Qevlar Eye Screenshot refers to an image captured by Qevlar Eye for investigation purposes. This screenshot can represent an email or a website snapshot and is treated as an observable within the Qevlar Platform user interface.
Access through the platform:
Connect to Qevlar Platform > Open Investigations Report > You should find Qevlar Eye screenshot available in Observables when relevant.
Access through Public API:
While SOC analysts can view these screenshots directly in the platform, some may prefer to access them programmatically — for example, through their ticketing system or custom workflows using the Qevlar API.
To retrieve Qevlar Eye screenshots through the API, follow the steps below (example: email alert):
-
Fetch result for your investigation:
/v2/investigations/:alert_id:/result -
In the result JSON, fetch the following path:
investigation→observables -
Go through the observables list to find the email:
type: "Email" -
Find the URL to download the screenshot in the email observable:
enrichment_tools→scanner_type: "Qevlar Eye"→external_url -
The URL should look like
https://api.qevlar.com/v2/proxy/uri-download?tool=...&uri=...⇒ Perform a GET query with the usual authentication method