Skip to main content

SOC Workflow Integration (API)

Updated

API Overview

The Qevlar API is organized into several key areas:

  • Launching Investigation: Send alerts to Qevlar AI for processing
  • Review feedback: Request and retrieve automated investigations

  • Results Retrieval: Get detailed investigation reports and findings

     

API Reference for Alerts & Feedback Integration

Explore the following Swagger API for test and deployment.

 

Authentication

All API endpoints require authentication using Bearer tokens. Include your API token in the Authorization header:

Authorization: Bearer YOUR_API_TOKEN
 

Base URL

All API requests should be made to:

https://api.qevlar.com
 

Rate Limits

API requests are subject to rate limiting to ensure fair usage. Please refer to your subscription plan for specific limits.

Response Format

All API responses are returned in JSON format with appropriate HTTP status codes.

HTTP Status Codes Overview

5xx Server Errors

  • 5xx codes correspond to server-side errors (crash, gateway error, etc.)
  • In this case, no JSON is returned
  • These errors indicate issues on the server side that are typically temporary

4xx Client Errors

  • 401 Unauthorized: Missing, invalid, or expired authentication token
  • 422 Unprocessable Entity: Validation error in the request payload

Response format for 4xx errors:

{
  "details": "Error description"
}
 

2xx Success Codes

  • 200 OK: Request succeeded
  • 202 Accepted: Request accepted for async processing

Alert Endpoint Response Behavior

POST /alert (Creating an Alert)

When you submit an alert to Qevlar AI, you'll receive:

Success Response (202 Accepted):

{
  "alert_id": "unique-alert-identifier",
  "status": "PENDING"
}
 

This indicates the alert has been created and is queued for processing.

Error Response (4xx):

{
  "details": "Error description"
}
 

GET /alert/{id} (Retrieving Alert Status)

When checking the status of an alert, the endpoint returns 200 OK for all successfully processed requests, but the response structure varies based on the alert's processing state:

Alert in Progress:

{
  "details": {
    "message": "Investigation in progress",
    "status": "IN_PROGRESS",
    "alert": {
      ...alert information
    }
  }
}
 

Alert Failed:

{
  "details": {
    "message": "Error message describing the failure",
    "status": "FAILURE",
    "alert": {
      ...alert information
    }
  }
}
 

Alert Completed Successfully:

{
  ...complete alert information and results
}
 
info

Note that even failed alerts return 200 OK as the HTTP status code. The actual processing status is indicated in the status field within the response body.
 

Related articles