IRIS (1.0.0)

Download OpenAPI specification:Download

DFIR-IRIS: contact@dfir-iris.org License: LGPLv3

IRIS API endpoints documentation. An API key is needed and can be found in every user profile under My settings > API Key. This API is deprecated. It applies to Iris v1.2.0 and before.

Manage case

Add a new case

Create a new immediate case. If cid is not set, a default case is used. This does not change the behavior of the request and is only used for internal tracking.

Authorizations:

Bearer <bearer>

Request Body schema: application/json

case_soc_id	string non-empty A SOC ticket reference
case_customer required	number The customer ID linked to the case.
case_name required	string non-empty A short name for the case. The case number will be prepend.
case_description required	string non-empty A short description of the case. This will be the summary of the case.
cid	integer Context case ID. If not set, a default case is used.

Responses

Request samples

Payload

Content type

application/json

{"case_soc_id": "soc_id_1",
"case_customer": 1,
"case_name": "My Case API",
"case_description": "a description"
}

Response samples

200
400

Content type

application/json

{"data": {"case_customer": 1,
"case_description": "a description",
"case_id": 97,
"case_name": "#97 - My Case API",
"case_soc_id": "soc_id_1",
"close_date": "string",
"open_date": "2021-10-21",
"user_id": 4
},
"message": "Case created",
"status": "success"
}

Get cases list

Returns a list of all the cases, open and closed.

Authorizations:

Bearer <bearer>

Responses

Response samples

200

Content type

application/json

{"data": [{"case_close_date": "",
"case_description": "Testing case number24",
"case_id": 26,
"case_name": "Test 24",
"case_open_date": "10/19/2021",
"case_soc_id": "SOC24",
"client_name": "client_63",
"opened_by": "User 110"
},
{"case_close_date": "",
"case_description": "Testing case number0",
"case_id": 2,
"case_name": "Test 0",
"case_open_date": "10/19/2021",
"case_soc_id": "SOC0",
"client_name": "client_65",
"opened_by": "User 12"
}
],
"message": "string",
"status": "string"
}

Close a case

Close a case. The case will be listed under closed case. That's the only difference with an open case. It will stay editable and searchable.

Authorizations:

Bearer <bearer>

path Parameters

case_id

required

integer

Case ID

Responses

Response samples

200

Content type

application/json

{"data": {"case_customer": 0,
"case_description": "string",
"case_id": 0,
"case_name": "string",
"case_soc_id": "string",
"close_date": "string",
"open_date": "string",
"user_id": 0
},
"message": "string",
"status": "string"
}

Reopen a case

Reopen a case previously closed. A case can be reopened if it is not closed.

Authorizations:

Bearer <bearer>

path Parameters

case_id

required

integer

Case ID

Responses

Response samples

200
400
404

Content type

application/json

{"data": {"case_customer": 26,
"case_description": "Testing case number6",
"case_id": 8,
"case_name": "Test 6",
"case_soc_id": "SOC6",
"close_date": null,
"open_date": "2021-10-19",
"user_id": 52
},
"message": "Case reopened successfully",
"status": "success"
}

Delete a case

Delete a case. This implies the deletion of everything linked to the case including summary, assets, notes, timeline, tasks and evidences. The IOCs will only be deleted if they are not referenced in another case.

Authorizations:

Bearer <bearer>

path Parameters

case_id

required

integer

Case ID

Responses

Response samples

200
400

Content type

application/json

{"data": [ ],
"message": "Case successfully deleted",
"status": "success"
}

Global tasks

Your GET endpoint

Get a list of the global tasks

Authorizations:

