Investigations API v3
Scroll down for code samples, example requests and responses. Select a language for code samples from the tabs above or the mobile navigation menu.
This document contains the API specification for the Investigations microservice. You can use this API to build, delete, modify, or list the Investigation objects, which may contain attachments, evidence, or notes.
Base URLs:
Authentication
- HTTP Authentication, scheme: bearer
- See Investigations APIs for details.
Attachments
List Attachments
Code samples
# You can also use wget
curl -X GET https://investigations.us-east-1.prod.alienvault.cloud/investigations/v3/investigations/{investigationId}/attachments \
-H 'Accept: application/json' \
-H 'Authorization: Bearer {id-token}'
GET https://investigations.us-east-1.prod.alienvault.cloud/investigations/v3/investigations/{investigationId}/attachments HTTP/1.1
Host: investigations.us-east-1.prod.alienvault.cloud
Accept: application/json
const headers = {
'Accept':'application/json',
'Authorization':'Bearer {id-token}'
};
fetch('https://investigations.us-east-1.prod.alienvault.cloud/investigations/v3/investigations/{investigationId}/attachments',
{
method: 'GET',
headers: headers
})
.then(function(res) {
return res.json();
}).then(function(body) {
console.log(body);
});
require 'rest-client'
require 'json'
headers = {
'Accept' => 'application/json',
'Authorization' => 'Bearer {id-token}'
}
result = RestClient.get 'https://investigations.us-east-1.prod.alienvault.cloud/investigations/v3/investigations/{investigationId}/attachments',
params: {
}, headers: headers
p JSON.parse(result)
import requests
headers = {
'Accept': 'application/json',
'Authorization': 'Bearer {id-token}'
}
r = requests.get('https://investigations.us-east-1.prod.alienvault.cloud/investigations/v3/investigations/{investigationId}/attachments', headers = headers)
print(r.json())
<?php
require 'vendor/autoload.php';
$headers = array(
'Accept' => 'application/json',
'Authorization' => 'Bearer {id-token}',
);
$client = new \GuzzleHttp\Client();
// Define array of request body.
$request_body = array();
try {
$response = $client->request('GET','https://investigations.us-east-1.prod.alienvault.cloud/investigations/v3/investigations/{investigationId}/attachments', array(
'headers' => $headers,
'json' => $request_body,
)
);
print_r($response->getBody()->getContents());
}
catch (\GuzzleHttp\Exception\BadResponseException $e) {
// handle exception or api errors.
print_r($e->getMessage());
}
// ...
URL obj = new URL("https://investigations.us-east-1.prod.alienvault.cloud/investigations/v3/investigations/{investigationId}/attachments");
HttpURLConnection con = (HttpURLConnection) obj.openConnection();
con.setRequestMethod("GET");
int responseCode = con.getResponseCode();
BufferedReader in = new BufferedReader(
new InputStreamReader(con.getInputStream()));
String inputLine;
StringBuffer response = new StringBuffer();
while ((inputLine = in.readLine()) != null) {
response.append(inputLine);
}
in.close();
System.out.println(response.toString());
package main
import (
"bytes"
"net/http"
)
func main() {
headers := map[string][]string{
"Accept": []string{"application/json"},
"Authorization": []string{"Bearer {id-token}"},
}
data := bytes.NewBuffer([]byte{jsonReq})
req, err := http.NewRequest("GET", "https://investigations.us-east-1.prod.alienvault.cloud/investigations/v3/investigations/{investigationId}/attachments", data)
req.Header = headers
client := &http.Client{}
resp, err := client.Do(req)
// ...
}
- Returns a list of attachments associated with an investigation.
GET /investigations/{investigationId}/attachments
Parameters
Name | In | Type | Required | Description |
---|---|---|---|---|
investigationId | path | string(uuid) | true | The unique identifier of an investigation. |
Example responses
200 Response
{
"_links": {
"self": {
"href": "http://example.com"
},
"download": {
"href": "http://example.com"
}
},
"_embedded": {},
"attachments": [
{
"_links": {
"self": {
"href": "http://example.com"
},
"download": {
"href": "http://example.com"
}
},
"id": "497f6eca-6276-4993-bfeb-53cbbbba6f08",
"private": true,
"name": "string",
"size": 0,
"created": {
"by": "user@example.com",
"on": "2019-08-24T14:15:22Z"
},
"lastModified": {
"by": "user@example.com",
"on": "2019-08-24T14:15:22Z"
}
}
]
}
Responses
Status | Meaning | Description | Schema |
---|---|---|---|
200 | OK | OK | Inline |
400 | Bad Request | Bad Request - Many possible reasons associated with the request (form, content, etc.). Do not resubmit this request unchanged. | errorBody |
401 | Unauthorized | Unauthorized - Authentication failed or was not provided in the Authorization header. | None |
403 | Forbidden | Forbidden - The client has insufficient permissions to access the resource. | None |
404 | Not Found | Not Found - The server has not found anything matching the Request-URI. No indication is given of whether the condition is temporary or permanent. | None |
406 | Not Acceptable | Not Acceptable - The value specified for the Accept header in the request is not supported. Acceptable value is "application/json". | None |
429 | Too Many Requests | Too Many Requests | None |
500 | Internal Server Error | Internal Sever Error - The server encountered an internal error or timed out. Please try again later. | None |
503 | Service Unavailable | Service Unavailable - The server is currently unable to receive requests. Please try again later. | None |
Create an Attachment
Code samples
# You can also use wget
curl -X POST https://investigations.us-east-1.prod.alienvault.cloud/investigations/v3/investigations/{investigationId}/attachments \
-H 'Content-Type: multipart/form-data' \
-H 'Accept: application/json' \
-H 'Authorization: Bearer {id-token}'
POST https://investigations.us-east-1.prod.alienvault.cloud/investigations/v3/investigations/{investigationId}/attachments HTTP/1.1
Host: investigations.us-east-1.prod.alienvault.cloud
Content-Type: multipart/form-data
Accept: application/json
const inputBody = '{
"private": true,
"filename": "string"
}';
const headers = {
'Content-Type':'multipart/form-data',
'Accept':'application/json',
'Authorization':'Bearer {id-token}'
};
fetch('https://investigations.us-east-1.prod.alienvault.cloud/investigations/v3/investigations/{investigationId}/attachments',
{
method: 'POST',
body: inputBody,
headers: headers
})
.then(function(res) {
return res.json();
}).then(function(body) {
console.log(body);
});
require 'rest-client'
require 'json'
headers = {
'Content-Type' => 'multipart/form-data',
'Accept' => 'application/json',
'Authorization' => 'Bearer {id-token}'
}
result = RestClient.post 'https://investigations.us-east-1.prod.alienvault.cloud/investigations/v3/investigations/{investigationId}/attachments',
params: {
}, headers: headers
p JSON.parse(result)
import requests
headers = {
'Content-Type': 'multipart/form-data',
'Accept': 'application/json',
'Authorization': 'Bearer {id-token}'
}
r = requests.post('https://investigations.us-east-1.prod.alienvault.cloud/investigations/v3/investigations/{investigationId}/attachments', headers = headers)
print(r.json())
<?php
require 'vendor/autoload.php';
$headers = array(
'Content-Type' => 'multipart/form-data',
'Accept' => 'application/json',
'Authorization' => 'Bearer {id-token}',
);
$client = new \GuzzleHttp\Client();
// Define array of request body.
$request_body = array();
try {
$response = $client->request('POST','https://investigations.us-east-1.prod.alienvault.cloud/investigations/v3/investigations/{investigationId}/attachments', array(
'headers' => $headers,
'json' => $request_body,
)
);
print_r($response->getBody()->getContents());
}
catch (\GuzzleHttp\Exception\BadResponseException $e) {
// handle exception or api errors.
print_r($e->getMessage());
}
// ...
URL obj = new URL("https://investigations.us-east-1.prod.alienvault.cloud/investigations/v3/investigations/{investigationId}/attachments");
HttpURLConnection con = (HttpURLConnection) obj.openConnection();
con.setRequestMethod("POST");
int responseCode = con.getResponseCode();
BufferedReader in = new BufferedReader(
new InputStreamReader(con.getInputStream()));
String inputLine;
StringBuffer response = new StringBuffer();
while ((inputLine = in.readLine()) != null) {
response.append(inputLine);
}
in.close();
System.out.println(response.toString());
package main
import (
"bytes"
"net/http"
)
func main() {
headers := map[string][]string{
"Content-Type": []string{"multipart/form-data"},
"Accept": []string{"application/json"},
"Authorization": []string{"Bearer {id-token}"},
}
data := bytes.NewBuffer([]byte{jsonReq})
req, err := http.NewRequest("POST", "https://investigations.us-east-1.prod.alienvault.cloud/investigations/v3/investigations/{investigationId}/attachments", data)
req.Header = headers
client := &http.Client{}
resp, err := client.Do(req)
// ...
}
- Creates an attachment for an investigation.
POST /investigations/{investigationId}/attachments
Body parameter
private: true
filename: string
Parameters
Name | In | Type | Required | Description |
---|---|---|---|---|
body | body | object | false | The POST body is a muilt-part format which includes both the properties as well as the file. |
investigationId | path | string(uuid) | true | The unique identifier of an investigation. |
Example responses
201 Response
{
"_links": {
"self": {
"href": "http://example.com"
},
"download": {
"href": "http://example.com"
}
},
"id": "497f6eca-6276-4993-bfeb-53cbbbba6f08",
"private": true,
"name": "string",
"size": 0,
"created": {
"by": "user@example.com",
"on": "2019-08-24T14:15:22Z"
},
"lastModified": {
"by": "user@example.com",
"on": "2019-08-24T14:15:22Z"
}
}
Responses
Status | Meaning | Description | Schema |
---|---|---|---|
201 | Created | CREATED | gAttachment |
400 | Bad Request | Bad Request - Many possible reasons associated with the request (form, content, etc.). Do not resubmit this request unchanged. | errorBody |
401 | Unauthorized | Unauthorized - Authentication failed or was not provided in the Authorization header. | None |
403 | Forbidden | Forbidden - The client has insufficient permissions to access the resource. | None |
404 | Not Found | Not Found - The server has not found anything matching the Request-URI. No indication is given of whether the condition is temporary or permanent. | None |
406 | Not Acceptable | Not Acceptable - The value specified for the Accept header in the request is not supported. Acceptable value is "application/json". | None |
411 | Length Required | Length Required - The Content-Length header was not specified. | None |
415 | Unsupported Media Type | Unsupported Media Type - The value specified for the Content-Type header in the request is not supported. Acceptable value is "application/json". | None |
422 | Unprocessable Entity | Unprocessable Entity - The multiform request body does not appear to be a valid multiform type. | None |
429 | Too Many Requests | Too Many Requests | None |
500 | Internal Server Error | Internal Sever Error - The server encountered an internal error or timed out. Please try again later. | None |
503 | Service Unavailable | Service Unavailable - The server is currently unable to receive requests. Please try again later. | None |
Download an Attachment
Code samples
# You can also use wget
curl -X GET https://investigations.us-east-1.prod.alienvault.cloud/investigations/v3/investigations/{investigationId}/attachments/{attachmentId} \
-H 'Accept: application/json' \
-H 'Authorization: Bearer {id-token}'
GET https://investigations.us-east-1.prod.alienvault.cloud/investigations/v3/investigations/{investigationId}/attachments/{attachmentId} HTTP/1.1
Host: investigations.us-east-1.prod.alienvault.cloud
Accept: application/json
const headers = {
'Accept':'application/json',
'Authorization':'Bearer {id-token}'
};
fetch('https://investigations.us-east-1.prod.alienvault.cloud/investigations/v3/investigations/{investigationId}/attachments/{attachmentId}',
{
method: 'GET',
headers: headers
})
.then(function(res) {
return res.json();
}).then(function(body) {
console.log(body);
});
require 'rest-client'
require 'json'
headers = {
'Accept' => 'application/json',
'Authorization' => 'Bearer {id-token}'
}
result = RestClient.get 'https://investigations.us-east-1.prod.alienvault.cloud/investigations/v3/investigations/{investigationId}/attachments/{attachmentId}',
params: {
}, headers: headers
p JSON.parse(result)
import requests
headers = {
'Accept': 'application/json',
'Authorization': 'Bearer {id-token}'
}
r = requests.get('https://investigations.us-east-1.prod.alienvault.cloud/investigations/v3/investigations/{investigationId}/attachments/{attachmentId}', headers = headers)
print(r.json())
<?php
require 'vendor/autoload.php';
$headers = array(
'Accept' => 'application/json',
'Authorization' => 'Bearer {id-token}',
);
$client = new \GuzzleHttp\Client();
// Define array of request body.
$request_body = array();
try {
$response = $client->request('GET','https://investigations.us-east-1.prod.alienvault.cloud/investigations/v3/investigations/{investigationId}/attachments/{attachmentId}', array(
'headers' => $headers,
'json' => $request_body,
)
);
print_r($response->getBody()->getContents());
}
catch (\GuzzleHttp\Exception\BadResponseException $e) {
// handle exception or api errors.
print_r($e->getMessage());
}
// ...
URL obj = new URL("https://investigations.us-east-1.prod.alienvault.cloud/investigations/v3/investigations/{investigationId}/attachments/{attachmentId}");
HttpURLConnection con = (HttpURLConnection) obj.openConnection();
con.setRequestMethod("GET");
int responseCode = con.getResponseCode();
BufferedReader in = new BufferedReader(
new InputStreamReader(con.getInputStream()));
String inputLine;
StringBuffer response = new StringBuffer();
while ((inputLine = in.readLine()) != null) {
response.append(inputLine);
}
in.close();
System.out.println(response.toString());
package main
import (
"bytes"
"net/http"
)
func main() {
headers := map[string][]string{
"Accept": []string{"application/json"},
"Authorization": []string{"Bearer {id-token}"},
}
data := bytes.NewBuffer([]byte{jsonReq})
req, err := http.NewRequest("GET", "https://investigations.us-east-1.prod.alienvault.cloud/investigations/v3/investigations/{investigationId}/attachments/{attachmentId}", data)
req.Header = headers
client := &http.Client{}
resp, err := client.Do(req)
// ...
}
- Returns an attachment associated with an investigtion.
GET /investigations/{investigationId}/attachments/{attachmentId}
Parameters
Name | In | Type | Required | Description |
---|---|---|---|---|
investigationId | path | string(uuid) | true | The unique identifier of an investigation. |
attachmentId | path | string(uuid) | true | The unique identifier of an attachment. |
Example responses
200 Response
{
"_links": {
"self": {
"href": "http://example.com"
},
"download": {
"href": "http://example.com"
}
},
"id": "497f6eca-6276-4993-bfeb-53cbbbba6f08",
"private": true,
"name": "string",
"size": 0,
"created": {
"by": "user@example.com",
"on": "2019-08-24T14:15:22Z"
},
"lastModified": {
"by": "user@example.com",
"on": "2019-08-24T14:15:22Z"
}
}
Responses
Status | Meaning | Description | Schema |
---|---|---|---|
200 | OK | OK | gAttachment |
400 | Bad Request | Bad Request - Many possible reasons associated with the request (form, content, etc.). Do not resubmit this request unchanged. | errorBody |
401 | Unauthorized | Unauthorized - Authentication failed or was not provided in the Authorization header. | None |
403 | Forbidden | Forbidden - The client has insufficient permissions to access the resource. | None |
404 | Not Found | Not Found - The server has not found anything matching the Request-URI. No indication is given of whether the condition is temporary or permanent. | None |
406 | Not Acceptable | Not Acceptable - The value specified for the Accept header in the request is not supported. Acceptable value is "application/json". | None |
429 | Too Many Requests | Too Many Requests | None |
500 | Internal Server Error | Internal Sever Error - The server encountered an internal error or timed out. Please try again later. | None |
503 | Service Unavailable | Service Unavailable - The server is currently unable to receive requests. Please try again later. | None |
Modify an Attachment
Code samples
# You can also use wget
curl -X PUT https://investigations.us-east-1.prod.alienvault.cloud/investigations/v3/investigations/{investigationId}/attachments/{attachmentId} \
-H 'Content-Type: application/json' \
-H 'Accept: application/json' \
-H 'Authorization: Bearer {id-token}'
PUT https://investigations.us-east-1.prod.alienvault.cloud/investigations/v3/investigations/{investigationId}/attachments/{attachmentId} HTTP/1.1
Host: investigations.us-east-1.prod.alienvault.cloud
Content-Type: application/json
Accept: application/json
const inputBody = '{
"private": true,
"filename": "string"
}';
const headers = {
'Content-Type':'application/json',
'Accept':'application/json',
'Authorization':'Bearer {id-token}'
};
fetch('https://investigations.us-east-1.prod.alienvault.cloud/investigations/v3/investigations/{investigationId}/attachments/{attachmentId}',
{
method: 'PUT',
body: inputBody,
headers: headers
})
.then(function(res) {
return res.json();
}).then(function(body) {
console.log(body);
});
require 'rest-client'
require 'json'
headers = {
'Content-Type' => 'application/json',
'Accept' => 'application/json',
'Authorization' => 'Bearer {id-token}'
}
result = RestClient.put 'https://investigations.us-east-1.prod.alienvault.cloud/investigations/v3/investigations/{investigationId}/attachments/{attachmentId}',
params: {
}, headers: headers
p JSON.parse(result)
import requests
headers = {
'Content-Type': 'application/json',
'Accept': 'application/json',
'Authorization': 'Bearer {id-token}'
}
r = requests.put('https://investigations.us-east-1.prod.alienvault.cloud/investigations/v3/investigations/{investigationId}/attachments/{attachmentId}', headers = headers)
print(r.json())
<?php
require 'vendor/autoload.php';
$headers = array(
'Content-Type' => 'application/json',
'Accept' => 'application/json',
'Authorization' => 'Bearer {id-token}',
);
$client = new \GuzzleHttp\Client();
// Define array of request body.
