# README
Go API client for openapi
This is the public REST API to integrate with the Cortex XSOAR server. HTTP request can be sent using any HTTP-client.
For an example dedicated client take a look at: https://github.com/demisto/demisto-py.
Requests must include API-key that can be generated in the Cortex XSOAR web client under 'Settings' -> 'Integrations' -> 'API keys'
Optimistic Locking and Versioning\:
When using Cortex XSOAR REST API, you will need to make sure to work on the latest version of the item (incident, entry, etc.), otherwise, you will get a DB version error (which not allow you to override a newer item). In addition, you can pass 'version\: -1' to force data override (make sure that other users data might be lost).
Assume that Alice and Bob both read the same data from Cortex XSOAR server, then they both changed the data, and then both tried to write the new versions back to the server. Whose changes should be saved? Alice’s? Bob’s? To solve this, each data item in Cortex XSOAR has a numeric incremental version. If Alice saved an item with version 4 and Bob trying to save the same item with version 3, Cortex XSOAR will rollback Bob request and returns a DB version conflict error. Bob will need to get the latest item and work on it so Alice work will not get lost.
Example request using 'curl'\:
curl 'https://hostname:443/incidents/search' -H 'content-type: application/json' -H 'accept: application/json' -H 'Authorization: <API Key goes here>' --data-binary '{\"filter\":{\"query\":\"-status:closed -category:job\",\"period\":{\"by\":\"day\",\"fromValue\":7}}}' --compressed
Overview
This API client was generated by the OpenAPI Generator project. By using the OpenAPI-spec from a remote server, you can easily generate an API client.
- API version: 2.0.0
- Package version: 1.0.0
- Build package: org.openapitools.codegen.languages.GoClientCodegen
Installation
Install the following dependencies:
go get github.com/stretchr/testify/assert
go get golang.org/x/oauth2
go get golang.org/x/net/context
Put the package under your project folder and add the following in import:
import sw "./openapi"
To use a proxy, set the environment variable HTTP_PROXY:
os.Setenv("HTTP_PROXY", "http://proxy_name:proxy_port")
Configuration of Server URL
Default configuration comes with Servers field that contains server objects as defined in the OpenAPI specification.
Select Server Configuration
For using other server than the one defined on index 0 set context value sw.ContextServerIndex of type int.
ctx := context.WithValue(context.Background(), sw.ContextServerIndex, 1)
Templated Server URL
Templated server URL is formatted using default variables from configuration or from context value sw.ContextServerVariables of type map[string]string.
ctx := context.WithValue(context.Background(), sw.ContextServerVariables, map[string]string{
"basePath": "v2",
})
Note, enum values are always validated and all unused variables are silently ignored.
URLs Configuration per Operation
Each operation can use different server URL defined using OperationServers map in the Configuration.
An operation is uniquely identifield by "{classname}Service.{nickname}" string.
Similar rules for overriding default operation server index and variables applies by using sw.ContextOperationServerIndices and sw.ContextOperationServerVariables context maps.
