Nuix

this connector integrates nuix's rest api with swimlane turbine prerequisites the nuix connector requires an url , username and password for authentication capabilities this connector provides the following capabilities creates a case creates a case subset case evidence evidence file evidence loadfile evidence mail evidence ms365 evidence repository configurations nuix asset authenticates using nuix credentials configuration parameters parameter description type required url a url to the target host string required username username string required password password string required licence shortname nuix license shortname, this will be the license used as long as the value is not overridden in a task that uses this asset string optional workers default number of workers this will be the number of workers for a task if the value is not overridden in a task that uses this asset string optional verify ssl verify ssl certificate boolean optional http proxy a proxy to route requests through string optional actions creates a case use this operation to create a case endpoint url /cases method post input argument name type required description name string required name of the resource location string optional parameter for creates a case description string optional parameter for creates a case compound boolean optional parameter for creates a case investigator string optional parameter for creates a case output parameter type description status code number http status code of the response reason string response reason phrase caseid string unique identifier name string name of the resource path string output field path description string output field description investigator string output field investigator creationdate number date value compound boolean output field compound elastic boolean output field elastic binarystorelocation string output field binarystorelocation indexid string unique identifier casesize number output field casesize casepathparent string output field casepathparent caseinvestigationtimezone string output field caseinvestigationtimezone hasexclusions object output field hasexclusions hasnuixsystemtags object output field hasnuixsystemtags hasproductionsets object output field hasproductionsets hascalculatedauditsize object output field hascalculatedauditsize casepath string output field casepath casename string name of the resource casedescription string output field casedescription casecreationdate number date value caseinvestigator string output field caseinvestigator example \[ { "status code" 201, "response headers" {}, "reason" "ok", "json body" { "caseid" "559710fa433a44c0a8b3a5805c4c8ba0", "name" "simplecase", "path" "/opt/nuix/cases/simplecase", "description" "about my simple case", "investigator" "inspector gadget", "creationdate" 1606248486451, "compound" false, "elastic" false, "binarystorelocation" "", "indexid" "", "casesize" 0, "casepathparent" "/opt/nuix/cases", "caseinvestigationtimezone" "etc/gmt", "hasexclusions" null, "hasnuixsystemtags" null } } ] case evidence ingests a new repository and/or supported containers into a simple case use this operation to ingest different types of data during a single processing session endpoint url /cases/{{caseid}}/evidence method post input argument name type required description caseid string required unique identifier processingprofile string optional parameter for case evidence containers array optional parameter for case evidence files array optional parameter for case evidence path string optional parameter for case evidence s3buckets array optional parameter for case evidence access string optional parameter for case evidence bucket string optional parameter for case evidence endpoint string optional parameter for case evidence secret string optional parameter for case evidence output parameter type description status code number http status code of the response reason string response reason phrase functionkey string output field functionkey location string output field location example \[ { "status code" 200, "response headers" {}, "reason" "ok", "json body" { "functionkey" "string", "location" "string" } } ] creates a case subset use this operation to create a case subset endpoint url /cases/{{caseid}}/subset method post input argument name type required description caseid string required unique identifier query string optional parameter for creates a case subset location string optional parameter for creates a case subset casemetadata object optional response data name string optional name of the resource description string optional parameter for creates a case subset output parameter type description status code number http status code of the response reason string response reason phrase functionkey string output field functionkey location string output field location example \[ { "status code" 200, "response headers" {}, "reason" "ok", "json body" { "functionkey" "string", "location" "string" } } ] evidence file ingests a new file/directory target into a container in a simple case endpoint url /cases/{{caseid}}/evidence/file method post input argument name type required description path paramters object required parameter for evidence file caseid string required unique identifier target object optional parameter for evidence file path string optional parameter for evidence file output parameter type description status code number http status code of the response reason string response reason phrase functionkey string output field functionkey location string output field location example \[ { "status code" 200, "response headers" {}, "reason" "ok", "json body" { "functionkey" "string", "location" "string" } } ] evidence loadfile use this operation to ingest a single type of data from a single source during a processing session this endpoint currently supports loadfiles in csv format endpoint url /cases/{{caseid}}/evidence/loadfile method post input argument name type required description caseid string required unique identifier target object optional parameter for evidence loadfile path string optional parameter for evidence loadfile output parameter type description status code number http status code of the response reason string response reason phrase functionkey string output field functionkey location string output field location example \[ { "status code" 200, "response headers" {}, "reason" "ok", "json body" { "functionkey" "string", "location" "string" } } ] evidence mail use this operation to ingest an individual mail store into a simple case this is useful when you want to ingest non microsoft exchange targets endpoint url /cases/{{caseid}}/evidence/mail method post input argument name type required description caseid string required unique identifier target object optional parameter for evidence mail protocol string optional parameter for evidence mail host string optional parameter for evidence mail port number optional parameter for evidence mail username string optional name of the resource password string optional parameter for evidence mail output parameter type description status code number http status code of the response reason string response reason phrase functionkey string output field functionkey location string output field location example \[ { "status code" 200, "response headers" {}, "reason" "ok", "json body" { "functionkey" "string", "location" "string" } } ] evidence ms365 use this operation to ingest a single type of data from one source during a processing session endpoint url /cases/{{caseid}}/evidence/ms365 method post input argument name type required description caseid string required unique identifier target object optional parameter for evidence ms365 tenantid string optional unique identifier clientid string optional unique identifier clientsecret string optional parameter for evidence ms365 from string optional parameter for evidence ms365 to string optional parameter for evidence ms365 username string optional name of the resource password string optional parameter for evidence ms365 userprincipalnames array optional name of the resource retrievals array optional parameter for evidence ms365 output parameter type description status code number http status code of the response reason string response reason phrase functionkey string output field functionkey location string output field location example \[ { "status code" 200, "response headers" {}, "reason" "ok", "json body" { "functionkey" "string", "location" "string" } } ] evidence repository use this operation to ingest a single directory into a simple case as an evidence repository endpoint url /cases/{{caseid}}/evidence/repository method post input argument name type required description caseid string required unique identifier repository object optional parameter for evidence repository path string optional parameter for evidence repository output parameter type description status code number http status code of the response reason string response reason phrase functionkey string output field functionkey location string output field location example \[ { "status code" 200, "response headers" {}, "reason" "ok", "json body" { "functionkey" "string", "location" "string" } } ] notes nuix apis https //developer nuix com/latest/reference/restapireference html#/