Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 

Configuration Endpoints

 

Use the references for REST API V8.0 configuration endpoints.

GET /config/access/tenant_management/tenants

Retrieve the list of all tenants ordered by tenant ID.

Table 1: GET /config/access/tenant_management/tenants Resource Details

MIME Type

application/json

Table 2: GET /config/access/tenant_management/tenants Request Parameter Details

Parameter

Type

Optionality

Data Type

MIME Type

Description

Range

header

Optional

String

text/plain

Optional - Use this parameter to restrict the number of elements that are returned in the list to a specified range. The list is indexed starting at zero.

fields

query

Optional

String

text/plain

Optional - Use this parameter to specify which fields you would like to get back in the response. Fields that are not named are excluded. Specify subfields in brackets and multiple fields in the same object are separated by commas.

filter

query

Optional

String

text/plain

Optional - This parameter is used to restrict the elements in a list base on the contents of various fields.

Table 3: GET /config/access/tenant_management/tenants Response Codes

HTTP Response Code

Unique Code

Description

200

 

The tenant list was successfully retrieved.

500

1020

An error occurred while the tenant list was being retrieved.

Response Description

a list of all the tenants

Response Sample

[ { "deleted": true, "description": "String", "event_rate_limit": 42, "flow_rate_limit": 42, "id": 42, "name": "String" } ]

POST /config/access/tenant_management/tenants

Create a new tenant.

Table 4: POST /config/access/tenant_management/tenants Resource Details

MIME Type

application/json

Table 5: POST /config/access/tenant_management/tenants Request Parameter Details

Parameter

Type

Optionality

Data Type

MIME Type

Description

fields

header

Optional

String

text/plain

Optional - Use this parameter to specify which fields you would like to get back in the response. Fields that are not named are excluded. Specify subfields in brackets and multiple fields in the same object are separated by commas.

Table 6: POST /config/access/tenant_management/tenants Request Body Details

Parameter

Data Type

MIME Type

Description

Sample

tenant

Object

application/json

Required - Tenant - includes name, event_rate_limit (unit eps), flow_rate_limit (unit fpm) and description

{ "deleted": true, "description": "String", "event_rate_limit": 42, "flow_rate_limit": 42, "name": "String" }

Table 7: POST /config/access/tenant_management/tenants Response Codes

HTTP Response Code

Unique Code

Description

201

 

A new tenant was created successfully and returned the new tenant object.

409

1004

A tenant with the given name already exists.

422

1005

A request parameter is invalid.

500

1020

Failed to create the tenant.

Response Description

a created tenant object

Response Sample

{ "deleted": true, "description": "String", "event_rate_limit": 42, "flow_rate_limit": 42, "id": 42, "name": "String" }

GET /config/access/tenant_management/tenants/{tenant_id}

Retrieve a tenant by tenant id.

Table 8: GET /config/access/tenant_management/tenants/{tenant_id} Resource Details

MIME Type

application/json

Table 9: GET /config/access/tenant_management/tenants/{tenant_id} Request Parameter Details

Parameter

Type

Optionality

Data Type

MIME Type

Description

tenant_id

path

Required

Number (Integer)

text/plain

null

fields

query

Optional

String

text/plain

Optional - Use this parameter to specify which fields you would like to get back in the response. Fields that are not named are excluded. Specify subfields in brackets and multiple fields in the same object are separated by commas.

Table 10: GET /config/access/tenant_management/tenants/{tenant_id} Response Codes

HTTP Response Code

Unique Code

Description

200

 

The tenant was successfully retrieved.

404

1002

No tenant was found for the provided tenant id.

500

1020

An error occurred while the tenant was being retrieved.

Response Description

the associated tenants object

Response Sample

{ "deleted": true, "description": "String", "event_rate_limit": 42, "flow_rate_limit": 42, "id": 42, "name": "String" }

POST /config/access/tenant_management/tenants/{tenant_id}

Update a tenant

Table 11: POST /config/access/tenant_management/tenants/{tenant_id} Resource Details

MIME Type

application/json

Table 12: POST /config/access/tenant_management/tenants/{tenant_id} Request Parameter Details

Parameter

Type

Optionality

Data Type

MIME Type

Description

tenant_id

path

Required

Number (Integer)

text/plain

Required - Integer - the tenant id to modify

fields

header

Optional

String

text/plain

Optional - Use this parameter to specify which fields you would like to get back in the response. Fields that are not named are excluded. Specify subfields in brackets and multiple fields in the same object are separated by commas.

Table 13: POST /config/access/tenant_management/tenants/{tenant_id} Request Body Details

Parameter

Data Type

MIME Type

Description

Sample

tenant

Object

application/json

Required - Tenant - includes name, event_rate_limit (unit eps), flow_rate_limit (unit fpm) and description

{ "deleted": true, "description": "String", "event_rate_limit": 42, "flow_rate_limit": 42, "name": "String" }

Table 14: POST /config/access/tenant_management/tenants/{tenant_id} Response Codes

HTTP Response Code

Unique Code

Description

200

 

A tenant profile that was updated successfully and returned the updated tenant object.

404

1002

The tenant profile does not exist.

409

1004

A tenant with the given name already exists.

422

1005

A request parameter is invalid.

500

1020

Failed to retrieve/update the given tenant profile.

Response Description

The updated tenant object.

Response Sample

{ "deleted": true, "description": "String", "event_rate_limit": 42, "flow_rate_limit": 42, "id": 42, "name": "String" }

DELETE /config/access/tenant_management/tenants/{tenant_id}

Deletes a tenant by tenant ID.

Table 15: DELETE /config/access/tenant_management/tenants/{tenant_id} Resource Details

MIME Type

application/json

Table 16: DELETE /config/access/tenant_management/tenants/{tenant_id} Request Parameter Details

Parameter

Type

Optionality

Data Type

MIME Type

Description

tenant_id

path

Required

Number (Integer)

text/plain

Required - String - id associated to a tenant

Table 17: DELETE /config/access/tenant_management/tenants/{tenant_id} Response Codes

HTTP Response Code

Unique Code

Description

200

 

The tenant was deleted successfully (soft delete).

404

1002

The tenant does not exists.

500

1020

An error occurred while deleting tenant.

Response Description

the deleted tenant object with its parameter deleted set to true

Response Sample

{ "deleted": true, "description": "String", "event_rate_limit": 42, "flow_rate_limit": 42, "id": 42, "name": "String" }

GET /config/deployment/hosts

Retrieves a list of all deployed hosts.

Table 18: GET /config/deployment/hosts Resource Details

MIME Type

application/json

Table 19: GET /config/deployment/hosts Request Parameter Details

Parameter

Type

Optionality

Data Type

MIME Type

Description

fields

query

Optional

String

text/plain

Optional - Use this parameter to specify which fields you would like to get back in the response. Fields that are not named are excluded. Specify subfields in brackets and multiple fields in the same object are separated by commas.

Range

header

Optional

String

text/plain

Optional - Use this parameter to restrict the number of elements that are returned in the list to a specified range. The list is indexed starting at zero.

filter

query

Optional

String

text/plain

Optional - This parameter is used to restrict the elements in a list base on the contents of various fields.

Table 20: GET /config/deployment/hosts Response Codes

HTTP Response Code

Unique Code

Description

200

 

The host list was successfully retrieved.

500

1001

An error occurred during the attempt to retrieve the host list.

Response Description

A list of all the hosts. Each Host object has the following fields:

  • id - The ID of this managed host.

  • hostname - The host name of this managed host.

  • private_ip - The private IP of this managed host.

  • public_ip - The public IP of this managed host.

  • appliance - An object that represents the appliance type ID and description of this managed host.

  • version - The installed version on this managed host.

  • status - The status of this managed host.

  • eps_rate_hardware_limit - The upper limit for eps_allocation based on hardware constraints for this managed host.

  • eps_allocation - The allocated eps rate of this managed host.

  • average_eps - The average eps rate of this managed host over the previous month.

  • peak_eps - The peak eps rate that was experienced by this managed host over the previous month.

  • fpm_rate_hardware_limit - The upper limit for fpm_allocation based on hardware constraints for this managed host

  • fpm_allocation - The allocated fpm rate of this managed host.

  • average_fpm - The average fpm rate of this managed host over the previous month.

  • peak_fpm - The peak fpm rate that was experienced by this managed host over the previous month.

  • primary_server_id - The ID for the primary server host for this managed host.

  • secondary_server_id - If configured, the ID for the secondary server host for this managed host.

  • license_serial_number - The serial number that is associated with this managed host's license.

  • components - A list of components that are associated with this managed host.

  • compression_enabled - Whether or not compression is enabled for this managed host.

  • encryption_enabled - Whether or not encryption is enabled for this managed host.

Response Sample

[ { "appliance": { "id": "String", "type": "String" }, "average_eps": 42, "average_fpm": 42, "components": [ "String <one of: eventcollector, eventprocessor, dataNode, magistrate, ariel_query_server, ariel_proxy_server, vis, assetprofiler, qflow, hostcontext, tunnel, setuptunnel, ecs-ec, ecs-ep, resolveragent, resolver_manager, offsiteSource, offsiteTarget, accumulator, offline_forwarder, qvm, qvmprocessor, qvmscanner, qvmhostedscanner, qvmsiteprotector, arc_builder, tomcat-rm, ziptie-server, qrm, asset_change_publisher, forensicsnode, forensics_realtime, masterdaemon>" ], "compression_enabled": true, "encryption_enabled": true, "eps_allocation": 42, "eps_rate_hardware_limit": 42, "fpm_allocation": 42, "fpm_rate_hardware_limit": 42, "hostname": "String", "id": 42, "license_serial_number": "String", "peak_eps": 42, "peak_fpm": 42, "primary_server_id": 42, "private_ip": "String", "public_ip": "String", "secondary_server_id": 42, "status": "String <one of: Active, ADDING, Deleted, Deleting, ADD_FAILED, New, ADD_FAILED_VERSION_CHECK, ADD_FAILED_DEPLOY_IN_PROGRESS, ADD_FAILED_RETRY_CONNECTION, ADD_FAILED_HA, ADD_FAILED_CHECK_LOGS>", "version": "String" } ]

GET /config/deployment/hosts/{id}

Retrieves a deployed host by ID.

Table 21: GET /config/deployment/hosts/{id} Resource Details

MIME Type

application/json

Table 22: GET /config/deployment/hosts/{id} Request Parameter Details

Parameter

Type

Optionality

Data Type

MIME Type

Description

id

path

Required

Number (Integer)

text/plain

Required - The ID of the deployed host to be retrieved.

fields

query

Optional

String

text/plain

Optional - Use this parameter to specify which fields you would like to get back in the response. Fields that are not named are excluded. Specify subfields in brackets and multiple fields in the same object are separated by commas.

Table 23: GET /config/deployment/hosts/{id} Response Codes

HTTP Response Code

Unique Code

Description

200

 

The host was successfully retrieved.

404

1002

No such host is deployed for the given ID

422

1003

The provided ID was a negative number or zero.

500

1004

An error occurred during the retrieval of the host.

Response Description

The associated deployed host object. The Host object has the following fields:

  • id - The ID of this managed host.

  • hostname - The host name of this managed host.

  • private_ip - The private IP of this managed host.

  • public_ip - The public IP of this managed host.

  • appliance - An object that represents the appliance type ID and description of this managed host.

  • version - The installed version on this managed host.

  • status - The status of this managed host.

  • eps_rate_hardware_limit - The upper limit for eps_allocation based on hardware constraints for this managed host.

  • eps_allocation - The allocated eps rate of this managed host.

  • average_eps - The average eps rate of this managed host over the previous month.

  • peak_eps - The peak eps rate that was experienced by this managed host over the previous month.

  • fpm_rate_hardware_limit - The upper limit for fpm_allocation based on hardware constraints for this managed host.

  • fpm_allocation - The allocated fpm rate of this managed host.

  • average_fpm - The average fpm rate of this managed host over the previous month.

  • peak_fpm - The peak fpm rate that was experienced by this managed host over the previous month.

  • primary_server_id - The ID for the primary server host for this managed host.

  • secondary_server_id - If configured, the ID for the secondary server host for this managed host.

  • license_serial_number - The serial number that is associated with this managed host's license.

  • components - A list of components that are associated with this managed host.

  • compression_enabled - Whether or not compression is enabled for this managed host.

  • encryption_enabled - Whether or not encryption is enabled for this managed host.

Response Sample

[ { "appliance": { "id": "String", "type": "String" }, "average_eps": 42, "average_fpm": 42, "components": [ "String <one of: eventcollector, eventprocessor, dataNode, magistrate, ariel_query_server, ariel_proxy_server, vis, assetprofiler, qflow, hostcontext, tunnel, setuptunnel, ecs-ec, ecs-ep, resolveragent, resolver_manager, offsiteSource, offsiteTarget, accumulator, offline_forwarder, qvm, qvmprocessor, qvmscanner, qvmhostedscanner, qvmsiteprotector, arc_builder, tomcat-rm, ziptie-server, qrm, asset_change_publisher, forensicsnode, forensics_realtime, masterdaemon>" ], "compression_enabled": true, "encryption_enabled": true, "eps_allocation": 42, "eps_rate_hardware_limit": 42, "fpm_allocation": 42, "fpm_rate_hardware_limit": 42, "hostname": "String", "id": 42, "license_serial_number": "String", "peak_eps": 42, "peak_fpm": 42, "primary_server_id": 42, "private_ip": "String", "public_ip": "String", "secondary_server_id": 42, "status": "String <one of: Active, ADDING, Deleted, Deleting, ADD_FAILED, New, ADD_FAILED_VERSION_CHECK, ADD_FAILED_DEPLOY_IN_PROGRESS, ADD_FAILED_RETRY_CONNECTION, ADD_FAILED_HA, ADD_FAILED_CHECK_LOGS>", "version": "String" } ]

POST /config/deployment/hosts/{id}

Updates a host by ID and sends a JMS message to update the pipeline.

Table 24: POST /config/deployment/hosts/{id} Resource Details

MIME Type

application/json

Table 25: POST /config/deployment/hosts/{id} Request Parameter Details

Parameter

Type

Optionality

Data Type

MIME Type

Description

id

path

Required

Number (Integer)

text/plain

Required - The ID of the staged host to be updated.

fields

header

Optional

String

text/plain

Optional - Use this parameter to specify which fields you would like to get back in the response. Fields that are not named are excluded. Specify subfields in brackets and multiple fields in the same object are separated by commas.

Table 26: POST /config/deployment/hosts/{id} Request Body Details

Parameter

Data Type

MIME Type

Description

Sample

host

Object

application/json

Required - The host values to be updated. At the moment, the only writable properties are eps_allocation and fpm_allocation.

{ "appliance": { "id": "String", "type": "String" }, "average_eps": 42, "average_fpm": 42, "components": [ "String <one of: eventcollector, eventprocessor, dataNode, magistrate, ariel_query_server, ariel_proxy_server, vis, assetprofiler, qflow, hostcontext, tunnel, setuptunnel, ecs-ec, ecs-ep, resolveragent, resolver_manager, offsiteSource, offsiteTarget, accumulator, offline_forwarder, qvm, qvmprocessor, qvmscanner, qvmhostedscanner, qvmsiteprotector, arc_builder, tomcat-rm, ziptie-server, qrm, asset_change_publisher, forensicsnode, forensics_realtime, masterdaemon>" ], "compression_enabled": true, "encryption_enabled": true, "eps_allocation": 42, "eps_rate_hardware_limit": 42, "fpm_allocation": 42, "fpm_rate_hardware_limit": 42, "hostname": "String", "id": 42, "license_serial_number": "String", "peak_eps": 42, "peak_fpm": 42, "primary_server_id": 42, "private_ip": "String", "public_ip": "String", "secondary_server_id": 42, "status": "String <one of: Active, ADDING, Deleted, Deleting, ADD_FAILED, New, ADD_FAILED_VERSION_CHECK, ADD_FAILED_DEPLOY_IN_PROGRESS, ADD_FAILED_RETRY_CONNECTION, ADD_FAILED_HA, ADD_FAILED_CHECK_LOGS, ADD_FAILED_QVMPROCESSOR_ALREADY_EXISTS>", "version": "String" }

Table 27: POST /config/deployment/hosts/{id} Response Codes

HTTP Response Code

Unique Code

Description

200

 

The host was successfully updated.

404

1010

Could not find the host to update.

417

1011

EPS values are expected to be a multiple of the set EPS block. By default the block size is 500.

417

1012

FPM values are expected to be a multiple of the set FPM block. By default the block size is 10000.

417

1013

The EPS value given does not meet the minimum required EPS 200.

417

1014

The FPM value given does not meet the minimum required FPM 200.

417

1016

Can't change EPS/FPM values for a host with a serialized license.

417

1017

EPS value exceeds hardware limit.

417

1018

FPM value exceeds hardware limit.

417

1019

EPS value is greater than that available in the license pool.

417

1020

FPM value is greater than that available in the license pool.

422

1009

null

500

1021

null

Response Description

The updated host object. The host object has the following fields:

  • id - The ID of this managed host.

  • hostname - The host name of this managed host.

  • private_ip - The private IP of this managed host.

  • public_ip - The public IP of this managed host.

  • appliance - An object that represents the appliance type ID and description of this managed host.

  • version - The installed version on this managed host.

  • status - The status of this managed host.

  • eps_rate_hardware_limit - The upper limit for eps_allocation based on hardware constraints for this managed host.

  • eps_allocation - The allocated eps rate of this managed host.

  • average_eps - The average eps rate of this managed host over the previous month.

  • peak_eps - The peak eps rate that was experienced by this managed host over the previous month.

  • fpm_rate_hardware_limit - The upper limit for fpm_allocation based on hardware constraints for this managed host.

  • fpm_allocation - The allocated fpm rate of this managed host.

  • average_fpm - The average fpm rate of this managed host over the previous month.

  • peak_fpm - The peak fpm rate that was experienced by this managed host over the previous month.

  • primary_server_id - The ID for the primary server host for this managed host.

  • secondary_server_id - If configured, the ID for the secondary server host for this managed host.

  • license_serial_number - The serial number associated with this managed host's license.

  • components - A list of components that are associated with this managed host.

  • compression_enabled - Whether or not compression is enabled for this managed host.

  • encryption_enabled - Whether or not encryption is enabled for this managed host.

* @throws ServerProcessingException An unexpected exception occurred during the updating of the host.

Response Sample

[ { "appliance": { "id": "String", "type": "String" }, "average_eps": 42, "average_fpm": 42, "components": [ "String <one of: eventcollector, eventprocessor, dataNode, magistrate, ariel_query_server, ariel_proxy_server, vis, assetprofiler, qflow, hostcontext, tunnel, setuptunnel, ecs-ec, ecs-ep, resolveragent, resolver_manager, offsiteSource, offsiteTarget, accumulator, offline_forwarder, qvm, qvmprocessor, qvmscanner, qvmhostedscanner, qvmsiteprotector, arc_builder, tomcat-rm, ziptie-server, qrm, asset_change_publisher, forensicsnode, forensics_realtime, masterdaemon>" ], "compression_enabled": true, "encryption_enabled": true, "eps_allocation": 42, "eps_rate_hardware_limit": 42, "fpm_allocation": 42, "fpm_rate_hardware_limit": 42, "hostname": "String", "id": 42, "license_serial_number": "String", "peak_eps": 42, "peak_fpm": 42, "primary_server_id": 42, "private_ip": "String", "public_ip": "String", "secondary_server_id": 42, "status": "String <one of: Active, ADDING, Deleted, Deleting, ADD_FAILED, New, ADD_FAILED_VERSION_CHECK, ADD_FAILED_DEPLOY_IN_PROGRESS, ADD_FAILED_RETRY_CONNECTION, ADD_FAILED_HA, ADD_FAILED_CHECK_LOGS>", "version": "String" } ]

GET /config/deployment/license_pool

Retrieves the deployed license pool information.

Table 28: GET /config/deployment/license_pool Resource Details

MIME Type

application/json

Table 29: GET /config/deployment/license_pool Request Parameter Details

Parameter

Type

Optionality

Data Type

MIME Type

Description

fields

query

Optional

String

text/plain

Optional - Use this parameter to specify which fields you would like to get back in the response. Fields that are not named are excluded. Specify subfields in brackets and multiple fields in the same object are separated by commas.

Table 30: GET /config/deployment/license_pool Response Codes

HTTP Response Code

Unique Code

Description

200

 

The license pool was successfully retrieved.

500

1001

An error occurred during the retrieval of the license pool.

Response Description

The deployed license pool information.

  • eps(allocated) - The amount of EPS rate allocated from the pool.

  • eps(overallocated) - Whether EPS is overallocated or not in the pool.

  • eps(total) - The total EPS rate available in the pool.

  • fpm(allocated) - The amount of FPM rate allocated from the pool.

  • fpm(overallocated) - Whether FPM is overallocated or not in the pool.

  • fpm(total) - The total FPM rate available in the pool.

Response Sample

{ "eps": { "allocated": 42, "overallocated": true, "total": 42 }, "fpm": { "allocated": 42, "overallocated": true, "total": 42 } }

GET /config/domain_management/domains

Retrieves the list of all domains, active and deleted (including the default domain).

Table 31: GET /config/domain_management/domains Resource Details

MIME Type

application/json

Table 32: GET /config/domain_management/domains Request Parameter Details

Parameter

Type

Optionality

Data Type

MIME Type

Description

Range

header

Optional

String

text/plain

Optional - Use this parameter to restrict the number of elements that are returned in the list to a specified range. The list is indexed starting at zero.

fields

query

Optional

String

text/plain

Optional - Use this parameter to specify which fields you would like to get back in the response. Fields that are not named are excluded. Specify subfields in brackets and multiple fields in the same object are separated by commas.

filter

query

Optional

String

text/plain

Optional - This parameter is used to restrict the elements in a list base on the contents of various fields.

Table 33: GET /config/domain_management/domains Response Codes

HTTP Response Code

Unique Code

Description

200

 

The domain list has been successfully retrieved.

