Cases
- POSTCount cases by status
- GETGet weekly case counts
- GETGet example case for demonstration
- GETGet all detections for a case
- DELDelete a case
- PATCHUpdate case details
- POSTCalculate mean time to resolution
- POSTReingest all detections for a case
- GETGet related cases
- GETGet threat indicators for a case
- POSTSearch and list cases
- POSTSubmit feedback for AI case summary
- GETGet case by ID or SID
Integration
- POSTSearch integrations
- POSTSearch integration logs
- POSTGet daily integration log counts
- PUTAdd API key integration
- PUTAdd other integration type
- PUTAdd basic authentication integration
- POSTGet OAuth installation URL
- GETGet all integration configurations
- GETGet integration by ID
- DELDelete integration
- PATCHUpdate integration
- GETGet integration configuration by type
- GETHandle OAuth redirect
- POSTVerify JWT token
- GETHandle authenticated OAuth redirect
- POSTInvoke integration action
- GETHandle OAuth authenticated redirect
- GETGet AWS remote API key
- PUTRegister AWS integration remotely
- POSTCheck integration entitlements
- POSTHandle integration webhook
- POSTHandle chat operations
- GETGet ConnectWise PSA configuration
- PUTUpdate ConnectWise PSA configuration
- GETGet ConnectWise companies
- GETGet ConnectWise boards
- GETGet board ticket types
- GETGet board ticket statuses
- GETGet ConnectWise priorities
- GETGet Jira configuration
- PUTUpdate Jira configuration
- GETGet Jira projects
- GETGet Jira issue types
Asset
Team
- POSTGet team statistics report
- GETGet current team information
- PUTCreate a new team
- POSTSearch service provider teams
- PATCHUpdate team information
- GETGet team by any UUID
- GETGet all teams
- POSTSearch team members
- POSTSearch system logs
- PUTAdd operating team
- DELRemove operating team
- PUTInvite user to team
- PUTResend invitation to user
- GETGet platform logos
- PUTUpload platform logo
- DELDelete platform logo
Users
Detection
Get detection by ID or SID
Copy
curl --request GET \
--url https://api.wirespeed.com/detection/{idOrSid} \
--header 'Authorization: Bearer <token>'Copy
{
"id": "<string>",
"teamId": "<string>",
"teamName": "<string>",
"sourceDescription": "<string>",
"notes": "<string>",
"sourceName": "<string>",
"description": "<string>",
"status": "NEW",
"createdAt": "<string>",
"containments": [
"USER"
],
"testMode": true,
"caseId": "<string>",
"sourceIngestedAt": "<string>",
"sourceDetectedAt": "<string>",
"verdictedAt": "<string>",
"updatedAt": "<string>",
"closedAt": "<string>",
"logs": [
{
"log": "<string>",
"timestamp": "<string>",
"debug": true
}
],
"raw": {},
"verdict": "MALICIOUS",
"title": "<string>",
"integrationPlatform": "microsoft-teams",
"integrationId": "<string>",
"duplicateDetectionId": "<string>",
"contained": true,
"nextSteps": "<string>",
"reingested": true,
"prevented": true,
"excludeFromMeans": true,
"caseSid": "<string>",
"sid": "<string>",
"firstRun": true,
"containOnChatOpsFailure": true,
"wasEscalated": true,
"chatOpsPerformed": true,
"ocsfDetectionFinding": {},
"actionSlug": "<string>",
"exclusionId": "<string>",
"exclusionSid": "<string>",
"autoContained": true,
"category": "OTHER__DIAGNOSTIC",
"verdictSetting": {
"id": "<string>",
"default": true,
"managedByWspd": true,
"category": "OTHER__DIAGNOSTIC",
"wspdRule": "CLOUD__INVOCATION",
"escalate": true,
"chatOps": true,
"close": true,
"disabled": true,
"containUser": true,
"containEndpoint": true,
"chatOpsMFA": true,
"managerChatOps": true,
"vipChatOps": true,
"createdAt": "<string>",
