NAV
Shell HTTP JavaScript Ruby Python PHP Java Go

Investigations API v3

Scroll down for code samples, example requests and responses. Select a language for code samples from the tabs above or the mobile navigation menu.

This document contains the API specification for the Investigations microservice. You can use this API to build, delete, modify, or list the Investigation objects, which may contain attachments, evidence, or notes.

Base URLs:

Authentication

Attachments

List Attachments

Code samples

# You can also use wget
curl -X GET https://investigations.us-east-1.prod.alienvault.cloud/investigations/v3/investigations/{investigationId}/attachments \
  -H 'Accept: application/json' \
  -H 'Authorization: Bearer {id-token}'

GET https://investigations.us-east-1.prod.alienvault.cloud/investigations/v3/investigations/{investigationId}/attachments HTTP/1.1
Host: investigations.us-east-1.prod.alienvault.cloud
Accept: application/json


const headers = {
  'Accept':'application/json',
  'Authorization':'Bearer {id-token}'
};

fetch('https://investigations.us-east-1.prod.alienvault.cloud/investigations/v3/investigations/{investigationId}/attachments',
{
  method: 'GET',

  headers: headers
})
.then(function(res) {
    return res.json();
}).then(function(body) {
    console.log(body);
});

require 'rest-client'
require 'json'

headers = {
  'Accept' => 'application/json',
  'Authorization' => 'Bearer {id-token}'
}

result = RestClient.get 'https://investigations.us-east-1.prod.alienvault.cloud/investigations/v3/investigations/{investigationId}/attachments',
  params: {
  }, headers: headers

p JSON.parse(result)

import requests
headers = {
  'Accept': 'application/json',
  'Authorization': 'Bearer {id-token}'
}

r = requests.get('https://investigations.us-east-1.prod.alienvault.cloud/investigations/v3/investigations/{investigationId}/attachments', headers = headers)

print(r.json())

<?php

require 'vendor/autoload.php';

$headers = array(
    'Accept' => 'application/json',
    'Authorization' => 'Bearer {id-token}',
);

$client = new \GuzzleHttp\Client();

// Define array of request body.
$request_body = array();

try {
    $response = $client->request('GET','https://investigations.us-east-1.prod.alienvault.cloud/investigations/v3/investigations/{investigationId}/attachments', array(
        'headers' => $headers,
        'json' => $request_body,
       )
    );
    print_r($response->getBody()->getContents());
 }
 catch (\GuzzleHttp\Exception\BadResponseException $e) {
    // handle exception or api errors.
    print_r($e->getMessage());
 }

 // ...

URL obj = new URL("https://investigations.us-east-1.prod.alienvault.cloud/investigations/v3/investigations/{investigationId}/attachments");
HttpURLConnection con = (HttpURLConnection) obj.openConnection();
con.setRequestMethod("GET");
int responseCode = con.getResponseCode();
BufferedReader in = new BufferedReader(
    new InputStreamReader(con.getInputStream()));
String inputLine;
StringBuffer response = new StringBuffer();
while ((inputLine = in.readLine()) != null) {
    response.append(inputLine);
}
in.close();
System.out.println(response.toString());

package main

import (
       "bytes"
       "net/http"
)

func main() {

    headers := map[string][]string{
        "Accept": []string{"application/json"},
        "Authorization": []string{"Bearer {id-token}"},
    }

    data := bytes.NewBuffer([]byte{jsonReq})
    req, err := http.NewRequest("GET", "https://investigations.us-east-1.prod.alienvault.cloud/investigations/v3/investigations/{investigationId}/attachments", data)
    req.Header = headers

    client := &http.Client{}
    resp, err := client.Do(req)
    // ...
}

GET /investigations/{investigationId}/attachments

Parameters

Name In Type Required Description
investigationId path string(uuid) true The unique identifier of an investigation.

Example responses

200 Response

{
  "_links": {
    "self": {
      "href": "http://example.com"
    },
    "download": {
      "href": "http://example.com"
    }
  },
  "_embedded": {},
  "attachments": [
    {
      "_links": {
        "self": {
          "href": "http://example.com"
        },
        "download": {
          "href": "http://example.com"
        }
      },
      "id": "497f6eca-6276-4993-bfeb-53cbbbba6f08",
      "private": true,
      "name": "string",
      "size": 0,
      "created": {
        "by": "user@example.com",
        "on": "2019-08-24T14:15:22Z"
      },
      "lastModified": {
        "by": "user@example.com",
        "on": "2019-08-24T14:15:22Z"
      }
    }
  ]
}

Responses

Status Meaning Description Schema
200 OK OK Inline
400 Bad Request Bad Request - Many possible reasons associated with the request (form, content, etc.). Do not resubmit this request unchanged. errorBody
401 Unauthorized Unauthorized - Authentication failed or was not provided in the Authorization header. None
403 Forbidden Forbidden - The client has insufficient permissions to access the resource. None
404 Not Found Not Found - The server has not found anything matching the Request-URI. No indication is given of whether the condition is temporary or permanent. None
406 Not Acceptable Not Acceptable - The value specified for the Accept header in the request is not supported. Acceptable value is "application/json". None
429 Too Many Requests Too Many Requests None
500 Internal Server Error Internal Sever Error - The server encountered an internal error or timed out. Please try again later. None
503 Service Unavailable Service Unavailable - The server is currently unable to receive requests. Please try again later. None

Create an Attachment

Code samples

# You can also use wget
curl -X POST https://investigations.us-east-1.prod.alienvault.cloud/investigations/v3/investigations/{investigationId}/attachments \
  -H 'Content-Type: multipart/form-data' \
  -H 'Accept: application/json' \
  -H 'Authorization: Bearer {id-token}'

POST https://investigations.us-east-1.prod.alienvault.cloud/investigations/v3/investigations/{investigationId}/attachments HTTP/1.1
Host: investigations.us-east-1.prod.alienvault.cloud
Content-Type: multipart/form-data
Accept: application/json

const inputBody = '{
  "private": true,
  "filename": "string"
}';
const headers = {
  'Content-Type':'multipart/form-data',
  'Accept':'application/json',
  'Authorization':'Bearer {id-token}'
};

fetch('https://investigations.us-east-1.prod.alienvault.cloud/investigations/v3/investigations/{investigationId}/attachments',
{
  method: 'POST',
  body: inputBody,
  headers: headers
})
.then(function(res) {
    return res.json();
}).then(function(body) {
    console.log(body);
});

require 'rest-client'
require 'json'

headers = {
  'Content-Type' => 'multipart/form-data',
  'Accept' => 'application/json',
  'Authorization' => 'Bearer {id-token}'
}

result = RestClient.post 'https://investigations.us-east-1.prod.alienvault.cloud/investigations/v3/investigations/{investigationId}/attachments',
  params: {
  }, headers: headers

p JSON.parse(result)

import requests
headers = {
  'Content-Type': 'multipart/form-data',
  'Accept': 'application/json',
  'Authorization': 'Bearer {id-token}'
}

r = requests.post('https://investigations.us-east-1.prod.alienvault.cloud/investigations/v3/investigations/{investigationId}/attachments', headers = headers)

print(r.json())

<?php

require 'vendor/autoload.php';

$headers = array(
    'Content-Type' => 'multipart/form-data',
    'Accept' => 'application/json',
    'Authorization' => 'Bearer {id-token}',
);

$client = new \GuzzleHttp\Client();

// Define array of request body.
$request_body = array();

try {
    $response = $client->request('POST','https://investigations.us-east-1.prod.alienvault.cloud/investigations/v3/investigations/{investigationId}/attachments', array(
        'headers' => $headers,
        'json' => $request_body,
       )
    );
    print_r($response->getBody()->getContents());
 }
 catch (\GuzzleHttp\Exception\BadResponseException $e) {
    // handle exception or api errors.
    print_r($e->getMessage());
 }

 // ...

URL obj = new URL("https://investigations.us-east-1.prod.alienvault.cloud/investigations/v3/investigations/{investigationId}/attachments");
HttpURLConnection con = (HttpURLConnection) obj.openConnection();
con.setRequestMethod("POST");
int responseCode = con.getResponseCode();
BufferedReader in = new BufferedReader(
    new InputStreamReader(con.getInputStream()));
String inputLine;
StringBuffer response = new StringBuffer();
while ((inputLine = in.readLine()) != null) {
    response.append(inputLine);
}
in.close();
System.out.println(response.toString());

package main

import (
       "bytes"
       "net/http"
)

func main() {

    headers := map[string][]string{
        "Content-Type": []string{"multipart/form-data"},
        "Accept": []string{"application/json"},
        "Authorization": []string{"Bearer {id-token}"},
    }

    data := bytes.NewBuffer([]byte{jsonReq})
    req, err := http.NewRequest("POST", "https://investigations.us-east-1.prod.alienvault.cloud/investigations/v3/investigations/{investigationId}/attachments", data)
    req.Header = headers

    client := &http.Client{}
    resp, err := client.Do(req)
    // ...
}

POST /investigations/{investigationId}/attachments

Body parameter

private: true
filename: string

Parameters

Name In Type Required Description
body body object false The POST body is a muilt-part format which includes both the properties as well as the file.
investigationId path string(uuid) true The unique identifier of an investigation.

Example responses

201 Response

{
  "_links": {
    "self": {
      "href": "http://example.com"
    },
    "download": {
      "href": "http://example.com"
    }
  },
  "id": "497f6eca-6276-4993-bfeb-53cbbbba6f08",
  "private": true,
  "name": "string",
  "size": 0,
  "created": {
    "by": "user@example.com",
    "on": "2019-08-24T14:15:22Z"
  },
  "lastModified": {
    "by": "user@example.com",
    "on": "2019-08-24T14:15:22Z"
  }
}

Responses

Status Meaning Description Schema
201 Created CREATED gAttachment
400 Bad Request Bad Request - Many possible reasons associated with the request (form, content, etc.). Do not resubmit this request unchanged. errorBody
401 Unauthorized Unauthorized - Authentication failed or was not provided in the Authorization header. None
403 Forbidden Forbidden - The client has insufficient permissions to access the resource. None
404 Not Found Not Found - The server has not found anything matching the Request-URI. No indication is given of whether the condition is temporary or permanent. None
406 Not Acceptable Not Acceptable - The value specified for the Accept header in the request is not supported. Acceptable value is "application/json". None
411 Length Required Length Required - The Content-Length header was not specified. None
415 Unsupported Media Type Unsupported Media Type - The value specified for the Content-Type header in the request is not supported. Acceptable value is "application/json". None
422 Unprocessable Entity Unprocessable Entity - The multiform request body does not appear to be a valid multiform type. None
429 Too Many Requests Too Many Requests None
500 Internal Server Error Internal Sever Error - The server encountered an internal error or timed out. Please try again later. None
503 Service Unavailable Service Unavailable - The server is currently unable to receive requests. Please try again later. None

Download an Attachment

Code samples

# You can also use wget
curl -X GET https://investigations.us-east-1.prod.alienvault.cloud/investigations/v3/investigations/{investigationId}/attachments/{attachmentId} \
  -H 'Accept: application/json' \
  -H 'Authorization: Bearer {id-token}'

GET https://investigations.us-east-1.prod.alienvault.cloud/investigations/v3/investigations/{investigationId}/attachments/{attachmentId} HTTP/1.1
Host: investigations.us-east-1.prod.alienvault.cloud
Accept: application/json


const headers = {
  'Accept':'application/json',
  'Authorization':'Bearer {id-token}'
};

fetch('https://investigations.us-east-1.prod.alienvault.cloud/investigations/v3/investigations/{investigationId}/attachments/{attachmentId}',
{
  method: 'GET',

  headers: headers
})
.then(function(res) {
    return res.json();
}).then(function(body) {
    console.log(body);
});

require 'rest-client'
require 'json'

headers = {
  'Accept' => 'application/json',
  'Authorization' => 'Bearer {id-token}'
}

result = RestClient.get 'https://investigations.us-east-1.prod.alienvault.cloud/investigations/v3/investigations/{investigationId}/attachments/{attachmentId}',
  params: {
  }, headers: headers

p JSON.parse(result)

import requests
headers = {
  'Accept': 'application/json',
  'Authorization': 'Bearer {id-token}'
}

r = requests.get('https://investigations.us-east-1.prod.alienvault.cloud/investigations/v3/investigations/{investigationId}/attachments/{attachmentId}', headers = headers)

print(r.json())

<?php

require 'vendor/autoload.php';

$headers = array(
    'Accept' => 'application/json',
    'Authorization' => 'Bearer {id-token}',
);

$client = new \GuzzleHttp\Client();

// Define array of request body.
$request_body = array();

try {
    $response = $client->request('GET','https://investigations.us-east-1.prod.alienvault.cloud/investigations/v3/investigations/{investigationId}/attachments/{attachmentId}', array(
        'headers' => $headers,
        'json' => $request_body,
       )
    );
    print_r($response->getBody()->getContents());
 }
 catch (\GuzzleHttp\Exception\BadResponseException $e) {
    // handle exception or api errors.
    print_r($e->getMessage());
 }

 // ...

URL obj = new URL("https://investigations.us-east-1.prod.alienvault.cloud/investigations/v3/investigations/{investigationId}/attachments/{attachmentId}");
HttpURLConnection con = (HttpURLConnection) obj.openConnection();
con.setRequestMethod("GET");
int responseCode = con.getResponseCode();
BufferedReader in = new BufferedReader(
    new InputStreamReader(con.getInputStream()));
String inputLine;
StringBuffer response = new StringBuffer();
while ((inputLine = in.readLine()) != null) {
    response.append(inputLine);
}
in.close();
System.out.println(response.toString());

package main

import (
       "bytes"
       "net/http"
)

func main() {

    headers := map[string][]string{
        "Accept": []string{"application/json"},
        "Authorization": []string{"Bearer {id-token}"},
    }

    data := bytes.NewBuffer([]byte{jsonReq})
    req, err := http.NewRequest("GET", "https://investigations.us-east-1.prod.alienvault.cloud/investigations/v3/investigations/{investigationId}/attachments/{attachmentId}", data)
    req.Header = headers

    client := &http.Client{}
    resp, err := client.Do(req)
    // ...
}

GET /investigations/{investigationId}/attachments/{attachmentId}

Parameters

Name In Type Required Description
investigationId path string(uuid) true The unique identifier of an investigation.
attachmentId path string(uuid) true The unique identifier of an attachment.

Example responses

200 Response

{
  "_links": {
    "self": {
      "href": "http://example.com"
    },
    "download": {
      "href": "http://example.com"
    }
  },
  "id": "497f6eca-6276-4993-bfeb-53cbbbba6f08",
  "private": true,
  "name": "string",
  "size": 0,
  "created": {
    "by": "user@example.com",
    "on": "2019-08-24T14:15:22Z"
  },
  "lastModified": {
    "by": "user@example.com",
    "on": "2019-08-24T14:15:22Z"
  }
}

Responses

Status Meaning Description Schema
200 OK OK gAttachment
400 Bad Request Bad Request - Many possible reasons associated with the request (form, content, etc.). Do not resubmit this request unchanged. errorBody
401 Unauthorized Unauthorized - Authentication failed or was not provided in the Authorization header. None
403 Forbidden Forbidden - The client has insufficient permissions to access the resource. None
404 Not Found Not Found - The server has not found anything matching the Request-URI. No indication is given of whether the condition is temporary or permanent. None
406 Not Acceptable Not Acceptable - The value specified for the Accept header in the request is not supported. Acceptable value is "application/json". None
429 Too Many Requests Too Many Requests None
500 Internal Server Error Internal Sever Error - The server encountered an internal error or timed out. Please try again later. None
503 Service Unavailable Service Unavailable - The server is currently unable to receive requests. Please try again later. None

Modify an Attachment

Code samples

# You can also use wget
curl -X PUT https://investigations.us-east-1.prod.alienvault.cloud/investigations/v3/investigations/{investigationId}/attachments/{attachmentId} \
  -H 'Content-Type: application/json' \
  -H 'Accept: application/json' \
  -H 'Authorization: Bearer {id-token}'

PUT https://investigations.us-east-1.prod.alienvault.cloud/investigations/v3/investigations/{investigationId}/attachments/{attachmentId} HTTP/1.1
Host: investigations.us-east-1.prod.alienvault.cloud
Content-Type: application/json
Accept: application/json

const inputBody = '{
  "private": true,
  "filename": "string"
}';
const headers = {
  'Content-Type':'application/json',
  'Accept':'application/json',
  'Authorization':'Bearer {id-token}'
};

fetch('https://investigations.us-east-1.prod.alienvault.cloud/investigations/v3/investigations/{investigationId}/attachments/{attachmentId}',
{
  method: 'PUT',
  body: inputBody,
  headers: headers
})
.then(function(res) {
    return res.json();
}).then(function(body) {
    console.log(body);
});

require 'rest-client'
require 'json'

headers = {
  'Content-Type' => 'application/json',
  'Accept' => 'application/json',
  'Authorization' => 'Bearer {id-token}'
}

result = RestClient.put 'https://investigations.us-east-1.prod.alienvault.cloud/investigations/v3/investigations/{investigationId}/attachments/{attachmentId}',
  params: {
  }, headers: headers

p JSON.parse(result)

import requests
headers = {
  'Content-Type': 'application/json',
  'Accept': 'application/json',
  'Authorization': 'Bearer {id-token}'
}

r = requests.put('https://investigations.us-east-1.prod.alienvault.cloud/investigations/v3/investigations/{investigationId}/attachments/{attachmentId}', headers = headers)

print(r.json())

<?php

require 'vendor/autoload.php';

$headers = array(
    'Content-Type' => 'application/json',
    'Accept' => 'application/json',
    'Authorization' => 'Bearer {id-token}',
);

$client = new \GuzzleHttp\Client();

// Define array of request body.
$request_body = array();

try {
    $response = $client->request('PUT','https://investigations.us-east-1.prod.alienvault.cloud/investigations/v3/investigations/{investigationId}/attachments/{attachmentId}', array(
        'headers' => $headers,
        'json' => $request_body,
       )
    );
    print_r($response->getBody()->getContents());
 }
 catch (\GuzzleHttp\Exception\BadResponseException $e) {
    // handle exception or api errors.
    print_r($e->getMessage());
 }

 // ...

