Parameter | Type | Default Value | Description |
---|---|---|---|
query |
string | [no filter] | The TinyQ language filter that specifies a subset of all available records. |
field |
string | not present | The name or names of fields whose values are to be returned. The field item may appear zero or more times in the URI query parameters. A single value of "[none]" indicates return only metadata. The absence of any field parameter indicates return all field values, |
page |
integer | 1 | The 1-based offset into the total records based on page size. Actual offset is (page - 1) * pagesize. |
pagesize |
integer | [unlimited] | The maximum number of object records to return as a result of the request. |
Object type: page | |
---|---|
A container for one or more objects in the result listing. There may be multiple pages in a listing if a page size is specified that is less than the total number of objects in the listing. | |
Field | Description |
next | A URL addressing the subsequent page of objects in the total set of available objects. |
objects | The list of objects returned in the page of results. |
prev | A URL addressing the previous page of objects in the total set of available objects. |
Object type: incident | |
---|---|
An Incident object contains information about abnormal or suspicious events in the system. | |
Field | Description |
annotations | List of annotations added to the incident. |
attachments | List of attachments associated with the incident. |
category | A classification or grouping for the incident. |
createdate | The date and time when the object was created. |
creator | The URL of the Sentinel User object that represents the creator of the object. |
crit-rating | Reserved for future use. |
desc | A description of the Incident. |
events | List of events associated with the incident. |
external-datas | List of external data items associated with the incident. |
meta | The metadata for an object, including the object type name and the URL reference to the object. Definition |
moddate | The date and time when the object was last modified. |
modifier | The URL of the Sentinel User object that represents the last modifier of the object. |
name | The name or title of the incident. |
notes | List of notes added to or associated with the incident. |
priority | The level of attention that should be given to mitigating the incident. |
resolution | Actions taken to resolve the incident. |
severity | The impact or degree of seriousness of the incident. |
sev-rating | Average of all the event severities that comprise an incident. |
state | The state of the incident. For example OPEN, ASSIGNED, CLOSED or REJECTED. |
users | List of users responsible for mitigating the incident. |
vuln-rating | Reserved for future use. |
workflow-infos | List of workflows associated with the incident. |
Object type: meta | |
---|---|
The metadata for an object, including the object type name and the URL reference to the object. | |
Field | Description |
@href | The URL reference to the object. |
type | The name of the object type |
GET https://164.99.19.131:8443/SentinelRESTServices/objects/incident?page=2&pagesize=1
{ "objects":[ { "meta":{ "type":"incident", "@href":"https://164.99.19.131:8443/SentinelRESTServices/objects/incident/42" }, "sev-rating":"5", "category":"Denial of Service", "moddate":"2012-04-25T13:33:44.514Z", "desc":"Detected more that 100 failed logins in a 10 minute period.", "priority":1, "name":"Failed Logins", "createdate":"2012-04-25T13:33:44.514Z", "crit-rating":"Wildebeest", "severity":4, "resolution":"Locked user account.", "vuln-rating":"Wildebeest", "workflow-infos":[ "https://164.99.19.131:8443/SentinelRESTServices/objects/workflow-info/42" ], "users":[ "https://164.99.19.131:8443/SentinelRESTServices/objects/user/42" ], "events":{ "@href":"https://164.99.19.131:8443/SentinelRESTServices/objects/incident-events?query=incident-id.e42" }, "state":"Investigating", "attachments":[ "https://164.99.19.131:8443/SentinelRESTServices/objects/attachment/42" ], "external-datas":[ "https://164.99.19.131:8443/SentinelRESTServices/objects/external-data/42" ], "annotations":[ "https://164.99.19.131:8443/SentinelRESTServices/objects/annotation/42" ], "notes":[ "https://164.99.19.131:8443/SentinelRESTServices/objects/annotation/42" ] } ], "prev":{ "@href":"https://164.99.19.131:8443/SentinelRESTServices/objects/incident?pagesize=1&page=1" }, "next":{ "@href":"https://164.99.19.131:8443/SentinelRESTServices/objects/incident?pagesize=1&page=3" } }
Object type: incident | ||
---|---|---|
An Incident object contains information about abnormal or suspicious events in the system. | ||
Field | Required | Description |
annotations | false | List of annotations added to the incident. |
attachments | false | List of attachments associated with the incident. |
category | false | A classification or grouping for the incident. |
crit-rating | false | Reserved for future use. |
desc | false | A description of the Incident. |
events | false | List of events associated with the incident. |
external-datas | false | List of external data items associated with the incident. |
name | false | The name or title of the incident. |
notes | false | List of notes added to or associated with the incident. |
priority | false | The level of attention that should be given to mitigating the incident. |
resolution | false | Actions taken to resolve the incident. |
severity | false | The impact or degree of seriousness of the incident. |
sev-rating | false | Average of all the event severities that comprise an incident. |
state | false | The state of the incident. For example OPEN, ASSIGNED, CLOSED or REJECTED. |
users | false | List of users responsible for mitigating the incident. |
vuln-rating | false | Reserved for future use. |
workflow-infos | false | List of workflows associated with the incident. |
Object type: meta | ||
---|---|---|
The metadata for an object, including the object type name and the URL reference to the object. | ||
Field | Required | Description |
@href | false | The URL reference to the object. |
type | false | The name of the object type |
Object type: | |
---|---|
The metadata representation of the newly-created incident object, including the URL reference to the new object. | |
Field | Description |
meta | The metadata for an object, including the object type name and the URL reference to the object. Definition |
Object type: meta | |
---|---|
The metadata for an object, including the object type name and the URL reference to the object. | |
Field | Description |
@href | The URL reference to the object. |
type | The name of the object type |
POST https://164.99.19.131:8443/SentinelRESTServices/objects/incident
{ "sev-rating":"5", "category":"Denial of Service", "desc":"Detected more that 100 failed logins in a 10 minute period.", "priority":1, "name":"Failed Logins", "crit-rating":"Wildebeest", "severity":4, "resolution":"Locked user account.", "vuln-rating":"Wildebeest", "workflow-infos":[ "https://164.99.19.131:8443/SentinelRESTServices/objects/workflow-info/42" ], "users":[ "https://164.99.19.131:8443/SentinelRESTServices/objects/user/42" ], "events":{ "@href":"https://164.99.19.131:8443/SentinelRESTServices/objects/incident-events?query=incident-id.e42" }, "state":"Investigating", "attachments":[ "https://164.99.19.131:8443/SentinelRESTServices/objects/attachment/42" ], "external-datas":[ "https://164.99.19.131:8443/SentinelRESTServices/objects/external-data/42" ], "annotations":[ "https://164.99.19.131:8443/SentinelRESTServices/objects/annotation/42" ], "notes":[ "https://164.99.19.131:8443/SentinelRESTServices/objects/annotation/42" ] }
Location:https://164.99.19.131:8443/SentinelRESTServices/objects/incident/42
{ "meta":{ "type":"incident", "@href":"https://164.99.19.131:8443/SentinelRESTServices/objects/incident/42" } }