NAV navbar
logo

USM Central™ API Documentation

version 1.1
baseUri https://your-subdomain.alienvault.cloud/api/1.1
protocols HTTPS
mediaType application/json

Getting started

AlienVault® publishes REST APIs for USM Central which provide a programmatic interface that will allow you to access your USM Central data directly from your own applications and extensions. These APIs are organized around basic REST principles, with easy-to-understand, resource-oriented URLs, and use HTTP response codes to indicate API errors. All API responses return JSON, including those with errors.

Using the USM Central API

To access the API, you will need to create a client ID and secret code in the USM Central interface, and use that information to create a token. AlienVault uses OAuth 2.0 to authenticate against the REST APIs.
Instructions on getting a OAuth secret
This follows a basic authentication per rfc7617

What are Types

In the "Types" section you will find a list example JSON used in the request and response bodies. In right page column you will see an exaustive explaination of all the available properties for each example.
It will show important information like required properties when applicable.

Types

alarmsSearchRequest

Describes a search request payload.


Properties

TYPE DEFINITION

{
  "name": "alarmsSearchRequest",
  "type": "object",
  "description": "Describes a search request payload.",
  "properties": {
    "page": {
      "type": "number",
      "name": "page",
      "displayName": "page",
      "typePropertyKind": "TYPE_EXPRESSION",
      "required": true,
      "key": "page"
    },
    "size": {
      "type": "number",
      "name": "size",
      "displayName": "size",
      "typePropertyKind": "TYPE_EXPRESSION",
      "required": true,
      "key": "size"
    },
    "find": {
      "type": "object",
      "properties": [],
      "name": "find",
      "displayName": "find",
      "typePropertyKind": "TYPE_EXPRESSION",
      "required": false,
      "key": "find"
    },
    "sort": {
      "type": "object",
      "properties": [],
      "name": "sort",
      "displayName": "sort",
      "typePropertyKind": "TYPE_EXPRESSION",
      "required": true,
      "key": "sort"
    },
    "range": {
      "type": "object",
      "properties": [],
      "name": "range",
      "displayName": "range",
      "typePropertyKind": "TYPE_EXPRESSION",
      "required": false,
      "key": "range"
    }
  }
}

