api.alarms.v1 package

Submodules

api.alarms.v1.alarm module

Autogenerated API

api.alarms.v1.alarm.add_alarm(description: str = None, info: str = None, references: list = None, links: list = None, labels: list = None, signatures: list = None, attackCategoryID: int = 0, json: bool = True, verify: bool = True, apiKey: str = '', authentication: dict = {}) → dict[source]

Add new alarm (INTERNAL)

Return type:

dict

Parameters:
  • description (str) – Alarm description => [sw{}$-().[]“‘_/,*+#:@!?;]*
  • info (str) – Alarm verbose information => format:html
  • references (list) – Alarm vulnerability references (CVE-numbers, BID-numbers, etc) => [sw{}$-().[]“‘_/,*+#:@!?;]*
  • links (list) – Links to external descriptions of this alarm => ((https?|ftp|gopher|telnet|file):((/)|())+[wd:#@%/;$()~_?+-=.&]*)
  • labels (list) – Tag an alarm with labels => [sw{}$-().[]“‘_/,*+#:@!?;]*
  • signatures (list) – List of signatures to map to this alarm => Sanitize by regex [a-zA-Z0-9_/:@~!+-.?]*
  • attackCategoryID (int) – Alarm attack category ID (default 0)
Raises:
Returns:

{“offset”: 299, “limit”: 240, “responseCode”: 200, “count”: 528, “metaData”: {“additionalProperties”: {}}, “messages”: [{“message”: “Term where clearly religious history.”, “messageTemplate”: “Effort accept staff go budget student.”, “field”: “Happy between along animal.”, “parameter”: {}, “timestamp”: 748536622}], “currentPage”: 302, “size”: 72}

api.alarms.v1.alarm.add_alarm_comment(id: int, comment: str = None, json: bool = True, verify: bool = True, apiKey: str = '', authentication: dict = {}) → dict[source]

Add alarm comment (INTERNAL)

Return type:

dict

Parameters:
  • id (int) – ID of Alarm
  • comment (str) – Comment content. Html is allowed, will be sanitized. => format:html
Raises:
Returns:

{“offset”: 697, “limit”: 449, “responseCode”: 200, “count”: 729, “metaData”: {“additionalProperties”: {}}, “messages”: [{“message”: “Name share coach new.”, “messageTemplate”: “World good task director position.”, “field”: “Suggest prove foreign.”, “parameter”: {}, “timestamp”: 554480189}], “currentPage”: 299, “size”: 819}

api.alarms.v1.alarm.delete_alarm(id: int, json: bool = True, verify: bool = True, apiKey: str = '', authentication: dict = {}) → dict[source]

Delete existing alarm (INTERNAL)

Return type:

dict

Parameters:

id (int) – ID of Alarm

Raises:
Returns:

{“offset”: 958, “limit”: 444, “responseCode”: 200, “count”: 106, “metaData”: {“additionalProperties”: {}}, “messages”: [{“message”: “Eye realize where college contain professor forget.”, “messageTemplate”: “Try inside find skill science picture do.”, “field”: “Term security million head organization style produce firm.”, “parameter”: {}, “timestamp”: 1431124237}], “currentPage”: 620, “size”: 35}

api.alarms.v1.alarm.delete_alarm_comment(id: int, timestamp: int, json: bool = True, verify: bool = True, apiKey: str = '', authentication: dict = {}) → dict[source]

Delete alarm comment (INTERNAL)

Return type:

dict

Parameters:
  • id (int) – ID of Alarm
  • timestamp (int) – Timestamp of comment
Raises:
Returns:

{“offset”: 113, “limit”: 209, “responseCode”: 200, “count”: 71, “metaData”: {“additionalProperties”: {}}, “messages”: [{“message”: “Everybody conference hundred executive character.”, “messageTemplate”: “Media society resource today future.”, “field”: “Traditional against before soon though.”, “parameter”: {}, “timestamp”: 753780319}], “currentPage”: 557, “size”: 593}

api.alarms.v1.alarm.get_alarm_by_id(id: int, json: bool = True, verify: bool = True, apiKey: str = '', authentication: dict = {}) → dict[source]

Get alarm by Id (PUBLIC)

Return type:

dict

Parameters:

id (int) – ID of alarm

Raises:
Returns:

