- play_arrow What's New in REST API Version 17.0
- play_arrow Access Endpoints
- play_arrow Access Endpoints
- play_arrow Analytics Endpoints
- play_arrow Analytics Endpoints
- GET /analytics/ade_rules
- GET /analytics/ade_rules/ade_rule_delete_tasks/{task_id}
- GET /analytics/ade_rules/ade_rule_dependent_tasks/{task_id}
- POST /analytics/ade_rules/ade_rule_dependent_tasks/{task_id}
- GET /analytics/ade_rules/ade_rule_dependent_tasks/{task_id}/results
- DELETE /analytics/ade_rules/{id}
- GET /analytics/ade_rules/{id}
- POST /analytics/ade_rules/{id}
- GET /analytics/ade_rules/{id}/dependents
- GET /analytics/building_blocks
- GET /analytics/building_blocks/building_block_delete_tasks/{task_id}
- GET /analytics/building_blocks/building_block_dependent_tasks/{task_id}
- POST /analytics/building_blocks/building_block_dependent_tasks/{task_id}
- GET /analytics/building_blocks/building_block_dependent_tasks/{task_id}/results
- DELETE /analytics/building_blocks/{id}
- GET /analytics/building_blocks/{id}
- POST /analytics/building_blocks/{id}
- GET /analytics/building_blocks/{id}/dependents
- GET /analytics/custom_actions/actions
- POST /analytics/custom_actions/actions
- DELETE /analytics/custom_actions/actions/{action_id}
- GET /analytics/custom_actions/actions/{action_id}
- POST /analytics/custom_actions/actions/{action_id}
- GET /analytics/custom_actions/interpreters
- GET /analytics/custom_actions/interpreters/{interpreter_id}
- GET /analytics/custom_actions/scripts
- POST /analytics/custom_actions/scripts
- DELETE /analytics/custom_actions/scripts/{script_id}
- GET /analytics/custom_actions/scripts/{script_id}
- POST /analytics/custom_actions/scripts/{script_id}
- GET /analytics/rule_groups
- DELETE /analytics/rule_groups/{group_id}
- GET /analytics/rule_groups/{group_id}
- POST /analytics/rule_groups/{group_id}
- GET /analytics/rules
- DELETE /analytics/rules/{id}
- GET /analytics/rules/{id}
- POST /analytics/rules/{id}
- GET /analytics/rules/{id}/dependents
- GET /analytics/rules/rule_delete_tasks/{task_id}
- GET /analytics/rules/rule_dependent_tasks/{task_id}
- POST /analytics/rules/rule_dependent_tasks/{task_id}
- GET /analytics/rules/rule_dependent_tasks/{task_id}/results
- GET /analytics/rules_offense_contributions
- play_arrow Ariel Endpoints
- play_arrow Ariel Endpoints
- GET /ariel/databases
- GET /ariel/databases/{database_name}
- GET /ariel/event_saved_search_groups
- DELETE /ariel/event_saved_search_groups/{group_id}
- GET /ariel/event_saved_search_groups/{group_id}
- POST /ariel/event_saved_search_groups/{group_id}
- GET /ariel/flow_saved_search_groups
- DELETE /ariel/flow_saved_search_groups/{group_id}
- GET /ariel/flow_saved_search_groups/{group_id}
- POST /ariel/flow_saved_search_groups/{group_id}
- GET /ariel/flow_vlans
- POST /ariel/flow_vlans
- DELETE /ariel/flow_vlans/{id}
- GET /ariel/flow_vlans/{id}
- GET /ariel/functions
- GET /ariel/functions/{function_name}
- GET /ariel/lookups
- POST /ariel/lookups
- DELETE /ariel/lookups/{name}
- GET /ariel/lookups/{name}
- POST /ariel/lookups/{name}
- GET /ariel/parser_keywords
- POST /ariel/processors/aql_metadata
- GET /ariel/saved_search_delete_tasks/{task_id}
- GET /ariel/saved_search_dependent_tasks/{task_id}
- POST /ariel/saved_search_dependent_tasks/{task_id}
- GET /ariel/saved_search_dependent_tasks/{task_id}/results
- GET /ariel/saved_searches
- DELETE /ariel/saved_searches/{id}
- GET /ariel/saved_searches/{id}
- POST /ariel/saved_searches/{id}
- GET /ariel/saved_searches/{id}/dependents
- GET /ariel/searches
- POST /ariel/searches
- DELETE /ariel/searches/{search_id}
- GET /ariel/searches/{search_id}
- POST /ariel/searches/{search_id}
- GET /ariel/searches/{search_id}/metadata
- GET /ariel/searches/{search_id}/results
- GET /ariel/taggedfieldcategories
- POST /ariel/taggedfieldcategories
- DELETE /ariel/taggedfieldcategories/{id}
- GET /ariel/taggedfieldcategories/{id}
- POST /ariel/taggedfieldcategories/{id}
- GET /ariel/taggedfields
- POST /ariel/taggedfields
- DELETE /ariel/taggedfields/{id}
- GET /ariel/taggedfields/{id}
- POST /ariel/taggedfields/{id}
- POST /ariel/validators/aql
- play_arrow Asset_model Endpoints
- play_arrow Asset_model Endpoints
- GET /asset_model/assets
- POST /asset_model/assets/{asset_id}
- GET /asset_model/configuration
- POST /asset_model/configuration
- GET /asset_model/properties
- GET /asset_model/saved_search_groups
- DELETE /asset_model/saved_search_groups/{group_id}
- GET /asset_model/saved_search_groups/{group_id}
- POST /asset_model/saved_search_groups/{group_id}
- GET /asset_model/saved_searches
- DELETE /asset_model/saved_searches/{saved_search_id}
- GET /asset_model/saved_searches/{saved_search_id}
- POST /asset_model/saved_searches/{saved_search_id}
- GET /asset_model/saved_searches/{saved_search_id}/results
- play_arrow Auth Endpoints
- play_arrow Auth Endpoints
- play_arrow Backup_and_restore Endpoints
- play_arrow Backup_and_restore Endpoints
- GET /backup_and_restore/backups
- POST /backup_and_restore/backups
- DELETE /backup_and_restore/backups/{id}
- GET /backup_and_restore/backups/{id}
- POST /backup_and_restore/backups/{id}
- GET /backup_and_restore/restores
- POST /backup_and_restore/restores
- DELETE /backup_and_restore/restores/{id}
- GET /backup_and_restore/restores/{id}
- POST /backup_and_restore/restores/{id}
- play_arrow Bandwidth_manager Endpoints
- play_arrow Bandwidth_manager Endpoints
- GET /bandwidth_manager/configurations
- POST /bandwidth_manager/configurations
- DELETE /bandwidth_manager/configurations/{id}
- GET /bandwidth_manager/configurations/{id}
