Update a case or alert Observable by its id


PATCH /api/v0/case/artifact/{observableId}
PATCH /api/v0/alert/artifact/{observableId}

Request Body Example#

    "sighted": true,
    "ioc": true,
    "message": "This observable was sighted"

Fields that can be updated:

  • ioc
  • sighted
  • ignoreSimilarity
  • tags
  • message
  • tlp

Once an observable is created, it is not possible to change its type or data

ResponseBody Example#

  "_id": "~122884120",
  "id": "~122884120",
  "createdBy": "[email protected]",
  "updatedBy": "[email protected]",
  "createdAt": 1630509659446,
  "updatedAt": 1630511666911,
  "_type": "case_artifact",
  "dataType": "hostname",
  "data": "server.local",
  "startDate": 1630509659446,
  "tlp": 2,
  "tags": [],
  "ioc": true,
  "sighted": true,
  "message": "This observable was sighted",
  "reports": {},
  "stats": {}

Last update: September 6, 2021 05:39:12