Download OpenAPI specification:Download
IRIS API endpoints documentation. An API key is needed and can be found in every user profile under My settings
> API Key
.
Applies to Iris v1.4.0 to v1.4.2.
This version introduces the concept of custom attributes. These JSON objects that are stored into almost all case objects such as Assets, IOCs, etc. They are defined by administrators or modules and can vary from one objet to another despite being of the same type. Because of this, no definitive structure can be expected from these fields. They are all named custom_attributes
.
Create a new immediate case. If cid is not set, a default case ID 1 is used. This does not change the behavior of the request and is only used for internal tracking.
case_soc_id required | string non-empty A SOC ticket reference |
case_customer required | number The customer ID linked to the case. |
case_name required | string >= 2 characters A short name for the case. The case number will be prepend. |
case_description required | string >= 2 characters A short description of the case. This will be the summary of the case. |
cid required | integer Context case ID. If not set, a default case is used. |
custom_attributes | object |
{- "case_soc_id": "SOC_154",
- "case_customer": 1,
- "case_name": "My Case API",
- "case_description": "A super nice description"
}
{- "data": {
- "case_customer": 1,
- "case_description": "A super nice description",
- "case_id": 41,
- "case_name": "#41 - My Case API",
- "case_soc_id": "SOC_154",
- "custom_attributes": null,
- "close_date": null,
- "open_date": "2022-01-20",
- "user_id": 1
}, - "message": "Case created",
- "status": "success"
}
Returns a list of all the cases, open and closed.
{- "data": [
- {
- "case_close_date": "",
- "case_description": "Testing case number24",
- "case_id": 26,
- "case_name": "Test 24",
- "case_open_date": "10/19/2021",
- "case_soc_id": "SOC24",
- "client_name": "client_63",
- "opened_by": "User 110"
}, - {
- "case_close_date": "",
- "case_description": "Testing case number0",
- "case_id": 2,
- "case_name": "Test 0",
- "case_open_date": "10/19/2021",
- "case_soc_id": "SOC0",
- "client_name": "client_65",
- "opened_by": "User 12"
}
], - "message": "string",
- "status": "string"
}
The case will be listed under closed case. That's the only difference with an open case. It will stay editable and searchable.
case_id required | integer Case ID |
{- "data": {
- "case_customer": 105,
- "case_description": "A super description",
- "case_id": 42,
- "case_name": "#42 - My case",
- "case_soc_id": "SOC_142",
- "close_date": "2022-01-20",
- "open_date": "2022-01-20",
- "user_id": 1
}, - "message": "Case closed successfully",
- "status": "success"
}
Reopen a case previously closed. A case can be reopened even if it is not closed.
case_id required | integer Case ID |
{- "data": {
- "case_customer": 26,
- "case_description": "Testing case number6",
- "case_id": 8,
- "case_name": "Test 6",
- "case_soc_id": "SOC6",
- "close_date": null,
- "open_date": "2021-10-19",
- "user_id": 52
}, - "message": "Case reopened successfully",
- "status": "success"
}
This implies the deletion of everything linked to the case including summary, assets, notes, timeline, tasks and evidences. The IOCs will only be deleted if they are not referenced in another case.
case_id required | integer Case ID |
{- "data": [ ],
- "message": "Case successfully deleted",
- "status": "success"
}
{- "data": {
- "tasks": [
- {
- "status_bscolor": "danger",
- "status_name": "To do",
- "task_assignee_id": 6,
- "task_description": "",
- "task_id": 5,
- "task_last_update": "Wed, 19 Jan 2022 12:51:22 GMT",
- "task_status_id": 14,
- "task_tags": "",
- "task_title": "Generate a mid-term report",
- "user_name": "forensicator"
}, - {
- "status_bscolor": "danger",
- "status_name": "To do",
- "task_assignee_id": 1,
- "task_description": "Analyse the sysvol",
- "task_id": 7,
- "task_last_update": "Wed, 19 Jan 2022 15:23:24 GMT",
- "task_status_id": 14,
- "task_tags": "",
- "task_title": "SYSVOL analysis",
- "user_name": "administrator"
}
], - "tasks_status": [
- {
- "id": 14,
- "status_bscolor": "danger",
- "status_description": "",
- "status_name": "To do"
}, - {
- "id": 15,
- "status_bscolor": "warning",
- "status_description": "",
- "status_name": "In progress"
}, - {
- "id": 16,
- "status_bscolor": "muted",
- "status_description": "",
- "status_name": "On hold"
}, - {
- "id": 17,
- "status_bscolor": "success",
- "status_description": "",
- "status_name": "Done"
}, - {
- "id": 18,
- "status_bscolor": "muted",
- "status_description": "",
- "status_name": "Canceled"
}
]
}, - "message": "",
- "status": "success"
}
Add a global task and assign it to a user.