- POST /bandwidth_manager/configurations/{id}
- GET /bandwidth_manager/filters
- POST /bandwidth_manager/filters
- DELETE /bandwidth_manager/filters/{id}
- GET /bandwidth_manager/filters/{id}
- POST /bandwidth_manager/filters/{id}
- play_arrow Config Endpoints
- play_arrow Config Endpoints
- GET /config/access/authorized_services
- POST /config/access/authorized_services
- DELETE /config/access/authorized_services/{id}
- GET /config/access/authorized_services/{id}
- POST /config/access/authorized_services/{id}
- GET /config/access/security_profiles
- GET /config/access/security_profiles/{id}
- GET /config/access/tenant_management/tenants
- POST /config/access/tenant_management/tenants
- DELETE /config/access/tenant_management/tenants/{tenant_id}
- GET /config/access/tenant_management/tenants/{tenant_id}
- POST /config/access/tenant_management/tenants/{tenant_id}
- GET /config/access/user_dependent_tasks/{task_id}
- POST /config/access/user_dependent_tasks/{task_id}
- GET /config/access/user_dependent_tasks/{task_id}/results
- GET /config/access/user_roles
- GET /config/access/user_roles/{id}
- GET /config/access/users
- GET /config/access/users/{id}
- POST /config/access/users/{id}
- GET /config/access/users/{id}/dependents
- GET /config/backup_and_restore/scheduled_backup_configurations
- GET /config/backup_and_restore/scheduled_backup_configurations/{id}
- GET /config/certificates/components
- GET /config/certificates/end_certificates
- GET /config/certificates/end_certificates/{id}
- GET /config/certificates/end_certificates/{id}/full_chain
- GET /config/certificates/root_certificates
- GET /config/certificates/root_certificates/{id}
- GET /config/certificates/root_certificates/{id}/get_dependant_ids
- GET /config/deployment/hosts
- GET /config/deployment/hosts/{id}
- POST /config/deployment/hosts/{id}
- GET /config/deployment/hosts/{id}/tunnels
- GET /config/deployment/license_pool
- GET /config/domain_management/domains
- POST /config/domain_management/domains
- DELETE /config/domain_management/domains/{domain_id}
- GET /config/domain_management/domains/{domain_id}
- POST /config/domain_management/domains/{domain_id}
- GET /config/event_retention_buckets
- DELETE /config/event_retention_buckets/{id}
- GET /config/event_retention_buckets/{id}
- POST /config/event_retention_buckets/{id}
- GET /config/event_sources/custom_properties/calculated_properties
- POST /config/event_sources/custom_properties/calculated_properties
- DELETE /config/event_sources/custom_properties/calculated_properties/{calculated_property_id}
- GET /config/event_sources/custom_properties/calculated_properties/{calculated_property_id}
- POST /config/event_sources/custom_properties/calculated_properties/{calculated_property_id}
- GET /config/event_sources/custom_properties/calculated_properties/{calculated_property_id}/dependents
- GET /config/event_sources/custom_properties/calculated_properties/{calculated_property_id}/dependents/disable
- GET /config/event_sources/custom_properties/calculated_properties/dep/{calculated_property_id}
- GET /config/event_sources/custom_properties/calculated_property/{calculated_property_name}
- GET /config/event_sources/custom_properties/calculated_property_delete_tasks/{task_id}
- GET /config/event_sources/custom_properties/calculated_property_dependent_tasks/disable/{task_id}
- POST /config/event_sources/custom_properties/calculated_property_dependent_tasks/disable/{task_id}
- GET /config/event_sources/custom_properties/calculated_property_dependent_tasks/disable/{task_id}/results
- GET /config/event_sources/custom_properties/calculated_property_dependent_tasks/{task_id}
- POST /config/event_sources/custom_properties/calculated_property_dependent_tasks/{task_id}
- GET /config/event_sources/custom_properties/calculated_property_dependent_tasks/{task_id}/results
- GET /config/event_sources/custom_properties/calculated_property_operands
- GET /config/event_sources/custom_properties/property_aql_expressions
- POST /config/event_sources/custom_properties/property_aql_expressions
- DELETE /config/event_sources/custom_properties/property_aql_expressions/{expression_id}
- GET /config/event_sources/custom_properties/property_aql_expressions/{expression_id}
- POST /config/event_sources/custom_properties/property_aql_expressions/{expression_id}
- GET /config/event_sources/custom_properties/property_calculated_expressions
- POST /config/event_sources/custom_properties/property_calculated_expressions
- DELETE /config/event_sources/custom_properties/property_calculated_expressions/{expression_id}
- GET /config/event_sources/custom_properties/property_calculated_expressions/{expression_id}
- POST /config/event_sources/custom_properties/property_calculated_expressions/{expression_id}
- GET /config/event_sources/custom_properties/property_cef_expressions
- POST /config/event_sources/custom_properties/property_cef_expressions
- DELETE /config/event_sources/custom_properties/property_cef_expressions/{expression_id}
- GET /config/event_sources/custom_properties/property_cef_expressions/{expression_id}
- POST /config/event_sources/custom_properties/property_cef_expressions/{expression_id}
- GET /config/event_sources/custom_properties/property_expressions
- POST /config/event_sources/custom_properties/property_expressions
- DELETE /config/event_sources/custom_properties/property_expressions/{expression_id}
- GET /config/event_sources/custom_properties/property_expressions/{expression_id}
- POST /config/event_sources/custom_properties/property_expressions/{expression_id}
