Optional indication of how the collector is deployed.
key
string
Yes
—
The registration key for the collector. Must be unique, and a valid UUID.
name
string
Yes
—
The name for the new collector. Must be unique.
Show inputSchema
{ "type": "object", "properties": { "PCID": { "type": "string", "description": "Pink Connect ID for the authenticated connection" }, "deployment_type": { "type": "string", "description": "Optional indication of how the collector is deployed." }, "key": { "type": "string", "description": "The registration key for the collector. Must be unique, and a valid UUID." }, "name": { "type": "string", "description": "The name for the new collector. Must be unique." } }, "required": [ "PCID", "key", "name" ]}
The key of a Community Threat for which the indicators are going to be added.
format
string
Yes
—
The input format.
body
string
Yes
—
The request body format should be one of JSON, STIX XML, CSV, or multi-part file data. The maximum payload size is 50 MB.
Show inputSchema
{ "type": "object", "properties": { "PCID": { "type": "string", "description": "Pink Connect ID for the authenticated connection" }, "key": { "type": "string", "description": "The key of a Community Threat for which the indicators are going to be added." }, "format": { "type": "string", "description": "The input format.", "enum": [ "json", "csv", "stix_xml" ] }, "body": { "type": "string", "description": "The request body format should be one of JSON, STIX XML, CSV, or multi-part file data. The maximum payload size is 50 MB." } }, "required": [ "PCID", "key", "format", "body" ]}
The ID or RRN of the investigation to assign the user to.
user_email_address
string
Yes
—
The email address of the user to assign to this investigation, used to log into the Insight Platform.
Show inputSchema
{ "type": "object", "properties": { "PCID": { "type": "string", "description": "Pink Connect ID for the authenticated connection" }, "id": { "type": "string", "description": "The ID or RRN of the investigation to assign the user to." }, "user_email_address": { "type": "string", "description": "The email address of the user to assign to this investigation, used to log into the Insight Platform." } }, "required": [ "PCID", "id", "user_email_address" ]}
The category of alerts that should be closed. This parameter is required if the source is ALERT and ignored for other sources. This value must exactly match the alert type returned by the List Investigations response.
detection_rule_rrn
string
No
—
The RRN of the detection rule. Investigations will only be closed that are associated with this detection rule. If a detection rule RRN is given, the alert_type is required to be ‘Attacker Behavior Detected’.
from
string
Yes
—
An ISO formatted timestamp. Only investigations whose createTime is after this date will be closed.
max_investigations_to_close
integer
No
—
An optional, maximum number of alerts to close with this request. If this parameter is not specified, then there is no maximum. If this limit is exceeded, then a 400 error response is returned. The minimum value is 0.
source
string
Yes
—
The name of an investigation source. Only investigations from this source will be closed. If the source is ALERT, an alert type must be specified as well.
to
string
Yes
—
An ISO formatted timestamp. Only investigations whose createTime is before this date will be closed.
Show inputSchema
{ "type": "object", "properties": { "PCID": { "type": "string", "description": "Pink Connect ID for the authenticated connection" }, "alert_type": { "type": "string", "description": "The category of alerts that should be closed. This parameter is required if the source is ALERT and ignored for other sources. This value must exactly match the alert type returned by the List Investigations response." }, "detection_rule_rrn": { "type": "string", "description": "The RRN of the detection rule. Investigations will only be closed that are associated with this detection rule. If a detection rule RRN is given, the alert_type is required to be 'Attacker Behavior Detected'." }, "from": { "type": "string", "description": "An ISO formatted timestamp. Only investigations whose createTime is after this date will be closed." }, "max_investigations_to_close": { "type": "integer", "description": "An optional, maximum number of alerts to close with this request. If this parameter is not specified, then there is no maximum. If this limit is exceeded, then a 400 error response is returned. The minimum value is 0." }, "source": { "type": "string", "description": "The name of an investigation source. Only investigations from this source will be closed. If the source is ALERT, an alert type must be specified as well.", "enum": [ "ALERT,MANUAL,HUNT" ] }, "to": { "type": "string", "description": "An ISO formatted timestamp. Only investigations whose createTime is before this date will be closed." } }, "required": [ "PCID", "from", "source", "to" ]}
An array of attachment RRNs to associate with the comment.
body
string
No
—
The body of the comment.
target
string
Yes
—
The target of the comment, which determines where it will appear within InsightIDR.