task_assignee_id required | integer A user ID for whom the task will be assigned |
task_status_id required | integer The initial status of the task |
task_title required | string >= 2 characters |
task_description required | string |
task_tags required | string |
{- "task_assignee_id": 1,
- "task_status_id": 14,
- "task_title": "Task title",
- "task_description": "My task description",
- "task_tags": ""
}
{- "data": {
- "task_assignee_id": 1,
- "task_close_date": null,
- "task_description": "My task description",
- "task_id": 9,
- "task_last_update": "2022-01-21T17:07:10.005200",
- "task_open_date": "2022-01-21T17:07:10.005183",
- "task_status_id": 15,
- "task_tags": "",
- "task_title": "Task title",
- "task_userid_close": null,
- "task_userid_open": null,
- "task_userid_update": 1
}, - "message": "Saved !",
- "status": "success"
}
task_id required | string Global task ID to update |
task_assignee_id required | integer |
task_status_id required | integer |
task_title required | string non-empty |
task_description required | string non-empty |
task_tags required | string non-empty |
cid | integer |
{- "task_assignee_id": 155,
- "task_status_id": 14,
- "task_title": "Task title",
- "task_description": "A super description",
- "task_tags": "tag1,tag2,tag3",
- "cid": 1
}
{- "data": {
- "task_assignee_id": 0,
- "task_close_date": "string",
- "task_description": "string",
- "task_id": 0,
- "task_last_update": "string",
- "task_open_date": "string",
- "task_status_id": 0,
- "task_tags": "string",
- "task_title": "string",
- "task_userid_close": 0,
- "task_userid_open": 0,
- "task_userid_update": 0
}, - "message": "string",
- "status": "string"
}
A customer can be deleted only if it is not referenced in a case. To delete a referenced, every referencing cases musth be deleted before.
customer_id required | integer ID of the customer to delete |
{- "data": [ ],
- "message": "Deleted successfully",
- "status": "success"
}
Add a new customer that will be available at case creation.
customer_name required | string non-empty |
{- "customer_name": "My new customer"
}
{- "data": {
- "customer_id": 70,
- "customer_name": "My new customer"
}, - "message": "Customer added",
- "status": "success"
}
Update an existing customer. The new customer name should be one which is not already taken.
customer_id required | integer Customer ID to update |
customer_name required | string non-empty |
{- "customer_name": "My new customer name"
}
{- "data": {
- "customer_id": 104,
- "customer_name": "My new customer name"
}, - "message": "Customer updated",
- "status": "success"
}
Update the summary of a case. Attention this will trigger an overwrite of the summary. Summaries are shared interactively between users. If an update summary is issued, every user will receive the change and their locale changes will be lost.
The summary is a markdown-compatible text.
case_description required | string The updated summary |
cid required | integer Case ID |
{- "case_description": "# A nice summary\nWith some information",
- "cid": 1
}
{- "data": [ ],
- "message": "Summary updated",
- "status": "success"
}
Add a task log to the case. The task log is registered under Activities and is be availble in reports templating. If CID is omitted, the default case of the calling user is used.
log_content | string |
cid | integer |
{- "log_content": "A test"
}
{- "data": {
- "activity_date": "Fri, 21 Jan 2022 17:33:48 GMT",
- "activity_desc": "A test",
- "case": null,
- "case_id": 1,
- "id": 21632,
- "user": null,
- "user_id": 1,
- "user_input": true
}, - "message": "Log saved",
- "status": "success"
}
Get a list of the assets linked to the case.
cid | string Case ID |
{- "data": {
- "assets": [
- {
- "analysis_status": "To be done",
- "analysis_status_id": 2,
- "asset_compromised": true,
- "asset_description": "Asset description",
- "asset_id": 2208,
- "asset_ip": "My IP",
- "asset_name": "Asset 1",
- "asset_tags": "Asset,tags",
- "asset_type": "Account",
- "asset_type_id": 1,
- "ioc_links": [
- {
- "ioc_id": 1,
- "ioc_value": "Hello"
}
], - "link": [ ]
}
], - "state": {
- "object_last_update": "Fri, 21 Jan 2022 17:42:37 GMT",
- "object_state": 1
}
}, - "message": "",
- "status": "success"
}
Fetch the content of an asset
asset_id required | integer |
cid | string Case ID |
{- "data": {
- "analysis_status_id": 2,
- "asset_compromised": true,
- "asset_description": "Asset description",
- "asset_domain": "My domain",
- "asset_id": 2208,
- "asset_info": "Additional info",
- "asset_ip": "My IP",
- "asset_name": "Asset 1",
- "asset_tags": "Asset,tags",
- "asset_type_id": 1,
- "case_id": 2,
- "date_added": "2022-01-21T17:42:37.286192",
- "date_update": "2022-01-21T17:42:37.286203",
- "linked_ioc": [
- {
- "ioc_description": "",
- "ioc_id": 1,
- "ioc_tags": "",
- "ioc_tlp_id": 2,
- "ioc_type_id": 76,
- "ioc_value": "Hello",
- "type_name": "ip-any"
}
], - "user_id": 1,
- "custom_attributes": {
- "WHOIS": {
- "Registrant Country": {
- "mandatory": true,
- "type": "input_string",
- "value": "The registrant country"
}
}
}
}, - "message": "",
- "status": "success"
}
Create an asset and link it to the case.
