aggregated#
Autogenerated API
- argus_api.lib.events.v1.aggregated.find_aggregated_event_stats(signature: str = None, destinationIP: str = None, sourceIP: str = None, ip: str = None, destinationPort: str = None, sourcePort: str = None, port: str = None, minSeverity: str = None, maxSeverity: str = None, includeDeleted: bool = None, customerID: int = None, exclude: bool = None, required: bool = None, eventIdentifier: dict = None, locationID: int = None, severity: str = None, customer: str = None, alarmID: int = None, attackCategoryID: int = None, sourceGeoCountry: str = None, destinationGeoCountry: str = None, geoCountry: str = None, domain: str = None, properties: dict = None, productionCustomers: bool = None, multivaluePropertySeparator: str = None, minCount: int = None, associatedCaseID: int = None, sourceIPMinBits: int = None, destinationIPMinBits: int = None, subCriteria: dict = None, timeFieldStrategy: str = None, resolution: int = None, resolutionUnit: str = None, groupBy: str = None, countRawEvents: bool = None, cutoff: int = None, includeOthers: bool = None, timeFrameStrategy: str = None, startTimestamp: int = None, endTimestamp: int = None, includeFlags: str = None, excludeFlags: str = None, lastUpdatedTimestamp: int = None, indexStartTime: int = None, indexEndTime: int = None, skipFutureEvents: bool = None, exactMatchProperties: bool = True, json: bool = True, verify: Optional[bool] = None, proxies: Optional[dict] = None, apiKey: Optional[str] = None, authentication: Optional[dict] = None, server_url: Optional[str] = None, body: Optional[dict] = None, api_session: Optional[ArgusAPISession] = None) dict #
Fetch aggregated event stats (PUBLIC)
- Parameters
signature (list) –
destinationIP (list) –
sourceIP (list) –
ip (list) –
destinationPort (list) –
sourcePort (list) –
port (list) –
minSeverity (str) –
maxSeverity (str) –
includeDeleted (bool) – Also include deleted objects (where implemented)
customerID (list) – DEPRECATED! Use customer instead
exclude (bool) – Exclude these criteria from the parent criteria.
required (bool) – Only relevant for subcriteria. If set to true, objects matching this subcriteria are required (AND-ed together with parent criteria).
eventIdentifier (list) – Search for events specified by full ID (type/timestamp/customerID/eventID).
locationID (list) – Search for events having these locations.
severity (list) – Search events with specified severity. Can’t be used together with minSeverity/maxSeverity.
customer (list) – Search for events by customer (id or shortname).
alarmID (list) – Search for events having an attack identifier (signature) mapped to any of these alarms.
attackCategoryID (list) – Search for events having an attack identifier (signature) mapped to any of these categories.
sourceGeoCountry (list) – Search for events where source IP is registered in any of these countries.
destinationGeoCountry (list) – Search for events where destination IP is registered in any of these countries.
geoCountry (list) – Search for events where source or destination IP is registered in any of these countries.
domain (list) – Search for events having one of these domains. The domains are not validated
properties (dict) – Search for events having these properties (logical AND).
productionCustomers (bool) – If set, apply a customer filter for customers marked as ‘not in production’. If true, EXCLUDE customers ‘not in production’. If false, REQUIRE customers ‘not in production’. Default is unset (no filter on production customers).
multivaluePropertySeparator (str) – Separator that is going to be used when formatting the multi-value properties of the found events. (default comma)
minCount (int) – Search for events with aggregated count at least this high
associatedCaseID (list) – Search for events associated to one of these cases, 0 will match events NOT associated with any case
sourceIPMinBits (int) – Do not include source CIDR-networks with wider mask than this
destinationIPMinBits (int) – Do not include destination CIDR-networks with wider mask than this
subCriteria (list) – Allow subcriteria (include or exclude), to refine search arbitrarily
timeFieldStrategy (list) – Defines which timestamps will be included in the search, will default to startTimestamp/endTimestamp.This field cannot be used alongside the lastUpdateTime field due to backwards compatibility.
resolution (int) – Divide results into timeframes with this size (in milliseconds)
resolutionUnit (str) – For use with date histogram, this will bind the intervals to the unit given.Calendar units, such as weeks, months, and years, can only be used with a resolution of 1. Default is milliseconds
groupBy (list) – Group results by these fields
countRawEvents (bool) – Return the number of raw events (not the number of aggregated events)
cutoff (int) – If set, keep the <cutoff> biggest records, and cut off the rest.
includeOthers (bool) – If true (default), records which are cut off are collected into a common “other” record
timeFrameStrategy (str) – Configures the aggregation search to use start/end timestamp or just event timestamp for the timeframe of the search. (default startEndTimestamp)
startTimestamp (int) – Search objects from this timestamp
endTimestamp (int) – Search objects until this timestamp
includeFlags (list) – Search objects with these flags set
excludeFlags (list) – Exclude objects with these flags set
lastUpdatedTimestamp (int) – Match only with events marked with a last updated time greater or equal to this.
