nids#
Autogenerated API
- argus_api.lib.events.v1.nids.find_n_i_d_s_events(signature: str = None, destinationIP: str = None, sourceIP: str = None, ip: str = None, destinationPort: str = None, sourcePort: str = None, port: str = None, minSeverity: str = None, maxSeverity: str = None, limit: int = None, offset: int = None, includeDeleted: bool = None, customerID: int = None, exclude: bool = None, required: bool = None, eventIdentifier: dict = None, locationID: int = None, severity: str = None, customer: str = None, alarmID: int = None, attackCategoryID: int = None, sourceGeoCountry: str = None, destinationGeoCountry: str = None, geoCountry: str = None, domain: str = None, properties: dict = None, productionCustomers: bool = None, multivaluePropertySeparator: str = None, sensorID: int = None, subCriteria: dict = None, timeFieldStrategy: str = None, startTimestamp: int = None, endTimestamp: int = None, sortBy: str = None, includeFlags: str = None, excludeFlags: str = None, lastUpdatedTimestamp: int = None, indexStartTime: int = None, indexEndTime: int = None, skipFutureEvents: bool = None, exactMatchProperties: bool = True, json: bool = True, verify: Optional[bool] = None, proxies: Optional[dict] = None, apiKey: Optional[str] = None, authentication: Optional[dict] = None, server_url: Optional[str] = None, body: Optional[dict] = None, api_session: Optional[ArgusAPISession] = None) dict #
DEPRECATED :
find_n_i_d_s_events
is an alias forfind_nids_events
. Exists only for backward compatibility - do not use - usefind_nids_events
instead.
- argus_api.lib.events.v1.nids.find_nids_events(signature: str = None, destinationIP: str = None, sourceIP: str = None, ip: str = None, destinationPort: str = None, sourcePort: str = None, port: str = None, minSeverity: str = None, maxSeverity: str = None, limit: int = None, offset: int = None, includeDeleted: bool = None, customerID: int = None, exclude: bool = None, required: bool = None, eventIdentifier: dict = None, locationID: int = None, severity: str = None, customer: str = None, alarmID: int = None, attackCategoryID: int = None, sourceGeoCountry: str = None, destinationGeoCountry: str = None, geoCountry: str = None, domain: str = None, properties: dict = None, productionCustomers: bool = None, multivaluePropertySeparator: str = None, sensorID: int = None, subCriteria: dict = None, timeFieldStrategy: str = None, startTimestamp: int = None, endTimestamp: int = None, sortBy: str = None, includeFlags: str = None, excludeFlags: str = None, lastUpdatedTimestamp: int = None, indexStartTime: int = None, indexEndTime: int = None, skipFutureEvents: bool = None, exactMatchProperties: bool = True, json: bool = True, verify: Optional[bool] = None, proxies: Optional[dict] = None, apiKey: Optional[str] = None, authentication: Optional[dict] = None, server_url: Optional[str] = None, body: Optional[dict] = None, api_session: Optional[ArgusAPISession] = None) dict #
Search for NIDS events (PUBLIC)
- Parameters
signature (list) –
destinationIP (list) –
sourceIP (list) –
ip (list) –
destinationPort (list) –
sourcePort (list) –
port (list) –
minSeverity (str) –
maxSeverity (str) –
limit (int) – Limit results
offset (int) – Offset results
includeDeleted (bool) – Also include deleted objects (where implemented)
customerID (list) – DEPRECATED! Use customer instead
exclude (bool) – Exclude these criteria from the parent criteria.
required (bool) – Only relevant for subcriteria. If set to true, objects matching this subcriteria are required (AND-ed together with parent criteria).
eventIdentifier (list) – Search for events specified by full ID (type/timestamp/customerID/eventID).
locationID (list) – Search for events having these locations.
severity (list) – Search events with specified severity. Can’t be used together with minSeverity/maxSeverity.
customer (list) – Search for events by customer (id or shortname).
alarmID (list) – Search for events having an attack identifier (signature) mapped to any of these alarms.
attackCategoryID (list) – Search for events having an attack identifier (signature) mapped to any of these categories.
sourceGeoCountry (list) – Search for events where source IP is registered in any of these countries.
destinationGeoCountry (list) – Search for events where destination IP is registered in any of these countries.
geoCountry (list) – Search for events where source or destination IP is registered in any of these countries.
