Evidence#

Evidence is an entity that belongs to an analysis. It can contain information such as mime type and other data resulting from the analysis.

Adding evidence#

The role SAMPLEDB-ANALYZER is required to be able to add an evidence entity.

To add an evidence entity, the evidence endpoint can be used with a POST operation along with the sample ID, and the analysis ID. The request and response body will be JSON formatted and contain the submitted evidence.

curl -X POST -H "Argus-API-Key: my/api/key" -H "Content-Type: application/json" https://api.mnemonic.no/sampledb/v2/sample/<sample sha256 hash>/analysis/<analysis ID>/evidence -d '{
  "evidence": [65, 65, 65, 65],
  "mimeType": "mime type of the evidence",
  "fileName": "evidence name",
  "internal": "false",
  "potentiallyMalicious: "true"
}'

Tip

For more detailed information on what the response model looks like, you can check out the Swagger API documentation.

Fetching evidence metadata#

The role SAMPLEDB-VIEWER or higher is required to be able to fetch or list evidence metadata.

List#

To list evidence entries of an analysis, the evidence endpoint can be used with a GET operation along with the sample ID, and analysis ID. The response body will be JSON formatted and contain metadata about the evidence.

curl -X GET -H "Argus-API-Key: my/api/key" https://api.mnemonic.no/sampledb/v2/sample/<sample sha256 hash>/analysis/<analysis ID>/evidence/

Tip

For more detailed information on what the response model looks like, you can check out the Swagger API documentation.

Fetch#

To fetch a specific evidence entry of an analysis, the evidence endpoint can be used with a GET operation along with the sample ID, analysis ID, and the evidence ID. T he response body will be JSON formatted and contain metadata about the evidence.

curl -X GET -H "Argus-API-Key: my/api/key" https://api.mnemonic.no/sampledb/v2/sample/<sample sha256 hash>/analysis/<analysis ID>/evidence/<evidence ID>

Tip

For more detailed information on what the response model looks like, you can check out the Swagger API documentation.

Fetching evidence data#

The role SAMPLEDB-VIEWER or higher is required to be able to download the raw data in an evidence entry.

To download the raw data of an evidence entity the evidence download endpoint can be used with a GET operation along with the sample ID, analysis ID, and evidence ID. The response body will be the raw bytes of the evidence, with the Content-Type HTTP header set accordingly.

curl -X GET -H "Argus-API-Key: my/api/key" https://api.mnemonic.no/sampledb/v2/sample/<sample sha256 hash>/analysis/<analysis ID>/evidence/<evidence ID>/download

Tip

For more detailed information on what the response model looks like, you can check out the Swagger API documentation.