Page tree


This API call applies to both Armor Complete and Armor Anywhere users.

The Search Log Events API retrieves a list of security log events.

You can use the Get Packages Status API to find the Core Instance ID (coreInstanceId).

Sample request

   "viewName": "Trend FIM List",
   "parameters": {
       "coreinstance_id": "b7939804-3190-494e-933f-f837fe545c3a",
       "size": 10,
       "from": 0,
       "include_filteroptions": true,
       "include_aggregations": true


The following table describes the different parts of this API call: 

API Call / URLMethod / Type



The following table describes the parameter (or parameters) for this API call:

ParameterDescriptionFormatRequired or optionalExample
viewNameType of result set to pull back FIM ("Trend FIM List" ) or Anti-Malware ("Trend Malware List")StringRequiredTrend FIM List
coreinstance_idCoreinstance id for security events detailsStringRequiredb7939804-3190-494e-933f-f837fe545c3a
sizeNumber of entries per pageIntegerOptional10
fromIndex of page to start pulling entries fromIntegerOptional0
include_filteroptionsInclude filter options in result setBooleanOptionaltrue
include_aggregationsInclude aggregation options in result setBooleanOptionaltrue

Sample return

   "total": 154,
   "items": [
           "Description": "When scanned the File had the following attributes:
   Permissions: user::rw- group::r-- other::r--\\n",
           "ChangeType": "created",
           "Timestamp": "2015-01-05T00:38:23Z",
           "Filename": "/var/log/unattended-upgrades/unattended-upgrades.log.2.gz"
   "filterOptions": {
       "Change Types": [
   "aggregations": {
       "lasttimestamp": {
           "value": 1483576703000.0

In this topic

Have a suggestion for the Armor Knowledge Base? Send a message to