> ## Documentation Index
> Fetch the complete documentation index at: https://docs.formal.ai/llms.txt
> Use this file to discover all available pages before exploring further.

# GetInsightEvaluation



## OpenAPI

````yaml /docs/api/openapi/insights_openapi.json post /core.v1.InsightsService/GetInsightEvaluation
openapi: 3.1.0
info:
  title: core.v1.InsightsService
  version: 0.0.1
servers:
  - url: https://api.joinformal.com
    description: Production API
security: []
tags:
  - name: core.v1.InsightsService
    description: >-
      Insights: proactive detection, monitoring, alerting, and suggested
      follow-ups from access and activity data.
paths:
  /core.v1.InsightsService/GetInsightEvaluation:
    post:
      tags:
        - core.v1.InsightsService
      summary: GetInsightEvaluation
      operationId: core.v1.InsightsService.GetInsightEvaluation
      requestBody:
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/core.v1.GetInsightEvaluationRequest'
        required: true
      responses:
        '200':
          description: Success
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/core.v1.GetInsightEvaluationResponse'
        '400':
          description: Bad Request - Invalid request parameters or body
          content:
            application/json:
              schema:
                type: object
                properties:
                  code:
                    type: string
                    example: invalid_request
                  message:
                    type: string
                    example: Invalid request parameters
                  details:
                    type: object
        '401':
          description: Unauthorized - Missing or invalid authentication
          content:
            application/json:
              schema:
                type: object
                properties:
                  code:
                    type: string
                    example: unauthorized
                  message:
                    type: string
                    example: Authentication required
        '403':
          description: Forbidden - Insufficient permissions
          content:
            application/json:
              schema:
                type: object
                properties:
                  code:
                    type: string
                    example: forbidden
                  message:
                    type: string
                    example: Insufficient permissions to perform this action
        '404':
          description: Not Found - Resource does not exist
          content:
            application/json:
              schema:
                type: object
                properties:
                  code:
                    type: string
                    example: not_found
                  message:
                    type: string
                    example: Resource not found
        '500':
          description: Internal Server Error - An error occurred processing the request
          content:
            application/json:
              schema:
                type: object
                properties:
                  code:
                    type: string
                    example: internal_error
                  message:
                    type: string
                    example: An internal error occurred
      security:
        - ApiKeyAuth: []
      x-codeSamples:
        - lang: curl
          label: cURL
          source: >-
            curl -X POST
            "https://api.joinformal.com/core.v1.InsightsService/GetInsightEvaluation"
            \
              -H "X-API-KEY: YOUR_API_KEY" \
              -H "Content-Type: application/json" \
              -d '{
                "example": "value"
              }'
        - lang: javascript
          label: JavaScript (fetch)
          source: >-
            fetch("https://api.joinformal.com/core.v1.InsightsService/GetInsightEvaluation",
            {
              method: "POST",
              headers: {
                "X-API-KEY": "YOUR_API_KEY",
                "Content-Type": "application/json"
              },
              body: JSON.stringify({
                example: "value"
              })
            })
              .then(response => response.json())
              .then(data => console.log(data))
              .catch(error => console.error(error));
        - lang: python
          label: Python
          source: >-
            import requests


            url =
            "https://api.joinformal.com/core.v1.InsightsService/GetInsightEvaluation"

            headers = {
                "X-API-KEY": "YOUR_API_KEY",
                "Content-Type": "application/json"
            }

            data = {
                "example": "value"
            }


            response = requests.post(url, headers=headers, json=data)

            print(response.json())
        - lang: go
          label: Go
          source: |-
            package main

            import (
                "bytes"
                "encoding/json"
                "fmt"
                "io"
                "net/http"
            )

            func main() {
                url := "https://api.joinformal.com/core.v1.InsightsService/GetInsightEvaluation"

                body := map[string]string{
                    "example": "value",
                }

                jsonData, _ := json.Marshal(body)

                req, _ := http.NewRequest("POST", url, bytes.NewBuffer(jsonData))
                req.Header.Set("X-API-KEY", "YOUR_API_KEY")
                req.Header.Set("Content-Type", "application/json")

                client := &http.Client{}
                resp, err := client.Do(req)
                if err != nil {
                    panic(err)
                }
                defer resp.Body.Close()

                responseBody, _ := io.ReadAll(resp.Body)
                fmt.Println(string(responseBody))
            }
components:
  schemas:
    core.v1.GetInsightEvaluationRequest:
      type: object
      properties:
        evaluationId:
          type: string
          title: evaluation_id
          minLength: 1
      title: GetInsightEvaluationRequest
      additionalProperties: false
    core.v1.GetInsightEvaluationResponse:
      type: object
      properties:
        status:
          type: string
          title: status
          minLength: 1
          description: >-
            running: evaluation in progress (poll again). succeeded | failed:
            terminal — stop polling.
