{"openapi":"3.1.0","info":{"title":"DESA - Dynamic Encoded Script Analysis API","description":"API for analyzing, decoding, and deobfuscating PowerShell scripts. Extract IOCs, detect threats, and integrate with security tools.","version":"1.0.0","contact":{"name":"Platphorm News","url":"https://platphormnews.com"},"license":{"name":"MIT","url":"https://opensource.org/licenses/MIT"}},"servers":[{"url":"https://desa.platphormnews.com","description":"Production"}],"paths":{"/api/health":{"get":{"summary":"Health Check","description":"Check API and database health status","tags":["System"],"responses":{"200":{"description":"System is healthy","content":{"application/json":{"schema":{"type":"object","properties":{"status":{"type":"string","enum":["healthy","degraded"]},"version":{"type":"string"},"timestamp":{"type":"string","format":"date-time"},"checks":{"type":"object","properties":{"database":{"type":"object","properties":{"status":{"type":"string"},"latency_ms":{"type":"number"}}},"api":{"type":"object","properties":{"status":{"type":"string"},"latency_ms":{"type":"number"}}}}}}}}}}}}},"/api/v1/analyze":{"post":{"summary":"Analyze Script","description":"Analyze a PowerShell script for threats, encodings, and IOCs","tags":["Analysis"],"requestBody":{"required":true,"content":{"application/json":{"schema":{"type":"object","required":["content"],"properties":{"content":{"type":"string","description":"The PowerShell script content to analyze"},"name":{"type":"string","description":"Optional name for the script"},"analysis_type":{"type":"string","enum":["full","decode_only","deobfuscate","ioc_extract","threat_detect"],"default":"full"},"options":{"type":"object","properties":{"max_deobfuscation_depth":{"type":"integer","default":10},"extract_iocs":{"type":"boolean","default":true},"apply_rules":{"type":"boolean","default":true},"include_artifacts":{"type":"boolean","default":true}}}}}}}},"responses":{"200":{"description":"Analysis completed successfully","content":{"application/json":{"schema":{"$ref":"#/components/schemas/AnalyzeResponse"}}}},"400":{"description":"Invalid request","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorResponse"}}}},"429":{"description":"Rate limit exceeded"}}}},"/api/v1/scripts":{"get":{"summary":"List Scripts","description":"Get a paginated list of analyzed scripts","tags":["Scripts"],"parameters":[{"name":"page","in":"query","schema":{"type":"integer","default":1}},{"name":"per_page","in":"query","schema":{"type":"integer","default":20}},{"name":"q","in":"query","schema":{"type":"string"},"description":"Search query"},{"name":"min_score","in":"query","schema":{"type":"integer"}},{"name":"max_score","in":"query","schema":{"type":"integer"}},{"name":"is_malicious","in":"query","schema":{"type":"boolean"}}],"responses":{"200":{"description":"List of scripts","content":{"application/json":{"schema":{"type":"object","properties":{"success":{"type":"boolean"},"data":{"type":"array","items":{"$ref":"#/components/schemas/Script"}},"meta":{"$ref":"#/components/schemas/PaginationMeta"}}}}}}}}},"/api/v1/scripts/{id}":{"get":{"summary":"Get Script","description":"Get a specific script with its analysis results and IOCs","tags":["Scripts"],"parameters":[{"name":"id","in":"path","required":true,"schema":{"type":"string"}}],"responses":{"200":{"description":"Script details"},"404":{"description":"Script not found"}}},"delete":{"summary":"Delete Script","description":"Soft delete a script","tags":["Scripts"],"parameters":[{"name":"id","in":"path","required":true,"schema":{"type":"string"}}],"responses":{"200":{"description":"Script deleted"},"404":{"description":"Script not found"}}}},"/api/v1/rules":{"get":{"summary":"List Detection Rules","description":"Get a list of detection