Use this endpoint to add associations between Hunting rulesets and a certain IoC Collection.

🚧
Automatically add Hunting rulesets matches to an IoC Collection
To automatically add IoCs matching your Hunting rulesets to an IoC Collection, enable the associated_collections_feed_enabled parameter for those rulesets.

This endpoint requires the user to be the owner or an editor of involved objects, and Hunting rulesets' descriptors as follows:

{
	"data": [
		{
            "id": "<_string_> Hunting ruleset identifier",
            "type": "hunting_ruleset"
        }
	]
}

To find a Hunting ruleset identifier, select and open the ruleset from the Livehunt dashboard in the web interface. You'll find the identifier in the URL.

Examples

Create new associations between 20899097850 and 21595866703 Hunting rulesets and the IoC Collection with ab622fb5f4e6382109fe89ed466aafbaef1b79c31cb2c7e1d1f59ffde772715f identifier.

import requests

payload = {
    "data":
    [
		{
            "id": "20899097850",
            "type": "hunting_ruleset"
        },
		{
            "id": "21595866703",
            "type": "hunting_ruleset"
        }
	]
}
id = "ab622fb5f4e6382109fe89ed466aafbaef1b79c31cb2c7e1d1f59ffde772715f"
url = f"https://www.virustotal.com/api/v3/collections/{id}/relationships/hunting_rulesets"
headers = {
    "accept": "application/json","x-apikey": <api-key>,"content-type": "application/json"
}
response = requests.put(url, json=payload, headers=headers)

200200

400400