GET /siem/offense_types/{offense_type_id}
Retrieve an offense type structure that describes the properties of an offense type.
Retrieve an Offense Type
| MIME Type |
|---|
application/json |
| Parameter | Type | Optionality | Data Type | MIME Type | Description |
|---|---|---|---|---|---|
offense_type_id |
path |
Required |
Number (Integer) |
text/plain |
Required - int - The offense type id. |
fields |
query |
Optional |
String |
text/plain |
Optional - Use this parameter to specify which fields you would like to get back in the response. Fields that are not named are excluded. Specify subfields in brackets and multiple fields in the same object are separated by commas. |
| HTTP Response Code | Unique Code | Description |
|---|---|---|
200 |
The requested offense type has been retrieved. |
|
404 |
1002 |
The requested offense type cannot be found. |
422 |
1005 |
A request parameter is not valid. |
500 |
1020 |
An error occurred while attempting to retrieve the requested offense type. |
Response Description
The Offense Type with the entered offense_type_id.
- id - Number - The ID of the offense type and what is presented in the offense's offense_type.
- property_name - String - The name of the of the event or flow property represented by this offense type for flow or event properties or the unique identifier for custom flow or event properties.
- name - String - The offense type's name.
- database_type - String - Database where this type is present. Possible values are: EVENTS, FLOWS, or COMMON (if it belongs to both events and flows)
- custom - boolean - True if the offense type is based on a custom flow or event property.
Response Sample
{
"custom": true,
"database_type": "String <one of: EVENTS, FLOWS, COMMON>",
"id": 42,
"name": "String",
"property_name": "String"
}