Parameter | Type | Default Value | Description |
---|---|---|---|
query |
string | [no filter] | The TinyQ language filter that specifies a subset of all available records. |
field |
string | not present | The name or names of fields whose values are to be returned. The field item may appear zero or more times in the URI query parameters. A single value of "[none]" indicates return only metadata. The absence of any field parameter indicates return all field values, |
page |
integer | 1 | The 1-based offset into the total records based on page size. Actual offset is (page - 1) * pagesize. |
pagesize |
integer | [unlimited] | The maximum number of object records to return as a result of the request. |
Object type: page | |
---|---|
A container for one or more objects in the result listing. There may be multiple pages in a listing if a page size is specified that is less than the total number of objects in the listing. | |
Field | Description |
next | A URL addressing the subsequent page of objects in the total set of available objects. |
objects | The list of objects returned in the page of results. |
prev | A URL addressing the previous page of objects in the total set of available objects. |
Object type: user | |
---|---|
A User object contains information about a user account in the Sentinel system. | |
Field | Description |
auth-dn | If a user has an authentication source other than "DATABASE"" (e.g., "LDAP") this value can be used to identify the corresponding user account in the authentication source. |
auth-source | The source used by Sentinel to authenticate a user's password during an authentication request. |
cell | The user's mobile phone number. |
createdate | The date and time when the object was created. |
creator | The URL of the Sentinel User object that represents the creator of the object. |
dept | The department to which the user belongs. |
desc | A description of the user account. |
The user's contact email address. | |
fax | A secondary contact number or other value. The Sentinel user interface displays this as "Fax". |
given | The user's given name. |
meta | The metadata for an object, including the object type name and the URL reference to the object. Definition |
moddate | The date and time when the object was last modified. |
modifier | The URL of the Sentinel User object that represents the last modifier of the object. |
name | The name that the user supplies to log in to Sentinel. |
old-password | The user's existing password value. This is treated as "write-only" and is only used when a user is changing the value of the user's own password. It is never returned from the server. |
password | The user's password value. This is treated as "write-only". In other words, it is only used when creating a user account or when changing a user account's password. It is never returned from the server. |
perms | A description of the user's permissions in the Sentinel system. Definition |
phone | The user's contact telephone number. |
roles | The user's role memberships. |
state | The user's current state. One of the following three values: "ACTIVE", "LOCKED", "INACTIVE". "INACTIVE" indicates a "deleted" user account. |
surname | The user's family name. |
sys | If this value is true it indicates that the user account is an internal account used by Sentinel. For example, a distributed search target creates a system user for the purposes of executing a search on behalf of a search console. |
tags | The user's "favorite" tags. |
title | The user's job title. |
Object type: meta | |
---|---|
The metadata for an object, including the object type name and the URL reference to the object. | |
Field | Description |
@href | The URL reference to the object. |
type | The name of the object type |
Object type: permissions | |
---|---|
The UserPermissions object contains the current permissions for a user in the Sentinel system. | |
Field | Description |
all-events | If true, the user can view all event records in the Sentinel system. If false, the filter value is used to determine the set of events the user is allowed to view. |
chg-pwd | If true, a user can change his own password. |
filter | If non-empty, and AllowAllEvents is false, this value is a filter expression that determines the set of events the user is allowed to view. |
isadmin | If true, the user has administrator privileges. |
perm-set | This collection contains the calculated set of permissions effective for the user based on the user's role memberships. |
GET https://164.99.19.131:8443/SentinelRESTServices/objects/user?page=2&pagesize=1
