dfir-iris · c8y3 · Jan 15, 2025 · Jan 17, 2025 · Jan 17, 2025 · Jan 17, 2025
diff --git a/docs/api_reference/reference/iris.v2.1.0.yaml b/docs/api_reference/reference/iris.v2.1.0.yaml
@@ -12,31 +12,42 @@ info:
     ### Changes in v2.1.0
     * Added POST /api/v2/cases
     * Added GET /api/v2/cases
-    * Added GET /api/v2/cases/{identifier}
-    * Added DELETE /api/v2/cases/{identifier}
-    * Added POST /api/v2/cases/{identifier}/iocs
-    * Added GET /api/v2/cases/{identifier}/iocs
+    * Added GET /api/v2/cases/{case_identifier}
+    * Added PUT /api/v2/cases/{case_identifier}
+    * Added DELETE /api/v2/cases/{case_identifier}
+    * Added POST /api/v2/cases/{case_identifier}/iocs
+    * Added GET /api/v2/cases/{case_identifier}/iocs
+    * Added GET /api/v2/cases/{case_identifier}/iocs/{identifier}
+    * Added PUT /api/v2/cases/{case_identifier}/iocs/{identifier}
+    * Added DELETE /api/v2/cases/{case_identifier}/iocs/{identifier}
+    * Added GET /api/v2/cases/{case_identifier}/assets/{identifier}
+    * Added DELETE /api/v2/cases/{case_identifier}/assets/{identifier}
+    * Added GET /api/v2/cases/{case_identifier}/tasks/{identifier}
+    * Added DELETE /api/v2/cases/{case_identifier}/tasks/{identifier}
     * Added GET /api/v2/iocs/{identifier}
     * Added PUT /api/v2/iocs/{identifier}
     * Added DELETE /api/v2/iocs/{identifier}
-    * Added POST /api/v2/cases/{identifier}/tasks
+    * Added POST /api/v2/cases/{case_identifier}/tasks
     * Added GET /api/v2/tasks/{identifier}
     * Added DELETE /api/v2/tasks/{identifier}
-    * Added POST /api/v2/cases/{identifier}/assets
+    * Added POST /api/v2/cases/{case_identifier}/assets
     * Added GET /api/v2/assets/{identifier}
     * Added DELETE /api/v2/assets/{identifier}
     * Deprecated POST /manage/cases/add in favor of POST /api/v2/cases
-    * Deprecated POST /manage/cases/delete/{case_id} in favor of DELETE /api/v2/cases/{identifier}
-    * Deprecated POST /case/ioc/add in favor of POST /api/v2/cases/{identifier}/iocs
+    * Deprecated POST /manage/cases/update in favor of PUT /api/v2/cases/{case_identifier}
+    * Deprecated POST /manage/cases/delete/{case_id} in favor of DELETE /api/v2/cases/{case_identifier}
+    * Deprecated POST /case/ioc/add in favor of POST /api/v2/cases/{case_identifier}/iocs
     * Deprecated GET /case/ioc/{ioc_id}  in favor of GET /api/v2/iocs/{identifier}
     * Deprecated DELETE /case/ioc/delete/{ioc_id} in favor of DELETE /api/v2/iocs/{identifier}
-    * Deprecated POST /case/tasks/add in favor of POST /api/v2/cases/{identifier}/tasks
+    * Deprecated POST /case/tasks/add in favor of POST /api/v2/cases/{case_identifier}/tasks
     * Deprecated GET /case/tasks/{task_id} in favor of GET /api/v2/tasks/{identifier}
     * Deprecated DELETE /case/tasks/delete/{task_id} in favor of DELETE /api/v2/tasks/{identifier}
-    * Deprecated POST /case/assets/add in favor of POST /api/v2/cases/{identifier}/assets
+    * Deprecated POST /case/assets/add in favor of POST /api/v2/cases/{case_identifier}/assets
     * Deprecated GET /case/assets/{asset_id} in favor of GET /api/v2/assets/{identifier}
     * Deprecated DELETE /case/assets/delete/{asset_id} in favor of DELETE /api/v2/assets/{identifier}
-
+    * Added documentation of missing GET /manage/severities/list
+    * Added documentation of missing GET /manage/tlp/list
+    * Added documentation of missing GET /manage/event-categories/list
 
     ### Changes in v2.0.0
     This version introduces access control. Every request now needs to have the `cid=x` parameter in the URI.  
