2019-07-30 13:49:21 +02:00
# API DOCUMENTATION
## General
### Automation key
2019-07-30 14:15:01 +02:00
The authentication of the automation is performed via a secure key available in the AIL UI interface. Make sure you keep that key secret. It gives access to the entire database! The API key is available in the ``Server Management`` menu under ``My Profile``.
2019-07-30 13:49:21 +02:00
The authorization is performed by using the following header:
~~~~
2019-07-30 14:15:01 +02:00
Authorization: YOUR_API_KEY
2019-07-30 13:49:21 +02:00
~~~~
### Accept and Content-Type headers
When submitting data in a POST, PUT or DELETE operation you need to specify in what content-type you encoded the payload. This is done by setting the below Content-Type headers:
~~~~
Content-Type: application/json
~~~~
Example:
~~~~
2019-07-30 14:15:01 +02:00
curl --header "Authorization: YOUR_API_KEY" --header "Content-Type: application/json" https://AIL_URL/
2019-07-30 13:49:21 +02:00
~~~~
## Item management
2019-08-06 10:54:37 +02:00
### Get item: `api/v1/get/item/default`<a name="get_item_default"></a>
2019-07-30 13:49:21 +02:00
#### Description
2019-08-01 13:16:57 +02:00
Get item default info.
2019-07-30 13:49:21 +02:00
2019-08-05 16:00:23 +02:00
**Method** : `POST`
2019-07-30 13:49:21 +02:00
#### Parameters
- `id`
- item id
- *str - relative item path*
- mandatory
#### JSON response
- `content`
- item content
- *str*
- `id`
- item id
- *str*
- `date`
- item date
- *str - YYMMDD*
- `tags`
- item tags list
- *list*
#### Example
```
2019-08-05 16:00:23 +02:00
curl https://127.0.0.1:7000/api/v1/get/item/default --header "Authorization: iHc1_ChZxj1aXmiFiF1mkxxQkzawwriEaZpPqyTQj " -H "Content-Type: application/json" --data @input .json -X POST
```
#### input.json Example
```json
{
"id": "submitted/2019/07/26/3efb8a79-08e9-4776-94ab-615eb370b6d4.gz"
}
2019-07-30 13:49:21 +02:00
```
#### Expected Success Response
**HTTP Status Code** : `200`
```json
{
"content": "item content test",
"date": "20190726",
"id": "submitted/2019/07/26/3efb8a79-08e9-4776-94ab-615eb370b6d4.gz",
"tags":
[
"misp-galaxy:backdoor=\"Rosenbridge\"",
"infoleak:automatic-detection=\"pgp-message\"",
"infoleak:automatic-detection=\"encrypted-private-key\"",
"infoleak:submission=\"manual\"",
"misp-galaxy:backdoor=\"SLUB\""
]
}
```
#### Expected Fail Response
**HTTP Status Code** : `400`
2019-08-01 13:16:57 +02:00
```json
{"status": "error", "reason": "Mandatory parameter(s) not provided"}
```
**HTTP Status Code** : `404`
2019-07-31 11:15:34 +02:00
```json
{"status": "error", "reason": "Item not found"}
2019-07-30 13:49:21 +02:00
```
2019-08-06 10:54:37 +02:00
### Get item content: `api/v1/get/item/content`<a name="get_item_content"></a>
2019-07-30 13:49:21 +02:00
#### Description
Get a specific item content.
2019-08-05 16:00:23 +02:00
**Method** : `POST`
2019-07-30 13:49:21 +02:00
#### Parameters
- `id`
- item id
- *str - relative item path*
- mandatory
#### JSON response
- `content`
- item content
- *str*
- `id`
- item id
- *str*
#### Example
```
2019-08-05 16:00:23 +02:00
curl https://127.0.0.1:7000/api/v1/get/item/content --header "Authorization: iHc1_ChZxj1aXmiFiF1mkxxQkzawwriEaZpPqyTQj " -H "Content-Type: application/json" --data @input .json -X POST
```
#### input.json Example
```json
{
"id": "submitted/2019/07/26/3efb8a79-08e9-4776-94ab-615eb370b6d4.gz"
}
2019-07-30 13:49:21 +02:00
```
#### Expected Success Response
**HTTP Status Code** : `200`
```json
{
"content": "item content test",
"id": "submitted/2019/07/26/3efb8a79-08e9-4776-94ab-615eb370b6d4.gz"
}
```
#### Expected Fail Response
**HTTP Status Code** : `400`
2019-08-01 13:16:57 +02:00
```json
{"status": "error", "reason": "Mandatory parameter(s) not provided"}
```
**HTTP Status Code** : `404`
2019-07-31 11:15:34 +02:00
```json
{"status": "error", "reason": "Item not found"}
2019-07-30 13:49:21 +02:00
```
2019-08-06 10:54:37 +02:00
### Get item content: `api/v1/get/item/tag`<a name="get_item_tag"></a>
2019-07-30 13:49:21 +02:00
#### Description
Get all tags from an item.
