IntelOwl API

POST /api/analyze_file

This endpoint allows to start a Job related to a file

Status Codes
POST /api/analyze_observable

This endpoint allows to start a Job related to an observable

Status Codes
GET /api/analyzer/{name}/healthcheck

Health Check: if instance associated with plugin is up or not

Parameters
  • name (string) –

Status Codes
POST /api/ask_analysis_availability

This is useful to avoid repeating the same analysis multiple times. By default this API checks if there are existing analysis related to the md5 in status “running” or “reported_without_fails” Also, you need to specify the analyzers needed because, otherwise, it is highly probable that you won’t get all the results that you expect

Status Codes
POST /api/auth/login

Durin’s Login View.

This view will return a JSON response when valid username, password and (if not overwritten) client fields are POSTed to the view using form data or JSON.

It uses the default serializer provided by Django-Rest-Framework (rest_framework.authtoken.serializers.AuthTokenSerializer) to validate the user credentials.

It is possible to customize LoginView behaviour by overriding the following helper methods:

Status Codes
POST /api/auth/logout

Durin’s Logout View.

This view accepts only a post request with an empty body. It responds to Durin Token Authentication. On a successful request,

  1. The token used to authenticate is deleted from the database and can no longer be used to authenticate.

  2. django.contrib.auth.signals.user_logged_out() is called.

Returns

204 (No content)

Status Codes
GET /api/connector/{name}/healthcheck

Health Check: if instance associated with plugin is up or not

Parameters
  • name (string) –

Status Codes
GET /api/get_analyzer_configs

Get the uploaded analyzer configuration, can be useful if you want to choose the analyzers programmatically

Status Codes
GET /api/get_connector_configs

Get the uploaded connector configuration

Status Codes
PATCH /api/job/{job_id}/analyzer/{name}/kill

Kill running plugin by closing celery task and marking as killed

Parameters
  • job_id (integer) –

  • name (string) –

Status Codes
PATCH /api/job/{job_id}/analyzer/{name}/retry

Retry a plugin run if it failed/was killed previously

Parameters
  • job_id (integer) –

  • name (string) –

Status Codes
PATCH /api/job/{job_id}/connector/{name}/kill

Kill running plugin by closing celery task and marking as killed

Parameters
  • job_id (integer) –

  • name (string) –

Status Codes
PATCH /api/job/{job_id}/connector/{name}/retry

Retry a plugin run if it failed/was killed previously

Parameters
  • job_id (integer) –

  • name (string) –

Status Codes
GET /api/jobs

REST endpoint to fetch list of jobs or retrieve/delete a job with job ID. Requires authentication.

Status Codes
GET /api/jobs/{id}

REST endpoint to fetch list of jobs or retrieve/delete a job with job ID. Requires authentication.

Parameters
  • id (integer) – A unique integer value identifying this job.

Status Codes
DELETE /api/jobs/{id}

REST endpoint to fetch list of jobs or retrieve/delete a job with job ID. Requires authentication.

Parameters
  • id (integer) – A unique integer value identifying this job.

Status Codes
GET /api/jobs/{id}/download_sample

Download a sample from a given Job ID.

Parameters
  • id (integer) – A unique integer value identifying this job.

Status Codes
PATCH /api/jobs/{id}/kill

Kill running job by closing celery tasks and marking as killed

Parameters
  • id (integer) – A unique integer value identifying this job.

Status Codes
GET /api/tags

REST endpoint to pefrom CRUD operations on Job tags. Requires authentication. POST/PUT/DELETE requires model/object level permission.

Status Codes
POST /api/tags

REST endpoint to pefrom CRUD operations on Job tags. Requires authentication. POST/PUT/DELETE requires model/object level permission.

Status Codes
GET /api/tags/{id}

REST endpoint to pefrom CRUD operations on Job tags. Requires authentication. POST/PUT/DELETE requires model/object level permission.

Parameters
  • id (integer) – A unique integer value identifying this tag.

Status Codes
PUT /api/tags/{id}

REST endpoint to pefrom CRUD operations on Job tags. Requires authentication. POST/PUT/DELETE requires model/object level permission.

Parameters
  • id (integer) – A unique integer value identifying this tag.

Status Codes
PATCH /api/tags/{id}

REST endpoint to pefrom CRUD operations on Job tags. Requires authentication. POST/PUT/DELETE requires model/object level permission.

Parameters
  • id (integer) – A unique integer value identifying this tag.

Status Codes
DELETE /api/tags/{id}

REST endpoint to pefrom CRUD operations on Job tags. Requires authentication. POST/PUT/DELETE requires model/object level permission.

Parameters
  • id (integer) – A unique integer value identifying this tag.

Status Codes