Create Indicator Mapping
curl --request POST \
--url https://api.example.com/v1/indicator-mappings \
--header 'Content-Type: application/json' \
--data '
{
"field_path": "<string>",
"indicator_type": "<string>",
"source_name": "<string>",
"extraction_target": "normalized",
"is_active": true,
"description": "<string>"
}
'{
"data": {
"uuid": "3c90c3cc-0d44-4b50-8888-8dd25736052a",
"source_name": "<string>",
"field_path": "<string>",
"indicator_type": "<string>",
"extraction_target": "<string>",
"is_system": true,
"is_active": true,
"description": "<string>",
"created_at": "2023-11-07T05:31:56Z",
"updated_at": "2023-11-07T05:31:56Z"
},
"meta": {}
}Indicator Mappings
Create Indicator Mapping
POST
/
v1
/
indicator-mappings
Create Indicator Mapping
curl --request POST \
--url https://api.example.com/v1/indicator-mappings \
--header 'Content-Type: application/json' \
--data '
{
"field_path": "<string>",
"indicator_type": "<string>",
"source_name": "<string>",
"extraction_target": "normalized",
"is_active": true,
"description": "<string>"
}
'{
"data": {
"uuid": "3c90c3cc-0d44-4b50-8888-8dd25736052a",
"source_name": "<string>",
"field_path": "<string>",
"indicator_type": "<string>",
"extraction_target": "<string>",
"is_system": true,
"is_active": true,
"description": "<string>",
"created_at": "2023-11-07T05:31:56Z",
"updated_at": "2023-11-07T05:31:56Z"
},
"meta": {}
}Documentation Index
Fetch the complete documentation index at: https://docs.calseta.com/llms.txt
Use this file to discover all available pages before exploring further.
Body
application/json
Dot-notation path into extraction_target (e.g. 'src_ip' or 'okta.data.client.ipAddress')
Indicator type: ip, domain, hash_md5, hash_sha1, hash_sha256, url, email, account
Restrict to a specific alert source (null = applies to all sources)
'normalized' (against CalsetaAlert fields) or 'raw_payload' (against source raw data)
Whether this mapping is active
Human-readable description
⌘I