feat(phase-33): final polish V3 - navigation, performance, and documentation (T-238 to T-240)
This commit is contained in:
98
docs/API.md
98
docs/API.md
@@ -604,3 +604,101 @@ Common HTTP status codes:
|
||||
- `404` - Not Found (resource doesn't exist)
|
||||
- `409` - Conflict (duplicate resource)
|
||||
- `500` - Internal Server Error
|
||||
|
||||
---
|
||||
|
||||
## V3 Endpoints
|
||||
|
||||
### Campaigns
|
||||
|
||||
| Method | Route | Auth | Description |
|
||||
|--------|-------|------|-------------|
|
||||
| GET | `/api/v1/campaigns` | Authenticated | List campaigns (filters: status, type, search; pagination: offset, limit) |
|
||||
| POST | `/api/v1/campaigns` | Authenticated | Create campaign |
|
||||
| GET | `/api/v1/campaigns/{id}` | Authenticated | Campaign detail with tests |
|
||||
| PATCH | `/api/v1/campaigns/{id}` | Creator, Admin | Update campaign |
|
||||
| DELETE | `/api/v1/campaigns/{id}` | Creator, Admin | Delete campaign |
|
||||
| POST | `/api/v1/campaigns/{id}/tests` | Authenticated | Add test to campaign |
|
||||
| DELETE | `/api/v1/campaigns/{id}/tests/{test_id}` | Authenticated | Remove test from campaign |
|
||||
| PATCH | `/api/v1/campaigns/{id}/schedule` | Authenticated | Set recurring schedule |
|
||||
| GET | `/api/v1/campaigns/{id}/history` | Authenticated | Execution history for recurring campaigns |
|
||||
|
||||
### Threat Actors
|
||||
|
||||
| Method | Route | Auth | Description |
|
||||
|--------|-------|------|-------------|
|
||||
| GET | `/api/v1/threat-actors` | Authenticated | List threat actors (filters: country, motivation, search) |
|
||||
| GET | `/api/v1/threat-actors/{id}` | Authenticated | Detail with technique mappings |
|
||||
|
||||
### Detection Rules
|
||||
|
||||
| Method | Route | Auth | Description |
|
||||
|--------|-------|------|-------------|
|
||||
| GET | `/api/v1/detection-rules` | Authenticated | List rules (filters: source, mitre_technique_id, severity, search) |
|
||||
| GET | `/api/v1/detection-rules/{id}` | Authenticated | Rule detail |
|
||||
|
||||
### D3FEND (Defensive Techniques)
|
||||
|
||||
| Method | Route | Auth | Description |
|
||||
|--------|-------|------|-------------|
|
||||
| GET | `/api/v1/d3fend` | Authenticated | List defensive techniques |
|
||||
| GET | `/api/v1/d3fend/{id}` | Authenticated | Detail with ATT&CK mappings |
|
||||
|
||||
### Compliance
|
||||
|
||||
| Method | Route | Auth | Description |
|
||||
|--------|-------|------|-------------|
|
||||
| GET | `/api/v1/compliance/frameworks` | Authenticated | List compliance frameworks |
|
||||
| GET | `/api/v1/compliance/{framework_id}/controls` | Authenticated | List controls with coverage status |
|
||||
| GET | `/api/v1/compliance/{framework_id}/summary` | Authenticated | Coverage summary (total, covered, gaps) |
|
||||
| GET | `/api/v1/compliance/{framework_id}/gaps` | Authenticated | Gap analysis — uncovered controls |
|
||||
|
||||
### Scores
|
||||
|
||||
| Method | Route | Auth | Description |
|
||||
|--------|-------|------|-------------|
|
||||
| GET | `/api/v1/scores/technique/{mitre_id}` | Authenticated | Technique score with detailed breakdown |
|
||||
| GET | `/api/v1/scores/tactic/{tactic}` | Authenticated | Average tactic score |
|
||||
| GET | `/api/v1/scores/threat-actor/{id}` | Authenticated | Coverage score against threat actor |
|
||||
| GET | `/api/v1/scores/organization` | Authenticated | Overall organization score (cached 5 min) |
|
||||
| GET | `/api/v1/scores/history` | Authenticated | Weekly score history (period: 30d, 90d, 1y) |
|
||||
| GET | `/api/v1/scores/config` | Admin | Current scoring weights |
|
||||
| PATCH | `/api/v1/scores/config` | Admin | Update scoring weights |
|
||||
|
||||
### Operational Metrics
|
||||
|
||||
| Method | Route | Auth | Description |
|
||||
|--------|-------|------|-------------|
|
||||
| GET | `/api/v1/metrics/operational` | Authenticated | All KPIs (MTTD, MTTR, efficacy, etc.) — cached 5 min |
|
||||
| GET | `/api/v1/metrics/operational/trend` | Authenticated | Weekly trend (period: 30d, 90d, 1y) |
|
||||
| GET | `/api/v1/metrics/operational/by-team` | Authenticated | Red vs Blue team breakdown |
|
||||
|
||||
### Heatmap
|
||||
|
||||
| Method | Route | Auth | Description |
|
||||
|--------|-------|------|-------------|
|
||||
| GET | `/api/v1/heatmap` | Authenticated | Full ATT&CK Navigator-style heatmap data |
|
||||
|
||||
### Coverage Snapshots
|
||||
|
||||
| Method | Route | Auth | Description |
|
||||
|--------|-------|------|-------------|
|
||||
| GET | `/api/v1/snapshots` | Authenticated | List snapshots (pagination: offset, limit) |
|
||||
| POST | `/api/v1/snapshots` | Authenticated | Create new snapshot |
|
||||
| GET | `/api/v1/snapshots/{id}` | Authenticated | Snapshot detail with technique states |
|
||||
| DELETE | `/api/v1/snapshots/{id}` | Admin | Delete snapshot |
|
||||
| GET | `/api/v1/snapshots/compare` | Authenticated | Compare two snapshots (query: a, b) |
|
||||
|
||||
### Re-testing
|
||||
|
||||
| Method | Route | Auth | Description |
|
||||
|--------|-------|------|-------------|
|
||||
| GET | `/api/v1/tests/{id}/retest-chain` | Authenticated | Full retest chain for a test |
|
||||
|
||||
### Data Sources
|
||||
|
||||
| Method | Route | Auth | Description |
|
||||
|--------|-------|------|-------------|
|
||||
| GET | `/api/v1/data-sources` | Admin | List all data sources |
|
||||
| PATCH | `/api/v1/data-sources/{id}` | Admin | Update source config |
|
||||
| POST | `/api/v1/data-sources/{id}/sync` | Admin | Trigger manual sync |
|
||||
|
||||
Reference in New Issue
Block a user