Bearer <bearer>

Responses

Response samples

200

Content type

application/json

{"data": [{"task_description": "Generate the report",
"task_id": 2,
"task_last_update": "Wed, 20 Oct 2021 09:54:28 GMT",
"task_status": "In progress",
"task_tags": "case51",
"task_title": "Handover report for case51",
"user_name": "User 73"
},
{"task_description": "Case 5",
"task_id": 3,
"task_last_update": "Wed, 20 Oct 2021 09:54:54 GMT",
"task_status": "Done",
"task_tags": "case5",
"task_title": "Finish case",
"user_name": "User 71"
},
{"task_description": "Start analysis",
"task_id": 1,
"task_last_update": "Wed, 20 Oct 2021 09:53:25 GMT",
"task_status": "Done",
"task_tags": "case20",
"task_title": "Analyse case 20",
"user_name": "User 73"
}
],
"message": "",
"status": "success"
}

Update a global task status

Update the status of a global task.

Authorizations:

Bearer <bearer>

Request Body schema: application/json

task_id	integer
task_status	string

Responses

Request samples

Payload

Content type

application/json

{"task_id": 2,
"task_status": "To do"
}

Response samples

200
400

Content type

application/json

{"data": [ ],
"message": "Updated",
"status": "success"
}

Delete a global task

Authorizations:

Bearer <bearer>

path Parameters

task_id

required

string

Task to delete

Responses

Response samples

200

Content type

application/json

{"data": [ ],
"message": "Task deleted",
"status": "success"
}

Add a global task

Add a global task and assign it to a user.

Authorizations:

Bearer <bearer>

Request Body schema: application/json

task_assignee required	integer A user ID for whom the task will be assigned
task_status required	string non-empty The initial status of the task
task_title required	string >= 2 characters
task_description required	string
task_tags required	string

Responses

Request samples

Payload

Content type

application/json

{"task_assignee": 0,
"task_status": "string",
"task_title": "string",
"task_description": "string",
"task_tags": "string"
}

Response samples

200
400

Content type

application/json

{"data": [ ],
"message": "Saved !",
"status": "success"
}

Edit a global task

Authorizations:

Bearer <bearer>

path Parameters

task_id

required

string

ID of the task to change

Request Body schema: application/json

task_assignee required	integer User ID to whom the task will be assigned
task_status required	string non-empty Updated status of the task
task_title required	string >= 2 characters
task_description required	string
task_tags required	string

Responses

Request samples

Payload

Content type

application/json

{"task_assignee": 0,
"task_status": "string",
"task_title": "string",
"task_description": "string",
"task_tags": "string"
}

Response samples

200
400

Content type

application/json

{"data": [ ],
"message": "Updated !",
"status": "success"
}

Manage customers

Add a customer

Add a new customer that will be available at case creation.

Authorizations:

Bearer <bearer>

Request Body schema: application/json

customer_name

required

string non-empty

Responses

Request samples

Payload

Content type

application/json

{"customer_name": "My new customer"
}

Response samples

200
400

Content type

application/json

{"data": {"customer_id": 70,
"customer_name": "My new customer"
},
"message": "Customer added",
"status": "success"
}

Add a customer Deprecated

Add a new customer that will be availble at case creations. This endpoint is non longer available. Please use /manage/customers/add.

Authorizations:

Bearer <bearer>

Request Body schema: application/json

customer_name

required

string non-empty

Responses

Request samples

Payload

Content type

application/json

{"customer_name": "My new customer"
}

Response samples

200
400

Content type

application/json

{"data": {"customer_id": 70,
"customer_name": "My new customer"
},
"message": "Customer added",
"status": "success"
}

Case general

Update case summary

Update the summary of a case. Attention this will trigger an overwrite of the summary. Summaries are shared interactively between users. If an update summary is issue, every user will receive the change and their locale changes will be lost.

Authorizations:

Bearer <bearer>

Request Body schema: application/json

summary required	string The updated summary
cid required	integer Case ID

Responses

Request samples

Payload

Content type

application/json

{"summary": "string",
"cid": 0
}

Response samples

200

Content type

application/json

{"data": [ ],
"message": "Done",
"status": "success"
}

Add task log

Add a task log to the case. The task log is registered under Activities and is be availble in reports templating.