500

1020

An error occurred while the domain list was being retrieved.

Response Description

The list of domain objects.

Response Sample

[ { "asset_scanner_ids": [ 42 ], "custom_properties": [ { "capture_result": "String", "id": 42 } ], "deleted": true, "description": "String", "event_collector_ids": [ 42 ], "flow_collector_ids": [ 42 ], "flow_source_ids": [ 42 ], "id": 42, "log_source_group_ids": [ 42 ], "log_source_ids": [ 42 ], "name": "String", "qvm_scanner_ids": [ 42 ], "tenant_id": 42 } ]

POST /config/domain_management/domains

Creates a new domain.

Table 34: POST /config/domain_management/domains Resource Details

MIME Type

application/json

Table 35: POST /config/domain_management/domains Request Parameter Details

Parameter

Type

Optionality

Data Type

MIME Type

Description

fields

header

Optional

String

text/plain

Optional - Use this parameter to specify which fields you would like to get back in the response. Fields that are not named are excluded. Specify subfields in brackets and multiple fields in the same object are separated by commas.

Table 36: POST /config/domain_management/domains Request Body Details

Parameter

Data Type

MIME Type

Description

Sample

domain

Object

application/json

A domain JSON object (its id parameter is ignored).

{ "asset_scanner_ids": [42], "custom_properties": [{"capture_result": "String", "id": 42}], "deleted": true, "description": "String", "event_collector_ids": [42], "flow_collector_ids": [42], "flow_source_ids": [42], "log_source_group_ids": [42], "log_source_ids": [42], "name": "String", "qvm_scanner_ids": [42], "tenant_id": 42 }

Table 37: POST /config/domain_management/domains Response Codes

HTTP Response Code

Unique Code

Description

201

 

The domain has been successfully created.

409

1004

A domain object parameter already exists.

422

1005

A domain object parameter is invalid.

500

1020

An error occurred while the domain was being created.

Response Description

A created domain object.

Response Sample

{ "asset_scanner_ids": [ 42 ], "custom_properties": [ { "capture_result": "String", "id": 42 } ], "deleted": true, "description": "String", "event_collector_ids": [ 42 ], "flow_collector_ids": [ 42 ], "flow_source_ids": [ 42 ], "id": 42, "log_source_group_ids": [ 42 ], "log_source_ids": [ 42 ], "name": "String", "qvm_scanner_ids": [ 42 ], "tenant_id": 42 }

GET /config/domain_management/domains/{domain_id}

Retrieves a domain by domain ID.

Table 38: GET /config/domain_management/domains/{domain_id} Resource Details

MIME Type

application/json

Table 39: GET /config/domain_management/domains/{domain_id} Request Parameter Details

Parameter

Type

Optionality

Data Type

MIME Type

Description

domain_id

path

Required

Number (Integer)

text/plain

The ID of the domain object to retrieve.

fields

query

Optional

String

text/plain

Optional - Use this parameter to specify which fields you would like to get back in the response. Fields that are not named are excluded. Specify subfields in brackets and multiple fields in the same object are separated by commas.

Table 40: GET /config/domain_management/domains/{domain_id} Response Codes

HTTP Response Code

Unique Code

Description

200

 

The domain has been successfully retrieved.

404

1002

No domain was found for the provided domain id.

500

1020

An error occurred while the domain was being retrieved.

Response Description

A domain object.

Response Sample

{ "asset_scanner_ids": [ 42 ], "custom_properties": [ { "capture_result": "String", "id": 42 } ], "deleted": true, "description": "String", "event_collector_ids": [ 42 ], "flow_collector_ids": [ 42 ], "flow_source_ids": [ 42 ], "id": 42, "log_source_group_ids": [ 42 ], "log_source_ids": [ 42 ], "name": "String", "qvm_scanner_ids": [ 42 ], "tenant_id": 42 }

POST /config/domain_management/domains/{domain_id}

Updates an existing domain.

Table 41: POST /config/domain_management/domains/{domain_id} Resource Details

MIME Type

application/json

Table 42: POST /config/domain_management/domains/{domain_id} Request Parameter Details

Parameter

Type

Optionality

Data Type

MIME Type

Description

domain_id

path

Required

Number (Integer)

text/plain

The ID of the domain object to update.

fields

header

Optional

String

text/plain

Optional - Use this parameter to specify which fields you would like to get back in the response. Fields that are not named are excluded. Specify subfields in brackets and multiple fields in the same object are separated by commas.

Table 43: POST /config/domain_management/domains/{domain_id} Request Body Details

Parameter

Data Type

MIME Type

Description

Sample

domain

Object

application/json

A domain JSON object.

{ "asset_scanner_ids": [42], "custom_properties": [{"capture_result": "String", "id": 42}], "deleted": true, "description": "String", "event_collector_ids": [42], "flow_collector_ids": [42], "flow_source_ids": [42], "log_source_group_ids": [42], "log_source_ids": [42], "name": "String", "qvm_scanner_ids": [42], "tenant_id": 42 }

Table 44: POST /config/domain_management/domains/{domain_id} Response Codes

HTTP Response Code

Unique Code

Description

200

 

The domain has been successfully updated.

404

1002

No domain was found for the provided domain id.

409

1004

A domain object parameter already exists.

422

1005

A domain object parameter is invalid.

500

1020

An error occurred while the domain was being updated.

Response Description

The updated domain object.

Response Sample

{ "asset_scanner_ids": [ 42 ], "custom_properties": [ { "capture_result": "String", "id": 42 } ], "deleted": true, "description": "String", "event_collector_ids": [ 42 ], "flow_collector_ids": [ 42 ], "flow_source_ids": [ 42 ], "id": 42, "log_source_group_ids": [ 42 ], "log_source_ids": [ 42 ], "name": "String", "qvm_scanner_ids": [ 42 ], "tenant_id": 42 }

DELETE /config/domain_management/domains/{domain_id}

Deletes a domain by domain ID. All domain mappings are also deleted.

Table 45: DELETE /config/domain_management/domains/{domain_id} Resource Details

MIME Type

application/json

Table 46: DELETE /config/domain_management/domains/{domain_id} Request Parameter Details

Parameter

Type

Optionality

Data Type

MIME Type

Description

domain_id

path

Required

Number (Integer)

text/plain

The ID of the domain object to delete.

fields

query

Optional

String

text/plain

Optional - Use this parameter to specify which fields you would like to get back in the response. Fields that are not named are excluded. Specify subfields in brackets and multiple fields in the same object are separated by commas.

Table 47: DELETE /config/domain_management/domains/{domain_id} Response Codes

HTTP Response Code

Unique Code

Description

200

 

The domain has been successfully deleted.

404

1002

No domain was found for the provided domain id.

422

1005

Default domain cannot be deleted.

500

1020

An error occurred while the domain was being deleted.

Response Description

The deleted domain object with its parameter deleted set to true.

Response Sample

{ "asset_scanner_ids": [ 42 ], "custom_properties": [ { "capture_result": "String", "id": 42 } ], "deleted": true, "description": "String", "event_collector_ids": [ 42 ], "flow_collector_ids": [ 42 ], "flow_source_ids": [ 42 ], "id": 42, "log_source_group_ids": [ 42 ], "log_source_ids": [ 42 ], "name": "String", "qvm_scanner_ids": [ 42 ], "tenant_id": 42 }

GET /config/event_retention_buckets

Retrieves a list of event retention buckets.

Table 48: GET /config/event_retention_buckets Resource Details

MIME Type

application/json

Table 49: GET /config/event_retention_buckets Request Parameter Details

Parameter

Type

Optionality

Data Type

MIME Type

Description

Range

header

Optional

String

text/plain

Optional - Use this parameter to restrict the number of elements that are returned in the list to a specified range. The list is indexed starting at zero.

filter

query

Optional

String

text/plain

Optional - This parameter is used to restrict the elements in a list base on the contents of various fields.

fields

query

Optional

String

text/plain

Optional - Use this parameter to specify which fields you would like to get back in the response. Fields that are not named are excluded. Specify subfields in brackets and multiple fields in the same object are separated by commas.

Table 50: GET /config/event_retention_buckets Response Codes

HTTP Response Code

Unique Code

Description

200

 

The event retention buckets were retrieved.

422

1010

A request parameter is not valid.

500

1020

An error occurred during the attempt to retrieve the event retention buckets.

Response Description

An array of Retention Bucket objects. An Retention Bucket object contains the following fields:

  • id - Integer - The ID of the retention bucket.

  • bucket_id - Integer - The Bucket ID of the retention bucket. ( 0 - 10 )

  • priority - Integer - The priority of the retention bucket. ( 0 - 10 ).

  • name - String - The name of the retention bucket.

  • database - String - The database of the retention bucket, EVENTS or FLOWS.

  • description - String - The description of the retention bucket.

  • period - Integer - The retention period in hours.

  • delete - String - The delete protocol of the retention bucket, IMMEDIATELY or ON_DEMAND.

  • created - Long - The time in milliseconds since epoch since the retention bucket was created.

  • modified - Long - The time in milliseconds since epoch since the retention bucket was last modified.

  • saved_search_id - String - The id of the saved search used by the retention bucket.

  • enabled - Boolean - True if the retention bucket is enabled.

Response Sample

[ { "bucket_id": 42, "created": 42, "database": "String", "deletion": "String <one of: ON_DEMAND, IMMEDIATELY>", "description": "String", "enabled": true, "id": 42, "modified": 42, "name": "String", "period": 42, "priority": 42, "saved_search_id": "String" } ]

GET /config/event_retention_buckets/{id}

Retrieves an event retention bucket.

Table 51: GET /config/event_retention_buckets/{id} Resource Details

MIME Type

application/json

Table 52: GET /config/event_retention_buckets/{id} Request Parameter Details

Parameter

Type

Optionality

Data Type

MIME Type

Description

id

path

Required

Number (Integer)

text/plain

null

fields

query

Optional

String

text/plain

Optional - Use this parameter to specify which fields you would like to get back in the response. Fields that are not named are excluded. Specify subfields in brackets and multiple fields in the same object are separated by commas.

Table 53: GET /config/event_retention_buckets/{id} Response Codes

HTTP Response Code

Unique Code

Description

200

 

The event retention bucket was retrieved.

404

1002

The event retention bucket does not exist.

500

1020

An error occurred during the attempt to retrieve the event retention bucket.

Response Description

The retention bucket after it has been retrieved. An Retention Bucket object contains the following fields:

  • id - Integer - The ID of the retention bucket.

  • bucket_id - Integer - The Bucket ID of the retention bucket (0 - 10).

  • priority - Integer - The priority of the retention bucket (0 - 10).

  • name - String - The name of the retention bucket.

  • database - String - The database of the retention bucket, EVENTS or FLOWS.

  • description - String - The description of the retention bucket.

  • period - Integer - The retention period in hours.

  • delete - String - The delete protocol of the retention bucket, IMMEDIATELY or ON_DEMAND.

  • created - Long - The time in milliseconds since epoch since the retention bucket was created.

  • modified - Long - The time in milliseconds since epoch since the retention bucket was last modified.

  • saved_search_id - String - The ID of the saved search that is used by the retention bucket.

  • enabled - Boolean - True if the retention bucket is enabled.

Response Sample

{ "bucket_id": 42, "created": 42, "database": "String", "deletion": "String <one of: ON_DEMAND, IMMEDIATELY>", "description": "String", "enabled": true, "id": 42, "modified": 42, "name": "String", "period": 42, "priority": 42, "saved_search_id": "String" }

POST /config/event_retention_buckets/{id}

Updates the event retention bucket owner or enabled/disabled only.

Table 54: POST /config/event_retention_buckets/{id} Resource Details

MIME Type

application/json

Table 55: POST /config/event_retention_buckets/{id} Request Parameter Details

Parameter

Type

Optionality

Data Type

MIME Type

Description

id

path

Required

Number (Integer)

text/plain

null

fields

header

Optional

String

text/plain

Optional - Use this parameter to specify which fields you would like to get back in the response. Fields that are not named are excluded. Specify subfields in brackets and multiple fields in the same object are separated by commas.

Table 56: POST /config/event_retention_buckets/{id} Request Body Details

Parameter

Data Type

MIME Type

Description

Sample

retention_bucket

Object

application/json

null

{ "id": 1, "name": "String", "description": "String", "priority": 1, "period": 1, "deletion": "String", "created": 123123, "modified": 123123, "saved_search_id": "String", "enabled": true }

Table 57: POST /config/event_retention_buckets/{id} Response Codes

HTTP Response Code

Unique Code

Description

200

 

The event retention bucket has been updated.

404

1002

The event retention bucket does not exist.

409

1004

The provided user does not have the required capabilities to own the event retention bucket.

422

1005

A request parameter is not valid.

500

1020

An error occurred during the attempt to update the event retention bucket.

Response Description

The Retention Bucket after it is updated. A Retention Bucket object contains the following fields:

  • id - Integer - The ID of the retention bucket.

  • bucket_id - Integer - The Bucket ID of the retention bucket (0 - 10).

  • priority - Integer - The priority of the retention bucket (0 - 10).

  • name - String - The name of the retention bucket.

  • database - String - The database of the retention bucket, EVENTS or FLOWS.

  • description - String - The description of the retention bucket.

  • period - Integer - The retention period in hours.

  • delete - String - The delete protocol of the retention bucket, IMMEDIATELY or ON_DEMAND.

  • created - Long - The time in milliseconds since epoch since the retention bucket was created.

  • modified - Long - The time in milliseconds since epoch since the retention bucket was last modified.

  • saved_search_id - String - The ID of the saved search that is used by the retention bucket.

  • enabled - Boolean - True if the retention bucket is enabled.

Response Sample

{ "bucket_id": 42, "created": 42, "database": "String", "deletion": "String <one of: ON_DEMAND, IMMEDIATELY>", "description": "String", "enabled": true, "id": 42, "modified": 42, "name": "String", "period": 42, "priority": 42, "saved_search_id": "String" }

DELETE /config/event_retention_buckets/{id}

Deletes an event retention bucket.

Table 58: DELETE /config/event_retention_buckets/{id} Resource Details

MIME Type

text/plain

Table 59: DELETE /config/event_retention_buckets/{id} Request Parameter Details

Parameter

Type

Optionality

Data Type

MIME Type

Description

id

path

Required

Number (Integer)

text/plain

null

Table 60: DELETE /config/event_retention_buckets/{id} Response Codes

HTTP Response Code

Unique Code

Description

204

 

The Event Retention Bucket was deleted.

403

1009

You do not have the proper capabilities to delete the event retention bucket.

404

1002

The Event Retention Bucket does not exist.

500

1020

An error occurred during the attempt to delete the event retention bucket.

Response Description

Response Sample

GET /config/event_sources/custom_properties/property_expressions

Retrieves a list of event regex property expressions.

Table 61: GET /config/event_sources/custom_properties/property_expressions Resource Details

MIME Type

application/json

Table 62: GET /config/event_sources/custom_properties/property_expressions Request Parameter Details

Parameter

Type

Optionality

Data Type

MIME Type

Description

fields

query

Optional

String

text/plain

Optional - Use this parameter to specify which fields you would like to get back in the response. Fields that are not named are excluded. Specify subfields in brackets and multiple fields in the same object are separated by commas.

Range

header

Optional

String

text/plain

Optional - Use this parameter to restrict the number of elements that are returned in the list to a specified range. The list is indexed starting at zero.

filter

query

Optional

String

text/plain

Optional - This parameter is used to restrict the elements in a list base on the contents of various fields.

Table 63: GET /config/event_sources/custom_properties/property_expressions Response Codes

HTTP Response Code

Unique Code

Description

200

 

The requested list of event regex property expressions was retrieved.

422

1010

An error occurred while building the filter.

500

1020

An error occurred during the attempt to retrieve the list of event regex property expressions.

Response Description

A list of event regex property expressions. Each regex property expression contains the following fields:

  • id - Integer - The sequence ID of the event regex property expression.

  • identifier - String - The ID of the event regex property expression.

  • regex_property_identifier - String - The identifier of the event regex property that this expression belongs to.

  • enabled - Boolean - Flag that indicates whether this expression is enabled.

  • regex - String - The regex to extract the property from the payload.

  • capture_group - Integer - The capture group to capture.

  • payload - String - Test payload. This parameter is only used in the UI so that the user can verify their regex matches the expected payload.

  • log_source_type_id - Integer - The expression is only applied to events for this log source type.

  • log_source_id - Integer - The expression is only applied to events for this log source (more specific than type alone).

  • qid - Integer - The expression is only applied to events associated with this QID record.

  • low_level_category_id - Integer - The expression is only applied to events with this low level category.

  • username - String - The owner of the event regex property expression.

Response Sample

[ { "capture_group": 42, "creation_date": 42, "enabled": true, "id": 42, "identifier": "String", "log_source_id": 42, "log_source_type_id": 42, "low_level_category_id": 42, "modification_date": 42, "payload": "String", "qid": 42, "regex": "String", "regex_property_identifier": "String", "username": "String" } ]

POST /config/event_sources/custom_properties/property_expressions

Creates a new event regex property expression.

Table 64: POST /config/event_sources/custom_properties/property_expressions Resource Details

MIME Type

application/json

Table 65: POST /config/event_sources/custom_properties/property_expressions Request Parameter Details

Parameter

Type

Optionality

Data Type

MIME Type

Description

fields

header

Optional

String

text/plain

Optional - Use this parameter to specify which fields you would like to get back in the response. Fields that are not named are excluded. Specify subfields in brackets and multiple fields in the same object are separated by commas.

Table 66: POST /config/event_sources/custom_properties/property_expressions Request Body Details

Parameter

Data Type

MIME Type

Description

Sample

data

Object

application/json

Required - A JSON representation of the regex property expression object

  • regex_property_identifier - Required - String - The identifier of the event regex property that this expression belongs to.

  • enabled - Optional - Boolean - Flag that indicates whether this expression is enabled. It defaults to true if not provided.

  • regex - Required - String - The regex to extract the property from the payload.

  • capture_group - Optional - Integer - The capture group to capture. It defaults to 1 if not provided.

  • payload - Optional - String - Test payload. This parameter is only used in the UI so that the user can verify their regex matches the expected payload.

  • log_source_type_id - Required - Integer - The expression is only applied to events for this log source type.

  • log_source_id - Optional - Integer - The expression is only applied to events for this log source (more specific than type alone).

  • qid - Optional - Integer - The expression is only applied to events associated with this QID record.

  • low_level_category_id - Optional - Integer - The expression is only applied to events with this low level category.

{ "capture_group": 42, "creation_date": 42, "enabled": true, "id": 42, "identifier": "String", "log_source_id": 42, "log_source_type_id": 42, "low_level_category_id": 42, "modification_date": 42, "payload": "String", "qid": 42, "regex": "String", "regex_property_identifier": "String", "username": "String" }

Table 67: POST /config/event_sources/custom_properties/property_expressions Response Codes

HTTP Response Code

Unique Code

Description

201

 

A new event regex property expression was created.

422

1005

One or more request parameter are invalid in request.

500

1020

An error occurred during the attempt to create a new event regex property expression.

Response Description

The newly created event regex property expression that contains the following fields:

  • id - Integer - The sequence ID of the event regex property expression.

  • identifier - String - The ID of the event regex property expression.

  • regex_property_identifier - String - The identifier of the event regex property that this expression belongs to.

  • enabled - Boolean - Flag that indicates whether this expression is enabled.

  • regex - String - The regex to extract the property from the payload.

  • capture_group - Integer - The capture group to capture.

  • payload - String - Test payload. This parameter is only used in the UI so that the user can verify their regex matches the expected payload.

  • log_source_type_id - Integer - The expression is only applied to events for this log source type.

  • log_source_id - Integer - The expression is only applied to events for this log source (more specific than type alone).

  • qid - Integer - The expression is only applied to events associated with this QID record.

  • low_level_category_id - Integer - The expression is only applied to events with this low level category.

  • username - String - The owner of the event regex property expression.

Response Sample

{ "capture_group": 42, "creation_date": 42, "enabled": true, "id": 42, "identifier": "String", "log_source_id": 42, "log_source_type_id": 42, "low_level_category_id": 42, "modification_date": 42, "payload": "String", "qid": 42, "regex": "String", "regex_property_identifier": "String", "username": "String" }

GET /config/event_sources/custom_properties/property_expressions/{expression_id}

Retrieves an event regex property expression based on the supplied expression ID.

Table 68: GET /config/event_sources/custom_properties/property_expressions/{expression_id} Resource Details

MIME Type

application/json

Table 69: GET /config/event_sources/custom_properties/property_expressions/{expression_id} Request Parameter Details

Parameter

Type

Optionality

Data Type

MIME Type

Description

expression_id

path

Required

Number (Integer)

text/plain

Required - The Guid ID of the event_regex_property_expression.

fields

query

Optional

String

text/plain

Optional - Use this parameter to specify which fields you would like to get back in the response. Fields that are not named are excluded. Specify subfields in brackets and multiple fields in the same object are separated by commas.

Table 70: GET /config/event_sources/custom_properties/property_expressions/{expression_id} Response Codes

HTTP Response Code

Unique Code

Description

200

 

The requested event regex property expression was successfully retrieved.

404

1002

The requested event regex property expression cannot be found.

500

1020

An error occurred during the attempt to retrieve the requested event regex property expression.

Response Description

A event regex property expression that contains the following fields:

  • id - Integer - The sequence ID of the event regex property expression.

  • identifier - String - The ID of the event regex property expression.

  • regex_property_identifier - String - The identifier of the event regex property that this expression belongs to.

  • enabled - Boolean - Flag that indicates whether this expression is enabled.

  • regex - String - The regex to extract the property from the payload.

  • capture_group - Integer - The capture group to capture.

  • payload - String - Test payload. This parameter is only used in the UI so that the user can verify their regex matches the expected payload.

  • log_source_type_id - Integer - The expression is only applied to events for this log source type.

  • log_source_id - Integer - The expression is only applied to events for this log source (more specific than type alone).

  • qid - Integer - The expression is only applied to events associated with this QID record.