ctx := context.WithValue(context.Background(), sw.ContextOperationServerIndices, map[string]int{
"{classname}Service.{nickname}": 2,
})
ctx = context.WithValue(context.Background(), sw.ContextOperationServerVariables, map[string]map[string]string{
"{classname}Service.{nickname}": {
"port": "8443",
},
})
Documentation for API Endpoints
All URIs are relative to https://hostname:443
| Class | Method | HTTP request | Description |
|---|---|---|---|
| DefaultApi | AddAdHocTask | Post /inv-playbook/task/add/{investigationId} | Add ad-hoc task |
| DefaultApi | CloseIncidentsBatch | Post /incident/batchClose | Batch close incidents |
| DefaultApi | CompleteTask | Post /inv-playbook/task/complete | [Deprecated] Complete a task |
| DefaultApi | CompleteTaskV2 | Post /v2/inv-playbook/task/complete | Complete a task |
| DefaultApi | CopyScript | Post /automation/copy | Copy automation |
| DefaultApi | CreateAccount | Post /account | Create an account |
| DefaultApi | CreateDockerImage | Post /settings/docker-images | Create Image |
| DefaultApi | CreateFeedIndicatorsJson | Post /indicators/feed/json | Create feed indicators from JSON |
| DefaultApi | CreateHAGroup | Post /ha-group/create | |
| DefaultApi | CreateHAInstaller | Post /host/build/{id} | |
| DefaultApi | CreateHostInstaller | Post /host/build | |
| DefaultApi | CreateIncident | Post /incident | Create single incident |
| DefaultApi | CreateIncidentJson | Post /incident/json | Create incident from JSON |
| DefaultApi | CreateIncidentsBatch | Post /incident/batch | Batch create incidents |
| DefaultApi | CreateOrUpdateIncidentType | Post /incidenttype | Create new Incident Type |
| DefaultApi | CreateOrUpdateWhitelisted | Post /indicators/whitelist/update | Create whitelisted |
| DefaultApi | CreateUpdateClassifier | Post /classifier | Create or update a classifier |
| DefaultApi | CreateUpdateClassifierAccount | Post /{acc}/classifier | Create or update a classifier |
| DefaultApi | CreateUpdateIntegrationInstance | Put /settings/integration | Create/update an integration instance |
| DefaultApi | CreateUpdateIntegrationInstanceAccount | Put /{acc}/settings/integration | Create/update an integration instance |
| DefaultApi | DeleteAccount | Delete /account/purge/{accountname} | |
| DefaultApi | DeleteAdHocTask | Post /inv-playbook/task/delete/{investigationId}/{invPBTaskId} | Delete ad-hoc task |
| DefaultApi | DeleteAutomationScript | Post /automation/delete | Delete existing automation |
| DefaultApi | DeleteClassifier | Delete /classifier/{id} | Delete a classifier |
| DefaultApi | DeleteClassifierAccount | Delete /{acc}/classifier/{id} | Delete a classifier for account |
| DefaultApi | DeleteEvidenceOp | Post /evidence/delete | delete evidence |
| DefaultApi | DeleteHAGroup | Delete /ha-group/{id} | |
| DefaultApi | DeleteHost | Delete /host/{id} | |
| DefaultApi | DeleteIncidentsBatch | Post /incident/batchDelete | Batch delete incidents |
| DefaultApi | DeleteIndicatorsBatch | Post /indicators/batchDelete | Batch whitelist or delete indicators |
| DefaultApi | DeleteIntegrationInstance | Delete /settings/integration/{id} | Delete integration instance |
| DefaultApi | DeleteIntegrationInstanceAccount | Delete /{acc}/settings/integration/{id} | Delete integration instance |
| DefaultApi | DeleteWidget | Delete /widgets/{id} | Remove existing widget |
| DefaultApi | DownloadFile | Get /entry/download/{entryid} | Download file |
| DefaultApi | DownloadLatestReport | Get /report/{id}/latest | Get latest report by ID |
| DefaultApi | EditAdHocTask | Post /inv-playbook/task/edit/{investigationId} | Edit ad-hoc task |
| DefaultApi | EntryExportArtifact | Post /entry/exportArtifact | Export Artifact |