2019-08-05 16:00:23 +02:00
**Method** : `POST`
2019-07-30 13:49:21 +02:00
#### Parameters
- `id`
- item id
- *str - relative item path*
- mandatory
#### JSON response
- `content`
- item content
- *str*
- `tags`
- item tags list
- *list*
#### Example
```
2019-08-05 16:00:23 +02:00
curl https://127.0.0.1:7000/api/v1/get/item/tag --header "Authorization: iHc1_ChZxj1aXmiFiF1mkxxQkzawwriEaZpPqyTQj " -H "Content-Type: application/json" --data @input .json -X POST
```
#### input.json Example
```json
{
"id": "submitted/2019/07/26/3efb8a79-08e9-4776-94ab-615eb370b6d4.gz"
}
2019-07-30 13:49:21 +02:00
```
#### Expected Success Response
**HTTP Status Code** : `200`
```json
{
"id": "submitted/2019/07/26/3efb8a79-08e9-4776-94ab-615eb370b6d4.gz",
"tags":
[
"misp-galaxy:backdoor=\"Rosenbridge\"",
"infoleak:automatic-detection=\"pgp-message\"",
"infoleak:automatic-detection=\"encrypted-private-key\"",
"infoleak:submission=\"manual\"",
"misp-galaxy:backdoor=\"SLUB\""
]
}
```
#### Expected Fail Response
**HTTP Status Code** : `400`
2019-08-01 13:16:57 +02:00
```json
{"status": "error", "reason": "Mandatory parameter(s) not provided"}
```
**HTTP Status Code** : `404`
```json
{"status": "error", "reason": "Item not found"}
```
2019-08-06 10:54:37 +02:00
### Advanced Get item: `api/v1/get/item`<a name="get_item"></a>
2019-08-01 13:16:57 +02:00
#### Description
Get item. Filter requested field.
**Method** : `POST`
2019-07-30 13:49:21 +02:00
2019-08-01 13:16:57 +02:00
#### Parameters
- `id`
- item id
- *str - relative item path*
- mandatory
- `date`
- get item date
- *boolean*
- default: `true`
- `tags`
- get item tags
- *boolean*
- default: `true`
- `content`
- get item content
- *boolean*
- default: `false`
- `size`
- get item size
- *boolean*
- default: `false`
- `lines`
- get item lines info
- *boolean*
- default: `false`
2019-09-04 10:06:52 +02:00
- `cryptocurrency`
- `bitcoin`
- get item bitcoin adress
- *boolean*
- default: `false`
- `pgp`
- `key`
- get item pgp key
- *boolean*
- default: `false`
- `mail`
- get item pgp mail
- *boolean*
- default: `false`
- `name`
- get item pgp name
- *boolean*
- default: `false`
2019-08-01 13:16:57 +02:00
#### JSON response
- `content`
- item content
- *str*
- `id`
- item id
- *str*
- `date`
- item date
- *str - YYMMDD*
- `tags`
- item tags list
- *list*
- `size`
- item size (Kb)
- *int*
- `lines`
- item lines info
- *{}*
- `max_length`
- line max length line
- *int*
- `nb`
- nb lines item
- *int*
2019-09-04 10:06:52 +02:00
- `cryptocurrency`
- `bitcoin`
- item bitcoin adress
- *list*
- `pgp`
- `key`
- item pgp keys
- *list*
- `mail`
- item pgp mails
- *list*
- `name`
- item pgp name
- *list*
2019-08-01 13:16:57 +02:00
#### Example
```
2019-08-05 09:46:56 +02:00
curl https://127.0.0.1:7000/api/v1/get/item --header "Authorization: iHc1_ChZxj1aXmiFiF1mkxxQkzawwriEaZpPqyTQj " -H "Content-Type: application/json" --data @input .json -X POST
2019-08-01 13:16:57 +02:00
```
#### input.json Example
```json
{
"id": "submitted/2019/07/26/3efb8a79-08e9-4776-94ab-615eb370b6d4.gz",
"content": true,
"lines_info": true,
"tags": true,
"size": true
}
```
#### Expected Success Response
**HTTP Status Code** : `200`
```json
{
2019-08-01 13:43:28 +02:00
"content": "dsvcdsvcdsc vvvv",
2019-09-04 10:06:52 +02:00
"cryptocurrency": {
"bitcoin": [
"132M1aGTGodHkQNh1augLeMjEXH51wgoCc"
]
},
2019-08-01 13:16:57 +02:00
"date": "20190726",
"id": "submitted/2019/07/26/3efb8a79-08e9-4776-94ab-615eb370b6d4.gz",
"lines": {
"max_length": 19,
"nb": 1
},
2019-09-04 10:06:52 +02:00
"pgp": {
"key": [
"0x5180D21F4C20F975"
],
"mail": [
"mail@test.test"
],
"name": [
"user_test"
]
},
2019-08-01 13:16:57 +02:00
"size": 0.03,
"tags": [
"misp-galaxy:stealer=\"Vidar\"",
"infoleak:submission=\"manual\""
]
}
```
#### Expected Fail Response
**HTTP Status Code** : `400`
```json
{"status": "error", "reason": "Mandatory parameter(s) not provided"}
```
**HTTP Status Code** : `404`
2019-07-31 11:15:34 +02:00
```json
{"status": "error", "reason": "Item not found"}
2019-07-30 13:49:21 +02:00
```
2019-08-01 13:16:57 +02:00
2019-08-06 11:43:18 +02:00
### Add item tags: `api/v1/add/item/tag`<a name="add_item_tag"></a>
2019-07-30 13:49:21 +02:00
#### Description
Add tags to an item.
