Page tree




In This Document 


Was this document useful? 
Your Rating:
Results:
1 Star2 Star3 Star4 Star5 Star
2 rates


Have a suggestion for the Armor Knowledge Base? Send a message to kb@armor.com.



Overview

This API call applies to both Armor Complete and Armor Anywhere users.

The Search Log Events API retrieves a list of security log events.

You can only search for items located inside the message body. 

You can use the Get Packages Status API to find the Core Instance ID (coreInstanceId).


Sample request

POST https://api.armor.com/log-search/templatedsearch
{
   "viewName": "Trend FIM List",
   "parameters": {
       "coreinstance_id": "b7939804-3190-494e-933f-f837fe545c3a",
       "size": 10,
       "from": 0,
       "include_filteroptions": true,
       "include_aggregations": true
   }
}

Input

The following table describes the different parts of this API call: 

API Call / URLMethod / Type

/log-search/templatedsearch

POST


The following table describes the parameter (or parameters) for this API call:

ParameterDescriptionFormatRequired or optionalExample
viewName

Type of result set to pull back FIM ("Trend FIM List" ) or Anti-Malware ("Trend Malware List")

StringRequiredTrend FIM List
coreinstance_idCoreinstance id for security events detailsStringRequiredb7939804-3190-494e-933f-f837fe545c3a
sizeNumber of entries per pageIntegerOptional10
fromIndex of page to start pulling entries fromIntegerOptional0
include_filteroptionsInclude filter options in result setBooleanOptionaltrue
include_aggregationsInclude aggregation options in result setBooleanOptionaltrue

Sample return

StatusResponse
200
{
   "total": 154,
   "items": [
       {
           "Description": "When scanned the File had the following attributes:
   Permissions: user::rw- group::r-- other::r--\\n",
           "ChangeType": "created",
           "Timestamp": "2015-01-05T00:38:23Z",
           "Filename": "/var/log/unattended-upgrades/unattended-upgrades.log.2.gz"
       }
   ],
   "filterOptions": {
       "Change Types": [
           "created",
           "updated",
           "deleted",
           "renamed"
       ]
   },
   "aggregations": {
       "lasttimestamp": {
           "value": 1483576703000.0
       }
   }
}