$request_body = array();
try {
$response = $client->request('PUT','https://investigations.us-east-1.prod.alienvault.cloud/investigations/v3/investigations/{investigationId}/attachments/{attachmentId}', array(
'headers' => $headers,
'json' => $request_body,
)
);
print_r($response->getBody()->getContents());
}
catch (\GuzzleHttp\Exception\BadResponseException $e) {
// handle exception or api errors.
print_r($e->getMessage());
}
// ...
URL obj = new URL("https://investigations.us-east-1.prod.alienvault.cloud/investigations/v3/investigations/{investigationId}/attachments/{attachmentId}");
HttpURLConnection con = (HttpURLConnection) obj.openConnection();
con.setRequestMethod("PUT");
int responseCode = con.getResponseCode();
BufferedReader in = new BufferedReader(
new InputStreamReader(con.getInputStream()));
String inputLine;
StringBuffer response = new StringBuffer();
while ((inputLine = in.readLine()) != null) {
response.append(inputLine);
}
in.close();
System.out.println(response.toString());
package main
import (
"bytes"
"net/http"
)
func main() {
headers := map[string][]string{
"Content-Type": []string{"application/json"},
"Accept": []string{"application/json"},
"Authorization": []string{"Bearer {id-token}"},
}
data := bytes.NewBuffer([]byte{jsonReq})
req, err := http.NewRequest("PUT", "https://investigations.us-east-1.prod.alienvault.cloud/investigations/v3/investigations/{investigationId}/attachments/{attachmentId}", data)
req.Header = headers
client := &http.Client{}
resp, err := client.Do(req)
// ...
}
- Modifies the properties of an attachment.
PUT /investigations/{investigationId}/attachments/{attachmentId}
Body parameter
{
"private": true,
"filename": "string"
}
Parameters
Name | In | Type | Required | Description |
---|---|---|---|---|
body | body | object | false | The PUT body holds the attributes associated with the attachment. |
investigationId | path | string(uuid) | true | The unique identifier of an investigation. |
attachmentId | path | string(uuid) | true | The unique identifier of an attachment. |
Example responses
200 Response
{
"_links": {
"self": {
"href": "http://example.com"
},
"download": {
"href": "http://example.com"
}
},
"id": "497f6eca-6276-4993-bfeb-53cbbbba6f08",
"private": true,
"name": "string",
"size": 0,
"created": {
"by": "user@example.com",
"on": "2019-08-24T14:15:22Z"
},
"lastModified": {
"by": "user@example.com",
"on": "2019-08-24T14:15:22Z"
}
}
Responses
Status | Meaning | Description | Schema |
---|---|---|---|
200 | OK | OK | gAttachment |
400 | Bad Request | Bad Request - Many possible reasons associated with the request (form, content, etc.). Do not resubmit this request unchanged. | errorBody |
401 | Unauthorized | Unauthorized - Authentication failed or was not provided in the Authorization header. | None |
403 | Forbidden | Forbidden - The client has insufficient permissions to access the resource. | None |
404 | Not Found | Not Found - The server has not found anything matching the Request-URI. No indication is given of whether the condition is temporary or permanent. | None |
406 | Not Acceptable | Not Acceptable - The value specified for the Accept header in the request is not supported. Acceptable value is "application/json". | None |
411 | Length Required | Length Required - The Content-Length header was not specified. | None |
415 | Unsupported Media Type | Unsupported Media Type - The value specified for the Content-Type header in the request is not supported. Acceptable value is "application/json". | None |
429 | Too Many Requests | Too Many Requests | None |
431 | Request Header Fields Too Large | Request Header Fields Too Large - either an individual header or the headers as a whole. | None |
500 | Internal Server Error | Internal Sever Error - The server encountered an internal error or timed out. Please try again later. | None |
503 | Service Unavailable | Service Unavailable - The server is currently unable to receive requests. Please try again later. | None |
Delete an Attachment
Code samples
# You can also use wget
curl -X DELETE https://investigations.us-east-1.prod.alienvault.cloud/investigations/v3/investigations/{investigationId}/attachments/{attachmentId} \
-H 'Accept: application/json' \
-H 'Authorization: Bearer {id-token}'
DELETE https://investigations.us-east-1.prod.alienvault.cloud/investigations/v3/investigations/{investigationId}/attachments/{attachmentId} HTTP/1.1
Host: investigations.us-east-1.prod.alienvault.cloud
Accept: application/json
const headers = {
'Accept':'application/json',
'Authorization':'Bearer {id-token}'
};
fetch('https://investigations.us-east-1.prod.alienvault.cloud/investigations/v3/investigations/{investigationId}/attachments/{attachmentId}',
{
method: 'DELETE',
headers: headers
})
.then(function(res) {
return res.json();
}).then(function(body) {
console.log(body);
});
require 'rest-client'
require 'json'
headers = {
'Accept' => 'application/json',
'Authorization' => 'Bearer {id-token}'
}
result = RestClient.delete 'https://investigations.us-east-1.prod.alienvault.cloud/investigations/v3/investigations/{investigationId}/attachments/{attachmentId}',
params: {
}, headers: headers
p JSON.parse(result)
import requests
headers = {
'Accept': 'application/json',
'Authorization': 'Bearer {id-token}'
}
r = requests.delete('https://investigations.us-east-1.prod.alienvault.cloud/investigations/v3/investigations/{investigationId}/attachments/{attachmentId}', headers = headers)
print(r.json())
<?php
require 'vendor/autoload.php';
$headers = array(
'Accept' => 'application/json',
'Authorization' => 'Bearer {id-token}',
);
$client = new \GuzzleHttp\Client();
// Define array of request body.
$request_body = array();
try {
$response = $client->request('DELETE','https://investigations.us-east-1.prod.alienvault.cloud/investigations/v3/investigations/{investigationId}/attachments/{attachmentId}', array(
'headers' => $headers,
'json' => $request_body,
)
);
print_r($response->getBody()->getContents());
}
catch (\GuzzleHttp\Exception\BadResponseException $e) {
// handle exception or api errors.
print_r($e->getMessage());
}
// ...
URL obj = new URL("https://investigations.us-east-1.prod.alienvault.cloud/investigations/v3/investigations/{investigationId}/attachments/{attachmentId}");
HttpURLConnection con = (HttpURLConnection) obj.openConnection();
con.setRequestMethod("DELETE");
int responseCode = con.getResponseCode();
BufferedReader in = new BufferedReader(
new InputStreamReader(con.getInputStream()));
String inputLine;
StringBuffer response = new StringBuffer();
while ((inputLine = in.readLine()) != null) {
response.append(inputLine);
}
in.close();
System.out.println(response.toString());
package main
import (
"bytes"
"net/http"
)
func main() {
headers := map[string][]string{
"Accept": []string{"application/json"},
"Authorization": []string{"Bearer {id-token}"},
}
data := bytes.NewBuffer([]byte{jsonReq})
req, err := http.NewRequest("DELETE", "https://investigations.us-east-1.prod.alienvault.cloud/investigations/v3/investigations/{investigationId}/attachments/{attachmentId}", data)
req.Header = headers
client := &http.Client{}
resp, err := client.Do(req)
// ...
}
- Removes an attachment from an investigation.
DELETE /investigations/{investigationId}/attachments/{attachmentId}
Parameters
Name | In | Type | Required | Description |
---|---|---|---|---|
investigationId | path | string(uuid) | true | The unique identifier of an investigation. |
attachmentId | path | string(uuid) | true | The unique identifier of an attachment. |
Example responses
400 Response
{
"errorId": "string",
"message": "string",
"variables": [
"string"
],
"errorUrl": "http://example.com"
}
Responses
Status | Meaning | Description | Schema |
---|---|---|---|
204 | No Content | No Content | None |
400 | Bad Request | Bad Request - Many possible reasons associated with the request (form, content, etc.). Do not resubmit this request unchanged. | errorBody |
401 | Unauthorized | Unauthorized - Authentication failed or was not provided in the Authorization header. | None |
403 | Forbidden | Forbidden - The client has insufficient permissions to access the resource. | None |
404 | Not Found | Not Found - The server has not found anything matching the Request-URI. No indication is given of whether the condition is temporary or permanent. | None |
429 | Too Many Requests | Too Many Requests | None |
431 | Request Header Fields Too Large | Request Header Fields Too Large - either an individual header or the headers as a whole. | None |
500 | Internal Server Error | Internal Sever Error - The server encountered an internal error or timed out. Please try again later. | None |
503 | Service Unavailable | Service Unavailable - The server is currently unable to receive requests. Please try again later. | None |
Download an attachment
Code samples
# You can also use wget
curl -X GET https://investigations.us-east-1.prod.alienvault.cloud/investigations/v3/investigations/{investigationId}/attachments/{attachmentId}/download \
-H 'Accept: application/octet-stream' \
-H 'Authorization: Bearer {id-token}'
GET https://investigations.us-east-1.prod.alienvault.cloud/investigations/v3/investigations/{investigationId}/attachments/{attachmentId}/download HTTP/1.1
Host: investigations.us-east-1.prod.alienvault.cloud
Accept: application/octet-stream
const headers = {
'Accept':'application/octet-stream',
'Authorization':'Bearer {id-token}'
};
fetch('https://investigations.us-east-1.prod.alienvault.cloud/investigations/v3/investigations/{investigationId}/attachments/{attachmentId}/download',
{
method: 'GET',
headers: headers
})
.then(function(res) {
return res.json();
}).then(function(body) {
console.log(body);
});
require 'rest-client'
require 'json'
headers = {
'Accept' => 'application/octet-stream',
'Authorization' => 'Bearer {id-token}'
}
result = RestClient.get 'https://investigations.us-east-1.prod.alienvault.cloud/investigations/v3/investigations/{investigationId}/attachments/{attachmentId}/download',
params: {
}, headers: headers
p JSON.parse(result)
import requests
headers = {
'Accept': 'application/octet-stream',
'Authorization': 'Bearer {id-token}'
}
r = requests.get('https://investigations.us-east-1.prod.alienvault.cloud/investigations/v3/investigations/{investigationId}/attachments/{attachmentId}/download', headers = headers)
print(r.json())
<?php
require 'vendor/autoload.php';
$headers = array(
'Accept' => 'application/octet-stream',
'Authorization' => 'Bearer {id-token}',
);
$client = new \GuzzleHttp\Client();
// Define array of request body.
$request_body = array();
try {
$response = $client->request('GET','https://investigations.us-east-1.prod.alienvault.cloud/investigations/v3/investigations/{investigationId}/attachments/{attachmentId}/download', array(
'headers' => $headers,
'json' => $request_body,
)
);
print_r($response->getBody()->getContents());
}
catch (\GuzzleHttp\Exception\BadResponseException $e) {
// handle exception or api errors.
print_r($e->getMessage());
}
// ...
URL obj = new URL("https://investigations.us-east-1.prod.alienvault.cloud/investigations/v3/investigations/{investigationId}/attachments/{attachmentId}/download");
HttpURLConnection con = (HttpURLConnection) obj.openConnection();
con.setRequestMethod("GET");
int responseCode = con.getResponseCode();
BufferedReader in = new BufferedReader(
new InputStreamReader(con.getInputStream()));
String inputLine;
StringBuffer response = new StringBuffer();
while ((inputLine = in.readLine()) != null) {
response.append(inputLine);
}
in.close();
System.out.println(response.toString());
package main
import (
"bytes"
"net/http"
)
func main() {
headers := map[string][]string{
"Accept": []string{"application/octet-stream"},
"Authorization": []string{"Bearer {id-token}"},
}
data := bytes.NewBuffer([]byte{jsonReq})
req, err := http.NewRequest("GET", "https://investigations.us-east-1.prod.alienvault.cloud/investigations/v3/investigations/{investigationId}/attachments/{attachmentId}/download", data)
req.Header = headers
client := &http.Client{}
resp, err := client.Do(req)
// ...
}
- Downloads the binary attachment with the associated investigation ID.
GET /investigations/{investigationId}/attachments/{attachmentId}/download
Parameters
Name | In | Type | Required | Description |
---|---|---|---|---|
investigationId | path | string(uuid) | true | The unique identifier of an investigation. |
attachmentId | path | string(uuid) | true | The unique identifier of an attachment. |
Example responses
200 Response
400 Response
{
"errorId": "string",
"message": "string",
"variables": [
"string"
],
"errorUrl": "http://example.com"
}
Responses
Status | Meaning | Description | Schema |
---|---|---|---|
200 | OK | OK | string |
400 | Bad Request | Bad Request - Many possible reasons associated with the request (form, content, etc.). Do not resubmit this request unchanged. | errorBody |
401 | Unauthorized | Unauthorized - Authentication failed or was not provided in the Authorization header. | None |
403 | Forbidden | Forbidden - The client has insufficient permissions to access the resource. | None |
404 | Not Found | Not Found - The server has not found anything matching the Request-URI. No indication is given of whether the condition is temporary or permanent. | None |
406 | Not Acceptable | Not Acceptable - The value specified for the Accept header in the request is not supported. Acceptable value is "application/octet-stream". | None |
429 | Too Many Requests | Too Many Requests | None |
500 | Internal Server Error | Internal Sever Error - The server encountered an internal error or timed out. Please try again later. | None |
503 | Service Unavailable | Service Unavailable - The server is currently unable to receive requests. Please try again later. | None |
Evidence
List Evidence
Code samples
# You can also use wget
curl -X GET https://investigations.us-east-1.prod.alienvault.cloud/investigations/v3/investigations/{investigationId}/evidence \
-H 'Accept: application/json' \
-H 'Authorization: Bearer {id-token}'
GET https://investigations.us-east-1.prod.alienvault.cloud/investigations/v3/investigations/{investigationId}/evidence HTTP/1.1
Host: investigations.us-east-1.prod.alienvault.cloud
Accept: application/json
const headers = {
'Accept':'application/json',
'Authorization':'Bearer {id-token}'
};
fetch('https://investigations.us-east-1.prod.alienvault.cloud/investigations/v3/investigations/{investigationId}/evidence',
{
method: 'GET',
headers: headers
})
.then(function(res) {
return res.json();
}).then(function(body) {
console.log(body);
});
require 'rest-client'
require 'json'
headers = {
'Accept' => 'application/json',
'Authorization' => 'Bearer {id-token}'
}
result = RestClient.get 'https://investigations.us-east-1.prod.alienvault.cloud/investigations/v3/investigations/{investigationId}/evidence',
params: {
}, headers: headers
p JSON.parse(result)
import requests
headers = {
'Accept': 'application/json',
'Authorization': 'Bearer {id-token}'
}
r = requests.get('https://investigations.us-east-1.prod.alienvault.cloud/investigations/v3/investigations/{investigationId}/evidence', headers = headers)
print(r.json())
<?php
require 'vendor/autoload.php';
$headers = array(
'Accept' => 'application/json',
'Authorization' => 'Bearer {id-token}',
);
$client = new \GuzzleHttp\Client();
// Define array of request body.
$request_body = array();
try {
$response = $client->request('GET','https://investigations.us-east-1.prod.alienvault.cloud/investigations/v3/investigations/{investigationId}/evidence', array(
'headers' => $headers,
'json' => $request_body,
)
);
print_r($response->getBody()->getContents());
}
catch (\GuzzleHttp\Exception\BadResponseException $e) {
// handle exception or api errors.
print_r($e->getMessage());
}
// ...
