Retrieve Case Artifacts by Case ID

Cortex XSIAM Platform APIs
get /public_api/v1/case/artifacts/{case-id}

This endpoint retrieves the artifacts for a given case_id

Path parameters
case-id Integer required

Numeric ID of the case
Example: 56
CLIENT REQUEST
curl -X 'GET'
-H 'Accept: application/json'
'https://api-yourfqdn/public_api/v1/case/artifacts/{case-id}'
import http.client conn = http.client.HTTPSConnection("api-") conn.request("GET", "%7B%7Bfqdn%7D%7D/public_api/v1/case/artifacts/%7Bcase-id%7D") res = conn.getresponse() data = res.read() print(data.decode("utf-8"))
require 'uri' require 'net/http' require 'openssl' url = URI("https://api-/%7B%7Bfqdn%7D%7D/public_api/v1/case/artifacts/%7Bcase-id%7D") http = Net::HTTP.new(url.host, url.port) http.use_ssl = true http.verify_mode = OpenSSL::SSL::VERIFY_NONE request = Net::HTTP::Get.new(url) response = http.request(request) puts response.read_body
const data = null; const xhr = new XMLHttpRequest(); xhr.withCredentials = true; xhr.addEventListener("readystatechange", function () { if (this.readyState === this.DONE) { console.log(this.responseText); } }); xhr.open("GET", "https://api-/%7B%7Bfqdn%7D%7D/public_api/v1/case/artifacts/%7Bcase-id%7D"); xhr.send(data);
HttpResponse<String> response = Unirest.get("https://api-/%7B%7Bfqdn%7D%7D/public_api/v1/case/artifacts/%7Bcase-id%7D") .asString();
import Foundation let request = NSMutableURLRequest(url: NSURL(string: "https://api-/%7B%7Bfqdn%7D%7D/public_api/v1/case/artifacts/%7Bcase-id%7D")! as URL, cachePolicy: .useProtocolCachePolicy, timeoutInterval: 10.0) request.httpMethod = "GET" let session = URLSession.shared let dataTask = session.dataTask(with: request as URLRequest, completionHandler: { (data, response, error) -> Void in if (error != nil) { print(error) } else { let httpResponse = response as? HTTPURLResponse print(httpResponse) } }) dataTask.resume()
<?php $curl = curl_init(); curl_setopt_array($curl, [ CURLOPT_URL => "https://api-/%7B%7Bfqdn%7D%7D/public_api/v1/case/artifacts/%7Bcase-id%7D", CURLOPT_RETURNTRANSFER => true, CURLOPT_ENCODING => "", CURLOPT_MAXREDIRS => 10, CURLOPT_TIMEOUT => 30, CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1, CURLOPT_CUSTOMREQUEST => "GET", ]); $response = curl_exec($curl); $err = curl_error($curl); curl_close($curl); if ($err) { echo "cURL Error #:" . $err; } else { echo $response; }
CURL *hnd = curl_easy_init(); curl_easy_setopt(hnd, CURLOPT_CUSTOMREQUEST, "GET"); curl_easy_setopt(hnd, CURLOPT_URL, "https://api-/%7B%7Bfqdn%7D%7D/public_api/v1/case/artifacts/%7Bcase-id%7D"); CURLcode ret = curl_easy_perform(hnd);
var client = new RestClient("https://api-/%7B%7Bfqdn%7D%7D/public_api/v1/case/artifacts/%7Bcase-id%7D"); var request = new RestRequest(Method.GET); IRestResponse response = client.Execute(request);
Responses

Successful response with cases

Body
application/json
replyobject
TOTAL_COUNTinteger
FILTER_COUNTinteger
DATAarray
[
case_idinteger

Case ID for which the artifacts are fetched

Example:1234
network_artifactsobject
DATAarray
[
artifact_idstring

Unique identifier for the artifact

Example:"A12345"
file_namestring

File name for the artifact

Example:"test"
file_sha256string

File sha256 for the artifact

Example:"1111"
file_signature_statusstring

File signature for the artifact

Example:"SIGNATURE_UNAVAILABLE"
file_wildfire_verdictstring

File wildfire verdict for the artifact

Example:"BENIGN"
is_malicousboolean

Indicates if the artifact is malicous

Example:true
is_manualboolean

Indicates if the artifact is manual

is_processboolean

Indicates if the artifact is related_to_process

low_confidenceboolean

Indicates the artifact confidence

typestring

Type of the artifact

Example:"HASH"
]
TOTAL_COUNTinteger
Example:10
file_artifactsobject
DATAarray
[
artifact_idstring

Unique identifier for the artifact

Example:"A12345"
file_namestring

File name for the artifact

Example:"test"
file_sha256string

File sha256 for the artifact

Example:"1111"
file_signature_statusstring

File signature for the artifact

Example:"SIGNATURE_UNAVAILABLE"
file_wildfire_verdictstring

File wildfire verdict for the artifact

Example:"BENIGN"
is_malicousboolean

Indicates if the artifact is malicous

Example:true
is_manualboolean

Indicates if the artifact is manual

is_processboolean

Indicates if the artifact is related_to_process

low_confidenceboolean

Indicates the artifact confidence

typestring

Type of the artifact

Example:"HASH"
]
TOTAL_COUNTinteger
Example:10
]
RESPONSE
{ "reply": { "TOTAL_COUNT": 0, "FILTER_COUNT": 0, "DATA": [ { "case_id": 1234, "network_artifacts": { "DATA": [ { "artifact_id": "A12345", "file_name": "test", "file_sha256": "1111", "file_signature_status": "SIGNATURE_UNAVAILABLE", "file_wildfire_verdict": "BENIGN", "is_malicous": true, "is_manual": false, "is_process": false, "low_confidence": false, "type": "HASH" } ], "TOTAL_COUNT": 10 }, "file_artifacts": { "DATA": [ { "artifact_id": "A12345", "file_name": "test", "file_sha256": "1111", "file_signature_status": "SIGNATURE_UNAVAILABLE", "file_wildfire_verdict": "BENIGN", "is_malicous": true, "is_manual": false, "is_process": false, "low_confidence": false, "type": "HASH" } ], "TOTAL_COUNT": 10 } } ] } }

Bad request

Body
application/json
errorstring
Example:"Invalid request data"
RESPONSE
{ "error": "Invalid request data" }

Unauthorized access

Body
application/json
errorstring
Example:"Unauthorized request"
RESPONSE
{ "error": "Unauthorized request" }

Internal server error

Body
application/json
errorstring
Example:"Internal server error"
RESPONSE
{ "error": "Internal server error" }