Configuration Endpoints

Use the references for REST API V9.0 configuration endpoints.

GET /config/access/tenant_management/tenants

Retrieve the list of all tenants ordered by tenant ID.

Response Description

a list of all the tenants

Response Sample

[ { "deleted": true, "description": "String", "event_rate_limit": 42, "flow_rate_limit": 42, "id": 42, "name": "String" } ]

POST /config/access/tenant_management/tenants

Create a new tenant.

Response Description

a created tenant object

Response Sample

{ "deleted": true, "description": "String", "event_rate_limit": 42, "flow_rate_limit": 42, "id": 42, "name": "String" }

GET /config/access/tenant_management/tenants/{tenant_id}

Retrieve a tenant by tenant id.

Response Description

the associated tenants object

Response Sample

{ "deleted": true, "description": "String", "event_rate_limit": 42, "flow_rate_limit": 42, "id": 42, "name": "String" }

POST /config/access/tenant_management/tenants/{tenant_id}

Update a tenant.

Response Description

The updated tenant object.

Response Sample

{ "deleted": true, "description": "String", "event_rate_limit": 42, "flow_rate_limit": 42, "id": 42, "name": "String" }

DELETE /config/access/tenant_management/tenants/{tenant_id}

Deletes a tenant by tenant ID.

Response Description

the deleted tenant object with its parameter deleted set to true

Response Sample

{ "deleted": true, "description": "String", "event_rate_limit": 42, "flow_rate_limit": 42, "id": 42, "name": "String" }

GET /config/access/user_dependent_tasks/{task_id}

Retrieves the dependent user task status.

Response Description

A Dependent Task Status object and the location header set to the task status url "/api/config/access/user_dependent_tasks/{task_id}". A Dependent Task Status object contains the following fields:

• id - Long - The ID of the task.

• message - String - The localized task message.

• status - String - The current state of the task.

• name - String - The name of the task.

• created_by - String - The name of the user who started the task.

• cancelled_by - String - The name of the user who requested to cancel the task.

• created - Long - The time in milliseconds since epoch since the task was created.

• started - Long - The time in milliseconds since epoch since the task was started.

• modified - Long - The time in milliseconds since epoch since the task was modified.

• completed - Long - The time in milliseconds since epoch since the task was completed.

• number_of_dependents - Long - The number of dependents found. Value is null until task completes.

• maximum - Long - The maximum number of objects to check for dependency.

• progress - Long - The number of objects checked for dependency.

• task_components - Array - An array of task component objects. A task component object contains the following fields:

  • message - String - The localized sub-task status message.

  • status - String - The current state the sub-task is in.

  • sub_task_type - String - The type of the sub-task.

  • maximum - Long - The maximum number of objects to check for dependency.

  • progress - Long - The number of objects checked for dependency.

  • created - Long - The time in milliseconds since epoch since the sub-task was created.

  • started - Long - The time in milliseconds since epoch since the sub-task was started.

  • modified - Long - The time in milliseconds since epoch since the sub-task was modified.

  • completed - Long - The time in milliseconds since epoch since the sub-task was completed.

Response Sample

{ "cancelled_by": "String", "completed": 42, "created": 42, "created_by": "String", "id": 42, "maximum": 42, "message": "String", "modified": 42, "name": "String", "number_of_dependents": 42, "progress": 42, "started": 42, "status": "String <one of: CANCELLED, CANCELING, CANCEL_REQUESTED, COMPLETED, CONFLICT, EXCEPTION, INITIALIZING, INTERRUPTED, PAUSED, PROCESSING, QUEUED, RESUMING>", "task_components": [ { "completed": 42, "created": 42, "maximum": 42, "message": "String", "modified": 42, "number_of_dependents": 42, "progress": 42, "started": 42, "status": "String <one of: CANCELLED, CANCELING, CANCEL_REQUESTED, COMPLETED, CONFLICT, EXCEPTION, INITIALIZING, INTERRUPTED, PAUSED, PROCESSING, QUEUED, RESUMING>", "task_sub_type": "String <one of: FIND_DEPENDENT_ARIEL_SAVED_SEARCHES, FIND_DEPENDENT_OFFENSE_SAVED_SEARCHES, FIND_DEPENDENT_ASSET_SAVED_SEARCHES, FIND_DEPENDENT_VULNERABILITY_SAVED_SEARCHES, FIND_DEPENDENT_ADE_RULES, FIND_DEPENDENT_RULES, FIND_DEPENDENT_CALCULATED_PROPERTIES, FIND_DEPENDENT_AQL_PROPERTIES, FIND_DEPENDENT_LOG_SOURCE_GROUPS, FIND_DEPENDENT_CUSTOM_PROPERTIES, FIND_DEPENDENT_REPORTS, FIND_DEPENDENT_DASHBOARDS, FIND_DEPENDENT_STORE_AND_FORWARD_POLOCIES, FIND_DEPENDENT_AUTHORIZED_SERVICES, FIND_DEPENDENT_OFFENSE_TYPES, FIND_DEPENDENT_ASSIGNED_OFFENSES, FIND_DEPENDENT_VULNERABILITIES, FIND_DEPENDENT_GROUPS, FIND_DEPENDENT_HISTORICAL_CORRELATION_PROFILES, FIND_DEPENDENT_SECURITY_PROFILES, FIND_DEPENDENT_ARIEL_INDEXING>" } ] }

POST /config/access/user_dependent_tasks/{task_id}

Cancels a dependent user task.

Response Description

A Dependent Task Status object and the location header set to the task status url "/api/config/access/user_dependent_tasks/{task_id}". A Dependent Task Status object contains the following fields:

• id - Long - The ID of the task.

• message - String - The localized task message.

• status - String - The current state that the task is in.

• name - String - The name of the task.

• created_by - String - The name of the user who started the task.

• cancelled_by - String - The name of the user who requested to cancel the task.

• created - Long - The time in milliseconds since epoch since the task was created.

• started - Long - The time in milliseconds since epoch since the task was started.

• modified - Long - The time in milliseconds since epoch since the task was modified.

• completed - Long - The time in milliseconds since epoch since the task was completed.

• number_of_dependents - Long - The number of dependents found. The value is null until the task completes.

• maximum - Long - The maximum number of objects to check for dependency.

• progress - Long - The number of objects checked for dependency.

• task_components - Array - An array of task component objects. A task component object contains the following fields:

  • message - String - The localized sub-task status message.

  • status - String - The current state the sub-task is in.

  • sub_task_type - String - The type of the sub-task.

  • maximum - Long - The maximum number of objects to check for dependency.

  • progress - Long - The number of objects checked for dependency.

  • created - Long - The time in milliseconds since epoch since the sub-task was created.

  • started - Long - The time in milliseconds since epoch since the sub-task was started.

  • modified - Long - The time in milliseconds since epoch since the sub-task was modified.

  • completed - Long - The time in milliseconds since epoch since the sub-task was completed.

Response Sample

{ "cancelled_by": "String", "completed": 42, "created": 42, "created_by": "String", "id": 42, "maximum": 42, "message": "String", "modified": 42, "name": "String", "number_of_dependents": 42, "progress": 42, "started": 42, "status": "String <one of: CANCELLED, CANCELING, CANCEL_REQUESTED, COMPLETED, CONFLICT, EXCEPTION, INITIALIZING, INTERRUPTED, PAUSED, PROCESSING, QUEUED, RESUMING>", "task_components": [ { "completed": 42, "created": 42, "maximum": 42, "message": "String", "modified": 42, "number_of_dependents": 42, "progress": 42, "started": 42, "status": "String <one of: CANCELLED, CANCELING, CANCEL_REQUESTED, COMPLETED, CONFLICT, EXCEPTION, INITIALIZING, INTERRUPTED, PAUSED, PROCESSING, QUEUED, RESUMING>", "task_sub_type": "String <one of: FIND_DEPENDENT_ARIEL_SAVED_SEARCHES, FIND_DEPENDENT_OFFENSE_SAVED_SEARCHES, FIND_DEPENDENT_ASSET_SAVED_SEARCHES, FIND_DEPENDENT_VULNERABILITY_SAVED_SEARCHES, FIND_DEPENDENT_ADE_RULES, FIND_DEPENDENT_RULES, FIND_DEPENDENT_CALCULATED_PROPERTIES, FIND_DEPENDENT_AQL_PROPERTIES, FIND_DEPENDENT_LOG_SOURCE_GROUPS, FIND_DEPENDENT_CUSTOM_PROPERTIES, FIND_DEPENDENT_REPORTS, FIND_DEPENDENT_DASHBOARDS, FIND_DEPENDENT_STORE_AND_FORWARD_POLOCIES, FIND_DEPENDENT_AUTHORIZED_SERVICES, FIND_DEPENDENT_OFFENSE_TYPES, FIND_DEPENDENT_ASSIGNED_OFFENSES, FIND_DEPENDENT_VULNERABILITIES, FIND_DEPENDENT_GROUPS, FIND_DEPENDENT_HISTORICAL_CORRELATION_PROFILES, FIND_DEPENDENT_SECURITY_PROFILES, FIND_DEPENDENT_ARIEL_INDEXING>" } ] }

GET /config/access/user_dependent_tasks/{task_id}/results

Retrieves the user dependent task results.

Response Description

An list of Dependent objects. A Dependent object contains the following fields:

• dependent_id - String - The ID of the dependent resource.

• dependent_name - String - The name of the dependent resource (default resources can have localized names).

• dependent_owner - String - The owner of the dependent resource.

• dependent_type - String - The type of the dependent resource.

• dependent_database - String - The database of the dependent resource.

