IOC IndicatorCreateV1 issue with Body

[ks2211]

Using version v0.6.0 with go version 1.22.1

I am attempting to create an IOC using the ioc.Client.IndicatorCreateV1 method but getting a 400 One or more indicators have a warning or invalid input error

This is the request body I use via cURL/Postman and I get a succesful 200 response (along with the id).

{
    "comment": "Indicator Created by something for domain somedomain.com",
    "indicators": [
        {
            "type": "domain",
            "value": "somedomain.com",
            "applied_globally": true,
            "platforms": ["windows", "mac", "linux"],
            "action": "no_action",
            "tags": ["something"],
            "source": "something",
            "severity": "informational",
            "description": "URL Created by something"
        }
    ]
}

This is the equivalent go code but results in a 400 error. indicatorCreateV1BadRequest &{Errors:[{Code:400 Message:One or more indicators have a warning or invalid input}] Meta:PoweredBy:ioc-manager QueryTime:0.012351665 TraceID:<TRACE>}}

func boolPtr(v bool) *bool {
	return &v
}

const SeverityInformational = "informational"

&ioc.IndicatorCreateV1Params{
		Context: context.Background(), // also removed this with no luck
		Body: &models.APIIndicatorCreateReqsV1{
			Comment: fmt.Sprintf("Indicator Created by something for domain %s", "somedomain.com"),
			Indicators: []*models.APIIndicatorCreateReqV1{
				{
					Type:            "domain",
					Value:           "somedomain.com",
					AppliedGlobally: boolPtr(true),
					Platforms:       []string{"windows", "mac", "linux"},
					Description:     fmt.Sprintf("Indicator Created by something for domain %s", "somedomain.com"),
					Action:          "no_action",
					Tags:            []string{"something"},
					Source:          "something",
					Severity:        SeverityInformational, //  informational, low, medium, high, and critical
				},
			},
		},
	}

Checking the generated source vs the json above, everything seems to match up(with the only exception being the bool pointer for the applied_globally field but marshalling usually handles that). It doesnt seem to fail validations either and makes it to the API which then returns the error and I can't see any differences between go vs the curl json blob.

Any suggestions?

[ks2211]

Update: It looks like using the REST API via cURL/Postman, you don't need to specify the expiration field but with the SDK it's required otherwise it defaults to a 0 value strfmt.Time which results in an expiration needs to be in the future error (the SDK for some reason wasn't including this in the response, I used the API directly with go code and read the response to get this error out)

[ffalor]

hey @ks2211 can you check if 0.7.0-rc1 fixes this for you? It worked in my testing. Thanks!

[ks2211]

@ffalor thanks! that seems to have fixed it for me. will wait for the v0.7.0 tag to be pushed

[ks2211]

hey @ffalor I'm dealing with a slightly strange issue now --

I used the 0.7.0-rc1 on my local machine and everything seems to work with creating indicators.
I deployed the code to our dev env in AWS and it gives me malformed input errors doing the same workflow as I do locally (and its the same exact code base). The weird thing is, I can get/update indicators from my dev but NOT create

Any ideas what could cause that issue?

EDIT: turns out it was a timezone issue and parsing on my remote servers, going to close this