{ "objects":[ { "meta":{ "type":"user", "@href":"https://164.99.19.131:8443/SentinelRESTServices/objects/user/42" }, "auth-dn":"cn=jdoe,dc=users,dc=somecompany,dc=com", "phone":"(212) 555-1212", "moddate":"2012-04-25T13:33:44.727Z", "perms":{ "all-events":false, "perm-set":[ "viewIdentityData", "eventActions", "runReportOnDB", "viewIncidents", "solutionDesigner", "_viewRawDataRole_", "viewInternalEvents", "distSearchInitiate", "createIncidents", "viewVulnerabilityData", "remediateIncidents", "viewAssetData", "activeViews", "shareFilters" ], "chg-pwd":true, "filter":"rv145:\"PCI\"", "isadmin":false }, "desc":"This account is a sample user account.", "fax":"(212) 555-1212", "auth-source":"DATABASE", "sys":false, "old-password":"0ldp@$$w0rd", "cell":"(212) 555-1212", "createdate":"2012-04-25T13:33:44.727Z", "surname":"Doe", "password":"p@$$w0rd", "title":"PCI Compliance Manager", "given":"John", "email":"jdoe@somecompany.com", "name":"jdoe", "dept":"Accounting", "tags":[ "PCI" ], "roles":[ "https://164.99.19.131:8443/SentinelRESTServices/objects/role/79600390-9B73-102E-A3E2-001676E4A757" ], "state":"INACTIVE" } ], "prev":{ "@href":"https://164.99.19.131:8443/SentinelRESTServices/objects/user?pagesize=1&page=1" }, "next":{ "@href":"https://164.99.19.131:8443/SentinelRESTServices/objects/user?pagesize=1&page=3" } }
Object type: user | ||
---|---|---|
A User object contains information about a user account in the Sentinel system. | ||
Field | Required | Description |
auth-dn | false | If a user has an authentication source other than "DATABASE"" (e.g., "LDAP") this value can be used to identify the corresponding user account in the authentication source. |
auth-source | true | The source used by Sentinel to authenticate a user's password during an authentication request. |
cell | false | The user's mobile phone number. |
dept | false | The department to which the user belongs. |
desc | false | A description of the user account. |
false | The user's contact email address. | |
fax | false | A secondary contact number or other value. The Sentinel user interface displays this as "Fax". |
given | false | The user's given name. |
name | true | The name that the user supplies to log in to Sentinel. |
old-password | false | The user's existing password value. This is treated as "write-only" and is only used when a user is changing the value of the user's own password. It is never returned from the server. |
password | false | The user's password value. This is treated as "write-only". In other words, it is only used when creating a user account or when changing a user account's password. It is never returned from the server. |
phone | false | The user's contact telephone number. |
roles | false | The user's role memberships. |
state | false | The user's current state. One of the following three values: "ACTIVE", "LOCKED", "INACTIVE". "INACTIVE" indicates a "deleted" user account. |
surname | false | The user's family name. |
tags | false | The user's "favorite" tags. |
title | false | The user's job title. |
Object type: meta | ||
---|---|---|
The metadata for an object, including the object type name and the URL reference to the object. | ||
Field | Required | Description |
@href | false | The URL reference to the object. |
type | false | The name of the object type |
Object type: | |
---|---|
The metadata representation of the newly-created user object, including the URL reference to the new object. | |
Field | Description |
meta | The metadata for an object, including the object type name and the URL reference to the object. Definition |
Object type: meta | |
---|---|
The metadata for an object, including the object type name and the URL reference to the object. | |
Field | Description |
@href | The URL reference to the object. |
type | The name of the object type |
Object type: permissions | |
---|---|
The UserPermissions object contains the current permissions for a user in the Sentinel system. | |
Field | Description |
all-events | If true, the user can view all event records in the Sentinel system. If false, the filter value is used to determine the set of events the user is allowed to view. |
chg-pwd | If true, a user can change his own password. |
filter | If non-empty, and AllowAllEvents is false, this value is a filter expression that determines the set of events the user is allowed to view. |
isadmin | If true, the user has administrator privileges. |
perm-set | This collection contains the calculated set of permissions effective for the user based on the user's role memberships. |
POST https://164.99.19.131:8443/SentinelRESTServices/objects/user
{ "auth-dn":"cn=jdoe,dc=users,dc=somecompany,dc=com", "phone":"(212) 555-1212", "desc":"This account is a sample user account.", "fax":"(212) 555-1212", "auth-source":"DATABASE", "old-password":"0ldp@$$w0rd", "cell":"(212) 555-1212", "surname":"Doe", "password":"p@$$w0rd", "title":"PCI Compliance Manager", "given":"John", "email":"jdoe@somecompany.com", "name":"jdoe", "dept":"Accounting", "tags":[ "PCI" ], "roles":[ "https://164.99.19.131:8443/SentinelRESTServices/objects/role/79600390-9B73-102E-A3E2-001676E4A757" ], "state":"INACTIVE" }
Location:https://164.99.19.131:8443/SentinelRESTServices/objects/user/42
{ "meta":{ "type":"user", "@href":"https://164.99.19.131:8443/SentinelRESTServices/objects/user/42" } }