api.events.v1 package¶
Subpackages¶
Submodules¶
api.events.v1.aggregated module¶
Autogenerated API
-
api.events.v1.aggregated.
find_aggregated_event_stats
(customerID: list = None, eventIdentifier: list = None, locationID: list = None, alarmID: list = None, attackCategoryID: list = None, sourceGeoCountry: list = None, destinationGeoCountry: list = None, geoCountry: list = None, properties: dict = None, minCount: int = None, associatedCaseID: list = None, sourceIPMinBits: int = None, destinationIPMinBits: int = None, subCriteria: list = None, resolution: int = None, groupBy: list = None, cutoff: int = None, signature: list = None, startTimestamp: int = None, endTimestamp: int = None, includeFlags: list = None, excludeFlags: list = None, lastUpdatedTimestamp: int = None, destinationIP: list = None, sourceIP: list = None, ip: list = None, destinationPort: list = None, sourcePort: list = None, port: list = None, minSeverity: str = None, maxSeverity: str = None, includeDeleted: bool = 'False', exclude: bool = 'False', countRawEvents: bool = 'False', includeOthers: bool = 'False', json: bool = True, verify: bool = True, apiKey: str = '', authentication: dict = {}) → dict[source]¶ Fetch aggregated event stats (PUBLIC) Returns a StatsContainer JSON format.
Return type: dict
-
api.events.v1.aggregated.
find_aggregated_events
(limit: int = None, offset: int = None, customerID: list = None, eventIdentifier: list = None, locationID: list = None, alarmID: list = None, attackCategoryID: list = None, sourceGeoCountry: list = None, destinationGeoCountry: list = None, geoCountry: list = None, properties: dict = None, minCount: int = None, associatedCaseID: list = None, sourceIPMinBits: int = None, destinationIPMinBits: int = None, subCriteria: list = None, signature: list = None, sortBy: list = None, startTimestamp: int = None, endTimestamp: int = None, includeFlags: list = None, excludeFlags: list = None, lastUpdatedTimestamp: int = None, destinationIP: list = None, sourceIP: list = None, ip: list = None, destinationPort: list = None, sourcePort: list = None, port: list = None, minSeverity: str = None, maxSeverity: str = None, includeDeleted: bool = 'False', exclude: bool = 'False', json: bool = True, verify: bool = True, apiKey: str = '', authentication: dict = {}) → dict[source]¶ Search for aggregated events (PUBLIC)
Return type: dict
Parameters: - limit (int) – Limit results
- offset (int) – Offset results
- customerID (list) – Limit result to objects belonging to these customers
- eventIdentifier (list) – Search for events specified by full ID (type/timestamp/customerid/eventid)
- locationID (list) – Search for events having these locations
- alarmID (list) – Search for events having an attack identifier (signature) mapped to any of these alarms
- attackCategoryID (list) – Search for events having an attack identifier (signature) mapped to any of these categories
- sourceGeoCountry (list) – Search for events where source IP is registered in any of these countries
- destinationGeoCountry (list) – Search for events where destination IP is registered in any of these countries
- geoCountry (list) – Search for events where source or destination IP is registered in any of these countries
- properties (dict) – Search for events having these properties (logical AND)
- minCount (int) – Search for events with aggregated count at least this high
- associatedCaseID (list) – Search for events associated to one of these cases
- sourceIPMinBits (int) – Do not include source CIDR-networks with wider mask than this
- destinationIPMinBits (int) – Do not include destination CIDR-networks with wider mask than this
- subCriteria (list) –
- signature (list) –
- sortBy (list) – Order results by these properties (prefix with - to sort descending)
- startTimestamp (int) – Search objects from this timestamp
- endTimestamp (int) – Search objects until this timestamp
- includeFlags (list) – Search objects with these flags set
- excludeFlags (list) – Exclude objects with these flags set
- lastUpdatedTimestamp (int) – Search for events updated after this timestamp
- destinationIP (list) –
- sourceIP (list) –
- ip (list) –
- destinationPort (list) –
- sourcePort (list) –
- port (list) –
- minSeverity (str) –
- maxSeverity (str) –
- includeDeleted (bool) – Also include deleted objects (where implemented)
- exclude (bool) – Exclude these criteria from the parent criteria
Raises: - AuthenticationFailedException – on 401
- ValidationFailedException – on 412
- AccessDeniedException – on 403
Returns: {“offset”: 623, “limit”: 332, “responseCode”: 200, “count”: 979, “data”: [{“properties”: {“additionalProperties”: “And exist yes drop.”}, “comments”: [{“timestamp”: 1182619289, “comment”: “My hope single hair do follow push project.”}], “uri”: “Nation effect how sing name increase may nice.”, “count”: 617, “protocol”: “Base green oil western the.”, “timestamp”: 143100024, “startTimestamp”: 9637647, “endTimestamp”: 675324377, “lastUpdatedTimestamp”: 781655907, “flags”: [“FILTERED”], “severity”: “high”, “detailedEventIDS”: [“Field series go home.”], “id”: “Lead just the would decide before.”}], “metaData”: {“additionalProperties”: {}}, “messages”: [{“message”: “Test write defense to so another present.”, “messageTemplate”: “Growth task card deep.”, “field”: “Leg food lose country well science speak.”, “parameter”: {}, “timestamp”: 75855003}], “currentPage”: 602, “size”: 887}
-
api.events.v1.aggregated.
