This endpoint leverages the external (STIX) ID provided on the payload's data attribute to de-duplicate the entity. If an entity with the provided STIX ID already exists, this endpoint returns 409: Conflict, and you should use PATCH /api/<version>/entities/<stix_id> instead to update it.

Required permissions

• modify entities

Optional permissions

• read extracts Required to access the observables attached with an entity

• read taxonomies Required to access the taxonomies associated with an entity

• read attack Required to access the MITRE ATT&CKs associated with an entity

• read intel-sets Required to access the datasets associated with an entity

• read incoming-feeds Required to access the incoming feeds associated with an entity

• read outgoing-feeds Required to access the outgoing feeds associated with an entity