alarm#

Autogenerated API

argus_api.lib.alarms.v1.alarm.add_alarm(shortName: str = None, description: str = None, info: str = None, references: str = None, links: str = None, labels: str = None, internalReference: str = None, signatures: str = None, attackCategoryID: int = None, json: bool = True, verify: Optional[bool] = None, proxies: Optional[dict] = None, apiKey: Optional[str] = None, authentication: Optional[dict] = None, server_url: Optional[str] = None, body: Optional[dict] = None, api_session: Optional[ArgusAPISession] = None) dict#

Add a new alarm (INTERNAL)

Parameters

  • shortName (str) – Short name of the alarm => [a-zA-Z0-9_:\-.]*

  • description (str) – Alarm description => [sw\{\}\$\-\(\).\[\]”'_/\,\*\+\#:@!?;=]*

  • info (str) – Alarm verbose information => format:html

  • references (list) – Alarm vulnerability references (CVE-numbers, BID-numbers, URLs etc) => Sanitize by regex ^((?!(https?|ftp|gopher|telnet|file|javascript|mailto):))([sw\{\}\$\-\(\).\[\]”'_/\,\*\+\#:@!?;=])*|((https?|ftp|gopher|telnet|file):((/)|(\))+[wd:\#@%/;$()~_?\+-=\.&]*)

  • links (list) – Links to external descriptions of this alarm => ((https?|ftp|gopher|telnet|file):((/)|(\))+[wd:\#@%/;$()~_?\+-=\.&]*)

  • labels (list) – Tag an alarm with labels => [sw\{\}\$\-\(\).\[\]”'_/\,\*\+\#:@!?;=]*

  • internalReference (str) – A link to an internal reference for the alarm => [sw\{\}\$\-\(\).\[\]”'_/\,\*\+\#:@!?;=]*

  • signatures (list) – List of signatures to map to this alarm => Sanitize by regex [a-zA-Z0-9_/:@~!\+\-.\?]*

  • attackCategoryID (int) – Alarm attack category ID (default 0)

  • json – return the response’s body as a dict parsed from json. True by default. If set to false, the raw requests.Response object will be returned.

  • verify – path to a certificate bundle or boolean indicating whether SSL verification should be performed.

  • apiKey – Argus API key.

  • authentication – authentication override

  • server_url – API base URL override

  • body – body of the request. other parameters will override keys defined in the body.

  • api_session – session to use for this request. If not set, the global session will be used.

Raises
Returns

dictionary translated from JSON

argus_api.lib.alarms.v1.alarm.add_alarm_comment(id: int, comment: str = None, json: bool = True, verify: Optional[bool] = None, proxies: Optional[dict] = None, apiKey: Optional[str] = None, authentication: Optional[dict] = None, server_url: Optional[str] = None, body: Optional[dict] = None, api_session: Optional[ArgusAPISession] = None) dict#

Add a comment to an alarm (INTERNAL)

Parameters

  • id (int) – ID of the alarm

  • comment (str) – Comment content. Html is allowed, will be sanitized. => format:html

  • json – return the response’s body as a dict parsed from json. True by default. If set to false, the raw requests.Response object will be returned.

  • verify – path to a certificate bundle or boolean indicating whether SSL verification should be performed.

  • apiKey – Argus API key.

  • authentication – authentication override

  • server_url – API base URL override

  • body – body of the request. other parameters will override keys defined in the body.

  • api_session – session to use for this request. If not set, the global session will be used.

Raises
Returns

dictionary translated from JSON

argus_api.lib.alarms.v1.alarm.add_alarm_mitre_relationship(idOrShortName: str, mitreCategory: str = None, categoryModel: str = None, categoryVersion: str = None, json: bool = True, verify: Optional[bool] = None, proxies: Optional[dict] = None, apiKey: Optional[str] = None, authentication: Optional[dict] = None, server_url: Optional[str] = None, body: Optional[dict] = None, api_session: Optional[ArgusAPISession] = None) dict#

Adds a new relationship between an alarm and a MITRE category (DEV)

Parameters

  • idOrShortName (str) – ID or short name of the alarm

  • mitreCategory (str) – ID or external ID of the MITRE category (external ID requires setting additional attributes: categoryModel, categoryVersion)

  • categoryModel (str) – Which threat model to use with external ID of the MITRE category

  • categoryVersion (str) – Which version to use with external ID of the MITRE category

  • json – return the response’s body as a dict parsed from json. True by default. If set to false, the raw requests.Response object will be returned.

