misp_submit_iocs
Validate and add multiple threat indicators in a single batch, with dry-run mode to preview results before submitting.
Instructions
Validate and (optionally) add many indicators in one call — for adding a list from a report. Each indicator runs through the same guardrails as the single submit (validation, private/reserved rejection, protected safelist, per-key rate limit); the batch shares reporter/justification/ last_seen/tags/to_ids.
dry_run=true (default) writes nothing and returns what WOULD happen — use it to review the batch first, then re-run with dry_run=false to add.
Returns JSON: {"event_id", "dry_run", "to_ids", "submitted_by", "total", "counts": {status: n}, "results": [{"ioc", "type", "status", ...}]}, where status is would_add | added | rejected | protected | duplicate_in_batch | rate_limited | error.
Input Schema
| Name | Required | Description | Default |
|---|---|---|---|
| params | Yes |
Output Schema
| Name | Required | Description | Default |
|---|---|---|---|
| result | Yes |