This endpoint can be used to import a single or batch of multiple indicators.These indicators can be used to perform a specific action based on their presence.For example, a file-hash can be added with a block action to prevent the delivery of a message with an attachment matching that file-hash.Currently, only file-hashes are supported.
In order to successfully use this endpoint the logged in user must be a Mimecast administrator with at least the BYO Threat Intelligence | Upload permission.
To use this endpoint you send a POST request to:
/api/byo-threat-intelligence/create-batch
Request Headers
The following request headers must be included in your request:
Field Description
Authorization
Please see the Authorization guide for more information on building the Authorization header.
x-mc-req-id
A randomly generated GUID, for example,
8578FCFC-A305-4D9A-99CB-F4D5ECEFE297
x-mc-app-id
The Application ID provided with your Registered API Application.
x-mc-date
The current date and time in the following format, for example,
Tue, 24 Nov 2015 12:50:11 UTC
{
"data" : [
{
"operationType" : "BLOCK" ,
"hashList" : [
{
"provider" : "Test" ,
"description" : "Morris worm" ,
"hash" : "4b61fd53c077baffe40a70f0b2c1c7f5f66e9e7b590aa13feaaf8a2711f3dd9d"
}
]
}
]
}
Data
Field Type Required Description
operationType
String
Required
The action to take based on the batch of indicators. Must be one of ALLOW, BLOCK or DELETE.
hashList
Array of FileHash Objects
Required
List of one or more file-hashes to be acted upon.
FileHash Object
Field Type Required Description
provider
String
Optional
Provider or source of the file-hash, limited to 10 characters
description
String
Optional
A description of the file-hash
hash
String
Required
The file-hash value
{
"fail" : [],
"meta" : {
"status" : 200
},
"data" : [
{
"batchIdToken" : "eNqrVipOTS4tSs1MUbJSKouySPMKSQ12c480dtFOtAgM9o9IivJ1D9Y2Nik..." ,
"completionTime" : "2020-06-01T19:11:46.000Z[UTC]" ,
"createTime" : "2020-06-01T19:11:46.000Z[UTC]" ,
"hashCount" : 10 ,
"operationType" : "BLOCK" ,
"status" : "COMPLETED"
}
]
}
meta
Field Type Description
status
Number
The function level status of the request.
data
Field Type Description
batchIdToken
String
The Mimecast secure ID of the batch.
completionTime
Date String
The UTC timestamp of the batch ingestion completion in the following format: 2020-06-01T19:11:46.000Z[UTC]
createTime
Date String
The UTC timestamp of the batch creation in the following format: 2020-06-01T19:11:46.000Z[UTC]
hashCount
Number
The number of hashes within the batch.
operationType
String
The action provided upon batch creation. Will be one of: ALLOW, BLOCK or DELETE.
status
String
The current status of a batch ingestion. Will be one of: NOT_STARTED, IN_PROGRESS, COMPLETED, FAILED, PARTIALLY_COMPLETED or PARTIALLY_FAILED.
Sample code is provided to demonstrate how to use the API and is not representative of a production application. To use the sample code; complete the required variables as described, populate the desired values in the request body, and execute in your favorite IDE. Please see the Global Base URL's page to find the correct base URL to use for your account.
