Add threat intel source apis for create delete get search operations #7847
Conversation
eirsep
requested review from
hdhalter,
kolchfa-aws,
Naarcha-AWS,
vagimeli,
AMoo-Miki,
natebower,
dlvenable,
stephen-crawford and
epugh
as code owners
|
Thank you for submitting your PR. The PR states are In progress (or Draft) -> Tech review -> Doc review -> Editorial review -> Merged. Before you submit your PR for doc review, make sure the content is technically accurate. If you need help finding a tech reviewer, tag a maintainer. When you're ready for doc review, tag the assignee of this PR. The doc reviewer may push edits to the PR directly or leave comments and editorial suggestions for you to address (let us know in a comment if you have a preference). The doc reviewer will arrange for an editorial review. |
|
@AWSHurneyt plz review |
hdhalter
added
3 - Tech review
| "bucket_name": "threat-intel-s3-test-bucket", | ||
| "object_key": "alltypess3object", | ||
| "region": "us-west-2", | ||
| "role_arn": "arn:aws:iam::248279774929:role/threat_intel_s3_test_role" |
There was a problem hiding this comment.
Should we instead use a placeholder here like <ROLE_ARN>?
There was a problem hiding this comment.
Good point. It's a dummy aws account but will let @Naarcha-AWS and @hdhalter recommned the right practice.
There was a problem hiding this comment.
I'm okay with a dummy account, personally.
|
|
||
| # Threat Intelligence Source Configuration APIs | ||
|
|
||
| The following APIs can be used for tasks related to threat intelligence source configurations. |
There was a problem hiding this comment.
@eirsep Would it be helpful to define what a source is for our purposes?
There was a problem hiding this comment.
Started off with the APIs
Once that's done, similar to detectors, I will define entities and detail them out in another commit to this PR
There was a problem hiding this comment.
added a page for Threat intel overview plz check
_security-analytics/api-tools/threat-intel/threat-intel-source.md
Outdated
Show resolved
Hide resolved
_security-analytics/api-tools/threat-intel/threat-intel-source.md
Outdated
Show resolved
Hide resolved
_security-analytics/api-tools/threat-intel/threat-intel-source.md
Outdated
Show resolved
Hide resolved
|
|
||
| # Threat Intelligence Source Configuration APIs | ||
|
|
||
| The following APIs can be used for tasks related to threat intelligence source configurations. |
There was a problem hiding this comment.
| The following APIs can be used for tasks related to threat intelligence source configurations. | |
| You can use threat intelligence source API to configure tasks related to threat intelligence sources. |
_security-analytics/api-tools/threat-intel/threat-intel-source.md
Outdated
Show resolved
Hide resolved
| --- | ||
| ## Create Threat intel source API | ||
|
|
||
| Creates a new threat intel source. |
There was a problem hiding this comment.
| Creates a new threat intel source. | |
| The following command creates a new threat intelligence source. |
_security-analytics/api-tools/threat-intel/threat-intel-source.md
Outdated
Show resolved
Hide resolved
_security-analytics/api-tools/threat-intel/threat-intel-source.md
Outdated
Show resolved
Hide resolved
_security-analytics/api-tools/threat-intel/threat-intel-source.md
Outdated
Show resolved
Hide resolved
_security-analytics/api-tools/threat-intel/threat-intel-source.md
Outdated
Show resolved
Hide resolved
|
@AWSHurneyt what documentation should we add related to the S3 Role ARN on what needs to be configured? |
hdhalter
added
4 - Doc review
hdhalter
changed the title
|
@AWSHurneyt @Naarcha-AWS plz review |
Signed-off-by: Surya Sashank Nistala <[email protected]>
Signed-off-by: Surya Sashank Nistala <[email protected]>
Co-authored-by: Heather Halter <[email protected]> Signed-off-by: Surya Sashank Nistala <[email protected]>
Co-authored-by: Heather Halter <[email protected]> Signed-off-by: Surya Sashank Nistala <[email protected]>
Co-authored-by: Heather Halter <[email protected]> Signed-off-by: Surya Sashank Nistala <[email protected]>
Co-authored-by: Heather Halter <[email protected]> Signed-off-by: Surya Sashank Nistala <[email protected]>
Co-authored-by: Heather Halter <[email protected]> Signed-off-by: Surya Sashank Nistala <[email protected]>
Co-authored-by: Heather Halter <[email protected]> Signed-off-by: Surya Sashank Nistala <[email protected]>
Co-authored-by: Heather Halter <[email protected]> Signed-off-by: Surya Sashank Nistala <[email protected]>
Co-authored-by: Heather Halter <[email protected]> Signed-off-by: Surya Sashank Nistala <[email protected]>
Signed-off-by: Surya Sashank Nistala <[email protected]>
Signed-off-by: Surya Sashank Nistala <[email protected]>
Signed-off-by: Surya Sashank Nistala <[email protected]>
Signed-off-by: Surya Sashank Nistala <[email protected]>
|
Closing in favor of #7905 |
Description
added threat intel source apis for create delete get search operations
Issues Resolved
Closes #7714
Version
2.16
Checklist
For more information on following Developer Certificate of Origin and signing off your commits, please check here.