"updatedAt": "<string>",
"teamId": "<string>",
"chatOpsTimeoutVerdict": "MALICIOUS",
"chatOpsUnsureVerdict": "MALICIOUS",
"verdict": "MALICIOUS",
"description": "<string>",
"managedByParent": true,
"severity": "INFORMATIONAL",
"useSourceSeverity": true
},
"chatOpsTest": true,
"severity": "INFORMATIONAL",
"severityOrdinal": 123,
"containsVIP": true,
"containsHVA": true,
"excluded": true,
"chatOpsTestEmail": "<string>",
"chatOpsTestPhoneNumber": "<string>",
"endpoints": [
{
"id": "<string>",
"displayName": "<string>",
"teamId": "<string>",
"edrSourceId": "<string>",
"mdmSourceId": "<string>",
"name": "<string>",
"hva": true,
"hvaOverriddenByUser": true,
"createdAt": "<string>",
"privateIpAddress": "<string>",
"live": true,
"operatingSystem": "<string>",
"integrationId": {},
"contained": true,
"managed": true,
"publicIPs": [
{
"ipv4": "<string>",
"ipv6": "<string>",
"metadata": {
"ip": "<string>",
"hostname": "<string>",
"city": "<string>",
"region": "<string>",
"country": "<string>",
"loc": "<string>",
"postal": "<string>",
"timezone": "<string>",
"org": "<string>",
"asn": {
"asn": "<string>",
"name": "<string>",
"domain": "<string>",
"route": "<string>",
"type": "<string>"
},
"company": {
"name": "<string>",
"domain": "<string>",
"type": "<string>"
},
"privacy": {
"vpn": true,
"proxy": true,
"tor": true,
"relay": true,
"hosting": true,
"service": "<string>"
},
"abuse": {
"address": "<string>",
"country": "<string>",
"email": "<string>",
"name": "<string>",
"network": "<string>",
"phone": "<string>",
"ofac": true,
"adversarial": true
},
"domains": {
"ip": "<string>",
"total": 123,
"domains": [
"<string>"
]
},
"ofac": true,
"adversarial": true
},
"displayName": "<string>",
"id": "<string>",
"teamId": "<string>",
"createdAt": "<string>",
"updatedAt": "<string>",
"locationId": "<string>",
"metadataLastFetchedAt": "<string>",
"known": true,
"safe": true,
"detectionSid": "<string>"
}
],
"workstation": true,
"server": true,
"mobile": true,
"updatedAt": "<string>",
"raw": {}
}
],
"files": [
{
"id": "<string>",
"displayName": "<string>",
"teamId": "<string>",
"lateStageTool": true,
"remoteManagementTool": true,
"malware": true,
"cryptoMiner": true,
"ransomware": true,
"infoStealer": true,
"benign": true,
"name": "<string>",
"path": "<string>",
"sha256": "<string>",
"sha1": "<string>",
"toolName": "<string>",
"createdAt": "<string>",
"updatedAt": "<string>",
"lastEnrichedAt": "<string>",
"nameWithPath": "<string>",
"liveOffTheLand": true,
"nuisance": true,
"fileRisk": "BENIGN",
"metadata": {
"threatNames": [
{
"name": "<string>",
"engine": "<string>",
"excluded": true
}
],
"lastScanTime": {},
"story": "<string>",
"versionInfo": [
{
"name": "<string>",
"value": "<string>"
}
],
"proposedFileNames": [
"<string>"
]
},
"enrichedViaIntegration": true
}
],
"processes": [
{
"id": "<string>",
"displayName": "<string>",
"teamId": "<string>",
"command": "<string>",
"sha256": "<string>",
"sha1": "<string>",
"createdAt": "<string>"
}
],
"locations": [
{
"id": "<string>",
"displayName": "<string>",
"teamId": "<string>",
"lat": "<string>",
"lon": "<string>",
"city": "<string>",
"state": "<string>",
"country": "<string>",
"countryCode": "<string>",
"continent": "<string>",
"continentCode": "<string>",
"createdAt": "<string>",
"known": true,
"safe": true,
"detectionSid": "<string>"
}
],
"directory": [
{
"id": "<string>",
"displayName": "<string>",
"teamId": "<string>",
"enabled": true,
"directoryId": "<string>",
"name": "<string>",
"phoneNumber": "<string>",
"previousPhoneNumber": "<string>",
"title": "<string>",
