api.events.v1 package

Submodules

api.events.v1.aggregated module

Autogenerated API

api.events.v1.aggregated.find_aggregated_event_stats(customerID: list = None, eventIdentifier: list = None, locationID: list = None, alarmID: list = None, attackCategoryID: list = None, sourceGeoCountry: list = None, destinationGeoCountry: list = None, geoCountry: list = None, properties: dict = None, minCount: int = None, associatedCaseID: list = None, sourceIPMinBits: int = None, destinationIPMinBits: int = None, subCriteria: list = None, resolution: int = None, groupBy: list = None, cutoff: int = None, signature: list = None, startTimestamp: int = None, endTimestamp: int = None, includeFlags: list = None, excludeFlags: list = None, lastUpdatedTimestamp: int = None, destinationIP: list = None, sourceIP: list = None, ip: list = None, destinationPort: list = None, sourcePort: list = None, port: list = None, minSeverity: str = None, maxSeverity: str = None, includeDeleted: bool = 'False', exclude: bool = 'False', countRawEvents: bool = 'False', includeOthers: bool = 'False', json: bool = True, verify: bool = True, apiKey: str = '', authentication: dict = {}) → dict[source]

Fetch aggregated event stats (PUBLIC) Returns a StatsContainer JSON format.

Return type:dict
api.events.v1.aggregated.find_aggregated_events(limit: int = None, offset: int = None, customerID: list = None, eventIdentifier: list = None, locationID: list = None, alarmID: list = None, attackCategoryID: list = None, sourceGeoCountry: list = None, destinationGeoCountry: list = None, geoCountry: list = None, properties: dict = None, minCount: int = None, associatedCaseID: list = None, sourceIPMinBits: int = None, destinationIPMinBits: int = None, subCriteria: list = None, signature: list = None, sortBy: list = None, startTimestamp: int = None, endTimestamp: int = None, includeFlags: list = None, excludeFlags: list = None, lastUpdatedTimestamp: int = None, destinationIP: list = None, sourceIP: list = None, ip: list = None, destinationPort: list = None, sourcePort: list = None, port: list = None, minSeverity: str = None, maxSeverity: str = None, includeDeleted: bool = 'False', exclude: bool = 'False', json: bool = True, verify: bool = True, apiKey: str = '', authentication: dict = {}) → dict[source]

Search for aggregated events (PUBLIC)

Return type:

dict

Parameters:
  • limit (int) – Limit results
  • offset (int) – Offset results
  • customerID (list) – Limit result to objects belonging to these customers
  • eventIdentifier (list) – Search for events specified by full ID (type/timestamp/customerid/eventid)
  • locationID (list) – Search for events having these locations
  • alarmID (list) – Search for events having an attack identifier (signature) mapped to any of these alarms
  • attackCategoryID (list) – Search for events having an attack identifier (signature) mapped to any of these categories
  • sourceGeoCountry (list) – Search for events where source IP is registered in any of these countries
  • destinationGeoCountry (list) – Search for events where destination IP is registered in any of these countries
  • geoCountry (list) – Search for events where source or destination IP is registered in any of these countries
  • properties (dict) – Search for events having these properties (logical AND)
  • minCount (int) – Search for events with aggregated count at least this high
  • associatedCaseID (list) – Search for events associated to one of these cases
  • sourceIPMinBits (int) – Do not include source CIDR-networks with wider mask than this
  • destinationIPMinBits (int) – Do not include destination CIDR-networks with wider mask than this
  • subCriteria (list) –
  • signature (list) –
  • sortBy (list) – Order results by these properties (prefix with - to sort descending)
  • startTimestamp (int) – Search objects from this timestamp
  • endTimestamp (int) – Search objects until this timestamp
  • includeFlags (list) – Search objects with these flags set
  • excludeFlags (list) – Exclude objects with these flags set
  • lastUpdatedTimestamp (int) – Search for events updated after this timestamp
  • destinationIP (list) –
  • sourceIP (list) –
  • ip (list) –
  • destinationPort (list) –
  • sourcePort (list) –
  • port (list) –
  • minSeverity (str) –
  • maxSeverity (str) –
  • includeDeleted (bool) – Also include deleted objects (where implemented)
  • exclude (bool) – Exclude these criteria from the parent criteria
Raises:
Returns:

