OSA Stimulus

Sentivex CTI API

GET/api/osa/stimulus

OSA stimulus overview (어댑터 상태 + PG run 원장)

Responses

200 OK401 인증 실패500 서버 오류
object
cURL
curl -X GET https://scti.in-bridge.com/api/osa/stimulus \
  -H "Authorization: Bearer $TOKEN"
JavaScript
const res = await fetch("https://scti.in-bridge.com/api/osa/stimulus", {
  method: "GET",
  headers: {
    "Authorization": `Bearer ${token}`
  }
});
const data = await res.json();
Response 200
{}
GET/api/osa/stimulus/endpoints

attack-sim endpoint readiness 인벤토리

Responses

200 OK401 인증 실패502 어댑터 실패
object
cURL
curl -X GET https://scti.in-bridge.com/api/osa/stimulus/endpoints \
  -H "Authorization: Bearer $TOKEN"
JavaScript
const res = await fetch("https://scti.in-bridge.com/api/osa/stimulus/endpoints", {
  method: "GET",
  headers: {
    "Authorization": `Bearer ${token}`
  }
});
const data = await res.json();
Response 200
{}
GET/api/osa/stimulus/patterns

attack-sim 제어 이벤트 패턴 목록

Responses

200 OK401 인증 실패502 어댑터 실패
object
cURL
curl -X GET https://scti.in-bridge.com/api/osa/stimulus/patterns \
  -H "Authorization: Bearer $TOKEN"
JavaScript
const res = await fetch("https://scti.in-bridge.com/api/osa/stimulus/patterns", {
  method: "GET",
  headers: {
    "Authorization": `Bearer ${token}`
  }
});
const data = await res.json();
Response 200
{}
GET/api/osa/stimulus/vendors

attack-sim 벤더 매핑 + VMware VM 인벤토리

Responses

200 OK401 인증 실패502 어댑터 실패
object
cURL
curl -X GET https://scti.in-bridge.com/api/osa/stimulus/vendors \
  -H "Authorization: Bearer $TOKEN"
JavaScript
const res = await fetch("https://scti.in-bridge.com/api/osa/stimulus/vendors", {
  method: "GET",
  headers: {
    "Authorization": `Bearer ${token}`
  }
});
const data = await res.json();
Response 200
{}
GET/api/osa/stimulus/jobs

attack-sim 최근 job + ti-app PG run 이력

Responses

200 OK401 인증 실패500 서버 오류502 어댑터 실패
object
cURL
curl -X GET https://scti.in-bridge.com/api/osa/stimulus/jobs \
  -H "Authorization: Bearer $TOKEN"
JavaScript
const res = await fetch("https://scti.in-bridge.com/api/osa/stimulus/jobs", {
  method: "GET",
  headers: {
    "Authorization": `Bearer ${token}`
  }
});
const data = await res.json();
Response 200
{}
POST/api/osa/stimulus/dispatch

제어된 RTJOB 자극 발사 (실공격)

non-destructive 패턴 + registered host 만 허용. idempotencyKey 로 중복 발사 방지(replay).

Request body

patternIdstringrequired
hostsstring[]required
countinteger
reasonstring
expectedIocstring
expectedIocTypestring
idempotencyKeystring

Responses

200 OK400 검증 실패(unknown_pattern/destructive_pattern_blocked/unregistered_hosts/invalid_request)401 인증 실패502 어댑터 실패/검증 불가
object
cURL
curl -X POST https://scti.in-bridge.com/api/osa/stimulus/dispatch \
  -H "Authorization: Bearer $TOKEN" \
  -H "Content-Type: application/json" \
  -d '{"patternId":"string","hosts":["string"],"count":0,"reason":"string","expectedIoc":"string","expectedIocType":"string","idempotencyKey":"string"}'
JavaScript
const res = await fetch("https://scti.in-bridge.com/api/osa/stimulus/dispatch", {
  method: "POST",
  headers: {
    "Authorization": `Bearer ${token}`,
    "Content-Type": "application/json"
  },
  body: JSON.stringify({
    "patternId": "string",
    "hosts": [
      "string"
    ],
    "count": 0,
    "reason": "string",
    "expectedIoc": "string",
    "expectedIocType": "string",
    "idempotencyKey": "string"
  })
});
const data = await res.json();
Response 200
{}
POST/api/osa/track

개별 추적(재판정) — 벤더 콘솔 API 디텍션 실시간 수집 후 그 run 판정

OS/crawler 배치지연을 우회해 벤더 콘솔 API 에서 디텍션을 직접 수집(ti_osa_vendor_alert)한 뒤 host+시간창으로 재판정한다. detected 만 확정(미탐 단정 안 함).

Request body

jobIdstringrequired

Responses

200 OK400 invalid_request401 인증 실패502 어댑터(dispatch-server) 실패
object
cURL
curl -X POST https://scti.in-bridge.com/api/osa/track \
  -H "Authorization: Bearer $TOKEN" \
  -H "Content-Type: application/json" \
  -d '{"jobId":"string"}'
JavaScript
const res = await fetch("https://scti.in-bridge.com/api/osa/track", {
  method: "POST",
  headers: {
    "Authorization": `Bearer ${token}`,
    "Content-Type": "application/json"
  },
  body: JSON.stringify({
    "jobId": "string"
  })
});
const data = await res.json();
Response 200
{}
POST/api/osa/track-all

일괄 추적(재판정) — 미확정 run 전체를 한 번의 수집으로 재판정

dispatched/unverifiable run 전체를 벤더 콘솔 API 한 번 수집으로 재판정. 스케줄러 대신 수동 갱신. detected 만 확정.

