Save and Link Artifacts to Incident‎

{
  "Username": "Admin",
  "Site": "Security Operations",
  "CommandParams": {
    "Artifact Type": null,
    "Artifact Fields": [
      {
        "URL": "http://example.com",
        "Reputation": "Low"
      },
      {
        "UserName": "Administrator"
      },
      {
        "FileName": "playbookfile.exe",
        "FilePath": "C:\\Windows\\System32\\playbookfile.exe",
        "SHA256": "2afa7715181f03b6fe5acd7c82b8e818303a5de567af1a83d8c283010af2db44",
        "MD5": "b0778a411c26f7b9b9ef5db8ed99566e",
        "SHA1": "62678242ac69a2fb5cfa6a2cc3256fd8229fd7f4",
        "Reputation": "High"
      },
      {
        "External_HostName": "D3Admin",
        "External_HostFQDN": "D3Admin.example.ca",
        "Reputation": "Medium",
        "External_IPAddress": "0:0:1:0:0:aaaa:cd9:d0a"
      },
      {
        "Internal_HostName": "D3Example",
        "Internal_HostFQDN": "D3Example.example.ca",
        "Internal_IPAddress": "192.168.2.112"
      },
      {
        "EmailAddress": "admin@example.com"
      },
      {
        "ProcessGuid": "1589170327575",
        "ProcessName": "powershell.exe",
        "ProcessID": "21721",
        "ProcessIntegrityLevel": "",
        "ProcessCurrentDirectory": "",
        "ProcessCommandLine": "powershell -Command $File=\\C:\\Users\\devin\\AppData\\Local\\Temp\\bbotstage.png\\;$Content=get-content $File;$Contento=[System.Text.Encoding]::ASCII.GetString([System.Convert]::FromBase64String($Content));Set-ExecutionPolicy Bypass -Scope Process -Force;IEX($Contento)",
        "ProcessOS": ""
      },
      {
        "ServiceId": "sampleServiceId",
        "ServiceName": "sampleServiceName",
        "ServiceStartMode": "sampleServiceStartMode",
        "ServiceStatus": "sampleServiceStatus"
      },
      {
        "ModuleBaseAddr": "sampleModuleBaseAddr.com"
      },
      {
        "DriverBaseAddr": "sampleDriverBaseAddr.com"
      },
      {
        "Signature": "sampleSignature",
        "SignatureID": "sampleSignatureID",
        "SignatureSeverity": "Low",
        "SignatureSource": "",
        "SignatureType": ""
      },
      {
        "CertName": "sampleCertName",
        "CertSerial": "sampleCertSerial"
      },
      {
        "RegistryKey": "sampleRegistryKey",
        "RegistryPath": "sampleRegistryPath",
        "RegistryValueName": "sampleRegistryValueName",
        "RegistryValueData": "sampleRegistryValueData",
        "RegistryDetails": "sampleRegistryDetails"
      },
      {
        "Identity": "customartifactid",
        "Reputation": "High",
        "Additional": {
          "Action result": "action result update",
          "Action result ID": "",
          "Action taken": "",
          "Affected Machine Name": "affected Machines Name"
        }
      }
    ],
    "Incident Number": "20220114-11"
  }
}

{
    "error": "",
    "returnData": "Successful",
    "contextData": [
      {
        "ArtifactType": "URL",
        "Status": "Successful",
        "ArtifactName": "http://example.com",
        "UpdateOrAdd": "Add",
        "ArtifactDetails": {
          "URL": "http://example.com",
          "Reputation": "Low"
        }
      },
      {
        "ArtifactType": "User",
        "Status": "Successful",
        "ArtifactName": "Administrator",
        "UpdateOrAdd": "Update",
        "ArtifactDetails": {
          "UserName": "Administrator"
        }
      },
      {
        "ArtifactType": "File",
        "Status": "Successful",
        "ArtifactName": "playbookfile.exe",
        "UpdateOrAdd": "Update",
        "ArtifactDetails": {
          "Old": {
            "FileName": "playbookfile.exe",
            "FilePath": "C:\\Windows\\System32\\playbookfile.exe",
            "SHA256": "2afa7715181f03b6fe5acd7c82b8e818303a5de567af1a83d8c283010af2db44",
            "MD5": "b0778a411c26f7b9b9ef5db8ed99566e",
            "SHA1": "62678242ac69a2fb5cfa6a2cc3256fd8",
            "Reputation": "Medium"
          },
          "New": {
            "FileName": "playbookfile.exe",
            "FilePath": "C:\\Windows\\System32\\playbookfile.exe",
            "SHA256": "2afa7715181f03b6fe5acd7c82b8e818303a5de567af1a83d8c283010af2db44",
            "MD5": "b0778a411c26f7b9b9ef5db8ed99566e",
            "SHA1": "62678242ac69a2fb5cfa6a2cc3256fd8",
            "Reputation": "High"
          }
        }
      },
      {
        "ArtifactType": "External_Endpoint",
        "Status": "Successful",
        "ArtifactName": "D3Admin.example.ca",
        "UpdateOrAdd": "Update",
        "ArtifactDetails": {
          "Old": {
            "External_HostName": "D3Admin",
            "External_HostFQDN": "D3Admin.example.ca",
            "External_IPAddress": "66.249.64.167, 0:0:1:0:0:aaaa:cd9:d0a, 0:1:1:1:0:ffff:cd9:d0a",
            "Reputation": "High"
          },
          "New": {
            "External_HostName": "D3Admin",
            "External_HostFQDN": "D3Admin.example.ca",
            "External_IPAddress": "66.249.64.167, 0:0:1:0:0:aaaa:cd9:d0a, 0:1:1:1:0:ffff:cd9:d0a",
            "Reputation": "Medium"
          }
        }
      },
      {
        "ArtifactType": "Internal_Endpoint",
        "Status": "Successful",
        "ArtifactName": "D3Example.example.ca",
        "UpdateOrAdd": "Add",
        "ArtifactDetails": {
          "Internal_HostName": "D3Example",
          "Internal_HostFQDN": "D3Example.example.ca",
          "Internal_IPAddress": [
            "192.168.2.112"
          ]
        }
      },
      {
        "ArtifactType": "Email",
        "Status": "Successful",
        "ArtifactName": "admin@example.com",
        "UpdateOrAdd": "Update",
        "ArtifactDetails": {
          "EmailAddress": "admin@example.com"
        }
      },
      {
			"ArtifactType":"Process",
			"Status":"Successful",
			"Artifactname":,
			"UpdateOrAdd": "Add",
			"ArtifactDetails":{
				"ProcessGuid":"1589170327575",
				"ProcessName":"powershell.exe",
				"ProcessID":"21721",
				"ProcessIntegrityLevel":"",
				"ProcessCurrentDirectory":"",
				"ProcessCommandLine":"powershell -Command $File=\\C:\\Users\\devin\\AppData\\Local\\Temp\\bbotstage.png\\;$Content=get-content $File;$Contento=[System.Text.Encoding]::ASCII.GetString([System.Convert]::FromBase64String($Content));Set-ExecutionPolicy Bypass -Scope Process -Force;IEX($Contento)",
				"ProcessOS":""
			}
      }
    ]
}

{"Error": "Invalid authentication key."}

{"Error": "The request exceeds rate limits or is otherwise blocked by rate limiting policies."}

{"Error": "Unexpected Error."}