{“offset”: 960, “limit”: 197, “responseCode”: 200, “count”: 420, “data”: [{“properties”: {“additionalProperties”: “Current company edge trouble success one.”}, “comments”: [{“timestamp”: 160225526, “comment”: “Then travel from.”}], “uri”: “Take admit table little rock.”, “count”: 368, “protocol”: “Field same high research drop respond factor.”, “timestamp”: 386984967, “startTimestamp”: 1126880892, “endTimestamp”: 1191244510, “lastUpdatedTimestamp”: 847010102, “flags”: [“FILTERED”], “severity”: “low”, “detailedEventIDS”: [“Field child until positive society themselves attorney.”], “id”: “Company already follow order ground.”}], “metaData”: {“additionalProperties”: {}}, “messages”: [{“message”: “Management writer ok.”, “messageTemplate”: “Budget computer trade nearly lead tend arm agency.”, “field”: “Kitchen someone system identify.”, “parameter”: {}, “timestamp”: 1273371173}], “currentPage”: 95, “size”: 437}

api.events.v1.aggregated.list_aggregated_events(customerID: list = None, signature: list = None, ip: list = None, startTimestamp: int = None, endTimestamp: int = None, limit: int = 25, offset: int = 0, json: bool = True, verify: bool = True, apiKey: str = '', authentication: dict = {}) → dict[source]

Simple search for aggregated events (PUBLIC)

Return type:

dict

Parameters:
  • customerID (list) – Limit to customerID
  • signature (list) – Limit to signature
  • ip (list) – Limit to ip/network
  • startTimestamp (int) – Limit to events after this timestamp (default is last 24 hours)
  • endTimestamp (int) – Limit to events before this timestamp
  • limit (int) – Limit results
  • offset (int) – Offset results
Raises:
Returns:

{“offset”: 859, “limit”: 489, “responseCode”: 200, “count”: 389, “data”: [{“properties”: {“additionalProperties”: “Address bank family marriage.”}, “comments”: [{“timestamp”: 1224515719, “comment”: “List section PM big citizen follow.”}], “uri”: “Method blue rule young through act.”, “count”: 729, “protocol”: “Try choice over sense style.”, “timestamp”: 1292809294, “startTimestamp”: 1303822960, “endTimestamp”: 154205768, “lastUpdatedTimestamp”: 829924150, “flags”: [“ASSOCIATED_TO_CASE_BY_FILTER”], “severity”: “high”, “detailedEventIDS”: [“Federal because wide join dinner manager.”], “id”: “Kitchen spring early able.”}], “metaData”: {“additionalProperties”: {}}, “messages”: [{“message”: “Heavy plant never suddenly quality.”, “messageTemplate”: “Interview protect night old respond president popular.”, “field”: “Enjoy see hard personal best several.”, “parameter”: {}, “timestamp”: 428511343}], “currentPage”: 580, “size”: 537}

api.events.v1.nids module

Autogenerated API

api.events.v1.nids.find_n_i_d_s_events(limit: int = None, offset: int = None, customerID: list = None, eventIdentifier: list = None, locationID: list = None, alarmID: list = None, attackCategoryID: list = None, sourceGeoCountry: list = None, destinationGeoCountry: list = None, geoCountry: list = None, properties: dict = None, sensorID: list = None, subCriteria: list = None, signature: list = None, sortBy: list = None, startTimestamp: int = None, endTimestamp: int = None, includeFlags: list = None, excludeFlags: list = None, lastUpdatedTimestamp: int = None, destinationIP: list = None, sourceIP: list = None, ip: list = None, destinationPort: list = None, sourcePort: list = None, port: list = None, minSeverity: str = None, maxSeverity: str = None, includeDeleted: bool = 'False', exclude: bool = 'False', json: bool = True, verify: bool = True, apiKey: str = '', authentication: dict = {}) → dict[source]

Search for NIDS events (PUBLIC)

Return type:

dict

Parameters:
  • limit (int) – Limit results
  • offset (int) – Offset results
  • customerID (list) – Limit result to objects belonging to these customers
  • eventIdentifier (list) – Search for events specified by full ID (type/timestamp/customerid/eventid)
  • locationID (list) – Search for events having these locations
  • alarmID (list) – Search for events having an attack identifier (signature) mapped to any of these alarms
  • attackCategoryID (list) – Search for events having an attack identifier (signature) mapped to any of these categories
  • sourceGeoCountry (list) – Search for events where source IP is registered in any of these countries
  • destinationGeoCountry (list) – Search for events where destination IP is registered in any of these countries
  • geoCountry (list) – Search for events where source or destination IP is registered in any of these countries
  • properties (dict) – Search for events having these properties (logical AND)
  • sensorID (list) –
  • subCriteria (list) –
  • signature (list) –
  • sortBy (list) – Order results by these properties (prefix with - to sort descending)
  • startTimestamp (int) – Search objects from this timestamp
  • endTimestamp (int) – Search objects until this timestamp
  • includeFlags (list) – Search objects with these flags set
  • excludeFlags (list) – Exclude objects with these flags set
  • lastUpdatedTimestamp (int) – Search for events updated after this timestamp
  • destinationIP (list) –
  • sourceIP (list) –
  • ip (list) –
  • destinationPort (list) –
  • sourcePort (list) –
  • port (list) –
  • minSeverity (str) –
  • maxSeverity (str) –
  • includeDeleted (bool) – Also include deleted objects (where implemented)
  • exclude (bool) – Exclude these criteria from the parent criteria
Raises:
Returns:

{“offset”: 306, “limit”: 568, “responseCode”: 200, “count”: 679, “data”: [{“properties”: {“additionalProperties”: “Decide popular into involve.”}, “comments”: [{“timestamp”: 820436525, “comment”: “Where write above item.”}], “count”: 460, “engineTimestamp”: 1446488971, “protocolID”: 606, “uri”: “Eye able resource investment.”, “timestamp”: 100769354, “severity”: “critical”, “flags”: [“HAS_PCAP”], “id”: “Or establish plant send.”}], “metaData”: {“additionalProperties”: {}}, “messages”: [{“message”: “Enjoy write relate message avoid for.”, “messageTemplate”: “Degree out line to.”, “field”: “Discover fly friend country power claim lead tend.”, “parameter”: {}, “timestamp”: 1439061920}], “currentPage”: 187, “size”: 458}

api.events.v1.nids.list_n_i_d_s_events(customerID: list = None, signature: list = None, ip: list = None, startTimestamp: int = None, endTimestamp: int = None, limit: int = 25, offset: int = 0, json: bool = True, verify: bool = True, apiKey: str = '', authentication: dict = {}) → dict[source]

Simple search for NIDS events (PUBLIC)

Return type:

dict

Parameters:
  • customerID (list) – Limit to customerID
  • signature (list) – Limit to signature
  • ip (list) – Limit to ip/network
  • startTimestamp (int) – Limit to events after this timestamp (default is last 24 hours)
  • endTimestamp (int) – Limit to events before this timestamp
  • limit (int) – Limit results
  • offset (int) – Offset results
Raises:
Returns:

{“offset”: 957, “limit”: 125, “responseCode”: 200, “count”: 822, “data”: [{“properties”: {“additionalProperties”: “Talk store approach appear.”}, “comments”: [{“timestamp”: 37783593, “comment”: “Clear clearly night hear animal go beyond.”}], “count”: 747, “engineTimestamp”: 359580653, “protocolID”: 139, “uri”: “Young prepare author suffer free before.”, “timestamp”: 159098097, “severity”: “high”, “flags”: [“FINALIZED”], “id”: “Follow history hold trouble.”}], “metaData”: {“additionalProperties”: {}}, “messages”: [{“message”: “Let boy do fine economy shoulder.”, “messageTemplate”: “Discussion benefit phone teach item.”, “field”: “Appear design store always college.”, “parameter”: {}, “timestamp”: 1136515680}], “currentPage”: 845, “size”: 175}

api.events.v1.payload module

Autogenerated API

api.events.v1.payload.get_payload(type: str, timestamp: int, customerID: int, eventID: str, json: bool = True, verify: bool = True, apiKey: str = '', authentication: dict = {}) → dict[source]

Fetch specified event payload (PUBLIC)

Return type:

dict

Parameters:
  • type (str) –
  • timestamp (int) –
  • customerID (int) –
  • eventID (str) –
Raises:
Returns:

{“offset”: 461, “limit”: 549, “responseCode”: 200, “count”: 568, “metaData”: {“additionalProperties”: {}}, “messages”: [{“message”: “Congress nice high north walk want firm.”, “messageTemplate”: “Need like better member smile both.”, “field”: “Trade high stock they.”, “parameter”: {}, “timestamp”: 630838338}], “currentPage”: 532, “size”: 785}

api.events.v1.pcap module

Autogenerated API

api.events.v1.pcap.get_pcap(type: str, timestamp: int, customerID: int, eventID: str, json: bool = True, verify: bool = True, apiKey: str = '', authentication: dict = {}) → dict[source]

Fetch specified event payload as PCAP (PUBLIC)

Return type:

dict

Parameters:
  • type (str) –
  • timestamp (int) –
  • customerID (int) –
  • eventID (str) –
Raises:
Returns:

{}

Module contents