Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

GET /config/event_sources/custom_properties/property_cef_expressions

Retrieves a list of CEF expressions.

Retrieves a list of CEF expressions.

Table 1: GET /config/event_sources/custom_properties/property_cef_expressions Resource Details

MIME Type

application/json

Table 2: GET /config/event_sources/custom_properties/property_cef_expressions Request Parameter Details

Parameter

Type

Optionality

Data Type

MIME Type

Description

Range

header

Optional

String

text/plain

Optional - Use this parameter to restrict the number of elements that are returned in the list to a specified range. The list is indexed starting at zero.

fields

query

Optional

String

text/plain

Optional - Use this parameter to specify which fields you would like to get back in the response. Fields that are not named are excluded. Specify subfields in brackets and multiple fields in the same object are separated by commas.

filter

query

Optional

String

text/plain

Optional - This parameter is used to restrict the elements in a list base on the contents of various fields.

Table 3: GET /config/event_sources/custom_properties/property_cef_expressions Response Codes

HTTP Response Code

Unique Code

Description

200

 

The requested list of CEF expressions was retrieved.

422

1010

An error occurred while building the filter.

500

1020

An error occurred during the attempt to retrieve the list of CEF expressions.

Response Description

A list of CEF expressions. Each CEF expression contains the following fields:

  • id - Integer - The sequence ID of the CEF expression.

  • identifier - String - The unique ID of the CEF expression. This value is in the form of a UUID.

  • regex_property_identifier - String - The identifier of the event regex property to which this expression belongs.

  • enabled - Boolean - Flag that indicates whether this expression is enabled.

  • expression - String - The CEF expression path to find the property value from the CEF payload.

  • payload - String - Test payload. This parameter is only used in the UI so that you can verify that your expression matches the expected payload.

  • log_source_type_id - Integer - The expression is only applied to events for this log source type.

  • log_source_id - Integer - The expression is only applied to events for this log source (more specific than type alone).

  • qid - Integer - The expression is only applied to events associated with this QID record.

  • low_level_category_id - Integer - The expression is only applied to events with this low level category.

  • username - String - The owner of the CEF expression.

Response Sample