NAV navbar
logo

USM Centralâ„¢ API Reference

version 1.1
baseUri https://your-subdomain.alienvault.cloud/api/1.1
protocols HTTPS
mediaType application/json

Getting Started

AT&T Cybersecurity publishes REST APIs for USM Central that provide a programmatic interface that will allow you to access your data directly from your own applications and extensions. To get started, see documentation on the USM Central APIs.

Types

alarmsSearchRequest

Describes a search request payload.


Properties

TYPE DEFINITION

{
  "name": "alarmsSearchRequest",
  "type": "object",
  "description": "Describes a search request payload.",
  "properties": {
    "page": {
      "type": "number",
      "name": "page",
      "displayName": "page",
      "typePropertyKind": "TYPE_EXPRESSION",
      "required": true,
      "key": "page"
    },
    "size": {
      "type": "number",
      "name": "size",
      "displayName": "size",
      "typePropertyKind": "TYPE_EXPRESSION",
      "required": true,
      "key": "size"
    },
    "find": {
      "type": "object",
      "properties": [],
      "name": "find",
      "displayName": "find",
      "typePropertyKind": "TYPE_EXPRESSION",
      "required": false,
      "key": "find"
    },
    "sort": {
      "type": "object",
      "properties": [],
      "name": "sort",
      "displayName": "sort",
      "typePropertyKind": "TYPE_EXPRESSION",
      "required": true,
      "key": "sort"
    },
    "range": {
      "type": "object",
      "properties": [],
      "name": "range",
      "displayName": "range",
      "typePropertyKind": "TYPE_EXPRESSION",
      "required": false,
      "key": "range"
    }
  }
}

alarmsSearchResponse

Search response


Properties

TYPE DEFINITION

{
  "name": "alarmsSearchResponse",
  "type": "object",
  "description": "Search response",
  "properties": {
    "results": {
      "type": "array",
      "items": {
        "type": "object",
        "properties": [
          {
            "type": "object",
            "properties": [
              {
                "type": "string",
                "name": "account_name",
                "displayName": "account_name",
                "typePropertyKind": "TYPE_EXPRESSION",
                "required": false,
                "description": "The account name used from the Event(s) which originated the Alarm.",
                "key": "account_name"
              },
              {
                "type": "string",
                "name": "account_id",
                "displayName": "account_id",
                "typePropertyKind": "TYPE_EXPRESSION",
                "required": false,
                "description": "The account ID used from the Event(s) which originated the Alarm.",
                "key": "account_id"
              },
              {
                "type": "array",
                "items": {
                  "type": "any"
                },
                "name": "alarm_destination_asset_ids",
                "displayName": "alarm_destination_asset_ids",
                "typePropertyKind": "TYPE_EXPRESSION",
                "required": false,
                "description": "An array of the destination Asset IDs from the Event(s) which orignated the Alarm.",
                "key": "alarm_destination_asset_ids"
              },
              {
                "type": "array",
                "items": {
                  "type": "any"
                },
                "name": "alarm_destination_countries",
                "displayName": "alarm_destination_countries",
                "typePropertyKind": "TYPE_EXPRESSION",
                "required": false,
                "description": "An array of the destination countries from the Event(s) which orignated the Alarm.",
                "key": "alarm_destination_countries"
              },
              {
                "type": "array",
                "items": {
                  "type": "any"
                },
                "name": "alarm_destination_latitudes",
                "displayName": "alarm_destination_latitudes",
                "typePropertyKind": "TYPE_EXPRESSION",
                "required": false,
                "description": "The destination latitudes from the Event(s) which originated the alarm",
                "key": "alarm_destination_latitudes"
              },
              {
                "type": "array",
                "items": {
                  "type": "any"
                },
                "name": "alarm_destination_longitudes",
                "displayName": "alarm_destination_longitudes",
                "typePropertyKind": "TYPE_EXPRESSION",
                "required": false,
                "description": "The destination longitudes from the Event(s) which originated the alarm",
                "key": "alarm_destination_longitudes"
              },
              {
                "type": "array",
                "items": {
                  "type": "any"
                },
                "name": "alarm_destination_names",
                "displayName": "alarm_destination_names",
                "typePropertyKind": "TYPE_EXPRESSION",
                "required": true,
                "description": "The names of the destinations from the Event(s) which originated the Alarm.",
                "key": "alarm_destination_names"
              },
              {
                "type": "array",
                "items": {
                  "type": "any"
                },
                "name": "alarm_destination_zones",
                "displayName": "alarm_destination_zones",
                "typePropertyKind": "TYPE_EXPRESSION",
                "required": true,
                "description": "An array with the destination zones from the Event(s) which originated the Alarm.",
                "key": "alarm_destination_zones"
              },
              {
                "type": "array",
                "items": {
                  "type": "any"
                },
                "name": "alarm_destinations",
                "displayName": "alarm_destinations",
                "typePropertyKind": "TYPE_EXPRESSION",
                "required": true,
                "description": "The hostnames of the destinations from the Event(s) which originated the Alarm.",
                "key": "alarm_destinations"
              },
              {
                "type": "array",
                "items": {
                  "type": "any"
                },
                "name": "alarm_labels",
                "displayName": "alarm_labels",
                "typePropertyKind": "TYPE_EXPRESSION",
                "required": false,
                "description": "The Alarm labels IDs that have been applied to the Alarm.",
                "key": "alarm_labels"
              },
              {
                "type": "array",
                "items": {
                  "type": "any"
                },
                "name": "alarm_sensor_sources",
                "displayName": "alarm_sensor_sources",
                "typePropertyKind": "TYPE_EXPRESSION",
                "required": true,
                "description": "The source Sensors from the Event(s) which originated the Alarm.",
                "key": "alarm_sensor_sources"
              },
              {
                "type": "array",
                "items": {
                  "type": "any"
                },
                "name": "alarm_source_asset_ids",
                "displayName": "alarm_source_asset_ids",
                "typePropertyKind": "TYPE_EXPRESSION",
                "required": false,
                "description": "The source Asset IDs from the Event(s) which originated the Alarm.",
                "key": "alarm_source_asset_ids"
              },
              {
                "type": "array",
                "items": {
                  "type": "any"
                },
                "name": "alarm_source_names",
                "displayName": "alarm_source_names",
                "typePropertyKind": "TYPE_EXPRESSION",
                "required": true,
                "description": "The source Asset names from the Event(s) which originated the Alarm.",
                "key": "alarm_source_names"
              },
              {
                "type": "array",
                "items": {
                  "type": "any"
                },
                "name": "alarm_source_cities",
                "displayName": "alarm_source_cities",
                "typePropertyKind": "TYPE_EXPRESSION",
                "required": false,
                "description": "The source cities from the Event(s) which originated the alarm",
                "key": "alarm_source_cities"
              },
              {
                "type": "array",
                "items": {
                  "type": "any"
                },
                "name": "alarm_source_countries",
                "displayName": "alarm_source_countries",
                "typePropertyKind": "TYPE_EXPRESSION",
                "required": false,
                "description": "The source countries from the Event(s) which originated the alarm",
                "key": "alarm_source_countries"
              },
              {
                "type": "array",
                "items": {
                  "type": "any"
                },
                "name": "alarm_source_latitudes",
                "displayName": "alarm_source_latitudes",
                "typePropertyKind": "TYPE_EXPRESSION",
                "required": false,
                "description": "The source latitudes from the Event(s) which originated the alarm",
                "key": "alarm_source_latitudes"
              },
              {
                "type": "array",
                "items": {
                  "type": "any"
                },
                "name": "alarm_source_longitudes",
                "displayName": "alarm_source_longitudes",
                "typePropertyKind": "TYPE_EXPRESSION",
                "required": false,
                "description": "The source longitudes from the Event(s) which originated the alarm",
                "key": "alarm_source_longitudes"
              },
              {
                "type": "array",
                "items": {
                  "type": "any"
                },
                "name": "alarm_sources",
                "displayName": "alarm_sources",
                "typePropertyKind": "TYPE_EXPRESSION",
                "required": true,
                "description": "The source hostnames from the Event(s) which originated the Alarm.",
                "key": "alarm_sources"
              },
              {
                "type": "string",
                "name": "app_id",
                "displayName": "app_id",
                "typePropertyKind": "TYPE_EXPRESSION",
                "required": false,
                "description": "The ID of the sensor app from the Event(s) which originated the Alarm.",
                "key": "app_id"
              },
              {
                "type": "string",
                "name": "app_type",
                "displayName": "app_type",
                "typePropertyKind": "TYPE_EXPRESSION",
                "required": false,
                "description": "The sensor app type from the Event(s) which originated the Alarm.",
                "key": "app_type"
              },
              {
                "type": "string",
                "name": "authentication_mode",
                "displayName": "authentication_mode",
                "typePropertyKind": "TYPE_EXPRESSION",
                "required": false,
                "description": "The mode of authentication used, if relevant, from the Event(s) which orignated the Alarm.",
                "key": "authentication_mode"
              },
              {
                "type": "string",
                "name": "authentication_type",
                "displayName": "authentication_type",
                "typePropertyKind": "TYPE_EXPRESSION",
                "required": true,
                "description": "The type of authentication used, if relevant, from the Event(s) which orignated the Alarm.",
                "key": "authentication_type"
              },
              {
                "type": "string",
                "name": "destination_name",
                "displayName": "destination_name",
                "typePropertyKind": "TYPE_EXPRESSION",
                "required": true,
                "description": "The name of the asset which originated the Alarm.",
                "key": "destination_name"
              },
              {
                "type": "string",
                "name": "error_message",
                "displayName": "error_message",
                "typePropertyKind": "TYPE_EXPRESSION",
                "required": false,
                "description": "The error message of the response, if relevant, which originated the Alarm.",
                "key": "error_message"
              },
              {
                "type": "string",
                "name": "event_action",
                "displayName": "event_action",
                "typePropertyKind": "TYPE_EXPRESSION",
                "required": true,
                "description": "The implied action of the Event(s) - Create, Read, Update, Delete..etc which originated the Alarm.",
                "key": "event_action"
              },
              {
                "type": "string",
                "name": "event_name",
                "displayName": "event_name",
                "typePropertyKind": "TYPE_EXPRESSION",
                "required": true,
                "description": "The short, user-readable description of the Event(s) which originated the Alarm.",
                "key": "event_name"
              },
              {
                "type": "boolean",
                "name": "needs_enrichment",
                "displayName": "needs_enrichment",
                "typePropertyKind": "TYPE_EXPRESSION",
                "required": false,
                "description": "If the Event(s) that originated the alarm need to be processed by Enrichment Apps.",
                "key": "needs_enrichment"
              },
              {
                "type": "string",
                "name": "event_type",
                "displayName": "event_type",
                "typePropertyKind": "TYPE_EXPRESSION",
                "required": false,
                "description": "The type of Event. In this case it will always be Alarm.",
                "key": "event_type"
              },
              {
                "type": "string",
                "name": "has_alarm",
                "displayName": "has_alarm",
                "typePropertyKind": "TYPE_EXPRESSION",
                "required": false,
                "description": "Boolean defining if the Event has an alarm associated with it.",
                "key": "has_alarm"
              },
              {
                "type": "array",
                "items": {
                  "type": "any"
                },
                "name": "highlight_fields",
                "displayName": "highlight_fields",
                "typePropertyKind": "TYPE_EXPRESSION",
                "required": true,
                "description": "Array of the most important fields for an alarm.",
                "key": "highlight_fields"
              },
              {
                "type": "integer",
                "name": "number_of_events",
                "displayName": "number_of_events",
                "typePropertyKind": "TYPE_EXPRESSION",
                "required": true,
                "description": "Numbers of Events that originated the Alarm.",
                "key": "number_of_events"
              },
              {
                "type": "array",
                "items": {
                  "type": "any"
                },
                "name": "packet_data",
                "displayName": "packet_data",
                "typePropertyKind": "TYPE_EXPRESSION",
                "required": true,
                "description": "Array of Event IDS that originated the Alarm.",
                "key": "packet_data"
              },
              {
                "type": "string",
                "name": "packet_type",
                "displayName": "packet_type",
                "typePropertyKind": "TYPE_EXPRESSION",
                "required": false,
                "description": "The internal classification of the packet type. In this case, it will always be \"alarm\".",
                "key": "packet_type"
              },
              {
                "type": "string",
                "name": "priority",
                "displayName": "priority",
                "typePropertyKind": "TYPE_EXPRESSION",
                "required": true,
                "description": "The priority of the Alarm. Ranges from 1-100",
                "key": "priority"
              },
              {
                "type": "string",
                "name": "priority_label",
                "displayName": "priority_label",
                "typePropertyKind": "TYPE_EXPRESSION",
                "required": true,
                "description": "The priority label of the Alarm. Can be low if priority <= 33, medium if 33<priority<=66, or high priority > 66.",
                "key": "priority_label"
              },
              {
                "type": "string",
                "name": "request_user_agent",
                "displayName": "request_user_agent",
                "typePropertyKind": "TYPE_EXPRESSION",
                "required": false,
                "description": "The user agent in the request from the Event(s) which originated the Alarm.",
                "key": "request_user_agent"
              },
              {
                "type": "string",
                "name": "rule_dictionary",
                "displayName": "rule_dictionary",
                "typePropertyKind": "TYPE_EXPRESSION",
                "required": true,
                "description": "The correlation rule that processed the Event(s) which originated the Alarm.",
                "key": "rule_dictionary"
              },
              {
                "type": "string",
                "name": "rule_id",
                "displayName": "rule_id",
                "typePropertyKind": "TYPE_EXPRESSION",
                "required": true,
                "description": "The ID of the correlation rule that processed the Event(s) which originated the Alarm.",
                "key": "rule_id"
              },
              {
                "type": "string",
                "name": "rule_intent",
                "displayName": "rule_intent",
                "typePropertyKind": "TYPE_EXPRESSION",
                "required": true,
                "description": "The intent of the correlation rule that processed the Event(s) which originated the Alarm. Either malicious or informational.",
                "enum": [
                  "Reconnaissance & Probing",
                  "Delivery & Attack",
                  "Exploitation & Installation",
                  "System Compromise",
                  "Environmental Awareness"
                ],
                "key": "rule_intent"
              },
              {
                "type": "string",
                "name": "rule_method",
                "displayName": "rule_method",
                "typePropertyKind": "TYPE_EXPRESSION",
                "required": true,
                "description": "The method describes the particular method employed by the actor of the correlation rule that processed the Event(s) which originated the Alarm.",
                "key": "rule_method"
              },
              {
                "type": "string",
                "name": "rule_strategy",
                "displayName": "rule_strategy",
                "typePropertyKind": "TYPE_EXPRESSION",
                "required": true,
                "description": "The strategy of the correlation rule that processed the Event(s) which originated the Alarm.",
                "key": "rule_strategy"
              },
              {
                "type": "string",
                "name": "security_group_id",
                "displayName": "security_group_id",
                "typePropertyKind": "TYPE_EXPRESSION",
                "required": false,
                "description": "The security group id used from the Event(s) which originated the Alarm.",
                "key": "security_group_id"
              },
              {
                "type": "string",
                "name": "sensor_name",
                "displayName": "sensor_name",
                "typePropertyKind": "TYPE_EXPRESSION",
                "required": false,
                "description": "The name of the sensor that received this Event.",
                "key": "sensor_name"
              },
              {
                "type": "string",
                "name": "sensor_uuid",
                "displayName": "sensor_uuid",
                "typePropertyKind": "TYPE_EXPRESSION",
                "required": true,
                "description": "The UUID of the sensor that received this Event.",
                "key": "sensor_uuid"
              },
              {
                "type": "string",
                "name": "source_asset_id",
                "displayName": "source_asset_id",
                "typePropertyKind": "TYPE_EXPRESSION",
                "required": false,
                "description": "The ID of the source asset from the Event(s) which originated the Alarm.",
                "key": "source_asset_id"
              },
              {
                "type": "string",
                "name": "source_name",
                "displayName": "source_name",
                "typePropertyKind": "TYPE_EXPRESSION",
                "required": false,
                "description": "The name of the source asset from the Event(s) which originated the Alarm.",
                "key": "source_name"
              },
              {
                "type": "string",
                "name": "source_hostname",
                "displayName": "source_hostname",
                "typePropertyKind": "TYPE_EXPRESSION",
                "required": false,
                "description": "The hostname of the source asset from the Event(s) which originated the Alarm.",
                "key": "source_hostname"
              },
              {
                "type": "string",
                "name": "source_username",
                "displayName": "source_username",
                "typePropertyKind": "TYPE_EXPRESSION",
                "required": true,
                "description": "The source username from the Event(s) which originated the Alarm.",
                "key": "source_username"
              },
              {
                "type": "string",
                "name": "status",
                "displayName": "status",
                "typePropertyKind": "TYPE_EXPRESSION",
                "required": true,
                "description": "The status of the Alarm.",
                "enum": [
                  "Open",
                  "In Review",
                  "Closed"
                ],
                "key": "status"
              },
              {
                "type": "string",
                "name": "suppressed",
                "displayName": "suppressed",
                "typePropertyKind": "TYPE_EXPRESSION",
                "required": true,
                "description": "Boolean string value to determine if the alarm is suppressed.",
                "key": "suppressed"
              },
              {
                "type": "string",
                "name": "timestamp_occured",
                "displayName": "timestamp_occured",
                "typePropertyKind": "TYPE_EXPRESSION",
                "required": true,
                "description": "Epoch string of the first Event occurrence.",
                "key": "timestamp_occured"
              },
              {
                "type": "string",
                "name": "timestamp_received",
                "displayName": "timestamp_received",
                "typePropertyKind": "TYPE_EXPRESSION",
                "required": true,
                "description": "Epoch of when the first event was received.",
                "key": "timestamp_received"
              },
              {
                "type": "string",
                "name": "timestamp_received_iso8601",
                "displayName": "timestamp_received_iso8601",
                "typePropertyKind": "TYPE_EXPRESSION",
                "required": false,
                "description": "Epoch string of when the Event was received in ISO 8601 format.",
                "key": "timestamp_received_iso8601"
              },
              {
                "type": "string",
                "name": "timestamp_occured_iso8601",
                "displayName": "timestamp_occured_iso8601",
                "typePropertyKind": "TYPE_EXPRESSION",
                "required": false,
                "description": "Epoch string of the first Event occurrence in ISO 8601 format.",
                "key": "timestamp_occured_iso8601"
              },
              {
                "type": "boolean",
                "name": "transient",
                "displayName": "transient",
                "typePropertyKind": "TYPE_EXPRESSION",
                "required": false,
                "description": "Boolean string value to determine if the Alarm is transient.",
                "key": "transient"
              },
              {
                "type": "string",
                "name": "uuid",
                "displayName": "uuid",
                "typePropertyKind": "TYPE_EXPRESSION",
                "required": true,
                "description": "Unique UUID of this Alarm.",
                "key": "uuid"
              }
            ],
            "name": "alarm",
            "displayName": "alarm",
            "typePropertyKind": "TYPE_EXPRESSION",
            "required": true,
            "description": "Alarm details",
            "additionalProperties": true,
            "key": "alarm"
          },
          {
            "type": "array",
            "items": {
              "type": "any"
            },
            "name": "assets",
            "displayName": "assets",
            "typePropertyKind": "TYPE_EXPRESSION",
            "required": true,
            "description": "An array of the assets tied to the Event(s) which originated the Alarm.",
            "key": "assets"
          },
          {
            "type": "array",
            "items": {
              "type": "object",
              "properties": [
                {
                  "type": "string",
                  "name": "access_control_outcome",
                  "displayName": "access_control_outcome",
                  "typePropertyKind": "TYPE_EXPRESSION",
                  "required": false,
                  "description": "The outcome for Access Control which generated the Event.",
                  "key": "access_control_outcome"
                },
                {
                  "type": "string",
                  "name": "access_key_id",
                  "displayName": "access_key_id",
                  "typePropertyKind": "TYPE_EXPRESSION",
                  "required": false,
                  "description": "The ID of the access key used which generated the Event.",
                  "key": "access_key_id"
                },
                {
                  "type": "string",
                  "name": "account_name",
                  "displayName": "account_name",
                  "typePropertyKind": "TYPE_EXPRESSION",
                  "required": false,
                  "description": "The account name which generated this Event.",
                  "key": "account_name"
                },
                {