HTTP Python C# PowerShell Java
POST {base_url}/api/byo-threat-intelligence/create-batch
Authorization : MC {accesskKey}:{Base64 encoded signed Data To Sign}
x-mc-date : {dateTime}
x-mc-req-id : {unique id}
x-mc-app-id : {applicationId}
Content-Type : application/json
Accept : application/json
{
"data" : [
{
"operationType" : "BLOCK" ,
"hashList" : [
{
"provider" : "Test" ,
"description" : "Morris worm" ,
"hash" : "4b61fd53c077baffe40a70f0b2c1c7f5f66e9e7b590aa13feaaf8a2711f3dd9d"
}
]
}
]
}
import base64
import hashlib
import hmac
import uuid
import datetime
import requests
base_url = "https://xx-api.mimecast.com"
uri = "/api/byo-threat-intelligence/create-batch"
url = base_url + uri
access_key = "YOUR ACCESS KEY"
secret_key = "YOUR SECRET KEY"
app_id = "YOUR APPLICATION ID"
app_key = "YOUR APPLICATION KEY"
request_id = str (uuid.uuid4())
hdr_date = datetime.datetime.utcnow().strftime("%a, %d %b %Y %H:%M:%S" ) + " UTC"
dataToSign = ':' .join([hdr_date, request_id, uri, app_key])
hmac_sha1 = hmac.new(base64.b64decode(secret_key), dataToSign.encode(), digestmod=hashlib.sha1).digest()
sig = base64.b64encode(hmac_sha1).rstrip()
headers = {
'Authorization' : 'MC ' + access_key + ':' + sig.decode(),
'x-mc-app-id' : app_id,
'x-mc-date' : hdr_date,
'x-mc-req-id' : request_id,
'Content-Type' : 'application/json'
}
payload = {
'data' : [
{
'operationType' : 'BLOCK' ,
'hashList' : [
{
'provider' : 'Test' ,
'description' : 'Morris worm' ,
'hash' : '4b61fd53c077baffe40a70f0b2c1c7f5f66e9e7b590aa13feaaf8a2711f3dd9d'
}
]
}
]
}
r = requests.post(url=url, headers=headers, data=str (payload))
print(r.text)
static void Main (string [] args)
{
string baseUrl = "https://xx-api.mimecast.com" ;
string uri = "/api/byo-threat-intelligence/create-batch" ;
string accessKey = "YOUR ACCESS KEY" ;
string secretKey = "YOUR SECRET KEY" ;
string appId = "YOUR APPLICATION ID" ;
string appKey = "YOUR APPLICATION KEY" ;
string hdrDate = System.DateTime.Now.ToUniversalTime().ToString("R" );
string requestId = System.Guid.NewGuid().ToString();
System.Security.Cryptography.HMAC h = new System.Security.Cryptography.HMACSHA1(System.Convert.FromBase64String(secretKey));
byte[] hash = h.ComputeHash(System.Text.Encoding.Default.GetBytes(hdrDate + ":" + requestId + ":" + uri + ":" + appKey));
string signature = "MC " + accessKey + ":" + System.Convert.ToBase64String(hash);
System.Net.HttpWebRequest request = (System.Net.HttpWebRequest)System.Net.WebRequest.Create(baseUrl + uri);
request.Method = "POST" ;
request.ContentType = "application/json" ;
request.Headers[System.Net.HttpRequestHeader.Authorization] = signature;
request.Headers.Add("x-mc-date" , hdrDate);
request.Headers.Add("x-mc-req-id" , requestId);
request.Headers.Add("x-mc-app-id" , appId);
string postData = @"{
" "data" ": [
{
" "operationType" ": " "BLOCK" ",
" "hashList" ": [
{
" "provider" ": " "Test" ",
" "description" ": " "Morris worm" ",
" "hash" ": " "4b61fd53c077baffe40a70f0b2c1c7f5f66e9e7b590aa13feaaf8a2711f3dd9d" "
}
]
}
]
}" ;
byte[] payload = System.Text.Encoding.UTF8.GetBytes(postData);
System.IO.Stream stream = request.GetRequestStream();
stream.Write(payload, 0 , payload.Length);
stream.Close();
System.Net.HttpWebResponse response = (System.Net.HttpWebResponse)request.GetResponse();
System.IO.StreamReader reader = new System.IO.StreamReader(response.GetResponseStream());
string responseBody = "" ;
string temp = null;
while ((temp = reader.ReadLine()) != null)
{
responseBody += temp;
};
System.Console.WriteLine(responseBody);
System.Console.ReadLine();
}