• dependent_group_ids - Array of Longs - List of groups that the dependent resource belongs to.

• user_has_edit_permissions - Boolean - True if the user who created the task has permission to edit this dependent resource.

Response Sample

[ { "blocking": true, "dependent_database": "String <one of: EVENTS, FLOWS>", "dependent_group_ids": [ 42 ], "dependent_id": "String", "dependent_name": "String", "dependent_owner": "String", "dependent_type": "String <one of: ARIEL_SAVED_SEARCH, ASSET_SAVED_SEARCH, OFFENSE_SAVED_SEARCH, VULNERABILITY_SAVED_SEARCH, QRM_SAVED_SEARCH_GROUP, ASSET_SAVED_SEARCH_GROUP, CUSTOM_RULE_GROUP, EVENT_ARIEL_SAVED_SEARCH_GROUP, FLOW_ARIEL_SAVED_SEARCH_GROUP, LOG_SOURCE_GROUP, MODEL_GROUP, OFFENSE_SAVED_SEARCH_GROUP, QUESTION_GROUP, REPORT_GROUP, SIMULATION_GROUP, TOPOLOGY_SAVED_SEARCH_GROUP, VULNERABILITY_SAVED_SEARCH_GROUP, ASSIGNED_OFFENSE, ASSIGNED_VULNERABILITY, AUTHORIZED_SERVICE, BUILDING_BLOCK, CRE_RULE, CRE_ADE_RULE, EVENT_REGEX_PROPERTY, EVENT_REGEX_PROPERTY_DEPENDENCY, EVENT_CALCULATED_PROPERTY, FLOW_REGEX_PROPERTY, FLOW_REGEX_PROPERTY_DEPENDENCY, FLOW_CALCULATED_PROPERTY, DASHBOARD, GV_REFERENCE, REPORT, REFERENCE_DATA, REFERENCE_DATA_MAP_OF_SETS, REFERENCE_DATA_MAPS, REFERENCE_DATA_SETS, REFERENCE_DATA_TABLES, REFERENCE_DATA_RESPONSE, REFERENCE_SET_RESPONSE, EVENT_RETENTION_BUCKET, FLOW_RETENTION_BUCKET, ROUTING_RULE, STORE_AND_FORWARD_POLICY, USER, HISTORICAL_PROFILE, OFFENSE, EVENT_AQL_PROPERTY, FLOW_AQL_PROPERTY, OFFENSE_TYPE, SECURITY_PROFILE, ARIEL_INDEX>", "user_has_edit_permissions": true } ]

GET /config/access/users

Retrieves a list of deployed users.

Response Description

An array of User objects. An User object contains the following fields:

• id - Long - The ID of the user.

• name - String - The name of the user.

Response Sample

[ { "id": 42, "username": "String" } ]

GET /config/access/users/{id}/dependents

Retrieves the objects that depend on the user.

Response Description

A Dependents Task Status object and the location header set to the task status url "/api/config/access/user_dependents_tasks/{task_id}". A Dependent Task Status object contains the following fields:

• id - Long - The ID of the task.

• message - String - The localized task message.

• status - String - The current state of the task.

• name - String - The name of the task.

• created_by - String - The name of the user who started the task.

• cancelled_by - String - The name of the user who requested cancellation of the task.

• created - Long - The time in milliseconds since epoch since the task was created.

• started - Long - The time in milliseconds since epoch since the task was started.

• modified - Long - The time in milliseconds since epoch since the task was modified.

• completed - Long - The time in milliseconds since epoch since the task was completed.

• number_of_dependents - Long - The number of dependents found. Value is null until task completes.

• maximum - Long - The maximum number of objects to check for dependency.

• progress - Long - The number of objects checked for dependency.

• task_components - Array - An array of task component objects. A task component object contains the following fields

  • message - String - The localized sub-task status message.

  • status - String - The current state of the sub-task.

  • sub_task_type - String - The type of the sub-task

  • maximum - Long - The maximum number of objects to check for dependency.

  • progress - Long - The number of objects checked for dependency.

  • created - Long - The time in milliseconds since epoch since the sub-task was created.

  • started - Long - The time in milliseconds since epoch since the sub-task was started.

  • modified - Long - The time in milliseconds since epoch since the sub-task was modified.

  • completed - Long - The time in milliseconds since epoch since the sub-task was completed.

Response Sample

{ "cancelled_by": "String", "completed": 42, "created": 42, "created_by": "String", "id": 42, "maximum": 42, "message": "String", "modified": 42, "name": "String", "number_of_dependents": 42, "progress": 42, "started": 42, "status": "String <one of: CANCELLED, CANCELING, CANCEL_REQUESTED, COMPLETED, CONFLICT, EXCEPTION, INITIALIZING, INTERRUPTED, PAUSED, PROCESSING, QUEUED, RESUMING>", "task_components": [ { "completed": 42, "created": 42, "maximum": 42, "message": "String", "modified": 42, "number_of_dependents": 42, "progress": 42, "started": 42, "status": "String <one of: CANCELLED, CANCELING, CANCEL_REQUESTED, COMPLETED, CONFLICT, EXCEPTION, INITIALIZING, INTERRUPTED, PAUSED, PROCESSING, QUEUED, RESUMING>", "task_sub_type": "String <one of: FIND_DEPENDENT_ARIEL_SAVED_SEARCHES, FIND_DEPENDENT_OFFENSE_SAVED_SEARCHES, FIND_DEPENDENT_ASSET_SAVED_SEARCHES, FIND_DEPENDENT_VULNERABILITY_SAVED_SEARCHES, FIND_DEPENDENT_ADE_RULES, FIND_DEPENDENT_RULES, FIND_DEPENDENT_CALCULATED_PROPERTIES, FIND_DEPENDENT_AQL_PROPERTIES, FIND_DEPENDENT_LOG_SOURCE_GROUPS, FIND_DEPENDENT_CUSTOM_PROPERTIES, FIND_DEPENDENT_REPORTS, FIND_DEPENDENT_DASHBOARDS, FIND_DEPENDENT_STORE_AND_FORWARD_POLOCIES, FIND_DEPENDENT_AUTHORIZED_SERVICES, FIND_DEPENDENT_OFFENSE_TYPES, FIND_DEPENDENT_ASSIGNED_OFFENSES, FIND_DEPENDENT_VULNERABILITIES, FIND_DEPENDENT_GROUPS, FIND_DEPENDENT_HISTORICAL_CORRELATION_PROFILES, FIND_DEPENDENT_SECURITY_PROFILES, FIND_DEPENDENT_ARIEL_INDEXING>" } ] }

GET /config/access/users/{id}

Retrieves a deployed user.

Response Description

The User after it is retrieved. A User object contains the following fields:

• id - Long - The ID of the user.

• name - String - The name of the user.

Response Sample

{ "id": 42, "username": "String" }

GET /config/deployment/hosts

Retrieves a list of all deployed hosts.

Response Description

A list of all the hosts. Each Host object has the following fields:

• id - The ID of this managed host.

• hostname - The host name of this managed host.

• private_ip - The private IP of this managed host.

• public_ip - The public IP of this managed host.

• appliance - An object that represents the appliance type ID and description of this managed host.

• version - The installed version on this managed host.

• status - The status of this managed host.

• eps_rate_hardware_limit - The upper limit for eps_allocation based on hardware constraints for this managed host.

• eps_allocation - The allocated eps rate of this managed host.

• average_eps - The average eps rate of this managed host over the previous month.

• peak_eps - The peak eps rate that was experienced by this managed host over the previous month.

• fpm_rate_hardware_limit - The upper limit for fpm_allocation based on hardware constraints for this managed host

• fpm_allocation - The allocated fpm rate of this managed host.

• average_fpm - The average fpm rate of this managed host over the previous month.

• peak_fpm - The peak fpm rate that was experienced by this managed host over the previous month.

• primary_server_id - The ID for the primary server host for this managed host.

• secondary_server_id - If configured, the ID for the secondary server host for this managed host.

• license_serial_number - The serial number that is associated with this managed host's license.

• components - A list of components that are associated with this managed host.

• compression_enabled - Whether or not compression is enabled for this managed host.

• encryption_enabled - Whether or not encryption is enabled for this managed host.

Response Sample

[ { "appliance": { "id": "String", "type": "String" }, "average_eps": 42, "average_fpm": 42, "components": [ "String <one of: eventcollector, eventprocessor, dataNode, magistrate, ariel_query_server, ariel_proxy_server, vis, assetprofiler, qflow, hostcontext, tunnel, setuptunnel, ecs-ec, ecs-ep, resolveragent, resolver_manager, offsiteSource, offsiteTarget, accumulator, offline_forwarder, qvm, qvmprocessor, qvmscanner, qvmhostedscanner, qvmsiteprotector, arc_builder, tomcat-rm, ziptie-server, qrm, asset_change_publisher, forensicsnode, forensics_realtime, masterdaemon>" ], "compression_enabled": true, "encryption_enabled": true, "eps_allocation": 42, "eps_rate_hardware_limit": 42, "fpm_allocation": 42, "fpm_rate_hardware_limit": 42, "hostname": "String", "id": 42, "license_serial_number": "String", "peak_eps": 42, "peak_fpm": 42, "primary_server_id": 42, "private_ip": "String", "public_ip": "String", "secondary_server_id": 42, "status": "String <one of: Active, ADDING, Deleted, Deleting, ADD_FAILED, New, ADD_FAILED_VERSION_CHECK, ADD_FAILED_DEPLOY_IN_PROGRESS, ADD_FAILED_RETRY_CONNECTION, ADD_FAILED_HA, ADD_FAILED_CHECK_LOGS>", "version": "String" } ]

GET /config/deployment/hosts/{id}

Retrieves a deployed host by ID.