  • low_level_category_id - Integer - The expression is only applied to events with this low level category.

  • username - String - The owner of the event regex property expression.

Response Sample

{ "capture_group": 42, "creation_date": 42, "enabled": true, "id": 42, "identifier": "String", "log_source_id": 42, "log_source_type_id": 42, "low_level_category_id": 42, "modification_date": 42, "payload": "String", "qid": 42, "regex": "String", "regex_property_identifier": "String", "username": "String" }

POST /config/event_sources/custom_properties/property_expressions/{expression_id}

Updates an existing event regex property expression.

Table 71: POST /config/event_sources/custom_properties/property_expressions/{expression_id} Resource Details

MIME Type

application/json

Table 72: POST /config/event_sources/custom_properties/property_expressions/{expression_id} Request Parameter Details

Parameter

Type

Optionality

Data Type

MIME Type

Description

expression_id

path

Required

Number (Integer)

text/plain

Required - The sequence ID of the event regex property expression.

fields

header

Optional

String

text/plain

Optional - Use this parameter to specify which fields you would like to get back in the response. Fields that are not named are excluded. Specify subfields in brackets and multiple fields in the same object are separated by commas.

Table 73: POST /config/event_sources/custom_properties/property_expressions/{expression_id} Request Body Details

Parameter

Data Type

MIME Type

Description

Sample

data

Object

application/json

Required - A JSON representation of the event regex property expression object.

  • regex_property_identifier - Optional - String - The identifier of the event regex property that this expression belongs to.

  • enabled - Optional - Boolean - Flag that indicates whether this expression is enabled.

  • regex - Optional - String - The regex to extract the property from the payload.

  • capture_group - Optional - Integer - The capture group to capture.

  • payload - Optional - String - Test payload. This parameter is only used in the UI so that the user can verify their regex matches the expected payload.

  • log_source_type_id - Optional - Integer - The expression is only applied to events for this log source type.

  • log_source_id - Optional - Integer - The expression is only applied to events for this log source (more specific than type alone).

  • qid - Optional - Integer - The expression is only applied to events associated with this QID record.

  • low_level_category_id - Optional - Integer - The expression is only applied to events with this low level category.

  • username - Optional - String - The owner of the event regex property expression. If the input username is authorized service, the prefix "API_token: " is required.

{ "capture_group": 42, "creation_date": 42, "enabled": true, "id": 42, "identifier": "String", "log_source_id": 42, "log_source_type_id": 42, "low_level_category_id": 42, "modification_date": 42, "payload": "String", "qid": 42, "regex": "String", "regex_property_identifier": "String", "username": "String" }

Table 74: POST /config/event_sources/custom_properties/property_expressions/{expression_id} Response Codes

HTTP Response Code

Unique Code

Description

200

 

The event regex property expression was updated.

403

1009

The user cannot update the resource because it only can be updated by the owner or admin user.

404

1002

The requested event regex property expression cannot be found.

422

1005

One or more parameters are invalid in request.

500

1020

An error occurred during the attempt to update an event regex property expression.

Response Description

The updated event regex property expression object contains the following fields:

  • id - Integer - The sequence ID of the event regex property expression.

  • identifier - String - The ID of the event regex property expression.

  • regex_property_identifier - String - The ID of the event regex property that this expression belongs to.

  • enabled - Boolean - Flag that indicates whether this expression is enabled.

  • regex - String - The regex to extract the property from the payload.

  • capture_group - Integer - The capture group to capture.

  • payload - String - Test payload. This parameter is only used in the UI so that the user can verify their regex matches the expected payload.

  • log_source_type_id - Integer - The expression is only applied to events for this log source type.

  • log_source_id - Integer - The expression is only applied to events for this log source (more specific than type alone).

  • qid - Integer - The expression is only applied to events associated with this QID record.

  • low_level_category_id - Integer - The expression is only applied to events with this low level category.

  • username - String - The owner of the event regex property expression.

Response Sample

{ "capture_group": 42, "creation_date": 42, "enabled": true, "id": 42, "identifier": "String", "log_source_id": 42, "log_source_type_id": 42, "low_level_category_id": 42, "modification_date": 42, "payload": "String", "qid": 42, "regex": "String", "regex_property_identifier": "String", "username": "String" }

DELETE /config/event_sources/custom_properties/property_expressions/{expression_id}

Deletes an event regex property expression based on the supplied expression ID.

Table 75: DELETE /config/event_sources/custom_properties/property_expressions/{expression_id} Resource Details

MIME Type

text/plain

Table 76: DELETE /config/event_sources/custom_properties/property_expressions/{expression_id} Request Parameter Details

Parameter

Type

Optionality

Data Type

MIME Type

Description

expression_id

path

Required

Number (Integer)

text/plain

Required - The sequence ID of the event_regex_property_expression.

Table 77: DELETE /config/event_sources/custom_properties/property_expressions/{expression_id} Response Codes

HTTP Response Code

Unique Code

Description

204

 

The requested event regex property expression was successfully deleted.

403

1009

The user cannot delete the resource because it only can be deleted by the owner or admin user.

404

1002

The requested event regex property expression cannot be found.

500

1020

An error occurred during the attempt to delete the requested event regex property expression.

Response Description

Response Sample

GET /config/event_sources/custom_properties/regex_properties

Retrieves a list of event regex properties.

Table 78: GET /config/event_sources/custom_properties/regex_properties Resource Details

MIME Type

application/json

Table 79: GET /config/event_sources/custom_properties/regex_properties Request Parameter Details

Parameter

Type

Optionality

Data Type

MIME Type

Description

fields

query

Optional

String

text/plain

Optional - Use this parameter to specify which fields you would like to get back in the response. Fields that are not named are excluded. Specify subfields in brackets and multiple fields in the same object are separated by commas.

Range

header

Optional

String

text/plain

Optional - Use this parameter to restrict the number of elements that are returned in the list to a specified range. The list is indexed starting at zero.

filter

query

Optional

String

text/plain

Optional - This parameter is used to restrict the elements in a list base on the contents of various fields.

Table 80: GET /config/event_sources/custom_properties/regex_properties Response Codes

HTTP Response Code

Unique Code

Description

200

 

The requested list of event regex properties was retrieved.

422

1010

An error occurred while building the filter.

500

1020

An error occurred during the attempt to retrieve the list of event regex properties.

Response Description

A list of event regex properties. Each regex property contains the following fields:

  • id - Integer - The sequence ID of the event regex property.

  • identifier - String - The ID of the event regex property.

  • name - String - The name of the event regex property.

  • username - String - The owner of the event regex property.

  • description - String - The description of the event regex property.

  • property_type - String - The property type (STRING, NUMERIC, IP, PORT, TIME) of event regex property.

  • use_for_rule_engine - Boolean - The flag to indicate if the event regex property is parsed when the event is received.

  • datetime_format - String - The date/time pattern that the event regex property matches.

  • locale - String - The Language tag of what locale the Property matches.

Response Sample

[ { "creation_date": 42, "datetime_format": "String", "description": "String", "id": 42, "identifier": "String", "locale": "String", "modification_date": 42, "name": "String", "property_type": "String <one of: string, numeric, ip, port, time>", "use_for_rule_engine": true, "username": "String" } ]

POST /config/event_sources/custom_properties/regex_properties

Creates a new event regex property.

Table 81: POST /config/event_sources/custom_properties/regex_properties Resource Details

MIME Type

application/json

Table 82: POST /config/event_sources/custom_properties/regex_properties Request Parameter Details

Parameter

Type

Optionality

Data Type

MIME Type

Description

fields

header

Optional

String

text/plain

Optional - Use this parameter to specify which fields you would like to get back in the response. Fields that are not named are excluded. Specify subfields in brackets and multiple fields in the same object are separated by commas.

Table 83: POST /config/event_sources/custom_properties/regex_properties Request Body Details

Parameter

Data Type

MIME Type

Description

Sample

data

Object

application/json

Required - A JSON representation of the event regex property object.

  • name - Required - String - The name of the event regex property.

  • description - Optional - String - The description of the event regex property.

  • property_type - Required - String - The property type (string, numeric, ip, port, time) of event regex property.

  • use_for_rule_engine - Optional - Boolean - The flag to indicate if the event regex property is parsed when the event is received. It is false if no value supplied.

  • datetime_format - Optional - String - The date/time pattern that the event regex property matches.. It is required when property type is TIME.

  • locale - Optional - String - The language tag of the locale that the property matches. The locale is required when the property type is TIME.

{ "creation_date": 42, "datetime_format": "String", "description": "String", "id": 42, "identifier": "String", "locale": "String", "modification_date": 42, "name": "String", "property_type": "String <one of: string, numeric, ip, port, time>", "use_for_rule_engine": true, "username": "String" }

Table 84: POST /config/event_sources/custom_properties/regex_properties Response Codes

HTTP Response Code

Unique Code

Description

201

 

A new event regex property was created.

422

1005

One or more request parameter are invalid in the request.

500

1020

An error occurred during the attempt to create a new event regex property.

Response Description

The newly created event regex property that contains the following fields:

  • id - Integer - The sequence ID of the event regex property.

  • identifier - String - The ID of the event regex property.

  • name - String - The name of the event regex property.

  • username - String - The owner of the event regex property.

  • description - String - The description of the event regex property.

  • property_type - String - The property type (string, numeric, ip, port, time) of event regex property.

  • use_for_rule_engine - Boolean - The flag to indicate if the event regex property is parsed when the event is received.

  • datetime_format - String - The date/time pattern that the event regex property matches.

  • locale - String - The language tag of the locale that the property matches.

Response Sample

{ "creation_date": 42, "datetime_format": "String", "description": "String", "id": 42, "identifier": "String", "locale": "String", "modification_date": 42, "name": "String", "property_type": "String <one of: string, numeric, ip, port, time>", "use_for_rule_engine": true, "username": "String" }

GET /config/event_sources/custom_properties/regex_properties/{regex_property_id}

Retrieves a event regex property based on the supplied regex property ID.

Table 85: GET /config/event_sources/custom_properties/regex_properties/{regex_property_id} Resource Details

MIME Type

application/json

Table 86: GET /config/event_sources/custom_properties/regex_properties/{regex_property_id} Request Parameter Details

Parameter

Type

Optionality

Data Type

MIME Type

Description

regex_property_id

path

Required

Number (Integer)

text/plain

Required - The sequence ID of the event_regex_property.

fields

query

Optional

String

text/plain

Optional - Use this parameter to specify which fields you would like to get back in the response. Fields that are not named are excluded. Specify subfields in brackets and multiple fields in the same object are separated by commas.

Table 87: GET /config/event_sources/custom_properties/regex_properties/{regex_property_id} Response Codes

HTTP Response Code

Unique Code

Description

200

 

The requested event regex property was successfully retrieved.

404

1002

The requested event regex property cannot be found.

500

1020

An error occurred during the attempt to retrieve the requested event regex property.

Response Description

A event regex property that contains the following fields:

  • id - Integer - The sequence ID of the event regex property.

  • identifier - String - The ID of the event regex property.

  • name - String - The name of the event regex property.

  • username - String - The owner of the event regex property.

  • description - String - The description of the event regex property.

  • property_type - String - The property type (string, numeric, ip, port, time) of the event regex property.

  • use_for_rule_engine - Boolean - The flag to indicate if the event regex property is parsed when the event is received.

  • datetime_format - String - The date/time pattern that the event regex property matches.

  • locale - String - The language tag of the locale that the property matches.

Response Sample

{ "creation_date": 42, "datetime_format": "String", "description": "String", "id": 42, "identifier": "String", "locale": "String", "modification_date": 42, "name": "String", "property_type": "String <one of: string, numeric, ip, port, time>", "use_for_rule_engine": true, "username": "String" }

POST /config/event_sources/custom_properties/regex_properties/{regex_property_id}

Updates an existing event regex property.

Table 88: POST /config/event_sources/custom_properties/regex_properties/{regex_property_id} Resource Details

MIME Type

application/json

Table 89: POST /config/event_sources/custom_properties/regex_properties/{regex_property_id} Request Parameter Details

Parameter

Type

Optionality

Data Type

MIME Type

Description

regex_property_id

path

Required

Number (Integer)

text/plain

Required - The sequence ID of the event regex property.

fields

header

Optional

String

text/plain

Optional - Use this parameter to specify which fields you would like to get back in the response. Fields that are not named are excluded. Specify subfields in brackets and multiple fields in the same object are separated by commas.

Table 90: POST /config/event_sources/custom_properties/regex_properties/{regex_property_id} Request Body Details

Parameter

Data Type

MIME Type

Description

Sample

data

Object

application/json

Required - A JSON representation of the event regex property object.

  • description - Optional - String - The description of the event regex property.

  • property_type - Optional - String - The property type (string, numeric, ip, port, time) of event regex property.

  • use_for_rule_engine - Optional - Boolean - The flag to indicate if the event regex property is parsed when the event is received.

  • datetime_format - Optional - String - The date/time pattern that the event regex property matches. It is required when property type is TIME.

  • locale - Optional - String - The language tag of the locale that the property matches. The locale is required when the property type is TIME.

  • username - Optional - String - The owner of the event regex property. If the input username is authorized service, the prefix "API_token: " is required.

{ "creation_date": 42, "datetime_format": "String", "description": "String", "id": 42, "identifier": "String", "locale": "String", "modification_date": 42, "name": "String", "property_type": "String <one of: string, numeric, ip, port, time>", "use_for_rule_engine": true, "username": "String" }

Table 91: POST /config/event_sources/custom_properties/regex_properties/{regex_property_id} Response Codes

HTTP Response Code

Unique Code

Description

200

 

The event regex property was updated.

403

1009

The user cannot update the resource because it only can be updated by the owner or admin user.

404

1002

The requested event regex property cannot be found.

422

1005

One or more parameters are invalid in request.

500

1020

An error occurred during the attempt to update an event regex property.

Response Description

The updated event regex property object contains the following fields:

  • id - Integer - The sequence ID of the event regex property.

  • identifier - String - The ID of the event regex property.

  • name - String - The name of the event regex property.

  • username - String - The owner of the event regex property.

  • description - String - The description of the event regex property.

  • property_type - String - The property type (string, numeric, ip, port, time) of event regex property.

  • use_for_rule_engine - Boolean - The flag to indicate if the event regex property is parsed when the event is received.

  • datetime_format - String - The date/time pattern that the event regex property matches.

  • locale - String - The language tag of the locale the the property matches.

Response Sample

{ "creation_date": 42, "datetime_format": "String", "description": "String", "id": 42, "identifier": "String", "locale": "String", "modification_date": 42, "name": "String", "property_type": "String <one of: string, numeric, ip, port, time>", "use_for_rule_engine": true, "username": "String" }

DELETE /config/event_sources/custom_properties/regex_properties/{regex_property_id}

Deletes an event regex property. To ensure safe deletion, a dependency check is carried out. This check might take some time. An asynchronous task is started to do this check.

Table 92: DELETE /config/event_sources/custom_properties/regex_properties/{regex_property_id} Resource Details

MIME Type

application/json

Table 93: DELETE /config/event_sources/custom_properties/regex_properties/{regex_property_id} Request Parameter Details

Parameter

Type

Optionality

Data Type

MIME Type

Description

regex_property_id

path

Required

Number (Integer)

text/plain

null

fields

query

Optional

String

text/plain

Optional - Use this parameter to specify which fields you would like to get back in the response. Fields that are not named are excluded. Specify subfields in brackets and multiple fields in the same object are separated by commas.

Table 94: DELETE /config/event_sources/custom_properties/regex_properties/{regex_property_id} Response Codes

HTTP Response Code

Unique Code

Description

202

 

The event regex property delete request was accepted and is in progress.

403

1009

The user cannot delete the regex_property because it only can be deleted by the owner or admin user.

404

1002

The requested event regex property cannot be found.

500

1020

An error occurred while attempting to delete the event regex property.

Response Description

A Delete Task Status object and the location header set to the task status URL "/api/config/event_sources/custom_properties/regex_property_delete_tasks/{task_id}". A Delete Task Status object contains the following fields:

  • id - Long - The ID of the task.

  • message - String - The localized task message.

  • status - String - The current state of the task.

  • name - String - The name of the task.

  • created_by - String - The name of the user who started the task.

  • created - Long - The time in milliseconds since epoch since the task was created.

  • started - Long - The time in milliseconds since epoch since the task was started.

  • modified - Long - The time in milliseconds since epoch since the task was modified.

  • completed - Long - The time in milliseconds since epoch since the task was completed.

Response Sample

{ "completed": 42, "created": 42, "created_by": "String", "id": 42, "message": "String", "modified": 42, "name": "String", "started": 42, "status": "String <one of: CANCELLED, CANCELING, CANCEL_REQUESTED, COMPLETED, CONFLICT, EXCEPTION, INITIALIZING, INTERRUPTED, PAUSED, PROCESSING, QUEUED, RESUMING>" }

GET /config/event_sources/custom_properties/regex_properties/{regex_property_id}/dependents

Retrieves the objects that depend on the event regex property.

Table 95: GET /config/event_sources/custom_properties/regex_properties/{regex_property_id}/dependents Resource Details

MIME Type

application/json

Table 96: GET /config/event_sources/custom_properties/regex_properties/{regex_property_id}/dependents Request Parameter Details

Parameter

Type

Optionality

Data Type

MIME Type

Description

regex_property_id

path

Required

Number (Integer)

text/plain

null

fields

query

Optional

String

text/plain

Optional - Use this parameter to specify which fields you would like to get back in the response. Fields that are not named are excluded. Specify subfields in brackets and multiple fields in the same object are separated by commas.

Table 97: GET /config/event_sources/custom_properties/regex_properties/{regex_property_id}/dependents Response Codes

HTTP Response Code

Unique Code

Description

202

 

The event regex property dependents retrieval was accepted and is in progress.

404

1002

The event regex property does not exist.

500

1020

An error occurred while attempting to initiate the event regex property dependents retrieval task.

Response Description

A Dependents Task Status object and the location header set to the task status URL "/api/config/event_sources/custom_properties/regex_property_dependents_tasks/{task_id}". A Dependent Task Status object contains the following fields:

  • id - Long - The ID of the task.

  • message - String - The localized task message.

  • status - String - The current state of the task.

  • name - String - The name of the task.

  • created_by - String - The name of the user who started the task.

  • cancelled_by - String - The name of the user who requested to cancel the task.

  • created - Long - The time in milliseconds since epoch since the task was created.

  • started - Long - The time in milliseconds since epoch since the task was started.

  • modified - Long - The time in milliseconds since epoch since the task was modified.

  • completed - Long - The time in milliseconds since epoch since the task was completed.

  • number_of_dependents - Long - The number of dependents found. The value is null until the task completes.

  • maximum - Long - The maximum number of objects to check for dependency.

  • progress - Long - The number of objects that were checked for dependency.

  • task_components - Array - An array of task component objects. A task component object contains the following fields:

    • message - String - The localized sub-task status message.

    • status - String - The current state of the sub-task.

    • sub_task_type - String - The type of the sub-task

    • maximum - Long - The maximum number of objects to check for dependency.

    • progress - Long - The number of objects that were checked for dependency.

    • created - Long - The time in milliseconds since epoch since the sub-task was created.

    • started - Long - The time in milliseconds since epoch since the sub-task was started.

    • modified - Long - The time in milliseconds since epoch since the sub-task was modified.

    • completed - Long - The time in milliseconds since epoch since the sub-task was completed.

Response Sample

{ "cancelled_by": "String", "completed": 42, "created": 42, "created_by": "String", "id": 42, "maximum": 42, "message": "String", "modified": 42, "name": "String", "number_of_dependents": 42, "progress": 42, "started": 42, "status": "String <one of: CANCELLED, CANCELING, CANCEL_REQUESTED, COMPLETED, CONFLICT, EXCEPTION, INITIALIZING, INTERRUPTED, PAUSED, PROCESSING, QUEUED, RESUMING>", "task_components": [ { "completed": 42, "created": 42, "maximum": 42, "message": "String", "modified": 42, "number_of_dependents": 42, "progress": 42, "started": 42, "status": "String <one of: CANCELLED, CANCELING, CANCEL_REQUESTED, COMPLETED, CONFLICT, EXCEPTION, INITIALIZING, INTERRUPTED, PAUSED, PROCESSING, QUEUED, RESUMING>", "task_sub_type": "String <one of: FIND_DEPENDENT_ARIEL_SAVED_SEARCHES, FIND_DEPENDENT_OFFENSE_SAVED_SEARCHES, FIND_DEPENDENT_ASSET_SAVED_SEARCHES, FIND_DEPENDENT_VULNERABILITY_SAVED_SEARCHES, FIND_DEPENDENT_ADE_RULES, FIND_DEPENDENT_RULES, FIND_DEPENDENT_CALCULATED_PROPERTIES, FIND_DEPENDENT_LOG_SOURCE_GROUPS, FIND_DEPENDENT_CUSTOM_PROPERTIES, FIND_DEPENDENT_REPORTS, FIND_DEPENDENT_DASHBOARDS, FIND_DEPENDENT_STORE_AND_FORWARD_POLICIES, FIND_DEPENDENT_AUTHORIZED_SERVICES, FIND_DEPENDENT_OFFENSE_TYPES, FIND_DEPENDENT_ASSIGNED_OFFENSES, FIND_DEPENDENT_VULNERABILITIES, FIND_DEPENDENT_GROUPS, FIND_DEPENDENT_HISTORICAL_CORRELATION_PROFILES>" } ] }

GET /config/event_sources/custom_properties/regex_property_delete_tasks/{task_id}

Retrieves the event regex property delete task status.

Table 98: GET /config/event_sources/custom_properties/regex_property_delete_tasks/{task_id} Resource Details

MIME Type

application/json

Table 99: GET /config/event_sources/custom_properties/regex_property_delete_tasks/{task_id} Request Parameter Details

Parameter

Type

Optionality

Data Type

MIME Type

Description

task_id

path

Required

Number (Integer)

text/plain

null

fields

query

Optional

String

text/plain

Optional - Use this parameter to specify which fields you would like to get back in the response. Fields that are not named are excluded. Specify subfields in brackets and multiple fields in the same object are separated by commas.

