GET /config/event_sources/custom_properties/property_cef_expressions/{expression_id}

Retrieves a CEF expression based on the supplied identifier.

Retrieves a CEF expression based on the supplied identifier.

Table 1. GET /config/event_sources/custom_properties/property_cef_expressions/{expression_id} resource details
MIME Type

application/json

Table 2. GET /config/event_sources/custom_properties/property_cef_expressions/{expression_id} request parameter details
Parameter Type Optionality Data Type MIME Type Description

expression_id

path

Required

String

text/plain

Required - The identifier of the CEF expression.

fields

query

Optional

String

text/plain

Optional - Use this parameter to specify which fields you would like to get back in the response. Fields that are not named are excluded. Specify subfields in brackets and multiple fields in the same object are separated by commas.
Table 3. GET /config/event_sources/custom_properties/property_cef_expressions/{expression_id} response codes
HTTP Response Code Unique Code Description

200

The requested CEF expression was successfully retrieved.

404

1002

The requested CEF expression cannot be found.

500

1020

An error occurred during the attempt to retrieve the requested CEF expression.

Response Description

A CEF expression that contains the following fields:
  • id - Integer - The sequence ID of the CEF expression.
  • identifier - String - The unique ID of the CEF expression. This value is in the form of a UUID.
  • regex_property_identifier - String - The identifier of the event regex property that this expression belongs to.
  • enabled - Boolean - Flag that indicates whether this expression is enabled.
  • expression - String - The CEF expression path to find the property value from the CEF payload.
  • payload - String - Test payload. This parameter is only used in the UI so that you can verify that your expression matches the expected payload.
  • log_source_type_id - Integer - The expression is only applied to events for this log source type.
  • log_source_id - Integer - The expression is only applied to events for this log source (more specific than type alone).
  • qid - Integer - The expression is only applied to events associated with this QID record.
  • low_level_category_id - Integer - The expression is only applied to events with this low level category.
  • username - String - The owner of the CEF expression.

Response Sample


{
    "creation_date": 42,
    "enabled": true,
    "expression": "String",
    "id": 42,
    "identifier": "String",
    "log_source_id": 42,
    "log_source_type_id": 42,
    "low_level_category_id": 42,
    "modification_date": 42,
    "payload": "String",
    "qid": 42,
    "regex_property_identifier": "String",
    "username": "String"
}