                  "type": "string",
                  "name": "account_id",
                  "displayName": "account_id",
                  "typePropertyKind": "TYPE_EXPRESSION",
                  "required": false,
                  "description": "The account ID which generated this Event.",
                  "key": "account_id"
                },
                {
                  "type": "string",
                  "name": "app_id",
                  "displayName": "app_id",
                  "typePropertyKind": "TYPE_EXPRESSION",
                  "required": false,
                  "description": "The ID of the sensor app which generated the Event.",
                  "key": "app_id"
                },
                {
                  "type": "string",
                  "name": "app_name",
                  "displayName": "app_name",
                  "typePropertyKind": "TYPE_EXPRESSION",
                  "required": false,
                  "description": "The name of the sensor app which generated the Event.",
                  "key": "app_name"
                },
                {
                  "type": "string",
                  "name": "app_type",
                  "displayName": "app_type",
                  "typePropertyKind": "TYPE_EXPRESSION",
                  "required": false,
                  "description": "The type of sensor app which generated the Event.",
                  "key": "app_type"
                },
                {
                  "type": "string",
                  "name": "authentication_mode",
                  "displayName": "authentication_mode",
                  "typePropertyKind": "TYPE_EXPRESSION",
                  "required": false,
                  "description": "The mode of authentication used, if relevant, which originated the Event.",
                  "key": "authentication_mode"
                },
                {
                  "type": "string",
                  "name": "authentication_type",
                  "displayName": "authentication_type",
                  "typePropertyKind": "TYPE_EXPRESSION",
                  "required": false,
                  "description": "The method used to authenticate which generated the Event.",
                  "key": "authentication_type"
                },
                {
                  "type": "string",
                  "name": "customheader_0",
                  "displayName": "customheader_0",
                  "typePropertyKind": "TYPE_EXPRESSION",
                  "required": false,
                  "description": "Custom header. There are 20 supported.",
                  "key": "customheader_0"
                },
                {
                  "type": "string",
                  "name": "customfield_0",
                  "displayName": "customfield_0",
                  "typePropertyKind": "TYPE_EXPRESSION",
                  "required": false,
                  "description": "Custom field. There are 20 supported.",
                  "key": "customfield_0"
                },
                {
                  "type": "string",
                  "name": "destination_address",
                  "displayName": "destination_address",
                  "typePropertyKind": "TYPE_EXPRESSION",
                  "required": false,
                  "description": "The ip address of the destination which generated the Event.",
                  "key": "destination_address"
                },
                {
                  "type": "string",
                  "name": "destination_canonical",
                  "displayName": "destination_canonical",
                  "typePropertyKind": "TYPE_EXPRESSION",
                  "required": false,
                  "description": "The canonical representation of the destination which generated the Event.",
                  "key": "destination_canonical"
                },
                {
                  "type": "string",
                  "name": "destination_hostname",
                  "displayName": "destination_hostname",
                  "typePropertyKind": "TYPE_EXPRESSION",
                  "required": false,
                  "description": "The hostname of the destination which generated the Event.",
                  "key": "destination_hostname"
                },
                {
                  "type": "string",
                  "name": "destination_infrastructure_name",
                  "displayName": "destination_infrastructure_name",
                  "typePropertyKind": "TYPE_EXPRESSION",
                  "required": false,
                  "description": "The infranstructure name of the destination which generated the Event.",
                  "key": "destination_infrastructure_name"
                },
                {
                  "type": "string",
                  "name": "destination_infrastructure_type",
                  "displayName": "destination_infrastructure_type",
                  "typePropertyKind": "TYPE_EXPRESSION",
                  "required": false,
                  "description": "The infranstructure type of the destination which generated the Event.",
                  "key": "destination_infrastructure_type"
                },
                {
                  "type": "string",
                  "name": "destination_name",
                  "displayName": "destination_name",
                  "typePropertyKind": "TYPE_EXPRESSION",
                  "required": true,
                  "description": "The name of the Asset on the Event originated.",
                  "key": "destination_name"
                },
                {
                  "type": "string",
                  "name": "destination_userid",
                  "displayName": "destination_userid",
                  "typePropertyKind": "TYPE_EXPRESSION",
                  "required": false,
                  "description": "The user id which generated the Event.",
                  "key": "destination_userid"
                },
                {
                  "type": "string",
                  "name": "destination_zone",
                  "displayName": "destination_zone",
                  "typePropertyKind": "TYPE_EXPRESSION",
                  "required": false,
                  "description": "The destination zone which generated the Event.",
                  "key": "destination_zone"
                },
                {
                  "type": "string",
                  "name": "error_code",
                  "displayName": "error_code",
                  "typePropertyKind": "TYPE_EXPRESSION",
                  "required": false,
                  "description": "The error code of the response, if relevant, which originated the Alarm.",
                  "key": "error_code"
                },
                {
                  "type": "string",
                  "name": "error_message",
                  "displayName": "error_message",
                  "typePropertyKind": "TYPE_EXPRESSION",
                  "required": false,
                  "description": "The error message of the response, if relevant, which originated the Alarm.",
                  "key": "error_message"
                },
                {
                  "type": "string",
                  "name": "event_action",
                  "displayName": "event_action",
                  "typePropertyKind": "TYPE_EXPRESSION",
                  "required": true,
                  "description": "The implied action- Create, Read, Update, Delete..etc- which generated the Event.",
                  "key": "event_action"
                },
                {
                  "type": "string",
                  "name": "event_description",
                  "displayName": "event_description",
                  "typePropertyKind": "TYPE_EXPRESSION",
                  "required": true,
                  "description": "The decription of the Event.",
                  "key": "event_description"
                },
                {
                  "type": "string",
                  "name": "event_description_url",
                  "displayName": "event_description_url",
                  "typePropertyKind": "TYPE_EXPRESSION",
                  "required": false,
                  "description": "The URL for the full description of the Event.",
                  "key": "event_description_url"
                },
                {
                  "type": "string",
                  "name": "event_name",
                  "displayName": "event_name",
                  "typePropertyKind": "TYPE_EXPRESSION",
                  "required": true,
                  "description": "The short, user-readable description of the Event.",
                  "key": "event_name"
                },
                {
                  "type": "string",
                  "name": "event_type",
                  "displayName": "event_type",
                  "typePropertyKind": "TYPE_EXPRESSION",
                  "required": true,
                  "description": "The type of Event.",
                  "key": "event_type"
                },
                {
                  "type": "string",
                  "name": "has_alarm",
                  "displayName": "has_alarm",
                  "typePropertyKind": "TYPE_EXPRESSION",
                  "required": false,
                  "description": "Boolean defining if the Event has an alarm associated with it.",
                  "key": "has_alarm"
                },
                {
                  "type": "array",
                  "items": {
                    "type": "any"
                  },
                  "name": "highlight_fields",
                  "displayName": "highlight_fields",
                  "typePropertyKind": "TYPE_EXPRESSION",
                  "required": true,
                  "description": "Array of the most important fields for the Event type created.",
                  "key": "highlight_fields"
                },
                {
                  "type": "string",
                  "name": "log",
                  "displayName": "log",
                  "typePropertyKind": "TYPE_EXPRESSION",
                  "required": true,
                  "description": "The raw log which generated the Event.",
                  "key": "log"
                },
                {
                  "type": "boolean",
                  "name": "needs_enrichment",
                  "displayName": "needs_enrichment",
                  "typePropertyKind": "TYPE_EXPRESSION",
                  "required": false,
                  "description": "Boolean defining if the Event needs to be processed by the Enrichment Apps.",
                  "key": "needs_enrichment"
                },
                {
                  "type": "string",
                  "name": "packet_type",
                  "displayName": "packet_type",
                  "typePropertyKind": "TYPE_EXPRESSION",
                  "required": true,
                  "description": "The internal classification of the packet type.",
                  "key": "packet_type"
                },
                {
                  "type": "string",
                  "name": "plugin",
                  "displayName": "plugin",
                  "typePropertyKind": "TYPE_EXPRESSION",
                  "required": false,
                  "description": "The plugin used to normalize the Event.",
                  "key": "plugin"
                },
                {
                  "type": "string",
                  "name": "plugin_device",
                  "displayName": "plugin_device",
                  "typePropertyKind": "TYPE_EXPRESSION",
                  "required": false,
                  "description": "The device the plugin was made for.",
                  "key": "plugin_device"
                },
                {
                  "type": "string",
                  "name": "plugin_device_type",
                  "displayName": "plugin_device_type",
                  "typePropertyKind": "TYPE_EXPRESSION",
                  "required": false,
                  "description": "The type of the device the plugin was made for.",
                  "key": "plugin_device_type"
                },
                {
                  "type": "string",
                  "name": "plugin_family",
                  "displayName": "plugin_family",
                  "typePropertyKind": "TYPE_EXPRESSION",
                  "required": false,
                  "description": "Family the plugin belongs to.",
                  "key": "plugin_family"
                },
                {
                  "type": "string",
                  "name": "plugin_version",
                  "displayName": "plugin_version",
                  "typePropertyKind": "TYPE_EXPRESSION",
                  "required": false,
                  "description": "The version of the plugin.",
                  "key": "plugin_version"
                },
                {
                  "type": "string",
                  "name": "received_from",
                  "displayName": "received_from",
                  "typePropertyKind": "TYPE_EXPRESSION",
                  "required": true,
                  "description": "Source this Event was received from.",
                  "key": "received_from"
                },
                {
                  "type": "string",
                  "name": "rep_device_rule_id",
                  "displayName": "rep_device_rule_id",
                  "typePropertyKind": "TYPE_EXPRESSION",
                  "required": false,
                  "description": "The ID of the rule used by the reporting device to generate this Event (i.e. firewall rule, CVE, IDS Rule).",
                  "key": "rep_device_rule_id"
                },
                {
                  "type": "string",
                  "name": "rep_device_version",
                  "displayName": "rep_device_version",
                  "typePropertyKind": "TYPE_EXPRESSION",
                  "required": false,
                  "description": "The version of the reporting device.",
                  "key": "rep_device_version"
                },
                {
                  "type": "string",
                  "name": "request_user_agent",
                  "displayName": "request_user_agent",
                  "typePropertyKind": "TYPE_EXPRESSION",
                  "required": false,
                  "description": "The User Agent of the request which generated the Event.",
                  "key": "request_user_agent"
                },
                {
                  "type": "string",
                  "name": "security_group_id",
                  "displayName": "security_group_id",
                  "typePropertyKind": "TYPE_EXPRESSION",
                  "required": false,
                  "description": "The ID of the security group which generated the Event.",
                  "key": "security_group_id"
                },
                {
                  "type": "string",
                  "name": "sensor_name",
                  "displayName": "sensor_name",
                  "typePropertyKind": "TYPE_EXPRESSION",
                  "required": false,
                  "description": "The name of the sensor that received this Event.",
                  "key": "sensor_name"
                },
                {
                  "type": "string",
                  "name": "sensor_uuid",
                  "displayName": "sensor_uuid",
                  "typePropertyKind": "TYPE_EXPRESSION",
                  "required": true,
                  "description": "The UUID of the sensor that received this Event.",
                  "key": "sensor_uuid"
                },
                {
                  "type": "string",
                  "name": "source_address",
                  "displayName": "source_address",
                  "typePropertyKind": "TYPE_EXPRESSION",
                  "required": true,
                  "description": "The IP address which originated the Event.",
                  "key": "source_address"
                },
                {
                  "type": "string",
                  "name": "source_asset_id",
                  "displayName": "source_asset_id",
                  "typePropertyKind": "TYPE_EXPRESSION",
                  "required": true,
                  "description": "The ID of the Asset which originated the Event.",
                  "key": "source_asset_id"
                },
                {
                  "type": "string",
                  "name": "source_canonical",
                  "displayName": "source_canonical",
                  "typePropertyKind": "TYPE_EXPRESSION",
                  "required": true,
                  "description": "The Canonical representation of the source which originated the Event.",
                  "key": "source_canonical"
                },
                {
                  "type": "string",
                  "name": "source_city",
                  "displayName": "source_city",
                  "typePropertyKind": "TYPE_EXPRESSION",
                  "required": false,
                  "description": "The city of the source which originated the Event.",
                  "key": "source_city"
                },
                {
                  "type": "string",
                  "name": "source_country",
                  "displayName": "source_country",
                  "typePropertyKind": "TYPE_EXPRESSION",
                  "required": false,
                  "description": "The country of the source which originated the Event.",
                  "key": "source_country"
                },
                {
                  "type": "string",
                  "name": "source_fqdn",
                  "displayName": "source_fqdn",
                  "typePropertyKind": "TYPE_EXPRESSION",
                  "required": false,
                  "description": "The FQDN of the source of Asset which originated the Event.",
                  "key": "source_fqdn"
                },
                {
                  "type": "string",
                  "name": "source_hostname",
                  "displayName": "source_hostname",
                  "typePropertyKind": "TYPE_EXPRESSION",
                  "required": false,
                  "description": "The hostname of the source Asset which originated the Event.",
                  "key": "source_hostname"
                },
                {
                  "type": "string",
                  "name": "source_latitude",
                  "displayName": "source_latitude",
                  "typePropertyKind": "TYPE_EXPRESSION",
                  "required": false,
                  "description": "The latitude of the source which originated the Event.",
                  "key": "source_latitude"
                },
                {
                  "type": "string",
                  "name": "source_longitude",
                  "displayName": "source_longitude",
                  "typePropertyKind": "TYPE_EXPRESSION",
                  "required": false,
                  "description": "The longintude of the source which originated the Event.",
                  "key": "source_longitude"
                },
                {
                  "type": "string",
                  "name": "source_name",
                  "displayName": "source_name",
                  "typePropertyKind": "TYPE_EXPRESSION",
                  "required": false,
                  "description": "The name of the source which originated the Event.",
                  "key": "source_name"
                },
                {
                  "type": "string",
                  "name": "source_organisation",
                  "displayName": "source_organisation",
                  "typePropertyKind": "TYPE_EXPRESSION",
                  "required": false,
                  "description": "The organization of the source which originated the Event.",
                  "key": "source_organisation"
                },
                {
                  "type": "string",
                  "name": "source_region",
                  "displayName": "source_region",
                  "typePropertyKind": "TYPE_EXPRESSION",
                  "required": false,
                  "description": "The region of the source which originated the Event.",
                  "key": "source_region"
                },
                {
                  "type": "string",
                  "name": "source_registered_country",
                  "displayName": "source_registered_country",
                  "typePropertyKind": "TYPE_EXPRESSION",
                  "required": false,
                  "description": "The country registered of the source which originated the Event.",
                  "key": "source_registered_country"
                },
                {
                  "type": "string",
                  "name": "source_userid",
                  "displayName": "source_userid",
                  "typePropertyKind": "TYPE_EXPRESSION",
                  "required": false,
                  "description": "The user ID of the source which originated the Event.",
                  "key": "source_userid"
                },
                {
                  "type": "string",
                  "name": "source_username",
                  "displayName": "source_username",
                  "typePropertyKind": "TYPE_EXPRESSION",
                  "required": true,
                  "description": "The username of the source which originated the Event.",
                  "key": "source_username"
                },
                {
                  "type": "string",
                  "name": "suppressed",
                  "displayName": "suppressed",
                  "typePropertyKind": "TYPE_EXPRESSION",
                  "required": true,
                  "description": "Boolean string value to determine if the Event is suppressed.",
                  "key": "suppressed"
                },
                {
                  "type": "string",
                  "name": "timestamp_occured",
                  "displayName": "timestamp_occured",
                  "typePropertyKind": "TYPE_EXPRESSION",
                  "required": true,
                  "description": "Epoch string of the Event occurrence.",
                  "key": "timestamp_occured"
                },
                {
                  "type": "string",
                  "name": "timestamp_occured_iso8601",
                  "displayName": "timestamp_occured_iso8601",
                  "typePropertyKind": "TYPE_EXPRESSION",
                  "required": true,
                  "description": "Epoch string of the Event occurrence in ISO 8601 format.",
                  "key": "timestamp_occured_iso8601"
                },
                {
                  "type": "string",
                  "name": "timestamp_received",
                  "displayName": "timestamp_received",
                  "typePropertyKind": "TYPE_EXPRESSION",
                  "required": true,
                  "description": "Epoch string of when the Event was received.",
                  "key": "timestamp_received"
                },
                {
                  "type": "string",
                  "name": "timestamp_received_iso8601",
                  "displayName": "timestamp_received_iso8601",
                  "typePropertyKind": "TYPE_EXPRESSION",
                  "required": true,
                  "description": "Epoch string of when the Event was received in ISO 8601 format.",
                  "key": "timestamp_received_iso8601"
                },
                {
                  "type": "boolean",
                  "name": "transient",
                  "displayName": "transient",
                  "typePropertyKind": "TYPE_EXPRESSION",
                  "required": false,
                  "description": "Boolean value to determine if the Event is transient.",
                  "key": "transient"
                },
                {
                  "type": "boolean",
                  "name": "used_hint",
                  "displayName": "used_hint",
                  "typePropertyKind": "TYPE_EXPRESSION",
                  "required": true,
                  "description": "Boolean value to determine if a hint was used to find the plugin.",
                  "key": "used_hint"
                },
                {
                  "type": "string",
                  "name": "uuid",
                  "displayName": "uuid",
                  "typePropertyKind": "TYPE_EXPRESSION",
                  "required": true,
                  "description": "Unique UUID of this Event.",
                  "key": "uuid"
                },
                {
                  "type": "boolean",
                  "name": "was_fuzzied",
                  "displayName": "was_fuzzied",
                  "typePropertyKind": "TYPE_EXPRESSION",
                  "required": false,
                  "description": "Boolean value to determine if a fuzzied parser was used to generate the Event.",
                  "key": "was_fuzzied"
                },
                {
                  "type": "boolean",
                  "name": "was_guessed",
                  "displayName": "was_guessed",
                  "typePropertyKind": "TYPE_EXPRESSION",
                  "required": false,
                  "description": "Boolean value to determine if the plugin was brute forced.",
                  "key": "was_guessed"
                }
              ],
              "name": "events",
              "displayName": "events",
              "typePropertyKind": "TYPE_EXPRESSION",
              "description": "This object contains all information pertaining to an Event.",
              "additionalProperties": true,
              "originalType": "events"
            },
            "name": "events",
            "displayName": "events",
            "typePropertyKind": "TYPE_EXPRESSION",
            "required": true,
            "description": "An array of the last 10 Events associated with the Alarm.",
            "key": "events"
          },
          {
            "type": "string",
            "name": "tenantId",
            "displayName": "tenantId",
            "typePropertyKind": "TYPE_EXPRESSION",
            "required": true,
            "description": "ID of the USMA instance which forwarded the alarm to USMC.",
            "examples": [
              {
                "value": "cn://fjrubio-cn.aveng.us",
                "strict": true,
                "name": null,
                "structuredValue": "cn://fjrubio-cn.aveng.us"
              }
            ],
            "key": "tenantId"
          },
          {
            "type": "integer",
            "name": "timestamp",
            "displayName": "timestamp",
            "typePropertyKind": "TYPE_EXPRESSION",
            "required": true,
            "description": "Epoch timestamp of when alarm was processed by USM Central.",
            "key": "timestamp"
          }
        ],
        "name": "alarmResponse",
        "displayName": "alarmResponse",
        "typePropertyKind": "TYPE_EXPRESSION",
        "description": "This object contains all information pertaining to an alarm.",
        "additionalProperties": true,
        "originalType": "alarmResponse"
      },
      "name": "results",
      "displayName": "results",
      "typePropertyKind": "TYPE_EXPRESSION",
      "required": true,
      "key": "results"
    },
    "total": {
      "type": "number",
      "name": "total",
      "displayName": "total",
      "typePropertyKind": "TYPE_EXPRESSION",
      "required": true,
      "description": "The total number of results found.",
      "key": "total"
    }
  }
}