  • verify – path to a certificate bundle or boolean indicating whether SSL verification should be performed.

  • apiKey – Argus API key.

  • authentication – authentication override

  • server_url – API base URL override

  • body – body of the request. other parameters will override keys defined in the body.

  • api_session – session to use for this request. If not set, the global session will be used.

Raises
Returns

dictionary translated from JSON

argus_api.lib.alarms.v1.alarm.delete_alarm(id: int, json: bool = True, verify: Optional[bool] = None, proxies: Optional[dict] = None, apiKey: Optional[str] = None, authentication: Optional[dict] = None, server_url: Optional[str] = None, body: Optional[dict] = None, api_session: Optional[ArgusAPISession] = None) dict#

Delete an existing alarm (INTERNAL)

Parameters

  • id (int) – ID of the alarm

  • json – return the response’s body as a dict parsed from json. True by default. If set to false, the raw requests.Response object will be returned.

  • verify – path to a certificate bundle or boolean indicating whether SSL verification should be performed.

  • apiKey – Argus API key.

  • authentication – authentication override

  • server_url – API base URL override

  • body – body of the request. other parameters will override keys defined in the body.

  • api_session – session to use for this request. If not set, the global session will be used.

Raises
Returns

dictionary translated from JSON

argus_api.lib.alarms.v1.alarm.delete_alarm_comment(id: int, timestamp: int, json: bool = True, verify: Optional[bool] = None, proxies: Optional[dict] = None, apiKey: Optional[str] = None, authentication: Optional[dict] = None, server_url: Optional[str] = None, body: Optional[dict] = None, api_session: Optional[ArgusAPISession] = None) dict#

Delete an existing comment from an alarm (INTERNAL)

Parameters

  • id (int) – ID of the alarm

  • timestamp (int) – Timestamp of the comment

  • json – return the response’s body as a dict parsed from json. True by default. If set to false, the raw requests.Response object will be returned.

  • verify – path to a certificate bundle or boolean indicating whether SSL verification should be performed.

  • apiKey – Argus API key.

  • authentication – authentication override

  • server_url – API base URL override

  • body – body of the request. other parameters will override keys defined in the body.

  • api_session – session to use for this request. If not set, the global session will be used.

Raises
Returns

dictionary translated from JSON

argus_api.lib.alarms.v1.alarm.delete_alarm_mitre_relationship(idOrShortName: str, idOrExtId: str, categoryModel: str = None, categoryVersion: str = None, json: bool = True, verify: Optional[bool] = None, proxies: Optional[dict] = None, apiKey: Optional[str] = None, authentication: Optional[dict] = None, server_url: Optional[str] = None, body: Optional[dict] = None, api_session: Optional[ArgusAPISession] = None) dict#

Deletes an existing relationship between an alarm and a MITRE category (DEV)

Parameters

  • idOrShortName (str) – ID or short name of the alarm

  • idOrExtId (str) – ID or external ID of the MITRE category (external ID requires additional query parameters: categoryModel, categoryVersion)

  • categoryModel (str) – Which threat model to use with external ID of the MITRE category

  • categoryVersion (str) – Which version to use with external ID of the MITRE category

  • json – return the response’s body as a dict parsed from json. True by default. If set to false, the raw requests.Response object will be returned.

  • verify – path to a certificate bundle or boolean indicating whether SSL verification should be performed.

  • apiKey – Argus API key.

  • authentication – authentication override

  • server_url – API base URL override

  • body – body of the request. other parameters will override keys defined in the body.

  • api_session – session to use for this request. If not set, the global session will be used.

Raises
Returns

dictionary translated from JSON

argus_api.lib.alarms.v1.alarm.get_alarm_by_id(id: int, json: bool = True, verify: Optional[bool] = None, proxies: Optional[dict] = None, apiKey: Optional[str] = None, authentication: Optional[dict] = None, server_url: Optional[str] = None, body: Optional[dict] = None, api_session: Optional[ArgusAPISession] = None) dict#

Get an alarm by ID (PUBLIC)

Parameters

  • id (int) – ID of the alarm

  • json – return the response’s body as a dict parsed from json. True by default. If set to false, the raw requests.Response object will be returned.

  • verify – path to a certificate bundle or boolean indicating whether SSL verification should be performed.

  • apiKey – Argus API key.

  • authentication – authentication override

  • server_url – API base URL override

  • body – body of the request. other parameters will override keys defined in the body.

  • api_session – session to use for this request. If not set, the global session will be used.