Response Description

The associated deployed host object. The Host object has the following fields:

• id - The ID of this managed host.

• hostname - The host name of this managed host.

• private_ip - The private IP of this managed host.

• public_ip - The public IP of this managed host.

• appliance - An object that represents the appliance type ID and description of this managed host.

• version - The installed version on this managed host.

• status - The status of this managed host.

• eps_rate_hardware_limit - The upper limit for eps_allocation based on hardware constraints for this managed host.

• eps_allocation - The allocated eps rate of this managed host.

• average_eps - The average eps rate of this managed host over the previous month.

• peak_eps - The peak eps rate that was experienced by this managed host over the previous month.

• fpm_rate_hardware_limit - The upper limit for fpm_allocation based on hardware constraints for this managed host.

• fpm_allocation - The allocated fpm rate of this managed host.

• average_fpm - The average fpm rate of this managed host over the previous month.

• peak_fpm - The peak fpm rate that was experienced by this managed host over the previous month.

• primary_server_id - The ID for the primary server host for this managed host.

• secondary_server_id - If configured, the ID for the secondary server host for this managed host.

• license_serial_number - The serial number that is associated with this managed host's license.

• components - A list of components that are associated with this managed host.

• compression_enabled - Whether or not compression is enabled for this managed host.

• encryption_enabled - Whether or not encryption is enabled for this managed host.

Response Sample

[ { "appliance": { "id": "String", "type": "String" }, "average_eps": 42, "average_fpm": 42, "components": [ "String <one of: eventcollector, eventprocessor, dataNode, magistrate, ariel_query_server, ariel_proxy_server, vis, assetprofiler, qflow, hostcontext, tunnel, setuptunnel, ecs-ec, ecs-ep, resolveragent, resolver_manager, offsiteSource, offsiteTarget, accumulator, offline_forwarder, qvm, qvmprocessor, qvmscanner, qvmhostedscanner, qvmsiteprotector, arc_builder, tomcat-rm, ziptie-server, qrm, asset_change_publisher, forensicsnode, forensics_realtime, masterdaemon>" ], "compression_enabled": true, "encryption_enabled": true, "eps_allocation": 42, "eps_rate_hardware_limit": 42, "fpm_allocation": 42, "fpm_rate_hardware_limit": 42, "hostname": "String", "id": 42, "license_serial_number": "String", "peak_eps": 42, "peak_fpm": 42, "primary_server_id": 42, "private_ip": "String", "public_ip": "String", "secondary_server_id": 42, "status": "String <one of: Active, ADDING, Deleted, Deleting, ADD_FAILED, New, ADD_FAILED_VERSION_CHECK, ADD_FAILED_DEPLOY_IN_PROGRESS, ADD_FAILED_RETRY_CONNECTION, ADD_FAILED_HA, ADD_FAILED_CHECK_LOGS>", "version": "String" } ]

POST /config/deployment/hosts/{id}

Updates a host by ID and sends a JMS message to update the pipeline.

Response Description

The updated host object. The host object has the following fields:

• id - The ID of this managed host.

• hostname - The host name of this managed host.

• private_ip - The private IP of this managed host.

• public_ip - The public IP of this managed host.

• appliance - An object that represents the appliance type ID and description of this managed host.

• version - The installed version on this managed host.

• status - The status of this managed host.

• eps_rate_hardware_limit - The upper limit for eps_allocation based on hardware constraints for this managed host.

• eps_allocation - The allocated eps rate of this managed host.

• average_eps - The average eps rate of this managed host over the previous month.

• peak_eps - The peak eps rate that was experienced by this managed host over the previous month.

• fpm_rate_hardware_limit - The upper limit for fpm_allocation based on hardware constraints for this managed host.

• fpm_allocation - The allocated fpm rate of this managed host.

• average_fpm - The average fpm rate of this managed host over the previous month.

• peak_fpm - The peak fpm rate that was experienced by this managed host over the previous month.

• primary_server_id - The ID for the primary server host for this managed host.

• secondary_server_id - If configured, the ID for the secondary server host for this managed host.

• license_serial_number - The serial number associated with this managed host's license.

• components - A list of components that are associated with this managed host.

• compression_enabled - Whether or not compression is enabled for this managed host.

• encryption_enabled - Whether or not encryption is enabled for this managed host.

* @throws ServerProcessingException An unexpected exception occurred during the updating of the host.

Response Sample

[ { "appliance": { "id": "String", "type": "String" }, "average_eps": 42, "average_fpm": 42, "components": [ "String <one of: eventcollector, eventprocessor, dataNode, magistrate, ariel_query_server, ariel_proxy_server, vis, assetprofiler, qflow, hostcontext, tunnel, setuptunnel, ecs-ec, ecs-ep, resolveragent, resolver_manager, offsiteSource, offsiteTarget, accumulator, offline_forwarder, qvm, qvmprocessor, qvmscanner, qvmhostedscanner, qvmsiteprotector, arc_builder, tomcat-rm, ziptie-server, qrm, asset_change_publisher, forensicsnode, forensics_realtime, masterdaemon>" ], "compression_enabled": true, "encryption_enabled": true, "eps_allocation": 42, "eps_rate_hardware_limit": 42, "fpm_allocation": 42, "fpm_rate_hardware_limit": 42, "hostname": "String", "id": 42, "license_serial_number": "String", "peak_eps": 42, "peak_fpm": 42, "primary_server_id": 42, "private_ip": "String", "public_ip": "String", "secondary_server_id": 42, "status": "String <one of: Active, ADDING, Deleted, Deleting, ADD_FAILED, New, ADD_FAILED_VERSION_CHECK, ADD_FAILED_DEPLOY_IN_PROGRESS, ADD_FAILED_RETRY_CONNECTION, ADD_FAILED_HA, ADD_FAILED_CHECK_LOGS>", "version": "String" } ]

GET /config/deployment/license_pool

Retrieves the deployed license pool information.

Response Description

The deployed license pool information.

• eps(allocated) - The amount of EPS rate allocated from the pool.

• eps(overallocated) - Whether EPS is overallocated or not in the pool.

• eps(total) - The total EPS rate available in the pool.

• fpm(allocated) - The amount of FPM rate allocated from the pool.

• fpm(overallocated) - Whether FPM is overallocated or not in the pool.

• fpm(total) - The total FPM rate available in the pool.

Response Sample

{ "eps": { "allocated": 42, "overallocated": true, "total": 42 }, "fpm": { "allocated": 42, "overallocated": true, "total": 42 } }

GET /config/domain_management/domains

The list is ordered by domain ID. If domains were never configured, only the default domain is returned.

Response Description

The list of domain objects.

Response Sample

[ { "asset_scanner_ids": [ 42 ], "custom_properties": [ { "capture_result": "String", "id": 42 } ], "deleted": true, "description": "String", "event_collector_ids": [ 42 ], "flow_collector_ids": [ 42 ], "flow_source_ids": [ 42 ], "id": 42, "log_source_group_ids": [ 42 ], "log_source_ids": [ 42 ], "name": "String", "qvm_scanner_ids": [ 42 ], "tenant_id": 42 } ]

POST /config/domain_management/domains

Creates a new domain.

Response Description

A created domain object.

Response Sample

{ "asset_scanner_ids": [ 42 ], "custom_properties": [ { "capture_result": "String", "id": 42 } ], "deleted": true, "description": "String", "event_collector_ids": [ 42 ], "flow_collector_ids": [ 42 ], "flow_source_ids": [ 42 ], "id": 42, "log_source_group_ids": [ 42 ], "log_source_ids": [ 42 ], "name": "String", "qvm_scanner_ids": [ 42 ], "tenant_id": 42 }

GET /config/domain_management/domains/{domain_id}

Retrieves a domain by domain ID.

Response Description

A domain object.

Response Sample

{ "asset_scanner_ids": [ 42 ], "custom_properties": [ { "capture_result": "String", "id": 42 } ], "deleted": true, "description": "String", "event_collector_ids": [ 42 ], "flow_collector_ids": [ 42 ], "flow_source_ids": [ 42 ], "id": 42, "log_source_group_ids": [ 42 ], "log_source_ids": [ 42 ], "name": "String", "qvm_scanner_ids": [ 42 ], "tenant_id": 42 }

POST /config/domain_management/domains/{domain_id}

Updates an existing domain.

Response Description

The updated domain object.

Response Sample

{ "asset_scanner_ids": [ 42 ], "custom_properties": [ { "capture_result": "String", "id": 42 } ], "deleted": true, "description": "String", "event_collector_ids": [ 42 ], "flow_collector_ids": [ 42 ], "flow_source_ids": [ 42 ], "id": 42, "log_source_group_ids": [ 42 ], "log_source_ids": [ 42 ], "name": "String", "qvm_scanner_ids": [ 42 ], "tenant_id": 42 }

DELETE /config/domain_management/domains/{domain_id}

Deletes a domain by domain ID.

Response Description

The deleted domain object with its parameter deleted set to true.

Response Sample

{ "asset_scanner_ids": [ 42 ], "custom_properties": [ { "capture_result": "String", "id": 42 } ], "deleted": true, "description": "String", "event_collector_ids": [ 42 ], "flow_collector_ids": [ 42 ], "flow_source_ids": [ 42 ], "id": 42, "log_source_group_ids": [ 42 ], "log_source_ids": [ 42 ], "name": "String", "qvm_scanner_ids": [ 42 ], "tenant_id": 42 }

GET /config/event_retention_buckets

Retrieves a list of event retention buckets.

