api.events.v1 package¶
Subpackages¶
- api.events.v1.test_helpers package
- Subpackages
- api.events.v1.test_helpers.aggregated package
- Submodules
- api.events.v1.test_helpers.aggregated.find_aggregated_event_stats module
- api.events.v1.test_helpers.aggregated.find_aggregated_events module
- api.events.v1.test_helpers.aggregated.list_aggregated_events module
- api.events.v1.test_helpers.aggregated.update_events module
- api.events.v1.test_helpers.aggregated.update_events_bulk module
- Module contents
- api.events.v1.test_helpers.nids package
- api.events.v1.test_helpers.payload package
- api.events.v1.test_helpers.pcap package
- api.events.v1.test_helpers.aggregated package
- Submodules
- api.events.v1.test_helpers.get_event_by_path module
- Module contents
- Subpackages
Submodules¶
api.events.v1.aggregated module¶
Autogenerated API
-
api.events.v1.aggregated.
find_aggregated_event_stats
(customerID: list = None, eventIdentifier: list = None, locationID: list = None, alarmID: list = None, attackCategoryID: list = None, sourceGeoCountry: list = None, destinationGeoCountry: list = None, geoCountry: list = None, properties: dict = None, minCount: int = None, associatedCaseID: list = None, sourceIPMinBits: int = None, destinationIPMinBits: int = None, subCriteria: list = None, resolution: int = None, groupBy: list = None, cutoff: int = None, signature: list = None, startTimestamp: int = None, endTimestamp: int = None, includeFlags: list = None, excludeFlags: list = None, lastUpdatedTimestamp: int = None, ip: list = None, destinationIP: list = None, sourceIP: list = None, destinationPort: list = None, sourcePort: list = None, port: list = None, minSeverity: str = None, maxSeverity: str = None, includeDeleted: bool = 'False', exclude: bool = 'False', countRawEvents: bool = 'False', includeOthers: bool = 'False', json: bool = True, verify: bool = True, apiKey: str = '', authentication: dict = {}) → dict[source]¶ Fetch aggregated event stats (PUBLIC) Returns a StatsContainer JSON format.
Return type: dict
-
api.events.v1.aggregated.
find_aggregated_events
(limit: int = None, offset: int = None, customerID: list = None, eventIdentifier: list = None, locationID: list = None, alarmID: list = None, attackCategoryID: list = None, sourceGeoCountry: list = None, destinationGeoCountry: list = None, geoCountry: list = None, properties: dict = None, minCount: int = None, associatedCaseID: list = None, sourceIPMinBits: int = None, destinationIPMinBits: int = None, subCriteria: list = None, signature: list = None, sortBy: list = None, startTimestamp: int = None, endTimestamp: int = None, includeFlags: list = None, excludeFlags: list = None, lastUpdatedTimestamp: int = None, ip: list = None, destinationIP: list = None, sourceIP: list = None, destinationPort: list = None, sourcePort: list = None, port: list = None, minSeverity: str = None, maxSeverity: str = None, includeDeleted: bool = 'False', exclude: bool = 'False', json: bool = True, verify: bool = True, apiKey: str = '', authentication: dict = {}) → dict[source]¶ Search for aggregated events (PUBLIC)
Return type: dict
Parameters: - limit (int) – Limit results
- offset (int) – Offset results
- customerID (list) – Limit result to objects belonging to these customers
- eventIdentifier (list) – Search for events specified by full ID (type/timestamp/customerid/eventid)
- locationID (list) – Search for events having these locations
- alarmID (list) – Search for events having an attack identifier (signature) mapped to any of these alarms
- attackCategoryID (list) – Search for events having an attack identifier (signature) mapped to any of these categories
- sourceGeoCountry (list) – Search for events where source IP is registered in any of these countries
- destinationGeoCountry (list) – Search for events where destination IP is registered in any of these countries
- geoCountry (list) – Search for events where source or destination IP is registered in any of these countries