URL obj = new URL("https://investigations.us-east-1.prod.alienvault.cloud/investigations/v3/investigations/{investigationId}/attachments/{attachmentId}");
HttpURLConnection con = (HttpURLConnection) obj.openConnection();
con.setRequestMethod("PUT");
int responseCode = con.getResponseCode();
BufferedReader in = new BufferedReader(
    new InputStreamReader(con.getInputStream()));
String inputLine;
StringBuffer response = new StringBuffer();
while ((inputLine = in.readLine()) != null) {
    response.append(inputLine);
}
in.close();
System.out.println(response.toString());

package main

import (
       "bytes"
       "net/http"
)

func main() {

    headers := map[string][]string{
        "Content-Type": []string{"application/json"},
        "Accept": []string{"application/json"},
        "Authorization": []string{"Bearer {id-token}"},
    }

    data := bytes.NewBuffer([]byte{jsonReq})
    req, err := http.NewRequest("PUT", "https://investigations.us-east-1.prod.alienvault.cloud/investigations/v3/investigations/{investigationId}/attachments/{attachmentId}", data)
    req.Header = headers

    client := &http.Client{}
    resp, err := client.Do(req)
    // ...
}

PUT /investigations/{investigationId}/attachments/{attachmentId}

Body parameter

{
  "private": true,
  "filename": "string"
}

Parameters

Name In Type Required Description
body body object false The PUT body holds the attributes associated with the attachment.
investigationId path string(uuid) true The unique identifier of an investigation.
attachmentId path string(uuid) true The unique identifier of an attachment.

Example responses

200 Response

{
  "_links": {
    "self": {
      "href": "http://example.com"
    },
    "download": {
      "href": "http://example.com"
    }
  },
  "id": "497f6eca-6276-4993-bfeb-53cbbbba6f08",
  "private": true,
  "name": "string",
  "size": 0,
  "created": {
    "by": "user@example.com",
    "on": "2019-08-24T14:15:22Z"
  },
  "lastModified": {
    "by": "user@example.com",
    "on": "2019-08-24T14:15:22Z"
  }
}

Responses

Status Meaning Description Schema
200 OK OK gAttachment
400 Bad Request Bad Request - Many possible reasons associated with the request (form, content, etc.). Do not resubmit this request unchanged. errorBody
401 Unauthorized Unauthorized - Authentication failed or was not provided in the Authorization header. None
403 Forbidden Forbidden - The client has insufficient permissions to access the resource. None
404 Not Found Not Found - The server has not found anything matching the Request-URI. No indication is given of whether the condition is temporary or permanent. None
406 Not Acceptable Not Acceptable - The value specified for the Accept header in the request is not supported. Acceptable value is "application/json". None
411 Length Required Length Required - The Content-Length header was not specified. None
415 Unsupported Media Type Unsupported Media Type - The value specified for the Content-Type header in the request is not supported. Acceptable value is "application/json". None
429 Too Many Requests Too Many Requests None
431 Request Header Fields Too Large Request Header Fields Too Large - either an individual header or the headers as a whole. None
500 Internal Server Error Internal Sever Error - The server encountered an internal error or timed out. Please try again later. None
503 Service Unavailable Service Unavailable - The server is currently unable to receive requests. Please try again later. None

Delete an Attachment

Code samples

# You can also use wget
curl -X DELETE https://investigations.us-east-1.prod.alienvault.cloud/investigations/v3/investigations/{investigationId}/attachments/{attachmentId} \
  -H 'Accept: application/json' \
  -H 'Authorization: Bearer {id-token}'

DELETE https://investigations.us-east-1.prod.alienvault.cloud/investigations/v3/investigations/{investigationId}/attachments/{attachmentId} HTTP/1.1
Host: investigations.us-east-1.prod.alienvault.cloud
Accept: application/json


const headers = {
  'Accept':'application/json',
  'Authorization':'Bearer {id-token}'
};

fetch('https://investigations.us-east-1.prod.alienvault.cloud/investigations/v3/investigations/{investigationId}/attachments/{attachmentId}',
{
  method: 'DELETE',

  headers: headers
})
.then(function(res) {
    return res.json();
}).then(function(body) {
    console.log(body);
});

require 'rest-client'
require 'json'

headers = {
  'Accept' => 'application/json',
  'Authorization' => 'Bearer {id-token}'
}

result = RestClient.delete 'https://investigations.us-east-1.prod.alienvault.cloud/investigations/v3/investigations/{investigationId}/attachments/{attachmentId}',
  params: {
  }, headers: headers

p JSON.parse(result)

import requests
headers = {
  'Accept': 'application/json',
  'Authorization': 'Bearer {id-token}'
}

r = requests.delete('https://investigations.us-east-1.prod.alienvault.cloud/investigations/v3/investigations/{investigationId}/attachments/{attachmentId}', headers = headers)

print(r.json())

<?php

require 'vendor/autoload.php';

$headers = array(
    'Accept' => 'application/json',
    'Authorization' => 'Bearer {id-token}',
);

$client = new \GuzzleHttp\Client();

// Define array of request body.
$request_body = array();

try {
    $response = $client->request('DELETE','https://investigations.us-east-1.prod.alienvault.cloud/investigations/v3/investigations/{investigationId}/attachments/{attachmentId}', array(
        'headers' => $headers,
        'json' => $request_body,
       )
    );
    print_r($response->getBody()->getContents());
 }
 catch (\GuzzleHttp\Exception\BadResponseException $e) {
    // handle exception or api errors.
    print_r($e->getMessage());
 }

 // ...

URL obj = new URL("https://investigations.us-east-1.prod.alienvault.cloud/investigations/v3/investigations/{investigationId}/attachments/{attachmentId}");
HttpURLConnection con = (HttpURLConnection) obj.openConnection();
con.setRequestMethod("DELETE");
int responseCode = con.getResponseCode();
BufferedReader in = new BufferedReader(
    new InputStreamReader(con.getInputStream()));
String inputLine;
StringBuffer response = new StringBuffer();
while ((inputLine = in.readLine()) != null) {
    response.append(inputLine);
}
in.close();
System.out.println(response.toString());

package main

import (
       "bytes"
       "net/http"
)

func main() {

    headers := map[string][]string{
        "Accept": []string{"application/json"},
        "Authorization": []string{"Bearer {id-token}"},
    }

    data := bytes.NewBuffer([]byte{jsonReq})
    req, err := http.NewRequest("DELETE", "https://investigations.us-east-1.prod.alienvault.cloud/investigations/v3/investigations/{investigationId}/attachments/{attachmentId}", data)
    req.Header = headers

    client := &http.Client{}
    resp, err := client.Do(req)
    // ...
}

DELETE /investigations/{investigationId}/attachments/{attachmentId}

Parameters

Name In Type Required Description
investigationId path string(uuid) true The unique identifier of an investigation.
attachmentId path string(uuid) true The unique identifier of an attachment.

Example responses

400 Response

{
  "errorId": "string",
  "message": "string",
  "variables": [
    "string"
  ],
  "errorUrl": "http://example.com"
}

Responses

Status Meaning Description Schema
204 No Content No Content None
400 Bad Request Bad Request - Many possible reasons associated with the request (form, content, etc.). Do not resubmit this request unchanged. errorBody
401 Unauthorized Unauthorized - Authentication failed or was not provided in the Authorization header. None
403 Forbidden Forbidden - The client has insufficient permissions to access the resource. None
404 Not Found Not Found - The server has not found anything matching the Request-URI. No indication is given of whether the condition is temporary or permanent. None
429 Too Many Requests Too Many Requests None
431 Request Header Fields Too Large Request Header Fields Too Large - either an individual header or the headers as a whole. None
500 Internal Server Error Internal Sever Error - The server encountered an internal error or timed out. Please try again later. None
503 Service Unavailable Service Unavailable - The server is currently unable to receive requests. Please try again later. None

Download an attachment

Code samples

# You can also use wget
curl -X GET https://investigations.us-east-1.prod.alienvault.cloud/investigations/v3/investigations/{investigationId}/attachments/{attachmentId}/download \
  -H 'Accept: application/octet-stream' \
  -H 'Authorization: Bearer {id-token}'

GET https://investigations.us-east-1.prod.alienvault.cloud/investigations/v3/investigations/{investigationId}/attachments/{attachmentId}/download HTTP/1.1
Host: investigations.us-east-1.prod.alienvault.cloud
Accept: application/octet-stream


const headers = {
  'Accept':'application/octet-stream',
  'Authorization':'Bearer {id-token}'
};

fetch('https://investigations.us-east-1.prod.alienvault.cloud/investigations/v3/investigations/{investigationId}/attachments/{attachmentId}/download',
{
  method: 'GET',

  headers: headers
})
.then(function(res) {
    return res.json();
}).then(function(body) {
    console.log(body);
});

require 'rest-client'
require 'json'

headers = {
  'Accept' => 'application/octet-stream',
  'Authorization' => 'Bearer {id-token}'
}

result = RestClient.get 'https://investigations.us-east-1.prod.alienvault.cloud/investigations/v3/investigations/{investigationId}/attachments/{attachmentId}/download',
  params: {
  }, headers: headers

p JSON.parse(result)

import requests
headers = {
  'Accept': 'application/octet-stream',
  'Authorization': 'Bearer {id-token}'
}

r = requests.get('https://investigations.us-east-1.prod.alienvault.cloud/investigations/v3/investigations/{investigationId}/attachments/{attachmentId}/download', headers = headers)

print(r.json())

<?php

require 'vendor/autoload.php';

$headers = array(
    'Accept' => 'application/octet-stream',
    'Authorization' => 'Bearer {id-token}',
);

$client = new \GuzzleHttp\Client();

// Define array of request body.
$request_body = array();

try {
    $response = $client->request('GET','https://investigations.us-east-1.prod.alienvault.cloud/investigations/v3/investigations/{investigationId}/attachments/{attachmentId}/download', array(
        'headers' => $headers,
        'json' => $request_body,
       )
    );
    print_r($response->getBody()->getContents());
 }
 catch (\GuzzleHttp\Exception\BadResponseException $e) {
    // handle exception or api errors.
    print_r($e->getMessage());
 }

 // ...

URL obj = new URL("https://investigations.us-east-1.prod.alienvault.cloud/investigations/v3/investigations/{investigationId}/attachments/{attachmentId}/download");
HttpURLConnection con = (HttpURLConnection) obj.openConnection();
con.setRequestMethod("GET");
int responseCode = con.getResponseCode();
BufferedReader in = new BufferedReader(
    new InputStreamReader(con.getInputStream()));
String inputLine;
StringBuffer response = new StringBuffer();
while ((inputLine = in.readLine()) != null) {
    response.append(inputLine);
}
in.close();
System.out.println(response.toString());

package main

import (
       "bytes"
       "net/http"
)

func main() {

    headers := map[string][]string{
        "Accept": []string{"application/octet-stream"},
        "Authorization": []string{"Bearer {id-token}"},
    }

    data := bytes.NewBuffer([]byte{jsonReq})
    req, err := http.NewRequest("GET", "https://investigations.us-east-1.prod.alienvault.cloud/investigations/v3/investigations/{investigationId}/attachments/{attachmentId}/download", data)
    req.Header = headers

    client := &http.Client{}
    resp, err := client.Do(req)
    // ...
}

GET /investigations/{investigationId}/attachments/{attachmentId}/download

Parameters

Name In Type Required Description
investigationId path string(uuid) true The unique identifier of an investigation.
attachmentId path string(uuid) true The unique identifier of an attachment.

Example responses

200 Response

400 Response

{
  "errorId": "string",
  "message": "string",
  "variables": [
    "string"
  ],
  "errorUrl": "http://example.com"
}

Responses

Status Meaning Description Schema
200 OK OK string
400 Bad Request Bad Request - Many possible reasons associated with the request (form, content, etc.). Do not resubmit this request unchanged. errorBody
401 Unauthorized Unauthorized - Authentication failed or was not provided in the Authorization header. None
403 Forbidden Forbidden - The client has insufficient permissions to access the resource. None
404 Not Found Not Found - The server has not found anything matching the Request-URI. No indication is given of whether the condition is temporary or permanent. None
406 Not Acceptable Not Acceptable - The value specified for the Accept header in the request is not supported. Acceptable value is "application/octet-stream". None
429 Too Many Requests Too Many Requests None
500 Internal Server Error Internal Sever Error - The server encountered an internal error or timed out. Please try again later. None
503 Service Unavailable Service Unavailable - The server is currently unable to receive requests. Please try again later. None

Evidence

List Evidence

Code samples

# You can also use wget
curl -X GET https://investigations.us-east-1.prod.alienvault.cloud/investigations/v3/investigations/{investigationId}/evidence \
  -H 'Accept: application/json' \
  -H 'Authorization: Bearer {id-token}'

GET https://investigations.us-east-1.prod.alienvault.cloud/investigations/v3/investigations/{investigationId}/evidence HTTP/1.1
Host: investigations.us-east-1.prod.alienvault.cloud
Accept: application/json


const headers = {
  'Accept':'application/json',
  'Authorization':'Bearer {id-token}'
};

fetch('https://investigations.us-east-1.prod.alienvault.cloud/investigations/v3/investigations/{investigationId}/evidence',
{
  method: 'GET',

  headers: headers
})
.then(function(res) {
    return res.json();
}).then(function(body) {
    console.log(body);
});

require 'rest-client'
require 'json'

headers = {
  'Accept' => 'application/json',
  'Authorization' => 'Bearer {id-token}'
}

result = RestClient.get 'https://investigations.us-east-1.prod.alienvault.cloud/investigations/v3/investigations/{investigationId}/evidence',
  params: {
  }, headers: headers

p JSON.parse(result)

import requests
headers = {
  'Accept': 'application/json',
  'Authorization': 'Bearer {id-token}'
}

r = requests.get('https://investigations.us-east-1.prod.alienvault.cloud/investigations/v3/investigations/{investigationId}/evidence', headers = headers)

print(r.json())

<?php

require 'vendor/autoload.php';

$headers = array(
    'Accept' => 'application/json',
    'Authorization' => 'Bearer {id-token}',
);

$client = new \GuzzleHttp\Client();

// Define array of request body.
$request_body = array();

try {
    $response = $client->request('GET','https://investigations.us-east-1.prod.alienvault.cloud/investigations/v3/investigations/{investigationId}/evidence', array(
        'headers' => $headers,
        'json' => $request_body,
       )
    );
    print_r($response->getBody()->getContents());
 }
 catch (\GuzzleHttp\Exception\BadResponseException $e) {
    // handle exception or api errors.
    print_r($e->getMessage());
 }

 // ...

