Events
This Public Experimental API gets a collection of events or an individual event.
Note
Use this Events API instead of Audit Events.
Events include logging a user in or out of the PCE, granting a user a role, pairing or unpairing a workload, and creating a label, ruleset, or IP list.
Event Types
For a complete list of JSON events, descriptions, CEF/LEEF success events, and CEF/LEEF failure events, see List of Event Types
Event API Methods
Functionality | HTTP | URI |
|---|---|---|
Get a collection of events. |
|
|
Get an individual event. |
|
|
Get Events
This API gets a collection of events or a specific event identified by an event ID (in the form of a UUID).
Get Events Collection
When getting a collection of events, be aware of the following caveats:
Use the
max_resultsquery parameter to increase the maximum number of events returned.The largest value accepted for
max_resultsis 10000. To return more than 10000 events, use Asynchronous GET Collection.
URI to Get a Collection of Events
GET [api_version][org_href]/events
URI to Get an Individual Event
GET [api_version][event_href]
Events Reference
This topic covers properties, parameters, and examples of events.
Parameters
Parameter | Description | Type |
|---|---|---|
| Organization ID in which the event occurred. | Integer |
| Information about the person, agent, or system that created the event. Created by system:
Created by user properties:
Created by workload properties:
| String |
| Type of the event specified by the If no query parameters are given, all event types are returned. See the response properties table below for types of events returned from a GET call. | String |
| Maximum number of events to return. The default is 100, and the maximum is 10000. | Integer |
| Severity level of the events retrieved. Values include:
| String |
| Status of the event, either | String |
| Event start timestamp in RFC 3339 format. | String |
| Event end timestamp in RFC 3339 format. | String |
Properties
Parameter | Description | Type |
|---|---|---|
| Type of the event specified by the If no query parameters are given, all event types are returned. See the response properties table below for types of events returned from a GET call. | String |
| Status of the event; usually a mapping of For presentation purposes only. | String |
| Severity level of the events retrieved. Values include:
| String |
| Information about the person, agent, or system that created the event. Created by system:
Created by user properties:
Created by workload properties:
| String |
Examples
Curl Command to Get an Event
You need the ID of the system event you want to get, which is the number at the end of its HREF path property: "/2/events/68632".
curl -i -X GET https://pce.my-company.com:8443/api/v2/orgs/2/events/12345 -H "Accept: application/json" -u $KEY:$TOKEN
Curl Command Get Event Collection
In this example, only two events are returned because ofmax_events=2.
curl -i -X GET https://pce.my-company.com:8443/api/v2/orgs/2/events?max_results=2 -H "Accept: application/json" -u $KEY:$TOKEN
Example Response
[
{
"href": "/orgs/1/events/xxxxxxx-5f59-46ab-8f18-xxxxxxxxx",
"timestamp": "2019-09-03T01:xx:xx.xxxZ",
"pce_fqdn": "pce.my-company.com",
"created_by": {
"agent": {
"href": "/orgs/1/agents/xxx",
"hostname": "xxx-xxxxx-xxxx"
}
},
"event_type": "agent.clone_detected",
"status": null,
"severity": "info",
"action": null,
"resource_changes": [],
"notifications": [
{
"uuid": "xxxxxxx-e04b-43bc-a64a-xxxxxxxxxx",
"notification_type": "agent.clone_detected",
"info": {
"agent": {
"href": "/orgs/1/agents/xxx",
"name": null,
"hostname": "xxx-xxxxx-xxxx"
}
}
}
]
},
{
"href": "/orgs/1/events/xxxxxxx-60a2-4db4-b0f4-xxxxxxxxxx",
"timestamp": "2019-09-03T0x:xx:xx.xxxZ",
"pce_fqdn": "pce.my-company.com",
"created_by": {
"agent": {
"href": "/orgs/1/agents/xxx",
"hostname": "xxx-xxxxx-xxxx"
}
},
]
}
]