Evidence#
Evidence is an entity that belongs to an analysis. It can contain information such as mime type and other data resulting from the analysis.
Adding evidence#
The role SAMPLEDB-ANALYZER
is required to be able to add an evidence entity.
To add an evidence entity, the evidence endpoint can be used with a POST
operation
along with the sample ID, and the analysis ID. The request and response body will be
JSON formatted and contain the submitted evidence.
curl -X POST -H "Argus-API-Key: my/api/key" -H "Content-Type: application/json" https://api.mnemonic.no/sampledb/v2/sample/<sample sha256 hash>/analysis/<analysis ID>/evidence -d '{
"evidence": [65, 65, 65, 65],
"mimeType": "mime type of the evidence",
"fileName": "evidence name",
"internal": "false",
"potentiallyMalicious: "true"
}'
Tip
For more detailed information on what the response model looks like, you can check out the Swagger API documentation.
Fetching evidence metadata#
The role SAMPLEDB-VIEWER
or higher is required to be able to fetch or list evidence
metadata.
List#
To list evidence entries of an analysis, the evidence endpoint can be used with a GET
operation along with the sample ID, and analysis ID. The response body will be JSON
formatted and contain metadata about the
evidence.
curl -X GET -H "Argus-API-Key: my/api/key" https://api.mnemonic.no/sampledb/v2/sample/<sample sha256 hash>/analysis/<analysis ID>/evidence/
Tip
For more detailed information on what the response model looks like, you can check out the Swagger API documentation.
Fetch#
To fetch a specific evidence entry of an analysis, the evidence endpoint can be used
with a GET
operation along with the sample ID, analysis ID, and the evidence ID. T
he response body will be JSON formatted and contain metadata about the evidence.
curl -X GET -H "Argus-API-Key: my/api/key" https://api.mnemonic.no/sampledb/v2/sample/<sample sha256 hash>/analysis/<analysis ID>/evidence/<evidence ID>
Tip
For more detailed information on what the response model looks like, you can check out the Swagger API documentation.
Fetching evidence data#
The role SAMPLEDB-VIEWER
or higher is required to be able to download the raw data
in an evidence entry.
To download the raw data of an evidence entity the evidence download endpoint can be
used with a GET
operation along with the sample ID, analysis ID, and evidence ID. The
response body will be the raw bytes of the evidence, with the Content-Type
HTTP
header set accordingly.
curl -X GET -H "Argus-API-Key: my/api/key" https://api.mnemonic.no/sampledb/v2/sample/<sample sha256 hash>/analysis/<analysis ID>/evidence/<evidence ID>/download
Tip
For more detailed information on what the response model looks like, you can check out the Swagger API documentation.