@@ -60,14 +71,20 @@ servers:
 paths:
   /api/v2/cases:
     $ref: v2.1.0/resources/api_v2_cases.yaml
-  /api/v2/cases/{identifier}:
-    $ref: v2.1.0/resources/api_v2_cases_{identifier}.yaml
-  /api/v2/cases/{identifier}/iocs:
-    $ref: v2.1.0/resources/api_v2_cases_{identifier}_iocs.yaml
-  /api/v2/cases/{identifier}/assets:
-    $ref: v2.1.0/resources/api_v2_cases_{identifier}_assets.yaml
-  /api/v2/cases/{identifier}/tasks:
-    $ref: v2.1.0/resources/api_v2_cases_{identifier}_tasks.yaml
+  /api/v2/cases/{case_identifier}:
+    $ref: v2.1.0/resources/api_v2_cases_{case_identifier}.yaml
+  /api/v2/cases/{case_identifier}/iocs:
+    $ref: v2.1.0/resources/api_v2_cases_{case_identifier}_iocs.yaml
+  /api/v2/cases/{case_identifier}/iocs/{identifier}:
+    $ref: v2.1.0/resources/api_v2_cases_{case_identifier}_iocs_{identifier}.yaml
+  /api/v2/cases/{case_identifier}/assets:
+    $ref: v2.1.0/resources/api_v2_cases_{case_identifier}_assets.yaml
+  /api/v2/cases/{case_identifier}/assets/{identifier}:
+    $ref: v2.1.0/resources/api_v2_cases_{case_identifier}_assets_{identifier}.yaml
+  /api/v2/cases/{case_identifier}/tasks:
+    $ref: v2.1.0/resources/api_v2_cases_{case_identifier}_tasks.yaml
+  /api/v2/cases/{case_identifier}/tasks/{identifier}:
+    $ref: v2.1.0/resources/api_v2_cases_{case_identifier}_tasks_{identifier}.yaml
   /manage/cases/update/{case_id}:
     $ref: v2.1.0/resources/manage_cases_update_{case_id}.yaml
   /api/v2/iocs/{identifier}:
@@ -318,6 +335,8 @@ paths:
     $ref: v2.1.0/resources/manage_ioc-types_add.yaml
   /manage/ioc-types/update/{ioc_type_id}:
     $ref: v2.1.0/resources/manage_ioc-types_update_{ioc_type_id}.yaml
+  /manage/tlp/list:
+    $ref: v2.1.0/resources/manage_tlp_list.yaml
   /manage/case-templates/add:
     $ref: v2.1.0/resources/manage_case-templates_add.yaml
   /manage/case-templates/update/{template_id}:
@@ -344,6 +363,8 @@ paths:
     $ref: v2.1.0/resources/manage_case-states_update_{state_id}.yaml
   /manage/case-states/delete/{state_id}:
     $ref: v2.1.0/resources/manage_case-states_delete_{state_id}.yaml
+  /manage/severities/list:
+    $ref: v2.1.0/resources/manage_severities_list.yaml
   /manage/evidence-types/list:
     $ref: v2.1.0/resources/manage_evidence-types_list.yaml
   /manage/evidence-types/{type_id}:
@@ -354,6 +375,8 @@ paths:
     $ref: v2.1.0/resources/manage_evidence-types_update_{type_id}.yaml
   /manage/evidence-types/delete/{state_id}:
     $ref: v2.1.0/resources/manage_evidence-types_delete_{state_id}.yaml
+  /manage/event-categories/list:
+    $ref: v2.1.0/resources/manage_event-categories_list.yaml
   /api/versions:
     $ref: v2.1.0/resources/api_versions.yaml
   /api/ping:

diff --git a/...1.0/parameters/path/cases_identifier.yaml → ....1.0/parameters/path/case_identifier.yaml b/...1.0/parameters/path/cases_identifier.yaml → ....1.0/parameters/path/case_identifier.yaml
@@ -1,5 +1,5 @@
 in: path
-name: identifier
+name: case_identifier
 required: true
 description: Case identifier
 schema:

diff --git a/docs/api_reference/reference/v2.1.0/parameters/query/case_severity_id.yaml b/docs/api_reference/reference/v2.1.0/parameters/query/case_severity_id.yaml
@@ -2,5 +2,5 @@ in: query
 name: case_severity_id
 description: Severity identifier of the case
 schema:
-  type: int
+  $ref: ../../schemas/case_severity_id.yaml
 
diff --git a/docs/api_reference/reference/v2.1.0/resources/api_v2_cases_{case_identifier}.yaml b/docs/api_reference/reference/v2.1.0/resources/api_v2_cases_{case_identifier}.yaml
@@ -0,0 +1,107 @@
+parameters:
+  - $ref: ../parameters/path/case_identifier.yaml
+get:
+  operationId: api_v2_cases_{identifier}_get
+  tags:
+    - Cases
+    - Beta
+  summary: Get a case
+  description: 'Get a case by its identifier'
