api.events.v1 package

Submodules

api.events.v1.aggregated module

Autogenerated API

api.events.v1.aggregated.find_aggregated_event_stats(customerID: list = None, eventIdentifier: list = None, locationID: list = None, alarmID: list = None, attackCategoryID: list = None, sourceGeoCountry: list = None, destinationGeoCountry: list = None, geoCountry: list = None, properties: dict = None, minCount: int = None, associatedCaseID: list = None, sourceIPMinBits: int = None, destinationIPMinBits: int = None, subCriteria: list = None, resolution: int = None, groupBy: list = None, cutoff: int = None, signature: list = None, startTimestamp: int = None, endTimestamp: int = None, includeFlags: list = None, excludeFlags: list = None, lastUpdatedTimestamp: int = None, destinationIP: list = None, sourceIP: list = None, ip: list = None, destinationPort: list = None, sourcePort: list = None, port: list = None, minSeverity: str = None, maxSeverity: str = None, includeDeleted: bool = 'False', exclude: bool = 'False', countRawEvents: bool = 'False', includeOthers: bool = 'False', json: bool = True, verify: bool = True, apiKey: str = '', authentication: dict = {}) → dict[source]

Fetch aggregated event stats (PUBLIC) Returns a StatsContainer JSON format.

Return type:dict
api.events.v1.aggregated.find_aggregated_events(limit: int = None, offset: int = None, customerID: list = None, eventIdentifier: list = None, locationID: list = None, alarmID: list = None, attackCategoryID: list = None, sourceGeoCountry: list = None, destinationGeoCountry: list = None, geoCountry: list = None, properties: dict = None, minCount: int = None, associatedCaseID: list = None, sourceIPMinBits: int = None, destinationIPMinBits: int = None, subCriteria: list = None, signature: list = None, sortBy: list = None, startTimestamp: int = None, endTimestamp: int = None, includeFlags: list = None, excludeFlags: list = None, lastUpdatedTimestamp: int = None, destinationIP: list = None, sourceIP: list = None, ip: list = None, destinationPort: list = None, sourcePort: list = None, port: list = None, minSeverity: str = None, maxSeverity: str = None, includeDeleted: bool = 'False', exclude: bool = 'False', json: bool = True, verify: bool = True, apiKey: str = '', authentication: dict = {}) → dict[source]

Search for aggregated events (PUBLIC)

Return type:

dict

Parameters:
  • limit (int) – Limit results
  • offset (int) – Offset results
  • customerID (list) – Limit result to objects belonging to these customers
  • eventIdentifier (list) – Search for events specified by full ID (type/timestamp/customerid/eventid)
  • locationID (list) – Search for events having these locations
  • alarmID (list) – Search for events having an attack identifier (signature) mapped to any of these alarms
  • attackCategoryID (list) – Search for events having an attack identifier (signature) mapped to any of these categories
  • sourceGeoCountry (list) – Search for events where source IP is registered in any of these countries
  • destinationGeoCountry (list) – Search for events where destination IP is registered in any of these countries
  • geoCountry (list) – Search for events where source or destination IP is registered in any of these countries
  • properties (dict) – Search for events having these properties (logical AND)
  • minCount (int) – Search for events with aggregated count at least this high
  • associatedCaseID (list) – Search for events associated to one of these cases
  • sourceIPMinBits (int) – Do not include source CIDR-networks with wider mask than this
  • destinationIPMinBits (int) – Do not include destination CIDR-networks with wider mask than this
  • subCriteria (list) –
  • signature (list) –
  • sortBy (list) – Order results by these properties (prefix with - to sort descending)
  • startTimestamp (int) – Search objects from this timestamp
  • endTimestamp (int) – Search objects until this timestamp
  • includeFlags (list) – Search objects with these flags set
  • excludeFlags (list) – Exclude objects with these flags set
  • lastUpdatedTimestamp (int) – Search for events updated after this timestamp
  • destinationIP (list) –
  • sourceIP (list) –
  • ip (list) –
  • destinationPort (list) –
  • sourcePort (list) –
  • port (list) –
  • minSeverity (str) –
  • maxSeverity (str) –
  • includeDeleted (bool) – Also include deleted objects (where implemented)
  • exclude (bool) – Exclude these criteria from the parent criteria
Raises:
Returns:

{“offset”: 623, “limit”: 332, “responseCode”: 200, “count”: 979, “data”: [{“properties”: {“additionalProperties”: “And exist yes drop.”}, “comments”: [{“timestamp”: 1182619289, “comment”: “My hope single hair do follow push project.”}], “uri”: “Nation effect how sing name increase may nice.”, “count”: 617, “protocol”: “Base green oil western the.”, “timestamp”: 143100024, “startTimestamp”: 9637647, “endTimestamp”: 675324377, “lastUpdatedTimestamp”: 781655907, “flags”: [“FILTERED”], “severity”: “high”, “detailedEventIDS”: [“Field series go home.”], “id”: “Lead just the would decide before.”}], “metaData”: {“additionalProperties”: {}}, “messages”: [{“message”: “Test write defense to so another present.”, “messageTemplate”: “Growth task card deep.”, “field”: “Leg food lose country well science speak.”, “parameter”: {}, “timestamp”: 75855003}], “currentPage”: 602, “size”: 887}

api.events.v1.aggregated.list_aggregated_events(customerID: list = None, signature: list = None, ip: list = None, startTimestamp: int = None, endTimestamp: int = None, limit: int = 25, offset: int = 0, json: bool = True, verify: bool = True, apiKey: str = '', authentication: dict = {}) → dict[source]

Simple search for aggregated events (PUBLIC)

Return type:

dict

Parameters:
  • customerID (list) – Limit to customerID
  • signature (list) – Limit to signature
  • ip (list) – Limit to ip/network
  • startTimestamp (int) – Limit to events after this timestamp (default is last 24 hours)
  • endTimestamp (int) – Limit to events before this timestamp
  • limit (int) – Limit results
  • offset (int) – Offset results
Raises:
Returns:

{“offset”: 816, “limit”: 442, “responseCode”: 200, “count”: 595, “data”: [{“properties”: {“additionalProperties”: “Smile play use know.”}, “comments”: [{“timestamp”: 884466319, “comment”: “Mrs summer remember.”}], “uri”: “Until apply page rest place take.”, “count”: 95, “protocol”: “Compare attack high follow sit once.”, “timestamp”: 294851940, “startTimestamp”: 146265963, “endTimestamp”: 1462942015, “lastUpdatedTimestamp”: 47539712, “flags”: [“SOURCE_IS_PARTIAL_CUSTOMERNET”], “severity”: “low”, “detailedEventIDS”: [“Matter just difference fill.”], “id”: “Dream draw all available.”}], “metaData”: {“additionalProperties”: {}}, “messages”: [{“message”: “Hospital middle player start allow movie.”, “messageTemplate”: “Turn continue budget knowledge all.”, “field”: “Through west report.”, “parameter”: {}, “timestamp”: 827679177}], “currentPage”: 138, “size”: 717}

api.events.v1.nids module

Autogenerated API

api.events.v1.nids.find_n_i_d_s_events(limit: int = None, offset: int = None, customerID: list = None, eventIdentifier: list = None, locationID: list = None, alarmID: list = None, attackCategoryID: list = None, sourceGeoCountry: list = None, destinationGeoCountry: list = None, geoCountry: list = None, properties: dict = None, sensorID: list = None, subCriteria: list = None, signature: list = None, sortBy: list = None, startTimestamp: int = None, endTimestamp: int = None, includeFlags: list = None, excludeFlags: list = None, lastUpdatedTimestamp: int = None, destinationIP: list = None, sourceIP: list = None, ip: list = None, destinationPort: list = None, sourcePort: list = None, port: list = None, minSeverity: str = None, maxSeverity: str = None, includeDeleted: bool = 'False', exclude: bool = 'False', json: bool = True, verify: bool = True, apiKey: str = '', authentication: dict = {}) → dict[source]

Search for NIDS events (PUBLIC)

Return type:

dict

Parameters:
  • limit (int) – Limit results
  • offset (int) – Offset results
  • customerID (list) – Limit result to objects belonging to these customers
  • eventIdentifier (list) – Search for events specified by full ID (type/timestamp/customerid/eventid)
  • locationID (list) – Search for events having these locations
  • alarmID (list) – Search for events having an attack identifier (signature) mapped to any of these alarms
  • attackCategoryID (list) – Search for events having an attack identifier (signature) mapped to any of these categories
  • sourceGeoCountry (list) – Search for events where source IP is registered in any of these countries
  • destinationGeoCountry (list) – Search for events where destination IP is registered in any of these countries
  • geoCountry (list) – Search for events where source or destination IP is registered in any of these countries
  • properties (dict) – Search for events having these properties (logical AND)
  • sensorID (list) –
  • subCriteria (list) –
  • signature (list) –
  • sortBy (list) – Order results by these properties (prefix with - to sort descending)
  • startTimestamp (int) – Search objects from this timestamp
  • endTimestamp (int) – Search objects until this timestamp
  • includeFlags (list) – Search objects with these flags set
  • excludeFlags (list) – Exclude objects with these flags set
  • lastUpdatedTimestamp (int) – Search for events updated after this timestamp
  • destinationIP (list) –
  • sourceIP (list) –
  • ip (list) –
  • destinationPort (list) –
  • sourcePort (list) –
  • port (list) –
  • minSeverity (str) –
  • maxSeverity (str) –
  • includeDeleted (bool) – Also include deleted objects (where implemented)
  • exclude (bool) – Exclude these criteria from the parent criteria
Raises:
Returns:

{“offset”: 808, “limit”: 512, “responseCode”: 200, “count”: 204, “data”: [{“properties”: {“additionalProperties”: “Admit hard hotel test with.”}, “comments”: [{“timestamp”: 172626318, “comment”: “Campaign at street skin house.”}], “count”: 142, “engineTimestamp”: 103665467, “protocolID”: 997, “uri”: “Must again value personal difference wife.”, “timestamp”: 666148246, “severity”: “low”, “flags”: [“SNAPSHOT”], “id”: “Believe magazine buy detail treat contain camera.”}], “metaData”: {“additionalProperties”: {}}, “messages”: [{“message”: “Ok possible player organization beautiful use certainly training.”, “messageTemplate”: “Particularly relate what.”, “field”: “Minute film room together central across seat.”, “parameter”: {}, “timestamp”: 1322993011}], “currentPage”: 121, “size”: 554}

api.events.v1.nids.list_n_i_d_s_events(customerID: list = None, signature: list = None, ip: list = None, startTimestamp: int = None, endTimestamp: int = None, limit: int = 25, offset: int = 0, json: bool = True, verify: bool = True, apiKey: str = '', authentication: dict = {}) → dict[source]

Simple search for NIDS events (PUBLIC)

Return type:

dict

Parameters:
  • customerID (list) – Limit to customerID
  • signature (list) – Limit to signature
  • ip (list) – Limit to ip/network
  • startTimestamp (int) – Limit to events after this timestamp (default is last 24 hours)
  • endTimestamp (int) – Limit to events before this timestamp
  • limit (int) – Limit results
  • offset (int) – Offset results
Raises:
Returns:

{“offset”: 612, “limit”: 538, “responseCode”: 200, “count”: 35, “data”: [{“properties”: {“additionalProperties”: “Artist between security page.”}, “comments”: [{“timestamp”: 862912156, “comment”: “Attack focus face.”}], “count”: 951, “engineTimestamp”: 588072062, “protocolID”: 204, “uri”: “Tough grow quite administration main clearly.”, “timestamp”: 1260636743, “severity”: “critical”, “flags”: [“SEVERITY_ADJUSTED”], “id”: “Customer step create remember behavior all whole.”}], “metaData”: {“additionalProperties”: {}}, “messages”: [{“message”: “Eye official item professional try mother mean.”, “messageTemplate”: “Relate least brother beautiful special.”, “field”: “Involve center tend enter quickly war.”, “parameter”: {}, “timestamp”: 497441210}], “currentPage”: 94, “size”: 205}

api.events.v1.payload module

Autogenerated API

api.events.v1.payload.get_payload(type: str, timestamp: int, customerID: int, eventID: str, json: bool = True, verify: bool = True, apiKey: str = '', authentication: dict = {}) → dict[source]

Fetch specified event payload (PUBLIC)

Return type:

dict

Parameters:
  • type (str) –
  • timestamp (int) –
  • customerID (int) –
  • eventID (str) –
Raises:
Returns:

{“offset”: 381, “limit”: 444, “responseCode”: 200, “count”: 124, “metaData”: {“additionalProperties”: {}}, “messages”: [{“message”: “Voice as no sure foreign pull lawyer.”, “messageTemplate”: “Guy team less suffer trial.”, “field”: “Fund together near pass.”, “parameter”: {}, “timestamp”: 369898676}], “currentPage”: 251, “size”: 493}

api.events.v1.pcap module

Autogenerated API

api.events.v1.pcap.get_pcap(type: str, timestamp: int, customerID: int, eventID: str, json: bool = True, verify: bool = True, apiKey: str = '', authentication: dict = {}) → dict[source]

Fetch specified event payload as PCAP (PUBLIC)

Return type:

dict

Parameters:
  • type (str) –
  • timestamp (int) –
  • customerID (int) –
  • eventID (str) –
Raises:
Returns:

{}

Module contents