indexStartTime (int) – Earliest created time of the indices searched.
indexEndTime (int) – Last created time of the indices searched.
skipFutureEvents (bool) – Whether service should generate endTimestamp by current timestamp. (default false)
exactMatchProperties (bool) – If set to true, will execute in-memory filtering to only match events that have exact match of properties specified at top level “properties” field of search request. WARN: The count of response would not be reliable, as the filtering is applied in-memory of application server, but the count was done by search engine. (default true)
json – return the response’s body as a
dict
parsed from json.True
by default. If set to false, the rawrequests.Response
object will be returned.verify – path to a certificate bundle or boolean indicating whether SSL verification should be performed.
apiKey – Argus API key.
authentication – authentication override
server_url – API base URL override
body – body of the request. other parameters will override keys defined in the body.
api_session – session to use for this request. If not set, the global session will be used.
- Raises
AuthenticationFailedException – on 401
AccessDeniedException – on 403
ValidationFailedException – on 412
ArgusException – on other status codes
- Returns
dictionary translated from JSON
- argus_api.lib.events.v1.aggregated.find_aggregated_events(signature: str = None, destinationIP: str = None, sourceIP: str = None, ip: str = None, destinationPort: str = None, sourcePort: str = None, port: str = None, minSeverity: str = None, maxSeverity: str = None, limit: int = None, offset: int = None, includeDeleted: bool = None, customerID: int = None, exclude: bool = None, required: bool = None, eventIdentifier: dict = None, locationID: int = None, severity: str = None, customer: str = None, alarmID: int = None, attackCategoryID: int = None, sourceGeoCountry: str = None, destinationGeoCountry: str = None, geoCountry: str = None, domain: str = None, properties: dict = None, productionCustomers: bool = None, multivaluePropertySeparator: str = None, minCount: int = None, associatedCaseID: int = None, sourceIPMinBits: int = None, destinationIPMinBits: int = None, subCriteria: dict = None, timeFieldStrategy: str = None, startTimestamp: int = None, endTimestamp: int = None, sortBy: str = None, includeFlags: str = None, excludeFlags: str = None, lastUpdatedTimestamp: int = None, indexStartTime: int = None, indexEndTime: int = None, skipFutureEvents: bool = None, exactMatchProperties: bool = True, json: bool = True, verify: Optional[bool] = None, proxies: Optional[dict] = None, apiKey: Optional[str] = None, authentication: Optional[dict] = None, server_url: Optional[str] = None, body: Optional[dict] = None, api_session: Optional[ArgusAPISession] = None) dict #
Search for aggregated events (PUBLIC)
- Parameters
signature (list) –
destinationIP (list) –
sourceIP (list) –
ip (list) –
destinationPort (list) –
sourcePort (list) –
port (list) –
minSeverity (str) –
maxSeverity (str) –
limit (int) – Limit results
offset (int) – Offset results
includeDeleted (bool) – Also include deleted objects (where implemented)
customerID (list) – DEPRECATED! Use customer instead
exclude (bool) – Exclude these criteria from the parent criteria.
required (bool) – Only relevant for subcriteria. If set to true, objects matching this subcriteria are required (AND-ed together with parent criteria).
eventIdentifier (list) – Search for events specified by full ID (type/timestamp/customerID/eventID).
locationID (list) – Search for events having these locations.
severity (list) – Search events with specified severity. Can’t be used together with minSeverity/maxSeverity.
customer (list) – Search for events by customer (id or shortname).
alarmID (list) – Search for events having an attack identifier (signature) mapped to any of these alarms.
attackCategoryID (list) – Search for events having an attack identifier (signature) mapped to any of these categories.
sourceGeoCountry (list) – Search for events where source IP is registered in any of these countries.
destinationGeoCountry (list) – Search for events where destination IP is registered in any of these countries.
geoCountry (list) – Search for events where source or destination IP is registered in any of these countries.
domain (list) – Search for events having one of these domains. The domains are not validated
properties (dict) – Search for events having these properties (logical AND).
productionCustomers (bool) – If set, apply a customer filter for customers marked as ‘not in production’. If true, EXCLUDE customers ‘not in production’. If false, REQUIRE customers ‘not in production’. Default is unset (no filter on production customers).
multivaluePropertySeparator (str) – Separator that is going to be used when formatting the multi-value properties of the found events. (default comma)
minCount (int) – Search for events with aggregated count at least this high
associatedCaseID (list) – Search for events associated to one of these cases, 0 will match events NOT associated with any case
sourceIPMinBits (int) – Do not include source CIDR-networks with wider mask than this
destinationIPMinBits (int) – Do not include destination CIDR-networks with wider mask than this
subCriteria (list) – Allow subcriteria (include or exclude), to refine search arbitrarily
timeFieldStrategy (list) – Defines which timestamps will be included in the search, will default to startTimestamp/endTimestamp.This field cannot be used alongside the lastUpdateTime field due to backwards compatibility.
