GET /siem/source_addresses

Retrieve a list offense source addresses currently in the system.

Retrieve a list offense source addresses currently in the system.

Table 1. GET /siem/source_addresses resource details
MIME Type

application/json

Table 2. GET /siem/source_addresses request parameter details
Parameter Type Optionality Data Type MIME Type Description

Range

header

Optional

String

text/plain

Optional - Use this parameter to restrict the number of elements that are returned in the list to a specified range. The list is indexed starting at zero.

filter

query

Optional

String

text/plain

Optional - This parameter is used to restrict the elements in a list base on the contents of various fields.

fields

query

Optional

String

text/plain

Optional - Use this parameter to specify which fields you would like to get back in the response. Fields that are not named are excluded. Specify subfields in brackets and multiple fields in the same object are separated by commas.
Table 3. GET /siem/source_addresses response codes
HTTP Response Code Unique Code Description

200

The source address list was retrieved.

422

1005

A request parameter is not valid.

422

1010

The filter parameter is not valid.

500

1020

An error occurred while the source address list was being retrieved.

Response Description

An array of source address objects. A source address object contains the following fields:
  • id - Number - The ID of the source.
  • source_ip - String - The IP address.
  • magnitude - Number - The magnitude of the source address.
  • network - String - The network of the source address.
  • offense_ids - Array of Numbers - List of offense IDs the source is part of.
  • local_destination_address_ids - Array of Numbers - List of local destination address IDs associated with the source address.
  • event_flow_count - Number - The number of events and flows that are associated with the source.
  • first_event_flow_seen - Number - The number of milliseconds since epoch when the first event or flow was seen.
  • last_event_flow_seen - Number - The number of milliseconds since epoch when the last event or flow was seen.
  • domain_id - Number - The ID of associated domain.

Response Sample


[
    {
        "domain_id": 42,
        "event_flow_count": 42,
        "first_event_flow_seen": 42,
        "id": 42,
        "last_event_flow_seen": 42,
        "local_destination_address_ids": [
            42
        ],
        "magnitude": 42,
        "network": "String",
        "offense_ids": [
            42
        ],
        "source_ip": "String"
    }
]