- GET /config/event_sources/custom_properties/property_genericlist_expressions
- POST /config/event_sources/custom_properties/property_genericlist_expressions
- DELETE /config/event_sources/custom_properties/property_genericlist_expressions/{expression_id}
- GET /config/event_sources/custom_properties/property_genericlist_expressions/{expression_id}
- POST /config/event_sources/custom_properties/property_genericlist_expressions/{expression_id}
- GET /config/event_sources/custom_properties/property_json_expressions
- POST /config/event_sources/custom_properties/property_json_expressions
- DELETE /config/event_sources/custom_properties/property_json_expressions/{expression_id}
- GET /config/event_sources/custom_properties/property_json_expressions/{expression_id}
- POST /config/event_sources/custom_properties/property_json_expressions/{expression_id}
- GET /config/event_sources/custom_properties/property_leef_expressions
- POST /config/event_sources/custom_properties/property_leef_expressions
- DELETE /config/event_sources/custom_properties/property_leef_expressions/{expression_id}
- GET /config/event_sources/custom_properties/property_leef_expressions/{expression_id}
- POST /config/event_sources/custom_properties/property_leef_expressions/{expression_id}
- GET /config/event_sources/custom_properties/property_nvp_expressions
- POST /config/event_sources/custom_properties/property_nvp_expressions
- DELETE /config/event_sources/custom_properties/property_nvp_expressions/{expression_id}
- GET /config/event_sources/custom_properties/property_nvp_expressions/{expression_id}
- POST /config/event_sources/custom_properties/property_nvp_expressions/{expression_id}
- GET /config/event_sources/custom_properties/property_xml_expressions
- POST /config/event_sources/custom_properties/property_xml_expressions
- DELETE /config/event_sources/custom_properties/property_xml_expressions/{expression_id}
- GET /config/event_sources/custom_properties/property_xml_expressions/{expression_id}
- POST /config/event_sources/custom_properties/property_xml_expressions/{expression_id}
- GET /config/event_sources/custom_properties/regex_properties
- POST /config/event_sources/custom_properties/regex_properties
- DELETE /config/event_sources/custom_properties/regex_properties/{regex_property_id}
- GET /config/event_sources/custom_properties/regex_properties/{regex_property_id}
- POST /config/event_sources/custom_properties/regex_properties/{regex_property_id}
- GET /config/event_sources/custom_properties/regex_properties/{regex_property_id}/dependents
- GET /config/event_sources/custom_properties/regex_properties/{regex_property_id}/dependents/change_field_type
- GET /config/event_sources/custom_properties/regex_properties/{regex_property_id}/dependents/disable
- GET /config/event_sources/custom_properties/regex_property_delete_tasks/{task_id}
- GET /config/event_sources/custom_properties/regex_property_dependent_tasks/change_field_type/{task_id}
- POST /config/event_sources/custom_properties/regex_property_dependent_tasks/change_field_type/{task_id}
- GET /config/event_sources/custom_properties/regex_property_dependent_tasks/change_field_type/{task_id}/results
- GET /config/event_sources/custom_properties/regex_property_dependent_tasks/disable/{task_id}
- POST /config/event_sources/custom_properties/regex_property_dependent_tasks/disable/{task_id}
- GET /config/event_sources/custom_properties/regex_property_dependent_tasks/disable/{task_id}/results
- GET /config/event_sources/custom_properties/regex_property_dependent_tasks/{task_id}
- POST /config/event_sources/custom_properties/regex_property_dependent_tasks/{task_id}
- GET /config/event_sources/custom_properties/regex_property_dependent_tasks/{task_id}/results
- GET /config/event_sources/disconnected_log_collectors
- POST /config/event_sources/disconnected_log_collectors
- DELETE /config/event_sources/disconnected_log_collectors/{id}
- GET /config/event_sources/disconnected_log_collectors/{id}
- POST /config/event_sources/disconnected_log_collectors/{id}
- GET /config/event_sources/event_collectors
- GET /config/event_sources/event_collectors/{id}
- POST /config/event_sources/generated_regexes
- GET /config/event_sources/log_source_management/autodetection/config_records
- POST /config/event_sources/log_source_management/autodetection/config_records
- GET /config/event_sources/log_source_management/autodetection/config_records/{config_id}
- POST /config/event_sources/log_source_management/autodetection/config_records/{config_id}
- GET /config/event_sources/log_source_management/log_source_bulk_tasks/{id}
- POST /config/event_sources/log_source_management/log_source_bulk_tasks/{id}
- GET /config/event_sources/log_source_management/log_source_extensions
- GET /config/event_sources/log_source_management/log_source_extensions/{id}
- GET /config/event_sources/log_source_management/log_source_groups
- POST /config/event_sources/log_source_management/log_source_groups
- GET /config/event_sources/log_source_management/log_source_groups/{id}
- GET /config/event_sources/log_source_management/log_source_languages
- GET /config/event_sources/log_source_management/log_source_languages/{id}
- POST /config/event_sources/log_source_management/log_source_statistics
- GET /config/event_sources/log_source_management/log_source_types
- POST /config/event_sources/log_source_management/log_source_types
- GET /config/event_sources/log_source_management/log_source_types/dsm_parameter_configuration/dsm_parameter_allowed_values
- PATCH /config/event_sources/log_source_management/log_source_types/dsm_parameter_configuration/dsm_parameter_allowed_values
