IRIS (1.0.2)

Download OpenAPI specification:Download

DFIR-IRIS: contact@dfir-iris.org License: LGPLv3

IRIS API endpoints documentation. An API key is needed and can be found in every user profile under My settings > API Key. Applies to Iris v1.4.0 to v1.4.2.

This version introduces the concept of custom attributes. These JSON objects that are stored into almost all case objects such as Assets, IOCs, etc. They are defined by administrators or modules and can vary from one objet to another despite being of the same type. Because of this, no definitive structure can be expected from these fields. They are all named custom_attributes.

Manage case

Add a new case

Create a new immediate case. If cid is not set, a default case ID 1 is used. This does not change the behavior of the request and is only used for internal tracking.

Authorizations:
Bearer <bearer>
Request Body schema: application/json
case_soc_id
required
string non-empty

A SOC ticket reference

case_customer
required
number

The customer ID linked to the case.

case_name
required
string >= 2 characters

A short name for the case. The case number will be prepend.

case_description
required
string >= 2 characters

A short description of the case. This will be the summary of the case.

cid
required
integer

Context case ID. If not set, a default case is used.

custom_attributes
object

Responses

Request samples

Content type
application/json
{
  • "case_soc_id": "SOC_154",
  • "case_customer": 1,
  • "case_name": "My Case API",
  • "case_description": "A super nice description"
}

Response samples

Content type
application/json
{
  • "data": {
    },
  • "message": "Case created",
  • "status": "success"
}

Get cases list

Returns a list of all the cases, open and closed.

Authorizations:
Bearer <bearer>

Responses

Response samples

Content type
application/json
{
  • "data": [
    ],
  • "message": "string",
  • "status": "string"
}

Close a case

The case will be listed under closed case. That's the only difference with an open case. It will stay editable and searchable.

Authorizations:
Bearer <bearer>
path Parameters
case_id
required
integer

Case ID

Responses

Response samples

Content type
application/json
{
  • "data": {
    },
  • "message": "Case closed successfully",
  • "status": "success"
}

Reopen a case

Reopen a case previously closed. A case can be reopened even if it is not closed.

Authorizations:
Bearer <bearer>
path Parameters
case_id
required
integer

Case ID

Responses

Response samples

Content type
application/json
{
  • "data": {
    },
  • "message": "Case reopened successfully",
  • "status": "success"
}

Delete a case

This implies the deletion of everything linked to the case including summary, assets, notes, timeline, tasks and evidences. The IOCs will only be deleted if they are not referenced in another case.

Authorizations:
Bearer <bearer>
path Parameters
case_id
required
integer

Case ID

Responses

Response samples

Content type
application/json
{
  • "data": [ ],
  • "message": "Case successfully deleted",
  • "status": "success"
}

Global tasks

List global tasks

Returns a list of all global tasks

Authorizations:
Bearer <bearer>

Responses

Response samples

Content type
application/json
{
  • "data": {
    },
  • "message": "",
  • "status": "success"
}

Add a global task

Add a global task and assign it to a user.

Authorizations:
Bearer <bearer>
Request Body schema: application/json
task_assignee_id
required
integer

A user ID for whom the task will be assigned

task_status_id
required
integer

The initial status of the task

task_title
required
string >= 2 characters
task_description
required
string
task_tags
required
string

Responses

Request samples

Content type
application/json
{
  • "task_assignee_id": 1,
  • "task_status_id": 14,
  • "task_title": "Task title",
  • "task_description": "My task description",
  • "task_tags": ""
}

Response samples

Content type
application/json
{
  • "data": {
    },
  • "message": "Saved !",
  • "status": "success"
}

Update a global task

Authorizations:
Bearer <bearer>
path Parameters
task_id
required
string

Global task ID to update

Request Body schema: application/json
task_assignee_id
required
integer
task_status_id
required
integer
task_title
required
string non-empty
task_description
required
string non-empty
task_tags
required
string non-empty
cid
integer