alarmsSearchResponse

Search response


Properties

TYPE DEFINITION

{
  "name": "alarmsSearchResponse",
  "type": "object",
  "description": "Search response",
  "properties": {
    "results": {
      "type": "array",
      "items": {
        "type": "object",
        "properties": [
          {
            "type": "object",
            "properties": [
              {
                "type": "string",
                "name": "account_name",
                "displayName": "account_name",
                "typePropertyKind": "TYPE_EXPRESSION",
                "required": false,
                "description": "The account name used from the Event(s) which originated the Alarm.",
                "key": "account_name"
              },
              {
                "type": "string",
                "name": "account_id",
                "displayName": "account_id",
                "typePropertyKind": "TYPE_EXPRESSION",
                "required": false,
                "description": "The account ID used from the Event(s) which originated the Alarm.",
                "key": "account_id"
              },
              {
                "type": "array",
                "items": {
                  "type": "any"
                },
                "name": "alarm_destination_asset_ids",
                "displayName": "alarm_destination_asset_ids",
                "typePropertyKind": "TYPE_EXPRESSION",
                "required": false,
                "description": "An array of the destination Asset IDs from the Event(s) which orignated the Alarm.",
                "key": "alarm_destination_asset_ids"
              },
              {
                "type": "array",
                "items": {
                  "type": "any"
                },
                "name": "alarm_destination_countries",
                "displayName": "alarm_destination_countries",
                "typePropertyKind": "TYPE_EXPRESSION",
                "required": false,
                "description": "An array of the destination countries from the Event(s) which orignated the Alarm.",
                "key": "alarm_destination_countries"
              },
              {
                "type": "array",
                "items": {
                  "type": "any"
                },
                "name": "alarm_destination_latitudes",
                "displayName": "alarm_destination_latitudes",
                "typePropertyKind": "TYPE_EXPRESSION",
                "required": false,
                "description": "The destination latitudes from the Event(s) which originated the alarm",
                "key": "alarm_destination_latitudes"
              },
              {
                "type": "array",
                "items": {
                  "type": "any"
                },
                "name": "alarm_destination_longitudes",
                "displayName": "alarm_destination_longitudes",
                "typePropertyKind": "TYPE_EXPRESSION",
                "required": false,
                "description": "The destination longitudes from the Event(s) which originated the alarm",
                "key": "alarm_destination_longitudes"
              },
              {
                "type": "array",
                "items": {
                  "type": "any"
                },
                "name": "alarm_destination_names",
                "displayName": "alarm_destination_names",
                "typePropertyKind": "TYPE_EXPRESSION",
                "required": true,
                "description": "The names of the destinations from the Event(s) which originated the Alarm.",
                "key": "alarm_destination_names"
              },
              {
                "type": "array",
                "items": {
                  "type": "any"
                },
                "name": "alarm_destination_zones",
                "displayName": "alarm_destination_zones",
                "typePropertyKind": "TYPE_EXPRESSION",
                "required": true,
                "description": "An array with the destination zones from the Event(s) which originated the Alarm.",
                "key": "alarm_destination_zones"
              },
              {
                "type": "array",
                "items": {
                  "type": "any"
                },
                "name": "alarm_destinations",
                "displayName": "alarm_destinations",
                "typePropertyKind": "TYPE_EXPRESSION",
                "required": true,
                "description": "The hostnames of the destinations from the Event(s) which originated the Alarm.",
                "key": "alarm_destinations"
              },
              {
                "type": "array",
                "items": {
                  "type": "any"
                },
                "name": "alarm_labels",
                "displayName": "alarm_labels",
                "typePropertyKind": "TYPE_EXPRESSION",
                "required": false,
                "description": "The Alarm labels IDs that have been applied to the Alarm.",
                "key": "alarm_labels"
              },
              {
                "type": "array",
                "items": {
                  "type": "any"
                },
                "name": "alarm_sensor_sources",
                "displayName": "alarm_sensor_sources",
                "typePropertyKind": "TYPE_EXPRESSION",
                "required": true,
                "description": "The source Sensors from the Event(s) which originated the Alarm.",
                "key": "alarm_sensor_sources"
              },
              {
                "type": "array",
                "items": {
                  "type": "any"
                },
                "name": "alarm_source_asset_ids",
                "displayName": "alarm_source_asset_ids",
                "typePropertyKind": "TYPE_EXPRESSION",
                "required": false,
                "description": "The source Asset IDs from the Event(s) which originated the Alarm.",
                "key": "alarm_source_asset_ids"
              },
              {
                "type": "array",
                "items": {
                  "type": "any"
                },
                "name": "alarm_source_names",
                "displayName": "alarm_source_names",
                "typePropertyKind": "TYPE_EXPRESSION",
                "required": true,
                "description": "The source Asset names from the Event(s) which originated the Alarm.",
                "key": "alarm_source_names"
              },
              {
                "type": "array",
                "items": {
                  "type": "any"
                },
                "name": "alarm_source_cities",
                "displayName": "alarm_source_cities",
                "typePropertyKind": "TYPE_EXPRESSION",
                "required": false,
                "description": "The source cities from the Event(s) which originated the alarm",
                "key": "alarm_source_cities"
              },
              {
                "type": "array",
                "items": {
                  "type": "any"
                },
                "name": "alarm_source_countries",
                "displayName": "alarm_source_countries",
                "typePropertyKind": "TYPE_EXPRESSION",
                "required": false,
                "description": "The source countries from the Event(s) which originated the alarm",
                "key": "alarm_source_countries"
              },
              {
                "type": "array",
                "items": {
                  "type": "any"
                },
                "name": "alarm_source_latitudes",
                "displayName": "alarm_source_latitudes",
                "typePropertyKind": "TYPE_EXPRESSION",
                "required": false,
                "description": "The source latitudes from the Event(s) which originated the alarm",
                "key": "alarm_source_latitudes"
              },
              {
                "type": "array",
                "items": {
                  "type": "any"
                },
                "name": "alarm_source_longitudes",
                "displayName": "alarm_source_longitudes",
                "typePropertyKind": "TYPE_EXPRESSION",
                "required": false,
                "description": "The source longitudes from the Event(s) which originated the alarm",
                "key": "alarm_source_longitudes"
              },
              {
                "type": "array",
                "items": {
                  "type": "any"
                },
                "name": "alarm_sources",
                "displayName": "alarm_sources",
                "typePropertyKind": "TYPE_EXPRESSION",
                "required": true,
                "description": "The source hostnames from the Event(s) which originated the Alarm.",
                "key": "alarm_sources"
              },
              {
                "type": "string",
                "name": "app_id",
                "displayName": "app_id",
                "typePropertyKind": "TYPE_EXPRESSION",
                "required": false,
                "description": "The ID of the sensor app from the Event(s) which originated the Alarm.",
                "key": "app_id"
              },
              {
                "type": "string",
                "name": "app_type",
                "displayName": "app_type",
                "typePropertyKind": "TYPE_EXPRESSION",
                "required": false,
                "description": "The sensor app type from the Event(s) which originated the Alarm.",
                "key": "app_type"
              },
              {
                "type": "string",
                "name": "authentication_mode",
                "displayName": "authentication_mode",
                "typePropertyKind": "TYPE_EXPRESSION",
                "required": false,
                "description": "The mode of authentication used, if relevant, from the Event(s) which orignated the Alarm.",
                "key": "authentication_mode"
              },
              {
                "type": "string",
                "name": "authentication_type",
                "displayName": "authentication_type",
                "typePropertyKind": "TYPE_EXPRESSION",
                "required": true,
                "description": "The type of authentication used, if relevant, from the Event(s) which orignated the Alarm.",
                "key": "authentication_type"
              },
              {
                "type": "string",
                "name": "destination_name",
                "displayName": "destination_name",
                "typePropertyKind": "TYPE_EXPRESSION",
                "required": true,
                "description": "The name of the asset which originated the Alarm.",
                "key": "destination_name"
              },
              {
                "type": "string",
                "name": "error_message",
                "displayName": "error_message",
                "typePropertyKind": "TYPE_EXPRESSION",
                "required": false,
                "description": "The error message of the response, if relevant, which originated the Alarm.",
                "key": "error_message"
              },
              {
                "type": "string",
                "name": "event_action",
                "displayName": "event_action",
                "typePropertyKind": "TYPE_EXPRESSION",
                "required": true,
                "description": "The implied action of the Event(s) - Create, Read, Update, Delete..etc which originated the Alarm.",
                "key": "event_action"
              },
              {
                "type": "string",
                "name": "event_name",
                "displayName": "event_name",
                "typePropertyKind": "TYPE_EXPRESSION",
                "required": true,
                "description": "The short, user-readable description of the Event(s) which originated the Alarm.",
                "key": "event_name"
              },
              {
                "type": "boolean",
                "name": "needs_enrichment",
                "displayName": "needs_enrichment",
                "typePropertyKind": "TYPE_EXPRESSION",
                "required": false,
                "description": "If the Event(s) that originated the alarm need to be processed by Enrichment Apps.",
                "key": "needs_enrichment"
              },
              {
                "type": "string",
                "name": "event_type",
                "displayName": "event_type",
                "typePropertyKind": "TYPE_EXPRESSION",
                "required": false,
                "description": "The type of Event. In this case it will always be Alarm.",
                "key": "event_type"
              },
              {
                "type": "string",
                "name": "has_alarm",
                "displayName": "has_alarm",
                "typePropertyKind": "TYPE_EXPRESSION",
                "required": false,
                "description": "Boolean defining if the Event has an alarm associated with it.",
                "key": "has_alarm"
              },
              {
                "type": "array",
                "items": {
                  "type": "any"
                },
                "name": "highlight_fields",
                "displayName": "highlight_fields",
                "typePropertyKind": "TYPE_EXPRESSION",
                "required": true,
                "description": "Array of the most important fields for an alarm.",
                "key": "highlight_fields"
              },
              {
                "type": "integer",
                "name": "number_of_events",
                "displayName": "number_of_events",
                "typePropertyKind": "TYPE_EXPRESSION",
                "required": true,
                "description": "Numbers of Events that originated the Alarm.",
                "key": "number_of_events"
              },
              {
                "type": "array",
                "items": {
                  "type": "any"
                },
                "name": "packet_data",
                "displayName": "packet_data",
                "typePropertyKind": "TYPE_EXPRESSION",
                "required": true,
                "description": "Array of Event IDS that originated the Alarm.",
                "key": "packet_data"
              },
              {
                "type": "string",
                "name": "packet_type",
                "displayName": "packet_type",
                "typePropertyKind": "TYPE_EXPRESSION",
                "required": false,
                "description": "The internal classification of the packet type. In this case, it will always be \"alarm\".",
                "key": "packet_type"
              },
              {
                "type": "string",
                "name": "priority",
                "displayName": "priority",
                "typePropertyKind": "TYPE_EXPRESSION",
                "required": true,
                "description": "The priority of the Alarm. Ranges from 1-100",
                "key": "priority"
              },
              {
                "type": "string",
                "name": "priority_label",
                "displayName": "priority_label",
                "typePropertyKind": "TYPE_EXPRESSION",
                "required": true,
                "description": "The priority label of the Alarm. Can be low if priority <= 33, medium if 33<priority<=66, or high priority > 66.",
                "key": "priority_label"
              },
              {
                "type": "string",
                "name": "request_user_agent",
                "displayName": "request_user_agent",
                "typePropertyKind": "TYPE_EXPRESSION",
                "required": false,
                "description": "The user agent in the request from the Event(s) which originated the Alarm.",
                "key": "request_user_agent"
              },
              {
                "type": "string",
                "name": "rule_dictionary",
                "displayName": "rule_dictionary",
                "typePropertyKind": "TYPE_EXPRESSION",
                "required": true,
                "description": "The correlation rule that processed the Event(s) which originated the Alarm.",
                "key": "rule_dictionary"
              },
              {
                "type": "string",
                "name": "rule_id",
                "displayName": "rule_id",
                "typePropertyKind": "TYPE_EXPRESSION",
                "required": true,
                "description": "The ID of the correlation rule that processed the Event(s) which originated the Alarm.",
                "key": "rule_id"
              },
              {
                "type": "string",
                "name": "rule_intent",
                "displayName": "rule_intent",
                "typePropertyKind": "TYPE_EXPRESSION",
                "required": true,
                "description": "The intent of the correlation rule that processed the Event(s) which originated the Alarm. Either malicious or informational.",
                "enum": [
                  "Reconnaissance & Probing",
                  "Delivery & Attack",
                  "Exploitation & Installation",
                  "System Compromise",
                  "Environmental Awareness"
                ],
                "key": "rule_intent"
              },
              {
                "type": "string",
                "name": "rule_method",
                "displayName": "rule_method",
                "typePropertyKind": "TYPE_EXPRESSION",
                "required": true,
                "description": "The method describes the particular method employed by the actor of the correlation rule that processed the Event(s) which originated the Alarm.",
                "key": "rule_method"
              },
              {
                "type": "string",
                "name": "rule_strategy",
                "displayName": "rule_strategy",
                "typePropertyKind": "TYPE_EXPRESSION",
                "required": true,
                "description": "The strategy of the correlation rule that processed the Event(s) which originated the Alarm.",
                "key": "rule_strategy"
              },
              {
                "type": "string",
                "name": "security_group_id",
                "displayName": "security_group_id",
                "typePropertyKind": "TYPE_EXPRESSION",
                "required": false,
                "description": "The security group id used from the Event(s) which originated the Alarm.",
                "key": "security_group_id"
              },
              {
                "type": "string",
                "name": "sensor_name",
                "displayName": "sensor_name",
                "typePropertyKind": "TYPE_EXPRESSION",
                "required": false,
                "description": "The name of the sensor that received this Event.",
                "key": "sensor_name"
              },
              {
                "type": "string",
                "name": "sensor_uuid",
                "displayName": "sensor_uuid",
                "typePropertyKind": "TYPE_EXPRESSION",
                "required": true,
                "description": "The UUID of the sensor that received this Event.",
                "key": "sensor_uuid"
              },
              {
                "type": "string",
                "name": "source_asset_id",
                "displayName": "source_asset_id",
                "typePropertyKind": "TYPE_EXPRESSION",
                "required": false,
                "description": "The ID of the source asset from the Event(s) which originated the Alarm.",
                "key": "source_asset_id"
              },
              {
                "type": "string",
                "name": "source_name",
                "displayName": "source_name",
                "typePropertyKind": "TYPE_EXPRESSION",
                "required": false,
                "description": "The name of the source asset from the Event(s) which originated the Alarm.",
                "key": "source_name"
              },
              {
                "type": "string",
                "name": "source_hostname",
                "displayName": "source_hostname",
                "typePropertyKind": "TYPE_EXPRESSION",
                "required": false,
                "description": "The hostname of the source asset from the Event(s) which originated the Alarm.",
                "key": "source_hostname"
              },
              {
                "type": "string",
                "name": "source_username",
                "displayName": "source_username",
                "typePropertyKind": "TYPE_EXPRESSION",
                "required": true,
                "description": "The source username from the Event(s) which originated the Alarm.",
                "key": "source_username"
              },
              {
                "type": "string",
                "name": "status",
                "displayName": "status",
                "typePropertyKind": "TYPE_EXPRESSION",
                "required": true,
                "description": "The status of the Alarm.",
                "enum": [
                  "Open",
                  "In Review",
                  "Closed"
                ],
                "key": "status"
              },
              {
                "type": "string",
                "name": "suppressed",
                "displayName": "suppressed",
                "typePropertyKind": "TYPE_EXPRESSION",
                "required": true,
                "description": "Boolean string value to determine if the alarm is suppressed.",
                "key": "suppressed"
              },
              {
                "type": "string",
                "name": "timestamp_occured",
                "displayName": "timestamp_occured",
                "typePropertyKind": "TYPE_EXPRESSION",
                "required": true,
                "description": "Epoch string of the first Event occurrence.",
                "key": "timestamp_occured"
              },
              {
                "type": "string",
                "name": "timestamp_received",
                "displayName": "timestamp_received",
                "typePropertyKind": "TYPE_EXPRESSION",
                "required": true,
                "description": "Epoch of when the first event was received.",
                "key": "timestamp_received"
              },
              {
                "type": "string",
                "name": "timestamp_received_iso8601",
                "displayName": "timestamp_received_iso8601",
                "typePropertyKind": "TYPE_EXPRESSION",
                "required": false,
                "description": "Epoch string of when the Event was received in ISO 8601 format.",
                "key": "timestamp_received_iso8601"
              },
              {
                "type": "string",
                "name": "timestamp_occured_iso8601",
                "displayName": "timestamp_occured_iso8601",
                "typePropertyKind": "TYPE_EXPRESSION",
                "required": false,
                "description": "Epoch string of the first Event occurrence in ISO 8601 format.",
                "key": "timestamp_occured_iso8601"
              },
              {
                "type": "boolean",
                "name": "transient",
                "displayName": "transient",
                "typePropertyKind": "TYPE_EXPRESSION",
                "required": false,
                "description": "Boolean string value to determine if the Alarm is transient.",
                "key": "transient"
              },
              {
                "type": "string",
                "name": "uuid",
                "displayName": "uuid",
                "typePropertyKind": "TYPE_EXPRESSION",
                "required": true,
                "description": "Unique UUID of this Alarm.",
                "key": "uuid"
              }
            ],
            "name": "alarm",
            "displayName": "alarm",
            "typePropertyKind": "TYPE_EXPRESSION",
            "required": true,
            "description": "Alarm details",
            "additionalProperties": true,
            "key": "alarm"
          },
          {
            "type": "array",
            "items": {
              "type": "any"
            },
            "name": "assets",
            "displayName": "assets",
            "typePropertyKind": "TYPE_EXPRESSION",
            "required": true,
            "description": "An array of the assets tied to the Event(s) which originated the Alarm.",
            "key": "assets"
          },
          {
            "type": "array",
            "items": {
              "type": "object",
              "properties": [
                {
                  "type": "string",
                  "name": "access_control_outcome",
                  "displayName": "access_control_outcome",
                  "typePropertyKind": "TYPE_EXPRESSION",
                  "required": false,
                  "description": "The outcome for Access Control which generated the Event.",
                  "key": "access_control_outcome"
                },
                {
                  "type": "string",
                  "name": "access_key_id",
                  "displayName": "access_key_id",
                  "typePropertyKind": "TYPE_EXPRESSION",
                  "required": false,
                  "description": "The ID of the access key used which generated the Event.",
                  "key": "access_key_id"
                },
                {
                  "type": "string",
                  "name": "account_name",
                  "displayName": "account_name",
                  "typePropertyKind": "TYPE_EXPRESSION",
                  "required": false,
                  "description": "The account name which generated this Event.",
                  "key": "account_name"
                },
                {
                  "type": "string",
                  "name": "account_id",
                  "displayName": "account_id",
                  "typePropertyKind": "TYPE_EXPRESSION",
                  "required": false,
                  "description": "The account ID which generated this Event.",
                  "key": "account_id"
                },
                {
                  "type": "string",
                  "name": "app_id",
                  "displayName": "app_id",
                  "typePropertyKind": "TYPE_EXPRESSION",
                  "required": false,
                  "description": "The ID of the sensor app which generated the Event.",
                  "key": "app_id"
                },
                {
                  "type": "string",
                  "name": "app_name",
                  "displayName": "app_name",