- DELETE /config/event_sources/log_source_management/log_source_types/dsm_parameter_configuration/dsm_parameter_allowed_values/{id}
- GET /config/event_sources/log_source_management/log_source_types/dsm_parameter_configuration/dsm_parameter_allowed_values/{id}
- POST /config/event_sources/log_source_management/log_source_types/dsm_parameter_configuration/dsm_parameter_allowed_values/{id}
- GET /config/event_sources/log_source_management/log_source_types/dsm_parameter_configuration/dsm_parameter_definition
- GET /config/event_sources/log_source_management/log_source_types/dsm_parameter_configuration/dsm_parameters
- PATCH /config/event_sources/log_source_management/log_source_types/dsm_parameter_configuration/dsm_parameters
- DELETE /config/event_sources/log_source_management/log_source_types/dsm_parameter_configuration/dsm_parameters/{id}
- GET /config/event_sources/log_source_management/log_source_types/dsm_parameter_configuration/dsm_parameters/{id}
- POST /config/event_sources/log_source_management/log_source_types/dsm_parameter_configuration/dsm_parameters/{id}
- DELETE /config/event_sources/log_source_management/log_source_types/{id}
- GET /config/event_sources/log_source_management/log_source_types/{id}
- POST /config/event_sources/log_source_management/log_source_types/{id}
- GET /config/event_sources/log_source_management/log_sources
- PATCH /config/event_sources/log_source_management/log_sources
- POST /config/event_sources/log_source_management/log_sources
- DELETE /config/event_sources/log_source_management/log_sources/{id}
- GET /config/event_sources/log_source_management/log_sources/{id}
- POST /config/event_sources/log_source_management/log_sources/{id}
- GET /config/event_sources/log_source_management/protocol_types
- GET /config/event_sources/log_source_management/protocol_types/{id}
- GET /config/event_sources/property_discovery_profiles
- POST /config/event_sources/property_discovery_profiles
- DELETE /config/event_sources/property_discovery_profiles/{id}
- GET /config/event_sources/property_discovery_profiles/{id}
- POST /config/event_sources/property_discovery_profiles/{id}
- GET /config/event_sources/wincollect/wincollect_agents
- GET /config/event_sources/wincollect/wincollect_agents/{id}
- GET /config/event_sources/wincollect/wincollect_destinations
- GET /config/event_sources/wincollect/wincollect_destinations/{id}
- POST /config/extension_management/extension_export_tasks
- GET /config/extension_management/extension_export_tasks/{task_id}
- GET /config/extension_management/extension_export_tasks/{task_id}/extension_export
- GET /config/extension_management/extension_export_tasks/{task_id}/results
- GET /config/extension_management/extensions
- POST /config/extension_management/extensions
- DELETE /config/extension_management/extensions/{extension_id}
- GET /config/extension_management/extensions/{extension_id}
- POST /config/extension_management/extensions/{extension_id}
- POST /config/extension_management/extensions/{extension_id}/metadata
- GET /config/extension_management/extensions_task_status/{status_id}
- GET /config/extension_management/extensions_task_status/{status_id}/results
- GET /config/flow/applications/active_applications
- GET /config/flow/applications/active_applications/{id}
- GET /config/flow/applications/default_applications
- GET /config/flow/applications/default_applications/{id}
- GET /config/flow/common_destination_ports/active_configurations
- POST /config/flow/common_destination_ports/active_configurations
- DELETE /config/flow/common_destination_ports/active_configurations/{id}
- GET /config/flow/common_destination_ports/active_configurations/{id}
- POST /config/flow/common_destination_ports/active_configurations/{id}
- GET /config/flow/common_destination_ports/default_configurations
- GET /config/flow/common_destination_ports/default_configurations/{id}
- GET /config/flow_retention_buckets
- DELETE /config/flow_retention_buckets/{id}
- GET /config/flow_retention_buckets/{id}
- POST /config/flow_retention_buckets/{id}
- GET /config/flow_sources/custom_properties/calculated_properties
- POST /config/flow_sources/custom_properties/calculated_properties
- DELETE /config/flow_sources/custom_properties/calculated_properties/{calculated_property_id}
- GET /config/flow_sources/custom_properties/calculated_properties/{calculated_property_id}
- POST /config/flow_sources/custom_properties/calculated_properties/{calculated_property_id}
- GET /config/flow_sources/custom_properties/calculated_properties/{calculated_property_id}/dependents
- GET /config/flow_sources/custom_properties/calculated_properties/{calculated_property_id}/dependents/disable
- GET /config/flow_sources/custom_properties/calculated_properties/dep/{calculated_property_id}
- GET /config/flow_sources/custom_properties/calculated_property/{calculated_property_name}
- GET /config/flow_sources/custom_properties/calculated_property_delete_tasks/{task_id}
- GET /config/flow_sources/custom_properties/calculated_property_dependent_tasks/disable/{task_id}
- POST /config/flow_sources/custom_properties/calculated_property_dependent_tasks/disable/{task_id}
- GET /config/flow_sources/custom_properties/calculated_property_dependent_tasks/disable/{task_id}/results
- GET /config/flow_sources/custom_properties/calculated_property_dependent_tasks/{task_id}
- POST /config/flow_sources/custom_properties/calculated_property_dependent_tasks/{task_id}
- GET /config/flow_sources/custom_properties/calculated_property_dependent_tasks/{task_id}/results
- GET /config/flow_sources/custom_properties/calculated_property_operands
