Cases
- POSTGet case statistics by severity
- POSTGet case statistics by category class
- GETGet weekly case counts
- POSTGet case counts grouped by team
- GETGet example case for demonstration
- GETGet all detections for a case
- GETGet all detections for a case without entities
- DELDelete a case
- PATCHUpdate case details
- POSTCalculate mean time to resolution
- POSTCalculate mean time to detect for filtered cases
- POSTCalculate mean time to verdict for filtered cases
- POSTCalculate mean time to contain
- POSTReingest all detections for a case
- GETGet related cases
- GETGet threat indicators for a case
- POSTSearch and list cases
- POSTGet cases search count
- POSTSubmit feedback for AI case summary
- GETGet active bulk jobs for current user
- GETGet bulk job status
- GETGet case by ID or SID
- POSTExport cases to CSV
- POSTBulk close cases
Integration
- GETGet integration health summary
- POSTSearch integrations
- POSTGet integration search count
- POSTSearch integration logs from ClickHouse
- POSTGet integration log search count from ClickHouse
- POSTGet daily integration log counts from ClickHouse
- PUTAdd API key integration
- PUTAdd other integration type
- PUTAdd basic authentication integration
- POSTGet OAuth installation URL
- GETGet all integration configurations
- GETGet integration by ID
- DELDelete integration
- PATCHUpdate integration
- GETGet integration configuration by type
- GETHandle OAuth redirect
- POSTVerify JWT token
- GETHandle authenticated OAuth redirect
- POSTInvoke integration action
- GETGet webhook secret
- GETGet AWS remote API key
- PUTRegister AWS integration remotely
- GETGet synced licenses for integration
- POSTCheck integration entitlements
- POSTDismiss an entitlement warning
- DELUndismiss an entitlement warning
- POSTTrigger health check for all team integrations
- POSTTrigger health check for integration
- POSTMute hourly quality notifications for integration
- POSTUnmute hourly quality notifications for integration
- POSTRequest a new integration
- GETVerify integration webhook
- POSTHandle integration webhook
- GETGet Microsoft Sentinel RBAC setup URL
- GETGet Microsoft Sentinel deploy template
- GETGet ConnectWise PSA configuration
- PUTUpdate ConnectWise PSA configuration
- GETGet ConnectWise companies
- GETGet ConnectWise boards
- GETGet board ticket types
- GETGet board ticket statuses
- GETGet ConnectWise priorities
- GETGet Halo ITSM configuration
- PUTUpdate Halo ITSM configuration
- GETGet additional required fields for Halo ITSM Incident tickets
- GETGet Halo ITSM teams
- GETGet Halo ITSM clients
- GETGet Halo ITSM categories (type_id=1)
- GETGet Jira configuration
- PUTUpdate Jira configuration
- GETGet Jira Cloud instances
- GETGet Jira projects
- GETGet Jira issue types
- GETGet Odoo Helpdesk configuration
- PUTUpdate Odoo Helpdesk configuration
- GETList available Odoo Helpdesk databases
- GETList Odoo Helpdesk companies for a database
- GETList Odoo Helpdesk teams for a database
- GETList Odoo Helpdesk stages and return a suggested Wirespeed→stage mapping
Asset
- GETGet all assets for a case
- GETGet all assets for a detection
- GETGet asset counts by type
- POSTBulk contain multiple assets
- POSTBulk uncontain multiple assets
- POSTContain directory user
- POSTContain endpoint
- POSTUncontain endpoint
- POSTUncontain directory
- POSTContain file
- POSTUncontain file
- GETGet active containment actions for an asset
- GETGet containment action history for an asset
Users
Team
- POSTGet team detection statistics
- POSTGet team billable resource statistics
- POSTSet or clear the billing license for a target type
- POSTGet team endpoint operating system statistics
- POSTGet team geographic distribution statistics
- POSTGet team event statistics by integration
- POSTDetections created over time
- POSTEscalated cases over time
- POSTContainment actions over time
- POSTNoise reduction rate over time
- POSTMean time to verdict over time
- POSTMean time to detect over time
- POSTMean time to respond over time
- POSTDetections grouped by category
- POSTDetections grouped by integration
- POSTDetections grouped by endpoint/user group
- POSTSwitch to a different team
- GETGet current team information
- PUTCreate a new team
- POSTSearch service provider teams
- DELDelete the current team and all associated data
- PATCHUpdate team information
- GETCheck if the current user can modify all team members, including SP-managed users
- GETGet team by any UUID
- GETGet all teams
- GETGet all teams with slim payload
- POSTGet service provider teams search count
- POSTGet service provider client aggregate stats
