api.events.v1 package¶
Subpackages¶
Submodules¶
api.events.v1.aggregated module¶
Autogenerated API
-
api.events.v1.aggregated.
find_aggregated_event_stats
(customerID: list = None, eventIdentifier: list = None, locationID: list = None, alarmID: list = None, attackCategoryID: list = None, sourceGeoCountry: list = None, destinationGeoCountry: list = None, geoCountry: list = None, properties: dict = None, minCount: int = None, associatedCaseID: list = None, sourceIPMinBits: int = None, destinationIPMinBits: int = None, subCriteria: list = None, resolution: int = None, groupBy: list = None, cutoff: int = None, signature: list = None, startTimestamp: int = None, endTimestamp: int = None, includeFlags: list = None, excludeFlags: list = None, lastUpdatedTimestamp: int = None, destinationIP: list = None, sourceIP: list = None, ip: list = None, destinationPort: list = None, sourcePort: list = None, port: list = None, minSeverity: str = None, maxSeverity: str = None, includeDeleted: bool = 'False', exclude: bool = 'False', countRawEvents: bool = 'False', includeOthers: bool = 'False', json: bool = True, verify: bool = True, apiKey: str = '', authentication: dict = {}) → dict[source]¶ Fetch aggregated event stats (PUBLIC) Returns a StatsContainer JSON format.
Return type: dict
-
api.events.v1.aggregated.
find_aggregated_events
(limit: int = None, offset: int = None, customerID: list = None, eventIdentifier: list = None, locationID: list = None, alarmID: list = None, attackCategoryID: list = None, sourceGeoCountry: list = None, destinationGeoCountry: list = None, geoCountry: list = None, properties: dict = None, minCount: int = None, associatedCaseID: list = None, sourceIPMinBits: int = None, destinationIPMinBits: int = None, subCriteria: list = None, signature: list = None, sortBy: list = None, startTimestamp: int = None, endTimestamp: int = None, includeFlags: list = None, excludeFlags: list = None, lastUpdatedTimestamp: int = None, destinationIP: list = None, sourceIP: list = None, ip: list = None, destinationPort: list = None, sourcePort: list = None, port: list = None, minSeverity: str = None, maxSeverity: str = None, includeDeleted: bool = 'False', exclude: bool = 'False', json: bool = True, verify: bool = True, apiKey: str = '', authentication: dict = {}) → dict[source]¶ Search for aggregated events (PUBLIC)
Return type: dict
Parameters: - limit (int) – Limit results
- offset (int) – Offset results
- customerID (list) – Limit result to objects belonging to these customers
- eventIdentifier (list) – Search for events specified by full ID (type/timestamp/customerid/eventid)
- locationID (list) – Search for events having these locations
- alarmID (list) – Search for events having an attack identifier (signature) mapped to any of these alarms
- attackCategoryID (list) – Search for events having an attack identifier (signature) mapped to any of these categories
- sourceGeoCountry (list) – Search for events where source IP is registered in any of these countries
- destinationGeoCountry (list) – Search for events where destination IP is registered in any of these countries
- geoCountry (list) – Search for events where source or destination IP is registered in any of these countries
- properties (dict) – Search for events having these properties (logical AND)
- minCount (int) – Search for events with aggregated count at least this high
- associatedCaseID (list) – Search for events associated to one of these cases
- sourceIPMinBits (int) – Do not include source CIDR-networks with wider mask than this
- destinationIPMinBits (int) – Do not include destination CIDR-networks with wider mask than this
- subCriteria (list) –
- signature (list) –
- sortBy (list) – Order results by these properties (prefix with - to sort descending)
- startTimestamp (int) – Search objects from this timestamp
- endTimestamp (int) – Search objects until this timestamp
- includeFlags (list) – Search objects with these flags set
- excludeFlags (list) – Exclude objects with these flags set
- lastUpdatedTimestamp (int) – Search for events updated after this timestamp
- destinationIP (list) –
- sourceIP (list) –
- ip (list) –
- destinationPort (list) –
- sourcePort (list) –
- port (list) –
- minSeverity (str) –
- maxSeverity (str) –
- includeDeleted (bool) – Also include deleted objects (where implemented)
- exclude (bool) – Exclude these criteria from the parent criteria
Raises: - AuthenticationFailedException – on 401
- ValidationFailedException – on 412
- AccessDeniedException – on 403
Returns: {“offset”: 960, “limit”: 197, “responseCode”: 200, “count”: 420, “data”: [{“properties”: {“additionalProperties”: “Current company edge trouble success one.”}, “comments”: [{“timestamp”: 160225526, “comment”: “Then travel from.”}], “uri”: “Take admit table little rock.”, “count”: 368, “protocol”: “Field same high research drop respond factor.”, “timestamp”: 386984967, “startTimestamp”: 1126880892, “endTimestamp”: 1191244510, “lastUpdatedTimestamp”: 847010102, “flags”: [“FILTERED”], “severity”: “low”, “detailedEventIDS”: [“Field child until positive society themselves attorney.”], “id”: “Company already follow order ground.”}], “metaData”: {“additionalProperties”: {}}, “messages”: [{“message”: “Management writer ok.”, “messageTemplate”: “Budget computer trade nearly lead tend arm agency.”, “field”: “Kitchen someone system identify.”, “parameter”: {}, “timestamp”: 1273371173}], “currentPage”: 95, “size”: 437}
-
api.events.v1.aggregated.
