POST /forensics/capture/recoveries
Creates a new capture recovery.
Creates a new recovery.
MIME Type |
---|
application/json |
Parameter | Type | Optionality | Data Type | MIME Type | Description |
---|---|---|---|---|---|
fields |
header |
Optional |
String |
text/plain |
Optional - Use this parameter to specify which fields you would like to get back in the response. Fields that are not named are excluded. Specify subfields in brackets and multiple fields in the same object are separated by commas. |
Parameter | Data Type | MIME Type | Description | Sample |
---|---|---|---|---|
recovery |
Object |
application/json |
null |
{ "assigned_to": "String", "bpf": "String", "case_id": 42, "collection_name_suffix": "String", "recovery_window_end_time": 42, "recovery_window_start_time": 42, "session_ids": [ "String" ], "tags": [ "String" ] } |
HTTP Response Code | Unique Code | Description |
---|---|---|
201 |
The workflow recovery job was created. |
|
403 |
1009 |
The user or targeted user does not have the capability to perform this request. |
409 |
1000 |
null |
422 |
1005 |
A request parameter is not valid. |
500 |
1020 |
An error occurred during the creation of the recovery job. |
Response Description
- assigned_to - String - The username of the user the recovery is assigned to. If not supplied the recovery will be assigned to the user making the request. Requires a valid user with Forensics role. Not an authorized service.
- bpf - String - The Berkeley Packet Filter to pass to the capture device. A simplified Berkley Packet Filter expression to pass to the capture device to apply when recovering network data. Maximum length is 250 characters
- case_id - String - ID of the case where the collection(s) are created.
- collection_name_suffix - String - Suffix that is used to name the collection(s) to store the recovered data in. Collection name(s) for recovery tasks are derived from this value and capture devices where network data originates as a recovery task is created for each device. (e.g. A collection name suffix of "mycollection" and data recovered from capture device IP "10.0.0.2" results in a collection that is named "10.0.0.2_mycollection"). NOTE: If the collection name already exists in the case the existing collection is deleted. Maximum length is 100 characters. Alphanumeric and period characters are permitted only.
- id - Long - ID for the recovery.
- recovery_task_ids - Long Array - IDs for all recovery tasks belonging to this recovery.
- recovery_window_end_time - Long - End of time range for data recovery.
- recovery_window_start_time - Long - Start of time range for data recovery.
- tags - String - Identifiers applied to recovered data to assist with grouping when searching. These are user supplied string identifiers that are used to mark the data so the user can easily look up the data later. Maximum length 255 alphanumeric characters (all values converted to space separated string)
Response Sample
{
"assigned_to": "String",
"bpf": "String",
"case_id": 42,
"collection_name_suffix": "String",
"id": 42,
"recovery_task_ids": [
42
],
"recovery_window_end_time": 42,
"recovery_window_start_time": 42,
"session_ids": [
"String"
],
"tags": [
"String"
]
}