**Method** : `POST`
#### Parameters
- `id`
- item id
- *str - relative item path*
- mandatory
- `tags`
- list of tags
- *list*
- default: `[]`
- `galaxy`
- list of galaxy
- *list*
- default: `[]`
#### JSON response
- `id`
- item id
- *str - relative item path*
- `tags`
- list of item tags added
- *list*
#### Example
```
2019-08-05 09:46:56 +02:00
curl https://127.0.0.1:7000/api/v1/import/item --header "Authorization: iHc1_ChZxj1aXmiFiF1mkxxQkzawwriEaZpPqyTQj " -H "Content-Type: application/json" --data @input .json -X POST
2019-07-30 13:49:21 +02:00
```
#### input.json Example
```json
{
"id": "submitted/2019/07/26/3efb8a79-08e9-4776-94ab-615eb370b6d4.gz",
"tags": [
"infoleak:analyst-detection=\"private-key\"",
"infoleak:analyst-detection=\"api-key\""
],
"galaxy": [
"misp-galaxy:stealer=\"Vidar\""
]
}
```
#### Expected Success Response
**HTTP Status Code** : `200`
```json
{
"id": "submitted/2019/07/26/3efb8a79-08e9-4776-94ab-615eb370b6d4.gz",
"tags": [
"infoleak:analyst-detection=\"private-key\"",
"infoleak:analyst-detection=\"api-key\"",
"misp-galaxy:stealer=\"Vidar\""
]
}
```
#### Expected Fail Response
**HTTP Status Code** : `400`
2019-07-31 11:15:34 +02:00
```json
{"status": "error", "reason": "Item id not found"}
{"status": "error", "reason": "Tags or Galaxy not specified"}
{"status": "error", "reason": "Tags or Galaxy not enabled"}
2019-07-30 13:49:21 +02:00
```
2019-08-06 10:54:37 +02:00
### Delete item tags: `api/v1/delete/item/tag`<a name="delete_item_tag"></a>
2019-07-30 13:49:21 +02:00
#### Description
Delete tags from an item.
**Method** : `DELETE`
#### Parameters
- `id`
- item id
- *str - relative item path*
- mandatory
- `tags`
- list of tags
- *list*
- default: `[]`
#### JSON response
- `id`
- item id
- *str - relative item path*
- `tags`
- list of item tags deleted
- *list*
#### Example
```
2019-08-05 09:46:56 +02:00
curl https://127.0.0.1:7000/api/v1/delete/item/tag --header "Authorization: iHc1_ChZxj1aXmiFiF1mkxxQkzawwriEaZpPqyTQj " -H "Content-Type: application/json" --data @input .json -X DELETE
2019-07-30 13:49:21 +02:00
```
#### input.json Example
```json
{
"id": "submitted/2019/07/26/3efb8a79-08e9-4776-94ab-615eb370b6d4.gz",
"tags": [
"infoleak:analyst-detection=\"private-key\"",
"infoleak:analyst-detection=\"api-key\"",
"misp-galaxy:stealer=\"Vidar\""
]
}
```
#### Expected Success Response
**HTTP Status Code** : `200`
```json
{
"id": "submitted/2019/07/26/3efb8a79-08e9-4776-94ab-615eb370b6d4.gz",
"tags": [
"infoleak:analyst-detection=\"private-key\"",
"infoleak:analyst-detection=\"api-key\"",
"misp-galaxy:stealer=\"Vidar\""
]
}
```
#### Expected Fail Response
**HTTP Status Code** : `400`
2019-07-31 11:15:34 +02:00
```json
{"status": "error", "reason": "Item id not found"}
{"status": "error", "reason": "No Tag(s) specified"}
2019-07-30 13:49:21 +02:00
```
2019-08-01 14:36:52 +02:00
## Tag management
2019-08-06 10:54:37 +02:00
### Get all AIL tags: `api/v1/get/tag/all`<a name="get_tag_all"></a>
2019-08-01 14:36:52 +02:00
#### Description
Get all tags used in AIL.