alarmResponse

This object contains all information pertaining to an alarm.


Properties

TYPE DEFINITION

{
  "name": "alarmResponse",
  "type": "object",
  "description": "This object contains all information pertaining to an alarm.",
  "properties": {
    "alarm": {
      "type": "object",
      "properties": [
        {
          "type": "string",
          "name": "account_name",
          "displayName": "account_name",
          "typePropertyKind": "TYPE_EXPRESSION",
          "required": false,
          "description": "The account name used from the Event(s) which originated the Alarm.",
          "key": "account_name"
        },
        {
          "type": "string",
          "name": "account_id",
          "displayName": "account_id",
          "typePropertyKind": "TYPE_EXPRESSION",
          "required": false,
          "description": "The account ID used from the Event(s) which originated the Alarm.",
          "key": "account_id"
        },
        {
          "type": "array",
          "items": {
            "type": "any"
          },
          "name": "alarm_destination_asset_ids",
          "displayName": "alarm_destination_asset_ids",
          "typePropertyKind": "TYPE_EXPRESSION",
          "required": false,
          "description": "An array of the destination Asset IDs from the Event(s) which orignated the Alarm.",
          "key": "alarm_destination_asset_ids"
        },
        {
          "type": "array",
          "items": {
            "type": "any"
          },
          "name": "alarm_destination_countries",
          "displayName": "alarm_destination_countries",
          "typePropertyKind": "TYPE_EXPRESSION",
          "required": false,
          "description": "An array of the destination countries from the Event(s) which orignated the Alarm.",
          "key": "alarm_destination_countries"
        },
        {
          "type": "array",
          "items": {
            "type": "any"
          },
          "name": "alarm_destination_latitudes",
          "displayName": "alarm_destination_latitudes",
          "typePropertyKind": "TYPE_EXPRESSION",
          "required": false,
          "description": "The destination latitudes from the Event(s) which originated the alarm",
          "key": "alarm_destination_latitudes"
        },
        {
          "type": "array",
          "items": {
            "type": "any"
          },
          "name": "alarm_destination_longitudes",
          "displayName": "alarm_destination_longitudes",
          "typePropertyKind": "TYPE_EXPRESSION",
          "required": false,
          "description": "The destination longitudes from the Event(s) which originated the alarm",
          "key": "alarm_destination_longitudes"
        },
        {
          "type": "array",
          "items": {
            "type": "any"
          },
          "name": "alarm_destination_names",
          "displayName": "alarm_destination_names",
          "typePropertyKind": "TYPE_EXPRESSION",
          "required": true,
          "description": "The names of the destinations from the Event(s) which originated the Alarm.",
          "key": "alarm_destination_names"
        },
        {
          "type": "array",
          "items": {
            "type": "any"
          },
          "name": "alarm_destination_zones",
          "displayName": "alarm_destination_zones",
          "typePropertyKind": "TYPE_EXPRESSION",
          "required": true,
          "description": "An array with the destination zones from the Event(s) which originated the Alarm.",
          "key": "alarm_destination_zones"
        },
        {
          "type": "array",
          "items": {
            "type": "any"
          },
          "name": "alarm_destinations",
          "displayName": "alarm_destinations",
          "typePropertyKind": "TYPE_EXPRESSION",
          "required": true,
          "description": "The hostnames of the destinations from the Event(s) which originated the Alarm.",
          "key": "alarm_destinations"
        },
        {
          "type": "array",
          "items": {
            "type": "any"
          },
          "name": "alarm_labels",
          "displayName": "alarm_labels",
          "typePropertyKind": "TYPE_EXPRESSION",
          "required": false,
          "description": "The Alarm labels IDs that have been applied to the Alarm.",
          "key": "alarm_labels"
        },
        {
          "type": "array",
          "items": {
            "type": "any"
          },
          "name": "alarm_sensor_sources",
          "displayName": "alarm_sensor_sources",
          "typePropertyKind": "TYPE_EXPRESSION",
          "required": true,
          "description": "The source Sensors from the Event(s) which originated the Alarm.",
          "key": "alarm_sensor_sources"
        },
        {
          "type": "array",
          "items": {
            "type": "any"
          },
          "name": "alarm_source_asset_ids",
          "displayName": "alarm_source_asset_ids",
          "typePropertyKind": "TYPE_EXPRESSION",
          "required": false,
          "description": "The source Asset IDs from the Event(s) which originated the Alarm.",
          "key": "alarm_source_asset_ids"
        },
        {
          "type": "array",
          "items": {
            "type": "any"
          },
          "name": "alarm_source_names",
          "displayName": "alarm_source_names",
          "typePropertyKind": "TYPE_EXPRESSION",
          "required": true,
          "description": "The source Asset names from the Event(s) which originated the Alarm.",
          "key": "alarm_source_names"
        },
        {
          "type": "array",
          "items": {
            "type": "any"
          },
          "name": "alarm_source_cities",
          "displayName": "alarm_source_cities",
          "typePropertyKind": "TYPE_EXPRESSION",
          "required": false,
          "description": "The source cities from the Event(s) which originated the alarm",
          "key": "alarm_source_cities"
        },
        {
          "type": "array",
          "items": {
            "type": "any"
          },
          "name": "alarm_source_countries",
          "displayName": "alarm_source_countries",
          "typePropertyKind": "TYPE_EXPRESSION",
          "required": false,
          "description": "The source countries from the Event(s) which originated the alarm",
          "key": "alarm_source_countries"
        },
        {
          "type": "array",
          "items": {
            "type": "any"
          },
          "name": "alarm_source_latitudes",
          "displayName": "alarm_source_latitudes",
          "typePropertyKind": "TYPE_EXPRESSION",
          "required": false,
          "description": "The source latitudes from the Event(s) which originated the alarm",
          "key": "alarm_source_latitudes"
        },
        {
          "type": "array",
          "items": {
            "type": "any"
          },
          "name": "alarm_source_longitudes",
          "displayName": "alarm_source_longitudes",
          "typePropertyKind": "TYPE_EXPRESSION",
          "required": false,
          "description": "The source longitudes from the Event(s) which originated the alarm",
          "key": "alarm_source_longitudes"
        },
        {
          "type": "array",
          "items": {
            "type": "any"
          },
          "name": "alarm_sources",
          "displayName": "alarm_sources",
          "typePropertyKind": "TYPE_EXPRESSION",
          "required": true,
          "description": "The source hostnames from the Event(s) which originated the Alarm.",
          "key": "alarm_sources"
        },
        {
          "type": "string",
          "name": "app_id",
          "displayName": "app_id",
          "typePropertyKind": "TYPE_EXPRESSION",
          "required": false,
          "description": "The ID of the sensor app from the Event(s) which originated the Alarm.",
          "key": "app_id"
        },
        {
          "type": "string",
          "name": "app_type",
          "displayName": "app_type",
          "typePropertyKind": "TYPE_EXPRESSION",
          "required": false,
          "description": "The sensor app type from the Event(s) which originated the Alarm.",
          "key": "app_type"
        },
        {
          "type": "string",
          "name": "authentication_mode",
          "displayName": "authentication_mode",
          "typePropertyKind": "TYPE_EXPRESSION",
          "required": false,
          "description": "The mode of authentication used, if relevant, from the Event(s) which orignated the Alarm.",
          "key": "authentication_mode"
        },
        {
          "type": "string",
          "name": "authentication_type",
          "displayName": "authentication_type",
          "typePropertyKind": "TYPE_EXPRESSION",
          "required": true,
          "description": "The type of authentication used, if relevant, from the Event(s) which orignated the Alarm.",
          "key": "authentication_type"
        },
        {
          "type": "string",
          "name": "destination_name",
          "displayName": "destination_name",
          "typePropertyKind": "TYPE_EXPRESSION",
          "required": true,
          "description": "The name of the asset which originated the Alarm.",
          "key": "destination_name"
        },
        {
          "type": "string",
          "name": "error_message",
          "displayName": "error_message",
          "typePropertyKind": "TYPE_EXPRESSION",
          "required": false,
          "description": "The error message of the response, if relevant, which originated the Alarm.",
          "key": "error_message"
        },
        {
          "type": "string",
          "name": "event_action",
          "displayName": "event_action",
          "typePropertyKind": "TYPE_EXPRESSION",
          "required": true,
          "description": "The implied action of the Event(s) - Create, Read, Update, Delete..etc which originated the Alarm.",
          "key": "event_action"
        },
        {
          "type": "string",
          "name": "event_name",
          "displayName": "event_name",
          "typePropertyKind": "TYPE_EXPRESSION",
          "required": true,
          "description": "The short, user-readable description of the Event(s) which originated the Alarm.",
          "key": "event_name"
        },
        {
          "type": "boolean",
          "name": "needs_enrichment",
          "displayName": "needs_enrichment",
          "typePropertyKind": "TYPE_EXPRESSION",
          "required": false,
          "description": "If the Event(s) that originated the alarm need to be processed by Enrichment Apps.",
          "key": "needs_enrichment"
        },
        {
          "type": "string",
          "name": "event_type",
          "displayName": "event_type",
          "typePropertyKind": "TYPE_EXPRESSION",
          "required": false,
          "description": "The type of Event. In this case it will always be Alarm.",
          "key": "event_type"
        },
        {
          "type": "string",
          "name": "has_alarm",
          "displayName": "has_alarm",
          "typePropertyKind": "TYPE_EXPRESSION",
          "required": false,
          "description": "Boolean defining if the Event has an alarm associated with it.",
          "key": "has_alarm"
        },
        {
          "type": "array",
          "items": {
            "type": "any"
          },
          "name": "highlight_fields",
          "displayName": "highlight_fields",
          "typePropertyKind": "TYPE_EXPRESSION",
          "required": true,
          "description": "Array of the most important fields for an alarm.",
          "key": "highlight_fields"
        },
        {
          "type": "integer",
          "name": "number_of_events",
          "displayName": "number_of_events",
          "typePropertyKind": "TYPE_EXPRESSION",
          "required": true,
          "description": "Numbers of Events that originated the Alarm.",
          "key": "number_of_events"
        },
        {
          "type": "array",
          "items": {
            "type": "any"
          },
          "name": "packet_data",
          "displayName": "packet_data",
          "typePropertyKind": "TYPE_EXPRESSION",
          "required": true,
          "description": "Array of Event IDS that originated the Alarm.",
          "key": "packet_data"
        },
        {
          "type": "string",
          "name": "packet_type",
          "displayName": "packet_type",
          "typePropertyKind": "TYPE_EXPRESSION",
          "required": false,
          "description": "The internal classification of the packet type. In this case, it will always be \"alarm\".",
          "key": "packet_type"
        },
        {
          "type": "string",
          "name": "priority",
          "displayName": "priority",
          "typePropertyKind": "TYPE_EXPRESSION",
          "required": true,
          "description": "The priority of the Alarm. Ranges from 1-100",
          "key": "priority"
        },
        {
          "type": "string",
          "name": "priority_label",
          "displayName": "priority_label",
          "typePropertyKind": "TYPE_EXPRESSION",
          "required": true,
          "description": "The priority label of the Alarm. Can be low if priority <= 33, medium if 33<priority<=66, or high priority > 66.",
          "key": "priority_label"
        },
        {
          "type": "string",
          "name": "request_user_agent",
          "displayName": "request_user_agent",
          "typePropertyKind": "TYPE_EXPRESSION",
          "required": false,
          "description": "The user agent in the request from the Event(s) which originated the Alarm.",
          "key": "request_user_agent"
        },
        {
          "type": "string",
          "name": "rule_dictionary",
          "displayName": "rule_dictionary",
          "typePropertyKind": "TYPE_EXPRESSION",
          "required": true,
          "description": "The correlation rule that processed the Event(s) which originated the Alarm.",
          "key": "rule_dictionary"
        },
        {
          "type": "string",
          "name": "rule_id",
          "displayName": "rule_id",
          "typePropertyKind": "TYPE_EXPRESSION",
          "required": true,
          "description": "The ID of the correlation rule that processed the Event(s) which originated the Alarm.",
          "key": "rule_id"
        },
        {
          "type": "string",
          "name": "rule_intent",
          "displayName": "rule_intent",
          "typePropertyKind": "TYPE_EXPRESSION",
          "required": true,
          "description": "The intent of the correlation rule that processed the Event(s) which originated the Alarm. Either malicious or informational.",
          "enum": [
            "Reconnaissance & Probing",
            "Delivery & Attack",
            "Exploitation & Installation",
            "System Compromise",
            "Environmental Awareness"
          ],
          "key": "rule_intent"
        },
        {
          "type": "string",
          "name": "rule_method",
          "displayName": "rule_method",
          "typePropertyKind": "TYPE_EXPRESSION",
          "required": true,
          "description": "The method describes the particular method employed by the actor of the correlation rule that processed the Event(s) which originated the Alarm.",
          "key": "rule_method"
        },
        {
          "type": "string",
          "name": "rule_strategy",
          "displayName": "rule_strategy",
          "typePropertyKind": "TYPE_EXPRESSION",
          "required": true,
          "description": "The strategy of the correlation rule that processed the Event(s) which originated the Alarm.",
          "key": "rule_strategy"
        },
        {
          "type": "string",
          "name": "security_group_id",
          "displayName": "security_group_id",
          "typePropertyKind": "TYPE_EXPRESSION",
          "required": false,
          "description": "The security group id used from the Event(s) which originated the Alarm.",
          "key": "security_group_id"
        },
        {
          "type": "string",
          "name": "sensor_name",
          "displayName": "sensor_name",
          "typePropertyKind": "TYPE_EXPRESSION",
          "required": false,
          "description": "The name of the sensor that received this Event.",
          "key": "sensor_name"
        },
        {
          "type": "string",
          "name": "sensor_uuid",
          "displayName": "sensor_uuid",
          "typePropertyKind": "TYPE_EXPRESSION",
          "required": true,
          "description": "The UUID of the sensor that received this Event.",
          "key": "sensor_uuid"
        },
        {
          "type": "string",
          "name": "source_asset_id",
          "displayName": "source_asset_id",
          "typePropertyKind": "TYPE_EXPRESSION",
          "required": false,
          "description": "The ID of the source asset from the Event(s) which originated the Alarm.",
          "key": "source_asset_id"
        },
        {
          "type": "string",
          "name": "source_name",
          "displayName": "source_name",
          "typePropertyKind": "TYPE_EXPRESSION",
          "required": false,
          "description": "The name of the source asset from the Event(s) which originated the Alarm.",
          "key": "source_name"
        },
        {
          "type": "string",
          "name": "source_hostname",
          "displayName": "source_hostname",
          "typePropertyKind": "TYPE_EXPRESSION",
          "required": false,
          "description": "The hostname of the source asset from the Event(s) which originated the Alarm.",
          "key": "source_hostname"
        },
        {
          "type": "string",
          "name": "source_username",
          "displayName": "source_username",
          "typePropertyKind": "TYPE_EXPRESSION",
          "required": true,
          "description": "The source username from the Event(s) which originated the Alarm.",
          "key": "source_username"
        },
        {
          "type": "string",
          "name": "status",
          "displayName": "status",
          "typePropertyKind": "TYPE_EXPRESSION",
          "required": true,
          "description": "The status of the Alarm.",
          "enum": [
            "Open",
            "In Review",
            "Closed"
          ],
          "key": "status"
        },
        {
          "type": "string",
          "name": "suppressed",
          "displayName": "suppressed",
          "typePropertyKind": "TYPE_EXPRESSION",
          "required": true,
          "description": "Boolean string value to determine if the alarm is suppressed.",
          "key": "suppressed"
        },
        {
          "type": "string",
          "name": "timestamp_occured",
          "displayName": "timestamp_occured",
          "typePropertyKind": "TYPE_EXPRESSION",
          "required": true,
          "description": "Epoch string of the first Event occurrence.",
          "key": "timestamp_occured"
        },
        {
          "type": "string",
          "name": "timestamp_received",
          "displayName": "timestamp_received",
          "typePropertyKind": "TYPE_EXPRESSION",
          "required": true,
          "description": "Epoch of when the first event was received.",
          "key": "timestamp_received"
        },
        {
          "type": "string",
          "name": "timestamp_received_iso8601",
          "displayName": "timestamp_received_iso8601",
          "typePropertyKind": "TYPE_EXPRESSION",
          "required": false,
          "description": "Epoch string of when the Event was received in ISO 8601 format.",
          "key": "timestamp_received_iso8601"
        },
        {
          "type": "string",
          "name": "timestamp_occured_iso8601",
          "displayName": "timestamp_occured_iso8601",
          "typePropertyKind": "TYPE_EXPRESSION",
          "required": false,
          "description": "Epoch string of the first Event occurrence in ISO 8601 format.",
          "key": "timestamp_occured_iso8601"
        },
        {
          "type": "boolean",
          "name": "transient",
          "displayName": "transient",
          "typePropertyKind": "TYPE_EXPRESSION",
          "required": false,
          "description": "Boolean string value to determine if the Alarm is transient.",
          "key": "transient"
        },
        {
          "type": "string",
          "name": "uuid",
          "displayName": "uuid",
          "typePropertyKind": "TYPE_EXPRESSION",
          "required": true,
          "description": "Unique UUID of this Alarm.",
          "key": "uuid"
        }
      ],
      "name": "alarm",
      "displayName": "alarm",
      "typePropertyKind": "TYPE_EXPRESSION",
      "required": true,
      "description": "Alarm details",
      "additionalProperties": true,
      "key": "alarm"
    },
    "assets": {
      "type": "array",
      "items": {
        "type": "any"
      },
      "name": "assets",
      "displayName": "assets",
      "typePropertyKind": "TYPE_EXPRESSION",
      "required": true,
      "description": "An array of the assets tied to the Event(s) which originated the Alarm.",
      "key": "assets"
    },
    "events": {
      "type": "array",
      "items": {
        "type": "object",
        "properties": [
          {
            "type": "string",
            "name": "access_control_outcome",
            "displayName": "access_control_outcome",
            "typePropertyKind": "TYPE_EXPRESSION",
            "required": false,
            "description": "The outcome for Access Control which generated the Event.",
            "key": "access_control_outcome"
          },
          {
            "type": "string",
            "name": "access_key_id",
            "displayName": "access_key_id",
            "typePropertyKind": "TYPE_EXPRESSION",
            "required": false,
            "description": "The ID of the access key used which generated the Event.",
            "key": "access_key_id"
          },
          {
            "type": "string",
            "name": "account_name",
            "displayName": "account_name",
            "typePropertyKind": "TYPE_EXPRESSION",
            "required": false,
            "description": "The account name which generated this Event.",
            "key": "account_name"
          },
          {
            "type": "string",
            "name": "account_id",
            "displayName": "account_id",
            "typePropertyKind": "TYPE_EXPRESSION",
            "required": false,
            "description": "The account ID which generated this Event.",
            "key": "account_id"
          },
          {
            "type": "string",
            "name": "app_id",
            "displayName": "app_id",
            "typePropertyKind": "TYPE_EXPRESSION",
            "required": false,
