GET /siem/offense_types

Retrieve all the Offense Types

Retrieve all Offense Types

Table 1. GET /siem/offense_types resource details
MIME Type

application/json

Table 2. GET /siem/offense_types request parameter details
Parameter Type Optionality Data Type MIME Type Description

filter

query

Optional

String

text/plain

Optional - This parameter is used to restrict the elements in a list base on the contents of various fields.

fields

query

Optional

String

text/plain

Optional - Use this parameter to specify which fields you would like to get back in the response. Fields that are not named are excluded. Specify subfields in brackets and multiple fields in the same object are separated by commas.

sort

query

Optional

String

text/plain

Optional - This parameter is used to sort the elements in a list.

Range

header

Optional

String

text/plain

Optional - Use this parameter to restrict the number of elements that are returned in the list to a specified range. The list is indexed starting at zero.

Table 3. GET /siem/offense_types response codes
HTTP Response Code Unique Code Description

200

The requested offense types list has been retrieved.

422

1005

A request parameter is not valid.

422

1012

The selected field cannot be used for sorting or it does not exist.

500

1020

An error occurred while attempting to retrieve the offense type list.

Response Description

The Offense Types that exist at the moment. Offense types may include custom flow/event properties only if they have been selected as part of a rule action or rule response limiter.
  • id - Number - The ID of the offense type and what is presented in the offense's offense_type.
  • property_name - String - The name of the event or flow property represented by this offense type for flow or event properties or the unique identifier for custom flow or event properties.
  • name - String - The offense type's name.
  • database_type - String - Database where this type is present. Possible values are: EVENTS, FLOWS, or COMMON (if it belongs to both events and flows)
  • custom - boolean - True if the offense type is based on a custom flow or event property.
The following field can be sorted on: id.

Response Sample


[
    {
        "custom": true,
        "database_type": "String <one of: EVENTS, FLOWS, COMMON>",
        "id": 42,
        "name": "String",
        "property_name": "String"
    }
]