Raises
Returns

dictionary translated from JSON

argus_api.lib.alarms.v1.alarm.get_alarms(keywords: str = None, keywordField: str = None, keywordMatch: str = 'all', limit: int = 25, offset: int = None, json: bool = True, verify: Optional[bool] = None, proxies: Optional[dict] = None, apiKey: Optional[str] = None, authentication: Optional[dict] = None, server_url: Optional[str] = None, body: Optional[dict] = None, api_session: Optional[ArgusAPISession] = None) dict#

Get all alarms (PUBLIC)

Parameters

  • keywords (list) – Search by keywords

  • keywordField (list) – Set field strategy for keyword search

  • keywordMatch (str) – Set match strategy for keyword search

  • limit (int) – Maximum number of returned alarms

  • offset (int) – Skip a number of alarms

  • json – return the response’s body as a dict parsed from json. True by default. If set to false, the raw requests.Response object will be returned.

  • verify – path to a certificate bundle or boolean indicating whether SSL verification should be performed.

  • apiKey – Argus API key.

  • authentication – authentication override

  • server_url – API base URL override

  • body – body of the request. other parameters will override keys defined in the body.

  • api_session – session to use for this request. If not set, the global session will be used.

Raises
Returns

dictionary translated from JSON

argus_api.lib.alarms.v1.alarm.list_alarm_mitre_relationships(idOrShortName: str, categoryType: str = None, categoryModel: str = None, categoryVersion: str = None, includeDeleted: bool = None, sortBy: str = None, limit: int = None, offset: int = None, json: bool = True, verify: Optional[bool] = None, proxies: Optional[dict] = None, apiKey: Optional[str] = None, authentication: Optional[dict] = None, server_url: Optional[str] = None, body: Optional[dict] = None, api_session: Optional[ArgusAPISession] = None) dict#

List relationships between an alarm and MITRE categories (DEV)

Parameters

  • idOrShortName (str) – ID or short name of the alarm

  • categoryType (list) – Type(s) of the MITRE categories (all by default)

  • categoryModel (list) – The threat model(s) of the MITRE categories (all by default)

  • categoryVersion (list) – The version(s) of the MITRE categories (all by default)

  • includeDeleted (bool) – To include deleted relationships or not (not included by default)

  • sortBy (list) – Field(s) to sort results by (without sign is ascending, with ‘-’ sign is descending)

  • limit (int) – The max amount of items to return (25 by default, 0 means no limit)

  • offset (int) – The amount of items to skip from the beginning (0 by default)

  • json – return the response’s body as a dict parsed from json. True by default. If set to false, the raw requests.Response object will be returned.

  • verify – path to a certificate bundle or boolean indicating whether SSL verification should be performed.

  • apiKey – Argus API key.

  • authentication – authentication override

  • server_url – API base URL override

  • body – body of the request. other parameters will override keys defined in the body.

  • api_session – session to use for this request. If not set, the global session will be used.

Raises
Returns

dictionary translated from JSON

argus_api.lib.alarms.v1.alarm.map_to_alarm(id: int, signatures: str = None, json: bool = True, verify: Optional[bool] = None, proxies: Optional[dict] = None, apiKey: Optional[str] = None, authentication: Optional[dict] = None, server_url: Optional[str] = None, body: Optional[dict] = None, api_session: Optional[ArgusAPISession] = None) dict#

Map signatures to an alarm (INTERNAL)

Parameters

  • id (int) – ID of the alarm

  • signatures (list) – Signatures (exist/new) to be mapped to the alarm => Sanitize by regex [a-zA-Z0-9_/:@~!\+\-.\?]*

  • json – return the response’s body as a dict parsed from json. True by default. If set to false, the raw requests.Response object will be returned.

  • verify – path to a certificate bundle or boolean indicating whether SSL verification should be performed.

  • apiKey – Argus API key.

  • authentication – authentication override

  • server_url – API base URL override

  • body – body of the request. other parameters will override keys defined in the body.

  • api_session – session to use for this request. If not set, the global session will be used.