            "description": "The ID of the sensor app which generated the Event.",
            "key": "app_id"
          },
          {
            "type": "string",
            "name": "app_name",
            "displayName": "app_name",
            "typePropertyKind": "TYPE_EXPRESSION",
            "required": false,
            "description": "The name of the sensor app which generated the Event.",
            "key": "app_name"
          },
          {
            "type": "string",
            "name": "app_type",
            "displayName": "app_type",
            "typePropertyKind": "TYPE_EXPRESSION",
            "required": false,
            "description": "The type of sensor app which generated the Event.",
            "key": "app_type"
          },
          {
            "type": "string",
            "name": "authentication_mode",
            "displayName": "authentication_mode",
            "typePropertyKind": "TYPE_EXPRESSION",
            "required": false,
            "description": "The mode of authentication used, if relevant, which originated the Event.",
            "key": "authentication_mode"
          },
          {
            "type": "string",
            "name": "authentication_type",
            "displayName": "authentication_type",
            "typePropertyKind": "TYPE_EXPRESSION",
            "required": false,
            "description": "The method used to authenticate which generated the Event.",
            "key": "authentication_type"
          },
          {
            "type": "string",
            "name": "customheader_0",
            "displayName": "customheader_0",
            "typePropertyKind": "TYPE_EXPRESSION",
            "required": false,
            "description": "Custom header. There are 20 supported.",
            "key": "customheader_0"
          },
          {
            "type": "string",
            "name": "customfield_0",
            "displayName": "customfield_0",
            "typePropertyKind": "TYPE_EXPRESSION",
            "required": false,
            "description": "Custom field. There are 20 supported.",
            "key": "customfield_0"
          },
          {
            "type": "string",
            "name": "destination_address",
            "displayName": "destination_address",
            "typePropertyKind": "TYPE_EXPRESSION",
            "required": false,
            "description": "The ip address of the destination which generated the Event.",
            "key": "destination_address"
          },
          {
            "type": "string",
            "name": "destination_canonical",
            "displayName": "destination_canonical",
            "typePropertyKind": "TYPE_EXPRESSION",
            "required": false,
            "description": "The canonical representation of the destination which generated the Event.",
            "key": "destination_canonical"
          },
          {
            "type": "string",
            "name": "destination_hostname",
            "displayName": "destination_hostname",
            "typePropertyKind": "TYPE_EXPRESSION",
            "required": false,
            "description": "The hostname of the destination which generated the Event.",
            "key": "destination_hostname"
          },
          {
            "type": "string",
            "name": "destination_infrastructure_name",
            "displayName": "destination_infrastructure_name",
            "typePropertyKind": "TYPE_EXPRESSION",
            "required": false,
            "description": "The infranstructure name of the destination which generated the Event.",
            "key": "destination_infrastructure_name"
          },
          {
            "type": "string",
            "name": "destination_infrastructure_type",
            "displayName": "destination_infrastructure_type",
            "typePropertyKind": "TYPE_EXPRESSION",
            "required": false,
            "description": "The infranstructure type of the destination which generated the Event.",
            "key": "destination_infrastructure_type"
          },
          {
            "type": "string",
            "name": "destination_name",
            "displayName": "destination_name",
            "typePropertyKind": "TYPE_EXPRESSION",
            "required": true,
            "description": "The name of the Asset on the Event originated.",
            "key": "destination_name"
          },
          {
            "type": "string",
            "name": "destination_userid",
            "displayName": "destination_userid",
            "typePropertyKind": "TYPE_EXPRESSION",
            "required": false,
            "description": "The user id which generated the Event.",
            "key": "destination_userid"
          },
          {
            "type": "string",
            "name": "destination_zone",
            "displayName": "destination_zone",
            "typePropertyKind": "TYPE_EXPRESSION",
            "required": false,
            "description": "The destination zone which generated the Event.",
            "key": "destination_zone"
          },
          {
            "type": "string",
            "name": "error_code",
            "displayName": "error_code",
            "typePropertyKind": "TYPE_EXPRESSION",
            "required": false,
            "description": "The error code of the response, if relevant, which originated the Alarm.",
            "key": "error_code"
          },
          {
            "type": "string",
            "name": "error_message",
            "displayName": "error_message",
            "typePropertyKind": "TYPE_EXPRESSION",
            "required": false,
            "description": "The error message of the response, if relevant, which originated the Alarm.",
            "key": "error_message"
          },
          {
            "type": "string",
            "name": "event_action",
            "displayName": "event_action",
            "typePropertyKind": "TYPE_EXPRESSION",
            "required": true,
            "description": "The implied action- Create, Read, Update, Delete..etc- which generated the Event.",
            "key": "event_action"
          },
          {
            "type": "string",
            "name": "event_description",
            "displayName": "event_description",
            "typePropertyKind": "TYPE_EXPRESSION",
            "required": true,
            "description": "The decription of the Event.",
            "key": "event_description"
          },
          {
            "type": "string",
            "name": "event_description_url",
            "displayName": "event_description_url",
            "typePropertyKind": "TYPE_EXPRESSION",
            "required": false,
            "description": "The URL for the full description of the Event.",
            "key": "event_description_url"
          },
          {
            "type": "string",
            "name": "event_name",
            "displayName": "event_name",
            "typePropertyKind": "TYPE_EXPRESSION",
            "required": true,
            "description": "The short, user-readable description of the Event.",
            "key": "event_name"
          },
          {
            "type": "string",
            "name": "event_type",
            "displayName": "event_type",
            "typePropertyKind": "TYPE_EXPRESSION",
            "required": true,
            "description": "The type of Event.",
            "key": "event_type"
          },
          {
            "type": "string",
            "name": "has_alarm",
            "displayName": "has_alarm",
            "typePropertyKind": "TYPE_EXPRESSION",
            "required": false,
            "description": "Boolean defining if the Event has an alarm associated with it.",
            "key": "has_alarm"
          },
          {
            "type": "array",
            "items": {
              "type": "any"
            },
            "name": "highlight_fields",
            "displayName": "highlight_fields",
            "typePropertyKind": "TYPE_EXPRESSION",
            "required": true,
            "description": "Array of the most important fields for the Event type created.",
            "key": "highlight_fields"
          },
          {
            "type": "string",
            "name": "log",
            "displayName": "log",
            "typePropertyKind": "TYPE_EXPRESSION",
            "required": true,
            "description": "The raw log which generated the Event.",
            "key": "log"
          },
          {
            "type": "boolean",
            "name": "needs_enrichment",
            "displayName": "needs_enrichment",
            "typePropertyKind": "TYPE_EXPRESSION",
            "required": false,
            "description": "Boolean defining if the Event needs to be processed by the Enrichment Apps.",
            "key": "needs_enrichment"
          },
          {
            "type": "string",
            "name": "packet_type",
            "displayName": "packet_type",
            "typePropertyKind": "TYPE_EXPRESSION",
            "required": true,
            "description": "The internal classification of the packet type.",
            "key": "packet_type"
          },
          {
            "type": "string",
            "name": "plugin",
            "displayName": "plugin",
            "typePropertyKind": "TYPE_EXPRESSION",
            "required": false,
            "description": "The plugin used to normalize the Event.",
            "key": "plugin"
          },
          {
            "type": "string",
            "name": "plugin_device",
            "displayName": "plugin_device",
            "typePropertyKind": "TYPE_EXPRESSION",
            "required": false,
            "description": "The device the plugin was made for.",
            "key": "plugin_device"
          },
          {
            "type": "string",
            "name": "plugin_device_type",
            "displayName": "plugin_device_type",
            "typePropertyKind": "TYPE_EXPRESSION",
            "required": false,
            "description": "The type of the device the plugin was made for.",
            "key": "plugin_device_type"
          },
          {
            "type": "string",
            "name": "plugin_family",
            "displayName": "plugin_family",
            "typePropertyKind": "TYPE_EXPRESSION",
            "required": false,
            "description": "Family the plugin belongs to.",
            "key": "plugin_family"
          },
          {
            "type": "string",
            "name": "plugin_version",
            "displayName": "plugin_version",
            "typePropertyKind": "TYPE_EXPRESSION",
            "required": false,
            "description": "The version of the plugin.",
            "key": "plugin_version"
          },
          {
            "type": "string",
            "name": "received_from",
            "displayName": "received_from",
            "typePropertyKind": "TYPE_EXPRESSION",
            "required": true,
            "description": "Source this Event was received from.",
            "key": "received_from"
          },
          {
            "type": "string",
            "name": "rep_device_rule_id",
            "displayName": "rep_device_rule_id",
            "typePropertyKind": "TYPE_EXPRESSION",
            "required": false,
            "description": "The ID of the rule used by the reporting device to generate this Event (i.e. firewall rule, CVE, IDS Rule).",
            "key": "rep_device_rule_id"
          },
          {
            "type": "string",
            "name": "rep_device_version",
            "displayName": "rep_device_version",
            "typePropertyKind": "TYPE_EXPRESSION",
            "required": false,
            "description": "The version of the reporting device.",
            "key": "rep_device_version"
          },
          {
            "type": "string",
            "name": "request_user_agent",
            "displayName": "request_user_agent",
            "typePropertyKind": "TYPE_EXPRESSION",
            "required": false,
            "description": "The User Agent of the request which generated the Event.",
            "key": "request_user_agent"
          },
          {
            "type": "string",
            "name": "security_group_id",
            "displayName": "security_group_id",
            "typePropertyKind": "TYPE_EXPRESSION",
            "required": false,
            "description": "The ID of the security group which generated the Event.",
            "key": "security_group_id"
          },
          {
            "type": "string",
            "name": "sensor_name",
            "displayName": "sensor_name",
            "typePropertyKind": "TYPE_EXPRESSION",
            "required": false,
            "description": "The name of the sensor that received this Event.",
            "key": "sensor_name"
          },
          {
            "type": "string",
            "name": "sensor_uuid",
            "displayName": "sensor_uuid",
            "typePropertyKind": "TYPE_EXPRESSION",
            "required": true,
            "description": "The UUID of the sensor that received this Event.",
            "key": "sensor_uuid"
          },
          {
            "type": "string",
            "name": "source_address",
            "displayName": "source_address",
            "typePropertyKind": "TYPE_EXPRESSION",
            "required": true,
            "description": "The IP address which originated the Event.",
            "key": "source_address"
          },
          {
            "type": "string",
            "name": "source_asset_id",
            "displayName": "source_asset_id",
            "typePropertyKind": "TYPE_EXPRESSION",
            "required": true,
            "description": "The ID of the Asset which originated the Event.",
            "key": "source_asset_id"
          },
          {
            "type": "string",
            "name": "source_canonical",
            "displayName": "source_canonical",
            "typePropertyKind": "TYPE_EXPRESSION",
            "required": true,
            "description": "The Canonical representation of the source which originated the Event.",
            "key": "source_canonical"
          },
          {
            "type": "string",
            "name": "source_city",
            "displayName": "source_city",
            "typePropertyKind": "TYPE_EXPRESSION",
            "required": false,
            "description": "The city of the source which originated the Event.",
            "key": "source_city"
          },
          {
            "type": "string",
            "name": "source_country",
            "displayName": "source_country",
            "typePropertyKind": "TYPE_EXPRESSION",
            "required": false,
            "description": "The country of the source which originated the Event.",
            "key": "source_country"
          },
          {
            "type": "string",
            "name": "source_fqdn",
            "displayName": "source_fqdn",
            "typePropertyKind": "TYPE_EXPRESSION",
            "required": false,
            "description": "The FQDN of the source of Asset which originated the Event.",
            "key": "source_fqdn"
          },
          {
            "type": "string",
            "name": "source_hostname",
            "displayName": "source_hostname",
            "typePropertyKind": "TYPE_EXPRESSION",
            "required": false,
            "description": "The hostname of the source Asset which originated the Event.",
            "key": "source_hostname"
          },
          {
            "type": "string",
            "name": "source_latitude",
            "displayName": "source_latitude",
            "typePropertyKind": "TYPE_EXPRESSION",
            "required": false,
            "description": "The latitude of the source which originated the Event.",
            "key": "source_latitude"
          },
          {
            "type": "string",
            "name": "source_longitude",
            "displayName": "source_longitude",
            "typePropertyKind": "TYPE_EXPRESSION",
            "required": false,
            "description": "The longintude of the source which originated the Event.",
            "key": "source_longitude"
          },
          {
            "type": "string",
            "name": "source_name",
            "displayName": "source_name",
            "typePropertyKind": "TYPE_EXPRESSION",
            "required": false,
            "description": "The name of the source which originated the Event.",
            "key": "source_name"
          },
          {
            "type": "string",
            "name": "source_organisation",
            "displayName": "source_organisation",
            "typePropertyKind": "TYPE_EXPRESSION",
            "required": false,
            "description": "The organization of the source which originated the Event.",
            "key": "source_organisation"
          },
          {
            "type": "string",
            "name": "source_region",
            "displayName": "source_region",
            "typePropertyKind": "TYPE_EXPRESSION",
            "required": false,
            "description": "The region of the source which originated the Event.",
            "key": "source_region"
          },
          {
            "type": "string",
            "name": "source_registered_country",
            "displayName": "source_registered_country",
            "typePropertyKind": "TYPE_EXPRESSION",
            "required": false,
            "description": "The country registered of the source which originated the Event.",
            "key": "source_registered_country"
          },
          {
            "type": "string",
            "name": "source_userid",
            "displayName": "source_userid",
            "typePropertyKind": "TYPE_EXPRESSION",
            "required": false,
            "description": "The user ID of the source which originated the Event.",
            "key": "source_userid"
          },
          {
            "type": "string",
            "name": "source_username",
            "displayName": "source_username",
            "typePropertyKind": "TYPE_EXPRESSION",
            "required": true,
            "description": "The username of the source which originated the Event.",
            "key": "source_username"
          },
          {
            "type": "string",
            "name": "suppressed",
            "displayName": "suppressed",
            "typePropertyKind": "TYPE_EXPRESSION",
            "required": true,
            "description": "Boolean string value to determine if the Event is suppressed.",
            "key": "suppressed"
          },
          {
            "type": "string",
            "name": "timestamp_occured",
            "displayName": "timestamp_occured",
            "typePropertyKind": "TYPE_EXPRESSION",
            "required": true,
            "description": "Epoch string of the Event occurrence.",
            "key": "timestamp_occured"
          },
          {
            "type": "string",
            "name": "timestamp_occured_iso8601",
            "displayName": "timestamp_occured_iso8601",
            "typePropertyKind": "TYPE_EXPRESSION",
            "required": true,
            "description": "Epoch string of the Event occurrence in ISO 8601 format.",
            "key": "timestamp_occured_iso8601"
          },
          {
            "type": "string",
            "name": "timestamp_received",
            "displayName": "timestamp_received",
            "typePropertyKind": "TYPE_EXPRESSION",
            "required": true,
            "description": "Epoch string of when the Event was received.",
            "key": "timestamp_received"
          },
          {
            "type": "string",
            "name": "timestamp_received_iso8601",
            "displayName": "timestamp_received_iso8601",
            "typePropertyKind": "TYPE_EXPRESSION",
            "required": true,
            "description": "Epoch string of when the Event was received in ISO 8601 format.",
            "key": "timestamp_received_iso8601"
          },
          {
            "type": "boolean",
            "name": "transient",
            "displayName": "transient",
            "typePropertyKind": "TYPE_EXPRESSION",
            "required": false,
            "description": "Boolean value to determine if the Event is transient.",
            "key": "transient"
          },
          {
            "type": "boolean",
            "name": "used_hint",
            "displayName": "used_hint",
            "typePropertyKind": "TYPE_EXPRESSION",
            "required": true,
            "description": "Boolean value to determine if a hint was used to find the plugin.",
            "key": "used_hint"
          },
          {
            "type": "string",
            "name": "uuid",
            "displayName": "uuid",
            "typePropertyKind": "TYPE_EXPRESSION",
            "required": true,
            "description": "Unique UUID of this Event.",
            "key": "uuid"
          },
          {
            "type": "boolean",
            "name": "was_fuzzied",
            "displayName": "was_fuzzied",
            "typePropertyKind": "TYPE_EXPRESSION",
            "required": false,
            "description": "Boolean value to determine if a fuzzied parser was used to generate the Event.",
            "key": "was_fuzzied"
          },
          {
            "type": "boolean",
            "name": "was_guessed",
            "displayName": "was_guessed",
            "typePropertyKind": "TYPE_EXPRESSION",
            "required": false,
            "description": "Boolean value to determine if the plugin was brute forced.",
            "key": "was_guessed"
          }
        ],
        "name": "events",
        "displayName": "events",
        "typePropertyKind": "TYPE_EXPRESSION",
        "description": "This object contains all information pertaining to an Event.",
        "additionalProperties": true,
        "originalType": "events"
      },
      "name": "events",
      "displayName": "events",
      "typePropertyKind": "TYPE_EXPRESSION",
      "required": true,
      "description": "An array of the last 10 Events associated with the Alarm.",
      "key": "events"
    },
    "tenantId": {
      "type": "string",
      "name": "tenantId",
      "displayName": "tenantId",
      "typePropertyKind": "TYPE_EXPRESSION",
      "required": true,
      "description": "ID of the USMA instance which forwarded the alarm to USMC.",
      "examples": [
        {
          "value": "cn://fjrubio-cn.aveng.us",
          "strict": true,
          "name": null,
          "structuredValue": "cn://fjrubio-cn.aveng.us"
        }
      ],
      "key": "tenantId"
    },
    "timestamp": {
      "type": "integer",
      "name": "timestamp",
      "displayName": "timestamp",
      "typePropertyKind": "TYPE_EXPRESSION",
      "required": true,
      "description": "Epoch timestamp of when alarm was processed by USM Central.",
      "key": "timestamp"
    }
  }
}

