You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: alsdkdefs/apis/iris/iris.v3.yaml
+274-4Lines changed: 274 additions & 4 deletions
Original file line number
Diff line number
Diff line change
@@ -292,7 +292,7 @@ paths:
292
292
content:
293
293
application/json:
294
294
schema:
295
-
$ref: '#/components/schemas/IncidentsByTime'
295
+
$ref: '#/components/schemas/IncidentList'
296
296
examples:
297
297
Incidents by time response example:
298
298
value:
@@ -402,6 +402,274 @@ paths:
402
402
name: return_value
403
403
in: query
404
404
description: Comma delimited list of dot-notation string names of desired properties in the result set. Use if you only want a subset of attributes from each incident
405
+
'/iris/v3/{account_id}/partner_incidents':
406
+
get:
407
+
summary: Get incidents for an account and all accounts managed by it in a timespan.
408
+
tags:
409
+
- Partner API
410
+
responses:
411
+
'200':
412
+
description: OK
413
+
content:
414
+
application/json:
415
+
schema:
416
+
$ref: '#/components/schemas/IncidentList'
417
+
examples:
418
+
Partner incidents response example:
419
+
value:
420
+
- accountId: number
421
+
all_assets:
422
+
- object
423
+
asset_deployment_type: string
424
+
asset_host_name: string
425
+
asset_native_account_id: string
426
+
assets:
427
+
__asset: object
428
+
__contentType: string
429
+
__messageId: string
430
+
__normalizedTime: string
431
+
__relatedOrAssociated: string
432
+
__source: string
433
+
__uuid: string
434
+
al__deployment: string
435
+
al__subnet: string
436
+
al__vpc: string
437
+
attacker:
438
+
ip: string
439
+
attacker_lset:
440
+
- object
441
+
createTime: number
442
+
createtimeStr: string
443
+
customer: string
444
+
customer_status:
445
+
status: string
446
+
status_change_time: string
447
+
defaultThreatRating: string
448
+
has_assets: boolean
449
+
humanFriendlyId: string
450
+
incident:
451
+
attackClassId: number
452
+
attackClassId_str: string
453
+
subType: string
454
+
summary: string
455
+
threatRating: string
456
+
type: string
457
+
incidentId: string
458
+
incident_attack_class: string
459
+
incident_escalated: string
460
+
incident_sub_type: string
461
+
iris_incident_version: number
462
+
iris_notifications: boolean
463
+
snooze_status:
464
+
period_ms: number
465
+
reason_code: string
466
+
snoozed: boolean
467
+
sources:
468
+
- string
469
+
updateTime: number
470
+
updatetime_str: string
471
+
victim:
472
+
ip: string
473
+
victim_lset:
474
+
- object
475
+
'400':
476
+
description: Bad request
477
+
content:
478
+
application/json:
479
+
schema:
480
+
$ref: '#/components/schemas/ErrorResponse'
481
+
examples:
482
+
Missing start/end time:
483
+
value:
484
+
code: 400
485
+
error: start_time and end_time query strings must be provided
486
+
Invalid timestamp:
487
+
value:
488
+
code: 400
489
+
error: time_stamp query string must be updateTime or createTime
490
+
Invalid arguments:
491
+
value:
492
+
code: 400
493
+
error: Invalid arguments
494
+
'401':
495
+
description: Unauthorized
496
+
'403':
497
+
description: Forbidden
498
+
'500':
499
+
description: Internal Server Error
500
+
operationId: partner_account_incidents
501
+
description: Get incidents over a timerange for account and all accounts managed by it.
502
+
security:
503
+
- X-AIMS-Auth-Token: []
504
+
x-code-samples:
505
+
- lang: Request Sample
506
+
source: |
507
+
curl -X GET "https://api.cloudinsight.alerlogic.com/iris/v3/12345678/partner_incidents?start_time=1577836800&end_time=1577923200"
508
+
parameters:
509
+
- schema:
510
+
type: string
511
+
name: account_id
512
+
in: path
513
+
required: true
514
+
description: AIMS Account ID
515
+
- schema:
516
+
type: string
517
+
name: start_time
518
+
in: query
519
+
required: true
520
+
description: 'Time to begin span, either epoch timestamp or an ISO string'
521
+
- schema:
522
+
type: string
523
+
name: end_time
524
+
in: query
525
+
required: true
526
+
description: 'Time to end span, either epoch timestamp or an ISO string'
527
+
- schema:
528
+
type: string
529
+
name: return_value
530
+
in: query
531
+
description: Comma delimited list of dot-notation string names of desired properties in the result set. Use if you only want a subset of attributes from each incident
532
+
- schema:
533
+
type: string
534
+
name: time_stamp
535
+
in: query
536
+
description: The timestamp to search for incidents with, either 'createTime' or 'updateTime'
537
+
- schema:
538
+
type: string
539
+
name: aid
540
+
in: query
541
+
description: A comma delimited list of accounts managed by account_id to return. E.g aid=10,11,12,13
542
+
'/iris/v3/partner_incidents':
543
+
get:
544
+
summary: Get incidents for caller account and all accounts managed by it in a timespan.
