List Events

List and query events.

Basic Parameters

Parameter	Description
Occurred After	Return alarms that occurred after given date.
Occurred Before	Return alarms that occurred before given date.
Sort	Sort by a given parameter and direction.

Advanced Parameters

Parameter	Description
Account Name	The name of the account.
Event Name	The name of the event.
Limit	The maximum number of results to return per page.
Page Number	The number of the page to return.
Plugin Name	The name of the plugin.
Sensor UUID	The UUID of the source sensor.
Source Name	The name of the source.
Source Username	The username of the person that triggered the event.
Suppressed	Return alarms with the `suppressed` flag.

Example Output

{
	"_links": {
		"first": {
			"href": "https://mysubdomain.alienvault.cloud/api/2.0/events?page=0&size=20&sort=timestamp_occured,desc",
			"templated": false
		},
		"self": {
			"href": "https://mysubdomain.alienvault.cloud/api/2.0/events",
			"templated": false
		},
		"next": {
			"href": "https://mysubdomain.alienvault.cloud/api/2.0/events?page=1&size=20&sort=timestamp_occured,desc",
			"templated": false
		},
		"last": {
			"href": "https://mysubdomain.alienvault.cloud/api/2.0/events?page=175&size=20&sort=timestamp_occured,desc",
			"templated": false
		}
	},
	"_embedded": {
		"events": [
			{
				"uuid": "39a6918f-33f2-ec9b-0fcc-42bb90f10a1f",
				"account_name": "generic-account",
				"plugin_device_type": "Cloud Infrastructure",
				"destination_canonical": "s3.amazonaws.com",
				"destination_name": "s3.amazonaws.com",
				"has_alarm": false,
				"request_user_agent": "s3.amazonaws.com",
				"packet_type": "log",
				"source_canonical": "s3.amazonaws.com",
				"event_name": "PutObject",
				"timestamp_occured": "1528817037000",
				"source_service_name": "s3.amazonaws.com",
				"event_type": "AwsApiCall",
				"app_name": "amazon-aws",
				"timestamp_received": "1528817107938",
				"destination_hostname": "s3.amazonaws.com",
				"source_infrastructure_name": "Amazon Global",
				"plugin": "Amazon AWS CloudTrail",
				"app_type": "amazon-aws",
				"authentication_type": "AWSService",
				"access_control_outcome": "Allow",
				"suppressed": "false",
				"plugin_device": "CloudTrail",
				"destination_infrastructure_type": "Cloud Service",
				"source_infrastructure_type": "Cloud Service",
				"destination_zone": "us-east-1",
				"needs_enrichment": true,
				"source_hostname": "s3.amazonaws.com",
				"app_id": "amazon-aws",
				"plugin_family": "Amazon",
				"plugin_version": "0.24",
				"destination_userid": "101720206348",
				"event_action": "Create",
				"destination_infrastructure_name": "Amazon Global",
				"source_name": "s3.amazonaws.com",
				"received_from": "s3.amazonaws.com",
				"event_description": "Action for uploading an object (PUT or POST).",
				"_links": {
					"self": {
						"href": "https://mysubdomain.aveng.us/api/2.0/events/39a6918f-33f2-ec9b-0fcc-42bb90f10a1f",
						"templated": false
					}
				}
			}
		]
	},
	"page": {
		"size": 20,
		"totalElements": 3506,
		"totalPages": 176,
		"number": 0
	}
}

Workflow Library Example

List Events with Alienvault Usm and Send Results Via Email

Preview this Workflow on desktop

On this page

Basic Parameters
Advanced Parameters
Example Output
Workflow Library Example

List and query events.

Basic Parameters

Parameter	Description
Occurred After	Return alarms that occurred after given date.
Occurred Before	Return alarms that occurred before given date.
Sort	Sort by a given parameter and direction.

