0.10.0b

[0.10.0]

[0.9.20]

Changed

The entity.id field is now dump_only. It means that you shouldn't provide it on your POST/PUT/PATCH /entities API calls - it's an auto-generated UUID, which is consistent with the way all the other object IDs are generated. You still have control over the entity.data.id attribute (a.k.a. STIX ID).

[0.9.19]

Fixed

Fixed handling of dump_only timestamps on schemas. Fields such as created_at, last_updated_at etc. should never be specified directly on the API payloads (they are generated system-side), but some endpoints in the documentation were erroneously reporting them on the input schemas.
Fixed the representation of some schema attributes that broke some OpenAPI validators.
Fixed empty results on GET /entities when using the data.title filter.

[0.9.18]

Fixed

[0.9.14]

Removed

Removed deprecated /auth endpoint, since it involved passing user credentials on a JSON payload, and it doesn't work with MFA. Users are now required to generate their API tokens from the EclecticIQ UI (instructions are in the README as well as the Swagger/Redoc endpoints).

[0.9.13]

Added

Added /entities/attachments endpoints, and improved support for bundled attachments on entities.

[0.9.12]

Added

Added bulk DELETE endpoints. It is now possible to delete multiple objects of the same type in one single request by calling /api// with a JSON payload containing a list of the IDs that should be removed.

[0.9.11]

Added

Added support for bulk upserts on PUT endpoints. PUT endpoints now support a list of objects on their payload (instead of one single object). Objects will be created or updated with the new representation if their name (or other alternative key, such as <type, value>) already exists, and the modification will happen within a single transaction. 201 will be returned if at least one object in the list was newly created, 200 will be returned if all the objects already existed, and they have been updated. The previous semantics on the PUT endpoints (i.e. accepting and returning one single object) is still supported, but the support may be removed in a future release. Note that bulk operations are only supported on PUT endpoints. POST and PATCH will still operate on one object at the time.

Changed

Replaced POST /api//tasks//runs endpoint with POST /api//tasks/runs with a JSON payload that contains task (ID or URL) and parameters. This is more consistent with the behaviour of the other POST endpoints.
task_name and task_type on the task schema have been renamed to name and type respectively - this is consistent with the attribute naming used for other platform objects.
POST /api//taxonomies now always returns a list containing the representation of the nodes in the taxonomy path (earlier they would include only the most recent leaf node in some cases).
GET /api//mitre-attack/{id} renamed to GET /api//mitre-attacks/{id} (naming consistency).
workspace_type field in workspace schemas renamed to type.
Files endpoints changed from /api//workspaces/files to /api//files.
Renamed MITRE ATT&CKs field on entities: from attack to attacks.
Renamed MITRE ATT&CKs endpoints: from mitre-attacks to attacks.
Entities' incoming_feed and outgoing_feeds fields have been moved up from meta to the
root level of the payload.

Removed

Removed GET /api//tasks//runs endpoint, you should use GET /api//tasks/runs?filter[task]=<task_id> instead - this is more consistent with the behaviour of the other GET endpoints, since the previous endpoint was basically just a shortcut.
Removed DELETE /api//tasks//runs endpoint, you should use instead stop a task run by retrieving its runs and explicitly stop one of them through DELETE /api//tasks/runs/ to prevent stopping runs that may have been started in the meantime by other users.
Removed with_entities flag from GET /api//observables/. If you want to get the payload of the entities associated with an observable you should instead use GET /api//entities?filter[observables]=.