        insights:
          type: array
          items:
            $ref: '#/components/schemas/core.v1.Insight'
          title: insights
          description: >-
            Insights persisted during the run (streamed); ordered by creation
            time. Populated while running and after success.
        errorMessage:
          type: string
          title: error_message
          nullable: true
        completedAt:
          $ref: '#/components/schemas/google.protobuf.Timestamp'
          title: completed_at
          nullable: true
        evaluationComplete:
          type: boolean
          title: evaluation_complete
          description: >-
            True when status is succeeded or failed (same as status !=
            "running").
        focusCategoryId:
          type: string
          title: focus_category_id
          description: Echo of the evaluation's scoped category (empty for legacy rows).
      title: GetInsightEvaluationResponse
      additionalProperties: false
    core.v1.Insight:
      type: object
      properties:
        id:
          type: string
          title: id
        title:
          type: string
          title: title
        description:
          type: string
          title: description
        category:
          type: string
          title: category
          description: >-
            Display label for the detection definition (from
            finding_category_definitions via join or snapshot).
        severity:
          type: string
          title: severity
        confidence:
          type: number
          title: confidence
          format: float
        outcome:
          type: string
          title: outcome
        status:
          type: string
          title: status
        subjectType:
          type: string
          title: subject_type
        subjectId:
          type: string
          title: subject_id
        subjectLabel:
          type: string
          title: subject_label
        subjectOnBehalfOf:
          type: string
          title: subject_on_behalf_of
          nullable: true
        evidence:
          type: array
          items:
            $ref: '#/components/schemas/core.v1.Evidence'
          title: evidence
        suggestedAction:
          $ref: '#/components/schemas/core.v1.SuggestedAction'
          title: suggested_action
        reasoning:
          type: string
          title: reasoning
          nullable: true
        sourceThreatEvaluationId:
          type: string
          title: source_threat_evaluation_id
          description: Evaluation that produced this insight (when applicable).
          nullable: true
        fingerprint:
          type: string
          title: fingerprint
        occurrenceCount:
          type: integer
          title: occurrence_count
          format: int32
        firstSeenAt:
          $ref: '#/components/schemas/google.protobuf.Timestamp'
          title: first_seen_at
        lastSeenAt:
          $ref: '#/components/schemas/google.protobuf.Timestamp'
          title: last_seen_at
        createdAt:
          $ref: '#/components/schemas/google.protobuf.Timestamp'
          title: created_at
        updatedAt:
          $ref: '#/components/schemas/google.protobuf.Timestamp'
          title: updated_at
        categoryId:
          type: string
          title: category_id
          description: >-
            Persisted category ID (e.g. llm01_prompt_injection); category above
            is the human display label.
      title: Insight
      additionalProperties: false
    google.protobuf.Timestamp:
      type: string
      examples:
        - '2023-01-15T01:30:15.01Z'
        - '2024-12-25T12:00:00Z'
      format: date-time
      description: >-
        A Timestamp represents a point in time independent of any time zone or
        local
         calendar, encoded as a count of seconds and fractions of seconds at
         nanosecond resolution. The count is relative to an epoch at UTC midnight on
         January 1, 1970, in the proleptic Gregorian calendar which extends the
         Gregorian calendar backwards to year one.

         All minutes are 60 seconds long. Leap seconds are "smeared" so that no leap
         second table is needed for interpretation, using a [24-hour linear
         smear](https://developers.google.com/time/smear).

         The range is from 0001-01-01T00:00:00Z to 9999-12-31T23:59:59.999999999Z. By
         restricting to that range, we ensure that we can convert to and from [RFC
         3339](https://www.ietf.org/rfc/rfc3339.txt) date strings.

         # Examples

         Example 1: Compute Timestamp from POSIX `time()`.

             Timestamp timestamp;
             timestamp.set_seconds(time(NULL));
             timestamp.set_nanos(0);

         Example 2: Compute Timestamp from POSIX `gettimeofday()`.

             struct timeval tv;
             gettimeofday(&tv, NULL);

             Timestamp timestamp;
             timestamp.set_seconds(tv.tv_sec);
             timestamp.set_nanos(tv.tv_usec * 1000);

         Example 3: Compute Timestamp from Win32 `GetSystemTimeAsFileTime()`.

             FILETIME ft;
             GetSystemTimeAsFileTime(&ft);
             UINT64 ticks = (((UINT64)ft.dwHighDateTime) << 32) | ft.dwLowDateTime;

             // A Windows tick is 100 nanoseconds. Windows epoch 1601-01-01T00:00:00Z
             // is 11644473600 seconds before Unix epoch 1970-01-01T00:00:00Z.