Advanced Parameters

Parameter	Description
Account Name	The name of the account.
Event Name	The name of the event.
Limit	The maximum number of results to return per page.
Page Number	The number of the page to return.
Plugin Name	The name of the plugin.
Sensor UUID	The UUID of the source sensor.
Source Name	The name of the source.
Source Username	The username of the person that triggered the event.
Suppressed	Return alarms with the `suppressed` flag.

Example Output

{
	"_links": {
		"first": {
			"href": "https://mysubdomain.alienvault.cloud/api/2.0/events?page=0&size=20&sort=timestamp_occured,desc",
			"templated": false
		},
		"self": {
			"href": "https://mysubdomain.alienvault.cloud/api/2.0/events",
			"templated": false
		},
		"next": {
			"href": "https://mysubdomain.alienvault.cloud/api/2.0/events?page=1&size=20&sort=timestamp_occured,desc",
			"templated": false
		},
		"last": {
			"href": "https://mysubdomain.alienvault.cloud/api/2.0/events?page=175&size=20&sort=timestamp_occured,desc",
			"templated": false
		}
	},
	"_embedded": {
		"events": [
			{
				"uuid": "39a6918f-33f2-ec9b-0fcc-42bb90f10a1f",
				"account_name": "generic-account",
				"plugin_device_type": "Cloud Infrastructure",
				"destination_canonical": "s3.amazonaws.com",
				"destination_name": "s3.amazonaws.com",
				"has_alarm": false,
				"request_user_agent": "s3.amazonaws.com",
				"packet_type": "log",
				"source_canonical": "s3.amazonaws.com",
				"event_name": "PutObject",
				"timestamp_occured": "1528817037000",
				"source_service_name": "s3.amazonaws.com",
				"event_type": "AwsApiCall",
				"app_name": "amazon-aws",
				"timestamp_received": "1528817107938",
				"destination_hostname": "s3.amazonaws.com",
				"source_infrastructure_name": "Amazon Global",
				"plugin": "Amazon AWS CloudTrail",
				"app_type": "amazon-aws",
				"authentication_type": "AWSService",
				"access_control_outcome": "Allow",
				"suppressed": "false",
				"plugin_device": "CloudTrail",
				"destination_infrastructure_type": "Cloud Service",
				"source_infrastructure_type": "Cloud Service",
				"destination_zone": "us-east-1",
				"needs_enrichment": true,
				"source_hostname": "s3.amazonaws.com",
				"app_id": "amazon-aws",
				"plugin_family": "Amazon",
				"plugin_version": "0.24",
				"destination_userid": "101720206348",
				"event_action": "Create",
				"destination_infrastructure_name": "Amazon Global",
				"source_name": "s3.amazonaws.com",
				"received_from": "s3.amazonaws.com",
				"event_description": "Action for uploading an object (PUT or POST).",
				"_links": {
					"self": {
						"href": "https://mysubdomain.aveng.us/api/2.0/events/39a6918f-33f2-ec9b-0fcc-42bb90f10a1f",
						"templated": false
					}
				}
			}
		]
	},
	"page": {
		"size": 20,
		"totalElements": 3506,
		"totalPages": 176,
		"number": 0
	}
}

Workflow Library Example

List Events with Alienvault Usm and Send Results Via Email

Preview this Workflow on desktop

On this page

Basic Parameters
Advanced Parameters
Example Output
Workflow Library Example

Basic Parameters

Advanced Parameters

Example Output

Workflow Library Example

Case Management

Automated Case Management

Case Management Dashboard

Case Management Interface

Triggers & Actions

Case Management Settings

List Events

Basic Parameters

Advanced Parameters

Example Output

Workflow Library Example

​Basic Parameters

​Advanced Parameters

​Example Output

​Workflow Library Example

Case Management

Automated Case Management

Case Management Dashboard

Case Management Interface

Triggers & Actions

Case Management Settings

​Basic Parameters

​Advanced Parameters

​Example Output

​Workflow Library Example

Basic Parameters

Advanced Parameters

Example Output

Workflow Library Example

Basic Parameters

Advanced Parameters

Example Output

Workflow Library Example