Request body

limitinteger

Responses

200 OK401 인증 실패502 어댑터(dispatch-server) 실패
object
cURL
curl -X POST https://scti.in-bridge.com/api/osa/track-all \
  -H "Authorization: Bearer $TOKEN" \
  -H "Content-Type: application/json" \
  -d '{"limit":0}'
JavaScript
const res = await fetch("https://scti.in-bridge.com/api/osa/track-all", {
  method: "POST",
  headers: {
    "Authorization": `Bearer ${token}`,
    "Content-Type": "application/json"
  },
  body: JSON.stringify({
    "limit": 0
  })
});
const data = await res.json();
Response 200
{}
POST/api/osa/stimulus/endpoint-start

attack-sim endpoint readiness 기동

Request body

vmstringrequired

Responses

200 OK400 invalid_request401 인증 실패502 어댑터 실패
object
cURL
curl -X POST https://scti.in-bridge.com/api/osa/stimulus/endpoint-start \
  -H "Authorization: Bearer $TOKEN" \
  -H "Content-Type: application/json" \
  -d '{"vm":"string"}'
JavaScript
const res = await fetch("https://scti.in-bridge.com/api/osa/stimulus/endpoint-start", {
  method: "POST",
  headers: {
    "Authorization": `Bearer ${token}`,
    "Content-Type": "application/json"
  },
  body: JSON.stringify({
    "vm": "string"
  })
});
const data = await res.json();
Response 200
{}
GET/api/osa/stimulus/batch

자동배치 마스터 스위치 상태

attack-sim dispatch-server 의 GET /batch 프록시. redis attacks:batch:enabled 토글 상태(자동 배치 발사 on/off).

Responses

200 배치 상태401 unauthorized403 forbidden (scope ti:hunt)502 dispatch-server 도달 실패
cURL
curl -X GET https://scti.in-bridge.com/api/osa/stimulus/batch \
  -H "Authorization: Bearer $TOKEN"
JavaScript
const res = await fetch("https://scti.in-bridge.com/api/osa/stimulus/batch", {
  method: "GET",
  headers: {
    "Authorization": `Bearer ${token}`
  }
});
const data = await res.json();
POST/api/osa/stimulus/batch

자동배치 On/Off 토글

끄면 자동 배치(스케줄러·autofire)가 한 발도 안 나간다(진행 job 의 reconcile/기록은 계속). 수동 단발(/dispatch)과 무관 — SOC 폭주 방지 즉시 정지.

Request body

enabledbooleanrequired

true=자동배치 허용, false=정지

Responses

200 토글 결과400 invalid_request401 unauthorized403 forbidden (scope ti:hunt)502 dispatch-server 도달 실패
cURL
curl -X POST https://scti.in-bridge.com/api/osa/stimulus/batch \
  -H "Authorization: Bearer $TOKEN" \
  -H "Content-Type: application/json" \
  -d '{"enabled":true}'
JavaScript
const res = await fetch("https://scti.in-bridge.com/api/osa/stimulus/batch", {
  method: "POST",
  headers: {
    "Authorization": `Bearer ${token}`,
    "Content-Type": "application/json"
  },
  body: JSON.stringify({
    "enabled": true
  })
});
const data = await res.json();
GET/api/osa/ocsf/{...path}

OCSF 브라우저 프록시 (catch-all)

attack-sim ocsf-server(:8788, .35 OpenSearch)로 서버측 프록시. 페이지는 이 라우트만 호출, 실제 OCSF 조회/번들은 ocsf-server 가 수행. ?format=zip 이면 번들 ZIP 바이너리 반환.

Path parameters

pathstringrequired

ocsf-server 하위 경로(catch-all)

Query parameters

formatenum
zip

zip 이면 관련 포함 번들 ZIP 다운로드

Responses

200 OCSF JSON 또는 ZIP(format=zip)401 unauthorized403 forbidden (scope ti:hunt)502 ocsf-server 도달 실패
cURL
curl -X GET https://scti.in-bridge.com/api/osa/ocsf/{...path}?format=zip \
  -H "Authorization: Bearer $TOKEN"
JavaScript
const res = await fetch("https://scti.in-bridge.com/api/osa/ocsf/{...path}", {
  method: "GET",
  headers: {
    "Authorization": `Bearer ${token}`
  }
});
const data = await res.json();
GET/api/osa/vendor-alerts

수집한 벤더 알럿 리스팅(#91) — 콘솔 API 수집 원본(PG 캐시), OS 배치지연 우회. query: page/limit/vendor/host/search

Responses

200 OK401 인증 실패403 스코프 부족(ti:hunt)
object
cURL
curl -X GET https://scti.in-bridge.com/api/osa/vendor-alerts \
  -H "Authorization: Bearer $TOKEN"
JavaScript
const res = await fetch("https://scti.in-bridge.com/api/osa/vendor-alerts", {
  method: "GET",
  headers: {
    "Authorization": `Bearer ${token}`
  }
});
const data = await res.json();
Response 200
{}