REST API for Incident Responder (IR) Operation
The full-featured Incident Responder Application Programming Interface (API) can perform the operations with many functionalities. The API carries basic and advanced integration and automation goals, including multi-step workflow processes like getting suspicious email analysis summary and downloading the original email.

Get Analysis Summary

This allows you to get IR analysis results. You can retrieve the analysis results through this API and convert them to action.
Title
Description
Api URL
/api/Analytics/GetIRSummary
Method
POST
Parameters
Key= String = Keepnet Api Key
MinDate = String.Format(“MM.dd.yyyy”)= Start Date
MaxDate = String.Format(“MM.dd.yyyy”)= Finish Date
Count= int = Total number of logs
Key (String)
Keepnet API Key
MinDate(String)
String.Format(“MM.dd.yyyy”), Start Date
MaxDate(String)
String.Format(“MM.dd.yyyy”), Finish Date
Count(int)
Number of logs in Response
Table 1. Steps to get analysis summary

Example Request

curl -XPOST -v -i 'https://dashboard.keepnetlabs.com/api/Analytics/GetIRSummary?key={Key}&MinDate={MinDate}&MaxDate={MaxDate}&count={Count}'

Download Original Email

It allows you to obtain the original of the suspicious email in .msg and .eml formats and use it for deeper analysis.
Title
Description
API URL
/api/Analytics/DownloadMail
Method
GET
Parameters
1- MailId: MailID value given to us in response Guid format
2- setPassword: Helps us to set a password to the file we would like to download. Values must be only true or false
3- password: IF setPassword value is true, you have to define a password here.
or FalseMailID(Uniqueidentifier)
This is the MailID in Response. The original mail for this parameter is requested from Keepnet.
Table 2. Steps to download suspicious email

Example Request:

curl -XGET 'https://dashboard.keepnetlabs.com/api/Analytics/DownloadMail?mailID=821e4995-8a07-4845-9cd3-67c4d7a98274&setPassword=true&password=YOURPASSWORD’ -k

Use Case

For instance, an end-user has reported an email, and this email has been analysed and found to be malicious. The SOC team of the organization wants to take additional precautions against this malicious email with antivirus, firewall, EDR, proxy, and so on solutions. Performing this operation manually causes a serious waste of time and delays the incident intervention on time.
If the email reported to Keepnet is identified as phishing or malicious after analysis, your existing SOAR (IBM Resilience, Splunk Phantom, Atar Labs) will retrieve this information through the API from us and can perform the necessary actions in your EDR, Proxy, Firewall or Antispam solutions.

Copy link
On this page
Get Analysis Summary
Example Request
Download Original Email
Example Request:
Use Case