Response Description

An array of Retention Bucket objects. An Retention Bucket object contains the following fields:

• id - Integer - The ID of the retention bucket.

• bucket_id - Integer - The Bucket ID of the retention bucket. ( 0 - 10 )

• priority - Integer - The priority of the retention bucket. ( 0 - 10 ).

• name - String - The name of the retention bucket.

• database - String - The database of the retention bucket, EVENTS or FLOWS.

• description - String - The description of the retention bucket.

• period - Integer - The retention period in hours.

• delete - String - The delete protocol of the retention bucket, IMMEDIATELY or ON_DEMAND.

• created - Long - The time in milliseconds since epoch since the retention bucket was created.

• modified - Long - The time in milliseconds since epoch since the retention bucket was last modified.

• saved_search_id - String - The id of the saved search used by the retention bucket.

• enabled - Boolean - True if the retention bucket is enabled.

Response Sample

[ { "bucket_id": 42, "created": 42, "database": "String", "deletion": "String <one of: ON_DEMAND, IMMEDIATELY>", "description": "String", "enabled": true, "id": 42, "modified": 42, "name": "String", "period": 42, "priority": 42, "saved_search_id": "String" } ]

GET /config/event_retention_buckets/{id}

Retrieves an event retention bucket.

Response Description

The retention bucket after it has been retrieved. An Retention Bucket object contains the following fields:

• id - Integer - The ID of the retention bucket.

• bucket_id - Integer - The Bucket ID of the retention bucket (0 - 10).

• priority - Integer - The priority of the retention bucket (0 - 10).

• name - String - The name of the retention bucket.

• database - String - The database of the retention bucket, EVENTS or FLOWS.

• description - String - The description of the retention bucket.

• period - Integer - The retention period in hours.

• delete - String - The delete protocol of the retention bucket, IMMEDIATELY or ON_DEMAND.

• created - Long - The time in milliseconds since epoch since the retention bucket was created.

• modified - Long - The time in milliseconds since epoch since the retention bucket was last modified.

• saved_search_id - String - The ID of the saved search that is used by the retention bucket.

• enabled - Boolean - True if the retention bucket is enabled.

Response Sample

{ "bucket_id": 42, "created": 42, "database": "String", "deletion": "String <one of: ON_DEMAND, IMMEDIATELY>", "description": "String", "enabled": true, "id": 42, "modified": 42, "name": "String", "period": 42, "priority": 42, "saved_search_id": "String" }

POST /config/event_retention_buckets/{id}

Updates the event retention bucket owner or enabled/disabled only.

Response Description

The Retention Bucket after it is updated. A Retention Bucket object contains the following fields:

• id - Integer - The ID of the retention bucket.

• bucket_id - Integer - The Bucket ID of the retention bucket (0 - 10).

• priority - Integer - The priority of the retention bucket (0 - 10).

• name - String - The name of the retention bucket.

• database - String - The database of the retention bucket, EVENTS or FLOWS.

• description - String - The description of the retention bucket.

• period - Integer - The retention period in hours.

• delete - String - The delete protocol of the retention bucket, IMMEDIATELY or ON_DEMAND.

• created - Long - The time in milliseconds since epoch since the retention bucket was created.

• modified - Long - The time in milliseconds since epoch since the retention bucket was last modified.

• saved_search_id - String - The ID of the saved search that is used by the retention bucket.

• enabled - Boolean - True if the retention bucket is enabled.

Response Sample

{ "bucket_id": 42, "created": 42, "database": "String", "deletion": "String <one of: ON_DEMAND, IMMEDIATELY>", "description": "String", "enabled": true, "id": 42, "modified": 42, "name": "String", "period": 42, "priority": 42, "saved_search_id": "String" }

DELETE /config/event_retention_buckets/{id}

Deletes an event retention bucket.

Response Description

Response Sample

DELETE /config/event_sources/custom_properties/calculated_properties/{calculated_property_id}

Deletes the event calculated property. To ensure safe deletion, a dependency check is carried out. This check might take some time. An asynchronous task to do is started for this check.

Response Description

A Delete Task Status object and the location header set to the task status URL "/api/config/event_sources/custom_properties/calculated_property_delete_tasks/{task_id}". A Delete Task Status object contains the following fields:

• id - Long - The ID of the task.

• message - String - The localized task message.

• status - String - The current state of the task.

• name - String - The name of the task.

• created_by - String - The name of the user who started the task.

• created - Long - The time in milliseconds since epoch since the task was created.

• started - Long - The time in milliseconds since epoch since the task was started.

• modified - Long - The time in milliseconds since epoch since the task was modified.

• completed - Long - The time in milliseconds since epoch since the task was completed.

Response Sample

{ "completed": 42, "created": 42, "created_by": "String", "id": 42, "message": "String", "modified": 42, "name": "String", "started": 42, "status": "String <one of: CANCELLED, CANCELING, CANCEL_REQUESTED, COMPLETED, CONFLICT, EXCEPTION, INITIALIZING, INTERRUPTED, PAUSED, PROCESSING, QUEUED, RESUMING>" }

GET /config/event_sources/custom_properties/calculated_properties/{calculated_property_id}/dependents

Retrieves the objects that depend on the event calculated property.

Response Description

A Dependents Task Status object and the location header set to the task status URL "/api/config/event_sources/custom_properties/calculated_property_dependents_tasks/{task_id}". A Dependent Task Status object contains the following fields:

• id - Long - The ID of the task.

• message - String - The localized task message.

• status - String - The current state of the task.

• name - String - The name of the task.

• created_by - String - The name of the user who started the task.

• cancelled_by - String - The name of the user who requested to cancel the task.

• created - Long - The time in milliseconds since epoch since the task was created.

• started - Long - The time in milliseconds since epoch since the task was started.

• modified - Long - The time in milliseconds since epoch since the task was modified.

• completed - Long - The time in milliseconds since epoch since the task was completed.

• number_of_dependents - Long - The number of dependents found. The value is null until the task completes.

• maximum - Long - The maximum number of objects to check for dependency.

• progress - Long - The number of objects that were checked for dependency.

• task_components - Array - An array of task component objects. A task component object contains the following fields:

  • message - String - The localized sub-task status message.

  • status - String - The current state of the sub-task.

  • sub_task_type - String - The type of the sub-task

  • maximum - Long - The maximum number of objects to check for dependency.

  • progress - Long - The number of objects that were checked for dependency.

  • created - Long - The time in milliseconds since epoch since the sub-task was created.

  • started - Long - The time in milliseconds since epoch since the sub-task was started.

  • modified - Long - The time in milliseconds since epoch since the sub-task was modified.

  • completed - Long - The time in milliseconds since epoch since the sub-task was completed.

Response Sample

{ "cancelled_by": "String", "completed": 42, "created": 42, "created_by": "String", "id": 42, "maximum": 42, "message": "String", "modified": 42, "name": "String", "number_of_dependents": 42, "progress": 42, "started": 42, "status": "String <one of: CANCELLED, CANCELING, CANCEL_REQUESTED, COMPLETED, CONFLICT, EXCEPTION, INITIALIZING, INTERRUPTED, PAUSED, PROCESSING, QUEUED, RESUMING>", "task_components": [ { "completed": 42, "created": 42, "maximum": 42, "message": "String", "modified": 42, "number_of_dependents": 42, "progress": 42, "started": 42, "status": "String <one of: CANCELLED, CANCELING, CANCEL_REQUESTED, COMPLETED, CONFLICT, EXCEPTION, INITIALIZING, INTERRUPTED, PAUSED, PROCESSING, QUEUED, RESUMING>", "task_sub_type": "String <one of: FIND_DEPENDENT_ARIEL_SAVED_SEARCHES, FIND_DEPENDENT_OFFENSE_SAVED_SEARCHES, FIND_DEPENDENT_ASSET_SAVED_SEARCHES, FIND_DEPENDENT_VULNERABILITY_SAVED_SEARCHES, FIND_DEPENDENT_ADE_RULES, FIND_DEPENDENT_RULES, FIND_DEPENDENT_CALCULATED_PROPERTIES, FIND_DEPENDENT_AQL_PROPERTIES, FIND_DEPENDENT_LOG_SOURCE_GROUPS, FIND_DEPENDENT_CUSTOM_PROPERTIES, FIND_DEPENDENT_REPORTS, FIND_DEPENDENT_DASHBOARDS, FIND_DEPENDENT_STORE_AND_FORWARD_POLOCIES, FIND_DEPENDENT_AUTHORIZED_SERVICES, FIND_DEPENDENT_OFFENSE_TYPES, FIND_DEPENDENT_ASSIGNED_OFFENSES, FIND_DEPENDENT_VULNERABILITIES, FIND_DEPENDENT_GROUPS, FIND_DEPENDENT_HISTORICAL_CORRELATION_PROFILES, FIND_DEPENDENT_SECURITY_PROFILES, FIND_DEPENDENT_ARIEL_INDEXING>" } ] }

GET /config/event_sources/custom_properties/calculated_properties/{calculated_property_id}

Retrieves a calculated event property based on the supplied calculated property ID.

Response Description

A calculated event property that contains the following fields:

• id - Number - A sequence id for the calculated event property.

• identifier - String - A string that uniquely identifies the calculated event property.

• name - String - The name of the calculated event property.

• description - String - The description of the calculated event property.

• enabled - Boolean - Whether the calculated event property is enabled.

• first_operand - String - An operand object describing the first operand in the expression.

• second_operand - String - An operand object describing the second operand in the expression.

• operator - String - A string that represents one of the basic arithmetic operations in the expression.