Table 100: GET /config/event_sources/custom_properties/regex_property_delete_tasks/{task_id} Response Codes

HTTP Response Code

Unique Code

Description

200

 

The delete task status was retrieved.

404

1002

The requested delete task status cannot be found.

422

1005

The task ID is invalid in the request.

500

1020

An error occurred during the attempt to retrieve the delete task status.

Response Description

A Delete Task Status object and the location header set to the task status URL "/api/config/event_sources/custom_properties/regex_property_delete_tasks/{task_id}". A Delete Task Status object contains the following fields:

  • id - Long - The ID of the task.

  • message - String - The localized task message.

  • status - String - The current state of the task.

  • name - String - The name of the task.

  • created_by - String - The name of the user who started the task.

  • created - Long - The time in milliseconds since epoch since the task was created.

  • started - Long - The time in milliseconds since epoch since the task was started.

  • modified - Long - The time in milliseconds since epoch since the task was modified.

  • completed - Long - The time in milliseconds since epoch since the task was completed.

Response Sample

{ "completed": 42, "created": 42, "created_by": "String", "id": 42, "message": "String", "modified": 42, "name": "String", "started": 42, "status": "String <one of: CANCELLED, CANCELING, CANCEL_REQUESTED, COMPLETED, CONFLICT, EXCEPTION, INITIALIZING, INTERRUPTED, PAUSED, PROCESSING, QUEUED, RESUMING>" }

GET /config/event_sources/custom_properties/regex_property_dependent_tasks/{task_id}

Retrieves the event regex property dependent task status.

Table 101: GET /config/event_sources/custom_properties/regex_property_dependent_tasks/{task_id} Resource Details

MIME Type

application/json

Table 102: GET /config/event_sources/custom_properties/regex_property_dependent_tasks/{task_id} Request Parameter Details

Parameter

Type

Optionality

Data Type

MIME Type

Description

task_id

path

Required

Number (Integer)

text/plain

null

fields

query

Optional

String

text/plain

Optional - Use this parameter to specify which fields you would like to get back in the response. Fields that are not named are excluded. Specify subfields in brackets and multiple fields in the same object are separated by commas.

Table 103: GET /config/event_sources/custom_properties/regex_property_dependent_tasks/{task_id} Response Codes

HTTP Response Code

Unique Code

Description

200

 

The dependent task status was retrieved.

404

1002

The requested dependent task status cannot be found.

422

1005

The task ID is invalid in the request.

500

1020

An error occurred during the attempt to retrieve the task status.

Response Description

A Dependent Task Status object and the location header set to the task status URL "/api/config/event_sources/custom_properties/regex_property_dependent_tasks/{task_id}". A Dependent Task Status object contains the following fields:

  • id - Long - The ID of the task.

  • message - String - The localized task message.

  • status - String - The current state of the task.

  • name - String - The name of the task.

  • created_by - String - The name of the user who started the task.

  • cancelled_by - String - The name of the user who requested to cancel the task.

  • created - Long - The time in milliseconds since epoch since the task was created.

  • started - Long - The time in milliseconds since epoch since the task was started.

  • modified - Long - The time in milliseconds since epoch since the task was modified.

  • completed - Long - The time in milliseconds since epoch since the task was completed.

  • number_of_dependents - Long - The number of dependents found. The value is null until the task completes.

  • maximum - Long - The maximum number of objects to check for dependency.

  • progress - Long - The number of objects that were checked for dependency.

  • task_components - Array - An array of task component objects. A task component object contains the following fields

    • message - String - The localized sub-task status message.

    • status - String - The current state of the sub-task.

    • sub_task_type - String - The type of the sub-task

    • maximum - Long - The maximum number of objects to check for dependency.

    • progress - Long - The number of objects that were checked for dependency.

    • created - Long - The time in milliseconds since epoch since the sub-task was created.

    • started - Long - The time in milliseconds since epoch since the sub-task was started.

    • modified - Long - The time in milliseconds since epoch since the sub-task was modified.

    • completed - Long - The time in milliseconds since epoch since the sub-task was completed.

Response Sample

{ "cancelled_by": "String", "completed": 42, "created": 42, "created_by": "String", "id": 42, "maximum": 42, "message": "String", "modified": 42, "name": "String", "number_of_dependents": 42, "progress": 42, "started": 42, "status": "String <one of: CANCELLED, CANCELING, CANCEL_REQUESTED, COMPLETED, CONFLICT, EXCEPTION, INITIALIZING, INTERRUPTED, PAUSED, PROCESSING, QUEUED, RESUMING>", "task_components": [ { "completed": 42, "created": 42, "maximum": 42, "message": "String", "modified": 42, "number_of_dependents": 42, "progress": 42, "started": 42, "status": "String <one of: CANCELLED, CANCELING, CANCEL_REQUESTED, COMPLETED, CONFLICT, EXCEPTION, INITIALIZING, INTERRUPTED, PAUSED, PROCESSING, QUEUED, RESUMING>", "task_sub_type": "String <one of: FIND_DEPENDENT_ARIEL_SAVED_SEARCHES, FIND_DEPENDENT_OFFENSE_SAVED_SEARCHES, FIND_DEPENDENT_ASSET_SAVED_SEARCHES, FIND_DEPENDENT_VULNERABILITY_SAVED_SEARCHES, FIND_DEPENDENT_ADE_RULES, FIND_DEPENDENT_RULES, FIND_DEPENDENT_CALCULATED_PROPERTIES, FIND_DEPENDENT_LOG_SOURCE_GROUPS, FIND_DEPENDENT_CUSTOM_PROPERTIES, FIND_DEPENDENT_REPORTS, FIND_DEPENDENT_DASHBOARDS, FIND_DEPENDENT_STORE_AND_FORWARD_POLICIES, FIND_DEPENDENT_AUTHORIZED_SERVICES, FIND_DEPENDENT_OFFENSE_TYPES, FIND_DEPENDENT_ASSIGNED_OFFENSES, FIND_DEPENDENT_VULNERABILITIES, FIND_DEPENDENT_GROUPS, FIND_DEPENDENT_HISTORICAL_CORRELATION_PROFILES>" } ] }

POST /config/event_sources/custom_properties/regex_property_dependent_tasks/{task_id}

Cancels the regex property dependent task.

Table 104: POST /config/event_sources/custom_properties/regex_property_dependent_tasks/{task_id} Resource Details

MIME Type

application/json

Table 105: POST /config/event_sources/custom_properties/regex_property_dependent_tasks/{task_id} Request Parameter Details

Parameter

Type

Optionality

Data Type

MIME Type

Description

task_id

path

Required

Number (Integer)

text/plain

null

fields

header

Optional

String

text/plain

Optional - Use this parameter to specify which fields you would like to get back in the response. Fields that are not named are excluded. Specify subfields in brackets and multiple fields in the same object are separated by commas.

Table 106: POST /config/event_sources/custom_properties/regex_property_dependent_tasks/{task_id} Request Body Details

Parameter

Data Type

MIME Type

Description

Sample

task

Object

application/json

null

{ "status": "String <one of: CANCELLED, CANCELING, CANCEL_REQUESTED, COMPLETED, CONFLICT, EXCEPTION, INITIALIZING, INTERRUPTED, PAUSED, PROCESSING, QUEUED, RESUMING>" }

Table 107: POST /config/event_sources/custom_properties/regex_property_dependent_tasks/{task_id} Response Codes

HTTP Response Code

Unique Code

Description

200

 

The dependent task was cancelled.

404

1002

The dependent task status does not exist.

409

1004

The task is in a completed state.

422

1005

A request parameter is not valid.

500

1020

An error occurred while attempting to update the dependent task status.

Response Description

A Dependent Task Status object and the location header set to the task status URL "/api/config/event_sources/custom_properties/regex_property_dependent_tasks/{task_id}". A Dependent Task Status object contains the following fields:

  • id - Long - The ID of the task.

  • message - String - The localized task message.

  • status - String - The current state of the task.

  • name - String - The name of the task.

  • created_by - String - The name of the user who started the task.

  • cancelled_by - String - The name of the user who requested to cancel the task.

  • created - Long - The time in milliseconds since epoch since the task was created.

  • started - Long - The time in milliseconds since epoch since the task was started.

  • modified - Long - The time in milliseconds since epoch since the task was modified.

  • completed - Long - The time in milliseconds since epoch since the task was completed.

  • number_of_dependents - Long - The number of dependents found. The value is null until the task completes.

  • maximum - Long - The maximum number of objects to check for dependency.

  • progress - Long - The number of objects that were checked for dependency.

  • task_components - Array - An array of task component objects. A task component object contains the following fields:

    • message - String - The localized sub-task status message.

    • status - String - The current state of the sub-task.

    • sub_task_type - String - The type of the sub-task

    • maximum - Long - The maximum number of objects to check for dependency.

    • progress - Long - The number of objects that were checked for dependency.

    • created - Long - The time in milliseconds since epoch since the sub-task was created.

    • started - Long - The time in milliseconds since epoch since the sub-task was started.

    • modified - Long - The time in milliseconds since epoch since the sub-task was modified.

    • completed - Long - The time in milliseconds since epoch since the sub-task was completed.

Response Sample

{ "cancelled_by": "String", "completed": 42, "created": 42, "created_by": "String", "id": 42, "maximum": 42, "message": "String", "modified": 42, "name": "String", "number_of_dependents": 42, "progress": 42, "started": 42, "status": "String <one of: CANCELLED, CANCELING, CANCEL_REQUESTED, COMPLETED, CONFLICT, EXCEPTION, INITIALIZING, INTERRUPTED, PAUSED, PROCESSING, QUEUED, RESUMING>", "task_components": [ { "completed": 42, "created": 42, "maximum": 42, "message": "String", "modified": 42, "number_of_dependents": 42, "progress": 42, "started": 42, "status": "String <one of: CANCELLED, CANCELING, CANCEL_REQUESTED, COMPLETED, CONFLICT, EXCEPTION, INITIALIZING, INTERRUPTED, PAUSED, PROCESSING, QUEUED, RESUMING>", "task_sub_type": "String <one of: FIND_DEPENDENT_ARIEL_SAVED_SEARCHES, FIND_DEPENDENT_OFFENSE_SAVED_SEARCHES, FIND_DEPENDENT_ASSET_SAVED_SEARCHES, FIND_DEPENDENT_VULNERABILITY_SAVED_SEARCHES, FIND_DEPENDENT_ADE_RULES, FIND_DEPENDENT_RULES, FIND_DEPENDENT_CALCULATED_PROPERTIES, FIND_DEPENDENT_LOG_SOURCE_GROUPS, FIND_DEPENDENT_CUSTOM_PROPERTIES, FIND_DEPENDENT_REPORTS, FIND_DEPENDENT_DASHBOARDS, FIND_DEPENDENT_STORE_AND_FORWARD_POLICIES, FIND_DEPENDENT_AUTHORIZED_SERVICES, FIND_DEPENDENT_OFFENSE_TYPES, FIND_DEPENDENT_ASSIGNED_OFFENSES, FIND_DEPENDENT_VULNERABILITIES, FIND_DEPENDENT_GROUPS, FIND_DEPENDENT_HISTORICAL_CORRELATION_PROFILES>" } ] }

GET /config/event_sources/custom_properties/regex_property_dependent_tasks/{task_id}/results

Retrieves the regex property dependent task results.

Table 108: GET /config/event_sources/custom_properties/regex_property_dependent_tasks/{task_id}/results Resource Details

MIME Type

application/json

Table 109: GET /config/event_sources/custom_properties/regex_property_dependent_tasks/{task_id}/results Request Parameter Details

Parameter

Type

Optionality

Data Type

MIME Type

Description

task_id

path

Required

Number (Integer)

text/plain

null

fields

query

Optional

String

text/plain

Optional - Use this parameter to specify which fields you would like to get back in the response. Fields that are not named are excluded. Specify subfields in brackets and multiple fields in the same object are separated by commas.

Table 110: GET /config/event_sources/custom_properties/regex_property_dependent_tasks/{task_id}/results Response Codes

HTTP Response Code

Unique Code

Description

200

 

The regex property dependents were retrieved.

404

1002

The requested task status cannot be found.

500

1020

An error occurred during the attempt to retrieve the task results.

Response Description

A list of Dependent objects. A Dependent object contains the following fields:

  • dependent_id - String - The ID of the dependent resource.

  • dependent_name - String - The name of the dependent resource )default resources can have localized names).

  • dependent_owner - String - The owner of the dependent resource

  • dependent_type - String - The type of the dependent resource

  • dependent_database - String - The database of the dependent resource.

  • dependent_group_ids - Array of Longs - List of groups that the dependent resource belongs to.

  • user_has_edit_permissions - Boolean - True if the user who created the task has permission to edit this dependent resource.

Response Sample

[ { "blocking": true, "dependent_database": "String <one of: EVENTS, FLOWS>", "dependent_group_ids": [ 42 ], "dependent_id": "String", "dependent_name": "String", "dependent_owner": "String", "dependent_type": "String <one of: ARIEL_SAVED_SEARCH, ASSET_SAVED_SEARCH, OFFENSE_SAVED_SEARCH, VULNERABILITY_SAVED_SEARCH, QRM_SAVED_SEARCH_GROUP, ASSET_SAVED_SEARCH_GROUP, CUSTOM_RULE_GROUP, EVENT_ARIEL_SAVED_SEARCH_GROUP, FLOW_ARIEL_SAVED_SEARCH_GROUP, LOG_SOURCE_GROUP, MODEL_GROUP, OFFENSE_SAVED_SEARCH_GROUP, QUESTION_GROUP, REPORT_GROUP, SIMULATION_GROUP, TOPOLOGY_SAVED_SEARCH_GROUP, VULNERABILITY_SAVED_SEARCH_GROUP, ASSIGNED_OFFENSE, ASSIGNED_VULNERABILITY, AUTHORIZED_SERVICE, BUILDING_BLOCK, CRE_RULE, CRE_ADE_RULE, EVENT_REGEX_PROPERTY, EVENT_CALCULATED_PROPERTY, FLOW_REGEX_PROPERTY, FLOW_CALCULATED_PROPERTY, DASHBOARD, GV_REFERENCE, REPORT, REFERENCE_DATA, REFERENCE_DATA_MAP_OF_SETS, REFERENCE_DATA_MAPS, REFERENCE_DATA_SETS, REFERENCE_DATA_TABLES, REFERENCE_DATA_RESPONSE, REFERENCE_SET_RESPONSE, EVENT_RETENTION_BUCKET, FLOW_RETENTION_BUCKET, ROUTING_RULE, STORE_AND_FORWARD_POLICY, USER, HISTORICAL_PROFILE, OFFENSE_TYPE>", "user_has_edit_permissions": true } ]

GET /config/extension_management/extensions

Retrieve a list of extensions.

Table 111: GET /config/extension_management/extensions Resource Details

MIME Type

application/json

Table 112: GET /config/extension_management/extensions Request Parameter Details

Parameter

Type

Optionality

Data Type

MIME Type

Description

Range

header

Optional

String

text/plain

Optional - Use this parameter to restrict the number of elements that are returned in the list to a specified range. The list is indexed starting at zero.

sort

query

Optional

String

text/plain

Optional - This parameter is used to sort the elements in a list.

fields

query

Optional

String

text/plain

Optional - Use this parameter to specify which fields you would like to get back in the response. Fields that are not named are excluded. Specify subfields in brackets and multiple fields in the same object are separated by commas.

filter

query

Optional

String

text/plain

Optional - This parameter is used to restrict the elements in a list base on the contents of various fields.

Table 113: GET /config/extension_management/extensions Response Codes

HTTP Response Code

Unique Code

Description

200

 

The requested list of extensions has been retrieved.

422

22608

The supplied filter is invalid.

422

22615

Unknown status used in filter.

422

22610

The selected field cannot be utilized for sorting.

422

22609

Only top-level-elements of the root entity can be sorted on.

500

22602

An error has occurred while trying to retrieve the list of extensions.

Response Description

A list of extensions. Each extension contains the following fields:

  • id - Number - Unique ID of this extension within the JSA deployment.

  • name - String - The name of the extension.

  • description - String - The description of the extension.

  • author - String - The author (person who generated) the extension.

  • version - String - The version of the extension.

  • supported_languages - Array of strings - The language tags supported by this extension.

  • exported_qradar_version - String - The version of the JSA deployment this extension was exported from.

  • min_qradar_version - String - The minimum JSA version required for the extension to function properly.

  • file_location - String - The location of the extension file on disk.

  • size - Number - The size in bytes of the extension file.

  • signed - String - The state of the extension's signature.

  • beta - Boolean - True if the extension is considered to be beta or experimental.

  • added_by - String - The user or authorized service that added the extension to JSA.

  • installed_by - String The user or authorized service that installed the extension.

  • add_time - Number - The date/time at which the extension was added to JSA, represented as number of milliseconds since Unix epoch.

  • install_time - Number - The date/time at which the extension was installed, represented as number of milliseconds since Unix epoch.

  • full_uninstall - Boolean - True if the extension and all of its contents can be fully uninstalled.

  • status - String - The tag corresponding to the current status of the extension. Possible values are UPLOADED, UPLOADING, INSTALLED, INSTALLING, INSTALL_FAILED, UNINSTALLED, UNINSTALLING, UNINSTALL_FAILED, NOT_INSTALLED, PREVIEWING, NONE.

  • contents - Array of objects representing an item contained within the extension. Each object has the following fields:

    • content_type_id - Number - The ID of the content type.

    • content_type_name - String - The name of the content type.

    • identifier - String - The descriptive name/identifier of the item.

Response Sample

[ { "file_location": "/store/cmt/exports/custom_rule.zip", "supported_languages": [ "en_US" ], "contents": [ { "content_type_id": 3, "identifier": "No Description Supplied", "content_type_name": "custom_rule" }, { "content_type_id": 28, "identifier": "Asset Reconciliation IPv4 Blacklist", "content_type_name": "reference_data" }, { "content_type_id": 28, "identifier": "Asset Reconciliation IPv4 Whitelist", "content_type_name": "reference_data" }, { "content_type_id": 32, "identifier": "No Description Supplied", "content_type_name": "reference_data_rules" } ], "status": "INSTALLED", "signed": "NOT_SIGNED", "full_uninstall": false, "min_qradar_version": null, "beta": false, "version": "7.2.6.20150825133843", "size": 8575, "id": 59, "author": "admin", "description": null, "exported_qradar_version": null, "name": "custom_rule.xml", "install_time": 1440788704856, "installed_by": "admin", "added_by": "admin", "add_time": 1440693660702 }, { "file_location": "/store/cmt/exports/qidmap.xml", "supported_languages": [ "en_US" ], "contents": [ { "content_type_id": 27, "identifier": "", "content_type_name": "qidmap" } ], "status": "INSTALLED", "signed": "NOT_SIGNED", "full_uninstall": false, "min_qradar_version": null, "beta": false, "version": "7.2.6.20150821144442", "size": 675, "id": 2, "author": "admin", "description": null, "exported_qradar_version": null, "name": "qidmap.xml", "install_time": 1440612194941, "installed_by": "admin", "added_by": "admin", "add_time": 1440555001236 } ]

POST /config/extension_management/extensions

Uploads the supplied extension file to the JSA system.

Table 114: POST /config/extension_management/extensions Resource Details

MIME Type

application/json

Table 115: POST /config/extension_management/extensions Request Parameter Details

Parameter

Type

Optionality

Data Type

MIME Type

Description

fields

header

Optional

String

text/plain

Optional - Use this parameter to specify which fields you would like to get back in the response. Fields that are not named are excluded. Specify subfields in brackets and multiple fields in the same object are separated by commas.

Table 116: POST /config/extension_management/extensions Request Body Details

Parameter

Data Type

MIME Type

Description

Sample

file

File

application/x-gzip

Required - The Extension file. Must be a properly-formed JSA extension/content export, either an XML file or an XML within a ZIP or TAR.GZ archive. Must be provided with MIME type application/xml, application/zip, application/x-gzip or multipart/form-data

File

Table 117: POST /config/extension_management/extensions Response Codes

HTTP Response Code

Unique Code

Description

201

 

The supplied extension file has been uploaded.

409

22613

The supplied extension file can not be uploaded because it shares the same hub_id and version as one of the extensions in the system.

422

22607

The supplied extension could not be validated successfully

422

22616

The supplied manifest for the extension is invalid.

500

22602

An error has occurred while trying to upload the extension file.

Response Description

An extension containing the following fields:

  • id - Number - Unique ID of this extension within the JSA deployment.

  • name - String - The name of the extension.

  • description - String - The description of the extension.

  • author - String - The author (person who generated) the extension.

  • version - String - The version of the extension.

  • supported_languages - Array of strings - The language tags supported by this extension.

  • exported_qradar_version - String - The version of the JSA deployment this extension was exported from.

  • min_qradar_version - String - The minimum JSA version required for the extension to function properly.

  • file_location - String - The location of the extension file on disk.

  • size - Number - The size in bytes of the extension file.

  • signed - String - The state of the extension's signature.

  • beta - Boolean - True if the extension is considered to be beta or experimental.

  • added_by - String - The user or authorized service that added the extension to JSA.

  • installed_by - String The user or authorized service that installed the extension.

  • add_time - Number - The date/time at which the extension was added to JSA, represented as number of milliseconds since Unix epoch.

  • install_time - Number - The date/time at which the extension was installed, represented as number of milliseconds since Unix epoch.

  • full_uninstall - Boolean - True if the extension and all of its contents can be fully uninstalled.

  • status - String - The tag corresponding to the current status of the extension. Possible values are UPLOADED, UPLOADING, INSTALLED, INSTALLING, INSTALL_FAILED, UNINSTALLED, UNINSTALLING, UNINSTALL_FAILED, NOT_INSTALLED, PREVIEWING, NONE.

