A user group is a list of users that can be assigned to Workflow Cases and Workflow Tasks.
Endpoint: /api/v3/security/userGroups
Endpoint Options
Available Fields
A list of fields for the v3/security/userGroups endpoint, which is a read-only endpoint, can be retrieved using the following query:
OPTIONS /v3/security/userGroups?show=readonly
Include Additional Fields in Responses
When creating, retrieving, or updating data, you can use the fields query parameter to include additional fields in the API response that are not included by default.
Send the following request to retrieve a list of fields you can include in responses returned from the /v3/security/userGroups endpoint:
OPTIONS /v3/security/userGroups/fields
Filter Results
When retrieving data, you can use the tql query parameter to filter results with ThreatConnect Query Language (TQL).
Send the following request to retrieve a list of valid TQL parameters you can use when including the tql query parameter in a request to the /v3/security/userGroups endpoint:
OPTIONS /v3/security/userGroups/tql
Retrieve User Groups
Retrieve All User Groups
Send the following request to retrieve data for all user groups in the Organization to which your API user account belongs:
GET /v3/security/userGroups
{
"data": [
{
"id": 1,
"name": "SOC Team",
"description": "Main SOC users"
},
{
"id": 2,
"name": "IR Team",
"description": "IR Team members, Levels 1-3"
},
{...}
],
"status": "Success"
}
Retrieve a Specific User Group
Send a request in the following format to retrieve data for a specific user group in the Organization to which your API user account belongs:
GET /v3/security/userGroups/{userGroupId}
For example, the following request will retrieve data for the user group whose ID is 3:
GET /v3/security/userGroups/3
{
"data": {
"id": 3,
"name": "TI Team",
"description": "Threat Intel Team, all levels"
},
"status": "Success"
}