• username - String - The username of the creator of the calculated event property.

• creation_date - Number - The time stamp for when the calculated event property is created in milliseconds since epoch.

• modification_date - Number - The time stamp for when the calculated event property is last modified in milliseconds since epoch.

An operand object contains the following fields:

• type - String - can be "STATIC" (for numeric operand) or "PROPERTY" (for operand that is a property).

• numeric_value - Number - when property_type is "STATIC", this is the value of the operand; otherwise, it is suppressed.

• property_name - String - when property_type is "PROPERTY", this is the name of the property that is being used as the operand; otherwise, it is suppressed.

Response Sample

{ "creation_date": 42, "description": "String", "enabled": true, "first_operand": { "numeric_value": 42.5, "property_name": "String", "type": "String <one of: STATIC, PROPERTY>" }, "id": 42, "identifier": "String", "modification_date": 42, "name": "String", "operator": "String <one of: ADD, SUBTRACT, MULTIPLY, DIVIDE>", "second_operand": { "numeric_value": 42.5, "property_name": "String", "type": "String <one of: STATIC, PROPERTY>" }, "username": "String" }

POST /config/event_sources/custom_properties/calculated_properties/{calculated_property_id}

Updates an existing calculated event property.

Response Description

The updated calculated event property that contains the following fields:

• id - Number - A sequence id for the calculated event property.

• identifier - String - A string that uniquely identifies the calculated event property.

• name - String - The name of the calculated event property.

• description - String - The description of the calculated event property.

• enabled - Boolean - Whether the calculated event property is enabled.

• first_operand - String - An operand object describing the first operand in the expression.

• second_operand - String - An operand object describing the second operand in the expression.

• operator - String - A string that represents one of the basic arithmetic operations in the expression.

• username - String - The username of the creator of the calculated event property.

• creation_date - Number - The time stamp for when the calculated event property is created in milliseconds since epoch.

• modification_date - Number - The time stamp for when the calculated event property is last modified in milliseconds since epoch.

An operand object contains the following fields:

• type - String - can be "STATIC" (for numeric operand) or "PROPERTY" (for operand that is a property).

• numeric_value - Number - when property_type is "STATIC", this is the value of the operand; otherwise, it is suppressed.

• property_name - String - when property_type is "PROPERTY", this is the name of the property that is being used as the operand; otherwise, it is suppressed.

Response Sample

{ "creation_date": 42, "description": "String", "enabled": true, "first_operand": { "numeric_value": 42.5, "property_name": "String", "type": "String <one of: STATIC, PROPERTY>" }, "id": 42, "identifier": "String", "modification_date": 42, "name": "String", "operator": "String <one of: ADD, SUBTRACT, MULTIPLY, DIVIDE>", "second_operand": { "numeric_value": 42.5, "property_name": "String", "type": "String <one of: STATIC, PROPERTY>" }, "username": "String" }

GET /config/event_sources/custom_properties/calculated_properties

Retrieves a list of calculated event properties.

Response Description

A list of calculated event properties. Each calculated event property contains the following fields:

• id - Number - A sequence id for the calculated event property.

• identifier - String - A string that uniquely identifies the calculated event property.

• name - String - The name of the calculated event property.

• description - String - The description of the calculated event property.

• enabled - Boolean - Whether the calculated event property is enabled.

• first_operand - String - An operand object describing the first operand in the expression.

• second_operand - String - An operand object describing the second operand in the expression.

• operator - String - A string that represents one of the basic arithmetic operations in the expression.

• username - String - The username of the creator of the calculated event property.

• creation_date - Number - The time stamp for when the calculated event property is created in milliseconds since epoch.

• modification_date - Number - The time stamp for when the calculated event property is last modified in milliseconds since epoch.

An operand object contains the following fields:

• type - String - can be "STATIC" (for numeric operand) or "PROPERTY" (for operand that is a property).

• numeric_value - Number - when property_type is "STATIC", this is the value of the operand; otherwise, it is suppressed.

• property_name - String - when property_type is "PROPERTY", this is the name of the property that is being used as the operand; otherwise, it is suppressed.

Response Sample

[ { "creation_date": 42, "description": "String", "enabled": true, "first_operand": { "numeric_value": 42.5, "property_name": "String", "type": "String <one of: STATIC, PROPERTY>" }, "id": 42, "identifier": "String", "modification_date": 42, "name": "String", "operator": "String <one of: ADD, SUBTRACT, MULTIPLY, DIVIDE>", "second_operand": { "numeric_value": 42.5, "property_name": "String", "type": "String <one of: STATIC, PROPERTY>" }, "username": "String" } ]

POST /config/event_sources/custom_properties/calculated_properties

Creates a new calculated event property.

Response Description

The newly created calculated event property that contains the following fields:

• id - Number - A sequence id for the calculated event property.

• identifier - String - A string that uniquely identifies the calculated event property.

• name - String - The name of the calculated event property.

• description - String - The description of the calculated event property.

• enabled - Boolean - Whether the calculated event property is enabled.

• first_operand - String - An operand object describing the first operand in the expression.

• second_operand - String - An operand object describing the second operand in the expression.

• operator - String - A string that represents one of the basic arithmetic operations in the expression.

• username - String - The username of the creator of the calculated event property.

• creation_date - Number - The time stamp for when the calculated event property is created in milliseconds since epoch.

• modification_date - Number - The time stamp for when the calculated event property is last modified in milliseconds since epoch.

An operand object contains the following fields:

• type - String - can be "STATIC" (for numeric operand) or "PROPERTY" (for operand that is a property).

• numeric_value - Number - when property_type is "STATIC", this is the value of the operand; otherwise, it is suppressed.

• property_name - String - when property_type is "PROPERTY", this is the name of the property that is being used as the operand; otherwise, it is suppressed.

Response Sample

{ "creation_date": 42, "description": "String", "enabled": true, "first_operand": { "numeric_value": 42.5, "property_name": "String", "type": "String <one of: STATIC, PROPERTY>" }, "id": 42, "identifier": "String", "modification_date": 42, "name": "String", "operator": "String <one of: ADD, SUBTRACT, MULTIPLY, DIVIDE>", "second_operand": { "numeric_value": 42.5, "property_name": "String", "type": "String <one of: STATIC, PROPERTY>" }, "username": "String" }

GET /config/event_sources/custom_properties/calculated_property_delete_tasks/{task_id}

Retrieves the status of the event calculated property delete task.

Response Description

A Delete Task Status object and the location header set to the task status URL "/api/config/event_sources/custom_properties/calculated_property_delete_tasks/{task_id}". A Delete Task Status object contains the following fields:

• id - Long - The ID of the task.

• message - String - The localized task message.

• status - String - The current state of the task.

• name - String - The name of the task.

• created_by - String - The name of the user who started the task.

• created - Long - The time in milliseconds since epoch since the task was created.

• started - Long - The time in milliseconds since epoch since the task was started.

• modified - Long - The time in milliseconds since epoch since the task was modified.

• completed - Long - The time in milliseconds since epoch since the task was completed.

Response Sample

{ "completed": 42, "created": 42, "created_by": "String", "id": 42, "message": "String", "modified": 42, "name": "String", "started": 42, "status": "String <one of: CANCELLED, CANCELING, CANCEL_REQUESTED, COMPLETED, CONFLICT, EXCEPTION, INITIALIZING, INTERRUPTED, PAUSED, PROCESSING, QUEUED, RESUMING>" }

GET /config/event_sources/custom_properties/calculated_property_dependent_tasks/{task_id}

Retrieves the status of the event calculated property dependents task.

Response Description

A Dependent Task Status object and the location header set to the task status URL "/api/config/event_sources/custom_properties/calculated_property_dependent_tasks/{task_id}". A Dependent Task Status object contains the following fields:

• id - Long - The ID of the task.

• message - String - The localized task message.

• status - String - The current state of the task.

• name - String - The name of the task.

• created_by - String - The name of the user who started the task.

• cancelled_by - String - The name of the user who requested to cancel the task.

• created - Long - The time in milliseconds since epoch since the task was created.

• started - Long - The time in milliseconds since epoch since the task was started.

• modified - Long - The time in milliseconds since epoch since the task was modified.

• completed - Long - The time in milliseconds since epoch since the task was completed.

• number_of_dependents - Long - The number of dependents found. The value is null until the task completes.

• maximum - Long - The maximum number of objects to check for dependency.

• progress - Long - The number of objects that were checked for dependency.

• task_components - Array - An array of task component objects. A task component object contains the following fields

  • message - String - The localized sub-task status message.

  • status - String - The current state of the sub-task.

  • sub_task_type - String - The type of the sub-task

  • maximum - Long - The maximum number of objects to check for dependency.

  • progress - Long - The number of objects that were checked for dependency.

  • created - Long - The time in milliseconds since epoch since the sub-task was created.

  • started - Long - The time in milliseconds since epoch since the sub-task was started.

  • modified - Long - The time in milliseconds since epoch since the sub-task was modified.

  • completed - Long - The time in milliseconds since epoch since the sub-task was completed.

