Old UI
  • Documentation Platform
    • Technical Guide
      • Whitelisting
        • Whitelisting the Pictures on Microsoft Outlook Apps
      • Minimum Requirements
      • On-Premise Requirements
        • Restricting the Access to Portal According IP
          • How to Import SSL Certificates in IIS
        • Why does the disk on the server fill up fast?
      • Getting Started
      • Phishing Simulator
      • Awareness Educator
      • Incident Responder
        • How does investigation mechanism work?
          • Benefits of Phishing Incident Responder
          • Reverse Engineering Support
          • Privacy and Security
          • Audit
          • Integrations
        • API Settings
          • Configuration steps for Office 365: Microsoft Graph App Configuration
          • Exchange Mail Configuration
          • GSuite API Configuration Guide
          • Gsuite Mail Configration
        • Analysing Suspicious Emails
          • Starting an Automatic Incident Investigation
          • Starting a Manual Incident Investigation
          • Playbook
        • FAQ (Incident Responder&Phishing Reporter)
      • Phishing Reporter Add-In
        • Installation
        • Microsoft Defender Email Reporter Add-In
      • Email Threat Simulator (ETS)
        • Creating a Trusted Account for E-mail Security Tests
          • Restriction of the Authority of the Test Account
          • Restrict Email Address
          • Enable Mailbox Audit Logging for Test Account
        • Dashboard
        • Quick Scan
        • Advanced Scan
        • Interpretation of ETS Report
        • FAQ ( ETS)
      • Threat Intelligence
        • FAQ (Threat Intelligence)
      • Report Manager
        • Phishing Campaign Report List
          • Phishing Campaign Summary
          • Statistics
          • Opened Email
          • Clicked Link in The Phishing Campaign Email
          • Submitted Form
          • Opened Attachment
          • Phishing Reporter
          • Campaign No response
          • Email Delivery Report
          • Phishing User Compare
          • Departments
        • Training Campaign Reports
          • Training Summary
          • Training Statistics
          • Opened Training Email
          • Clicked Training Link
          • View Duration
          • No Response
          • Sending Report
          • Training User Compare
          • Exam
        • Users KPI
          • User-based Grade
          • Department-based Grade
          • Target Group based grade
          • Company-based grade
        • Advanced Reporting
      • Company
        • User Role Management
      • Advanced Settings
        • Allow Email Domains
        • White Labelling
        • LDAP Settings
        • SCIM Integrations
        • Notification Templates
          • Short Codes
          • Using Notification Templates
        • Data Anonymisation
      • Available for Option
      • API Guide
        • REST API for Incident Responder (IR) Operation
        • REST API for SSO Authentication
      • Diagnostic Tool
        • FAQ
    • Maintenance Tool
    • FAQ (All Modules)
      • Video Tutorials
        • Quick Start
        • Google Workspace API Configuration Guide
        • On Premise Requirement Checker Video
        • Phishing Reporter Installation & Deployment
Powered by GitBook
On this page
  • Get Analysis Summary
  • Example Request
  • Download Original Email
  • Example Request:
  • Use Case
  1. Documentation Platform
  2. Technical Guide
  3. API Guide

REST API for Incident Responder (IR) Operation

The full-featured Incident Responder Application Programming Interface (API) can perform the operations with many functionalities. The API carries basic and advanced integration and automation goals, including multi-step workflow processes like getting suspicious email analysis summary and downloading the original email.

Get Analysis Summary

This allows you to get IR analysis results. You can retrieve the analysis results through this API and convert them to action.

Title

Description

Api URL

/api/Analytics/GetIRSummary

Method

POST

Parameters

Key= String = Keepnet Api Key

MinDate = String.Format(“MM.dd.yyyy”)= Start Date

MaxDate = String.Format(“MM.dd.yyyy”)= Finish Date

Count= int = Total number of logs

Key (String)

Keepnet API Key

MinDate(String)

String.Format(“MM.dd.yyyy”), Start Date

MaxDate(String)

String.Format(“MM.dd.yyyy”), Finish Date

Count(int)

Number of logs in Response

Table 1. Steps to get analysis summary

Example Request

curl -XPOST -v -i 'https://dashboard.keepnetlabs.com/api/Analytics/GetIRSummary?key={Key}&MinDate={MinDate}&MaxDate={MaxDate}&count={Count}'

Download Original Email

It allows you to obtain the original of the suspicious email in .msg and .eml formats and use it for deeper analysis.

Title

Description

API URL

/api/Analytics/DownloadMail

Method

GET

Parameters

1- MailId: MailID value given to us in response Guid format

2- setPassword: Helps us to set a password to the file we would like to download. Values must be only true or false

3- password: IF setPassword value is true, you have to define a password here.

or FalseMailID(Uniqueidentifier)

This is the MailID in Response. The original mail for this parameter is requested from Keepnet.

Table 2. Steps to download suspicious email

Example Request:

curl -XGET 'https://dashboard.keepnetlabs.com/api/Analytics/DownloadMail?mailID=821e4995-8a07-4845-9cd3-67c4d7a98274&setPassword=true&password=YOURPASSWORD’ -k

Use Case

For instance, an end-user has reported an email, and this email has been analysed and found to be malicious. The SOC team of the organization wants to take additional precautions against this malicious email with antivirus, firewall, EDR, proxy, and so on solutions. Performing this operation manually causes a serious waste of time and delays the incident intervention on time.

If the email reported to Keepnet is identified as phishing or malicious after analysis, your existing SOAR (IBM Resilience, Splunk Phantom, Atar Labs) will retrieve this information through the API from us and can perform the necessary actions in your EDR, Proxy, Firewall or Antispam solutions.

PreviousAPI GuideNextREST API for SSO Authentication

Last updated 2 years ago