URL obj = new URL("https://investigations.us-east-1.prod.alienvault.cloud/investigations/v3/investigations/{investigationId}/evidence");
HttpURLConnection con = (HttpURLConnection) obj.openConnection();
con.setRequestMethod("GET");
int responseCode = con.getResponseCode();
BufferedReader in = new BufferedReader(
new InputStreamReader(con.getInputStream()));
String inputLine;
StringBuffer response = new StringBuffer();
while ((inputLine = in.readLine()) != null) {
response.append(inputLine);
}
in.close();
System.out.println(response.toString());
package main
import (
"bytes"
"net/http"
)
func main() {
headers := map[string][]string{
"Accept": []string{"application/json"},
"Authorization": []string{"Bearer {id-token}"},
}
data := bytes.NewBuffer([]byte{jsonReq})
req, err := http.NewRequest("GET", "https://investigations.us-east-1.prod.alienvault.cloud/investigations/v3/investigations/{investigationId}/evidence", data)
req.Header = headers
client := &http.Client{}
resp, err := client.Do(req)
// ...
}
- Returns a list of evidence associated with an investigation.
GET /investigations/{investigationId}/evidence
Parameters
Name | In | Type | Required | Description |
---|---|---|---|---|
investigationId | path | string(uuid) | true | The unique identifier of an investigation. |
Example responses
200 Response
{
"_links": {
"self": {
"href": "http://example.com"
}
},
"evidence": [
{
"_links": {
"self": {
"href": "http://example.com"
}
},
"id": "497f6eca-6276-4993-bfeb-53cbbbba6f08",
"urn": "string",
"summary": "string",
"created": {
"by": "user@example.com",
"on": "2019-08-24T14:15:22Z"
}
}
]
}
Responses
Status | Meaning | Description | Schema |
---|---|---|---|
200 | OK | OK | Inline |
400 | Bad Request | Bad Request - Many possible reasons associated with the request (form, content, etc.). Do not resubmit this request unchanged. | errorBody |
401 | Unauthorized | Unauthorized - Authentication failed or was not provided in the Authorization header. | None |
403 | Forbidden | Forbidden - The client has insufficient permissions to access the resource. | None |
404 | Not Found | Not Found - The server has not found anything matching the Request-URI. No indication is given of whether the condition is temporary or permanent. | None |
406 | Not Acceptable | Not Acceptable - The value specified for the Accept header in the request is not supported. Acceptable value is "application/json". | None |
429 | Too Many Requests | Too Many Requests | None |
500 | Internal Server Error | Internal Sever Error - The server encountered an internal error or timed out. Please try again later. | None |
503 | Service Unavailable | Service Unavailable - The server is currently unable to receive requests. Please try again later. | None |
Add Evidence
Code samples
# You can also use wget
curl -X POST https://investigations.us-east-1.prod.alienvault.cloud/investigations/v3/investigations/{investigationId}/evidence \
-H 'Content-Type: application/json' \
-H 'Accept: application/json' \
-H 'Authorization: Bearer {id-token}'
POST https://investigations.us-east-1.prod.alienvault.cloud/investigations/v3/investigations/{investigationId}/evidence HTTP/1.1
Host: investigations.us-east-1.prod.alienvault.cloud
Content-Type: application/json
Accept: application/json
const inputBody = '{
"urn": "string",
"summary": "string"
}';
const headers = {
'Content-Type':'application/json',
'Accept':'application/json',
'Authorization':'Bearer {id-token}'
};
fetch('https://investigations.us-east-1.prod.alienvault.cloud/investigations/v3/investigations/{investigationId}/evidence',
{
method: 'POST',
body: inputBody,
headers: headers
})
.then(function(res) {
return res.json();
}).then(function(body) {
console.log(body);
});
require 'rest-client'
require 'json'
headers = {
'Content-Type' => 'application/json',
'Accept' => 'application/json',
'Authorization' => 'Bearer {id-token}'
}
result = RestClient.post 'https://investigations.us-east-1.prod.alienvault.cloud/investigations/v3/investigations/{investigationId}/evidence',
params: {
}, headers: headers
p JSON.parse(result)
import requests
headers = {
'Content-Type': 'application/json',
'Accept': 'application/json',
'Authorization': 'Bearer {id-token}'
}
r = requests.post('https://investigations.us-east-1.prod.alienvault.cloud/investigations/v3/investigations/{investigationId}/evidence', headers = headers)
print(r.json())
<?php
require 'vendor/autoload.php';
$headers = array(
'Content-Type' => 'application/json',
'Accept' => 'application/json',
'Authorization' => 'Bearer {id-token}',
);
$client = new \GuzzleHttp\Client();
// Define array of request body.
$request_body = array();
try {
$response = $client->request('POST','https://investigations.us-east-1.prod.alienvault.cloud/investigations/v3/investigations/{investigationId}/evidence', array(
'headers' => $headers,
'json' => $request_body,
)
);
print_r($response->getBody()->getContents());
}
catch (\GuzzleHttp\Exception\BadResponseException $e) {
// handle exception or api errors.
print_r($e->getMessage());
}
// ...
URL obj = new URL("https://investigations.us-east-1.prod.alienvault.cloud/investigations/v3/investigations/{investigationId}/evidence");
HttpURLConnection con = (HttpURLConnection) obj.openConnection();
con.setRequestMethod("POST");
int responseCode = con.getResponseCode();
BufferedReader in = new BufferedReader(
new InputStreamReader(con.getInputStream()));
String inputLine;
StringBuffer response = new StringBuffer();
while ((inputLine = in.readLine()) != null) {
response.append(inputLine);
}
in.close();
System.out.println(response.toString());
package main
import (
"bytes"
"net/http"
)
func main() {
headers := map[string][]string{
"Content-Type": []string{"application/json"},
"Accept": []string{"application/json"},
"Authorization": []string{"Bearer {id-token}"},
}
data := bytes.NewBuffer([]byte{jsonReq})
req, err := http.NewRequest("POST", "https://investigations.us-east-1.prod.alienvault.cloud/investigations/v3/investigations/{investigationId}/evidence", data)
req.Header = headers
client := &http.Client{}
resp, err := client.Do(req)
// ...
}
- Adds a piece of evidence to an investigation.
POST /investigations/{investigationId}/evidence
Body parameter
{
"urn": "string",
"summary": "string"
}
Parameters
Name | In | Type | Required | Description |
---|---|---|---|---|
body | body | pEvidence | false | The POST body is information about the evidence to associate with the investigation. |
investigationId | path | string(uuid) | true | The unique identifier of an investigation. |
Example responses
201 Response
{
"_links": {
"self": {
"href": "http://example.com"
}
},
"id": "497f6eca-6276-4993-bfeb-53cbbbba6f08",
"urn": "string",
"summary": "string",
"created": {
"by": "user@example.com",
"on": "2019-08-24T14:15:22Z"
}
}
Responses
Status | Meaning | Description | Schema |
---|---|---|---|
201 | Created | CREATED | gEvidence |
400 | Bad Request | Bad Request - Many possible reasons associated with the request (form, content, etc.). Do not resubmit this request unchanged. | errorBody |
401 | Unauthorized | Unauthorized - Authentication failed or was not provided in the Authorization header. | None |
403 | Forbidden | Forbidden - The client has insufficient permissions to access the resource. | None |
404 | Not Found | Not Found - The server has not found anything matching the Request-URI. No indication is given of whether the condition is temporary or permanent. | None |
406 | Not Acceptable | Not Acceptable - The value specified for the Accept header in the request is not supported. Acceptable value is "application/json". | None |
411 | Length Required | Length Required - The Content-Length header was not specified. | None |
415 | Unsupported Media Type | Unsupported Media Type - The value specified for the Content-Type header in the request is not supported. Acceptable value is "application/json". | None |
429 | Too Many Requests | Too Many Requests | None |
500 | Internal Server Error | Internal Sever Error - The server encountered an internal error or timed out. Please try again later. | None |
503 | Service Unavailable | Service Unavailable - The server is currently unable to receive requests. Please try again later. | None |
Download Evidence
Code samples
# You can also use wget
curl -X GET https://investigations.us-east-1.prod.alienvault.cloud/investigations/v3/investigations/{investigationId}/evidence/{evidenceId} \
-H 'Accept: application/json' \
-H 'Authorization: Bearer {id-token}'
GET https://investigations.us-east-1.prod.alienvault.cloud/investigations/v3/investigations/{investigationId}/evidence/{evidenceId} HTTP/1.1
Host: investigations.us-east-1.prod.alienvault.cloud
Accept: application/json
const headers = {
'Accept':'application/json',
'Authorization':'Bearer {id-token}'
};
fetch('https://investigations.us-east-1.prod.alienvault.cloud/investigations/v3/investigations/{investigationId}/evidence/{evidenceId}',
{
method: 'GET',
headers: headers
})
.then(function(res) {
return res.json();
}).then(function(body) {
console.log(body);
});
require 'rest-client'
require 'json'
headers = {
'Accept' => 'application/json',
'Authorization' => 'Bearer {id-token}'
}
result = RestClient.get 'https://investigations.us-east-1.prod.alienvault.cloud/investigations/v3/investigations/{investigationId}/evidence/{evidenceId}',
params: {
}, headers: headers
p JSON.parse(result)
import requests
headers = {
'Accept': 'application/json',
'Authorization': 'Bearer {id-token}'
}
r = requests.get('https://investigations.us-east-1.prod.alienvault.cloud/investigations/v3/investigations/{investigationId}/evidence/{evidenceId}', headers = headers)
print(r.json())
<?php
require 'vendor/autoload.php';
$headers = array(
'Accept' => 'application/json',
'Authorization' => 'Bearer {id-token}',
);
$client = new \GuzzleHttp\Client();
// Define array of request body.
$request_body = array();
try {
$response = $client->request('GET','https://investigations.us-east-1.prod.alienvault.cloud/investigations/v3/investigations/{investigationId}/evidence/{evidenceId}', array(
'headers' => $headers,
'json' => $request_body,
)
);
print_r($response->getBody()->getContents());
}
catch (\GuzzleHttp\Exception\BadResponseException $e) {
// handle exception or api errors.
print_r($e->getMessage());
}
// ...
URL obj = new URL("https://investigations.us-east-1.prod.alienvault.cloud/investigations/v3/investigations/{investigationId}/evidence/{evidenceId}");
HttpURLConnection con = (HttpURLConnection) obj.openConnection();
con.setRequestMethod("GET");
int responseCode = con.getResponseCode();
BufferedReader in = new BufferedReader(
new InputStreamReader(con.getInputStream()));
String inputLine;
StringBuffer response = new StringBuffer();
while ((inputLine = in.readLine()) != null) {
response.append(inputLine);
}
in.close();
System.out.println(response.toString());
package main
import (
"bytes"
"net/http"
)
func main() {
headers := map[string][]string{
"Accept": []string{"application/json"},
"Authorization": []string{"Bearer {id-token}"},
}
data := bytes.NewBuffer([]byte{jsonReq})
req, err := http.NewRequest("GET", "https://investigations.us-east-1.prod.alienvault.cloud/investigations/v3/investigations/{investigationId}/evidence/{evidenceId}", data)
req.Header = headers
client := &http.Client{}
resp, err := client.Do(req)
// ...
}
- Returns a piece of evidence associated with an investigation.
GET /investigations/{investigationId}/evidence/{evidenceId}
Parameters
Name | In | Type | Required | Description |
---|---|---|---|---|
investigationId | path | string(uuid) | true | The unique identifier of an investigation. |
evidenceId | path | string(uuid) | true | The unique identifier of an evidence. |
Example responses
200 Response
{
"_links": {
"self": {
"href": "http://example.com"
}
},
"id": "497f6eca-6276-4993-bfeb-53cbbbba6f08",
"urn": "string",
"summary": "string",
"created": {
"by": "user@example.com",
"on": "2019-08-24T14:15:22Z"
}
}
Responses
Status | Meaning | Description | Schema |
---|---|---|---|
200 | OK | OK | gEvidence |
400 | Bad Request | Bad Request - Many possible reasons associated with the request (form, content, etc.). Do not resubmit this request unchanged. | errorBody |
401 | Unauthorized | Unauthorized - Authentication failed or was not provided in the Authorization header. | None |
403 | Forbidden | Forbidden - The client has insufficient permissions to access the resource. | None |
404 | Not Found | Not Found - The server has not found anything matching the Request-URI. No indication is given of whether the condition is temporary or permanent. | None |
406 | Not Acceptable | Not Acceptable - The value specified for the Accept header in the request is not supported. Acceptable value is "application/json". | None |
429 | Too Many Requests | Too Many Requests | None |
500 | Internal Server Error | Internal Sever Error - The server encountered an internal error or timed out. Please try again later. | None |
503 | Service Unavailable | Service Unavailable - The server is currently unable to receive requests. Please try again later. | None |
Remove Evidence
Code samples
# You can also use wget
curl -X DELETE https://investigations.us-east-1.prod.alienvault.cloud/investigations/v3/investigations/{investigationId}/evidence/{evidenceId} \
-H 'Accept: application/json' \
-H 'Authorization: Bearer {id-token}'
DELETE https://investigations.us-east-1.prod.alienvault.cloud/investigations/v3/investigations/{investigationId}/evidence/{evidenceId} HTTP/1.1
Host: investigations.us-east-1.prod.alienvault.cloud
Accept: application/json
const headers = {
'Accept':'application/json',
'Authorization':'Bearer {id-token}'
};
fetch('https://investigations.us-east-1.prod.alienvault.cloud/investigations/v3/investigations/{investigationId}/evidence/{evidenceId}',
{
method: 'DELETE',
headers: headers
})
.then(function(res) {
return res.json();
}).then(function(body) {
console.log(body);
});
require 'rest-client'
require 'json'
headers = {
'Accept' => 'application/json',
'Authorization' => 'Bearer {id-token}'
}
result = RestClient.delete 'https://investigations.us-east-1.prod.alienvault.cloud/investigations/v3/investigations/{investigationId}/evidence/{evidenceId}',
params: {
}, headers: headers
p JSON.parse(result)
import requests
headers = {
'Accept': 'application/json',
'Authorization': 'Bearer {id-token}'
}
r = requests.delete('https://investigations.us-east-1.prod.alienvault.cloud/investigations/v3/investigations/{investigationId}/evidence/{evidenceId}', headers = headers)
print(r.json())
<?php
require 'vendor/autoload.php';
$headers = array(
'Accept' => 'application/json',
'Authorization' => 'Bearer {id-token}',
);
$client = new \GuzzleHttp\Client();
// Define array of request body.
$request_body = array();
try {
$response = $client->request('DELETE','https://investigations.us-east-1.prod.alienvault.cloud/investigations/v3/investigations/{investigationId}/evidence/{evidenceId}', array(
'headers' => $headers,
'json' => $request_body,
)
);
print_r($response->getBody()->getContents());
}
catch (\GuzzleHttp\Exception\BadResponseException $e) {
// handle exception or api errors.
print_r($e->getMessage());
}
// ...
URL obj = new URL("https://investigations.us-east-1.prod.alienvault.cloud/investigations/v3/investigations/{investigationId}/evidence/{evidenceId}");
HttpURLConnection con = (HttpURLConnection) obj.openConnection();
con.setRequestMethod("DELETE");
int responseCode = con.getResponseCode();
BufferedReader in = new BufferedReader(
new InputStreamReader(con.getInputStream()));
String inputLine;
StringBuffer response = new StringBuffer();
while ((inputLine = in.readLine()) != null) {
response.append(inputLine);
}
in.close();
System.out.println(response.toString());
package main
import (
"bytes"
"net/http"
)
func main() {
headers := map[string][]string{
"Accept": []string{"application/json"},
"Authorization": []string{"Bearer {id-token}"},
}
data := bytes.NewBuffer([]byte{jsonReq})
req, err := http.NewRequest("DELETE", "https://investigations.us-east-1.prod.alienvault.cloud/investigations/v3/investigations/{investigationId}/evidence/{evidenceId}", data)
req.Header = headers
client := &http.Client{}
resp, err := client.Do(req)
// ...
}
- Removes a piece of evidence from an investigation.