                  "typePropertyKind": "TYPE_EXPRESSION",
                  "required": false,
                  "description": "The name of the sensor app which generated the Event.",
                  "key": "app_name"
                },
                {
                  "type": "string",
                  "name": "app_type",
                  "displayName": "app_type",
                  "typePropertyKind": "TYPE_EXPRESSION",
                  "required": false,
                  "description": "The type of sensor app which generated the Event.",
                  "key": "app_type"
                },
                {
                  "type": "string",
                  "name": "authentication_mode",
                  "displayName": "authentication_mode",
                  "typePropertyKind": "TYPE_EXPRESSION",
                  "required": false,
                  "description": "The mode of authentication used, if relevant, which originated the Event.",
                  "key": "authentication_mode"
                },
                {
                  "type": "string",
                  "name": "authentication_type",
                  "displayName": "authentication_type",
                  "typePropertyKind": "TYPE_EXPRESSION",
                  "required": false,
                  "description": "The method used to authenticate which generated the Event.",
                  "key": "authentication_type"
                },
                {
                  "type": "string",
                  "name": "customheader_0",
                  "displayName": "customheader_0",
                  "typePropertyKind": "TYPE_EXPRESSION",
                  "required": false,
                  "description": "Custom header. There are 20 supported.",
                  "key": "customheader_0"
                },
                {
                  "type": "string",
                  "name": "customfield_0",
                  "displayName": "customfield_0",
                  "typePropertyKind": "TYPE_EXPRESSION",
                  "required": false,
                  "description": "Custom field. There are 20 supported.",
                  "key": "customfield_0"
                },
                {
                  "type": "string",
                  "name": "destination_address",
                  "displayName": "destination_address",
                  "typePropertyKind": "TYPE_EXPRESSION",
                  "required": false,
                  "description": "The ip address of the destination which generated the Event.",
                  "key": "destination_address"
                },
                {
                  "type": "string",
                  "name": "destination_canonical",
                  "displayName": "destination_canonical",
                  "typePropertyKind": "TYPE_EXPRESSION",
                  "required": false,
                  "description": "The canonical representation of the destination which generated the Event.",
                  "key": "destination_canonical"
                },
                {
                  "type": "string",
                  "name": "destination_hostname",
                  "displayName": "destination_hostname",
                  "typePropertyKind": "TYPE_EXPRESSION",
                  "required": false,
                  "description": "The hostname of the destination which generated the Event.",
                  "key": "destination_hostname"
                },
                {
                  "type": "string",
                  "name": "destination_infrastructure_name",
                  "displayName": "destination_infrastructure_name",
                  "typePropertyKind": "TYPE_EXPRESSION",
                  "required": false,
                  "description": "The infranstructure name of the destination which generated the Event.",
                  "key": "destination_infrastructure_name"
                },
                {
                  "type": "string",
                  "name": "destination_infrastructure_type",
                  "displayName": "destination_infrastructure_type",
                  "typePropertyKind": "TYPE_EXPRESSION",
                  "required": false,
                  "description": "The infranstructure type of the destination which generated the Event.",
                  "key": "destination_infrastructure_type"
                },
                {
                  "type": "string",
                  "name": "destination_name",
                  "displayName": "destination_name",
                  "typePropertyKind": "TYPE_EXPRESSION",
                  "required": true,
                  "description": "The name of the Asset on the Event originated.",
                  "key": "destination_name"
                },
                {
                  "type": "string",
                  "name": "destination_userid",
                  "displayName": "destination_userid",
                  "typePropertyKind": "TYPE_EXPRESSION",
                  "required": false,
                  "description": "The user id which generated the Event.",
                  "key": "destination_userid"
                },
                {
                  "type": "string",
                  "name": "destination_zone",
                  "displayName": "destination_zone",
                  "typePropertyKind": "TYPE_EXPRESSION",
                  "required": false,
                  "description": "The destination zone which generated the Event.",
                  "key": "destination_zone"
                },
                {
                  "type": "string",
                  "name": "error_code",
                  "displayName": "error_code",
                  "typePropertyKind": "TYPE_EXPRESSION",
                  "required": false,
                  "description": "The error code of the response, if relevant, which originated the Alarm.",
                  "key": "error_code"
                },
                {
                  "type": "string",
                  "name": "error_message",
                  "displayName": "error_message",
                  "typePropertyKind": "TYPE_EXPRESSION",
                  "required": false,
                  "description": "The error message of the response, if relevant, which originated the Alarm.",
                  "key": "error_message"
                },
                {
                  "type": "string",
                  "name": "event_action",
                  "displayName": "event_action",
                  "typePropertyKind": "TYPE_EXPRESSION",
                  "required": true,
                  "description": "The implied action- Create, Read, Update, Delete..etc- which generated the Event.",
                  "key": "event_action"
                },
                {
                  "type": "string",
                  "name": "event_description",
                  "displayName": "event_description",
                  "typePropertyKind": "TYPE_EXPRESSION",
                  "required": true,
                  "description": "The decription of the Event.",
                  "key": "event_description"
                },
                {
                  "type": "string",
                  "name": "event_description_url",
                  "displayName": "event_description_url",
                  "typePropertyKind": "TYPE_EXPRESSION",
                  "required": false,
                  "description": "The URL for the full description of the Event.",
                  "key": "event_description_url"
                },
                {
                  "type": "string",
                  "name": "event_name",
                  "displayName": "event_name",
                  "typePropertyKind": "TYPE_EXPRESSION",
                  "required": true,
                  "description": "The short, user-readable description of the Event.",
                  "key": "event_name"
                },
                {
                  "type": "string",
                  "name": "event_type",
                  "displayName": "event_type",
                  "typePropertyKind": "TYPE_EXPRESSION",
                  "required": true,
                  "description": "The type of Event.",
                  "key": "event_type"
                },
                {
                  "type": "string",
                  "name": "has_alarm",
                  "displayName": "has_alarm",
                  "typePropertyKind": "TYPE_EXPRESSION",
                  "required": false,
                  "description": "Boolean defining if the Event has an alarm associated with it.",
                  "key": "has_alarm"
                },
                {
                  "type": "array",
                  "items": {
                    "type": "any"
                  },
                  "name": "highlight_fields",
                  "displayName": "highlight_fields",
                  "typePropertyKind": "TYPE_EXPRESSION",
                  "required": true,
                  "description": "Array of the most important fields for the Event type created.",
                  "key": "highlight_fields"
                },
                {
                  "type": "string",
                  "name": "log",
                  "displayName": "log",
                  "typePropertyKind": "TYPE_EXPRESSION",
                  "required": true,
                  "description": "The raw log which generated the Event.",
                  "key": "log"
                },
                {
                  "type": "boolean",
                  "name": "needs_enrichment",
                  "displayName": "needs_enrichment",
                  "typePropertyKind": "TYPE_EXPRESSION",
                  "required": false,
                  "description": "Boolean defining if the Event needs to be processed by the Enrichment Apps.",
                  "key": "needs_enrichment"
                },
                {
                  "type": "string",
                  "name": "packet_type",
                  "displayName": "packet_type",
                  "typePropertyKind": "TYPE_EXPRESSION",
                  "required": true,
                  "description": "The internal classification of the packet type.",
                  "key": "packet_type"
                },
                {
                  "type": "string",
                  "name": "plugin",
                  "displayName": "plugin",
                  "typePropertyKind": "TYPE_EXPRESSION",
                  "required": false,
                  "description": "The plugin used to normalize the Event.",
                  "key": "plugin"
                },
                {
                  "type": "string",
                  "name": "plugin_device",
                  "displayName": "plugin_device",
                  "typePropertyKind": "TYPE_EXPRESSION",
                  "required": false,
                  "description": "The device the plugin was made for.",
                  "key": "plugin_device"
                },
                {
                  "type": "string",
                  "name": "plugin_device_type",
                  "displayName": "plugin_device_type",
                  "typePropertyKind": "TYPE_EXPRESSION",
                  "required": false,
                  "description": "The type of the device the plugin was made for.",
                  "key": "plugin_device_type"
                },
                {
                  "type": "string",
                  "name": "plugin_family",
                  "displayName": "plugin_family",
                  "typePropertyKind": "TYPE_EXPRESSION",
                  "required": false,
                  "description": "Family the plugin belongs to.",
                  "key": "plugin_family"
                },
                {
                  "type": "string",
                  "name": "plugin_version",
                  "displayName": "plugin_version",
                  "typePropertyKind": "TYPE_EXPRESSION",
                  "required": false,
                  "description": "The version of the plugin.",
                  "key": "plugin_version"
                },
                {
                  "type": "string",
                  "name": "received_from",
                  "displayName": "received_from",
                  "typePropertyKind": "TYPE_EXPRESSION",
                  "required": true,
                  "description": "Source this Event was received from.",
                  "key": "received_from"
                },
                {
                  "type": "string",
                  "name": "rep_device_rule_id",
                  "displayName": "rep_device_rule_id",
                  "typePropertyKind": "TYPE_EXPRESSION",
                  "required": false,
                  "description": "The ID of the rule used by the reporting device to generate this Event (i.e. firewall rule, CVE, IDS Rule).",
                  "key": "rep_device_rule_id"
                },
                {
                  "type": "string",
                  "name": "rep_device_version",
                  "displayName": "rep_device_version",
                  "typePropertyKind": "TYPE_EXPRESSION",
                  "required": false,
                  "description": "The version of the reporting device.",
                  "key": "rep_device_version"
                },
                {
                  "type": "string",
                  "name": "request_user_agent",
                  "displayName": "request_user_agent",
                  "typePropertyKind": "TYPE_EXPRESSION",
                  "required": false,
                  "description": "The User Agent of the request which generated the Event.",
                  "key": "request_user_agent"
                },
                {
                  "type": "string",
                  "name": "security_group_id",
                  "displayName": "security_group_id",
                  "typePropertyKind": "TYPE_EXPRESSION",
                  "required": false,
                  "description": "The ID of the security group which generated the Event.",
                  "key": "security_group_id"
                },
                {
                  "type": "string",
                  "name": "sensor_name",
                  "displayName": "sensor_name",
                  "typePropertyKind": "TYPE_EXPRESSION",
                  "required": false,
                  "description": "The name of the sensor that received this Event.",
                  "key": "sensor_name"
                },
                {
                  "type": "string",
                  "name": "sensor_uuid",
                  "displayName": "sensor_uuid",
                  "typePropertyKind": "TYPE_EXPRESSION",
                  "required": true,
                  "description": "The UUID of the sensor that received this Event.",
                  "key": "sensor_uuid"
                },
                {
                  "type": "string",
                  "name": "source_address",
                  "displayName": "source_address",
                  "typePropertyKind": "TYPE_EXPRESSION",
                  "required": true,
                  "description": "The IP address which originated the Event.",
                  "key": "source_address"
                },
                {
                  "type": "string",
                  "name": "source_asset_id",
                  "displayName": "source_asset_id",
                  "typePropertyKind": "TYPE_EXPRESSION",
                  "required": true,
                  "description": "The ID of the Asset which originated the Event.",
                  "key": "source_asset_id"
                },
                {
                  "type": "string",
                  "name": "source_canonical",
                  "displayName": "source_canonical",
                  "typePropertyKind": "TYPE_EXPRESSION",
                  "required": true,
                  "description": "The Canonical representation of the source which originated the Event.",
                  "key": "source_canonical"
                },
                {
                  "type": "string",
                  "name": "source_city",
                  "displayName": "source_city",
                  "typePropertyKind": "TYPE_EXPRESSION",
                  "required": false,
                  "description": "The city of the source which originated the Event.",
                  "key": "source_city"
                },
                {
                  "type": "string",
                  "name": "source_country",
                  "displayName": "source_country",
                  "typePropertyKind": "TYPE_EXPRESSION",
                  "required": false,
                  "description": "The country of the source which originated the Event.",
                  "key": "source_country"
                },
                {
                  "type": "string",
                  "name": "source_fqdn",
                  "displayName": "source_fqdn",
                  "typePropertyKind": "TYPE_EXPRESSION",
                  "required": false,
                  "description": "The FQDN of the source of Asset which originated the Event.",
                  "key": "source_fqdn"
                },
                {
                  "type": "string",
                  "name": "source_hostname",
                  "displayName": "source_hostname",
                  "typePropertyKind": "TYPE_EXPRESSION",
                  "required": false,
                  "description": "The hostname of the source Asset which originated the Event.",
                  "key": "source_hostname"
                },
                {
                  "type": "string",
                  "name": "source_latitude",
                  "displayName": "source_latitude",
                  "typePropertyKind": "TYPE_EXPRESSION",
                  "required": false,
                  "description": "The latitude of the source which originated the Event.",
                  "key": "source_latitude"
                },
                {
                  "type": "string",
                  "name": "source_longitude",
                  "displayName": "source_longitude",
                  "typePropertyKind": "TYPE_EXPRESSION",
                  "required": false,
                  "description": "The longintude of the source which originated the Event.",
                  "key": "source_longitude"
                },
                {
                  "type": "string",
                  "name": "source_name",
                  "displayName": "source_name",
                  "typePropertyKind": "TYPE_EXPRESSION",
                  "required": false,
                  "description": "The name of the source which originated the Event.",
                  "key": "source_name"
                },
                {
                  "type": "string",
                  "name": "source_organisation",
                  "displayName": "source_organisation",
                  "typePropertyKind": "TYPE_EXPRESSION",
                  "required": false,
                  "description": "The organization of the source which originated the Event.",
                  "key": "source_organisation"
                },
                {
                  "type": "string",
                  "name": "source_region",
                  "displayName": "source_region",
                  "typePropertyKind": "TYPE_EXPRESSION",
                  "required": false,
                  "description": "The region of the source which originated the Event.",
                  "key": "source_region"
                },
                {
                  "type": "string",
                  "name": "source_registered_country",
                  "displayName": "source_registered_country",
                  "typePropertyKind": "TYPE_EXPRESSION",
                  "required": false,
                  "description": "The country registered of the source which originated the Event.",
                  "key": "source_registered_country"
                },
                {
                  "type": "string",
                  "name": "source_userid",
                  "displayName": "source_userid",
                  "typePropertyKind": "TYPE_EXPRESSION",
                  "required": false,
                  "description": "The user ID of the source which originated the Event.",
                  "key": "source_userid"
                },
                {
                  "type": "string",
                  "name": "source_username",
                  "displayName": "source_username",
                  "typePropertyKind": "TYPE_EXPRESSION",
                  "required": true,
                  "description": "The username of the source which originated the Event.",
                  "key": "source_username"
                },
                {
                  "type": "string",
                  "name": "suppressed",
                  "displayName": "suppressed",
                  "typePropertyKind": "TYPE_EXPRESSION",
                  "required": true,
                  "description": "Boolean string value to determine if the Event is suppressed.",
                  "key": "suppressed"
                },
                {
                  "type": "string",
                  "name": "timestamp_occured",
                  "displayName": "timestamp_occured",
                  "typePropertyKind": "TYPE_EXPRESSION",
                  "required": true,
                  "description": "Epoch string of the Event occurrence.",
                  "key": "timestamp_occured"
                },
                {
                  "type": "string",
                  "name": "timestamp_occured_iso8601",
                  "displayName": "timestamp_occured_iso8601",
                  "typePropertyKind": "TYPE_EXPRESSION",
                  "required": true,
                  "description": "Epoch string of the Event occurrence in ISO 8601 format.",
                  "key": "timestamp_occured_iso8601"
                },
                {
                  "type": "string",
                  "name": "timestamp_received",
                  "displayName": "timestamp_received",
                  "typePropertyKind": "TYPE_EXPRESSION",
                  "required": true,
                  "description": "Epoch string of when the Event was received.",
                  "key": "timestamp_received"
                },
                {
                  "type": "string",
                  "name": "timestamp_received_iso8601",
                  "displayName": "timestamp_received_iso8601",
                  "typePropertyKind": "TYPE_EXPRESSION",
                  "required": true,
                  "description": "Epoch string of when the Event was received in ISO 8601 format.",
                  "key": "timestamp_received_iso8601"
                },
                {
                  "type": "boolean",
                  "name": "transient",
                  "displayName": "transient",
                  "typePropertyKind": "TYPE_EXPRESSION",
                  "required": false,
                  "description": "Boolean value to determine if the Event is transient.",
                  "key": "transient"
                },
                {
                  "type": "boolean",
                  "name": "used_hint",
                  "displayName": "used_hint",
                  "typePropertyKind": "TYPE_EXPRESSION",
                  "required": true,
                  "description": "Boolean value to determine if a hint was used to find the plugin.",
                  "key": "used_hint"
                },
                {
                  "type": "string",
                  "name": "uuid",
                  "displayName": "uuid",
                  "typePropertyKind": "TYPE_EXPRESSION",
                  "required": true,
                  "description": "Unique UUID of this Event.",
                  "key": "uuid"
                },
                {
                  "type": "boolean",
                  "name": "was_fuzzied",
                  "displayName": "was_fuzzied",
                  "typePropertyKind": "TYPE_EXPRESSION",
                  "required": false,
                  "description": "Boolean value to determine if a fuzzied parser was used to generate the Event.",
                  "key": "was_fuzzied"
                },
                {
                  "type": "boolean",
                  "name": "was_guessed",
                  "displayName": "was_guessed",
                  "typePropertyKind": "TYPE_EXPRESSION",
                  "required": false,
                  "description": "Boolean value to determine if the plugin was brute forced.",
                  "key": "was_guessed"
                }
              ],
              "name": "events",
              "displayName": "events",
              "typePropertyKind": "TYPE_EXPRESSION",
              "description": "This object contains all information pertaining to an Event.",
              "additionalProperties": true,
              "originalType": "events"
            },
            "name": "events",
            "displayName": "events",
            "typePropertyKind": "TYPE_EXPRESSION",
            "required": true,
            "description": "An array of the last 10 Events associated with the Alarm.",
            "key": "events"
          },
          {
            "type": "string",
            "name": "tenantId",
            "displayName": "tenantId",
            "typePropertyKind": "TYPE_EXPRESSION",
            "required": true,
            "description": "ID of the USMA instance which forwarded the alarm to USMC.",
            "examples": [
              {
                "value": "cn://fjrubio-cn.aveng.us",
                "strict": true,
                "name": null,
                "structuredValue": "cn://fjrubio-cn.aveng.us"
              }
            ],
            "key": "tenantId"
          },
          {
            "type": "integer",
            "name": "timestamp",
            "displayName": "timestamp",
            "typePropertyKind": "TYPE_EXPRESSION",
            "required": true,
            "description": "Epoch timestamp of when alarm was processed by USM Central.",
            "key": "timestamp"
          }
        ],
        "name": "alarmResponse",
        "displayName": "alarmResponse",
        "typePropertyKind": "TYPE_EXPRESSION",
        "description": "This object contains all information pertaining to an alarm.",
        "additionalProperties": true,
        "originalType": "alarmResponse"
      },
      "name": "results",
      "displayName": "results",
      "typePropertyKind": "TYPE_EXPRESSION",
      "required": true,
      "key": "results"
    },
    "total": {
      "type": "number",
      "name": "total",
      "displayName": "total",
      "typePropertyKind": "TYPE_EXPRESSION",
      "required": true,
      "description": "The total number of results found.",
      "key": "total"
    }
  }
}

alarmResponse

This object contains all information pertaining to an alarm.