+  responses:
+    '201':
+      description: Case successfully found
+      content:
+        application/json:
+          schema:
+            $ref: ../schemas/Case.yaml
+    '404':
+      $ref: ../responses/NotFound.yaml
+put:
+  operationId: api_v2_cases_{identifier}_put
+  tags:
+    - Cases
+    - Beta
+  summary: Update a case
+  description: 'Update informations of a case'
+  requestBody:
+    content:
+      application/json:
+        schema:
+          type: object
+          properties:
+            case_name:
+              type: string
+            case_soc_id:
+              type: string
+            classification_id:
+              type: integer
+            owner_id:
+              type: integer
+            state_id:
+              type: integer
+            severity_id:
+              $ref: ../schemas/case_severity_id.yaml
+            status_id:
+              $ref: ../schemas/case_status_id.yaml
+            case_customer:
+              type: integer
+            reviewer_id:
+              type: integer
+            protagonists:
+              type: array
+              items:
+                type: object
+                properties:
+                  role:
+                    type: string
+                  name:
+                    type: string
+                  contact:
+                    type: string
+            case_tags:
+              type: string
+            custom_attributes:
+              type: object
+        examples:
+          Example 1:
+            value:
+              case_name: 'A new case name'
+              case_soc_id: soc_id_demo
+              classification_id: 2
+              owner_id: 2
+              state_id: 3
+              severity_id: 4
+              status_id: 1
+              case_customer: 1
+              reviewer_id: 2
+              protagonists:
+                - role: Lead
+                  name: administrator
+                  contact: administrator@iris.local
+              case_tags: tag1,tag2
+              custom_attributes: {}
+  responses:
+    '200':
+      description: Case successfully updated
+      content:
+        application/json:
+          schema:
+            $ref: ../schemas/Case.yaml
+    '404':
+      $ref: ../responses/NotFound.yaml
+    '400':
+      $ref: ../responses/GenericError.yaml
+delete:
+  operationId: api_v2_cases_{identifier}_delete
+  tags:
+    - Cases
+    - Beta
+  summary: Delete a case
+  description: This implies the deletion of everything linked to the case.
+  responses:
+    '204':
+      $ref: ../responses/Deleted.yaml
+    '404':
+      $ref: ../responses/NotFound.yaml
+    '400':
+      $ref: ../responses/GenericError.yaml
diff --git a/...ces/api_v2_cases_{identifier}_assets.yaml → ...pi_v2_cases_{case_identifier}_assets.yaml b/...ces/api_v2_cases_{identifier}_assets.yaml → ...pi_v2_cases_{case_identifier}_assets.yaml
@@ -1,5 +1,5 @@
 parameters:
-  - $ref: ../parameters/path/cases_identifier.yaml
+  - $ref: ../parameters/path/case_identifier.yaml
 post:
   operationId: api_v2_cases_{identifier}_assets_post
   summary: Create an asset

diff --git a/...erence/reference/v2.1.0/resources/api_v2_cases_{case_identifier}_assets_{identifier}.yaml b/...erence/reference/v2.1.0/resources/api_v2_cases_{case_identifier}_assets_{identifier}.yaml
@@ -0,0 +1,31 @@
+parameters:
+  - $ref: ../parameters/path/case_identifier.yaml
+  - $ref: ../parameters/path/identifier.yaml
+get:
+  operationId: api_v2_cases_{case_identifier}_assets_{identifier}_get
+  tags:
+    - Assets
+    - Beta
+  summary: Get an asset
+  description: 'Get an asset by its identifier'
+  responses:
+    '201':
+      description: Asset successfully found
+      content:
+        application/json:
+          schema:
