nids#

Autogenerated API

argus_api.lib.events.v1.nids.find_n_i_d_s_events(signature: str = None, destinationIP: str = None, sourceIP: str = None, ip: str = None, destinationPort: str = None, sourcePort: str = None, port: str = None, minSeverity: str = None, maxSeverity: str = None, limit: int = None, offset: int = None, includeDeleted: bool = None, customerID: int = None, exclude: bool = None, required: bool = None, eventIdentifier: dict = None, locationID: int = None, severity: str = None, customer: str = None, alarmID: int = None, attackCategoryID: int = None, sourceGeoCountry: str = None, destinationGeoCountry: str = None, geoCountry: str = None, domain: str = None, properties: dict = None, productionCustomers: bool = None, multivaluePropertySeparator: str = None, sensorID: int = None, subCriteria: dict = None, timeFieldStrategy: str = None, startTimestamp: int = None, endTimestamp: int = None, sortBy: str = None, includeFlags: str = None, excludeFlags: str = None, lastUpdatedTimestamp: int = None, indexStartTime: int = None, indexEndTime: int = None, skipFutureEvents: bool = None, exactMatchProperties: bool = True, json: bool = True, verify: Optional[bool] = None, proxies: Optional[dict] = None, apiKey: Optional[str] = None, authentication: Optional[dict] = None, server_url: Optional[str] = None, body: Optional[dict] = None, api_session: Optional[ArgusAPISession] = None) dict#

DEPRECATED : find_n_i_d_s_events is an alias for find_nids_events. Exists only for backward compatibility - do not use - use find_nids_events instead.

argus_api.lib.events.v1.nids.find_nids_events(signature: str = None, destinationIP: str = None, sourceIP: str = None, ip: str = None, destinationPort: str = None, sourcePort: str = None, port: str = None, minSeverity: str = None, maxSeverity: str = None, limit: int = None, offset: int = None, includeDeleted: bool = None, customerID: int = None, exclude: bool = None, required: bool = None, eventIdentifier: dict = None, locationID: int = None, severity: str = None, customer: str = None, alarmID: int = None, attackCategoryID: int = None, sourceGeoCountry: str = None, destinationGeoCountry: str = None, geoCountry: str = None, domain: str = None, properties: dict = None, productionCustomers: bool = None, multivaluePropertySeparator: str = None, sensorID: int = None, subCriteria: dict = None, timeFieldStrategy: str = None, startTimestamp: int = None, endTimestamp: int = None, sortBy: str = None, includeFlags: str = None, excludeFlags: str = None, lastUpdatedTimestamp: int = None, indexStartTime: int = None, indexEndTime: int = None, skipFutureEvents: bool = None, exactMatchProperties: bool = True, json: bool = True, verify: Optional[bool] = None, proxies: Optional[dict] = None, apiKey: Optional[str] = None, authentication: Optional[dict] = None, server_url: Optional[str] = None, body: Optional[dict] = None, api_session: Optional[ArgusAPISession] = None) dict#

Search for NIDS events (PUBLIC)

Parameters
  • signature (list) –

  • destinationIP (list) –

  • sourceIP (list) –

  • ip (list) –

  • destinationPort (list) –

  • sourcePort (list) –

  • port (list) –

  • minSeverity (str) –

  • maxSeverity (str) –

  • limit (int) – Limit results

  • offset (int) – Offset results

  • includeDeleted (bool) – Also include deleted objects (where implemented)

  • customerID (list) – DEPRECATED! Use customer instead

  • exclude (bool) – Exclude these criteria from the parent criteria.

  • required (bool) – Only relevant for subcriteria. If set to true, objects matching this subcriteria are required (AND-ed together with parent criteria).

  • eventIdentifier (list) – Search for events specified by full ID (type/timestamp/customerID/eventID).

  • locationID (list) – Search for events having these locations.

  • severity (list) – Search events with specified severity. Can’t be used together with minSeverity/maxSeverity.

  • customer (list) – Search for events by customer (id or shortname).

  • alarmID (list) – Search for events having an attack identifier (signature) mapped to any of these alarms.

  • attackCategoryID (list) – Search for events having an attack identifier (signature) mapped to any of these categories.

  • sourceGeoCountry (list) – Search for events where source IP is registered in any of these countries.