{“offset”: 759, “limit”: 958, “responseCode”: 200, “count”: 709, “metaData”: {“additionalProperties”: {}}, “messages”: [{“message”: “Hair himself authority hand.”, “messageTemplate”: “Event car a effort amount thousand security second.”, “field”: “Across six region fish yard fast pick.”, “parameter”: {}, “timestamp”: 935450225}], “currentPage”: 649, “size”: 767}

api.alarms.v1.alarm.get_alarms(keywords: list = None, keywordField: list = None, keywordMatch: str = 'all', offset: int = 0, limit: int = 25, json: bool = True, verify: bool = True, apiKey: str = '', authentication: dict = {}) → dict[source]

Get all alarms (PUBLIC)

Return type:

dict

Parameters:
  • keywords (list) – Search by keywords
  • keywordField (list) – Set field strategy for keyword search
  • keywordMatch (str) – Set match strategy for keyword search
  • offset (int) – Skip a number of alarms
  • limit (int) – Maximum number of returned alarms
Raises:
Returns:

{“offset”: 535, “limit”: 497, “responseCode”: 200, “count”: 53, “data”: [{“id”: 494, “mappings”: [{“lastUpdatedTimestamp”: 1480017764, “comments”: [{“timestamp”: 1250745557, “comment”: “Bar miss since contain lay.”}], “mappedTimestamp”: 441270359, “firstTriggeredTimestamp”: 275166127, “lastTriggeredTimestamp”: 274249159, “triggerAmount”: 136, “signature”: “Trial law social next administration involve.”, “flags”: [“SNORT”]}], “comments”: [{“timestamp”: 763430192, “comment”: “City line now best.”}], “references”: [“Along everyone nothing stay.”], “labels”: [“People magazine difficult identify go follow.”], “info”: “Yourself admit station sea turn like century center.”, “description”: “Financial play form visit him woman.”, “links”: [“Any beyond soon owner PM skin better catch.”], “createdByUser”: {“id”: 949, “customerID”: 733, “userName”: “christophercaldwell”, “name”: “David Johnson”}, “createdTimestamp”: 494391908, “lastUpdatedByUser”: {“id”: 745, “customerID”: 51, “userName”: “thompsongary”, “name”: “Kathleen Lara”}, “lastUpdatedTimestamp”: 332900523, “lastCheckedByUser”: {“id”: 770, “customerID”: 597, “userName”: “fletcherdiane”, “name”: “Wendy Washington”}, “lastCheckTimestamp”: 446025716, “nextCheckTimestamp”: 1227562837, “flags”: [“DISABLED”]}], “metaData”: {“additionalProperties”: {}}, “messages”: [{“message”: “Million wide here begin arrive environment drop.”, “messageTemplate”: “Way each miss example about.”, “field”: “National source among her.”, “parameter”: {}, “timestamp”: 496977744}], “currentPage”: 630, “size”: 829}

api.alarms.v1.alarm.map_to_alarm(id: int, signatures: list = None, json: bool = True, verify: bool = True, apiKey: str = '', authentication: dict = {}) → dict[source]

Map signatures to alarm (INTERNAL)

Return type:

dict

Parameters:
  • id (int) – ID of Alarm
  • signatures (list) – Signatures (exist/new) to be mapped to the alarm => Sanitize by regex [a-zA-Z0-9_/:@~!+-.?]*
Raises:
Returns:

{“offset”: 208, “limit”: 664, “responseCode”: 200, “count”: 490, “metaData”: {“additionalProperties”: {}}, “messages”: [{“message”: “Ever bring add much senior.”, “messageTemplate”: “Wait cost doctor deep watch analysis hair.”, “field”: “Unit task concern happy.”, “parameter”: {}, “timestamp”: 175609667}], “currentPage”: 791, “size”: 891}

api.alarms.v1.alarm.search_alarms(limit: int = None, offset: int = None, subCriteria: list = None, attackCategoryID: list = None, alarmID: list = None, alarmReferences: list = None, labels: list = None, startTimestamp: int = None, endTimestamp: int = None, timeFieldStrategy: list = None, keywords: list = None, keywordFieldStrategy: list = None, signature: list = None, sortBy: list = None, includeFlags: list = None, excludeFlags: list = None, timeMatchStrategy: str = 'any', keywordMatchStrategy: str = 'all', includeDeleted: bool = 'False', exclude: bool = 'False', required: bool = 'False', includeMappings: bool = 'False', includeComments: bool = 'False', json: bool = True, verify: bool = True, apiKey: str = '', authentication: dict = {}) → dict[source]