DELETE /investigations/{investigationId}/evidence/{evidenceId}
Parameters
Name | In | Type | Required | Description |
---|---|---|---|---|
investigationId | path | string(uuid) | true | The unique identifier of an investigation. |
evidenceId | path | string(uuid) | true | The unique identifier of an evidence. |
Example responses
400 Response
{
"errorId": "string",
"message": "string",
"variables": [
"string"
],
"errorUrl": "http://example.com"
}
Responses
Status | Meaning | Description | Schema |
---|---|---|---|
204 | No Content | No Content | None |
400 | Bad Request | Bad Request - Many possible reasons associated with the request (form, content, etc.). Do not resubmit this request unchanged. | errorBody |
401 | Unauthorized | Unauthorized - Authentication failed or was not provided in the Authorization header. | None |
403 | Forbidden | Forbidden - The client has insufficient permissions to access the resource. | None |
404 | Not Found | Not Found - The server has not found anything matching the Request-URI. No indication is given of whether the condition is temporary or permanent. | None |
429 | Too Many Requests | Too Many Requests | None |
431 | Request Header Fields Too Large | Request Header Fields Too Large - either an individual header or the headers as a whole. | None |
500 | Internal Server Error | Internal Sever Error - The server encountered an internal error or timed out. Please try again later. | None |
503 | Service Unavailable | Service Unavailable - The server is currently unable to receive requests. Please try again later. | None |
History
List Changes
Code samples
# You can also use wget
curl -X GET https://investigations.us-east-1.prod.alienvault.cloud/investigations/v3/investigations/{investigationId}/history \
-H 'Accept: application/json' \
-H 'Authorization: Bearer {id-token}'
GET https://investigations.us-east-1.prod.alienvault.cloud/investigations/v3/investigations/{investigationId}/history HTTP/1.1
Host: investigations.us-east-1.prod.alienvault.cloud
Accept: application/json
const headers = {
'Accept':'application/json',
'Authorization':'Bearer {id-token}'
};
fetch('https://investigations.us-east-1.prod.alienvault.cloud/investigations/v3/investigations/{investigationId}/history',
{
method: 'GET',
headers: headers
})
.then(function(res) {
return res.json();
}).then(function(body) {
console.log(body);
});
require 'rest-client'
require 'json'
headers = {
'Accept' => 'application/json',
'Authorization' => 'Bearer {id-token}'
}
result = RestClient.get 'https://investigations.us-east-1.prod.alienvault.cloud/investigations/v3/investigations/{investigationId}/history',
params: {
}, headers: headers
p JSON.parse(result)
import requests
headers = {
'Accept': 'application/json',
'Authorization': 'Bearer {id-token}'
}
r = requests.get('https://investigations.us-east-1.prod.alienvault.cloud/investigations/v3/investigations/{investigationId}/history', headers = headers)
print(r.json())
<?php
require 'vendor/autoload.php';
$headers = array(
'Accept' => 'application/json',
'Authorization' => 'Bearer {id-token}',
);
$client = new \GuzzleHttp\Client();
// Define array of request body.
$request_body = array();
try {
$response = $client->request('GET','https://investigations.us-east-1.prod.alienvault.cloud/investigations/v3/investigations/{investigationId}/history', array(
'headers' => $headers,
'json' => $request_body,
)
);
print_r($response->getBody()->getContents());
}
catch (\GuzzleHttp\Exception\BadResponseException $e) {
// handle exception or api errors.
print_r($e->getMessage());
}
// ...
URL obj = new URL("https://investigations.us-east-1.prod.alienvault.cloud/investigations/v3/investigations/{investigationId}/history");
HttpURLConnection con = (HttpURLConnection) obj.openConnection();
con.setRequestMethod("GET");
int responseCode = con.getResponseCode();
BufferedReader in = new BufferedReader(
new InputStreamReader(con.getInputStream()));
String inputLine;
StringBuffer response = new StringBuffer();
while ((inputLine = in.readLine()) != null) {
response.append(inputLine);
}
in.close();
System.out.println(response.toString());
package main
import (
"bytes"
"net/http"
)
func main() {
headers := map[string][]string{
"Accept": []string{"application/json"},
"Authorization": []string{"Bearer {id-token}"},
}
data := bytes.NewBuffer([]byte{jsonReq})
req, err := http.NewRequest("GET", "https://investigations.us-east-1.prod.alienvault.cloud/investigations/v3/investigations/{investigationId}/history", data)
req.Header = headers
client := &http.Client{}
resp, err := client.Do(req)
// ...
}
- Returns the change history of an investiation.
GET /investigations/{investigationId}/history
Parameters
Name | In | Type | Required | Description |
---|---|---|---|---|
investigationId | path | string(uuid) | true | The unique identifier of an investigation. |
Example responses
200 Response
{
"_links": {
"self": {
"href": "http://example.com"
}
},
"history": [
{
"id": "497f6eca-6276-4993-bfeb-53cbbbba6f08",
"modified": {
"by": "user@example.com",
"on": "2019-08-24T14:15:22Z"
},
"target": {
"type": "investigation",
"id": "497f6eca-6276-4993-bfeb-53cbbbba6f08"
},
"action": "Created"
}
]
}
Responses
Status | Meaning | Description | Schema |
---|---|---|---|
200 | OK | OK | Inline |
400 | Bad Request | Bad Request - Many possible reasons associated with the request (form, content, etc.). Do not resubmit this request unchanged. | errorBody |
401 | Unauthorized | Unauthorized - Authentication failed or was not provided in the Authorization header. | None |
403 | Forbidden | Forbidden - The client has insufficient permissions to access the resource. | None |
404 | Not Found | Not Found - The server has not found anything matching the Request-URI. No indication is given of whether the condition is temporary or permanent. | None |
406 | Not Acceptable | Not Acceptable - The value specified for the Accept header in the request is not supported. Acceptable value is "application/json". | None |
429 | Too Many Requests | Too Many Requests | None |
500 | Internal Server Error | Internal Sever Error - The server encountered an internal error or timed out. Please try again later. | None |
503 | Service Unavailable | Service Unavailable - The server is currently unable to receive requests. Please try again later. | None |
Investigations
List Investigations
Code samples
# You can also use wget
curl -X GET https://investigations.us-east-1.prod.alienvault.cloud/investigations/v3/investigations \
-H 'Accept: application/json' \
-H 'X-ATT-MessageId: 497f6eca-6276-4993-bfeb-53cbbbba6f08' \
-H 'Authorization: Bearer {id-token}'
GET https://investigations.us-east-1.prod.alienvault.cloud/investigations/v3/investigations HTTP/1.1
Host: investigations.us-east-1.prod.alienvault.cloud
Accept: application/json
X-ATT-MessageId: 497f6eca-6276-4993-bfeb-53cbbbba6f08
const headers = {
'Accept':'application/json',
'X-ATT-MessageId':'497f6eca-6276-4993-bfeb-53cbbbba6f08',
'Authorization':'Bearer {id-token}'
};
fetch('https://investigations.us-east-1.prod.alienvault.cloud/investigations/v3/investigations',
{
method: 'GET',
headers: headers
})
.then(function(res) {
return res.json();
}).then(function(body) {
console.log(body);
});
require 'rest-client'
require 'json'
headers = {
'Accept' => 'application/json',
'X-ATT-MessageId' => '497f6eca-6276-4993-bfeb-53cbbbba6f08',
'Authorization' => 'Bearer {id-token}'
}
result = RestClient.get 'https://investigations.us-east-1.prod.alienvault.cloud/investigations/v3/investigations',
params: {
}, headers: headers
p JSON.parse(result)
import requests
headers = {
'Accept': 'application/json',
'X-ATT-MessageId': '497f6eca-6276-4993-bfeb-53cbbbba6f08',
'Authorization': 'Bearer {id-token}'
}
r = requests.get('https://investigations.us-east-1.prod.alienvault.cloud/investigations/v3/investigations', headers = headers)
print(r.json())
<?php
require 'vendor/autoload.php';
$headers = array(
'Accept' => 'application/json',
'X-ATT-MessageId' => '497f6eca-6276-4993-bfeb-53cbbbba6f08',
'Authorization' => 'Bearer {id-token}',
);
$client = new \GuzzleHttp\Client();
// Define array of request body.
$request_body = array();
try {
$response = $client->request('GET','https://investigations.us-east-1.prod.alienvault.cloud/investigations/v3/investigations', array(
'headers' => $headers,
'json' => $request_body,
)
);
print_r($response->getBody()->getContents());
}
catch (\GuzzleHttp\Exception\BadResponseException $e) {
// handle exception or api errors.
print_r($e->getMessage());
}
// ...
URL obj = new URL("https://investigations.us-east-1.prod.alienvault.cloud/investigations/v3/investigations");
HttpURLConnection con = (HttpURLConnection) obj.openConnection();
con.setRequestMethod("GET");
int responseCode = con.getResponseCode();
BufferedReader in = new BufferedReader(
new InputStreamReader(con.getInputStream()));
String inputLine;
StringBuffer response = new StringBuffer();
while ((inputLine = in.readLine()) != null) {
response.append(inputLine);
}
in.close();
System.out.println(response.toString());
package main
import (
"bytes"
"net/http"
)
func main() {
headers := map[string][]string{
"Accept": []string{"application/json"},
"X-ATT-MessageId": []string{"497f6eca-6276-4993-bfeb-53cbbbba6f08"},
"Authorization": []string{"Bearer {id-token}"},
}
data := bytes.NewBuffer([]byte{jsonReq})
req, err := http.NewRequest("GET", "https://investigations.us-east-1.prod.alienvault.cloud/investigations/v3/investigations", data)
req.Header = headers
client := &http.Client{}
resp, err := client.Do(req)
// ...
}
- Returns the list of investigations. Pagination and querying available.
GET /investigations
Parameters
Name | In | Type | Required | Description |
---|---|---|---|---|
X-ATT-MessageId | header | string(uuid) | false | A client-provided value that uniquely identifies a client generated message sent to the service. This header will be reflected back unchanged in the response. |
fields | query | string | false | In GET operations, a consumer application may want selected attributes of a representation. Although the consumer can ignore attributes it doesn’t utilize, transferring the attributes wastes bandwidth and time. Hence, for performance reasons, the consumer wants only the attributes it uses. |
page | query | integer | false | The number of the page being requested starting with 1 |
perPage | query | integer | false | An integer that describes the number of objects contained in a page. The maximum page size is {TBD}. If a number greater than this is specified, the server will use the maximum page size instead. |
q | query | string | false | RSQL query string |
Example responses
OK
{
"_links": {
"self": {
"href": "https://investigations.us-east-1.prod.alienvault.cloud/investigations/v3/investigations?deployments=cn%3A%2F%2Fasecurityteam.alienvault.cloud&page=2&perPage=3"
},
"prev": {
"href": "https://investigations.us-east-1.prod.alienvault.cloud/investigations/v3/investigations?deployments=cn%3A%2F%2Fasecurityteam.alienvault.cloud&page=1&perPage=3"
},
"next": {
"href": "https://investigations.us-east-1.prod.alienvault.cloud/investigations/v3/investigations?deployments=cn%3A%2F%2Fasecurityteam.alienvault.cloud&page=3&perPage=3"
},
"first": {
"href": "https://investigations.us-east-1.prod.alienvault.cloud/investigations/v3/investigations?deployments=cn%3A%2F%2Fasecurityteam.alienvault.cloud&page=1&perPage=3"
},
"last": {
"href": "https://investigations.us-east-1.prod.alienvault.cloud/investigations/v3/investigations?deployments=cn%3A%2F%2Fasecurityteam.alienvault.cloud&page=5&perPage=3"
}
},
"page": {
"size": 3,
"totalElements": 13,
"totalPages": 5,
"number": 2
},
"investigations": [
{
"_links": {
"self": {
"href": "https://investigations.us-east-1.prod.alienvault.cloud/investigations/v3/investigations/2033c597-97d2-49f4-b3b6-c9079d46c0f2"
},
"attachments": {
"href": "https://investigations.us-east-1.prod.alienvault.cloud/investigations/v3/investigations/2033c597-97d2-49f4-b3b6-c9079d46c0f2/attachments"
},
"evidence": {
"href": "https://investigations.us-east-1.prod.alienvault.cloud/investigations/v3/investigations/2033c597-97d2-49f4-b3b6-c9079d46c0f2/evidence"
},
"history": {
"href": "https://investigations.us-east-1.prod.alienvault.cloud/investigations/v3/investigations/2033c597-97d2-49f4-b3b6-c9079d46c0f2/history"
},
"notes": {
"href": "https://investigations.us-east-1.prod.alienvault.cloud/investigations/v3/investigations/2033c597-97d2-49f4-b3b6-c9079d46c0f2/notes"
}
},
"_embedded": {
"attachments": {
"elements": 1
},
"evidence": {
"elements": 6
},
"notes": {
"elements": 3
},
"history": {
"elements": 21
}
},
"id": "2033c597-97d2-49f4-b3b6-c9079d46c0f2",
"i3": "INV-201811-22-0023",
"title": "A weird error",
"description": "I found this strange error in my logs. It could be serious.",
"deployment": "cn://asecurityteam.alienvault.cloud",
"private": false,
"severity": "Medium",
"intent": "Reconnaissance & Probing",
"status": "Open",
"assignedTo": "ace@some.mssp.com",
"created": {
"by": "user@asecurityteam.com",
"on": "2018-11-07T15:38:52.132Z"
},
"lastModified": {
"by": "user@asecurityteam.com",
"on": "2018-11-07T15:38:52.132Z"
}
},
{
"_links": {
"self": {
"href": "https://investigations.us-east-1.prod.alienvault.cloud/investigations/v3/investigations/1b51359b-5b0b-4fa5-a045-4e40dfd1df58"
},
"attachments": {
"href": "https://investigations.us-east-1.prod.alienvault.cloud/investigations/v3/investigations/1b51359b-5b0b-4fa5-a045-4e40dfd1df58/attachments"
},
"evidence": {
"href": "https://investigations.us-east-1.prod.alienvault.cloud/investigations/v3/investigations/1b51359b-5b0b-4fa5-a045-4e40dfd1df58/evidence"
},
"history": {
"href": "https://investigations.us-east-1.prod.alienvault.cloud/investigations/v3/investigations/1b51359b-5b0b-4fa5-a045-4e40dfd1df58/history"
},
"notes": {
"href": "https://investigations.us-east-1.prod.alienvault.cloud/investigations/v3/investigations/1b51359b-5b0b-4fa5-a045-4e40dfd1df58/notes"
}
},
"_embedded": {
"attachments": {
"elements": 0
},
"evidence": {
"elements": 1
},
"notes": {
"elements": 1
},
"history": {
"elements": 5
}
},
"id": "1b51359b-5b0b-4fa5-a045-4e40dfd1df58",
"i3": "INV-201811-22-0021",
"title": "Something to investigate",
"description": "We should probably look into this.",
"deployment": "cn://asecurityteam.alienvault.cloud",
"private": false,
"severity": "Low",
"intent": "Environmental Awareness",
"status": "In Review",
"assignedTo": "user@asecurityteam.com",
"created": {
"by": "user@asecurityteam.com",
"on": "2018-11-06T10:18:33.765Z"
},
"lastModified": {
"by": "user@asecurityteam.com",
"on": "2018-11-07T09:11:32.445Z"
}
},
{
"_links": {
"self": {
"href": "https://investigations.us-east-1.prod.alienvault.cloud/investigations/v3/investigations/e0e5c3e8-7702-464d-941a-57caea765d2d"
},
"attachments": {
"href": "https://investigations.us-east-1.prod.alienvault.cloud/investigations/v3/investigations/e0e5c3e8-7702-464d-941a-57caea765d2d/attachments"
},
"evidence": {
"href": "https://investigations.us-east-1.prod.alienvault.cloud/investigations/v3/investigations/e0e5c3e8-7702-464d-941a-57caea765d2d/evidence"
},
"history": {
"href": "https://investigations.us-east-1.prod.alienvault.cloud/investigations/v3/investigations/e0e5c3e8-7702-464d-941a-57caea765d2d/history"
},
"notes": {
"href": "https://investigations.us-east-1.prod.alienvault.cloud/investigations/v3/investigations/e0e5c3e8-7702-464d-941a-57caea765d2d/notes"
}
},
"_embedded": {
"attachments": {
"elements": 0
},
"evidence": {
"elements": 13
},
"notes": {
"elements": 41
},
"history": {
"elements": 127
}
},
"id": "e0e5c3e8-7702-464d-941a-57caea765d2d",
"i3": "INV-201811-22-0019",
"title": "FIX THIS NOW!",
"description": "A critical flaw in our security that needs IMMEDIATE attention!",
"deployment": "cn://asecurityteam.alienvault.cloud",
"private": false,
"severity": "Critical",
"intent": "Delivery & Attack",
"status": "Closed",
"assignedTo": "ace@some.mssp.com",
"created": {
"by": "user@asecurityteam.com",
"on": "2018-11-07T14:55:02.132Z"
},
"lastModified": {
"by": "ace@some.mssp.com",
"on": "2018-11-07T14:59:02.132Z"
}
}
],
"_embedded": {}
}
400 Response
{
"errorId": "string",
"message": "string",
"variables": [
"string"
],
"errorUrl": "http://example.com"
}
Responses
Status | Meaning | Description | Schema |
---|---|---|---|
200 | OK | OK | Inline |
400 | Bad Request | Bad Request - Many possible reasons associated with the request (form, content, etc.). Do not resubmit this request unchanged. | errorBody |
401 | Unauthorized | Unauthorized - Authentication failed or was not provided in the Authorization header. | None |
403 | Forbidden | Forbidden - The client has insufficient permissions to access the resource. | None |
406 | Not Acceptable | Not Acceptable - The value specified for the Accept header in the request is not supported. Acceptable value is "application/json". | None |
429 | Too Many Requests | Too Many Requests | None |
500 | Internal Server Error | Internal Sever Error - The server encountered an internal error or timed out. Please try again later. | None |
503 | Service Unavailable | Service Unavailable - The server is currently unable to receive requests. Please try again later. | None |
Create an Investigation
Code samples
# You can also use wget
curl -X POST https://investigations.us-east-1.prod.alienvault.cloud/investigations/v3/investigations \
-H 'Content-Type: application/json' \
-H 'Accept: application/json' \
-H 'X-ATT-MessageId: 497f6eca-6276-4993-bfeb-53cbbbba6f08' \
-H 'Authorization: Bearer {id-token}'
POST https://investigations.us-east-1.prod.alienvault.cloud/investigations/v3/investigations HTTP/1.1
Host: investigations.us-east-1.prod.alienvault.cloud
Content-Type: application/json
Accept: application/json
X-ATT-MessageId: 497f6eca-6276-4993-bfeb-53cbbbba6f08
const inputBody = '{
"title": "A weird error",
"description": "I found this strange error in my logs. It could be serious.",
"deployment": "cn://asecurityteam.alienvault.cloud",
"severity": "Medium",
"status": "Open",
"intent": "Reconnaissance & Probing"
}';
const headers = {
'Content-Type':'application/json',
'Accept':'application/json',
'X-ATT-MessageId':'497f6eca-6276-4993-bfeb-53cbbbba6f08',
'Authorization':'Bearer {id-token}'
};
fetch('https://investigations.us-east-1.prod.alienvault.cloud/investigations/v3/investigations',
{
method: 'POST',
body: inputBody,
headers: headers
})
.then(function(res) {
return res.json();
}).then(function(body) {
console.log(body);
});
require 'rest-client'
require 'json'
headers = {
'Content-Type' => 'application/json',
'Accept' => 'application/json',
'X-ATT-MessageId' => '497f6eca-6276-4993-bfeb-53cbbbba6f08',
'Authorization' => 'Bearer {id-token}'
}
result = RestClient.post 'https://investigations.us-east-1.prod.alienvault.cloud/investigations/v3/investigations',
params: {
}, headers: headers
p JSON.parse(result)
import requests
headers = {
'Content-Type': 'application/json',
'Accept': 'application/json',
'X-ATT-MessageId': '497f6eca-6276-4993-bfeb-53cbbbba6f08',
'Authorization': 'Bearer {id-token}'
}
r = requests.post('https://investigations.us-east-1.prod.alienvault.cloud/investigations/v3/investigations', headers = headers)
print(r.json())
<?php
require 'vendor/autoload.php';
$headers = array(
'Content-Type' => 'application/json',
'Accept' => 'application/json',
'X-ATT-MessageId' => '497f6eca-6276-4993-bfeb-53cbbbba6f08',
'Authorization' => 'Bearer {id-token}',
);
$client = new \GuzzleHttp\Client();
// Define array of request body.