asset_name required | string non-empty |
asset_type_id required | integer Asset type ID |
asset_description | string |
asset_domain | string |
asset_ip | string |
asset_info | string Additional information, not shown on table |
analysis_status_id required | integer Analysis status ID |
cid required | integer Case ID |
custom_attributes required | object |
{- "data": {
- "analysis_status_id": 1,
- "asset_compromised": null,
- "asset_description": "desc",
- "asset_domain": "my domain",
- "asset_id": 2210,
- "asset_info": "asset info",
- "asset_ip": "127.0.0.1",
- "asset_name": "My asset",
- "asset_tags": null,
- "asset_type_id": 1,
- "case_id": 1,
- "date_added": "2022-01-21T17:51:46.995441",
- "date_update": "2022-01-21T17:51:46.995463",
- "user_id": 1,
- "custom_attributes": {
- "WHOIS": {
- "Registrant Country": {
- "mandatory": true,
- "type": "input_string",
- "value": ""
}
}
}
}, - "message": "Asset added",
- "status": "success"
}
Update an asset
asset_id required | string ID of the asset to update |
asset_name required | string non-empty |
asset_type_id required | integer |
asset_description | string non-empty |
asset_domain | string |
asset_ip | string |
asset_info | string |
asset_compromised | boolean |
analysis_status_id required | integer |
ioc_links required | Array of strings IOC ID as a string |
cid required | integer Case ID |
custom_attributes required | object |
{- "data": {
- "analysis_status_id": 0,
- "asset_compromised": true,
- "asset_description": "string",
- "asset_domain": "string",
- "asset_id": 0,
- "asset_info": "string",
- "asset_ip": "string",
- "asset_name": "string",
- "asset_type_id": 0,
- "case_id": 0,
- "date_added": "string",
- "date_update": "string",
- "user_id": 0
}, - "message": "string",
- "status": "string"
}
Delete an asset for the case. If the asset is linked in an event, the reference is also removed.
asset_id required | string ID of the note to delete |
cid | string Case ID |
{- "data": [ ],
- "message": "Deleted",
- "status": "success"
}
Get a list of the notes and groups
cid | string Case ID |
{- "data": {
- "groups": [
- {
- "group_id": 0,
- "group_title": "string",
- "notes": [
- {
- "note_id": 20,
- "note_lastupdate": "Tue, 22 Feb 2022 14:21:29 GMT",
- "note_title": "Untitled note",
- "user": "administrator"
}
]
}
], - "state": {
- "object_last_update": "string",
- "object_state": 0
}
}, - "message": "string",
- "status": "string"
}
Fetch a notes group
group_id required | string ID of the group to return |
cid required | string ID Of the case |
{- "data": {
- "group_creationdate": "Wed, 16 Feb 2022 18:48:00 GMT",
- "group_id": 14,
- "group_lastupdate": "Wed, 16 Feb 2022 18:48:00 GMT",
- "group_title": "Group 14",
- "notes": [
- {
- "note_id": 20,
- "note_lastupdate": "Tue, 22 Feb 2022 14:21:29 GMT",
- "note_title": "Untitled note",
- "user": "administrator"
}, - {
- "note_id": 21,
- "note_lastupdate": "Sun, 06 Mar 2022 17:45:54 GMT",
- "note_title": "Untitled note",
- "user": "administrator"
}
]
}, - "message": "",
- "status": "success"
}
The created group is empty.
group_title required | string non-empty |
cid required | number |
{- "group_title": "Test",
- "cid": 5
}
{- "data": {
- "group_creationdate": "2021-10-25T08:00:47.274267",
- "group_id": 526,
- "group_lastupdate": "2021-10-25T08:00:47.274267",
- "group_title": "Test"
}, - "message": "",
- "status": "success"
}
group_id required | string Group ID to update |
group_title required | string non-empty |
cid required | number |
{- "group_title": "Test",
- "cid": 5
}
{- "data": {
- "group_creationdate": "2022-01-21T18:14:49.494113",
- "group_id": 38,
- "group_lastupdate": "2022-01-21T18:14:49.494113",
- "group_title": "Coucou"
}, - "message": "Updated title of group ID 38",
- "status": "success"
}
Delete a group with all notes linked to it. It is not possible to recover deleted notes.