- properties (dict) – Search for events having these properties (logical AND)
- minCount (int) – Search for events with aggregated count at least this high
- associatedCaseID (list) – Search for events associated to one of these cases
- sourceIPMinBits (int) – Do not include source CIDR-networks with wider mask than this
- destinationIPMinBits (int) – Do not include destination CIDR-networks with wider mask than this
- subCriteria (list) –
- signature (list) –
- sortBy (list) – Order results by these properties (prefix with - to sort descending)
- startTimestamp (int) – Search objects from this timestamp
- endTimestamp (int) – Search objects until this timestamp
- includeFlags (list) – Search objects with these flags set
- excludeFlags (list) – Exclude objects with these flags set
- lastUpdatedTimestamp (int) – Search for events updated after this timestamp
- ip (list) –
- destinationIP (list) –
- sourceIP (list) –
- destinationPort (list) –
- sourcePort (list) –
- port (list) –
- minSeverity (str) –
- maxSeverity (str) –
- includeDeleted (bool) – Also include deleted objects (where implemented)
- exclude (bool) – Exclude these criteria from the parent criteria
Raises: - AuthenticationFailedException – on 401
- ValidationFailedException – on 412
- AccessDeniedException – on 403
Returns: {“offset”: 385, “limit”: 349, “responseCode”: 200, “count”: 248, “data”: [{“properties”: {“additionalProperties”: “Kitchen past media lot customer many own.”}, “comments”: [{“timestamp”: 303470021, “comment”: “Fall order social nothing describe north pressure.”}], “uri”: “So draw easy issue apply federal cost.”, “count”: 814, “protocol”: “Fish despite past station detail wall.”, “timestamp”: 893209030, “startTimestamp”: 1041506848, “endTimestamp”: 985901566, “lastUpdatedTimestamp”: 1225256450, “flags”: [“HAS_PAYLOAD”], “severity”: “critical”, “detailedEventIDS”: [“Purpose feel trip foot build out.”], “id”: “Hospital when two author material yourself.”}], “metaData”: {“additionalProperties”: {}}, “messages”: [{“message”: “Worry station instead there actually body many.”, “messageTemplate”: “Read firm our cover such share.”, “field”: “Necessary onto write.”, “parameter”: {}, “timestamp”: 1287093596}], “currentPage”: 590, “size”: 890}
-
api.events.v1.aggregated.
list_aggregated_events
(customerID: list = None, signature: list = None, ip: list = None, startTimestamp: int = None, endTimestamp: int = None, limit: int = 25, offset: int = 0, json: bool = True, verify: bool = True, apiKey: str = '', authentication: dict = {}) → dict[source]¶ Simple search for aggregated events (PUBLIC)
Return type: dict
Parameters: - customerID (list) – Limit to customerID
- signature (list) – Limit to signature
- ip (list) – Limit to ip/network
- startTimestamp (int) – Limit to events after this timestamp (default is last 24 hours)
- endTimestamp (int) – Limit to events before this timestamp
- limit (int) – Limit results
- offset (int) – Offset results
Raises: - AuthenticationFailedException – on 401
- ValidationFailedException – on 412
- AccessDeniedException – on 403
Returns: {“offset”: 753, “limit”: 778, “responseCode”: 200, “count”: 329, “data”: [{“properties”: {“additionalProperties”: “Hand property oil least.”}, “comments”: [{“timestamp”: 698100098, “comment”: “Certain pretty pass manage writer page mouth.”}], “uri”: “Past total agreement.”, “count”: 851, “protocol”: “Certainly player expect.”, “timestamp”: 1095894653, “startTimestamp”: 605902104, “endTimestamp”: 247510906, “lastUpdatedTimestamp”: 1110111877, “flags”: [“IDENTIFIED_THREAT”], “severity”: “low”, “detailedEventIDS”: [“There food evidence blue key alone business school.”], “id”: “Design and above wrong today modern again.”}], “metaData”: {“additionalProperties”: {}}, “messages”: [{“message”: “Even message plan else physical.”, “messageTemplate”: “He clearly consider him local.”, “field”: “Claim no amount catch continue environment political.”, “parameter”: {}, “timestamp”: 896355707}], “currentPage”: 978, “size”: 127}
-
api.events.v1.aggregated.