oauthResponse

Describes a response for OAuth/token endpoint.


Properties

TYPE DEFINITION

{
  "name": "oauthResponse",
  "type": "object",
  "description": "Describes a response for OAuth/token endpoint.",
  "properties": {
    "access_token": {
      "type": "string",
      "name": "access_token",
      "displayName": "access_token",
      "typePropertyKind": "TYPE_EXPRESSION",
      "required": true,
      "key": "access_token"
    },
    "token_type": {
      "type": "string",
      "name": "token_type",
      "displayName": "token_type",
      "typePropertyKind": "TYPE_EXPRESSION",
      "required": true,
      "key": "token_type"
    },
    "expires_in": {
      "type": "number",
      "name": "expires_in",
      "displayName": "expires_in",
      "typePropertyKind": "TYPE_EXPRESSION",
      "required": true,
      "key": "expires_in"
    }
  }
}

events

This object contains all information pertaining to an Event.


Properties

TYPE DEFINITION

{
  "name": "events",
  "type": "object",
  "description": "This object contains all information pertaining to an Event.",
  "properties": {
    "access_control_outcome": {
      "type": "string",
      "name": "access_control_outcome",
      "displayName": "access_control_outcome",
      "typePropertyKind": "TYPE_EXPRESSION",
      "required": false,
      "description": "The outcome for Access Control which generated the Event."
    },
    "access_key_id": {
      "type": "string",
      "name": "access_key_id",
      "displayName": "access_key_id",
      "typePropertyKind": "TYPE_EXPRESSION",
      "required": false,
      "description": "The ID of the access key used which generated the Event."
    },
    "account_name": {
      "type": "string",
      "name": "account_name",
      "displayName": "account_name",
      "typePropertyKind": "TYPE_EXPRESSION",
      "required": false,
      "description": "The account name which generated this Event."
    },
    "account_id": {
      "type": "string",
      "name": "account_id",
      "displayName": "account_id",
      "typePropertyKind": "TYPE_EXPRESSION",
      "required": false,
      "description": "The account ID which generated this Event."
    },
    "app_id": {
      "type": "string",
      "name": "app_id",
      "displayName": "app_id",
      "typePropertyKind": "TYPE_EXPRESSION",
      "required": false,
      "description": "The ID of the sensor app which generated the Event."
    },
    "app_name": {
      "type": "string",
      "name": "app_name",
      "displayName": "app_name",
      "typePropertyKind": "TYPE_EXPRESSION",
      "required": false,
      "description": "The name of the sensor app which generated the Event."
    },
    "app_type": {
      "type": "string",
      "name": "app_type",
      "displayName": "app_type",
      "typePropertyKind": "TYPE_EXPRESSION",
      "required": false,
      "description": "The type of sensor app which generated the Event."
    },
    "authentication_mode": {
      "type": "string",
      "name": "authentication_mode",
      "displayName": "authentication_mode",
      "typePropertyKind": "TYPE_EXPRESSION",
      "required": false,
      "description": "The mode of authentication used, if relevant, which originated the Event."
    },
    "authentication_type": {
      "type": "string",
      "name": "authentication_type",
      "displayName": "authentication_type",
      "typePropertyKind": "TYPE_EXPRESSION",
      "required": false,
      "description": "The method used to authenticate which generated the Event."
    },
    "customheader_0": {
      "type": "string",
      "name": "customheader_0",
      "displayName": "customheader_0",
      "typePropertyKind": "TYPE_EXPRESSION",
      "required": false,
      "description": "Custom header. There are 20 supported."
    },
    "customfield_0": {
      "type": "string",
      "name": "customfield_0",
      "displayName": "customfield_0",
      "typePropertyKind": "TYPE_EXPRESSION",
      "required": false,
      "description": "Custom field. There are 20 supported."
    },
    "destination_address": {
      "type": "string",
      "name": "destination_address",
      "displayName": "destination_address",
      "typePropertyKind": "TYPE_EXPRESSION",
      "required": false,
      "description": "The ip address of the destination which generated the Event."
    },
    "destination_canonical": {
      "type": "string",
      "name": "destination_canonical",
      "displayName": "destination_canonical",
      "typePropertyKind": "TYPE_EXPRESSION",
      "required": false,
      "description": "The canonical representation of the destination which generated the Event."
    },
    "destination_hostname": {
      "type": "string",
      "name": "destination_hostname",
      "displayName": "destination_hostname",
      "typePropertyKind": "TYPE_EXPRESSION",
      "required": false,
      "description": "The hostname of the destination which generated the Event."
    },
    "destination_infrastructure_name": {
      "type": "string",
      "name": "destination_infrastructure_name",
      "displayName": "destination_infrastructure_name",
      "typePropertyKind": "TYPE_EXPRESSION",
      "required": false,
      "description": "The infranstructure name of the destination which generated the Event."
    },
    "destination_infrastructure_type": {
      "type": "string",
      "name": "destination_infrastructure_type",
      "displayName": "destination_infrastructure_type",
      "typePropertyKind": "TYPE_EXPRESSION",
      "required": false,
      "description": "The infranstructure type of the destination which generated the Event."
    },
    "destination_name": {
      "type": "string",
      "name": "destination_name",
      "displayName": "destination_name",
      "typePropertyKind": "TYPE_EXPRESSION",
      "required": true,
      "description": "The name of the Asset on the Event originated."
    },
    "destination_userid": {
      "type": "string",
      "name": "destination_userid",
      "displayName": "destination_userid",
      "typePropertyKind": "TYPE_EXPRESSION",
      "required": false,
      "description": "The user id which generated the Event."
    },
    "destination_zone": {
      "type": "string",
      "name": "destination_zone",
      "displayName": "destination_zone",
      "typePropertyKind": "TYPE_EXPRESSION",
      "required": false,
      "description": "The destination zone which generated the Event."
    },
    "error_code": {
      "type": "string",
      "name": "error_code",
      "displayName": "error_code",
      "typePropertyKind": "TYPE_EXPRESSION",
      "required": false,
      "description": "The error code of the response, if relevant, which originated the Alarm."
    },
    "error_message": {
      "type": "string",
      "name": "error_message",
      "displayName": "error_message",
      "typePropertyKind": "TYPE_EXPRESSION",
      "required": false,
      "description": "The error message of the response, if relevant, which originated the Alarm."
    },
    "event_action": {
      "type": "string",
      "name": "event_action",
      "displayName": "event_action",
      "typePropertyKind": "TYPE_EXPRESSION",
      "required": true,
      "description": "The implied action- Create, Read, Update, Delete..etc- which generated the Event."
    },
    "event_description": {
      "type": "string",
      "name": "event_description",
      "displayName": "event_description",
      "typePropertyKind": "TYPE_EXPRESSION",
      "required": true,
      "description": "The decription of the Event."
    },
    "event_description_url": {
      "type": "string",
      "name": "event_description_url",
      "displayName": "event_description_url",
      "typePropertyKind": "TYPE_EXPRESSION",
      "required": false,
      "description": "The URL for the full description of the Event."
    },
    "event_name": {
      "type": "string",
      "name": "event_name",
      "displayName": "event_name",
      "typePropertyKind": "TYPE_EXPRESSION",
      "required": true,
      "description": "The short, user-readable description of the Event."
    },
    "event_type": {
      "type": "string",
      "name": "event_type",
      "displayName": "event_type",
      "typePropertyKind": "TYPE_EXPRESSION",
      "required": true,
      "description": "The type of Event."
    },
    "has_alarm": {
      "type": "string",
      "name": "has_alarm",
      "displayName": "has_alarm",
      "typePropertyKind": "TYPE_EXPRESSION",
      "required": false,
      "description": "Boolean defining if the Event has an alarm associated with it."
    },
    "highlight_fields": {
      "type": "array",
      "items": {
        "type": "any"
      },
      "name": "highlight_fields",
      "displayName": "highlight_fields",
      "typePropertyKind": "TYPE_EXPRESSION",
      "required": true,
      "description": "Array of the most important fields for the Event type created."
    },
    "log": {
      "type": "string",
      "name": "log",
      "displayName": "log",
      "typePropertyKind": "TYPE_EXPRESSION",
      "required": true,
      "description": "The raw log which generated the Event."
    },
    "needs_enrichment": {
      "type": "boolean",
      "name": "needs_enrichment",
      "displayName": "needs_enrichment",
      "typePropertyKind": "TYPE_EXPRESSION",
      "required": false,
      "description": "Boolean defining if the Event needs to be processed by the Enrichment Apps."
    },
    "packet_type": {
      "type": "string",
      "name": "packet_type",
      "displayName": "packet_type",
      "typePropertyKind": "TYPE_EXPRESSION",
      "required": true,
      "description": "The internal classification of the packet type."
    },
    "plugin": {
      "type": "string",
      "name": "plugin",
      "displayName": "plugin",
      "typePropertyKind": "TYPE_EXPRESSION",
      "required": false,
      "description": "The plugin used to normalize the Event."
    },
    "plugin_device": {
      "type": "string",
      "name": "plugin_device",
      "displayName": "plugin_device",
      "typePropertyKind": "TYPE_EXPRESSION",
      "required": false,
      "description": "The device the plugin was made for."
    },
    "plugin_device_type": {
      "type": "string",
      "name": "plugin_device_type",
      "displayName": "plugin_device_type",
      "typePropertyKind": "TYPE_EXPRESSION",
      "required": false,
      "description": "The type of the device the plugin was made for."
    },
    "plugin_family": {
      "type": "string",
      "name": "plugin_family",
      "displayName": "plugin_family",
      "typePropertyKind": "TYPE_EXPRESSION",
      "required": false,
      "description": "Family the plugin belongs to."
    },
    "plugin_version": {
      "type": "string",
      "name": "plugin_version",
      "displayName": "plugin_version",
      "typePropertyKind": "TYPE_EXPRESSION",
      "required": false,
      "description": "The version of the plugin."
    },
    "received_from": {
      "type": "string",
      "name": "received_from",
      "displayName": "received_from",
      "typePropertyKind": "TYPE_EXPRESSION",
      "required": true,
      "description": "Source this Event was received from."
    },
    "rep_device_rule_id": {
      "type": "string",
      "name": "rep_device_rule_id",
      "displayName": "rep_device_rule_id",
      "typePropertyKind": "TYPE_EXPRESSION",
      "required": false,
      "description": "The ID of the rule used by the reporting device to generate this Event (i.e. firewall rule, CVE, IDS Rule)."
    },
    "rep_device_version": {
      "type": "string",
      "name": "rep_device_version",
      "displayName": "rep_device_version",
      "typePropertyKind": "TYPE_EXPRESSION",
      "required": false,
      "description": "The version of the reporting device."
    },
    "request_user_agent": {
      "type": "string",
      "name": "request_user_agent",
      "displayName": "request_user_agent",
      "typePropertyKind": "TYPE_EXPRESSION",
      "required": false,
      "description": "The User Agent of the request which generated the Event."
    },
    "security_group_id": {
      "type": "string",
      "name": "security_group_id",
      "displayName": "security_group_id",
      "typePropertyKind": "TYPE_EXPRESSION",
      "required": false,
      "description": "The ID of the security group which generated the Event."
    },
    "sensor_name": {
      "type": "string",
      "name": "sensor_name",
      "displayName": "sensor_name",
      "typePropertyKind": "TYPE_EXPRESSION",
      "required": false,
      "description": "The name of the sensor that received this Event."
    },
    "sensor_uuid": {
      "type": "string",
      "name": "sensor_uuid",
      "displayName": "sensor_uuid",
      "typePropertyKind": "TYPE_EXPRESSION",
      "required": true,
      "description": "The UUID of the sensor that received this Event."
    },
    "source_address": {
      "type": "string",
      "name": "source_address",
      "displayName": "source_address",
      "typePropertyKind": "TYPE_EXPRESSION",
      "required": true,
      "description": "The IP address which originated the Event."
    },
    "source_asset_id": {
      "type": "string",
      "name": "source_asset_id",
      "displayName": "source_asset_id",
      "typePropertyKind": "TYPE_EXPRESSION",
      "required": true,
      "description": "The ID of the Asset which originated the Event."
    },
    "source_canonical": {
      "type": "string",
      "name": "source_canonical",
      "displayName": "source_canonical",
      "typePropertyKind": "TYPE_EXPRESSION",
      "required": true,
      "description": "The Canonical representation of the source which originated the Event."
    },
    "source_city": {
      "type": "string",
      "name": "source_city",
      "displayName": "source_city",
      "typePropertyKind": "TYPE_EXPRESSION",
      "required": false,
      "description": "The city of the source which originated the Event."
    },
    "source_country": {
      "type": "string",
      "name": "source_country",
      "displayName": "source_country",
      "typePropertyKind": "TYPE_EXPRESSION",
      "required": false,
      "description": "The country of the source which originated the Event."
    },
    "source_fqdn": {
      "type": "string",
      "name": "source_fqdn",
      "displayName": "source_fqdn",
      "typePropertyKind": "TYPE_EXPRESSION",
      "required": false,
      "description": "The FQDN of the source of Asset which originated the Event."
    },
    "source_hostname": {
      "type": "string",
      "name": "source_hostname",
      "displayName": "source_hostname",
      "typePropertyKind": "TYPE_EXPRESSION",
      "required": false,
      "description": "The hostname of the source Asset which originated the Event."
    },
    "source_latitude": {
      "type": "string",
      "name": "source_latitude",
      "displayName": "source_latitude",
      "typePropertyKind": "TYPE_EXPRESSION",
      "required": false,
      "description": "The latitude of the source which originated the Event."
    },
    "source_longitude": {
      "type": "string",
      "name": "source_longitude",
      "displayName": "source_longitude",
      "typePropertyKind": "TYPE_EXPRESSION",
      "required": false,
      "description": "The longintude of the source which originated the Event."
    },
    "source_name": {
      "type": "string",
      "name": "source_name",
      "displayName": "source_name",
      "typePropertyKind": "TYPE_EXPRESSION",
      "required": false,
      "description": "The name of the source which originated the Event."
    },
    "source_organisation": {
      "type": "string",
      "name": "source_organisation",
      "displayName": "source_organisation",
      "typePropertyKind": "TYPE_EXPRESSION",
      "required": false,
      "description": "The organization of the source which originated the Event."
    },
    "source_region": {
      "type": "string",
      "name": "source_region",
      "displayName": "source_region",
      "typePropertyKind": "TYPE_EXPRESSION",
      "required": false,
      "description": "The region of the source which originated the Event."
    },
    "source_registered_country": {
      "type": "string",
      "name": "source_registered_country",
      "displayName": "source_registered_country",
      "typePropertyKind": "TYPE_EXPRESSION",
      "required": false,
      "description": "The country registered of the source which originated the Event."
    },
    "source_userid": {
      "type": "string",
      "name": "source_userid",
      "displayName": "source_userid",
      "typePropertyKind": "TYPE_EXPRESSION",
      "required": false,
      "description": "The user ID of the source which originated the Event."
    },
    "source_username": {
      "type": "string",
      "name": "source_username",
      "displayName": "source_username",
      "typePropertyKind": "TYPE_EXPRESSION",
      "required": true,
      "description": "The username of the source which originated the Event."
    },
    "suppressed": {
      "type": "string",
      "name": "suppressed",
      "displayName": "suppressed",
      "typePropertyKind": "TYPE_EXPRESSION",
      "required": true,
      "description": "Boolean string value to determine if the Event is suppressed."
    },
    "timestamp_occured": {
      "type": "string",
      "name": "timestamp_occured",
      "displayName": "timestamp_occured",
      "typePropertyKind": "TYPE_EXPRESSION",
      "required": true,
      "description": "Epoch string of the Event occurrence."
    },
    "timestamp_occured_iso8601": {
      "type": "string",
      "name": "timestamp_occured_iso8601",
      "displayName": "timestamp_occured_iso8601",
      "typePropertyKind": "TYPE_EXPRESSION",
      "required": true,
      "description": "Epoch string of the Event occurrence in ISO 8601 format."
    },
    "timestamp_received": {
      "type": "string",
      "name": "timestamp_received",
      "displayName": "timestamp_received",
      "typePropertyKind": "TYPE_EXPRESSION",
      "required": true,
      "description": "Epoch string of when the Event was received."
    },
    "timestamp_received_iso8601": {
      "type": "string",
      "name": "timestamp_received_iso8601",
      "displayName": "timestamp_received_iso8601",
      "typePropertyKind": "TYPE_EXPRESSION",
      "required": true,
      "description": "Epoch string of when the Event was received in ISO 8601 format."
    },
    "transient": {
      "type": "boolean",
      "name": "transient",
      "displayName": "transient",
      "typePropertyKind": "TYPE_EXPRESSION",
      "required": false,
      "description": "Boolean value to determine if the Event is transient."
    },
    "used_hint": {
      "type": "boolean",
      "name": "used_hint",
      "displayName": "used_hint",
      "typePropertyKind": "TYPE_EXPRESSION",
      "required": true,
      "description": "Boolean value to determine if a hint was used to find the plugin."
    },
    "uuid": {
      "type": "string",
      "name": "uuid",
      "displayName": "uuid",
      "typePropertyKind": "TYPE_EXPRESSION",
      "required": true,
      "description": "Unique UUID of this Event."
    },
    "was_fuzzied": {
      "type": "boolean",
      "name": "was_fuzzied",
      "displayName": "was_fuzzied",
      "typePropertyKind": "TYPE_EXPRESSION",
      "required": false,
      "description": "Boolean value to determine if a fuzzied parser was used to generate the Event."
    },
    "was_guessed": {
      "type": "boolean",
      "name": "was_guessed",
      "displayName": "was_guessed",
      "typePropertyKind": "TYPE_EXPRESSION",
      "required": false,
      "description": "Boolean value to determine if the plugin was brute forced."
    }
  }
}

configurationIssuesSearchRequest

Describes a search request payload.


Properties

TYPE DEFINITION

{
  "name": "configurationIssuesSearchRequest",
  "type": "object",
  "description": "Describes a search request payload.",
  "properties": {
    "page": {
      "type": "number",
      "name": "page",
      "displayName": "page",
      "typePropertyKind": "TYPE_EXPRESSION",
      "required": true,
      "key": "page"
    },
    "size": {
      "type": "number",
      "name": "size",
      "displayName": "size",
      "typePropertyKind": "TYPE_EXPRESSION",
      "required": true,
      "key": "size"
    },
    "find": {
      "type": "object",
      "properties": [],
      "name": "find",
      "displayName": "find",
      "typePropertyKind": "TYPE_EXPRESSION",
      "required": false,
      "key": "find"
    },
    "sort": {
      "type": "object",
      "properties": [],
      "name": "sort",
      "displayName": "sort",
      "typePropertyKind": "TYPE_EXPRESSION",
      "required": true,
      "key": "sort"
    },
    "range": {
      "type": "object",
      "properties": [],
      "name": "range",
      "displayName": "range",
      "typePropertyKind": "TYPE_EXPRESSION",
      "required": false,
      "key": "range"
    }
  }
}

configurationIssuesSearchResponse

Search response


Properties

TYPE DEFINITION

{
  "name": "configurationIssuesSearchResponse",
  "type": "object",
  "description": "Search response",
  "properties": {
    "results": {
      "type": "array",
      "items": {
        "type": "object",
        "properties": [
          {
            "type": "object",
            "properties": [
              {
                "type": "string",
                "name": "id",
                "displayName": "id",
                "typePropertyKind": "TYPE_EXPRESSION",
                "required": true,
                "description": "Unique UUID of the configuration issue.",
                "key": "id"
              },
              {
                "type": "string",
                "name": "name",
                "displayName": "name",
                "typePropertyKind": "TYPE_EXPRESSION",
                "required": true,
                "description": "Name of the asset that generated the configuration issue.",
                "key": "name"
              }
            ],
            "name": "asset",
            "displayName": "asset",
            "typePropertyKind": "TYPE_EXPRESSION",
            "required": true,
            "description": "The asset which originated the configuration issue.",
            "additionalProperties": true,
            "key": "asset"
          },
          {
            "type": "object",
            "properties": [
              {
                "type": "string",
                "name": "category",
                "displayName": "category",
                "typePropertyKind": "TYPE_EXPRESSION",
                "required": true,
                "description": "The category of the configuration issue.",
                "key": "category"
              },
              {
                "type": "string",
                "name": "description",
                "displayName": "description",
                "typePropertyKind": "TYPE_EXPRESSION",
                "required": true,
                "description": "Description of the configuration issue.",
                "key": "description"
              },
              {
                "type": "integer",
                "name": "firstSeen",
                "displayName": "firstSeen",
                "typePropertyKind": "TYPE_EXPRESSION",
                "required": true,
                "description": "The first time the configuration issue was seen.",
                "key": "firstSeen"
              },
              {
                "type": "integer",
                "name": "lastTimestamp",
                "displayName": "lastTimestamp",
                "typePropertyKind": "TYPE_EXPRESSION",
                "required": true,
                "description": "The last time the configuration issue was seen.",
                "key": "lastTimestamp"
              },
              {
                "type": "string",
                "name": "severity",
                "displayName": "severity",
                "typePropertyKind": "TYPE_EXPRESSION",
                "required": true,
                "description": "The severity of the configuration issue.",
                "key": "severity"
              },
              {
                "type": "string",
                "name": "subcategory",
                "displayName": "subcategory",
                "typePropertyKind": "TYPE_EXPRESSION",
                "required": true,
                "description": "The subcategory of the configuration issue.",
                "key": "subcategory"
              },
              {
                "type": "string",
                "name": "source",
                "displayName": "source",
                "typePropertyKind": "TYPE_EXPRESSION",
                "required": true,
                "description": "The source of the configuration issue.",
                "key": "source"
              }
            ],
            "name": "configurationIssue",
            "displayName": "configurationIssue",
            "typePropertyKind": "TYPE_EXPRESSION",
            "required": true,
            "description": "Configuration issue details",
            "additionalProperties": true,
            "key": "configurationIssue"
          },
          {
            "type": "string",
            "name": "tenantId",
            "displayName": "tenantId",
            "typePropertyKind": "TYPE_EXPRESSION",
            "required": true,
            "description": "ID of the USMA instance which forwarded the configuration issue to USMC.",
            "examples": [
              {
                "value": "cn://fjrubio-cn.aveng.us",
                "strict": true,
                "name": null,
                "structuredValue": "cn://fjrubio-cn.aveng.us"
              }
            ],
            "key": "tenantId"
          },
          {
            "type": "integer",
            "name": "timestamp",
            "displayName": "timestamp",
            "typePropertyKind": "TYPE_EXPRESSION",
            "required": true,
            "description": "Epoch timestamp of when configuration issue was processed by USM Central.",
            "key": "timestamp"
          }
        ],
        "name": "configurationIssueResponse",
        "displayName": "configurationIssueResponse",
        "typePropertyKind": "TYPE_EXPRESSION",
        "description": "This object contains all information pertaining to a configuration issue.",
        "additionalProperties": true,
        "originalType": "configurationIssueResponse"
      },
      "name": "results",
      "displayName": "results",
      "typePropertyKind": "TYPE_EXPRESSION",
      "required": true,
      "key": "results"
    },
    "total": {
      "type": "number",
      "name": "total",
      "displayName": "total",
      "typePropertyKind": "TYPE_EXPRESSION",
      "required": true,
      "description": "The total number of results found.",
      "key": "total"
    }
  }
}

configurationIssueResponse

This object contains all information pertaining to a configuration issue.


Properties

TYPE DEFINITION

{
  "name": "configurationIssueResponse",
  "type": "object",
  "description": "This object contains all information pertaining to a configuration issue.",
  "properties": {
    "asset": {
      "type": "object",
      "properties": [
        {
          "type": "string",
          "name": "id",
          "displayName": "id",
          "typePropertyKind": "TYPE_EXPRESSION",
          "required": true,
          "description": "Unique UUID of the configuration issue.",
          "key": "id"
        },
        {
          "type": "string",
          "name": "name",
          "displayName": "name",
          "typePropertyKind": "TYPE_EXPRESSION",
          "required": true,
          "description": "Name of the asset that generated the configuration issue.",
          "key": "name"
        }
      ],
      "name": "asset",
      "displayName": "asset",
      "typePropertyKind": "TYPE_EXPRESSION",
      "required": true,
      "description": "The asset which originated the configuration issue.",
      "additionalProperties": true,
      "key": "asset"
    },
    "configurationIssue": {
      "type": "object",
      "properties": [
        {
          "type": "string",
          "name": "category",
          "displayName": "category",
          "typePropertyKind": "TYPE_EXPRESSION",
          "required": true,
          "description": "The category of the configuration issue.",
          "key": "category"
        },
        {
          "type": "string",
          "name": "description",
          "displayName": "description",
          "typePropertyKind": "TYPE_EXPRESSION",
          "required": true,
          "description": "Description of the configuration issue.",
          "key": "description"
        },
        {
          "type": "integer",
          "name": "firstSeen",
          "displayName": "firstSeen",
          "typePropertyKind": "TYPE_EXPRESSION",
          "required": true,
          "description": "The first time the configuration issue was seen.",
          "key": "firstSeen"
        },
        {
          "type": "integer",
          "name": "lastTimestamp",
          "displayName": "lastTimestamp",
          "typePropertyKind": "TYPE_EXPRESSION",
          "required": true,
          "description": "The last time the configuration issue was seen.",
          "key": "lastTimestamp"
        },
        {
          "type": "string",
          "name": "severity",
          "displayName": "severity",
          "typePropertyKind": "TYPE_EXPRESSION",
          "required": true,
          "description": "The severity of the configuration issue.",
          "key": "severity"
        },
        {
          "type": "string",
          "name": "subcategory",
          "displayName": "subcategory",
          "typePropertyKind": "TYPE_EXPRESSION",
          "required": true,
          "description": "The subcategory of the configuration issue.",
          "key": "subcategory"
        },
        {
          "type": "string",
          "name": "source",
          "displayName": "source",
          "typePropertyKind": "TYPE_EXPRESSION",
          "required": true,
          "description": "The source of the configuration issue.",
          "key": "source"
        }
      ],
      "name": "configurationIssue",
      "displayName": "configurationIssue",
      "typePropertyKind": "TYPE_EXPRESSION",
      "required": true,
      "description": "Configuration issue details",
      "additionalProperties": true,
      "key": "configurationIssue"
    },
    "tenantId": {
      "type": "string",
      "name": "tenantId",
      "displayName": "tenantId",
      "typePropertyKind": "TYPE_EXPRESSION",
      "required": true,
      "description": "ID of the USMA instance which forwarded the configuration issue to USMC.",
      "examples": [
        {
          "value": "cn://fjrubio-cn.aveng.us",
          "strict": true,
          "name": null,
          "structuredValue": "cn://fjrubio-cn.aveng.us"
        }
      ],
      "key": "tenantId"
    },
    "timestamp": {
      "type": "integer",
      "name": "timestamp",
      "displayName": "timestamp",
      "typePropertyKind": "TYPE_EXPRESSION",
      "required": true,
      "description": "Epoch timestamp of when configuration issue was processed by USM Central.",
      "key": "timestamp"
    }
  }
}

vulnerabilitiesSearchRequest

Describes a search request payload.