Properties

TYPE DEFINITION

{
  "name": "alarmResponse",
  "type": "object",
  "description": "This object contains all information pertaining to an alarm.",
  "properties": {
    "alarm": {
      "type": "object",
      "properties": [
        {
          "type": "string",
          "name": "account_name",
          "displayName": "account_name",
          "typePropertyKind": "TYPE_EXPRESSION",
          "required": false,
          "description": "The account name used from the Event(s) which originated the Alarm.",
          "key": "account_name"
        },
        {
          "type": "string",
          "name": "account_id",
          "displayName": "account_id",
          "typePropertyKind": "TYPE_EXPRESSION",
          "required": false,
          "description": "The account ID used from the Event(s) which originated the Alarm.",
          "key": "account_id"
        },
        {
          "type": "array",
          "items": {
            "type": "any"
          },
          "name": "alarm_destination_asset_ids",
          "displayName": "alarm_destination_asset_ids",
          "typePropertyKind": "TYPE_EXPRESSION",
          "required": false,
          "description": "An array of the destination Asset IDs from the Event(s) which orignated the Alarm.",
          "key": "alarm_destination_asset_ids"
        },
        {
          "type": "array",
          "items": {
            "type": "any"
          },
          "name": "alarm_destination_countries",
          "displayName": "alarm_destination_countries",
          "typePropertyKind": "TYPE_EXPRESSION",
          "required": false,
          "description": "An array of the destination countries from the Event(s) which orignated the Alarm.",
          "key": "alarm_destination_countries"
        },
        {
          "type": "array",
          "items": {
            "type": "any"
          },
          "name": "alarm_destination_latitudes",
          "displayName": "alarm_destination_latitudes",
          "typePropertyKind": "TYPE_EXPRESSION",
          "required": false,
          "description": "The destination latitudes from the Event(s) which originated the alarm",
          "key": "alarm_destination_latitudes"
        },
        {
          "type": "array",
          "items": {
            "type": "any"
          },
          "name": "alarm_destination_longitudes",
          "displayName": "alarm_destination_longitudes",
          "typePropertyKind": "TYPE_EXPRESSION",
          "required": false,
          "description": "The destination longitudes from the Event(s) which originated the alarm",
          "key": "alarm_destination_longitudes"
        },
        {
          "type": "array",
          "items": {
            "type": "any"
          },
          "name": "alarm_destination_names",
          "displayName": "alarm_destination_names",
          "typePropertyKind": "TYPE_EXPRESSION",
          "required": true,
          "description": "The names of the destinations from the Event(s) which originated the Alarm.",
          "key": "alarm_destination_names"
        },
        {
          "type": "array",
          "items": {
            "type": "any"
          },
          "name": "alarm_destination_zones",
          "displayName": "alarm_destination_zones",
          "typePropertyKind": "TYPE_EXPRESSION",
          "required": true,
          "description": "An array with the destination zones from the Event(s) which originated the Alarm.",
          "key": "alarm_destination_zones"
        },
        {
          "type": "array",
          "items": {
            "type": "any"
          },
          "name": "alarm_destinations",
          "displayName": "alarm_destinations",
          "typePropertyKind": "TYPE_EXPRESSION",
          "required": true,
          "description": "The hostnames of the destinations from the Event(s) which originated the Alarm.",
          "key": "alarm_destinations"
        },
        {
          "type": "array",
          "items": {
            "type": "any"
          },
          "name": "alarm_labels",
          "displayName": "alarm_labels",
          "typePropertyKind": "TYPE_EXPRESSION",
          "required": false,
          "description": "The Alarm labels IDs that have been applied to the Alarm.",
          "key": "alarm_labels"
        },
        {
          "type": "array",
          "items": {
            "type": "any"
          },
          "name": "alarm_sensor_sources",
          "displayName": "alarm_sensor_sources",
          "typePropertyKind": "TYPE_EXPRESSION",
          "required": true,
          "description": "The source Sensors from the Event(s) which originated the Alarm.",
          "key": "alarm_sensor_sources"
        },
        {
          "type": "array",
          "items": {
            "type": "any"
          },
          "name": "alarm_source_asset_ids",
          "displayName": "alarm_source_asset_ids",
          "typePropertyKind": "TYPE_EXPRESSION",
          "required": false,
          "description": "The source Asset IDs from the Event(s) which originated the Alarm.",
          "key": "alarm_source_asset_ids"
        },
        {
          "type": "array",
          "items": {
            "type": "any"
          },
          "name": "alarm_source_names",
          "displayName": "alarm_source_names",
          "typePropertyKind": "TYPE_EXPRESSION",
          "required": true,
          "description": "The source Asset names from the Event(s) which originated the Alarm.",
          "key": "alarm_source_names"
        },
        {
          "type": "array",
          "items": {
            "type": "any"
          },
          "name": "alarm_source_cities",
          "displayName": "alarm_source_cities",
          "typePropertyKind": "TYPE_EXPRESSION",
          "required": false,
          "description": "The source cities from the Event(s) which originated the alarm",
          "key": "alarm_source_cities"
        },
        {
          "type": "array",
          "items": {
            "type": "any"
          },
          "name": "alarm_source_countries",
          "displayName": "alarm_source_countries",
          "typePropertyKind": "TYPE_EXPRESSION",
          "required": false,
          "description": "The source countries from the Event(s) which originated the alarm",
          "key": "alarm_source_countries"
        },
        {
          "type": "array",
          "items": {
            "type": "any"
          },
          "name": "alarm_source_latitudes",
          "displayName": "alarm_source_latitudes",
          "typePropertyKind": "TYPE_EXPRESSION",
          "required": false,
          "description": "The source latitudes from the Event(s) which originated the alarm",
          "key": "alarm_source_latitudes"
        },
        {
          "type": "array",
          "items": {
            "type": "any"
          },
          "name": "alarm_source_longitudes",
          "displayName": "alarm_source_longitudes",
          "typePropertyKind": "TYPE_EXPRESSION",
          "required": false,
          "description": "The source longitudes from the Event(s) which originated the alarm",
          "key": "alarm_source_longitudes"
        },
        {
          "type": "array",
          "items": {
            "type": "any"
          },
          "name": "alarm_sources",
          "displayName": "alarm_sources",
          "typePropertyKind": "TYPE_EXPRESSION",
          "required": true,
          "description": "The source hostnames from the Event(s) which originated the Alarm.",
          "key": "alarm_sources"
        },
        {
          "type": "string",
          "name": "app_id",
          "displayName": "app_id",
          "typePropertyKind": "TYPE_EXPRESSION",
          "required": false,
          "description": "The ID of the sensor app from the Event(s) which originated the Alarm.",
          "key": "app_id"
        },
        {
          "type": "string",
          "name": "app_type",
          "displayName": "app_type",
          "typePropertyKind": "TYPE_EXPRESSION",
          "required": false,
          "description": "The sensor app type from the Event(s) which originated the Alarm.",
          "key": "app_type"
        },
        {
          "type": "string",
          "name": "authentication_mode",
          "displayName": "authentication_mode",
          "typePropertyKind": "TYPE_EXPRESSION",
          "required": false,
          "description": "The mode of authentication used, if relevant, from the Event(s) which orignated the Alarm.",
          "key": "authentication_mode"
        },
        {
          "type": "string",
          "name": "authentication_type",
          "displayName": "authentication_type",
          "typePropertyKind": "TYPE_EXPRESSION",
          "required": true,
          "description": "The type of authentication used, if relevant, from the Event(s) which orignated the Alarm.",
          "key": "authentication_type"
        },
        {
          "type": "string",
          "name": "destination_name",
          "displayName": "destination_name",
          "typePropertyKind": "TYPE_EXPRESSION",
          "required": true,
          "description": "The name of the asset which originated the Alarm.",
          "key": "destination_name"
        },
        {
          "type": "string",
          "name": "error_message",
          "displayName": "error_message",
          "typePropertyKind": "TYPE_EXPRESSION",
          "required": false,
          "description": "The error message of the response, if relevant, which originated the Alarm.",
          "key": "error_message"
        },
        {
          "type": "string",
          "name": "event_action",
          "displayName": "event_action",
          "typePropertyKind": "TYPE_EXPRESSION",
          "required": true,
          "description": "The implied action of the Event(s) - Create, Read, Update, Delete..etc which originated the Alarm.",
          "key": "event_action"
        },
        {
          "type": "string",
          "name": "event_name",
          "displayName": "event_name",
          "typePropertyKind": "TYPE_EXPRESSION",
          "required": true,
          "description": "The short, user-readable description of the Event(s) which originated the Alarm.",
          "key": "event_name"
        },
        {
          "type": "boolean",
          "name": "needs_enrichment",
          "displayName": "needs_enrichment",
          "typePropertyKind": "TYPE_EXPRESSION",
          "required": false,
          "description": "If the Event(s) that originated the alarm need to be processed by Enrichment Apps.",
          "key": "needs_enrichment"
        },
        {
          "type": "string",
          "name": "event_type",
          "displayName": "event_type",
          "typePropertyKind": "TYPE_EXPRESSION",
          "required": false,
          "description": "The type of Event. In this case it will always be Alarm.",
          "key": "event_type"
        },
        {
          "type": "string",
          "name": "has_alarm",
          "displayName": "has_alarm",
          "typePropertyKind": "TYPE_EXPRESSION",
          "required": false,
          "description": "Boolean defining if the Event has an alarm associated with it.",
          "key": "has_alarm"
        },
        {
          "type": "array",
          "items": {
            "type": "any"
          },
          "name": "highlight_fields",
          "displayName": "highlight_fields",
          "typePropertyKind": "TYPE_EXPRESSION",
          "required": true,
          "description": "Array of the most important fields for an alarm.",
          "key": "highlight_fields"
        },
        {
          "type": "integer",
          "name": "number_of_events",
          "displayName": "number_of_events",
          "typePropertyKind": "TYPE_EXPRESSION",
          "required": true,
          "description": "Numbers of Events that originated the Alarm.",
          "key": "number_of_events"
        },
        {
          "type": "array",
          "items": {
            "type": "any"
          },
          "name": "packet_data",
          "displayName": "packet_data",
          "typePropertyKind": "TYPE_EXPRESSION",
          "required": true,
          "description": "Array of Event IDS that originated the Alarm.",
          "key": "packet_data"
        },
        {
          "type": "string",
          "name": "packet_type",
          "displayName": "packet_type",
          "typePropertyKind": "TYPE_EXPRESSION",
          "required": false,
          "description": "The internal classification of the packet type. In this case, it will always be \"alarm\".",
          "key": "packet_type"
        },
        {
          "type": "string",
          "name": "priority",
          "displayName": "priority",
          "typePropertyKind": "TYPE_EXPRESSION",
          "required": true,
          "description": "The priority of the Alarm. Ranges from 1-100",
          "key": "priority"
        },
        {
          "type": "string",
          "name": "priority_label",
          "displayName": "priority_label",
          "typePropertyKind": "TYPE_EXPRESSION",
          "required": true,
          "description": "The priority label of the Alarm. Can be low if priority <= 33, medium if 33<priority<=66, or high priority > 66.",
          "key": "priority_label"
        },
        {
          "type": "string",
          "name": "request_user_agent",
          "displayName": "request_user_agent",
          "typePropertyKind": "TYPE_EXPRESSION",
          "required": false,
          "description": "The user agent in the request from the Event(s) which originated the Alarm.",
          "key": "request_user_agent"
        },
        {
          "type": "string",
          "name": "rule_dictionary",
          "displayName": "rule_dictionary",
          "typePropertyKind": "TYPE_EXPRESSION",
          "required": true,
          "description": "The correlation rule that processed the Event(s) which originated the Alarm.",
          "key": "rule_dictionary"
        },
        {
          "type": "string",
          "name": "rule_id",
          "displayName": "rule_id",
          "typePropertyKind": "TYPE_EXPRESSION",
          "required": true,
          "description": "The ID of the correlation rule that processed the Event(s) which originated the Alarm.",
          "key": "rule_id"
        },
        {
          "type": "string",
          "name": "rule_intent",
          "displayName": "rule_intent",
          "typePropertyKind": "TYPE_EXPRESSION",
          "required": true,
          "description": "The intent of the correlation rule that processed the Event(s) which originated the Alarm. Either malicious or informational.",
          "enum": [
            "Reconnaissance & Probing",
            "Delivery & Attack",
            "Exploitation & Installation",
            "System Compromise",
            "Environmental Awareness"
          ],
          "key": "rule_intent"
        },
        {
          "type": "string",
          "name": "rule_method",
          "displayName": "rule_method",
          "typePropertyKind": "TYPE_EXPRESSION",
          "required": true,
          "description": "The method describes the particular method employed by the actor of the correlation rule that processed the Event(s) which originated the Alarm.",
          "key": "rule_method"
        },
        {
          "type": "string",
          "name": "rule_strategy",
          "displayName": "rule_strategy",
          "typePropertyKind": "TYPE_EXPRESSION",
          "required": true,
          "description": "The strategy of the correlation rule that processed the Event(s) which originated the Alarm.",
          "key": "rule_strategy"
        },
        {
          "type": "string",
          "name": "security_group_id",
          "displayName": "security_group_id",
          "typePropertyKind": "TYPE_EXPRESSION",
          "required": false,
          "description": "The security group id used from the Event(s) which originated the Alarm.",
          "key": "security_group_id"
        },
        {
          "type": "string",
          "name": "sensor_name",
          "displayName": "sensor_name",
          "typePropertyKind": "TYPE_EXPRESSION",
          "required": false,
          "description": "The name of the sensor that received this Event.",
          "key": "sensor_name"
        },
        {
          "type": "string",
          "name": "sensor_uuid",
          "displayName": "sensor_uuid",
          "typePropertyKind": "TYPE_EXPRESSION",
          "required": true,
          "description": "The UUID of the sensor that received this Event.",
          "key": "sensor_uuid"
        },
        {
          "type": "string",
          "name": "source_asset_id",
          "displayName": "source_asset_id",
          "typePropertyKind": "TYPE_EXPRESSION",
          "required": false,
          "description": "The ID of the source asset from the Event(s) which originated the Alarm.",
          "key": "source_asset_id"
        },
        {
          "type": "string",
          "name": "source_name",
          "displayName": "source_name",
          "typePropertyKind": "TYPE_EXPRESSION",
          "required": false,
          "description": "The name of the source asset from the Event(s) which originated the Alarm.",
          "key": "source_name"
        },
        {
          "type": "string",
          "name": "source_hostname",
          "displayName": "source_hostname",
          "typePropertyKind": "TYPE_EXPRESSION",
          "required": false,
          "description": "The hostname of the source asset from the Event(s) which originated the Alarm.",
          "key": "source_hostname"
        },
        {
          "type": "string",
          "name": "source_username",
          "displayName": "source_username",
          "typePropertyKind": "TYPE_EXPRESSION",
          "required": true,
          "description": "The source username from the Event(s) which originated the Alarm.",
          "key": "source_username"
        },
        {
          "type": "string",
          "name": "status",
          "displayName": "status",
          "typePropertyKind": "TYPE_EXPRESSION",
          "required": true,
          "description": "The status of the Alarm.",
          "enum": [
            "Open",
            "In Review",
            "Closed"
          ],
          "key": "status"
        },
        {
          "type": "string",
          "name": "suppressed",
          "displayName": "suppressed",
          "typePropertyKind": "TYPE_EXPRESSION",
          "required": true,
          "description": "Boolean string value to determine if the alarm is suppressed.",
          "key": "suppressed"
        },
        {
          "type": "string",
          "name": "timestamp_occured",
          "displayName": "timestamp_occured",
          "typePropertyKind": "TYPE_EXPRESSION",
          "required": true,
          "description": "Epoch string of the first Event occurrence.",
          "key": "timestamp_occured"
        },
        {
          "type": "string",
          "name": "timestamp_received",
          "displayName": "timestamp_received",
          "typePropertyKind": "TYPE_EXPRESSION",
          "required": true,
          "description": "Epoch of when the first event was received.",
          "key": "timestamp_received"
        },
        {
          "type": "string",
          "name": "timestamp_received_iso8601",
          "displayName": "timestamp_received_iso8601",
          "typePropertyKind": "TYPE_EXPRESSION",
          "required": false,
          "description": "Epoch string of when the Event was received in ISO 8601 format.",
          "key": "timestamp_received_iso8601"
        },
        {
          "type": "string",
          "name": "timestamp_occured_iso8601",
          "displayName": "timestamp_occured_iso8601",
          "typePropertyKind": "TYPE_EXPRESSION",
          "required": false,
          "description": "Epoch string of the first Event occurrence in ISO 8601 format.",
          "key": "timestamp_occured_iso8601"
        },
        {
          "type": "boolean",
          "name": "transient",
          "displayName": "transient",
          "typePropertyKind": "TYPE_EXPRESSION",
          "required": false,
          "description": "Boolean string value to determine if the Alarm is transient.",
          "key": "transient"
        },
        {
          "type": "string",
          "name": "uuid",
          "displayName": "uuid",
          "typePropertyKind": "TYPE_EXPRESSION",
          "required": true,
          "description": "Unique UUID of this Alarm.",
          "key": "uuid"
        }
      ],
      "name": "alarm",
      "displayName": "alarm",
      "typePropertyKind": "TYPE_EXPRESSION",
      "required": true,
      "description": "Alarm details",
      "additionalProperties": true,
      "key": "alarm"
    },
    "assets": {
      "type": "array",
      "items": {
        "type": "any"
      },
      "name": "assets",
      "displayName": "assets",
      "typePropertyKind": "TYPE_EXPRESSION",
      "required": true,
      "description": "An array of the assets tied to the Event(s) which originated the Alarm.",
      "key": "assets"
    },
    "events": {
      "type": "array",
      "items": {
        "type": "object",
        "properties": [
          {
            "type": "string",
            "name": "access_control_outcome",
            "displayName": "access_control_outcome",
            "typePropertyKind": "TYPE_EXPRESSION",
            "required": false,
            "description": "The outcome for Access Control which generated the Event.",
            "key": "access_control_outcome"
          },
          {
            "type": "string",
            "name": "access_key_id",
            "displayName": "access_key_id",
            "typePropertyKind": "TYPE_EXPRESSION",
            "required": false,
            "description": "The ID of the access key used which generated the Event.",
            "key": "access_key_id"
          },
          {
            "type": "string",
            "name": "account_name",
            "displayName": "account_name",
            "typePropertyKind": "TYPE_EXPRESSION",
            "required": false,
            "description": "The account name which generated this Event.",
            "key": "account_name"
          },
          {
            "type": "string",
            "name": "account_id",
            "displayName": "account_id",
            "typePropertyKind": "TYPE_EXPRESSION",
            "required": false,
            "description": "The account ID which generated this Event.",
            "key": "account_id"
          },
          {
            "type": "string",
            "name": "app_id",
            "displayName": "app_id",
            "typePropertyKind": "TYPE_EXPRESSION",
            "required": false,
            "description": "The ID of the sensor app which generated the Event.",
            "key": "app_id"
          },
          {
            "type": "string",
            "name": "app_name",
            "displayName": "app_name",
            "typePropertyKind": "TYPE_EXPRESSION",
            "required": false,
            "description": "The name of the sensor app which generated the Event.",
            "key": "app_name"
          },
          {
            "type": "string",
            "name": "app_type",
            "displayName": "app_type",
            "typePropertyKind": "TYPE_EXPRESSION",
            "required": false,
            "description": "The type of sensor app which generated the Event.",
            "key": "app_type"
          },
          {
            "type": "string",
            "name": "authentication_mode",
            "displayName": "authentication_mode",
            "typePropertyKind": "TYPE_EXPRESSION",
            "required": false,
            "description": "The mode of authentication used, if relevant, which originated the Event.",
            "key": "authentication_mode"
          },
          {
            "type": "string",
            "name": "authentication_type",
            "displayName": "authentication_type",
            "typePropertyKind": "TYPE_EXPRESSION",
            "required": false,
            "description": "The method used to authenticate which generated the Event.",
            "key": "authentication_type"
          },
          {
            "type": "string",
            "name": "customheader_0",
            "displayName": "customheader_0",
            "typePropertyKind": "TYPE_EXPRESSION",
            "required": false,
            "description": "Custom header. There are 20 supported.",
            "key": "customheader_0"
          },
          {
            "type": "string",
            "name": "customfield_0",
            "displayName": "customfield_0",
            "typePropertyKind": "TYPE_EXPRESSION",
            "required": false,
            "description": "Custom field. There are 20 supported.",
            "key": "customfield_0"
          },
          {
            "type": "string",
            "name": "destination_address",
            "displayName": "destination_address",
            "typePropertyKind": "TYPE_EXPRESSION",
            "required": false,
            "description": "The ip address of the destination which generated the Event.",
            "key": "destination_address"
          },
          {
            "type": "string",
            "name": "destination_canonical",
            "displayName": "destination_canonical",
            "typePropertyKind": "TYPE_EXPRESSION",
            "required": false,
            "description": "The canonical representation of the destination which generated the Event.",
            "key": "destination_canonical"
          },
          {
            "type": "string",
            "name": "destination_hostname",
            "displayName": "destination_hostname",
            "typePropertyKind": "TYPE_EXPRESSION",
            "required": false,
            "description": "The hostname of the destination which generated the Event.",
            "key": "destination_hostname"
          },
          {
            "type": "string",
            "name": "destination_infrastructure_name",
            "displayName": "destination_infrastructure_name",
            "typePropertyKind": "TYPE_EXPRESSION",
            "required": false,
            "description": "The infranstructure name of the destination which generated the Event.",
            "key": "destination_infrastructure_name"
          },
          {
            "type": "string",
            "name": "destination_infrastructure_type",
            "displayName": "destination_infrastructure_type",
            "typePropertyKind": "TYPE_EXPRESSION",
            "required": false,
            "description": "The infranstructure type of the destination which generated the Event.",
            "key": "destination_infrastructure_type"
          },
          {
            "type": "string",
            "name": "destination_name",
            "displayName": "destination_name",
            "typePropertyKind": "TYPE_EXPRESSION",
            "required": true,
            "description": "The name of the Asset on the Event originated.",
            "key": "destination_name"
          },
          {
            "type": "string",
            "name": "destination_userid",
            "displayName": "destination_userid",
            "typePropertyKind": "TYPE_EXPRESSION",
            "required": false,
            "description": "The user id which generated the Event.",
            "key": "destination_userid"
          },
          {
            "type": "string",
            "name": "destination_zone",
            "displayName": "destination_zone",
            "typePropertyKind": "TYPE_EXPRESSION",
            "required": false,
            "description": "The destination zone which generated the Event.",
            "key": "destination_zone"
          },
          {
            "type": "string",
            "name": "error_code",
            "displayName": "error_code",
            "typePropertyKind": "TYPE_EXPRESSION",
            "required": false,
            "description": "The error code of the response, if relevant, which originated the Alarm.",
            "key": "error_code"
          },
          {
            "type": "string",
            "name": "error_message",
            "displayName": "error_message",
            "typePropertyKind": "TYPE_EXPRESSION",
            "required": false,
            "description": "The error message of the response, if relevant, which originated the Alarm.",
            "key": "error_message"
          },
          {
            "type": "string",
            "name": "event_action",
            "displayName": "event_action",
            "typePropertyKind": "TYPE_EXPRESSION",
            "required": true,
            "description": "The implied action- Create, Read, Update, Delete..etc- which generated the Event.",
            "key": "event_action"
          },
          {
            "type": "string",
            "name": "event_description",
            "displayName": "event_description",
            "typePropertyKind": "TYPE_EXPRESSION",
            "required": true,
            "description": "The decription of the Event.",
            "key": "event_description"
          },
          {
            "type": "string",
            "name": "event_description_url",
            "displayName": "event_description_url",
            "typePropertyKind": "TYPE_EXPRESSION",
            "required": false,
            "description": "The URL for the full description of the Event.",
            "key": "event_description_url"
          },
          {
            "type": "string",
            "name": "event_name",
            "displayName": "event_name",
            "typePropertyKind": "TYPE_EXPRESSION",
            "required": true,
            "description": "The short, user-readable description of the Event.",
            "key": "event_name"
          },
          {
            "type": "string",
            "name": "event_type",
            "displayName": "event_type",
            "typePropertyKind": "TYPE_EXPRESSION",
            "required": true,
            "description": "The type of Event.",
            "key": "event_type"
          },
          {
            "type": "string",
            "name": "has_alarm",
            "displayName": "has_alarm",
            "typePropertyKind": "TYPE_EXPRESSION",
            "required": false,
            "description": "Boolean defining if the Event has an alarm associated with it.",
            "key": "has_alarm"
          },
          {
            "type": "array",
            "items": {
              "type": "any"
            },
            "name": "highlight_fields",
            "displayName": "highlight_fields",
            "typePropertyKind": "TYPE_EXPRESSION",
            "required": true,
            "description": "Array of the most important fields for the Event type created.",
            "key": "highlight_fields"
          },
          {
            "type": "string",
            "name": "log",
            "displayName": "log",
            "typePropertyKind": "TYPE_EXPRESSION",
            "required": true,
            "description": "The raw log which generated the Event.",
            "key": "log"
          },
          {
            "type": "boolean",
            "name": "needs_enrichment",
            "displayName": "needs_enrichment",
            "typePropertyKind": "TYPE_EXPRESSION",
            "required": false,
            "description": "Boolean defining if the Event needs to be processed by the Enrichment Apps.",
            "key": "needs_enrichment"
          },
          {
            "type": "string",
            "name": "packet_type",
            "displayName": "packet_type",
            "typePropertyKind": "TYPE_EXPRESSION",
            "required": true,
            "description": "The internal classification of the packet type.",
            "key": "packet_type"
          },
          {
            "type": "string",
            "name": "plugin",
            "displayName": "plugin",
            "typePropertyKind": "TYPE_EXPRESSION",
            "required": false,
            "description": "The plugin used to normalize the Event.",
            "key": "plugin"
          },
          {
            "type": "string",
            "name": "plugin_device",
            "displayName": "plugin_device",
            "typePropertyKind": "TYPE_EXPRESSION",
            "required": false,
            "description": "The device the plugin was made for.",
            "key": "plugin_device"
          },
          {
            "type": "string",
            "name": "plugin_device_type",
            "displayName": "plugin_device_type",
            "typePropertyKind": "TYPE_EXPRESSION",
            "required": false,
            "description": "The type of the device the plugin was made for.",
            "key": "plugin_device_type"
          },
          {
            "type": "string",
            "name": "plugin_family",
            "displayName": "plugin_family",
            "typePropertyKind": "TYPE_EXPRESSION",
            "required": false,
            "description": "Family the plugin belongs to.",
            "key": "plugin_family"
          },
          {
            "type": "string",
            "name": "plugin_version",
            "displayName": "plugin_version",
            "typePropertyKind": "TYPE_EXPRESSION",
            "required": false,
            "description": "The version of the plugin.",
            "key": "plugin_version"
          },
          {
            "type": "string",
            "name": "received_from",
            "displayName": "received_from",
            "typePropertyKind": "TYPE_EXPRESSION",
            "required": true,
            "description": "Source this Event was received from.",
            "key": "received_from"
          },
          {
            "type": "string",
            "name": "rep_device_rule_id",
            "displayName": "rep_device_rule_id",
            "typePropertyKind": "TYPE_EXPRESSION",
            "required": false,
            "description": "The ID of the rule used by the reporting device to generate this Event (i.e. firewall rule, CVE, IDS Rule).",
            "key": "rep_device_rule_id"
          },
          {
            "type": "string",
            "name": "rep_device_version",
            "displayName": "rep_device_version",
            "typePropertyKind": "TYPE_EXPRESSION",
            "required": false,
            "description": "The version of the reporting device.",
            "key": "rep_device_version"
          },
          {
            "type": "string",
            "name": "request_user_agent",
            "displayName": "request_user_agent",
            "typePropertyKind": "TYPE_EXPRESSION",
            "required": false,
            "description": "The User Agent of the request which generated the Event.",
            "key": "request_user_agent"
          },
          {
            "type": "string",
            "name": "security_group_id",
            "displayName": "security_group_id",
            "typePropertyKind": "TYPE_EXPRESSION",
            "required": false,
            "description": "The ID of the security group which generated the Event.",
            "key": "security_group_id"
          },
          {
            "type": "string",
            "name": "sensor_name",
            "displayName": "sensor_name",
            "typePropertyKind": "TYPE_EXPRESSION",
            "required": false,
            "description": "The name of the sensor that received this Event.",
            "key": "sensor_name"
          },
          {
            "type": "string",
            "name": "sensor_uuid",
            "displayName": "sensor_uuid",
            "typePropertyKind": "TYPE_EXPRESSION",
            "required": true,
            "description": "The UUID of the sensor that received this Event.",
            "key": "sensor_uuid"
          },
          {
            "type": "string",
            "name": "source_address",
            "displayName": "source_address",
            "typePropertyKind": "TYPE_EXPRESSION",
            "required": true,
            "description": "The IP address which originated the Event.",
            "key": "source_address"
          },
          {
            "type": "string",
            "name": "source_asset_id",
            "displayName": "source_asset_id",
            "typePropertyKind": "TYPE_EXPRESSION",
            "required": true,
            "description": "The ID of the Asset which originated the Event.",
            "key": "source_asset_id"
          },
          {
            "type": "string",
            "name": "source_canonical",
            "displayName": "source_canonical",
            "typePropertyKind": "TYPE_EXPRESSION",
            "required": true,
            "description": "The Canonical representation of the source which originated the Event.",
            "key": "source_canonical"
          },
          {
            "type": "string",
            "name": "source_city",
            "displayName": "source_city",
            "typePropertyKind": "TYPE_EXPRESSION",
            "required": false,
            "description": "The city of the source which originated the Event.",
            "key": "source_city"
          },
          {
            "type": "string",
            "name": "source_country",
            "displayName": "source_country",
            "typePropertyKind": "TYPE_EXPRESSION",
            "required": false,
            "description": "The country of the source which originated the Event.",
            "key": "source_country"
          },
          {
            "type": "string",
            "name": "source_fqdn",
            "displayName": "source_fqdn",
            "typePropertyKind": "TYPE_EXPRESSION",
            "required": false,
            "description": "The FQDN of the source of Asset which originated the Event.",
            "key": "source_fqdn"
          },
          {
            "type": "string",
            "name": "source_hostname",
            "displayName": "source_hostname",
            "typePropertyKind": "TYPE_EXPRESSION",
            "required": false,
            "description": "The hostname of the source Asset which originated the Event.",
            "key": "source_hostname"
          },
          {
            "type": "string",
            "name": "source_latitude",
            "displayName": "source_latitude",
            "typePropertyKind": "TYPE_EXPRESSION",
            "required": false,
            "description": "The latitude of the source which originated the Event.",
            "key": "source_latitude"
          },
          {
            "type": "string",
            "name": "source_longitude",
            "displayName": "source_longitude",
            "typePropertyKind": "TYPE_EXPRESSION",
            "required": false,
            "description": "The longintude of the source which originated the Event.",
            "key": "source_longitude"
          },
          {
            "type": "string",
            "name": "source_name",
            "displayName": "source_name",
            "typePropertyKind": "TYPE_EXPRESSION",
            "required": false,
            "description": "The name of the source which originated the Event.",
            "key": "source_name"
          },
          {
            "type": "string",
            "name": "source_organisation",
            "displayName": "source_organisation",
            "typePropertyKind": "TYPE_EXPRESSION",
            "required": false,
            "description": "The organization of the source which originated the Event.",
            "key": "source_organisation"
          },
          {
            "type": "string",
            "name": "source_region",
            "displayName": "source_region",
            "typePropertyKind": "TYPE_EXPRESSION",
            "required": false,
            "description": "The region of the source which originated the Event.",
            "key": "source_region"
          },
          {
            "type": "string",
            "name": "source_registered_country",
            "displayName": "source_registered_country",
            "typePropertyKind": "TYPE_EXPRESSION",
            "required": false,
            "description": "The country registered of the source which originated the Event.",
            "key": "source_registered_country"
          },
          {
            "type": "string",
            "name": "source_userid",
            "displayName": "source_userid",
            "typePropertyKind": "TYPE_EXPRESSION",
            "required": false,
            "description": "The user ID of the source which originated the Event.",
            "key": "source_userid"
          },
          {
            "type": "string",
            "name": "source_username",
            "displayName": "source_username",
            "typePropertyKind": "TYPE_EXPRESSION",
            "required": true,
            "description": "The username of the source which originated the Event.",
            "key": "source_username"
          },
          {
            "type": "string",
            "name": "suppressed",
            "displayName": "suppressed",
            "typePropertyKind": "TYPE_EXPRESSION",
            "required": true,
            "description": "Boolean string value to determine if the Event is suppressed.",
            "key": "suppressed"
          },
          {
            "type": "string",
            "name": "timestamp_occured",
            "displayName": "timestamp_occured",
            "typePropertyKind": "TYPE_EXPRESSION",
            "required": true,
            "description": "Epoch string of the Event occurrence.",
            "key": "timestamp_occured"
          },
          {
            "type": "string",
            "name": "timestamp_occured_iso8601",
            "displayName": "timestamp_occured_iso8601",
            "typePropertyKind": "TYPE_EXPRESSION",
            "required": true,
            "description": "Epoch string of the Event occurrence in ISO 8601 format.",
            "key": "timestamp_occured_iso8601"
          },
          {
            "type": "string",
            "name": "timestamp_received",
            "displayName": "timestamp_received",
            "typePropertyKind": "TYPE_EXPRESSION",
            "required": true,
            "description": "Epoch string of when the Event was received.",
            "key": "timestamp_received"
          },
          {
            "type": "string",
            "name": "timestamp_received_iso8601",
            "displayName": "timestamp_received_iso8601",
            "typePropertyKind": "TYPE_EXPRESSION",
            "required": true,
            "description": "Epoch string of when the Event was received in ISO 8601 format.",
            "key": "timestamp_received_iso8601"
          },
          {
            "type": "boolean",
            "name": "transient",
            "displayName": "transient",
            "typePropertyKind": "TYPE_EXPRESSION",
            "required": false,
            "description": "Boolean value to determine if the Event is transient.",
            "key": "transient"
          },
          {
            "type": "boolean",
            "name": "used_hint",
            "displayName": "used_hint",
            "typePropertyKind": "TYPE_EXPRESSION",
            "required": true,
            "description": "Boolean value to determine if a hint was used to find the plugin.",
            "key": "used_hint"
          },
          {
            "type": "string",
            "name": "uuid",
            "displayName": "uuid",
            "typePropertyKind": "TYPE_EXPRESSION",
            "required": true,
            "description": "Unique UUID of this Event.",
            "key": "uuid"
          },
          {
            "type": "boolean",
            "name": "was_fuzzied",
            "displayName": "was_fuzzied",
            "typePropertyKind": "TYPE_EXPRESSION",
            "required": false,
            "description": "Boolean value to determine if a fuzzied parser was used to generate the Event.",
            "key": "was_fuzzied"
          },
          {
            "type": "boolean",
            "name": "was_guessed",
            "displayName": "was_guessed",
            "typePropertyKind": "TYPE_EXPRESSION",
            "required": false,
            "description": "Boolean value to determine if the plugin was brute forced.",
            "key": "was_guessed"
          }
        ],
        "name": "events",
        "displayName": "events",
        "typePropertyKind": "TYPE_EXPRESSION",
        "description": "This object contains all information pertaining to an Event.",
        "additionalProperties": true,
        "originalType": "events"
      },
      "name": "events",
      "displayName": "events",
      "typePropertyKind": "TYPE_EXPRESSION",
      "required": true,
      "description": "An array of the last 10 Events associated with the Alarm.",
      "key": "events"
    },
    "tenantId": {
      "type": "string",
      "name": "tenantId",
      "displayName": "tenantId",
      "typePropertyKind": "TYPE_EXPRESSION",
      "required": true,
      "description": "ID of the USMA instance which forwarded the alarm to USMC.",
      "examples": [
        {
          "value": "cn://fjrubio-cn.aveng.us",
          "strict": true,
          "name": null,
          "structuredValue": "cn://fjrubio-cn.aveng.us"
        }
      ],
      "key": "tenantId"
    },
    "timestamp": {
      "type": "integer",
      "name": "timestamp",
      "displayName": "timestamp",
      "typePropertyKind": "TYPE_EXPRESSION",
      "required": true,
      "description": "Epoch timestamp of when alarm was processed by USM Central.",
      "key": "timestamp"
    }
  }
}

