Issues with Threat Intelligence Upload Indicators API (Preview)

KubaTom · ‎Jun 28 2023

Hi,

Due to Threat Intelligence Platforms connector being deprecated, I'm moving on to the new Threat Intelligence Upload Indicators API (Preview). It installed alright, but I'm struggling with getting the logic app to POST to the new URI due to
{"error":{"code":"UploadIndicatorsValidationErrors","message":"Indicators array is required and cannot be empty. ","target":null,"additionalInfo":null}}

Same is happening even when I'm trying to post a sample request from the reference page:
https://learn.microsoft.com/en-us/azure/sentinel/upload-indicators-api#sample-request-body

Has anyone managed to get this to work?

Cheers!
KubaT

whiteHat · ‎Aug 21 2023

@KubaTom

I have the same issue, did you found a solution for that in the meantime? The array is present and exactly the same as from the reference page....

whiteHat · ‎Aug 21 2023

The solution is to write "indicators" instead of "value" in the request body, the documentation seems to be wrong, at least for the V2 (Preview) (preview) step ;)

Issues with Threat Intelligence Upload Indicators API (Preview)

Issues with Threat Intelligence Upload Indicators API (Preview)

Re: Issues with Threat Intelligence Upload Indicators API (Preview)

Re: Issues with Threat Intelligence Upload Indicators API (Preview)

Products (51)

Special Topics (28)

Video Hub (447)

Most Active Hubs

Most Active Hubs

Video Hub

Issues with Threat Intelligence Upload Indicators API (Preview)

Issues with Threat Intelligence Upload Indicators API (Preview)

Re: Issues with Threat Intelligence Upload Indicators API (Preview)

Re: Issues with Threat Intelligence Upload Indicators API (Preview)