Is indicator_create_v1 function support bulk create ? #1173
-
Hello The more IoCs you add, the more you increase the code runtime. If there is another way, could you please let me know? |
Beta Was this translation helpful? Give feedback.
Replies: 4 comments
-
Hi @uyggnodoow - The body payload for this operation defines the indicators to be created as a list. You can create multiple IOCs with a single API call by leveraging the Uber Class or by providing a list of dictionaries to the Thank you for the question! 😄 |
Beta Was this translation helpful? Give feedback.
-
Hi @jshcodes Thanks for answer. I will test it. |
Beta Was this translation helpful? Give feedback.
-
I ran it like below, but it failed to work. The code looks like this credentials = {
'client_id': config['crowdstrikeClientId'],
'client_secret': config['crowdstrikeClientSecret']
}
cs = APIHarnessV2(creds=credentials)
...
body = {
'comment': 'crowdstrikeEDR',
'indicators': indicators
}
response = cs.command(
"indicator_create_v1",
ignore_warnings=True,
retrodetects=False,
body=body
) The body value looks like this (I deleted the hash value.) {'comment': 'crowdstrikeEDR', 'indicators': [{'action': 'detect', 'applied_globally': True, 'platforms': ['mac', 'windows', 'linux'], 'severity': 'High', 'source': 'v2', 'type': 'SHA256', 'value': ''}, {'action': 'detect', 'applied_globally': True, 'platforms': ['mac', 'windows', 'linux'], 'severity': 'High', 'source': 'v2', 'type': 'SHA256', 'value': ''}, {'action': 'detect', 'applied_globally': True, 'platforms': ['mac', 'windows', 'linux'], 'severity': 'High', 'source': 'v2', 'type': 'SHA256', 'value': ''}, {'action': 'detect', 'applied_globally': True, 'platforms': ['mac', 'windows', 'linux'], 'severity': 'High', 'source': 'v2', 'type': 'SHA256', 'value': ''}, {'action': 'detect', 'applied_globally': True, 'platforms': ['mac', 'windows', 'linux'], 'severity': 'High', 'source': 'v2', 'type': 'SHA256', 'value': ''}]} This is the result of running
|
Beta Was this translation helpful? Give feedback.
-
Hello @jshcodes I solved the problem. The cause was adding duplicate hash values. Thank you. |
Beta Was this translation helpful? Give feedback.
Hello @jshcodes
I solved the problem. The cause was adding duplicate hash values.
Thank you.