rules","tags":["Rules"],"parameters":[{"name":"category","in":"query","schema":{"type":"string"}},{"name":"severity","in":"query","schema":{"type":"string"}},{"name":"enabled","in":"query","schema":{"type":"boolean"}},{"name":"builtin","in":"query","schema":{"type":"boolean"}}],"responses":{"200":{"description":"List of rules"}}},"post":{"summary":"Create Detection Rule","description":"Create a new custom detection rule","tags":["Rules"],"requestBody":{"required":true,"content":{"application/json":{"schema":{"type":"object","required":["name","pattern","category","severity"],"properties":{"name":{"type":"string"},"description":{"type":"string"},"category":{"type":"string"},"severity":{"type":"string","enum":["critical","high","medium","low","info"]},"pattern":{"type":"string"},"pattern_type":{"type":"string","enum":["regex","literal","ast"]},"mitre_attack_ids":{"type":"array","items":{"type":"string"}},"references":{"type":"array","items":{"type":"string"}}}}}}},"responses":{"201":{"description":"Rule created"},"400":{"description":"Invalid request"}}}},"/api/v1/iocs":{"get":{"summary":"List IOCs","description":"Get a list of extracted IOCs across all scripts","tags":["IOCs"],"parameters":[{"name":"type","in":"query","schema":{"type":"string"},"description":"Filter by IOC type"},{"name":"page","in":"query","schema":{"type":"integer","default":1}},{"name":"per_page","in":"query","schema":{"type":"integer","default":50}}],"responses":{"200":{"description":"List of IOCs"}}}}},"components":{"schemas":{"Script":{"type":"object","properties":{"id":{"type":"string"},"name":{"type":"string"},"content_hash":{"type":"string"},"file_size":{"type":"integer"},"encoding_detected":{"type":"array","items":{"type":"string"}},"is_malicious":{"type":"boolean"},"threat_score":{"type":"integer","minimum":0,"maximum":100},"tags":{"type":"array","items":{"type":"string"}},"created_at":{"type":"string","format":"date-time"}}},"AnalyzeResponse":{"type":"object","properties":{"success":{"type":"boolean"},"data":{"type":"object","properties":{"script":{"$ref":"#/components/schemas/Script"},"analysis":{"$ref":"#/components/schemas/AnalysisResult"},"iocs":{"type":"array","items":{"$ref":"#/components/schemas/IOC"}}}}}},"AnalysisResult":{"type":"object","properties":{"id":{"type":"string"},"script_id":{"type":"string"},"analysis_type":{"type":"string"},"status":{"type":"string"},"threat_score":{"type":"integer"},"findings":{"type":"array","items":{"$ref":"#/components/schemas/Finding"}},"decoded_content":{"type":"string","nullable":true},"deobfuscation_steps":{"type":"array"},"execution_time_ms":{"type":"integer"}}},"Finding":{"type":"object","properties":{"id":{"type":"string"},"severity":{"type":"string","enum":["critical","high","medium","low","info"]},"category":{"type":"string"},"title":{"type":"string"},"description":{"type":"string"},"line_number":{"type":"integer","nullable":true},"matched_content":{"type":"string","nullable":true},"mitre_attack_id":{"type":"string","nullable":true}}},"IOC":{"type":"object","properties":{"id":{"type":"string"},"ioc_type":{"type":"string"},"value":{"type":"string"},"confidence":{"type":"number"},"context":{"type":"string","nullable":true}}},"PaginationMeta":{"type":"object","properties":{"page":{"type":"integer"},"per_page":{"type":"integer"},"total":{"type":"integer"},"total_pages":{"type":"integer"}}},"ErrorResponse":{"type":"object","properties":{"success":{"type":"boolean","enum":[false]},"error":{"type":"object","properties":{"code":{"type":"string"},"message":{"type":"string"},"details":{"type":"object"}}}}}}},"tags":[{"name":"System","description":"System health and status endpoints"},{"name":"Analysis","description":"Script analysis endpoints"},{"name":"Scripts","description":"Script management endpoints"},{"name":"Rules","description":"Detection rule management"},{"name":"IOCs","description":"Indicator of Compromise endpoints"}]}