group_id required | string ID of the group to delete |
cid required | string ID Of the case |
{- "data": [ ],
- "message": "Group ID 35 deleted",
- "status": "success"
}
Add a new note to an existing group.
note_title required | string non-empty |
note_content required | string non-empty |
group_id required | number |
cid required | number |
{- "note_title": "Title of the note",
- "note_content": "Content of the note",
- "group_id": 36,
- "cid": 2
}
{- "data": {
- "note_content": "Content of the note",
- "note_creationdate": "2021-10-25T06:44:23.163205",
- "note_id": 2364,
- "note_lastupdate": "2021-10-25T06:44:23.163205",
- "note_title": "Title of the note",
- "custom_attributes": { }
}, - "message": "",
- "status": "success"
}
Fetch the content and information of a note
note_id required | integer ID of the note to fetch |
cid | string ID Of the case |
{- "data": {
- "group_id": 38,
- "group_title": "A notes group",
- "note_content": "## Edit me with the right pencil button",
- "note_creationdate": "2022-01-21T18:22:33.394261",
- "note_id": 58,
- "note_lastupdate": "2022-01-21T18:22:33.394261",
- "note_title": "Untitled note",
- "custom_attributes": { }
}, - "message": "",
- "status": "success"
}
Delete the content of a note.
note_id required | string ID of the note to delete |
cid required | string ID Of the case |
{- "data": [ ],
- "message": "Deleted",
- "status": "success"
}
Update the content of a note.
note_id required | string ID of the note to save |
note_title required | string non-empty |
note_content | string non-empty |
custom_attributes | object |
cid required | integer |
{- "note_title": "New title",
- "note_content": "New content",
- "custom_attributes": { },
- "cid": 5
}
{- "data": {
- "custom_attributes": { },
- "group_id": 15,
- "group_title": "Group 15",
- "note_content": "New content",
- "note_creationdate": "2022-02-25T11:41:44.514669",
- "note_id": 25,
- "note_lastupdate": "2022-03-06T17:42:33.108936",
- "note_title": "New title"
}, - "message": "",
- "status": "success"
}
Search in notes. The searched term is a wild carded.
search_term required | string non-empty |
cid required | integer |
{- "search_term": "string",
- "cid": 0
}
{- "data": [
- {
- "note_id": 58,
- "note_title": "Untitled note"
}, - {
- "note_id": 60,
- "note_title": "Untitled note"
}
], - "message": "",
- "status": "success"
}
Returns a list of IOCs as well as any existing linked with other cases.
cid | string Case ID |
{- "data": {
- "ioc": [
- {
- "ioc_description": "",
- "ioc_id": 11,
- "ioc_misp": null,
- "ioc_tags": "",
- "ioc_tlp_id": 2,
- "ioc_type": "ip-any",
- "ioc_type_id": 76,
- "ioc_value": "hello",
- "link": [ ],
- "misp_link": "\"\"",
- "tlp_bscolor": "warning",
- "tlp_name": "amber"
}, - {
- "ioc_description": "",
- "ioc_id": 1,
- "ioc_misp": null,
- "ioc_tags": "",
- "ioc_tlp_id": 2,
- "ioc_type": "ip-any",
- "ioc_type_id": 76,
- "ioc_value": "Hello",
- "link": [
- {
- "case_id": 1,
- "case_name": "#1 - Initial Demo",
- "client_name": "IrisInitialClient"
}
], - "misp_link": "\"\"",
- "tlp_bscolor": "warning",
- "tlp_name": "amber"
}
], - "state": {
- "object_last_update": "Mon, 10 Jan 2022 17:23:48 GMT",
- "object_state": 2
}
}, - "message": "",
- "status": "success"
}
Fetch the content of an ioc
ioc_id required | string |
cid | string Case ID |
{- "data": {
- "ioc_description": "",
- "ioc_id": 11,
- "ioc_misp": null,
- "ioc_tags": "",
- "ioc_tlp_id": 2,
- "ioc_type": 76,
- "ioc_type_id": 76,
- "ioc_value": "hello",
- "link": [
- {
- "case_id": 1,
- "case_name": "#1 - Initial Demo",
- "client_name": "IrisInitialClient"
}
], - "user_id": 1
}, - "message": "",
- "status": "success"
}
ioc_type_id required | integer |
ioc_tlp_id required | integer |
ioc_value required | string non-empty |
ioc_description required | string non-empty |
ioc_tags required | string |
custom_attributes | object |
cid required | integer |
{- "ioc_type_id": 1,
- "ioc_tlp_id": 2,
- "ioc_value": "8.8.8.8",
- "ioc_description": "rewrw",
- "ioc_tags": "",
- "custom_attributes": { },
- "cid": 2
}
{- "data": {
- "ioc_description": "rewrw",
- "ioc_id": 34,
- "ioc_misp": null,
- "ioc_tags": "",
- "ioc_tlp_id": 2,
- "ioc_type": 1,
- "ioc_type_id": 1,
- "ioc_value": "8.8.8.8",
- "user_id": 1
}, - "message": "IOC added",
- "status": "success"
}
Delete an IOC from the case. If the IOC is still reference in other cases than it's only unlinked from the current case.