  • destinationGeoCountry (list) – Search for events where destination IP is registered in any of these countries.

  • geoCountry (list) – Search for events where source or destination IP is registered in any of these countries.

  • domain (list) – Search for events having one of these domains. The domains are not validated

  • properties (dict) – Search for events having these properties (logical AND).

  • productionCustomers (bool) – If set, apply a customer filter for customers marked as ‘not in production’. If true, EXCLUDE customers ‘not in production’. If false, REQUIRE customers ‘not in production’. Default is unset (no filter on production customers).

  • multivaluePropertySeparator (str) – Separator that is going to be used when formatting the multi-value properties of the found events. (default comma)

  • sensorID (list) – List of sensor IDs that must have a match in the retrieved event.

  • subCriteria (list) – Subcriterias used to refine the search by including or excluding events.

  • timeFieldStrategy (list) – Defines which timestamps will be included in the search, will default to timestamp.

  • startTimestamp (int) – Search objects from this timestamp

  • endTimestamp (int) – Search objects until this timestamp

  • sortBy (list) – Order results by these properties (prefix with - to sort descending)

  • includeFlags (list) – Search objects with these flags set

  • excludeFlags (list) – Exclude objects with these flags set

  • lastUpdatedTimestamp (int) – Match only with events marked with a last updated time greater or equal to this.

  • indexStartTime (int) – Earliest created time of the indices searched.

  • indexEndTime (int) – Last created time of the indices searched.

  • skipFutureEvents (bool) – Whether service should generate endTimestamp by current timestamp. (default false)

  • exactMatchProperties (bool) – If set to true, will execute in-memory filtering to only match events that have exact match of properties specified at top level “properties” field of search request. WARN: The count of response would not be reliable, as the filtering is applied in-memory of application server, but the count was done by search engine. (default true)

  • json – return the response’s body as a dict parsed from json. True by default. If set to false, the raw requests.Response object will be returned.

  • verify – path to a certificate bundle or boolean indicating whether SSL verification should be performed.

  • apiKey – Argus API key.

  • authentication – authentication override

  • server_url – API base URL override

  • body – body of the request. other parameters will override keys defined in the body.

  • api_session – session to use for this request. If not set, the global session will be used.

Raises
Returns

requests.Response object or dictionary translated from JSON

argus_api.lib.events.v1.nids.list_n_i_d_s_events(customerID: int = None, signature: str = None, ip: str = None, startTimestamp: str = '-24hours', endTimestamp: str = 'now', limit: int = 25, offset: int = None, json: bool = True, verify: Optional[bool] = None, proxies: Optional[dict] = None, apiKey: Optional[str] = None, authentication: Optional[dict] = None, server_url: Optional[str] = None, body: Optional[dict] = None, api_session: Optional[ArgusAPISession] = None) dict#

DEPRECATED : list_n_i_d_s_events is an alias for list_nids_events. Exists only for backward compatibility - do not use - use list_nids_events instead.

argus_api.lib.events.v1.nids.list_nids_events(customerID: int = None, signature: str = None, ip: str = None, startTimestamp: str = '-24hours', endTimestamp: str = 'now', limit: int = 25, offset: int = None, json: bool = True, verify: Optional[bool] = None, proxies: Optional[dict] = None, apiKey: Optional[str] = None, authentication: Optional[dict] = None, server_url: Optional[str] = None, body: Optional[dict] = None, api_session: Optional[ArgusAPISession] = None) dict#

Simple search for NIDS events (PUBLIC)

Parameters
  • customerID (list) – Limit to customerID

  • signature (list) – Limit to signature

  • ip (list) – Limit to ip/network

  • startTimestamp (str) – Limit to events after this timestamp (default is last 24 hours).

  • endTimestamp (str) – Limit to events before this timestamp.

  • limit (int) – Limit results

  • offset (int) – Offset results

  • json – return the response’s body as a dict parsed from json. True by default. If set to false, the raw requests.Response object will be returned.

  • verify – path to a certificate bundle or boolean indicating whether SSL verification should be performed.

  • apiKey – Argus API key.

  • authentication – authentication override

  • server_url – API base URL override

  • body – body of the request. other parameters will override keys defined in the body.

  • api_session – session to use for this request. If not set, the global session will be used.

Raises
Returns

requests.Response object or dictionary translated from JSON