URL obj = new URL("https://investigations.us-east-1.prod.alienvault.cloud/investigations/v3/investigations/{investigationId}/evidence");
HttpURLConnection con = (HttpURLConnection) obj.openConnection();
con.setRequestMethod("GET");
int responseCode = con.getResponseCode();
BufferedReader in = new BufferedReader(
    new InputStreamReader(con.getInputStream()));
String inputLine;
StringBuffer response = new StringBuffer();
while ((inputLine = in.readLine()) != null) {
    response.append(inputLine);
}
in.close();
System.out.println(response.toString());

package main

import (
       "bytes"
       "net/http"
)

func main() {

    headers := map[string][]string{
        "Accept": []string{"application/json"},
        "Authorization": []string{"Bearer {id-token}"},
    }

    data := bytes.NewBuffer([]byte{jsonReq})
    req, err := http.NewRequest("GET", "https://investigations.us-east-1.prod.alienvault.cloud/investigations/v3/investigations/{investigationId}/evidence", data)
    req.Header = headers

    client := &http.Client{}
    resp, err := client.Do(req)
    // ...
}

GET /investigations/{investigationId}/evidence

Parameters

Name In Type Required Description
investigationId path string(uuid) true The unique identifier of an investigation.

Example responses

200 Response

{
  "_links": {
    "self": {
      "href": "http://example.com"
    }
  },
  "evidence": [
    {
      "_links": {
        "self": {
          "href": "http://example.com"
        }
      },
      "id": "497f6eca-6276-4993-bfeb-53cbbbba6f08",
      "urn": "string",
      "summary": "string",
      "created": {
        "by": "user@example.com",
        "on": "2019-08-24T14:15:22Z"
      }
    }
  ]
}

Responses

Status Meaning Description Schema
200 OK OK Inline
400 Bad Request Bad Request - Many possible reasons associated with the request (form, content, etc.). Do not resubmit this request unchanged. errorBody
401 Unauthorized Unauthorized - Authentication failed or was not provided in the Authorization header. None
403 Forbidden Forbidden - The client has insufficient permissions to access the resource. None
404 Not Found Not Found - The server has not found anything matching the Request-URI. No indication is given of whether the condition is temporary or permanent. None
406 Not Acceptable Not Acceptable - The value specified for the Accept header in the request is not supported. Acceptable value is "application/json". None
429 Too Many Requests Too Many Requests None
500 Internal Server Error Internal Sever Error - The server encountered an internal error or timed out. Please try again later. None
503 Service Unavailable Service Unavailable - The server is currently unable to receive requests. Please try again later. None

Add Evidence

Code samples

# You can also use wget
curl -X POST https://investigations.us-east-1.prod.alienvault.cloud/investigations/v3/investigations/{investigationId}/evidence \
  -H 'Content-Type: application/json' \
  -H 'Accept: application/json' \
  -H 'Authorization: Bearer {id-token}'

POST https://investigations.us-east-1.prod.alienvault.cloud/investigations/v3/investigations/{investigationId}/evidence HTTP/1.1
Host: investigations.us-east-1.prod.alienvault.cloud
Content-Type: application/json
Accept: application/json

const inputBody = '{
  "urn": "string",
  "summary": "string"
}';
const headers = {
  'Content-Type':'application/json',
  'Accept':'application/json',
  'Authorization':'Bearer {id-token}'
};

fetch('https://investigations.us-east-1.prod.alienvault.cloud/investigations/v3/investigations/{investigationId}/evidence',
{
  method: 'POST',
  body: inputBody,
  headers: headers
})
.then(function(res) {
    return res.json();
}).then(function(body) {
    console.log(body);
});

require 'rest-client'
require 'json'

headers = {
  'Content-Type' => 'application/json',
  'Accept' => 'application/json',
  'Authorization' => 'Bearer {id-token}'
}

result = RestClient.post 'https://investigations.us-east-1.prod.alienvault.cloud/investigations/v3/investigations/{investigationId}/evidence',
  params: {
  }, headers: headers

p JSON.parse(result)

import requests
headers = {
  'Content-Type': 'application/json',
  'Accept': 'application/json',
  'Authorization': 'Bearer {id-token}'
}

r = requests.post('https://investigations.us-east-1.prod.alienvault.cloud/investigations/v3/investigations/{investigationId}/evidence', headers = headers)

print(r.json())

<?php

require 'vendor/autoload.php';

$headers = array(
    'Content-Type' => 'application/json',
    'Accept' => 'application/json',
    'Authorization' => 'Bearer {id-token}',
);

$client = new \GuzzleHttp\Client();

// Define array of request body.
$request_body = array();

try {
    $response = $client->request('POST','https://investigations.us-east-1.prod.alienvault.cloud/investigations/v3/investigations/{investigationId}/evidence', array(
        'headers' => $headers,
        'json' => $request_body,
       )
    );
    print_r($response->getBody()->getContents());
 }
 catch (\GuzzleHttp\Exception\BadResponseException $e) {
    // handle exception or api errors.
    print_r($e->getMessage());
 }

 // ...

URL obj = new URL("https://investigations.us-east-1.prod.alienvault.cloud/investigations/v3/investigations/{investigationId}/evidence");
HttpURLConnection con = (HttpURLConnection) obj.openConnection();
con.setRequestMethod("POST");
int responseCode = con.getResponseCode();
BufferedReader in = new BufferedReader(
    new InputStreamReader(con.getInputStream()));
String inputLine;
StringBuffer response = new StringBuffer();
while ((inputLine = in.readLine()) != null) {
    response.append(inputLine);
}
in.close();
System.out.println(response.toString());

package main

import (
       "bytes"
       "net/http"
)

func main() {

    headers := map[string][]string{
        "Content-Type": []string{"application/json"},
        "Accept": []string{"application/json"},
        "Authorization": []string{"Bearer {id-token}"},
    }

    data := bytes.NewBuffer([]byte{jsonReq})
    req, err := http.NewRequest("POST", "https://investigations.us-east-1.prod.alienvault.cloud/investigations/v3/investigations/{investigationId}/evidence", data)
    req.Header = headers

    client := &http.Client{}
    resp, err := client.Do(req)
    // ...
}

POST /investigations/{investigationId}/evidence

Body parameter

{
  "urn": "string",
  "summary": "string"
}

Parameters

Name In Type Required Description
body body pEvidence false The POST body is information about the evidence to associate with the investigation.
investigationId path string(uuid) true The unique identifier of an investigation.

Example responses

201 Response

{
  "_links": {
    "self": {
      "href": "http://example.com"
    }
  },
  "id": "497f6eca-6276-4993-bfeb-53cbbbba6f08",
  "urn": "string",
  "summary": "string",
  "created": {
    "by": "user@example.com",
    "on": "2019-08-24T14:15:22Z"
  }
}

Responses

Status Meaning Description Schema
201 Created CREATED gEvidence
400 Bad Request Bad Request - Many possible reasons associated with the request (form, content, etc.). Do not resubmit this request unchanged. errorBody
401 Unauthorized Unauthorized - Authentication failed or was not provided in the Authorization header. None
403 Forbidden Forbidden - The client has insufficient permissions to access the resource. None
404 Not Found Not Found - The server has not found anything matching the Request-URI. No indication is given of whether the condition is temporary or permanent. None
406 Not Acceptable Not Acceptable - The value specified for the Accept header in the request is not supported. Acceptable value is "application/json". None
411 Length Required Length Required - The Content-Length header was not specified. None
415 Unsupported Media Type Unsupported Media Type - The value specified for the Content-Type header in the request is not supported. Acceptable value is "application/json". None
429 Too Many Requests Too Many Requests None
500 Internal Server Error Internal Sever Error - The server encountered an internal error or timed out. Please try again later. None
503 Service Unavailable Service Unavailable - The server is currently unable to receive requests. Please try again later. None

Download Evidence

Code samples

# You can also use wget
curl -X GET https://investigations.us-east-1.prod.alienvault.cloud/investigations/v3/investigations/{investigationId}/evidence/{evidenceId} \
  -H 'Accept: application/json' \
  -H 'Authorization: Bearer {id-token}'

GET https://investigations.us-east-1.prod.alienvault.cloud/investigations/v3/investigations/{investigationId}/evidence/{evidenceId} HTTP/1.1
Host: investigations.us-east-1.prod.alienvault.cloud
Accept: application/json


const headers = {
  'Accept':'application/json',
  'Authorization':'Bearer {id-token}'
};

fetch('https://investigations.us-east-1.prod.alienvault.cloud/investigations/v3/investigations/{investigationId}/evidence/{evidenceId}',
{
  method: 'GET',

  headers: headers
})
.then(function(res) {
    return res.json();
}).then(function(body) {
    console.log(body);
});

require 'rest-client'
require 'json'

headers = {
  'Accept' => 'application/json',
  'Authorization' => 'Bearer {id-token}'
}

result = RestClient.get 'https://investigations.us-east-1.prod.alienvault.cloud/investigations/v3/investigations/{investigationId}/evidence/{evidenceId}',
  params: {
  }, headers: headers

p JSON.parse(result)

import requests
headers = {
  'Accept': 'application/json',
  'Authorization': 'Bearer {id-token}'
}

r = requests.get('https://investigations.us-east-1.prod.alienvault.cloud/investigations/v3/investigations/{investigationId}/evidence/{evidenceId}', headers = headers)

print(r.json())

<?php

require 'vendor/autoload.php';

$headers = array(
    'Accept' => 'application/json',
    'Authorization' => 'Bearer {id-token}',
);

$client = new \GuzzleHttp\Client();

// Define array of request body.
$request_body = array();

try {
    $response = $client->request('GET','https://investigations.us-east-1.prod.alienvault.cloud/investigations/v3/investigations/{investigationId}/evidence/{evidenceId}', array(
        'headers' => $headers,
        'json' => $request_body,
       )
    );
    print_r($response->getBody()->getContents());
 }
 catch (\GuzzleHttp\Exception\BadResponseException $e) {
    // handle exception or api errors.
    print_r($e->getMessage());
 }

 // ...

URL obj = new URL("https://investigations.us-east-1.prod.alienvault.cloud/investigations/v3/investigations/{investigationId}/evidence/{evidenceId}");
HttpURLConnection con = (HttpURLConnection) obj.openConnection();
con.setRequestMethod("GET");
int responseCode = con.getResponseCode();
BufferedReader in = new BufferedReader(
    new InputStreamReader(con.getInputStream()));
String inputLine;
StringBuffer response = new StringBuffer();
while ((inputLine = in.readLine()) != null) {
    response.append(inputLine);
}
in.close();
System.out.println(response.toString());

package main

import (
       "bytes"
       "net/http"
)

func main() {

    headers := map[string][]string{
        "Accept": []string{"application/json"},
        "Authorization": []string{"Bearer {id-token}"},
    }

    data := bytes.NewBuffer([]byte{jsonReq})
    req, err := http.NewRequest("GET", "https://investigations.us-east-1.prod.alienvault.cloud/investigations/v3/investigations/{investigationId}/evidence/{evidenceId}", data)
    req.Header = headers

    client := &http.Client{}
    resp, err := client.Do(req)
    // ...
}

GET /investigations/{investigationId}/evidence/{evidenceId}

Parameters

Name In Type Required Description
investigationId path string(uuid) true The unique identifier of an investigation.
evidenceId path string(uuid) true The unique identifier of an evidence.

Example responses

200 Response

{
  "_links": {
    "self": {
      "href": "http://example.com"
    }
  },
  "id": "497f6eca-6276-4993-bfeb-53cbbbba6f08",
  "urn": "string",
  "summary": "string",
  "created": {
    "by": "user@example.com",
    "on": "2019-08-24T14:15:22Z"
  }
}

Responses

Status Meaning Description Schema
200 OK OK gEvidence
400 Bad Request Bad Request - Many possible reasons associated with the request (form, content, etc.). Do not resubmit this request unchanged. errorBody
401 Unauthorized Unauthorized - Authentication failed or was not provided in the Authorization header. None
403 Forbidden Forbidden - The client has insufficient permissions to access the resource. None
404 Not Found Not Found - The server has not found anything matching the Request-URI. No indication is given of whether the condition is temporary or permanent. None
406 Not Acceptable Not Acceptable - The value specified for the Accept header in the request is not supported. Acceptable value is "application/json". None
429 Too Many Requests Too Many Requests None
500 Internal Server Error Internal Sever Error - The server encountered an internal error or timed out. Please try again later. None
503 Service Unavailable Service Unavailable - The server is currently unable to receive requests. Please try again later. None

Remove Evidence

Code samples

# You can also use wget
curl -X DELETE https://investigations.us-east-1.prod.alienvault.cloud/investigations/v3/investigations/{investigationId}/evidence/{evidenceId} \
  -H 'Accept: application/json' \
  -H 'Authorization: Bearer {id-token}'

DELETE https://investigations.us-east-1.prod.alienvault.cloud/investigations/v3/investigations/{investigationId}/evidence/{evidenceId} HTTP/1.1
Host: investigations.us-east-1.prod.alienvault.cloud
Accept: application/json


const headers = {
  'Accept':'application/json',
  'Authorization':'Bearer {id-token}'
};

fetch('https://investigations.us-east-1.prod.alienvault.cloud/investigations/v3/investigations/{investigationId}/evidence/{evidenceId}',
{
  method: 'DELETE',

  headers: headers
})
.then(function(res) {
    return res.json();
}).then(function(body) {
    console.log(body);
});

require 'rest-client'
require 'json'

headers = {
  'Accept' => 'application/json',
  'Authorization' => 'Bearer {id-token}'
}

result = RestClient.delete 'https://investigations.us-east-1.prod.alienvault.cloud/investigations/v3/investigations/{investigationId}/evidence/{evidenceId}',
  params: {
  }, headers: headers

p JSON.parse(result)

import requests
headers = {
  'Accept': 'application/json',
  'Authorization': 'Bearer {id-token}'
}

r = requests.delete('https://investigations.us-east-1.prod.alienvault.cloud/investigations/v3/investigations/{investigationId}/evidence/{evidenceId}', headers = headers)

print(r.json())

<?php

require 'vendor/autoload.php';

$headers = array(
    'Accept' => 'application/json',
    'Authorization' => 'Bearer {id-token}',
);

$client = new \GuzzleHttp\Client();

// Define array of request body.
$request_body = array();

try {
    $response = $client->request('DELETE','https://investigations.us-east-1.prod.alienvault.cloud/investigations/v3/investigations/{investigationId}/evidence/{evidenceId}', array(
        'headers' => $headers,
        'json' => $request_body,
       )
    );
    print_r($response->getBody()->getContents());
 }
 catch (\GuzzleHttp\Exception\BadResponseException $e) {
    // handle exception or api errors.
    print_r($e->getMessage());
 }

 // ...

URL obj = new URL("https://investigations.us-east-1.prod.alienvault.cloud/investigations/v3/investigations/{investigationId}/evidence/{evidenceId}");
HttpURLConnection con = (HttpURLConnection) obj.openConnection();
con.setRequestMethod("DELETE");
int responseCode = con.getResponseCode();
BufferedReader in = new BufferedReader(
    new InputStreamReader(con.getInputStream()));
String inputLine;
StringBuffer response = new StringBuffer();
while ((inputLine = in.readLine()) != null) {
    response.append(inputLine);
}
in.close();
System.out.println(response.toString());

package main

import (
       "bytes"
       "net/http"
)

func main() {

    headers := map[string][]string{
        "Accept": []string{"application/json"},
        "Authorization": []string{"Bearer {id-token}"},
    }

    data := bytes.NewBuffer([]byte{jsonReq})
    req, err := http.NewRequest("DELETE", "https://investigations.us-east-1.prod.alienvault.cloud/investigations/v3/investigations/{investigationId}/evidence/{evidenceId}", data)
    req.Header = headers

    client := &http.Client{}
    resp, err := client.Do(req)
    // ...
}

DELETE /investigations/{investigationId}/evidence/{evidenceId}

Parameters

Name In Type Required Description
investigationId path string(uuid) true The unique identifier of an investigation.
evidenceId path string(uuid) true The unique identifier of an evidence.

