Releases: CiscoSecurity/tr-05-serverless-cyberscan
Releases · CiscoSecurity/tr-05-serverless-cyberscan
Release 1.0.0
Implementation Details
Implemented Relay Endpoints
-
POST /health
- Verifies the Authorization Bearer JWT and decodes it to restore the original
credentials. - Authenticates to the underlying external service to check that the provided
credentials are valid and the service is available at the moment.
- Verifies the Authorization Bearer JWT and decodes it to restore the original
-
POST /observe/observables
- Accepts a list of observables and filters out unsupported ones.
- Verifies the Authorization Bearer JWT and decodes it to restore the original credentials.
- Makes a series of requests to the underlying external service to query for some
cyber threat intelligence data on each supported observable. - Maps the fetched data into appropriate CTIM entities.
- Returns a list per each of the following CTIM entities (if any extracted):
Sighting
-
POST /refer/observables
- Accepts a list of observables and filters out unsupported ones.
- Builds a search link per each supported observable to pivot back to the underlying external service and look up the observable there.
- Returns a list of those links.
-
POST /version
- Returns the current version of the application
Supported Types of Observables
ip
domain