Get Job Status API
Get Job Status
Check the status and retrieve results of analysis jobs. Returns comprehensive investigation data when processing is complete.
API Endpoint
GET /analysis/job/{job_id}
HTTP Headers
- X-Cursed-Api-Token: API token for authentication
- X-Cursed-Api-Enc-Key: Encryption key for accessing encrypted results (required for private jobs)
Request Method
GET
Parameters
Path Parameters
| Parameter | Type | Required | Description |
|---|---|---|---|
job_id | UUID | Yes | Unique identifier for the analysis job |
Response Format
Success Response (200 OK):
{
"id": "550e8400-e29b-41d4-a716-446655440000",
"job_name": "Cosmic Dragon Analysis",
"status": "Completed",
"insights": [
{
"Timeline": {
"title": "Event Timeline",
"data": [
{
"timestamp_start": 1705395015000,
"timestamp_end": null,
"record_id": 1,
"short_name": "Process Creation",
"description": "powershell.exe started with suspicious parameters",
"category": "Process",
"importance": "High"
}
],
"category": "General"
}
},
{
"Table": {
"title": "Process Events",
"data": [
["Timestamp", "Process", "Command Line", "User"],
["2024-01-15T09:30:15Z", "powershell.exe", "-ExecutionPolicy Bypass", "SYSTEM"],
["2024-01-15T09:30:20Z", "cmd.exe", "whoami /all", "SYSTEM"]
],
"category": "Process"
}
},
{
"IndexTable": {
"title": "Event Table",
"data": [
[
[
"5379",
"233973",
"2024-12-12 14:17:13",
"Microsoft-Windows-Security-Auditing",
"WIN7EVAL",
"Credential Manager credentials were read."
],
{
"ClientProcessId": "19288",
"CountOfCredentialsReturned": "1",
"ProcessCreationTime": "2024-12-12T10:42:42.007003Z",
"ReadOperation": "%%8100",
"ReturnCode": "0",
"SubjectDomainName": "WORKGROUP",
"SubjectUserName": "User",,
"TargetName": "MicrosoftAccount:[email protected]",
"Type": "0"
}
],
],
"columns": [
"Event ID",
"Record ID",
"Timestamp",
"Provider",
"Computer",
"Message",
"Event Data"
],
"category": "General"
}
}
]
}
Response Schema
| Field | Type | Description |
|---|---|---|
id | UUID | Job identifier that was queried |
job_name | String | Human-readable name for the analysis job |
status | String | Current processing status ("Pending", "Processing", "Completed", "Failed") |
insights | Array | Analysis results (present when status is "Completed") |
Job Status Values
| Status | Description | Next Action |
|---|---|---|
Pending | Job queued for processing | Continue polling |
Processing | Currently being analyzed | Continue polling |
Completed | Analysis finished successfully | Review insights |
Failed | Processing encountered errors | Check error details |
Insight Types
Analysis results can contain various insight types:
Timeline
Chronological sequence of KEY EVENTS ONLY, AND NOT A FULL FORENSIC TIMELINE, with importance levels, reference records (if available), a short and long description, a category and two timestamps - the time when this TYPE of event was observed first and the time when it was seen last (to trim down the exponential growth )
{
"Timeline": {
"title": "Event Timeline",
"data": [
{
"timestamp_start": 1705395015000,
"timestamp_end": 1705395020000,
"record_id": 1,
"short_name": "Malicious Process",
"description": "Suspicious PowerShell execution detected",
"category": "Process",
"importance": "Critical"
}
],
"category": "General"
}
}
Table
Structured tabular data with columns and rows.
{
"Table": {
"title": "Network Connections",
"data": [
["Source IP", "Destination", "Port", "Protocol"],
["192.168.1.100", "malicious-domain.com", "443", "HTTPS"],
["10.0.0.50", "suspicious-ip.net", "8080", "HTTP"]
],
"category": "Network"
}
}
Chart
Statistical data for visualization.
{
"Chart": {
"title": "Event Distribution",
"data": [
["Process Creation", 45],
["Network Connection", 23],
["File Access", 67]
],
"category": "General",
"display_mode": "Chart"
}
}
Graph
Network relationships and connections. Multiple types of Graph optimisations are made to graphs before they get returned to users to reduce complexity and compute requirements for users interacting with graphs. Statistics and summary nodes are created in the graph metadata section to allow for more contextual reconstruction.