Response Sample

{ "cancelled_by": "String", "completed": 42, "created": 42, "created_by": "String", "id": 42, "maximum": 42, "message": "String", "modified": 42, "name": "String", "number_of_dependents": 42, "progress": 42, "started": 42, "status": "String <one of: CANCELLED, CANCELING, CANCEL_REQUESTED, COMPLETED, CONFLICT, EXCEPTION, INITIALIZING, INTERRUPTED, PAUSED, PROCESSING, QUEUED, RESUMING>", "task_components": [ { "completed": 42, "created": 42, "maximum": 42, "message": "String", "modified": 42, "number_of_dependents": 42, "progress": 42, "started": 42, "status": "String <one of: CANCELLED, CANCELING, CANCEL_REQUESTED, COMPLETED, CONFLICT, EXCEPTION, INITIALIZING, INTERRUPTED, PAUSED, PROCESSING, QUEUED, RESUMING>", "task_sub_type": "String <one of: FIND_DEPENDENT_ARIEL_SAVED_SEARCHES, FIND_DEPENDENT_OFFENSE_SAVED_SEARCHES, FIND_DEPENDENT_ASSET_SAVED_SEARCHES, FIND_DEPENDENT_VULNERABILITY_SAVED_SEARCHES, FIND_DEPENDENT_ADE_RULES, FIND_DEPENDENT_RULES, FIND_DEPENDENT_CALCULATED_PROPERTIES, FIND_DEPENDENT_AQL_PROPERTIES, FIND_DEPENDENT_LOG_SOURCE_GROUPS, FIND_DEPENDENT_CUSTOM_PROPERTIES, FIND_DEPENDENT_REPORTS, FIND_DEPENDENT_DASHBOARDS, FIND_DEPENDENT_STORE_AND_FORWARD_POLOCIES, FIND_DEPENDENT_AUTHORIZED_SERVICES, FIND_DEPENDENT_OFFENSE_TYPES, FIND_DEPENDENT_ASSIGNED_OFFENSES, FIND_DEPENDENT_VULNERABILITIES, FIND_DEPENDENT_GROUPS, FIND_DEPENDENT_HISTORICAL_CORRELATION_PROFILES, FIND_DEPENDENT_SECURITY_PROFILES, FIND_DEPENDENT_ARIEL_INDEXING>" } ] }

POST /config/event_sources/custom_properties/calculated_property_dependent_tasks/{task_id}

Cancels the event calculated property dependent task.

Response Description

A Dependent Task Status object and the location header set to the task status URL "/api/config/event_sources/custom_properties/calculated_property_dependent_tasks/{task_id}". A Dependent Task Status object contains the following fields:

• id - Long - The ID of the task.

• message - String - The localized task message.

• status - String - The current state of the task.

• name - String - The name of the task.

• created_by - String - The name of the user who started the task.

• cancelled_by - String - The name of the user who requested to cancel the task.

• created - Long - The time in milliseconds since epoch since the task was created.

• started - Long - The time in milliseconds since epoch since the task was started.

• modified - Long - The time in milliseconds since epoch since the task was modified.

• completed - Long - The time in milliseconds since epoch since the task was completed.

• number_of_dependents - Long - The number of dependents found. The value is null until the task completes.

• maximum - Long - The maximum number of objects to check for dependency.

• progress - Long - The number of objects that were checked for dependency.

• task_components - Array - An array of task component objects. A task component object contains the following fields:

  • message - String - The localized sub-task status message.

  • status - String - The current state of the sub-task.

  • sub_task_type - String - The type of the sub-task

  • maximum - Long - The maximum number of objects to check for dependency.

  • progress - Long - The number of objects that were checked for dependency.

  • created - Long - The time in milliseconds since epoch since the sub-task was created.

  • started - Long - The time in milliseconds since epoch since the sub-task was started.

  • modified - Long - The time in milliseconds since epoch since the sub-task was modified.

  • completed - Long - The time in milliseconds since epoch since the sub-task was completed.

Response Sample

{ "cancelled_by": "String", "completed": 42, "created": 42, "created_by": "String", "id": 42, "maximum": 42, "message": "String", "modified": 42, "name": "String", "number_of_dependents": 42, "progress": 42, "started": 42, "status": "String <one of: CANCELLED, CANCELING, CANCEL_REQUESTED, COMPLETED, CONFLICT, EXCEPTION, INITIALIZING, INTERRUPTED, PAUSED, PROCESSING, QUEUED, RESUMING>", "task_components": [ { "completed": 42, "created": 42, "maximum": 42, "message": "String", "modified": 42, "number_of_dependents": 42, "progress": 42, "started": 42, "status": "String <one of: CANCELLED, CANCELING, CANCEL_REQUESTED, COMPLETED, CONFLICT, EXCEPTION, INITIALIZING, INTERRUPTED, PAUSED, PROCESSING, QUEUED, RESUMING>", "task_sub_type": "String <one of: FIND_DEPENDENT_ARIEL_SAVED_SEARCHES, FIND_DEPENDENT_OFFENSE_SAVED_SEARCHES, FIND_DEPENDENT_ASSET_SAVED_SEARCHES, FIND_DEPENDENT_VULNERABILITY_SAVED_SEARCHES, FIND_DEPENDENT_ADE_RULES, FIND_DEPENDENT_RULES, FIND_DEPENDENT_CALCULATED_PROPERTIES, FIND_DEPENDENT_AQL_PROPERTIES, FIND_DEPENDENT_LOG_SOURCE_GROUPS, FIND_DEPENDENT_CUSTOM_PROPERTIES, FIND_DEPENDENT_REPORTS, FIND_DEPENDENT_DASHBOARDS, FIND_DEPENDENT_STORE_AND_FORWARD_POLOCIES, FIND_DEPENDENT_AUTHORIZED_SERVICES, FIND_DEPENDENT_OFFENSE_TYPES, FIND_DEPENDENT_ASSIGNED_OFFENSES, FIND_DEPENDENT_VULNERABILITIES, FIND_DEPENDENT_GROUPS, FIND_DEPENDENT_HISTORICAL_CORRELATION_PROFILES, FIND_DEPENDENT_SECURITY_PROFILES, FIND_DEPENDENT_ARIEL_INDEXING>" } ] }

GET /config/event_sources/custom_properties/calculated_property_dependent_tasks/{task_id}/results

Retrieves the calculated property dependent task results.

Response Description

An list of Dependent objects. A Dependent object contains the following fields:

• dependent_id - String - The ID of the dependent resource.

• dependent_name - String - The name of the dependent resource (default resources can have localized names).

• dependent_owner - String - The owner of the dependent resource

• dependent_type - String - The type of the dependent resource

• dependent_database - String - The database of the dependent resource.

• dependent_group_ids - Array of Longs - List of groups that the dependent resource belongs to.

• user_has_edit_permissions - Boolean - True if the user who created the task has permission to edit this dependent resource.

Response Sample

[ { "blocking": true, "dependent_database": "String <one of: EVENTS, FLOWS>", "dependent_group_ids": [ 42 ], "dependent_id": "String", "dependent_name": "String", "dependent_owner": "String", "dependent_type": "String <one of: ARIEL_SAVED_SEARCH, ASSET_SAVED_SEARCH, OFFENSE_SAVED_SEARCH, VULNERABILITY_SAVED_SEARCH, QRM_SAVED_SEARCH_GROUP, ASSET_SAVED_SEARCH_GROUP, CUSTOM_RULE_GROUP, EVENT_ARIEL_SAVED_SEARCH_GROUP, FLOW_ARIEL_SAVED_SEARCH_GROUP, LOG_SOURCE_GROUP, MODEL_GROUP, OFFENSE_SAVED_SEARCH_GROUP, QUESTION_GROUP, REPORT_GROUP, SIMULATION_GROUP, TOPOLOGY_SAVED_SEARCH_GROUP, VULNERABILITY_SAVED_SEARCH_GROUP, ASSIGNED_OFFENSE, ASSIGNED_VULNERABILITY, AUTHORIZED_SERVICE, BUILDING_BLOCK, CRE_RULE, CRE_ADE_RULE, EVENT_REGEX_PROPERTY, EVENT_REGEX_PROPERTY_DEPENDENCY, EVENT_CALCULATED_PROPERTY, FLOW_REGEX_PROPERTY, FLOW_REGEX_PROPERTY_DEPENDENCY, FLOW_CALCULATED_PROPERTY, DASHBOARD, GV_REFERENCE, REPORT, REFERENCE_DATA, REFERENCE_DATA_MAP_OF_SETS, REFERENCE_DATA_MAPS, REFERENCE_DATA_SETS, REFERENCE_DATA_TABLES, REFERENCE_DATA_RESPONSE, REFERENCE_SET_RESPONSE, EVENT_RETENTION_BUCKET, FLOW_RETENTION_BUCKET, ROUTING_RULE, STORE_AND_FORWARD_POLICY, USER, HISTORICAL_PROFILE, OFFENSE, EVENT_AQL_PROPERTY, FLOW_AQL_PROPERTY, OFFENSE_TYPE, SECURITY_PROFILE, ARIEL_INDEX>", "user_has_edit_permissions": true } ]

GET /config/event_sources/custom_properties/calculated_property_operands

Retrieves the list of available options for calculated event property operand.

Response Description

An array that contains the available options for calculated event property operand.

Response Sample

[ "String" ]

GET /config/event_sources/custom_properties/property_expressions

Retrieves a list of event regex property expressions.

Response Description

A list of event regex property expressions. Each regex property expression contains the following fields:

• id - Integer - The sequence ID of the event regex property expression.

• identifier - String - The ID of the event regex property expression.

• regex_property_identifier - String - The identifier of the event regex property that this expression belongs to.

• enabled - Boolean - Flag that indicates whether this expression is enabled.

• regex - String - The regex to extract the property from the payload.

• capture_group - Integer - The capture group to capture.

• payload - String - Test payload. This parameter is only used in the UI so that the user can verify their regex matches the expected payload.

• log_source_type_id - Integer - The expression is only applied to events for this log source type.

• log_source_id - Integer - The expression is only applied to events for this log source (more specific than type alone).

• qid - Integer - The expression is only applied to events associated with this QID record.