ioc_id required | integer |
cid required | string Case ID |
{- "data": [ ],
- "message": "IOC deleted",
- "status": "success"
}
ioc_id required | integer |
ioc_type_id required | integer |
ioc_tlp_id required | integer |
ioc_value required | string non-empty |
ioc_description required | string |
ioc_tags required | string |
custom_attributes | object |
{- "ioc_type_id": 1,
- "ioc_tlp_id": 2,
- "ioc_value": "evil",
- "ioc_description": "IOC description",
- "ioc_tags": "tag1,tag2",
- "custom_attributes": { },
- "cid": 12
}
{- "data": {
- "ioc_description": "IOC description",
- "ioc_id": 1,
- "ioc_misp": null,
- "ioc_tags": "tag1,tag2",
- "ioc_tlp_id": 2,
- "ioc_type": 1,
- "ioc_type_id": 1,
- "ioc_value": "evil",
- "custom_attributes": { },
- "user_id": 1
}, - "message": "Updated ioc evil",
- "status": "success"
}
Fetch all the events of the timeline that matches the given asset id. An asset ID of returns the whole timeline without filtering.
asset_id required | integer Filter by assets |
cid required | string Case ID |
{- "data": {
- "state": {
- "object_last_update": "string",
- "object_state": 0
}, - "timeline": [
- {
- "assets": [
- { }
], - "category_name": "string",
- "event_category_id": 0,
- "event_color": "string",
- "event_content": "string",
- "event_date": "string",
- "event_date_wtz": "string",
- "event_id": 0,
- "event_in_graph": true,
- "event_in_summary": true,
- "event_tags": "string",
- "event_title": "string",
- "event_tz": "string"
}
]
}, - "message": "string",
- "status": "string"
}
Fetch all the events of the timeline.
cid required | string Case ID |
{- "data": [
- {
- "assets": [
- {
- "compromised": false,
- "description": "My asset 10",
- "ip": "",
- "name": "asset_11 (Linux - Server)"
}, - {
- "compromised": true,
- "description": "My asset 10",
- "ip": "",
- "name": "asset_4 (Windows Account - Local)"
}
], - "category_name": "",
- "event_color": "",
- "event_content": "My event content @44",
- "event_date": "Tue, 19 Oct 2021 16:19:09 GMT",
- "event_id": 2021,
- "event_tags": "",
- "event_title": "My event title @44",
- "event_tz": "+00:00",
- "event_date_wtz": "Tue, 19 Oct 2021 16:19:09 GMT",
- "event_in_summary": true,
- "event_in_graph": true
}
], - "message": "",
- "status": "success"
}
Fetch the state of the timeline.
cid required | string Case ID |
{- "data": {
- "object_last_update": "Sun, 06 Mar 2022 13:00:25 GMT",
- "object_state": 39
}, - "message": "",
- "status": "success"
}
Create a new event in the timeline
event_title required | string non-empty |
event_content required | string |
event_raw required | string |
event_source required | string |
event_assets required | Array of integers |
event_category_id required | integer |
event_in_summary required | boolean |
event_in_graph required | boolean |
event_color required | string non-empty |
event_date required | string non-empty Expects ISO format 2021-12-12T05:45:46.000 |
event_tags required | string |
event_tz required | string non-empty |
cid | integer |
custom_attributes | object |
{- "event_title": "Test",
- "event_content": "",
- "event_raw": "",
- "event_source": "",
- "event_assets": [
- "2212"
], - "event_category_id": 1,
- "event_in_summary": true,
- "event_in_graph": true,
- "event_color": "#6861CE99",
- "event_date": "2021-12-12T05:45:46.000",
- "event_tags": "",
- "event_tz": "+00:00",
- "custom_attributes": { },
- "cid": 1
}
Update an event in the timeline
event_id required | integer |
event_title required | string non-empty |
event_content required | string |
event_raw required | string |
event_source required | string |
event_assets required | Array of integers |
event_category_id required | string non-empty |
event_in_summary required | boolean |
event_in_graph required | boolean |
event_color required | string non-empty |
event_date required | string non-empty |
event_tags required | string |
event_tz required | string non-empty |
custom_attributes | object |
cid | integer |
{- "event_title": "Tests",
- "event_content": "",
- "event_raw": "",
- "event_source": "",
- "event_assets": [
- "2212"
], - "event_category_id": "1",
- "event_in_summary": true,
- "event_in_graph": true,
- "event_color": "#6861CE99",
- "event_date": "2021-12-12T05:45:46.000",
- "event_tags": "",
- "event_tz": "+00:00",
- "custom_attributes": { },
- "cid": 1
}
{- "data": {
- "case_id": 2,
- "event_added": "2022-01-21T19:17:16.154055",
- "event_assets": [
- 2212
], - "event_category_id": 1,
- "event_color": "#6861CE99",
- "event_content": "",
