[API Error] Add Indicators to a Threat Intel Source API

Follow
Avatar
Donggyu Woo

Hello.

A few days ago (12.16 or 12.17) I tested the Threat Intelligence feature using the API on Sumo Logic CSE.

I tested the below function,

* Add Indicators to a Threat Intel Source (https://api.sumologic.com/docs/sec/#operation/AddIndicatorToThreatIntelSource)

* Get a Threat Intel Source (https://api.sumologic.com/docs/sec/#operation/GetThreatIntelSource)

* Create a Threat Intel Source (https://api.sumologic.com/docs/sec/#operation/CreateThreatIntelSource)

 

Unfortunately, Add Indicators to a Threat Intel Source API didn't work.

The contents of the test are as follows. 

URL : https://api.sumologic.com/api/sec/v1/threat-intel-sources/17/items
Header : {'Content-Type': 'application/json', 'Authorization': 'Basic [KEY]'}
Data : {"indicators": [{"active": true, "description": "A", "expiration": "2022-12-22T00:00:00Z", "value": "171.97.42.82"}]}

Response is : {'data': {'ok': True}, 'errors': []}

It normally indicates that the request was completed, but no value was actually added.

However, when I tried it today (12.22) with the same code, it worked fine.

Could you find out what could be causing these issues?

 

Thanks.

 

 

0

Comments

1 comment

Sort by Date Votes
  • Avatar
    Donggyu Woo

    I solved it.

    It was a problem of "expiration" value. these field must set greater than current time.

     

    0
    Comment actions Permalink

Please sign in to leave a comment.

Didn't find what you were looking for?

New post