Authorizations:

Bearer <bearer>

Request Body schema: application/json

log_content	string
cid	integer

Responses

Request samples

Payload

Content type

application/json

{"log_content": "A test"
}

Response samples

200
400

Content type

application/json

{"data": [ ],
"message": "Done",
"status": "success"
}

Export a case as JSON

Export a case in JSON format including all the information such as assets, iocs, etc.

Authorizations:

Bearer <bearer>

query Parameters

cid	string ID Of the case to export

Responses

Case assets

Get list of assets

Get a list of the assets linked to the case.

Authorizations:

Bearer <bearer>

query Parameters

cid	string Case ID

Responses

Response samples

200

Content type

application/json

{"data": [{"analysis_status": "string",
"asset_compromised": true,
"asset_description": "string",
"asset_id": 0,
"asset_ip": "string",
"asset_name": "string",
"asset_type": "string",
"asset_type_id": 0,
"ioc": ["string"
],
"link": [{"asset_compromised": true,
"asset_description": "string",
"case_name": "string",
"case_open_date": "string"
}
]
}
],
"message": "string",
"status": "string"
}

Fetch an asset

Fetch the content of an asset

Authorizations:

Bearer <bearer>

path Parameters

asset_id

required

string

query Parameters

cid	string Case ID

Responses

Response samples

200

Content type

application/json

{"data": {"analysis_status_id": 0,
"asset_compromised": true,
"asset_description": "string",
"asset_domain": "string",
"asset_id": 0,
"asset_info": "string",
"asset_ip": "string",
"asset_name": "string",
"asset_type_id": 0,
"case_id": 0,
"date_added": "string",
"date_update": "string",
"linked_ioc": [{"ioc_description": "string",
"ioc_tags": "string",
"ioc_type": "string",
"ioc_value": "string"
}
],
"user_id": 0
},
"message": "string",
"status": "string"
}

Update an asset

Authorizations:

Bearer <bearer>

path Parameters

asset_id

required

string

ID of the asset to update

Request Body schema: application/json

asset_name required	string non-empty
asset_type_id required	string non-empty
asset_description required	string non-empty
asset_domain required	string
asset_ip required	string
asset_info required	string
asset_compromised required	string non-empty
analysis_status_id required	string non-empty
ioc_links required	Array of objects
cid required	integer Case ID

Responses

Request samples

Payload

Content type

application/json

No sample

Response samples

200
400

Content type

application/json

No sample

Delete an asset

Delete an asset for the case. If the asset is linked in an event, the reference is also removed.

Authorizations:

Bearer <bearer>

path Parameters

asset_id

required

string

ID of the note to delete

query Parameters

cid	string Case ID

Responses

Response samples

200
400

Content type

application/json

{"data": [ ],
"message": "Deleted",
"status": "success"
}

Add a new asset

Create an asset and link it to the case.

Authorizations:

Bearer <bearer>

Request Body schema: application/json

asset_name required	string non-empty
asset_type_id required	integer Asset type ID
asset_description	string
asset_domain	string
asset_ip	string
asset_info	string Additional information, not shown on table
analysis_status_id required	integer Analysis status ID
cid required	integer Case ID

Responses

Request samples

Payload

Content type

application/json

No sample

Response samples

200
400

Content type

application/json

No sample

Case notes

Get list of groups and notes

Get a list of the notes and groups

Authorizations:

Bearer <bearer>

query Parameters

cid	string Case ID

Responses

Delete a group note

Delete a group with all notes linked to it. It is not possible to recover deleted notes.

Authorizations:

Bearer <bearer>

path Parameters

group_id

required

string

ID of the group to delete

query Parameters

cid

required

string

ID Of the case

Responses

Response samples

400

Content type

application/json

{"data": [ ],
"message": "Invalid group ID",
"status": "error"
}

Fetch a note

Fetch the content and information of a note

Authorizations:

Bearer <bearer>

path Parameters

note_id

required

string

ID of the note to fetch

query Parameters

cid	string ID Of the case

Responses

Response samples

200
400

Content type

application/json

{"data": {"note_content": "This is a note content",
"note_creationdate": "2021-10-19T16:18:47.316419",
"note_id": 85,
"note_lastupdate": "2021-10-19T16:18:47.316419",
"note_title": "Note #0"
},
"message": "",
"status": "success"
}

Add a new note

Add a new note to an existing group.

