Skip to main content

Documentation Index

Fetch the complete documentation index at: https://mintlify.com/samkit511/SAW---Security-Analyst-Workspace/llms.txt

Use this file to discover all available pages before exploring further.

SAW tracks analyst tasks in a persistent store alongside incidents. Tasks are created automatically by the MitigationAgent when a triage run produces actionable findings, but you can also create them manually, list them with filters, and mark them complete through the /tasks endpoints. Every endpoint requires a valid x-api-key header.

Task lifecycle

A task moves through two states: OPEN (the default on creation) and COMPLETED (set when you call the complete endpoint). The MitigationAgent sets source_agent to identify agent-generated tasks; manually created tasks set source_agent to TaskAPI. 
Created (OPEN)  →  Completed (COMPLETED)

Create a task

curl -X POST http://127.0.0.1:8080/tasks \
  -H "x-api-key: demo" \
  -H "Content-Type: application/json" \
  -d '{
    "title": "Review suspicious login attempt",
    "description": "Analyst follow-up required for SQLi pattern on /login endpoint.",
    "incident_id": "inc_7g8h9i0j1k2l",
    "priority": "HIGH",
    "owner": "analyst"
  }'
The response is the newly created task object: 
{
  "id": "task_3a4b5c6d7e8f",
  "incident_id": "inc_7g8h9i0j1k2l",
  "title": "Review suspicious login attempt",
  "description": "Analyst follow-up required for SQLi pattern on /login endpoint.",
  "status": "OPEN",
  "priority": "HIGH",
  "owner": "analyst",
  "source_agent": "TaskAPI",
  "created_at": 1716566400.0,
  "updated_at": 1716566400.0,
  "completed_at": null,
  "metadata_json": {}
}

Task fields

FieldTypeDescription
idstringUnique task identifier (prefixed task_)
incident_idstring | nullIncident this task belongs to, if any
titlestringShort task title
descriptionstringFull task description
statusstringOPEN or COMPLETED
prioritystringLOW, MEDIUM, or HIGH
ownerstringAnalyst or team assigned to the task
source_agentstringAgent or system that created the task
created_atfloatUnix timestamp of creation
updated_atfloatUnix timestamp of last update
completed_atfloat | nullUnix timestamp when completed, or null

List tasks

Retrieve all tasks, optionally filtered by incident or status. 
curl http://127.0.0.1:8080/tasks \
  -H "x-api-key: demo"
The response wraps the results in a tasks array: 
{
  "tasks": [
    {
      "id": "task_3a4b5c6d7e8f",
      "incident_id": "inc_7g8h9i0j1k2l",
      "title": "Review suspicious login attempt",
      "status": "OPEN",
      "priority": "HIGH",
      "owner": "analyst",
      "source_agent": "TaskAPI",
      "created_at": 1716566400.0,
      "updated_at": 1716566400.0,
      "completed_at": null
    }
  ]
}
Results are ordered by updated_at descending, with a maximum of 50 tasks returned per call.

Complete a task

Mark a task as done by POST-ing to /tasks/{task_id}/complete. No request body is needed. 
curl -X POST http://127.0.0.1:8080/tasks/task_3a4b5c6d7e8f/complete \
  -H "x-api-key: demo"
The response is the updated task object with status set to COMPLETED and completed_at populated: 
{
  "id": "task_3a4b5c6d7e8f",
  "incident_id": "inc_7g8h9i0j1k2l",
  "title": "Review suspicious login attempt",
  "status": "COMPLETED",
  "priority": "HIGH",
  "owner": "analyst",
  "source_agent": "TaskAPI",
  "created_at": 1716566400.0,
  "updated_at": 1716570000.0,
  "completed_at": 1716570000.0
}
If the task ID does not exist, the API returns HTTP 404: 
{
  "error": {
    "code": "task_not_found",
    "message": "Task ID not found."
  }
}
All /tasks endpoints require the x-api-key header. Requests without a valid key return HTTP 401. The default development key is demo; set the ASA_API_KEY environment variable to override it in production.
Use the incident_id filter together with status=OPEN to build a quick task queue view for a specific incident during an active investigation.

Build docs developers (and LLMs) love

Get started for freeTalk to us