$request_body = array();
try {
$response = $client->request('POST','https://investigations.us-east-1.prod.alienvault.cloud/investigations/v3/investigations', array(
'headers' => $headers,
'json' => $request_body,
)
);
print_r($response->getBody()->getContents());
}
catch (\GuzzleHttp\Exception\BadResponseException $e) {
// handle exception or api errors.
print_r($e->getMessage());
}
// ...
URL obj = new URL("https://investigations.us-east-1.prod.alienvault.cloud/investigations/v3/investigations");
HttpURLConnection con = (HttpURLConnection) obj.openConnection();
con.setRequestMethod("POST");
int responseCode = con.getResponseCode();
BufferedReader in = new BufferedReader(
new InputStreamReader(con.getInputStream()));
String inputLine;
StringBuffer response = new StringBuffer();
while ((inputLine = in.readLine()) != null) {
response.append(inputLine);
}
in.close();
System.out.println(response.toString());
package main
import (
"bytes"
"net/http"
)
func main() {
headers := map[string][]string{
"Content-Type": []string{"application/json"},
"Accept": []string{"application/json"},
"X-ATT-MessageId": []string{"497f6eca-6276-4993-bfeb-53cbbbba6f08"},
"Authorization": []string{"Bearer {id-token}"},
}
data := bytes.NewBuffer([]byte{jsonReq})
req, err := http.NewRequest("POST", "https://investigations.us-east-1.prod.alienvault.cloud/investigations/v3/investigations", data)
req.Header = headers
client := &http.Client{}
resp, err := client.Do(req)
// ...
}
- Creates a new investigation potentially with alarms and events information.
POST /investigations
Body parameter
{
"title": "A weird error",
"description": "I found this strange error in my logs. It could be serious.",
"deployment": "cn://asecurityteam.alienvault.cloud",
"severity": "Medium",
"status": "Open",
"intent": "Reconnaissance & Probing"
}
Parameters
Name | In | Type | Required | Description |
---|---|---|---|---|
X-ATT-MessageId | header | string(uuid) | false | A client-provided value that uniquely identifies a client generated message sent to the service. This header will be reflected back unchanged in the response. |
body | body | pInvestigation | false | The POST body is the Investigaiton object to create. |
Example responses
CREATED
{
"_links": {
"self": {
"href": "https://investigations.us-east-1.prod.alienvault.cloud/investigations/v3/investigations/2033c597-97d2-49f4-b3b6-c9079d46c0f2"
},
"attachments": {
"href": "https://investigations.us-east-1.prod.alienvault.cloud/investigations/v3/investigations/2033c597-97d2-49f4-b3b6-c9079d46c0f2/attachments"
},
"evidence": {
"href": "https://investigations.us-east-1.prod.alienvault.cloud/investigations/v3/investigations/2033c597-97d2-49f4-b3b6-c9079d46c0f2/evidence"
},
"history": {
"href": "https://investigations.us-east-1.prod.alienvault.cloud/investigations/v3/investigations/2033c597-97d2-49f4-b3b6-c9079d46c0f2/history"
},
"notes": {
"href": "https://investigations.us-east-1.prod.alienvault.cloud/investigations/v3/investigations/2033c597-97d2-49f4-b3b6-c9079d46c0f2/notes"
}
},
"_embedded": {
"attachments": {
"elements": 1
},
"evidence": {
"elements": 6
},
"notes": {
"elements": 3
},
"history": {
"elements": 21
}
},
"id": "2033c597-97d2-49f4-b3b6-c9079d46c0f2",
"i3": "INV-201811-22-0023",
"title": "A weird error",
"description": "I found this strange error in my logs. It could be serious.",
"deployment": "cn://asecurityteam.alienvault.cloud",
"private": false,
"severity": "Medium",
"intent": "Reconnaissance & Probing",
"status": "Open",
"assignedTo": "ace@some.mssp.com",
"created": {
"by": "user@asecurityteam.com",
"on": "2018-11-07T15:38:52.132Z"
},
"lastModified": {
"by": "user@asecurityteam.com",
"on": "2018-11-07T15:38:52.132Z"
}
}
400 Response
{
"errorId": "string",
"message": "string",
"variables": [
"string"
],
"errorUrl": "http://example.com"
}
Responses
Status | Meaning | Description | Schema |
---|---|---|---|
201 | Created | CREATED | gInvestigation |
400 | Bad Request | Bad Request - Many possible reasons associated with the request (form, content, etc.). Do not resubmit this request unchanged. | errorBody |
401 | Unauthorized | Unauthorized - Authentication failed or was not provided in the Authorization header. | None |
403 | Forbidden | Forbidden - The client has insufficient permissions to access the resource. | None |
406 | Not Acceptable | Not Acceptable - The value specified for the Accept header in the request is not supported. Acceptable value is "application/json". | None |
411 | Length Required | Length Required - The Content-Length header was not specified. | None |
415 | Unsupported Media Type | Unsupported Media Type - The value specified for the Content-Type header in the request is not supported. Acceptable value is "application/json". | None |
429 | Too Many Requests | Too Many Requests | None |
500 | Internal Server Error | Internal Sever Error - The server encountered an internal error or timed out. Please try again later. | None |
503 | Service Unavailable | Service Unavailable - The server is currently unable to receive requests. Please try again later. | None |
Download an Investigation
Code samples
# You can also use wget
curl -X GET https://investigations.us-east-1.prod.alienvault.cloud/investigations/v3/investigations/{investigationId} \
-H 'Accept: application/json' \
-H 'X-ATT-MessageId: 497f6eca-6276-4993-bfeb-53cbbbba6f08' \
-H 'Authorization: Bearer {id-token}'
GET https://investigations.us-east-1.prod.alienvault.cloud/investigations/v3/investigations/{investigationId} HTTP/1.1
Host: investigations.us-east-1.prod.alienvault.cloud
Accept: application/json
X-ATT-MessageId: 497f6eca-6276-4993-bfeb-53cbbbba6f08
const headers = {
'Accept':'application/json',
'X-ATT-MessageId':'497f6eca-6276-4993-bfeb-53cbbbba6f08',
'Authorization':'Bearer {id-token}'
};
fetch('https://investigations.us-east-1.prod.alienvault.cloud/investigations/v3/investigations/{investigationId}',
{
method: 'GET',
headers: headers
})
.then(function(res) {
return res.json();
}).then(function(body) {
console.log(body);
});
require 'rest-client'
require 'json'
headers = {
'Accept' => 'application/json',
'X-ATT-MessageId' => '497f6eca-6276-4993-bfeb-53cbbbba6f08',
'Authorization' => 'Bearer {id-token}'
}
result = RestClient.get 'https://investigations.us-east-1.prod.alienvault.cloud/investigations/v3/investigations/{investigationId}',
params: {
}, headers: headers
p JSON.parse(result)
import requests
headers = {
'Accept': 'application/json',
'X-ATT-MessageId': '497f6eca-6276-4993-bfeb-53cbbbba6f08',
'Authorization': 'Bearer {id-token}'
}
r = requests.get('https://investigations.us-east-1.prod.alienvault.cloud/investigations/v3/investigations/{investigationId}', headers = headers)
print(r.json())
<?php
require 'vendor/autoload.php';
$headers = array(
'Accept' => 'application/json',
'X-ATT-MessageId' => '497f6eca-6276-4993-bfeb-53cbbbba6f08',
'Authorization' => 'Bearer {id-token}',
);
$client = new \GuzzleHttp\Client();
// Define array of request body.
$request_body = array();
try {
$response = $client->request('GET','https://investigations.us-east-1.prod.alienvault.cloud/investigations/v3/investigations/{investigationId}', array(
'headers' => $headers,
'json' => $request_body,
)
);
print_r($response->getBody()->getContents());
}
catch (\GuzzleHttp\Exception\BadResponseException $e) {
// handle exception or api errors.
print_r($e->getMessage());
}
// ...
URL obj = new URL("https://investigations.us-east-1.prod.alienvault.cloud/investigations/v3/investigations/{investigationId}");
HttpURLConnection con = (HttpURLConnection) obj.openConnection();
con.setRequestMethod("GET");
int responseCode = con.getResponseCode();
BufferedReader in = new BufferedReader(
new InputStreamReader(con.getInputStream()));
String inputLine;
StringBuffer response = new StringBuffer();
while ((inputLine = in.readLine()) != null) {
response.append(inputLine);
}
in.close();
System.out.println(response.toString());
package main
import (
"bytes"
"net/http"
)
func main() {
headers := map[string][]string{
"Accept": []string{"application/json"},
"X-ATT-MessageId": []string{"497f6eca-6276-4993-bfeb-53cbbbba6f08"},
"Authorization": []string{"Bearer {id-token}"},
}
data := bytes.NewBuffer([]byte{jsonReq})
req, err := http.NewRequest("GET", "https://investigations.us-east-1.prod.alienvault.cloud/investigations/v3/investigations/{investigationId}", data)
req.Header = headers
client := &http.Client{}
resp, err := client.Do(req)
// ...
}
- Returns an investiation.
GET /investigations/{investigationId}
Parameters
Name | In | Type | Required | Description |
---|---|---|---|---|
X-ATT-MessageId | header | string(uuid) | false | A client-provided value that uniquely identifies a client generated message sent to the service. This header will be reflected back unchanged in the response. |
investigationId | path | string(uuid) | true | The unique identifier of an investigation. |
Example responses
OK
{
"_links": {
"self": {
"href": "https://investigations.us-east-1.prod.alienvault.cloud/investigations/v3/investigations/2033c597-97d2-49f4-b3b6-c9079d46c0f2"
},
"attachments": {
"href": "https://investigations.us-east-1.prod.alienvault.cloud/investigations/v3/investigations/2033c597-97d2-49f4-b3b6-c9079d46c0f2/attachments"
},
"evidence": {
"href": "https://investigations.us-east-1.prod.alienvault.cloud/investigations/v3/investigations/2033c597-97d2-49f4-b3b6-c9079d46c0f2/evidence"
},
"history": {
"href": "https://investigations.us-east-1.prod.alienvault.cloud/investigations/v3/investigations/2033c597-97d2-49f4-b3b6-c9079d46c0f2/history"
},
"notes": {
"href": "https://investigations.us-east-1.prod.alienvault.cloud/investigations/v3/investigations/2033c597-97d2-49f4-b3b6-c9079d46c0f2/notes"
}
},
"_embedded": {
"attachments": {
"elements": 1
},
"evidence": {
"elements": 6
},
"notes": {
"elements": 3
},
"history": {
"elements": 21
}
},
"id": "2033c597-97d2-49f4-b3b6-c9079d46c0f2",
"i3": "INV-201811-22-0023",
"title": "A weird error",
"description": "I found this strange error in my logs. It could be serious.",
"deployment": "cn://asecurityteam.alienvault.cloud",
"private": false,
"severity": "Medium",
"intent": "Reconnaissance & Probing",
"status": "Open",
"assignedTo": "ace@some.mssp.com",
"created": {
"by": "user@asecurityteam.com",
"on": "2018-11-07T15:38:52.132Z"
},
"lastModified": {
"by": "user@asecurityteam.com",
"on": "2018-11-07T15:38:52.132Z"
}
}
400 Response
{
"errorId": "string",
"message": "string",
"variables": [
"string"
],
"errorUrl": "http://example.com"
}
Responses
Status | Meaning | Description | Schema |
---|---|---|---|
200 | OK | OK | gInvestigation |
400 | Bad Request | Bad Request - Many possible reasons associated with the request (form, content, etc.). Do not resubmit this request unchanged. | errorBody |
401 | Unauthorized | Unauthorized - Authentication failed or was not provided in the Authorization header. | None |
403 | Forbidden | Forbidden - The client has insufficient permissions to access the resource. | None |
404 | Not Found | Not Found - The server has not found anything matching the Request-URI. No indication is given of whether the condition is temporary or permanent. | None |
406 | Not Acceptable | Not Acceptable - The value specified for the Accept header in the request is not supported. Acceptable value is "application/json". | None |
429 | Too Many Requests | Too Many Requests | None |
500 | Internal Server Error | Internal Sever Error - The server encountered an internal error or timed out. Please try again later. | None |
503 | Service Unavailable | Service Unavailable - The server is currently unable to receive requests. Please try again later. | None |
Delete an Investigation
Code samples
# You can also use wget
curl -X DELETE https://investigations.us-east-1.prod.alienvault.cloud/investigations/v3/investigations/{investigationId} \
-H 'Accept: application/json' \
-H 'Authorization: Bearer {id-token}'
DELETE https://investigations.us-east-1.prod.alienvault.cloud/investigations/v3/investigations/{investigationId} HTTP/1.1
Host: investigations.us-east-1.prod.alienvault.cloud
Accept: application/json
const headers = {
'Accept':'application/json',
'Authorization':'Bearer {id-token}'
};
fetch('https://investigations.us-east-1.prod.alienvault.cloud/investigations/v3/investigations/{investigationId}',
{
method: 'DELETE',
headers: headers
})
.then(function(res) {
return res.json();
}).then(function(body) {
console.log(body);
});
require 'rest-client'
require 'json'
headers = {
'Accept' => 'application/json',
'Authorization' => 'Bearer {id-token}'
}
result = RestClient.delete 'https://investigations.us-east-1.prod.alienvault.cloud/investigations/v3/investigations/{investigationId}',
params: {
}, headers: headers
p JSON.parse(result)
import requests
headers = {
'Accept': 'application/json',
'Authorization': 'Bearer {id-token}'
}
r = requests.delete('https://investigations.us-east-1.prod.alienvault.cloud/investigations/v3/investigations/{investigationId}', headers = headers)
print(r.json())
<?php
require 'vendor/autoload.php';
$headers = array(
'Accept' => 'application/json',
'Authorization' => 'Bearer {id-token}',
);
$client = new \GuzzleHttp\Client();
// Define array of request body.