Responses

Request samples

Content type
application/json
{
  • "task_assignee_id": 155,
  • "task_status_id": 14,
  • "task_title": "Task title",
  • "task_description": "A super description",
  • "task_tags": "tag1,tag2,tag3",
  • "cid": 1
}

Response samples

Content type
application/json
{
  • "data": {
    },
  • "message": "string",
  • "status": "string"
}

Delete a global task

Authorizations:
Bearer <bearer>
path Parameters
task_id
required
string

Task to delete

Responses

Response samples

Content type
application/json
{
  • "data": [ ],
  • "message": "Task deleted",
  • "status": "success"
}

Delete a customer

A customer can be deleted only if it is not referenced in a case. To delete a referenced, every referencing cases musth be deleted before.

Authorizations:
Bearer <bearer>
path Parameters
customer_id
required
integer

ID of the customer to delete

Responses

Response samples

Content type
application/json
{
  • "data": [ ],
  • "message": "Deleted successfully",
  • "status": "success"
}

Manage customers

Add a customer

Add a new customer that will be available at case creation.

Authorizations:
Bearer <bearer>
Request Body schema: application/json
customer_name
required
string non-empty

Responses

Request samples

Content type
application/json
{
  • "customer_name": "My new customer"
}

Response samples

Content type
application/json
{
  • "data": {
    },
  • "message": "Customer added",
  • "status": "success"
}

Update a customer

Update an existing customer. The new customer name should be one which is not already taken.

Authorizations:
Bearer <bearer>
path Parameters
customer_id
required
integer

Customer ID to update

Request Body schema: application/json
customer_name
required
string non-empty

Responses

Request samples

Content type
application/json
{
  • "customer_name": "My new customer name"
}

Response samples

Content type
application/json
{
  • "data": {
    },
  • "message": "Customer updated",
  • "status": "success"
}

Case general

Update case summary

Update the summary of a case. Attention this will trigger an overwrite of the summary. Summaries are shared interactively between users. If an update summary is issued, every user will receive the change and their locale changes will be lost.
The summary is a markdown-compatible text.

Authorizations:
Bearer <bearer>
Request Body schema: application/json
case_description
required
string

The updated summary

cid
required
integer

Case ID

Responses

Request samples

Content type
application/json
{
  • "case_description": "# A nice summary\nWith some information",
  • "cid": 1
}

Response samples

Content type
application/json
{
  • "data": [ ],
  • "message": "Summary updated",
  • "status": "success"
}

Add task log

Add a task log to the case. The task log is registered under Activities and is be availble in reports templating. If CID is omitted, the default case of the calling user is used.

Authorizations:
Bearer <bearer>
Request Body schema: application/json
log_content
string
cid
integer

Responses

Request samples

Content type
application/json
{
  • "log_content": "A test"
}

Response samples

Content type
application/json
{
  • "data": {
    },
  • "message": "Log saved",
  • "status": "success"
}

Export a case as JSON

Export a case in JSON format including all the information such as assets, iocs, etc. This request can take a very long time depending on the size of the case.

Authorizations:
Bearer <bearer>
query Parameters
cid
string

ID Of the case to export

Case assets

Get list of assets

Get a list of the assets linked to the case.

Authorizations:
Bearer <bearer>
query Parameters
cid
string

Case ID

Responses

Response samples

Content type
application/json
{
  • "data": {
    },
  • "message": "",
  • "status": "success"
}

Fetch an asset

Fetch the content of an asset

Authorizations:
Bearer <bearer>
path Parameters
asset_id
required
integer
query Parameters
cid
string

Case ID

Responses

Response samples

Content type
application/json
{
  • "data": {
    },
  • "message": "",
  • "status": "success"
}

Add a new asset

Create an asset and link it to the case.