Raises
Returns

dictionary translated from JSON

argus_api.lib.alarms.v1.alarm.search_alarm_mitre_relationships(id: str = None, alarm: str = None, category: str = None, categoryType: str = None, categoryModel: str = None, categoryVersion: str = None, includeFlags: str = None, excludeFlags: str = None, subCriteria: dict = None, sortBy: str = None, limit: int = 25, offset: int = None, json: bool = True, verify: Optional[bool] = None, proxies: Optional[dict] = None, apiKey: Optional[str] = None, authentication: Optional[dict] = None, server_url: Optional[str] = None, body: Optional[dict] = None, api_session: Optional[ArgusAPISession] = None) dict#

Searches for relationships between alarms and MITRE categories (DEV)

Parameters

  • id (list) – A set of IDs of the searched relationships

  • alarm (list) – A set of IDs or short names of the alarms that take part in the relationships

  • category (list) – A set of IDs, external IDs or short names of the MITRE categories that take part in the relationships

  • categoryType (list) – A set of enumerated types of the MITRE categories that take part in the relationships

  • categoryModel (list) – A set of enumerated threat models of the MITRE categories that take part in the relationships

  • categoryVersion (list) – A set of versions of the MITRE categories that take part in the relationships

  • includeFlags (list) – A set of included enumerated flags of the searched relationships

  • excludeFlags (list) – A set of excluded enumerated flags of the searched relationships

  • subCriteria (list) – Set additional search criteria with AND, OR or AND NOT

  • sortBy (list) – Fields to sort results by (without sign is ascending, with ‘-’ sign is descending) (default mitreCategoryShortName, -createdTimestamp)

  • limit (int) – The max amount of items to return (default 25)

  • offset (int) – The amount of items to skip from the beginning (default 0)

  • json – return the response’s body as a dict parsed from json. True by default. If set to false, the raw requests.Response object will be returned.

  • verify – path to a certificate bundle or boolean indicating whether SSL verification should be performed.

  • apiKey – Argus API key.

  • authentication – authentication override

  • server_url – API base URL override

  • body – body of the request. other parameters will override keys defined in the body.

  • api_session – session to use for this request. If not set, the global session will be used.

Raises
Returns

dictionary translated from JSON

argus_api.lib.alarms.v1.alarm.search_alarms(limit: int = None, offset: int = None, includeDeleted: bool = None, subCriteria: dict = None, exclude: bool = None, required: bool = None, attackCategoryID: int = None, alarmID: int = None, alarm: str = None, alarmReferences: str = None, labels: str = None, startTimestamp: int = None, endTimestamp: int = None, timeFieldStrategy: str = None, timeMatchStrategy: str = None, keywords: str = None, keywordFieldStrategy: str = None, keywordMatchStrategy: str = None, signature: str = None, sortBy: str = None, includeFlags: str = None, excludeFlags: str = None, includeMappings: bool = None, includeComments: bool = None, json: bool = True, verify: Optional[bool] = None, proxies: Optional[dict] = None, apiKey: Optional[str] = None, authentication: Optional[dict] = None, server_url: Optional[str] = None, body: Optional[dict] = None, api_session: Optional[ArgusAPISession] = None) dict#

Get all alarms matching a given search criteria (PUBLIC)

Parameters

  • limit (int) – Max number of results.

  • offset (int) – Skip the first (offset) objects. By default, return result from first object.

  • includeDeleted (bool) – Set to true to include deleted objects. By default, exclude deleted objects.

  • subCriteria (list) – Set additional criterias which are applied using a logical OR.

  • exclude (bool) – Only relevant for subcriteria. If set to true, objects matching this subcriteria object will be excluded.

  • required (bool) – Only relevant for subcriteria. If set to true, objects matching this subcriteria are required (AND-ed together with parent criteria).

  • attackCategoryID (list) – A set of IDs for attack categories (alarm category).

  • alarmID (list) – A set of IDs for alarms.

  • alarm (list) – A set of IDs or short names for alarms.

  • alarmReferences (list) – A set of references. It does an exact match.

  • labels (list) – A set of labels. It does an exact match.

  • startTimestamp (int) – Only include alarms based on the set TimeFieldStrategy and TimeMatchStrategy (start timestamp)

  • endTimestamp (int) – Only include alarms based on the set TimeFieldStrategy and TimeMatchStrategy (end timestamp)

  • timeFieldStrategy (list) – TimeFieldStrategy to define which timestamp field(s) to match. (default lastUpdatedTimestamp)

  • timeMatchStrategy (str) – TimeMatchStrategy to define how to match startTimestamp and endTimestamp with fields. (default any)

  • keywords (list) – A set of keywords matched against alarms based on the set KeywordFieldStrategy and KeywordMatchStrategy.

  • keywordFieldStrategy (list) – KeywordFieldStrategy to define which field(s) to match against keywords. (default all)

  • keywordMatchStrategy (str) – KeywordMatchStrategy to define how to match keywords with fields. (default all)

  • signature (list) – A set of signatures. It does an exact match.

  • sortBy (list) – List of properties to sort by (prefix with “-” to sort descending).