- "event_date": "2021-12-12T05:45:46.000000",
- "event_date_wtz": "2021-12-12T05:45:46.000000",
- "event_id": 14985,
- "event_in_graph": true,
- "event_in_summary": true,
- "event_raw": "",
- "event_source": "",
- "event_tags": "",
- "event_title": "Tests",
- "event_tz": "+00:00",
- "user_id": 1
}, - "message": "Event added",
- "status": "success"
}
Return information of an event of the timeline
event_id required | integer |
cid required | string Case ID |
{- "data": {
- "case_id": 2,
- "custom_attributes": null,
- "event_added": "2022-01-21T19:26:02.871926",
- "event_assets": [
- 2212
], - "event_category_id": 1,
- "event_color": "#6861CE99",
- "event_content": "",
- "event_date": "2021-12-12T05:45:46.000000",
- "event_date_wtz": "2021-12-12T05:45:46.000000",
- "event_id": 14986,
- "event_in_graph": true,
- "event_in_summary": true,
- "event_raw": "",
- "event_source": "",
- "event_tags": "",
- "event_title": "Tests",
- "event_tz": "+00:00",
- "user_id": 1
}, - "message": "",
- "status": "success"
}
{- "data": {
- "state": {
- "object_last_update": "Mon, 10 Jan 2022 17:23:01 GMT",
- "object_state": 0
}, - "tasks": [
- {
- "assignee_name": "administrator",
- "status_bscolor": "success",
- "status_name": "Done",
- "task_assignee_id": 1,
- "task_description": "A nice task",
- "task_id": 3,
- "task_open_date": "Fri, 25 Feb 2022 12:46:24 GMT",
- "task_status_id": 4,
- "task_tags": "tag1,tag2",
- "task_title": "My task"
}
], - "tasks_status": [
- {
- "id": 14,
- "status_bscolor": "danger",
- "status_description": "",
- "status_name": "To do"
}, - {
- "id": 15,
- "status_bscolor": "warning",
- "status_description": "",
- "status_name": "In progress"
}, - {
- "id": 16,
- "status_bscolor": "muted",
- "status_description": "",
- "status_name": "On hold"
}, - {
- "id": 17,
- "status_bscolor": "success",
- "status_description": "",
- "status_name": "Done"
}, - {
- "id": 18,
- "status_bscolor": "muted",
- "status_description": "",
- "status_name": "Canceled"
}
]
}, - "message": "",
- "status": "success"
}
Return information of a specific task
task_id required | integer Task ID to delete |
cid required | string Case ID |
{- "data": {
- "id": 26,
- "task_assignee_id": 1,
- "task_case_id": 2,
- "task_close_date": null,
- "task_description": "Task",
- "task_last_update": "2022-01-21T19:31:15.964472",
- "task_open_date": "2022-01-21T19:31:15.964472",
- "task_status_id": 15,
- "task_tags": "tas",
- "task_title": "Super task",
- "task_userid_close": null,
- "task_userid_open": 1,
- "task_userid_update": 1,
- "custom_attributes": { }
}, - "message": "",
- "status": "success"
}
task_assignee_id required | integer |
task_status_id required | integer |
task_title required | string non-empty |
task_description required | string non-empty |
task_tags required | string non-empty |
custom_attributes | object |
cid | integer |
{- "task_assignee_id": 1,
- "task_status_id": 16,
- "task_title": "A new task",
- "task_description": "with its description",
- "task_tags": "and,tags",
- "custom_attributes": { },
- "cid": 1
}
{- "data": {
- "id": 30,
- "task_assignee_id": 1,
- "task_case_id": 2,
- "task_close_date": null,
- "task_description": "with its description",
- "task_last_update": "2022-01-21T19:37:27.095737",
- "task_open_date": "2022-01-21T19:37:27.095737",
- "task_status_id": 16,
- "task_tags": "and,tags",
- "task_title": "A new task",
- "task_userid_close": null,
- "task_userid_open": 1,
- "task_userid_update": 1,
- "custom_attributes": { }
}, - "message": "",
- "status": "success"
}
task_id required | integer ID of the task |
task_assignee_id required | integer |
task_status_id required | integer |
task_title required | string non-empty |
task_description required | string non-empty |
task_tags required | string non-empty |
custom_attributes | object |
cid | integer |
{- "task_assignee_id": 1,
- "task_status_id": 16,
- "task_title": "New title",
- "task_description": "new content",
- "task_tags": "new tags",
- "cid": 1,
- "custom_attributes": { }
}
{- "data": {
- "id": 26,
- "task_assignee_id": 1,
- "task_case_id": 2,
- "task_close_date": null,
- "task_description": "new content",
- "task_last_update": "2022-01-21T19:39:50.138603",
- "task_open_date": "2022-01-21T19:31:15.964472",
- "task_status_id": 16,
- "task_tags": "new tags",
- "task_title": "New title",
- "task_userid_close": null,
- "task_userid_open": 1,
- "task_userid_update": 1,
- "custom_attributes": { }
}, - "message": "",
- "status": "success"
}
Returns a list of all evidences