Show inputSchema
{ "type": "object", "properties": { "PCID": { "type": "string", "description": "Pink Connect ID for the authenticated connection" }, "attachments": { "type": "array", "items": { "type": "string" }, "description": "An array of attachment RRNs to associate with the comment." }, "body": { "type": "string", "description": "The body of the comment." }, "target": { "type": "string", "description": "The target of the comment, which determines where it will appear within InsightIDR." } }, "required": [ "PCID", "target" ]}
The request body format must be in JSON. The maximum payload size is 50 MB.
Show inputSchema
{ "type": "object", "properties": { "PCID": { "type": "string", "description": "Pink Connect ID for the authenticated connection" }, "body": { "type": "string", "description": "The request body format must be in JSON. The maximum payload size is 50 MB." } }, "required": [ "PCID", "body" ]}
The optional, 0 based index of the page to retrieve. Must be an integer greater than or equal to 0.
size
integer
No
—
The optional size of the page to retrieve. Must be an integer greater than 0 or less than or equal to 100.
resourceTypes
string
No
—
An optional, comma-separated set of resource types. Only resources whose type matches one of the entries in the list are returned. If this parameter is omitted, health metrics with any resource type may be returned.
orgId
string
No
—
Optional organization ID to get metrics for. If not specified, metrics for the user’s current organization will be returned. User must have access to the specified organization.
Show inputSchema
{ "type": "object", "properties": { "PCID": { "type": "string", "description": "Pink Connect ID for the authenticated connection" }, "index": { "type": "integer", "description": "The optional, 0 based index of the page to retrieve. Must be an integer greater than or equal to 0." }, "size": { "type": "integer", "description": "The optional size of the page to retrieve. Must be an integer greater than 0 or less than or equal to 100." }, "resourceTypes": { "type": "string", "description": "An optional, comma-separated set of resource types. Only resources whose type matches one of the entries in the list are returned. If this parameter is omitted, health metrics with any resource type may be returned." }, "orgId": { "type": "string", "description": "Optional organization ID to get metrics for. If not specified, metrics for the user's current organization will be returned. User must have access to the specified organization." } }, "required": [ "PCID" ]}
The optional, 0 based index of the page to retrieve. Must be an integer greater than or equal to 0.
size
integer
No
—
The optional size of the page to retrieve. Must be an integer greater than 0 or less than or equal to 100.
Show inputSchema
{ "type": "object", "properties": { "PCID": { "type": "string", "description": "Pink Connect ID for the authenticated connection" }, "target": { "type": "string", "description": "Return attachments with this target." }, "index": { "type": "integer", "description": "The optional, 0 based index of the page to retrieve. Must be an integer greater than or equal to 0." }, "size": { "type": "integer", "description": "The optional size of the page to retrieve. Must be an integer greater than 0 or less than or equal to 100." } }, "required": [ "PCID", "target" ]}
The optional 0, based index of the page to retrieve. Must be an integer greater than or equal to 0.
size
integer
No
—
The optional size of the page to retrieve. Must be an integer greater than 0 or less or equal to 100.
Show inputSchema
{ "type": "object", "properties": { "PCID": { "type": "string", "description": "Pink Connect ID for the authenticated connection" }, "target": { "type": "string", "description": "Return comments with this target." }, "index": { "type": "integer", "description": "The optional 0, based index of the page to retrieve. Must be an integer greater than or equal to 0." }, "size": { "type": "integer", "description": "The optional size of the page to retrieve. Must be an integer greater than 0 or less or equal to 100." } }, "required": [ "PCID", "target" ]}
The optional, 0 based index of the page to retrieve. Must be an integer greater than or equal to 0.
size
integer
No
—
The optional size of the page to retrieve. Must be an integer greater than 0 or less then or equal to 1000.
statuses
string
No
—
An optional, comma-separated set of investigation statuses. Only investigations whose status matches one of the entries in the list will be returned. If this parameter, is omitted investigations with any status may be returned.
start_time
string
No
—
An optional, ISO-formatted timestamp. Only investigations whose createTime is after this date will be returned by the API. If this parameter is omitted, investigations with any create_time may be returned.
end_time
string
No
—
An optional, ISO-formatted timestamp. Only investigations whose createTime is before this date will be returned by the API. If this parameter is omitted, investigations with any create_time may be returned.
