TheHive-Project
diff --git a/Diff for: ‎docs/thehive/api/alert/add-observable.md b/Diff for: ‎docs/thehive/api/alert/add-observable.md
diff --git a/Diff for: ‎docs/thehive/api/alert/delete-observable.md b/Diff for: ‎docs/thehive/api/alert/delete-observable.md
diff --git a/Diff for: ‎docs/thehive/api/alert/list-observables.md b/Diff for: ‎docs/thehive/api/alert/list-observables.md
diff --git a/Diff for: ‎docs/thehive/api/alert/list-responder-jobs.md b/Diff for: ‎docs/thehive/api/alert/list-responder-jobs.md
diff --git a/Diff for: ‎docs/thehive/api/alert/list.md
+92 b/Diff for: ‎docs/thehive/api/alert/list.md
+92
diff --git a/Diff for: ‎docs/thehive/api/alert/read.md
+127 b/Diff for: ‎docs/thehive/api/alert/read.md
+127
diff --git a/Diff for: ‎docs/thehive/api/alert/run-responder.md b/Diff for: ‎docs/thehive/api/alert/run-responder.md
diff --git a/Diff for: ‎docs/thehive/api/alert/similar-cases.md b/Diff for: ‎docs/thehive/api/alert/similar-cases.md
diff --git a/Diff for: ‎docs/thehive/api/alert/update-observable.md b/Diff for: ‎docs/thehive/api/alert/update-observable.md
diff --git a/Diff for: ‎docs/thehive/api/custom-field/delete.md
+23 b/Diff for: ‎docs/thehive/api/custom-field/delete.md
+23
diff --git a/Diff for: ‎docs/thehive/api/custom-field/get.md
+65 b/Diff for: ‎docs/thehive/api/custom-field/get.md
+65
@@ -0,0 +1,92 @@
+# List / Search
+
+List *Alerts*.
+
+## Query
+
+```plain
+POST /api/v1/query?name=alerts
+```
+
+##  Request Body Example
+
+!!! Example "" 
+    
+    List last 15 alerts:
+
+    ```json
+    {
+      "query": [
+        {
+          "_name": "listAlert"
+        },
+        {
+          "_name": "filter",
+          "_field": "imported",
+          "_value": false
+        },
+        {
+          "_name": "sort",
+          "_fields": [
+            {
+              "date": "desc"
+            }
+          ]
+        },
+        {
+          "_name": "page",
+          "from": 0,
+          "to": 15,
+          "extraData": [
+            "importDate",
+            "caseNumber"
+          ]
+        }
+      ]
+    }
+    ```
+
+##  Response 
+
+### Status codes
+
+- `200`: if query is run successfully
+- `401`: Authentication error
+
+### Response Body Example
+
+!!! Example ""
+
+    ```json
+    [
+      ...
+      {
+        "_id": "~789196976",
+        "_type": "Alert",
+        "_createdBy": "[email protected]",
+        "_createdAt": 1620393156944,
+        "type": "external",
+        "source": "MISP server",
+        "sourceRef": "event_1576",
+        "title": "Phishing list update 7.5.2021",
+        "description": "A curated list of phishing IOCs",
+        "severity": 2,
+        "date": 1620393156000,
+        "tags": [
+          "source:MISP",
+          "origin:CIRCL_LU"
+        ],
+        "tlp": 3,
+        "pap": 2,
+        "read": false,
+        "follow": true,
+        "customFields": [],
+        "observableCount": 16,
+        "extraData": {
+          "importDate": null,
+          "caseNumber": null
+        }
+      },
+    ...
