Reputation v2 Indicator lists#
Concepts#
Default Confidence#
Whenever an indicator list reports of an Indicator, that Indicator will automatically be given a score equal to the indicator list’s default confidence value. However, it is possible to override this score on a per-indicator basis.
Active and Grace Period (Indicator state management)#
Indicators can be in one of three states: active, latest and old. When a list ingests an Indicator into
Argus,
the Indicator is put in the active state for a duration equal to the Indicator list’s active period. After the active period
has passed,
the Indicator will be transitioned into the latest state and remain there for a duration equal to the Indicator list’s grace
period.
Should the Indicator be re-reported while in the latest state, it will be transitioned back to the active state
for a new active period.
If the grace period passes without any re-reporting, the Indicator will be transitioned to the old state.
An Indicator will not be re-activated from the old state. Instead, a new Indicator will be created.
Configurable Read and Write Functions#
The read and write functions on an Indicator list serves as a configurable way to change the access control of the Indicator list’s data. The read function determines which Argus function is required to read data created by the Indicator list (typically Indicators). The write function determines which Argus function is required to write data on behalf of the Indicator list, for instance who can ingest Indicators into Argus on behalf of the Indicator list.
Creating an Indicator list#
POST /reputation/v2/indicatorList
Access Control#
To create an indicator list in Argus, the user needs to be granted the addReputationIndicatorList Argus function.
Additionally, the user needs to be granted the read and write function specified in the request.
Example#
curl -X POST 'https://api.mnemonic.no/reputation/v2/indicatorList' \
-H 'accept: application/json' \
-H 'Content-Type: application/json' \
-H 'Argus-API-Key: my/api/key' \
-d '{
"shortName": "myindicatorlist",
"name": "My indicator list",
"description": "This is my indicator list",
"defaultConfidence": 0.5,
"activePeriod": 360000,
"gracePeriod": 720000,
"writeFunction": "addReputationIndicatorList",
"readFunction": "viewReputationIndicatorLists",
"useForReputationCalc": true,
"useForDistributedSync": true
}'
Updating an Indicator list#
PUT /reputation/v2/indicatorList/{idOrShortName}
No fields are required, only specify the fields you want to update.
Access Control#
To create an indicator list in Argus, the user needs to be granted the updateReputationIndicatorList Argus function.
Additionally, the user needs to be granted the read and write function specified in the request.
Example#
curl -X PUT 'https://api.mnemonic.no/reputation/v2/indicatorList/myindicatorlist' \
-H 'accept: application/json' \
-H 'Content-Type: application/json' \
-H 'Argus-API-Key: my/api/key' \
-d '{
"name": "My indicator list",
"description": "This is my indicator list",
"defaultConfidence": 0.5,
"activePeriod": 360000,
"gracePeriod": 720000,
"writeFunction": "addReputationIndicatorList",
"readFunction": "viewReputationIndicatorLists",
"useForReputationCalc": true,
"useForDistributedSync": true
}'
Deleting an Indicator list#
DELETE /reputation/v2/indicatorList/{idOrShortName}
Access control#
To delete an indicator list in Argus, the user needs to be granted the deleteReputationIndicatorList Argus function.
Example#
curl -X DELETE 'https://api.mnemonic.no/reputation/v2/indicatorList/myindicatorlist' \
-H 'Content-Type: application/json' \
-H 'Argus-API-Key: my/api/key'
Fetching an indicator list#
GET /reputation/v2/indicatorList/{idOrShortName}
Access control#
To fetch an indicator list in Argus, the user needs to be granted the viewReputationIndicatorLists Argus function.
Example#
curl -X GET 'https://api.mnemonic.no/reputation/v2/indicatorList/myindicatorlist' \
-H 'Content-Type: application/json' \
-H 'Argus-API-Key: my/api/key'
Listing IndicatorList#
GET /reputation/v2/indicatorList
Access control#
To list indicator lists in Argus, the user needs to be granted the viewReputationIndicatorLists Argus function. Additionally,
only Indicator lists where the user has access to its read function will be returned
Example#
curl -X GET 'https://api.mnemonic.no/reputation/v2/indicatorList' \
-H 'Content-Type: application/json' \
-H 'Argus-API-Key: my/api/key'
Searching for Indicator lists#
POST /reputation/v2/indicatorList/search
Available search terms:
shortName
name
description
Access Control#
To search for indicator lists in Argus, the user needs to be granted the viewReputationIndicatorLists Argus function. Additionally,
only Indicator lists where the user has access to its read function will be returned.
Example#
curl -X POST 'https://api.mnemonic.no/reputation/v2/indicatorList/search' \
-H 'Content-Type: application/json' \
-H 'Argus-API-Key: my/api/key' \
-d '{
"keywords": ["myindicatorlist"]
}'