Show inputSchema
{ "type": "object", "properties": { "PCID": { "type": "string", "description": "Pink Connect ID for the authenticated connection" }, "index": { "type": "integer", "description": "The optional, 0 based index of the page to retrieve. Must be an integer greater than or equal to 0." }, "size": { "type": "integer", "description": "The optional size of the page to retrieve. Must be an integer greater than 0 or less then or equal to 1000." }, "statuses": { "type": "string", "description": "An optional, comma-separated set of investigation statuses. Only investigations whose status matches one of the entries in the list will be returned. If this parameter, is omitted investigations with any status may be returned." }, "start_time": { "type": "string", "description": "An optional, ISO-formatted timestamp. Only investigations whose createTime is after this date will be returned by the API. If this parameter is omitted, investigations with any create_time may be returned." }, "end_time": { "type": "string", "description": "An optional, ISO-formatted timestamp. Only investigations whose createTime is before this date will be returned by the API. If this parameter is omitted, investigations with any create_time may be returned." } }, "required": [ "PCID" ]}
Replace indicators for a Community ThreatParameters:
Parameter
Type
Required
Default
Description
key
string
Yes
—
The key of a Community Threat for which the indicators are going to be added.
format
string
Yes
—
The input format.
body
string
Yes
—
The request body format should be one of JSON, STIX XML, CSV, or multi-part file data. The maximum payload size is 50 MB.
Show inputSchema
{ "type": "object", "properties": { "PCID": { "type": "string", "description": "Pink Connect ID for the authenticated connection" }, "key": { "type": "string", "description": "The key of a Community Threat for which the indicators are going to be added." }, "format": { "type": "string", "description": "The input format.", "enum": [ "json", "csv", "stix_xml" ] }, "body": { "type": "string", "description": "The request body format should be one of JSON, STIX XML, CSV, or multi-part file data. The maximum payload size is 50 MB." } }, "required": [ "PCID", "key", "format", "body" ]}
The optional, 0 based index of the page to retrieve. Must be an integer greater than or equal to 0.
size
integer
No
—
The optional size of the page to retrieve. Must be an integer greater than 0 or less than or equal to 1000.
search
object[]
No
—
The criteria for which entities to return.
sort
object[]
No
—
The sorting information.
Show inputSchema
{ "type": "object", "properties": { "PCID": { "type": "string", "description": "Pink Connect ID for the authenticated connection" }, "index": { "type": "integer", "description": "The optional, 0 based index of the page to retrieve. Must be an integer greater than or equal to 0." }, "size": { "type": "integer", "description": "The optional size of the page to retrieve. Must be an integer greater than 0 or less than or equal to 1000." }, "search": { "type": "array", "items": { "type": "object", "properties": { "field": { "type": "string", "description": "The field to search within." }, "operator": { "type": "string", "enum": [ "EQUALS", "CONTAINS", "IN" ], "description": "The search operation to perform. All operators are case-insensitive when operating on strings." }, "value": { "type": "object", "description": "The value to search for." } } }, "description": "The criteria for which entities to return." }, "sort": { "type": "array", "items": { "type": "object", "properties": { "field": { "type": "string", "description": "The field to sort by." }, "order": { "type": "string", "enum": [ "ASC", "DESC", "ASC,DESC" ], "description": "The sorting direction. Sorting is case-insensitive when sorting strings." } } }, "description": "The sorting information." } }, "required": [ "PCID" ]}
The optional, 0 based index of the page to retrieve. Must be an integer greater than or equal to 0.
size
integer
No
—
The optional size of the page to retrieve. Must be an integer greater than 0 or less than or equal to 1000.
search
object[]
No
—
The criteria for which entities to return.
sort
object[]
No
—
The sorting information.