+    ]
+    ```
@@ -0,0 +1,127 @@
+# Mark as Read/Unread
+
+Mark an *Alert* as read
+
+## Query
+
+### Mark as read
+
+```plain
+POST /api/alert/{id}/markAsRead
+```
+
+with:
+
+- `id`: id of the Alert
+
+### Mark as unread
+
+```plain
+POST /api/alert/{id}/markAsUnead
+```
+
+with:
+
+- `id`: id of the Alert
+
+
+##  Response 
+
+### Status codes
+
+- `200`: if *Alert* is updated successfully
+- `401`: Authentication error
+
+### Response Body Example
+
+!!! Example ""
+
+    ```json
+    {
+      "_id": "~911601872",
+      "id": "~911601872",
+      "createdBy": "[email protected]",
+      "updatedBy": null,
+      "createdAt": 1620333017135,
+      "updatedAt": null,
+      "_type": "alert",
+      "type": "external",
+      "source": "SIEM",
+      "sourceRef": "8257b4",
+      "externalLink": null,
+      "case": null,
+      "title": "User posted information on known phishing URL",
+      "description": "SIEM automated alert: the user [email protected] has posted information on a known phishing url",
+      "severity": 2,
+      "date": 1620333017000,
+      "tags": [
+        "source:siem",
+        "log-source:proxy"
+      ],
+      "tlp": 3,
+      "pap": 2,
+      "status": "Ignored",
+      "follow": true,
+      "customFields": {
+        "businessUnit": {
+          "string": "Finance"
+        },
+        "location": {
+          "string": "Sydney"
+        }
+      },
+      "caseTemplate": null,
+      "artifacts": [
+        {
+          "_id": "~624226312",
+          "id": "~624226312",
+          "createdBy": "[email protected]",
+          "createdAt": 1620333017175,
+          "_type": "case_artifact",
+          "dataType": "mail",
+          "data": "[email protected]",
+          "startDate": 1620333017175,
+          "tlp": 2,
+          "tags": [],
+          "ioc": false,
+          "sighted": false,
+          "reports": {},
+          "stats": {}
+        },
+        {
+          "_id": "~788742360",
+          "id": "~788742360",
+          "createdBy": "[email protected]",
+          "createdAt": 1620333017168,
+          "_type": "case_artifact",
+          "dataType": "url",
+          "data": "https://moneyfornothing.pl-getbuys.icu/",
+          "startDate": 1620333017168,
+          "tlp": 2,
+          "tags": [],
+          "ioc": false,
+          "sighted": false,
+          "message": "http method: POST",
+          "reports": {},
+          "stats": {}
+        },
+        {
+          "_id": "~870416536",
+          "id": "~870416536",
+          "createdBy": "[email protected]",
+          "createdAt": 1620333017157,
+          "_type": "case_artifact",
+          "dataType": "ip",
+          "data": "94.154.129.50",
+          "startDate": 1620333017157,
+          "tlp": 2,
+          "tags": [],
+          "ioc": false,
+          "sighted": false,
+          "reports": {},
+          "stats": {}
+        }
+      ],
+      "similarCases": []
+    }
+    ```
@@ -0,0 +1,23 @@
+# Delete
+
+Delete a *Custom Field*.
+
+## Query
+
+```plain
+DELETE /api/customField/{id}
+```
+
+with:
+
+- `id`: id of the Custom Field.
+
+
+##  Response 
+
+### Status codes
+
+- `204`: if *Custom Fields* is successfully deleted
+- `401`: Authentication error
+- `403`: Authorization error
+
@@ -0,0 +1,65 @@
+# Get / List
+
+List *Custom Fields*.
+
+## Query
+
+```plain
+GET /api/customField
+```
+
+
+##  Response 
+
+### Status codes
+
+- `200`: if query is run successfully
+- `401`: Authentication error
+- `403`: Authorization error
+
+### Response Body Example
+
+!!! Example ""
+
+    === "200"
+
+        ```json
+        [
+          {
+            "id": "~28672",
+            "name": "Number of Accounts",
+            "reference": "Number of Accounts",
+            "description": "Number of accounts leaked",
+            "type": "integer",
+            "options": [],
+            "mandatory": true
+          },
+          {
+            "id": "~53440",
+            "name": "Nb of emails delivered",
+            "reference": "Nb of emails delivered",
+            "description": "Nb of emails delivered",
+            "type": "integer",
+            "options": [],
+            "mandatory": true
+          }
+        ]
+        ```
+
+    === "401" 
+
+        ```json
+        {
+          "type": "AuthenticationError",
+          "message": "Authentication failure"
+        }
+        ```
+
+    === "403"
+
+        ```json
+        {
+          "type": "AuthorizationError",
+          "message": "Your are not authorized to create custom field, you haven't the permission manageCustomField"
+        }
+        ```