**Method** : `GET`
#### JSON response
- `tags`
- list of tag
- *list*
#### Example
```
2019-08-05 09:46:56 +02:00
curl https://127.0.0.1:7000/api/v1/get/tag/all --header "Authorization: iHc1_ChZxj1aXmiFiF1mkxxQkzawwriEaZpPqyTQj " -H "Content-Type: application/json"
2019-08-01 14:36:52 +02:00
```
#### Expected Success Response
**HTTP Status Code** : `200`
```json
{
"tags": [
"misp-galaxy:backdoor=\"Rosenbridge\"",
"infoleak:automatic-detection=\"pgp-private-key\"",
"infoleak:automatic-detection=\"pgp-signature\"",
"infoleak:automatic-detection=\"base64\"",
"infoleak:automatic-detection=\"encrypted-private-key\"",
"infoleak:submission=\"crawler\"",
"infoleak:automatic-detection=\"binary\"",
"infoleak:automatic-detection=\"pgp-public-key-block\"",
"infoleak:automatic-detection=\"hexadecimal\"",
"infoleak:analyst-detection=\"private-key\"",
"infoleak:submission=\"manual\"",
"infoleak:automatic-detection=\"private-ssh-key\"",
"infoleak:automatic-detection=\"iban\"",
"infoleak:automatic-detection=\"pgp-message\"",
"infoleak:automatic-detection=\"certificate\"",
"infoleak:automatic-detection=\"credential\"",
"infoleak:automatic-detection=\"cve\"",
"infoleak:automatic-detection=\"google-api-key\"",
"infoleak:automatic-detection=\"phone-number\"",
"infoleak:automatic-detection=\"rsa-private-key\"",
"misp-galaxy:backdoor=\"SLUB\"",
"infoleak:automatic-detection=\"credit-card\"",
"misp-galaxy:stealer=\"Vidar\"",
"infoleak:automatic-detection=\"private-key\"",
"infoleak:automatic-detection=\"api-key\"",
"infoleak:automatic-detection=\"mail\""
]
}
```
2019-08-06 10:54:37 +02:00
### Get tag metadata: `api/v1/get/tag/metadata`<a name="get_tag_metadata"></a>
2019-08-01 14:36:52 +02:00
#### Description
Get tag metadata.
2019-08-05 16:00:23 +02:00
**Method** : `POST`
2019-08-01 14:36:52 +02:00
#### Parameters
- `tag`
- tag name
- *str*
- mandatory
#### JSON response
- `tag`
- tag name
- *str*
- `first_seen`
- date: first seen
2019-08-12 10:18:11 +02:00
- *str - YYYYMMDD*
2019-08-01 14:36:52 +02:00
- `last_seen`
2019-08-12 10:19:07 +02:00
- date: last seen
2019-08-12 10:18:11 +02:00
- *str - YYYYMMDD*
2019-08-01 14:36:52 +02:00
#### Example
```
2019-08-05 16:00:23 +02:00
curl https://127.0.0.1:7000/api/v1/get/tag/metadata --header "Authorization: iHc1_ChZxj1aXmiFiF1mkxxQkzawwriEaZpPqyTQj " -H "Content-Type: application/json" --data @input .json -X POST
```
#### input.json Example
```json
{
"tag": "infoleak:submission=\"manual\""
}
2019-08-01 14:36:52 +02:00
```
#### Expected Success Response
**HTTP Status Code** : `200`
```json
{
"first_seen": "20190605",
"last_seen": "20190726",
"tag": "infoleak:submission=\"manual\""
}
```
#### Expected Fail Response
**HTTP Status Code** : `404`
```json
{"status": "error", "reason": "Tag not found"}
```
2019-09-04 10:06:52 +02:00
## Cryptocurrency
### Get bitcoin metadata: `api/v1/get/cryptocurrency/bitcoin/metadata`<a name="get_cryptocurrency_bitcoin_metadata"></a>
#### Description
Get all metdata from a bitcoin address.