Authorizations:
Bearer <bearer>
Request Body schema: application/json
asset_name
required
string non-empty
asset_type_id
required
integer

Asset type ID

asset_description
string
asset_domain
string
asset_ip
string
asset_info
string

Additional information, not shown on table

analysis_status_id
required
integer

Analysis status ID

cid
required
integer

Case ID

custom_attributes
required
object

Responses

Request samples

Content type
application/json
No sample

Response samples

Content type
application/json
{
  • "data": {
    },
  • "message": "Asset added",
  • "status": "success"
}

Update an asset

Update an asset

Authorizations:
Bearer <bearer>
path Parameters
asset_id
required
string

ID of the asset to update

Request Body schema: application/json
asset_name
required
string non-empty
asset_type_id
required
integer
asset_description
string non-empty
asset_domain
string
asset_ip
string
asset_info
string
asset_compromised
boolean
analysis_status_id
required
integer
ioc_links
required
Array of strings

IOC ID as a string

cid
required
integer

Case ID

custom_attributes
required
object

Responses

Request samples

Content type
application/json
No sample

Response samples

Content type
application/json
{
  • "data": {
    },
  • "message": "string",
  • "status": "string"
}

Delete an asset

Delete an asset for the case. If the asset is linked in an event, the reference is also removed.

Authorizations:
Bearer <bearer>
path Parameters
asset_id
required
string

ID of the note to delete

query Parameters
cid
string

Case ID

Responses

Response samples

Content type
application/json
{
  • "data": [ ],
  • "message": "Deleted",
  • "status": "success"
}

Case notes

Get list of groups and notes

Get a list of the notes and groups

Authorizations:
Bearer <bearer>
query Parameters
cid
string

Case ID

Responses

Response samples

Content type
application/json
{
  • "data": {
    },
  • "message": "string",
  • "status": "string"
}

Fetch a notes group

Fetch a notes group

Authorizations:
Bearer <bearer>
path Parameters
group_id
required
string

ID of the group to return

query Parameters
cid
required
string

ID Of the case

Responses

Response samples

Content type
application/json
{
  • "data": {
    },
  • "message": "",
  • "status": "success"
}

Add a new notes group

The created group is empty.

Authorizations:
Bearer <bearer>
Request Body schema: application/json
group_title
required
string non-empty
cid
required
number

Responses

Request samples

Content type
application/json
{
  • "group_title": "Test",
  • "cid": 5
}

Response samples

Content type
application/json
{
  • "data": {
    },
  • "message": "",
  • "status": "success"
}

Update a notes group

Authorizations:
Bearer <bearer>
path Parameters
group_id
required
string

Group ID to update

Request Body schema: application/json
group_title
required
string non-empty
cid
required
number

Responses

Request samples

Content type
application/json
{
  • "group_title": "Test",
  • "cid": 5
}

Response samples

Content type
application/json
{
  • "data": {
    },
  • "message": "Updated title of group ID 38",
  • "status": "success"
}

Delete a group note

Delete a group with all notes linked to it. It is not possible to recover deleted notes.

Authorizations:
Bearer <bearer>
path Parameters
group_id
required
string

ID of the group to delete

query Parameters
cid
required
string

ID Of the case

Responses

Response samples

Content type
application/json
{
  • "data": [ ],
  • "message": "Group ID 35 deleted",
  • "status": "success"
}

Add a new note

Add a new note to an existing group.

Authorizations:
Bearer <bearer>
Request Body schema: application/json
note_title
required
string non-empty
note_content
required
string non-empty
group_id
required
number
cid
required
number

Responses

Request samples

Content type
application/json
{
  • "note_title": "Title of the note",
  • "note_content": "Content of the note",
  • "group_id": 36,
  • "cid": 2
}

Response samples

Content type
application/json
{
  • "data": {
    },
  • "message": "",
  • "status": "success"
}

Fetch a note

Fetch the content and information of a note

Authorizations:
Bearer <bearer>
path Parameters
note_id
required
integer

ID of the note to fetch

query Parameters
cid
string

ID Of the case

Responses

Response samples

Content type
application/json
{
  • "data": {
    },
  • "message": "",
  • "status": "success"
}

Delete a note

Delete the content of a note.

Authorizations:
Bearer <bearer>
path Parameters
note_id
required
string

ID of the note to delete

query Parameters
cid
required
string

ID Of the case

Responses

Response samples

Content type
application/json
{
  • "data": [ ],
  • "message": "Deleted",
  • "status": "success"
}

Save a note

Update the content of a note.