oauthResponse

Describes a response for OAuth/token endpoint.


Properties

TYPE DEFINITION

{
  "name": "oauthResponse",
  "type": "object",
  "description": "Describes a response for OAuth/token endpoint.",
  "properties": {
    "access_token": {
      "type": "string",
      "name": "access_token",
      "displayName": "access_token",
      "typePropertyKind": "TYPE_EXPRESSION",
      "required": true,
      "key": "access_token"
    },
    "token_type": {
      "type": "string",
      "name": "token_type",
      "displayName": "token_type",
      "typePropertyKind": "TYPE_EXPRESSION",
      "required": true,
      "key": "token_type"
    },
    "expires_in": {
      "type": "number",
      "name": "expires_in",
      "displayName": "expires_in",
      "typePropertyKind": "TYPE_EXPRESSION",
      "required": true,
      "key": "expires_in"
    }
  }
}

events

This object contains all information pertaining to an Event.


Properties

TYPE DEFINITION

{
  "name": "events",
  "type": "object",
  "description": "This object contains all information pertaining to an Event.",
  "properties": {
    "access_control_outcome": {
      "type": "string",
      "name": "access_control_outcome",
      "displayName": "access_control_outcome",
      "typePropertyKind": "TYPE_EXPRESSION",
      "required": false,
      "description": "The outcome for Access Control which generated the Event."
    },
    "access_key_id": {
      "type": "string",
      "name": "access_key_id",
      "displayName": "access_key_id",
      "typePropertyKind": "TYPE_EXPRESSION",
      "required": false,
      "description": "The ID of the access key used which generated the Event."
    },
    "account_name": {
      "type": "string",
      "name": "account_name",
      "displayName": "account_name",
      "typePropertyKind": "TYPE_EXPRESSION",
      "required": false,
      "description": "The account name which generated this Event."
    },
    "account_id": {
      "type": "string",
      "name": "account_id",
      "displayName": "account_id",
      "typePropertyKind": "TYPE_EXPRESSION",
      "required": false,
      "description": "The account ID which generated this Event."
    },
    "app_id": {
      "type": "string",
      "name": "app_id",
      "displayName": "app_id",
      "typePropertyKind": "TYPE_EXPRESSION",
      "required": false,
      "description": "The ID of the sensor app which generated the Event."
    },
    "app_name": {
      "type": "string",
      "name": "app_name",
      "displayName": "app_name",
      "typePropertyKind": "TYPE_EXPRESSION",
      "required": false,
      "description": "The name of the sensor app which generated the Event."
    },
    "app_type": {
      "type": "string",
      "name": "app_type",
      "displayName": "app_type",
      "typePropertyKind": "TYPE_EXPRESSION",
      "required": false,
      "description": "The type of sensor app which generated the Event."
    },
    "authentication_mode": {
      "type": "string",
      "name": "authentication_mode",
      "displayName": "authentication_mode",
      "typePropertyKind": "TYPE_EXPRESSION",
      "required": false,
      "description": "The mode of authentication used, if relevant, which originated the Event."
    },
    "authentication_type": {
      "type": "string",
      "name": "authentication_type",
      "displayName": "authentication_type",
      "typePropertyKind": "TYPE_EXPRESSION",
      "required": false,
      "description": "The method used to authenticate which generated the Event."
    },
    "customheader_0": {
      "type": "string",
      "name": "customheader_0",
      "displayName": "customheader_0",
      "typePropertyKind": "TYPE_EXPRESSION",
      "required": false,
      "description": "Custom header. There are 20 supported."
    },
    "customfield_0": {
      "type": "string",
      "name": "customfield_0",
      "displayName": "customfield_0",
      "typePropertyKind": "TYPE_EXPRESSION",
      "required": false,
      "description": "Custom field. There are 20 supported."
    },
    "destination_address": {
      "type": "string",
      "name": "destination_address",
      "displayName": "destination_address",
      "typePropertyKind": "TYPE_EXPRESSION",
      "required": false,
      "description": "The ip address of the destination which generated the Event."
    },
    "destination_canonical": {
      "type": "string",
      "name": "destination_canonical",
      "displayName": "destination_canonical",
      "typePropertyKind": "TYPE_EXPRESSION",
      "required": false,
      "description": "The canonical representation of the destination which generated the Event."
    },
    "destination_hostname": {
      "type": "string",
      "name": "destination_hostname",
      "displayName": "destination_hostname",
      "typePropertyKind": "TYPE_EXPRESSION",
      "required": false,
      "description": "The hostname of the destination which generated the Event."
    },
    "destination_infrastructure_name": {
      "type": "string",
      "name": "destination_infrastructure_name",
      "displayName": "destination_infrastructure_name",
      "typePropertyKind": "TYPE_EXPRESSION",
      "required": false,
      "description": "The infranstructure name of the destination which generated the Event."
    },
    "destination_infrastructure_type": {
      "type": "string",
      "name": "destination_infrastructure_type",
      "displayName": "destination_infrastructure_type",
      "typePropertyKind": "TYPE_EXPRESSION",
      "required": false,
      "description": "The infranstructure type of the destination which generated the Event."
    },
    "destination_name": {
      "type": "string",
      "name": "destination_name",
      "displayName": "destination_name",
      "typePropertyKind": "TYPE_EXPRESSION",
      "required": true,
      "description": "The name of the Asset on the Event originated."
    },
    "destination_userid": {
      "type": "string",
      "name": "destination_userid",
      "displayName": "destination_userid",
      "typePropertyKind": "TYPE_EXPRESSION",
      "required": false,
      "description": "The user id which generated the Event."
    },
    "destination_zone": {
      "type": "string",
      "name": "destination_zone",
      "displayName": "destination_zone",
      "typePropertyKind": "TYPE_EXPRESSION",
      "required": false,
      "description": "The destination zone which generated the Event."
    },
    "error_code": {
      "type": "string",
      "name": "error_code",
      "displayName": "error_code",
      "typePropertyKind": "TYPE_EXPRESSION",
      "required": false,
      "description": "The error code of the response, if relevant, which originated the Alarm."
    },
    "error_message": {
      "type": "string",
      "name": "error_message",
      "displayName": "error_message",
      "typePropertyKind": "TYPE_EXPRESSION",
      "required": false,
      "description": "The error message of the response, if relevant, which originated the Alarm."
    },
    "event_action": {
      "type": "string",
      "name": "event_action",
      "displayName": "event_action",
      "typePropertyKind": "TYPE_EXPRESSION",
      "required": true,
      "description": "The implied action- Create, Read, Update, Delete..etc- which generated the Event."
    },
    "event_description": {
      "type": "string",
      "name": "event_description",
      "displayName": "event_description",
      "typePropertyKind": "TYPE_EXPRESSION",
      "required": true,
      "description": "The decription of the Event."
    },
    "event_description_url": {
      "type": "string",
      "name": "event_description_url",
      "displayName": "event_description_url",
      "typePropertyKind": "TYPE_EXPRESSION",
      "required": false,
      "description": "The URL for the full description of the Event."
    },
    "event_name": {
      "type": "string",
      "name": "event_name",
      "displayName": "event_name",
      "typePropertyKind": "TYPE_EXPRESSION",
      "required": true,
      "description": "The short, user-readable description of the Event."
    },
    "event_type": {
      "type": "string",
      "name": "event_type",
      "displayName": "event_type",
      "typePropertyKind": "TYPE_EXPRESSION",
      "required": true,
      "description": "The type of Event."
    },
    "has_alarm": {
      "type": "string",
      "name": "has_alarm",
      "displayName": "has_alarm",
      "typePropertyKind": "TYPE_EXPRESSION",
      "required": false,
      "description": "Boolean defining if the Event has an alarm associated with it."
    },
    "highlight_fields": {
      "type": "array",
      "items": {
        "type": "any"
      },
      "name": "highlight_fields",
      "displayName": "highlight_fields",
      "typePropertyKind": "TYPE_EXPRESSION",
      "required": true,
      "description": "Array of the most important fields for the Event type created."
    },
    "log": {
      "type": "string",
      "name": "log",
      "displayName": "log",
      "typePropertyKind": "TYPE_EXPRESSION",
      "required": true,
      "description": "The raw log which generated the Event."
    },
    "needs_enrichment": {
      "type": "boolean",
      "name": "needs_enrichment",
      "displayName": "needs_enrichment",
      "typePropertyKind": "TYPE_EXPRESSION",
      "required": false,
      "description": "Boolean defining if the Event needs to be processed by the Enrichment Apps."
    },
    "packet_type": {
      "type": "string",
      "name": "packet_type",
      "displayName": "packet_type",
      "typePropertyKind": "TYPE_EXPRESSION",
      "required": true,
      "description": "The internal classification of the packet type."
    },
    "plugin": {
      "type": "string",
      "name": "plugin",
      "displayName": "plugin",
      "typePropertyKind": "TYPE_EXPRESSION",
      "required": false,
      "description": "The plugin used to normalize the Event."
    },
    "plugin_device": {
      "type": "string",
      "name": "plugin_device",
      "displayName": "plugin_device",
      "typePropertyKind": "TYPE_EXPRESSION",
      "required": false,
      "description": "The device the plugin was made for."
    },
    "plugin_device_type": {
      "type": "string",
      "name": "plugin_device_type",
      "displayName": "plugin_device_type",
      "typePropertyKind": "TYPE_EXPRESSION",
      "required": false,
      "description": "The type of the device the plugin was made for."
    },
    "plugin_family": {
      "type": "string",
      "name": "plugin_family",
      "displayName": "plugin_family",
      "typePropertyKind": "TYPE_EXPRESSION",
      "required": false,
      "description": "Family the plugin belongs to."
    },
    "plugin_version": {
      "type": "string",
      "name": "plugin_version",
      "displayName": "plugin_version",
      "typePropertyKind": "TYPE_EXPRESSION",
      "required": false,
      "description": "The version of the plugin."
    },
    "received_from": {
      "type": "string",
      "name": "received_from",
      "displayName": "received_from",
      "typePropertyKind": "TYPE_EXPRESSION",
      "required": true,
      "description": "Source this Event was received from."
    },
    "rep_device_rule_id": {
      "type": "string",
      "name": "rep_device_rule_id",
      "displayName": "rep_device_rule_id",
      "typePropertyKind": "TYPE_EXPRESSION",
      "required": false,
      "description": "The ID of the rule used by the reporting device to generate this Event (i.e. firewall rule, CVE, IDS Rule)."
    },
    "rep_device_version": {
      "type": "string",
      "name": "rep_device_version",
      "displayName": "rep_device_version",
      "typePropertyKind": "TYPE_EXPRESSION",
      "required": false,
      "description": "The version of the reporting device."
    },
    "request_user_agent": {
      "type": "string",
      "name": "request_user_agent",
      "displayName": "request_user_agent",
      "typePropertyKind": "TYPE_EXPRESSION",
      "required": false,
      "description": "The User Agent of the request which generated the Event."
    },
    "security_group_id": {
      "type": "string",
      "name": "security_group_id",
      "displayName": "security_group_id",
      "typePropertyKind": "TYPE_EXPRESSION",
      "required": false,
      "description": "The ID of the security group which generated the Event."
    },
    "sensor_name": {
      "type": "string",
      "name": "sensor_name",
      "displayName": "sensor_name",
      "typePropertyKind": "TYPE_EXPRESSION",
      "required": false,
      "description": "The name of the sensor that received this Event."
    },
    "sensor_uuid": {
      "type": "string",
      "name": "sensor_uuid",
      "displayName": "sensor_uuid",
      "typePropertyKind": "TYPE_EXPRESSION",
      "required": true,
      "description": "The UUID of the sensor that received this Event."
    },
    "source_address": {
      "type": "string",
      "name": "source_address",
      "displayName": "source_address",
      "typePropertyKind": "TYPE_EXPRESSION",
      "required": true,
      "description": "The IP address which originated the Event."
    },
    "source_asset_id": {
      "type": "string",
      "name": "source_asset_id",
      "displayName": "source_asset_id",
      "typePropertyKind": "TYPE_EXPRESSION",
      "required": true,
      "description": "The ID of the Asset which originated the Event."
    },
    "source_canonical": {
      "type": "string",
      "name": "source_canonical",
      "displayName": "source_canonical",
      "typePropertyKind": "TYPE_EXPRESSION",
      "required": true,
      "description": "The Canonical representation of the source which originated the Event."
    },
    "source_city": {
      "type": "string",
      "name": "source_city",
      "displayName": "source_city",
      "typePropertyKind": "TYPE_EXPRESSION",
      "required": false,
      "description": "The city of the source which originated the Event."
    },
    "source_country": {
      "type": "string",
      "name": "source_country",
      "displayName": "source_country",
      "typePropertyKind": "TYPE_EXPRESSION",
      "required": false,
      "description": "The country of the source which originated the Event."
    },
    "source_fqdn": {
      "type": "string",
      "name": "source_fqdn",
      "displayName": "source_fqdn",
      "typePropertyKind": "TYPE_EXPRESSION",
      "required": false,
      "description": "The FQDN of the source of Asset which originated the Event."
    },
    "source_hostname": {
      "type": "string",
      "name": "source_hostname",
      "displayName": "source_hostname",
      "typePropertyKind": "TYPE_EXPRESSION",
      "required": false,
      "description": "The hostname of the source Asset which originated the Event."
    },
    "source_latitude": {
      "type": "string",
      "name": "source_latitude",
      "displayName": "source_latitude",
      "typePropertyKind": "TYPE_EXPRESSION",
      "required": false,
      "description": "The latitude of the source which originated the Event."
    },
    "source_longitude": {
      "type": "string",
      "name": "source_longitude",
      "displayName": "source_longitude",
      "typePropertyKind": "TYPE_EXPRESSION",
      "required": false,
      "description": "The longintude of the source which originated the Event."
    },
    "source_name": {
      "type": "string",
      "name": "source_name",
      "displayName": "source_name",
      "typePropertyKind": "TYPE_EXPRESSION",
      "required": false,
      "description": "The name of the source which originated the Event."
    },
    "source_organisation": {
      "type": "string",
      "name": "source_organisation",
      "displayName": "source_organisation",
      "typePropertyKind": "TYPE_EXPRESSION",
      "required": false,
      "description": "The organization of the source which originated the Event."
    },
    "source_region": {
      "type": "string",
      "name": "source_region",
      "displayName": "source_region",
      "typePropertyKind": "TYPE_EXPRESSION",
      "required": false,
      "description": "The region of the source which originated the Event."
    },
    "source_registered_country": {
      "type": "string",
      "name": "source_registered_country",
      "displayName": "source_registered_country",
      "typePropertyKind": "TYPE_EXPRESSION",
      "required": false,
      "description": "The country registered of the source which originated the Event."
    },
    "source_userid": {
      "type": "string",
      "name": "source_userid",
      "displayName": "source_userid",
      "typePropertyKind": "TYPE_EXPRESSION",
      "required": false,
      "description": "The user ID of the source which originated the Event."
    },
    "source_username": {
      "type": "string",
      "name": "source_username",
      "displayName": "source_username",
      "typePropertyKind": "TYPE_EXPRESSION",
      "required": true,
      "description": "The username of the source which originated the Event."
    },
    "suppressed": {
      "type": "string",
      "name": "suppressed",
      "displayName": "suppressed",
      "typePropertyKind": "TYPE_EXPRESSION",
      "required": true,
      "description": "Boolean string value to determine if the Event is suppressed."
    },
    "timestamp_occured": {
      "type": "string",
      "name": "timestamp_occured",
      "displayName": "timestamp_occured",
      "typePropertyKind": "TYPE_EXPRESSION",
      "required": true,
      "description": "Epoch string of the Event occurrence."
    },
    "timestamp_occured_iso8601": {
      "type": "string",
      "name": "timestamp_occured_iso8601",
      "displayName": "timestamp_occured_iso8601",
      "typePropertyKind": "TYPE_EXPRESSION",
      "required": true,
      "description": "Epoch string of the Event occurrence in ISO 8601 format."
    },
    "timestamp_received": {
      "type": "string",
      "name": "timestamp_received",
      "displayName": "timestamp_received",
      "typePropertyKind": "TYPE_EXPRESSION",
      "required": true,
      "description": "Epoch string of when the Event was received."
    },
    "timestamp_received_iso8601": {
      "type": "string",
      "name": "timestamp_received_iso8601",
      "displayName": "timestamp_received_iso8601",
      "typePropertyKind": "TYPE_EXPRESSION",
      "required": true,
      "description": "Epoch string of when the Event was received in ISO 8601 format."
    },
    "transient": {
      "type": "boolean",
      "name": "transient",
      "displayName": "transient",
      "typePropertyKind": "TYPE_EXPRESSION",
      "required": false,
      "description": "Boolean value to determine if the Event is transient."
    },
    "used_hint": {
      "type": "boolean",
      "name": "used_hint",
      "displayName": "used_hint",
      "typePropertyKind": "TYPE_EXPRESSION",
      "required": true,
      "description": "Boolean value to determine if a hint was used to find the plugin."
    },
    "uuid": {
      "type": "string",
      "name": "uuid",
      "displayName": "uuid",
      "typePropertyKind": "TYPE_EXPRESSION",
      "required": true,
      "description": "Unique UUID of this Event."
    },
    "was_fuzzied": {
      "type": "boolean",
      "name": "was_fuzzied",
      "displayName": "was_fuzzied",
      "typePropertyKind": "TYPE_EXPRESSION",
      "required": false,
      "description": "Boolean value to determine if a fuzzied parser was used to generate the Event."
    },
    "was_guessed": {
      "type": "boolean",
      "name": "was_guessed",
      "displayName": "was_guessed",
      "typePropertyKind": "TYPE_EXPRESSION",
      "required": false,
      "description": "Boolean value to determine if the plugin was brute forced."
    }
  }
}

configurationIssuesSearchRequest

Describes a search request payload.


Properties

TYPE DEFINITION

{
  "name": "configurationIssuesSearchRequest",
  "type": "object",
  "description": "Describes a search request payload.",
  "properties": {
    "page": {
      "type": "number",
      "name": "page",
      "displayName": "page",
      "typePropertyKind": "TYPE_EXPRESSION",
      "required": true,
      "key": "page"
    },
    "size": {
      "type": "number",
      "name": "size",
      "displayName": "size",
      "typePropertyKind": "TYPE_EXPRESSION",
      "required": true,
      "key": "size"
    },
    "find": {
      "type": "object",
      "properties": [],
      "name": "find",
      "displayName": "find",
      "typePropertyKind": "TYPE_EXPRESSION",
      "required": false,
      "key": "find"
    },
    "sort": {
      "type": "object",
      "properties": [],
      "name": "sort",
      "displayName": "sort",
      "typePropertyKind": "TYPE_EXPRESSION",
      "required": true,
      "key": "sort"
    },
    "range": {
      "type": "object",
      "properties": [],
      "name": "range",
      "displayName": "range",
      "typePropertyKind": "TYPE_EXPRESSION",
      "required": false,
      "key": "range"
    }
  }
}

configurationIssuesSearchResponse

Search response


Properties

TYPE DEFINITION

{
  "name": "configurationIssuesSearchResponse",
  "type": "object",
  "description": "Search response",
  "properties": {
    "results": {
      "type": "array",
      "items": {
        "type": "object",
        "properties": [
          {
            "type": "object",
            "properties": [
              {
                "type": "string",
                "name": "id",
                "displayName": "id",
                "typePropertyKind": "TYPE_EXPRESSION",
                "required": true,
                "description": "Unique UUID of the configuration issue.",
                "key": "id"
              },
              {
                "type": "string",
                "name": "name",
                "displayName": "name",
                "typePropertyKind": "TYPE_EXPRESSION",
                "required": true,
                "description": "Name of the asset that generated the configuration issue.",
                "key": "name"
              }
            ],
            "name": "asset",
            "displayName": "asset",
            "typePropertyKind": "TYPE_EXPRESSION",
            "required": true,
            "description": "The asset which originated the configuration issue.",
            "additionalProperties": true,
            "key": "asset"
          },
          {
            "type": "object",
            "properties": [
              {
                "type": "string",
                "name": "category",
                "displayName": "category",
                "typePropertyKind": "TYPE_EXPRESSION",
                "required": true,
                "description": "The category of the configuration issue.",
                "key": "category"
              },
              {
                "type": "string",
                "name": "description",
                "displayName": "description",
                "typePropertyKind": "TYPE_EXPRESSION",
                "required": true,
                "description": "Description of the configuration issue.",
                "key": "description"
              },
              {
                "type": "integer",
                "name": "firstSeen",
                "displayName": "firstSeen",
                "typePropertyKind": "TYPE_EXPRESSION",
                "required": true,
                "description": "The first time the configuration issue was seen.",
                "key": "firstSeen"
              },
              {
                "type": "integer",
                "name": "lastTimestamp",
                "displayName": "lastTimestamp",
                "typePropertyKind": "TYPE_EXPRESSION",
                "required": true,
                "description": "The last time the configuration issue was seen.",
                "key": "lastTimestamp"
              },
              {
                "type": "string",
                "name": "severity",
                "displayName": "severity",
                "typePropertyKind": "TYPE_EXPRESSION",
                "required": true,
                "description": "The severity of the configuration issue.",
                "key": "severity"
              },
              {
                "type": "string",
                "name": "subcategory",
                "displayName": "subcategory",
                "typePropertyKind": "TYPE_EXPRESSION",
                "required": true,
                "description": "The subcategory of the configuration issue.",
                "key": "subcategory"
              },
              {
                "type": "string",
                "name": "source",
                "displayName": "source",
                "typePropertyKind": "TYPE_EXPRESSION",
                "required": true,
                "description": "The source of the configuration issue.",
                "key": "source"
              }
            ],
            "name": "configurationIssue",
            "displayName": "configurationIssue",
            "typePropertyKind": "TYPE_EXPRESSION",
            "required": true,
            "description": "Configuration issue details",
            "additionalProperties": true,
            "key": "configurationIssue"
          },
          {
            "type": "string",
            "name": "tenantId",
            "displayName": "tenantId",
            "typePropertyKind": "TYPE_EXPRESSION",
            "required": true,
            "description": "ID of the USMA instance which forwarded the configuration issue to USMC.",
            "examples": [
              {
                "value": "cn://fjrubio-cn.aveng.us",
                "strict": true,
                "name": null,
                "structuredValue": "cn://fjrubio-cn.aveng.us"
              }
            ],
            "key": "tenantId"
          },
          {
            "type": "integer",
            "name": "timestamp",
            "displayName": "timestamp",
            "typePropertyKind": "TYPE_EXPRESSION",
            "required": true,
            "description": "Epoch timestamp of when configuration issue was processed by USM Central.",
            "key": "timestamp"
          }
        ],
        "name": "configurationIssueResponse",
        "displayName": "configurationIssueResponse",
        "typePropertyKind": "TYPE_EXPRESSION",
        "description": "This object contains all information pertaining to a configuration issue.",
        "additionalProperties": true,
        "originalType": "configurationIssueResponse"
      },
      "name": "results",
      "displayName": "results",
      "typePropertyKind": "TYPE_EXPRESSION",
      "required": true,
      "key": "results"
    },
    "total": {
      "type": "number",
      "name": "total",
      "displayName": "total",
      "typePropertyKind": "TYPE_EXPRESSION",
      "required": true,
      "description": "The total number of results found.",
      "key": "total"
    }
  }
}

configurationIssueResponse

This object contains all information pertaining to a configuration issue.


Properties

TYPE DEFINITION

{
  "name": "configurationIssueResponse",
  "type": "object",
  "description": "This object contains all information pertaining to a configuration issue.",
  "properties": {
    "asset": {
      "type": "object",
      "properties": [
        {
          "type": "string",
          "name": "id",
          "displayName": "id",
          "typePropertyKind": "TYPE_EXPRESSION",
          "required": true,
          "description": "Unique UUID of the configuration issue.",
          "key": "id"
        },
        {
          "type": "string",
          "name": "name",
          "displayName": "name",
          "typePropertyKind": "TYPE_EXPRESSION",
          "required": true,
          "description": "Name of the asset that generated the configuration issue.",
          "key": "name"
        }
      ],
      "name": "asset",
      "displayName": "asset",
      "typePropertyKind": "TYPE_EXPRESSION",
      "required": true,
      "description": "The asset which originated the configuration issue.",
      "additionalProperties": true,
      "key": "asset"
    },
    "configurationIssue": {
      "type": "object",
      "properties": [
        {
          "type": "string",
          "name": "category",
          "displayName": "category",
          "typePropertyKind": "TYPE_EXPRESSION",
          "required": true,
          "description": "The category of the configuration issue.",
          "key": "category"
        },
        {
          "type": "string",
          "name": "description",
          "displayName": "description",
          "typePropertyKind": "TYPE_EXPRESSION",
          "required": true,
          "description": "Description of the configuration issue.",
          "key": "description"
        },
        {
          "type": "integer",
          "name": "firstSeen",
          "displayName": "firstSeen",
          "typePropertyKind": "TYPE_EXPRESSION",
          "required": true,
          "description": "The first time the configuration issue was seen.",
          "key": "firstSeen"
        },
        {
          "type": "integer",
          "name": "lastTimestamp",
          "displayName": "lastTimestamp",
          "typePropertyKind": "TYPE_EXPRESSION",
          "required": true,
          "description": "The last time the configuration issue was seen.",
          "key": "lastTimestamp"
        },
        {
          "type": "string",
          "name": "severity",
          "displayName": "severity",
          "typePropertyKind": "TYPE_EXPRESSION",
          "required": true,
          "description": "The severity of the configuration issue.",
          "key": "severity"
        },
        {
          "type": "string",
          "name": "subcategory",
          "displayName": "subcategory",
          "typePropertyKind": "TYPE_EXPRESSION",
          "required": true,
          "description": "The subcategory of the configuration issue.",
          "key": "subcategory"
        },
        {
          "type": "string",
          "name": "source",
          "displayName": "source",
          "typePropertyKind": "TYPE_EXPRESSION",
          "required": true,
          "description": "The source of the configuration issue.",
          "key": "source"
        }
      ],
      "name": "configurationIssue",
      "displayName": "configurationIssue",
      "typePropertyKind": "TYPE_EXPRESSION",
      "required": true,
      "description": "Configuration issue details",
      "additionalProperties": true,
      "key": "configurationIssue"
    },
    "tenantId": {
      "type": "string",
      "name": "tenantId",
      "displayName": "tenantId",
      "typePropertyKind": "TYPE_EXPRESSION",
      "required": true,
      "description": "ID of the USMA instance which forwarded the configuration issue to USMC.",
      "examples": [
        {
          "value": "cn://fjrubio-cn.aveng.us",
          "strict": true,
          "name": null,
          "structuredValue": "cn://fjrubio-cn.aveng.us"
        }
      ],
      "key": "tenantId"
    },
    "timestamp": {
      "type": "integer",
      "name": "timestamp",
      "displayName": "timestamp",
      "typePropertyKind": "TYPE_EXPRESSION",
      "required": true,
      "description": "Epoch timestamp of when configuration issue was processed by USM Central.",
      "key": "timestamp"
    }
  }
}

vulnerabilitiesSearchRequest

Describes a search request payload.