$request_body = array();
try {
$response = $client->request('DELETE','https://investigations.us-east-1.prod.alienvault.cloud/investigations/v3/investigations/{investigationId}', array(
'headers' => $headers,
'json' => $request_body,
)
);
print_r($response->getBody()->getContents());
}
catch (\GuzzleHttp\Exception\BadResponseException $e) {
// handle exception or api errors.
print_r($e->getMessage());
}
// ...
URL obj = new URL("https://investigations.us-east-1.prod.alienvault.cloud/investigations/v3/investigations/{investigationId}");
HttpURLConnection con = (HttpURLConnection) obj.openConnection();
con.setRequestMethod("DELETE");
int responseCode = con.getResponseCode();
BufferedReader in = new BufferedReader(
new InputStreamReader(con.getInputStream()));
String inputLine;
StringBuffer response = new StringBuffer();
while ((inputLine = in.readLine()) != null) {
response.append(inputLine);
}
in.close();
System.out.println(response.toString());
package main
import (
"bytes"
"net/http"
)
func main() {
headers := map[string][]string{
"Accept": []string{"application/json"},
"Authorization": []string{"Bearer {id-token}"},
}
data := bytes.NewBuffer([]byte{jsonReq})
req, err := http.NewRequest("DELETE", "https://investigations.us-east-1.prod.alienvault.cloud/investigations/v3/investigations/{investigationId}", data)
req.Header = headers
client := &http.Client{}
resp, err := client.Do(req)
// ...
}
- Removes an investigation and all of the associated sub-resources.
DELETE /investigations/{investigationId}
Parameters
Name | In | Type | Required | Description |
---|---|---|---|---|
investigationId | path | string(uuid) | true | The unique identifier of an investigation. |
Example responses
400 Response
{
"errorId": "string",
"message": "string",
"variables": [
"string"
],
"errorUrl": "http://example.com"
}
Responses
Status | Meaning | Description | Schema |
---|---|---|---|
204 | No Content | No Content | None |
400 | Bad Request | Bad Request - Many possible reasons associated with the request (form, content, etc.). Do not resubmit this request unchanged. | errorBody |
401 | Unauthorized | Unauthorized - Authentication failed or was not provided in the Authorization header. | None |
403 | Forbidden | Forbidden - The client has insufficient permissions to access the resource. | None |
404 | Not Found | Not Found - The server has not found anything matching the Request-URI. No indication is given of whether the condition is temporary or permanent. | None |
429 | Too Many Requests | Too Many Requests | None |
431 | Request Header Fields Too Large | Request Header Fields Too Large - either an individual header or the headers as a whole. | None |
500 | Internal Server Error | Internal Sever Error - The server encountered an internal error or timed out. Please try again later. | None |
503 | Service Unavailable | Service Unavailable - The server is currently unable to receive requests. Please try again later. | None |
Modify an Investigation
Code samples
# You can also use wget
curl -X PUT https://investigations.us-east-1.prod.alienvault.cloud/investigations/v3/investigations/{investigationId} \
-H 'Content-Type: application/json' \
-H 'Accept: application/json' \
-H 'Authorization: Bearer {id-token}'
PUT https://investigations.us-east-1.prod.alienvault.cloud/investigations/v3/investigations/{investigationId} HTTP/1.1
Host: investigations.us-east-1.prod.alienvault.cloud
Content-Type: application/json
Accept: application/json
const inputBody = '{
"title": "A weird error",
"description": "I found this strange error in my logs. It could be serious.",
"deployment": "cn://asecurityteam.alienvault.cloud",
"severity": "Medium",
"status": "Open",
"intent": "Reconnaissance & Probing"
}';
const headers = {
'Content-Type':'application/json',
'Accept':'application/json',
'Authorization':'Bearer {id-token}'
};
fetch('https://investigations.us-east-1.prod.alienvault.cloud/investigations/v3/investigations/{investigationId}',
{
method: 'PUT',
body: inputBody,
headers: headers
})
.then(function(res) {
return res.json();
}).then(function(body) {
console.log(body);
});
require 'rest-client'
require 'json'
headers = {
'Content-Type' => 'application/json',
'Accept' => 'application/json',
'Authorization' => 'Bearer {id-token}'
}
result = RestClient.put 'https://investigations.us-east-1.prod.alienvault.cloud/investigations/v3/investigations/{investigationId}',
params: {
}, headers: headers
p JSON.parse(result)
import requests
headers = {
'Content-Type': 'application/json',
'Accept': 'application/json',
'Authorization': 'Bearer {id-token}'
}
r = requests.put('https://investigations.us-east-1.prod.alienvault.cloud/investigations/v3/investigations/{investigationId}', headers = headers)
print(r.json())
<?php
require 'vendor/autoload.php';
$headers = array(
'Content-Type' => 'application/json',
'Accept' => 'application/json',
'Authorization' => 'Bearer {id-token}',
);
$client = new \GuzzleHttp\Client();
// Define array of request body.
$request_body = array();
try {
$response = $client->request('PUT','https://investigations.us-east-1.prod.alienvault.cloud/investigations/v3/investigations/{investigationId}', array(
'headers' => $headers,
'json' => $request_body,
)
);
print_r($response->getBody()->getContents());
}
catch (\GuzzleHttp\Exception\BadResponseException $e) {
// handle exception or api errors.
print_r($e->getMessage());
}
// ...
URL obj = new URL("https://investigations.us-east-1.prod.alienvault.cloud/investigations/v3/investigations/{investigationId}");
HttpURLConnection con = (HttpURLConnection) obj.openConnection();
con.setRequestMethod("PUT");
int responseCode = con.getResponseCode();
BufferedReader in = new BufferedReader(
new InputStreamReader(con.getInputStream()));
String inputLine;
StringBuffer response = new StringBuffer();
while ((inputLine = in.readLine()) != null) {
response.append(inputLine);
}
in.close();
System.out.println(response.toString());
package main
import (
"bytes"
"net/http"
)
func main() {
headers := map[string][]string{
"Content-Type": []string{"application/json"},
"Accept": []string{"application/json"},
"Authorization": []string{"Bearer {id-token}"},
}
data := bytes.NewBuffer([]byte{jsonReq})
req, err := http.NewRequest("PUT", "https://investigations.us-east-1.prod.alienvault.cloud/investigations/v3/investigations/{investigationId}", data)
req.Header = headers
client := &http.Client{}
resp, err := client.Do(req)
// ...
}
- Modifies the properties of an investigation.
PUT /investigations/{investigationId}
Body parameter
{
"title": "A weird error",
"description": "I found this strange error in my logs. It could be serious.",
"deployment": "cn://asecurityteam.alienvault.cloud",
"severity": "Medium",
"status": "Open",
"intent": "Reconnaissance & Probing"
}
Parameters
Name | In | Type | Required | Description |
---|---|---|---|---|
body | body | pInvestigation | false | needs some words |
investigationId | path | string(uuid) | true | The unique identifier of an investigation. |
Example responses
OK
{
"_links": {
"self": {
"href": "https://investigations.us-east-1.prod.alienvault.cloud/investigations/v3/investigations/2033c597-97d2-49f4-b3b6-c9079d46c0f2"
},
"attachments": {
"href": "https://investigations.us-east-1.prod.alienvault.cloud/investigations/v3/investigations/2033c597-97d2-49f4-b3b6-c9079d46c0f2/attachments"
},
"evidence": {
"href": "https://investigations.us-east-1.prod.alienvault.cloud/investigations/v3/investigations/2033c597-97d2-49f4-b3b6-c9079d46c0f2/evidence"
},
"history": {
"href": "https://investigations.us-east-1.prod.alienvault.cloud/investigations/v3/investigations/2033c597-97d2-49f4-b3b6-c9079d46c0f2/history"
},
"notes": {
"href": "https://investigations.us-east-1.prod.alienvault.cloud/investigations/v3/investigations/2033c597-97d2-49f4-b3b6-c9079d46c0f2/notes"
}
},
"_embedded": {
"attachments": {
"elements": 1
},
"evidence": {
"elements": 6
},
"notes": {
"elements": 3
},
"history": {
"elements": 21
}
},
"id": "2033c597-97d2-49f4-b3b6-c9079d46c0f2",
"i3": "INV-201811-22-0023",
"title": "A weird error",
"description": "I found this strange error in my logs. It could be serious.",
"deployment": "cn://asecurityteam.alienvault.cloud",
"private": false,
"severity": "Medium",
"intent": "Reconnaissance & Probing",
"status": "Open",
"assignedTo": "ace@some.mssp.com",
"created": {
"by": "user@asecurityteam.com",
"on": "2018-11-07T15:38:52.132Z"
},
"lastModified": {
"by": "user@asecurityteam.com",
"on": "2018-11-07T15:38:52.132Z"
}
}
400 Response
{
"errorId": "string",
"message": "string",
"variables": [
"string"
],
"errorUrl": "http://example.com"
}
Responses
Status | Meaning | Description | Schema |
---|---|---|---|
200 | OK | OK | gInvestigation |
400 | Bad Request | Bad Request - Many possible reasons associated with the request (form, content, etc.). Do not resubmit this request unchanged. | errorBody |
401 | Unauthorized | Unauthorized - Authentication failed or was not provided in the Authorization header. | None |
403 | Forbidden | Forbidden - The client has insufficient permissions to access the resource. | None |
404 | Not Found | Not Found - The server has not found anything matching the Request-URI. No indication is given of whether the condition is temporary or permanent. | None |
406 | Not Acceptable | Not Acceptable - The value specified for the Accept header in the request is not supported. Acceptable value is "application/json". | None |
411 | Length Required | Length Required - The Content-Length header was not specified. | None |
415 | Unsupported Media Type | Unsupported Media Type - The value specified for the Content-Type header in the request is not supported. Acceptable value is "application/json". | None |
429 | Too Many Requests | Too Many Requests | None |
431 | Request Header Fields Too Large | Request Header Fields Too Large - either an individual header or the headers as a whole. | None |
500 | Internal Server Error | Internal Sever Error - The server encountered an internal error or timed out. Please try again later. | None |
503 | Service Unavailable | Service Unavailable - The server is currently unable to receive requests. Please try again later. | None |
Notes
List Notes
Code samples
# You can also use wget
curl -X GET https://investigations.us-east-1.prod.alienvault.cloud/investigations/v3/investigations/{investigationId}/notes \
-H 'Accept: application/json' \
-H 'Authorization: Bearer {id-token}'
GET https://investigations.us-east-1.prod.alienvault.cloud/investigations/v3/investigations/{investigationId}/notes HTTP/1.1
Host: investigations.us-east-1.prod.alienvault.cloud
Accept: application/json
const headers = {
'Accept':'application/json',
'Authorization':'Bearer {id-token}'
};
fetch('https://investigations.us-east-1.prod.alienvault.cloud/investigations/v3/investigations/{investigationId}/notes',
{
method: 'GET',
headers: headers
})
.then(function(res) {
return res.json();
}).then(function(body) {
console.log(body);
});
require 'rest-client'
require 'json'
headers = {
'Accept' => 'application/json',
'Authorization' => 'Bearer {id-token}'
}
result = RestClient.get 'https://investigations.us-east-1.prod.alienvault.cloud/investigations/v3/investigations/{investigationId}/notes',
params: {
}, headers: headers
p JSON.parse(result)
import requests
headers = {
'Accept': 'application/json',
'Authorization': 'Bearer {id-token}'
}
r = requests.get('https://investigations.us-east-1.prod.alienvault.cloud/investigations/v3/investigations/{investigationId}/notes', headers = headers)
print(r.json())
<?php
require 'vendor/autoload.php';
$headers = array(
'Accept' => 'application/json',
'Authorization' => 'Bearer {id-token}',
);
$client = new \GuzzleHttp\Client();
// Define array of request body.
$request_body = array();
try {
$response = $client->request('GET','https://investigations.us-east-1.prod.alienvault.cloud/investigations/v3/investigations/{investigationId}/notes', array(
'headers' => $headers,
'json' => $request_body,
)
);
print_r($response->getBody()->getContents());
}
catch (\GuzzleHttp\Exception\BadResponseException $e) {
// handle exception or api errors.
print_r($e->getMessage());
}
// ...
URL obj = new URL("https://investigations.us-east-1.prod.alienvault.cloud/investigations/v3/investigations/{investigationId}/notes");
HttpURLConnection con = (HttpURLConnection) obj.openConnection();
con.setRequestMethod("GET");
int responseCode = con.getResponseCode();
BufferedReader in = new BufferedReader(
new InputStreamReader(con.getInputStream()));
String inputLine;
StringBuffer response = new StringBuffer();
while ((inputLine = in.readLine()) != null) {
response.append(inputLine);
}
in.close();
System.out.println(response.toString());
package main
import (
"bytes"
"net/http"
)
func main() {
headers := map[string][]string{
"Accept": []string{"application/json"},
"Authorization": []string{"Bearer {id-token}"},
}
data := bytes.NewBuffer([]byte{jsonReq})
req, err := http.NewRequest("GET", "https://investigations.us-east-1.prod.alienvault.cloud/investigations/v3/investigations/{investigationId}/notes", data)
req.Header = headers
client := &http.Client{}
resp, err := client.Do(req)
// ...
}
- Returns a list of notes associated with an investigation.