| DefaultApi | ExecuteReport | Post /report/{id}/{requestId}/execute | Execute report |
| DefaultApi | ExportIncidentsToCsvBatch | Post /incident/batch/exportToCsv | Batch export incidents to csv |
| DefaultApi | ExportIndicatorsToCsvBatch | Post /indicators/batch/exportToCsv | Batch export indicators to csv |
| DefaultApi | ExportIndicatorsToStixBatch | Post /indicators/batch/export/stix | Batch export indicators to STIX |
| DefaultApi | GetAllReports | Get /reports | Get all reports |
| DefaultApi | GetAllWidgets | Get /widgets | |
| DefaultApi | GetAudits | Post /settings/audits | Get Audits |
| DefaultApi | GetAutomationScripts | Post /automation/search | Search Automation (aka scripts) |
| DefaultApi | GetContainers | Get /health/containers | Get health containers |
| DefaultApi | GetDockerImages | Get /settings/docker-images | Get Docker Images |
| DefaultApi | GetHAGroup | Get /ha-group/{id} | |
| DefaultApi | GetHAInstaller | Get /host/download/{id} | |
| DefaultApi | GetHostInstaller | Get /host/download | |
| DefaultApi | GetIncidentAsCsv | Get /incident/csv/{id} | Get incident as CSV |
| DefaultApi | GetIncidentsFieldsByIncidentType | Get /incidentfields/associatedTypes/{type} | Get all incident fields associated with incident type |
| DefaultApi | GetIndicatorsAsCsv | Get /indicators/csv/{id} | Get indicators as CSV |
| DefaultApi | GetIndicatorsAsSTIX | Get /indicators/stix/v2/{id} | Get indicators as STIX V2 |
| DefaultApi | GetReportByID | Get /reports/{id} | Get report by ID |
| DefaultApi | GetStatsForDashboard | Post /v2/statistics/dashboards/query | Get Dashboard Statistics |
| DefaultApi | GetStatsForDashboardOldFormat | Post /statistics/dashboards/query | [Deprecated] Get Dashboard Statistics |
| DefaultApi | GetStatsForWidget | Post /v2/statistics/widgets/query | Get Widget Statistics |
| DefaultApi | GetStatsForWidgetOldFormat | Post /statistics/widgets/query | [Deprecated] Get Widget Statistics |
| DefaultApi | GetWidget | Get /widgets/{id} | Get widget by ID |
| DefaultApi | HealthHandler | Get /health | Check if Cortex XSOAR server is available |
| DefaultApi | ImportClassifier | Post /classifier/import | Import a classifier |
| DefaultApi | ImportDashboard | Post /dashboards/import | Import a dashboard |
| DefaultApi | ImportIncidentFields | Post /incidentfields/import | Import an incident field |
| DefaultApi | ImportIncidentTypesHandler | Post /incidenttypes/import | Import an incident type |
| DefaultApi | ImportScript | Post /automation/import | Import an automation |
| DefaultApi | ImportWidget | Post /widgets/import | Import a widget |
| DefaultApi | IncidentFileUpload | Post /incident/upload/{id} | |
| DefaultApi | IndicatorWhitelist | Post /indicator/whitelist | Whitelists or deletes Indicator |
| DefaultApi | IndicatorsCreate | Post /indicator/create | Create Indicator |
| DefaultApi | IndicatorsCreateBatch | Post /indicators/upload | Create indicators |
| DefaultApi | IndicatorsEdit | Post /indicator/edit | Edit Indicator |
| DefaultApi | IndicatorsSearch | Post /indicators/search | Search indicators |
| DefaultApi | IndicatorsTimelineDelete | Post /indicators/timeline/delete | Delete indicators timeline |
| DefaultApi | IntegrationUpload | Post /settings/integration-conf/upload | Upload an integration |
| DefaultApi | InvestigationAddEntriesSync | Post /entry/execute/sync | Create new entry in existing investigation |
| DefaultApi | InvestigationAddEntryHandler | Post /entry | Create new entry in existing investigation |
| DefaultApi | InvestigationAddFormattedEntryHandler | Post /entry/formatted | Create new formatted entry in existing investigation |
| DefaultApi | ListAccounts | Get /accounts | List accounts |
