I am building InsightIDR APP to run with the SOAR Shuffle. I really love the API and the way you provide clear documentation about it.
I have different issue regarding the usage of API and webhook I would like to share.
Alert webhooks work well with the tool but the custom alert webhooks got different way of structure (this is not really an issue) but also seems to be only coming from the cloud as source and I can’t select a data exporter from one of my collectors. This means I need to expose it on the WAN.
- Log API
The new log API seems to be responding to quite some of the need for automation, however spec files seems to make call on references and I am not sure how to use it compare to the previous one where every spec where contain in one file.
- Request Investigation List
It is possible currently by the API to request a list of investigation but not a unique one. I would like to be able to get the same json data than the one received when an alert is sent by webhook as the current list doesn’t contains as much info.