+            $ref: ../schemas/Asset.yaml
+    '404':
+      $ref: ../responses/NotFound.yaml
+delete:
+  operationId: api_v2_cases_{case_identifier}_assets_{identifier}_delete
+  tags:
+    - Assets
+  summary: Delete an asset
+  responses:
+    '204':
+      $ref: ../responses/Deleted.yaml
+    '404':
+      $ref: ../responses/NotFound.yaml
+    '400':
+      $ref: ../responses/GenericError.yaml
diff --git a/...urces/api_v2_cases_{identifier}_iocs.yaml → .../api_v2_cases_{case_identifier}_iocs.yaml b/...urces/api_v2_cases_{identifier}_iocs.yaml → .../api_v2_cases_{case_identifier}_iocs.yaml
@@ -1,5 +1,5 @@
 parameters:
-  - $ref: ../parameters/path/cases_identifier.yaml
+  - $ref: ../parameters/path/case_identifier.yaml
 post:
   operationId: api_v2_cases_{identifier}_iocs_post
   summary: Create an IOC

diff --git a/...eference/reference/v2.1.0/resources/api_v2_cases_{case_identifier}_iocs_{identifier}.yaml b/...eference/reference/v2.1.0/resources/api_v2_cases_{case_identifier}_iocs_{identifier}.yaml
@@ -0,0 +1,84 @@
+parameters:
+  - $ref: ../parameters/path/case_identifier.yaml
+  - $ref: ../parameters/path/identifier.yaml
+get:
+  operationId: api_v2_cases_{case_identifier}_iocs_{identifier}_get
+  tags:
+    - IOCs
+    - Beta
+  summary: Get an IOC
+  description: ''
+  responses:
+    '201':
+      description: IOC successfully found
+      content:
+        application/json:
+          schema:
+            $ref: ../schemas/Ioc.yaml
+    '404':
+      $ref: ../responses/NotFound.yaml
+put:
+  operationId: api_v2_cases_{case_identifier}_iocs_{identifier}_put
+  tags:
+    - IOCs
+    - Beta
+  summary: Update an IOC
+  description: ''
+  requestBody:
+    content:
+      application/json:
+        schema:
+          type: object
+          properties:
+            ioc_value:
+              type: string
+              minLength: 1
+            ioc_type_id:
+              type: number
+            ioc_tlp_id:
+              type: number
+            ioc_description:
+              type: string
+              minLength: 1
+              description: 'A short description of the ioc. This will be the summary of the ioc.'
+            ioc_misp:
+              type:
+                - string
+                - 'null'
+              description: 'Misp of ioc'
+            ioc_tags:
+              type: string
+              description : 'Ioc tags'
+        examples:
+           Valid request:
+             value:
+               ioc_value: 8.8.8.8
+               ioc_type_id: 1
+               ioc_tlp_id: 2
+               ioc_description: rewrw
+               ioc_tags: ''
+  responses:
+    '200':
+      description: IOC successfully updated
+      content:
+        application/json:
+          schema:
+            $ref: ../schemas/Ioc.yaml
+    '404':
+      $ref: ../responses/NotFound.yaml
+    '400':
+      $ref: ../responses/GenericError.yaml
+delete:
+  operationId: api_v2_cases_{case_identifier}_iocs_{identifier}_delete
+  tags:
+    - IOCs
+    - Beta
+  summary: Delete an IOC
+  description: 'Delete an IOC from the case. If the IOC is still reference in other cases than it''s only unlinked from the current case.'
+  responses:
+    '204':
+      $ref: ../responses/Deleted.yaml
+    '404':
+      $ref: ../responses/NotFound.yaml
+    '400':
+      $ref: ../responses/GenericError.yaml
diff --git a/...rces/api_v2_cases_{identifier}_tasks.yaml → ...api_v2_cases_{case_identifier}_tasks.yaml b/...rces/api_v2_cases_{identifier}_tasks.yaml → ...api_v2_cases_{case_identifier}_tasks.yaml
@@ -1,5 +1,5 @@
 parameters:
-  - $ref: ../parameters/path/cases_identifier.yaml
+  - $ref: ../parameters/path/case_identifier.yaml
 post:
   operationId: api_v2_cases_{identifier}_tasks_post
   summary: Create a task