Properties

TYPE DEFINITION

{
  "name": "vulnerabilitiesSearchRequest",
  "type": "object",
  "description": "Describes a search request payload.",
  "properties": {
    "page": {
      "type": "number",
      "name": "page",
      "displayName": "page",
      "typePropertyKind": "TYPE_EXPRESSION",
      "required": true,
      "key": "page"
    },
    "size": {
      "type": "number",
      "name": "size",
      "displayName": "size",
      "typePropertyKind": "TYPE_EXPRESSION",
      "required": true,
      "key": "size"
    },
    "find": {
      "type": "object",
      "properties": [],
      "name": "find",
      "displayName": "find",
      "typePropertyKind": "TYPE_EXPRESSION",
      "required": false,
      "key": "find"
    },
    "sort": {
      "type": "object",
      "properties": [],
      "name": "sort",
      "displayName": "sort",
      "typePropertyKind": "TYPE_EXPRESSION",
      "required": true,
      "key": "sort"
    },
    "range": {
      "type": "object",
      "properties": [],
      "name": "range",
      "displayName": "range",
      "typePropertyKind": "TYPE_EXPRESSION",
      "required": false,
      "key": "range"
    }
  }
}

vulnerabilitiesSearchResponse

Search response


Properties

TYPE DEFINITION

{
  "name": "vulnerabilitiesSearchResponse",
  "type": "object",
  "description": "Search response",
  "properties": {
    "results": {
      "type": "array",
      "items": {
        "type": "object",
        "properties": [
          {
            "type": "object",
            "properties": [
              {
                "type": "string",
                "name": "id",
                "displayName": "id",
                "typePropertyKind": "TYPE_EXPRESSION",
                "required": true,
                "description": "Unique UUID of the vulnerability.",
                "key": "id"
              },
              {
                "type": "string",
                "name": "name",
                "displayName": "name",
                "typePropertyKind": "TYPE_EXPRESSION",
                "required": true,
                "description": "Name of the asset that generated the vulnerability.",
                "key": "name"
              }
            ],
            "name": "asset",
            "displayName": "asset",
            "typePropertyKind": "TYPE_EXPRESSION",
            "required": true,
            "description": "The asset which originated the vulnerability.",
            "additionalProperties": true,
            "key": "asset"
          },
          {
            "type": "string",
            "name": "tenantId",
            "displayName": "tenantId",
            "typePropertyKind": "TYPE_EXPRESSION",
            "required": true,
            "description": "ID of the USMA instance which forwarded the vulnerability to USMC.",
            "examples": [
              {
                "value": "cn://fjrubio-cn.aveng.us",
                "strict": true,
                "name": null,
                "structuredValue": "cn://fjrubio-cn.aveng.us"
              }
            ],
            "key": "tenantId"
          },
          {
            "type": "integer",
            "name": "timestamp",
            "displayName": "timestamp",
            "typePropertyKind": "TYPE_EXPRESSION",
            "required": true,
            "description": "Epoch timestamp of when the vulnerability was processed by USM Central.",
            "key": "timestamp"
          },
          {
            "type": "object",
            "properties": [
              {
                "type": "string",
                "name": "cvssScore",
                "displayName": "cvssScore",
                "typePropertyKind": "TYPE_EXPRESSION",
                "required": true,
                "description": "CVSS score of the vulnerability.",
                "key": "cvssScore"
              },
              {
                "type": "string",
                "name": "cvssSeverity",
                "displayName": "cvssSeverity",
                "typePropertyKind": "TYPE_EXPRESSION",
                "required": true,
                "description": "Severity of the vulnerability.",
                "key": "cvssSeverity"
              },
              {
                "type": "string",
                "name": "description",
                "displayName": "description",
                "typePropertyKind": "TYPE_EXPRESSION",
                "required": true,
                "description": "Description of the vulnerability.",
                "key": "description"
              },
              {
                "type": "integer",
                "name": "firstSeen",
                "displayName": "firstSeen",
                "typePropertyKind": "TYPE_EXPRESSION",
                "required": true,
                "description": "The first time the vulnerability was seen.",
                "key": "firstSeen"
              },
              {
                "type": "integer",
                "name": "lastTimestamp",
                "displayName": "lastTimestamp",
                "typePropertyKind": "TYPE_EXPRESSION",
                "required": true,
                "description": "The last time the vulnerability was seen.",
                "key": "lastTimestamp"
              },
              {
                "type": "string",
                "name": "name",
                "displayName": "name",
                "typePropertyKind": "TYPE_EXPRESSION",
                "required": true,
                "description": "Name of the vulnerability.",
                "key": "name"
              },
              {
                "type": "string",
                "name": "source",
                "displayName": "source",
                "typePropertyKind": "TYPE_EXPRESSION",
                "required": true,
                "description": "Source of the vulnerability.",
                "key": "source"
              }
            ],
            "name": "vulnerability",
            "displayName": "vulnerability",
            "typePropertyKind": "TYPE_EXPRESSION",
            "required": true,
            "description": "Vulnerability details.",
            "additionalProperties": true,
            "key": "vulnerability"
          }
        ],
        "name": "vulnerabilityResponse",
        "displayName": "vulnerabilityResponse",
        "typePropertyKind": "TYPE_EXPRESSION",
        "description": "This object contains all information pertaining to a vulnerability.",
        "additionalProperties": true,
        "originalType": "vulnerabilityResponse"
      },
      "name": "results",
      "displayName": "results",
      "typePropertyKind": "TYPE_EXPRESSION",
      "required": true,
      "key": "results"
    },
    "total": {
      "type": "number",
      "name": "total",
      "displayName": "total",
      "typePropertyKind": "TYPE_EXPRESSION",
      "required": true,
      "description": "The total number of results found.",
      "key": "total"
    }
  }
}

vulnerabilityResponse

This object contains all information pertaining to a vulnerability.


Properties

TYPE DEFINITION

{
  "name": "vulnerabilityResponse",
  "type": "object",
  "description": "This object contains all information pertaining to a vulnerability.",
  "properties": {
    "asset": {
      "type": "object",
      "properties": [
        {
          "type": "string",
          "name": "id",
          "displayName": "id",
          "typePropertyKind": "TYPE_EXPRESSION",
          "required": true,
          "description": "Unique UUID of the vulnerability.",
          "key": "id"
        },
        {
          "type": "string",
          "name": "name",
          "displayName": "name",
          "typePropertyKind": "TYPE_EXPRESSION",
          "required": true,
          "description": "Name of the asset that generated the vulnerability.",
          "key": "name"
        }
      ],
      "name": "asset",
      "displayName": "asset",
      "typePropertyKind": "TYPE_EXPRESSION",
      "required": true,
      "description": "The asset which originated the vulnerability.",
      "additionalProperties": true,
      "key": "asset"
    },
    "tenantId": {
      "type": "string",
      "name": "tenantId",
      "displayName": "tenantId",
      "typePropertyKind": "TYPE_EXPRESSION",
      "required": true,
      "description": "ID of the USMA instance which forwarded the vulnerability to USMC.",
      "examples": [
        {
          "value": "cn://fjrubio-cn.aveng.us",
          "strict": true,
          "name": null,
          "structuredValue": "cn://fjrubio-cn.aveng.us"
        }
      ],
      "key": "tenantId"
    },
    "timestamp": {
      "type": "integer",
      "name": "timestamp",
      "displayName": "timestamp",
      "typePropertyKind": "TYPE_EXPRESSION",
      "required": true,
      "description": "Epoch timestamp of when the vulnerability was processed by USM Central.",
      "key": "timestamp"
    },
    "vulnerability": {
      "type": "object",
      "properties": [
        {
          "type": "string",
          "name": "cvssScore",
          "displayName": "cvssScore",
          "typePropertyKind": "TYPE_EXPRESSION",
          "required": true,
          "description": "CVSS score of the vulnerability.",
          "key": "cvssScore"
        },
        {
          "type": "string",
          "name": "cvssSeverity",
          "displayName": "cvssSeverity",
          "typePropertyKind": "TYPE_EXPRESSION",
          "required": true,
          "description": "Severity of the vulnerability.",
          "key": "cvssSeverity"
        },
        {
          "type": "string",
          "name": "description",
          "displayName": "description",
          "typePropertyKind": "TYPE_EXPRESSION",
          "required": true,
          "description": "Description of the vulnerability.",
          "key": "description"
        },
        {
          "type": "integer",
          "name": "firstSeen",
          "displayName": "firstSeen",
          "typePropertyKind": "TYPE_EXPRESSION",
          "required": true,
          "description": "The first time the vulnerability was seen.",
          "key": "firstSeen"
        },
        {
          "type": "integer",
          "name": "lastTimestamp",
          "displayName": "lastTimestamp",
          "typePropertyKind": "TYPE_EXPRESSION",
          "required": true,
          "description": "The last time the vulnerability was seen.",
          "key": "lastTimestamp"
        },
        {
          "type": "string",
          "name": "name",
          "displayName": "name",
          "typePropertyKind": "TYPE_EXPRESSION",
          "required": true,
          "description": "Name of the vulnerability.",
          "key": "name"
        },
        {
          "type": "string",
          "name": "source",
          "displayName": "source",
          "typePropertyKind": "TYPE_EXPRESSION",
          "required": true,
          "description": "Source of the vulnerability.",
          "key": "source"
        }
      ],
      "name": "vulnerability",
      "displayName": "vulnerability",
      "typePropertyKind": "TYPE_EXPRESSION",
      "required": true,
      "description": "Vulnerability details.",
      "additionalProperties": true,
      "key": "vulnerability"
    }
  }
}

deployment

This object contains all information pertaining to a deployment.


Properties

TYPE DEFINITION

{
  "name": "deployment",
  "type": "object",
  "description": "This object contains all information pertaining to a deployment.",
  "properties": {
    "id": {
      "type": "string",
      "name": "id",
      "displayName": "id",
      "typePropertyKind": "TYPE_EXPRESSION",
      "required": true,
      "description": "The id of the deployment."
    },
    "name": {
      "type": "string",
      "name": "name",
      "displayName": "name",
      "typePropertyKind": "TYPE_EXPRESSION",
      "required": true,
      "description": "The name of the deployment."
    },
    "displayName": {
      "type": "string",
      "name": "displayName",
      "displayName": "displayName",
      "typePropertyKind": "TYPE_EXPRESSION",
      "required": true,
      "description": "The display name of the deployment, which may have been changed from the name"
    },
    "type": {
      "type": "string",
      "name": "type",
      "displayName": "type",
      "typePropertyKind": "TYPE_EXPRESSION",
      "required": true,
      "description": "The type of deployment (USM Anywhere or USM Appliance)"
    },
    "joinedSince": {
      "type": "integer",
      "name": "joinedSince",
      "displayName": "joinedSince",
      "typePropertyKind": "TYPE_EXPRESSION",
      "required": true,
      "description": "Timestamp of when the deployment joined USM Central."
    },
    "connectionStatus": {
      "type": "string",
      "name": "connectionStatus",
      "displayName": "connectionStatus",
      "typePropertyKind": "TYPE_EXPRESSION",
      "required": true,
      "description": "The connection status of the deployment. Either notConnected, connecting, or connected."
    },
    "authorized": {
      "type": "boolean",
      "name": "authorized",
      "displayName": "authorized",
      "typePropertyKind": "TYPE_EXPRESSION",
      "required": true,
      "description": "Boolean representing if the deployment has been accepted or denied in USM Central."
    }
  }
}

deploymentsResponse

Get deployments response

TYPE DEFINITION

{
  "name": "deploymentsResponse",
  "type": "array",
  "description": "Get deployments response"
}

assetSearchRequest

Describes a search request payload.


Properties

TYPE DEFINITION

{
  "name": "assetSearchRequest",
  "type": "object",
  "description": "Describes a search request payload.",
  "properties": {
    "page": {
      "type": "number",
      "name": "page",
      "displayName": "page",
      "typePropertyKind": "TYPE_EXPRESSION",
      "required": true,
      "key": "page"
    },
    "size": {
      "type": "number",
      "name": "size",
      "displayName": "size",
      "typePropertyKind": "TYPE_EXPRESSION",
      "required": true,
      "key": "size"
    },
    "find": {
      "type": "object",
      "properties": [],
      "name": "find",
      "displayName": "find",
      "typePropertyKind": "TYPE_EXPRESSION",
      "required": false,
      "key": "find"
    },
    "sort": {
      "type": "object",
      "properties": [],
      "name": "sort",
      "displayName": "sort",
      "typePropertyKind": "TYPE_EXPRESSION",
      "required": true,
      "key": "sort"
    },
    "range": {
      "type": "object",
      "properties": [],
      "name": "range",
      "displayName": "range",
      "typePropertyKind": "TYPE_EXPRESSION",
      "required": false,
      "key": "range"
    }
  }
}

assetsSearchResponse

Search response


Properties

TYPE DEFINITION

{
  "name": "assetsSearchResponse",
  "type": "object",
  "description": "Search response",
  "properties": {
    "results": {
      "type": "array",
      "items": {
        "type": "object",
        "properties": [
          {
            "type": "object",
            "properties": [
              {
                "type": "string",
                "name": "id",
                "displayName": "id",
                "typePropertyKind": "TYPE_EXPRESSION",
                "required": true,
                "description": "ID of the asset",
                "key": "id"
              },
              {
                "type": "string",
                "name": "name",
                "displayName": "name",
                "typePropertyKind": "TYPE_EXPRESSION",
                "required": true,
                "description": "Name of the asset",
                "key": "name"
              },
              {
                "type": "string",
                "name": "active",
                "displayName": "active",
                "typePropertyKind": "TYPE_EXPRESSION",
                "required": false,
                "description": "Whether or not the asset is active",
                "key": "active"
              },
              {
                "type": "string",
                "name": "alarmCount",
                "displayName": "alarmCount",
                "typePropertyKind": "TYPE_EXPRESSION",
                "required": true,
                "description": "Number of alarms generated on the asset",
                "key": "alarmCount"
              },
              {
                "type": "string",
                "name": "configurationCount",
                "displayName": "configurationCount",
                "typePropertyKind": "TYPE_EXPRESSION",
                "required": true,
                "description": "Number of configuration issues generated on the asset",
                "key": "configurationCount"
              },
              {
                "type": "string",
                "name": "deviceType",
                "displayName": "deviceType",
                "typePropertyKind": "TYPE_EXPRESSION",
                "required": false,
                "description": "Device type of the asset",
                "key": "deviceType"
              },
              {
                "type": "string",
                "name": "logo",
                "displayName": "logo",
                "typePropertyKind": "TYPE_EXPRESSION",
                "required": false,
                "description": "Logo of the asset",
                "key": "logo"
              },
              {
                "type": "string",
                "name": "eventCount",
                "displayName": "eventCount",
                "typePropertyKind": "TYPE_EXPRESSION",
                "required": true,
                "description": "Number of events generated on the asset",
                "key": "eventCount"
              },
              {
                "type": "string",
                "name": "externalId",
                "displayName": "externalId",
                "typePropertyKind": "TYPE_EXPRESSION",
                "required": true,
                "description": "External ID of the asset",
                "key": "externalId"
              },
              {
                "type": "string",
                "name": "knownAsset",
                "displayName": "knownAsset",
                "typePropertyKind": "TYPE_EXPRESSION",
                "required": true,
                "description": "Whether or not the asset is a known asset",
                "key": "knownAsset"
              },
              {
                "type": "string",
                "name": "nmapExcludeFromScan",
                "displayName": "nmapExcludeFromScan",
                "typePropertyKind": "TYPE_EXPRESSION",
                "required": false,
                "description": "Whether or not the asset nmap is excluded from scan",
                "key": "nmapExcludeFromScan"
              },
              {
                "type": "string",
                "name": "assetOriginName",
                "displayName": "assetOriginName",
                "typePropertyKind": "TYPE_EXPRESSION",
                "required": true,
                "description": "Origin name of the asset",
                "key": "assetOriginName"
              },
              {
                "type": "string",
                "name": "operatingSystem",
                "displayName": "operatingSystem",
                "typePropertyKind": "TYPE_EXPRESSION",
                "required": false,
                "description": "Operating system of the asset",
                "key": "operatingSystem"
              },
              {
                "type": "string",
                "name": "assetOriginType",
                "displayName": "assetOriginType",
                "typePropertyKind": "TYPE_EXPRESSION",
                "required": true,
                "description": "Type of the asset origin",
                "key": "assetOriginType"
              },
              {
                "type": "string",
                "name": "assetOriginUUID",
                "displayName": "assetOriginUUID",
                "typePropertyKind": "TYPE_EXPRESSION",
                "required": true,
                "description": "UUID of the asset origin",
                "key": "assetOriginUUID"
              },
              {
                "type": "string",
                "name": "rootDeviceType",
                "displayName": "rootDeviceType",
                "typePropertyKind": "TYPE_EXPRESSION",
                "required": true,
                "description": "Type of the root device",
                "key": "rootDeviceType"
              },
              {
                "type": "string",
                "name": "vulnerabilityCount",
                "displayName": "vulnerabilityCount",
                "typePropertyKind": "TYPE_EXPRESSION",
                "required": true,
                "description": "Number of vulnerabilities generated from the asset",
                "key": "vulnerabilityCount"
              },
              {
                "type": "string",
                "name": "dateFound",
                "displayName": "dateFound",
                "typePropertyKind": "TYPE_EXPRESSION",
                "required": true,
                "description": "Date the asset was found",
                "key": "dateFound"
              },
              {
                "type": "string",
                "name": "dateCreated",
                "displayName": "dateCreated",
                "typePropertyKind": "TYPE_EXPRESSION",
                "required": true,
                "description": "Date the asset was created",
                "key": "dateCreated"
              },
              {
                "type": "string",
                "name": "dateUpdated",
                "displayName": "dateUpdated",
                "typePropertyKind": "TYPE_EXPRESSION",
                "required": true,
                "description": "Date the asset was last updated",
                "key": "dateUpdated"
              },
              {
                "type": "string",
                "name": "region",
                "displayName": "region",
                "typePropertyKind": "TYPE_EXPRESSION",
                "required": true,
                "description": "Region of the asset",
                "key": "region"
              },
              {
                "type": "string",
                "name": "hostname",
                "displayName": "hostname",
                "typePropertyKind": "TYPE_EXPRESSION",
                "required": true,
                "description": "Hostname of the asset",
                "key": "hostname"
              },
              {
                "type": "string",
                "name": "powerShellVersion",
                "displayName": "powerShellVersion",
                "typePropertyKind": "TYPE_EXPRESSION",
                "required": false,
                "description": "Powershell version of the asset",
                "key": "powerShellVersion"
              },
              {
                "type": "string",
                "name": "operatingSystemSource",
                "displayName": "operatingSystemSource",
                "typePropertyKind": "TYPE_EXPRESSION",
                "required": false,
                "description": "Source of the operating system for the asset",
                "key": "operatingSystemSource"
              },
              {
                "type": "string",
                "name": "pci",
                "displayName": "pci",
                "typePropertyKind": "TYPE_EXPRESSION",
                "required": true,
                "description": "Whether or not the asset is PCI",
                "key": "pci"
              },
              {
                "type": "string",
                "name": "hipaa",
                "displayName": "hipaa",
                "typePropertyKind": "TYPE_EXPRESSION",
                "required": true,
                "description": "Whether or not the asset is HIPAA",
                "key": "hipaa"
              }
            ],
            "name": "asset",
            "displayName": "asset",
            "typePropertyKind": "TYPE_EXPRESSION",
            "required": true,
            "description": "The asset which originated the configuration issue.",
            "additionalProperties": true,
            "key": "asset"
          },
          {
            "type": "string",
            "name": "tenantId",
            "displayName": "tenantId",
            "typePropertyKind": "TYPE_EXPRESSION",
            "required": true,
            "description": "ID of the USMA instance which forwarded the asset issue to USMC.",
            "examples": [
              {
                "value": "cn://example-anywhere.alienvault.cloud",
                "strict": true,
                "name": null,
                "structuredValue": "cn://example-anywhere.alienvault.cloud"
              }
            ],
            "key": "tenantId"
          },
          {
            "type": "integer",
            "name": "timestamp",
            "displayName": "timestamp",
            "typePropertyKind": "TYPE_EXPRESSION",
            "required": true,
            "description": "Epoch timestamp of when asset was processed by USM Central.",
            "key": "timestamp"
          }
        ],
        "name": "assetResponse",
        "displayName": "assetResponse",
        "typePropertyKind": "TYPE_EXPRESSION",
        "description": "This object contains all information pertaining to an asset",
        "additionalProperties": true,
        "originalType": "assetResponse"
      },
      "name": "results",
      "displayName": "results",
      "typePropertyKind": "TYPE_EXPRESSION",
      "required": true,
      "key": "results"
    },
    "total": {
      "type": "number",
      "name": "total",
      "displayName": "total",
      "typePropertyKind": "TYPE_EXPRESSION",
      "required": true,
      "description": "The total number of results found.",
      "key": "total"
    }
  }
}