domain (list) – Search for events having one of these domains. The domains are not validated
properties (dict) – Search for events having these properties (logical AND).
productionCustomers (bool) – If set, apply a customer filter for customers marked as ‘not in production’. If true, EXCLUDE customers ‘not in production’. If false, REQUIRE customers ‘not in production’. Default is unset (no filter on production customers).
multivaluePropertySeparator (str) – Separator that is going to be used when formatting the multi-value properties of the found events. (default comma)
sensorID (list) – List of sensor IDs that must have a match in the retrieved event.
subCriteria (list) – Subcriterias used to refine the search by including or excluding events.
timeFieldStrategy (list) – Defines which timestamps will be included in the search, will default to timestamp.
startTimestamp (int) – Search objects from this timestamp
endTimestamp (int) – Search objects until this timestamp
sortBy (list) – Order results by these properties (prefix with - to sort descending)
includeFlags (list) – Search objects with these flags set
excludeFlags (list) – Exclude objects with these flags set
lastUpdatedTimestamp (int) – Match only with events marked with a last updated time greater or equal to this.
indexStartTime (int) – Earliest created time of the indices searched.
indexEndTime (int) – Last created time of the indices searched.
skipFutureEvents (bool) – Whether service should generate endTimestamp by current timestamp. (default false)
exactMatchProperties (bool) – If set to true, will execute in-memory filtering to only match events that have exact match of properties specified at top level “properties” field of search request. WARN: The count of response would not be reliable, as the filtering is applied in-memory of application server, but the count was done by search engine. (default true)
json – return the response’s body as a
dict
parsed from json.True
by default. If set to false, the rawrequests.Response
object will be returned.verify – path to a certificate bundle or boolean indicating whether SSL verification should be performed.
apiKey – Argus API key.
authentication – authentication override
server_url – API base URL override
body – body of the request. other parameters will override keys defined in the body.
api_session – session to use for this request. If not set, the global session will be used.
- Raises
AuthenticationFailedException – on 401
AccessDeniedException – on 403
ValidationFailedException – on 412
ArgusException – on other status codes
- Returns
requests.Response
object or dictionary translated from JSON
- argus_api.lib.events.v1.nids.list_n_i_d_s_events(customerID: int = None, signature: str = None, ip: str = None, startTimestamp: str = '-24hours', endTimestamp: str = 'now', limit: int = 25, offset: int = None, json: bool = True, verify: Optional[bool] = None, proxies: Optional[dict] = None, apiKey: Optional[str] = None, authentication: Optional[dict] = None, server_url: Optional[str] = None, body: Optional[dict] = None, api_session: Optional[ArgusAPISession] = None) dict #
DEPRECATED :
list_n_i_d_s_events
is an alias forlist_nids_events
. Exists only for backward compatibility - do not use - uselist_nids_events
instead.
- argus_api.lib.events.v1.nids.list_nids_events(customerID: int = None, signature: str = None, ip: str = None, startTimestamp: str = '-24hours', endTimestamp: str = 'now', limit: int = 25, offset: int = None, json: bool = True, verify: Optional[bool] = None, proxies: Optional[dict] = None, apiKey: Optional[str] = None, authentication: Optional[dict] = None, server_url: Optional[str] = None, body: Optional[dict] = None, api_session: Optional[ArgusAPISession] = None) dict #
Simple search for NIDS events (PUBLIC)
- Parameters
customerID (list) – Limit to customerID
signature (list) – Limit to signature
ip (list) – Limit to ip/network
startTimestamp (str) – Limit to events after this timestamp (default is last 24 hours).
endTimestamp (str) – Limit to events before this timestamp.
limit (int) – Limit results
offset (int) – Offset results
json – return the response’s body as a
dict
parsed from json.True
by default. If set to false, the rawrequests.Response
object will be returned.verify – path to a certificate bundle or boolean indicating whether SSL verification should be performed.
apiKey – Argus API key.
authentication – authentication override
server_url – API base URL override
body – body of the request. other parameters will override keys defined in the body.
api_session – session to use for this request. If not set, the global session will be used.
- Raises
AuthenticationFailedException – on 401
AccessDeniedException – on 403
ValidationFailedException – on 412
ArgusException – on other status codes
- Returns
requests.Response
object or dictionary translated from JSON