Nuix

this connector integrates nuix's rest api with swimlane turbine prerequisites the nuix connector requires an url , username and password for authentication capabilities this connector provides the following capabilities creates a case creates a case subset case evidence evidence file evidence loadfile evidence mail evidence ms365 evidence repository notes https //developer nuix com/latest/reference/restapireference html#/ configurations nuix asset authenticates using nuix credentials configuration parameters parameter description type required url a url to the target host string required username username string required password password string required licence shortname nuix license shortname, this will be the license used as long as the value is not overridden in a task that uses this asset string optional workers default number of workers this will be the number of workers for a task if the value is not overridden in a task that uses this asset string optional verify ssl verify ssl certificate boolean optional http proxy a proxy to route requests through string optional actions creates a case use this operation to create a case endpoint url /cases method post input argument name type required description name string optional name of the resource location string optional parameter for creates a case description string optional parameter for creates a case compound boolean optional parameter for creates a case investigator string optional parameter for creates a case input example {"json body" {"name" "simplecase","location" "inventory0","description" "about my simple case","compound"\ false,"investigator" "inspector gadget"}} output parameter type description status code number http status code of the response reason string response reason phrase caseid string unique identifier name string name of the resource path string output field path description string output field description investigator string output field investigator creationdate number date value compound boolean output field compound elastic boolean output field elastic binarystorelocation string output field binarystorelocation indexid string unique identifier casesize number output field casesize casepathparent string output field casepathparent caseinvestigationtimezone string output field caseinvestigationtimezone hasexclusions object output field hasexclusions hasnuixsystemtags object output field hasnuixsystemtags hasproductionsets object output field hasproductionsets hascalculatedauditsize object output field hascalculatedauditsize casepath string output field casepath casename string name of the resource casedescription string output field casedescription casecreationdate number date value caseinvestigator string output field caseinvestigator output example {"status code" 201,"response headers" {},"reason" "ok","json body" {"caseid" "559710fa433a44c0a8b3a5805c4c8ba0","name" "simplecase","path" "/opt/nuix/cases/simplecase","description" "about my simple case","investigator" "inspector gadget","creationdate" 1606248486451,"compound"\ false,"elastic"\ false,"binarystorelocation" "","indexid" "","casesize" 0,"casepathparent" "/opt/nuix/cases","caseinvestigationtimezone" "etc/gmt","hasexclusions"\ null,"hasnuixsystemtags"\ null}} case evidence ingests a new repository and/or supported containers into a simple case use this operation to ingest different types of data during a single processing session endpoint url /cases/{{caseid}}/evidence method post input argument name type required description path parameters caseid string required parameters for the case evidence action processingprofile string optional parameter for case evidence containers array optional parameter for case evidence containers files array optional parameter for case evidence containers files path string optional parameter for case evidence containers s3buckets array optional parameter for case evidence containers s3buckets access string optional parameter for case evidence containers s3buckets bucket string optional parameter for case evidence containers s3buckets endpoint string optional parameter for case evidence containers s3buckets secret string optional parameter for case evidence input example {"json body" {"processingprofile" "default","containers" \[{"files" \[{"path" "/mnt/raw data/singlefile txt"},{"path" "/mnt/raw data/directory"}],"s3buckets" \[{"access" "awsaccesskey","bucket" "my aws bucket/bucketfolder","endpoint" "","secret" "awssecretaccesskey"}]}]},"path parameters" {"caseid" "ahdh123"}} output parameter type description status code number http status code of the response reason string response reason phrase functionkey string output field functionkey location string output field location output example {"status code" 200,"response headers" {},"reason" "ok","json body" {"functionkey" "string","location" "string"}} creates a case subset use this operation to create a case subset endpoint url /cases/{{caseid}}/subset method post input argument name type required description path parameters caseid string required parameters for the creates a case subset action query string optional parameter for creates a case subset location string optional parameter for creates a case subset casemetadata object optional response data casemetadata name string optional response data casemetadata description string optional response data input example {"json body" {"query" " ","location" "inventory0","casemetadata" {"name" "mycase","description" "simple case subset"}},"path parameters" {"caseid" "hdgfhj5253"}} output parameter type description status code number http status code of the response reason string response reason phrase functionkey string output field functionkey location string output field location output example {"status code" 200,"response headers" {},"reason" "ok","json body" {"functionkey" "string","location" "string"}} evidence file ingests a new file/directory target into a container in a simple case endpoint url /cases/{{caseid}}/evidence/file method post input argument name type required description path paramters object required parameter for evidence file path paramters caseid string required unique identifier target object optional parameter for evidence file target path string optional parameter for evidence file input example {"json body" {"target" {"path" "/mnt/raw data/singlefile txt"}},"path paramters" {"caseid" "bsdhdh234"}} output parameter type description status code number http status code of the response reason string response reason phrase functionkey string output field functionkey location string output field location output example {"status code" 200,"response headers" {},"reason" "ok","json body" {"functionkey" "string","location" "string"}} evidence loadfile use this operation to ingest a single type of data from a single source during a processing session this endpoint currently supports loadfiles in csv format endpoint url /cases/{{caseid}}/evidence/loadfile method post input argument name type required description path parameters caseid string required parameters for the evidence loadfile action target object optional parameter for evidence loadfile target path string optional parameter for evidence loadfile input example {"json body" {"target" {"path" "/mnt/loadfile csv"}},"path parameters" {"caseid" "gdgh2535"}} output parameter type description status code number http status code of the response reason string response reason phrase functionkey string output field functionkey location string output field location output example {"status code" 200,"response headers" {},"reason" "ok","json body" {"functionkey" "string","location" "string"}} evidence mail use this operation to ingest an individual mail store into a simple case this is useful when you want to ingest non microsoft exchange targets endpoint url /cases/{{caseid}}/evidence/mail method post input argument name type required description path parameters caseid string required parameters for the evidence mail action target object optional parameter for evidence mail target protocol string optional parameter for evidence mail target host string optional parameter for evidence mail target port number optional parameter for evidence mail target username string optional name of the resource target password string optional parameter for evidence mail input example {"json body" {"target" {"protocol" "imap","host" "imap gmail com","port" 993,"username" "myuser","password" "mypassword"}},"path parameters" {"caseid" "ahdh123"}} output parameter type description status code number http status code of the response reason string response reason phrase functionkey string output field functionkey location string output field location output example {"status code" 200,"response headers" {},"reason" "ok","json body" {"functionkey" "string","location" "string"}} evidence ms365 use this operation to ingest a single type of data from one source during a processing session endpoint url /cases/{{caseid}}/evidence/ms365 method post input argument name type required description path parameters caseid string required parameters for the evidence ms365 action target object optional parameter for evidence ms365 target tenantid string optional unique identifier target clientid string optional unique identifier target clientsecret string optional parameter for evidence ms365 target from string optional parameter for evidence ms365 target to string optional parameter for evidence ms365 target username string optional name of the resource target password string optional parameter for evidence ms365 target userprincipalnames array optional name of the resource target retrievals array optional parameter for evidence ms365 input example {"json body" {"target" {"tenantid" "tenantid","clientid" "clientid","clientsecret" "clientsecret","from" "2021 01 01","to" "2021 04 30","username" "username","password" "password","userprincipalnames" \["userprincipal\@domain com"],"retrievals" \["users contacts"]}},"path parameters" {"caseid" "gdjgs234"}} output parameter type description status code number http status code of the response reason string response reason phrase functionkey string output field functionkey location string output field location output example {"status code" 200,"response headers" {},"reason" "ok","json body" {"functionkey" "string","location" "string"}} evidence repository use this operation to ingest a single directory into a simple case as an evidence repository endpoint url /cases/{{caseid}}/evidence/repository method post input argument name type required description path parameters caseid string required parameters for the evidence repository action repository object optional parameter for evidence repository repository path string optional parameter for evidence repository input example {"json body" {"repository" {"path" "/mnt/repositories"}},"path parameters" {"caseid" "shddhj123"}} output parameter type description status code number http status code of the response reason string response reason phrase functionkey string output field functionkey location string output field location output example {"status code" 200,"response headers" {},"reason" "ok","json body" {"functionkey" "string","location" "string"}} response headers header description example content type the media type of the resource application/json date the date and time at which the message was originated thu, 01 jan 2024 00 00 00 gmt