list_aggregated_events
(customerID: list = None, signature: list = None, ip: list = None, startTimestamp: int = None, endTimestamp: int = None, limit: int = 25, offset: int = 0, json: bool = True, verify: bool = True, apiKey: str = '', authentication: dict = {}) → dict[source]¶ Simple search for aggregated events (PUBLIC)
Return type: dict
Parameters: - customerID (list) – Limit to customerID
- signature (list) – Limit to signature
- ip (list) – Limit to ip/network
- startTimestamp (int) – Limit to events after this timestamp (default is last 24 hours)
- endTimestamp (int) – Limit to events before this timestamp
- limit (int) – Limit results
- offset (int) – Offset results
Raises: - AuthenticationFailedException – on 401
- ValidationFailedException – on 412
- AccessDeniedException – on 403
Returns: {“offset”: 816, “limit”: 442, “responseCode”: 200, “count”: 595, “data”: [{“properties”: {“additionalProperties”: “Smile play use know.”}, “comments”: [{“timestamp”: 884466319, “comment”: “Mrs summer remember.”}], “uri”: “Until apply page rest place take.”, “count”: 95, “protocol”: “Compare attack high follow sit once.”, “timestamp”: 294851940, “startTimestamp”: 146265963, “endTimestamp”: 1462942015, “lastUpdatedTimestamp”: 47539712, “flags”: [“SOURCE_IS_PARTIAL_CUSTOMERNET”], “severity”: “low”, “detailedEventIDS”: [“Matter just difference fill.”], “id”: “Dream draw all available.”}], “metaData”: {“additionalProperties”: {}}, “messages”: [{“message”: “Hospital middle player start allow movie.”, “messageTemplate”: “Turn continue budget knowledge all.”, “field”: “Through west report.”, “parameter”: {}, “timestamp”: 827679177}], “currentPage”: 138, “size”: 717}
api.events.v1.nids module¶
Autogenerated API
-
api.events.v1.nids.
find_n_i_d_s_events
(limit: int = None, offset: int = None, customerID: list = None, eventIdentifier: list = None, locationID: list = None, alarmID: list = None, attackCategoryID: list = None, sourceGeoCountry: list = None, destinationGeoCountry: list = None, geoCountry: list = None, properties: dict = None, sensorID: list = None, subCriteria: list = None, signature: list = None, sortBy: list = None, startTimestamp: int = None, endTimestamp: int = None, includeFlags: list = None, excludeFlags: list = None, lastUpdatedTimestamp: int = None, destinationIP: list = None, sourceIP: list = None, ip: list = None, destinationPort: list = None, sourcePort: list = None, port: list = None, minSeverity: str = None, maxSeverity: str = None, includeDeleted: bool = 'False', exclude: bool = 'False', json: bool = True, verify: bool = True, apiKey: str = '', authentication: dict = {}) → dict[source]¶ Search for NIDS events (PUBLIC)
Return type: dict
Parameters: - limit (int) – Limit results
- offset (int) – Offset results
- customerID (list) – Limit result to objects belonging to these customers
- eventIdentifier (list) – Search for events specified by full ID (type/timestamp/customerid/eventid)
- locationID (list) – Search for events having these locations
- alarmID (list) – Search for events having an attack identifier (signature) mapped to any of these alarms
- attackCategoryID (list) – Search for events having an attack identifier (signature) mapped to any of these categories
- sourceGeoCountry (list) – Search for events where source IP is registered in any of these countries
- destinationGeoCountry (list) – Search for events where destination IP is registered in any of these countries
- geoCountry (list) – Search for events where source or destination IP is registered in any of these countries
- properties (dict) – Search for events having these properties (logical AND)
- sensorID (list) –
- subCriteria (list) –
- signature (list) –
- sortBy (list) – Order results by these properties (prefix with - to sort descending)
- startTimestamp (int) – Search objects from this timestamp
- endTimestamp (int) – Search objects until this timestamp
- includeFlags (list) – Search objects with these flags set
- excludeFlags (list) – Exclude objects with these flags set
- lastUpdatedTimestamp (int) – Search for events updated after this timestamp
- destinationIP (list) –
- sourceIP (list) –
- ip (list) –
- destinationPort (list) –
- sourcePort (list) –
- port (list) –
- minSeverity (str) –
- maxSeverity (str) –
- includeDeleted (bool) – Also include deleted objects (where implemented)
- exclude (bool) – Exclude these criteria from the parent criteria
Raises: - AuthenticationFailedException – on 401
- ValidationFailedException – on 412
- AccessDeniedException – on 403
Returns: {“offset”: 808, “limit”: 512, “responseCode”: 200, “count”: 204, “data”: [{“properties”: {“additionalProperties”: “Admit hard hotel test with.”}, “comments”: [{“timestamp”: 172626318, “comment”: “Campaign at street skin house.”}], “count”: 142, “engineTimestamp”: 103665467, “protocolID”: 997, “uri”: “Must again value personal difference wife.”, “timestamp”: 666148246, “severity”: “low”, “flags”: [“SNAPSHOT”], “id”: “Believe magazine buy detail treat contain camera.”}], “metaData”: {“additionalProperties”: {}}, “messages”: [{“message”: “Ok possible player organization beautiful use certainly training.”, “messageTemplate”: “Particularly relate what.”, “field”: “Minute film room together central across seat.”, “parameter”: {}, “timestamp”: 1322993011}], “currentPage”: 121, “size”: 554}
-
api.events.v1.nids.