Properties

TYPE DEFINITION

{
  "name": "vulnerabilitiesSearchRequest",
  "type": "object",
  "description": "Describes a search request payload.",
  "properties": {
    "page": {
      "type": "number",
      "name": "page",
      "displayName": "page",
      "typePropertyKind": "TYPE_EXPRESSION",
      "required": true,
      "key": "page"
    },
    "size": {
      "type": "number",
      "name": "size",
      "displayName": "size",
      "typePropertyKind": "TYPE_EXPRESSION",
      "required": true,
      "key": "size"
    },
    "find": {
      "type": "object",
      "properties": [],
      "name": "find",
      "displayName": "find",
      "typePropertyKind": "TYPE_EXPRESSION",
      "required": false,
      "key": "find"
    },
    "sort": {
      "type": "object",
      "properties": [],
      "name": "sort",
      "displayName": "sort",
      "typePropertyKind": "TYPE_EXPRESSION",
      "required": true,
      "key": "sort"
    },
    "range": {
      "type": "object",
      "properties": [],
      "name": "range",
      "displayName": "range",
      "typePropertyKind": "TYPE_EXPRESSION",
      "required": false,
      "key": "range"
    }
  }
}

vulnerabilitiesSearchResponse

Search response


Properties

TYPE DEFINITION

{
  "name": "vulnerabilitiesSearchResponse",
  "type": "object",
  "description": "Search response",
  "properties": {
    "results": {
      "type": "array",
      "items": {
        "type": "object",
        "properties": [
          {
            "type": "object",
            "properties": [
              {
                "type": "string",
                "name": "id",
                "displayName": "id",
                "typePropertyKind": "TYPE_EXPRESSION",
                "required": true,
                "description": "Unique UUID of the vulnerability.",
                "key": "id"
              },
              {
                "type": "string",
                "name": "name",
                "displayName": "name",
                "typePropertyKind": "TYPE_EXPRESSION",
                "required": true,
                "description": "Name of the asset that generated the vulnerability.",
                "key": "name"
              }
            ],
            "name": "asset",
            "displayName": "asset",
            "typePropertyKind": "TYPE_EXPRESSION",
            "required": true,
            "description": "The asset which originated the vulnerability.",
            "additionalProperties": true,
            "key": "asset"
          },
          {
            "type": "string",
            "name": "tenantId",
            "displayName": "tenantId",
            "typePropertyKind": "TYPE_EXPRESSION",
            "required": true,
            "description": "ID of the USMA instance which forwarded the vulnerability to USMC.",
            "examples": [
              {
                "value": "cn://fjrubio-cn.aveng.us",
                "strict": true,
                "name": null,
                "structuredValue": "cn://fjrubio-cn.aveng.us"
              }
            ],
            "key": "tenantId"
          },
          {
            "type": "integer",
            "name": "timestamp",
            "displayName": "timestamp",
            "typePropertyKind": "TYPE_EXPRESSION",
            "required": true,
            "description": "Epoch timestamp of when the vulnerability was processed by USM Central.",
            "key": "timestamp"
          },
          {
            "type": "object",
            "properties": [
              {
                "type": "string",
                "name": "cvssScore",
                "displayName": "cvssScore",
                "typePropertyKind": "TYPE_EXPRESSION",
                "required": true,
                "description": "CVSS score of the vulnerability.",
                "key": "cvssScore"
              },
              {
                "type": "string",
                "name": "cvssSeverity",
                "displayName": "cvssSeverity",
                "typePropertyKind": "TYPE_EXPRESSION",
                "required": true,
                "description": "Severity of the vulnerability.",
                "key": "cvssSeverity"
              },
              {
                "type": "string",
                "name": "description",
                "displayName": "description",
                "typePropertyKind": "TYPE_EXPRESSION",
                "required": true,
                "description": "Description of the vulnerability.",
                "key": "description"
              },
              {
                "type": "integer",
                "name": "firstSeen",
                "displayName": "firstSeen",
                "typePropertyKind": "TYPE_EXPRESSION",
                "required": true,
                "description": "The first time the vulnerability was seen.",
                "key": "firstSeen"
              },
              {
                "type": "integer",
                "name": "lastTimestamp",
                "displayName": "lastTimestamp",
                "typePropertyKind": "TYPE_EXPRESSION",
                "required": true,
                "description": "The last time the vulnerability was seen.",
                "key": "lastTimestamp"
              },
              {
                "type": "string",
                "name": "name",
                "displayName": "name",
                "typePropertyKind": "TYPE_EXPRESSION",
                "required": true,
                "description": "Name of the vulnerability.",
                "key": "name"
              },
              {
                "type": "string",
                "name": "source",
                "displayName": "source",
                "typePropertyKind": "TYPE_EXPRESSION",
                "required": true,
                "description": "Source of the vulnerability.",
                "key": "source"
              }
            ],
            "name": "vulnerability",
            "displayName": "vulnerability",
            "typePropertyKind": "TYPE_EXPRESSION",
            "required": true,
            "description": "Vulnerability details.",
            "additionalProperties": true,
            "key": "vulnerability"
          }
        ],
        "name": "vulnerabilityResponse",
        "displayName": "vulnerabilityResponse",
        "typePropertyKind": "TYPE_EXPRESSION",
        "description": "This object contains all information pertaining to a vulnerability.",
        "additionalProperties": true,
        "originalType": "vulnerabilityResponse"
      },
      "name": "results",
      "displayName": "results",
      "typePropertyKind": "TYPE_EXPRESSION",
      "required": true,
      "key": "results"
    },
    "total": {
      "type": "number",
      "name": "total",
      "displayName": "total",
      "typePropertyKind": "TYPE_EXPRESSION",
      "required": true,
      "description": "The total number of results found.",
      "key": "total"
    }
  }
}

vulnerabilityResponse

This object contains all information pertaining to a vulnerability.


Properties

TYPE DEFINITION

{
  "name": "vulnerabilityResponse",
  "type": "object",
  "description": "This object contains all information pertaining to a vulnerability.",
  "properties": {
    "asset": {
      "type": "object",
      "properties": [
        {
          "type": "string",
          "name": "id",
          "displayName": "id",
          "typePropertyKind": "TYPE_EXPRESSION",
          "required": true,
          "description": "Unique UUID of the vulnerability.",
          "key": "id"
        },
        {
          "type": "string",
          "name": "name",
          "displayName": "name",
          "typePropertyKind": "TYPE_EXPRESSION",
          "required": true,
          "description": "Name of the asset that generated the vulnerability.",
          "key": "name"
        }
      ],
      "name": "asset",
      "displayName": "asset",
      "typePropertyKind": "TYPE_EXPRESSION",
      "required": true,
      "description": "The asset which originated the vulnerability.",
      "additionalProperties": true,
      "key": "asset"
    },
    "tenantId": {
      "type": "string",
      "name": "tenantId",
      "displayName": "tenantId",
      "typePropertyKind": "TYPE_EXPRESSION",
      "required": true,
      "description": "ID of the USMA instance which forwarded the vulnerability to USMC.",
      "examples": [
        {
          "value": "cn://fjrubio-cn.aveng.us",
          "strict": true,
          "name": null,
          "structuredValue": "cn://fjrubio-cn.aveng.us"
        }
      ],
      "key": "tenantId"
    },
    "timestamp": {
      "type": "integer",
      "name": "timestamp",
      "displayName": "timestamp",
      "typePropertyKind": "TYPE_EXPRESSION",
      "required": true,
      "description": "Epoch timestamp of when the vulnerability was processed by USM Central.",
      "key": "timestamp"
    },
    "vulnerability": {
      "type": "object",
      "properties": [
        {
          "type": "string",
          "name": "cvssScore",
          "displayName": "cvssScore",
          "typePropertyKind": "TYPE_EXPRESSION",
          "required": true,
          "description": "CVSS score of the vulnerability.",
          "key": "cvssScore"
        },
        {
          "type": "string",
          "name": "cvssSeverity",
          "displayName": "cvssSeverity",
          "typePropertyKind": "TYPE_EXPRESSION",
          "required": true,
          "description": "Severity of the vulnerability.",
          "key": "cvssSeverity"
        },
        {
          "type": "string",
          "name": "description",
          "displayName": "description",
          "typePropertyKind": "TYPE_EXPRESSION",
          "required": true,
          "description": "Description of the vulnerability.",
          "key": "description"
        },
        {
          "type": "integer",
          "name": "firstSeen",
          "displayName": "firstSeen",
          "typePropertyKind": "TYPE_EXPRESSION",
          "required": true,
          "description": "The first time the vulnerability was seen.",
          "key": "firstSeen"
        },
        {
          "type": "integer",
          "name": "lastTimestamp",
          "displayName": "lastTimestamp",
          "typePropertyKind": "TYPE_EXPRESSION",
          "required": true,
          "description": "The last time the vulnerability was seen.",
          "key": "lastTimestamp"
        },
        {
          "type": "string",
          "name": "name",
          "displayName": "name",
          "typePropertyKind": "TYPE_EXPRESSION",
          "required": true,
          "description": "Name of the vulnerability.",
          "key": "name"
        },
        {
          "type": "string",
          "name": "source",
          "displayName": "source",
          "typePropertyKind": "TYPE_EXPRESSION",
          "required": true,
          "description": "Source of the vulnerability.",
          "key": "source"
        }
      ],
      "name": "vulnerability",
      "displayName": "vulnerability",
      "typePropertyKind": "TYPE_EXPRESSION",
      "required": true,
      "description": "Vulnerability details.",
      "additionalProperties": true,
      "key": "vulnerability"
    }
  }
}

deployment

This object contains all information pertaining to a deployment.


Properties

TYPE DEFINITION

{
  "name": "deployment",
  "type": "object",
  "description": "This object contains all information pertaining to a deployment.",
  "properties": {
    "id": {
      "type": "string",
      "name": "id",
      "displayName": "id",
      "typePropertyKind": "TYPE_EXPRESSION",
      "required": true,
      "description": "The id of the deployment."
    },
    "name": {
      "type": "string",
      "name": "name",
      "displayName": "name",
      "typePropertyKind": "TYPE_EXPRESSION",
      "required": true,
      "description": "The name of the deployment."
    },
    "displayName": {
      "type": "string",
      "name": "displayName",
      "displayName": "displayName",
      "typePropertyKind": "TYPE_EXPRESSION",
      "required": true,
      "description": "The display name of the deployment, which may have been changed from the name"
    },
    "type": {
      "type": "string",
      "name": "type",
      "displayName": "type",
      "typePropertyKind": "TYPE_EXPRESSION",
      "required": true,
      "description": "The type of deployment (USM Anywhere or USM Appliance)"
    },
    "joinedSince": {
      "type": "integer",
      "name": "joinedSince",
      "displayName": "joinedSince",
      "typePropertyKind": "TYPE_EXPRESSION",
      "required": true,
      "description": "Timestamp of when the deployment joined USM Central."
    },
    "connectionStatus": {
      "type": "string",
      "name": "connectionStatus",
      "displayName": "connectionStatus",
      "typePropertyKind": "TYPE_EXPRESSION",
      "required": true,
      "description": "The connection status of the deployment. Either notConnected, connecting, or connected."
    },
    "authorized": {
      "type": "boolean",
      "name": "authorized",
      "displayName": "authorized",
      "typePropertyKind": "TYPE_EXPRESSION",
      "required": true,
      "description": "Boolean representing if the deployment has been accepted or denied in USM Central."
    }
  }
}

deploymentsResponse

Get deployments response

TYPE DEFINITION

{
  "name": "deploymentsResponse",
  "type": "array",
  "description": "Get deployments response"
}

assetSearchRequest

Describes a search request payload.


Properties

TYPE DEFINITION

{
  "name": "assetSearchRequest",
  "type": "object",
  "description": "Describes a search request payload.",
  "properties": {
    "page": {
      "type": "number",
      "name": "page",
      "displayName": "page",
      "typePropertyKind": "TYPE_EXPRESSION",
      "required": true,
      "key": "page"
    },
    "size": {
      "type": "number",
      "name": "size",
      "displayName": "size",
      "typePropertyKind": "TYPE_EXPRESSION",
      "required": true,
      "key": "size"
    },
    "find": {
      "type": "object",
      "properties": [],
      "name": "find",
      "displayName": "find",
      "typePropertyKind": "TYPE_EXPRESSION",
      "required": false,
      "key": "find"
    },
    "sort": {
      "type": "object",
      "properties": [],
      "name": "sort",
      "displayName": "sort",
      "typePropertyKind": "TYPE_EXPRESSION",
      "required": true,
      "key": "sort"
    },
    "range": {
      "type": "object",
      "properties": [],
      "name": "range",
      "displayName": "range",
      "typePropertyKind": "TYPE_EXPRESSION",
      "required": false,
      "key": "range"
    }
  }
}

assetsSearchResponse

Search response


Properties

TYPE DEFINITION

{
  "name": "assetsSearchResponse",
  "type": "object",
  "description": "Search response",
  "properties": {
    "results": {
      "type": "array",
      "items": {
        "type": "object",
        "properties": [
          {
            "type": "object",
            "properties": [
              {
                "type": "string",
                "name": "id",
                "displayName": "id",
                "typePropertyKind": "TYPE_EXPRESSION",
                "required": true,
                "description": "ID of the asset",
                "key": "id"
              },
              {
                "type": "string",
                "name": "name",
                "displayName": "name",
                "typePropertyKind": "TYPE_EXPRESSION",
                "required": true,
                "description": "Name of the asset",
                "key": "name"
              },
              {
                "type": "string",
                "name": "active",
                "displayName": "active",
                "typePropertyKind": "TYPE_EXPRESSION",
                "required": false,
                "description": "Whether or not the asset is active",
                "key": "active"
              },
              {
                "type": "string",
                "name": "alarmCount",
                "displayName": "alarmCount",
                "typePropertyKind": "TYPE_EXPRESSION",
                "required": true,
                "description": "Number of alarms generated on the asset",
                "key": "alarmCount"
              },
              {
                "type": "string",
                "name": "configurationCount",
                "displayName": "configurationCount",
                "typePropertyKind": "TYPE_EXPRESSION",
                "required": true,
                "description": "Number of configuration issues generated on the asset",
                "key": "configurationCount"
              },
              {
                "type": "string",
                "name": "deviceType",
                "displayName": "deviceType",
                "typePropertyKind": "TYPE_EXPRESSION",
                "required": false,
                "description": "Device type of the asset",
                "key": "deviceType"
              },
              {
                "type": "string",
                "name": "logo",
                "displayName": "logo",
                "typePropertyKind": "TYPE_EXPRESSION",
                "required": false,
                "description": "Logo of the asset",
                "key": "logo"
              },
              {
                "type": "string",
                "name": "eventCount",
                "displayName": "eventCount",
                "typePropertyKind": "TYPE_EXPRESSION",
                "required": true,
                "description": "Number of events generated on the asset",
                "key": "eventCount"
              },
              {
                "type": "string",
                "name": "externalId",
                "displayName": "externalId",
                "typePropertyKind": "TYPE_EXPRESSION",
                "required": true,
                "description": "External ID of the asset",
                "key": "externalId"
              },
              {
                "type": "string",
                "name": "knownAsset",
                "displayName": "knownAsset",
                "typePropertyKind": "TYPE_EXPRESSION",
                "required": true,
                "description": "Whether or not the asset is a known asset",
                "key": "knownAsset"
              },
              {
                "type": "string",
                "name": "nmapExcludeFromScan",
                "displayName": "nmapExcludeFromScan",
                "typePropertyKind": "TYPE_EXPRESSION",
                "required": false,
                "description": "Whether or not the asset nmap is excluded from scan",
                "key": "nmapExcludeFromScan"
              },
              {
                "type": "string",
                "name": "assetOriginName",
                "displayName": "assetOriginName",
                "typePropertyKind": "TYPE_EXPRESSION",
                "required": true,
                "description": "Origin name of the asset",
                "key": "assetOriginName"
              },
              {
                "type": "string",
                "name": "operatingSystem",
                "displayName": "operatingSystem",
                "typePropertyKind": "TYPE_EXPRESSION",
                "required": false,
                "description": "Operating system of the asset",
                "key": "operatingSystem"
              },
              {
                "type": "string",
                "name": "assetOriginType",
                "displayName": "assetOriginType",
                "typePropertyKind": "TYPE_EXPRESSION",
                "required": true,
                "description": "Type of the asset origin",
                "key": "assetOriginType"
              },
              {
                "type": "string",
                "name": "assetOriginUUID",
                "displayName": "assetOriginUUID",
                "typePropertyKind": "TYPE_EXPRESSION",
                "required": true,
                "description": "UUID of the asset origin",
                "key": "assetOriginUUID"
              },
              {
                "type": "string",
                "name": "rootDeviceType",
                "displayName": "rootDeviceType",
                "typePropertyKind": "TYPE_EXPRESSION",
                "required": true,
                "description": "Type of the root device",
                "key": "rootDeviceType"
              },
              {
                "type": "string",
                "name": "vulnerabilityCount",
                "displayName": "vulnerabilityCount",
                "typePropertyKind": "TYPE_EXPRESSION",
                "required": true,
                "description": "Number of vulnerabilities generated from the asset",
                "key": "vulnerabilityCount"
              },
              {
                "type": "string",
                "name": "dateFound",
                "displayName": "dateFound",
                "typePropertyKind": "TYPE_EXPRESSION",
                "required": true,
                "description": "Date the asset was found",
                "key": "dateFound"
              },
              {
                "type": "string",
                "name": "dateCreated",
                "displayName": "dateCreated",
                "typePropertyKind": "TYPE_EXPRESSION",
                "required": true,
                "description": "Date the asset was created",
                "key": "dateCreated"
              },
              {
                "type": "string",
                "name": "dateUpdated",
                "displayName": "dateUpdated",
                "typePropertyKind": "TYPE_EXPRESSION",
                "required": true,
                "description": "Date the asset was last updated",
                "key": "dateUpdated"
              },
              {
                "type": "string",
                "name": "region",
                "displayName": "region",
                "typePropertyKind": "TYPE_EXPRESSION",
                "required": true,
                "description": "Region of the asset",
                "key": "region"
              },
              {
                "type": "string",
                "name": "hostname",
                "displayName": "hostname",
                "typePropertyKind": "TYPE_EXPRESSION",
                "required": true,
                "description": "Hostname of the asset",
                "key": "hostname"
              },
              {
                "type": "string",
                "name": "powerShellVersion",
                "displayName": "powerShellVersion",
                "typePropertyKind": "TYPE_EXPRESSION",
                "required": false,
                "description": "Powershell version of the asset",
                "key": "powerShellVersion"
              },
              {
                "type": "string",
                "name": "operatingSystemSource",
                "displayName": "operatingSystemSource",
                "typePropertyKind": "TYPE_EXPRESSION",
                "required": false,
                "description": "Source of the operating system for the asset",
                "key": "operatingSystemSource"
              },
              {
                "type": "string",
                "name": "pci",
                "displayName": "pci",
                "typePropertyKind": "TYPE_EXPRESSION",
                "required": true,
                "description": "Whether or not the asset is PCI",
                "key": "pci"
              },
              {
                "type": "string",
                "name": "hipaa",
                "displayName": "hipaa",
                "typePropertyKind": "TYPE_EXPRESSION",
                "required": true,
                "description": "Whether or not the asset is HIPAA",
                "key": "hipaa"
              }
            ],
            "name": "asset",
            "displayName": "asset",
            "typePropertyKind": "TYPE_EXPRESSION",
            "required": true,
            "description": "The asset which originated the configuration issue.",
            "additionalProperties": true,
            "key": "asset"
          },
          {
            "type": "string",
            "name": "tenantId",
            "displayName": "tenantId",
            "typePropertyKind": "TYPE_EXPRESSION",
            "required": true,
            "description": "ID of the USMA instance which forwarded the asset issue to USMC.",
            "examples": [
              {
                "value": "cn://example-anywhere.alienvault.cloud",
                "strict": true,
                "name": null,
                "structuredValue": "cn://example-anywhere.alienvault.cloud"
              }
            ],
            "key": "tenantId"
          },
          {
            "type": "integer",
            "name": "timestamp",
            "displayName": "timestamp",
            "typePropertyKind": "TYPE_EXPRESSION",
            "required": true,
            "description": "Epoch timestamp of when asset was processed by USM Central.",
            "key": "timestamp"
          }
        ],
        "name": "assetResponse",
        "displayName": "assetResponse",
        "typePropertyKind": "TYPE_EXPRESSION",
        "description": "This object contains all information pertaining to an asset",
        "additionalProperties": true,
        "originalType": "assetResponse"
      },
      "name": "results",
      "displayName": "results",
      "typePropertyKind": "TYPE_EXPRESSION",
      "required": true,
      "key": "results"
    },
    "total": {
      "type": "number",
      "name": "total",
      "displayName": "total",
      "typePropertyKind": "TYPE_EXPRESSION",
      "required": true,
      "description": "The total number of results found.",
      "key": "total"
    }
  }
}