**Method** : `POST`
#### Parameters
- `bitcoin`
- bitcoin address
- *str*
- mandatory
#### JSON response
- `bitcoin`
- bitcoin address
- *str*
- `first_seen`
- date: first seen
- *str - YYYYMMDD*
- `last_seen`
- date: last seen
- *str - YYYYMMDD*
#### Example
```
curl https://127.0.0.1:7000/api/v1/get/cryptocurrency/bitcoin/metadata --header "Authorization: iHc1_ChZxj1aXmiFiF1mkxxQkzawwriEaZpPqyTQj " -H "Content-Type: application/json" --data @input .json -X POST
```
#### input.json Example
```json
{
"bitcoin": "3DZfm5TQaJKcJm9PsuaWmSz9XmHMLxVv3y"
}
```
#### Expected Success Response
**HTTP Status Code** : `200`
```json
{
"bitcoin": "3DZfm5TQaJKcJm9PsuaWmSz9XmHMLxVv3y",
"first_seen": "20190605",
"last_seen": "20190726"
}
```
#### Expected Fail Response
**HTTP Status Code** : `404`
```json
{"status": "error", "reason": "Item not found"}
```
### Get bitcoin metadata: `api/v1/get/cryptocurrency/bitcoin/item`<a name="get_cryptocurrency_bitcoin_item"></a>
#### Description
Get all items related to a bitcoin address.
**Method** : `POST`
#### Parameters
- `bitcoin`
- bitcoin address
- *str*
- mandatory
#### JSON response
- `bitcoin`
- bitcoin address
- *str*
- `items`
- list of item id
- *list*
#### Example
```
curl https://127.0.0.1:7000/api/v1/get/cryptocurrency/bitcoin/item --header "Authorization: iHc1_ChZxj1aXmiFiF1mkxxQkzawwriEaZpPqyTQj " -H "Content-Type: application/json" --data @input .json -X POST
```
#### input.json Example
```json
{
"bitcoin": "3DZfm5TQaJKcJm9PsuaWmSz9XmHMLxVv3y"
}
```
#### Expected Success Response
**HTTP Status Code** : `200`
```json
{
"bitcoin": "3DZfm5TQaJKcJm9PsuaWmSz9XmHMLxVv3y",
"items": [
"archive/2019/08/26/test_bitcoin001",
"archive/2019/08/26/test_bitcoin002",
"submitted/2019/07/26/3efb8a79-08e9-4776-94ab-615eb370b6d4.gz"
]
}
```
#### Expected Fail Response
**HTTP Status Code** : `404`
```json
{"status": "error", "reason": "Item not found"}
```
2019-08-01 14:36:52 +02:00
2019-07-30 13:49:21 +02:00
2019-08-06 17:03:49 +02:00
## Tracker
2019-09-13 11:40:09 +02:00
### Add term tracker: `api/v1/add/tracker`<a name="add_tracker"></a>
2019-08-06 17:03:49 +02:00
#### Description
2019-09-13 11:40:09 +02:00
Create a new tracker (word, set, regex).
You need to use a regex if you want to use one of the following special characters [< >~!?@#$%^&*|()_-+={} \":; ,.\'\n\r\t]/\\
2019-08-06 17:03:49 +02:00
**Method** : `POST`
#### Parameters
- `term`
- term to add
- *str - word(s)*
2019-08-07 12:08:24 +02:00
- mandatory
2019-08-06 17:03:49 +02:00
- `nb_words`
- number of words in set
- *int*
- default: `1`
- `type`
- term type
- *str*
- mandatory: `word` , `set` , `regex`
- `tags`
- list of tags
- *list*
- default: `[]`
- `mails`
- list of mails to notify
- *list*
- default: `[]`
- `level`
- tracker visibility
- *int - 0: user only, 1: all users*
- default: `1`
2019-09-13 16:33:34 +02:00
- `description`
- tracker description
- *str*
2019-08-06 17:03:49 +02:00
#### JSON response
- `uuid`
- import uuid
- *uuid4*
#### Example
```
2019-09-13 11:40:09 +02:00
curl https://127.0.0.1:7000/api/v1/add/tracker --header "Authorization: iHc1_ChZxj1aXmiFiF1mkxxQkzawwriEaZpPqyTQj " -H "Content-Type: application/json" --data @input .json -X POST
2019-08-06 17:03:49 +02:00
```
#### input.json Example
```json
{
2019-09-13 11:40:09 +02:00
"term": "test test2 test3",
"type": "set",
"nb_words": 2,
