openapi: 3.0.0 info: title: HYAS Protect API description: > # Endpoint The base endpoint is `https://apps.hyas.com/api/protect/ext`, which all of the following REST routes will follow. # Authentication Authentication is performed using X-API-Key header with provided PSK API key on each request # cURL Example ```curl --header "X-API-Key: " https://apps.hyas.com/api/protect/ext/reports``` contact: {} version: '1.0.0' servers: - url: https://apps.hyas.com/api/protect/ext variables: {} paths: /aggregates: post: tags: - Overview summary: newcastle.protect.top_charts.aggregates description: Get count aggregates for the top charts operationId: newcastle.protect.top_charts.aggregates parameters: [] requestBody: description: The filter used to perform aggregate queries content: application/json: schema: allOf: - $ref: '#/components/schemas/aggregate_params' - description: The filter used to perform aggregate queries required: true responses: '200': description: Top Charts headers: {} content: application/json: schema: $ref: '#/components/schemas/AggregatesResponse' deprecated: false /bar: post: tags: - Overview summary: newcastle.protect.bar_charts.bar description: Get bar chart data operationId: newcastle.protect.bar_charts.bar parameters: [] requestBody: description: The filter used to perform bar chart queries content: application/json: schema: allOf: - $ref: '#/components/schemas/bar_params' - description: The filter used to perform bar chart queries required: true responses: '200': description: Bar Chart headers: {} content: application/json: schema: $ref: '#/components/schemas/BarResponse1' deprecated: false /histogram: post: tags: - Overview summary: newcastle.protect.histograms.histogram description: Get histogram data for the real time charts operationId: newcastle.protect.histograms.histogram parameters: [] requestBody: description: The filter used to perform histogram queries content: application/json: schema: allOf: - $ref: '#/components/schemas/histogram_params' - description: The filter used to perform histogram queries required: true responses: '200': description: Historgram headers: {} content: application/json: schema: $ref: '#/components/schemas/HistogramResponse1' deprecated: false /summary: post: tags: - Overview summary: newcastle.protect.summaries.summary description: Get request summaries operationId: newcastle.protect.summaries.summary parameters: [] requestBody: description: The filter used to perform summary queries content: application/json: schema: allOf: - $ref: '#/components/schemas/summary_params' - description: The filter used to perform summary queries required: true responses: '200': description: Summary headers: {} content: application/json: schema: $ref: '#/components/schemas/SummaryResponse1' deprecated: false /histogram/artifact: post: tags: - Logs summary: newcastle.protect.histograms.histogram_artifact description: Get histogram data for the pop out panel timeline chart operationId: newcastle.protect.histograms.histogram_artifact parameters: [] requestBody: description: The filter used to perform histogram queries content: application/json: schema: allOf: - $ref: '#/components/schemas/histogram_artifact_params' - description: The filter used to perform histogram queries required: true responses: '200': description: Flyout Panel Artifact Historgram headers: {} content: application/json: schema: $ref: '#/components/schemas/HistogramArtifactResponse1' deprecated: false /logs: post: tags: - Logs summary: newcastle.protect.logs.logs description: Get logs operationId: newcastle.protect.logs.logs parameters: [] requestBody: description: The filter used to perform log queries content: application/json: schema: allOf: - $ref: '#/components/schemas/log_params' - description: The filter used to perform log queries required: true responses: '200': description: Logs headers: {} content: application/json: schema: $ref: '#/components/schemas/LogsResponse' deprecated: false /passthrough: post: tags: - Passthrough summary: newcastle.protect.passthrough.passthrough description: Get passthrough records operationId: newcastle.protect.passthrough.passthrough parameters: [] requestBody: description: The filter used to perform passthrough queries content: application/json: schema: allOf: - $ref: '#/components/schemas/passthrough_params' - description: The filter used to perform passthrough queries required: true responses: '200': description: Logs headers: {} content: application/json: schema: $ref: '#/components/schemas/PassthroughResponse1' deprecated: false /report: post: tags: - Reports summary: newcastle.protect.reports.get_report description: Get executive report operationId: newcastle.protect.reports.get_report parameters: [] requestBody: description: The filter used to generate the report content: application/json: schema: allOf: - $ref: '#/components/schemas/report_params' - description: The filter used to generate the report required: true responses: '200': description: A report in pdf format headers: {} content: application/pdf: schema: {} deprecated: false /reports: post: tags: - Reports summary: newcastle.protect.reports.get_reports description: Get list of executive reports operationId: newcastle.protect.reports.get_reports parameters: [] responses: '200': description: Bar Chart headers: {} content: application/json: schema: $ref: '#/components/schemas/ReportsResponse1' deprecated: false components: schemas: aggregate_params: title: aggregate_params type: object properties: applied_filters: $ref: '#/components/schemas/AppliedFilters9' aggregate_response: title: aggregate_response type: object properties: query_type: type: string description: The query type that the aggregate is for example: fqdn top_items: type: array items: $ref: '#/components/schemas/TopItem' description: Top items description: Aggregate response bar_params: title: bar_params type: object properties: applied_filters: $ref: '#/components/schemas/AppliedFilters12' bar_response: title: bar_response type: object properties: query_type: type: string description: The query type that the aggregate is for example: no_answer_queries top_items: type: array items: $ref: '#/components/schemas/TopItem1' description: Top items description: Bar chart response histogram_artifact_params: title: histogram_artifact_params type: object properties: applied_filters: $ref: '#/components/schemas/AppliedFilters22' histogram_artifact_response: title: histogram_artifact_response type: object properties: days: type: integer description: The number of days the histogram is for format: int32 query_type: type: string description: The query type that the histogram is for description: Histogram response histogram_params: title: histogram_params type: object properties: applied_filters: $ref: '#/components/schemas/AppliedFilters32' histogram_response: title: histogram_response type: object properties: query_type: type: string description: The query type that the aggregate is for example: queries top_items: type: array items: $ref: '#/components/schemas/TopItem' description: Top items description: Histogram response log_params: title: log_params type: object properties: applied_filters: type: array items: $ref: '#/components/schemas/AppliedFilters4' description: '' log_params_query_type_values: title: log_params_query_type_values enum: - A - A6 - AAAA - AFSDB - AMTRELAY - ANY - APL - ATMA - AVC - AXFR - CAA - CDS - CDNSKEY - CERT - CNAME - CSYNC - DHCID - DLV - DNAME - DNSKEY - DOA - DS - EID - EUI48 - EUI64 - GID - GPOS - HINFO - HIP - HTTPS - IPSECKEY - ISDN - IXFR - KEY - KX - L32 - L64 - LP - LOC - MAILA - MAILB - MB - MD - MF - MG - MINFO - MR - MX - NAPTR - NID - NIMLOC - NINFO - NS - NSAP - NSAP-PTR - NSEC - NSEC3 - NSEC3PARAM - NXT - OPENPGPKEY - OPT - PTR - PX - RKEY - RP - RRSIG - RT - RV - SIG - SINK - SMIMEA - SOA - SPF - SSHFP - SVCB - TA - TALINK - TKEY - TLSA - TSIG - TXT - UID - UINFO - Unassigned - UNSPEC - URI - WKS - X25 - ZONEMD type: string log_params_reputation_values: title: log_params_reputation_values enum: - blocked - malicious - suspicious - permitted type: string log_response: title: log_response type: object properties: aggregates: $ref: '#/components/schemas/Aggregates2' total_count: type: integer description: total count of records without pagination format: int32 example: 197 description: Summary response passthrough_params: title: passthrough_params type: object properties: applied_filters: type: array items: $ref: '#/components/schemas/AppliedFilters5' description: '' passthrough_response: title: passthrough_response type: object properties: logs: type: array items: $ref: '#/components/schemas/Log' description: Collection of passthrough records total_count: type: integer description: total count of records without pagination format: int32 example: 197 description: Passthrough response query: title: query type: object properties: applied_filters: type: object description: A filter object specific to the query endpoint. report_params: title: report_params type: object properties: applied_filters: $ref: '#/components/schemas/AppliedFilters62' reports_response: title: reports_response type: object properties: reports: type: array items: $ref: '#/components/schemas/Report' description: Collection of reports total_count: type: integer description: The total report count format: int32 description: List of reports and count summary_params: title: summary_params type: object properties: applied_filters: $ref: '#/components/schemas/AppliedFilters72' summary_response: title: summary_response type: object properties: day_count: type: integer format: int32 example: 1 query_type: type: string description: The query type that the aggregate is for example: blocked total_count: type: integer format: int32 example: 0 description: Summary response Aggregates: title: Aggregates type: object properties: queries: type: array items: $ref: '#/components/schemas/Query2' description: Collection of query type codes and counts responses: type: array items: $ref: '#/components/schemas/Response' description: Collection of response codes and counts description: Aggregates for the filter drop downs AppliedFilters: title: AppliedFilters type: object properties: query_type: $ref: '#/components/schemas/QueryType' top_count: type: integer description: How many aggregate values to get format: int32 example: 25 description: A filter object specific to the query endpoint. AppliedFilters1: title: AppliedFilters1 type: object properties: query_type: $ref: '#/components/schemas/QueryType1' description: A filter object specific to the query endpoint. AppliedFilters2: title: AppliedFilters2 type: object properties: artifact: type: string description: The artifact example: google.com artifact_type: $ref: '#/components/schemas/ArtifactType' end_date: type: string description: The end window example: 2021-09-29 interval: type: string description: The optional interval for the aggregate example: 1d query_type: $ref: '#/components/schemas/QueryType2' start_date: type: string description: The start window example: 2021-09-22 description: A filter object specific to the query endpoint. AppliedFilters3: title: AppliedFilters3 type: object properties: query_type: $ref: '#/components/schemas/QueryType3' description: A filter object specific to the query endpoint. AppliedFilters4: title: AppliedFilters4 type: object properties: exclude: type: boolean description: Flag to indicate if the filter value should be excluded example: false id: $ref: '#/components/schemas/Id' isRange: type: boolean description: Flag to indicate if the filter value is a range example: false partial: type: boolean description: If the filter should do partial matching example: true rangeValue: {} value: type: string description: The filter value nullable: true example: google AppliedFilters5: title: AppliedFilters5 type: object properties: exclude: type: boolean description: Flag to indicate if the filter value should be excluded example: false id: $ref: '#/components/schemas/Id1' isRange: type: boolean description: Flag to indicate if the filter value is a range example: true partial: type: boolean description: If the filter should do partial matching example: false rangeValue: {} value: type: string description: The filter value nullable: true AppliedFilters6: title: AppliedFilters6 type: object properties: report_id: type: string description: ID (uuid) of the report example: 00000000-00000000-00000000-00000000 description: A filter object specific to the query endpoint. AppliedFilters7: title: AppliedFilters7 type: object properties: query_type: $ref: '#/components/schemas/QueryType4' description: A filter object specific to the query endpoint. ArtifactType: title: ArtifactType enum: - domain.keyword - domain_2tld.keyword - nameserver_tld.keyword - nameserver.keyword - nameserver_ip.keyword - response.a.keyword - response.aaaa.keyword - response.cname.keyword - response.cname_2tld.keyword type: string description: The artifact type example: domain.keyword Id: title: Id enum: - domain - domain_2tld - domain_tld - domain_age - query_type - response_code - ttl - nameserver - nameserver_2tld - nameserver_tld - nameserver_ip - a_record - aaaa_record - c_name - c_name_2tld - c_name_tld - registrar - reputation - datetime type: string description: The filter id example: domain Id1: title: Id1 enum: - last_seen - artifact - hyas_status - alt_status - query_count type: string description: The filter id example: last_seen Log: title: Log type: object properties: alt_status: type: string description: The status of the request made through ALT [blocked, allow] example: allow artifact: type: string description: The artifact looked up example: google.com hyas_status: type: string description: The status of the request made through HYAS [blocked, allow] example: blocked last_seen: type: string description: The most recent query for the artifact example: 2021-11-05T05:00:00 query_count: type: integer description: The aggregated count of how many times the artifact was looked up, limited to the current params format: int32 example: 100 Query2: title: Query2 type: object properties: count: type: integer description: Query type count format: int32 example: 2058 key: type: string description: Query type key example: AAAA name: type: string description: Query type display name example: AAAA description: Query type QueryType: title: QueryType enum: - domain - fqdn - country - tld - registrar type: string description: The type of aggregate query to perform QueryType1: title: QueryType1 enum: - block_queries - no_answer_queries - tor_prox_vpn_queries - suspicious_nameserver_queries type: string description: The type of bar chart query to perform QueryType2: title: QueryType2 enum: - queries - queries_over_day - queries_over_hour type: string description: The type of query example: queries QueryType3: title: QueryType3 enum: - queries - blocked_queries type: string description: The type of histogram query to perform QueryType4: title: QueryType4 enum: - total - blocked - indicators type: string description: The type of summary query to perform RangeValue: title: RangeValue type: object