  • contents - Array of objects representing an item contained within the extension. Each object has the following fields:

    • content_type_id - Number - The ID of the content type.

    • content_type_name - String - The name of the content type.

    • identifier - String - The descriptive name/identifier of the item.

Response Sample

{ "file_location": "/store/cmt/exports/qidmaps.xml", "supported_languages": [ "en_US" ], "contents": [ { "content_type_id": 27, "identifier": "", "content_type_name": "qidmap" } ], "status": "INSTALLED", "signed": "NOT_SIGNED", "full_uninstall": false, "min_qradar_version": null, "beta": false, "version": "7.2.6.20150821144442", "size": 675, "id": 2, "author": "admin", "description": null, "exported_qradar_version": null, "name": "qidmaps.xml", "install_time": 1440612194941, "installed_by": "admin", "added_by": "admin", "add_time": 1440555001236 }

GET /config/extension_management/extensions/{extension_id}

Retrieves an extension based on the supplied extension ID.

Table 118: GET /config/extension_management/extensions/{extension_id} Resource Details

MIME Type

application/json

Table 119: GET /config/extension_management/extensions/{extension_id} Request Parameter Details

Parameter

Type

Optionality

Data Type

MIME Type

Description

extension_id

path

Required

Number (Integer)

text/plain

Required - The id of the extension.

fields

query

Optional

String

text/plain

Optional - Use this parameter to specify which fields you would like to get back in the response. Fields that are not named are excluded. Specify subfields in brackets and multiple fields in the same object are separated by commas.

Table 120: GET /config/extension_management/extensions/{extension_id} Response Codes

HTTP Response Code

Unique Code

Description

200

 

The requested extension has been retrieved.

404

22603

The requested extension cannot be found.

422

22606

A supplied numeric parameter was not positive.

500

22602

An error has occurred while trying to retrieve the requested extension.

Response Description

An extension containing the following fields:

  • id - Number - Unique ID of this extension within the JSA deployment.

  • name - String - The name of the extension.

  • description - String - The description of the extension.

  • author - String - The author (person who generated) the extension.

  • version - String - The version of the extension.

  • supported_languages - Array of strings - The language tags supported by this extension.

  • exported_qradar_version - String - The version of the JSA deployment this extension was exported from.

  • min_qradar_version - String - The minimum JSA version required for the extension to function properly.

  • file_location - String - The location of the extension file on disk.

  • size - Number - The size in bytes of the extension file.

  • signed - String - The state of the extension's signature.

  • beta - Boolean - True if the extension is considered to be beta or experimental.

  • added_by - String - The user or authorized service that added the extension to JSA.

  • installed_by - String The user or authorized service that installed the extension.

  • add_time - Number - The date/time at which the extension was added to JSA, represented as number of milliseconds since Unix epoch.

  • install_time - Number - The date/time at which the extension was installed, represented as number of milliseconds since Unix epoch.

  • full_uninstall - Boolean - True if the extension and all of its contents can be fully uninstalled.

  • status - String - The tag corresponding to the current status of the extension. Possible values are UPLOADED, UPLOADING, INSTALLED, INSTALLING, INSTALL_FAILED, UNINSTALLED, UNINSTALLING, UNINSTALL_FAILED, NOT_INSTALLED, PREVIEWING, NONE.

  • contents - Array of objects representing an item contained within the extension. Each object has the following fields:

    • content_type_id - Number - The ID of the content type.

    • content_type_name - String - The name of the content type.

    • identifier - String - The descriptive name/identifier of the item.

Response Sample

{ "file_location": "/store/cmt/exports/qidmaps.xml", "supported_languages": [ "en_US" ], "contents": [ { "content_type_id": 27, "identifier": "", "content_type_name": "qidmap" } ], "status": "INSTALLED", "signed": "NOT_SIGNED", "full_uninstall": false, "min_qradar_version": null, "beta": false, "version": "7.2.6.20150821144442", "size": 675, "id": 2, "author": "admin", "description": null, "exported_qradar_version": null, "name": "qidmaps.xml", "install_time": 1440612194941, "installed_by": "admin", "added_by": "admin", "add_time": 1440555001236 }

POST /config/extension_management/extensions/{extension_id}

Install an extension based on the supplied extension ID. This is an asynchronous action.

Table 121: POST /config/extension_management/extensions/{extension_id} Resource Details

MIME Type

application/json

Table 122: POST /config/extension_management/extensions/{extension_id} Request Parameter Details

Parameter

Type

Optionality

Data Type

MIME Type

Description

extension_id

path

Required

Number (Integer)

text/plain

Required - The id of the extension.

action_type

query

Required

String

text/plain

Required - The desired action to take on the Extension (INSTALL or PREVIEW)

overwrite

query

Optional

Boolean

text/plain

Optional - If true, any existing items on the importing system will be overwritten if the extension contains the same items. If false, existing items will be preserved, and the corresponding items in the extension will be skipped.

fields

query

Optional

String

text/plain

Optional - Use this parameter to specify which fields you would like to get back in the response. Fields that are not named are excluded. Specify subfields in brackets and multiple fields in the same object are separated by commas.

Table 123: POST /config/extension_management/extensions/{extension_id} Response Codes

HTTP Response Code

Unique Code

Description

202

 

The requested install or preview task has been started.

404

22603

The requested extension cannot be found.

404

22604

The task status for status_id cannot be found.

409

22612

The supplied extension cannot be installed/previewed because it is already installed

409

22611

The supplied extension cannot be installed/previewed because it is already in the process of being installed/previewed.

409

22618

The requested task can not be initiated because another preview/install task is already in progress.

422

22605

The supplied action type is invalid

422

22606

A supplied numeric parameter was not positive.

500

22602

An error has occurred while trying to install or preview the requested extension.

Response Description

A JSON string depicting the accepted task for previewing/installing an extension:

  • message - String - description of the accepted task.

  • status_location - String - the url of the task status.

  • current_status - String - a JSON object depicting the current status of the task.

Response Sample

{ "message": "Uninstalling an extension", "status_location": "https://1.1.1.1/console/restapi/api/config/extension_management/ extensions_task_status/101", "current_status": { "progress": 0, "result_url": null, "cancelled_by": null, "status": "QUEUED", "task_components": null, "modified": 1440891410849, "id": 101, "message": "Queued Extension uninstallation task for extension id 2", "created_by": "admin", "created": 1440891410629, "maximum": 0, "cancel_requested": false, "name": "Extension uninstallation task", "child_tasks": null, "started": 1440891410847, "completed": null } }

DELETE /config/extension_management/extensions/{extension_id}

Uninstall an extension based on the supplied extension ID. This is an asynchronous action.

Table 124: DELETE /config/extension_management/extensions/{extension_id} Resource Details

MIME Type

application/json

Table 125: DELETE /config/extension_management/extensions/{extension_id} Request Parameter Details

Parameter

Type

Optionality

Data Type

MIME Type

Description

extension_id

path

Required

Number (Integer)

text/plain

Required - The id of the extension to be uninstalled.

fields

query

Optional

String

text/plain

Optional - Use this parameter to specify which fields you would like to get back in the response. Fields that are not named are excluded. Specify subfields in brackets and multiple fields in the same object are separated by commas.

Table 126: DELETE /config/extension_management/extensions/{extension_id} Response Codes

HTTP Response Code

Unique Code

Description

202

 

The requested uninstall task has been started.

404

22603

The requested extension cannot be found.

404

22604

The task status for status_id cannot be found.

409

22611

The supplied extension cannot be uninstalled because it is already in the process of being uninstalled.

409

22617

The extension can not be uninstalled because it is already in the process of being previewed/installed.

422

22606

A supplied numeric parameter was not positive.

500

22602

An error has occurred while trying to uninstall an extension.

Response Description

A JSON string depicting the accepted task for uninstalling an extension:

  • message - String - description of the accepted task.

  • status_location - String - the url of the task status.

  • current_status - String - a JSON object depicting the current status of the task.

Response Sample

{ "message": "Uninstalling an extension", "status_location": "https://1.1.1.1/console/restapi/api/config/extension_management/ extensions_task_status/101", "current_status": { "progress": 0, "result_url": null, "cancelled_by": null, "status": "QUEUED", "task_components": null, "modified": 1440891410849, "id": 101, "message": "Queued Extension uninstallation task for extension id 2", "created_by": "admin", "created": 1440891410629, "maximum": 0, "cancel_requested": false, "name": "Extension uninstallation task", "child_tasks": null, "started": 1440891410847, "completed": null } }

GET /config/extension_management/extensions_task_status/{status_id}

Retrieves the tasks status based on the status ID.

Table 127: GET /config/extension_management/extensions_task_status/{status_id} Resource Details

MIME Type

application/json

Table 128: GET /config/extension_management/extensions_task_status/{status_id} Request Parameter Details

Parameter

Type

Optionality

Data Type

MIME Type

Description

status_id

path

Required

Number (Integer)

text/plain

Required - the id of the task status.

fields

query

Optional

String

text/plain

Optional - Use this parameter to specify which fields you would like to get back in the response. Fields that are not named are excluded. Specify subfields in brackets and multiple fields in the same object are separated by commas.

Table 129: GET /config/extension_management/extensions_task_status/{status_id} Response Codes

HTTP Response Code

Unique Code

Description

200

 

The requested task status has been retrieved.

404

22604

The task status for status_id cannot be found.

422

22606

A supplied numeric parameter was not positive.

500

22602

An error has occurred while trying to retrieve the task status.

Response Description

A task status containing the following fields:

  • id - Number - The ID of the task status.

  • name - String - The name of the task status.

  • status - String - A string that represents the current state of the task status.

  • message - String - A message regarding the current state of the task.

  • progress - Number - The current progress of the task

  • minimum - Number - The minimum progress of the task.

  • maximum - Number - The maximum progress of the task.

  • created_by - String - The username of the user who created the task.

  • cancelled_by - String - The username of the user who cancelled the task.

  • created - Number - The date/time at which this task was created, represented as number of milliseconds since Unix epoch.

  • started - Number - The date/time at which this task was started, represented as number of milliseconds since Unix epoch.

  • modified - Number - The date/time at which this task was last modified, represented as number of milliseconds since Unix epoch.

  • completed - Number - The date/time at which this task was completed, represented as number of milliseconds since Unix epoch.

  • result_url - String - The url where the result can be viewed.

  • cancel_requested - Boolean - True if cancel has been requested.

  • child_tasks - Array - Array of child task id's that are executed asynchronously from this task.

  • task_components - Array - Array of task components that are executed sequentially.

Response Sample

{ "progress": 0, "result_url": "", "cancelled_by": "", "status": "COMPLETED", "task_components": null, "modified": 1440891517961, "id": 102, "message": "Completed Extension uninstallation task for extension id 56", "created_by": "admin", "created": 1440891514006, "maximum": 0, "cancel_requested": false, "name": "Extension uninstallation task", "child_tasks": null, "started": 1440891514041, "completed": 1440891515224 }

GET /config/extension_management/extensions_task_status/{status_id}/results

Retrieves the tasks status results based on the status ID.

Table 130: GET /config/extension_management/extensions_task_status/{status_id}/results Resource Details

MIME Type

application/json

Table 131: GET /config/extension_management/extensions_task_status/{status_id}/results Request Parameter Details

Parameter

Type

Optionality

Data Type

MIME Type

Description

status_id

path

Required

Number (Integer)

text/plain

Required - The id of the task status.

fields

query

Optional

String

text/plain

Optional - Use this parameter to specify which fields you would like to get back in the response. Fields that are not named are excluded. Specify subfields in brackets and multiple fields in the same object are separated by commas.

Table 132: GET /config/extension_management/extensions_task_status/{status_id}/results Response Codes

HTTP Response Code

Unique Code

Description

200

 

The requested results of the task status have been retrieved.

404

22604

The task status for status_id cannot be found.

404

22614

The task results are not available.

422

22606

A supplied numeric parameter was not positive.

500

22602

An error has occurred while trying to retrieve the results of a task status.

Response Description

A JSON object representing the result of an Extension preview, install or uninstall task. It contains the following fields:

  • id - Number - The ID of the extension.

  • task_type - String - The type of task that was issued against the Extension.

  • content - Array - An array of JSON objects representing the contents of the extension and what action is associated with each content item for the task that was executed. Each content item contains the following fields:

    • name - String - The name of the content item.

    • content_type_id - Number - The ID of the type of the content item.

    • content_type_name - String - The name of the type of the content item.

    • action - String - The action taken for the content item.

Response Sample

{ "id": 56, "task_type": "UNINSTALL", "content": [ { "content_type_id": 3, "name": "SYSTEM-1607", "action": "SKIP", "content_type_name": "custom_rule" }, { "content_type_id": 28, "name": "Asset Reconciliation IPv4 Whitelist", "action": "SKIP", "content_type_name": "reference_data" } ] }

GET /config/flow_retention_buckets

Retrieves a list of flow retention buckets.

Table 133: GET /config/flow_retention_buckets Resource Details

MIME Type

application/json

Table 134: GET /config/flow_retention_buckets Request Parameter Details

Parameter

Type

Optionality

Data Type

MIME Type

Description

Range

header

Optional

String

text/plain

Optional - Use this parameter to restrict the number of elements that are returned in the list to a specified range. The list is indexed starting at zero.

filter

query

Optional

String

text/plain

Optional - This parameter is used to restrict the elements in a list base on the contents of various fields.

fields

query

Optional

String

text/plain

Optional - Use this parameter to specify which fields you would like to get back in the response. Fields that are not named are excluded. Specify subfields in brackets and multiple fields in the same object are separated by commas.

Table 135: GET /config/flow_retention_buckets Response Codes

HTTP Response Code

Unique Code

Description

200

 

The flow retention buckets were retrieved.

422

1010

A request parameter is not valid.

500

1020

An error occurred during the attempt to retrieve the flow retention buckets.

Response Description

An array of Retention Bucket objects. An Retention Bucket object contains the following fields:

  • id - Integer - The ID of the retention bucket.

  • bucket_id - Integer - The Bucket ID of the retention bucket. ( 0 - 10 )

  • priority - Integer - The priority of the retention bucket. ( 0 - 10 ).

  • name - String - The name of the retention bucket.

  • database - String - The database of the retention bucket, EVENTS or FLOWS.

  • description - String - The description of the retention bucket.

  • period - Integer - The retention period in hours.

  • delete - String - The delete protocol of the retention bucket, IMMEDIATELY or ON_DEMAND.

  • created - Long - The time in milliseconds since epoch since the retention bucket was created.

  • modified - Long - The time in milliseconds since epoch since the retention bucket was last modified.

  • saved_search_id - String - The ID of the saved search used by the retention bucket.

  • enabled - Boolean - True if the retention bucket is enabled.

Response Sample

[ { "bucket_id": 42, "created": 42, "database": "String", "deletion": "String <one of: ON_DEMAND, IMMEDIATELY>", "description": "String", "enabled": true, "id": 42, "modified": 42, "name": "String", "period": 42, "priority": 42, "saved_search_id": "String" } ]

GET /config/flow_retention_buckets/{id}

Retrieves a flow retention bucket.

Table 136: GET /config/flow_retention_buckets/{id} Resource Details

MIME Type

application/json

Table 137: GET /config/flow_retention_buckets/{id} Request Parameter Details

Parameter

Type

Optionality

Data Type

MIME Type

Description

id

path

Required

Number (Integer)

text/plain

null

fields

query

Optional

String

text/plain

Optional - Use this parameter to specify which fields you would like to get back in the response. Fields that are not named are excluded. Specify subfields in brackets and multiple fields in the same object are separated by commas.

Table 138: GET /config/flow_retention_buckets/{id} Response Codes

HTTP Response Code

Unique Code

Description

200

 

The flow retention bucket was retrieved.

404

1002

The flow retention bucket does not exist.

500

1020

An error occurred during the attempt to retrieve the flow retention bucket.

Response Description

The retention bucket after it is retrieved. An Retention Bucket object contains the following fields:

  • id - Integer - The ID of the retention bucket.

  • bucket_id - Integer - The Bucket ID of the retention bucket. ( 0 - 10 )

  • priority - Integer - The priority of the retention bucket. ( 0 - 10 ).

  • name - String - The name of the retention bucket.

  • database - String - The database of the retention bucket, EVENTS or FLOWS.

  • description - String - The description of the retention bucket.

  • period - Integer - The retention period in hours.

  • delete - String - The delete protocol of the retention bucket, IMMEDIATELY or ON_DEMAND.

  • created - Long - The time in milliseconds since epoch since the retention bucket was created.

  • modified - Long - The time in milliseconds since epoch since the retention bucket was last modified.

  • saved_search_id - String - The ID of the saved search that is used by the retention bucket.

  • enabled - Boolean - True if the retention bucket is enabled.

Response Sample

{ "bucket_id": 42, "created": 42, "database": "String", "deletion": "String <one of: ON_DEMAND, IMMEDIATELY>", "description": "String", "enabled": true, "id": 42, "modified": 42, "name": "String", "period": 42, "priority": 42, "saved_search_id": "String" }

POST /config/flow_retention_buckets/{id}

Updates the flow retention bucket owner, or enabled/disabled only.

Table 139: POST /config/flow_retention_buckets/{id} Resource Details

MIME Type

application/json

Table 140: POST /config/flow_retention_buckets/{id} Request Parameter Details

Parameter

Type

Optionality

Data Type

MIME Type

Description

id

path

Required

Number (Integer)

text/plain

null

fields

header

Optional

String

text/plain

Optional - Use this parameter to specify which fields you would like to get back in the response. Fields that are not named are excluded. Specify subfields in brackets and multiple fields in the same object are separated by commas.

Table 141: POST /config/flow_retention_buckets/{id} Request Body Details

Parameter

Data Type

MIME Type

Description

Sample

retention_bucket

Object

application/json

null

{ "bucket_id": 42, "database": "String", "description": "String", "enabled": true, "id": 42, "name": "String", "period": 42, "priority": 42, "saved_search_id": "String" }

Table 142: POST /config/flow_retention_buckets/{id} Response Codes

HTTP Response Code

Unique Code

Description

200

 

The flow retention bucket was updated.

404

1002

The Flow Retention Bucket does not exist.

409

1004

The provided user does not have the required capabilities to own the flow retention bucket.

422

1005

A request parameter is not valid.

500

1020

An error occurred during the attempt to update the flow retention bucket.

Response Description

The Retention Bucket after it is updated. A Retention Bucket object contains the following fields:

  • id - Integer - The ID of the retention bucket.

  • bucket_id - Integer - The Bucket ID of the retention bucket. ( 0 - 10 ).

  • priority - Integer - The priority of the retention bucket ( 0 - 10 ).

  • name - String - The name of the retention bucket.

  • database - String - The database of the retention bucket, EVENTS or FLOWS.

  • description - String - The description of the retention bucket.

  • period - Integer - The retention period in hours.

  • delete - String - The delete protocol of the retention bucket, IMMEDIATELY or ON_DEMAND.

  • created - Long - The time in milliseconds since epoch since the retention bucket was created.

  • modified - Long - The time in milliseconds since epoch since the retention bucket was last modified.

  • saved_search_id - String - The ID of the saved search used by the retention bucket.

  • enabled - Boolean - True if the retention bucket is enabled.

Response Sample

{ "bucket_id": 42, "created": 42, "database": "String", "deletion": "String <one of: ON_DEMAND, IMMEDIATELY>", "description": "String", "enabled": true, "id": 42, "modified": 42, "name": "String", "period": 42, "priority": 42, "saved_search_id": "String" }

DELETE /config/flow_retention_buckets/{id}

Deletes a flow retention bucket.

Table 143: DELETE /config/flow_retention_buckets/{id} Resource Details

MIME Type

text/plain

Table 144: DELETE /config/flow_retention_buckets/{id} Request Parameter Details

Parameter

Type

Optionality

Data Type

MIME Type

Description

id

path

Required

Number (Integer)

text/plain

null

Table 145: DELETE /config/flow_retention_buckets/{id} Response Codes

HTTP Response Code

Unique Code

Description

204

 

The flow retention bucket was deleted.

403

1009

You do not have the proper capabilities to delete the flow retention bucket.

404

1002

The flow retention bucket does not exist.

500

1020

An error occurred during the attempt to delete the flow retention bucket.

Response Description

Response Sample

GET /config/flow_sources/custom_properties/property_expressions

Retrieve a list of flow regex property expressions.

Table 146: GET /config/flow_sources/custom_properties/property_expressions Resource Details

MIME Type

application/json

Table 147: GET /config/flow_sources/custom_properties/property_expressions Request Parameter Details

Parameter

Type

Optionality

Data Type

MIME Type

Description

fields

query

Optional

String

text/plain

Optional - Use this parameter to specify which fields you would like to get back in the response. Fields that are not named are excluded. Specify subfields in brackets and multiple fields in the same object are separated by commas.

Range

header

Optional

String

text/plain

Optional - Use this parameter to restrict the number of elements that are returned in the list to a specified range. The list is indexed starting at zero.

filter

query

Optional

String

text/plain

Optional - This parameter is used to restrict the elements in a list base on the contents of various fields.

Table 148: GET /config/flow_sources/custom_properties/property_expressions Response Codes

HTTP Response Code

Unique Code

Description

200

 

The requested list of flow regex property expressions was retrieved.

422

1010

An error occurred while building the filter.

500

1020

An error occurred during the attempt to retrieve the list of flow regex property expressions.

Response Description

A list of flow regex property expressions. Each regex property expression contains the following fields:

  • id - Integer - The sequence ID of the flow regex property expression.

  • identifier - String - The ID of the flow regex property expression.

  • regex_property_identifier - String - The identifier of the flow regex property that this expression belongs to.

  • enabled - Boolean - Flag that indicates whether this expression is enabled.

  • regex - String - The regex to extract the property from the payload.

  • capture_group - Integer - The capture group to capture.

  • payload - String - Test payload. This is only used in the UI so that the user can verify their regex matches the expected payload.

  • qid - Integer - The QID of the flow to apply this expression to.

  • low_level_category_id - Integer - The expression is applied to all flows with this low level category.

