IntelOwl API

POST /api/analyze_file
Status Codes
POST /api/analyze_multiple_files

This endpoint allows to start Jobs related to multiple observables

Status Codes
POST /api/analyze_multiple_observables

This endpoint allows to start Jobs related to multiple observables

Status Codes
POST /api/analyze_observable

This endpoint allows to start a Job related to an observable. Retained for retro-compatibility

Status Codes
GET /api/analyzer/{name}/healthcheck

Health Check: if server instance associated with plugin is up or not

Parameters
  • name (string) –

Status Codes
POST /api/ask_analysis_availability

This is useful to avoid repeating the same analysis multiple times. By default this API checks if there are existing analysis related to the md5 in status “running” or “reported_without_fails” Also, you need to specify the analyzers needed because, otherwise, it is highly probable that you won’t get all the results that you expect

Status Codes
POST /api/ask_multi_analysis_availability

This is useful to avoid repeating the same analysis multiple times. By default this API checks if there are existing analysis related to the md5 in status “running” or “reported_without_fails” Also, you need to specify the analyzers needed because, otherwise, it is highly probable that you won’t get all the results that you expect. NOTE: This API is similar to ask_analysis_availability, but it allows multiple md5s to be checked at the same time.

Status Codes
GET /api/auth/apiaccess

Durin’s APIAccessTokenView.

  • GET -> get token-client pair info

  • POST -> create and get token-client pair info

  • DELETE -> delete existing API access token

New in version 1.0.0.

Status Codes
POST /api/auth/apiaccess

Durin’s APIAccessTokenView.

  • GET -> get token-client pair info

  • POST -> create and get token-client pair info

  • DELETE -> delete existing API access token

New in version 1.0.0.

Status Codes
DELETE /api/auth/apiaccess

Durin’s APIAccessTokenView.

  • GET -> get token-client pair info

  • POST -> create and get token-client pair info

  • DELETE -> delete existing API access token

New in version 1.0.0.

Status Codes
POST /api/auth/login

Durin’s Login View.

This view will return a JSON response when valid username, password and (if not overwritten) client fields are POSTed to the view using form data or JSON.

It uses the default serializer provided by Django-Rest-Framework (rest_framework.authtoken.serializers.AuthTokenSerializer) to validate the user credentials.

It is possible to customize LoginView behaviour by overriding the following helper methods:

Status Codes
POST /api/auth/logout

Durin’s Logout View.

This view accepts only a post request with an empty body. It responds to Durin Token Authentication. On a successful request,

  1. The token used to authenticate is deleted from the database and can no longer be used to authenticate.

  2. django.contrib.auth.signals.user_logged_out() is called.

Returns

204 (No content)

Status Codes
GET /api/auth/sessions

Durin’s TokenSessionsViewSet.

  • Returns list of active sessions of authed user.

  • Only list() and delete() operations.

New in version 1.0.0.

Query Parameters
  • ordering (string) – Which field to use when ordering the results.

Status Codes
DELETE /api/auth/sessions/{id}

Durin’s TokenSessionsViewSet.

  • Returns list of active sessions of authed user.

  • Only list() and delete() operations.

New in version 1.0.0.

Parameters
  • id (integer) – A unique integer value identifying this auth token.

Status Codes
GET /api/connector/{name}/healthcheck

Health Check: if server instance associated with plugin is up or not

Parameters
  • name (string) –

Status Codes
GET /api/get_analyzer_configs

Get and parse the analyzer_config.json file, can be useful if you want to choose the analyzers programmatically

Status Codes
GET /api/get_connector_configs

Get and parse the connector_config.json file,

Status Codes
GET /api/jobs

REST endpoint to fetch list of jobs or retrieve/delete a job with job ID. Requires authentication.

Query Parameters
  • file_mimetype (string) – file_mimetype

  • file_name (string) – file_name

  • finished_analysis_time__gte (string) – finished_analysis_time__gte

  • finished_analysis_time__lte (string) – finished_analysis_time__lte

  • is_sample (string) – is_sample

  • md5 (string) – md5

  • name (string) – name

  • observable_classification (string) – observable_classification

  • observable_name (string) – observable_name

  • ordering (string) – Which field to use when ordering the results.

  • page (integer) – A page number within the paginated result set.

  • page_size (integer) – Number of results to return per page.

  • received_request_time__gte (string) – received_request_time__gte

  • received_request_time__lte (string) – received_request_time__lte

  • status (string) – status

  • tags (string) – tags

  • tlp (string) – tlp

  • type (string) – type

Status Codes
PATCH /api/jobs/{job_id}/analyzer/{name}/kill

Kill running plugin by closing celery task and marking as killed

Parameters
  • job_id (string) –

  • name (string) –

Status Codes
PATCH /api/jobs/{job_id}/analyzer/{name}/retry

Retry a plugin run if it failed/was killed previously

Parameters
  • job_id (string) –

  • name (string) –

Status Codes
PATCH /api/jobs/{job_id}/connector/{name}/kill

Kill running plugin by closing celery task and marking as killed

Parameters
  • job_id (string) –

  • name (string) –

Status Codes
PATCH /api/jobs/{job_id}/connector/{name}/retry

Retry a plugin run if it failed/was killed previously

Parameters
  • job_id (string) –

  • name (string) –

Status Codes
GET /api/jobs/{id}

REST endpoint to fetch list of jobs or retrieve/delete a job with job ID. Requires authentication.