properties: end: type: string description: The range end value example: 2021-09-24T01:21:58.283Z start: type: string description: The range start value example: 2021-09-17T01:21:58.283Z Report: title: Report type: object properties: client_id: type: string description: Client ID datetime: type: string description: Report generation datetime datetime_end: type: string description: Report end date datetime_start: type: string description: Report start date report_id: type: string description: Report ID description: Report Response: title: Response type: object properties: count: type: integer description: Response code count format: int32 example: 8980 key: type: string description: Response code key example: NoError name: type: string description: Response code display name example: NoError description: Response codes TopItem: title: TopItem type: object properties: current_doc_count: type: integer format: int32 example: 9116 key: type: string example: debug.opendns.com previous_doc_count: type: integer format: int32 example: 7151 TopItem1: title: TopItem1 type: object properties: current_doc_count: type: integer format: int32 example: 369 key: type: string example: 2021-09-20 00:00:00 previous_doc_count: type: integer format: int32 example: 303 previous_key: type: string example: 2021-09-13 00:00:00 AggregatesResponse: title: AggregatesResponse type: object properties: query_type: type: string description: The query type that the aggregate is for example: fqdn top_items: type: array items: $ref: '#/components/schemas/TopItem' description: Top items Aggregates2: title: Aggregates2 type: object properties: queries: type: array items: $ref: '#/components/schemas/Query2' description: Collection of query type codes and counts responses: type: array items: $ref: '#/components/schemas/Response' description: Collection of response codes and counts AppliedFilters9: title: AppliedFilters9 type: object properties: query_type: $ref: '#/components/schemas/QueryType' top_count: type: integer description: How many aggregate values to get format: int32 example: 25 AppliedFilters12: title: AppliedFilters12 type: object properties: query_type: $ref: '#/components/schemas/QueryType1' AppliedFilters22: title: AppliedFilters22 type: object properties: artifact: type: string description: The artifact example: google.com artifact_type: $ref: '#/components/schemas/ArtifactType' end_date: type: string description: The end window example: 2021-09-29 interval: type: string description: The optional interval for the aggregate example: 1d query_type: $ref: '#/components/schemas/QueryType2' start_date: type: string description: The start window example: 2021-09-22 AppliedFilters32: title: AppliedFilters32 type: object properties: query_type: $ref: '#/components/schemas/QueryType3' AppliedFilters62: title: AppliedFilters62 type: object properties: report_id: type: string description: ID (uuid) of the report example: 00000000-00000000-00000000-00000000 AppliedFilters72: title: AppliedFilters72 type: object properties: query_type: $ref: '#/components/schemas/QueryType4' BarResponse1: title: BarResponse1 type: object properties: query_type: type: string description: The query type that the aggregate is for example: no_answer_queries top_items: type: array items: $ref: '#/components/schemas/TopItem1' description: Top items HistogramArtifactResponse1: title: HistogramArtifactResponse1 type: object properties: days: type: integer description: The number of days the histogram is for format: int32 query_type: type: string description: The query type that the histogram is for HistogramResponse1: title: HistogramResponse1 type: object properties: query_type: type: string description: The query type that the aggregate is for example: queries top_items: type: array items: $ref: '#/components/schemas/TopItem' description: Top items LogsResponse: title: LogsResponse type: object properties: aggregates: $ref: '#/components/schemas/Aggregates2' total_count: type: integer description: total count of records without pagination format: int32 example: 197 PassthroughResponse1: title: PassthroughResponse1 type: object properties: logs: type: array items: $ref: '#/components/schemas/Log' description: Collection of passthrough records total_count: type: integer description: total count of records without pagination format: int32 example: 197 ReportsResponse1: title: ReportsResponse1 type: object properties: reports: type: array items: $ref: '#/components/schemas/Report' description: Collection of reports total_count: type: integer description: The total report count format: int32 SummaryResponse1: title: SummaryResponse1 type: object properties: day_count: type: integer format: int32 example: 1 query_type: type: string description: The query type that the aggregate is for example: blocked total_count: type: integer format: int32 example: 0 securitySchemes: external_auth: type: apiKey name: X-API-Key in: header security: - external_auth: [] tags: - name: Overview - name: Logs - name: Passthrough - name: Reports