  • payload_origin - BaseProperty - The payload type (source_payload, destination_payload) to apply the expression to.

  • username - String - The owner of the flow regex property expression.

Response Sample

[ { "capture_group": 42, "creation_date": 42, "enabled": true, "id": 42, "identifier": "String", "low_level_category_id": 42, "modification_date": 42, "payload": "String", "payload_origin": "String <one of: event_payload, source_payload, destination_payload>", "qid": 42, "regex": "String", "regex_property_identifier": "String", "username": "String" } ]

POST /config/flow_sources/custom_properties/property_expressions

Creates a new flow regex property expression.

Table 149: POST /config/flow_sources/custom_properties/property_expressions Resource Details

MIME Type

application/json

Table 150: POST /config/flow_sources/custom_properties/property_expressions Request Parameter Details

Parameter

Type

Optionality

Data Type

MIME Type

Description

fields

header

Optional

String

text/plain

Optional - Use this parameter to specify which fields you would like to get back in the response. Fields that are not named are excluded. Specify subfields in brackets and multiple fields in the same object are separated by commas.

Table 151: POST /config/flow_sources/custom_properties/property_expressions Request Body Details

Parameter

Data Type

MIME Type

Description

Sample

data

Object

application/json

Required - A JSON representation of the regex property expression object.

  • regex_property_identifier - Required - String - The identifier of the flow regex property that this expression belongs to.

  • enabled - Optional - Boolean - Flag that indicates whether this expression is enabled. It defaults to true if not provided.

  • regex - Required - String - The regex to extract the property from the payload.

  • capture_group - Optional - Integer - The capture group to capture. It defaults to 1 if not provided.

  • payload - Optional - String - Test payload. This is only used in the UI so that the user can verify their regex matches the expected payload.

  • qid - Optional - Integer - The QID of the flow to apply this expression to.

  • low_level_category_id - Optional - Integer - The expression is applied to all flows with this low level category.

  • payload_origin - Required - String - The payload type (source_payload, destination_payload) to apply the expression to.

{ "capture_group": 42, "creation_date": 42, "enabled": true, "id": 42, "identifier": "String", "low_level_category_id": 42, "modification_date": 42, "payload": "String", "payload_origin": "String <one of: event_payload, source_payload, destination_payload>", "qid": 42, "regex": "String", "regex_property_identifier": "String", "username": "String" }

Table 152: POST /config/flow_sources/custom_properties/property_expressions Response Codes

HTTP Response Code

Unique Code

Description

201

 

A new flow regex property expression was created.

422

1005

One or more request parameter are invalid in the request.

500

1020

An error occurred during the attempt to create a new flow regex property expression.

Response Description

The newly created flow regex property expression containing the following fields:

  • id - Integer - The sequence ID of the flow regex property expression.

  • identifier - String - The ID of the flow regex property expression.

  • regex_property_identifier - String - The identifier of the flow regex property that this expression belongs to.

  • enabled - Boolean - Flag that indicates whether this expression is enabled.

  • regex - String - The regex to extract the property from the payload.

  • capture_group - Integer - The capture group to capture.

  • payload - String - Test payload. This is only used in the UI so that the user can verify their regex matches the expected payload.

  • qid - Integer - The QID of the flow to apply this expression to.

  • low_level_category_id - Integer - The expression is applied to all flows with this low level category.

  • payload_origin - BaseProperty - The payload type (source_payload, destination_payload) to apply the expression to.

  • username - String - The owner of the flow regex property expression.

Response Sample

{ "capture_group": 42, "creation_date": 42, "enabled": true, "id": 42, "identifier": "String", "low_level_category_id": 42, "modification_date": 42, "payload": "String", "payload_origin": "String <one of: event_payload, source_payload, destination_payload>", "qid": 42, "regex": "String", "regex_property_identifier": "String", "username": "String" }

GET /config/flow_sources/custom_properties/property_expressions/{expression_id}

Retrieves a flow regex property expression based on the supplied expression ID.

Table 153: GET /config/flow_sources/custom_properties/property_expressions/{expression_id} Resource Details

MIME Type

application/json

Table 154: GET /config/flow_sources/custom_properties/property_expressions/{expression_id} Request Parameter Details

Parameter

Type

Optionality

Data Type

MIME Type

Description

expression_id

path

Required

Number (Integer)

text/plain

Required - The sequence ID of the flow_regex_property_expression.

fields

query

Optional

String

text/plain

Optional - Use this parameter to specify which fields you would like to get back in the response. Fields that are not named are excluded. Specify subfields in brackets and multiple fields in the same object are separated by commas.

Table 155: GET /config/flow_sources/custom_properties/property_expressions/{expression_id} Response Codes

HTTP Response Code

Unique Code

Description

200

 

The requested flow regex property expression was successfully retrieved.

404

1002

The requested flow regex property expression cannot be found.

500

1020

An error occurred during the attempt to retrieve the requested flow regex property expression.

Response Description

A flow regex property expression containing the following fields:

  • id - Integer - The sequence ID of the flow regex property expression.

  • identifier - String - The ID of the flow regex property expression.

  • regex_property_identifier - String - The identifier of the flow regex property that this expression belongs to.

  • enabled - Boolean - Flag that indicates whether this expression is enabled.

  • regex - String - The regex to extract the property from the payload.

  • capture_group - Integer - The capture group to capture.

  • payload - String - Test payload. This is only used in the UI so that the user can verify their regex matches the expected payload.

  • qid - Integer - The QID of the flow to apply this expression to.

  • low_level_category_id - Integer - The expression is applied to all flows with this low level category.

  • payload_origin - BaseProperty - The payload type (source_payload, destination_payload) to apply the expression to.

  • username - String - The owner of the flow regex property expression.

Response Sample

{ "capture_group": 42, "creation_date": 42, "enabled": true, "id": 42, "identifier": "String", "low_level_category_id": 42, "modification_date": 42, "payload": "String", "payload_origin": "String <one of: event_payload, source_payload, destination_payload>", "qid": 42, "regex": "String", "regex_property_identifier": "String", "username": "String" }

POST /config/flow_sources/custom_properties/property_expressions/{expression_id}

Updates an existing flow regex property expression.

Table 156: POST /config/flow_sources/custom_properties/property_expressions/{expression_id} Resource Details

MIME Type

application/json

Table 157: POST /config/flow_sources/custom_properties/property_expressions/{expression_id} Request Parameter Details

Parameter

Type

Optionality

Data Type

MIME Type

Description

expression_id

path

Required

Number (Integer)

text/plain

Required - The sequence ID of the flow regex property expression.

fields

header

Optional

String

text/plain

Optional - Use this parameter to specify which fields you would like to get back in the response. Fields that are not named are excluded. Specify subfields in brackets and multiple fields in the same object are separated by commas.

Table 158: POST /config/flow_sources/custom_properties/property_expressions/{expression_id} Request Body Details

Parameter

Data Type

MIME Type

Description

Sample

data

Object

application/json

Required - A JSON representation of the flow regex property expression object.

  • regex_property_identifier - Optional - String - The identifier of the flow regex property that this expression belongs to.

  • enabled - Optional - Boolean - Flag that indicates whether this expression is enabled.

  • regex - Optional - String - The regex to extract the property from the payload.

  • capture_group - Optional - Integer - The capture group to capture.

  • payload - Optional - String - Test payload. This is only used in the UI so that the user can verify their regex matches the expected payload.

  • qid - Optional - Integer - The QID of the flow to apply this expression to.

  • low_level_category_id - Optional - Integer - The expression is applied to all flows with this low level category.

  • payload_origin - Optional - String - The payload type (source_payload, destination_payload) to apply the expression to.

  • username - Optional - String - The owner of the flow regex property expression. If the input username is authorized service, the prefix "API_token: " is required.

{ "capture_group": 42, "creation_date": 42, "enabled": true, "id": 42, "identifier": "String", "low_level_category_id": 42, "modification_date": 42, "payload": "String", "payload_origin": "String <one of: event_payload, source_payload, destination_payload>", "qid": 42, "regex": "String", "regex_property_identifier": "String", "username": "String" }

Table 159: POST /config/flow_sources/custom_properties/property_expressions/{expression_id} Response Codes

HTTP Response Code

Unique Code

Description

200

 

The flow regex property expression was updated.

403

1009

The user cannot update the resource because it only can be updated by the owner or admin user.

404

1002

The requested flow regex property expression cannot be found.

422

1005

One or more parameters are invalid in the request.

500

1020

An error occurred during the attempt to update an flow regex property expression.

Response Description

The updated flow regex property expression object contains the following fields:

  • id - Integer - The sequence ID of the flow regex property expression.

  • identifier - String - The ID of the flow regex property expression.

  • regex_property_identifier - String - The identifier of the flow regex property that this expression belongs to.

  • enabled - Boolean - Flag that indicates whether this expression is enabled.

  • regex - String - The regex to extract the property from the payload.

  • capture_group - Integer - The capture group to capture.

  • payload - String - Test payload. This is only used in the UI so that the user can verify their regex matches the expected payload.

  • qid - Integer - The QID of the flow to apply this expression to.

  • low_level_category_id - Integer - The expression is applied to all flows with this low level category.

  • payload_origin - BaseProperty - The payload type (source_payload, destination_payload) to apply the expression to.

  • username - String - The owner of the flow regex property expression.

Response Sample

{ "capture_group": 42, "creation_date": 42, "enabled": true, "id": 42, "identifier": "String", "low_level_category_id": 42, "modification_date": 42, "payload": "String", "payload_origin": "String <one of: event_payload, source_payload, destination_payload>", "qid": 42, "regex": "String", "regex_property_identifier": "String", "username": "String" }

DELETE /config/flow_sources/custom_properties/property_expressions/{expression_id}

Deletes a flow regex property expression based on the supplied expression ID.

Table 160: DELETE /config/flow_sources/custom_properties/property_expressions/{expression_id} Resource Details

MIME Type

text/plain

Table 161: DELETE /config/flow_sources/custom_properties/property_expressions/{expression_id} Request Parameter Details

Parameter

Type

Optionality

Data Type

MIME Type

Description

expression_id

path

Required

Number (Integer)

text/plain

Required - The sequence ID of the flow_regex_property_expression.

Table 162: DELETE /config/flow_sources/custom_properties/property_expressions/{expression_id} Response Codes

HTTP Response Code

Unique Code

Description

204

 

The requested flow regex property expression was successfully deleted.

403

1009

The user cannot delete the resource because it only can be deleted by the owner or admin user.

404

1002

The requested flow regex property expression cannot be found.

500

1020

An error occurred during the attempt to delete the requested flow regex property expression.

Response Description

Response Sample

GET /config/flow_sources/custom_properties/regex_properties

Retrieves a list of flow regex properties.

Table 163: GET /config/flow_sources/custom_properties/regex_properties Resource Details

MIME Type

application/json

Table 164: GET /config/flow_sources/custom_properties/regex_properties Request Parameter Details

Parameter

Type

Optionality

Data Type

MIME Type

Description

fields

query

Optional

String

text/plain

Optional - Use this parameter to specify which fields you would like to get back in the response. Fields that are not named are excluded. Specify subfields in brackets and multiple fields in the same object are separated by commas.

Range

header

Optional

String

text/plain

Optional - Use this parameter to restrict the number of elements that are returned in the list to a specified range. The list is indexed starting at zero.

filter

query

Optional

String

text/plain

Optional - This parameter is used to restrict the elements in a list base on the contents of various fields.

Table 165: GET /config/flow_sources/custom_properties/regex_properties Response Codes

HTTP Response Code

Unique Code

Description

200

 

The requested list of flow regex properties was retrieved.

422

1010

An error occurred while building the filter.

500

1020

An error occurred during the attempt to retrieve the list of flow regex properties.

Response Description

A list of flow regex properties. Each regex property contains the following fields:

  • id - Integer - The sequence ID of the flow regex property.

  • identifier - String - The ID of the flow regex property.

  • name - String - The name of the flow regex property.

  • username - String - The owner of the flow regex property.

  • description - String - The description of the flow regex property.

  • property_type - String - The property type (string, numeric, ip, port, time) of flow regex property.

  • use_for_rule_engine - Boolean - The flag that indicates if the flow regex property is parsed when the flow was captured.

  • datetime_format - String - The date/time pattern that the flow regex property matches.

  • locale - String - The language tag of the locale that the property matches.

.

Response Sample

[ { "creation_date": 42, "datetime_format": "String", "description": "String", "id": 42, "identifier": "String", "locale": "String", "modification_date": 42, "name": "String", "property_type": "String <one of: string, numeric, ip, port, time>", "use_for_rule_engine": true, "username": "String" } ]

POST /config/flow_sources/custom_properties/regex_properties

Creates a new flow regex property.

Table 166: POST /config/flow_sources/custom_properties/regex_properties Resource Details

MIME Type

application/json

Table 167: POST /config/flow_sources/custom_properties/regex_properties Request Parameter Details

Parameter

Type

Optionality

Data Type

MIME Type

Description

fields

header

Optional

String

text/plain

Optional - Use this parameter to specify which fields you would like to get back in the response. Fields that are not named are excluded. Specify subfields in brackets and multiple fields in the same object are separated by commas.

Table 168: POST /config/flow_sources/custom_properties/regex_properties Request Body Details

Parameter

Data Type

MIME Type

Description

Sample

data

Object

application/json

Required - A JSON representation of the flow regex property object.

  • name - Required - String - The name of the flow regex property.

  • description - Optional - String - The description of the flow regex property.

  • property_type - Required - String - The property type (string, numeric, ip, port, time) of flow regex property.

  • use_for_rule_engine - Optional - Boolean - The flag that indicates if the flow regex property is parsed when the flow was captured.

  • datetime_format - Optional - String - The date/time pattern that the flow regex property matches. It is required when property type is TIME.

  • locale - Optional - String - The language tag of the locale that the property matches. The locale is required when property type is TIME.

{ "creation_date": 42, "datetime_format": "String", "description": "String", "id": 42, "identifier": "String", "locale": "String", "modification_date": 42, "name": "String", "property_type": "String <one of: string, numeric, ip, port, time>", "use_for_rule_engine": true, "username": "String" }

Table 169: POST /config/flow_sources/custom_properties/regex_properties Response Codes

HTTP Response Code

Unique Code

Description

201

 

A new flow regex property was created.

422

1005

One or more request parameter are invalid in the request.

500

1020

An error occurred during the attempt to create a new flow regex property.

Response Description

The newly created flow regex property that contains the following fields:

  • id - Integer - The sequence ID of the flow regex property.

  • identifier - String - The ID of the flow regex property.

  • name - String - The name of the flow regex property.

  • username - String - The owner of the flow regex property.

  • description - String - The description of the flow regex property.

  • property_type - String - The property type (string, numeric, ip, port, time) of flow regex property.

  • use_for_rule_engine - Boolean - The flag that indicates if the flow regex property is parsed when the flow was captured.

  • datetime_format - String - The date/time pattern that the flow regex property matches.

  • locale - String - The language tag of the locale that the property matches.

Response Sample

{ "creation_date": 42, "datetime_format": "String", "description": "String", "id": 42, "identifier": "String", "locale": "String", "modification_date": 42, "name": "String", "property_type": "String <one of: string, numeric, ip, port, time>", "use_for_rule_engine": true, "username": "String" }

GET /config/flow_sources/custom_properties/regex_properties/{regex_property_id}

Retrieves a flow regex property based on the supplied regex property ID.

Table 170: GET /config/flow_sources/custom_properties/regex_properties/{regex_property_id} Resource Details

MIME Type

application/json

Table 171: GET /config/flow_sources/custom_properties/regex_properties/{regex_property_id} Request Parameter Details

Parameter

Type

Optionality

Data Type

MIME Type

Description

regex_property_id

path

Required

Number (Integer)

text/plain

Required - The sequence ID of the flow_regex_property.

fields

query

Optional

String

text/plain

Optional - Use this parameter to specify which fields you would like to get back in the response. Fields that are not named are excluded. Specify subfields in brackets and multiple fields in the same object are separated by commas.

Table 172: GET /config/flow_sources/custom_properties/regex_properties/{regex_property_id} Response Codes

HTTP Response Code

Unique Code

Description

200

 

The requested flow regex property was successfully retrieved.

404

1002

The requested flow regex property cannot be found.

500

1020

An error occurred during the attempt to retrieve the requested flow regex property.

Response Description

A flow regex property that contains the following fields:

  • id - Integer - The sequence ID of the flow regex property.

  • identifier - String - The ID of the flow regex property.

  • name - String - The name of the flow regex property.

  • username - String - The owner of the flow regex property.

  • description - String - The description of the flow regex property.

  • property_type - String - The property type (string, numeric, ip, port, time) of flow regex property.

  • use_for_rule_engine - Boolean - The flag that indicates if the flow regex property is parsed when the flow was captured.

  • datetime_format - String - The date/time pattern that the flow regex property matches.

  • locale - String - The language tag of the locale that the property matches.

Response Sample

{ "creation_date": 42, "datetime_format": "String", "description": "String", "id": 42, "identifier": "String", "locale": "String", "modification_date": 42, "name": "String", "property_type": "String <one of: string, numeric, ip, port, time>", "use_for_rule_engine": true, "username": "String" }

POST /config/flow_sources/custom_properties/regex_properties/{regex_property_id}

Updates an existing flow regex property.

Table 173: POST /config/flow_sources/custom_properties/regex_properties/{regex_property_id} Resource Details

MIME Type

application/json

Table 174: POST /config/flow_sources/custom_properties/regex_properties/{regex_property_id} Request Parameter Details

Parameter

Type

Optionality

Data Type

MIME Type

Description

regex_property_id

path

Required

Number (Integer)

text/plain

Required - The sequence ID of the flow regex property.

fields

header

Optional

String

text/plain

Optional - Use this parameter to specify which fields you would like to get back in the response. Fields that are not named are excluded. Specify subfields in brackets and multiple fields in the same object are separated by commas.

Table 175: POST /config/flow_sources/custom_properties/regex_properties/{regex_property_id} Request Body Details

Parameter

Data Type

MIME Type

Description

Sample

data

Object

application/json

Required - A JSON representation of the flow regex property object.

  • description - Optional - String - The description of the flow regex property.

  • property_type - Optional - String - The property type (string, numeric, ip, port, time) of flow regex property.

  • use_for_rule_engine - Optional - Boolean - The flag that indicates if the flow regex property is parsed when the flow is captured. It is false if no value supplied.

  • datetime_format - Optional - String - The date/time pattern that the flow regex property matches. It is required when property type is TIME.

  • locale - Optional - String - The language tag of the locale that the property matches.The locale is required when property type is TIME.

  • username - Optional - String - The owner of the event regex property. If the input username is authorized service, the prefix "API_token: " is required.

{ "creation_date": 42, "datetime_format": "String", "description": "String", "id": 42, "identifier": "String", "locale": "String", "modification_date": 42, "name": "String", "property_type": "String <one of: string, numeric, ip, port, time>", "use_for_rule_engine": true, "username": "String" }

Table 176: POST /config/flow_sources/custom_properties/regex_properties/{regex_property_id} Response Codes

HTTP Response Code

Unique Code

Description

200

 

The flow regex property was updated.

403

1009

The user cannot update the resourse because it only can be updated by the owner or admin user.

404

1002

The requested flow regex property cannot be found.

422

1005

One or more parameters are invalid in the request.

500

1020

An error occurred during the attempt to update an flow regex property.

Response Description

The updated flow regex property object contains the following fields:

  • id - Integer - The sequence ID of the flow regex property.

  • identifier - String - The ID of the flow regex property.

  • name - String - The name of the flow regex property.

  • username - String - The owner of the flow regex property.

  • description - String - The description of the flow regex property.

  • property_type - String - The property type (string, numeric, ip, port, time) of flow regex property.

  • use_for_rule_engine - Boolean - The flag that indicates if the flow regex property is parsed when the flow is captured.

  • datetime_format - String - The date/time pattern that the flow regex property matches.

  • locale - String - The language tag of the locale that the property matches.

Response Sample

{ "creation_date": 42, "datetime_format": "String", "description": "String", "id": 42, "identifier": "String", "locale": "String", "modification_date": 42, "name": "String", "property_type": "String <one of: string, numeric, ip, port, time>", "use_for_rule_engine": true, "username": "String" }

DELETE /config/flow_sources/custom_properties/regex_properties/{regex_property_id}

Deletes a flow regex property. To ensure safe deletion, a dependency check is carried out. This check might take some time. An asynchronous task is started to do this check.

Table 177: DELETE /config/flow_sources/custom_properties/regex_properties/{regex_property_id} Resource Details

MIME Type

application/json

Table 178: DELETE /config/flow_sources/custom_properties/regex_properties/{regex_property_id} Request Parameter Details

Parameter

Type

Optionality

Data Type

MIME Type

Description

regex_property_id

path

Required

Number (Integer)

text/plain

Required - The sequence ID of the Flow Regex property to delete.

fields

query

Optional

String

text/plain

Optional - Use this parameter to specify which fields you would like to get back in the response. Fields that are not named are excluded. Specify subfields in brackets and multiple fields in the same object are separated by commas.

Table 179: DELETE /config/flow_sources/custom_properties/regex_properties/{regex_property_id} Response Codes

HTTP Response Code

Unique Code

Description

202

 

The flow regex property delete request was accepted and is in progress

403

1009

The user cannot delete the regex_property because it only can be deleted by the owner or admin user.

404

1002

The requested flow regex property cannot be found.

500

1020

An error occurred during the attempt to delete the flow regex property.

Response Description

A Delete Task Status object and the location header set to the task status URL "/api/config/flow_sources/custom_properties/regex_property_delete_tasks/{task_id}". A Delete Task Status object contains the following fields:

  • id - Long - The ID of the task.

  • message - String - The localized task message.

  • status - String - The current state of the task .

  • name - String - The name of the task.

  • created_by - String - The name of the user who started the task.

  • created - Long - The time in milliseconds since epoch since the task was created.

  • started - Long - The time in milliseconds since epoch since the task was started.