- GET /config/flow_sources/custom_properties/property_expressions
- POST /config/flow_sources/custom_properties/property_expressions
- DELETE /config/flow_sources/custom_properties/property_expressions/{expression_id}
- GET /config/flow_sources/custom_properties/property_expressions/{expression_id}
- POST /config/flow_sources/custom_properties/property_expressions/{expression_id}
- GET /config/flow_sources/custom_properties/regex_properties
- POST /config/flow_sources/custom_properties/regex_properties
- DELETE /config/flow_sources/custom_properties/regex_properties/{regex_property_id}
- GET /config/flow_sources/custom_properties/regex_properties/{regex_property_id}
- POST /config/flow_sources/custom_properties/regex_properties/{regex_property_id}
- GET /config/flow_sources/custom_properties/regex_properties/{regex_property_id}/dependents
- GET /config/flow_sources/custom_properties/regex_properties/{regex_property_id}/dependents/change_field_type
- GET /config/flow_sources/custom_properties/regex_properties/{regex_property_id}/disabling_dependents
- GET /config/flow_sources/custom_properties/regex_property_delete_tasks/{task_id}
- GET /config/flow_sources/custom_properties/regex_property_dependent_tasks/change_field_type/{task_id}
- POST /config/flow_sources/custom_properties/regex_property_dependent_tasks/change_field_type/{task_id}
- GET /config/flow_sources/custom_properties/regex_property_dependent_tasks/change_field_type/{task_id}/results
- GET /config/flow_sources/custom_properties/regex_property_dependent_tasks/disable/{task_id}
- POST /config/flow_sources/custom_properties/regex_property_dependent_tasks/disable/{task_id}
- GET /config/flow_sources/custom_properties/regex_property_dependent_tasks/disable/{task_id}/results
- GET /config/flow_sources/custom_properties/regex_property_dependent_tasks/{task_id}
- POST /config/flow_sources/custom_properties/regex_property_dependent_tasks/{task_id}
- GET /config/flow_sources/custom_properties/regex_property_dependent_tasks/{task_id}/results
- GET /config/network_hierarchy/networks
- GET /config/network_hierarchy/staged_networks
- PUT /config/network_hierarchy/staged_networks
- GET /config/remote_networks
- GET /config/remote_networks/{network_id}
- GET /config/remote_services
- GET /config/remote_services/{service_id}
- POST /config/resilient/test
- GET /config/resilient/test/{task_id}
- GET /config/resource_restrictions
- POST /config/resource_restrictions
- DELETE /config/resource_restrictions/{resource_restriction_id}
- GET /config/resource_restrictions/{resource_restriction_id}
- PUT /config/resource_restrictions/{resource_restriction_id}
- GET /config/store_and_forward/policies
- DELETE /config/store_and_forward/policies/{id}
- GET /config/store_and_forward/policies/{id}
- POST /config/store_and_forward/policies/{id}
- play_arrow Data_classification Endpoints
- play_arrow Data_classification Endpoints
- GET /data_classification/dsm_event_mappings
- POST /data_classification/dsm_event_mappings
- GET /data_classification/dsm_event_mappings/{dsm_event_mapping_id}
- POST /data_classification/dsm_event_mappings/{dsm_event_mapping_id}
- GET /data_classification/high_level_categories
- GET /data_classification/high_level_categories/{high_level_category_id}
- GET /data_classification/low_level_categories
- GET /data_classification/low_level_categories/{low_level_category_id}
- GET /data_classification/qid_records
- POST /data_classification/qid_records
- GET /data_classification/qid_records/{qid_record_id}
- POST /data_classification/qid_records/{qid_record_id}
- play_arrow Disaster_recovery Endpoints
- play_arrow Dynamic_search Endpoints
- play_arrow Dynamic_search Endpoints
- GET /dynamic_search/saved_queries
- POST /dynamic_search/saved_queries
- DELETE /dynamic_search/saved_queries/{id}
- GET /dynamic_search/saved_queries/{id}
- GET /dynamic_search/schemas
- GET /dynamic_search/schemas/{name}
- GET /dynamic_search/schemas/{name}/fields
- GET /dynamic_search/schemas/{name}/functions
- GET /dynamic_search/schemas/{name}/operators
- GET /dynamic_search/searches
- POST /dynamic_search/searches
- DELETE /dynamic_search/searches/{handle}
- GET /dynamic_search/searches/{handle}
- GET /dynamic_search/searches/{handle}/results
- play_arrow GUI_app_framework Endpoints
- play_arrow GUI_app_framework Endpoints
- GET /gui_app_framework/application_creation_task
- POST /gui_app_framework/application_creation_task
- GET /gui_app_framework/application_creation_task/{application_id}
- POST /gui_app_framework/application_creation_task/{application_id}
- GET /gui_app_framework/application_creation_task/{application_id}/auth
- POST /gui_app_framework/application_creation_task/{application_id}/auth
- GET /gui_app_framework/application_definitions
- POST /gui_app_framework/application_definitions
- DELETE /gui_app_framework/application_definitions/{application_definition_id}
- GET /gui_app_framework/application_definitions/{application_definition_id}
- POST /gui_app_framework/application_definitions/{application_definition_id}
- PUT /gui_app_framework/application_definitions/{application_definition_id}
- GET /gui_app_framework/application_definitions/{application_definition_id}/user_role_id
- DELETE /gui_app_framework/application_definitions/{application_definition_id}/user_role_id/{user_role_id}
- POST /gui_app_framework/application_definitions/{application_definition_id}/user_role_id/{user_role_id}
- GET /gui_app_framework/applications
- POST /gui_app_framework/applications
- DELETE /gui_app_framework/applications/{application_id}