Example responses

400 Response

{
  "errorId": "string",
  "message": "string",
  "variables": [
    "string"
  ],
  "errorUrl": "http://example.com"
}

Responses

Status Meaning Description Schema
204 No Content No Content None
400 Bad Request Bad Request - Many possible reasons associated with the request (form, content, etc.). Do not resubmit this request unchanged. errorBody
401 Unauthorized Unauthorized - Authentication failed or was not provided in the Authorization header. None
403 Forbidden Forbidden - The client has insufficient permissions to access the resource. None
404 Not Found Not Found - The server has not found anything matching the Request-URI. No indication is given of whether the condition is temporary or permanent. None
429 Too Many Requests Too Many Requests None
431 Request Header Fields Too Large Request Header Fields Too Large - either an individual header or the headers as a whole. None
500 Internal Server Error Internal Sever Error - The server encountered an internal error or timed out. Please try again later. None
503 Service Unavailable Service Unavailable - The server is currently unable to receive requests. Please try again later. None

History

List Changes

Code samples

# You can also use wget
curl -X GET https://investigations.us-east-1.prod.alienvault.cloud/investigations/v3/investigations/{investigationId}/history \
  -H 'Accept: application/json' \
  -H 'Authorization: Bearer {id-token}'

GET https://investigations.us-east-1.prod.alienvault.cloud/investigations/v3/investigations/{investigationId}/history HTTP/1.1
Host: investigations.us-east-1.prod.alienvault.cloud
Accept: application/json


const headers = {
  'Accept':'application/json',
  'Authorization':'Bearer {id-token}'
};

fetch('https://investigations.us-east-1.prod.alienvault.cloud/investigations/v3/investigations/{investigationId}/history',
{
  method: 'GET',

  headers: headers
})
.then(function(res) {
    return res.json();
}).then(function(body) {
    console.log(body);
});

require 'rest-client'
require 'json'

headers = {
  'Accept' => 'application/json',
  'Authorization' => 'Bearer {id-token}'
}

result = RestClient.get 'https://investigations.us-east-1.prod.alienvault.cloud/investigations/v3/investigations/{investigationId}/history',
  params: {
  }, headers: headers

p JSON.parse(result)

import requests
headers = {
  'Accept': 'application/json',
  'Authorization': 'Bearer {id-token}'
}

r = requests.get('https://investigations.us-east-1.prod.alienvault.cloud/investigations/v3/investigations/{investigationId}/history', headers = headers)

print(r.json())

<?php

require 'vendor/autoload.php';

$headers = array(
    'Accept' => 'application/json',
    'Authorization' => 'Bearer {id-token}',
);

$client = new \GuzzleHttp\Client();

// Define array of request body.
$request_body = array();

try {
    $response = $client->request('GET','https://investigations.us-east-1.prod.alienvault.cloud/investigations/v3/investigations/{investigationId}/history', array(
        'headers' => $headers,
        'json' => $request_body,
       )
    );
    print_r($response->getBody()->getContents());
 }
 catch (\GuzzleHttp\Exception\BadResponseException $e) {
    // handle exception or api errors.
    print_r($e->getMessage());
 }

 // ...

URL obj = new URL("https://investigations.us-east-1.prod.alienvault.cloud/investigations/v3/investigations/{investigationId}/history");
HttpURLConnection con = (HttpURLConnection) obj.openConnection();
con.setRequestMethod("GET");
int responseCode = con.getResponseCode();
BufferedReader in = new BufferedReader(
    new InputStreamReader(con.getInputStream()));
String inputLine;
StringBuffer response = new StringBuffer();
while ((inputLine = in.readLine()) != null) {
    response.append(inputLine);
}
in.close();
System.out.println(response.toString());

package main

import (
       "bytes"
       "net/http"
)

func main() {

    headers := map[string][]string{
        "Accept": []string{"application/json"},
        "Authorization": []string{"Bearer {id-token}"},
    }

    data := bytes.NewBuffer([]byte{jsonReq})
    req, err := http.NewRequest("GET", "https://investigations.us-east-1.prod.alienvault.cloud/investigations/v3/investigations/{investigationId}/history", data)
    req.Header = headers

    client := &http.Client{}
    resp, err := client.Do(req)
    // ...
}

GET /investigations/{investigationId}/history

Parameters

Name In Type Required Description
investigationId path string(uuid) true The unique identifier of an investigation.

Example responses

200 Response

{
  "_links": {
    "self": {
      "href": "http://example.com"
    }
  },
  "history": [
    {
      "id": "497f6eca-6276-4993-bfeb-53cbbbba6f08",
      "modified": {
        "by": "user@example.com",
        "on": "2019-08-24T14:15:22Z"
      },
      "target": {
        "type": "investigation",
        "id": "497f6eca-6276-4993-bfeb-53cbbbba6f08"
      },
      "action": "Created"
    }
  ]
}

Responses

Status Meaning Description Schema
200 OK OK Inline
400 Bad Request Bad Request - Many possible reasons associated with the request (form, content, etc.). Do not resubmit this request unchanged. errorBody
401 Unauthorized Unauthorized - Authentication failed or was not provided in the Authorization header. None
403 Forbidden Forbidden - The client has insufficient permissions to access the resource. None
404 Not Found Not Found - The server has not found anything matching the Request-URI. No indication is given of whether the condition is temporary or permanent. None
406 Not Acceptable Not Acceptable - The value specified for the Accept header in the request is not supported. Acceptable value is "application/json". None
429 Too Many Requests Too Many Requests None
500 Internal Server Error Internal Sever Error - The server encountered an internal error or timed out. Please try again later. None
503 Service Unavailable Service Unavailable - The server is currently unable to receive requests. Please try again later. None

Investigations

List Investigations

Code samples

# You can also use wget
curl -X GET https://investigations.us-east-1.prod.alienvault.cloud/investigations/v3/investigations \
  -H 'Accept: application/json' \
  -H 'X-ATT-MessageId: 497f6eca-6276-4993-bfeb-53cbbbba6f08' \
  -H 'Authorization: Bearer {id-token}'

GET https://investigations.us-east-1.prod.alienvault.cloud/investigations/v3/investigations HTTP/1.1
Host: investigations.us-east-1.prod.alienvault.cloud
Accept: application/json
X-ATT-MessageId: 497f6eca-6276-4993-bfeb-53cbbbba6f08


const headers = {
  'Accept':'application/json',
  'X-ATT-MessageId':'497f6eca-6276-4993-bfeb-53cbbbba6f08',
  'Authorization':'Bearer {id-token}'
};

fetch('https://investigations.us-east-1.prod.alienvault.cloud/investigations/v3/investigations',
{
  method: 'GET',

  headers: headers
})
.then(function(res) {
    return res.json();
}).then(function(body) {
    console.log(body);
});

require 'rest-client'
require 'json'

headers = {
  'Accept' => 'application/json',
  'X-ATT-MessageId' => '497f6eca-6276-4993-bfeb-53cbbbba6f08',
  'Authorization' => 'Bearer {id-token}'
}

result = RestClient.get 'https://investigations.us-east-1.prod.alienvault.cloud/investigations/v3/investigations',
  params: {
  }, headers: headers

p JSON.parse(result)

import requests
headers = {
  'Accept': 'application/json',
  'X-ATT-MessageId': '497f6eca-6276-4993-bfeb-53cbbbba6f08',
  'Authorization': 'Bearer {id-token}'
}

r = requests.get('https://investigations.us-east-1.prod.alienvault.cloud/investigations/v3/investigations', headers = headers)

print(r.json())

<?php

require 'vendor/autoload.php';

$headers = array(
    'Accept' => 'application/json',
    'X-ATT-MessageId' => '497f6eca-6276-4993-bfeb-53cbbbba6f08',
    'Authorization' => 'Bearer {id-token}',
);

$client = new \GuzzleHttp\Client();

// Define array of request body.
$request_body = array();

try {
    $response = $client->request('GET','https://investigations.us-east-1.prod.alienvault.cloud/investigations/v3/investigations', array(
        'headers' => $headers,
        'json' => $request_body,
       )
    );
    print_r($response->getBody()->getContents());
 }
 catch (\GuzzleHttp\Exception\BadResponseException $e) {
    // handle exception or api errors.
    print_r($e->getMessage());
 }

 // ...

URL obj = new URL("https://investigations.us-east-1.prod.alienvault.cloud/investigations/v3/investigations");
HttpURLConnection con = (HttpURLConnection) obj.openConnection();
con.setRequestMethod("GET");
int responseCode = con.getResponseCode();
BufferedReader in = new BufferedReader(
    new InputStreamReader(con.getInputStream()));
String inputLine;
StringBuffer response = new StringBuffer();
while ((inputLine = in.readLine()) != null) {
    response.append(inputLine);
}
in.close();
System.out.println(response.toString());

package main

import (
       "bytes"
       "net/http"
)

func main() {

    headers := map[string][]string{
        "Accept": []string{"application/json"},
        "X-ATT-MessageId": []string{"497f6eca-6276-4993-bfeb-53cbbbba6f08"},
        "Authorization": []string{"Bearer {id-token}"},
    }

    data := bytes.NewBuffer([]byte{jsonReq})
    req, err := http.NewRequest("GET", "https://investigations.us-east-1.prod.alienvault.cloud/investigations/v3/investigations", data)
    req.Header = headers

    client := &http.Client{}
    resp, err := client.Do(req)
    // ...
}

GET /investigations

Parameters

Name In Type Required Description
X-ATT-MessageId header string(uuid) false A client-provided value that uniquely identifies a client generated message sent to the service. This header will be reflected back unchanged in the response.
fields query string false In GET operations, a consumer application may want selected attributes of a representation. Although the consumer can ignore attributes it doesn’t utilize, transferring the attributes wastes bandwidth and time. Hence, for performance reasons, the consumer wants only the attributes it uses.
page query integer false The number of the page being requested starting with 1
perPage query integer false An integer that describes the number of objects contained in a page. The maximum page size is {TBD}. If a number greater than this is specified, the server will use the maximum page size instead.
q query string false RSQL query string

Example responses

OK

{
  "_links": {
    "self": {
      "href": "https://investigations.us-east-1.prod.alienvault.cloud/investigations/v3/investigations?deployments=cn%3A%2F%2Fasecurityteam.alienvault.cloud&page=2&perPage=3"
    },
    "prev": {
      "href": "https://investigations.us-east-1.prod.alienvault.cloud/investigations/v3/investigations?deployments=cn%3A%2F%2Fasecurityteam.alienvault.cloud&page=1&perPage=3"
    },
    "next": {
      "href": "https://investigations.us-east-1.prod.alienvault.cloud/investigations/v3/investigations?deployments=cn%3A%2F%2Fasecurityteam.alienvault.cloud&page=3&perPage=3"
    },
    "first": {
      "href": "https://investigations.us-east-1.prod.alienvault.cloud/investigations/v3/investigations?deployments=cn%3A%2F%2Fasecurityteam.alienvault.cloud&page=1&perPage=3"
    },
    "last": {
      "href": "https://investigations.us-east-1.prod.alienvault.cloud/investigations/v3/investigations?deployments=cn%3A%2F%2Fasecurityteam.alienvault.cloud&page=5&perPage=3"
    }
  },
  "page": {
    "size": 3,
    "totalElements": 13,
    "totalPages": 5,
    "number": 2
  },
  "investigations": [
    {
      "_links": {
        "self": {
          "href": "https://investigations.us-east-1.prod.alienvault.cloud/investigations/v3/investigations/2033c597-97d2-49f4-b3b6-c9079d46c0f2"
        },
        "attachments": {
          "href": "https://investigations.us-east-1.prod.alienvault.cloud/investigations/v3/investigations/2033c597-97d2-49f4-b3b6-c9079d46c0f2/attachments"
        },
        "evidence": {
          "href": "https://investigations.us-east-1.prod.alienvault.cloud/investigations/v3/investigations/2033c597-97d2-49f4-b3b6-c9079d46c0f2/evidence"
        },
        "history": {
          "href": "https://investigations.us-east-1.prod.alienvault.cloud/investigations/v3/investigations/2033c597-97d2-49f4-b3b6-c9079d46c0f2/history"
        },
        "notes": {
          "href": "https://investigations.us-east-1.prod.alienvault.cloud/investigations/v3/investigations/2033c597-97d2-49f4-b3b6-c9079d46c0f2/notes"
        }
      },
      "_embedded": {
        "attachments": {
          "elements": 1
        },
        "evidence": {
          "elements": 6
        },
        "notes": {
          "elements": 3
        },
        "history": {
          "elements": 21
        }
      },
      "id": "2033c597-97d2-49f4-b3b6-c9079d46c0f2",
      "i3": "INV-201811-22-0023",
      "title": "A weird error",
      "description": "I found this strange error in my logs. It could be serious.",
      "deployment": "cn://asecurityteam.alienvault.cloud",
      "private": false,
      "severity": "Medium",
      "intent": "Reconnaissance & Probing",
      "status": "Open",
      "assignedTo": "ace@some.mssp.com",
      "created": {
        "by": "user@asecurityteam.com",
        "on": "2018-11-07T15:38:52.132Z"
      },
      "lastModified": {
        "by": "user@asecurityteam.com",
        "on": "2018-11-07T15:38:52.132Z"
      }
    },
    {
      "_links": {
        "self": {
          "href": "https://investigations.us-east-1.prod.alienvault.cloud/investigations/v3/investigations/1b51359b-5b0b-4fa5-a045-4e40dfd1df58"
        },
        "attachments": {
          "href": "https://investigations.us-east-1.prod.alienvault.cloud/investigations/v3/investigations/1b51359b-5b0b-4fa5-a045-4e40dfd1df58/attachments"
        },
        "evidence": {
          "href": "https://investigations.us-east-1.prod.alienvault.cloud/investigations/v3/investigations/1b51359b-5b0b-4fa5-a045-4e40dfd1df58/evidence"
        },
        "history": {
          "href": "https://investigations.us-east-1.prod.alienvault.cloud/investigations/v3/investigations/1b51359b-5b0b-4fa5-a045-4e40dfd1df58/history"
        },
        "notes": {
          "href": "https://investigations.us-east-1.prod.alienvault.cloud/investigations/v3/investigations/1b51359b-5b0b-4fa5-a045-4e40dfd1df58/notes"
        }
      },
      "_embedded": {
        "attachments": {
          "elements": 0
        },
        "evidence": {
          "elements": 1
        },
        "notes": {
          "elements": 1
        },
        "history": {
          "elements": 5
        }
      },
      "id": "1b51359b-5b0b-4fa5-a045-4e40dfd1df58",
      "i3": "INV-201811-22-0021",
      "title": "Something to investigate",
      "description": "We should probably look into this.",
      "deployment": "cn://asecurityteam.alienvault.cloud",
      "private": false,
      "severity": "Low",
      "intent": "Environmental Awareness",
      "status": "In Review",
      "assignedTo": "user@asecurityteam.com",
      "created": {
        "by": "user@asecurityteam.com",
        "on": "2018-11-06T10:18:33.765Z"
      },
      "lastModified": {
        "by": "user@asecurityteam.com",
        "on": "2018-11-07T09:11:32.445Z"
      }
    },
    {
      "_links": {
        "self": {
          "href": "https://investigations.us-east-1.prod.alienvault.cloud/investigations/v3/investigations/e0e5c3e8-7702-464d-941a-57caea765d2d"
        },
        "attachments": {
          "href": "https://investigations.us-east-1.prod.alienvault.cloud/investigations/v3/investigations/e0e5c3e8-7702-464d-941a-57caea765d2d/attachments"
        },
        "evidence": {
          "href": "https://investigations.us-east-1.prod.alienvault.cloud/investigations/v3/investigations/e0e5c3e8-7702-464d-941a-57caea765d2d/evidence"
        },
        "history": {
          "href": "https://investigations.us-east-1.prod.alienvault.cloud/investigations/v3/investigations/e0e5c3e8-7702-464d-941a-57caea765d2d/history"
        },
        "notes": {
          "href": "https://investigations.us-east-1.prod.alienvault.cloud/investigations/v3/investigations/e0e5c3e8-7702-464d-941a-57caea765d2d/notes"
        }
      },
      "_embedded": {
        "attachments": {
          "elements": 0
        },
        "evidence": {
          "elements": 13
        },
        "notes": {
          "elements": 41
        },
        "history": {
          "elements": 127
        }
      },
      "id": "e0e5c3e8-7702-464d-941a-57caea765d2d",
      "i3": "INV-201811-22-0019",
      "title": "FIX THIS NOW!",
      "description": "A critical flaw in our security that needs IMMEDIATE attention!",
      "deployment": "cn://asecurityteam.alienvault.cloud",
      "private": false,
      "severity": "Critical",
      "intent": "Delivery & Attack",
      "status": "Closed",
      "assignedTo": "ace@some.mssp.com",
      "created": {
        "by": "user@asecurityteam.com",
        "on": "2018-11-07T14:55:02.132Z"
      },
      "lastModified": {
        "by": "ace@some.mssp.com",
        "on": "2018-11-07T14:59:02.132Z"
      }
    }
  ],
  "_embedded": {}
}

