Page tree

Armor Knowledge Base


Have a suggestion for the Armor Knowledge Base?

Send a message to

This API call applies to both Armor Complete and Armor Anywhere users.

The Search Log Events API retrieves a list of security log events.

You can only search for items located inside the message body. 

You can use the NOT PUBLISHED Get Packages Status API to find the Core Instance ID (coreInstanceId).

Sample Request

   "viewName": "Trend FIM List",
   "parameters": {
       "coreinstance_id": "b7939804-3190-494e-933f-f837fe545c3a",
       "size": 10,
       "from": 0,
       "include_filteroptions": true,
       "include_aggregations": true


The following table describes the different parts of this API call: 

API Call / URLMethod / Type



The following table describes the parameter (or parameters) for this API call:

ParameterDescriptionFormatRequired or optionalExample

Type of result set to pull back FIM ("Trend FIM List" ) or Anti-Malware ("Trend Malware List")

StringRequiredTrend FIM List
coreinstance_idCoreinstance id for security events detailsStringRequiredb7939804-3190-494e-933f-f837fe545c3a
sizeNumber of entries per pageIntegerOptional10
fromIndex of page to start pulling entries fromIntegerOptional0
include_filteroptionsInclude filter options in result setBooleanOptionaltrue
include_aggregationsInclude aggregation options in result setBooleanOptionaltrue

Sample Return

   "total": 154,
   "items": [
           "Description": "When scanned the File had the following attributes:
   Permissions: user::rw- group::r-- other::r--\\n",
           "ChangeType": "created",
           "Timestamp": "2015-01-05T00:38:23Z",
           "Filename": "/var/log/unattended-upgrades/unattended-upgrades.log.2.gz"
   "filterOptions": {
       "Change Types": [
   "aggregations": {
       "lasttimestamp": {
           "value": 1483576703000.0