Skip to main content
POST
/
v2
/
investigations
Send alert for investigation by Qevlar AI.
curl --request POST \
  --url https://api.qevlar.com/v2/investigations \
  --header 'Authorization: Bearer <token>' \
  --header 'Content-Type: application/json' \
  --data '
{
  "source_type": "Almond",
  "content": {},
  "id": "<string>",
  "metadata": {}
}
'
{
  "alert_id": "3c90c3cc-0d44-4b50-8888-8dd25736052a",
  "status": "Failure"
}

Authorizations

Authorization
string
header
required

Bearer authentication header of the form Bearer <token>, where <token> is your auth token.

Body

application/json
source_type
enum<string>
required
Available options:
Almond,
CortexN,
CortexXDR,
Email,
Sentinel,
Unknown,
EDElevatorIpConnections,
GuardDuty,
LetsDefend,
Sekoia,
Splunk
content
Content · object
required

The alert content, to be investigated by Qevlar AI engine, should be provided as a JSON object literal.This data can either be in the form of a JSON object literal or a string that strictly follows the JSON specification.

id
string | null

The unique identifier of the alert for display on the Qevlar AI platform. The ID must not exceed 200 characters in length.

metadata
Metadata · object

Additional metadata for display on the Qevlar AI platform. This should be a dictionary with string or URL values, where each key is up to 40 characters long and each value is up to 500 characters long. You are responsible for ensuring that the URL is secure.

Response

Investigation request accepted

alert_id
string<uuid>
required
status
enum<string>
required
Available options:
Failure,
In progress,
Pending,
Success