event#

Autogenerated API

argus_api.lib.events.v2.event.reindex_events(eventID: str = None, json: bool = True, verify: Optional[bool] = None, proxies: Optional[dict] = None, apiKey: Optional[str] = None, authentication: Optional[dict] = None, server_url: Optional[str] = None, body: Optional[dict] = None, api_session: Optional[ArgusAPISession] = None) dict#

Reindexes a set of events into the search engine (DEV)

param list eventID

The events that should be reindexed. The set should contain event IDs on the Argus EventID format, e.g. AGGR/10000/1/8bf1732c-f845-409a-8425-8fad3b5007ab.

If one of the IDs is malformed, or does not match an event you have access to the request will fail.

param json

return the response’s body as a dict parsed from json. True by default. If set to false, the raw requests.Response object will be returned.

param verify

path to a certificate bundle or boolean indicating whether SSL verification should be performed.

param apiKey

Argus API key.

param authentication

authentication override

param server_url

API base URL override

param body

body of the request. other parameters will override keys defined in the body.

param api_session

session to use for this request. If not set, the global session will be used.

raises AuthenticationFailedException

on 401

raises AccessDeniedException

on 403

raises ValidationFailedException

on 412

raises ArgusException

on other status codes

returns

dictionary translated from JSON

argus_api.lib.events.v2.event.submit_events(startTimestamp: int = None, endTimestamp: int = None, id: dict = None, signature: str = None, severity: str = None, count: int = None, location: str = None, protocol: str = None, source: dict = None, destination: dict = None, flags: str = None, properties: dict = None, subEvents: str = None, uri: str = None, fqdn: str = None, aggregationKey: str = None, associatedCaseID: int = None, associatedCaseIDs: int = None, payload: dict = None, json: bool = True, verify: Optional[bool] = None, proxies: Optional[dict] = None, apiKey: Optional[str] = None, authentication: Optional[dict] = None, server_url: Optional[str] = None, body: Optional[dict] = None, api_session: Optional[ArgusAPISession] = None) dict#

Submit event to central storage. (INTERNAL)

param int startTimestamp

param int endTimestamp

param dict id

param str signature

Event signature. If set, the system will automatically assign alarm and attack category based on this value.

param str severity

Event severity. When creating a new event, the default severity is low.

param int count

Number of occurrences this event represents. The value must be at least 1, which is the default.

param str location

The sensor location (id or shortname) where this event was observed. If set, this location must be resolvable for the current user, and must either belong to the same customer as this event, or be a global location.

param str protocol

The protocol id or well-known name. Numeric protocol ID must be between 0 and 255. Protocol name must be well known (icmp, tcp, udp, esp, ah)

param dict source

param dict destination

param list flags

Event flags requested by the client for this event. On updating an existing event, existing flags will be retained, and flags in the update will be added. Flags that have a PARTIAL flag have custom handling. If FINALIZED flag is set, additional updates to this event will be ignored.

param dict properties

Custom properties for this event. Each property key may have multiple values.

On updating an existing event, setting an existing property will overwrite existing value.

The max length of property keys is 50 characters. Keys longer than that will be truncated to the first 50. If there are duplicate keys, one will overwrite the other. This will also happen if there are duplicates after truncation.

The max length of property values are 1024 characters for each value. Any value longer than this will be truncated to 1024 characters.

param list subEvents

IDs (on form TYPE/timestamp/customer/UUID) for subevents to this event. Subevents may not be stored yet. System will validate that all subevents have the same customer as this event.

param str uri

URI observed in this event.

param str fqdn

FQDN (fqdn) observed in this event.

param str aggregationKey

Client specified aggregation key for this event.

param int associatedCaseID

Associated case ID. If set, the associated case must be readable for the current user, and must belong to the same customer as this event.

param list associatedCaseIDs

Add one or more case associations to an event, not required. If set, the associated case must be readable for the current user, and must belong to the same customer as this event.

param dict payload

param json

return the response’s body as a dict parsed from json. True by default. If set to false, the raw requests.Response object will be returned.

param verify

path to a certificate bundle or boolean indicating whether SSL verification should be performed.

param apiKey

Argus API key.

param authentication

authentication override

param server_url

API base URL override

param body

body of the request. other parameters will override keys defined in the body.

param api_session

session to use for this request. If not set, the global session will be used.

raises AuthenticationFailedException

on 401

raises AccessDeniedException

on 403

raises ValidationFailedException

on 412

raises ArgusException

on other status codes

returns

dictionary translated from JSON

argus_api.lib.events.v2.event.submit_events_bulk(events: dict = None, onError: str = None, json: bool = True, verify: Optional[bool] = None, proxies: Optional[dict] = None, apiKey: Optional[str] = None, authentication: Optional[dict] = None, server_url: Optional[str] = None, body: Optional[dict] = None, api_session: Optional[ArgusAPISession] = None) dict#

Submit a bulk of events to central storage. (INTERNAL)

Parameters
  • events (list) – Events to submit in this bulk.

  • onError (str) – Define how validation errors on single events should be handled. Using mode dropInvalid, invalid events will be ignored and reported in the response. The default mode is rejectAll, which will cause a 412 error on the entire request on a valiation failure for any event.

  • json – return the response’s body as a dict parsed from json. True by default. If set to false, the raw requests.Response object will be returned.

  • verify – path to a certificate bundle or boolean indicating whether SSL verification should be performed.

  • apiKey – Argus API key.

  • authentication – authentication override

  • server_url – API base URL override

  • body – body of the request. other parameters will override keys defined in the body.

  • api_session – session to use for this request. If not set, the global session will be used.

Raises
Returns

dictionary translated from JSON