Permissions for public API endpoints

The Intelligence Center offers a public API to make it easier to automate data exchange workflows and processes with external systems.
Intelligence Center permissions control also access to the endpoints the public API exposes.

You can configure dedicated users and groups for automation tasks that interact with external components or systems, such as in Intelligence Center integration implementations.
In this case, make sure that:

  • Automation roles have the appropriate set of permissions to access the API endpoints whose resources they are supposed to consume.

  • Automation users are granted the appropriate roles to access the API endpoints whose resources they are supposed to consume.

  • Automation users are assigned to the appropriate groups to access the Intelligence Center assets and resources they are supposed to consume.

The following table shows the permissions that public API endpoints require to allow access.


REST API endpoint

HTTP method

Permission

/api/datasets/

GET

read intel-sets

/api/datasets/${int:id}

GET

read intel-sets

/api/enrichers/

GET

read enrichers

/api/enrichers/${int:id}

GET

read enrichers

/api/enrichment-tasks/${uuid:id}

GET

read tasks

/api/entities/

GET

read entities

/api/entities/

POST

modify entities

/api/entities/${uuid:id}

GET

read entities

/api/entities/${uuid:id}/enrich

POST

modify entities

/api/entities/${uuid:id}/enrichers

GET

read entities

/api/entities/latest

GET

read entities

/api/observables/

GET

read extracts

/api/observables/

POST

modify extracts

/api/observables/${int:id}

GET

read extracts

/api/observables/${int:id}

PATCH

modify extracts

/api/observables/${int:id}/enrich

POST

modify entities

/api/observables/${int:id}/enrichers

GET

read extracts

/api/sources/

GET

read sources