Authorizations:

Bearer <bearer>

Request Body schema: application/json

note_title required	string non-empty
note_content	string non-empty
group_id required	number Group to link the note with
cid	integer Case ID

Responses

Request samples

Payload

Content type

application/json

{"note_title": "string",
"note_content": "string",
"group_id": 0,
"cid": 0
}

Response samples

200
400

Content type

application/json

{"data": {"note_content": "string",
"note_creationdate": "2021-10-25T06:44:23.163205",
"note_id": 2364,
"note_lastupdate": "2021-10-25T06:44:23.163205",
"note_title": "string"
},
"message": "",
"status": "success"
}

Delete a note

Delete the content of a note.

Authorizations:

Bearer <bearer>

path Parameters

note_id

required

string

ID of the note to delete

query Parameters

cid

required

string

ID Of the case

Responses

Response samples

200
400

Content type

application/json

{"data": [ ],
"message": "Deleted",
"status": "success"
}

Add a new notes group

The created group is empty.

Authorizations:

Bearer <bearer>

Request Body schema: application/json

group_title required	string non-empty
cid required	number

Responses

Request samples

Payload

Content type

application/json

{"group_title": "Test",
"cid": 5
}

Response samples

200
400

Content type

application/json

{"data": {"group_creationdate": "2021-10-25T08:00:47.274267",
"group_id": 526,
"group_lastupdate": "2021-10-25T08:00:47.274267",
"group_title": "Test"
},
"message": "",
"status": "success"
}

Save a note

Update the content of a note.

Authorizations:

Bearer <bearer>

path Parameters

note_id

required

string

ID of the note to save

Request Body schema: application/json

note_title required	string non-empty
note_content	string non-empty
cid required	integer

Responses

Request samples

Payload

Content type

application/json

{"note_title": "string",
"note_content": "string",
"cid": 5
}

Response samples

200

Content type

application/json

{"data": [ ],
"message": "Note ID 2360 saved",
"status": "success"
}

Search in notes

Search in notes. The searched term is a wild carded.

Authorizations:

Bearer <bearer>

Request Body schema: application/json

search_term required	string non-empty
cid required	integer

Responses

Request samples

Payload

Content type

application/json

{"search_term": "string",
"cid": 0
}

Response samples

200

Content type

application/json

{"data": [ ],
"message": "Note ID 2360 saved",
"status": "success"
}

Case IOC

Get list of IOCs

Returns a list of IOCs as well as any existing linked with other cases.

Authorizations:

Bearer <bearer>

query Parameters

cid	string Case ID

Responses

Response samples

200

Content type

application/json

{"data": [{"ioc_description": "string",
"ioc_id": 0,
"ioc_misp": null,
"ioc_tags": "string",
"ioc_type": "string",
"ioc_value": "string",
"link": [{"case_id": 0,
"case_name": "string",
"client_name": "string"
}
],
"misp_link": "string",
"tlp_bscolor": "string",
"tlp_name": "string"
}
],
"message": "string",
"status": "string"
}

Fetch an ioc

Fetch the content of an ioc

Authorizations:

Bearer <bearer>

path Parameters

ioc_id

required

string

query Parameters

cid	string Case ID

Responses

Response samples

200
400

Content type

application/json

{"data": {"ioc_description": "string",
"ioc_id": 0,
"ioc_misp": null,
"ioc_tags": "string",
"ioc_tlp_id": 0,
"ioc_type": "string",
"ioc_value": "string",
"user_id": 0
},
"message": "string",
"status": "string"
}

Delete an IOC

Delete an IOC from the case. If the IOC is still reference in other cases than it's only unlinked from the current case.