Authorizations:
Bearer <bearer>
path Parameters
note_id
required
string

ID of the note to save

Request Body schema: application/json
note_title
required
string non-empty
note_content
string non-empty
custom_attributes
object
cid
required
integer

Responses

Request samples

Content type
application/json
{
  • "note_title": "New title",
  • "note_content": "New content",
  • "custom_attributes": { },
  • "cid": 5
}

Response samples

Content type
application/json
{
  • "data": {
    },
  • "message": "",
  • "status": "success"
}

Case IOC

Get list of IOCs

Returns a list of IOCs as well as any existing linked with other cases.

Authorizations:
Bearer <bearer>
query Parameters
cid
string

Case ID

Responses

Response samples

Content type
application/json
{
  • "data": {
    },
  • "message": "",
  • "status": "success"
}

Fetch an ioc

Fetch the content of an ioc

Authorizations:
Bearer <bearer>
path Parameters
ioc_id
required
string
query Parameters
cid
string

Case ID

Responses

Response samples

Content type
application/json
{
  • "data": {
    },
  • "message": "",
  • "status": "success"
}

Add a new ioc

Authorizations:
Bearer <bearer>
Request Body schema: application/json
ioc_type_id
required
integer
ioc_tlp_id
required
integer
ioc_value
required
string non-empty
ioc_description
required
string non-empty
ioc_tags
required
string
custom_attributes
object
cid
required
integer

Responses

Request samples

Content type
application/json
{
  • "ioc_type_id": 1,
  • "ioc_tlp_id": 2,
  • "ioc_value": "8.8.8.8",
  • "ioc_description": "rewrw",
  • "ioc_tags": "",
  • "custom_attributes": { },
  • "cid": 2
}

Response samples

Content type
application/json
Example
{
  • "data": {
    },
  • "message": "IOC added",
  • "status": "success"
}

Delete an IOC

Delete an IOC from the case. If the IOC is still reference in other cases than it's only unlinked from the current case.

Authorizations:
Bearer <bearer>
path Parameters
ioc_id
required
integer
query Parameters
cid
required
string

Case ID

Responses

Response samples

Content type
application/json
Example
{
  • "data": [ ],
  • "message": "IOC deleted",
  • "status": "success"
}

Update an IOC

Authorizations:
Bearer <bearer>
path Parameters
ioc_id
required
integer
Request Body schema: application/json
ioc_type_id
required
integer
ioc_tlp_id
required
integer
ioc_value
required
string non-empty
ioc_description
required
string
ioc_tags
required
string
custom_attributes
object

Responses

Request samples

Content type
application/json
{
  • "ioc_type_id": 1,
  • "ioc_tlp_id": 2,
  • "ioc_value": "evil",
  • "ioc_description": "IOC description",
  • "ioc_tags": "tag1,tag2",
  • "custom_attributes": { },
  • "cid": 12
}

Response samples

Content type
application/json
{
  • "data": {
    },
  • "message": "Updated ioc evil",
  • "status": "success"
}

Case timeline

Fetch the timeline

Fetch all the events of the timeline that matches the given asset id. An asset ID of returns the whole timeline without filtering.

Authorizations:
Bearer <bearer>
path Parameters
asset_id
required
integer

Filter by assets

query Parameters
cid
required
string

Case ID

Responses

Response samples

Content type
application/json
{
  • "data": {
    },
  • "message": "string",
  • "status": "string"
}

Fetch the timeline

Fetch all the events of the timeline.

Authorizations:
Bearer <bearer>
query Parameters
cid
required
string

Case ID

Responses

Response samples

Content type
application/json
{
  • "data": [
    ],
  • "message": "",
  • "status": "success"
}

Fetch the timeline

Fetch the state of the timeline.

