#10 update and format

Author: jeromeleonard

docs/thehive/api/alert/.pages

@@ -1,6 +1,17 @@
 nav:
+  - list.md
   - create.md
   - update.md
+  - read.md
   - delete.md
   - promote-as-case.md
-  - merge.md
+  - merge.md
+  - similar-cases.md
+  - list-observables.md
+  - add-observable.md
+  - update-observable.md
+  - delete-observable.md
+  - run-responder.md
+  - list-responder-jobs.md
+
+

docs/thehive/api/alert/create.md

@@ -11,22 +11,24 @@ POST /api/alert
 
 ##  Request Body Example
 
-```json
-{
-    "artifacts": [],
-    "description": "Imported from MISP Event #1311.",
-    "severity": 0,
-    "source": "misp server",
-    "sourceRef": "1311",
-    "tags": [
+!!! Example "" 
+    
+    ```json
+    {
+      "artifacts": [],
+      "description": "Imported from MISP Event #1311.",
+      "severity": 0,
+      "source": "misp server",
+      "sourceRef": "1311",
+      "tags": [
         "tlp:white",
         "type:OSINT"
-    ],
-    "title": "CISA.gov - AA21-062A Mitigate Microsoft Exchange Server Vulnerabilities",
-    "tlp": 0,
-    "type": "MISP Event"
-}
-```
+      ],
+      "title": "CISA.gov - AA21-062A Mitigate Microsoft Exchange Server Vulnerabilities",
+      "tlp": 0,
+      "type": "MISP Event"
+    }
+    ```
 
 The following fields are required: 
 
@@ -44,35 +46,37 @@ The following fields are required:
 
 ### Response Body Example
 
-```json
-{
-    "_id": "~987889880",
-    "id": "~987889880",
-    "createdBy": "[email protected]",
-    "updatedBy": null,
-    "createdAt": 1630323713949,
-    "updatedAt": null,
-    "_type": "alert",
-    "type": "misp event",
-    "source": "misp server",
-    "sourceRef": "1311-2",
-    "externalLink": null,
-    "case": null,
-    "title": "CISA.gov - AA21-062A Mitigate Microsoft Exchange Server Vulnerabilities",
-    "description": "Imported from MISP Event #1311.",
-    "severity": 0,
-    "date": 1630323713937,
-    "tags": [
+!!! Example ""
+
+    ```json
+    {
+      "_id": "~987889880",
+      "id": "~987889880",
+      "createdBy": "[email protected]",
+      "updatedBy": null,
+      "createdAt": 1630323713949,
+      "updatedAt": null,
+      "_type": "alert",
+      "type": "misp event",
+      "source": "misp server",
+      "sourceRef": "1311-2",
+      "externalLink": null,
+      "case": null,
+      "title": "CISA.gov - AA21-062A Mitigate Microsoft Exchange Server Vulnerabilities",
+      "description": "Imported from MISP Event #1311.",
+      "severity": 0,
+      "date": 1630323713937,
+      "tags": [
         "tlp:pwhite",
         "type:OSINT",
-    ],
-    "tlp": 0,
-    "pap": 2,
-    "status": "New",
-    "follow": true,
-    "customFields": {},
-    "caseTemplate": null,
-    "artifacts": [],
-    "similarCases": []
-}
-```
+      ],
+      "tlp": 0,
+      "pap": 2,
+      "status": "New",
+      "follow": true,
+      "customFields": {},
+      "caseTemplate": null,
+      "artifacts": [],
+      "similarCases": []
+    }
+    ```

docs/thehive/api/alert/delete.md

@@ -8,16 +8,9 @@ Delete an *Alert*.
 DELETE /api/alert/{id}?force=1
 ```
 
+##  Response 
 
-## Request Body Example
+### Status codes
 
-```json
-
-```
-
-
-## Response Body Example
-
-```json
-
-```
+- `204`: if *Alert* is deleted successfully
+- `401`: Authentication error

docs/thehive/api/alert/update.md

@@ -1,23 +1,140 @@
 # Update
 
-Update an existing Alert, like add observables, mark as read, update status ...
+Update an *Alert*.
 
 ## Query
 
+```plain
+PATCH /api/alert/{id}
 ```
 
-```
+with:
 
+- `id`: id of the Alert
 
-## Request Body Example
+##  Request Body Example
 
-```json
+!!! Example "" 
+    
+    ```json
+    {
+      "description": "SIEM automated alert: the user [email protected] has posted information on a known phishing url. "
+    }
+    ```
 
-```
+##  Response 
+
+### Status codes
 
+- `200`: if *Alert* is updated successfully
+- `401`: Authentication error
 
-## Response Body Example
+### Response Body Example
 
-```json
+!!! Example ""
 
-```
+    ```json
+      {
+        "_id": "~624443400",
+        "id": "~624443400",
+        "createdBy": "[email protected]",
+        "updatedBy": null,
+        "createdAt": 1620373264377,
+        "updatedAt": null,
+        "_type": "alert",
+        "type": "external",
+        "source": "SIEM",
+        "sourceRef": "47e379",
+        "externalLink": null,
+        "case": null,
+        "title": "User posted information on known phishing URL",
+        "description": "SIEM automated alert: the user [email protected] has posted information on a known phishing url. ",
+        "severity": 2,
+        "date": 1620373264000,
+        "tags": [
+          "source:siem",
+          "log-source:proxy"
+        ],
+        "tlp": 3,
+        "pap": 2,
+        "status": "Ignored",
+        "follow": true,
+        "customFields": {
+          "businessUnit": {
+            "string": "Finance"
+          },
+          "location": {
+            "string": "Sydney"
+          }
+        },
+        "caseTemplate": null,
+        "artifacts": [
+          {
+            "_id": "~665772152",
+            "id": "~665772152",
+            "createdBy": "[email protected]",
+            "createdAt": 1620373264410,
+            "_type": "case_artifact",
+            "dataType": "username",
+            "data": "[email protected]",
+            "startDate": 1620373264410,
+            "tlp": 2,
+            "tags": [],
+            "ioc": false,
+            "sighted": false,
+            "reports": {},
+            "stats": {}
+          },
+          {
+            "_id": "~677015568",
+            "id": "~677015568",
+            "createdBy": "[email protected]",
+            "createdAt": 1620373264398,
+            "_type": "case_artifact",
+            "dataType": "domain",
+            "data": "pl-getbuys.icu",
+            "startDate": 1620373264398,
+            "tlp": 2,
+            "tags": [],
+            "ioc": false,
+            "sighted": false,
+            "reports": {},
+            "stats": {}
+          },
+          {
+            "_id": "~677019664",
+            "id": "~677019664",
+            "createdBy": "[email protected]",
+            "createdAt": 1620373264405,
+            "_type": "case_artifact",
+            "dataType": "mail",
+            "data": "[email protected]",
+            "startDate": 1620373264405,
+            "tlp": 2,
+            "tags": [],
+            "ioc": false,
+            "sighted": false,
+            "reports": {},
+            "stats": {}
+          },
+          {
+            "_id": "~706650224",
+            "id": "~706650224",
+            "createdBy": "[email protected]",
+            "createdAt": 1620373264391,
+            "_type": "case_artifact",
+            "dataType": "url",
+            "data": "https://poczta.pl-getbuys.icu/",
+            "startDate": 1620373264391,
+            "tlp": 2,
+            "tags": [],
+            "ioc": false,
+            "sighted": false,
+            "message": "http method: POST",
+            "reports": {},
+            "stats": {}
+          }
+        ],
+        "similarCases": []
+      }
+    ```