• low_level_category_id - Integer - The expression is only applied to events with this low level category.

• username - String - The owner of the event regex property expression.

Response Sample

[ { "capture_group": 42, "creation_date": 42, "enabled": true, "id": 42, "identifier": "String", "log_source_id": 42, "log_source_type_id": 42, "low_level_category_id": 42, "modification_date": 42, "payload": "String", "qid": 42, "regex": "String", "regex_property_identifier": "String", "username": "String" } ]

POST /config/event_sources/custom_properties/property_expressions

Creates a new event regex property expression.

Response Description

The newly created event regex property expression that contains the following fields:

• id - Integer - The sequence ID of the event regex property expression.

• identifier - String - The ID of the event regex property expression.

• regex_property_identifier - String - The identifier of the event regex property that this expression belongs to.

• enabled - Boolean - Flag that indicates whether this expression is enabled.

• regex - String - The regex to extract the property from the payload.

• capture_group - Integer - The capture group to capture.

• payload - String - Test payload. This parameter is only used in the UI so that the user can verify their regex matches the expected payload.

• log_source_type_id - Integer - The expression is only applied to events for this log source type.

• log_source_id - Integer - The expression is only applied to events for this log source (more specific than type alone).

• qid - Integer - The expression is only applied to events associated with this QID record.

• low_level_category_id - Integer - The expression is only applied to events with this low level category.

• username - String - The owner of the event regex property expression.

Response Sample

{ "capture_group": 42, "creation_date": 42, "enabled": true, "id": 42, "identifier": "String", "log_source_id": 42, "log_source_type_id": 42, "low_level_category_id": 42, "modification_date": 42, "payload": "String", "qid": 42, "regex": "String", "regex_property_identifier": "String", "username": "String" }

GET /config/event_sources/custom_properties/property_expressions/{expression_id}

Retrieves an event regex property expression based on the supplied expression ID.

Response Description

A event regex property expression that contains the following fields:

• id - Integer - The sequence ID of the event regex property expression.

• identifier - String - The ID of the event regex property expression.

• regex_property_identifier - String - The identifier of the event regex property that this expression belongs to.

• enabled - Boolean - Flag that indicates whether this expression is enabled.

• regex - String - The regex to extract the property from the payload.

• capture_group - Integer - The capture group to capture.

• payload - String - Test payload. This parameter is only used in the UI so that the user can verify their regex matches the expected payload.

• log_source_type_id - Integer - The expression is only applied to events for this log source type.

• log_source_id - Integer - The expression is only applied to events for this log source (more specific than type alone).

• qid - Integer - The expression is only applied to events associated with this QID record.

• low_level_category_id - Integer - The expression is only applied to events with this low level category.

• username - String - The owner of the event regex property expression.

Response Sample

{ "capture_group": 42, "creation_date": 42, "enabled": true, "id": 42, "identifier": "String", "log_source_id": 42, "log_source_type_id": 42, "low_level_category_id": 42, "modification_date": 42, "payload": "String", "qid": 42, "regex": "String", "regex_property_identifier": "String", "username": "String" }

POST /config/event_sources/custom_properties/property_expressions/{expression_id}

Updates an existing event regex property expression.

Response Description

The updated event regex property expression object contains the following fields:

• id - Integer - The sequence ID of the event regex property expression.

• identifier - String - The ID of the event regex property expression.

• regex_property_identifier - String - The ID of the event regex property that this expression belongs to.

• enabled - Boolean - Flag that indicates whether this expression is enabled.

• regex - String - The regex to extract the property from the payload.

• capture_group - Integer - The capture group to capture.

• payload - String - Test payload. This parameter is only used in the UI so that the user can verify their regex matches the expected payload.

• log_source_type_id - Integer - The expression is only applied to events for this log source type.

• log_source_id - Integer - The expression is only applied to events for this log source (more specific than type alone).

• qid - Integer - The expression is only applied to events associated with this QID record.

• low_level_category_id - Integer - The expression is only applied to events with this low level category.

• username - String - The owner of the event regex property expression.

Response Sample

{ "capture_group": 42, "creation_date": 42, "enabled": true, "id": 42, "identifier": "String", "log_source_id": 42, "log_source_type_id": 42, "low_level_category_id": 42, "modification_date": 42, "payload": "String", "qid": 42, "regex": "String", "regex_property_identifier": "String", "username": "String" }

DELETE /config/event_sources/custom_properties/property_expressions/{expression_id}

Deletes an event regex property expression based on the supplied expression ID.

Response Sample

DELETE /config/event_sources/custom_properties/property_json_expressions/{expression_id}

Deletes an Ariel property JSON expression based on the supplied expression ID.

Response Description

Response Sample

GET /config/event_sources/custom_properties/property_json_expressions/{expression_id}

Retrieves an Ariel property JSON expression based on the supplied expression ID.

Response Description

An Ariel property JSON expression that contains the following fields:

• id - Integer - The sequence ID of the Ariel property JSON expression.

• identifier - String - The ID of the Ariel property JSON expression.

• regex_property_identifier - String - The identifier of the event regex property that this expression belongs to.

• enabled - Boolean - Flag that indicates whether this expression is enabled.

• expression - String - The JSON expression path to find the property value from the JSON payload.

• payload - String - Test payload. This parameter is only used in the UI so that you can verify your expression matches the expected payload.

• log_source_type_id - Integer - The expression is only applied to events for this log source type.

• log_source_id - Integer - The expression is only applied to events for this log source (more specific than type alone).

• qid - Integer - The expression is only applied to events associated with this QID record.

• low_level_category_id - Integer - The expression is only applied to events with this low level category.

• username - String - The owner of the Ariel property JSON expression.

Response Sample

{ "creation_date": 42, "enabled": true, "expression": "String", "id": 42, "identifier": "String", "log_source_id": 42, "log_source_type_id": 42, "low_level_category_id": 42, "modification_date": 42, "payload": "String", "qid": 42, "regex_property_identifier": "String", "username": "String" }

POST /config/event_sources/custom_properties/property_json_expressions/{expression_id}

Updates an existing Ariel property JSON expression.

Response Description

The updated Ariel property JSON expression object contains the following fields:

• id - Integer - The sequence ID of the Ariel property JSON expression.

• identifier - String - The ID of the Ariel property JSON expression.

• regex_property_identifier - String - The identifier of the event regex property that this expression belongs to.

• enabled - Boolean - Flag that indicates whether this expression is enabled.

• expression - String - The JSON expression path to find the property value from the JSON payload.

• payload - String - Test payload. This parameter is only used in the UI so that you can verify your expression matches the expected payload.

• log_source_type_id - Integer - The expression is only applied to events for this log source type.

• log_source_id - Integer - The expression is only applied to events for this log source (more specific than type alone).

• qid - Integer - The expression is only applied to events associated with this QID record.

• low_level_category_id - Integer - The expression is only applied to events with this low level category.

• username - String - The owner of the Ariel property JSON expression.

Response Sample

{ "creation_date": 42, "enabled": true, "expression": "String", "id": 42, "identifier": "String", "log_source_id": 42, "log_source_type_id": 42, "low_level_category_id": 42, "modification_date": 42, "payload": "String", "qid": 42, "regex_property_identifier": "String", "username": "String" }

GET /config/event_sources/custom_properties/property_json_expressions

Retrieves a list of Ariel property JSON expressions.

Response Description

A list of Ariel property JSON expressions. Each Ariel property JSON expression contains the following fields:

• id - Integer - The sequence ID of the Ariel property JSON expression.

• identifier - String - The ID of the Ariel property JSON expression.

• regex_property_identifier - String - The identifier of the event regex property that this expression belongs to.

• enabled - Boolean - Flag that indicates whether this expression is enabled.

• expression - String - The JSON expression path to find the property value from the JSON payload.

• payload - String - Test payload. This parameter is only used in the UI so that you can verify your expression matches the expected payload.

• log_source_type_id - Integer - The expression is only applied to events for this log source type.

• log_source_id - Integer - The expression is only applied to events for this log source (more specific than type alone).

• qid - Integer - The expression is only applied to events associated with this QID record.

• low_level_category_id - Integer - The expression is only applied to events with this low level category.

• username - String - The owner of the Ariel property JSON expression.

Response Sample

[ { "creation_date": 42, "enabled": true, "expression": "String", "id": 42, "identifier": "String", "log_source_id": 42, "log_source_type_id": 42, "low_level_category_id": 42, "modification_date": 42, "payload": "String", "qid": 42, "regex_property_identifier": "String", "username": "String" } ]

POST /config/event_sources/custom_properties/property_json_expressions

Creates a new Ariel property JSON expression.

Response Description

The newly created Ariel property JSON expression that contains the following fields:

• id - Integer - The sequence ID of the Ariel property JSON expression.

• identifier - String - The ID of the Ariel property JSON expression.

• regex_property_identifier - String - The identifier of the event regex property that this expression belongs to.

• enabled - Boolean - Flag that indicates whether this expression is enabled.

• expression - String - The JSON expression path to find the property value from the JSON payload.

• payload - String - Test payload. This parameter is only used in the UI so that you can verify your expression matches the expected payload.

• log_source_type_id - Integer - The expression is only applied to events for this log source type.

• log_source_id - Integer - The expression is only applied to events for this log source (more specific than type alone).

• qid - Integer - The expression is only applied to events associated with this QID record.

• low_level_category_id - Integer - The expression is only applied to events with this low level category.

• username - String - The owner of the Ariel property JSON expression.

