Cases
- POSTGet case statistics by severity
- POSTGet case statistics by category class
- GETGet weekly case counts
- POSTGet case counts grouped by team
- GETGet example case for demonstration
- GETGet all detections for a case
- GETGet all detections for a case without entities
- DELDelete a case
- PATCHUpdate case details
- POSTCalculate mean time to resolution
- POSTCalculate mean time to detect for filtered cases
- POSTCalculate mean time to verdict for filtered cases
- POSTCalculate mean time to contain
- POSTReingest all detections for a case
- GETGet related cases
- GETGet threat indicators for a case
- POSTSearch and list cases
- POSTGet cases search count
- POSTSubmit feedback for AI case summary
- GETGet active bulk jobs for current user
- GETGet bulk job status
- GETGet case by ID or SID
- POSTExport cases to CSV
- POSTBulk close cases
Integration
- GETGet integration health summary
- POSTSearch integrations
- POSTGet integration search count
- POSTSearch integration logs from ClickHouse
- POSTGet integration log search count from ClickHouse
- POSTGet daily integration log counts from ClickHouse
- PUTAdd API key integration
- PUTAdd other integration type
- PUTAdd basic authentication integration
- POSTGet OAuth installation URL
- GETGet all integration configurations
- GETGet integration by ID
- DELDelete integration
- PATCHUpdate integration
- GETGet integration configuration by type
- GETHandle OAuth redirect
- POSTVerify JWT token
- GETHandle authenticated OAuth redirect
- POSTInvoke integration action
- GETGet webhook secret
- GETGet AWS remote API key
- PUTRegister AWS integration remotely
- GETGet synced licenses for integration
- POSTCheck integration entitlements
- POSTDismiss an entitlement warning
- DELUndismiss an entitlement warning
- POSTTrigger health check for all team integrations
- POSTTrigger health check for integration
- POSTMute hourly quality notifications for integration
- POSTUnmute hourly quality notifications for integration
- POSTRequest a new integration
- GETVerify integration webhook
- POSTHandle integration webhook
- GETGet Microsoft Sentinel RBAC setup URL
- GETGet Microsoft Sentinel deploy template
- GETGet ConnectWise PSA configuration
- PUTUpdate ConnectWise PSA configuration
- GETGet ConnectWise companies
- GETGet ConnectWise boards
- GETGet board ticket types
- GETGet board ticket statuses
- GETGet ConnectWise priorities
- GETGet Halo ITSM configuration
- PUTUpdate Halo ITSM configuration
- GETGet additional required fields for Halo ITSM Incident tickets
- GETGet Halo ITSM teams
- GETGet Halo ITSM clients
- GETGet Halo ITSM categories (type_id=1)
- GETGet Jira configuration
- PUTUpdate Jira configuration
- GETGet Jira Cloud instances
- GETGet Jira projects
- GETGet Jira issue types
- GETGet Odoo Helpdesk configuration
- PUTUpdate Odoo Helpdesk configuration
- GETList available Odoo Helpdesk databases
- GETList Odoo Helpdesk companies for a database
- GETList Odoo Helpdesk teams for a database
- GETList Odoo Helpdesk stages and return a suggested Wirespeed→stage mapping
Asset
- GETGet all assets for a case
- GETGet all assets for a detection
- GETGet asset counts by type
- POSTBulk contain multiple assets
- POSTBulk uncontain multiple assets
- POSTContain directory user
- POSTContain endpoint
- POSTUncontain endpoint
- POSTUncontain directory
- POSTContain file
- POSTUncontain file
- GETGet active containment actions for an asset
- GETGet containment action history for an asset
Users
- GETGet current user information
- PATCHUpdate current user information
- PATCHUpdate user role
- DELDelete user
- PATCHUnlock user account
- PATCHLock user account
- GETGet user API keys (deprecated — always returns empty list)deprecated
- PUTCreate user API key (deprecated — no longer supported)deprecated
- DELDelete user API key (deprecated — always returns 404)deprecated
- DELUnsubscribe user from all notifications for current team
Team
- POSTGet team detection statistics
- POSTGet team billable resource statistics
- POSTSet or clear the billing license for a target type
- POSTGet team endpoint operating system statistics
- POSTGet team geographic distribution statistics
- POSTGet team event statistics by integration
- POSTDetections created over time
- POSTEscalated cases over time
- POSTContainment actions over time
- POSTNoise reduction rate over time
- POSTMean time to verdict over time
- POSTMean time to detect over time
- POSTMean time to respond over time
- POSTDetections grouped by category
- POSTDetections grouped by integration
