Some API endpoints have options that define how objects should be merged and how digital data should be updated.
Options for the Endpoint
curl -X POST \
https://<API_ENDPOINT>/v1/entities/create \
-H 'Content-Type: application/json' \
-H 'u21-key: <YOUR_API_KEY>' \
-d '{
"options": {
"resolve_geoip": true,
"upsert_on_conflict": true,
"merge_custom_data": true,
"list_merge_strategy": "union"
}
}'
curl -X POST \
https://<API_ENDPOINT>/v1/alerts/create \
-H 'Content-Type: application/json' \
-H 'u21-key: <YOUR_API_KEY>' \
-d '{
"options": {
"merge_custom_data": true,
"list_merge_strategy": "union"
}
}'
The following fields are options for the endpoint:
Field | Type | Description |
---|---|---|
resolve_geoip | Boolean | Whether or not to resolve the geographic location from the provided IP address (in the digital data section). Defaults to true if at least one value of an ip_address is provided in digital_data.ip_addresses . If resolve_geoip is set to true but no values are provided in digital_data.ip_addresses , an error code will be thrown. If resolve_geo_ip is set to true but the IP address provided is invalid or cannot be resolved, no error will be thrown. |
merge_custom_data | Boolean | Only relevant for updates/upserts, ignored otherwise. Default is false . |
list_merge_strategy | String | Only relevant for updates/upserts, ignored otherwise. Possible values are union , replace , difference . Default is union . |
upsert_on_conflict | Boolean | If you wish for the API to perform strict validation and not perform an upsert on conflict, specifying options.upsert_on_conflict: false will result in the API responding with a 409 error code indicating that this instrument cannot be overwritten. |
include_associations | Boolean | If true , the response will include associated rule, case and SAR IDs (see endpoint for details). |
include_actions | Boolean | If true , the response will include actions in the response which is a list of all actions taken on the alert/case including disposition changes, status changes, reassignments and the authors email. |
include_checklist | Boolean | If true , the response will include checklists in the response which is a list of all checklist items an agent must complete for the alert/case investigation. |