List Events
List and query events.
Basic Parameters
| Parameter | Description |
|---|---|
| Occurred After | Return alarms that occurred after given date. |
| Occurred Before | Return alarms that occurred before given date. |
| Sort | Sort by a given parameter and direction. |
Advanced Parameters
| Parameter | Description |
|---|---|
| Account Name | The name of the account. |
| Event Name | The name of the event. |
| Limit | The maximum number of results to return per page. |
| Page Number | The number of the page to return. |
| Plugin Name | The name of the plugin. |
| Sensor UUID | The UUID of the source sensor. |
| Source Name | The name of the source. |
| Source Username | The username of the person that triggered the event. |
| Suppressed | Return alarms with the suppressed flag. |
Example Output
{
"_links": {
"first": {
"href": "https://mysubdomain.alienvault.cloud/api/2.0/events?page=0&size=20&sort=timestamp_occured,desc",
"templated": false
},
"self": {
"href": "https://mysubdomain.alienvault.cloud/api/2.0/events",
"templated": false
},
"next": {
"href": "https://mysubdomain.alienvault.cloud/api/2.0/events?page=1&size=20&sort=timestamp_occured,desc",
"templated": false
},
"last": {
"href": "https://mysubdomain.alienvault.cloud/api/2.0/events?page=175&size=20&sort=timestamp_occured,desc",
"templated": false
}
},
"_embedded": {
"events": [
{
"uuid": "39a6918f-33f2-ec9b-0fcc-42bb90f10a1f",
"account_name": "generic-account",
"plugin_device_type": "Cloud Infrastructure",
"destination_canonical": "s3.amazonaws.com",
"destination_name": "s3.amazonaws.com",
"has_alarm": false,
"request_user_agent": "s3.amazonaws.com",
"packet_type": "log",
"source_canonical": "s3.amazonaws.com",
"event_name": "PutObject",
"timestamp_occured": "1528817037000",
"source_service_name": "s3.amazonaws.com",
"event_type": "AwsApiCall",
"app_name": "amazon-aws",
"timestamp_received": "1528817107938",
"destination_hostname": "s3.amazonaws.com",
"source_infrastructure_name": "Amazon Global",
"plugin": "Amazon AWS CloudTrail",
"app_type": "amazon-aws",
"authentication_type": "AWSService",
"access_control_outcome": "Allow",
"suppressed": "false",
"plugin_device": "CloudTrail",
"destination_infrastructure_type": "Cloud Service",
"source_infrastructure_type": "Cloud Service",
"destination_zone": "us-east-1",
"needs_enrichment": true,
"source_hostname": "s3.amazonaws.com",
"app_id": "amazon-aws",
"plugin_family": "Amazon",
"plugin_version": "0.24",
"destination_userid": "101720206348",
"event_action": "Create",
"destination_infrastructure_name": "Amazon Global",
"source_name": "s3.amazonaws.com",
"received_from": "s3.amazonaws.com",
"event_description": "Action for uploading an object (PUT or POST).",
"_links": {
"self": {
"href": "https://mysubdomain.aveng.us/api/2.0/events/39a6918f-33f2-ec9b-0fcc-42bb90f10a1f",
"templated": false
}
}
}
]
},
"page": {
"size": 20,
"totalElements": 3506,
"totalPages": 176,
"number": 0
}
}
Workflow Library Example
List Events with Alienvault Usm and Send Results Via Email
Preview this Workflow on desktop