Get all alarms matching a given search criteria (PUBLIC)

Return type:

dict

Parameters:
  • limit (int) – Set this value to set max number of results. By default, no restriction on result set size.
  • offset (int) – Set this value to skip the first (offset) objects. By default, return result from first object.
  • subCriteria (list) –
  • attackCategoryID (list) – A set of IDs for attack categories (alarm category).
  • alarmID (list) – A set of IDs for alarms.
  • alarmReferences (list) – A set of references. It does an exact match.
  • labels (list) – A set of labels. It does an exact match.
  • startTimestamp (int) – Only include alarms based on the set TimeFieldStrategy and TimeMatchStrategy (start timestamp)
  • endTimestamp (int) – Only include alarms based on the set TimeFieldStrategy and TimeMatchStrategy (end timestamp)
  • timeFieldStrategy (list) – TimeFieldStrategy to define which timestamp field(s) to match. (default lastUpdatedTimestamp)
  • keywords (list) – A set of keywords matched against alarms based on the set KeywordFieldStrategy and KeywordMatchStrategy.
  • keywordFieldStrategy (list) – KeywordFieldStrategy to define which field(s) to match against keywords. (default all)
  • signature (list) – A set of signatures. It does an exact match.
  • sortBy (list) – List of properties to sort by (prefix with “-” to sort descending).
  • includeFlags (list) – Only include objects which have includeFlags set.
  • excludeFlags (list) – Exclude objects which have excludeFlags set.
  • timeMatchStrategy (str) – TimeMatchStrategy to define how to match startTimestamp and endTimestamp with fields. (default any)
  • keywordMatchStrategy (str) – KeywordMatchStrategy to define how to match keywords with fields. (default all)
  • includeDeleted (bool) – Set to true to include deleted objects. By default, exclude deleted objects.
  • exclude (bool) – Only relevant for subcriteria. If set to true, objects matching this subcriteria object will be excluded.
  • required (bool) – Only relevant for subcriteria. If set to true, objects matching this subcriteria are required (AND-ed together with parent criteria).
  • includeMappings (bool) – Set to include mappings in the search result. (default false)
  • includeComments (bool) – Set to include comments in the search result. (default false)
Raises:
Returns:

{“offset”: 470, “limit”: 474, “responseCode”: 200, “count”: 973, “data”: [{“id”: 273, “mappings”: [{“lastUpdatedTimestamp”: 264658383, “comments”: [{“timestamp”: 516778437, “comment”: “Allow everybody modern rich dark quality.”}], “mappedTimestamp”: 243881412, “firstTriggeredTimestamp”: 269928407, “lastTriggeredTimestamp”: 139777612, “triggerAmount”: 517, “signature”: “Difference benefit fact fund.”, “flags”: [“DELETED”]}], “comments”: [{“timestamp”: 465276867, “comment”: “In significant speech.”}], “references”: [“Front employee south memory story how.”], “labels”: [“Your bank letter these require author idea.”], “info”: “Challenge agent discuss floor another.”, “description”: “Man girl paper thus way herself.”, “links”: [“Similar vote travel respond only management.”], “createdByUser”: {“id”: 708, “customerID”: 184, “userName”: “brandonmartinez”, “name”: “Kathryn Barnes”}, “createdTimestamp”: 1041631103, “lastUpdatedByUser”: {“id”: 896, “customerID”: 617, “userName”: “ujuarez”, “name”: “Dustin Mathis”}, “lastUpdatedTimestamp”: 109694593, “lastCheckedByUser”: {“id”: 439, “customerID”: 996, “userName”: “ewalton”, “name”: “Matthew Ford”}, “lastCheckTimestamp”: 696920975, “nextCheckTimestamp”: 1347869794, “flags”: [“DISABLED”]}], “metaData”: {“additionalProperties”: {}}, “messages”: [{“message”: “Discuss art treatment term order young.”, “messageTemplate”: “Only really likely strong morning.”, “field”: “Prevent yet child smile media would.”, “parameter”: {}, “timestamp”: 799519902}], “currentPage”: 948, “size”: 763}

api.alarms.v1.alarm.unmap(id: int, signature: list = None, json: bool = True, verify: bool = True, apiKey: str = '', authentication: dict = {}) → dict[source]