"email": "<string>",
"vip": true,
"nhi": true,
"financial": true,
"technical": true,
"managerDirectoryId": "<string>",
"managerEmail": "<string>",
"domain": "<string>",
"department": "<string>",
"createdAt": "<string>",
"integrationId": {},
"roles": [
"<string>"
],
"lastCredentialExposure": {},
"credentialsExposed": true,
"numberCredentialExposures": 123,
"lastCheckedForCredentialExposures": {},
"needsChatOpsWelcome": true,
"contained": true,
"username": "<string>",
"containable": true,
"smsConsentReceivedAt": {},
"administrator": true,
"updatedAt": "<string>",
"passwordLastChangedAt": "<string>",
"lastSignInAt": "<string>",
"raw": {},
"tags": [
{
"id": "<string>",
"directoryUserId": "<string>",
"tag": "VIP",
"automationId": "<string>",
"teamId": "<string>",
"overriddenByUser": true,
"enabled": true,
"createdAt": "<string>"
}
],
"managed": true
}
],
"ips": [
{
"ipv4": "<string>",
"ipv6": "<string>",
"metadata": {
"ip": "<string>",
"hostname": "<string>",
"city": "<string>",
"region": "<string>",
"country": "<string>",
"loc": "<string>",
"postal": "<string>",
"timezone": "<string>",
"org": "<string>",
"asn": {
"asn": "<string>",
"name": "<string>",
"domain": "<string>",
"route": "<string>",
"type": "<string>"
},
"company": {
"name": "<string>",
"domain": "<string>",
"type": "<string>"
},
"privacy": {
"vpn": true,
"proxy": true,
"tor": true,
"relay": true,
"hosting": true,
"service": "<string>"
},
"abuse": {
"address": "<string>",
"country": "<string>",
"email": "<string>",
"name": "<string>",
"network": "<string>",
"phone": "<string>",
"ofac": true,
"adversarial": true
},
"domains": {
"ip": "<string>",
"total": 123,
"domains": [
"<string>"
]
},
"ofac": true,
"adversarial": true
},
"displayName": "<string>",
"id": "<string>",
"teamId": "<string>",
"createdAt": "<string>",
"updatedAt": "<string>",
"locationId": "<string>",
"metadataLastFetchedAt": "<string>",
"known": true,
"safe": true,
"detectionSid": "<string>"
}
],
"domains": [
{
"id": "<string>",
"displayName": "<string>",
"teamId": "<string>",
"name": "<string>",
"createdAt": "<string>"
}
],
"fileRisk": "BENIGN",
"userAgents": [
{
"id": "<string>",
"userAgent": "<string>",
"userAgentAlt": "<string>",
"teamId": "<string>",
"createdAt": "<string>",
"displayName": "<string>",
"browserName": "<string>",
"browserVersion": "<string>",
"browserMajorVersion": "<string>",
"cpuArchitecture": "<string>",
"deviceModel": "<string>",
"deviceVendor": "<string>",
"engineName": "<string>",
"engineVersion": "<string>",
"osName": "<string>",
"osVersion": "<string>"
}
],
"whatHappened": "<string>"
}Detection
Get detection by ID or SID
GET
/
detection
/
{idOrSid}
Get detection by ID or SID
Copy
curl --request GET \
--url https://api.wirespeed.com/detection/{idOrSid} \
--header 'Authorization: Bearer <token>'Copy
{
"id": "<string>",
"teamId": "<string>",
"teamName": "<string>",
"sourceDescription": "<string>",
"notes": "<string>",
"sourceName": "<string>",
"description": "<string>",
"status": "NEW",
"createdAt": "<string>",
"containments": [
"USER"
],
"testMode": true,
"caseId": "<string>",
"sourceIngestedAt": "<string>",
"sourceDetectedAt": "<string>",
"verdictedAt": "<string>",
"updatedAt": "<string>",
"closedAt": "<string>",
"logs": [
{
"log": "<string>",
"timestamp": "<string>",
"debug": true
}
],
"raw": {},
"verdict": "MALICIOUS",
"title": "<string>",
"integrationPlatform": "microsoft-teams",
"integrationId": "<string>",
"duplicateDetectionId": "<string>",
"contained": true,
"nextSteps": "<string>",
"reingested": true,
"prevented": true,
