Get security events data from your security configurations. Get data in one of two modes: offset or time-based. Both modes order event logs based on their storage time in the database, not the time when the events actually occurred. This may result in delayed event logs in subsequent offset requests, or older event logs in time-based requests. If the connection is disrupted, use time-based mode to go back and replay security events within the last 12 hours. Use offset
and limit
parameters in offset mode. Use from
, to
and limit
parameters in time-based mode. The potentially large response contains a series of JSON objects, each separated with a line break and each corresponding to a security event. The last line of the response is a ResponseContext object that provides total
records fetched, an offset
to use a starting point for the next batch of data, and limit
which shows if the fetch operation reached the limit you set. Run this operation continuously as long as it returns new logs to ensure you don't miss any. The API may return a maximum of 600,000 logs per request, while your configurations might generate many more in periods of high traffic.
get https://{hostname}/siem/v1/configs/
Fetch security events in offset mode
Open Recipe
Fetch security event in time-based mode
Open Recipe