| DefaultApi | ListAccountsDetails | Get /accounts/data | Detailed accounts |
| DefaultApi | ListClassifiers | Post /classifier/search | search classifiers |
| DefaultApi | ListClassifiersAccount | Post /{acc}/classifier/search | search classifiers |
| DefaultApi | ListHAGroups | Get /ha-groups | |
| DefaultApi | ListHosts | Get /hosts | |
| DefaultApi | ListIntegrations | Post /settings/integration/search | List integrations |
| DefaultApi | ListIntegrationsAccount | Post /{acc}/settings/integration/search | List integrations |
| DefaultApi | ListMainHosts | Get /health/appservers | List the main hosts |
| DefaultApi | LogoutEveryoneHandler | Post /logout/everyone | Sign out all open users sessions |
| DefaultApi | LogoutMyselfHandler | Post /logout/myself | Sign out all my open sessions |
| DefaultApi | LogoutMyselfOtherSessionsHandler | Post /logout/myself/other | Sign out all my other open sessions |
| DefaultApi | LogoutUserSessionsHandler | Post /logout/user/{username} | Sign out all sessions of the provided username |
| DefaultApi | OverridePlaybookYaml | Post /playbook/save/yaml | Import and override playbook |
| DefaultApi | ResetROIWidget | Delete /statistics/application/roi | Reset ROI widget |
| DefaultApi | RevokeUserAPIKey | Post /apikeys/revoke/user/{username} | |
| DefaultApi | SaveEvidence | Post /evidence | Save evidence |
| DefaultApi | SaveOrUpdateScript | Post /automation | Create or update automation |
| DefaultApi | SaveWidget | Post /widgets | Add or update a widget |
| DefaultApi | SearchEvidence | Post /evidence/search | Search evidence |
| DefaultApi | SearchIncidents | Post /incidents/search | Search incidents by filter |
| DefaultApi | SearchInvestigations | Post /investigations/search | Search investigations by filter |
| DefaultApi | SetTagsField | Post /incidentfield/tags/reset/{id} | Set tags field |
| DefaultApi | SimpleCompleteTask | Post /inv-playbook/task/complete/simple | Complete task simple (no file) |
| DefaultApi | StartAccounts | Post /accounts/start | Start accounts |
| DefaultApi | StopAccounts | Post /accounts/stop | Stop accounts |
| DefaultApi | SubmitTaskForm | Post /v2/inv-playbook/task/form/submit | Complete a task |
| DefaultApi | TaskAddComment | Post /inv-playbook/task/note/add | Task add comment |
| DefaultApi | TaskAssign | Post /inv-playbook/task/assign | Assign task |
| DefaultApi | TaskSetDue | Post /inv-playbook/task/due | Set task due date |
| DefaultApi | TaskUnComplete | Post /inv-playbook/task/uncomplete | Un complete a task |
| DefaultApi | UpdateAccount | Post /account/update/{accountname} | |
| DefaultApi | UpdateAccountHost | Post /host/move/{accountname}/{hostgroupid} | |
| DefaultApi | UpdateEntryNote | Post /entry/note | Mark entry as note |
| DefaultApi | UpdateEntryTagsOp | Post /entry/tags | Set entry tags |
| DefaultApi | WorkersStatusHandler | Get /workers/status | Get workers status |
Documentation For Models
- AdvanceArg
- ArgAtomicFilter
- ArgTransformer
- Argument
- Attachment
- Audit
- AuditResult
- AuthenticateOKBody
- AutomationScript
- AutomationScriptFilter
- AutomationScriptFilterWrapper
- AutomationScriptResult
- Bucket
- Command
- Comment
- CommentUpdate
- CommentsFields
- CommonFields
- CommonUpdateBatch
- ComplexArg
- ConfigField
- ContainerChangeResponseItem
- ContainerCreateCreatedBody
- ContainerTopOKBody
- ContainerUpdateOKBody
- ContainerWaitOKBody
- ContainerWaitOKBodyError
- ContainersInfo
- ContentItemExportableFields
- ContentItemFields
- ContentItemVersionedFields
- CreateAccountRequest
- CreateHAGroupRequest
- CreateIncidentRequest
- CreateUpdateClassifierRequest
- CreateUpdateHAGroup
- CustomGroup
- DBotScore
- Dashboard
- DataCollectionForm
- DateRange
- DateRangeFilter
- DeleteEvidence