update_events
(eventIdentifiers: list = None, json: bool = True, verify: bool = True, apiKey: str = '', authentication: dict = {}) → dict[source]¶ Add event assessments (INTERNAL)
Return type: dict
Parameters: eventIdentifiers (list) –
Raises: - AuthenticationFailedException – on 401
- ValidationFailedException – on 412
- AccessDeniedException – on 403
- EventsNotFoundException – on 404
Returns: {“offset”: 117, “limit”: 609, “responseCode”: 200, “count”: 455, “data”: [{“properties”: {“additionalProperties”: “Already he end under with tax.”}, “comments”: [{“timestamp”: 1085790090, “comment”: “Type bit writer cup.”}], “uri”: “Impact sell town eight.”, “count”: 832, “protocol”: “Understand president smile box see.”, “timestamp”: 433768799, “startTimestamp”: 1130754167, “endTimestamp”: 733117107, “lastUpdatedTimestamp”: 1133096658, “flags”: [“CHECKED”], “severity”: “critical”, “detailedEventIDS”: [“Side quickly send south life.”], “id”: “Whom home subject star.”}], “metaData”: {“additionalProperties”: {}}, “messages”: [{“message”: “Dog reflect he southern.”, “messageTemplate”: “Build fall pull throughout design politics process.”, “field”: “Seem dark during world difficult question character.”, “parameter”: {}, “timestamp”: 367247462}], “currentPage”: 481, “size”: 39}
-
api.events.v1.aggregated.
update_events_bulk
(json: bool = True, verify: bool = True, apiKey: str = '', authentication: dict = {}) → dict[source]¶ Assess events in bulk mode (INTERNAL) To be used for bulk assessment of very large amount of events. Returns the number of assessed events.
raises AuthenticationFailedException: on 401 raises ValidationFailedException: on 412 raises AccessDeniedException: on 403 raises EventsNotFoundException: on 404 returns: {}
api.events.v1.nids module¶
Autogenerated API
-
api.events.v1.nids.
find_n_i_d_s_events
(limit: int = None, offset: int = None, customerID: list = None, eventIdentifier: list = None, locationID: list = None, alarmID: list = None, attackCategoryID: list = None, sourceGeoCountry: list = None, destinationGeoCountry: list = None, geoCountry: list = None, properties: dict = None, sensorID: list = None, subCriteria: list = None, signature: list = None, sortBy: list = None, startTimestamp: int = None, endTimestamp: int = None, includeFlags: list = None, excludeFlags: list = None, lastUpdatedTimestamp: int = None, ip: list = None, destinationIP: list = None, sourceIP: list = None, destinationPort: list = None, sourcePort: list = None, port: list = None, minSeverity: str = None, maxSeverity: str = None, includeDeleted: bool = 'False', exclude: bool = 'False', json: bool = True, verify: bool = True, apiKey: str = '', authentication: dict = {}) → dict[source]¶ Search for NIDS events (PUBLIC)
Return type: dict
Parameters: - limit (int) – Limit results
- offset (int) – Offset results
- customerID (list) – Limit result to objects belonging to these customers
- eventIdentifier (list) – Search for events specified by full ID (type/timestamp/customerid/eventid)
- locationID (list) – Search for events having these locations
- alarmID (list) – Search for events having an attack identifier (signature) mapped to any of these alarms
- attackCategoryID (list) – Search for events having an attack identifier (signature) mapped to any of these categories
- sourceGeoCountry (list) – Search for events where source IP is registered in any of these countries
- destinationGeoCountry (list) – Search for events where destination IP is registered in any of these countries
- geoCountry (list) – Search for events where source or destination IP is registered in any of these countries
- properties (dict) – Search for events having these properties (logical AND)
- sensorID (list) –
- subCriteria (list) –
- signature (list) –
- sortBy (list) – Order results by these properties (prefix with - to sort descending)
- startTimestamp (int) – Search objects from this timestamp
- endTimestamp (int) – Search objects until this timestamp
- includeFlags (list) – Search objects with these flags set
- excludeFlags (list) – Exclude objects with these flags set
- lastUpdatedTimestamp (int) – Search for events updated after this timestamp
- ip (list) –
- destinationIP (list) –
- sourceIP (list) –
- destinationPort (list) –
- sourcePort (list) –
- port (list) –
- minSeverity (str) –
- maxSeverity (str) –
- includeDeleted (bool) – Also include deleted objects (where implemented)
- exclude (bool) – Exclude these criteria from the parent criteria
Raises: - AuthenticationFailedException – on 401
- ValidationFailedException – on 412
- AccessDeniedException – on 403
Returns: {“offset”: 592, “limit”: 37, “responseCode”: 200, “count”: 917, “data”: [{“properties”: {“additionalProperties”: “Behavior per born think series.”}, “comments”: [{“timestamp”: 1312721358, “comment”: “Serious home cell player standard trial rather.”}], “count”: 914, “engineTimestamp”: 1474361984, “protocolID”: 933, “uri”: “Smile person course write field hold whole.”, “timestamp”: 816218243, “severity”: “high”, “flags”: [“CUSTOM_DESTINATION_AGGREGATION”], “id”: “Cell model main green pattern nation decision.”}], “metaData”: {“additionalProperties”: {}}, “messages”: [{“message”: “Agree floor certain.”, “messageTemplate”: “Animal market require part.”, “field”: “Trip western for myself show keep.”, “parameter”: {}, “timestamp”: 824283389}], “currentPage”: 895, “size”: 417}
-
api.events.v1.nids.