$baseUrl = "https://xx-api.mimecast.com"
$uri = "/api/byo-threat-intelligence/create-batch"
$url = $baseUrl + $uri
$accessKey = "YOUR ACCESS KEY"
$secretKey = "YOUR SECRET KEY"
$appId = "YOUR APPLICATION ID"
$appKey = "YOUR APPLICATION KEY"
$hdrDate = (Get-Date ).ToUniversalTime().ToString("ddd, dd MMM yyyy HH:mm:ss UTC" )
$requestId = [guid ]::NewGuid().guid
$sha = New-Object System.Security.Cryptography.HMACSHA1
$sha .key = [Convert ]::FromBase64String($secretKey )
$sig = $sha .ComputeHash([Text.Encoding ]::UTF8.GetBytes($hdrDate + ":" + $requestId + ":" + $uri + ":" + $appKey ))
$sig = [Convert ]::ToBase64String($sig )
$headers = @ {"Authorization" = "MC " + $accessKey + ":" + $sig ;
"x-mc-date" = $hdrDate ;
"x-mc-app-id" = $appId ;
"x-mc-req-id" = $requestId ;
"Content-Type" = "application/json" }
$postBody = "{
" "data" ": [
{
" "operationType" ": " "BLOCK" ",
" "hashList" ": [
{
" "provider" ": " "Test" ",
" "description" ": " "Morris worm" ",
" "hash" ": " "4b61fd53c077baffe40a70f0b2c1c7f5f66e9e7b590aa13feaaf8a2711f3dd9d" "
}
]
}
]
}"
$response = Invoke-RestMethod -Method Post -Headers $headers -Body $postBody -Uri $url
$response
public static void main (String[] args) throws java.io.IOException, java.security.NoSuchAlgorithmException, java.security.InvalidKeyException
String baseUrl = "https://xx-api.mimecast.com" ;
String uri = "/api/byo-threat-intelligence/create-batch" ;
String url = "https://" + baseUrl + uri;
String accessKey = "YOUR ACCESS KEY" ;
String secretKey = "YOUR SECRET KEY" ;
String appId = "YOUR APPLICATION ID" ;
String appKey = "YOUR APPLICATION KEY" ;
java.net.URL obj = new java.net.URL(url);
String guid = java.util.UUID.randomUUID().toString();
java.text.SimpleDateFormat sdf = new java.text.SimpleDateFormat("EEE, d MMM yyyy HH:mm:ss z" );
sdf.setTimeZone(java.util.TimeZone.getTimeZone("UTC" ));
String date = sdf.format(new java.util.Date());
String dataToSign = date + ":" + guid + ":" + uri + ":" + appKey;
String hmacSHA1 = "HmacSHA1" ;
javax.crypto.spec.SecretKeySpec signingKey = new javax.crypto.spec.SecretKeySpec(org.apache.commons.codec.binary.Base64.decodeBase64(secretKey.getBytes()), hmacSHA1);
javax.crypto.Mac mac = javax.crypto.Mac.getInstance(hmacSHA1);
mac.init(signingKey);
String sig = new String(org.apache.commons.codec.binary.Base64.encodeBase64(mac.doFinal(dataToSign.getBytes())));
javax.net.ssl.HttpsURLConnection con = (javax.net.ssl.HttpsURLConnection) obj.openConnection();
con.setRequestMethod("POST" );
con.setDoOutput(true );
con.setRequestProperty("Authorization" , "MC " + accessKey + ":" + sig);
con.setRequestProperty("x-mc-req-id" , guid);
con.setRequestProperty("x-mc-app-id" , appId);
con.setRequestProperty("x-mc-date" , date);
con.setRequestProperty("Content-Type" , "application/json" );
con.setRequestProperty("Accept" , "application/json" );
String postBody = "{\n" +
" \"data\": [\n" +
" {\n" +
" \"operationType\": \"BLOCK\",\n" +
" \"hashList\": [\n" +
" {\n" +
" \"provider\": \"Test\",\n" +
" \"description\": \"Morris worm\",\n" +
" \"hash\": \"4b61fd53c077baffe40a70f0b2c1c7f5f66e9e7b590aa13feaaf8a2711f3dd9d\"\n" +
" }\n" +
" ]\n" +
" }\n" +
" ]\n" +
"}" ;
java.io.OutputStream os = con.getOutputStream();
os.write(postBody.getBytes("UTF-8" ));
os.close();
java.io.BufferedReader in = new java.io.BufferedReader(
new java.io.InputStreamReader(con.getInputStream()));
String inputLine;
StringBuffer response = new StringBuffer();
while ((inputLine = in.readLine()) != null ) {
response.append(inputLine);
}
in.close();
java.lang.System.out.println(response.toString());
}