  • modified - Long - The time in milliseconds since epoch since the task was modified.

  • completed - Long - The time in milliseconds since epoch since the task was completed.

Response Sample

{ "completed": 42, "created": 42, "created_by": "String", "id": 42, "message": "String", "modified": 42, "name": "String", "started": 42, "status": "String <one of: CANCELLED, CANCELING, CANCEL_REQUESTED, COMPLETED, CONFLICT, EXCEPTION, INITIALIZING, INTERRUPTED, PAUSED, PROCESSING, QUEUED, RESUMING>" }

GET /config/flow_sources/custom_properties/regex_properties/{regex_property_id}/dependents

Retrieves the objects that depend on the flow regex property.

Table 180: GET /config/flow_sources/custom_properties/regex_properties/{regex_property_id}/dependents Resource Details

MIME Type

application/json

Table 181: GET /config/flow_sources/custom_properties/regex_properties/{regex_property_id}/dependents Request Parameter Details

Parameter

Type

Optionality

Data Type

MIME Type

Description

regex_property_id

path

Required

Number (Integer)

text/plain

null

fields

query

Optional

String

text/plain

Optional - Use this parameter to specify which fields you would like to get back in the response. Fields that are not named are excluded. Specify subfields in brackets and multiple fields in the same object are separated by commas.

Table 182: GET /config/flow_sources/custom_properties/regex_properties/{regex_property_id}/dependents Response Codes

HTTP Response Code

Unique Code

Description

202

 

The flow regex property dependents retrieval was accepted and is in progress.

404

1002

The flow regex property does not exist.

500

1020

An error occurred during the attempt to initiate the flow regex property dependents retrieval task.

Response Description

A Dependents Task Status object and the location header set to the task status URL "/api/config/flow_sources/custom_properties/regex_property_dependents_tasks/{task_id}". A Dependent Task Status object contains the following fields:

  • id - Long - The ID of the task.

  • message - String - The localized task message.

  • status - String - The current state of the task.

  • name - String - The name of the task.

  • created_by - String - The name of the user who started the task.

  • cancelled_by - String - The name of the user who requested to cancel the task.

  • created - Long - The time in milliseconds since epoch since the task was created.

  • started - Long - The time in milliseconds since epoch since the task was started.

  • modified - Long - The time in milliseconds since epoch since the task was modified.

  • completed - Long - The time in milliseconds since epoch since the task was completed.

  • number_of_dependents - Long - The number of dependents found. The value is null until the task completes.

  • maximum - Long - The maximum number of objects to check for dependency.

  • progress - Long - The number of objects that were checked for dependency.

  • task_components - Array - An array of task component objects. A task component object contains the following fields

    • message - String - The localized sub-task status message.

    • status - String - The current state of the sub-task.

    • sub_task_type - String - The type of the sub-task.

    • maximum - Long - The maximum number of objects to check for dependency.

    • progress - Long - The number of objects that were checked for dependency.

    • created - Long - The time in milliseconds since epoch since the sub-task was created.

    • started - Long - The time in milliseconds since epoch since the sub-task was started.

    • modified - Long - The time in milliseconds since epoch since the sub-task was modified.

    • completed - Long - The time in milliseconds since epoch since the sub-task was completed.

Response Sample

{ "cancelled_by": "String", "completed": 42, "created": 42, "created_by": "String", "id": 42, "maximum": 42, "message": "String", "modified": 42, "name": "String", "number_of_dependents": 42, "progress": 42, "started": 42, "status": "String <one of: CANCELLED, CANCELING, CANCEL_REQUESTED, COMPLETED, CONFLICT, EXCEPTION, INITIALIZING, INTERRUPTED, PAUSED, PROCESSING, QUEUED, RESUMING>", "task_components": [ { "completed": 42, "created": 42, "maximum": 42, "message": "String", "modified": 42, "number_of_dependents": 42, "progress": 42, "started": 42, "status": "String <one of: CANCELLED, CANCELING, CANCEL_REQUESTED, COMPLETED, CONFLICT, EXCEPTION, INITIALIZING, INTERRUPTED, PAUSED, PROCESSING, QUEUED, RESUMING>", "task_sub_type": "String <one of: FIND_DEPENDENT_ARIEL_SAVED_SEARCHES, FIND_DEPENDENT_OFFENSE_SAVED_SEARCHES, FIND_DEPENDENT_ASSET_SAVED_SEARCHES, FIND_DEPENDENT_VULNERABILITY_SAVED_SEARCHES, FIND_DEPENDENT_ADE_RULES, FIND_DEPENDENT_RULES, FIND_DEPENDENT_CALCULATED_PROPERTIES, FIND_DEPENDENT_LOG_SOURCE_GROUPS, FIND_DEPENDENT_CUSTOM_PROPERTIES, FIND_DEPENDENT_REPORTS, FIND_DEPENDENT_DASHBOARDS, FIND_DEPENDENT_STORE_AND_FORWARD_POLICIES, FIND_DEPENDENT_AUTHORIZED_SERVICES, FIND_DEPENDENT_OFFENSE_TYPES, FIND_DEPENDENT_ASSIGNED_OFFENSES, FIND_DEPENDENT_VULNERABILITIES, FIND_DEPENDENT_GROUPS, FIND_DEPENDENT_HISTORICAL_CORRELATION_PROFILES>" } ] }

GET /config/flow_sources/custom_properties/regex_property_dependent_tasks/{task_id}

Retrieves the flow regex property dependent task status.

Table 183: GET /config/flow_sources/custom_properties/regex_property_dependent_tasks/{task_id} Resource Details

MIME Type

application/json

Table 184: GET /config/flow_sources/custom_properties/regex_property_dependent_tasks/{task_id} Request Parameter Details

Parameter

Type

Optionality

Data Type

MIME Type

Description

task_id

path

Required

Number (Integer)

text/plain

null

fields

query

Optional

String

text/plain

Optional - Use this parameter to specify which fields you would like to get back in the response. Fields that are not named are excluded. Specify subfields in brackets and multiple fields in the same object are separated by commas.

Table 185: GET /config/flow_sources/custom_properties/regex_property_dependent_tasks/{task_id} Response Codes

HTTP Response Code

Unique Code

Description

200

 

The dependent task status was retrieved.

404

1002

The requested task status cannot be found.

422

1005

The task id is invalid in the request.

500

1020

An error occurred during the attempt to retrieve the task status.

Response Description

A Dependent Task Status object and the location header set to the task status URL "/api/config/flow_sources/custom_properties/regex_property_dependent_tasks/{task_id}". A Dependent Task Status object contains the following fields:

  • id - Long - The ID of the task.

  • message - String - The localized task message.

  • status - String - The current state of the task.

  • name - String - The name of the task.

  • created_by - String - The name of the user who started the task.

  • cancelled_by - String - The name of the user who requested to cancel the task.

  • created - Long - The time in milliseconds since epoch since the task was created.

  • started - Long - The time in milliseconds since epoch since the task was started.

  • modified - Long - The time in milliseconds since epoch since the task was modified.

  • completed - Long - The time in milliseconds since epoch since the task was completed.

  • number_of_dependents - Long - The number of dependents found. The value is null until the task completes.

  • maximum - Long - The maximum number of objects to check for dependency.

  • progress - Long - The number of objects that were checked for dependency.

  • task_components - Array - An array of task component objects. A task component object contains the following fields

    • message - String - The localized sub-task status message.

    • status - String - The current state of the sub-task.

    • sub_task_type - String - The type of the sub-task.

    • maximum - Long - The maximum number of objects to check for dependency.

    • progress - Long - The number of objects that were checked for dependency.

    • created - Long - The time in milliseconds since epoch since the sub-task was created.

    • started - Long - The time in milliseconds since epoch since the sub-task was started.

    • modified - Long - The time in milliseconds since epoch since the sub-task was modified.

    • completed - Long - The time in milliseconds since epoch since the sub-task was completed.

Response Sample

{ "cancelled_by": "String", "completed": 42, "created": 42, "created_by": "String", "id": 42, "maximum": 42, "message": "String", "modified": 42, "name": "String", "number_of_dependents": 42, "progress": 42, "started": 42, "status": "String <one of: CANCELLED, CANCELING, CANCEL_REQUESTED, COMPLETED, CONFLICT, EXCEPTION, INITIALIZING, INTERRUPTED, PAUSED, PROCESSING, QUEUED, RESUMING>", "task_components": [ { "completed": 42, "created": 42, "maximum": 42, "message": "String", "modified": 42, "number_of_dependents": 42, "progress": 42, "started": 42, "status": "String <one of: CANCELLED, CANCELING, CANCEL_REQUESTED, COMPLETED, CONFLICT, EXCEPTION, INITIALIZING, INTERRUPTED, PAUSED, PROCESSING, QUEUED, RESUMING>", "task_sub_type": "String <one of: FIND_DEPENDENT_ARIEL_SAVED_SEARCHES, FIND_DEPENDENT_OFFENSE_SAVED_SEARCHES, FIND_DEPENDENT_ASSET_SAVED_SEARCHES, FIND_DEPENDENT_VULNERABILITY_SAVED_SEARCHES, FIND_DEPENDENT_ADE_RULES, FIND_DEPENDENT_RULES, FIND_DEPENDENT_CALCULATED_PROPERTIES, FIND_DEPENDENT_LOG_SOURCE_GROUPS, FIND_DEPENDENT_CUSTOM_PROPERTIES, FIND_DEPENDENT_REPORTS, FIND_DEPENDENT_DASHBOARDS, FIND_DEPENDENT_STORE_AND_FORWARD_POLICIES, FIND_DEPENDENT_AUTHORIZED_SERVICES, FIND_DEPENDENT_OFFENSE_TYPES, FIND_DEPENDENT_ASSIGNED_OFFENSES, FIND_DEPENDENT_VULNERABILITIES, FIND_DEPENDENT_GROUPS, FIND_DEPENDENT_HISTORICAL_CORRELATION_PROFILES>" } ] }

POST /config/flow_sources/custom_properties/regex_property_dependent_tasks/{task_id}

Cancels the flow regex property dependent task.

Table 186: POST /config/flow_sources/custom_properties/regex_property_dependent_tasks/{task_id} Resource Details

MIME Type

application/json

Table 187: POST /config/flow_sources/custom_properties/regex_property_dependent_tasks/{task_id} Request Parameter Details

Parameter

Type

Optionality

Data Type

MIME Type

Description

task_id

path

Required

Number (Integer)

text/plain

null

fields

header

Optional

String

text/plain

Optional - Use this parameter to specify which fields you would like to get back in the response. Fields that are not named are excluded. Specify subfields in brackets and multiple fields in the same object are separated by commas.

Table 188: POST /config/flow_sources/custom_properties/regex_property_dependent_tasks/{task_id} Request Body Details

Parameter

Data Type

MIME Type

Description

Sample

task

Object

application/json

null

{ "status": "String <one of: CANCELLED, CANCELING, CANCEL_REQUESTED, COMPLETED, CONFLICT, EXCEPTION, INITIALIZING, INTERRUPTED, PAUSED, PROCESSING, QUEUED, RESUMING>" }

Table 189: POST /config/flow_sources/custom_properties/regex_property_dependent_tasks/{task_id} Response Codes

HTTP Response Code

Unique Code

Description

200

 

The delete task status was cancelled.

404

1002

The dependent task status does not exist.

409

1004

The task is in a completed state.

422

1005

A request parameter is not valid.

500

1020

An error occurred during the attempt to update the dependent task status.

Response Description

A Dependent Task Status object and the location header set to the task status URL "/api/config/flow_sources/custom_properties/regex_property_dependent_tasks/{task_id}". A Dependent Task Status object contains the following fields:

  • id - Long - The ID of the task.

  • message - String - The localized task message.

  • status - String - The current state of the task.

  • name - String - The name of the task.

  • created_by - String - The name of the user who started the task.

  • cancelled_by - String - The name of the user who requested to cancel the task.

  • created - Long - The time in milliseconds since epoch since the task was created.

  • started - Long - The time in milliseconds since epoch since the task was started.

  • modified - Long - The time in milliseconds since epoch since the task was modified.

  • completed - Long - The time in milliseconds since epoch since the task was completed.

  • number_of_dependents - Long - The number of dependents found. The value is null until the task completes.

  • maximum - Long - The maximum number of objects to check for dependency.

  • progress - Long - The number of objects that were checked for dependency.

  • task_components - Array - An array of task component objects. A task component object contains the following fields

    • message - String - The localized sub-task status message.

    • status - String - The current state of the sub-task.

    • sub_task_type - String - The type of the sub-task.

    • maximum - Long - The maximum number of objects to check for dependency.

    • progress - Long - The number of objects that were checked for dependency.

    • created - Long - The time in milliseconds since epoch since the sub-task was created.

    • started - Long - The time in milliseconds since epoch since the sub-task was started.

    • modified - Long - The time in milliseconds since epoch since the sub-task was modified.

    • completed - Long - The time in milliseconds since epoch since the sub-task was completed.

Response Sample

{ "cancelled_by": "String", "completed": 42, "created": 42, "created_by": "String", "id": 42, "maximum": 42, "message": "String", "modified": 42, "name": "String", "number_of_dependents": 42, "progress": 42, "started": 42, "status": "String <one of: CANCELLED, CANCELING, CANCEL_REQUESTED, COMPLETED, CONFLICT, EXCEPTION, INITIALIZING, INTERRUPTED, PAUSED, PROCESSING, QUEUED, RESUMING>", "task_components": [ { "completed": 42, "created": 42, "maximum": 42, "message": "String", "modified": 42, "number_of_dependents": 42, "progress": 42, "started": 42, "status": "String <one of: CANCELLED, CANCELING, CANCEL_REQUESTED, COMPLETED, CONFLICT, EXCEPTION, INITIALIZING, INTERRUPTED, PAUSED, PROCESSING, QUEUED, RESUMING>", "task_sub_type": "String <one of: FIND_DEPENDENT_ARIEL_SAVED_SEARCHES, FIND_DEPENDENT_OFFENSE_SAVED_SEARCHES, FIND_DEPENDENT_ASSET_SAVED_SEARCHES, FIND_DEPENDENT_VULNERABILITY_SAVED_SEARCHES, FIND_DEPENDENT_ADE_RULES, FIND_DEPENDENT_RULES, FIND_DEPENDENT_CALCULATED_PROPERTIES, FIND_DEPENDENT_LOG_SOURCE_GROUPS, FIND_DEPENDENT_CUSTOM_PROPERTIES, FIND_DEPENDENT_REPORTS, FIND_DEPENDENT_DASHBOARDS, FIND_DEPENDENT_STORE_AND_FORWARD_POLICIES, FIND_DEPENDENT_AUTHORIZED_SERVICES, FIND_DEPENDENT_OFFENSE_TYPES, FIND_DEPENDENT_ASSIGNED_OFFENSES, FIND_DEPENDENT_VULNERABILITIES, FIND_DEPENDENT_GROUPS, FIND_DEPENDENT_HISTORICAL_CORRELATION_PROFILES>" } ] }

GET /config/flow_sources/custom_properties/regex_property_dependent_tasks/{task_id}/results

Retrieves the regex property dependent task results.

Table 190: GET /config/flow_sources/custom_properties/regex_property_dependent_tasks/{task_id}/results Resource Details

MIME Type

application/json

Table 191: GET /config/flow_sources/custom_properties/regex_property_dependent_tasks/{task_id}/results Request Parameter Details

Parameter

Type

Optionality

Data Type

MIME Type

Description

task_id

path

Required

Number (Integer)

text/plain

null

fields

query

Optional

String

text/plain

Optional - Use this parameter to specify which fields you would like to get back in the response. Fields that are not named are excluded. Specify subfields in brackets and multiple fields in the same object are separated by commas.

Table 192: GET /config/flow_sources/custom_properties/regex_property_dependent_tasks/{task_id}/results Response Codes

HTTP Response Code

Unique Code

Description

200

 

The requested task results was retrieved.

404

1002

The requested task status cannot be found.

500

1020

An error occurred during the attempt to retrieve the task status.

Response Description

A list of Dependent objects. A Dependent object contains the following fields:

  • dependent_id - String - The ID of the dependent resource.

  • dependent_name - String - The name of the dependent resource (default resources can have localized names).

  • dependent_owner - String - The owner of the dependent resource

  • dependent_type - String - The type of the dependent resource

  • dependent_database - String - The database of the dependent resource.

  • dependent_group_ids - Array of Longs - List of groups that the dependent resource belongs to.

  • user_has_edit_permissions - Boolean - True if the user who created the task has permission to edit this dependent resource.

Response Sample

[ { "blocking": true, "dependent_database": "String <one of: EVENTS, FLOWS>", "dependent_group_ids": [ 42 ], "dependent_id": "String", "dependent_name": "String", "dependent_owner": "String", "dependent_type": "String <one of: ARIEL_SAVED_SEARCH, ASSET_SAVED_SEARCH, OFFENSE_SAVED_SEARCH, VULNERABILITY_SAVED_SEARCH, QRM_SAVED_SEARCH_GROUP, ASSET_SAVED_SEARCH_GROUP, CUSTOM_RULE_GROUP, EVENT_ARIEL_SAVED_SEARCH_GROUP, FLOW_ARIEL_SAVED_SEARCH_GROUP, LOG_SOURCE_GROUP, MODEL_GROUP, OFFENSE_SAVED_SEARCH_GROUP, QUESTION_GROUP, REPORT_GROUP, SIMULATION_GROUP, TOPOLOGY_SAVED_SEARCH_GROUP, VULNERABILITY_SAVED_SEARCH_GROUP, ASSIGNED_OFFENSE, ASSIGNED_VULNERABILITY, AUTHORIZED_SERVICE, BUILDING_BLOCK, CRE_RULE, CRE_ADE_RULE, EVENT_REGEX_PROPERTY, EVENT_CALCULATED_PROPERTY, FLOW_REGEX_PROPERTY, FLOW_CALCULATED_PROPERTY, DASHBOARD, GV_REFERENCE, REPORT, REFERENCE_DATA, REFERENCE_DATA_MAP_OF_SETS, REFERENCE_DATA_MAPS, REFERENCE_DATA_SETS, REFERENCE_DATA_TABLES, REFERENCE_DATA_RESPONSE, REFERENCE_SET_RESPONSE, EVENT_RETENTION_BUCKET, FLOW_RETENTION_BUCKET, ROUTING_RULE, STORE_AND_FORWARD_POLICY, USER, HISTORICAL_PROFILE, OFFENSE_TYPE>", "user_has_edit_permissions": true } ]

GET /config/global_system_notifications

Retrieves a list of all deployed global system notifications.

Table 193: GET /config/global_system_notifications Resource Details

MIME Type

application/json

Table 194: GET /config/global_system_notifications Request Parameter Details

Parameter

Type

Optionality

Data Type

MIME Type

Description

Range

header

Optional

String

text/plain

Optional - Use this parameter to restrict the number of elements that are returned in the list to a specified range. The list is indexed starting at zero.

filter

query

Optional

String

text/plain

Optional - This parameter is used to restrict the elements in a list base on the contents of various fields.

fields

query

Optional

String

text/plain

Optional - Use this parameter to specify which fields you would like to get back in the response. Fields that are not named are excluded. Specify subfields in brackets and multiple fields in the same object are separated by commas.

Table 195: GET /config/global_system_notifications Response Codes

HTTP Response Code

Unique Code

Description

200

 

The deployed global system notifications list was successfully retrieved.

500

1020

An internal server error occurred during the retrieval of the list of deployed global system notifications.

Response Description

A list of all deployed global system notifications. A notification contains the following fields:

  • id - Long - The ID of the notification.

  • name - String - The name of the notification.

  • operator - String - The notification criteria operator.

  • value - String - The notification criteria value.

  • message - Double - The notification message.

  • default - Boolean - Whether the notification message is modified by the user or not.

  • enabled - Boolean - Whether the notification is enabled or not.

Response Sample

[ { "default": true, "enabled": true, "id": 42, "message": "String", "name": "String", "operator": "String", "value": 42.5 } ]

GET /config/global_system_notifications/{notification_id}

Retrieves a deployed global system notification by ID.

Table 196: GET /config/global_system_notifications/{notification_id} Resource Details

MIME Type

application/json

Table 197: GET /config/global_system_notifications/{notification_id} Request Parameter Details

Parameter

Type

Optionality

Data Type

MIME Type

Description

notification_id

path

Required

Number (Integer)

text/plain

ID that is used for retrieving a deployed global system notification.

fields

query

Optional

String

text/plain

Optional - Use this parameter to specify which fields you would like to get back in the response. Fields that are not named are excluded. Specify subfields in brackets and multiple fields in the same object are separated by commas.

Table 198: GET /config/global_system_notifications/{notification_id} Response Codes

HTTP Response Code

Unique Code

Description

200

 

The deployed global system notification was successfully retrieved.

404

1002

No deployed global system notification was found for the provided notification ID.

500

1020

An error occurred while the notification was being retrieved.

Response Description

The associated deployed global system notification object. A notification contains the following fields:

  • id - Long - The ID of the notification.

  • name - String - The name of the notification.

  • operator - String - The notification criteria operator.

  • value - String - The notification criteria value.

  • message - Double - The notification message.

  • default - Boolean - Whether the notification message is modified by the user or not.

  • enabled - Boolean - Whether the notification is enabled or not.

Response Sample

{ "default": true, "enabled": true, "id": 42, "message": "String", "name": "String", "operator": "String", "value": 42.5 }

GET /config/network_hierarchy/networks

Retrieves the deployed network hierarchy.

Table 199: GET /config/network_hierarchy/networks Resource Details

MIME Type

application/json

Table 200: GET /config/network_hierarchy/networks Request Parameter Details

Parameter

Type

Optionality

Data Type

MIME Type

Description

fields

query

Optional

String

text/plain

Optional - Use this parameter to specify which fields you would like to get back in the response. Fields that are not named are excluded. Specify subfields in brackets and multiple fields in the same object are separated by commas.

