Page tree

Overview

This API call applies to both Armor Complete and Armor Anywhere users.

The Search Log Events API retrieves a list of security log events.

You can use the Get Packages Status API to find the Core Instance ID (coreInstanceId).


Sample request

POST https://api.armor.com/log-search/templatedsearch
{
   "viewName": "Trend FIM List",
   "parameters": {
       "coreinstance_id": "b7939804-3190-494e-933f-f837fe545c3a",
       "size": 10,
       "from": 0,
       "include_filteroptions": true,
       "include_aggregations": true
   }
}

Input

The following table describes the different parts of this API call: 

API Call / URLMethod / Type

/log-search/templatedsearch

POST

The following table describes the parameter (or parameters) for this API call:

ParameterDescriptionFormatRequired or optionalExample
viewNameType of result set to pull back FIM ("Trend FIM List" ) or Anti-Malware ("Trend Malware List")StringRequiredTrend FIM List
coreinstance_idCoreinstance id for security events detailsStringRequiredb7939804-3190-494e-933f-f837fe545c3a
sizeNumber of entries per pageIntegerOptional10
fromIndex of page to start pulling entries fromIntegerOptional0
include_filteroptionsInclude filter options in result setBooleanOptionaltrue
include_aggregationsInclude aggregation options in result setBooleanOptionaltrue

Sample return

StatusResponse
200
{
   "total": 154,
   "items": [
       {
           "Description": "When scanned the File had the following attributes:
   Permissions: user::rw- group::r-- other::r--\\n",
           "ChangeType": "created",
           "Timestamp": "2015-01-05T00:38:23Z",
           "Filename": "/var/log/unattended-upgrades/unattended-upgrades.log.2.gz"
       }
   ],
   "filterOptions": {
       "Change Types": [
           "created",
           "updated",
           "deleted",
           "renamed"
       ]
   },
   "aggregations": {
       "lasttimestamp": {
           "value": 1483576703000.0
       }
   }
}





In this topic



Have a suggestion for the Armor Knowledge Base? Send a message to kb@armor.com.