxxx).