Documentation for C-Werk 2.0.
Previous page
Next page
Search by one source
Method: POST http://IP-Address:port/prefix/search/{auto|face|vmda|stranger|heatmap}/{DETECTORID}/{BEGINTIME/ENDTIME}
- auto|face|vmda|stranger|heatmap – search type. The request body must include the "query" function if "vmda" search type is used (see Forensic Search MomentQuest (VMDA) API).
- DETECTORID – endpoint detection tool ternary ID (HOSTNAME/AVDetector.ID/EventSupplier for auto and face search, HOSTNAME/AVDetector.ID/SourceEndpoint.vmda for vmda, see Get list of detection tools).
Note
The ENDTIME and BEGINTIME syntax is described in Get archive contents section.
A request for search on a single computer is also supported for auto and face search, the request structure is as follows:
http://localhost/prefix/search/(auto|face)/{HOSTNAME}/{BEGINTIME}/{ENDTIME}
HOSTNAME – Server name.
Search by multiple sources
Method: POST http://IP-Address:port/prefix/search/{auto|face|vmda|stranger|heatmap}/{BEGINTIME/ENDTIME}
This search type always accepts JSON in the POST body that is to include at least one section of the form:
"sources": [ "hosts/AVDetector.1/EventSupplier" ]
When the search request is performed, JSON is to include image in base64 format.
{
"sources": [
"hosts/AVDetector.1/EventSupplier",
"hosts/AVDetector.2/EventSupplier"
],
"image" : "base64 encoded image"
}
Result
The request will return either error or response like:
HTTP/1.1 202 Accepted Connection: Close Location: /search/(auto|face|vmda|stranger|heatmap)/GUID Cache-Control: no-cache
Receiving the Accepted code does not guarantee successful execution of the search. This code only shows that the command has been taken to process.
| Parameter | Description |
|---|---|
| Location | Identifier for future access to search results. Example: /search/vmda/3dc15b75-6463-4eb1-ab2d-0eb0a8f54bd3 |
Error codes:
| Error code | Description |
|---|---|
| 400 | Incorrect request. |
| 500 | Internal Server error. |
Overview
Content Tools