Authorizations:

Bearer <bearer>

path Parameters

ioc_id

required

string

query Parameters

cid

required

string

Case ID

Responses

Response samples

200
400

Content type

application/json

{"data": [ ],
"message": "IOC deleted",
"status": "success"
}

Update an IOC

Authorizations:

Bearer <bearer>

path Parameters

ioc_id

required

string

Request Body schema: application/json

ioc_type required	string non-empty
ioc_tlp_id required	string non-empty
ioc_value required	string non-empty
ioc_description required	string non-empty
ioc_tags required	string non-empty
cid	integer

Responses

Request samples

Payload

Content type

application/json

{"ioc_type": "domain",
"ioc_tlp_id": "1",
"ioc_value": "evil",
"ioc_description": "IOC description",
"ioc_tags": "tag1,tag2",
"cid": 12
}

Response samples

200
400

Content type

application/json

No sample

Add a new ioc

Authorizations:

Bearer <bearer>

Request Body schema: application/json

ioc_type required	string non-empty
ioc_tlp_id required	string non-empty
ioc_value required	string non-empty
ioc_description required	string non-empty
ioc_tags required	string
cid required	integer

Responses

Request samples

Payload

Content type

application/json

{"ioc_type": "IP",
"ioc_tlp_id": "2",
"ioc_value": "8.8.8.8",
"ioc_description": "rewrw",
"ioc_tags": "",
"cid": 12
}

Response samples

200
400

Content type

application/json

Example

Success

{"data": {"ioc_description": "DNS",
"ioc_id": 12,
"ioc_misp": null,
"ioc_tags": "",
"ioc_tlp_id": 2,
"ioc_type": "IP",
"ioc_value": "1.1.1.1",
"user_id": 4
},
"message": "IOC added",
"status": "success"
}

Case timeline

Fetch the timeline

Fetch the timeline of a case. asset_id allows to filter on a particular asset. If set to 0, all events are returned.

Authorizations:

Bearer <bearer>

path Parameters

asset_id

required

string

Filter by assets

query Parameters

cid

required

string

Case ID

Responses

Response samples

200

Content type

application/json

{"data": [{"assets": [{"compromised": false,
"description": "My asset 10",
"ip": "",
"name": "asset_11 (Linux - Server)"
},
{"compromised": true,
"description": "My asset 10",
"ip": "",
"name": "asset_4 (Windows Account - Local)"
}
],
"category_name": "",
"event_color": "",
"event_content": "My event content @44",
"event_date": "Tue, 19 Oct 2021 16:19:09 GMT",
"event_id": 2021,
"event_tags": "",
"event_title": "My event title @44",
"event_tz": "+00:00",
"event_date_wtz": "Tue, 19 Oct 2021 16:19:09 GMT",
"event_in_summary": true,
"event_in_graph": true
}
],
"message": "",
"status": "success"
}

Fetch the timeline

Fetch the state of the timeline.

Authorizations:

Bearer <bearer>

query Parameters

cid

required

string

Case ID

Responses

Response samples

200

Content type

application/json

{"data": [{"assets": [{"compromised": false,
"description": "My asset 10",
"ip": "",
"name": "asset_11 (Linux - Server)"
},
{"compromised": true,
"description": "My asset 10",
"ip": "",
"name": "asset_4 (Windows Account - Local)"
}
],
"category_name": "",
"event_color": "",
"event_content": "My event content @44",
"event_date": "Tue, 19 Oct 2021 16:19:09 GMT",
"event_id": 2021,
"event_tags": "",
"event_title": "My event title @44",
"event_tz": "+00:00",
"event_date_wtz": "Tue, 19 Oct 2021 16:19:09 GMT",
"event_in_summary": true,
"event_in_graph": true
}
],
"message": "",
"status": "success"
}

Fetch an event

Return information of an event of the timeline

Authorizations:

Bearer <bearer>

path Parameters

event_id

required

string

query Parameters

cid

required

string

Case ID

Responses

Response samples

200
400

Content type

application/json

{"data": [{"assets": [{"compromised": true,
"description": "string",
"ip": "string",
"name": "string"
}
],
"category_name": "string",
"event_color": "string",
"event_content": "string",
"event_date": "string",
"event_id": 0,
"event_tags": "string",
"event_title": "string"
}
],
"message": "string",
"status": "string"
}

Delete an event

Delete an event from the timeline

Authorizations:

Bearer <bearer>

path Parameters

event_id

required

string

query Parameters

cid	string Case ID

Responses

Response samples

200

Content type

application/json

No sample

Add a new event

Create a new event in the timeline

Authorizations:

Bearer <bearer>

Request Body schema: application/json

event_title required	string non-empty
event_content required	string non-empty
event_raw required	string non-empty
event_source required	string non-empty
event_assets required	Array of numbers
event_category required	string non-empty
color required	string non-empty
event_date required	string non-empty
event_time required	string non-empty
event_in_graph required	boolean
event_in_summary required	boolean
event_tags required	string non-empty
event_tz required	string Timezone of the event
cid	integer

Responses

Request samples

Payload

Content type

application/json

{"event_title": "string",
"event_content": "string",
"event_raw": "string",
"event_source": "string",
"event_assets": [0
],
"event_category": "string",
"color": "string",
"event_date": "string",
"event_time": "string",
"event_in_graph": true,
"event_in_summary": true,
"event_tags": "string",
"event_tz": "string",
"cid": 0
}

Update an event

Update an event in the timeline

Authorizations:

Bearer <bearer>

path Parameters

event_id

required

string

Request Body schema: application/json

event_title required	string non-empty
event_content required	string
event_raw required	string
event_source required	string
event_assets required	Array of integers
event_category required	string non-empty
event_color required	string non-empty
event_date required	string non-empty
event_time required	string non-empty
event_in_summary required	boolean
event_in_graph required	boolean
event_tags required	string
cid required	number
event_tz	string

Responses

Request samples

Payload

Content type

application/json

{"event_title": "My event",
"event_content": "Content of the event",
"event_raw": "A raw content",
"event_source": "My source",
"event_assets": [112
],
"event_category": "2",
"event_color": "#1572E899",
"event_date": "1892-10-14",
"event_time": "04:06:54",
"event_tz": "+00:00",
"event_in_summary": true,
"event_in_graph": true,
"event_tags": "",
"cid": 2
}

Response samples

200
400

Content type

application/json

{"data": {"case_id": 2,
"event_added": "2021-10-27T08:40:04.750749",
"event_assets": [112
],
"event_category": 2,
"event_color": "#1572E899",
"event_content": "Content of the event",
"event_date": "1892-10-14 04:06:54",
"event_date_wtz": "1892-10-14T04:06:54",
"event_id": 22664,
"event_in_summary": false,
"event_in_graph": false,
"event_raw": "A raw content",
"event_source": "MySource",
"event_tags": "",
"event_time": "04:06:54",
"event_title": "My event",
"event_tz": "+00:00",
"user_id": 3
},
"message": "Event added",
"status": "success"
}

Case tasks

Get case tasks

Authorizations:

Bearer <bearer>

query Parameters

cid

required

string

Case ID

Responses

Response samples

200

Content type

application/json

{"data": [{"task_description": "string",
"task_id": 0,
"task_open_date": "string",
"task_status": "string",
"task_tags": "string",
"task_title": "string",
"user_name": "string"
}
],
"message": "string",
"status": "string"
}

Delete a case task

Authorizations:

Bearer <bearer>

path Parameters

task_id

required

string

Task ID to delete

query Parameters

cid

required

string

Case ID

Responses

Response samples

200

Content type

application/json

{"data": [{ }
],
"message": "string",
"status": "string"
}

Fetch a case task

Return information of a specific task

Authorizations:

Bearer <bearer>

path Parameters

task_id

required

string

Task ID to delete

query Parameters

cid

required

string

Case ID

Responses

Response samples

200

Content type

application/json

{"data": [{"task_description": "string",
"task_id": 0,
"task_open_date": "string",
"task_status": "string",
"task_tags": "string",
"task_title": "string",
"user_name": "string"
}
],
"message": "string",
"status": "string"
}

Add a case task

Authorizations:

Bearer <bearer>

Request Body schema: application/json

task_assignee_id required	number
task_status required	string non-empty
task_title required	string non-empty
task_description required	string non-empty
task_tags required	string non-empty
cid required	number

Responses

Request samples

Payload

Content type

application/json

{"task_assignee_id": 0,
"task_status": "string",
"task_title": "string",
"task_description": "string",
"task_tags": "string",
"cid": 0
}

Response samples

200

Content type

application/json

{"data": {"id": 0,
"task_assignee_id": 0,
"task_close_date": "string",
"task_description": "string",
"task_last_update": "string",
"task_open_date": "string",
"task_status": "string",
"task_tags": "string",
"task_title": "string"
},
"message": "string",
"status": "string"
}

Update a case task

Authorizations:

Bearer <bearer>

path Parameters

task_id

required

string

ID of the task

Request Body schema: application/json

task_assignee_id required	number
task_status required	string non-empty
task_title required	string non-empty
task_description required	string non-empty
task_tags required	string non-empty
cid required	number

Responses

Request samples

Payload

Content type

application/json

{"task_assignee_id": 0,
"task_status": "string",
"task_title": "string",
"task_description": "string",
"task_tags": "string",
"cid": 0
}

Response samples

200

Content type

application/json

{"data": {"id": 0,
"task_assignee_id": 0,
"task_close_date": 0,
"task_description": "string",
"task_last_update": "string",
"task_open_date": "string",
"task_status": "string",
"task_tags": "string",
"task_title": "string"
},
"message": "string",
"status": "string"
}

Case evidences

Get case evidences

Returns a list of all evidences

Authorizations:

Bearer <bearer>

query Parameters

cid	string case id

Responses

Response samples

200

Content type

application/json

{"data": [{"date_added": "string",
"file_description": "string",
"file_hash": "string",
"file_size": 0,
"filename": "string",
"id": 0,
"username": "string"
}
],
"message": "string",
"status": "string"
}

Get an evidence

Returns information of a specific evidence

Authorizations:

Bearer <bearer>

path Parameters

evidence_id

required

string

query Parameters

cid

required

string

Case ID

Responses

Response samples

200

Content type

application/json

{"data": {"date_added": "string",
"file_description": "string",
"file_hash": "string",
"file_size": 0,
"filename": "string",
"id": 0
},
"message": "string",
"status": "string"
}

Delete a case evidence

Remove an evidence from the case.

Authorizations:

Bearer <bearer>

path Parameters

evidence_id

required

string

query Parameters

cid

required

string

Case ID

Responses

Response samples

200

Content type

application/json

{"data": [{ }
],
"message": "string",
"status": "string"
}

Update an evidence

Authorizations:

Bearer <bearer>

path Parameters

evidence_id

required

string

Request Body schema: application/json

filename required	string non-empty
file_size required	integer
file_hash required	string non-empty
file_description required	string non-empty
cid required	integer

Responses

Request samples

Payload

Content type

application/json

{"filename": "string",
"file_size": 0,
"file_hash": "string",
"file_description": "string",
"cid": 0
}

Response samples

200

Content type

application/json

{"data": {"date_added": "string",
"file_description": "string",
"file_hash": "string",
"file_size": 0,
"filename": "string",
"id": 0
},
"message": "string",
"status": "string"
}

Add an evidence

Link a new evidence to the case

Authorizations:

Bearer <bearer>

Request Body schema: application/json

filename required	string non-empty
file_size required	integer
file_hash required	string non-empty
file_description required	string non-empty
cid required	integer