400 Response

{
  "errorId": "string",
  "message": "string",
  "variables": [
    "string"
  ],
  "errorUrl": "http://example.com"
}

Responses

Status Meaning Description Schema
200 OK OK Inline
400 Bad Request Bad Request - Many possible reasons associated with the request (form, content, etc.). Do not resubmit this request unchanged. errorBody
401 Unauthorized Unauthorized - Authentication failed or was not provided in the Authorization header. None
403 Forbidden Forbidden - The client has insufficient permissions to access the resource. None
406 Not Acceptable Not Acceptable - The value specified for the Accept header in the request is not supported. Acceptable value is "application/json". None
429 Too Many Requests Too Many Requests None
500 Internal Server Error Internal Sever Error - The server encountered an internal error or timed out. Please try again later. None
503 Service Unavailable Service Unavailable - The server is currently unable to receive requests. Please try again later. None

Create an Investigation

Code samples

# You can also use wget
curl -X POST https://investigations.us-east-1.prod.alienvault.cloud/investigations/v3/investigations \
  -H 'Content-Type: application/json' \
  -H 'Accept: application/json' \
  -H 'X-ATT-MessageId: 497f6eca-6276-4993-bfeb-53cbbbba6f08' \
  -H 'Authorization: Bearer {id-token}'

POST https://investigations.us-east-1.prod.alienvault.cloud/investigations/v3/investigations HTTP/1.1
Host: investigations.us-east-1.prod.alienvault.cloud
Content-Type: application/json
Accept: application/json
X-ATT-MessageId: 497f6eca-6276-4993-bfeb-53cbbbba6f08

const inputBody = '{
  "title": "A weird error",
  "description": "I found this strange error in my logs. It could be serious.",
  "deployment": "cn://asecurityteam.alienvault.cloud",
  "severity": "Medium",
  "status": "Open",
  "intent": "Reconnaissance & Probing"
}';
const headers = {
  'Content-Type':'application/json',
  'Accept':'application/json',
  'X-ATT-MessageId':'497f6eca-6276-4993-bfeb-53cbbbba6f08',
  'Authorization':'Bearer {id-token}'
};

fetch('https://investigations.us-east-1.prod.alienvault.cloud/investigations/v3/investigations',
{
  method: 'POST',
  body: inputBody,
  headers: headers
})
.then(function(res) {
    return res.json();
}).then(function(body) {
    console.log(body);
});

require 'rest-client'
require 'json'

headers = {
  'Content-Type' => 'application/json',
  'Accept' => 'application/json',
  'X-ATT-MessageId' => '497f6eca-6276-4993-bfeb-53cbbbba6f08',
  'Authorization' => 'Bearer {id-token}'
}

result = RestClient.post 'https://investigations.us-east-1.prod.alienvault.cloud/investigations/v3/investigations',
  params: {
  }, headers: headers

p JSON.parse(result)

import requests
headers = {
  'Content-Type': 'application/json',
  'Accept': 'application/json',
  'X-ATT-MessageId': '497f6eca-6276-4993-bfeb-53cbbbba6f08',
  'Authorization': 'Bearer {id-token}'
}

r = requests.post('https://investigations.us-east-1.prod.alienvault.cloud/investigations/v3/investigations', headers = headers)

print(r.json())

<?php

require 'vendor/autoload.php';

$headers = array(
    'Content-Type' => 'application/json',
    'Accept' => 'application/json',
    'X-ATT-MessageId' => '497f6eca-6276-4993-bfeb-53cbbbba6f08',
    'Authorization' => 'Bearer {id-token}',
);

$client = new \GuzzleHttp\Client();

// Define array of request body.
$request_body = array();

try {
    $response = $client->request('POST','https://investigations.us-east-1.prod.alienvault.cloud/investigations/v3/investigations', array(
        'headers' => $headers,
        'json' => $request_body,
       )
    );
    print_r($response->getBody()->getContents());
 }
 catch (\GuzzleHttp\Exception\BadResponseException $e) {
    // handle exception or api errors.
    print_r($e->getMessage());
 }

 // ...

URL obj = new URL("https://investigations.us-east-1.prod.alienvault.cloud/investigations/v3/investigations");
HttpURLConnection con = (HttpURLConnection) obj.openConnection();
con.setRequestMethod("POST");
int responseCode = con.getResponseCode();
BufferedReader in = new BufferedReader(
    new InputStreamReader(con.getInputStream()));
String inputLine;
StringBuffer response = new StringBuffer();
while ((inputLine = in.readLine()) != null) {
    response.append(inputLine);
}
in.close();
System.out.println(response.toString());

package main

import (
       "bytes"
       "net/http"
)

func main() {

    headers := map[string][]string{
        "Content-Type": []string{"application/json"},
        "Accept": []string{"application/json"},
        "X-ATT-MessageId": []string{"497f6eca-6276-4993-bfeb-53cbbbba6f08"},
        "Authorization": []string{"Bearer {id-token}"},
    }

    data := bytes.NewBuffer([]byte{jsonReq})
    req, err := http.NewRequest("POST", "https://investigations.us-east-1.prod.alienvault.cloud/investigations/v3/investigations", data)
    req.Header = headers

    client := &http.Client{}
    resp, err := client.Do(req)
    // ...
}

POST /investigations

Body parameter

{
  "title": "A weird error",
  "description": "I found this strange error in my logs. It could be serious.",
  "deployment": "cn://asecurityteam.alienvault.cloud",
  "severity": "Medium",
  "status": "Open",
  "intent": "Reconnaissance & Probing"
}

Parameters

Name In Type Required Description
X-ATT-MessageId header string(uuid) false A client-provided value that uniquely identifies a client generated message sent to the service. This header will be reflected back unchanged in the response.
body body pInvestigation false The POST body is the Investigaiton object to create.

Example responses

CREATED

{
  "_links": {
    "self": {
      "href": "https://investigations.us-east-1.prod.alienvault.cloud/investigations/v3/investigations/2033c597-97d2-49f4-b3b6-c9079d46c0f2"
    },
    "attachments": {
      "href": "https://investigations.us-east-1.prod.alienvault.cloud/investigations/v3/investigations/2033c597-97d2-49f4-b3b6-c9079d46c0f2/attachments"
    },
    "evidence": {
      "href": "https://investigations.us-east-1.prod.alienvault.cloud/investigations/v3/investigations/2033c597-97d2-49f4-b3b6-c9079d46c0f2/evidence"
    },
    "history": {
      "href": "https://investigations.us-east-1.prod.alienvault.cloud/investigations/v3/investigations/2033c597-97d2-49f4-b3b6-c9079d46c0f2/history"
    },
    "notes": {
      "href": "https://investigations.us-east-1.prod.alienvault.cloud/investigations/v3/investigations/2033c597-97d2-49f4-b3b6-c9079d46c0f2/notes"
    }
  },
  "_embedded": {
    "attachments": {
      "elements": 1
    },
    "evidence": {
      "elements": 6
    },
    "notes": {
      "elements": 3
    },
    "history": {
      "elements": 21
    }
  },
  "id": "2033c597-97d2-49f4-b3b6-c9079d46c0f2",
  "i3": "INV-201811-22-0023",
  "title": "A weird error",
  "description": "I found this strange error in my logs. It could be serious.",
  "deployment": "cn://asecurityteam.alienvault.cloud",
  "private": false,
  "severity": "Medium",
  "intent": "Reconnaissance & Probing",
  "status": "Open",
  "assignedTo": "ace@some.mssp.com",
  "created": {
    "by": "user@asecurityteam.com",
    "on": "2018-11-07T15:38:52.132Z"
  },
  "lastModified": {
    "by": "user@asecurityteam.com",
    "on": "2018-11-07T15:38:52.132Z"
  }
}

400 Response

{
  "errorId": "string",
  "message": "string",
  "variables": [
    "string"
  ],
  "errorUrl": "http://example.com"
}

Responses

Status Meaning Description Schema
201 Created CREATED gInvestigation
400 Bad Request Bad Request - Many possible reasons associated with the request (form, content, etc.). Do not resubmit this request unchanged. errorBody
401 Unauthorized Unauthorized - Authentication failed or was not provided in the Authorization header. None
403 Forbidden Forbidden - The client has insufficient permissions to access the resource. None
406 Not Acceptable Not Acceptable - The value specified for the Accept header in the request is not supported. Acceptable value is "application/json". None
411 Length Required Length Required - The Content-Length header was not specified. None
415 Unsupported Media Type Unsupported Media Type - The value specified for the Content-Type header in the request is not supported. Acceptable value is "application/json". None
429 Too Many Requests Too Many Requests None
500 Internal Server Error Internal Sever Error - The server encountered an internal error or timed out. Please try again later. None
503 Service Unavailable Service Unavailable - The server is currently unable to receive requests. Please try again later. None

Download an Investigation

Code samples

# You can also use wget
curl -X GET https://investigations.us-east-1.prod.alienvault.cloud/investigations/v3/investigations/{investigationId} \
  -H 'Accept: application/json' \
  -H 'X-ATT-MessageId: 497f6eca-6276-4993-bfeb-53cbbbba6f08' \
  -H 'Authorization: Bearer {id-token}'

GET https://investigations.us-east-1.prod.alienvault.cloud/investigations/v3/investigations/{investigationId} HTTP/1.1
Host: investigations.us-east-1.prod.alienvault.cloud
Accept: application/json
X-ATT-MessageId: 497f6eca-6276-4993-bfeb-53cbbbba6f08


const headers = {
  'Accept':'application/json',
  'X-ATT-MessageId':'497f6eca-6276-4993-bfeb-53cbbbba6f08',
  'Authorization':'Bearer {id-token}'
};

fetch('https://investigations.us-east-1.prod.alienvault.cloud/investigations/v3/investigations/{investigationId}',
{
  method: 'GET',

  headers: headers
})
.then(function(res) {
    return res.json();
}).then(function(body) {
    console.log(body);
});

require 'rest-client'
require 'json'

headers = {
  'Accept' => 'application/json',
  'X-ATT-MessageId' => '497f6eca-6276-4993-bfeb-53cbbbba6f08',
  'Authorization' => 'Bearer {id-token}'
}

result = RestClient.get 'https://investigations.us-east-1.prod.alienvault.cloud/investigations/v3/investigations/{investigationId}',
  params: {
  }, headers: headers

p JSON.parse(result)

import requests
headers = {
  'Accept': 'application/json',
  'X-ATT-MessageId': '497f6eca-6276-4993-bfeb-53cbbbba6f08',
  'Authorization': 'Bearer {id-token}'
}

r = requests.get('https://investigations.us-east-1.prod.alienvault.cloud/investigations/v3/investigations/{investigationId}', headers = headers)

print(r.json())

<?php

require 'vendor/autoload.php';

$headers = array(
    'Accept' => 'application/json',
    'X-ATT-MessageId' => '497f6eca-6276-4993-bfeb-53cbbbba6f08',
    'Authorization' => 'Bearer {id-token}',
);

$client = new \GuzzleHttp\Client();

// Define array of request body.
$request_body = array();

try {
    $response = $client->request('GET','https://investigations.us-east-1.prod.alienvault.cloud/investigations/v3/investigations/{investigationId}', array(
        'headers' => $headers,
        'json' => $request_body,
       )
    );
    print_r($response->getBody()->getContents());
 }
 catch (\GuzzleHttp\Exception\BadResponseException $e) {
    // handle exception or api errors.
    print_r($e->getMessage());
 }

 // ...

URL obj = new URL("https://investigations.us-east-1.prod.alienvault.cloud/investigations/v3/investigations/{investigationId}");
HttpURLConnection con = (HttpURLConnection) obj.openConnection();
con.setRequestMethod("GET");
int responseCode = con.getResponseCode();
BufferedReader in = new BufferedReader(
    new InputStreamReader(con.getInputStream()));
String inputLine;
StringBuffer response = new StringBuffer();
while ((inputLine = in.readLine()) != null) {
    response.append(inputLine);
}
in.close();
System.out.println(response.toString());

package main

import (
       "bytes"
       "net/http"
)

func main() {

    headers := map[string][]string{
        "Accept": []string{"application/json"},
        "X-ATT-MessageId": []string{"497f6eca-6276-4993-bfeb-53cbbbba6f08"},
        "Authorization": []string{"Bearer {id-token}"},
    }

    data := bytes.NewBuffer([]byte{jsonReq})
    req, err := http.NewRequest("GET", "https://investigations.us-east-1.prod.alienvault.cloud/investigations/v3/investigations/{investigationId}", data)
    req.Header = headers

    client := &http.Client{}
    resp, err := client.Do(req)
    // ...
}

GET /investigations/{investigationId}

Parameters

Name In Type Required Description
X-ATT-MessageId header string(uuid) false A client-provided value that uniquely identifies a client generated message sent to the service. This header will be reflected back unchanged in the response.
investigationId path string(uuid) true The unique identifier of an investigation.

Example responses

OK

{
  "_links": {
    "self": {
      "href": "https://investigations.us-east-1.prod.alienvault.cloud/investigations/v3/investigations/2033c597-97d2-49f4-b3b6-c9079d46c0f2"
    },
    "attachments": {
      "href": "https://investigations.us-east-1.prod.alienvault.cloud/investigations/v3/investigations/2033c597-97d2-49f4-b3b6-c9079d46c0f2/attachments"
    },
    "evidence": {
      "href": "https://investigations.us-east-1.prod.alienvault.cloud/investigations/v3/investigations/2033c597-97d2-49f4-b3b6-c9079d46c0f2/evidence"
    },
    "history": {
      "href": "https://investigations.us-east-1.prod.alienvault.cloud/investigations/v3/investigations/2033c597-97d2-49f4-b3b6-c9079d46c0f2/history"
    },
    "notes": {
      "href": "https://investigations.us-east-1.prod.alienvault.cloud/investigations/v3/investigations/2033c597-97d2-49f4-b3b6-c9079d46c0f2/notes"
    }
  },
  "_embedded": {
    "attachments": {
      "elements": 1
    },
    "evidence": {
      "elements": 6
    },
    "notes": {
      "elements": 3
    },
    "history": {
      "elements": 21
    }
  },
  "id": "2033c597-97d2-49f4-b3b6-c9079d46c0f2",
  "i3": "INV-201811-22-0023",
  "title": "A weird error",
  "description": "I found this strange error in my logs. It could be serious.",
  "deployment": "cn://asecurityteam.alienvault.cloud",
  "private": false,
  "severity": "Medium",
  "intent": "Reconnaissance & Probing",
  "status": "Open",
  "assignedTo": "ace@some.mssp.com",
  "created": {
    "by": "user@asecurityteam.com",
    "on": "2018-11-07T15:38:52.132Z"
  },
  "lastModified": {
    "by": "user@asecurityteam.com",
    "on": "2018-11-07T15:38:52.132Z"
  }
}

400 Response

{
  "errorId": "string",
  "message": "string",
  "variables": [
    "string"
  ],
  "errorUrl": "http://example.com"
}

Responses

Status Meaning Description Schema
200 OK OK gInvestigation
400 Bad Request Bad Request - Many possible reasons associated with the request (form, content, etc.). Do not resubmit this request unchanged. errorBody
401 Unauthorized Unauthorized - Authentication failed or was not provided in the Authorization header. None
403 Forbidden Forbidden - The client has insufficient permissions to access the resource. None
404 Not Found Not Found - The server has not found anything matching the Request-URI. No indication is given of whether the condition is temporary or permanent. None
406 Not Acceptable Not Acceptable - The value specified for the Accept header in the request is not supported. Acceptable value is "application/json". None
429 Too Many Requests Too Many Requests None
500 Internal Server Error Internal Sever Error - The server encountered an internal error or timed out. Please try again later. None
503 Service Unavailable Service Unavailable - The server is currently unable to receive requests. Please try again later. None

Delete an Investigation

Code samples

# You can also use wget
curl -X DELETE https://investigations.us-east-1.prod.alienvault.cloud/investigations/v3/investigations/{investigationId} \
  -H 'Accept: application/json' \
  -H 'Authorization: Bearer {id-token}'

DELETE https://investigations.us-east-1.prod.alienvault.cloud/investigations/v3/investigations/{investigationId} HTTP/1.1
Host: investigations.us-east-1.prod.alienvault.cloud
Accept: application/json


const headers = {
  'Accept':'application/json',
  'Authorization':'Bearer {id-token}'
};

fetch('https://investigations.us-east-1.prod.alienvault.cloud/investigations/v3/investigations/{investigationId}',
{
  method: 'DELETE',

  headers: headers
})
.then(function(res) {
    return res.json();
}).then(function(body) {
    console.log(body);
});

require 'rest-client'
require 'json'

headers = {
  'Accept' => 'application/json',
  'Authorization' => 'Bearer {id-token}'
}

result = RestClient.delete 'https://investigations.us-east-1.prod.alienvault.cloud/investigations/v3/investigations/{investigationId}',
  params: {
  }, headers: headers

p JSON.parse(result)

import requests
headers = {
  'Accept': 'application/json',
  'Authorization': 'Bearer {id-token}'
}

r = requests.delete('https://investigations.us-east-1.prod.alienvault.cloud/investigations/v3/investigations/{investigationId}', headers = headers)

print(r.json())

<?php

require 'vendor/autoload.php';

$headers = array(
    'Accept' => 'application/json',
    'Authorization' => 'Bearer {id-token}',
);

$client = new \GuzzleHttp\Client();

// Define array of request body.
$request_body = array();

try {
    $response = $client->request('DELETE','https://investigations.us-east-1.prod.alienvault.cloud/investigations/v3/investigations/{investigationId}', array(
        'headers' => $headers,
        'json' => $request_body,
       )
    );
    print_r($response->getBody()->getContents());
 }
 catch (\GuzzleHttp\Exception\BadResponseException $e) {
    // handle exception or api errors.
    print_r($e->getMessage());
 }

 // ...