Authorizations:
Bearer <bearer>
query Parameters
cid
required
string

Case ID

Responses

Response samples

Content type
application/json
{
  • "data": {
    },
  • "message": "",
  • "status": "success"
}

Add a new event

Create a new event in the timeline

Authorizations:
Bearer <bearer>
Request Body schema: application/json
event_title
required
string non-empty
event_content
required
string
event_raw
required
string
event_source
required
string
event_assets
required
Array of integers
event_category_id
required
integer
event_in_summary
required
boolean
event_in_graph
required
boolean
event_color
required
string non-empty
event_date
required
string non-empty

Expects ISO format 2021-12-12T05:45:46.000

event_tags
required
string
event_tz
required
string non-empty
cid
integer
custom_attributes
object

Responses

Request samples

Content type
application/json
{
  • "event_title": "Test",
  • "event_content": "",
  • "event_raw": "",
  • "event_source": "",
  • "event_assets": [
    ],
  • "event_category_id": 1,
  • "event_in_summary": true,
  • "event_in_graph": true,
  • "event_color": "#6861CE99",
  • "event_date": "2021-12-12T05:45:46.000",
  • "event_tags": "",
  • "event_tz": "+00:00",
  • "custom_attributes": { },
  • "cid": 1
}

Update an event

Update an event in the timeline

Authorizations:
Bearer <bearer>
path Parameters
event_id
required
integer
Request Body schema: application/json
event_title
required
string non-empty
event_content
required
string
event_raw
required
string
event_source
required
string
event_assets
required
Array of integers
event_category_id
required
string non-empty
event_in_summary
required
boolean
event_in_graph
required
boolean
event_color
required
string non-empty
event_date
required
string non-empty
event_tags
required
string
event_tz
required
string non-empty
custom_attributes
object
cid
integer

Responses

Request samples

Content type
application/json
{
  • "event_title": "Tests",
  • "event_content": "",
  • "event_raw": "",
  • "event_source": "",
  • "event_assets": [
    ],
  • "event_category_id": "1",
  • "event_in_summary": true,
  • "event_in_graph": true,
  • "event_color": "#6861CE99",
  • "event_date": "2021-12-12T05:45:46.000",
  • "event_tags": "",
  • "event_tz": "+00:00",
  • "custom_attributes": { },
  • "cid": 1
}

Response samples

Content type
application/json
{
  • "data": {
    },
  • "message": "Event added",
  • "status": "success"
}

Fetch an event

Return information of an event of the timeline

Authorizations:
Bearer <bearer>
path Parameters
event_id
required
integer
query Parameters
cid
required
string

Case ID

Responses

Response samples

Content type
application/json
{
  • "data": {
    },
  • "message": "",
  • "status": "success"
}

Delete an event

Delete an event from the timeline

Authorizations:
Bearer <bearer>
path Parameters
event_id
required
integer
query Parameters
cid
string

Case ID

Responses

Response samples

Content type
application/json
{
  • "data": [ ],
  • "message": "Event ID 14984 deleted",
  • "status": "success"
}

Case tasks

Get case tasks

Authorizations:
Bearer <bearer>
query Parameters
cid
required
string

Case ID

Responses

Response samples

Content type
application/json
{
  • "data": {
    },
  • "message": "",
  • "status": "success"
}

Delete a case task

Delete a case task

Authorizations:
Bearer <bearer>
path Parameters
task_id
required
string

Task ID to delete

query Parameters
cid
required
string

Case ID

Responses

Response samples

Content type
application/json
{
  • "data": [ ],
  • "message": "Task deleted",
  • "status": "success"
}

Fetch a case task

Return information of a specific task

Authorizations:
Bearer <bearer>
path Parameters
task_id
required
integer

Task ID to delete

query Parameters
cid
required
string

Case ID

Responses

Response samples

Content type
application/json
{
  • "data": {
    },
  • "message": "",
  • "status": "success"
}

Add a case task

Authorizations:
Bearer <bearer>
Request Body schema: application/json
task_assignee_id
required
integer
task_status_id
required
integer
task_title
required
string non-empty
task_description
required
string non-empty
task_tags
required
string non-empty
custom_attributes
object
cid
integer

