GET /forensics/capture/recovery_tasks/{id}
Retrieves a recovery task based on the supplied ID.
Retrieves a recovery task based on the supplied ID.
| MIME Type |
|---|
application/json |
| Parameter | Type | Optionality | Data Type | MIME Type | Description |
|---|---|---|---|---|---|
id |
path |
Required |
Number (Integer) |
text/plain |
Required - The ID of the workflow job to retrieve. |
fields |
query |
Optional |
String |
text/plain |
Optional - Use this parameter to specify which fields you would like to get back in the response. Fields that are not named are excluded. Specify subfields in brackets and multiple fields in the same object are separated by commas. |
| HTTP Response Code | Unique Code | Description |
|---|---|---|
200 |
The Workflow Recovery Job was retrieved. |
|
404 |
1002 |
No recovery job was found for the provided ID. |
500 |
1020 |
An error occurred while the recovery job was being retrieved. |
Response Description
A recovery task containing the following fields:
- assigned_to - String - The username of the user the recovery task is assigned to.
- bpf - String - Berkeley Packet Filter sent to capture device when recovering.
- capture_device_id - String - Capture device where this task collected its data. The IP address of the capture device at time of recovery.
- case_id - String - Id of case where the collection is created.
- collection_name - String - Name of collection where recovered data is stored. Derived from device recovery collection name suffix. NOTE: This is used as part of the collection_name to uniquely identify and index the data at time of recovery and is not updated if the capture device ip address is changed.
- id - Long - ID for the recovery task.
- managed_host_hostname - String - The managed host where the recovery task runs.
- recovery_id - Long - ID of the recovery this task belongs to.
- recovery_window_end_time - Long - End of time range for data recovery window sent to capture device. Data recovered is from before this time.
- recovery_window_start_time - Long - Start of time range for data recovery window sent to capture device. Data recovered is from after this time.
- status - String - Current status of this task. Possible values are:
- CANCELED - Recovery from capture device canceled. Any documents recovered before cancellation remain in the system.
- CANCELLING - Recovery from capture device in process of cancellation.
- FAILED - Something went wrong with the recovery.
- IN_PROGRESS - The capture device is processing the recovery.
- NEW - The recovery task was created and is waiting to be picked up by the system.
- PENDING - The recovery task was picked up by the system and is waiting for the capture device to start processing the recovery.
- SUCCESS - Recovery from capture device successfully completed
- tags - String Array - Identifiers that are applied to recovered data to assist with grouping when searching. These are user-supplied string identifiers that are used to mark the data so the user can easily look up the data later.
- task_end_time - Long - Timestamp the recovery task completed.
- task_start_time - Long - Timestamp the recovery task started.
Response Sample
{
"assignee": "String",
"bpf": "String",
"capture_device_ip": "String",
"case_id": 42,
"collection_name": "String",
"id": 42,
"managed_host_hostname": "String",
"recovery_id": 42,
"recovery_window_end_time": 42,
"recovery_window_start_time": 42,
"status": "String <one of: CANCELED, CANCELING, FAILED, IN_PROGRESS, NEW, PENDING, SUCCESS>",
"tags": [
"String"
],
"task_end_time": 42,
"task_start_time": 42
}