URL obj = new URL("https://investigations.us-east-1.prod.alienvault.cloud/investigations/v3/investigations/{investigationId}");
HttpURLConnection con = (HttpURLConnection) obj.openConnection();
con.setRequestMethod("DELETE");
int responseCode = con.getResponseCode();
BufferedReader in = new BufferedReader(
    new InputStreamReader(con.getInputStream()));
String inputLine;
StringBuffer response = new StringBuffer();
while ((inputLine = in.readLine()) != null) {
    response.append(inputLine);
}
in.close();
System.out.println(response.toString());

package main

import (
       "bytes"
       "net/http"
)

func main() {

    headers := map[string][]string{
        "Accept": []string{"application/json"},
        "Authorization": []string{"Bearer {id-token}"},
    }

    data := bytes.NewBuffer([]byte{jsonReq})
    req, err := http.NewRequest("DELETE", "https://investigations.us-east-1.prod.alienvault.cloud/investigations/v3/investigations/{investigationId}", data)
    req.Header = headers

    client := &http.Client{}
    resp, err := client.Do(req)
    // ...
}

DELETE /investigations/{investigationId}

Parameters

Name In Type Required Description
investigationId path string(uuid) true The unique identifier of an investigation.

Example responses

400 Response

{
  "errorId": "string",
  "message": "string",
  "variables": [
    "string"
  ],
  "errorUrl": "http://example.com"
}

Responses

Status Meaning Description Schema
204 No Content No Content None
400 Bad Request Bad Request - Many possible reasons associated with the request (form, content, etc.). Do not resubmit this request unchanged. errorBody
401 Unauthorized Unauthorized - Authentication failed or was not provided in the Authorization header. None
403 Forbidden Forbidden - The client has insufficient permissions to access the resource. None
404 Not Found Not Found - The server has not found anything matching the Request-URI. No indication is given of whether the condition is temporary or permanent. None
429 Too Many Requests Too Many Requests None
431 Request Header Fields Too Large Request Header Fields Too Large - either an individual header or the headers as a whole. None
500 Internal Server Error Internal Sever Error - The server encountered an internal error or timed out. Please try again later. None
503 Service Unavailable Service Unavailable - The server is currently unable to receive requests. Please try again later. None

Modify an Investigation

Code samples

# You can also use wget
curl -X PUT https://investigations.us-east-1.prod.alienvault.cloud/investigations/v3/investigations/{investigationId} \
  -H 'Content-Type: application/json' \
  -H 'Accept: application/json' \
  -H 'Authorization: Bearer {id-token}'

PUT https://investigations.us-east-1.prod.alienvault.cloud/investigations/v3/investigations/{investigationId} HTTP/1.1
Host: investigations.us-east-1.prod.alienvault.cloud
Content-Type: application/json
Accept: application/json

const inputBody = '{
  "title": "A weird error",
  "description": "I found this strange error in my logs. It could be serious.",
  "deployment": "cn://asecurityteam.alienvault.cloud",
  "severity": "Medium",
  "status": "Open",
  "intent": "Reconnaissance & Probing"
}';
const headers = {
  'Content-Type':'application/json',
  'Accept':'application/json',
  'Authorization':'Bearer {id-token}'
};

fetch('https://investigations.us-east-1.prod.alienvault.cloud/investigations/v3/investigations/{investigationId}',
{
  method: 'PUT',
  body: inputBody,
  headers: headers
})
.then(function(res) {
    return res.json();
}).then(function(body) {
    console.log(body);
});

require 'rest-client'
require 'json'

headers = {
  'Content-Type' => 'application/json',
  'Accept' => 'application/json',
  'Authorization' => 'Bearer {id-token}'
}

result = RestClient.put 'https://investigations.us-east-1.prod.alienvault.cloud/investigations/v3/investigations/{investigationId}',
  params: {
  }, headers: headers

p JSON.parse(result)

import requests
headers = {
  'Content-Type': 'application/json',
  'Accept': 'application/json',
  'Authorization': 'Bearer {id-token}'
}

r = requests.put('https://investigations.us-east-1.prod.alienvault.cloud/investigations/v3/investigations/{investigationId}', headers = headers)

print(r.json())

<?php

require 'vendor/autoload.php';

$headers = array(
    'Content-Type' => 'application/json',
    'Accept' => 'application/json',
    'Authorization' => 'Bearer {id-token}',
);

$client = new \GuzzleHttp\Client();

// Define array of request body.
$request_body = array();

try {
    $response = $client->request('PUT','https://investigations.us-east-1.prod.alienvault.cloud/investigations/v3/investigations/{investigationId}', array(
        'headers' => $headers,
        'json' => $request_body,
       )
    );
    print_r($response->getBody()->getContents());
 }
 catch (\GuzzleHttp\Exception\BadResponseException $e) {
    // handle exception or api errors.
    print_r($e->getMessage());
 }

 // ...

URL obj = new URL("https://investigations.us-east-1.prod.alienvault.cloud/investigations/v3/investigations/{investigationId}");
HttpURLConnection con = (HttpURLConnection) obj.openConnection();
con.setRequestMethod("PUT");
int responseCode = con.getResponseCode();
BufferedReader in = new BufferedReader(
    new InputStreamReader(con.getInputStream()));
String inputLine;
StringBuffer response = new StringBuffer();
while ((inputLine = in.readLine()) != null) {
    response.append(inputLine);
}
in.close();
System.out.println(response.toString());

package main

import (
       "bytes"
       "net/http"
)

func main() {

    headers := map[string][]string{
        "Content-Type": []string{"application/json"},
        "Accept": []string{"application/json"},
        "Authorization": []string{"Bearer {id-token}"},
    }

    data := bytes.NewBuffer([]byte{jsonReq})
    req, err := http.NewRequest("PUT", "https://investigations.us-east-1.prod.alienvault.cloud/investigations/v3/investigations/{investigationId}", data)
    req.Header = headers

    client := &http.Client{}
    resp, err := client.Do(req)
    // ...
}

PUT /investigations/{investigationId}

Body parameter

{
  "title": "A weird error",
  "description": "I found this strange error in my logs. It could be serious.",
  "deployment": "cn://asecurityteam.alienvault.cloud",
  "severity": "Medium",
  "status": "Open",
  "intent": "Reconnaissance & Probing"
}

Parameters

Name In Type Required Description
body body pInvestigation false needs some words
investigationId path string(uuid) true The unique identifier of an investigation.

Example responses

OK

{
  "_links": {
    "self": {
      "href": "https://investigations.us-east-1.prod.alienvault.cloud/investigations/v3/investigations/2033c597-97d2-49f4-b3b6-c9079d46c0f2"
    },
    "attachments": {
      "href": "https://investigations.us-east-1.prod.alienvault.cloud/investigations/v3/investigations/2033c597-97d2-49f4-b3b6-c9079d46c0f2/attachments"
    },
    "evidence": {
      "href": "https://investigations.us-east-1.prod.alienvault.cloud/investigations/v3/investigations/2033c597-97d2-49f4-b3b6-c9079d46c0f2/evidence"
    },
    "history": {
      "href": "https://investigations.us-east-1.prod.alienvault.cloud/investigations/v3/investigations/2033c597-97d2-49f4-b3b6-c9079d46c0f2/history"
    },
    "notes": {
      "href": "https://investigations.us-east-1.prod.alienvault.cloud/investigations/v3/investigations/2033c597-97d2-49f4-b3b6-c9079d46c0f2/notes"
    }
  },
  "_embedded": {
    "attachments": {
      "elements": 1
    },
    "evidence": {
      "elements": 6
    },
    "notes": {
      "elements": 3
    },
    "history": {
      "elements": 21
    }
  },
  "id": "2033c597-97d2-49f4-b3b6-c9079d46c0f2",
  "i3": "INV-201811-22-0023",
  "title": "A weird error",
  "description": "I found this strange error in my logs. It could be serious.",
  "deployment": "cn://asecurityteam.alienvault.cloud",
  "private": false,
  "severity": "Medium",
  "intent": "Reconnaissance & Probing",
  "status": "Open",
  "assignedTo": "ace@some.mssp.com",
  "created": {
    "by": "user@asecurityteam.com",
    "on": "2018-11-07T15:38:52.132Z"
  },
  "lastModified": {
    "by": "user@asecurityteam.com",
    "on": "2018-11-07T15:38:52.132Z"
  }
}

400 Response

{
  "errorId": "string",
  "message": "string",
  "variables": [
    "string"
  ],
  "errorUrl": "http://example.com"
}

Responses

Status Meaning Description Schema
200 OK OK gInvestigation
400 Bad Request Bad Request - Many possible reasons associated with the request (form, content, etc.). Do not resubmit this request unchanged. errorBody
401 Unauthorized Unauthorized - Authentication failed or was not provided in the Authorization header. None
403 Forbidden Forbidden - The client has insufficient permissions to access the resource. None
404 Not Found Not Found - The server has not found anything matching the Request-URI. No indication is given of whether the condition is temporary or permanent. None
406 Not Acceptable Not Acceptable - The value specified for the Accept header in the request is not supported. Acceptable value is "application/json". None
411 Length Required Length Required - The Content-Length header was not specified. None
415 Unsupported Media Type Unsupported Media Type - The value specified for the Content-Type header in the request is not supported. Acceptable value is "application/json". None
429 Too Many Requests Too Many Requests None
431 Request Header Fields Too Large Request Header Fields Too Large - either an individual header or the headers as a whole. None
500 Internal Server Error Internal Sever Error - The server encountered an internal error or timed out. Please try again later. None
503 Service Unavailable Service Unavailable - The server is currently unable to receive requests. Please try again later. None

Notes

List Notes

Code samples

# You can also use wget
curl -X GET https://investigations.us-east-1.prod.alienvault.cloud/investigations/v3/investigations/{investigationId}/notes \
  -H 'Accept: application/json' \
  -H 'Authorization: Bearer {id-token}'

GET https://investigations.us-east-1.prod.alienvault.cloud/investigations/v3/investigations/{investigationId}/notes HTTP/1.1
Host: investigations.us-east-1.prod.alienvault.cloud
Accept: application/json


const headers = {
  'Accept':'application/json',
  'Authorization':'Bearer {id-token}'
};

fetch('https://investigations.us-east-1.prod.alienvault.cloud/investigations/v3/investigations/{investigationId}/notes',
{
  method: 'GET',

  headers: headers
})
.then(function(res) {
    return res.json();
}).then(function(body) {
    console.log(body);
});

require 'rest-client'
require 'json'

headers = {
  'Accept' => 'application/json',
  'Authorization' => 'Bearer {id-token}'
}

result = RestClient.get 'https://investigations.us-east-1.prod.alienvault.cloud/investigations/v3/investigations/{investigationId}/notes',
  params: {
  }, headers: headers

p JSON.parse(result)

import requests
headers = {
  'Accept': 'application/json',
  'Authorization': 'Bearer {id-token}'
}

r = requests.get('https://investigations.us-east-1.prod.alienvault.cloud/investigations/v3/investigations/{investigationId}/notes', headers = headers)

print(r.json())

<?php

require 'vendor/autoload.php';

$headers = array(
    'Accept' => 'application/json',
    'Authorization' => 'Bearer {id-token}',
);

$client = new \GuzzleHttp\Client();

// Define array of request body.
$request_body = array();

try {
    $response = $client->request('GET','https://investigations.us-east-1.prod.alienvault.cloud/investigations/v3/investigations/{investigationId}/notes', array(
        'headers' => $headers,
        'json' => $request_body,
       )
    );
    print_r($response->getBody()->getContents());
 }
 catch (\GuzzleHttp\Exception\BadResponseException $e) {
    // handle exception or api errors.
    print_r($e->getMessage());
 }

 // ...

URL obj = new URL("https://investigations.us-east-1.prod.alienvault.cloud/investigations/v3/investigations/{investigationId}/notes");
HttpURLConnection con = (HttpURLConnection) obj.openConnection();
con.setRequestMethod("GET");
int responseCode = con.getResponseCode();
BufferedReader in = new BufferedReader(
    new InputStreamReader(con.getInputStream()));
String inputLine;
StringBuffer response = new StringBuffer();
while ((inputLine = in.readLine()) != null) {
    response.append(inputLine);
}
in.close();
System.out.println(response.toString());

package main

import (
       "bytes"
       "net/http"
)

func main() {

    headers := map[string][]string{
        "Accept": []string{"application/json"},
        "Authorization": []string{"Bearer {id-token}"},
    }

    data := bytes.NewBuffer([]byte{jsonReq})
    req, err := http.NewRequest("GET", "https://investigations.us-east-1.prod.alienvault.cloud/investigations/v3/investigations/{investigationId}/notes", data)
    req.Header = headers

    client := &http.Client{}
    resp, err := client.Do(req)
    // ...
}

GET /investigations/{investigationId}/notes

Parameters

Name In Type Required Description
investigationId path string(uuid) true The unique identifier of an investigation.