  • includeFlags (list) – Only include objects which have includeFlags set.

  • excludeFlags (list) – Exclude objects which have excludeFlags set.

  • includeMappings (bool) – Set to include mappings in the search result. (default false)

  • includeComments (bool) – Set to include comments in the search result. (default false)

  • json – return the response’s body as a dict parsed from json. True by default. If set to false, the raw requests.Response object will be returned.

  • verify – path to a certificate bundle or boolean indicating whether SSL verification should be performed.

  • apiKey – Argus API key.

  • authentication – authentication override

  • server_url – API base URL override

  • body – body of the request. other parameters will override keys defined in the body.

  • api_session – session to use for this request. If not set, the global session will be used.

Raises
Returns

dictionary translated from JSON

argus_api.lib.alarms.v1.alarm.unmap(id: int, signature: str, json: bool = True, verify: Optional[bool] = None, proxies: Optional[dict] = None, apiKey: Optional[str] = None, authentication: Optional[dict] = None, server_url: Optional[str] = None, body: Optional[dict] = None, api_session: Optional[ArgusAPISession] = None) dict#

Unmap signatures from an alarm (INTERNAL)

Parameters

  • id (int) – ID of the alarm

  • signature (list) – Signatures to unmap

  • json – return the response’s body as a dict parsed from json. True by default. If set to false, the raw requests.Response object will be returned.

  • verify – path to a certificate bundle or boolean indicating whether SSL verification should be performed.

  • apiKey – Argus API key.

  • authentication – authentication override

  • server_url – API base URL override

  • body – body of the request. other parameters will override keys defined in the body.

  • api_session – session to use for this request. If not set, the global session will be used.

Raises
Returns

dictionary translated from JSON

argus_api.lib.alarms.v1.alarm.update_alarm(id: int, shortName: str = None, description: str = None, info: str = None, disabled: bool = None, addReferences: str = None, deleteReferences: str = None, addLinks: str = None, deleteLinks: str = None, addLabels: str = None, deleteLabels: str = None, internalReference: str = None, attackCategoryID: int = None, json: bool = True, verify: Optional[bool] = None, proxies: Optional[dict] = None, apiKey: Optional[str] = None, authentication: Optional[dict] = None, server_url: Optional[str] = None, body: Optional[dict] = None, api_session: Optional[ArgusAPISession] = None) dict#

Update an existing alarm (INTERNAL)

Parameters

  • id (int) – ID of the alarm

  • shortName (str) – Update short name of the alarm => [a-zA-Z0-9_:\-.]*

  • description (str) – Update description of alarm => [sw\{\}\$\-\(\).\[\]”'_/\,\*\+\#:@!?;=]*

  • info (str) – Update verbose information of alarm => format:html

  • disabled (bool) – Disable or enable alarm (unchanged if not set)

  • addReferences (list) – Add vulnerability references (CVE-numbers, BID-numbers, URLs etc) => Sanitize by regex ^((?!(https?|ftp|gopher|telnet|file|javascript|mailto):))([sw\{\}\$\-\(\).\[\]”'_/\,\*\+\#:@!?;=])*|((https?|ftp|gopher|telnet|file):((/)|(\))+[wd:\#@%/;$()~_?\+-=\.&]*)

  • deleteReferences (list) – Remove vulnerability references

  • addLinks (list) – Add external links => ((https?|ftp|gopher|telnet|file):((/)|(\))+[wd:\#@%/;$()~_?\+-=\.&]*)

  • deleteLinks (list) – Remove external links

  • addLabels (list) – Add labels => [sw\{\}\$\-\(\).\[\]”'_/\,\*\+\#:@!?;=]*

  • deleteLabels (list) – Remove labels => [sw\{\}\$\-\(\).\[\]”'_/\,\*\+\#:@!?;=]*

  • internalReference (str) – A link to an internal reference for the alarm => [sw\{\}\$\-\(\).\[\]”'_/\,\*\+\#:@!?;=]*

  • attackCategoryID (int) – Update category of alarm (unchanged if set to 0) (default 0)

  • json – return the response’s body as a dict parsed from json. True by default. If set to false, the raw requests.Response object will be returned.

  • verify – path to a certificate bundle or boolean indicating whether SSL verification should be performed.

  • apiKey – Argus API key.

  • authentication – authentication override

  • server_url – API base URL override

  • body – body of the request. other parameters will override keys defined in the body.

  • api_session – session to use for this request. If not set, the global session will be used.

Raises
Returns

dictionary translated from JSON