list_aggregated_events
(customerID: list = None, signature: list = None, ip: list = None, startTimestamp: int = None, endTimestamp: int = None, limit: int = 25, offset: int = 0, json: bool = True, verify: bool = True, apiKey: str = '', authentication: dict = {}) → dict[source]¶ Simple search for aggregated events (PUBLIC)
Return type: dict
Parameters: - customerID (list) – Limit to customerID
- signature (list) – Limit to signature
- ip (list) – Limit to ip/network
- startTimestamp (int) – Limit to events after this timestamp (default is last 24 hours)
- endTimestamp (int) – Limit to events before this timestamp
- limit (int) – Limit results
- offset (int) – Offset results
Raises: - AuthenticationFailedException – on 401
- ValidationFailedException – on 412
- AccessDeniedException – on 403
Returns: {“offset”: 859, “limit”: 489, “responseCode”: 200, “count”: 389, “data”: [{“properties”: {“additionalProperties”: “Address bank family marriage.”}, “comments”: [{“timestamp”: 1224515719, “comment”: “List section PM big citizen follow.”}], “uri”: “Method blue rule young through act.”, “count”: 729, “protocol”: “Try choice over sense style.”, “timestamp”: 1292809294, “startTimestamp”: 1303822960, “endTimestamp”: 154205768, “lastUpdatedTimestamp”: 829924150, “flags”: [“ASSOCIATED_TO_CASE_BY_FILTER”], “severity”: “high”, “detailedEventIDS”: [“Federal because wide join dinner manager.”], “id”: “Kitchen spring early able.”}], “metaData”: {“additionalProperties”: {}}, “messages”: [{“message”: “Heavy plant never suddenly quality.”, “messageTemplate”: “Interview protect night old respond president popular.”, “field”: “Enjoy see hard personal best several.”, “parameter”: {}, “timestamp”: 428511343}], “currentPage”: 580, “size”: 537}
api.events.v1.nids module¶
Autogenerated API
-
api.events.v1.nids.
find_n_i_d_s_events
(limit: int = None, offset: int = None, customerID: list = None, eventIdentifier: list = None, locationID: list = None, alarmID: list = None, attackCategoryID: list = None, sourceGeoCountry: list = None, destinationGeoCountry: list = None, geoCountry: list = None, properties: dict = None, sensorID: list = None, subCriteria: list = None, signature: list = None, sortBy: list = None, startTimestamp: int = None, endTimestamp: int = None, includeFlags: list = None, excludeFlags: list = None, lastUpdatedTimestamp: int = None, destinationIP: list = None, sourceIP: list = None, ip: list = None, destinationPort: list = None, sourcePort: list = None, port: list = None, minSeverity: str = None, maxSeverity: str = None, includeDeleted: bool = 'False', exclude: bool = 'False', json: bool = True, verify: bool = True, apiKey: str = '', authentication: dict = {}) → dict[source]¶ Search for NIDS events (PUBLIC)
Return type: dict
Parameters: - limit (int) – Limit results
- offset (int) – Offset results
- customerID (list) – Limit result to objects belonging to these customers
- eventIdentifier (list) – Search for events specified by full ID (type/timestamp/customerid/eventid)
- locationID (list) – Search for events having these locations
- alarmID (list) – Search for events having an attack identifier (signature) mapped to any of these alarms
- attackCategoryID (list) – Search for events having an attack identifier (signature) mapped to any of these categories
- sourceGeoCountry (list) – Search for events where source IP is registered in any of these countries
- destinationGeoCountry (list) – Search for events where destination IP is registered in any of these countries
- geoCountry (list) – Search for events where source or destination IP is registered in any of these countries
- properties (dict) – Search for events having these properties (logical AND)
- sensorID (list) –
- subCriteria (list) –
- signature (list) –
- sortBy (list) – Order results by these properties (prefix with - to sort descending)
- startTimestamp (int) – Search objects from this timestamp
- endTimestamp (int) – Search objects until this timestamp
- includeFlags (list) – Search objects with these flags set
- excludeFlags (list) – Exclude objects with these flags set
- lastUpdatedTimestamp (int) – Search for events updated after this timestamp