Example responses

OK

{
  "_links": {
    "self": {
      "href": "https://investigations.us-east-1.prod.alienvault.cloud/investigations/v3/investigations/2033c597-97d2-49f4-b3b6-c9079d46c0f2/notes?page=1&perPage=3"
    },
    "next": {
      "href": "https://investigations.us-east-1.prod.alienvault.cloud/investigations/v3/investigations/2033c597-97d2-49f4-b3b6-c9079d46c0f2/notes?page=2&perPage=3"
    },
    "last": {
      "href": "https://investigations.us-east-1.prod.alienvault.cloud/investigations/v3/investigations/2033c597-97d2-49f4-b3b6-c9079d46c0f2/notes?page=6&perPage=3"
    }
  },
  "notes": [
    {
      "_links": {
        "self": {
          "href": "https://investigations.us-east-1.prod.alienvault.cloud/investigations/v3/investigations/2033c597-97d2-49f4-b3b6-c9079d46c0f2/notes/bc1c5197-c195-49a6-b3df-9662b8684dce"
        }
      },
      "id": "bc1c5197-c195-49a6-b3df-9662b8684dce",
      "message": "The user must have clicked the wrong button.",
      "private": true,
      "created": {
        "by": "ace@some.mssp.com",
        "on": "2018-11-07T17:02:42.981Z"
      },
      "lastModified": {
        "by": "updater@some.mssp.com",
        "on": "2018-11-07T17:03:02.491Z"
      }
    },
    {
      "_links": {
        "self": {
          "href": "https://investigations.us-east-1.prod.alienvault.cloud/investigations/v3/investigations/2033c597-97d2-49f4-b3b6-c9079d46c0f2/notes/88ed6265-ceea-44b9-86c0-fb9e6be8614e"
        }
      },
      "id": "88ed6265-ceea-44b9-86c0-fb9e6be8614e",
      "message": "What did this guy do?",
      "private": true,
      "created": {
        "by": "ace@some.mssp.com",
        "on": "2018-11-07T15:49:43.023Z"
      },
      "lastModified": {
        "by": "ace@some.mssp.com",
        "on": "2018-11-07T15:49:43.023Z"
      }
    },
    {
      "_links": {
        "self": {
          "href": "https://investigations.us-east-1.prod.alienvault.cloud/investigations/v3/investigations/2033c597-97d2-49f4-b3b6-c9079d46c0f2/notes/c6c60d38-d304-4d68-9601-a22d08854401"
        }
      },
      "id": "c6c60d38-d304-4d68-9601-a22d08854401",
      "message": "This is an interesting event that we should research more.",
      "private": false,
      "created": {
        "by": "user@asecurityteam.com",
        "on": "2018-11-07T15:39:22.531Z"
      },
      "lastModified": {
        "by": "user@asecurityteam.com",
        "on": "2018-11-07T15:39:22.531Z"
      }
    }
  ]
}

400 Response

{
  "errorId": "string",
  "message": "string",
  "variables": [
    "string"
  ],
  "errorUrl": "http://example.com"
}

Responses

Status Meaning Description Schema
200 OK OK Inline
400 Bad Request Bad Request - Many possible reasons associated with the request (form, content, etc.). Do not resubmit this request unchanged. errorBody
401 Unauthorized Unauthorized - Authentication failed or was not provided in the Authorization header. None
403 Forbidden Forbidden - The client has insufficient permissions to access the resource. None
404 Not Found Not Found - The server has not found anything matching the Request-URI. No indication is given of whether the condition is temporary or permanent. None
406 Not Acceptable Not Acceptable - The value specified for the Accept header in the request is not supported. Acceptable value is "application/json". None
429 Too Many Requests Too Many Requests None
500 Internal Server Error Internal Sever Error - The server encountered an internal error or timed out. Please try again later. None
503 Service Unavailable Service Unavailable - The server is currently unable to receive requests. Please try again later. None

Create a Note

Code samples

# You can also use wget
curl -X POST https://investigations.us-east-1.prod.alienvault.cloud/investigations/v3/investigations/{investigationId}/notes \
  -H 'Content-Type: application/json' \
  -H 'Accept: application/json' \
  -H 'Authorization: Bearer {id-token}'

POST https://investigations.us-east-1.prod.alienvault.cloud/investigations/v3/investigations/{investigationId}/notes HTTP/1.1
Host: investigations.us-east-1.prod.alienvault.cloud
Content-Type: application/json
Accept: application/json

const inputBody = '{
  "message": "string",
  "private": true
}';
const headers = {
  'Content-Type':'application/json',
  'Accept':'application/json',
  'Authorization':'Bearer {id-token}'
};

fetch('https://investigations.us-east-1.prod.alienvault.cloud/investigations/v3/investigations/{investigationId}/notes',
{
  method: 'POST',
  body: inputBody,
  headers: headers
})
.then(function(res) {
    return res.json();
}).then(function(body) {
    console.log(body);
});

require 'rest-client'
require 'json'

headers = {
  'Content-Type' => 'application/json',
  'Accept' => 'application/json',
  'Authorization' => 'Bearer {id-token}'
}

result = RestClient.post 'https://investigations.us-east-1.prod.alienvault.cloud/investigations/v3/investigations/{investigationId}/notes',
  params: {
  }, headers: headers

p JSON.parse(result)

import requests
headers = {
  'Content-Type': 'application/json',
  'Accept': 'application/json',
  'Authorization': 'Bearer {id-token}'
}

r = requests.post('https://investigations.us-east-1.prod.alienvault.cloud/investigations/v3/investigations/{investigationId}/notes', headers = headers)

print(r.json())

<?php

require 'vendor/autoload.php';

$headers = array(
    'Content-Type' => 'application/json',
    'Accept' => 'application/json',
    'Authorization' => 'Bearer {id-token}',
);

$client = new \GuzzleHttp\Client();

// Define array of request body.
$request_body = array();

try {
    $response = $client->request('POST','https://investigations.us-east-1.prod.alienvault.cloud/investigations/v3/investigations/{investigationId}/notes', array(
        'headers' => $headers,
        'json' => $request_body,
       )
    );
    print_r($response->getBody()->getContents());
 }
 catch (\GuzzleHttp\Exception\BadResponseException $e) {
    // handle exception or api errors.
    print_r($e->getMessage());
 }

 // ...

URL obj = new URL("https://investigations.us-east-1.prod.alienvault.cloud/investigations/v3/investigations/{investigationId}/notes");
HttpURLConnection con = (HttpURLConnection) obj.openConnection();
con.setRequestMethod("POST");
int responseCode = con.getResponseCode();
BufferedReader in = new BufferedReader(
    new InputStreamReader(con.getInputStream()));
String inputLine;
StringBuffer response = new StringBuffer();
while ((inputLine = in.readLine()) != null) {
    response.append(inputLine);
}
in.close();
System.out.println(response.toString());

package main

import (
       "bytes"
       "net/http"
)

func main() {

    headers := map[string][]string{
        "Content-Type": []string{"application/json"},
        "Accept": []string{"application/json"},
        "Authorization": []string{"Bearer {id-token}"},
    }

    data := bytes.NewBuffer([]byte{jsonReq})
    req, err := http.NewRequest("POST", "https://investigations.us-east-1.prod.alienvault.cloud/investigations/v3/investigations/{investigationId}/notes", data)
    req.Header = headers

    client := &http.Client{}
    resp, err := client.Do(req)
    // ...
}

POST /investigations/{investigationId}/notes

Body parameter

{
  "message": "string",
  "private": true
}

Parameters

Name In Type Required Description
body body pNote false The POST body is the note to create.
investigationId path string(uuid) true The unique identifier of an investigation.

Example responses

CREATED

{
  "_links": {
    "self": {
      "href": "https://investigations.us-east-1.prod.alienvault.cloud/investigations/v3/investigations/2033c597-97d2-49f4-b3b6-c9079d46c0f2/notes/bc1c5197-c195-49a6-b3df-9662b8684dce"
    }
  },
  "id": "bc1c5197-c195-49a6-b3df-9662b8684dce",
  "message": "The user must have clicked the wrong button.",
  "private": true,
  "created": {
    "by": "ace@some.mssp.com",
    "on": "2018-11-07T17:02:42.981Z"
  },
  "lastModified": {
    "by": "updater@alienvault.com",
    "on": "2018-11-07T17:03:02.981Z"
  }
}

400 Response

{
  "errorId": "string",
  "message": "string",
  "variables": [
    "string"
  ],
  "errorUrl": "http://example.com"
}

Responses

Status Meaning Description Schema
201 Created CREATED gNote
400 Bad Request Bad Request - Many possible reasons associated with the request (form, content, etc.). Do not resubmit this request unchanged. errorBody
401 Unauthorized Unauthorized - Authentication failed or was not provided in the Authorization header. None
403 Forbidden Forbidden - The client has insufficient permissions to access the resource. None
404 Not Found Not Found - The server has not found anything matching the Request-URI. No indication is given of whether the condition is temporary or permanent. None
406 Not Acceptable Not Acceptable - The value specified for the Accept header in the request is not supported. Acceptable value is "application/json". None
411 Length Required Length Required - The Content-Length header was not specified. None
415 Unsupported Media Type Unsupported Media Type - The value specified for the Content-Type header in the request is not supported. Acceptable value is "application/json". None
429 Too Many Requests Too Many Requests None
500 Internal Server Error Internal Sever Error - The server encountered an internal error or timed out. Please try again later. None
503 Service Unavailable Service Unavailable - The server is currently unable to receive requests. Please try again later. None

Download a Note

Code samples

# You can also use wget
curl -X GET https://investigations.us-east-1.prod.alienvault.cloud/investigations/v3/investigations/{investigationId}/notes/{noteId} \
  -H 'Accept: application/json' \
  -H 'Authorization: Bearer {id-token}'

GET https://investigations.us-east-1.prod.alienvault.cloud/investigations/v3/investigations/{investigationId}/notes/{noteId} HTTP/1.1
Host: investigations.us-east-1.prod.alienvault.cloud
Accept: application/json


const headers = {
  'Accept':'application/json',
  'Authorization':'Bearer {id-token}'
};

fetch('https://investigations.us-east-1.prod.alienvault.cloud/investigations/v3/investigations/{investigationId}/notes/{noteId}',
{
  method: 'GET',

  headers: headers
})
.then(function(res) {
    return res.json();
}).then(function(body) {
    console.log(body);
});

require 'rest-client'
require 'json'

headers = {
  'Accept' => 'application/json',
  'Authorization' => 'Bearer {id-token}'
}

result = RestClient.get 'https://investigations.us-east-1.prod.alienvault.cloud/investigations/v3/investigations/{investigationId}/notes/{noteId}',
  params: {
  }, headers: headers

p JSON.parse(result)

import requests
headers = {
  'Accept': 'application/json',
  'Authorization': 'Bearer {id-token}'
}

r = requests.get('https://investigations.us-east-1.prod.alienvault.cloud/investigations/v3/investigations/{investigationId}/notes/{noteId}', headers = headers)

print(r.json())

<?php

require 'vendor/autoload.php';

$headers = array(
    'Accept' => 'application/json',
    'Authorization' => 'Bearer {id-token}',
);

$client = new \GuzzleHttp\Client();

// Define array of request body.
$request_body = array();

try {
    $response = $client->request('GET','https://investigations.us-east-1.prod.alienvault.cloud/investigations/v3/investigations/{investigationId}/notes/{noteId}', array(
        'headers' => $headers,
        'json' => $request_body,
       )
    );
    print_r($response->getBody()->getContents());
 }
 catch (\GuzzleHttp\Exception\BadResponseException $e) {
    // handle exception or api errors.
    print_r($e->getMessage());
 }

 // ...

URL obj = new URL("https://investigations.us-east-1.prod.alienvault.cloud/investigations/v3/investigations/{investigationId}/notes/{noteId}");
HttpURLConnection con = (HttpURLConnection) obj.openConnection();
con.setRequestMethod("GET");
int responseCode = con.getResponseCode();
BufferedReader in = new BufferedReader(
    new InputStreamReader(con.getInputStream()));
String inputLine;
StringBuffer response = new StringBuffer();
while ((inputLine = in.readLine()) != null) {
    response.append(inputLine);
}
in.close();
System.out.println(response.toString());

package main

import (
       "bytes"
       "net/http"
)

func main() {

    headers := map[string][]string{
        "Accept": []string{"application/json"},
        "Authorization": []string{"Bearer {id-token}"},
    }

    data := bytes.NewBuffer([]byte{jsonReq})
    req, err := http.NewRequest("GET", "https://investigations.us-east-1.prod.alienvault.cloud/investigations/v3/investigations/{investigationId}/notes/{noteId}", data)
    req.Header = headers

    client := &http.Client{}
    resp, err := client.Do(req)
    // ...
}

GET /investigations/{investigationId}/notes/{noteId}

Parameters

Name In Type Required Description
investigationId path string(uuid) true The unique identifier of an investigation.
noteId path string(uuid) true The unique identifier of a note.

Example responses

OK

{
  "_links": {
    "self": {
      "href": "https://investigations.us-east-1.prod.alienvault.cloud/investigations/v3/investigations/2033c597-97d2-49f4-b3b6-c9079d46c0f2/notes/bc1c5197-c195-49a6-b3df-9662b8684dce"
    }
  },
  "id": "bc1c5197-c195-49a6-b3df-9662b8684dce",
  "message": "The user must have clicked the wrong button.",
  "private": true,
  "created": {
    "by": "ace@some.mssp.com",
    "on": "2018-11-07T17:02:42.981Z"
  },
  "lastModified": {
    "by": "updater@alienvault.com",
    "on": "2018-11-07T17:03:02.981Z"
  }
}

400 Response

{
  "errorId": "string",
  "message": "string",
  "variables": [
    "string"
  ],
  "errorUrl": "http://example.com"
}

Responses

Status Meaning Description Schema
200 OK OK gNote
400 Bad Request Bad Request - Many possible reasons associated with the request (form, content, etc.). Do not resubmit this request unchanged. errorBody
401 Unauthorized Unauthorized - Authentication failed or was not provided in the Authorization header. None
403 Forbidden Forbidden - The client has insufficient permissions to access the resource. None
404 Not Found Not Found - The server has not found anything matching the Request-URI. No indication is given of whether the condition is temporary or permanent. None
406 Not Acceptable Not Acceptable - The value specified for the Accept header in the request is not supported. Acceptable value is "application/json". None
429 Too Many Requests Too Many Requests None
500 Internal Server Error Internal Sever Error - The server encountered an internal error or timed out. Please try again later. None
503 Service Unavailable Service Unavailable - The server is currently unable to receive requests. Please try again later. None

Modify a Note

Code samples

# You can also use wget
curl -X PUT https://investigations.us-east-1.prod.alienvault.cloud/investigations/v3/investigations/{investigationId}/notes/{noteId} \
  -H 'Content-Type: application/json' \
  -H 'Accept: application/json' \
  -H 'Authorization: Bearer {id-token}'

PUT https://investigations.us-east-1.prod.alienvault.cloud/investigations/v3/investigations/{investigationId}/notes/{noteId} HTTP/1.1
Host: investigations.us-east-1.prod.alienvault.cloud
Content-Type: application/json
Accept: application/json

const inputBody = '{
  "message": "The user must have clicked the wrong button.",
  "private": true
}';
const headers = {
  'Content-Type':'application/json',
  'Accept':'application/json',
  'Authorization':'Bearer {id-token}'
};

fetch('https://investigations.us-east-1.prod.alienvault.cloud/investigations/v3/investigations/{investigationId}/notes/{noteId}',
{
  method: 'PUT',
  body: inputBody,
  headers: headers
})
.then(function(res) {
    return res.json();
}).then(function(body) {
    console.log(body);
});

require 'rest-client'
require 'json'

headers = {
  'Content-Type' => 'application/json',
  'Accept' => 'application/json',
  'Authorization' => 'Bearer {id-token}'
}

result = RestClient.put 'https://investigations.us-east-1.prod.alienvault.cloud/investigations/v3/investigations/{investigationId}/notes/{noteId}',
  params: {
  }, headers: headers

p JSON.parse(result)

import requests
headers = {
  'Content-Type': 'application/json',
  'Accept': 'application/json',
  'Authorization': 'Bearer {id-token}'
}

r = requests.put('https://investigations.us-east-1.prod.alienvault.cloud/investigations/v3/investigations/{investigationId}/notes/{noteId}', headers = headers)

print(r.json())

<?php

require 'vendor/autoload.php';

$headers = array(
    'Content-Type' => 'application/json',
    'Accept' => 'application/json',
    'Authorization' => 'Bearer {id-token}',
);

$client = new \GuzzleHttp\Client();

// Define array of request body.
$request_body = array();

try {
    $response = $client->request('PUT','https://investigations.us-east-1.prod.alienvault.cloud/investigations/v3/investigations/{investigationId}/notes/{noteId}', array(
        'headers' => $headers,
        'json' => $request_body,
       )
    );
    print_r($response->getBody()->getContents());
 }
 catch (\GuzzleHttp\Exception\BadResponseException $e) {
    // handle exception or api errors.
    print_r($e->getMessage());
 }

 // ...

