[FR] API Events/List child/parent relationship

dfir-iris / iris-web

Collaborative Incident Response platform

GNU Lesser General Public License v3.0

1.09k stars 189 forks source link

[FR] API Events/List child/parent relationship #492

Closed cso-sekkop closed 2 months ago

cso-sekkop commented 5 months ago

Is your feature request related to a problem? Please describe. In the endpoint "/case/timeline/events/list" there is no child/parent relationship present.

Describe the solution you'd like There could be a field named "parent_event_id" in each event.

Describe alternatives you've considered Events can also be nested within each other.

59e5aaf4 commented 2 months ago

The existing parent/child relationship is listed by the API at /case/timeline/advanced-filter?cid=1&q=%257B%257D, which is used by the timeline view. It's a little bit convoluted, but it has more info than the normal API. ( As usual, webUI API > API API :P ). It's listed as parent_event_id.

whikernel commented 2 months ago

The API specification actually indicates that events/list is deprecated and advanced-filter should be used: https://docs.dfir-iris.org/latest/_static/iris_api_reference_v2.0.4.html#tag/Case-timeline/operation/get-case-timeline-filter 👍