Responses

Request samples

Payload

Content type

application/json

{"filename": "string",
"file_size": 0,
"file_hash": "string",
"file_description": "string",
"cid": 0
}

Response samples

200

Content type

application/json

{"data": {"date_added": "string",
"file_description": "string",
"file_hash": "string",
"file_size": 0,
"filename": "string",
"id": 0
},
"message": "string",
"status": "string"
}

Manage users

Delete a user

Only users that never done any activities can be deleted. This is to prevent any internal logic errors and keep tracks of every past activities.

Authorizations:

Bearer <bearer>

path Parameters

user_id

required

string

Responses

Response samples

400

Content type

application/json

{"data": [ ],
"message": "Cannot delete active user",
"status": "error"
}

Update a user

Authorizations:

Bearer <bearer>

path Parameters

user_id

required

string

Request Body schema: application/json

cid required	integer
user_name required	string non-empty
user_login required	string non-empty
user_email required	string non-empty
user_password required	string
user_isadmin	boolean

Responses

Request samples

Payload

Content type

application/json

{"cid": 0,
"user_name": "string",
"user_login": "string",
"user_email": "string",
"user_password": "string",
"user_isadmin": true
}

Response samples

200
400

Content type

application/json

{"data": {"active": true,
"id": 0,
"user_email": "string",
"user_id": 0,
"user_isadmin": true,
"user_login": "string",
"user_name": "string",
"user_password": "string"
},
"message": "string",
"status": "string"
}

Add a user

Authorizations:

Bearer <bearer>

Request Body schema: application/json

user_name required	string non-empty
user_login required	string non-empty
user_email required	string non-empty
user_password required	string non-empty

Responses

Request samples

Payload

Content type

application/json

{"user_name": "string",
"user_login": "string",
"user_email": "string",
"user_password": "string"
}

Response samples

200
400

Content type

application/json

{"data": {"active": true,
"id": 0,
"user_email": "string",
"user_login": "string",
"user_name": "string",
"user_password": "string"
},
"message": "string",
"status": "string"
}

Fetch a user

Returns information of a specific user

Authorizations:

Bearer <bearer>

path Parameters

user_id

required

string

Responses

Response samples

200
400

Content type

application/json

{"data": {"active": true,
"email": "user_1",
"id": 2,
"name": "User 1",
"user": "user_1",
"user_roles_str": ["investigator",
"viewer"
]
},
"message": "",
"status": "success"
}

Manage Assets Types

Get assets types list

Return a list of available assets types

Authorizations:

Bearer <bearer>

Responses

Response samples

200

Content type

application/json

{"data": [["Account",
"Generic Account",
1
],
["Firewall",
"Firewall",
2
],
["Linux - Server",
"Linux server",
3
],
["Linux - Computer",
"Linux computer",
4
],
["Linux Account",
"Linux Account",
5
],
["Mac - Computer",
"Mac computer",
6
],
["Phone - Android",
"Android Phone",
7
],
["Phone - IOS",
"Apple Phone",
8
],
["Windows - Computer",
"Standard Windows Computer",
9
],
["Windows - Server",
"Standard Windows Server",
10
],
["Windows - DC",
"Domain Controller",
11
],
["Router",
"Router",
12
],
["Switch",
"Switch",
13
],
["VPN",
"VPN",
14
],
["WAF",
"WAF",
15
],
["Windows Account - Local",
"Windows Account - Local",
16
],
["Windows Account - Local - Admin",
"Windows Account - Local - Admin",
17
],
["Windows Account - AD",
"Windows Account - AD",
18
],
["Windows Account - AD - Admin",
"Windows Account - AD - Admin",
19
],
["Windows Account - AD - krbtgt",
"Windows Account - AD - krbtgt",
20
],
["Windows Account - AD - Service",
"Windows Account - AD - krbtgt",
21
]
],
"message": "",
"status": "success"
}