list_n_i_d_s_events
(customerID: list = None, signature: list = None, ip: list = None, startTimestamp: int = None, endTimestamp: int = None, limit: int = 25, offset: int = 0, json: bool = True, verify: bool = True, apiKey: str = '', authentication: dict = {}) → dict[source]¶ Simple search for NIDS events (PUBLIC)
Return type: dict
Parameters: - customerID (list) – Limit to customerID
- signature (list) – Limit to signature
- ip (list) – Limit to ip/network
- startTimestamp (int) – Limit to events after this timestamp (default is last 24 hours)
- endTimestamp (int) – Limit to events before this timestamp
- limit (int) – Limit results
- offset (int) – Offset results
Raises: - AuthenticationFailedException – on 401
- ValidationFailedException – on 412
- AccessDeniedException – on 403
Returns: {“offset”: 612, “limit”: 538, “responseCode”: 200, “count”: 35, “data”: [{“properties”: {“additionalProperties”: “Artist between security page.”}, “comments”: [{“timestamp”: 862912156, “comment”: “Attack focus face.”}], “count”: 951, “engineTimestamp”: 588072062, “protocolID”: 204, “uri”: “Tough grow quite administration main clearly.”, “timestamp”: 1260636743, “severity”: “critical”, “flags”: [“SEVERITY_ADJUSTED”], “id”: “Customer step create remember behavior all whole.”}], “metaData”: {“additionalProperties”: {}}, “messages”: [{“message”: “Eye official item professional try mother mean.”, “messageTemplate”: “Relate least brother beautiful special.”, “field”: “Involve center tend enter quickly war.”, “parameter”: {}, “timestamp”: 497441210}], “currentPage”: 94, “size”: 205}
api.events.v1.payload module¶
Autogenerated API
-
api.events.v1.payload.
get_payload
(type: str, timestamp: int, customerID: int, eventID: str, json: bool = True, verify: bool = True, apiKey: str = '', authentication: dict = {}) → dict[source]¶ Fetch specified event payload (PUBLIC)
Return type: dict
Parameters: - type (str) –
- timestamp (int) –
- customerID (int) –
- eventID (str) –
Raises: - AuthenticationFailedException – on 401
- ValidationFailedException – on 412
- AccessDeniedException – on 403
- ObjectNotFoundException – on 404
Returns: {“offset”: 381, “limit”: 444, “responseCode”: 200, “count”: 124, “metaData”: {“additionalProperties”: {}}, “messages”: [{“message”: “Voice as no sure foreign pull lawyer.”, “messageTemplate”: “Guy team less suffer trial.”, “field”: “Fund together near pass.”, “parameter”: {}, “timestamp”: 369898676}], “currentPage”: 251, “size”: 493}
api.events.v1.pcap module¶
Autogenerated API
-
api.events.v1.pcap.
get_pcap
(type: str, timestamp: int, customerID: int, eventID: str, json: bool = True, verify: bool = True, apiKey: str = '', authentication: dict = {}) → dict[source]¶ Fetch specified event payload as PCAP (PUBLIC)
Return type: dict
Parameters: - type (str) –
- timestamp (int) –
- customerID (int) –
- eventID (str) –
Raises: - AuthenticationFailedException – on 401
- ValidationFailedException – on 412
- AccessDeniedException – on 403
- ObjectNotFoundException – on 404
Returns: {}