- GET /gui_app_framework/applications/{application_id}
- POST /gui_app_framework/applications/{application_id}
- PUT /gui_app_framework/applications/{application_id}
- GET /gui_app_framework/applications/{application_id}/host_type
- GET /gui_app_framework/named_services
- GET /gui_app_framework/named_services/{uuid}
- play_arrow Health Endpoints
- play_arrow Health Endpoints
- GET /health/metrics/qradar_metrics
- GET /health/metrics/qradar_metrics/{id}
- POST /health/metrics/qradar_metrics/{id}
- POST /health/metrics/qradar_metrics_global_config
- GET /health/metrics/system_metrics
- GET /health/metrics/system_metrics/{id}
- POST /health/metrics/system_metrics/{id}
- POST /health/metrics/system_metrics_global_config
- play_arrow Health_data Endpoints
- play_arrow Help Endpoints
- play_arrow QNI Endpoints
- play_arrow JSA Risk Manager Endpoints
- play_arrow JSA Risk Manager Endpoints
- GET /qrm/model_groups
- DELETE /qrm/model_groups/{group_id}
- GET /qrm/model_groups/{group_id}
- POST /qrm/model_groups/{group_id}
- GET /qrm/qrm_saved_search_groups
- DELETE /qrm/qrm_saved_search_groups/{group_id}
- GET /qrm/qrm_saved_search_groups/{group_id}
- POST /qrm/qrm_saved_search_groups/{group_id}
- GET /qrm/question_groups
- DELETE /qrm/question_groups/{group_id}
- GET /qrm/question_groups/{group_id}
- POST /qrm/question_groups/{group_id}
- GET /qrm/simulation_groups
- DELETE /qrm/simulation_groups/{group_id}
- GET /qrm/simulation_groups/{group_id}
- POST /qrm/simulation_groups/{group_id}
- GET /qrm/topology_saved_search_groups
- DELETE /qrm/topology_saved_search_groups/{group_id}
- GET /qrm/topology_saved_search_groups/{group_id}
- POST /qrm/topology_saved_search_groups/{group_id}
- play_arrow JSA Vulnerability Manager Endpoints
- play_arrow JSA Vulnerability Manager Endpoints
- GET /qvm/assets
- GET /qvm/filters
- GET /qvm/network
- GET /qvm/openservices
- GET /qvm/saved_search_groups
- DELETE /qvm/saved_search_groups/{group_id}
- GET /qvm/saved_search_groups/{group_id}
- POST /qvm/saved_search_groups/{group_id}
- GET /qvm/saved_searches
- DELETE /qvm/saved_searches/{saved_search_id}
- GET /qvm/saved_searches/{saved_search_id}
- POST /qvm/saved_searches/{saved_search_id}
- GET /qvm/saved_searches/{saved_search_id}/vuln_instances
- GET /qvm/saved_searches/vuln_instances/{task_id}/results/assets
- GET /qvm/saved_searches/vuln_instances/{task_id}/results/vuln_instances
- GET /qvm/saved_searches/vuln_instances/{task_id}/results/vulnerabilities
- GET /qvm/saved_searches/vuln_instances/{task_id}/status
- POST /qvm/saved_searches/vuln_instances/{task_id}/status
- POST /qvm/tickets/assign
- GET /qvm/vulns
- play_arrow Reference_data Endpoints
- play_arrow Reference_data Endpoints
- GET /reference_data/map_delete_tasks/{task_id}
- GET /reference_data/map_dependent_tasks/{task_id}
- POST /reference_data/map_dependent_tasks/{task_id}
- GET /reference_data/map_dependent_tasks/{task_id}/results
- GET /reference_data/map_of_sets
- POST /reference_data/map_of_sets
- POST /reference_data/map_of_sets/bulk_load/{name}
- POST /reference_data/map_of_sets/bulk_load/{namespace}/{name}/{domain_id}
- DELETE /reference_data/map_of_sets/{name}
- GET /reference_data/map_of_sets/{name}
- POST /reference_data/map_of_sets/{name}
- GET /reference_data/map_of_sets/{name}/dependents
- DELETE /reference_data/map_of_sets/{name}/{key}
- GET /reference_data/map_of_sets_delete_tasks/{task_id}
- GET /reference_data/map_of_sets_dependent_tasks/{task_id}
- POST /reference_data/map_of_sets_dependent_tasks/{task_id}
- GET /reference_data/map_of_sets_dependent_tasks/{task_id}/results
- GET /reference_data/maps
- POST /reference_data/maps
- POST /reference_data/maps/bulk_load/{name}
- POST /reference_data/maps/bulk_load/{namespace}/{name}/{domain_id}
- DELETE /reference_data/maps/{name}
- GET /reference_data/maps/{name}
- POST /reference_data/maps/{name}
- GET /reference_data/maps/{name}/dependents
- DELETE /reference_data/maps/{name}/{key}
- GET /reference_data/sets
- POST /reference_data/sets
- POST /reference_data/sets/bulk_load/{namespace}/{name}/{domain_id}
- DELETE /reference_data/sets/{name}
- GET /reference_data/sets/{name}
- POST /reference_data/sets/{name}
- DELETE /reference_data/sets/{name}/{value}
- GET /reference_data/tables
- POST /reference_data/tables
- POST /reference_data/tables/bulk_load/{name}
- POST /reference_data/tables/bulk_load/{namespace}/{name}/{domain_id}
- DELETE /reference_data/tables/{name}
- GET /reference_data/tables/{name}
- POST /reference_data/tables/{name}
- GET /reference_data/tables/{name}/dependents
- DELETE /reference_data/tables/{name}/{outer_key}/{inner_key}
- GET /reference_data/tables_delete_tasks/{task_id}
- GET /reference_data/tables_dependent_tasks/{task_id}
- POST /reference_data/tables_dependent_tasks/{task_id}
- GET /reference_data/tables_dependent_tasks/{task_id}/results
- play_arrow Reference_data_collections Endpoints
- play_arrow Reference_data_collections Endpoints
- GET /reference_data_collections/set_bulk_update_tasks/{task_status_id}
- GET /reference_data_collections/set_bulk_update_tasks/{task_status_id}/results
- GET /reference_data_collections/set_delete_tasks/{task_status_id}
- GET /reference_data_collections/set_dependents_tasks/{task_status_id}
- POST /reference_data_collections/set_dependents_tasks/{task_status_id}
- GET /reference_data_collections/set_dependents_tasks/{task_status_id}/results
- GET /reference_data_collections/set_entries
- PATCH /reference_data_collections/set_entries
- POST /reference_data_collections/set_entries
- DELETE /reference_data_collections/set_entries/{id}