"excludeFromMeans": true,
"caseSid": "<string>",
"sid": "<string>",
"firstRun": true,
"containOnChatOpsFailure": true,
"wasEscalated": true,
"chatOpsPerformed": true,
"ocsfDetectionFinding": {},
"actionSlug": "<string>",
"exclusionId": "<string>",
"exclusionSid": "<string>",
"autoContained": true,
"category": "OTHER__DIAGNOSTIC",
"verdictSetting": {
"id": "<string>",
"default": true,
"managedByWspd": true,
"category": "OTHER__DIAGNOSTIC",
"wspdRule": "CLOUD__INVOCATION",
"escalate": true,
"chatOps": true,
"close": true,
"disabled": true,
"containUser": true,
"containEndpoint": true,
"chatOpsMFA": true,
"managerChatOps": true,
"vipChatOps": true,
"createdAt": "<string>",
"updatedAt": "<string>",
"teamId": "<string>",
"chatOpsTimeoutVerdict": "MALICIOUS",
"chatOpsUnsureVerdict": "MALICIOUS",
"verdict": "MALICIOUS",
"description": "<string>",
"managedByParent": true,
"severity": "INFORMATIONAL",
"useSourceSeverity": true
},
"chatOpsTest": true,
"severity": "INFORMATIONAL",
"severityOrdinal": 123,
"containsVIP": true,
"containsHVA": true,
"excluded": true,
"chatOpsTestEmail": "<string>",
"chatOpsTestPhoneNumber": "<string>",
"endpoints": [
{
"id": "<string>",
"displayName": "<string>",
"teamId": "<string>",
"edrSourceId": "<string>",
"mdmSourceId": "<string>",
"name": "<string>",
"hva": true,
"hvaOverriddenByUser": true,
"createdAt": "<string>",
"privateIpAddress": "<string>",
"live": true,
"operatingSystem": "<string>",
"integrationId": {},
"contained": true,
"managed": true,
"publicIPs": [
{
"ipv4": "<string>",
"ipv6": "<string>",
"metadata": {
"ip": "<string>",
"hostname": "<string>",
"city": "<string>",
"region": "<string>",
"country": "<string>",
"loc": "<string>",
"postal": "<string>",
"timezone": "<string>",
"org": "<string>",
"asn": {
"asn": "<string>",
"name": "<string>",
"domain": "<string>",
"route": "<string>",
"type": "<string>"
},
"company": {
"name": "<string>",
"domain": "<string>",
"type": "<string>"
},
"privacy": {
"vpn": true,
"proxy": true,
"tor": true,
"relay": true,
"hosting": true,
"service": "<string>"
},
"abuse": {
"address": "<string>",
"country": "<string>",
"email": "<string>",
"name": "<string>",
"network": "<string>",
"phone": "<string>",
"ofac": true,
"adversarial": true
},
"domains": {
"ip": "<string>",
"total": 123,
"domains": [
"<string>"
]
},
"ofac": true,
"adversarial": true
},
"displayName": "<string>",
"id": "<string>",
"teamId": "<string>",
"createdAt": "<string>",
"updatedAt": "<string>",
"locationId": "<string>",
"metadataLastFetchedAt": "<string>",
"known": true,
"safe": true,
"detectionSid": "<string>"
}
],
"workstation": true,
"server": true,
"mobile": true,
"updatedAt": "<string>",
"raw": {}
}
],
"files": [
{
"id": "<string>",
"displayName": "<string>",
"teamId": "<string>",
"lateStageTool": true,
"remoteManagementTool": true,
"malware": true,
"cryptoMiner": true,
"ransomware": true,
"infoStealer": true,
"benign": true,
"name": "<string>",
"path": "<string>",
"sha256": "<string>",
"sha1": "<string>",
"toolName": "<string>",
"createdAt": "<string>",
"updatedAt": "<string>",
"lastEnrichedAt": "<string>",
"nameWithPath": "<string>",
"liveOffTheLand": true,
"nuisance": true,
"fileRisk": "BENIGN",
"metadata": {
"threatNames": [
{
"name": "<string>",
"engine": "<string>",
"excluded": true
}
],
"lastScanTime": {},
"story": "<string>",
"versionInfo": [
{
"name": "<string>",
"value": "<string>"
}
],
"proposedFileNames": [
"<string>"
]
},
"enrichedViaIntegration": true
}
],
"processes": [
{
"id": "<string>",
"displayName": "<string>",