545
+
tags:
546
+
- Partner API
547
+
responses:
548
+
'200':
549
+
description: OK
550
+
content:
551
+
application/json:
552
+
schema:
553
+
$ref: '#/components/schemas/IncidentList'
554
+
examples:
555
+
Partner incidents response example:
556
+
value:
557
+
- accountId: number
558
+
all_assets:
559
+
- object
560
+
asset_deployment_type: string
561
+
asset_host_name: string
562
+
asset_native_account_id: string
563
+
assets:
564
+
__asset: object
565
+
__contentType: string
566
+
__messageId: string
567
+
__normalizedTime: string
568
+
__relatedOrAssociated: string
569
+
__source: string
570
+
__uuid: string
571
+
al__deployment: string
572
+
al__subnet: string
573
+
al__vpc: string
574
+
attacker:
575
+
ip: string
576
+
attacker_lset:
577
+
- object
578
+
createTime: number
579
+
createtimeStr: string
580
+
customer: string
581
+
customer_status:
582
+
status: string
583
+
status_change_time: string
584
+
defaultThreatRating: string
585
+
has_assets: boolean
586
+
humanFriendlyId: string
587
+
incident:
588
+
attackClassId: number
589
+
attackClassId_str: string
590
+
subType: string
591
+
summary: string
592
+
threatRating: string
593
+
type: string
594
+
incidentId: string
595
+
incident_attack_class: string
596
+
incident_escalated: string
597
+
incident_sub_type: string
598
+
iris_incident_version: number
599
+
iris_notifications: boolean
600
+
snooze_status:
601
+
period_ms: number
602
+
reason_code: string
603
+
snoozed: boolean
604
+
sources:
605
+
- string
606
+
updateTime: number
607
+
updatetime_str: string
608
+
victim:
609
+
ip: string
610
+
victim_lset:
611
+
- object
612
+
'400':
613
+
description: Bad request
614
+
content:
615
+
application/json:
616
+
schema:
617
+
$ref: '#/components/schemas/ErrorResponse'
618
+
examples:
619
+
Missing start/end time:
620
+
value:
621
+
code: 400
622
+
error: start_time and end_time query strings must be provided
623
+
Invalid timestamp:
624
+
value:
625
+
code: 400
626
+
error: time_stamp query string must be updateTime or createTime
627
+
Invalid arguments:
628
+
value:
629
+
code: 400
630
+
error: Invalid arguments
631
+
'401':
632
+
description: Unauthorized
633
+
'403':
634
+
description: Forbidden
635
+
'500':
636
+
description: Internal Server Error
637
+
operationId: partner_incidents
638
+
description: Get incidents over a timerange for caller account and all accounts managed by it.
639
+
security:
640
+
- X-AIMS-Auth-Token: []
641
+
x-code-samples:
642
+
- lang: Request Sample
643
+
source: |
644
+
curl -X GET "https://api.cloudinsight.alerlogic.com/iris/v3/partner_incidents?start_time=1577836800&end_time=1577923200"
645
+
parameters:
646
+
- schema:
647
+
type: string
648
+
name: start_time
649
+
in: query
650
+
required: true
651
+
description: 'Time to begin span, either epoch timestamp or an ISO string'
652
+
- schema:
653
+
type: string
654
+
name: end_time
655
+
in: query
656
+
required: true
657
+
description: 'Time to end span, either epoch timestamp or an ISO string'
658
+
- schema:
659
+
type: string
660
+
name: return_value
661
+
in: query
662
+
description: Comma delimited list of dot-notation string names of desired properties in the result set. Use if you only want a subset of attributes from each incident
663
+
- schema:
664
+
type: string
665
+
name: time_stamp
666
+
in: query
667
+
description: The timestamp to search for incidents with, either 'createTime' or 'updateTime'
668
+
- schema:
669
+
type: string
670
+
name: aid
671
+
in: query
672
+
description: A comma delimited list of accounts managed by account_id to return. E.g aid=10,11,12,13
405
673
'/iris/v3/{account_id}/{incident_id}/complete':
406
674
post:
407
675
summary: Complete / close an incident
@@ -856,12 +1124,12 @@ components:
856
1124
description: Values returned by the query
857
1125
stats:
858
1126
type: object
859
-
IncidentsByTime:
860
-
title: IncidentsByTime
1127
+
IncidentList:
1128
+
title: Incident list
861
1129
type: array
862
1130
items:
863
1131
$ref: '#/components/schemas/Incident'
864
-
description: IncidentsByTime list
1132
+
description: Incident list
865
1133
CustomerFeedback:
866
1134
title: CustomerFeedback
867
1135
type: object
@@ -966,5 +1234,7 @@ components:
966
1234
tags:
967
1235
- name: Incident operations
968
1236
description: IRIS incident operations
1237
+
- name: Partner API
1238
+
description: Multiple account operations
969
1239
- name: UI operations
970
1240
description: IRIS operations available through the console
0 commit comments