Import entries to an active list
POST /api/v2/activeLists/import
The target correlator must be running.
Access: General administrator, Tenant administrator, Tier 2 analyst, Tier 1 analyst (can import data into any correlator list of an accessible tenant, even if the active list was created in the Shared tenant).
Query parameters (URL Query)
Name | Data type | Mandatory | Description | Value example |
correlatorID | string | Yes | Correlator service ID | 00000000-0000-0000-0000-000000000000 |
activeListID | string | If activeListName is not specified | Active list ID | 00000000-0000-0000-0000-000000000000 |
activeListName | string | If activeListID is not specified | Active list name | Attackers |
format | string | Yes | Format of imported entries | CSV, TSV, internal |
keyField | string | For the CSV and TSV formats only | The name of the field in the header of the CSV or TSV file that will be used as the key field of the active list record. The values of this field must be unique | ip |
clear | bool | No | Clear the active list before importing. If the parameter is present in the URL query, then its value is assumed to be true. The values specified by the user are ignored. | /api/v2/activeLists/import?clear |
Request body
Format | Contents |
CSV | The first line is the header, which lists the comma-separated fields. The rest of the lines are the values corresponding to the comma-separated fields in the header. The number of fields in each line must be the same. |
TSV | The first line is the header, which lists the TAB-separated fields. The remaining lines are the values corresponding to the TAB-separated fields in the header. The number of fields in each line must be the same. |
internal | Each line contains one individual JSON object. Data in the internal format can be received by exporting the contents of the active list from the correlator in the KUMA web console. |
Response
HTTP code: 204
Possible errors
HTTP code | Description | message field value | details field value |
400 | Correlator service ID is not specified | query parameter required | correlatorID |
400 | Neither the activeListID parameter nor the activeListName parameter is specified | one of query parameters required | activeListID, activeListName |
400 | The format parameter is not specified | query parameter required | format |
400 | The format parameter is invalid | invalid query parameter value | format |
400 | The keyField parameter is not specified | query parameter required | keyField |
400 | The request body has a zero-length | request body required | - |
400 | The CSV or TSV file does not contain the field specified in the keyField parameter | correlator API request failed | variable |
400 | Request body parsing error | correlator API request failed | variable |
403 | The user does not have the required role in the correlator tenant | access denied | - |
404 | The service with the specified identifier (correlatorID) was not found | service not found | - |
404 | No active list was found | active list not found | - |
406 | The service with the specified ID (correlatorID) is not a correlator | service is not correlator | - |
406 | The correlator did not execute the first start | service not paired | - |
406 | The correlator tenant is disabled | tenant disabled | - |
406 | A search was performed using the name of the active list (activeListName), and more than one active list was found | more than one matching active lists found | - |
50x | Failed to access the correlator API | correlator API request failed | variable |
500 | Failed to decode the response body received from the correlator | correlator response decode failed | variable |
500 | Any other internal errors | variable | variable |