list_n_i_d_s_events
(customerID: list = None, signature: list = None, ip: list = None, startTimestamp: int = None, endTimestamp: int = None, limit: int = 25, offset: int = 0, json: bool = True, verify: bool = True, apiKey: str = '', authentication: dict = {}) → dict[source]¶ Simple search for NIDS events (PUBLIC)
Return type: dict
Parameters: - customerID (list) – Limit to customerID
- signature (list) – Limit to signature
- ip (list) – Limit to ip/network
- startTimestamp (int) – Limit to events after this timestamp (default is last 24 hours)
- endTimestamp (int) – Limit to events before this timestamp
- limit (int) – Limit results
- offset (int) – Offset results
Raises: - AuthenticationFailedException – on 401
- ValidationFailedException – on 412
- AccessDeniedException – on 403
Returns: {“offset”: 1, “limit”: 63, “responseCode”: 200, “count”: 315, “data”: [{“properties”: {“additionalProperties”: “Focus cost indeed hold.”}, “comments”: [{“timestamp”: 138323460, “comment”: “Candidate natural Mrs reality note.”}], “count”: 76, “engineTimestamp”: 1124174404, “protocolID”: 837, “uri”: “Write itself gas dark.”, “timestamp”: 377061185, “severity”: “critical”, “flags”: [“DESTINATION_IS_CUSTOMERNET”], “id”: “Out effect my ready outside.”}], “metaData”: {“additionalProperties”: {}}, “messages”: [{“message”: “Word since easy meet specific plan.”, “messageTemplate”: “Impact will guy worry throughout.”, “field”: “Best parent financial require add lot nice.”, “parameter”: {}, “timestamp”: 172742343}], “currentPage”: 111, “size”: 939}
api.events.v1.payload module¶
Autogenerated API
-
api.events.v1.payload.
get_payload
(type: str, timestamp: int, customerID: int, eventID: str, json: bool = True, verify: bool = True, apiKey: str = '', authentication: dict = {}) → dict[source]¶ Fetch specified event payload (PUBLIC)
Return type: dict
Parameters: - type (str) –
- timestamp (int) –
- customerID (int) –
- eventID (str) –
Raises: - AuthenticationFailedException – on 401
- ValidationFailedException – on 412
- AccessDeniedException – on 403
- ObjectNotFoundException – on 404
Returns: {“offset”: 203, “limit”: 948, “responseCode”: 200, “count”: 565, “metaData”: {“additionalProperties”: {}}, “messages”: [{“message”: “Note however apply.”, “messageTemplate”: “Either assume challenge significant.”, “field”: “Population always cold back wind hotel worry.”, “parameter”: {}, “timestamp”: 18737299}], “currentPage”: 194, “size”: 734}
api.events.v1.pcap module¶
Autogenerated API
-
api.events.v1.pcap.
get_pcap
(type: str, timestamp: int, customerID: int, eventID: str, json: bool = True, verify: bool = True, apiKey: str = '', authentication: dict = {}) → dict[source]¶ Fetch specified event payload as PCAP (PUBLIC)
Return type: dict
Parameters: - type (str) –
- timestamp (int) –
- customerID (int) –
- eventID (str) –
Raises: - AuthenticationFailedException – on 401
- ValidationFailedException – on 412
- AccessDeniedException – on 403
- ObjectNotFoundException – on 404
Returns: {}