Unmap signatures from alarm (INTERNAL)

Return type:

dict

Parameters:
  • id (int) – ID of Alarm
  • signature (list) – Signatures to unmap
Raises:
Returns:

{“offset”: 695, “limit”: 177, “responseCode”: 200, “count”: 745, “metaData”: {“additionalProperties”: {}}, “messages”: [{“message”: “Water factor audience someone shoulder interesting article.”, “messageTemplate”: “Single unit body close reason.”, “field”: “History policy cut ground grow.”, “parameter”: {}, “timestamp”: 885686476}], “currentPage”: 679, “size”: 337}

api.alarms.v1.alarm.update_alarm(id: int, description: str = None, info: str = None, addReferences: list = None, deleteReferences: list = None, addLinks: list = None, deleteLinks: list = None, addLabels: list = None, deleteLabels: list = None, attackCategoryID: int = 0, disabled: bool = 'False', json: bool = True, verify: bool = True, apiKey: str = '', authentication: dict = {}) → dict[source]

Update existing alarm (INTERNAL)

Return type:

dict

Parameters:
  • id (int) – ID of Alarm
  • description (str) – Update description of alarm => [sw{}$-().[]“‘_/,*+#:@!?;]*
  • info (str) – Update verbose information of alarm => format:html
  • addReferences (list) – Add vulnerability references (CVE-numbers, BID-numbers, etc) => [sw{}$-().[]“‘_/,*+#:@!?;]*
  • deleteReferences (list) – Remove vulnerability references
  • addLinks (list) – Add external links => ((https?|ftp|gopher|telnet|file):((/)|())+[wd:#@%/;$()~_?+-=.&]*)
  • deleteLinks (list) – Remove external links
  • addLabels (list) – Add labels => [sw{}$-().[]“‘_/,*+#:@!?;]*
  • deleteLabels (list) – Remove labels => [sw{}$-().[]“‘_/,*+#:@!?;]*
  • attackCategoryID (int) – Update category of alarm (unchanged if set to 0) (default 0)
  • disabled (bool) – Disable or enable alarm (unchanged if not set)
Raises:
Returns:

{“offset”: 578, “limit”: 909, “responseCode”: 200, “count”: 41, “metaData”: {“additionalProperties”: {}}, “messages”: [{“message”: “Budget human free pay put act.”, “messageTemplate”: “Unit people research production role feel.”, “field”: “Environmental cover bed would team machine.”, “parameter”: {}, “timestamp”: 280741964}], “currentPage”: 735, “size”: 489}

api.alarms.v1.category module

Autogenerated API

api.alarms.v1.category.add_category(name: str = None, info: str = None, json: bool = True, verify: bool = True, apiKey: str = '', authentication: dict = {}) → dict[source]

Add new category (INTERNAL)

Return type:

dict

Parameters:
  • name (str) – Name of added category. => [sw{}$-().[]“‘_/,*+#:@!?;]*
  • info (str) – Description of added category. => [sw{}$-().[]“‘_/,*+#:@!?;]*
Raises:
Returns:

{“offset”: 425, “limit”: 767, “responseCode”: 200, “count”: 460, “metaData”: {“additionalProperties”: {}}, “messages”: [{“message”: “Without design rich citizen water develop instead.”, “messageTemplate”: “Summer director kitchen push have purpose level.”, “field”: “Throw then job.”, “parameter”: {}, “timestamp”: 1148272253}], “currentPage”: 669, “size”: 44}

api.alarms.v1.category.delete_category(id: int, json: bool = True, verify: bool = True, apiKey: str = '', authentication: dict = {}) → dict[source]

Delete existing category (INTERNAL)

Return type:

dict

Parameters:

id (int) – ID of attack category

Raises:
Returns:

{“offset”: 559, “limit”: 171, “responseCode”: 200, “count”: 687, “metaData”: {“additionalProperties”: {}}, “messages”: [{“message”: “Agency difference best sometimes behavior here.”, “messageTemplate”: “Wind officer leave stop.”, “field”: “Out take pattern involve miss modern dog.”, “parameter”: {}, “timestamp”: 988227933}], “currentPage”: 557, “size”: 223}

api.alarms.v1.category.get_categories(keywords: list = None, keywordField: list = None, offset: int = 0, limit: int = 25, keywordMatch: str = 'all', json: bool = True, verify: bool = True, apiKey: str = '', authentication: dict = {}) → dict[source]

Get all categories (PUBLIC)

Return type:

dict

Parameters:
  • keywords (list) – Filter categories by keywords
  • keywordField (list) – Set field strategy for keyword search
  • offset (int) – Skip a number of categories
  • limit (int) – Maximum number of returned categories
  • keywordMatch (str) – Set match strategy for keyword search
Raises:
Returns:

{“offset”: 456, “limit”: 444, “responseCode”: 200, “count”: 192, “data”: [{“id”: 16, “info”: “Me woman market wall phone bring.”, “name”: “Richard Smith”, “flags”: [“DISABLED”]}], “metaData”: {“additionalProperties”: {}}, “messages”: [{“message”: “Response enter what put measure.”, “messageTemplate”: “Parent condition data information night want city their.”, “field”: “Office identify specific card laugh summer.”, “parameter”: {}, “timestamp”: 904638266}], “currentPage”: 418, “size”: 972}

api.alarms.v1.category.get_category_by_id(id: int, json: bool = True, verify: bool = True, apiKey: str = '', authentication: dict = {}) → dict[source]

Get category by Id (PUBLIC)

Return type:

dict

Parameters:

id (int) – ID of category

Raises:
Returns:

{“offset”: 567, “limit”: 110, “responseCode”: 200, “count”: 665, “metaData”: {“additionalProperties”: {}}, “messages”: [{“message”: “Them form leave game ball blue red risk.”, “messageTemplate”: “Moment issue message hard later lose daughter.”, “field”: “Charge employee them sort task benefit nice.”, “parameter”: {}, “timestamp”: 1375235543}], “currentPage”: 997, “size”: 825}

api.alarms.v1.category.search_categories(limit: int = None, offset: int = None, subCriteria: list = None, attackCategoryID: list = None, keywords: list = None, keywordFieldStrategy: list = None, sortBy: list = None, includeFlags: list = None, excludeFlags: list = None, keywordMatchStrategy: str = 'all', includeDeleted: bool = 'False', exclude: bool = 'False', required: bool = 'False', json: bool = True, verify: bool = True, apiKey: str = '', authentication: dict = {}) → dict[source]

Get all categories matching a given search criteria (PUBLIC)

Return type:

dict

Parameters:
  • limit (int) – Set this value to set max number of results. By default, no restriction on result set size.
  • offset (int) – Set this value to skip the first (offset) objects. By default, return result from first object.
  • subCriteria (list) –
  • attackCategoryID (list) – A set of IDs for attack categories (alarm category).
  • keywords (list) – A set of keywords matched against categories based on the set KeywordFieldStrategy and KeywordMatchStrategy.
  • keywordFieldStrategy (list) – KeywordFieldStrategy to define which field(s) to match against keywords. (default all)
  • sortBy (list) – List of properties to sort by (prefix with “-” to sort descending).
  • includeFlags (list) – Only include objects which have includeFlags set.
  • excludeFlags (list) – Exclude objects which have excludeFlags set.
  • keywordMatchStrategy (str) – KeywordMatchStrategy to define how to match keywords with fields. (default all)
  • includeDeleted (bool) – Set to true to include deleted objects. By default, exclude deleted objects.
  • exclude (bool) – Only relevant for subcriteria. If set to true, objects matching this subcriteria object will be excluded.
  • required (bool) – Only relevant for subcriteria. If set to true, objects matching this subcriteria are required (AND-ed together with parent criteria).
Raises:
Returns:

{“offset”: 33, “limit”: 72, “responseCode”: 200, “count”: 552, “data”: [{“id”: 0, “info”: “Their garden could picture rich.”, “name”: “Alan Collins”, “flags”: [“DELETED”]}], “metaData”: {“additionalProperties”: {}}, “messages”: [{“message”: “Thought three pressure get partner.”, “messageTemplate”: “Since check focus natural movie sea throughout surface.”, “field”: “Book American away image leader.”, “parameter”: {}, “timestamp”: 696382532}], “currentPage”: 513, “size”: 339}

api.alarms.v1.category.update_category(id: int, name: str = None, info: str = None, disabled: bool = 'False', json: bool = True, verify: bool = True, apiKey: str = '', authentication: dict = {}) → dict[source]

Update existing category (INTERNAL)

Return type:

dict

Parameters:
  • id (int) – ID of attack category
  • name (str) – Update name of category. => [sw{}$-().[]“‘_/,*+#:@!?;]*
  • info (str) – Update description of category. => [sw{}$-().[]“‘_/,*+#:@!?;]*
  • disabled (bool) – Disable or enable category (unchanged if not set)
Raises:
Returns:

{“offset”: 492, “limit”: 908, “responseCode”: 200, “count”: 144, “metaData”: {“additionalProperties”: {}}, “messages”: [{“message”: “Black speech oil various partner network.”, “messageTemplate”: “Good theory unit important least.”, “field”: “Everyone thank wall participant use.”, “parameter”: {}, “timestamp”: 218025499}], “currentPage”: 615, “size”: 877}

api.alarms.v1.signature module

Autogenerated API

api.alarms.v1.signature.delete_signatures(signature: list = None, json: bool = True, verify: bool = True, apiKey: str = '', authentication: dict = {}) → dict[source]

Delete signatures. They must not be mapped to an alarm. (INTERNAL)

Return type:

dict

Parameters:

signature (list) – Signatures to delete

Raises:
Returns:

{“offset”: 828, “limit”: 12, “responseCode”: 200, “count”: 421, “data”: [{“lastUpdatedByUser”: {“id”: 588, “customerID”: 578, “userName”: “murrayspencer”, “name”: “Nicole Lynch”}, “lastUpdatedTimestamp”: 224105481, “comments”: [{“timestamp”: 744027375, “comment”: “Find control far agreement expect remember.”}], “mappedTimestamp”: 481980376, “mappedByUser”: {“id”: 410, “customerID”: 510, “userName”: “glassbradley”, “name”: “Scott Mcbride”}, “firstTriggeredTimestamp”: 642006565, “lastTriggeredTimestamp”: 494735336, “triggerAmount”: 973, “signature”: “Stock stock everything peace month thing wife finally.”, “flags”: [“SNORT”]}], “metaData”: {“additionalProperties”: {}}, “messages”: [{“message”: “Process break executive us civil.”, “messageTemplate”: “Production business forward treat be.”, “field”: “Property natural difference business after.”, “parameter”: {}, “timestamp”: 861379580}], “currentPage”: 584, “size”: 754}

api.alarms.v1.signature.get_signatures(keywords: list = None, keywordField: list = None, keywordMatch: str = 'all', offset: int = 0, limit: int = 25, json: bool = True, verify: bool = True, apiKey: str = '', authentication: dict = {}) → dict[source]

Get all signatures including alarms if mapped (PUBLIC)

Return type:

dict

Parameters:
  • keywords (list) – Search by keywords
  • keywordField (list) – Set field strategy for keyword search
  • keywordMatch (str) – Set match strategy for keyword search
  • offset (int) – Skip a number of signatures
  • limit (int) – Maximum number of returned signatures
Raises:
Returns:

{“offset”: 477, “limit”: 232, “responseCode”: 200, “count”: 702, “data”: [{“lastUpdatedByUser”: {“id”: 524, “customerID”: 344, “userName”: “carla95”, “name”: “Megan Ball”}, “lastUpdatedTimestamp”: 1198308869, “comments”: [{“timestamp”: 1106784534, “comment”: “Magazine industry able over center road anything.”}], “mappedTimestamp”: 1169316911, “mappedByUser”: {“id”: 864, “customerID”: 9, “userName”: “aaron02”, “name”: “Carlos Buckley”}, “firstTriggeredTimestamp”: 115814846, “lastTriggeredTimestamp”: 1440676452, “triggerAmount”: 584, “signature”: “Campaign into law term rest.”, “flags”: [“SNORT”]}], “metaData”: {“additionalProperties”: {}}, “messages”: [{“message”: “Take member country fear.”, “messageTemplate”: “Force cut place.”, “field”: “Great consider by.”, “parameter”: {}, “timestamp”: 1167442747}], “currentPage”: 928, “size”: 759}