- GET /reference_data_collections/set_entries/{id}
- POST /reference_data_collections/set_entries/{id}
- GET /reference_data_collections/sets
- POST /reference_data_collections/sets
- DELETE /reference_data_collections/sets/{id}
- GET /reference_data_collections/sets/{id}
- POST /reference_data_collections/sets/{id}
- GET /reference_data_collections/sets/{id}/dependents
- play_arrow Scanner Endpoints
- play_arrow Scanner Endpoints
- GET /scanner/profiles
- POST /scanner/profiles/create
- POST /scanner/profiles/start
- GET /scanner/scanprofiles
- POST /scanner/scanprofiles
- DELETE /scanner/scanprofiles/{profileid}
- GET /scanner/scanprofiles/{profileid}
- POST /scanner/scanprofiles/{profileid}
- GET /scanner/scanprofiles/{profileid}/runs
- GET /scanner/scanprofiles/{profileid}/runs/{run_id}
- GET /scanner/scanprofiles/{profileid}/runs/{run_id}/results
- POST /scanner/scanprofiles/{profileid}/start
- play_arrow Services Endpoints
- play_arrow Services Endpoints
- POST /services/dig_lookups
- GET /services/dig_lookups/{dig_lookup_id}
- POST /services/dns_lookups
- GET /services/dns_lookups/{dns_lookup_id}
- GET /services/geolocations
- POST /services/port_scans
- GET /services/port_scans/{port_scan_id}
- POST /services/whois_lookups
- GET /services/whois_lookups/{whois_lookup_id}
- play_arrow Staged_config Endpoints
- play_arrow Staged_config Endpoints
- GET /staged_config/access/security_profiles
- GET /staged_config/access/security_profiles/{id}
- GET /staged_config/access/user_delete_tasks/{task_id}
- GET /staged_config/access/user_roles
- GET /staged_config/access/user_roles/{id}
- GET /staged_config/access/users
- POST /staged_config/access/users
- DELETE /staged_config/access/users/{id}
- GET /staged_config/access/users/{id}
- POST /staged_config/access/users/{id}
- GET /staged_config/backup_and_restore/scheduled_backup_configurations
- GET /staged_config/backup_and_restore/scheduled_backup_configurations/{id}
- POST /staged_config/backup_and_restore/scheduled_backup_configurations/{id}
- GET /staged_config/certificates/certificate_signing_request
- POST /staged_config/certificates/certificate_signing_request
- DELETE /staged_config/certificates/certificate_signing_request/{id}
- GET /staged_config/certificates/certificate_signing_request/{id}
- GET /staged_config/certificates/end_certificates
- POST /staged_config/certificates/end_certificates
- DELETE /staged_config/certificates/end_certificates/{id}
- GET /staged_config/certificates/end_certificates/{id}
- POST /staged_config/certificates/end_certificates/{id}
- GET /staged_config/certificates/root_certificates
- POST /staged_config/certificates/root_certificates
- DELETE /staged_config/certificates/root_certificates/{id}
- GET /staged_config/certificates/root_certificates/{id}
- GET /staged_config/deploy_status
- POST /staged_config/deploy_status
- GET /staged_config/deployment/hosts
- GET /staged_config/deployment/hosts/{id}
- GET /staged_config/deployment/hosts/{id}/tunnels
- POST /staged_config/deployment/hosts/{id}/tunnels/{name}
- GET /staged_config/flow/applications/active_applications
- POST /staged_config/flow/applications/active_applications
- DELETE /staged_config/flow/applications/active_applications/{id}
- GET /staged_config/flow/applications/active_applications/{id}
- POST /staged_config/flow/applications/active_applications/{id}
- GET /staged_config/remote_networks
- POST /staged_config/remote_networks
- DELETE /staged_config/remote_networks/{network_id}
- GET /staged_config/remote_networks/{network_id}
- POST /staged_config/remote_networks/{network_id}
- GET /staged_config/remote_services
- POST /staged_config/remote_services
- DELETE /staged_config/remote_services/{service_id}
- GET /staged_config/remote_services/{service_id}
- POST /staged_config/remote_services/{service_id}
- DELETE /staged_config/yara_rules
- PUT /staged_config/yara_rules
- play_arrow System Endpoints
- play_arrow System Endpoints
- GET /system/about
- GET /system/authorization/password_policies
- GET /system/authorization/password_policies/{id}
- POST /system/authorization/password_policies/{id}
- POST /system/authorization/password_validators
- GET /system/authorization/settings
- POST /system/authorization/settings
- GET /system/email_servers
- POST /system/email_servers
- DELETE /system/email_servers/{email_server_id}
- GET /system/email_servers/{email_server_id}
- POST /system/email_servers/{email_server_id}
- GET /system/eula_acceptances
- GET /system/eula_acceptances/{id}
- POST /system/eula_acceptances/{id}
- GET /system/eulas
- GET /system/information/encodings
- GET /system/information/locales
- POST /system/server_connection_validator
- GET /system/servers
- GET /system/servers/{server_id}
- POST /system/servers/{server_id}
- GET /system/servers/{server_id}/firewall_rules
- PUT /system/servers/{server_id}/firewall_rules
- GET /system/servers/{server_id}/network_interfaces/bonded
- POST /system/servers/{server_id}/network_interfaces/bonded
- DELETE /system/servers/{server_id}/network_interfaces/bonded/{device_name}
- POST /system/servers/{server_id}/network_interfaces/bonded/{device_name}
- GET /system/servers/{server_id}/network_interfaces/ethernet
- POST /system/servers/{server_id}/network_interfaces/ethernet/{device_name}
- GET /system/servers/{server_id}/system_time_settings
- POST /system/servers/{server_id}/system_time_settings
- GET /system/servers/{server_id}/timezones
ON THIS PAGE
GET /siem/offenses
SUMMARY Retrieve a list of offenses currently in the system.
Retrieve a list of offenses currently in the system.