Table 201: GET /config/network_hierarchy/networks Response Codes

HTTP Response Code

Unique Code

Description

200

 

The network hierarchy was returned.

500

1020

An error occurred during the attempt to retreive the network hierarchy.

Response Description

Network Hierarchy - A JSON string that contains network_hierarchy objects with the following fields:

  • id - Integer - The ID of the network object.

  • group - String - The group of the network object.

  • name - String - The name of the network object.

  • cidr - String - The CIDR range of the network object.

  • description - String - The description of the network object.

  • domain_id - Integer - The domain ID of the network object.

Response Sample

[ { "cidr": "String", "description": "String", "domain_id": 42, "group": "String", "id": 42, "name": "String" } ]

GET /config/network_hierarchy/staged_networks

Retrieves the staged network hierarchy.

Table 202: GET /config/network_hierarchy/staged_networks Resource Details

MIME Type

application/json

Table 203: GET /config/network_hierarchy/staged_networks Request Parameter Details

Parameter

Type

Optionality

Data Type

MIME Type

Description

fields

query

Optional

String

text/plain

Optional - Use this parameter to specify which fields you would like to get back in the response. Fields that are not named are excluded. Specify subfields in brackets and multiple fields in the same object are separated by commas.

Table 204: GET /config/network_hierarchy/staged_networks Response Codes

HTTP Response Code

Unique Code

Description

200

 

The network hierarchy was returned

500

1020

An error occurred during the attempt to retreive the network hierarchy

Response Description

Network Hierarchy - A JSON string that contains network_hierarchy objects with the following fields:

  • id - Integer - The ID of the network object.

  • group - String - The group of the network object.

  • name - String - The name of the network object.

  • cidr - String - The CIDR range of the network object.

  • description - String - The description of the network object.

  • domain_id - Integer - The domain ID of the network object.

Response Sample

[ { "cidr": "String", "description": "String", "domain_id": 42, "group": "String", "id": 42, "name": "String" } ]

PUT /config/network_hierarchy/staged_networks

Replaces the current network hierarchy with the input that is provided.

Table 205: PUT /config/network_hierarchy/staged_networks Resource Details

MIME Type

application/json

Table 206: PUT /config/network_hierarchy/staged_networks Request Parameter Details

Parameter

Type

Optionality

Data Type

MIME Type

Description

fields

header

Optional

String

text/plain

Optional - Use this parameter to specify which fields you would like to get back in the response. Fields that are not named are excluded. Specify subfields in brackets and multiple fields in the same object are separated by commas.

Table 207: PUT /config/network_hierarchy/staged_networks Request Body Details

Parameter

Data Type

MIME Type

Description

Sample

network_hierarchy

Array<Object>

application/json

Required - A JSON String that contains network hierarchy objects with the following fields:

  • id - Optional - Integer - The ID of the network object.

  • group - Required - String - The group of the network object.

  • name - Required - String - The name of the network object.

  • cidr - Required - String - The CIDR range of the network object.

  • description - Optional - String - The description of the network object.

  • domain_id - Optional - Integer - The domain ID of the network object (required if domain aware).

[ { "id": 4, "group": "DMZ", "name": "External", "description": "network description", "cidr": "0.0.0.1/32", "domain_id": 0 }, { "id": 5, "group": "DMZ", "name": "External", "description": "network description", "cidr": "0.0.0.2/32", "domain_id": 0 } ]

Table 208: PUT /config/network_hierarchy/staged_networks Response Codes

HTTP Response Code

Unique Code

Description

200

 

The network hierarchy was successfully replaced.

409

1004

A duplicate parameter was passed to the API call.

422

1005

An invalid parameter was passed to the API call.

500

1020

An unexpected error occurred during the creation of the network hierarchy.

Response Description

Network Hierarchy - A JSON string that contains network_hierarchy objects, each with the following fields:

  • id - Integer - The ID of the network object.

  • group - String - The group of the network object.

  • name - String - The name of the network object.

  • cidr - String - The CIDR range of the network object.

  • description - String - The description of the network object.

  • domain_id - Integer - The domain ID of the network object.

Response Sample

[ { "cidr": "String", "description": "String", "domain_id": 42, "group": "String", "id": 42, "name": "String" } ]

GET /config/remote_networks

Retrieves a list of deployed remote networks.

Table 209: GET /config/remote_networks Resource Details

MIME Type

application/json

Table 210: GET /config/remote_networks Request Parameter Details

Parameter

Type

Optionality

Data Type

MIME Type

Description

fields

query

Optional

String

text/plain

Optional - Use this parameter to specify which fields you want to get back in the response. Fields that are not named are excluded. Specify subfields in brackets. Multiple fields in the same object are separated by commas.

filter

query

Optional

String

text/plain

Optional - This parameter is used to restrict the elements in a list based on the contents of various fields.

Range

header

Optional

String

text/plain

Optional - Use this parameter to restrict the number of elements that are returned in the list to a specified range. The list is indexed starting at zero.

Table 211: GET /config/remote_networks Response Codes

HTTP Response Code

Unique Code

Description

200

 

The deployed remote networks list was successfully retrieved.

500

1020

An internal server error occurred during the retrieval of the list of deployed remote networks.

Response Description

A list of deployed remote networks.

  • id - Long - The ID of the remote network.

  • name - String - The name of the remote network.

  • description - String - The description of the remote network.

  • group - String - The group to which the remote network belongs.

  • cidrs - Array of <String> - A list of all the CIDR ranges that belong to the remote network.

Response Sample

[ { "cidrs": [ "String" ], "description": "String", "group": "String", "id": 42, "name": "String" } ]

GET /config/remote_networks/{network_id}

Retrieves a deployed remote network by ID.

Table 212: GET /config/remote_networks/{network_id} Resource Details

MIME Type

application/json

Table 213: GET /config/remote_networks/{network_id} Request Parameter Details

Parameter

Type

Optionality

Data Type

MIME Type

Description

network_id

path

Required

Number (Integer)

text/plain

ID that is used to retrieve a deployed remote network.

fields

query

Optional

String

text/plain

Optional - Use this parameter to specify which fields you would like to get back in the response. Fields that are not named are excluded. Specify subfields in brackets. Multiple fields in the same object are separated by commas.

Table 214: GET /config/remote_networks/{network_id} Response Codes

HTTP Response Code

Unique Code

Description

200

 

The deployed remote network was successfully retrieved.

404

1002

No deployed remote network was found with the provided ID.

500

1020

An error occurred during the retrieval of the remote network.

Response Description

The associated deployed remote network object.

  • id - Long - The ID of the remote network.

  • name - String - The name of the remote network.

  • description - String - The description of the remote network.

  • group - String - The group to which the remote network belongs.

  • cidrs - Array of <String> - A list of all the CIDR ranges that belong to the remote network.

Response Sample

{ "cidrs": [ "String" ], "description": "String", "group": "String", "id": 42, "name": "String" }

GET /config/remote_services

Retrieves a list of deployed remote services.

Table 215: GET /config/remote_services Resource Details

MIME Type

application/json

Table 216: GET /config/remote_services Request Parameter Details

Parameter

Type

Optionality

Data Type

MIME Type

Description

fields

query

Optional

String

text/plain

Optional - Use this parameter to specify which fields you would like to get back in the response. Fields that are not named are excluded. Specify subfields in brackets. Multiple fields in the same object are separated by commas.

filter

query

Optional

String

text/plain

Optional - This parameter is used to restrict the elements in a list base on the contents of various fields.

Range

header

Optional

String

text/plain

Optional - Use this parameter to restrict the number of elements that are returned in the list to a specified range. The list is indexed starting at zero.

Table 217: GET /config/remote_services Response Codes

HTTP Response Code

Unique Code

Description

200

 

The deployed remote services list was successfully retrieved.

500

1020

An internal server error occurred during the retrieval of the list of deployed remote services.

Response Description

A list of deployed remote services.

  • id - Long - The ID of the remote service.

  • name - String - The name of the remote service.

  • description - String - The description of the remote service.

  • group - String - The group to which the remote service belongs.

  • cidrs - Array of <String> - A list of all the CIDR ranges that belong to the remote service.

Response Sample

[ { "cidrs": [ "String" ], "description": "String", "group": "String", "id": 42, "name": "String" } ]

GET /config/remote_services/{service_id}

Retrieves a deployed remote service by ID.

Table 218: GET /config/remote_services/{service_id} Resource Details

MIME Type

application/json

Table 219: GET /config/remote_services/{service_id} Request Parameter Details

Parameter

Type

Optionality

Data Type

MIME Type

Description

service_id

path

Required

Number (Integer)

text/plain

ID that is used for retrieving a deployed remote service.

fields

query

Optional

String

text/plain

Optional - Use this parameter to specify which fields you would like to get back in the response. Fields that are not named are excluded. Specify subfields in brackets. Multiple fields in the same object are separated by commas.

Table 220: GET /config/remote_services/{service_id} Response Codes

HTTP Response Code

Unique Code

Description

200

 

The deployed remote service was successfully retrieved.

404

1002

No deployed remote service was found with the provided ID.

500

1020

An error occurred during the retrieval of the remote service.

Response Description

The associated deployed remote service object.

  • id - Long - The ID of the remote service.

  • name - String - The name of the remote service.

  • description - String - The description of the remote service.

  • group - String - The group to which the remote service belongs.

  • cidrs - Array of <String> - A list of all the CIDR ranges that belong to the remote service.

Response Sample

{ "cidrs": [ "String" ], "description": "String", "group": "String", "id": 42, "name": "String" }

GET /config/resource_restrictions

Retrieves a list of all resource restrictions.

Table 221: GET /config/resource_restrictions Resource Details

MIME Type

application/json

Table 222: GET /config/resource_restrictions Request Parameter Details

Parameter

Type

Optionality

Data Type

MIME Type

Description

Range

header

Optional

String

text/plain

Optional - Use this parameter to restrict the number of elements that are returned in the list to a specified range. The list is indexed starting at zero.

filter

query

Optional

String

text/plain

Optional - This parameter is used to restrict the elements in a list base on the contents of various fields.

fields

query

Optional

String

text/plain

Optional - Use this parameter to specify which fields you would like to get back in the response. Fields that are not named are excluded. Specify subfields in brackets and multiple fields in the same object are separated by commas.

Table 223: GET /config/resource_restrictions Response Codes

HTTP Response Code

Unique Code

Description

200

 

The resource restriction list was successfully retrieved.

500

1001

An error occurred during the attempt to retrieve the restriction list.

Response Description

A list of all the restrictions.

Response Sample

[ { "data_window": 42, "execution_time": 42, "id": "String", "record_limit": 42, "role_id": 42, "tenant_id": 42, "user_id": 42 } ]

POST /config/resource_restrictions

Creates a new resource restriction.

Table 224: POST /config/resource_restrictions Resource Details

MIME Type

application/json

Table 225: POST /config/resource_restrictions Request Parameter Details

Parameter

Type

Optionality

Data Type

MIME Type

Description

fields

header

Optional

String

text/plain

Optional - Use this parameter to specify which fields you would like to get back in the response. Fields that are not named are excluded. Specify subfields in brackets and multiple fields in the same object are separated by commas.

Table 226: POST /config/resource_restrictions Request Body Details

Parameter

Data Type

MIME Type

Description

Sample

resourceRestriction

Object

application/json

Required - The resource restriction to be added. Only one of the ID fields (user_id, tenant_id, role_id) can be provided.

{ "data_window": 42, "execution_time": 42, "id": "String", "record_limit": 42, "role_id": 42, "tenant_id": 42, "user_id": 42 }

Table 227: POST /config/resource_restrictions Response Codes

HTTP Response Code

Unique Code

Description

200

 

The new resource restriction was successfully created.

404

1009

The consumer (user, tenant, or role) provided was not found.

422

1008

One of: user_id, role_id, or tenant_id

500

1010

An error occurred during the attempt to create a resource restriction.

Response Description

The associated restriction object.

Response Sample

{ "data_window": 42, "execution_time": 42, "id": "String", "record_limit": 42, "role_id": 42, "tenant_id": 42, "user_id": 42 }

GET /config/resource_restrictions/{resource_restriction_id}

Retrieves a resource restriction consumer by ID.

Table 228: GET /config/resource_restrictions/{resource_restriction_id} Resource Details

MIME Type

application/json

Table 229: GET /config/resource_restrictions/{resource_restriction_id} Request Parameter Details

Parameter

Type

Optionality

Data Type

MIME Type

Description

resource_restriction_id

path

Required

String

text/plain

Required - The resource restriction ID of the resource restriction to be retrieved. Must be of the format [1-3]-\d+

fields

query

Optional

String

text/plain

Optional - Use this parameter to specify which fields you would like to get back in the response. Fields that are not named are excluded. Specify subfields in brackets and multiple fields in the same object are separated by commas.

Table 230: GET /config/resource_restrictions/{resource_restriction_id} Response Codes

HTTP Response Code

Unique Code

Description

200

 

The resource restriction consumer was successfully retrieved.

404

1003

No such resource restriction consumer (user, tenant, or role) exists for the given ID.

422

1002

Provided ID is not a valid format. must be [1-3]-\d+

500

1004

An error occurred during the retrtieval resource restrictions.

Response Description

The associated restriction object.

Response Sample

{ "data_window": 42, "execution_time": 42, "id": "String", "record_limit": 42, "role_id": 42, "tenant_id": 42, "user_id": 42 }

DELETE /config/resource_restrictions/{resource_restriction_id}

Deletes a resource restriction consumer by ID.

Table 231: DELETE /config/resource_restrictions/{resource_restriction_id} Resource Details

MIME Type

text/plain

Table 232: DELETE /config/resource_restrictions/{resource_restriction_id} Request Parameter Details

Parameter

Type

Optionality

Data Type

MIME Type

Description

resource_restriction_id

path

Required

String

text/plain

Required - The resource restriction ID of the resource restriction to be retrieved. Must be of the format [1-3]-\d+

Table 233: DELETE /config/resource_restrictions/{resource_restriction_id} Response Codes

HTTP Response Code

Unique Code

Description

204

 

The resource restriction consumer was successfully deleted.

404

1003

null

422

1002

Provided ID is not a valid format. Must be of the format [1-3]-\d+

500

1004

An error occurred during the retrieval of the resource restrictions.

Response Description

The deleted restriction object.

Response Sample

PUT /config/resource_restrictions/{resource_restriction_id}

Updates a resource restriction consumer by ID.

Table 234: PUT /config/resource_restrictions/{resource_restriction_id} Resource Details

MIME Type

application/json

Table 235: PUT /config/resource_restrictions/{resource_restriction_id} Request Parameter Details

Parameter

Type

Optionality

Data Type

MIME Type

Description

resource_restriction_id

path

Required

String

text/plain

Required - The resource restriction ID of the resource restriction to be updated. Must be of the format [1-3]-\d+

fields

header

Optional

String

text/plain

Optional - Use this parameter to specify which fields you would like to get back in the response. Fields that are not named are excluded. Specify subfields in brackets and multiple fields in the same object are separated by commas.

Table 236: PUT /config/resource_restrictions/{resource_restriction_id} Request Body Details

Parameter

Data Type

MIME Type

Description

Sample

resourceRestriction

Object

application/json

Required - The resource restrictions to be updated.

{ "data_window": 42, "execution_time": 42, "id": "String", "record_limit": 42, "role_id": 42, "tenant_id": 42, "user_id": 42 }

Table 237: PUT /config/resource_restrictions/{resource_restriction_id} Response Codes

HTTP Response Code

Unique Code

Description

200

 

The resource restriction consumer was successfully updated.

404

1006

The resource restriction consumer (user, tenant, or role) wasn't found.

422

1005

Provided ID is not a valid format. Must be of the format [1-3]-\d+

500

1007

An error occurred during the retrieval of the resource restriction.

Response Description

The associated restriction object.

Response Sample

{ "data_window": 42, "execution_time": 42, "id": "String", "record_limit": 42, "role_id": 42, "tenant_id": 42, "user_id": 42 }

GET /config/store_and_forward/policies

Retrieves a list of store and forward policies.

Table 238: GET /config/store_and_forward/policies Resource Details

MIME Type

application/json

Table 239: GET /config/store_and_forward/policies Request Parameter Details

Parameter

Type

Optionality

Data Type

MIME Type

Description

Range

header

Optional

String

text/plain

Optional - Use this parameter to restrict the number of elements that are returned in the list to a specified range. The list is indexed starting at zero.

filter

query

Optional

String

text/plain

Optional - This parameter is used to restrict the elements in a list base on the contents of various fields.

fields

query

Optional

String

text/plain

Optional - Use this parameter to specify which fields you would like to get back in the response. Fields that are not named are excluded. Specify subfields in brackets and multiple fields in the same object are separated by commas.

Table 240: GET /config/store_and_forward/policies Response Codes

HTTP Response Code

Unique Code

Description

200

 

The store and forward policies were retrieved.

422

1010

A request parameter is not valid.

500

1020

An error occurred during the attempt to retrieve the store and forward policies.

Response Description

An array of Store and Forward Policy objects. An Store and Forward Policy object contains the following fields:

  • id - Long - The ID of the store and forward policy.

  • name - String - The name of the store and forward policy.

  • description - String - The description of the store and forward policy.

  • timezone - String - The timezone of the store and forward policy.

  • owner - String - The owner of the store and forward policy.

  • store_and_forward_schedule_id - Long - The schedule ID of the store and forward policy.

  • created - Long - The time in milliseconds since epoch since the store and forward policy was created.

  • modified - Long - The time in milliseconds since epoch since the store and forward policy was last modified.

Response Sample

[ { "created": 42, "description": "String", "id": 42, "modified": 42, "name": "String", "owner": "String", "saf_schedule_id": 42, "timezone": "String" } ]

GET /config/store_and_forward/policies/{id}

Retrieves a store and forward policy.

Table 241: GET /config/store_and_forward/policies/{id} Resource Details

MIME Type

application/json

Table 242: GET /config/store_and_forward/policies/{id} Request Parameter Details

Parameter

Type

Optionality

Data Type

MIME Type

Description

id

path

Required

Number (Integer)

text/plain

null

fields

query

Optional

String

text/plain

Optional - Use this parameter to specify which fields you would like to get back in the response. Fields that are not named are excluded. Specify subfields in brackets and multiple fields in the same object are separated by commas.

Table 243: GET /config/store_and_forward/policies/{id} Response Codes

HTTP Response Code

Unique Code

Description

200

 

The store and forward policy was retrieved.

404

1002

The store and forward policy does not exist.

500

1020

An error occurred during the attempt to retrieve the store and forward policy.

Response Description

The store and forward policy after it has been retrieved. An Store and Forward Policy object contains the following fields:

  • id - Long - The ID of the store and forward policy.

  • name - String - The name of the store and forward policy.

  • description - String - The description of the store and forward policy.

  • timezone - String - The timezone of the store and forward policy.

  • owner - String - The owner of the store and forward policy.

  • store_and_forward_schedule_id - Long - The schedule ID of the store and forward policy.

  • created - Long - The time in milliseconds since epoch since the store and forward policy was created.

  • modified - Long - The time in milliseconds since epoch since the store and forward policy was last modified.

Response Sample

{ "created": 42, "description": "String", "id": 42, "modified": 42, "name": "String", "owner": "String", "saf_schedule_id": 42, "timezone": "String" }

POST /config/store_and_forward/policies/{id}

Updates the store and forward policy owner only.

Table 244: POST /config/store_and_forward/policies/{id} Resource Details

MIME Type

application/json

Table 245: POST /config/store_and_forward/policies/{id} Request Parameter Details

Parameter

Type

Optionality

Data Type

MIME Type

Description

id

path

Required

Number (Integer)

text/plain

null

fields

header

Optional

String

text/plain

Optional - Use this parameter to specify which fields you would like to get back in the response. Fields that are not named are excluded. Specify subfields in brackets and multiple fields in the same object are separated by commas.

Table 246: POST /config/store_and_forward/policies/{id} Request Body Details

Parameter

Data Type

MIME Type

Description

Sample

policy

Object

application/json

null

{ "description": "String", "id": 42, "name": "String", "owner": "String", "saf_schedule_id": 42, "timezone": "String" }

Table 247: POST /config/store_and_forward/policies/{id} Response Codes

HTTP Response Code

Unique Code

Description

200

 

The store and forward policy has been updated.

403

1009

You do not have the required capabilities to update the store and forward policy.

404

1002

The store and forward policy does not exist.

409

1004

The provided user does not have the required capabilities to own the store and forward policy.

422

1005

A request parameter is not valid.

500

1020

An error occurred during the attempt to update the store and forward policy.

Response Description

The store and forward policy after it was updated. An Store and Forward Policy object contains the following fields:

  • id - Long - The ID of the store and forward policy.

  • name - String - The name of the store and forward policy.

  • description - String - The description of the store and forward policy.

  • timezone - String - The timezone of the store and forward policy.

  • owner - String - The owner of the store and forward policy.

  • store_and_forward_schedule_id - Long - The schedule ID of the store and forward policy.

  • created - Long - The time in milliseconds since epoch since the store and forward policy was created.

  • modified - Long - The time in milliseconds since epoch since the store and forward policy was last modified.

Response Sample

{ "created": 42, "description": "String", "id": 42, "modified": 42, "name": "String", "owner": "String", "saf_schedule_id": 42, "timezone": "String" }

DELETE /config/store_and_forward/policies/{id}

Deletes a store and forward policy.

Table 248: DELETE /config/store_and_forward/policies/{id} Resource Details

MIME Type

text/plain

Table 249: DELETE /config/store_and_forward/policies/{id} Request Parameter Details

Parameter

Type

Optionality

Data Type

MIME Type

Description

id

path

Required

Number (Integer)

text/plain

null

Table 250: DELETE /config/store_and_forward/policies/{id} Response Codes

HTTP Response Code

Unique Code

Description

204

 

The Store and Forward Policy has been deleted

403

1009

You do not have the required capabilities to delete the store and forward policy

404

1002

The Store and Forward Policy does not exist

500

1020

An error occurred during the attempt to delete the store and forward policy

Response Description

Response Sample