GET /investigations/{investigationId}/notes
Parameters
Name | In | Type | Required | Description |
---|---|---|---|---|
investigationId | path | string(uuid) | true | The unique identifier of an investigation. |
Example responses
OK
{
"_links": {
"self": {
"href": "https://investigations.us-east-1.prod.alienvault.cloud/investigations/v3/investigations/2033c597-97d2-49f4-b3b6-c9079d46c0f2/notes?page=1&perPage=3"
},
"next": {
"href": "https://investigations.us-east-1.prod.alienvault.cloud/investigations/v3/investigations/2033c597-97d2-49f4-b3b6-c9079d46c0f2/notes?page=2&perPage=3"
},
"last": {
"href": "https://investigations.us-east-1.prod.alienvault.cloud/investigations/v3/investigations/2033c597-97d2-49f4-b3b6-c9079d46c0f2/notes?page=6&perPage=3"
}
},
"notes": [
{
"_links": {
"self": {
"href": "https://investigations.us-east-1.prod.alienvault.cloud/investigations/v3/investigations/2033c597-97d2-49f4-b3b6-c9079d46c0f2/notes/bc1c5197-c195-49a6-b3df-9662b8684dce"
}
},
"id": "bc1c5197-c195-49a6-b3df-9662b8684dce",
"message": "The user must have clicked the wrong button.",
"private": true,
"created": {
"by": "ace@some.mssp.com",
"on": "2018-11-07T17:02:42.981Z"
},
"lastModified": {
"by": "updater@some.mssp.com",
"on": "2018-11-07T17:03:02.491Z"
}
},
{
"_links": {
"self": {
"href": "https://investigations.us-east-1.prod.alienvault.cloud/investigations/v3/investigations/2033c597-97d2-49f4-b3b6-c9079d46c0f2/notes/88ed6265-ceea-44b9-86c0-fb9e6be8614e"
}
},
"id": "88ed6265-ceea-44b9-86c0-fb9e6be8614e",
"message": "What did this guy do?",
"private": true,
"created": {
"by": "ace@some.mssp.com",
"on": "2018-11-07T15:49:43.023Z"
},
"lastModified": {
"by": "ace@some.mssp.com",
"on": "2018-11-07T15:49:43.023Z"
}
},
{
"_links": {
"self": {
"href": "https://investigations.us-east-1.prod.alienvault.cloud/investigations/v3/investigations/2033c597-97d2-49f4-b3b6-c9079d46c0f2/notes/c6c60d38-d304-4d68-9601-a22d08854401"
}
},
"id": "c6c60d38-d304-4d68-9601-a22d08854401",
"message": "This is an interesting event that we should research more.",
"private": false,
"created": {
"by": "user@asecurityteam.com",
"on": "2018-11-07T15:39:22.531Z"
},
"lastModified": {
"by": "user@asecurityteam.com",
"on": "2018-11-07T15:39:22.531Z"
}
}
]
}
400 Response
{
"errorId": "string",
"message": "string",
"variables": [
"string"
],
"errorUrl": "http://example.com"
}
Responses
Status | Meaning | Description | Schema |
---|---|---|---|
200 | OK | OK | Inline |
400 | Bad Request | Bad Request - Many possible reasons associated with the request (form, content, etc.). Do not resubmit this request unchanged. | errorBody |
401 | Unauthorized | Unauthorized - Authentication failed or was not provided in the Authorization header. | None |
403 | Forbidden | Forbidden - The client has insufficient permissions to access the resource. | None |
404 | Not Found | Not Found - The server has not found anything matching the Request-URI. No indication is given of whether the condition is temporary or permanent. | None |
406 | Not Acceptable | Not Acceptable - The value specified for the Accept header in the request is not supported. Acceptable value is "application/json". | None |
429 | Too Many Requests | Too Many Requests | None |
500 | Internal Server Error | Internal Sever Error - The server encountered an internal error or timed out. Please try again later. | None |
503 | Service Unavailable | Service Unavailable - The server is currently unable to receive requests. Please try again later. | None |
Create a Note
Code samples
# You can also use wget
curl -X POST https://investigations.us-east-1.prod.alienvault.cloud/investigations/v3/investigations/{investigationId}/notes \
-H 'Content-Type: application/json' \
-H 'Accept: application/json' \
-H 'Authorization: Bearer {id-token}'
POST https://investigations.us-east-1.prod.alienvault.cloud/investigations/v3/investigations/{investigationId}/notes HTTP/1.1
Host: investigations.us-east-1.prod.alienvault.cloud
Content-Type: application/json
Accept: application/json
const inputBody = '{
"message": "string",
"private": true
}';
const headers = {
'Content-Type':'application/json',
'Accept':'application/json',
'Authorization':'Bearer {id-token}'
};
fetch('https://investigations.us-east-1.prod.alienvault.cloud/investigations/v3/investigations/{investigationId}/notes',
{
method: 'POST',
body: inputBody,
headers: headers
})
.then(function(res) {
return res.json();
}).then(function(body) {
console.log(body);
});
require 'rest-client'
require 'json'
headers = {
'Content-Type' => 'application/json',
'Accept' => 'application/json',
'Authorization' => 'Bearer {id-token}'
}
result = RestClient.post 'https://investigations.us-east-1.prod.alienvault.cloud/investigations/v3/investigations/{investigationId}/notes',
params: {
}, headers: headers
p JSON.parse(result)
import requests
headers = {
'Content-Type': 'application/json',
'Accept': 'application/json',
'Authorization': 'Bearer {id-token}'
}
r = requests.post('https://investigations.us-east-1.prod.alienvault.cloud/investigations/v3/investigations/{investigationId}/notes', headers = headers)
print(r.json())
<?php
require 'vendor/autoload.php';
$headers = array(
'Content-Type' => 'application/json',
'Accept' => 'application/json',
'Authorization' => 'Bearer {id-token}',
);
$client = new \GuzzleHttp\Client();
// Define array of request body.
$request_body = array();
try {
$response = $client->request('POST','https://investigations.us-east-1.prod.alienvault.cloud/investigations/v3/investigations/{investigationId}/notes', array(
'headers' => $headers,
'json' => $request_body,
)
);
print_r($response->getBody()->getContents());
}
catch (\GuzzleHttp\Exception\BadResponseException $e) {
// handle exception or api errors.
print_r($e->getMessage());
}
// ...
URL obj = new URL("https://investigations.us-east-1.prod.alienvault.cloud/investigations/v3/investigations/{investigationId}/notes");
HttpURLConnection con = (HttpURLConnection) obj.openConnection();
con.setRequestMethod("POST");
int responseCode = con.getResponseCode();
BufferedReader in = new BufferedReader(
new InputStreamReader(con.getInputStream()));
String inputLine;
StringBuffer response = new StringBuffer();
while ((inputLine = in.readLine()) != null) {
response.append(inputLine);
}
in.close();
System.out.println(response.toString());
package main
import (
"bytes"
"net/http"
)
func main() {
headers := map[string][]string{
"Content-Type": []string{"application/json"},
"Accept": []string{"application/json"},
"Authorization": []string{"Bearer {id-token}"},
}
data := bytes.NewBuffer([]byte{jsonReq})
req, err := http.NewRequest("POST", "https://investigations.us-east-1.prod.alienvault.cloud/investigations/v3/investigations/{investigationId}/notes", data)
req.Header = headers
client := &http.Client{}
resp, err := client.Do(req)
// ...
}
- Creates a note for an investigation.
POST /investigations/{investigationId}/notes
Body parameter
{
"message": "string",
"private": true
}
Parameters
Name | In | Type | Required | Description |
---|---|---|---|---|
body | body | pNote | false | The POST body is the note to create. |
investigationId | path | string(uuid) | true | The unique identifier of an investigation. |
Example responses
CREATED
{
"_links": {
"self": {
"href": "https://investigations.us-east-1.prod.alienvault.cloud/investigations/v3/investigations/2033c597-97d2-49f4-b3b6-c9079d46c0f2/notes/bc1c5197-c195-49a6-b3df-9662b8684dce"
}
},
"id": "bc1c5197-c195-49a6-b3df-9662b8684dce",
"message": "The user must have clicked the wrong button.",
"private": true,
"created": {
"by": "ace@some.mssp.com",
"on": "2018-11-07T17:02:42.981Z"
},
"lastModified": {
"by": "updater@alienvault.com",
"on": "2018-11-07T17:03:02.981Z"
}
}
400 Response
{
"errorId": "string",
"message": "string",
"variables": [
"string"
],
"errorUrl": "http://example.com"
}
Responses
Status | Meaning | Description | Schema |
---|---|---|---|
201 | Created | CREATED | gNote |
400 | Bad Request | Bad Request - Many possible reasons associated with the request (form, content, etc.). Do not resubmit this request unchanged. | errorBody |
401 | Unauthorized | Unauthorized - Authentication failed or was not provided in the Authorization header. | None |
403 | Forbidden | Forbidden - The client has insufficient permissions to access the resource. | None |
404 | Not Found | Not Found - The server has not found anything matching the Request-URI. No indication is given of whether the condition is temporary or permanent. | None |
406 | Not Acceptable | Not Acceptable - The value specified for the Accept header in the request is not supported. Acceptable value is "application/json". | None |
411 | Length Required | Length Required - The Content-Length header was not specified. | None |
415 | Unsupported Media Type | Unsupported Media Type - The value specified for the Content-Type header in the request is not supported. Acceptable value is "application/json". | None |
429 | Too Many Requests | Too Many Requests | None |
500 | Internal Server Error | Internal Sever Error - The server encountered an internal error or timed out. Please try again later. | None |
503 | Service Unavailable | Service Unavailable - The server is currently unable to receive requests. Please try again later. | None |
Download a Note
Code samples
# You can also use wget
curl -X GET https://investigations.us-east-1.prod.alienvault.cloud/investigations/v3/investigations/{investigationId}/notes/{noteId} \
-H 'Accept: application/json' \
-H 'Authorization: Bearer {id-token}'
GET https://investigations.us-east-1.prod.alienvault.cloud/investigations/v3/investigations/{investigationId}/notes/{noteId} HTTP/1.1
Host: investigations.us-east-1.prod.alienvault.cloud
Accept: application/json
const headers = {
'Accept':'application/json',
'Authorization':'Bearer {id-token}'
};
fetch('https://investigations.us-east-1.prod.alienvault.cloud/investigations/v3/investigations/{investigationId}/notes/{noteId}',
{
method: 'GET',
headers: headers
})
.then(function(res) {
return res.json();
}).then(function(body) {
console.log(body);
});
require 'rest-client'
require 'json'
headers = {
'Accept' => 'application/json',
'Authorization' => 'Bearer {id-token}'
}
result = RestClient.get 'https://investigations.us-east-1.prod.alienvault.cloud/investigations/v3/investigations/{investigationId}/notes/{noteId}',
params: {
}, headers: headers
p JSON.parse(result)
import requests
headers = {
'Accept': 'application/json',
'Authorization': 'Bearer {id-token}'
}
r = requests.get('https://investigations.us-east-1.prod.alienvault.cloud/investigations/v3/investigations/{investigationId}/notes/{noteId}', headers = headers)
print(r.json())
<?php
require 'vendor/autoload.php';
$headers = array(
'Accept' => 'application/json',
'Authorization' => 'Bearer {id-token}',
);
$client = new \GuzzleHttp\Client();
// Define array of request body.
$request_body = array();
try {
$response = $client->request('GET','https://investigations.us-east-1.prod.alienvault.cloud/investigations/v3/investigations/{investigationId}/notes/{noteId}', array(
'headers' => $headers,
'json' => $request_body,
)
);
print_r($response->getBody()->getContents());
}
catch (\GuzzleHttp\Exception\BadResponseException $e) {
// handle exception or api errors.
print_r($e->getMessage());
}
// ...
URL obj = new URL("https://investigations.us-east-1.prod.alienvault.cloud/investigations/v3/investigations/{investigationId}/notes/{noteId}");
HttpURLConnection con = (HttpURLConnection) obj.openConnection();
con.setRequestMethod("GET");
int responseCode = con.getResponseCode();
BufferedReader in = new BufferedReader(
new InputStreamReader(con.getInputStream()));
String inputLine;
StringBuffer response = new StringBuffer();
while ((inputLine = in.readLine()) != null) {
response.append(inputLine);
}
in.close();
System.out.println(response.toString());
package main
import (
"bytes"
"net/http"
)
func main() {
headers := map[string][]string{
"Accept": []string{"application/json"},
"Authorization": []string{"Bearer {id-token}"},
}
data := bytes.NewBuffer([]byte{jsonReq})
req, err := http.NewRequest("GET", "https://investigations.us-east-1.prod.alienvault.cloud/investigations/v3/investigations/{investigationId}/notes/{noteId}", data)
req.Header = headers
client := &http.Client{}
resp, err := client.Do(req)
// ...
}
- Returns a note associated with an investigtion.
GET /investigations/{investigationId}/notes/{noteId}
Parameters
Name | In | Type | Required | Description |
---|---|---|---|---|
investigationId | path | string(uuid) | true | The unique identifier of an investigation. |
noteId | path | string(uuid) | true | The unique identifier of a note. |
Example responses
OK
{
"_links": {
"self": {
"href": "https://investigations.us-east-1.prod.alienvault.cloud/investigations/v3/investigations/2033c597-97d2-49f4-b3b6-c9079d46c0f2/notes/bc1c5197-c195-49a6-b3df-9662b8684dce"
}
},
"id": "bc1c5197-c195-49a6-b3df-9662b8684dce",
"message": "The user must have clicked the wrong button.",
"private": true,
"created": {
"by": "ace@some.mssp.com",
"on": "2018-11-07T17:02:42.981Z"
},
"lastModified": {
"by": "updater@alienvault.com",
"on": "2018-11-07T17:03:02.981Z"
}
}
400 Response
{
"errorId": "string",
"message": "string",
"variables": [
"string"
],
"errorUrl": "http://example.com"
}
Responses
Status | Meaning | Description | Schema |
---|---|---|---|
200 | OK | OK | gNote |
400 | Bad Request | Bad Request - Many possible reasons associated with the request (form, content, etc.). Do not resubmit this request unchanged. | errorBody |
401 | Unauthorized | Unauthorized - Authentication failed or was not provided in the Authorization header. | None |
403 | Forbidden | Forbidden - The client has insufficient permissions to access the resource. | None |
404 | Not Found | Not Found - The server has not found anything matching the Request-URI. No indication is given of whether the condition is temporary or permanent. | None |
406 | Not Acceptable | Not Acceptable - The value specified for the Accept header in the request is not supported. Acceptable value is "application/json". | None |
429 | Too Many Requests | Too Many Requests | None |
500 | Internal Server Error | Internal Sever Error - The server encountered an internal error or timed out. Please try again later. | None |
503 | Service Unavailable | Service Unavailable - The server is currently unable to receive requests. Please try again later. | None |
Modify a Note
Code samples
# You can also use wget
curl -X PUT https://investigations.us-east-1.prod.alienvault.cloud/investigations/v3/investigations/{investigationId}/notes/{noteId} \
-H 'Content-Type: application/json' \
-H 'Accept: application/json' \
-H 'Authorization: Bearer {id-token}'
PUT https://investigations.us-east-1.prod.alienvault.cloud/investigations/v3/investigations/{investigationId}/notes/{noteId} HTTP/1.1
Host: investigations.us-east-1.prod.alienvault.cloud
Content-Type: application/json
Accept: application/json
const inputBody = '{
"message": "The user must have clicked the wrong button.",
"private": true
}';
const headers = {
'Content-Type':'application/json',
'Accept':'application/json',
'Authorization':'Bearer {id-token}'
};
fetch('https://investigations.us-east-1.prod.alienvault.cloud/investigations/v3/investigations/{investigationId}/notes/{noteId}',
{
method: 'PUT',
body: inputBody,
headers: headers
})
.then(function(res) {
return res.json();
}).then(function(body) {
console.log(body);
});
require 'rest-client'
require 'json'
headers = {
'Content-Type' => 'application/json',
'Accept' => 'application/json',
'Authorization' => 'Bearer {id-token}'
}
result = RestClient.put 'https://investigations.us-east-1.prod.alienvault.cloud/investigations/v3/investigations/{investigationId}/notes/{noteId}',
params: {
}, headers: headers
p JSON.parse(result)
import requests
headers = {
'Content-Type': 'application/json',
'Accept': 'application/json',
'Authorization': 'Bearer {id-token}'
}
r = requests.put('https://investigations.us-east-1.prod.alienvault.cloud/investigations/v3/investigations/{investigationId}/notes/{noteId}', headers = headers)
print(r.json())
<?php
require 'vendor/autoload.php';
$headers = array(
'Content-Type' => 'application/json',
'Accept' => 'application/json',
'Authorization' => 'Bearer {id-token}',
);
$client = new \GuzzleHttp\Client();
// Define array of request body.
$request_body = array();
try {
$response = $client->request('PUT','https://investigations.us-east-1.prod.alienvault.cloud/investigations/v3/investigations/{investigationId}/notes/{noteId}', array(
'headers' => $headers,
'json' => $request_body,
)
);
print_r($response->getBody()->getContents());
}
catch (\GuzzleHttp\Exception\BadResponseException $e) {
// handle exception or api errors.
print_r($e->getMessage());
}
// ...
URL obj = new URL("https://investigations.us-east-1.prod.alienvault.cloud/investigations/v3/investigations/{investigationId}/notes/{noteId}");
HttpURLConnection con = (HttpURLConnection) obj.openConnection();
con.setRequestMethod("PUT");
int responseCode = con.getResponseCode();
BufferedReader in = new BufferedReader(
new InputStreamReader(con.getInputStream()));
String inputLine;
StringBuffer response = new StringBuffer();
while ((inputLine = in.readLine()) != null) {
response.append(inputLine);
}
in.close();
System.out.println(response.toString());
package main
import (
"bytes"
"net/http"
)
func main() {
headers := map[string][]string{
"Content-Type": []string{"application/json"},
"Accept": []string{"application/json"},
"Authorization": []string{"Bearer {id-token}"},
}
data := bytes.NewBuffer([]byte{jsonReq})
req, err := http.NewRequest("PUT", "https://investigations.us-east-1.prod.alienvault.cloud/investigations/v3/investigations/{investigationId}/notes/{noteId}", data)
req.Header = headers
client := &http.Client{}
resp, err := client.Do(req)
// ...
}
- Modifies a note.