startTimestamp (int) – Search objects from this timestamp
endTimestamp (int) – Search objects until this timestamp
sortBy (list) – Order results by these properties (prefix with - to sort descending)
includeFlags (list) – Search objects with these flags set
excludeFlags (list) – Exclude objects with these flags set
lastUpdatedTimestamp (int) – Match only with events marked with a last updated time greater or equal to this.
indexStartTime (int) – Earliest created time of the indices searched.
indexEndTime (int) – Last created time of the indices searched.
skipFutureEvents (bool) – Whether service should generate endTimestamp by current timestamp. (default false)
exactMatchProperties (bool) – If set to true, will execute in-memory filtering to only match events that have exact match of properties specified at top level “properties” field of search request. WARN: The count of response would not be reliable, as the filtering is applied in-memory of application server, but the count was done by search engine. (default true)
json – return the response’s body as a
dict
parsed from json.True
by default. If set to false, the rawrequests.Response
object will be returned.verify – path to a certificate bundle or boolean indicating whether SSL verification should be performed.
apiKey – Argus API key.
authentication – authentication override
server_url – API base URL override
body – body of the request. other parameters will override keys defined in the body.
api_session – session to use for this request. If not set, the global session will be used.
- Raises
AuthenticationFailedException – on 401
AccessDeniedException – on 403
ValidationFailedException – on 412
ArgusException – on other status codes
- Returns
requests.Response
object or dictionary translated from JSON
- argus_api.lib.events.v1.aggregated.list_aggregated_events(customerID: int = None, signature: str = None, ip: str = None, startTimestamp: str = '-24hours', endTimestamp: str = 'now', limit: int = 25, offset: int = None, json: bool = True, verify: Optional[bool] = None, proxies: Optional[dict] = None, apiKey: Optional[str] = None, authentication: Optional[dict] = None, server_url: Optional[str] = None, body: Optional[dict] = None, api_session: Optional[ArgusAPISession] = None) dict #
Simple search for aggregated events (PUBLIC)
- Parameters
customerID (list) – Limit to customerID
signature (list) – Limit to signature
ip (list) – Limit to ip/network
startTimestamp (str) – Limit to events after this timestamp (default is last 24 hours).
endTimestamp (str) – Limit to events before this timestamp. Defaults to now.
limit (int) – Limit results
offset (int) – Offset results
json – return the response’s body as a
dict
parsed from json.True
by default. If set to false, the rawrequests.Response
object will be returned.verify – path to a certificate bundle or boolean indicating whether SSL verification should be performed.
apiKey – Argus API key.
authentication – authentication override
server_url – API base URL override
body – body of the request. other parameters will override keys defined in the body.
api_session – session to use for this request. If not set, the global session will be used.
- Raises
AuthenticationFailedException – on 401
AccessDeniedException – on 403
ValidationFailedException – on 412
ArgusException – on other status codes
- Returns
requests.Response
object or dictionary translated from JSON
- argus_api.lib.events.v1.aggregated.update_events(update: dict = None, eventIdentifiers: str = None, json: bool = True, verify: Optional[bool] = None, proxies: Optional[dict] = None, apiKey: Optional[str] = None, authentication: Optional[dict] = None, server_url: Optional[str] = None, body: Optional[dict] = None, api_session: Optional[ArgusAPISession] = None) dict #
Add event assessments (INTERNAL)
- Parameters
update (dict) –
eventIdentifiers (list) – Update events specified by full ID (type/timestamp/customerID/eventID)
json – return the response’s body as a
dict
parsed from json.True
by default. If set to false, the rawrequests.Response
object will be returned.verify – path to a certificate bundle or boolean indicating whether SSL verification should be performed.
apiKey – Argus API key.
authentication – authentication override
server_url – API base URL override
body – body of the request. other parameters will override keys defined in the body.
api_session – session to use for this request. If not set, the global session will be used.
- Raises
AuthenticationFailedException – on 401
AccessDeniedException – on 403
EventsNotFoundException – on 404
ValidationFailedException – on 412
ArgusException – on other status codes
- Returns
dictionary translated from JSON
- argus_api.lib.events.v1.aggregated.update_events_bulk(criteria: dict = None, update: dict = None, json: bool = True, verify: Optional[bool] = None, proxies: Optional[dict] = None, apiKey: Optional[str] = None, authentication: Optional[dict] = None, server_url: Optional[str] = None, body: Optional[dict] = None, api_session: Optional[ArgusAPISession] = None) dict #
Assess events in bulk mode (INTERNAL)
- Parameters
criteria (dict) –
update (dict) –
json – return the response’s body as a
dict
parsed from json.True
by default. If set to false, the rawrequests.Response
object will be returned.verify – path to a certificate bundle or boolean indicating whether SSL verification should be performed.
apiKey – Argus API key.
authentication – authentication override
server_url – API base URL override
body – body of the request. other parameters will override keys defined in the body.
api_session – session to use for this request. If not set, the global session will be used.
- Raises
AuthenticationFailedException – on 401
AccessDeniedException – on 403
EventsNotFoundException – on 404
ValidationFailedException – on 412
ArgusException – on other status codes
- Returns
dictionary translated from JSON