             Timestamp timestamp;
             timestamp.set_seconds((INT64) ((ticks / 10000000) - 11644473600LL));
             timestamp.set_nanos((INT32) ((ticks % 10000000) * 100));

         Example 4: Compute Timestamp from Java `System.currentTimeMillis()`.

             long millis = System.currentTimeMillis();

             Timestamp timestamp = Timestamp.newBuilder().setSeconds(millis / 1000)
                 .setNanos((int) ((millis % 1000) * 1000000)).build();

         Example 5: Compute Timestamp from Java `Instant.now()`.

             Instant now = Instant.now();

             Timestamp timestamp =
                 Timestamp.newBuilder().setSeconds(now.getEpochSecond())
                     .setNanos(now.getNano()).build();

         Example 6: Compute Timestamp from current time in Python.

             timestamp = Timestamp()
             timestamp.GetCurrentTime()

         # JSON Mapping

         In JSON format, the Timestamp type is encoded as a string in the
         [RFC 3339](https://www.ietf.org/rfc/rfc3339.txt) format. That is, the
         format is "{year}-{month}-{day}T{hour}:{min}:{sec}[.{frac_sec}]Z"
         where {year} is always expressed using four digits while {month}, {day},
         {hour}, {min}, and {sec} are zero-padded to two digits each. The fractional
         seconds, which can go up to 9 digits (i.e. up to 1 nanosecond resolution),
         are optional. The "Z" suffix indicates the timezone ("UTC"); the timezone
         is required. A proto3 JSON serializer should always use UTC (as indicated by
         "Z") when printing the Timestamp type and a proto3 JSON parser should be
         able to accept both UTC and other timezones (as indicated by an offset).

         For example, "2017-01-15T01:30:15.01Z" encodes 15.01 seconds past
         01:30 UTC on January 15, 2017.

         In JavaScript, one can convert a Date object to this format using the
         standard
         [toISOString()](https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Date/toISOString)
         method. In Python, a standard `datetime.datetime` object can be converted
         to this format using
         [`strftime`](https://docs.python.org/2/library/time.html#time.strftime) with
         the time format spec '%Y-%m-%dT%H:%M:%S.%fZ'. Likewise, in Java, one can use
         the Joda Time's [`ISODateTimeFormat.dateTime()`](
         http://joda-time.sourceforge.net/apidocs/org/joda/time/format/ISODateTimeFormat.html#dateTime()
         ) to obtain a formatter capable of generating timestamps in this format.
    core.v1.Evidence:
      type: object
      properties:
        type:
          type: string
          title: type
        ref:
          type: string
          title: ref
        hitCount:
          type:
            - integer
            - string
          title: hit_count
          format: int64
          nullable: true
        timeWindowStart:
          $ref: '#/components/schemas/google.protobuf.Timestamp'
          title: time_window_start
        timeWindowEnd:
          $ref: '#/components/schemas/google.protobuf.Timestamp'
          title: time_window_end
      title: Evidence
      additionalProperties: false
    core.v1.SuggestedAction:
      type: object
      properties:
        type:
          type: string
          title: type
        summary:
          type: string
          title: summary
        formalHint:
          $ref: '#/components/schemas/core.v1.StructuredFormalHint'
          title: formal_hint
          description: >-
            Optional; omit when summary alone is sufficient (see
            StructuredFormalHint).
          nullable: true
      title: SuggestedAction
      additionalProperties: false
      description: >-
        Suggested next step for humans (not "remediation"). summary is the
        primary field and may be
         natural language only (e.g. add a Formal native user for hostname X, escalate to HR, rotate keys).
         type is a loose tag: policy_change, permission_change, access_control, account_action, recommendation,
         investigate, no_action, etc. — not a strict enum; clients should not assume a fixed set.
    core.v1.StructuredFormalHint:
      type: object
      properties:
        name:
          type: string
          title: name
        description:
          type: string
          title: description
        code:
          type: string
          title: code
        resourceName:
          type: string
          title: resource_name
        action:
          type: string
          title: action
        dryRun:
          type: boolean
          title: dry_run
      title: StructuredFormalHint
      additionalProperties: false
      description: >-
        StructuredFormalHint is optional: use only when part of the suggestion
        maps to a Formal
         artifact (policy code, target resource, dry-run). For HR/process/onboarding-style advice, or
         "block this user" / "review with manager" without Rego, leave this unset and put everything in summary.
  securitySchemes:
    ApiKeyAuth:
      type: apiKey
      in: header
      name: X-API-KEY
      description: API key authentication. Get your API key from the Formal console.

````