Hi,
I'm trying to integrate an API feed into our threat intelligence collections via powershell, however I can't seem to get the syntax correctly to update records. I know the API and authentication is working as GET and DELETE requests are successful, but when attempting to execute a PUT request i receive the error "item argument missing".
I've tested below successfully, however I'd like to run this via powershell to encrypt credentials during authentication.
curl -k -u admin:changeme https://localhost:8089/services/data/threat_intel/item/ip_intel/e83fa2c5036d4c85bd5669a48ca134c5 -d item='{"ip":"0.0.0.0"}' -X PUT
I've attempted several different JSON formats, hoping the one below would work:
{
"item": {
"ip": "0.0.0.0"
}
}
Or even
item='[{"ip":"0.0.0.0"}]'
from the initial curl format, however it won't seem to work. I am still receiving the following error Invoke-WebRequest : {"status": false, "message": "item argument missing."}.
Any suggestions?
Thank you! Apologies, I meant to update I worked it out. Here is the below syntax I used for powershell to build the JSON and POST.
$text = 'item=[{"'+ $IOCType + '":"' + $IOCInput + '","description":"' + $Description + '","threat_key":"<Company>_ThreatIntel"}]'
Try {Invoke-WebRequest -Method Post -Uri $URL -Timeout 3600 -Credential $credentials -ContentType application/x-www-form-urlencoded -Body $text -ErrorAction Stop}
Catch {PopUpBox -MessageBody "Could not post $IOC to Threat Intel Collection, exiting now" -MessageTitle "Sorry"; Exit}
}
If you are doing running via powershell, you'll have to add a function to specify TLS certificate as powershell defaults to something else.
Thank you! Apologies, I meant to update I worked it out. Here is the below syntax I used for powershell to build the JSON and POST.
$text = 'item=[{"'+ $IOCType + '":"' + $IOCInput + '","description":"' + $Description + '","threat_key":"<Company>_ThreatIntel"}]'
Try {Invoke-WebRequest -Method Post -Uri $URL -Timeout 3600 -Credential $credentials -ContentType application/x-www-form-urlencoded -Body $text -ErrorAction Stop}
Catch {PopUpBox -MessageBody "Could not post $IOC to Threat Intel Collection, exiting now" -MessageTitle "Sorry"; Exit}
}
If you are doing running via powershell, you'll have to add a function to specify TLS certificate as powershell defaults to something else.
Working on something similar in Python and got past this.
Try this....
data = { 'item': '{"ip": "1.1.1.1"}' }
The value of item is the dictionary.