"tags": [
"mytags",
"othertags"
],
"mails": [
"mail@mail.test",
"othermail@mail.test"
],
"level": 1
2019-08-06 17:03:49 +02:00
}
```
#### Expected Success Response
**HTTP Status Code** : `200`
```json
{
2019-09-13 11:40:09 +02:00
"uuid": "6a16b06e-38e5-41e1-904d-3960610647e8"
2019-08-06 17:03:49 +02:00
}
```
#### Expected Fail Response
2019-09-13 11:40:09 +02:00
**HTTP Status Code** : 400
2019-08-06 17:03:49 +02:00
```json
2019-09-13 11:40:09 +02:00
{"status": "error", "reason": "Term not provided"}
{"status": "error", "reason": "Term type not provided"}
{"status": "error", "reason": "special character not allowed", "message": "Please use a regex or remove all special characters"}
{"status": "error", "reason": "Incorrect type"}
2019-08-09 15:22:57 +02:00
```
2019-09-13 11:40:09 +02:00
**HTTP Status Code** : 409
2019-08-09 15:22:57 +02:00
2019-09-13 11:40:09 +02:00
```json
{"status": "error", "reason": "Term already tracked"}
```
2019-08-09 15:22:57 +02:00
2019-09-13 11:40:09 +02:00
### Delete term tracker: `api/v1/delete/tracker`<a name="delete_tracker"></a>
2019-08-09 15:22:57 +02:00
#### Description
2019-09-13 11:40:09 +02:00
Delete a tracker
2019-08-09 15:22:57 +02:00
**Method** : `DELETE`
#### Parameters
- `uuid`
- tracked term uuid
- *uuid4*
- mandatory
#### JSON response
- `uuid`
- deleted uuid
- *uuid4*
#### Example
```
2019-09-13 11:40:09 +02:00
curl https://127.0.0.1:7000/api/v1/delete/tracker --header "Authorization: iHc1_ChZxj1aXmiFiF1mkxxQkzawwriEaZpPqyTQj " -H "Content-Type: application/json" --data @input .json -X POST
2019-08-09 15:22:57 +02:00
```
#### input.json Example
```json
{
2019-09-13 11:40:09 +02:00
"uuid": "6a16b06e-38e5-41e1-904d-3960610647e8"
2019-08-09 15:22:57 +02:00
}
```
#### Expected Success Response
**HTTP Status Code** : `200`
```json
{
2019-09-13 11:40:09 +02:00
"uuid": "6a16b06e-38e5-41e1-904d-3960610647e8"
2019-08-09 15:22:57 +02:00
}
```
#### Expected Fail Response
**HTTP Status Code** : `400`
```json
2019-09-13 11:40:09 +02:00
{"status": "error", "reason": "Invalid uuid"}
2019-08-09 15:22:57 +02:00
2019-08-06 17:03:49 +02:00
```
2019-09-13 11:40:09 +02:00
**HTTP Status Code** : `404`
2019-08-06 17:03:49 +02:00
2019-09-13 11:40:09 +02:00
```json
({"status": "error", "reason": "Unknown uuid"}
2019-08-06 17:03:49 +02:00
2019-09-13 11:40:09 +02:00
```
2019-08-06 17:03:49 +02:00
2019-09-13 11:40:09 +02:00
### Delete term tracker: `api/v1/get/tracker/item`<a name="get_tracker_item"></a>
2019-08-09 17:07:54 +02:00
#### Description
2019-09-13 11:40:09 +02:00
Get tracked items by date-range
2019-08-09 17:07:54 +02:00
**Method** : `POST`
#### Parameters
- `uuid`
- tracked term uuid
- *uuid4*
- mandatory
- `date_from`
- date from
- *str - YYMMDD*
- default: last tracked items date
- `date_to`
- date to
- *str - YYMMDD*
- default: `None`
#### JSON response
- `uuid`
- term uuid
- *uuid4*
- `date_from`
- date from
- *str - YYMMDD*
- `date_to`
- date to
- *str - YYMMDD*
- `items`
- list of item id
- *list*
#### Example
```
2019-09-13 11:40:09 +02:00
curl https://127.0.0.1:7000/api/v1/get/tracker/item --header "Authorization: iHc1_ChZxj1aXmiFiF1mkxxQkzawwriEaZpPqyTQj " -H "Content-Type: application/json" --data @input .json -X POST
2019-08-09 17:07:54 +02:00
```
#### input.json Example
```json
{
2019-09-13 11:40:09 +02:00
"uuid": "6a16b06e-38e5-41e1-904d-3960610647e8",
