List and query events.

Basic Parameters

ParameterDescription
Occurred AfterReturn alarms that occurred after given date.
Occurred BeforeReturn alarms that occurred before given date.
SortSort by a given parameter and direction.

Advanced Parameters

ParameterDescription
Account NameThe name of the account.
Event NameThe name of the event.
LimitThe maximum number of results to return per page.
Page NumberThe number of the page to return.
Plugin NameThe name of the plugin.
Sensor UUIDThe UUID of the source sensor.
Source NameThe name of the source.
Source UsernameThe username of the person that triggered the event.
SuppressedReturn alarms with the suppressed flag.

Example Output

{
	"_links": {
		"first": {
			"href": "https://mysubdomain.alienvault.cloud/api/2.0/events?page=0&size=20&sort=timestamp_occured,desc",
			"templated": false
		},
		"self": {
			"href": "https://mysubdomain.alienvault.cloud/api/2.0/events",
			"templated": false
		},
		"next": {
			"href": "https://mysubdomain.alienvault.cloud/api/2.0/events?page=1&size=20&sort=timestamp_occured,desc",
			"templated": false
		},
		"last": {
			"href": "https://mysubdomain.alienvault.cloud/api/2.0/events?page=175&size=20&sort=timestamp_occured,desc",
			"templated": false
		}
	},
	"_embedded": {
		"events": [
			{
				"uuid": "39a6918f-33f2-ec9b-0fcc-42bb90f10a1f",
				"account_name": "generic-account",
				"plugin_device_type": "Cloud Infrastructure",
				"destination_canonical": "s3.amazonaws.com",
				"destination_name": "s3.amazonaws.com",
				"has_alarm": false,
				"request_user_agent": "s3.amazonaws.com",
				"packet_type": "log",
				"source_canonical": "s3.amazonaws.com",
				"event_name": "PutObject",
				"timestamp_occured": "1528817037000",
				"source_service_name": "s3.amazonaws.com",
				"event_type": "AwsApiCall",
				"app_name": "amazon-aws",
				"timestamp_received": "1528817107938",
				"destination_hostname": "s3.amazonaws.com",
				"source_infrastructure_name": "Amazon Global",
				"plugin": "Amazon AWS CloudTrail",
				"app_type": "amazon-aws",
				"authentication_type": "AWSService",
				"access_control_outcome": "Allow",
				"suppressed": "false",
				"plugin_device": "CloudTrail",
				"destination_infrastructure_type": "Cloud Service",
				"source_infrastructure_type": "Cloud Service",
				"destination_zone": "us-east-1",
				"needs_enrichment": true,
				"source_hostname": "s3.amazonaws.com",
				"app_id": "amazon-aws",
				"plugin_family": "Amazon",
				"plugin_version": "0.24",
				"destination_userid": "101720206348",
				"event_action": "Create",
				"destination_infrastructure_name": "Amazon Global",
				"source_name": "s3.amazonaws.com",
				"received_from": "s3.amazonaws.com",
				"event_description": "Action for uploading an object (PUT or POST).",
				"_links": {
					"self": {
						"href": "https://mysubdomain.aveng.us/api/2.0/events/39a6918f-33f2-ec9b-0fcc-42bb90f10a1f",
						"templated": false
					}
				}
			}
		]
	},
	"page": {
		"size": 20,
		"totalElements": 3506,
		"totalPages": 176,
		"number": 0
	}
}

Workflow Library Example

List Events with Alienvault Usm and Send Results Via Email
Workflow LibraryPreview this Workflow on desktop