GET/api/osa/stimulus
OSA stimulus overview (어댑터 상태 + PG run 원장)
Responses
200 OK401 인증 실패500 서버 오류
object
cURLcurl -X GET https://scti.in-bridge.com/api/osa/stimulus \
-H "Authorization: Bearer $TOKEN"
JavaScriptconst res = await fetch("https://scti.in-bridge.com/api/osa/stimulus", {
method: "GET",
headers: {
"Authorization": `Bearer ${token}`
}
});
const data = await res.json();
GET/api/osa/stimulus/endpoints
attack-sim endpoint readiness 인벤토리
Responses
200 OK401 인증 실패502 어댑터 실패
object
cURLcurl -X GET https://scti.in-bridge.com/api/osa/stimulus/endpoints \
-H "Authorization: Bearer $TOKEN"
JavaScriptconst res = await fetch("https://scti.in-bridge.com/api/osa/stimulus/endpoints", {
method: "GET",
headers: {
"Authorization": `Bearer ${token}`
}
});
const data = await res.json();
GET/api/osa/stimulus/patterns
attack-sim 제어 이벤트 패턴 목록
Responses
200 OK401 인증 실패502 어댑터 실패
object
cURLcurl -X GET https://scti.in-bridge.com/api/osa/stimulus/patterns \
-H "Authorization: Bearer $TOKEN"
JavaScriptconst res = await fetch("https://scti.in-bridge.com/api/osa/stimulus/patterns", {
method: "GET",
headers: {
"Authorization": `Bearer ${token}`
}
});
const data = await res.json();
GET/api/osa/stimulus/vendors
attack-sim 벤더 매핑 + VMware VM 인벤토리
Responses
200 OK401 인증 실패502 어댑터 실패
object
cURLcurl -X GET https://scti.in-bridge.com/api/osa/stimulus/vendors \
-H "Authorization: Bearer $TOKEN"
JavaScriptconst res = await fetch("https://scti.in-bridge.com/api/osa/stimulus/vendors", {
method: "GET",
headers: {
"Authorization": `Bearer ${token}`
}
});
const data = await res.json();
GET/api/osa/stimulus/jobs
attack-sim 최근 job + ti-app PG run 이력
Responses
200 OK401 인증 실패500 서버 오류502 어댑터 실패
object
cURLcurl -X GET https://scti.in-bridge.com/api/osa/stimulus/jobs \
-H "Authorization: Bearer $TOKEN"
JavaScriptconst res = await fetch("https://scti.in-bridge.com/api/osa/stimulus/jobs", {
method: "GET",
headers: {
"Authorization": `Bearer ${token}`
}
});
const data = await res.json();
POST/api/osa/stimulus/dispatch
제어된 RTJOB 자극 발사 (실공격)
non-destructive 패턴 + registered host 만 허용. idempotencyKey 로 중복 발사 방지(replay).
Responses
200 OK400 검증 실패(unknown_pattern/destructive_pattern_blocked/unregistered_hosts/invalid_request)401 인증 실패502 어댑터 실패/검증 불가
object
cURLcurl -X POST https://scti.in-bridge.com/api/osa/stimulus/dispatch \
-H "Authorization: Bearer $TOKEN" \
-H "Content-Type: application/json" \
-d '{"patternId":"string","hosts":["string"],"count":0,"reason":"string","expectedIoc":"string","expectedIocType":"string","idempotencyKey":"string"}'
JavaScriptconst res = await fetch("https://scti.in-bridge.com/api/osa/stimulus/dispatch", {
method: "POST",
headers: {
"Authorization": `Bearer ${token}`,
"Content-Type": "application/json"
},
body: JSON.stringify({
"patternId": "string",
"hosts": [
"string"
],
"count": 0,
"reason": "string",
"expectedIoc": "string",
"expectedIocType": "string",
"idempotencyKey": "string"
})
});
const data = await res.json();
POST/api/osa/track
개별 추적(재판정) — 벤더 콘솔 API 디텍션 실시간 수집 후 그 run 판정
OS/crawler 배치지연을 우회해 벤더 콘솔 API 에서 디텍션을 직접 수집(ti_osa_vendor_alert)한 뒤 host+시간창으로 재판정한다. detected 만 확정(미탐 단정 안 함).
Responses
200 OK400 invalid_request401 인증 실패502 어댑터(dispatch-server) 실패
object
cURLcurl -X POST https://scti.in-bridge.com/api/osa/track \
-H "Authorization: Bearer $TOKEN" \
-H "Content-Type: application/json" \
-d '{"jobId":"string"}'
JavaScriptconst res = await fetch("https://scti.in-bridge.com/api/osa/track", {
method: "POST",
headers: {
"Authorization": `Bearer ${token}`,
"Content-Type": "application/json"
},
body: JSON.stringify({
"jobId": "string"
})
});
const data = await res.json();
POST/api/osa/track-all
일괄 추적(재판정) — 미확정 run 전체를 한 번의 수집으로 재판정
dispatched/unverifiable run 전체를 벤더 콘솔 API 한 번 수집으로 재판정. 스케줄러 대신 수동 갱신. detected 만 확정.