MIME Type |
---|
application/json |
Parameter | Type | Optionality | Data Type | MIME Type | Description |
---|---|---|---|---|---|
Range | header | Optional | String | text/plain | Optional - Use this parameter to restrict the number of elements that are returned in the list to a specified range. The list is indexed starting at zero. |
fields | query | Optional | String | text/plain | Optional - Use this parameter to specify which fields you would like to get back in the response. Fields that are not named are excluded. Specify subfields in brackets and multiple fields in the same object are separated by commas. |
filter | query | Optional | String | text/plain | Optional - This parameter is used to restrict the elements in a list base on the contents of various fields. |
sort | query | Optional | String | text/plain | Optional - This parameter is used to sort the elements in a list. |
HTTP Response Code | Unique Code | Description |
---|---|---|
200 | The offense list was retrieved. | |
422 | 1005 | A request parameter is not valid. |
422 | 1030 | The sort field or order is not valid |
422 | 1010 | The filter parameter is not valid. |
500 | 1020 | An error occurred while the offense list was being retrieved. |
Response Description
- id - Number - The ID of the offense. (Filterable. Sortable.)
- description - String - The description of the offense.
- assigned_to - String - The user the offense is assigned to. (Filterable. Sortable.)
- categories - Array of strings - Event categories that are associated with the offense. (Filterable. Sortable.)
- category_count - Number - The number of event categories that are associated with the offense. (Filterable. Sortable.)
- policy_category_count - Number - The number of policy event categories that are associated with the offense. (Filterable. Sortable.)
- security_category_count - Number - The number of security event categories that are associated with the offense. (Filterable. Sortable.)
- close_time - Number - The number of milliseconds since epoch when the offense was closed. (Filterable. Sortable.)
- closing_user - String - The user that closed the offense. (Filterable. Sortable.)
- closing_reason_id - Number - The ID of the offense closing reason. The reason the offense was closed. (Filterable. Sortable.)
- credibility - Number - The credibility of the offense. (Filterable. Sortable.)
- relevance - Number - The relevance of the offense. (Filterable. Sortable.)
- severity - Number - The severity of the offense. (Filterable. Sortable.)
- magnitude - Number - The magnitude of the offense. (Filterable. Sortable.)
- destination_networks - Array of strings - The destination networks that are associated with the offense. (Filterable.)
- source_network - String - The source network that is associated with the offense.
- device_count - Number - The number of devices that are associated with the offense. (Filterable. Sortable.)
- event_count - Number - The number of events that are associated with the offense. (Filterable. Sortable.)
- flow_count - Number - The number of flows that are associated with the offense. (Filterable. Sortable.)
- inactive - Boolean - True if the offense is inactive. (Filterable. Sortable.)
- last_updated_time - Number - The number of milliseconds since epoch when the last event contributing to the offense was seen. (Filterable. Sortable.)
- local_destination_count - Number - The number of local destinations that are associated with the offense. (Filterable.)
- offense_source - String - The source of the offense. (Sortable.)
- offense_type - Number - A number that represents the offense type. Use GET /siem/offense_types to retrieve the list. (Filterable. Sortable.)
- protected - Boolean - True if the offense is protected. (Filterable. Sortable.)
- follow_up - Boolean - True if the offense is marked for follow up. (Filterable. Sortable.)
- remote_destination_count - Number - The number of remote destinations that are associated wit the offense. (Filterable. Sortable.)
- source_count - Number - The number of sources that are associated with the offense. (Filterable.)
- start_time - Number - The number of milliseconds since epoch when the offense was started. (Filterable. Sortable.)
- status - String - The status of the offense. One of "OPEN", "HIDDEN", or "CLOSED". (Filterable, but the following operators are not supported: <, >, <=, >=, BETWEEN. Sortable.)
- username_count - Number - The number of usernames that are associated with the offense. (Filterable. Sortable.)
- source_address_ids - Array of numbers -The source address IDs that are associated with the offense. (Filterable.)
- local_destination_address_ids - Array of numbers - The local destination address IDs that are associated with the offense. (Filterable.)
- domain_id - Number - Optional. ID of associated domain if the offense is associated with a single domain. (Filterable.)
- last_persisted_time - Number - The number of milliseconds since epoch when an offense field was last updated. (Filterable. Sortable.)
- first_persisted_time - Number - The number of milliseconds since epoch at the time when the offense was created. (Filterable. Sortable.)
- rules - Array - An array of rules that contributed to the offense (Filterable.):
- id - Long - The id of the rule.
- type - String - The type of rule. One of "ADE_RULE", "BUILDING_BLOCK_RULE", or "CRE_RULE".
- log_sources - Array - An array of log sources contributed to the offense (Filterable.):
- id - Long - The id of the log source.
- name - String - The name of the log source.
- type_id - Long - The id of the log source type.
- type_name - String - The name of the log source type.
Response Sample
[{"last_persisted_time": 42, "username_count": 42, "description": "String", "rules": [{"id": 42, "type": "String <one of: ADE_RULE, BUILDING_BLOCK_RULE, CRE_RULE>"}], "event_count": 42, "flow_count": 42, "assigned_to": "String", "security_category_count": 42, "follow_up": true, "source_address_ids": [42], "source_count": 42, "inactive": true, "protected": true, "category_count": 42, "source_network": "String", "destination_networks": ["String"], "closing_user": "String", "close_time": 42, "remote_destination_count": 42, "start_time": 42, "last_updated_time": 42, "credibility": 42, "magnitude": 42, "id": 42, "categories": ["String"], "severity": 42, "log_sources": [{"type_name": "String", "type_id": 42, "name": "String", "id": 42}], "policy_category_count": 42, "device_count": 42, "closing_reason_id": 42, "first_persisted_time": 42, "offense_type": 42, "relevance": 42, "domain_id": 42, "offense_source": "String", "local_destination_address_ids": [42], "local_destination_count": 42, "status": "String <one of: OPEN, HIDDEN, CLOSED>"}]