"date_from": "20190823",
"date_to": "20190829",
"items": [
{
"id": "submitted/2019/08/25/4f929998-3921-4be3-b448-be3bf1722d6b.gz",
"date": 20190825,
"tags": [
"infoleak:automatic-detection=\"credential\"",
"mytags",
"othertags",
]
}
]
2019-08-09 17:07:54 +02:00
}
```
2019-09-13 11:40:09 +02:00
**HTTP Status Code** : `400`
2019-08-09 17:07:54 +02:00
```json
2019-09-13 11:40:09 +02:00
{"status": "error", "reason": "Invalid uuid"}
2019-08-09 17:07:54 +02:00
```
2019-09-13 11:40:09 +02:00
**HTTP Status Code** : `404`
2019-08-09 17:07:54 +02:00
```json
2019-09-13 11:40:09 +02:00
({"status": "error", "reason": "Unknown uuid"}
2019-08-09 17:07:54 +02:00
```
2019-12-16 14:31:31 +01:00
## Domain
2019-08-09 17:07:54 +02:00
2019-12-16 14:31:31 +01:00
### Get min domain metadata: `api/v1/get/crawled/domain/list`<a name="get_crawled_domain_list"></a>
#### Description
Get crawled domain by date-range and status (default status = *UP* )
**Method** : `POST`
#### Parameters
- `domain_type`
- domain type: *onion* or *regular*
- *str*
- default: *regular*
- `date_from`
- date from
- *str - YYYYMMDD*
2019-12-16 14:36:34 +01:00
- mandatory
2019-12-16 14:31:31 +01:00
- `date_to`
- date to
- *str - YYYYMMDD*
2019-12-16 14:36:34 +01:00
- mandatory
2019-12-16 14:31:31 +01:00
#### JSON response
- `domain_type`
- domain type: *onion* or *regular*
- *str*
- `date_from`
- date from
- *str - YYYYMMDD*
- `date_to`
- date to
- *str - YYYYMMDD*
- `domains`
- list of domains
- *list - list of domains*
#### Example
```
curl https://127.0.0.1:7000/api/v1/get/crawled/domain/list --header "Authorization: iHc1_ChZxj1aXmiFiF1mkxxQkzawwriEaZpPqyTQj " -H "Content-Type: application/json" --data @input .json -X POST
```
#### input.json Example
```json
{
"date_from": "20191001",
"date_to": "20191222",
"domain_type": "onion"
}
```
#### Expected Success Response
**HTTP Status Code** : `200`
```json
{
"date_from": "20191001",
"date_to": "20191222",
"domain_status": "UP",
"domain_type": "onion",
"domains": [
"2222222222222222.onion"
]
}
```
2019-12-16 14:36:34 +01:00
### Get min domain metadata: `api/v1/get/domain/status/minimal`<a name="get_domain_status_minimal"></a>
2019-12-16 14:31:31 +01:00
#### Description
Get min domain metadata
**Method** : `POST`
#### Parameters
- `domain`
- domain name
- *str*
- mandatory
#### JSON response
- `domain`
- domain
- *str*
- `first_seen`
- domain first up time
- *epoch*
- `last_seen`
- domain last up time
- *epoch*
#### Example
```
2019-12-16 14:36:34 +01:00
curl https://127.0.0.1:7000/api/v1/get/domain/status/minimal --header "Authorization: iHc1_ChZxj1aXmiFiF1mkxxQkzawwriEaZpPqyTQj " -H "Content-Type: application/json" --data @input .json -X POST
2019-12-16 14:31:31 +01:00
```
#### input.json Example
```json
{
"domain": "2222222222222222.onion",
}
```
#### Expected Success Response
**HTTP Status Code** : `200`
```json
{
"domain": "2222222222222222.onion",
"first_seen": 1571314000,
"last_seen": 1571314000
}
```
**HTTP Status Code** : `404`
```json
({"status": "error", "reason": "Domain not found"}
```
2019-08-06 17:03:49 +02:00
2019-07-30 13:49:21 +02:00
## Import management
2019-08-06 10:54:37 +02:00
### Import item (currently: text only): `api/v1/import/item`<a name="import_item"></a>
2019-07-30 13:49:21 +02:00
#### Description
Allows users to import new items. asynchronous function.
