Get investigation result

curl --request GET \
  --url https://api.qevlar.com/v2/investigations/{alert_id}/result \
  --header 'Authorization: Bearer <token>'

{
  "id": "3c90c3cc-0d44-4b50-8888-8dd25736052a",
  "profile_id": "3c90c3cc-0d44-4b50-8888-8dd25736052a",
  "external_id": "<string>",
  "metadata": {
    "items": [
      {
        "type": "STRING",
        "name": "<string>",
        "value": "<string>"
      }
    ]
  },
  "title": "<string>",
  "index": 123,
  "received_at": "2023-11-07T05:31:56Z",
  "description": "<string>",
  "type": "<string>",
  "insight_tags": [
    {
      "label": "<string>",
      "scope": "COUNTRY",
      "description": "<string>",
      "scanner_type": "AbuseIPDB"
    }
  ],
  "investigation": {
    "started_at": "2023-11-07T05:31:56Z",
    "ended_at": "2023-11-07T05:31:56Z",
    "observables": {},
    "report": {
      "id": "3c90c3cc-0d44-4b50-8888-8dd25736052a",
      "outcome": "INCONCLUSIVE",
      "feedback": {
        "outcome": "INCONCLUSIVE",
        "description": "<string>",
        "created_by": {
          "id": "3c90c3cc-0d44-4b50-8888-8dd25736052a",
          "username": "<string>",
          "role": "ADMIN",
          "email": "<string>"
        },
        "created_at": "2023-11-07T05:31:56Z"
      },
      "overview": [
        {}
      ],
      "indicators": [
        "<string>"
      ],
      "investigation_next_steps": [
        "<string>"
      ],
      "remediation_next_steps": [
        "<string>"
      ],
      "steps": [
        {
          "id": "3c90c3cc-0d44-4b50-8888-8dd25736052a",
          "type": "Checked reputation using CTI",
          "title": "<string>",
          "input_observable_id": "3c90c3cc-0d44-4b50-8888-8dd25736052a",
          "extracted_observable_ids": [
            "3c90c3cc-0d44-4b50-8888-8dd25736052a"
          ],
          "classification": "Malicious",
          "insights": [
            "<string>"
          ],
          "errors": [
            {
              "scanner_type": "AbuseIPDB"
            }
          ],
          "warnings": [
            {
              "scanner_type": "AbuseIPDB",
              "warning": "InvalidArgumentError"
            }
          ],
          "started_at": "2023-11-07T05:31:56Z",
          "ended_at": "2023-11-07T05:31:56Z",
          "sources": [
            {
              "scanner_type": "AbuseIPDB",
              "url": "<string>"
            }
          ],
          "key_findings": [
            {
              "label": "<string>",
              "value": "<string>"
            }
          ]
        }
      ]
    }
  }
}

GET

investigations

{alert_id}

result

Get investigation result

curl --request GET \
  --url https://api.qevlar.com/v2/investigations/{alert_id}/result \
  --header 'Authorization: Bearer <token>'

{
  "id": "3c90c3cc-0d44-4b50-8888-8dd25736052a",
  "profile_id": "3c90c3cc-0d44-4b50-8888-8dd25736052a",
  "external_id": "<string>",
  "metadata": {
    "items": [
      {
        "type": "STRING",
        "name": "<string>",
        "value": "<string>"
      }
    ]
  },
  "title": "<string>",
  "index": 123,
  "received_at": "2023-11-07T05:31:56Z",
  "description": "<string>",
  "type": "<string>",
  "insight_tags": [
    {
      "label": "<string>",
      "scope": "COUNTRY",
      "description": "<string>",
      "scanner_type": "AbuseIPDB"
    }
  ],
  "investigation": {
    "started_at": "2023-11-07T05:31:56Z",
    "ended_at": "2023-11-07T05:31:56Z",
    "observables": {},
    "report": {
      "id": "3c90c3cc-0d44-4b50-8888-8dd25736052a",
      "outcome": "INCONCLUSIVE",
      "feedback": {
        "outcome": "INCONCLUSIVE",
        "description": "<string>",
        "created_by": {
          "id": "3c90c3cc-0d44-4b50-8888-8dd25736052a",
          "username": "<string>",
          "role": "ADMIN",
          "email": "<string>"
        },
        "created_at": "2023-11-07T05:31:56Z"
      },
      "overview": [
        {}
      ],
      "indicators": [
        "<string>"
      ],
      "investigation_next_steps": [
        "<string>"
      ],
      "remediation_next_steps": [
        "<string>"
      ],
      "steps": [
        {
          "id": "3c90c3cc-0d44-4b50-8888-8dd25736052a",
          "type": "Checked reputation using CTI",
          "title": "<string>",
          "input_observable_id": "3c90c3cc-0d44-4b50-8888-8dd25736052a",
          "extracted_observable_ids": [
            "3c90c3cc-0d44-4b50-8888-8dd25736052a"
          ],
          "classification": "Malicious",
          "insights": [
            "<string>"
          ],
          "errors": [
            {
              "scanner_type": "AbuseIPDB"
            }
          ],
          "warnings": [
            {
              "scanner_type": "AbuseIPDB",
              "warning": "InvalidArgumentError"
            }
          ],
          "started_at": "2023-11-07T05:31:56Z",
          "ended_at": "2023-11-07T05:31:56Z",
          "sources": [
            {
              "scanner_type": "AbuseIPDB",
              "url": "<string>"
            }
          ],
          "key_findings": [
            {
              "label": "<string>",
              "value": "<string>"
            }
          ]
        }
      ]
    }
  }
}

Authorizations

Authorization

string

header

required

Bearer authentication header of the form Bearer <token>, where <token> is your auth token.

Path Parameters

alert_id

string<uuid>

required

Response

Investigation result found

string<uuid>

required

profile_id

string<uuid>

required

external_id

string | null

required

metadata

ClientInvestigateMetadata · object

required

Show child attributes

title

string

required

index

integer

required

received_at

string<date-time>

required

description

string

required

type

string

required

insight_tags

InsightTag · object[]

required

Show child attributes

investigation

InvestigationDTO · object

required

Show child attributes

Request Investigation From Eml Get HTML investigation result

⌘I

API Documentation

Qevlar Endpoint

Get investigation result

Authorizations

Path Parameters

Response