-
Notifications
You must be signed in to change notification settings - Fork 102
Expand file tree
/
Copy pathbazaar.xml
More file actions
17 lines (17 loc) · 780 Bytes
/
bazaar.xml
File metadata and controls
17 lines (17 loc) · 780 Bytes
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
<Workflow name="Malware Bazaar" version="1.0" xmlns="http://qradar.ibm.com/UniversalCloudRESTAPI/Workflow/V2">
<Parameters>
<Parameter name="api_host" label="API Host" required="true" />
</Parameters>
<Actions>
<CallEndpoint url="https://${/api_host}" method="POST" savePath="/response">
<RequestHeader name="Accept" value="application/json" />
<UrlEncodedFormRequestBody>
<Parameter name="query" value="get_recent" />
<Parameter name="selector" value="time" />
</UrlEncodedFormRequestBody>
</CallEndpoint>
<ForEach item="/sample" items="/response/body/data">
<PostEvent path="/sample" source="malwarebazaar"/>
</ForEach>
</Actions>
</Workflow>