[QUESTION] Get analyser jobs per case ?

[StiveN99]

Trying to create a reporting responder using the following reporter as a base. I want the responder to fetch all analyzer job results for each observable in case. The purpose is to have all information included in the report(for a case) so the analyst can edit/remove what is required or not in the final report.

I've checked the Cortex4py documentation and you can get (ex: per name or id)the analyzer and jobs details but there is no way to narrow it down to a specific case(using the case ID for example).

Basically, I would like to be able to programatically get all analyzer job results for each observable in a case.Is it something that is feasible? If not, is it a capability that could be implemented?

Thanks

[StiveN99]

Ended up using the REST service:

curl -XPOST -H 'Content-Type: application/json' -H 'Authorization: Bearer xxxxxxxxxxxxxxx 'http://xxx.xxx.xxx.xxx:9000/api/v1/query/' -d '{
"query":[
{"_name":"getCase","idOrName":"~45304"},
{"_name":"observables"},
{"_name":"sort","_fields":[{"startDate":"desc" }]}
]
}'

curl -XPOST -H 'Content-Type: application/json' -H 'Authorization: Bearer xxxxxxxxxxxxx' 'http://xxx.xxx.xxx.xxx:9000/api/connector/cortex/job/_search' -d '{
"sort": "-startDate",
"range": "all",
"query": {
"_parent": {
"_type": "case_artifact",
"_query": {
"_id": "~41590936"
}
}
}
}'