assetResponse

This object contains all information pertaining to an asset


Properties

TYPE DEFINITION

{
  "name": "assetResponse",
  "type": "object",
  "description": "This object contains all information pertaining to an asset",
  "properties": {
    "asset": {
      "type": "object",
      "properties": {
        "id": {
          "type": "string",
          "name": "id",
          "displayName": "id",
          "typePropertyKind": "TYPE_EXPRESSION",
          "required": true,
          "description": "ID of the asset"
        },
        "name": {
          "type": "string",
          "name": "name",
          "displayName": "name",
          "typePropertyKind": "TYPE_EXPRESSION",
          "required": true,
          "description": "Name of the asset"
        },
        "active": {
          "type": "string",
          "name": "active",
          "displayName": "active",
          "typePropertyKind": "TYPE_EXPRESSION",
          "required": false,
          "description": "Whether or not the asset is active"
        },
        "alarmCount": {
          "type": "string",
          "name": "alarmCount",
          "displayName": "alarmCount",
          "typePropertyKind": "TYPE_EXPRESSION",
          "required": true,
          "description": "Number of alarms generated on the asset"
        },
        "configurationCount": {
          "type": "string",
          "name": "configurationCount",
          "displayName": "configurationCount",
          "typePropertyKind": "TYPE_EXPRESSION",
          "required": true,
          "description": "Number of configuration issues generated on the asset"
        },
        "deviceType": {
          "type": "string",
          "name": "deviceType",
          "displayName": "deviceType",
          "typePropertyKind": "TYPE_EXPRESSION",
          "required": false,
          "description": "Device type of the asset"
        },
        "logo": {
          "type": "string",
          "name": "logo",
          "displayName": "logo",
          "typePropertyKind": "TYPE_EXPRESSION",
          "required": false,
          "description": "Logo of the asset"
        },
        "eventCount": {
          "type": "string",
          "name": "eventCount",
          "displayName": "eventCount",
          "typePropertyKind": "TYPE_EXPRESSION",
          "required": true,
          "description": "Number of events generated on the asset"
        },
        "externalId": {
          "type": "string",
          "name": "externalId",
          "displayName": "externalId",
          "typePropertyKind": "TYPE_EXPRESSION",
          "required": true,
          "description": "External ID of the asset"
        },
        "knownAsset": {
          "type": "string",
          "name": "knownAsset",
          "displayName": "knownAsset",
          "typePropertyKind": "TYPE_EXPRESSION",
          "required": true,
          "description": "Whether or not the asset is a known asset"
        },
        "nmapExcludeFromScan": {
          "type": "string",
          "name": "nmapExcludeFromScan",
          "displayName": "nmapExcludeFromScan",
          "typePropertyKind": "TYPE_EXPRESSION",
          "required": false,
          "description": "Whether or not the asset nmap is excluded from scan"
        },
        "assetOriginName": {
          "type": "string",
          "name": "assetOriginName",
          "displayName": "assetOriginName",
          "typePropertyKind": "TYPE_EXPRESSION",
          "required": true,
          "description": "Origin name of the asset"
        },
        "operatingSystem": {
          "type": "string",
          "name": "operatingSystem",
          "displayName": "operatingSystem",
          "typePropertyKind": "TYPE_EXPRESSION",
          "required": false,
          "description": "Operating system of the asset"
        },
        "assetOriginType": {
          "type": "string",
          "name": "assetOriginType",
          "displayName": "assetOriginType",
          "typePropertyKind": "TYPE_EXPRESSION",
          "required": true,
          "description": "Type of the asset origin"
        },
        "assetOriginUUID": {
          "type": "string",
          "name": "assetOriginUUID",
          "displayName": "assetOriginUUID",
          "typePropertyKind": "TYPE_EXPRESSION",
          "required": true,
          "description": "UUID of the asset origin"
        },
        "rootDeviceType": {
          "type": "string",
          "name": "rootDeviceType",
          "displayName": "rootDeviceType",
          "typePropertyKind": "TYPE_EXPRESSION",
          "required": true,
          "description": "Type of the root device"
        },
        "vulnerabilityCount": {
          "type": "string",
          "name": "vulnerabilityCount",
          "displayName": "vulnerabilityCount",
          "typePropertyKind": "TYPE_EXPRESSION",
          "required": true,
          "description": "Number of vulnerabilities generated from the asset"
        },
        "dateFound": {
          "type": "string",
          "name": "dateFound",
          "displayName": "dateFound",
          "typePropertyKind": "TYPE_EXPRESSION",
          "required": true,
          "description": "Date the asset was found"
        },
        "dateCreated": {
          "type": "string",
          "name": "dateCreated",
          "displayName": "dateCreated",
          "typePropertyKind": "TYPE_EXPRESSION",
          "required": true,
          "description": "Date the asset was created"
        },
        "dateUpdated": {
          "type": "string",
          "name": "dateUpdated",
          "displayName": "dateUpdated",
          "typePropertyKind": "TYPE_EXPRESSION",
          "required": true,
          "description": "Date the asset was last updated"
        },
        "region": {
          "type": "string",
          "name": "region",
          "displayName": "region",
          "typePropertyKind": "TYPE_EXPRESSION",
          "required": true,
          "description": "Region of the asset"
        },
        "hostname": {
          "type": "string",
          "name": "hostname",
          "displayName": "hostname",
          "typePropertyKind": "TYPE_EXPRESSION",
          "required": true,
          "description": "Hostname of the asset"
        },
        "powerShellVersion": {
          "type": "string",
          "name": "powerShellVersion",
          "displayName": "powerShellVersion",
          "typePropertyKind": "TYPE_EXPRESSION",
          "required": false,
          "description": "Powershell version of the asset"
        },
        "operatingSystemSource": {
          "type": "string",
          "name": "operatingSystemSource",
          "displayName": "operatingSystemSource",
          "typePropertyKind": "TYPE_EXPRESSION",
          "required": false,
          "description": "Source of the operating system for the asset"
        },
        "pci": {
          "type": "string",
          "name": "pci",
          "displayName": "pci",
          "typePropertyKind": "TYPE_EXPRESSION",
          "required": true,
          "description": "Whether or not the asset is PCI"
        },
        "hipaa": {
          "type": "string",
          "name": "hipaa",
          "displayName": "hipaa",
          "typePropertyKind": "TYPE_EXPRESSION",
          "required": true,
          "description": "Whether or not the asset is HIPAA"
        }
      },
      "name": "asset",
      "displayName": "asset",
      "typePropertyKind": "TYPE_EXPRESSION",
      "required": true,
      "description": "The asset which originated the configuration issue.",
      "additionalProperties": true
    },
    "tenantId": {
      "type": "string",
      "name": "tenantId",
      "displayName": "tenantId",
      "typePropertyKind": "TYPE_EXPRESSION",
      "required": true,
      "description": "ID of the USMA instance which forwarded the asset issue to USMC.",
      "examples": [
        {
          "value": "cn://example-anywhere.alienvault.cloud",
          "strict": true,
          "name": null,
          "structuredValue": "cn://example-anywhere.alienvault.cloud"
        }
      ]
    },
    "timestamp": {
      "type": "integer",
      "name": "timestamp",
      "displayName": "timestamp",
      "typePropertyKind": "TYPE_EXPRESSION",
      "required": true,
      "description": "Epoch timestamp of when asset was processed by USM Central."
    }
  }
}

/oauth

Endpoints for OAuth 2.0 functionality


/token post

POST: /oauth/token (secured)

Generate a token using your base64 encoded client ID and secret pair.


Header Parameters

Authorization
Base 64 encoded, colon deliminated pair of client_id and secret.

PropertyValue
requiredtrue
typestring

Query Parameters

grant_type
Grant type desired

PropertyValue
requiredtrue
typestring
oneOfclient_credentials
examplesclient_credentials

Possible Responses

200

401


/token post

CURL EXAMPLE

curl -X POST "https://your-subdomain.alienvault.cloud/api/1.1/oauth/token?grant_type=client_credentials" \
	-d @request_body \
	--user username:password

RESPONSE BODY

200

{
  "access_token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ.SflKxwRJSMeKKF2QT4fwpMeJf36POk6yJV_adQssw5c",
  "token_type": "bearer",
  "expires_in": 5042
}
Type
object

/alarms

Endpoints for managing and searching alarm messages


/search post

POST: /alarms/search (secured)

Search for alarms


Header Parameters

Authorization
JSON Web Token containing user authorization information for USMC endpoints.

PropertyValue
requiredtrue
typestring

Possible Responses

200


/search post

CURL EXAMPLE

curl -X POST "https://your-subdomain.alienvault.cloud/api/1.1/alarms/search" \
	-H "Authorization: Bearer string" \
	-d @request_body

REQUEST BODY

{
  "page": 1,
  "size": 20,
  "find": {
    "alarm.suppressed": [
      "false"
    ]
  },
  "sort": {
    "alarm.timestamp_occured": "desc"
  },
  "range": {
    "alarm.timestamp_occured": {
      "gte": "now-7d",
      "lte": "now",
      "timeZone": "-0500"
    }
  }
}
Type
object

RESPONSE BODY

200

{
  "results": [
    {
      "alarm": {
        "rule_intent": "Environmental Awareness",
        "app_type": "amazon-aws",
        "alarm_sensor_sources": [
          "2968789b-aed4-443a-8626-16d8b4f62025"
        ],
        "source_username": "example-role",
        "destination_name": "iam.amazonaws.com",
        "rule_dictionary": "AWSRules-Dict",
        "timestamp_occured": "1519322522000",
        "uuid": "a7c06079-b329-6b63-ee85-1c1b024079a4",
        "authentication_type": "AssumedRole",
        "needs_enrichment": true,
        "event_type": "AwsApiCall",
        "rule_method": "AWS IAM Role Access Failure",
        "priority_label": "low",
        "suppressed": "false",
        "app_id": "amazon-aws",
        "has_alarm": "false",
        "number_of_events": 1.0,
        "source_name": "ip-10-251-50-12.ec2.internal",
        "timestamp_received": "1519323330758",
        "error_message": "User: arn:aws:sts::398778306028:assumed-role/example-role/i-03a923355e5aa1da3 is not authorized to perform: iam:ListAccountAliases on resource: *",
        "source_asset_id": "87eb0b90-338b-4ff4-b56a-18b9693dc5da",
        "alarm_destination_zones": [
          "us-east-1"
        ],
        "rule_strategy": "Anomalous Access Failure",
        "packet_data": [
          "f5e69126-dc89-6691-e2e7-6db03905830d"
        ],
        "alarm_sources": [
          "87eb0b90-338b-4ff4-b56a-18b9693dc5da"
        ],
        "alarm_labels": [
          "87eb0b90-338b-4ff4-b56a-18b9693dc5da"
        ],
        "alarm_destinations": [
          "iam.amazonaws.com"
        ],
        "highlight_fields": [
          "event_name",
          "source_username",
          "authentication_type",
          "event_action",
          "error_message",
          "event_type"
        ],
        "alarm_source_names": [
          "ip-10-251-50-12.ec2.internal"
        ],
        "priority": "20",
        "rule_id": "AWSPermissionFailureAssumedRole",
        "event_action": "Read",
        "sensor_uuid": "2574110e-1f5b-4ac5-85be-e86fd1789fe8",
        "alarm_destination_names": [
          "iam.amazonaws.com"
        ],
        "transient": false,
        "alarm_source_asset_ids": [
          "87eb0b90-338b-4ff4-b56a-18b9693dc5da"
        ],
        "event_name": "View account aliases",
        "packet_type": "alarm",
        "status": "Open"
      },
      "events": [
        {
          "was_fuzzied": false,
          "access_control_outcome": "Deny",
          "app_type": "amazon-aws",
          "timestamp_occured": "1519322522000",
          "authentication_type": "AssumedRole",
          "customfield_0": "i-03a923355e5aa1da3",
          "uuid": "f5e69126-dc89-6691-e2e7-6db03905830d",
          "event_type": "AwsApiCall",
          "used_hint": false,
          "app_id": "amazon-aws",
          "was_guessed": false,
          "timestamp_received": "1519323318542",
          "destination_infrastructure_type": "Cloud Service",
          "error_message": "User: arn:aws:sts::398778306028:assumed-role/example-role/i-03a923355e5aa1da3 is not authorized to perform: iam:ListAccountAliases on resource: *",
          "source_asset_id": "87eb0b90-338b-4ff4-b56a-18b9693dc5da",
          "timestamp_received_iso8601": "2018-02-22T18:15:18.542Z",
          "destination_userid": "398778306028",
          "sensor_uuid": "2968789b-aed4-443a-8626-16d8b4f62025",
          "transient": false,
          "rep_device_rule_id": "930e74dc-25cc-4fcc-82c6-428f15b40a93",
          "event_name": "View account aliases",
          "error_code": "AccessDenied",
          "event_description_url": "http://docs.aws.amazon.com/IAM/latest/APIReference/API_ListAccountAliases.html",
          "source_canonical": "87eb0b90-338b-4ff4-b56a-18b9693dc5da",
          "packet_type": "log",
          "plugin_version": "0.18",
          "log": "{\"eventVersion\":\"1.02\",\"userIdentity\":{\"type\":\"AssumedRole\"}}",
          "source_username": "example-role",
          "event_description": "Lists the account aliases associated with the account. For information about using an AWS account alias seeUsing an Alias for Your AWS Account IDin theUsing IAMguide.",
          "destination_name": "iam.amazonaws.com",
          "source_userid": "398778306028",
          "needs_enrichment": true,
          "received_from": "iam.amazonaws.com",
          "destination_hostname": "iam.amazonaws.com",
          "source_address": "192.0.2.0",
          "source_fqdn": "ip-10-251-50-12.ec2.internal",
          "account_name": "aws-example-account",
          "suppressed": "false",
          "has_alarm": "false",
          "plugin_device_type": "Cloud Infrastructure",
          "source_name": "ip-10-251-50-12.ec2.internal",
          "destination_canonical": "iam.amazonaws.com",
          "destination_address": "192.0.2.0",
          "plugin_device": "CloudTrail",
          "destination_zone": "us-east-1",
          "customheader_0": "Assumed Role Username or ID",
          "highlight_fields": [
            "event_description",
            "event_description_url",
            "access_control_outcome",
            "error_code",
            "error_message",
            "event_action",
            "source_username",
            "source_instance_id",
            "file_name",
            "user_resource",
            "dns_rrname",
            "destination_username",
            "destination_user_group",
            "user_role"
          ],
          "request_user_agent": "Boto3/1.5.34 Python/2.7.13 Linux/4.4.0-1035-aws Botocore/1.8.48",
          "app_name": "amazon-aws",
          "event_action": "Read",
          "account_id": "398778306028",
          "timestamp_occured_iso8601": "2018-02-22T18:02:02.000Z",
          "destination_infrastructure_name": "Amazon Internal Infrastructure - us-east-1",
          "plugin": "Amazon AWS CloudTrail",
          "rep_device_version": "1.02",
          "source_hostname": "ip-10-251-50-12.ec2.internal",
          "sensor_name": "2968789b-aed4-443a-8626-16d8b4f62025"
        }
      ],
      "assets": [
        {
          "id": "87eb0b90-338b-4ff4-b56a-18b9693dc5da",
          "name": "dev-usm-saas-admin-ecs-cluster-instance",
          "url": null,
          "ip_addresses": [
          ],
          "fqdn": null,
          "operating_system": null,
          "country": null,
          "latitude": null,
          "longitude": null
        }
      ],
      "tenantId": "cn://foobar-usma-xxx.aveng.us",
      "timestamp": 1519323330789
    },
    {
      "alarm": {
        "rule_intent": "Environmental Awareness",
        "app_type": "amazon-aws",
        "alarm_sensor_sources": [
          "2968789b-aed4-443a-8626-16d8b4f62025"
        ],
        "source_username": "example-role",
        "destination_name": "iam.amazonaws.com",
        "rule_dictionary": "AWSRules-Dict",
        "account_id": "398778306028",
        "timestamp_occured": "1519322522000",
        "uuid": "a7c06079-b329-6b63-ee85-1c1b024079a45",
        "authentication_type": "AssumedRole",
        "needs_enrichment": true,
        "event_type": "AwsApiCall",
        "rule_method": "AWS IAM Role Access Failure",
        "priority_label": "low",
        "suppressed": "false",
        "app_id": "amazon-aws",
        "has_alarm": "false",
        "number_of_events": 1.0,
        "source_name": "ip-10-251-50-12.ec2.internal",
        "timestamp_received": "1519323330758",
        "error_message": "User: arn:aws:sts::398778306028:assumed-role/example-role/i-03a923355e5aa1da3 is not authorized to perform: iam:ListAccountAliases on resource: *",
        "source_asset_id": "87eb0b90-338b-4ff4-b56a-18b9693dc5da",
        "alarm_destination_zones": [
          "us-east-1"
        ],
        "rule_strategy": "Anomalous Access Failure",
        "packet_data": [
          "f5e69126-dc89-6691-e2e7-6db03905830d"
        ],
        "alarm_sources": [
          "87eb0b90-338b-4ff4-b56a-18b9693dc5da"
        ],
        "alarm_labels": [
          "87eb0b90-338b-4ff4-b56a-18b9693dc5da"
        ],
        "alarm_destinations": [
          "iam.amazonaws.com"
        ],
        "highlight_fields": [
          "event_name",
          "source_username",
          "authentication_type",
          "event_action",
          "error_message",
          "event_type"
        ],
        "alarm_source_names": [
          "ip-10-251-50-12.ec2.internal"
        ],
        "priority": "20",
        "rule_id": "AWSPermissionFailureAssumedRole",
        "event_action": "Read",
        "sensor_uuid": "2574110e-1f5b-4ac5-85be-e86fd1789fe8",
        "alarm_destination_names": [
          "iam.amazonaws.com"
        ],
        "transient": false,
        "alarm_source_asset_ids": [
          "87eb0b90-338b-4ff4-b56a-18b9693dc5da"
        ],
        "event_name": "View account aliases",
        "packet_type": "alarm",
        "status": "Open"
      },
      "events": [
        {
          "was_fuzzied": false,
          "access_control_outcome": "Deny",
          "app_type": "amazon-aws",
          "timestamp_occured": "1519322522000",
          "authentication_type": "AssumedRole",
          "customfield_0": "i-03a923355e5aa1da3",
          "uuid": "f5e69126-dc89-6691-e2e7-6db03905830d",
          "event_type": "AwsApiCall",
          "used_hint": false,
          "app_id": "amazon-aws",
          "was_guessed": false,
          "timestamp_received": "1519323318542",
          "destination_infrastructure_type": "Cloud Service",
          "error_message": "User: arn:aws:sts::398778306028:assumed-role/example-role/i-03a923355e5aa1da3 is not authorized to perform: iam:ListAccountAliases on resource: *",
          "source_asset_id": "87eb0b90-338b-4ff4-b56a-18b9693dc5da",
          "timestamp_received_iso8601": "2018-02-22T18:15:18.542Z",
          "destination_userid": "398778306028",
          "sensor_uuid": "2968789b-aed4-443a-8626-16d8b4f62025",
          "transient": false,
          "rep_device_rule_id": "930e74dc-25cc-4fcc-82c6-428f15b40a93",
          "event_name": "View account aliases",
          "error_code": "AccessDenied",
          "event_description_url": "http://docs.aws.amazon.com/IAM/latest/APIReference/API_ListAccountAliases.html",
          "source_canonical": "87eb0b90-338b-4ff4-b56a-18b9693dc5da",
          "packet_type": "log",
          "plugin_version": "0.18",
          "log": "{\"eventVersion\":\"1.02\",\"userIdentity\":{\"type\":\"AssumedRole\"}}",
          "source_username": "example-role",
          "event_description": "Lists the account aliases associated with the account. For information about using an AWS account alias seeUsing an Alias for Your AWS Account IDin theUsing IAMguide.",
          "destination_name": "iam.amazonaws.com",
          "source_userid": "398778306028",
          "needs_enrichment": true,
          "received_from": "iam.amazonaws.com",
          "destination_hostname": "iam.amazonaws.com",
          "source_address": "192.0.2.0",
          "source_fqdn": "ip-10-251-50-12.ec2.internal",
          "account_name": "aws-example-account",
          "suppressed": "false",
          "has_alarm": "false",
          "plugin_device_type": "Cloud Infrastructure",
          "source_name": "ip-10-251-50-12.ec2.internal",
          "destination_canonical": "iam.amazonaws.com",
          "destination_address": "192.0.2.0",
          "plugin_device": "CloudTrail",
          "destination_zone": "us-east-1",
          "customheader_0": "Assumed Role Username or ID",
          "highlight_fields": [
            "event_description",
            "event_description_url",
            "access_control_outcome",
            "error_code",
            "error_message",
            "event_action",
            "source_username",
            "source_instance_id",
            "file_name",
            "user_resource",
            "dns_rrname",
            "destination_username",
            "destination_user_group",
            "user_role"
          ],
          "request_user_agent": "Boto3/1.5.34 Python/2.7.13 Linux/4.4.0-1035-aws Botocore/1.8.48",
          "app_name": "amazon-aws",
          "event_action": "Read",
          "account_id": "398778306028",
          "timestamp_occured_iso8601": "2018-02-22T18:02:02.000Z",
          "destination_infrastructure_name": "Amazon Internal Infrastructure - us-east-1",
          "plugin": "Amazon AWS CloudTrail",
          "rep_device_version": "1.02",
          "source_hostname": "ip-10-251-50-12.ec2.internal",
          "sensor_name": "2968789b-aed4-443a-8626-16d8b4f62025"
        }
      ],
      "assets": [
        {
          "id": "87eb0b90-338b-4ff4-b56a-18b9693dc5da",
          "name": "dev-usm-saas-admin-ecs-cluster-instance",
          "url": null,
          "ip_addresses": [
          ],
          "fqdn": null,
          "operating_system": null,
          "country": null,
          "latitude": null,
          "longitude": null
        }
      ],
      "tenantId": "cn://foobar-usma-xxx.aveng.us",
      "timestamp": 1519323330789
    }
  ],
  "total": 2
}
Type
object


/{alarmId} get

GET: /alarms/{alarmId} (secured)

Get an alarm by ID (UUID)


URI Parameters

alarmId
An alarm's ID (UUID)

PropertyValue
requiredtrue
typestring
examplesa7c06079-b329-6b63-ee85-1c1b024079a4

Header Parameters

Authorization
JSON Web Token containing user authorization information for USMC endpoints.

