info: title: Helix API Documentation description: "FireEye Helix is a cloud-hosted security operations platform that allows organizations to take control of any incident from alert to fix. Available with any FireEye solution, FireEye Helix integrates your security tools and augments them with next-generation SIEM, orchestration and threat intelligence capabilities to capture the untapped potential of security investments. Designed by security experts, for security experts, it empowers security teams to efficiently conduct primary functions, such as alert management, search, analysis, investigations and reporting." termsOfService: "https://www.fireeye.com/company/legal.html" contact: name: "Developer Relations Team" email: "developers@fireeye.com" version: "1.4.1" paths: /helix/id/hexzsq689/api/v1/search/: post: summary: "Create custom search queries." description: Create custom search queries. operationId: search_post consumes: - "application/json" - "application/xml" produces: - "application/json" - "application/xml" parameters: - in: "body" name: "body" required: true schema: properties: query: description: 'The MQL search query' type: string required: true options: items: properties: offest: description: '' type: integer page_size: description: 'number of pages to display' type: integer start: description: 'start date in format yyyy-mm-ddThh:mm:ss' type: string end: description: 'end date in format yyyy-mm-ddThh:mm:ss' type: string required: - query type: object responses: '200': description: 'success' tags: - Search /helix/id/hexzsq689/api/v1/alerts/: get: description: 'View for tying together the serializer, authentication, permission and data restrictions for accessing Alerts' operationId: v1_alerts_list parameters: - description: Number of results to return per page. in: query name: limit required: false type: integer - description: The initial index from which to return the results. in: query name: offset required: false type: integer - description: 'Mongo JSON query syntax used to filter for specific results. See https://docs.mongodb.com/manual/reference/operator/query-comparison/ for more information on Mongo JSON query operators. Here is an example of the syntax for this filter: ?query={"state":{"$in":["Open","Reopened"]},"suppressed":false}' in: query name: query required: false type: string - description: 'Comma-separated list of field names to sort the results by. For example: "createDate" or "-updateDate,riskOrder"' in: query name: sort required: false type: string - description: Comma-separated list of field names to only select or exclude from the resulting data. in: query name: fields required: false type: string - description: Comma-separated list of field names to expand an ID into a full object representation of the related data. in: query name: includes required: false type: string responses: '200': description: '' summary: View for tying together the serializer, authentication, permission and tags: - Alerts post: consumes: - application/json description: 'View for tying together the serializer, authentication, permission and data restrictions for accessing Alerts' operationId: v1_alerts_create parameters: - in: body name: data schema: properties: _assignedTo: description: '' type: object alertThreat: description: '' type: string alertType: description: '' type: string classification: description: '' type: integer closedState: description: '' type: string confidence: description: '' type: string customer_id: description: '' type: string description: description: '' type: string distinguisherKey: description: '' type: string distinguishers: description: '' type: object emailedAt: description: '' type: integer eventsThreshold: description: '' type: integer externalId: description: '' type: string firstEventAt: description: '' type: string infoLinks: description: '' items: type: string type: array isHidden: description: '' type: boolean isTuned: description: '' type: boolean killChain: description: '' items: type: string type: array lastEventAt: description: '' type: string lastSyncMs: description: '' type: integer message: description: '' type: string originId: description: '' type: string queues: description: '' items: type: string type: array revisionNotes: description: '' type: string risk: description: '' type: string search: description: '' type: string secondsThreshold: description: '' type: integer severity: description: '' type: string sourceRevision: description: '' type: integer state: description: '' type: string tags: description: '' items: type: string type: array threatType: description: '' type: integer triggerId: description: '' type: string triggerRevision: description: '' type: integer tuningSearch: description: '' type: string required: - alertType - confidence - message - originId - risk - severity - tags type: object responses: '201': description: '' summary: View for tying together the serializer, authentication, permission and tags: - Alerts put: consumes: - application/json description: 'View for tying together the serializer, authentication, permission and data restrictions for accessing Alerts' operationId: v1_alerts_update parameters: - in: body name: data schema: properties: _assignedTo: description: '' type: object alertThreat: description: '' type: string alertType: description: '' type: string classification: description: '' type: integer closedState: description: '' type: string confidence: description: '' type: string customer_id: description: '' type: string description: description: '' type: string distinguisherKey: description: '' type: string distinguishers: description: '' type: object emailedAt: description: '' type: integer eventsThreshold: description: '' type: integer externalId: description: '' type: string firstEventAt: description: '' type: string infoLinks: description: '' items: type: string type: array isHidden: description: '' type: boolean isTuned: description: '' type: boolean killChain: description: '' items: type: string type: array lastEventAt: description: '' type: string lastSyncMs: description: '' type: integer message: description: '' type: string originId: description: '' type: string queues: description: '' items: type: string type: array revisionNotes: description: '' type: string risk: description: '' type: string search: description: '' type: string secondsThreshold: description: '' type: integer severity: description: '' type: string sourceRevision: description: '' type: integer state: description: '' type: string tags: description: '' items: type: string type: array threatType: description: '' type: integer triggerId: description: '' type: string triggerRevision: description: '' type: integer tuningSearch: description: '' type: string required: - alertType - confidence - message - originId - risk - severity - tags type: object responses: '200': description: '' summary: View for tying together the serializer, authentication, permission and tags: - Alerts securityDefinitions: apiKey: in: header name: x-mansfield-key type: apiKey swagger: '2.0'