api.alarms.v1.signature.search_signatures(limit: int = None, offset: int = None, includeFlags: int = None, excludeFlags: int = None, subCriteria: list = None, attackCategoryID: list = None, alarmID: list = None, signature: list = None, minTriggerAmount: int = None, maxTriggerAmount: int = None, startTimestamp: int = None, endTimestamp: int = None, timeFieldStrategy: list = None, keywords: list = None, keywordFieldStrategy: list = None, sortBy: list = None, timeMatchStrategy: str = 'any', keywordMatchStrategy: str = 'all', includeDeleted: bool = 'False', exclude: bool = 'False', required: bool = 'False', json: bool = True, verify: bool = True, apiKey: str = '', authentication: dict = {}) → dict[source]

Get all signatures matching a given search criteria (PUBLIC)

Return type:

dict

Parameters:
  • limit (int) – Set this value to set max number of results. By default, no restriction on result set size.
  • offset (int) – Set this value to skip the first (offset) objects. By default, return result from first object.
  • includeFlags (int) – Only include objects which have includeFlags set.
  • excludeFlags (int) – Exclude objects which have excludeFlags set.
  • subCriteria (list) –
  • attackCategoryID (list) – A set of IDs for attack categories (alarm category).
  • alarmID (list) – A set of IDs for alarms.
  • signature (list) – A set of signatures. It does an exact match.
  • minTriggerAmount (int) – Minimum trigger amount, default 0 means disabled
  • maxTriggerAmount (int) – Maximum trigger amount, default 0 means disabled
  • startTimestamp (int) – Only include mappings based on the set TimeFieldStrategy and TimeMatchStrategy (start timestamp)
  • endTimestamp (int) – Only include mappings based on the set TimeFieldStrategy and TimeMatchStrategy (end timestamp)
  • timeFieldStrategy (list) – TimeFieldStrategy to define which timestamp field(s) to match. (default lastTriggeredTimestamp)
  • keywords (list) – A set of keywords matched against mappings based on the set KeywordFieldStrategy and KeywordMatchStrategy.
  • keywordFieldStrategy (list) – KeywordFieldStrategy to define which field(s) to match against keywords. (default all)
  • sortBy (list) – List of properties to sort by (prefix with “-” to sort descending).
  • timeMatchStrategy (str) – TimeMatchStrategy to define how to match startTimestamp and endTimestamp with fields. (default any)
  • keywordMatchStrategy (str) – KeywordMatchStrategy to define how to match keywords with fields. (default all)
  • includeDeleted (bool) – Set to true to include deleted objects. By default, exclude deleted objects.
  • exclude (bool) – Only relevant for subcriteria. If set to true, objects matching this subcriteria object will be excluded.
  • required (bool) – Only relevant for subcriteria. If set to true, objects matching this subcriteria are required (AND-ed together with parent criteria).
Raises:
Returns:

{“offset”: 239, “limit”: 453, “responseCode”: 200, “count”: 489, “data”: [{“lastUpdatedByUser”: {“id”: 370, “customerID”: 129, “userName”: “melissamiller”, “name”: “Victoria Gallegos”}, “lastUpdatedTimestamp”: 1221347080, “comments”: [{“timestamp”: 800704064, “comment”: “Book challenge religious service exactly store.”}], “mappedTimestamp”: 1380738237, “mappedByUser”: {“id”: 832, “customerID”: 453, “userName”: “colleen04”, “name”: “Catherine Watts”}, “firstTriggeredTimestamp”: 336395551, “lastTriggeredTimestamp”: 212157329, “triggerAmount”: 748, “signature”: “Would us change.”, “flags”: [“DELETED”]}], “metaData”: {“additionalProperties”: {}}, “messages”: [{“message”: “On real simple fund ago black beyond.”, “messageTemplate”: “Upon town face serious house.”, “field”: “Able wind get another above.”, “parameter”: {}, “timestamp”: 830623849}], “currentPage”: 684, “size”: 736}

Module contents