cid | string case id |
{- "data": [
- {
- "date_added": "string",
- "file_description": "string",
- "file_hash": "string",
- "file_size": 0,
- "filename": "string",
- "id": 0,
- "username": "string"
}
], - "message": "string",
- "status": "string"
}
Returns information of a specific evidence
evidence_id required | string |
cid required | string Case ID |
{- "data": {
- "date_added": "string",
- "file_description": "string",
- "file_hash": "string",
- "file_size": 0,
- "filename": "string",
- "id": 0,
- "custom_attributes": { }
}, - "message": "string",
- "status": "string"
}
evidence_id required | string |
filename required | string non-empty |
file_size required | integer |
file_hash required | string non-empty |
file_description required | string non-empty |
custom_attributes | object |
cid required | integer |
{- "filename": "string",
- "file_size": 0,
- "file_hash": "string",
- "file_description": "string",
- "custom_attributes": { },
- "cid": 0
}
{- "data": {
- "date_added": "string",
- "file_description": "string",
- "file_hash": "string",
- "file_size": 0,
- "filename": "string",
- "id": 0,
- "custom_attributes": { }
}, - "message": "string",
- "status": "string"
}
Link a new evidence to the case
filename required | string non-empty |
file_size required | integer |
file_hash required | string non-empty |
file_description required | string non-empty |
custom_attributes | object |
cid required | integer |
{- "filename": "string",
- "file_size": 0,
- "file_hash": "string",
- "file_description": "string",
- "custom_attributes": { },
- "cid": 0
}
{- "data": {
- "date_added": "string",
- "file_description": "string",
- "file_hash": "string",
- "file_size": 0,
- "filename": "string",
- "id": 0,
- "custom_attributes": { }
}, - "message": "string",
- "status": "string"
}
Only users that never done any activities can be deleted. This is to prevent any internal logic errors and keep tracks of every past activities.
Requires administrator role.
user_id required | string |
{- "data": [ ],
- "message": "Cannot delete active user",
- "status": "error"
}
Requires administrator role.
user_id required | string |
cid required | integer |
user_name required | string non-empty |
user_login required | string non-empty Has to be unique |
user_email required | string non-empty Has to be unique |
user_password required | string Set to empty string to keep the same password |
user_isadmin | boolean |
{- "cid": 0,
- "user_name": "string",
- "user_login": "string",
- "user_email": "string",
- "user_password": "string",
- "user_isadmin": true
}
{- "data": {
- "active": true,
- "id": 0,
- "user_email": "string",
- "user_id": 0,
- "user_isadmin": true,
- "user_login": "string",
- "user_name": "string",
- "user_password": "string"
}, - "message": "string",
- "status": "string"
}
Administrator role required.
user_name required | string non-empty |
user_login required | string non-empty Has to be unique |
user_email required | string non-empty Has to be unique |
user_password required | string non-empty Must satisfy policy of 12chars, 1 uppercase, 1 number |
{- "user_name": "string",
- "user_login": "string",
- "user_email": "string",
- "user_password": "string"
}
{- "data": {
- "active": true,
- "id": 0,
- "user_email": "string",
- "user_login": "string",
- "user_name": "string",
- "user_password": "string"
}, - "message": "string",
- "status": "string"
}
Returns information of a specific user
user_id required | string |
{- "data": {
- "active": true,
- "email": "user_1",
- "id": 2,
- "name": "User 1",
- "user": "user_1",
- "user_roles_str": [
- "investigator",
- "viewer"
]
}, - "message": "",
- "status": "success"
}
Administrator role required.
asset_name required | string non-empty Has to be unique |
asset_description required | string non-empty |
{- "asset_name": "string",
- "asset_description": "string"
}
{- "data": {
- "asset_description": "A good description",
- "asset_id": 35,
- "asset_name": "New asset type"
}, - "message": "Added successfully",
- "status": "success"
}
Administrator role required.
asset_type_id required | integer |
asset_name required | string non-empty Has to be unique |
asset_description required | string non-empty |
{- "asset_name": "New name",
- "asset_description": "New description"
}
{- "data": {
- "asset_description": "A good description",
- "asset_id": 35,
- "asset_name": "New asset type"
}, - "message": "Added successfully",
- "status": "success"
}
Return a list of available task statuses.