Responses

Request samples

Content type
application/json
{
  • "task_assignee_id": 1,
  • "task_status_id": 16,
  • "task_title": "A new task",
  • "task_description": "with its description",
  • "task_tags": "and,tags",
  • "custom_attributes": { },
  • "cid": 1
}

Response samples

Content type
application/json
{
  • "data": {
    },
  • "message": "",
  • "status": "success"
}

Update a case task

Authorizations:
Bearer <bearer>
path Parameters
task_id
required
integer

ID of the task

Request Body schema: application/json
task_assignee_id
required
integer
task_status_id
required
integer
task_title
required
string non-empty
task_description
required
string non-empty
task_tags
required
string non-empty
custom_attributes
object
cid
integer

Responses

Request samples

Content type
application/json
{
  • "task_assignee_id": 1,
  • "task_status_id": 16,
  • "task_title": "New title",
  • "task_description": "new content",
  • "task_tags": "new tags",
  • "cid": 1,
  • "custom_attributes": { }
}

Response samples

Content type
application/json
{
  • "data": {
    },
  • "message": "",
  • "status": "success"
}

Case evidences

Get case evidences

Returns a list of all evidences

Authorizations:
Bearer <bearer>
query Parameters
cid
string

case id

Responses

Response samples

Content type
application/json
{
  • "data": [
    ],
  • "message": "string",
  • "status": "string"
}

Get an evidence

Returns information of a specific evidence

Authorizations:
Bearer <bearer>
path Parameters
evidence_id
required
string
query Parameters
cid
required
string

Case ID

Responses

Response samples

Content type
application/json
{
  • "data": {
    },
  • "message": "string",
  • "status": "string"
}

Delete a case evidence

Remove an evidence from the case.

Authorizations:
Bearer <bearer>
path Parameters
evidence_id
required
string
query Parameters
cid
required
string

Case ID

Responses

Response samples

Content type
application/json
{
  • "data": [
    ],
  • "message": "string",
  • "status": "string"
}

Update an evidence

Authorizations:
Bearer <bearer>
path Parameters
evidence_id
required
string
Request Body schema: application/json
filename
required
string non-empty
file_size
required
integer
file_hash
required
string non-empty
file_description
required
string non-empty
custom_attributes
object
cid
required
integer

Responses

Request samples

Content type
application/json
{
  • "filename": "string",
  • "file_size": 0,
  • "file_hash": "string",
  • "file_description": "string",
  • "custom_attributes": { },
  • "cid": 0
}

Response samples

Content type
application/json
{
  • "data": {
    },
  • "message": "string",
  • "status": "string"
}

Add an evidence

Link a new evidence to the case

Authorizations:
Bearer <bearer>
Request Body schema: application/json
filename
required
string non-empty
file_size
required
integer
file_hash
required
string non-empty
file_description
required
string non-empty
custom_attributes
object
cid
required
integer

Responses

Request samples

Content type
application/json
{
  • "filename": "string",
  • "file_size": 0,
  • "file_hash": "string",
  • "file_description": "string",
  • "custom_attributes": { },
  • "cid": 0
}

Response samples

Content type
application/json
{
  • "data": {
    },
  • "message": "string",
  • "status": "string"
}

Manage users

Delete a user

Only users that never done any activities can be deleted. This is to prevent any internal logic errors and keep tracks of every past activities.

Requires administrator role.

Authorizations:
Bearer <bearer>
path Parameters
user_id
required
string

Responses

Response samples

Content type
application/json
{
  • "data": [ ],
  • "message": "Cannot delete active user",
  • "status": "error"
}

Update a user

Requires administrator role.

Authorizations:
Bearer <bearer>
path Parameters
user_id
required
string
Request Body schema: application/json
cid
required
integer
user_name
required
string non-empty
user_login
required
string non-empty

Has to be unique

user_email
required
string non-empty

Has to be unique

user_password
required
string

Set to empty string to keep the same password

user_isadmin
boolean

Responses

Request samples

Content type
application/json
{
  • "cid": 0,
  • "user_name": "string",
  • "user_login": "string",
  • "user_email": "string",
  • "user_password": "string",
  • "user_isadmin": true
}

Response samples

Content type
application/json
{
  • "data": {
    },
  • "message": "string",
  • "status": "string"
}

Add a user

Administrator role required.