assetResponse

This object contains all information pertaining to an asset


Properties

TYPE DEFINITION

{
  "name": "assetResponse",
  "type": "object",
  "description": "This object contains all information pertaining to an asset",
  "properties": {
    "asset": {
      "type": "object",
      "properties": {
        "id": {
          "type": "string",
          "name": "id",
          "displayName": "id",
          "typePropertyKind": "TYPE_EXPRESSION",
          "required": true,
          "description": "ID of the asset"
        },
        "name": {
          "type": "string",
          "name": "name",
          "displayName": "name",
          "typePropertyKind": "TYPE_EXPRESSION",
          "required": true,
          "description": "Name of the asset"
        },
        "active": {
          "type": "string",
          "name": "active",
          "displayName": "active",
          "typePropertyKind": "TYPE_EXPRESSION",
          "required": false,
          "description": "Whether or not the asset is active"
        },
        "alarmCount": {
          "type": "string",
          "name": "alarmCount",
          "displayName": "alarmCount",
          "typePropertyKind": "TYPE_EXPRESSION",
          "required": true,
          "description": "Number of alarms generated on the asset"
        },
        "configurationCount": {
          "type": "string",
          "name": "configurationCount",
          "displayName": "configurationCount",
          "typePropertyKind": "TYPE_EXPRESSION",
          "required": true,
          "description": "Number of configuration issues generated on the asset"
        },
        "deviceType": {
          "type": "string",
          "name": "deviceType",
          "displayName": "deviceType",
          "typePropertyKind": "TYPE_EXPRESSION",
          "required": false,
          "description": "Device type of the asset"
        },
        "logo": {
          "type": "string",
          "name": "logo",
          "displayName": "logo",
          "typePropertyKind": "TYPE_EXPRESSION",
          "required": false,
          "description": "Logo of the asset"
        },
        "eventCount": {
          "type": "string",
          "name": "eventCount",
          "displayName": "eventCount",
          "typePropertyKind": "TYPE_EXPRESSION",
          "required": true,
          "description": "Number of events generated on the asset"
        },
        "externalId": {
          "type": "string",
          "name": "externalId",
          "displayName": "externalId",
          "typePropertyKind": "TYPE_EXPRESSION",
          "required": true,
          "description": "External ID of the asset"
        },
        "knownAsset": {
          "type": "string",
          "name": "knownAsset",
          "displayName": "knownAsset",
          "typePropertyKind": "TYPE_EXPRESSION",
          "required": true,
          "description": "Whether or not the asset is a known asset"
        },
        "nmapExcludeFromScan": {
          "type": "string",
          "name": "nmapExcludeFromScan",
          "displayName": "nmapExcludeFromScan",
          "typePropertyKind": "TYPE_EXPRESSION",
          "required": false,
          "description": "Whether or not the asset nmap is excluded from scan"
        },
        "assetOriginName": {
          "type": "string",
          "name": "assetOriginName",
          "displayName": "assetOriginName",
          "typePropertyKind": "TYPE_EXPRESSION",
          "required": true,
          "description": "Origin name of the asset"
        },
        "operatingSystem": {
          "type": "string",
          "name": "operatingSystem",
          "displayName": "operatingSystem",
          "typePropertyKind": "TYPE_EXPRESSION",
          "required": false,
          "description": "Operating system of the asset"
        },
        "assetOriginType": {
          "type": "string",
          "name": "assetOriginType",
          "displayName": "assetOriginType",
          "typePropertyKind": "TYPE_EXPRESSION",
          "required": true,
          "description": "Type of the asset origin"
        },
        "assetOriginUUID": {
          "type": "string",
          "name": "assetOriginUUID",
          "displayName": "assetOriginUUID",
          "typePropertyKind": "TYPE_EXPRESSION",
          "required": true,
          "description": "UUID of the asset origin"
        },
        "rootDeviceType": {
          "type": "string",
          "name": "rootDeviceType",
          "displayName": "rootDeviceType",
          "typePropertyKind": "TYPE_EXPRESSION",
          "required": true,
          "description": "Type of the root device"
        },
        "vulnerabilityCount": {
          "type": "string",
          "name": "vulnerabilityCount",
          "displayName": "vulnerabilityCount",
          "typePropertyKind": "TYPE_EXPRESSION",
          "required": true,
          "description": "Number of vulnerabilities generated from the asset"
        },
        "dateFound": {
          "type": "string",
          "name": "dateFound",
          "displayName": "dateFound",
          "typePropertyKind": "TYPE_EXPRESSION",
          "required": true,
          "description": "Date the asset was found"
        },
        "dateCreated": {
          "type": "string",
          "name": "dateCreated",
          "displayName": "dateCreated",
          "typePropertyKind": "TYPE_EXPRESSION",
          "required": true,
          "description": "Date the asset was created"
        },
        "dateUpdated": {
          "type": "string",
          "name": "dateUpdated",
          "displayName": "dateUpdated",
          "typePropertyKind": "TYPE_EXPRESSION",
          "required": true,
          "description": "Date the asset was last updated"
        },
        "region": {
          "type": "string",
          "name": "region",
          "displayName": "region",
          "typePropertyKind": "TYPE_EXPRESSION",
          "required": true,
          "description": "Region of the asset"
        },
        "hostname": {
          "type": "string",
          "name": "hostname",
          "displayName": "hostname",
          "typePropertyKind": "TYPE_EXPRESSION",
          "required": true,
          "description": "Hostname of the asset"
        },
        "powerShellVersion": {
          "type": "string",
          "name": "powerShellVersion",
          "displayName": "powerShellVersion",
          "typePropertyKind": "TYPE_EXPRESSION",
          "required": false,
          "description": "Powershell version of the asset"
        },
        "operatingSystemSource": {
          "type": "string",
          "name": "operatingSystemSource",
          "displayName": "operatingSystemSource",
          "typePropertyKind": "TYPE_EXPRESSION",
          "required": false,
          "description": "Source of the operating system for the asset"
        },
        "pci": {
          "type": "string",
          "name": "pci",
          "displayName": "pci",
          "typePropertyKind": "TYPE_EXPRESSION",
          "required": true,
          "description": "Whether or not the asset is PCI"
        },
        "hipaa": {
          "type": "string",
          "name": "hipaa",
          "displayName": "hipaa",
          "typePropertyKind": "TYPE_EXPRESSION",
          "required": true,
          "description": "Whether or not the asset is HIPAA"
        }
      },
      "name": "asset",
      "displayName": "asset",
      "typePropertyKind": "TYPE_EXPRESSION",
      "required": true,
      "description": "The asset which originated the configuration issue.",
      "additionalProperties": true
    },
    "tenantId": {
      "type": "string",
      "name": "tenantId",
      "displayName": "tenantId",
      "typePropertyKind": "TYPE_EXPRESSION",
      "required": true,
      "description": "ID of the USMA instance which forwarded the asset issue to USMC.",
      "examples": [
        {
          "value": "cn://example-anywhere.alienvault.cloud",
          "strict": true,
          "name": null,
          "structuredValue": "cn://example-anywhere.alienvault.cloud"
        }
      ]
    },
    "timestamp": {
      "type": "integer",
      "name": "timestamp",
      "displayName": "timestamp",
      "typePropertyKind": "TYPE_EXPRESSION",
      "required": true,
      "description": "Epoch timestamp of when asset was processed by USM Central."
    }
  }
}

/oauth

Endpoints for OAuth 2.0 functionality


/token post

POST: /oauth/token (secured)

Generate a token using your base64 encoded client ID and secret pair.


Header Parameters

Authorization
Base 64 encoded, colon deliminated pair of client_id and secret.

PropertyValue
requiredtrue
typestring

Query Parameters

grant_type
Grant type desired

PropertyValue
requiredtrue
typestring
oneOfclient_credentials
examplesclient_credentials

Possible Responses

200, 401


/token post

CURL EXAMPLE

curl -X POST "https://your-subdomain.alienvault.cloud/api/1.1/oauth/token?grant_type=client_credentials" \
	-d @request_body \
	--user username:password

RESPONSE BODY

{
  "access_token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ.SflKxwRJSMeKKF2QT4fwpMeJf36POk6yJV_adQssw5c",
  "token_type": "bearer",
  "expires_in": 5042
}
Type
object

/alarms

Endpoints for managing and searching alarm messages


/search post

POST: /alarms/search (secured)

Search for alarms


Header Parameters

Authorization
JSON Web Token containing user authorization information for USMC endpoints.

PropertyValue
requiredtrue
typestring

Possible Responses

200


/search post

CURL EXAMPLE

curl -X POST "https://your-subdomain.alienvault.cloud/api/1.1/alarms/search" \
	-H "Authorization: Bearer string" \
	-d @request_body

REQUEST BODY

{
  "page": 1,
  "size": 20,
  "find": {
    "alarm.suppressed": [
      "false"
    ]
  },
  "sort": {
    "alarm.timestamp_occured": "desc"
  },
  "range": {
    "alarm.timestamp_occured": {
      "gte": "now-7d",
      "lte": "now",
      "timeZone": "-0500"
    }
  }
}
Type
object

RESPONSE BODY

{
  "results": [
    {
      "alarm": {
        "rule_intent": "Environmental Awareness",
        "app_type": "amazon-aws",
        "alarm_sensor_sources": [
          "2968789b-aed4-443a-8626-16d8b4f62025"
        ],
        "source_username": "example-role",
        "destination_name": "iam.amazonaws.com",
        "rule_dictionary": "AWSRules-Dict",
        "timestamp_occured": "1519322522000",
        "uuid": "a7c06079-b329-6b63-ee85-1c1b024079a4",
        "authentication_type": "AssumedRole",
        "needs_enrichment": true,
        "event_type": "AwsApiCall",
        "rule_method": "AWS IAM Role Access Failure",
        "priority_label": "low",
        "suppressed": "false",
        "app_id": "amazon-aws",
        "has_alarm": "false",
        "number_of_events": 1.0,
        "source_name": "ip-10-251-50-12.ec2.internal",
        "timestamp_received": "1519323330758",
        "error_message": "User: arn:aws:sts::398778306028:assumed-role/example-role/i-03a923355e5aa1da3 is not authorized to perform: iam:ListAccountAliases on resource: *",
        "source_asset_id": "87eb0b90-338b-4ff4-b56a-18b9693dc5da",
        "alarm_destination_zones": [
          "us-east-1"
        ],
        "rule_strategy": "Anomalous Access Failure",
        "packet_data": [
          "f5e69126-dc89-6691-e2e7-6db03905830d"
        ],
        "alarm_sources": [
          "87eb0b90-338b-4ff4-b56a-18b9693dc5da"
        ],
        "alarm_labels": [
          "87eb0b90-338b-4ff4-b56a-18b9693dc5da"
        ],
        "alarm_destinations": [
          "iam.amazonaws.com"
        ],
        "highlight_fields": [
          "event_name",
          "source_username",
          "authentication_type",
          "event_action",
          "error_message",
          "event_type"
        ],
        "alarm_source_names": [
          "ip-10-251-50-12.ec2.internal"
        ],
        "priority": "20",
        "rule_id": "AWSPermissionFailureAssumedRole",
        "event_action": "Read",
        "sensor_uuid": "2574110e-1f5b-4ac5-85be-e86fd1789fe8",
        "alarm_destination_names": [
          "iam.amazonaws.com"
        ],
        "transient": false,
        "alarm_source_asset_ids": [
          "87eb0b90-338b-4ff4-b56a-18b9693dc5da"
        ],
        "event_name": "View account aliases",
        "packet_type": "alarm",
        "status": "Open"
      },
      "events": [
        {
          "was_fuzzied": false,
          "access_control_outcome": "Deny",
          "app_type": "amazon-aws",
          "timestamp_occured": "1519322522000",
          "authentication_type": "AssumedRole",
          "customfield_0": "i-03a923355e5aa1da3",
          "uuid": "f5e69126-dc89-6691-e2e7-6db03905830d",
          "event_type": "AwsApiCall",
          "used_hint": false,
          "app_id": "amazon-aws",
          "was_guessed": false,
          "timestamp_received": "1519323318542",
          "destination_infrastructure_type": "Cloud Service",
          "error_message": "User: arn:aws:sts::398778306028:assumed-role/example-role/i-03a923355e5aa1da3 is not authorized to perform: iam:ListAccountAliases on resource: *",
          "source_asset_id": "87eb0b90-338b-4ff4-b56a-18b9693dc5da",
          "timestamp_received_iso8601": "2018-02-22T18:15:18.542Z",
          "destination_userid": "398778306028",
          "sensor_uuid": "2968789b-aed4-443a-8626-16d8b4f62025",
          "transient": false,
          "rep_device_rule_id": "930e74dc-25cc-4fcc-82c6-428f15b40a93",
          "event_name": "View account aliases",
          "error_code": "AccessDenied",
          "event_description_url": "http://docs.aws.amazon.com/IAM/latest/APIReference/API_ListAccountAliases.html",
          "source_canonical": "87eb0b90-338b-4ff4-b56a-18b9693dc5da",
          "packet_type": "log",
          "plugin_version": "0.18",
          "log": "{\"eventVersion\":\"1.02\",\"userIdentity\":{\"type\":\"AssumedRole\"}}",
          "source_username": "example-role",
          "event_description": "Lists the account aliases associated with the account. For information about using an AWS account alias seeUsing an Alias for Your AWS Account IDin theUsing IAMguide.",
          "destination_name": "iam.amazonaws.com",
          "source_userid": "398778306028",
          "needs_enrichment": true,
          "received_from": "iam.amazonaws.com",
          "destination_hostname": "iam.amazonaws.com",
          "source_address": "192.0.2.0",
          "source_fqdn": "ip-10-251-50-12.ec2.internal",
          "account_name": "aws-example-account",
          "suppressed": "false",
          "has_alarm": "false",
          "plugin_device_type": "Cloud Infrastructure",
          "source_name": "ip-10-251-50-12.ec2.internal",
          "destination_canonical": "iam.amazonaws.com",
          "destination_address": "192.0.2.0",
          "plugin_device": "CloudTrail",
          "destination_zone": "us-east-1",
          "customheader_0": "Assumed Role Username or ID",
          "highlight_fields": [
            "event_description",
            "event_description_url",
            "access_control_outcome",
            "error_code",
            "error_message",
            "event_action",
            "source_username",
            "source_instance_id",
            "file_name",
            "user_resource",
            "dns_rrname",
            "destination_username",
            "destination_user_group",
            "user_role"
          ],
          "request_user_agent": "Boto3/1.5.34 Python/2.7.13 Linux/4.4.0-1035-aws Botocore/1.8.48",
          "app_name": "amazon-aws",
          "event_action": "Read",
          "account_id": "398778306028",
          "timestamp_occured_iso8601": "2018-02-22T18:02:02.000Z",
          "destination_infrastructure_name": "Amazon Internal Infrastructure - us-east-1",
          "plugin": "Amazon AWS CloudTrail",
          "rep_device_version": "1.02",
          "source_hostname": "ip-10-251-50-12.ec2.internal",
          "sensor_name": "2968789b-aed4-443a-8626-16d8b4f62025"
        }
      ],
      "assets": [
        {
          "id": "87eb0b90-338b-4ff4-b56a-18b9693dc5da",
          "name": "dev-usm-saas-admin-ecs-cluster-instance",
          "url": null,
          "ip_addresses": [
          ],
          "fqdn": null,
          "operating_system": null,
          "country": null,
          "latitude": null,
          "longitude": null
        }
      ],
      "tenantId": "cn://foobar-usma-xxx.aveng.us",
      "timestamp": 1519323330789
    },
    {
      "alarm": {
        "rule_intent": "Environmental Awareness",
        "app_type": "amazon-aws",
        "alarm_sensor_sources": [
          "2968789b-aed4-443a-8626-16d8b4f62025"
        ],
        "source_username": "example-role",
        "destination_name": "iam.amazonaws.com",
        "rule_dictionary": "AWSRules-Dict",
        "account_id": "398778306028",
        "timestamp_occured": "1519322522000",
        "uuid": "a7c06079-b329-6b63-ee85-1c1b024079a45",
        "authentication_type": "AssumedRole",
        "needs_enrichment": true,
        "event_type": "AwsApiCall",
        "rule_method": "AWS IAM Role Access Failure",
        "priority_label": "low",
        "suppressed": "false",
        "app_id": "amazon-aws",
        "has_alarm": "false",
        "number_of_events": 1.0,
        "source_name": "ip-10-251-50-12.ec2.internal",
        "timestamp_received": "1519323330758",
        "error_message": "User: arn:aws:sts::398778306028:assumed-role/example-role/i-03a923355e5aa1da3 is not authorized to perform: iam:ListAccountAliases on resource: *",
        "source_asset_id": "87eb0b90-338b-4ff4-b56a-18b9693dc5da",
        "alarm_destination_zones": [
          "us-east-1"
        ],
        "rule_strategy": "Anomalous Access Failure",
        "packet_data": [
          "f5e69126-dc89-6691-e2e7-6db03905830d"
        ],
        "alarm_sources": [
          "87eb0b90-338b-4ff4-b56a-18b9693dc5da"
        ],
        "alarm_labels": [
          "87eb0b90-338b-4ff4-b56a-18b9693dc5da"
        ],
        "alarm_destinations": [
          "iam.amazonaws.com"
        ],
        "highlight_fields": [
          "event_name",
          "source_username",
          "authentication_type",
          "event_action",
          "error_message",
          "event_type"
        ],
        "alarm_source_names": [
          "ip-10-251-50-12.ec2.internal"
        ],
        "priority": "20",
        "rule_id": "AWSPermissionFailureAssumedRole",
        "event_action": "Read",
        "sensor_uuid": "2574110e-1f5b-4ac5-85be-e86fd1789fe8",
        "alarm_destination_names": [
          "iam.amazonaws.com"
        ],
        "transient": false,
        "alarm_source_asset_ids": [
          "87eb0b90-338b-4ff4-b56a-18b9693dc5da"
        ],
        "event_name": "View account aliases",
        "packet_type": "alarm",
        "status": "Open"
      },
      "events": [
        {
          "was_fuzzied": false,
          "access_control_outcome": "Deny",
          "app_type": "amazon-aws",
          "timestamp_occured": "1519322522000",
          "authentication_type": "AssumedRole",
          "customfield_0": "i-03a923355e5aa1da3",
          "uuid": "f5e69126-dc89-6691-e2e7-6db03905830d",
          "event_type": "AwsApiCall",
          "used_hint": false,
          "app_id": "amazon-aws",
          "was_guessed": false,
          "timestamp_received": "1519323318542",
          "destination_infrastructure_type": "Cloud Service",
          "error_message": "User: arn:aws:sts::398778306028:assumed-role/example-role/i-03a923355e5aa1da3 is not authorized to perform: iam:ListAccountAliases on resource: *",
          "source_asset_id": "87eb0b90-338b-4ff4-b56a-18b9693dc5da",
          "timestamp_received_iso8601": "2018-02-22T18:15:18.542Z",
          "destination_userid": "398778306028",
          "sensor_uuid": "2968789b-aed4-443a-8626-16d8b4f62025",
          "transient": false,
          "rep_device_rule_id": "930e74dc-25cc-4fcc-82c6-428f15b40a93",
          "event_name": "View account aliases",
          "error_code": "AccessDenied",
          "event_description_url": "http://docs.aws.amazon.com/IAM/latest/APIReference/API_ListAccountAliases.html",
          "source_canonical": "87eb0b90-338b-4ff4-b56a-18b9693dc5da",
          "packet_type": "log",
          "plugin_version": "0.18",
          "log": "{\"eventVersion\":\"1.02\",\"userIdentity\":{\"type\":\"AssumedRole\"}}",
          "source_username": "example-role",
          "event_description": "Lists the account aliases associated with the account. For information about using an AWS account alias seeUsing an Alias for Your AWS Account IDin theUsing IAMguide.",
          "destination_name": "iam.amazonaws.com",
          "source_userid": "398778306028",
          "needs_enrichment": true,
          "received_from": "iam.amazonaws.com",
          "destination_hostname": "iam.amazonaws.com",
          "source_address": "192.0.2.0",
          "source_fqdn": "ip-10-251-50-12.ec2.internal",
          "account_name": "aws-example-account",
          "suppressed": "false",
          "has_alarm": "false",
          "plugin_device_type": "Cloud Infrastructure",
          "source_name": "ip-10-251-50-12.ec2.internal",
          "destination_canonical": "iam.amazonaws.com",
          "destination_address": "192.0.2.0",
          "plugin_device": "CloudTrail",
          "destination_zone": "us-east-1",
          "customheader_0": "Assumed Role Username or ID",
          "highlight_fields": [
            "event_description",
            "event_description_url",
            "access_control_outcome",
            "error_code",
            "error_message",
            "event_action",
            "source_username",
            "source_instance_id",
            "file_name",
            "user_resource",
            "dns_rrname",
            "destination_username",
            "destination_user_group",
            "user_role"
          ],
          "request_user_agent": "Boto3/1.5.34 Python/2.7.13 Linux/4.4.0-1035-aws Botocore/1.8.48",
          "app_name": "amazon-aws",
          "event_action": "Read",
          "account_id": "398778306028",
          "timestamp_occured_iso8601": "2018-02-22T18:02:02.000Z",
          "destination_infrastructure_name": "Amazon Internal Infrastructure - us-east-1",
          "plugin": "Amazon AWS CloudTrail",
          "rep_device_version": "1.02",
          "source_hostname": "ip-10-251-50-12.ec2.internal",
          "sensor_name": "2968789b-aed4-443a-8626-16d8b4f62025"
        }
      ],
      "assets": [
        {
          "id": "87eb0b90-338b-4ff4-b56a-18b9693dc5da",
          "name": "dev-usm-saas-admin-ecs-cluster-instance",
          "url": null,
          "ip_addresses": [
          ],
          "fqdn": null,
          "operating_system": null,
          "country": null,
          "latitude": null,
          "longitude": null
        }
      ],
      "tenantId": "cn://foobar-usma-xxx.aveng.us",
      "timestamp": 1519323330789
    }
  ],
  "total": 2
}
Type
object


/{alarmId} get

GET: /alarms/{alarmId} (secured)

Get an alarm by ID (UUID)


URI Parameters

alarmId
An alarm's ID (UUID)

PropertyValue
requiredtrue
typestring
examplesa7c06079-b329-6b63-ee85-1c1b024079a4

Header Parameters

Authorization
JSON Web Token containing user authorization information for USMC endpoints.