"teamId": "<string>",
"command": "<string>",
"sha256": "<string>",
"sha1": "<string>",
"createdAt": "<string>"
}
],
"locations": [
{
"id": "<string>",
"displayName": "<string>",
"teamId": "<string>",
"lat": "<string>",
"lon": "<string>",
"city": "<string>",
"state": "<string>",
"country": "<string>",
"countryCode": "<string>",
"continent": "<string>",
"continentCode": "<string>",
"createdAt": "<string>",
"known": true,
"safe": true,
"detectionSid": "<string>"
}
],
"directory": [
{
"id": "<string>",
"displayName": "<string>",
"teamId": "<string>",
"enabled": true,
"directoryId": "<string>",
"name": "<string>",
"phoneNumber": "<string>",
"previousPhoneNumber": "<string>",
"title": "<string>",
"email": "<string>",
"vip": true,
"nhi": true,
"financial": true,
"technical": true,
"managerDirectoryId": "<string>",
"managerEmail": "<string>",
"domain": "<string>",
"department": "<string>",
"createdAt": "<string>",
"integrationId": {},
"roles": [
"<string>"
],
"lastCredentialExposure": {},
"credentialsExposed": true,
"numberCredentialExposures": 123,
"lastCheckedForCredentialExposures": {},
"needsChatOpsWelcome": true,
"contained": true,
"username": "<string>",
"containable": true,
"smsConsentReceivedAt": {},
"administrator": true,
"updatedAt": "<string>",
"passwordLastChangedAt": "<string>",
"lastSignInAt": "<string>",
"raw": {},
"tags": [
{
"id": "<string>",
"directoryUserId": "<string>",
"tag": "VIP",
"automationId": "<string>",
"teamId": "<string>",
"overriddenByUser": true,
"enabled": true,
"createdAt": "<string>"
}
],
"managed": true
}
],
"ips": [
{
"ipv4": "<string>",
"ipv6": "<string>",
"metadata": {
"ip": "<string>",
"hostname": "<string>",
"city": "<string>",
"region": "<string>",
"country": "<string>",
"loc": "<string>",
"postal": "<string>",
"timezone": "<string>",
"org": "<string>",
"asn": {
"asn": "<string>",
"name": "<string>",
"domain": "<string>",
"route": "<string>",
"type": "<string>"
},
"company": {
"name": "<string>",
"domain": "<string>",
"type": "<string>"
},
"privacy": {
"vpn": true,
"proxy": true,
"tor": true,
"relay": true,
"hosting": true,
"service": "<string>"
},
"abuse": {
"address": "<string>",
"country": "<string>",
"email": "<string>",
"name": "<string>",
"network": "<string>",
"phone": "<string>",
"ofac": true,
"adversarial": true
},
"domains": {
"ip": "<string>",
"total": 123,
"domains": [
"<string>"
]
},
"ofac": true,
"adversarial": true
},
"displayName": "<string>",
"id": "<string>",
"teamId": "<string>",
"createdAt": "<string>",
"updatedAt": "<string>",
"locationId": "<string>",
"metadataLastFetchedAt": "<string>",
"known": true,
"safe": true,
"detectionSid": "<string>"
}
],
"domains": [
{
"id": "<string>",
"displayName": "<string>",
"teamId": "<string>",
"name": "<string>",
"createdAt": "<string>"
}
],
"fileRisk": "BENIGN",
"userAgents": [
{
"id": "<string>",
"userAgent": "<string>",
"userAgentAlt": "<string>",
"teamId": "<string>",
"createdAt": "<string>",
"displayName": "<string>",
"browserName": "<string>",
"browserVersion": "<string>",
"browserMajorVersion": "<string>",
"cpuArchitecture": "<string>",
"deviceModel": "<string>",
"deviceVendor": "<string>",
"engineName": "<string>",
"engineVersion": "<string>",
"osName": "<string>",
"osVersion": "<string>"
}
],
"whatHappened": "<string>"
}Assistant
Responses are generated using AI and may contain mistakes.
Authorizations
Bearer authentication header of the form Bearer <token>, where <token> is your auth token.
Path Parameters
Detection ID or SID
Response
200
application/json
The response is of type object.