Authorizations:
Bearer <bearer>
Request Body schema: application/json
user_name
required
string non-empty
user_login
required
string non-empty

Has to be unique

user_email
required
string non-empty

Has to be unique

user_password
required
string non-empty

Must satisfy policy of 12chars, 1 uppercase, 1 number

Responses

Request samples

Content type
application/json
{
  • "user_name": "string",
  • "user_login": "string",
  • "user_email": "string",
  • "user_password": "string"
}

Response samples

Content type
application/json
{
  • "data": {
    },
  • "message": "string",
  • "status": "string"
}

Get user list

Return a list of available users.

Authorizations:
Bearer <bearer>

Responses

Response samples

Content type
application/json
No sample

Fetch a user

Returns information of a specific user

Authorizations:
Bearer <bearer>
path Parameters
user_id
required
string

Responses

Response samples

Content type
application/json
{
  • "data": {
    },
  • "message": "",
  • "status": "success"
}

Manage Assets Types

Get assets types

Return a list of available assets types.

Authorizations:
Bearer <bearer>

Responses

Response samples

Content type
application/json
No sample

Get assets types

Returns information on a specific asset type.

Authorizations:
Bearer <bearer>
path Parameters
asset_type_id
required
integer

Responses

Response samples

Content type
application/json
No sample

Get assets types

Delete an asset type. Administrator role required.

Authorizations:
Bearer <bearer>
path Parameters
asset_type_id
required
integer

Responses

Response samples

Content type
application/json
{
  • "data": [ ],
  • "message": "Deleted asset type ID 16 successfully",
  • "status": "success"
}

Add a new asset type

Administrator role required.

Authorizations:
Bearer <bearer>
Request Body schema: application/json
asset_name
required
string non-empty

Has to be unique

asset_description
required
string non-empty

Responses

Request samples

Content type
application/json
{
  • "asset_name": "string",
  • "asset_description": "string"
}

Response samples

Content type
application/json
{
  • "data": {
    },
  • "message": "Added successfully",
  • "status": "success"
}

Update an asset type

Administrator role required.

Authorizations:
Bearer <bearer>
path Parameters
asset_type_id
required
integer
Request Body schema: application/json
asset_name
required
string non-empty

Has to be unique

asset_description
required
string non-empty

Responses

Request samples

Content type
application/json
{
  • "asset_name": "New name",
  • "asset_description": "New description"
}

Response samples

Content type
application/json
{
  • "data": {
    },
  • "message": "Added successfully",
  • "status": "success"
}

Manage Task Status

List task statuses

Return a list of available task statuses.

Authorizations:
Bearer <bearer>

Responses

Response samples

Content type
application/json
{
  • "data": [
    ],
  • "message": "",
  • "status": "success"
}

List task statuses

Return information on a task status.

Authorizations:
Bearer <bearer>
path Parameters
task_status_id
required
integer

Responses

Response samples

Content type
application/json
{
  • "data": [
    ],
  • "message": "",
  • "status": "success"
}

Manage Analysis Status

List analysis statuses

Return a list of available analysis statuses.

Authorizations:
Bearer <bearer>

Responses

Response samples

Content type
application/json
{
  • "data": [
    ],
  • "message": "string",
  • "status": "string"
}

List IOC types

Return information on an analysis status.

Authorizations:
Bearer <bearer>
path Parameters
analysis_status_id
required
string

Responses

Response samples

Content type
application/json
{
  • "data": [
    ],
  • "message": "string",
  • "status": "string"
}

Manage IOC Types

List IOC types

Return a list of available IOC types.

Authorizations:
Bearer <bearer>

Responses

Response samples

Content type
application/json
{
  • "data": [
    ],
  • "message": "string",
  • "status": "string"
}

Get IOC type

Return information on an IOC type.