{- "data": [
- {
- "id": 14,
- "status_bscolor": "danger",
- "status_description": "",
- "status_name": "To do"
}, - {
- "id": 15,
- "status_bscolor": "warning",
- "status_description": "",
- "status_name": "In progress"
}, - {
- "id": 16,
- "status_bscolor": "muted",
- "status_description": "",
- "status_name": "On hold"
}, - {
- "id": 17,
- "status_bscolor": "success",
- "status_description": "",
- "status_name": "Done"
}, - {
- "id": 18,
- "status_bscolor": "muted",
- "status_description": "",
- "status_name": "Canceled"
}
], - "message": "",
- "status": "success"
}
Return information on a task status.
task_status_id required | integer |
{- "data": [
- {
- "id": 14,
- "status_bscolor": "danger",
- "status_description": "",
- "status_name": "To do"
}, - {
- "id": 15,
- "status_bscolor": "warning",
- "status_description": "",
- "status_name": "In progress"
}, - {
- "id": 16,
- "status_bscolor": "muted",
- "status_description": "",
- "status_name": "On hold"
}, - {
- "id": 17,
- "status_bscolor": "success",
- "status_description": "",
- "status_name": "Done"
}, - {
- "id": 18,
- "status_bscolor": "muted",
- "status_description": "",
- "status_name": "Canceled"
}
], - "message": "",
- "status": "success"
}
Return information on an IOC type.
ioc_type_id required | string |
{- "data": {
- "type_description": "ABA routing transit number",
- "type_id": 170,
- "type_name": "aba-rtnd",
- "type_taxonomy": ""
}, - "message": "",
- "status": "success"
}
Delete an IOC type. Administrator role required.
ioc_type_id required | string |
{- "data": {
- "type_description": "ABA routing transit number",
- "type_id": 170,
- "type_name": "aba-rtnd",
- "type_taxonomy": ""
}, - "message": "",
- "status": "success"
}
Administrator role required.
type_name required | string non-empty |
type_description required | string non-empty |
type_taxonomy required | string non-empty |
{- "type_name": "aba-rtnd",
- "type_description": "ABA routing transit number",
- "type_taxonomy": ""
}
{- "data": {
- "type_description": "ABA routing transit number",
- "type_id": 171,
- "type_name": "aba-rtnd",
- "type_taxonomy": ""
}, - "message": "Added successfully",
- "status": "success"
}
Administrator role required.
ioc_type_id required | string |
type_name required | string non-empty |
type_description required | string non-empty |
type_taxonomy required | string non-empty |
{- "type_name": "aba-rtnd",
- "type_description": "ABA routing transit number",
- "type_taxonomy": ""
}
{- "data": {
- "type_description": "ABA routing transit number",
- "type_id": 170,
- "type_name": "aba-rtnd",
- "type_taxonomy": ""
}, - "message": "IOC type updated",
- "status": "success"
}
List current and previous tasks run by modules. This endpoint is heavy on the database and should be avoided. Use the "limited-list" endpoint to select only the last 40 entries.
{- "data": [
- {
- "case": "string",
- "date_done": "string",
- "module": "string",
- "state": "string",
- "task_id": "string",
- "user": "string"
}
], - "message": "string",
- "status": "string"
}
List current and previous tasks run by modules, limited to last 40 entries.
{- "data": [
- {
- "case": "string",
- "date_done": "string",
- "module": "string",
- "state": "string",
- "task_id": "string",
- "user": "string"
}
], - "message": "string",
- "status": "string"
}
List all manual hooks available for a particular case object.
Available objects types are :
The returned information can provided to the /dim/hooks/call
endpoint to trigger a hook.
object_type required | string Object type |
{- "data": [
- {
- "hook_name": "on_manual_trigger_ioc",
- "manual_hook_ui_name": "Get VT insight",
- "module_name": "iris_vt_module"
}
], - "message": "",
- "status": "success"
}
Executes a manual trigger on a specified hook. This allows to trigger a hook as it would be done on the GUI. This only concerns manual hooks, and each call triggers a specific hook of a specific module, as specified in the request.
To get a list of all available hooks for a case object, use the /dim/hooks/options/<type>/list
endpoint.
hook_name required | string non-empty Internal name of the hook as specified in the hook documentation. |
module_name required | string non-empty Name of the module to call |
hook_ui_name required | string non-empty UI name of the hook, either auto generated by IRIS or provided by the module itself. |
type required | string non-empty Type of data processed by the hook (ioc, asset, etc) |
targets required | Array of objects List of objects ID of type "type" to process |
{- "hook_name": "on_manual_trigger_ioc",
- "module_name": "iris_vt_module",
- "hook_ui_name": "Get VT insight",
- "type": "ioc",
- "targets": [
- 10
]
}