Responses
200 OK401 인증 실패502 어댑터(dispatch-server) 실패
object
cURLcurl -X POST https://scti.in-bridge.com/api/osa/track-all \
-H "Authorization: Bearer $TOKEN" \
-H "Content-Type: application/json" \
-d '{"limit":0}'
JavaScriptconst res = await fetch("https://scti.in-bridge.com/api/osa/track-all", {
method: "POST",
headers: {
"Authorization": `Bearer ${token}`,
"Content-Type": "application/json"
},
body: JSON.stringify({
"limit": 0
})
});
const data = await res.json();
POST/api/osa/stimulus/endpoint-start
attack-sim endpoint readiness 기동
Responses
200 OK400 invalid_request401 인증 실패502 어댑터 실패
object
cURLcurl -X POST https://scti.in-bridge.com/api/osa/stimulus/endpoint-start \
-H "Authorization: Bearer $TOKEN" \
-H "Content-Type: application/json" \
-d '{"vm":"string"}'
JavaScriptconst res = await fetch("https://scti.in-bridge.com/api/osa/stimulus/endpoint-start", {
method: "POST",
headers: {
"Authorization": `Bearer ${token}`,
"Content-Type": "application/json"
},
body: JSON.stringify({
"vm": "string"
})
});
const data = await res.json();
GET/api/osa/stimulus/batch
자동배치 마스터 스위치 상태
attack-sim dispatch-server 의 GET /batch 프록시. redis attacks:batch:enabled 토글 상태(자동 배치 발사 on/off).
Responses
200 배치 상태401 unauthorized403 forbidden (scope ti:hunt)502 dispatch-server 도달 실패
cURLcurl -X GET https://scti.in-bridge.com/api/osa/stimulus/batch \
-H "Authorization: Bearer $TOKEN"
JavaScriptconst res = await fetch("https://scti.in-bridge.com/api/osa/stimulus/batch", {
method: "GET",
headers: {
"Authorization": `Bearer ${token}`
}
});
const data = await res.json();
POST/api/osa/stimulus/batch
자동배치 On/Off 토글
끄면 자동 배치(스케줄러·autofire)가 한 발도 안 나간다(진행 job 의 reconcile/기록은 계속). 수동 단발(/dispatch)과 무관 — SOC 폭주 방지 즉시 정지.
Request body
enabledbooleanrequired
true=자동배치 허용, false=정지
Responses
200 토글 결과400 invalid_request401 unauthorized403 forbidden (scope ti:hunt)502 dispatch-server 도달 실패
cURLcurl -X POST https://scti.in-bridge.com/api/osa/stimulus/batch \
-H "Authorization: Bearer $TOKEN" \
-H "Content-Type: application/json" \
-d '{"enabled":true}'
JavaScriptconst res = await fetch("https://scti.in-bridge.com/api/osa/stimulus/batch", {
method: "POST",
headers: {
"Authorization": `Bearer ${token}`,
"Content-Type": "application/json"
},
body: JSON.stringify({
"enabled": true
})
});
const data = await res.json();
GET/api/osa/ocsf/{...path}
OCSF 브라우저 프록시 (catch-all)
attack-sim ocsf-server(:8788, .35 OpenSearch)로 서버측 프록시. 페이지는 이 라우트만 호출, 실제 OCSF 조회/번들은 ocsf-server 가 수행. ?format=zip 이면 번들 ZIP 바이너리 반환.
Path parameters
pathstringrequired
ocsf-server 하위 경로(catch-all)
Query parameters
formatenum
zip
zip 이면 관련 포함 번들 ZIP 다운로드
Responses
200 OCSF JSON 또는 ZIP(format=zip)401 unauthorized403 forbidden (scope ti:hunt)502 ocsf-server 도달 실패
cURLcurl -X GET https://scti.in-bridge.com/api/osa/ocsf/{...path}?format=zip \
-H "Authorization: Bearer $TOKEN"
JavaScriptconst res = await fetch("https://scti.in-bridge.com/api/osa/ocsf/{...path}", {
method: "GET",
headers: {
"Authorization": `Bearer ${token}`
}
});
const data = await res.json();
GET/api/osa/vendor-alerts
수집한 벤더 알럿 리스팅(#91) — 콘솔 API 수집 원본(PG 캐시), OS 배치지연 우회. query: page/limit/vendor/host/search
Responses
200 OK401 인증 실패403 스코프 부족(ti:hunt)
object
cURLcurl -X GET https://scti.in-bridge.com/api/osa/vendor-alerts \
-H "Authorization: Bearer $TOKEN"
JavaScriptconst res = await fetch("https://scti.in-bridge.com/api/osa/vendor-alerts", {
method: "GET",
headers: {
"Authorization": `Bearer ${token}`
}
});
const data = await res.json();