Parameters
  • id (integer) – A unique integer value identifying this job.

Status Codes
DELETE /api/jobs/{id}

REST endpoint to fetch list of jobs or retrieve/delete a job with job ID. Requires authentication.

Parameters
  • id (integer) – A unique integer value identifying this job.

Status Codes
GET /api/jobs/{id}/download_sample

Download file/sample associated with a job

Parameters
  • id (integer) – A unique integer value identifying this job.

Status Codes
PATCH /api/jobs/{id}/kill

Kill running job by closing celery tasks and marking as killed

Parameters
  • id (integer) – A unique integer value identifying this job.

Status Codes
GET /api/jobs/aggregate/file_mimetype

REST endpoint to fetch list of jobs or retrieve/delete a job with job ID. Requires authentication.

Status Codes
GET /api/jobs/aggregate/file_name

REST endpoint to fetch list of jobs or retrieve/delete a job with job ID. Requires authentication.

Status Codes
GET /api/jobs/aggregate/observable_classification

REST endpoint to fetch list of jobs or retrieve/delete a job with job ID. Requires authentication.

Status Codes
GET /api/jobs/aggregate/observable_name

REST endpoint to fetch list of jobs or retrieve/delete a job with job ID. Requires authentication.

Status Codes
GET /api/jobs/aggregate/status

REST endpoint to fetch list of jobs or retrieve/delete a job with job ID. Requires authentication.

Status Codes
GET /api/jobs/aggregate/type

REST endpoint to fetch list of jobs or retrieve/delete a job with job ID. Requires authentication.

Status Codes
GET /api/me/access

Returns user’s access information.

Status Codes
GET /api/me/invitations

Only list() and destroy() actions.

Query Parameters
  • ordering (string) – Which field to use when ordering the results.

Status Codes
DELETE /api/me/invitations/{id}

Only list() and destroy() actions.

Parameters
  • id (integer) – A unique integer value identifying this invitation.

Status Codes
POST /api/me/invitations/{id}/accept

Accept an invitation by ID.

Parameters
  • id (integer) – A unique integer value identifying this invitation.

Status Codes
POST /api/me/invitations/{id}/decline

Decline an invitation by ID.

Parameters
  • id (integer) – A unique integer value identifying this invitation.

Status Codes
GET /api/me/organization

Get organization.

Query Parameters
  • ordering (string) – Which field to use when ordering the results.

Status Codes
POST /api/me/organization

Create new organization.

Status Codes
POST /api/me/organization/invite

Invite user to organization (accessible only to the organization owner).

POST ~/organization/invite.

Status Codes
POST /api/me/organization/leave

Leave organization (accessible only to members).

POST ~/organization/leave.

Status Codes
POST /api/me/organization/remove_member

Remove user’s membership from organization (accessible only to the organization owner).

POST ~/organization/remove_member.

Status Codes
GET /api/notification

Only list() and retrieve() actions.

Query Parameters
  • ordering (string) – Which field to use when ordering the results.

  • page (integer) – A page number within the paginated result set.

  • page_size (integer) – Number of results to return per page.

  • read (string) – read

Status Codes
GET /api/notification/{id}

Only list() and retrieve() actions.

Parameters
  • id (integer) – A unique integer value identifying this notification.

Status Codes
POST /api/notification/{id}/mark-as-read

Only list() and retrieve() actions.

Parameters
  • id (integer) – A unique integer value identifying this notification.

Status Codes
GET /api/tags

REST endpoint to perform CRUD operations on Tag model. Requires authentication.

Query Parameters
  • ordering (string) – Which field to use when ordering the results.

Status Codes
POST /api/tags

REST endpoint to perform CRUD operations on Tag model. Requires authentication.

Status Codes
GET /api/tags/{id}

REST endpoint to perform CRUD operations on Tag model. Requires authentication.

Parameters
  • id (integer) – A unique integer value identifying this tag.

Status Codes
PUT /api/tags/{id}

REST endpoint to perform CRUD operations on Tag model. Requires authentication.

Parameters
  • id (integer) – A unique integer value identifying this tag.

Status Codes
PATCH /api/tags/{id}

REST endpoint to perform CRUD operations on Tag model. Requires authentication.

Parameters
  • id (integer) – A unique integer value identifying this tag.

Status Codes
DELETE /api/tags/{id}

REST endpoint to perform CRUD operations on Tag model. Requires authentication.

Parameters
  • id (integer) – A unique integer value identifying this tag.

Status Codes