Authorizations:
Bearer <bearer>
path Parameters
ioc_type_id
required
string

Responses

Response samples

Content type
application/json
{
  • "data": {
    },
  • "message": "",
  • "status": "success"
}

Delete IOC type

Delete an IOC type. Administrator role required.

Authorizations:
Bearer <bearer>
path Parameters
ioc_type_id
required
string

Responses

Response samples

Content type
application/json
{
  • "data": {
    },
  • "message": "",
  • "status": "success"
}

Add an IOC type

Administrator role required.

Authorizations:
Bearer <bearer>
Request Body schema: application/json
type_name
required
string non-empty
type_description
required
string non-empty
type_taxonomy
required
string non-empty

Responses

Request samples

Content type
application/json
{
  • "type_name": "aba-rtnd",
  • "type_description": "ABA routing transit number",
  • "type_taxonomy": ""
}

Response samples

Content type
application/json
{
  • "data": {
    },
  • "message": "Added successfully",
  • "status": "success"
}

Update an IOC type

Administrator role required.

Authorizations:
Bearer <bearer>
path Parameters
ioc_type_id
required
string
Request Body schema: application/json
type_name
required
string non-empty
type_description
required
string non-empty
type_taxonomy
required
string non-empty

Responses

Request samples

Content type
application/json
{
  • "type_name": "aba-rtnd",
  • "type_description": "ABA routing transit number",
  • "type_taxonomy": ""
}

Response samples

Content type
application/json
{
  • "data": {
    },
  • "message": "IOC type updated",
  • "status": "success"
}

API

Get API versions

Returns information on API versions supported by the server.

Authorizations:
Bearer <bearer>

Responses

Response samples

Content type
application/json
{
  • "data": {
    },
  • "message": "",
  • "status": "success"
}

Ping server

Used to test authentication. Respond "pong" if authentication is successfull.

Authorizations:
Bearer <bearer>

Responses

Response samples

Content type
application/json
{
  • "data": [ ],
  • "message": "pong",
  • "status": "success"
}

Iris Modules

Iris module task list

List current and previous tasks run by modules. This endpoint is heavy on the database and should be avoided. Use the "limited-list" endpoint to select only the last 40 entries.

Authorizations:
Bearer <bearer>

Responses

Response samples

Content type
application/json
{
  • "data": [
    ],
  • "message": "string",
  • "status": "string"
}

Iris module task list

List current and previous tasks run by modules, limited to last 40 entries.

Authorizations:
Bearer <bearer>

Responses

Response samples

Content type
application/json
{
  • "data": [
    ],
  • "message": "string",
  • "status": "string"
}

Iris module task list

List all manual hooks available for a particular case object.
Available objects types are :

  • case
  • ioc
  • asset
  • note
  • event
  • task
  • evidence
  • global_task

The returned information can provided to the /dim/hooks/call endpoint to trigger a hook.

Authorizations:
Bearer <bearer>
path Parameters
object_type
required
string

Object type

Responses

Response samples

Content type
application/json
{
  • "data": [
    ],
  • "message": "",
  • "status": "success"
}

post-dim-hooks-call

Executes a manual trigger on a specified hook. This allows to trigger a hook as it would be done on the GUI. This only concerns manual hooks, and each call triggers a specific hook of a specific module, as specified in the request.

To get a list of all available hooks for a case object, use the /dim/hooks/options/<type>/list endpoint.

Authorizations:
Bearer <bearer>
Request Body schema: application/json
hook_name
required
string non-empty

Internal name of the hook as specified in the hook documentation.

module_name
required
string non-empty

Name of the module to call

hook_ui_name
required
string non-empty

UI name of the hook, either auto generated by IRIS or provided by the module itself.

type
required
string non-empty

Type of data processed by the hook (ioc, asset, etc)

targets
required
Array of objects

List of objects ID of type "type" to process

Responses

Request samples

Content type
application/json
{
  • "hook_name": "on_manual_trigger_ioc",
  • "module_name": "iris_vt_module",
  • "hook_ui_name": "Get VT insight",
  • "type": "ioc",
  • "targets": [
    ]
}