Verdicts

A verdict contains an assessment about the sample such as whether or not it is malicious. The verdict is created automatically based on analysis results as part of an analysis job. A verdict can also be added manually by using the add verdict API endpoint.

Adding verdicts

The role SAMPLEDB-ANALYZER is required to be able to add verdicts.

To manually add a verdict the verdict endpoint can be used with the POST operation. When doing this, the verdict will be marked with the flag ‘manual’ to indicate that it was manually added.

The response body will be in JSON format and contain the full verdict.

curl -X POST -H "Argus-API-Key: my/api/key" -H "Content-Type: application/json" https://api.mnemonic.no/sampledb/v2/sample/<sample id>/verdict -d '{
	"comment": "test",
	"status": "benign",
	"analysisID": ["be99793e-b994-4b2c-baf8-1b518001223b"]
}'

For more detailed information on what the response model looks like, you can check out the Swagger API documentation.

Fetching verdicts

The role SAMPLEDB-VIEWER or higher is required to be able to fetch or list verdicts.

List

To list verdicts, the verdict endpoint can be used with a GET operation. The response body will be in JSON format and contain a list of objects containing information about the verdicts.

curl -H "Argus-API-Key: my/api/key" https://api.mnemonic.no/sampledb/v2/sample/<sample id>/verdict

For more detailed information on what the response model looks like, you can check out the Swagger API documentation.

Fetch

To fetch the latest (current) verdict, the fetch sample metadata endpoint must be used. This endpoint is described in detail in the Sample section.