- POSTSearch team members
- POSTGet team member search count
- GETGet distinct email domains of team members
- POSTSearch system logs
- POSTGet system log search count
- GETGet a system log entry by id (current team)
- PUTAdd operating team
- DELRemove operating team
- PATCHUpdate a client team subscription
- PUTInvite user to team
- PUTResend invitation to user
- GETGet platform logos
- PUTUpload platform logo
- DELDelete platform logo
- PATCHReset default chat ops for a field
- DELRemove external user from team
- GETGet all team-level API keys
- PUTCreate a team-level API key
- DELDelete a team-level API key
- POSTPublic team sign-up endpoint
- POSTCreate a SKU change request
- GETGet pending SKU change request for current team
- PATCHUpdate a SKU change request (cancel, accept, deny, or accept with modifications)
- POSTList all SKU change requests (internal only)
- GETGet pending SKU change request for a client team
- POSTList SKU change requests for child teams of the current SP
- GETGet onboarding checklist items for the team
- PATCHMark a self-attested onboarding item as complete
Directory
- GETGet directory user statistics
- GETGet directory user by ID
- PATCHUpdate directory user
- POSTGet directory user search count
- POSTSearch directory users
- PUTAdd users to chat ops onboarding
- DELRemove user from chat ops onboarding
- PUTAdd users to chat ops onboarding
- DELRemove users from chat ops onboarding
- PUTAdd group to directory user
- DELRemove group from directory user
- GETGet VIP user count and change
- POSTRefresh directory user data
- POSTReset SMS invite attempts and resend invite
Detection
- POSTGet detection statistics by severity
- POSTGet detection statistics by category class
- POSTGet detection chat ops statistics
- POSTGet noise reduction statistics over time
- POSTCalculate mean time to detect
- POSTCalculate mean time to verdict
- POSTSearch and list detections
- POSTCount detections matching search filters
- GETGet example detection for demonstration
- PUTCreate a custom detection
- POSTList custom detections
- DELDelete a custom detection
- PATCHUpdate a custom detection
- POSTReingest a detection
- GETGet detection by ID or SID
- GETGet AQL questions for detection
- DELDelete a detection
- PATCHUpdate detection details
- POSTExport detections to CSV
Bulk close cases
curl --request POST \
--url https://api.wirespeed.co/cases/bulk-close \
--header 'Authorization: Bearer <token>' \
--header 'Content-Type: application/json' \
--data '
{
"verdict": "MALICIOUS",
"caseIds": [
"<string>"
],
"filter": {
"filter": "<string>",
"search": "<string>",
"days": 123,
"startDate": "<string>",
"endDate": "<string>",
"statuses": [
"NEW"
],
"verdict": "MALICIOUS",
"severity": "INFORMATIONAL",
"onlyWasEscalated": true,
"onlyWasContained": true,
"onlyWasMobile": true,
"onlyWasMonitored": true,
"onlyChatOps": true,
"integrationPlatform": "aws",
"categoryClass": "ENDPOINT",
"category": "OTHER__DIAGNOSTIC",
"createdAt": {
"gt": "<string>",
"gte": "<string>",
"lt": "<string>",
"lte": "<string>"
},
"groupIds": [
"<string>"
]
},
"excludedCaseIds": [
"<string>"
]
}
'{
"jobId": "<string>",
"totalCount": 123
}Cases
Bulk close cases
POST
/
cases
/
bulk-close
Bulk close cases
curl --request POST \
--url https://api.wirespeed.co/cases/bulk-close \
--header 'Authorization: Bearer <token>' \
--header 'Content-Type: application/json' \
--data '
{
"verdict": "MALICIOUS",
"caseIds": [
"<string>"
],
"filter": {
"filter": "<string>",
"search": "<string>",
"days": 123,
"startDate": "<string>",
"endDate": "<string>",
"statuses": [
"NEW"
],
"verdict": "MALICIOUS",
"severity": "INFORMATIONAL",
"onlyWasEscalated": true,
"onlyWasContained": true,
"onlyWasMobile": true,
"onlyWasMonitored": true,
"onlyChatOps": true,
"integrationPlatform": "aws",
"categoryClass": "ENDPOINT",
"category": "OTHER__DIAGNOSTIC",
"createdAt": {
"gt": "<string>",
"gte": "<string>",
"lt": "<string>",
"lte": "<string>"
},
"groupIds": [
"<string>"
]
},
"excludedCaseIds": [
"<string>"
]
}
'{
"jobId": "<string>",
"totalCount": 123
}Documentation Index
Fetch the complete documentation index at: https://docs.wirespeed.co/llms.txt
Use this file to discover all available pages before exploring further.
Authorizations
Bearer authentication header of the form Bearer <token>, where <token> is your auth token.
Body
application/json
Verdict to apply to all cases
Available options:
MALICIOUS, SUSPICIOUS, BENIGN Explicit list of case IDs to close
Filter to match cases (alternative to caseIds)
Show child attributes
Show child attributes
Case IDs to exclude when using filter mode
⌘I