- DockerImage
- DockerImagesResult
- DownloadEntry
- ElasticCommonFields
- ElasticVersionFields
- EngineInfo
- Entry
- EntryHistory
- EntryReputation
- EntryTask
- ErrorResponse
- Evidence
- EvidenceData
- EvidencesFilterWrapper
- EvidencesSearchResponse
- ExpirationIndicator
- ExpirationSource
- FeedIndicator
- FeedIndicatorComment
- FeedIndicatorCommentsFields
- FeedIndicatorsRequest
- FeedMetadata
- FieldExtractSetting
- FieldMapping
- FileMetadata
- FormDisplay
- FullVersion
- GenericIndicatorUpdateBatch
- GenericStringDateFilter
- GenericStringFilter
- GraphDriverData
- GridColumn
- Group
- HumanCron
- IdResponse
- ImageDeleteResponseItem
- ImageSummary
- Important
- Incident
- IncidentField
- IncidentFieldsWithErrors
- IncidentFilter
- IncidentSearchResponseWrapper
- IncidentType
- IncidentTypeExtractSettings
- IncidentTypesWithErrors
- IncidentWrapper
- IndicatorContext
- IndicatorEditBulkResponse
- IndicatorFilter
- IndicatorResult
- IndicatorTimelineFromEntry
- Info
- InlineObject
- InlineObject1
- InlineObject2
- InlineObject3
- InlineResponse200
- InsightCache
- InstanceClassifier
- InstanceClassifiers
- IntegrationScript
- InvPlaybookAssignee
- InvPlaybookDebugInfo
- InvPlaybookDue
- InvPlaybookTaskCompleteData
- InvPlaybookTaskData
- InvTaskDebug
- InvTaskInfo
- Investigation
- InvestigationFilter
- InvestigationPlaybook
- InvestigationPlaybookData
- InvestigationPlaybookTask
- InvestigationSearchResponse
- IocObject
- Label
- Layout
- LayoutAPI
- LayoutCommon
- LayoutField
- LayoutSection
- Location
- MainHost
- Mapper
- ModuleConfiguration
- NewDockerImageRequest
- NewDockerImageResult
- NotifiableItem
- NotifyTimings
- OperatorArgument
- Order
- Output
- Period
- Playbook
- PlaybookInput
- PlaybookInputQuery
- PlaybookOutput
- PlaybookTask
- PlaybookWithWarnings
- Plugin
- PluginConfig
- PluginConfigArgs
- PluginConfigInterface
- PluginConfigLinux
- PluginConfigNetwork
- PluginConfigRootfs
- PluginConfigUser
- PluginDevice
- PluginEnv
- PluginInterfaceType
- PluginMount
- PluginSettings
- Port
- ProcessInfo
- QueryState
- Question
- RBAC
- RelationshipAPI
- RelationshipCommonFields
- RelationshipFilter
- Report
- ReportAutomation
- ReportFieldsDecoder
- ReportQuery
- ReputationData
- RolesAndPropagationLabelsWrapper
- RolesAndPropagationLabelsWrapperAccUsers
- RolesAndPropagationLabelsWrapperRoles
- SLA
- Schedule
- Scheduler
- ScriptAPI
- SearchIncidentsData
- SearchInvestigationsData
- SearchStats
- SearchStatsDeletionResponse
- SearchStatsResponse
- Section
- ServiceUpdateResponse
- ShardedFields
- StatsQueryResponse
- StatsQueryResponseWithError
- StatsResponseWithReferenceLine
- StatsScatterResponse
- StatsTextResponse
- StatsTrendsResponse
- System
- SystemAgent
- TagsFieldValues
- Task
- TaskCondition
- TaskLoop
- TerminalOptions
- TimerTrigger
- TypeAndKind
- UpdateDataBatch
- UpdateEntry
- UpdateEntryTags
- UpdateIndicatorBatch
- UpdateIndicatorReputationData
- UpdateResponse
- UpdateRolesAndPropagationLabelsRequest
- UploadedEntry
- VersionedCommit
- Volume
- VolumeUsageData
- WhitelistedIndicator
- Widget
- WidgetCell
Documentation For Authorization
api_key
- Type: API key
- API key parameter name: Authorization
- Location: HTTP header
Note, each API key must be added to a map of map[string]APIKey where the key is: Authorization and passed in as the auth context for each request.
Documentation for Utility Methods
Due to the fact that model structure members are all pointers, this package contains a number of utility functions to easily obtain pointers to values of basic types. Each of these functions takes a value of the given basic type and returns a pointer to it:
PtrBoolPtrIntPtrInt32PtrInt64PtrFloatPtrFloat32PtrFloat64PtrStringPtrTime