- POSTDetections grouped by endpoint/user group
- POSTSwitch to a different team
- GETGet current team information
- PUTCreate a new team
- POSTSearch service provider teams
- DELDelete the current team and all associated data
- PATCHUpdate team information
- POSTQueue cross-integration canonical_id reconciliation (Wirespeed internal only)
- GETCheck if the current user can modify all team members, including SP-managed users
- GETGet team by any UUID
- GETGet all teams
- GETGet all teams with slim payload
- POSTGet service provider teams search count
- POSTGet service provider client aggregate stats
- POSTSearch team members
- POSTGet team member search count
- GETGet distinct email domains of team members
- POSTSearch system logs
- POSTGet system log search count
- GETGet a system log entry by id (current team)
- PUTAdd operating team
- DELRemove operating team
- PATCHUpdate a client team subscription
- PUTInvite user to team
- PUTResend invitation to user
- GETGet platform logos
- PUTUpload platform logo
- DELDelete platform logo
- PATCHReset default chat ops for a field
- DELRemove external user from team
- GETGet all team-level API keys
- PUTCreate a team-level API key
- DELDelete a team-level API key
- POSTPublic team sign-up endpoint
- POSTCreate a SKU change request
- GETGet pending SKU change request for current team
- PATCHUpdate a SKU change request (cancel, accept, deny, or accept with modifications)
- POSTList all SKU change requests (internal only)
- GETGet pending SKU change request for a client team
- POSTList SKU change requests for child teams of the current SP
- GETGet onboarding checklist items for the team
- PATCHMark a self-attested onboarding item as complete
Directory
- GETGet directory user statistics
- GETGet directory user by ID
- PATCHUpdate directory user
- POSTGet directory user search count
- POSTSearch directory users
- PUTAdd users to chat ops onboarding
- DELRemove user from chat ops onboarding
- PUTAdd users to chat ops onboarding
- DELRemove users from chat ops onboarding
- PUTAdd group to directory user
- DELRemove group from directory user
- GETGet VIP user count and change
- POSTRefresh directory user data
- POSTReset SMS invite attempts and resend invite
Detection
- POSTGet detection statistics by severity
- POSTGet detection statistics by category class
- POSTGet detection chat ops statistics
- POSTGet noise reduction statistics over time
- POSTCalculate mean time to detect
- POSTCalculate mean time to verdict
- POSTSearch and list detections
- POSTCount detections matching search filters
- GETGet example detection for demonstration
- PUTCreate a custom detection
- POSTList custom detections
- DELDelete a custom detection
- PATCHUpdate a custom detection
- POSTReingest a detection
- GETGet detection by ID or SID
- GETGet AQL questions for detection
- DELDelete a detection
- PATCHUpdate detection details
- POSTExport detections to CSV
Queue cross-integration canonical_id reconciliation (Wirespeed internal only)
curl --request POST \
--url https://api.wirespeed.co/v1/team/reconcile-canonical-assets \
--header 'Authorization: Bearer <token>' \
--header 'Content-Type: application/json' \
--data '
{
"scopes": [
"users"
]
}
'{
"accepted": true
}Team
Queue cross-integration canonical_id reconciliation (Wirespeed internal only)
Always runs for the current team from the authenticated request (CLS teamId); the job payload does not accept a team id. FunctionService.sendJob attaches that team id to the background job.
POST
/
v1
/
team
/
reconcile-canonical-assets
Queue cross-integration canonical_id reconciliation (Wirespeed internal only)
curl --request POST \
--url https://api.wirespeed.co/v1/team/reconcile-canonical-assets \
--header 'Authorization: Bearer <token>' \
--header 'Content-Type: application/json' \
--data '
{
"scopes": [
"users"
]
}
'{
"accepted": true
}Documentation Index
Fetch the complete documentation index at: https://docs.wirespeed.co/llms.txt
Use this file to discover all available pages before exploring further.
Authorizations
Bearer authentication header of the form Bearer <token>, where <token> is your auth token.
Body
application/json
Optional scopes only. Reconciliation targets the current team, not a team id in the body.
Which asset kinds to reconcile for the current team (from auth context). When omitted, both directory users and endpoints are included.
Available options:
users, endpoints Response
Job was accepted onto the background queue
Update team informationCheck if the current user can modify all team members, including SP-managed users
⌘I