Response Sample

{ "creation_date": 42, "enabled": true, "expression": "String", "id": 42, "identifier": "String", "log_source_id": 42, "log_source_type_id": 42, "low_level_category_id": 42, "modification_date": 42, "payload": "String", "qid": 42, "regex_property_identifier": "String", "username": "String" }

GET /config/event_sources/custom_properties/regex_properties

Retrieves a list of event regex properties.

Response Description

A list of event regex properties. Each regex property contains the following fields:

• id - Integer - The sequence ID of the event regex property.

• identifier - String - The ID of the event regex property.

• name - String - The name of the event regex property.

• username - String - The owner of the event regex property.

• description - String - The description of the event regex property.

• property_type - String - The property type (STRING, NUMERIC, IP, PORT, TIME) of event regex property.

• use_for_rule_engine - Boolean - The flag to indicate if the event regex property is parsed when the event is received.

• datetime_format - String - The date/time pattern that the event regex property matches.

• locale - String - The Language tag of what locale the Property matches.

• auto_discovered - Boolean - The flag to indicate if the event regex property is generated by custom properties discovery engine.

Response Sample

[ { "auto_discovered": true, "creation_date": 42, "datetime_format": "String", "description": "String", "id": 42, "identifier": "String", "locale": "String", "modification_date": 42, "name": "String", "property_type": "String <one of: string, numeric, ip, port, time>", "use_for_rule_engine": true, "username": "String" } ]

POST /config/event_sources/custom_properties/regex_properties

Creates a new event regex property.

Response Description

The newly created event regex property that contains the following fields:

• id - Integer - The sequence ID of the event regex property.

• identifier - String - The ID of the event regex property.

• name - String - The name of the event regex property.

• username - String - The owner of the event regex property.

• description - String - The description of the event regex property.

• property_type - String - The property type (string, numeric, ip, port, time) of event regex property.

• use_for_rule_engine - Boolean - The flag to indicate if the event regex property is parsed when the event is received.

• datetime_format - String - The date/time pattern that the event regex property matches.

• locale - String - The language tag of the locale that the property matches.

• auto_discovered - Boolean - The flag to indicate if the event regex property is generated by custom properties discovery engine.

Response Sample

{ "auto_discovered": true, "creation_date": 42, "datetime_format": "String", "description": "String", "id": 42, "identifier": "String", "locale": "String", "modification_date": 42, "name": "String", "property_type": "String <one of: string, numeric, ip, port, time>", "use_for_rule_engine": true, "username": "String" }

GET /config/event_sources/custom_properties/regex_properties/{regex_property_id}

Retrieves a event regex property based on the supplied regex property ID.

Response Description

A event regex property that contains the following fields:

• id - Integer - The sequence ID of the event regex property.

• identifier - String - The ID of the event regex property.

• name - String - The name of the event regex property.

• username - String - The owner of the event regex property.

• description - String - The description of the event regex property.

• property_type - String - The property type (string, numeric, ip, port, time) of the event regex property.

• use_for_rule_engine - Boolean - The flag to indicate if the event regex property is parsed when the event is received.

• datetime_format - String - The date/time pattern that the event regex property matches.

• locale - String - The language tag of the locale that the property matches.

• auto_discovered - Boolean - The flag to indicate if the event regex property is generated by custom properties discovery engine.

Response Sample

{ "auto_discovered": true, "creation_date": 42, "datetime_format": "String", "description": "String", "id": 42, "identifier": "String", "locale": "String", "modification_date": 42, "name": "String", "property_type": "String <one of: string, numeric, ip, port, time>", "use_for_rule_engine": true, "username": "String" }

POST /config/event_sources/custom_properties/regex_properties/{regex_property_id}

Updates an existing event regex property.

Response Description

The updated event regex property object contains the following fields:

• id - Integer - The sequence ID of the event regex property.

• identifier - String - The ID of the event regex property.

• name - String - The name of the event regex property.

• username - String - The owner of the event regex property.

• description - String - The description of the event regex property.

• property_type - String - The property type (string, numeric, ip, port, time) of event regex property.

• use_for_rule_engine - Boolean - The flag to indicate if the event regex property is parsed when the event is received.

• datetime_format - String - The date/time pattern that the event regex property matches.

• locale - String - The language tag of the locale the the property matches.

• auto_discovered - Boolean - The flag to indicate if the event regex property is generated by custom properties discovery engine.

Response Sample

{ "auto_discovered": true, "creation_date": 42, "datetime_format": "String", "description": "String", "id": 42, "identifier": "String", "locale": "String", "modification_date": 42, "name": "String", "property_type": "String <one of: string, numeric, ip, port, time>", "use_for_rule_engine": true, "username": "String" }

DELETE /config/event_sources/custom_properties/regex_properties/{regex_property_id}

Deletes an event regex property. To ensure safe deletion, a dependency check is carried out. This check might take some time. An asynchronous task is started to do this check.

Response Description

A Delete Task Status object and the location header set to the task status URL "/api/config/event_sources/custom_properties/regex_property_delete_tasks/{task_id}". A Delete Task Status object contains the following fields:

• id - Long - The ID of the task.

• message - String - The localized task message.

• status - String - The current state of the task.

• name - String - The name of the task.

• created_by - String - The name of the user who started the task.

• created - Long - The time in milliseconds since epoch since the task was created.

• started - Long - The time in milliseconds since epoch since the task was started.

• modified - Long - The time in milliseconds since epoch since the task was modified.

• completed - Long - The time in milliseconds since epoch since the task was completed.

Response Sample

{ "completed": 42, "created": 42, "created_by": "String", "id": 42, "message": "String", "modified": 42, "name": "String", "started": 42, "status": "String <one of: CANCELLED, CANCELING, CANCEL_REQUESTED, COMPLETED, CONFLICT, EXCEPTION, INITIALIZING, INTERRUPTED, PAUSED, PROCESSING, QUEUED, RESUMING>" }

GET /config/event_sources/custom_properties/regex_properties/{regex_property_id}/dependents

Retrieves the objects that depend on the event regex property.

Response Description

A Dependents Task Status object and the location header set to the task status URL "/api/config/event_sources/custom_properties/regex_property_dependents_tasks/{task_id}". A Dependent Task Status object contains the following fields:

• id - Long - The ID of the task.

• message - String - The localized task message.

• status - String - The current state of the task.

• name - String - The name of the task.

• created_by - String - The name of the user who started the task.

• cancelled_by - String - The name of the user who requested to cancel the task.

• created - Long - The time in milliseconds since epoch since the task was created.

• started - Long - The time in milliseconds since epoch since the task was started.

• modified - Long - The time in milliseconds since epoch since the task was modified.

• completed - Long - The time in milliseconds since epoch since the task was completed.

• number_of_dependents - Long - The number of dependents found. The value is null until the task completes.

• maximum - Long - The maximum number of objects to check for dependency.

• progress - Long - The number of objects that were checked for dependency.

• task_components - Array - An array of task component objects. A task component object contains the following fields:

  • message - String - The localized sub-task status message.

  • status - String - The current state of the sub-task.

  • sub_task_type - String - The type of the sub-task

  • maximum - Long - The maximum number of objects to check for dependency.

  • progress - Long - The number of objects that were checked for dependency.

  • created - Long - The time in milliseconds since epoch since the sub-task was created.

  • started - Long - The time in milliseconds since epoch since the sub-task was started.

  • modified - Long - The time in milliseconds since epoch since the sub-task was modified.

  • completed - Long - The time in milliseconds since epoch since the sub-task was completed.

Response Sample

{ "cancelled_by": "String", "completed": 42, "created": 42, "created_by": "String", "id": 42, "maximum": 42, "message": "String", "modified": 42, "name": "String", "number_of_dependents": 42, "progress": 42, "started": 42, "status": "String <one of: CANCELLED, CANCELING, CANCEL_REQUESTED, COMPLETED, CONFLICT, EXCEPTION, INITIALIZING, INTERRUPTED, PAUSED, PROCESSING, QUEUED, RESUMING>", "task_components": [ { "completed": 42, "created": 42, "maximum": 42, "message": "String", "modified": 42, "number_of_dependents": 42, "progress": 42, "started": 42, "status": "String <one of: CANCELLED, CANCELING, CANCEL_REQUESTED, COMPLETED, CONFLICT, EXCEPTION, INITIALIZING, INTERRUPTED, PAUSED, PROCESSING, QUEUED, RESUMING>", "task_sub_type": "String <one of: FIND_DEPENDENT_ARIEL_SAVED_SEARCHES, FIND_DEPENDENT_OFFENSE_SAVED_SEARCHES, FIND_DEPENDENT_ASSET_SAVED_SEARCHES, FIND_DEPENDENT_VULNERABILITY_SAVED_SEARCHES, FIND_DEPENDENT_ADE_RULES, FIND_DEPENDENT_RULES, FIND_DEPENDENT_CALCULATED_PROPERTIES, FIND_DEPENDENT_LOG_SOURCE_GROUPS, FIND_DEPENDENT_CUSTOM_PROPERTIES, FIND_DEPENDENT_REPORTS, FIND_DEPENDENT_DASHBOARDS, FIND_DEPENDENT_STORE_AND_FORWARD_POLICIES, FIND_DEPENDENT_AUTHORIZED_SERVICES, FIND_DEPENDENT_OFFENSE_TYPES, FIND_DEPENDENT_ASSIGNED_OFFENSES, FIND_DEPENDENT_VULNERABILITIES, FIND_DEPENDENT_GROUPS, FIND_DEPENDENT_HISTORICAL_CORRELATION_PROFILES>" } ] }

GET /config/event_sources/custom_properties/regex_property_delete_tasks/{task_id}

Retrieves the event regex property delete task status.