Show inputSchema
{ "type": "object", "properties": { "PCID": { "type": "string", "description": "Pink Connect ID for the authenticated connection" }, "index": { "type": "integer", "description": "The optional, 0 based index of the page to retrieve. Must be an integer greater than or equal to 0." }, "size": { "type": "integer", "description": "The optional size of the page to retrieve. Must be an integer greater than 0 or less than or equal to 1000." }, "search": { "type": "array", "items": { "type": "object", "properties": { "field": { "type": "string", "description": "The field to search within." }, "operator": { "type": "string", "enum": [ "EQUALS", "CONTAINS", "IN" ], "description": "The search operation to perform. All operators are case-insensitive when operating on strings." }, "value": { "type": "object", "description": "The value to search for." } } }, "description": "The criteria for which entities to return." }, "sort": { "type": "array", "items": { "type": "object", "properties": { "field": { "type": "string", "description": "The field to sort by." }, "order": { "type": "string", "enum": [ "ASC", "DESC", "ASC,DESC" ], "description": "The sorting direction. Sorting is case-insensitive when sorting strings." } } }, "description": "The sorting information." } }, "required": [ "PCID" ]}
The optional, 0 based index of the page to retrieve. Must be an integer greater than or equal to 0.
size
integer
No
—
The optional size of the page to retrieve. Must be an integer greater than 0 or less than or equal to 1000.
search
object[]
No
—
The criteria for which entities to return.
sort
object[]
No
—
The sorting information.
Show inputSchema
{ "type": "object", "properties": { "PCID": { "type": "string", "description": "Pink Connect ID for the authenticated connection" }, "index": { "type": "integer", "description": "The optional, 0 based index of the page to retrieve. Must be an integer greater than or equal to 0." }, "size": { "type": "integer", "description": "The optional size of the page to retrieve. Must be an integer greater than 0 or less than or equal to 1000." }, "search": { "type": "array", "items": { "type": "object", "properties": { "field": { "type": "string", "description": "The field to search within." }, "operator": { "type": "string", "enum": [ "EQUALS", "CONTAINS", "IN" ], "description": "The search operation to perform. All operators are case-insensitive when operating on strings." }, "value": { "type": "object", "description": "The value to search for." } } }, "description": "The criteria for which entities to return." }, "sort": { "type": "array", "items": { "type": "object", "properties": { "field": { "type": "string", "description": "The field to sort by." }, "order": { "type": "string", "enum": [ "ASC", "DESC", "ASC,DESC" ], "description": "The sorting direction. Sorting is case-insensitive when sorting strings." } } }, "description": "The sorting information." } }, "required": [ "PCID" ]}
The optional, 0 based index of the page to retrieve. Must be an integer greater than or equal to 0.
size
integer
No
—
The optional size of the page to retrieve. Must be an integer greater than 0 or less than or equal to 1000.
search
object[]
No
—
The criteria for which entities to return.
sort
object[]
No
—
The sorting information.
Show inputSchema
{ "type": "object", "properties": { "PCID": { "type": "string", "description": "Pink Connect ID for the authenticated connection" }, "index": { "type": "integer", "description": "The optional, 0 based index of the page to retrieve. Must be an integer greater than or equal to 0." }, "size": { "type": "integer", "description": "The optional size of the page to retrieve. Must be an integer greater than 0 or less than or equal to 1000." }, "search": { "type": "array", "items": { "type": "object", "properties": { "field": { "type": "string", "description": "The field to search within." }, "operator": { "type": "string", "enum": [ "EQUALS", "CONTAINS", "IN" ], "description": "The search operation to perform. All operators are case-insensitive when operating on strings." }, "value": { "type": "object", "description": "The value to search for." } } }, "description": "The criteria for which entities to return." }, "sort": { "type": "array", "items": { "type": "object", "properties": { "field": { "type": "string", "description": "The field to sort by." }, "order": { "type": "string", "enum": [ "ASC", "DESC", "ASC,DESC" ], "description": "The sorting direction. Sorting is case-insensitive when sorting strings." } } }, "description": "The sorting information." } }, "required": [ "PCID" ]}
The ID or RRN of the investigation to change the status of.
status
string
Yes
—
The new status for the investigation (case-insensitive).
Show inputSchema
{ "type": "object", "properties": { "PCID": { "type": "string", "description": "Pink Connect ID for the authenticated connection" }, "id": { "type": "string", "description": "The ID or RRN of the investigation to change the status of." }, "status": { "type": "string", "description": "The new status for the investigation (case-insensitive).", "enum": [ "OPEN", "CLOSED", "INVESTIGATING" ] } }, "required": [ "PCID", "id", "status" ]}