- destinationIP (list) –
- sourceIP (list) –
- ip (list) –
- destinationPort (list) –
- sourcePort (list) –
- port (list) –
- minSeverity (str) –
- maxSeverity (str) –
- includeDeleted (bool) – Also include deleted objects (where implemented)
- exclude (bool) – Exclude these criteria from the parent criteria
Raises: - AuthenticationFailedException – on 401
- ValidationFailedException – on 412
- AccessDeniedException – on 403
Returns: {“offset”: 306, “limit”: 568, “responseCode”: 200, “count”: 679, “data”: [{“properties”: {“additionalProperties”: “Decide popular into involve.”}, “comments”: [{“timestamp”: 820436525, “comment”: “Where write above item.”}], “count”: 460, “engineTimestamp”: 1446488971, “protocolID”: 606, “uri”: “Eye able resource investment.”, “timestamp”: 100769354, “severity”: “critical”, “flags”: [“HAS_PCAP”], “id”: “Or establish plant send.”}], “metaData”: {“additionalProperties”: {}}, “messages”: [{“message”: “Enjoy write relate message avoid for.”, “messageTemplate”: “Degree out line to.”, “field”: “Discover fly friend country power claim lead tend.”, “parameter”: {}, “timestamp”: 1439061920}], “currentPage”: 187, “size”: 458}
-
api.events.v1.nids.
list_n_i_d_s_events
(customerID: list = None, signature: list = None, ip: list = None, startTimestamp: int = None, endTimestamp: int = None, limit: int = 25, offset: int = 0, json: bool = True, verify: bool = True, apiKey: str = '', authentication: dict = {}) → dict[source]¶ Simple search for NIDS events (PUBLIC)
Return type: dict
Parameters: - customerID (list) – Limit to customerID
- signature (list) – Limit to signature
- ip (list) – Limit to ip/network
- startTimestamp (int) – Limit to events after this timestamp (default is last 24 hours)
- endTimestamp (int) – Limit to events before this timestamp
- limit (int) – Limit results
- offset (int) – Offset results
Raises: - AuthenticationFailedException – on 401
- ValidationFailedException – on 412
- AccessDeniedException – on 403
Returns: {“offset”: 957, “limit”: 125, “responseCode”: 200, “count”: 822, “data”: [{“properties”: {“additionalProperties”: “Talk store approach appear.”}, “comments”: [{“timestamp”: 37783593, “comment”: “Clear clearly night hear animal go beyond.”}], “count”: 747, “engineTimestamp”: 359580653, “protocolID”: 139, “uri”: “Young prepare author suffer free before.”, “timestamp”: 159098097, “severity”: “high”, “flags”: [“FINALIZED”], “id”: “Follow history hold trouble.”}], “metaData”: {“additionalProperties”: {}}, “messages”: [{“message”: “Let boy do fine economy shoulder.”, “messageTemplate”: “Discussion benefit phone teach item.”, “field”: “Appear design store always college.”, “parameter”: {}, “timestamp”: 1136515680}], “currentPage”: 845, “size”: 175}
api.events.v1.payload module¶
Autogenerated API
-
api.events.v1.payload.
get_payload
(type: str, timestamp: int, customerID: int, eventID: str, json: bool = True, verify: bool = True, apiKey: str = '', authentication: dict = {}) → dict[source]¶ Fetch specified event payload (PUBLIC)
Return type: dict
Parameters: - type (str) –
- timestamp (int) –
- customerID (int) –
- eventID (str) –
Raises: - AuthenticationFailedException – on 401
- ValidationFailedException – on 412
- AccessDeniedException – on 403
- ObjectNotFoundException – on 404
Returns: {“offset”: 461, “limit”: 549, “responseCode”: 200, “count”: 568, “metaData”: {“additionalProperties”: {}}, “messages”: [{“message”: “Congress nice high north walk want firm.”, “messageTemplate”: “Need like better member smile both.”, “field”: “Trade high stock they.”, “parameter”: {}, “timestamp”: 630838338}], “currentPage”: 532, “size”: 785}
api.events.v1.pcap module¶
Autogenerated API
-
api.events.v1.pcap.
get_pcap
(type: str, timestamp: int, customerID: int, eventID: str, json: bool = True, verify: bool = True, apiKey: str = '', authentication: dict = {}) → dict[source]¶ Fetch specified event payload as PCAP (PUBLIC)
Return type: dict
Parameters: - type (str) –
- timestamp (int) –
- customerID (int) –
- eventID (str) –
Raises: - AuthenticationFailedException – on 401
- ValidationFailedException – on 412
- AccessDeniedException – on 403
- ObjectNotFoundException – on 404
Returns: {}