PropertyValue
requiredtrue
typestring

Possible Responses

200

404


/{alarmId} get

CURL EXAMPLE

curl -X GET "https://your-subdomain.alienvault.cloud/api/1.1/alarms/{alarmId}" \
	-H "Authorization: Bearer string"

RESPONSE BODY

200

{
  "alarm": {
    "rule_intent": "Environmental Awareness",
    "app_type": "amazon-aws",
    "alarm_sensor_sources": [
      "2968789b-aed4-443a-8626-16d8b4f62025"
    ],
    "source_username": "example-role",
    "destination_name": "iam.amazonaws.com",
    "rule_dictionary": "AWSRules-Dict",
    "timestamp_occured": "1519322522000",
    "uuid": "a7c06079-b329-6b63-ee85-1c1b024079a4",
    "authentication_type": "AssumedRole",
    "needs_enrichment": true,
    "event_type": "AwsApiCall",
    "rule_method": "AWS IAM Role Access Failure",
    "priority_label": "low",
    "suppressed": "false",
    "app_id": "amazon-aws",
    "has_alarm": "false",
    "number_of_events": 1.0,
    "source_name": "ip-10-251-50-12.ec2.internal",
    "timestamp_received": "1519323330758",
    "error_message": "User: arn:aws:sts::398778306028:assumed-role/example-role/i-03a923355e5aa1da3 is not authorized to perform: iam:ListAccountAliases on resource: *",
    "source_asset_id": "87eb0b90-338b-4ff4-b56a-18b9693dc5da",
    "alarm_destination_zones": [
      "us-east-1"
    ],
    "rule_strategy": "Anomalous Access Failure",
    "packet_data": [
      "f5e69126-dc89-6691-e2e7-6db03905830d"
    ],
    "alarm_sources": [
      "87eb0b90-338b-4ff4-b56a-18b9693dc5da"
    ],
    "alarm_labels": [
      "87eb0b90-338b-4ff4-b56a-18b9693dc5da"
    ],
    "alarm_destinations": [
      "iam.amazonaws.com"
    ],
    "highlight_fields": [
      "event_name",
      "source_username",
      "authentication_type",
      "event_action",
      "error_message",
      "event_type"
    ],
    "alarm_source_names": [
      "ip-10-251-50-12.ec2.internal"
    ],
    "priority": "20",
    "rule_id": "AWSPermissionFailureAssumedRole",
    "event_action": "Read",
    "sensor_uuid": "2574110e-1f5b-4ac5-85be-e86fd1789fe8",
    "alarm_destination_names": [
      "iam.amazonaws.com"
    ],
    "transient": false,
    "alarm_source_asset_ids": [
      "87eb0b90-338b-4ff4-b56a-18b9693dc5da"
    ],
    "event_name": "View account aliases",
    "packet_type": "alarm",
    "status": "Open"
  },
  "events": [
    {
      "was_fuzzied": false,
      "access_control_outcome": "Deny",
      "app_type": "amazon-aws",
      "timestamp_occured": "1519322522000",
      "authentication_type": "AssumedRole",
      "customfield_0": "i-03a923355e5aa1da3",
      "uuid": "f5e69126-dc89-6691-e2e7-6db03905830d",
      "event_type": "AwsApiCall",
      "used_hint": false,
      "app_id": "amazon-aws",
      "was_guessed": false,
      "timestamp_received": "1519323318542",
      "destination_infrastructure_type": "Cloud Service",
      "error_message": "User: arn:aws:sts::398778306028:assumed-role/example-role/i-03a923355e5aa1da3 is not authorized to perform: iam:ListAccountAliases on resource: *",
      "source_asset_id": "87eb0b90-338b-4ff4-b56a-18b9693dc5da",
      "timestamp_received_iso8601": "2018-02-22T18:15:18.542Z",
      "destination_userid": "398778306028",
      "sensor_uuid": "2968789b-aed4-443a-8626-16d8b4f62025",
      "transient": false,
      "rep_device_rule_id": "930e74dc-25cc-4fcc-82c6-428f15b40a93",
      "event_name": "View account aliases",
      "error_code": "AccessDenied",
      "event_description_url": "http://docs.aws.amazon.com/IAM/latest/APIReference/API_ListAccountAliases.html",
      "source_canonical": "87eb0b90-338b-4ff4-b56a-18b9693dc5da",
      "packet_type": "log",
      "plugin_version": "0.18",
      "log": "{\"eventVersion\":\"1.02\",\"userIdentity\":{\"type\":\"AssumedRole\"}}",
      "source_username": "example-role",
      "event_description": "Lists the account aliases associated with the account. For information about using an AWS account alias seeUsing an Alias for Your AWS Account IDin theUsing IAMguide.",
      "destination_name": "iam.amazonaws.com",
      "source_userid": "398778306028",
      "needs_enrichment": true,
      "received_from": "iam.amazonaws.com",
      "destination_hostname": "iam.amazonaws.com",
      "source_address": "192.0.2.0",
      "source_fqdn": "ip-10-251-50-12.ec2.internal",
      "account_name": "aws-example-account",
      "suppressed": "false",
      "has_alarm": "false",
      "plugin_device_type": "Cloud Infrastructure",
      "source_name": "ip-10-251-50-12.ec2.internal",
      "destination_canonical": "iam.amazonaws.com",
      "destination_address": "192.0.2.0",
      "plugin_device": "CloudTrail",
      "destination_zone": "us-east-1",
      "customheader_0": "Assumed Role Username or ID",
      "highlight_fields": [
        "event_description",
        "event_description_url",
        "access_control_outcome",
        "error_code",
        "error_message",
        "event_action",
        "source_username",
        "source_instance_id",
        "file_name",
        "user_resource",
        "dns_rrname",
        "destination_username",
        "destination_user_group",
        "user_role"
      ],
      "request_user_agent": "Boto3/1.5.34 Python/2.7.13 Linux/4.4.0-1035-aws Botocore/1.8.48",
      "app_name": "amazon-aws",
      "event_action": "Read",
      "account_id": "398778306028",
      "timestamp_occured_iso8601": "2018-02-22T18:02:02.000Z",
      "destination_infrastructure_name": "Amazon Internal Infrastructure - us-east-1",
      "plugin": "Amazon AWS CloudTrail",
      "rep_device_version": "1.02",
      "source_hostname": "ip-10-251-50-12.ec2.internal",
      "sensor_name": "2968789b-aed4-443a-8626-16d8b4f62025"
    }
  ],
  "assets": [
    {
      "id": "87eb0b90-338b-4ff4-b56a-18b9693dc5da",
      "name": "ecs-instance",
      "url": null,
      "ip_addresses": [
      ],
      "fqdn": null,
      "operating_system": null,
      "country": null,
      "latitude": null,
      "longitude": null
    }
  ],
  "tenantId": "cn://foobar-usma-xxx.aveng.us",
  "timestamp": 1519323330789
}
Type
object

/configurationIssues

Endpoints for managing and searching configuration issues


/search post

POST: /configurationIssues/search (secured)

Search for configuration issues


Header Parameters

Authorization
JSON Web Token containing user authorization information for USMC endpoints.

PropertyValue
requiredtrue
typestring

Possible Responses

200


/search post

CURL EXAMPLE

curl -X POST "https://your-subdomain.alienvault.cloud/api/1.1/configurationIssues/search" \
	-H "Authorization: Bearer string" \
	-d @request_body

REQUEST BODY

{
  "page": 1,
  "size": 20,
  "find": {
    "configurationIssue.isValid": [
      "true"
    ]
  },
  "sort": {
    "configurationIssue.lastTimestamp": "desc"
  },
  "range": {
    "configurationIssue.lastTimestamp": {
      "gte": "now-7d",
      "lte": "now",
      "timeZone": "-0500"
    }
  }
}
Type
object

RESPONSE BODY

200

{
  "results": [
    {
      "asset": {
        "id": "846a0756-783e-4db2-9dff-bce2bf17c8b9",
        "name": "example-asset"
      },
      "configurationIssue": {
        "category": "Global access to administration port",
        "description": "Global access to the SSH port has been defined within this security group. This should be restricted to the IP Range of the company.",
        "firstSeen": 1534866015889,
        "lastTimestamp": 1537818025626,
        "severity": "Low",
        "source": "amazon-aws",
        "subcategory": "SSH"
      },
      "tenantId": "cn://foobar-usma-xxx.aveng.us",
      "timestamp": 1537818026237
    }
  ],
  "total": 130
}
Type
object


/{configurationIssueId} get

GET: /configurationIssues/{configurationIssueId} (secured)

Get a configuration issue by ID (UUID)


URI Parameters

configurationIssueId
A configuration issue's ID (UUID)

PropertyValue
requiredtrue
typestring
examplesa7c06079-b329-6b63-ee85-1c1b024079a4

Header Parameters

Authorization
JSON Web Token containing user authorization information for USMC endpoints.

PropertyValue
requiredtrue
typestring

Possible Responses

200

404


/{configurationIssueId} get

CURL EXAMPLE

curl -X GET "https://your-subdomain.alienvault.cloud/api/1.1/configurationIssues/{configurationIssueId}" \
	-H "Authorization: Bearer string"

RESPONSE BODY

200

{
  "asset": {
    "id": "846a0756-783e-4db2-9dff-bce2bf17c8b9",
    "name": "example-asset"
  },
  "configurationIssue": {
    "category": "Global access to administration port",
    "description": "Global access to the SSH port has been defined within this security group. This should be restricted to the IP Range of the company.",
    "firstSeen": 1534866015889,
    "lastTimestamp": 1537818025626,
    "severity": "Low",
    "source": "amazon-aws",
    "subcategory": "SSH"
  },
  "tenantId": "cn://foobar-usma-xxx.aveng.us",
  "timestamp": 1537818026237
}
Type
object

/vulnerabilities

Endpoints for managing and searching vulnerabilities


/search post

POST: /vulnerabilities/search (secured)

Search for vulnerabilities


Header Parameters

Authorization
JSON Web Token containing user authorization information for USMC endpoints.

PropertyValue
requiredtrue
typestring

Possible Responses

200


/search post

CURL EXAMPLE

curl -X POST "https://your-subdomain.alienvault.cloud/api/1.1/vulnerabilities/search" \
	-H "Authorization: Bearer string" \
	-d @request_body

REQUEST BODY

{
  "page": 1,
  "size": 20,
  "find": {
    "vulnerability.isValid": [
      "false"
    ]
  },
  "sort": {
    "vulnerability.lastTimestamp": "desc"
  },
  "range": {
    "vulnerability.lastTimestamp": {
      "gte": "now-7d",
      "lte": "now",
      "timeZone": "-0500"
    }
  }
}
Type
object

RESPONSE BODY

200

{
  "results": [
    {
      "asset": {
        "id": "a3e72bef-278c-4579-bd62-56958ab0fb13",
        "name": "example-asset"
      },
      "vulnerability": {
        "name": "RHSA-2018:0008-01 -- Redhat kernel, perf",
        "firstSeen": 1537805109678,
        "lastTimestamp": 1537805109678,
        "source": "joval",
        "description": "The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of instructions . There are three primary variants of the issue which differ in the way the speculative execution can be exploited. Note: This issue is present in hardware and cannot be fully fixed via software update. The updated kernel packages provide software mitigation for this hardware issue at a cost of potential performance penalty. Please refer to References section for further information about this issue and the performance impact. In this update mitigations for x86-64 architecture are provided. Variant CVE-2017-5753 triggers the speculative execution by performing a bounds-check bypass. It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory accesses may cause allocation into the microprocessor\"s data cache even for speculatively executed instructions that never actually commit . As a result, an unprivileged attacker could use this flaw to cross the syscall boundary and read privileged memory by conducting targeted cache side-channel attacks.  Variant CVE-2017-5715 triggers the speculative execution by utilizing branch target injection. It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory accesses may cause allocation into the microprocessor\"s data cache even for speculatively executed instructions that never actually commit . As a result, an unprivileged attacker could use this flaw to cross the syscall and guest/host boundaries and read privileged memory by conducting targeted cache side-channel attacks.  Variant CVE-2017-5754 relies on the fact that, on impacted microprocessors, during speculative execution of instruction permission faults, exception generation triggered by a faulting access is suppressed until the retirement of the whole instruction block. In a combination with the fact that memory accesses may populate the cache even when the block is being dropped and never committed , an unprivileged local attacker could use this flaw to read privileged  memory by conducting targeted cache side-channel attacks.  Note: CVE-2017-5754 affects Intel x86-64 microprocessors. AMD x86-64 microprocessors are not affected by this issue. Red Hat would like to thank Google Project Zero for reporting these issues",
        "cvssScore": "0",
        "cvssSeverity": "Low"
      },
      "tenantId": "cn://foobar-usma-xxx.aveng.us",
      "timestamp": 1537805110453
    }
  ],
  "total": 5
}
Type
object


/{vulnerabilityId} get

GET: /vulnerabilities/{vulnerabilityId} (secured)

Get a vulnerability by ID (UUID)


URI Parameters

vulnerabilityId
A vulnerabilities ID (UUID)

PropertyValue
requiredtrue
typestring
examplesa7c06079-b329-6b63-ee85-1c1b024079a4

Header Parameters

Authorization
JSON Web Token containing user authorization information for USMC endpoints.

PropertyValue
requiredtrue
typestring

Possible Responses

200

404


/{vulnerabilityId} get

CURL EXAMPLE

curl -X GET "https://your-subdomain.alienvault.cloud/api/1.1/vulnerabilities/{vulnerabilityId}" \
	-H "Authorization: Bearer string"

RESPONSE BODY

200

{
  "asset": {
    "id": "a3e72bef-278c-4579-bd62-56958ab0fb13",
    "name": "example-asset"
  },
  "vulnerability": {
    "name": "RHSA-2018:0008-01 -- Redhat kernel, perf",
    "firstSeen": 1537805109678,
    "lastTimestamp": 1537805109678,
    "source": "joval",
    "description": "The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of instructions . There are three primary variants of the issue which differ in the way the speculative execution can be exploited. Note: This issue is present in hardware and cannot be fully fixed via software update. The updated kernel packages provide software mitigation for this hardware issue at a cost of potential performance penalty. Please refer to References section for further information about this issue and the performance impact. In this update mitigations for x86-64 architecture are provided. Variant CVE-2017-5753 triggers the speculative execution by performing a bounds-check bypass. It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory accesses may cause allocation into the microprocessor\"s data cache even for speculatively executed instructions that never actually commit . As a result, an unprivileged attacker could use this flaw to cross the syscall boundary and read privileged memory by conducting targeted cache side-channel attacks.  Variant CVE-2017-5715 triggers the speculative execution by utilizing branch target injection. It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory accesses may cause allocation into the microprocessor\"s data cache even for speculatively executed instructions that never actually commit . As a result, an unprivileged attacker could use this flaw to cross the syscall and guest/host boundaries and read privileged memory by conducting targeted cache side-channel attacks.  Variant CVE-2017-5754 relies on the fact that, on impacted microprocessors, during speculative execution of instruction permission faults, exception generation triggered by a faulting access is suppressed until the retirement of the whole instruction block. In a combination with the fact that memory accesses may populate the cache even when the block is being dropped and never committed , an unprivileged local attacker could use this flaw to read privileged  memory by conducting targeted cache side-channel attacks.  Note: CVE-2017-5754 affects Intel x86-64 microprocessors. AMD x86-64 microprocessors are not affected by this issue. Red Hat would like to thank Google Project Zero for reporting these issues",
    "cvssScore": "0",
    "cvssSeverity": "Low"
  },
  "tenantId": "cn://foobar-usma-xxx.aveng.us",
  "timestamp": 1537805110453
}
Type
object

/deployments

Endpoints for managing deployments


/deployments get

GET: /deployments (secured)

Get all deployments


Header Parameters

Authorization
JSON Web Token containing user authorization information for USMC endpoints.

PropertyValue
requiredtrue
typestring

Possible Responses

200

404


/deployments get

CURL EXAMPLE

curl -X GET "https://your-subdomain.alienvault.cloud/api/1.1/deployments" \
	-H "Authorization: Bearer string"

RESPONSE BODY

200

[
  {
    "id": "cn://foobar-usma-xxx.aveng.us",
    "name": "example-anywhere",
    "displayName": "example-anywhere",
    "type": "USM Anywhere",
    "joinedSince": 1537453858988,
    "connectionStatus": "connected",
    "authorized": true
  },
  {
    "id": "test2",
    "name": "test2",
    "displayName": "test2",
    "type": "USM Appliance",
    "joinedSince": 1537560733295,
    "connectionStatus": "notConnected",
    "authorized": false
  }
]
Type
array

/assets

Endpoints for managing assets


/search post

POST: /assets/search (secured)

Search for assets


Header Parameters

Authorization
JSON Web Token containing user authorization information for USMC endpoints.

PropertyValue
requiredtrue
typestring

Possible Responses

200


/search post

CURL EXAMPLE

curl -X POST "https://your-subdomain.alienvault.cloud/api/1.1/assets/search" \
	-H "Authorization: Bearer string" \
	-d @request_body

REQUEST BODY

{
  "page": 1,
  "size": 20,
  "find": {
    "asset.hipaa": [
      "false"
    ]
  },
  "sort": {
    "asset.dateFound": "desc"
  },
  "range": {
    "asset.dateFound": {
      "gte": "now-7d",
      "lte": "now",
      "timeZone": "-0500"
    }
  }
}
Type
object

RESPONSE BODY

200

{
  "results": [
    {
      "asset": {
        "hipaa": "false",
        "operatingSystem": null,
        "hostname": "asset-example-ES-1-instance",
        "id": "11e34794-7c91-4aff-9b4f-552ee49c002d",
        "deviceType": null,
        "assetOriginUUID": "2b0162e6-0ceb-4ea5-b57e-ef2372a27c05",
        "nmapExcludeFromScan": null,
        "knownAsset": "true",
        "configurationCount": "0",
        "assetOriginName": "amazon-aws",
        "operatingSystemSource": null,
        "assetOriginType": "aws",
        "alarmCount": "0",
        "dateUpdated": "1539100815125",
        "vulnerabilityCount": "0",
        "eventCount": "0",
        "logo": null,
        "rootDeviceType": "ebs",
        "name": "asset-example-ES-1-instance",
        "dateFound": "1539100815124",
        "region": "us-east-1",
        "powerShellVersion": null,
        "dateCreated": "1539100268000",
        "pci": "false",
        "externalId": "i-1234"
      },
      "tenantId": "cn://example-anywhere.alienvault.cloud",
      "timestamp": 1539624650946
    }
  ],
  "total": 37
}
Type
object

/dictionaries

Endpoints for dictionaries


/dictionaries get

GET: /dictionaries (secured)

Get dictionaries


Header Parameters

Authorization
JSON Web Token containing user authorization information for USMC endpoints.

PropertyValue
requiredtrue
typestring

Possible Responses

200

404


/dictionaries get

CURL EXAMPLE

curl -X GET "https://your-subdomain.alienvault.cloud/api/1.1/dictionaries" \
	-H "Authorization: Bearer string"

RESPONSE BODY

200

{
  "BarracudaRules-Dict":{
    "Strategy":{
      "Configuration Change":[
        "A change in the configuration of this device was detected. Weak technical policies and insecure configurations can open the door to malicious actors, lead to bad computing hygiene from users or put your organization in violation of compliance standards.",
        "1. Ensure you are using strong configuration settings that adhere to strong corporate policies."
      ],
      "Suspicious Security Critical Event":[
        "An event which has substantial security implications and is unlikely to be a part of normal operational procedure has occurred.",
        "1. Validate the event is an expected part of normal operational procedure.\\n  2. Confirm the side-effects of the event are expected and non-disruptive."
      ]
    },
    "Intent":{
      "Reconnaissance & Probing":[
        "Reconnaissance & Probing alarms identify behavior that indicates an attacker attempting to identify the services and software operating in your environment.",
        ""
      ],
      "Environmental Awareness":[
        "Environmental awareness alarms are provided to raise awareness about environmental conditions which may increase your risk such as vulnerable software or dangerous user behavior. These alarms also highlight critical events that are normal part of routine operation but are important to track from a security standpoint such as new user account creation.",
        ""
      ]
    },
    "Method":{
      "Multiple Cross-Site Request Forgery attempts":[
        "Multiple attacks that manipulates user interactions with a web server in which they are legitimately authenticated were detected.",
        "1. Review log files of web server to validate detected patterns are related to malicious activity.\\n 2. Ensure database (or other storage mechanism) does have any persisted attack payloads 3. Improve data validation logic in application to prevent exploit."
      ]
    }
  },
  "SuricataMalwareRules-Dict":{
    "Strategy":{
      "Phishing":[
        "An attempt of phishing has been detected. This means that credentials might be stolen if they are entered as input for a malicious form.",
        "1. Verify all forms asking for credentials are legitimate before submitting.\\n2. Ensure the secure awareness policy about phishing is up to date with all the system users."
      ]
    },
    "Intent":{
      "Reconnaissance & Probing":[
        "Reconnaissance & Probing alarms identify behavior that indicates an attacker attempting to identify the services and software operating in your environment.",
        ""
      ]
    },
    "Method":{
      "Cylance - Multiple AV Detections":[
        "Cylance has detected several threats in a short period of time affecting the same system.",
        ""
      ]
    }
  }
}
Type
object