URL obj = new URL("https://investigations.us-east-1.prod.alienvault.cloud/investigations/v3/investigations/{investigationId}/notes/{noteId}");
HttpURLConnection con = (HttpURLConnection) obj.openConnection();
con.setRequestMethod("PUT");
int responseCode = con.getResponseCode();
BufferedReader in = new BufferedReader(
    new InputStreamReader(con.getInputStream()));
String inputLine;
StringBuffer response = new StringBuffer();
while ((inputLine = in.readLine()) != null) {
    response.append(inputLine);
}
in.close();
System.out.println(response.toString());

package main

import (
       "bytes"
       "net/http"
)

func main() {

    headers := map[string][]string{
        "Content-Type": []string{"application/json"},
        "Accept": []string{"application/json"},
        "Authorization": []string{"Bearer {id-token}"},
    }

    data := bytes.NewBuffer([]byte{jsonReq})
    req, err := http.NewRequest("PUT", "https://investigations.us-east-1.prod.alienvault.cloud/investigations/v3/investigations/{investigationId}/notes/{noteId}", data)
    req.Header = headers

    client := &http.Client{}
    resp, err := client.Do(req)
    // ...
}

PUT /investigations/{investigationId}/notes/{noteId}

Body parameter

{
  "message": "The user must have clicked the wrong button.",
  "private": true
}

Parameters

Name In Type Required Description
body body pNote false PUT body is the modified note.
investigationId path string(uuid) true The unique identifier of an investigation.
noteId path string(uuid) true The unique identifier of a note.

Example responses

OK

{
  "_links": {
    "self": {
      "href": "https://investigations.us-east-1.prod.alienvault.cloud/investigations/v3/investigations/2033c597-97d2-49f4-b3b6-c9079d46c0f2/notes/bc1c5197-c195-49a6-b3df-9662b8684dce"
    }
  },
  "id": "bc1c5197-c195-49a6-b3df-9662b8684dce",
  "message": "The user must have clicked the wrong button.",
  "private": true,
  "created": {
    "by": "ace@some.mssp.com",
    "on": "2018-11-07T17:02:42.981Z"
  },
  "lastModified": {
    "by": "updater@alienvault.com",
    "on": "2018-11-07T17:03:02.981Z"
  }
}

400 Response

{
  "errorId": "string",
  "message": "string",
  "variables": [
    "string"
  ],
  "errorUrl": "http://example.com"
}

Responses

Status Meaning Description Schema
200 OK OK gNote
400 Bad Request Bad Request - Many possible reasons associated with the request (form, content, etc.). Do not resubmit this request unchanged. errorBody
401 Unauthorized Unauthorized - Authentication failed or was not provided in the Authorization header. None
403 Forbidden Forbidden - The client has insufficient permissions to access the resource. None
404 Not Found Not Found - The server has not found anything matching the Request-URI. No indication is given of whether the condition is temporary or permanent. None
406 Not Acceptable Not Acceptable - The value specified for the Accept header in the request is not supported. Acceptable value is "application/json". None
411 Length Required Length Required - The Content-Length header was not specified. None
415 Unsupported Media Type Unsupported Media Type - The value specified for the Content-Type header in the request is not supported. Acceptable value is "application/json". None
429 Too Many Requests Too Many Requests None
431 Request Header Fields Too Large Request Header Fields Too Large - either an individual header or the headers as a whole. None
500 Internal Server Error Internal Sever Error - The server encountered an internal error or timed out. Please try again later. None
503 Service Unavailable Service Unavailable - The server is currently unable to receive requests. Please try again later. None

Delete a Note

Code samples

# You can also use wget
curl -X DELETE https://investigations.us-east-1.prod.alienvault.cloud/investigations/v3/investigations/{investigationId}/notes/{noteId} \
  -H 'Accept: application/json' \
  -H 'Authorization: Bearer {id-token}'

DELETE https://investigations.us-east-1.prod.alienvault.cloud/investigations/v3/investigations/{investigationId}/notes/{noteId} HTTP/1.1
Host: investigations.us-east-1.prod.alienvault.cloud
Accept: application/json


const headers = {
  'Accept':'application/json',
  'Authorization':'Bearer {id-token}'
};

fetch('https://investigations.us-east-1.prod.alienvault.cloud/investigations/v3/investigations/{investigationId}/notes/{noteId}',
{
  method: 'DELETE',

  headers: headers
})
.then(function(res) {
    return res.json();
}).then(function(body) {
    console.log(body);
});

require 'rest-client'
require 'json'

headers = {
  'Accept' => 'application/json',
  'Authorization' => 'Bearer {id-token}'
}

result = RestClient.delete 'https://investigations.us-east-1.prod.alienvault.cloud/investigations/v3/investigations/{investigationId}/notes/{noteId}',
  params: {
  }, headers: headers

p JSON.parse(result)

import requests
headers = {
  'Accept': 'application/json',
  'Authorization': 'Bearer {id-token}'
}

r = requests.delete('https://investigations.us-east-1.prod.alienvault.cloud/investigations/v3/investigations/{investigationId}/notes/{noteId}', headers = headers)

print(r.json())

<?php

require 'vendor/autoload.php';

$headers = array(
    'Accept' => 'application/json',
    'Authorization' => 'Bearer {id-token}',
);

$client = new \GuzzleHttp\Client();

// Define array of request body.
$request_body = array();

try {
    $response = $client->request('DELETE','https://investigations.us-east-1.prod.alienvault.cloud/investigations/v3/investigations/{investigationId}/notes/{noteId}', array(
        'headers' => $headers,
        'json' => $request_body,
       )
    );
    print_r($response->getBody()->getContents());
 }
 catch (\GuzzleHttp\Exception\BadResponseException $e) {
    // handle exception or api errors.
    print_r($e->getMessage());
 }

 // ...

URL obj = new URL("https://investigations.us-east-1.prod.alienvault.cloud/investigations/v3/investigations/{investigationId}/notes/{noteId}");
HttpURLConnection con = (HttpURLConnection) obj.openConnection();
con.setRequestMethod("DELETE");
int responseCode = con.getResponseCode();
BufferedReader in = new BufferedReader(
    new InputStreamReader(con.getInputStream()));
String inputLine;
StringBuffer response = new StringBuffer();
while ((inputLine = in.readLine()) != null) {
    response.append(inputLine);
}
in.close();
System.out.println(response.toString());

package main

import (
       "bytes"
       "net/http"
)

func main() {

    headers := map[string][]string{
        "Accept": []string{"application/json"},
        "Authorization": []string{"Bearer {id-token}"},
    }

    data := bytes.NewBuffer([]byte{jsonReq})
    req, err := http.NewRequest("DELETE", "https://investigations.us-east-1.prod.alienvault.cloud/investigations/v3/investigations/{investigationId}/notes/{noteId}", data)
    req.Header = headers

    client := &http.Client{}
    resp, err := client.Do(req)
    // ...
}

DELETE /investigations/{investigationId}/notes/{noteId}

Parameters

Name In Type Required Description
investigationId path string(uuid) true The unique identifier of an investigation.
noteId path string(uuid) true The unique identifier of a note.

Example responses

400 Response

{
  "errorId": "string",
  "message": "string",
  "variables": [
    "string"
  ],
  "errorUrl": "http://example.com"
}

Responses

Status Meaning Description Schema
204 No Content No Content None
400 Bad Request Bad Request - Many possible reasons associated with the request (form, content, etc.). Do not resubmit this request unchanged. errorBody
401 Unauthorized Unauthorized - Authentication failed or was not provided in the Authorization header. None
403 Forbidden Forbidden - The client has insufficient permissions to access the resource. None
404 Not Found Not Found - The server has not found anything matching the Request-URI. No indication is given of whether the condition is temporary or permanent. None
429 Too Many Requests Too Many Requests None
431 Request Header Fields Too Large Request Header Fields Too Large - either an individual header or the headers as a whole. None
500 Internal Server Error Internal Sever Error - The server encountered an internal error or timed out. Please try again later. None
503 Service Unavailable Service Unavailable - The server is currently unable to receive requests. Please try again later. None

Schemas

gAttachment

{
  "_links": {
    "self": {
      "href": "http://example.com"
    },
    "download": {
      "href": "http://example.com"
    }
  },
  "id": "497f6eca-6276-4993-bfeb-53cbbbba6f08",
  "private": true,
  "name": "string",
  "size": 0,
  "created": {
    "by": "user@example.com",
    "on": "2019-08-24T14:15:22Z"
  },
  "lastModified": {
    "by": "user@example.com",
    "on": "2019-08-24T14:15:22Z"
  }
}

getAttachment

Properties

None

gEvidence

{
  "_links": {
    "self": {
      "href": "http://example.com"
    }
  },
  "id": "497f6eca-6276-4993-bfeb-53cbbbba6f08",
  "urn": "string",
  "summary": "string",
  "created": {
    "by": "user@example.com",
    "on": "2019-08-24T14:15:22Z"
  }
}

getEvidence

Properties

None

pEvidence

{
  "urn": "string",
  "summary": "string"
}

createEvidence

Properties

None

gHistory

{
  "id": "497f6eca-6276-4993-bfeb-53cbbbba6f08",
  "modified": {
    "by": "user@example.com",
    "on": "2019-08-24T14:15:22Z"
  },
  "target": {
    "type": "investigation",
    "id": "497f6eca-6276-4993-bfeb-53cbbbba6f08"
  },
  "action": "Created"
}

getHistory

Properties

None

gInvestigation

{
  "_links": {
    "self": {
      "href": "http://example.com"
    },
    "attachments": {
      "href": "http://example.com"
    },
    "evidence": {
      "href": "http://example.com"
    },
    "notes": {
      "href": "http://example.com"
    },
    "history": {
      "href": "http://example.com"
    }
  },
  "_embedded": {
    "attachments": {
      "elements": 0
    },
    "evidence": {
      "elements": 0
    },
    "notes": {
      "elements": 0
    },
    "history": {
      "elements": 0
    }
  },
  "id": "497f6eca-6276-4993-bfeb-53cbbbba6f08",
  "i3": "string",
  "title": "string",
  "description": "string",
  "deployment": "http://example.com",
  "private": true,
  "status": "Open",
  "intent": "Exploitation & Installation",
  "severity": "None",
  "assignedTo": "user@example.com",
  "created": {
    "by": "user@example.com",
    "on": "2019-08-24T14:15:22Z"
  },
  "lastModified": {
    "by": "user@example.com",
    "on": "2019-08-24T14:15:22Z"
  }
}

getInvestigation

Properties

Name Type Required Restrictions Description
_links object false none none
_embedded object false none none
» attachments object false none The number of associated attachments visible to the requesting user
»» elements integer false none none
» evidence object false none The number of associated evidence object
»» elements integer false none none
» notes object false none The number of associated notes visible to the requesting user
»» elements integer false none none
» history object false none The number of changes in the investigation history
»» elements integer false none none

pInvestigation

{
  "title": "string",
  "description": "string",
  "deployment": "http://example.com",
  "private": true,
  "status": "Open",
  "severity": "None",
  "intent": "Exploitation & Installation"
}

createInvestigation

Properties

None

gNote

{
  "_links": {
    "self": {
      "href": "http://example.com"
    }
  },
  "id": "497f6eca-6276-4993-bfeb-53cbbbba6f08",
  "private": true,
  "message": "string",
  "created": {
    "by": "user@example.com",
    "on": "2019-08-24T14:15:22Z"
  },
  "lastModified": {
    "by": "user@example.com",
    "on": "2019-08-24T14:15:22Z"
  }
}

getNote

Properties

None

pNote

{
  "message": "string",
  "private": true
}

createNoteReq

Properties

None

assignedTo

"user@example.com"

assignedTo

Properties

Name Type Required Restrictions Description
assignedTo string(email) false none Email of the user receiving the assignment.

created

{
  "by": "user@example.com",
  "on": "2019-08-24T14:15:22Z"
}

Specifies when the resource was created and by whom.

Properties

None

deployment

"http://example.com"

deployment

Properties

Name Type Required Restrictions Description
deployment string(uri) false none URI of the USM Anywhere deployment.

description

"string"

description

Properties

Name Type Required Restrictions Description
description string false none Description of the investigation.

file

"string"

file

Properties

Name Type Required Restrictions Description
file string(binary) false none File in the attachment.

fileName

"string"

fileName

Properties

Name Type Required Restrictions Description
fileName string false none Name of the file.

fileSize

0

fileSize

Properties

Name Type Required Restrictions Description
fileSize integer false none Size of the file in bytes.

i3

"string"

i3

Properties

Name Type Required Restrictions Description
i3 string false none Allows you to specify an alternative identifier for the investigation so that it is simple to integrate with your existing systems and processes.

i11nId

"497f6eca-6276-4993-bfeb-53cbbbba6f08"

ID of the investigation.

Properties

None

id

"497f6eca-6276-4993-bfeb-53cbbbba6f08"

id

Properties

Name Type Required Restrictions Description
id string(uuid) false none Unique identifier of the resource.

intent

"Exploitation & Installation"

intent

Properties

Name Type Required Restrictions Description
intent string false none Intent of the investigation.

Enumerated Values

Property Value
intent Exploitation & Installation
intent Delivery & Attack
intent Reconnaissance & Probing
intent Environmental Awareness

lastModified

{
  "by": "user@example.com",
  "on": "2019-08-24T14:15:22Z"
}

lastModified

Properties

None

message

"string"

message

Properties

Name Type Required Restrictions Description
message string false none Text in a note.

private

true

Specifies the visibility of the item. This semantic is only valid when there exists a relationship between a USM Central deployment and a USM Anywhere deployment. When set to true, only the users within the same deployment, USM Central or USM Anywhere, can see the item; the users from the other deployment cannot.

Properties

Name Type Required Restrictions Description
anonymous boolean false none Specifies the visibility of the item. This semantic is only valid when there exists a relationship between a USM Central deployment and a USM Anywhere deployment. When set to true, only the users within the same deployment, USM Central or USM Anywhere, can see the item; the users from the other deployment cannot.

severity

"None"

severity

Properties

Name Type Required Restrictions Description
severity string false none Severity of the investigation.

Enumerated Values

Property Value
severity None
severity Low
severity Medium
severity High
severity Critical

summary

"string"

summary

Properties

Name Type Required Restrictions Description
summary string false none Summary information from the source object providing the evidence. Such information is not subject to change or modified by a user.

status

"Open"

status

Properties

Name Type Required Restrictions Description
status string false none Status of the investigation.

Enumerated Values

Property Value
status Open
status In Review
status Closed

targetType

"investigation"

targetType

Properties

Name Type Required Restrictions Description
targetType string false none Type of the resource.

Enumerated Values

Property Value
targetType investigation
targetType evidence
targetType attachment
targetType note

i11nTitle

"string"

title

Properties

Name Type Required Restrictions Description
title string false none Title of the investigation.

urn

"string"

urn

Properties

Name Type Required Restrictions Description
urn string false none Uniform Resource Name (URN) of the evidence. It may contain an alarm, event, user, asset, or other information as edidence for the investigation.

_modOnBy

{
  "by": "user@example.com",
  "on": "2019-08-24T14:15:22Z"
}

_mod_on_by

Properties

Name Type Required Restrictions Description
by string(email) true none Email of the user who made the change.
on string(date-time) true none Date and time when the change was made. Accepted format is ISO-8601 YYYY-MM-DDThh:mm:ss.sTZD.

action

"Created"

action

Properties

Name Type Required Restrictions Description
action string false none Action taken on the resource.

Enumerated Values

Property Value
action Created
action Modified
action Deleted

href

{
  "href": "http://example.com"
}

An absolute URI [RFC3986]

Properties

Name Type Required Restrictions Description
href string(uri) false none An absolute URI [RFC3986]

{
  "href": "http://example.com"
}

References the returned resource

Properties

None

linksSelf

{
  "self": {
    "href": "http://example.com"
  }
}

Properties

None

linksAttachment

{
  "self": {
    "href": "http://example.com"
  },
  "download": {
    "href": "http://example.com"
  }
}

Properties

None

errorBody

{
  "errorId": "string",
  "message": "string",
  "variables": [
    "string"
  ],
  "errorUrl": "http://example.com"
}

errorBody

Properties

Name Type Required Restrictions Description
errorId string true none Unique errorId in the context of an API.

Recommendation: two hyphen-delimited subfields:
* Domain: identifies the API, application, service or general
category to which the error belongs.
* Code: provides a unique numeric code within the domain.

Examples: General-0001, DataDict-0001
message string true none Message text
variables [string] false none List of zero or more strings that represent the contents of the variables used by the message text.
errorUrl string(uri) false none Hyperlink to more information about the error, including causes and solutions.