**Method** : `POST`
#### Parameters
- `type`
- import type
- *str*
- default: `text`
- `text`
- text to import
- *str*
- mandatory if type = text
- `default_tags`
- add default import tag
- *boolean*
- default: True
- `tags`
- list of tags
- *list*
- default: `[]`
- `galaxy`
- list of galaxy
- *list*
- default: `[]`
#### JSON response
- `uuid`
- import uuid
- *uuid4*
#### Example
```
2019-08-05 09:46:56 +02:00
curl https://127.0.0.1:7000/api/v1/import/item --header "Authorization: iHc1_ChZxj1aXmiFiF1mkxxQkzawwriEaZpPqyTQj " -H "Content-Type: application/json" --data @input .json -X POST
2019-07-30 13:49:21 +02:00
```
#### input.json Example
```json
{
"type": "text",
"tags": [
"infoleak:analyst-detection=\"private-key\""
],
"text": "text to import"
}
```
#### Expected Success Response
**HTTP Status Code** : `200`
```json
{
"uuid": "0c3d7b34-936e-4f01-9cdf-2070184b6016"
}
```
#### Expected Fail Response
**HTTP Status Code** : `400`
2019-07-31 11:15:34 +02:00
```json
{"status": "error", "reason": "Malformed JSON"}
{"status": "error", "reason": "No text supplied"}
{"status": "error", "reason": "Tags or Galaxy not enabled"}
{"status": "error", "reason": "Size exceeds default"}
2019-07-30 13:49:21 +02:00
```
2019-08-06 10:54:37 +02:00
### GET Import item info: `api/v1/get/import/item/`<a name="get_import_item"></a>
2019-07-30 13:49:21 +02:00
#### Description
Get import status and all items imported by uuid
2019-08-05 16:00:23 +02:00
**Method** : `POST`
2019-07-30 13:49:21 +02:00
#### Parameters
- `uuid`
- import uuid
- *uuid4*
- mandatory
#### JSON response
- `status`
- import status
- *str*
- values: `in queue` , `in progress` , `imported`
- `items`
- list of imported items id
- *list*
- The full list of imported items is not complete until `status` = `"imported"`
#### Example
```
2019-08-05 16:00:23 +02:00
curl -k https://127.0.0.1:7000/api/v1/get/import/item --header "Authorization: iHc1_ChZxj1aXmiFiF1mkxxQkzawwriEaZpPqyTQj " -H "Content-Type: application/json" --data @input .json -X POST
```
#### input.json Example
```json
{
"uuid": "0c3d7b34-936e-4f01-9cdf-2070184b6016"
}
2019-07-30 13:49:21 +02:00
```
#### Expected Success Response
**HTTP Status Code** : `200`
```json
{
"items": [
"submitted/2019/07/26/b20a69f1-99ad-4cb3-b212-7ce24b763b50.gz"
],
"status": "imported"
}
```
#### Expected Fail Response
**HTTP Status Code** : `400`
2019-07-31 11:15:34 +02:00
```json
{"status": "error", "reason": "Invalid uuid"}
2019-07-31 11:19:06 +02:00
{"status": "error", "reason": "Unknown uuid"}
2019-07-30 13:49:21 +02:00
```
2019-08-01 09:45:59 +02:00
# FUTURE endpoints
### Text search by daterange
##### ``api/search/textIndexer/item`` POST
### Get tagged items by daterange
##### ``api/search/tag/item`` POST
### Submit a domain to crawl
##### ``api/add/crawler/domain`` POST
### Create a term/set/regex tracker
##### ``api/add/termTracker/`` POST
### Get tracker items list
##### ``api/get/termTracker/item`` POST
-----
### Check if a tor/regular domain have been crawled
##### ``api/get/crawler/domain/`` POST
### Check if a tor/regular domain have been crawled
2019-08-05 16:31:03 +02:00
##### ``api/get/crawler/domain/metadata/ <domain><port>`` POST
2019-08-01 09:45:59 +02:00
### Get domain tags
2019-08-05 16:31:03 +02:00
##### ``api/get/crawler/domain/tag/ <domain><port>`` POST
2019-08-01 09:45:59 +02:00
### Get domain history
2019-08-05 16:31:03 +02:00
##### ``api/get/crawler/domain/history/ <domain><port>`` POST
2019-08-01 09:45:59 +02:00
### Get domain list of items
2019-08-05 16:31:03 +02:00
##### ``api/get/crawler/domain/item/ <domain><port>`` POST
2019-08-01 09:45:59 +02:00
-----
### Create auto-crawlers
##### ``api/add/crawler/autoCrawler/`` POST
-----
### get item by mime type/ decoded type
##### ``api/get/decoded`` POST
### Check if a decoded item exists (via sha1)
2019-08-05 16:31:03 +02:00
##### ``api/get/decoded/exist/<sha1>`` POST
2019-08-01 09:45:59 +02:00
### Get decoded item metadata
### Check if a decoded item exists (via sha1)
2019-08-05 16:31:03 +02:00
##### ``api/get/decoded/metadata/<sha1>`` POST
2019-08-01 09:45:59 +02:00
### Get decoded item correlation (1 depth)
2019-08-05 16:31:03 +02:00
##### ``api/get/decoded/metadata/<sha1>`` POST
2019-08-01 09:45:59 +02:00
-----
-----
##### ``api/get/cryptocurrency`` POST
### Check if a cryptocurrency address (bitcoin, ..) exists
2019-08-05 16:31:03 +02:00
##### ``api/get/cryptocurrency/exist/<bitcoin_address>`` POST
2019-08-01 09:45:59 +02:00
### Get cryptocurrency address metadata
2019-08-05 16:31:03 +02:00
##### ``api/get/cryptocurrency/metadata/<bitcoin_address>`` POST
2019-08-01 09:45:59 +02:00
-----
### Item correlation (1 depth)
##### ``api/get/item/correlation/`` POST
### Create MISP event from item
##### ``api/export/item/misp`` POST
### Create TheHive case from item
##### ``api/export/item/thehive`` POST