PropertyValue
requiredtrue
typestring

Possible Responses

200, 404


/{alarmId} get

CURL EXAMPLE

curl -X GET "https://your-subdomain.alienvault.cloud/api/1.1/alarms/{alarmId}" \
	-H "Authorization: Bearer string"

RESPONSE BODY

{
  "alarm": {
    "rule_intent": "Environmental Awareness",
    "app_type": "amazon-aws",
    "alarm_sensor_sources": [
      "2968789b-aed4-443a-8626-16d8b4f62025"
    ],
    "source_username": "example-role",
    "destination_name": "iam.amazonaws.com",
    "rule_dictionary": "AWSRules-Dict",
    "timestamp_occured": "1519322522000",
    "uuid": "a7c06079-b329-6b63-ee85-1c1b024079a4",
    "authentication_type": "AssumedRole",
    "needs_enrichment": true,
    "event_type": "AwsApiCall",
    "rule_method": "AWS IAM Role Access Failure",
    "priority_label": "low",
    "suppressed": "false",
    "app_id": "amazon-aws",
    "has_alarm": "false",
    "number_of_events": 1.0,
    "source_name": "ip-10-251-50-12.ec2.internal",
    "timestamp_received": "1519323330758",
    "error_message": "User: arn:aws:sts::398778306028:assumed-role/example-role/i-03a923355e5aa1da3 is not authorized to perform: iam:ListAccountAliases on resource: *",
    "source_asset_id": "87eb0b90-338b-4ff4-b56a-18b9693dc5da",
    "alarm_destination_zones": [
      "us-east-1"
    ],
    "rule_strategy": "Anomalous Access Failure",
    "packet_data": [
      "f5e69126-dc89-6691-e2e7-6db03905830d"
    ],
    "alarm_sources": [
      "87eb0b90-338b-4ff4-b56a-18b9693dc5da"
    ],
    "alarm_labels": [
      "87eb0b90-338b-4ff4-b56a-18b9693dc5da"
    ],
    "alarm_destinations": [
      "iam.amazonaws.com"
    ],
    "highlight_fields": [
      "event_name",
      "source_username",
      "authentication_type",
      "event_action",
      "error_message",
      "event_type"
    ],
    "alarm_source_names": [
      "ip-10-251-50-12.ec2.internal"
    ],
    "priority": "20",
    "rule_id": "AWSPermissionFailureAssumedRole",
    "event_action": "Read",
    "sensor_uuid": "2574110e-1f5b-4ac5-85be-e86fd1789fe8",
    "alarm_destination_names": [
      "iam.amazonaws.com"
    ],
    "transient": false,
    "alarm_source_asset_ids": [
      "87eb0b90-338b-4ff4-b56a-18b9693dc5da"
    ],
    "event_name": "View account aliases",
    "packet_type": "alarm",
    "status": "Open"
  },
  "events": [
    {
      "was_fuzzied": false,
      "access_control_outcome": "Deny",
      "app_type": "amazon-aws",
      "timestamp_occured": "1519322522000",
      "authentication_type": "AssumedRole",
      "customfield_0": "i-03a923355e5aa1da3",
      "uuid": "f5e69126-dc89-6691-e2e7-6db03905830d",
      "event_type": "AwsApiCall",
      "used_hint": false,
      "app_id": "amazon-aws",
      "was_guessed": false,
      "timestamp_received": "1519323318542",
      "destination_infrastructure_type": "Cloud Service",
      "error_message": "User: arn:aws:sts::398778306028:assumed-role/example-role/i-03a923355e5aa1da3 is not authorized to perform: iam:ListAccountAliases on resource: *",
      "source_asset_id": "87eb0b90-338b-4ff4-b56a-18b9693dc5da",
      "timestamp_received_iso8601": "2018-02-22T18:15:18.542Z",
      "destination_userid": "398778306028",
      "sensor_uuid": "2968789b-aed4-443a-8626-16d8b4f62025",
      "transient": false,
      "rep_device_rule_id": "930e74dc-25cc-4fcc-82c6-428f15b40a93",
      "event_name": "View account aliases",
      "error_code": "AccessDenied",
      "event_description_url": "http://docs.aws.amazon.com/IAM/latest/APIReference/API_ListAccountAliases.html",
      "source_canonical": "87eb0b90-338b-4ff4-b56a-18b9693dc5da",
      "packet_type": "log",
      "plugin_version": "0.18",
      "log": "{\"eventVersion\":\"1.02\",\"userIdentity\":{\"type\":\"AssumedRole\"}}",
      "source_username": "example-role",
      "event_description": "Lists the account aliases associated with the account. For information about using an AWS account alias seeUsing an Alias for Your AWS Account IDin theUsing IAMguide.",
      "destination_name": "iam.amazonaws.com",
      "source_userid": "398778306028",
      "needs_enrichment": true,
      "received_from": "iam.amazonaws.com",
      "destination_hostname": "iam.amazonaws.com",
      "source_address": "192.0.2.0",
      "source_fqdn": "ip-10-251-50-12.ec2.internal",
      "account_name": "aws-example-account",
      "suppressed": "false",
      "has_alarm": "false",
      "plugin_device_type": "Cloud Infrastructure",
      "source_name": "ip-10-251-50-12.ec2.internal",
      "destination_canonical": "iam.amazonaws.com",
      "destination_address": "192.0.2.0",
      "plugin_device": "CloudTrail",
      "destination_zone": "us-east-1",
      "customheader_0": "Assumed Role Username or ID",
      "highlight_fields": [
        "event_description",
        "event_description_url",
        "access_control_outcome",
        "error_code",
        "error_message",
        "event_action",
        "source_username",
        "source_instance_id",
        "file_name",
        "user_resource",
        "dns_rrname",
        "destination_username",
        "destination_user_group",
        "user_role"
      ],
      "request_user_agent": "Boto3/1.5.34 Python/2.7.13 Linux/4.4.0-1035-aws Botocore/1.8.48",
      "app_name": "amazon-aws",
      "event_action": "Read",
      "account_id": "398778306028",
      "timestamp_occured_iso8601": "2018-02-22T18:02:02.000Z",
      "destination_infrastructure_name": "Amazon Internal Infrastructure - us-east-1",
      "plugin": "Amazon AWS CloudTrail",
      "rep_device_version": "1.02",
      "source_hostname": "ip-10-251-50-12.ec2.internal",
      "sensor_name": "2968789b-aed4-443a-8626-16d8b4f62025"
    }
  ],
  "assets": [
    {
      "id": "87eb0b90-338b-4ff4-b56a-18b9693dc5da",
      "name": "ecs-instance",
      "url": null,
      "ip_addresses": [
      ],
      "fqdn": null,
      "operating_system": null,
      "country": null,
      "latitude": null,
      "longitude": null
    }
  ],
  "tenantId": "cn://foobar-usma-xxx.aveng.us",
  "timestamp": 1519323330789
}
Type
object

/configurationIssues

Endpoints for managing and searching configuration issues


/search post

POST: /configurationIssues/search (secured)

Search for configuration issues


Header Parameters

Authorization
JSON Web Token containing user authorization information for USMC endpoints.

PropertyValue
requiredtrue
typestring

Possible Responses

200


/search post

CURL EXAMPLE

curl -X POST "https://your-subdomain.alienvault.cloud/api/1.1/configurationIssues/search" \
	-H "Authorization: Bearer string" \
	-d @request_body

REQUEST BODY

{
  "page": 1,
  "size": 20,
  "find": {
    "configurationIssue.isValid": [
      "true"
    ]
  },
  "sort": {
    "configurationIssue.lastTimestamp": "desc"
  },
  "range": {
    "configurationIssue.lastTimestamp": {
      "gte": "now-7d",
      "lte": "now",
      "timeZone": "-0500"
    }
  }
}
Type
object

RESPONSE BODY

{
  "results": [
    {
      "asset": {
        "id": "846a0756-783e-4db2-9dff-bce2bf17c8b9",
        "name": "example-asset"
      },
      "configurationIssue": {
        "category": "Global access to administration port",
        "description": "Global access to the SSH port has been defined within this security group. This should be restricted to the IP Range of the company.",
        "firstSeen": 1534866015889,
        "lastTimestamp": 1537818025626,
        "severity": "Low",
        "source": "amazon-aws",
        "subcategory": "SSH"
      },
      "tenantId": "cn://foobar-usma-xxx.aveng.us",
      "timestamp": 1537818026237
    }
  ],
  "total": 130
}
Type
object


/{configurationIssueId} get

GET: /configurationIssues/{configurationIssueId} (secured)

Get a configuration issue by ID (UUID)


URI Parameters

configurationIssueId
A configuration issue's ID (UUID)

PropertyValue
requiredtrue
typestring
examplesa7c06079-b329-6b63-ee85-1c1b024079a4

Header Parameters

Authorization
JSON Web Token containing user authorization information for USMC endpoints.

PropertyValue
requiredtrue
typestring

Possible Responses

200, 404


/{configurationIssueId} get

CURL EXAMPLE

curl -X GET "https://your-subdomain.alienvault.cloud/api/1.1/configurationIssues/{configurationIssueId}" \
	-H "Authorization: Bearer string"

RESPONSE BODY

{
  "asset": {
    "id": "846a0756-783e-4db2-9dff-bce2bf17c8b9",
    "name": "example-asset"
  },
  "configurationIssue": {
    "category": "Global access to administration port",
    "description": "Global access to the SSH port has been defined within this security group. This should be restricted to the IP Range of the company.",
    "firstSeen": 1534866015889,
    "lastTimestamp": 1537818025626,
    "severity": "Low",
    "source": "amazon-aws",
    "subcategory": "SSH"
  },
  "tenantId": "cn://foobar-usma-xxx.aveng.us",
  "timestamp": 1537818026237
}
Type
object

/vulnerabilities

Endpoints for managing and searching vulnerabilities


/search post

POST: /vulnerabilities/search (secured)

Search for vulnerabilities


Header Parameters

Authorization
JSON Web Token containing user authorization information for USMC endpoints.

PropertyValue
requiredtrue
typestring

Possible Responses

200


/search post

CURL EXAMPLE

curl -X POST "https://your-subdomain.alienvault.cloud/api/1.1/vulnerabilities/search" \
	-H "Authorization: Bearer string" \
	-d @request_body

REQUEST BODY

{
  "page": 1,
  "size": 20,
  "find": {
    "vulnerability.isValid": [
      "false"
    ]
  },
  "sort": {
    "vulnerability.lastTimestamp": "desc"
  },
  "range": {
    "vulnerability.lastTimestamp": {
      "gte": "now-7d",
      "lte": "now",
      "timeZone": "-0500"
    }
  }
}
Type
object

RESPONSE BODY

{
  "results": [
    {
      "asset": {
        "id": "a3e72bef-278c-4579-bd62-56958ab0fb13",
        "name": "example-asset"
      },
      "vulnerability": {
        "name": "RHSA-2018:0008-01 -- Redhat kernel, perf",
        "firstSeen": 1537805109678,
        "lastTimestamp": 1537805109678,
        "source": "joval",
        "description": "The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of instructions . There are three primary variants of the issue which differ in the way the speculative execution can be exploited. Note: This issue is present in hardware and cannot be fully fixed via software update. The updated kernel packages provide software mitigation for this hardware issue at a cost of potential performance penalty. Please refer to References section for further information about this issue and the performance impact. In this update mitigations for x86-64 architecture are provided. Variant CVE-2017-5753 triggers the speculative execution by performing a bounds-check bypass. It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory accesses may cause allocation into the microprocessor\"s data cache even for speculatively executed instructions that never actually commit . As a result, an unprivileged attacker could use this flaw to cross the syscall boundary and read privileged memory by conducting targeted cache side-channel attacks.  Variant CVE-2017-5715 triggers the speculative execution by utilizing branch target injection. It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory accesses may cause allocation into the microprocessor\"s data cache even for speculatively executed instructions that never actually commit . As a result, an unprivileged attacker could use this flaw to cross the syscall and guest/host boundaries and read privileged memory by conducting targeted cache side-channel attacks.  Variant CVE-2017-5754 relies on the fact that, on impacted microprocessors, during speculative execution of instruction permission faults, exception generation triggered by a faulting access is suppressed until the retirement of the whole instruction block. In a combination with the fact that memory accesses may populate the cache even when the block is being dropped and never committed , an unprivileged local attacker could use this flaw to read privileged  memory by conducting targeted cache side-channel attacks.  Note: CVE-2017-5754 affects Intel x86-64 microprocessors. AMD x86-64 microprocessors are not affected by this issue. Red Hat would like to thank Google Project Zero for reporting these issues",
        "cvssScore": "0",
        "cvssSeverity": "Low"
      },
      "tenantId": "cn://foobar-usma-xxx.aveng.us",
      "timestamp": 1537805110453
    }
  ],
  "total": 5
}
Type
object


/{vulnerabilityId} get

GET: /vulnerabilities/{vulnerabilityId} (secured)

Get a vulnerability by ID (UUID)


URI Parameters

vulnerabilityId
A vulnerabilities ID (UUID)

PropertyValue
requiredtrue
typestring
examplesa7c06079-b329-6b63-ee85-1c1b024079a4

Header Parameters

Authorization
JSON Web Token containing user authorization information for USMC endpoints.

PropertyValue
requiredtrue
typestring

Possible Responses

200, 404


/{vulnerabilityId} get

CURL EXAMPLE

curl -X GET "https://your-subdomain.alienvault.cloud/api/1.1/vulnerabilities/{vulnerabilityId}" \
	-H "Authorization: Bearer string"

RESPONSE BODY

{
  "asset": {
    "id": "a3e72bef-278c-4579-bd62-56958ab0fb13",
    "name": "example-asset"
  },
  "vulnerability": {
    "name": "RHSA-2018:0008-01 -- Redhat kernel, perf",
    "firstSeen": 1537805109678,
    "lastTimestamp": 1537805109678,
    "source": "joval",
    "description": "The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of instructions . There are three primary variants of the issue which differ in the way the speculative execution can be exploited. Note: This issue is present in hardware and cannot be fully fixed via software update. The updated kernel packages provide software mitigation for this hardware issue at a cost of potential performance penalty. Please refer to References section for further information about this issue and the performance impact. In this update mitigations for x86-64 architecture are provided. Variant CVE-2017-5753 triggers the speculative execution by performing a bounds-check bypass. It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory accesses may cause allocation into the microprocessor\"s data cache even for speculatively executed instructions that never actually commit . As a result, an unprivileged attacker could use this flaw to cross the syscall boundary and read privileged memory by conducting targeted cache side-channel attacks.  Variant CVE-2017-5715 triggers the speculative execution by utilizing branch target injection. It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory accesses may cause allocation into the microprocessor\"s data cache even for speculatively executed instructions that never actually commit . As a result, an unprivileged attacker could use this flaw to cross the syscall and guest/host boundaries and read privileged memory by conducting targeted cache side-channel attacks.  Variant CVE-2017-5754 relies on the fact that, on impacted microprocessors, during speculative execution of instruction permission faults, exception generation triggered by a faulting access is suppressed until the retirement of the whole instruction block. In a combination with the fact that memory accesses may populate the cache even when the block is being dropped and never committed , an unprivileged local attacker could use this flaw to read privileged  memory by conducting targeted cache side-channel attacks.  Note: CVE-2017-5754 affects Intel x86-64 microprocessors. AMD x86-64 microprocessors are not affected by this issue. Red Hat would like to thank Google Project Zero for reporting these issues",
    "cvssScore": "0",
    "cvssSeverity": "Low"
  },
  "tenantId": "cn://foobar-usma-xxx.aveng.us",
  "timestamp": 1537805110453
}
Type
object

/deployments

Endpoints for managing deployments


/deployments get

GET: /deployments (secured)

Get all deployments


Header Parameters

Authorization
JSON Web Token containing user authorization information for USMC endpoints.

PropertyValue
requiredtrue
typestring

Possible Responses

200, 404


/deployments get

CURL EXAMPLE

curl -X GET "https://your-subdomain.alienvault.cloud/api/1.1/deployments" \
	-H "Authorization: Bearer string"

RESPONSE BODY

[
  {
    "id": "cn://foobar-usma-xxx.aveng.us",
    "name": "example-anywhere",
    "displayName": "example-anywhere",
    "type": "USM Anywhere",
    "joinedSince": 1537453858988,
    "connectionStatus": "connected",
    "authorized": true
  },
  {
    "id": "test2",
    "name": "test2",
    "displayName": "test2",
    "type": "USM Appliance",
    "joinedSince": 1537560733295,
    "connectionStatus": "notConnected",
    "authorized": false
  }
]
Type
array

/assets

Endpoints for managing assets


/search post

POST: /assets/search (secured)

Search for assets


Header Parameters

Authorization
JSON Web Token containing user authorization information for USMC endpoints.

PropertyValue
requiredtrue
typestring

Possible Responses

200


/search post

CURL EXAMPLE

curl -X POST "https://your-subdomain.alienvault.cloud/api/1.1/assets/search" \
	-H "Authorization: Bearer string" \
	-d @request_body

REQUEST BODY

{
  "page": 1,
  "size": 20,
  "find": {
    "asset.hipaa": [
      "false"
    ]
  },
  "sort": {
    "asset.dateFound": "desc"
  },
  "range": {
    "asset.dateFound": {
      "gte": "now-7d",
      "lte": "now",
      "timeZone": "-0500"
    }
  }
}
Type
object

RESPONSE BODY

{
  "results": [
    {
      "asset": {
        "hipaa": "false",
        "operatingSystem": null,
        "hostname": "asset-example-ES-1-instance",
        "id": "11e34794-7c91-4aff-9b4f-552ee49c002d",
        "deviceType": null,
        "assetOriginUUID": "2b0162e6-0ceb-4ea5-b57e-ef2372a27c05",
        "nmapExcludeFromScan": null,
        "knownAsset": "true",
        "configurationCount": "0",
        "assetOriginName": "amazon-aws",
        "operatingSystemSource": null,
        "assetOriginType": "aws",
        "alarmCount": "0",
        "dateUpdated": "1539100815125",
        "vulnerabilityCount": "0",
        "eventCount": "0",
        "logo": null,
        "rootDeviceType": "ebs",
        "name": "asset-example-ES-1-instance",
        "dateFound": "1539100815124",
        "region": "us-east-1",
        "powerShellVersion": null,
        "dateCreated": "1539100268000",
        "pci": "false",
        "externalId": "i-1234"
      },
      "tenantId": "cn://example-anywhere.alienvault.cloud",
      "timestamp": 1539624650946
    }
  ],
  "total": 37
}
Type
object