PUT /investigations/{investigationId}/notes/{noteId}
Body parameter
{
"message": "The user must have clicked the wrong button.",
"private": true
}
Parameters
Name | In | Type | Required | Description |
---|---|---|---|---|
body | body | pNote | false | PUT body is the modified note. |
investigationId | path | string(uuid) | true | The unique identifier of an investigation. |
noteId | path | string(uuid) | true | The unique identifier of a note. |
Example responses
OK
{
"_links": {
"self": {
"href": "https://investigations.us-east-1.prod.alienvault.cloud/investigations/v3/investigations/2033c597-97d2-49f4-b3b6-c9079d46c0f2/notes/bc1c5197-c195-49a6-b3df-9662b8684dce"
}
},
"id": "bc1c5197-c195-49a6-b3df-9662b8684dce",
"message": "The user must have clicked the wrong button.",
"private": true,
"created": {
"by": "ace@some.mssp.com",
"on": "2018-11-07T17:02:42.981Z"
},
"lastModified": {
"by": "updater@alienvault.com",
"on": "2018-11-07T17:03:02.981Z"
}
}
400 Response
{
"errorId": "string",
"message": "string",
"variables": [
"string"
],
"errorUrl": "http://example.com"
}
Responses
Status | Meaning | Description | Schema |
---|---|---|---|
200 | OK | OK | gNote |
400 | Bad Request | Bad Request - Many possible reasons associated with the request (form, content, etc.). Do not resubmit this request unchanged. | errorBody |
401 | Unauthorized | Unauthorized - Authentication failed or was not provided in the Authorization header. | None |
403 | Forbidden | Forbidden - The client has insufficient permissions to access the resource. | None |
404 | Not Found | Not Found - The server has not found anything matching the Request-URI. No indication is given of whether the condition is temporary or permanent. | None |
406 | Not Acceptable | Not Acceptable - The value specified for the Accept header in the request is not supported. Acceptable value is "application/json". | None |
411 | Length Required | Length Required - The Content-Length header was not specified. | None |
415 | Unsupported Media Type | Unsupported Media Type - The value specified for the Content-Type header in the request is not supported. Acceptable value is "application/json". | None |
429 | Too Many Requests | Too Many Requests | None |
431 | Request Header Fields Too Large | Request Header Fields Too Large - either an individual header or the headers as a whole. | None |
500 | Internal Server Error | Internal Sever Error - The server encountered an internal error or timed out. Please try again later. | None |
503 | Service Unavailable | Service Unavailable - The server is currently unable to receive requests. Please try again later. | None |
Delete a Note
Code samples
# You can also use wget
curl -X DELETE https://investigations.us-east-1.prod.alienvault.cloud/investigations/v3/investigations/{investigationId}/notes/{noteId} \
-H 'Accept: application/json' \
-H 'Authorization: Bearer {id-token}'
DELETE https://investigations.us-east-1.prod.alienvault.cloud/investigations/v3/investigations/{investigationId}/notes/{noteId} HTTP/1.1
Host: investigations.us-east-1.prod.alienvault.cloud
Accept: application/json
const headers = {
'Accept':'application/json',
'Authorization':'Bearer {id-token}'
};
fetch('https://investigations.us-east-1.prod.alienvault.cloud/investigations/v3/investigations/{investigationId}/notes/{noteId}',
{
method: 'DELETE',
headers: headers
})
.then(function(res) {
return res.json();
}).then(function(body) {
console.log(body);
});
require 'rest-client'
require 'json'
headers = {
'Accept' => 'application/json',
'Authorization' => 'Bearer {id-token}'
}
result = RestClient.delete 'https://investigations.us-east-1.prod.alienvault.cloud/investigations/v3/investigations/{investigationId}/notes/{noteId}',
params: {
}, headers: headers
p JSON.parse(result)
import requests
headers = {
'Accept': 'application/json',
'Authorization': 'Bearer {id-token}'
}
r = requests.delete('https://investigations.us-east-1.prod.alienvault.cloud/investigations/v3/investigations/{investigationId}/notes/{noteId}', headers = headers)
print(r.json())
<?php
require 'vendor/autoload.php';
$headers = array(
'Accept' => 'application/json',
'Authorization' => 'Bearer {id-token}',
);
$client = new \GuzzleHttp\Client();
// Define array of request body.
$request_body = array();
try {
$response = $client->request('DELETE','https://investigations.us-east-1.prod.alienvault.cloud/investigations/v3/investigations/{investigationId}/notes/{noteId}', array(
'headers' => $headers,
'json' => $request_body,
)
);
print_r($response->getBody()->getContents());
}
catch (\GuzzleHttp\Exception\BadResponseException $e) {
// handle exception or api errors.
print_r($e->getMessage());
}
// ...
URL obj = new URL("https://investigations.us-east-1.prod.alienvault.cloud/investigations/v3/investigations/{investigationId}/notes/{noteId}");
HttpURLConnection con = (HttpURLConnection) obj.openConnection();
con.setRequestMethod("DELETE");
int responseCode = con.getResponseCode();
BufferedReader in = new BufferedReader(
new InputStreamReader(con.getInputStream()));
String inputLine;
StringBuffer response = new StringBuffer();
while ((inputLine = in.readLine()) != null) {
response.append(inputLine);
}
in.close();
System.out.println(response.toString());
package main
import (
"bytes"
"net/http"
)
func main() {
headers := map[string][]string{
"Accept": []string{"application/json"},
"Authorization": []string{"Bearer {id-token}"},
}
data := bytes.NewBuffer([]byte{jsonReq})
req, err := http.NewRequest("DELETE", "https://investigations.us-east-1.prod.alienvault.cloud/investigations/v3/investigations/{investigationId}/notes/{noteId}", data)
req.Header = headers
client := &http.Client{}
resp, err := client.Do(req)
// ...
}
- Removes a note from an investigation.
DELETE /investigations/{investigationId}/notes/{noteId}
Parameters
Name | In | Type | Required | Description |
---|---|---|---|---|
investigationId | path | string(uuid) | true | The unique identifier of an investigation. |
noteId | path | string(uuid) | true | The unique identifier of a note. |
Example responses
400 Response
{
"errorId": "string",
"message": "string",
"variables": [
"string"
],
"errorUrl": "http://example.com"
}
Responses
Status | Meaning | Description | Schema |
---|---|---|---|
204 | No Content | No Content | None |
400 | Bad Request | Bad Request - Many possible reasons associated with the request (form, content, etc.). Do not resubmit this request unchanged. | errorBody |
401 | Unauthorized | Unauthorized - Authentication failed or was not provided in the Authorization header. | None |
403 | Forbidden | Forbidden - The client has insufficient permissions to access the resource. | None |
404 | Not Found | Not Found - The server has not found anything matching the Request-URI. No indication is given of whether the condition is temporary or permanent. | None |
429 | Too Many Requests | Too Many Requests | None |
431 | Request Header Fields Too Large | Request Header Fields Too Large - either an individual header or the headers as a whole. | None |
500 | Internal Server Error | Internal Sever Error - The server encountered an internal error or timed out. Please try again later. | None |
503 | Service Unavailable | Service Unavailable - The server is currently unable to receive requests. Please try again later. | None |
Schemas
gAttachment
{
"_links": {
"self": {
"href": "http://example.com"
},
"download": {
"href": "http://example.com"
}
},
"id": "497f6eca-6276-4993-bfeb-53cbbbba6f08",
"private": true,
"name": "string",
"size": 0,
"created": {
"by": "user@example.com",
"on": "2019-08-24T14:15:22Z"
},
"lastModified": {
"by": "user@example.com",
"on": "2019-08-24T14:15:22Z"
}
}
getAttachment
Properties
None
gEvidence
{
"_links": {
"self": {
"href": "http://example.com"
}
},
"id": "497f6eca-6276-4993-bfeb-53cbbbba6f08",
"urn": "string",
"summary": "string",
"created": {
"by": "user@example.com",
"on": "2019-08-24T14:15:22Z"
}
}
getEvidence
Properties
None
pEvidence
{
"urn": "string",
"summary": "string"
}
createEvidence
Properties
None
gHistory
{
"id": "497f6eca-6276-4993-bfeb-53cbbbba6f08",
"modified": {
"by": "user@example.com",
"on": "2019-08-24T14:15:22Z"
},
"target": {
"type": "investigation",
"id": "497f6eca-6276-4993-bfeb-53cbbbba6f08"
},
"action": "Created"
}
getHistory
Properties
None
gInvestigation
{
"_links": {
"self": {
"href": "http://example.com"
},
"attachments": {
"href": "http://example.com"
},
"evidence": {
"href": "http://example.com"
},
"notes": {
"href": "http://example.com"
},
"history": {
"href": "http://example.com"
}
},
"_embedded": {
"attachments": {
"elements": 0
},
"evidence": {
"elements": 0
},
"notes": {
"elements": 0
},
"history": {
"elements": 0
}
},
"id": "497f6eca-6276-4993-bfeb-53cbbbba6f08",
"i3": "string",
"title": "string",
"description": "string",
"deployment": "http://example.com",
"private": true,
"status": "Open",
"intent": "Exploitation & Installation",
"severity": "None",
"assignedTo": "user@example.com",
"created": {
"by": "user@example.com",
"on": "2019-08-24T14:15:22Z"
},
"lastModified": {
"by": "user@example.com",
"on": "2019-08-24T14:15:22Z"
}
}
getInvestigation
Properties
Name | Type | Required | Restrictions | Description |
---|---|---|---|---|
_links | object | false | none | none |
_embedded | object | false | none | none |
» attachments | object | false | none | The number of associated attachments visible to the requesting user |
»» elements | integer | false | none | none |
» evidence | object | false | none | The number of associated evidence object |
»» elements | integer | false | none | none |
» notes | object | false | none | The number of associated notes visible to the requesting user |
»» elements | integer | false | none | none |
» history | object | false | none | The number of changes in the investigation history |
»» elements | integer | false | none | none |
pInvestigation
{
"title": "string",
"description": "string",
"deployment": "http://example.com",
"private": true,
"status": "Open",
"severity": "None",
"intent": "Exploitation & Installation"
}
createInvestigation
Properties
None
gNote
{
"_links": {
"self": {
"href": "http://example.com"
}
},
"id": "497f6eca-6276-4993-bfeb-53cbbbba6f08",
"private": true,
"message": "string",
"created": {
"by": "user@example.com",
"on": "2019-08-24T14:15:22Z"
},
"lastModified": {
"by": "user@example.com",
"on": "2019-08-24T14:15:22Z"
}
}
getNote
Properties
None
pNote
{
"message": "string",
"private": true
}
createNoteReq
Properties
None
assignedTo
"user@example.com"
assignedTo
Properties
Name | Type | Required | Restrictions | Description |
---|---|---|---|---|
assignedTo | string(email) | false | none | Email of the user receiving the assignment. |
created
{
"by": "user@example.com",
"on": "2019-08-24T14:15:22Z"
}
Specifies when the resource was created and by whom.
Properties
None
deployment
"http://example.com"
deployment
Properties
Name | Type | Required | Restrictions | Description |
---|---|---|---|---|
deployment | string(uri) | false | none | URI of the USM Anywhere deployment. |
description
"string"
description
Properties
Name | Type | Required | Restrictions | Description |
---|---|---|---|---|
description | string | false | none | Description of the investigation. |
file
"string"
file
Properties
Name | Type | Required | Restrictions | Description |
---|---|---|---|---|
file | string(binary) | false | none | File in the attachment. |
fileName
"string"
fileName
Properties
Name | Type | Required | Restrictions | Description |
---|---|---|---|---|
fileName | string | false | none | Name of the file. |
fileSize
0
fileSize
Properties
Name | Type | Required | Restrictions | Description |
---|---|---|---|---|
fileSize | integer | false | none | Size of the file in bytes. |
i3
"string"
i3
Properties
Name | Type | Required | Restrictions | Description |
---|---|---|---|---|
i3 | string | false | none | Allows you to specify an alternative identifier for the investigation so that it is simple to integrate with your existing systems and processes. |
i11nId
"497f6eca-6276-4993-bfeb-53cbbbba6f08"
ID of the investigation.
Properties
None
id
"497f6eca-6276-4993-bfeb-53cbbbba6f08"
id
Properties
Name | Type | Required | Restrictions | Description |
---|---|---|---|---|
id | string(uuid) | false | none | Unique identifier of the resource. |
intent
"Exploitation & Installation"
intent
Properties
Name | Type | Required | Restrictions | Description |
---|---|---|---|---|
intent | string | false | none | Intent of the investigation. |
Enumerated Values
Property | Value |
---|---|
intent | Exploitation & Installation |
intent | Delivery & Attack |
intent | Reconnaissance & Probing |
intent | Environmental Awareness |
lastModified
{
"by": "user@example.com",
"on": "2019-08-24T14:15:22Z"
}
lastModified
Properties
None
message
"string"
message
Properties
Name | Type | Required | Restrictions | Description |
---|---|---|---|---|
message | string | false | none | Text in a note. |
private
true
Specifies the visibility of the item. This semantic is only valid when there exists a relationship between a USM Central deployment and a USM Anywhere deployment. When set to true, only the users within the same deployment, USM Central or USM Anywhere, can see the item; the users from the other deployment cannot.
Properties
Name | Type | Required | Restrictions | Description |
---|---|---|---|---|
anonymous | boolean | false | none | Specifies the visibility of the item. This semantic is only valid when there exists a relationship between a USM Central deployment and a USM Anywhere deployment. When set to true, only the users within the same deployment, USM Central or USM Anywhere, can see the item; the users from the other deployment cannot. |
severity
"None"
severity
Properties
Name | Type | Required | Restrictions | Description |
---|---|---|---|---|
severity | string | false | none | Severity of the investigation. |
Enumerated Values
Property | Value |
---|---|
severity | None |
severity | Low |
severity | Medium |
severity | High |
severity | Critical |
summary
"string"
summary
Properties
Name | Type | Required | Restrictions | Description |
---|---|---|---|---|
summary | string | false | none | Summary information from the source object providing the evidence. Such information is not subject to change or modified by a user. |
status
"Open"
status
Properties
Name | Type | Required | Restrictions | Description |
---|---|---|---|---|
status | string | false | none | Status of the investigation. |
Enumerated Values
Property | Value |
---|---|
status | Open |
status | In Review |
status | Closed |
targetType
"investigation"
targetType
Properties
Name | Type | Required | Restrictions | Description |
---|---|---|---|---|
targetType | string | false | none | Type of the resource. |
Enumerated Values
Property | Value |
---|---|
targetType | investigation |
targetType | evidence |
targetType | attachment |
targetType | note |
i11nTitle
"string"
title
Properties
Name | Type | Required | Restrictions | Description |
---|---|---|---|---|
title | string | false | none | Title of the investigation. |
urn
"string"
urn
Properties
Name | Type | Required | Restrictions | Description |
---|---|---|---|---|
urn | string | false | none | Uniform Resource Name (URN) of the evidence. It may contain an alarm, event, user, asset, or other information as edidence for the investigation. |
_modOnBy
{
"by": "user@example.com",
"on": "2019-08-24T14:15:22Z"
}
_mod_on_by
Properties
Name | Type | Required | Restrictions | Description |
---|---|---|---|---|
by | string(email) | true | none | Email of the user who made the change. |
on | string(date-time) | true | none | Date and time when the change was made. Accepted format is ISO-8601 YYYY-MM-DDThh:mm:ss.sTZD. |
action
"Created"
action
Properties
Name | Type | Required | Restrictions | Description |
---|---|---|---|---|
action | string | false | none | Action taken on the resource. |
Enumerated Values
Property | Value |
---|---|
action | Created |
action | Modified |
action | Deleted |
href
{
"href": "http://example.com"
}
An absolute URI [RFC3986]
Properties
Name | Type | Required | Restrictions | Description |
---|---|---|---|---|
href | string(uri) | false | none | An absolute URI [RFC3986] |
selfLink
{
"href": "http://example.com"
}
References the returned resource
Properties
None
linksSelf
{
"self": {
"href": "http://example.com"
}
}
Properties
None
linksAttachment
{
"self": {
"href": "http://example.com"
},
"download": {
"href": "http://example.com"
}
}
Properties
None
errorBody
{
"errorId": "string",
"message": "string",
"variables": [
"string"
],
"errorUrl": "http://example.com"
}
errorBody
Properties
Name | Type | Required | Restrictions | Description |
---|---|---|---|---|
errorId | string | true | none | Unique errorId in the context of an API. Recommendation: two hyphen-delimited subfields: * Domain: identifies the API, application, service or general category to which the error belongs. * Code: provides a unique numeric code within the domain. Examples: General-0001, DataDict-0001 |
message | string | true | none | Message text |
variables | [string] | false | none | List of zero or more strings that represent the contents of the variables used by the message text. |
errorUrl | string(uri) | false | none | Hyperlink to more information about the error, including causes and solutions. |