{
"Graph": {
"title": "Process Tree",
"data": "digraph { ... }", // DOT Formatted graph
"graph_metadata": {
"_stats_original_nodes": ["12345"],
"_stats_optimized_nodes": ["123"],
"summary_104_Pattern_ProcessIds_to_ProcessUser_OUT_HasUser_and_ProcessUser_OUT_HasUser_and_NetworkAddress_OUT_NetworkConnection_and_NetworkAddress_OUT_NetworkConnection_and_ProcessPath_OUT_HasPath": ["10256","26756","15908",...],
"summary_96_Outgoing_ProcessPath": [ "C:\\Windows\\SysWOW64\\agentactivationruntime.dll","C:\\Windows\\SysWOW64\\Speech\\Common\\sapi.dll",...]
},
"category": "General"
}
}
Metadata
Key-value analysis summary.
{
"Metadata": {
"title": "Analysis Summary",
"data": {
"total_events": "1247",
"malicious_processes": "3",
"network_connections": "23",
"risk_level": "High"
},
"category": "General"
}
}
Error
Processing errors or failures.
{
"Error": {
"message": "Failed to parse event log: Invalid file format"
}
}
Event Importance Levels
| Level | Description |
|---|---|
Informational | General system activity |
Low | Minor events of interest |
Medium | Potentially suspicious activity |
High | Likely malicious activity |
Critical | Confirmed threats requiring immediate attention |
Analysis Categories
| Category | Description |
|---|---|
General | Mixed or summary data |
Authentication | Login and authentication events |
Network | Network connections and traffic |
Persistence | Malware persistence mechanisms |
Process | Process creation and execution |
Sigma | Security rule matches |
Example cURL Commands
Check Job Status
curl -X GET https://api.cursedtools.com/analysis/job/550e8400-e29b-41d4-a716-446655440000 \
-H "X-Cursed-Api-Token: your_api_token" \
-H "X-Cursed-Api-Enc-Key: your_encryption_key"
Public Job (No Encryption Key)
curl -X GET https://api.cursedtools.com/analysis/job/550e8400-e29b-41d4-a716-446655440000 \
-H "X-Cursed-Api-Token: your_api_token"
Error Codes
| HTTP Status | Description |
|---|---|
| 200 | Success - Job status retrieved |
| 401 | Unauthorized - Missing or invalid authentication |
| 403 | Forbidden - Encryption key required for private job |
| 404 | Not Found - Job not found or no access |
| 500 | Internal Server Error - Server processing error |
Error Response Examples
Error Response (401 Unauthorized):
Unauthorized
Error Response (404 Not Found):
Job with ID {job_id} not found
Error Response (500 Internal Server Error):
An error occurred while processing your request. If you would like to report it contact us via the feedback form on cursed.tools/feedback and quote the following ID: [uuid]
Notes
- Authentication is required to access job status, if it's not public
- Encryption key is required for private/encrypted jobs
- Public jobs can be accessed without encryption key
- Job insights are only available when status is "Completed"
- Failed jobs may contain error insights explaining the failure
- Timeline data uses Unix timestamps in milliseconds
- Job names are auto-generated using creative memorable combinations
- Results can contain multiple insight types in a single response
- Categories help organize different types of analysis data
- Graph data contains a DOT formatted string representation of the graph and reference metadata for enrichment post optimisation
Best Practices
Polling Strategy
Recommended Intervals
- First minute: Poll every 5 seconds
- After 1 minute: Poll every 15 seconds
- After 5 minutes: Poll every 30 seconds
- Maximum timeout: 10-15 minutes for large files
Next Steps
After retrieving job results:
- Search EVTX Results - Filter and query analysis data
- Delete Jobs - Clean up completed analyses
Job status monitoring is essential for tracking analysis progress and retrieving encrypted investigation results securely.
List Jobs
Retrieves a list of all analysis jobs owned by the authenticated user. Returns job metadata including ID, name, status, creation date, visibility, and job type.
Sigma Data Analysis
Runs Sigma rules against user-provided test data in real-time. Supports both custom rules and community rules for detection engineering and threat hunting rule validation.