- New field in response on invalid IOCs. More lax validation of IOCs and if any valid ones are present in the request they will be processed. The invalid ones will be returned in a list in the response called
dropped. - Any detections exceeding the default maximum number of detections of 100k burst or ~1 detections/second will also be present in the
droppedresponse.
- New API version available at https://api.recordedfuture.com/soar/v3
- No changes to API request and response formats
- API calls to the existing v2 endpoints at https://api.recordedfuture.com/v2/soar will continue to work exactly as before but will be redirected to https://api.recordedfuture.com/soar/v3
- The old swagger documentation at https://api.recordedfuture.com/v2/soar has be moved to https://api.recordedfuture.com/soar/v3 and have the newer look-and-feel used by other APIs.
The new version is available at https://api.recordedfuture.com/fusion/v3.
Other than improved performance, a set of changes has been introduced that affects how the API is used:
- Removed X-RF-Content-SHA256 and X-RF-Created response headers
- Replaced by ETag and Last-Modified headers
- Merged flow status endpoints into one endpoint
- Renamed flow response property for flows to id
- Renamed name response property for blocks to id
- Added block lookup endpoint
- Files directory lookup moved to a new separate endpoint
- Added owner response property for flows
- Improved OpenAPI documentation
- All request and response properties use snake_case
- The query block is an exception due to upstream requirements