AlienVault USM Central

the alienvault usm central connector enables streamlined integration with swimlane for enhanced security event management and automated response actions alienvault usm central is a comprehensive threat detection and incident response platform that centralizes security monitoring across distributed environments by integrating with swimlane turbine, users can automate the ingestion and analysis of alarms, streamline asset management, and access critical security dictionaries this connector empowers security teams to efficiently manage and respond to threats by leveraging usm central's rich alarm data and asset information within the turbine ecosystem, enhancing overall security posture and response capabilities prerequisites to effectively utilize the alienvault usm central connector with swimlane, ensure you have the following prerequisites custom authentication credentials with the following parameters url the endpoint url for the alienvault usm central api client id your unique identifier for alienvault usm central api access client secret a secret key provided by alienvault for authenticating api requests capabilities the alienvault usm central connector provides the following capabilities get alarms get assets get dictionaries get alarms id notes https //www alienvault com/documentation/api/av apis htm configurations usm central oauth authentication authenticates using client id and client secret configuration parameters parameter description type required url a url to the target host string required client id client id string required client secret client secret string required verify ssl verify ssl certificate boolean optional http proxy a proxy to route requests through string optional actions retrieve alarm retrieves detailed information for a specified alarm using its unique id (uuid) in alienvault usm central endpoint url api/1 1/alarms/{{alarmid}} method get input argument name type required description path parameters alarmid string required parameters for the retrieve alarm action input example {"path parameters" {"alarmid" "971918fd a589 648a 5a80 1ffcda2a8365"}} output parameter type description status code number http status code of the response results object result of the operation results alarm object result of the operation results alarm rule intent string result of the operation results alarm app type string type of the resource results alarm alarm sensor sources array result of the operation results alarm source username string name of the resource results alarm destination name string name of the resource results alarm rule dictionary string result of the operation results alarm timestamp occured string result of the operation results alarm uuid string unique identifier results alarm authentication type string type of the resource results alarm needs enrichment boolean result of the operation results alarm event type string type of the resource results alarm rule method string http method to use results alarm priority label string result of the operation results alarm suppressed string result of the operation results alarm app id string unique identifier results alarm has alarm string result of the operation results alarm number of events number result of the operation results alarm source name string name of the resource results alarm timestamp received string result of the operation results alarm error message string result of the operation results alarm source asset id string unique identifier results alarm alarm destination zones array result of the operation output example {"status code" 200,"response headers" {"cache control" "no store, no cache","transfer encoding" "chunked","content type" "application/json;odata metadata=minimal;odata streaming=true;ieee754compatible=f ","content encoding" "gzip","vary" "accept encoding","strict transport security" "max age=31536000","request id" "cccf20e1 f938 4314 a076 4bebaff51f34","client request id" "cccf20e1 f938 4314 a076 4bebaff51f34","x ms ags diagnostic" "{\\"serverinfo\\" {\\"datacenter\\" \\"west us\n 2\\",\\"sl retrieve alarms search for and retrieve alarm details from alienvault usm central using specified criteria in the request body endpoint url api/1 1/alarms/search method post input argument name type required description page number optional parameter for retrieve alarms size number optional parameter for retrieve alarms find object optional parameter for retrieve alarms find alarm suppressed array optional parameter for retrieve alarms sort object optional parameter for retrieve alarms sort alarm timestamp occured string optional parameter for retrieve alarms range object optional parameter for retrieve alarms range alarm timestamp occured object optional parameter for retrieve alarms range alarm timestamp occured gte string optional parameter for retrieve alarms range alarm timestamp occured lte string optional parameter for retrieve alarms range alarm timestamp occured timezone string optional parameter for retrieve alarms input example {"json body" {"page" 1,"size" 20,"find" {"alarm suppressed" \["false"]},"sort" {"alarm timestamp occured" "desc"},"range" {"alarm timestamp occured" {"gte" "now 7d","lte" "now","timezone" " 0500"}}}} output parameter type description status code number http status code of the response reason string response reason phrase results array result of the operation results alarm object result of the operation results alarm rule intent string result of the operation results alarm app type string type of the resource results alarm alarm sensor sources array result of the operation results alarm source username string name of the resource results alarm destination name string name of the resource results alarm rule dictionary string result of the operation results alarm account id string unique identifier results alarm timestamp occured string result of the operation results alarm uuid string unique identifier results alarm authentication type string type of the resource results alarm needs enrichment boolean result of the operation results alarm event type string type of the resource results alarm rule method string http method to use results alarm priority label string result of the operation results alarm suppressed string result of the operation results alarm app id string unique identifier results alarm has alarm string result of the operation results alarm number of events number result of the operation results alarm source name string name of the resource results alarm timestamp received string result of the operation results alarm error message string result of the operation output example {"status code" 200,"response headers" {"cache control" "no store, no cache","transfer encoding" "chunked","content type" "application/json;odata metadata=minimal;odata streaming=true;ieee754compatible=f ","content encoding" "gzip","vary" "accept encoding","strict transport security" "max age=31536000","request id" "cccf20e1 f938 4314 a076 4bebaff51f34","client request id" "cccf20e1 f938 4314 a076 4bebaff51f34","x ms ags diagnostic" "{\\"serverinfo\\" {\\"datacenter\\" \\"west us 2\\",\\"slice\\" \\"e\\" retrieve assets search for and retrieve asset information from alienvault usm central, utilizing a json body for input parameters endpoint url api/1 1/assets/search method post input argument name type required description page number optional parameter for retrieve assets size number optional parameter for retrieve assets find object optional parameter for retrieve assets find asset hipaa array optional parameter for retrieve assets sort object optional parameter for retrieve assets sort asset datefound string optional parameter for retrieve assets range object optional parameter for retrieve assets range asset datefound object optional parameter for retrieve assets range asset datefound gte string optional parameter for retrieve assets range asset datefound lte string optional parameter for retrieve assets range asset datefound timezone string optional parameter for retrieve assets input example {"json body" {"page" 1,"size" 20,"find" {"asset hipaa" \["false"]},"sort" {"asset datefound" "desc"},"range" {"asset datefound" {"gte" "now 7d","lte" "now","timezone" " 0500"}}}} output parameter type description status code number http status code of the response reason string response reason phrase results array result of the operation results asset object result of the operation results asset hipaa string result of the operation results asset operatingsystem object result of the operation results asset hostname string name of the resource results asset id string unique identifier results asset devicetype object type of the resource results asset assetoriginuuid string unique identifier results asset nmapexcludefromscan object result of the operation results asset knownasset string result of the operation results asset configurationcount string result of the operation results asset assetoriginname string name of the resource results asset operatingsystemsource object result of the operation results asset assetorigintype string type of the resource results asset alarmcount string result of the operation results asset dateupdated string result of the operation results asset vulnerabilitycount string result of the operation results asset eventcount string result of the operation results asset logo object result of the operation results asset rootdevicetype string type of the resource results asset name string name of the resource results asset datefound string result of the operation results asset region string result of the operation output example {"status code" 200,"response headers" {"cache control" "no store, no cache","transfer encoding" "chunked","content type" "application/json;odata metadata=minimal;odata streaming=true;ieee754compatible=f ","content encoding" "gzip","vary" "accept encoding","strict transport security" "max age=31536000","request id" "cccf20e1 f938 4314 a076 4bebaff51f34","client request id" "cccf20e1 f938 4314 a076 4bebaff51f34","x ms ags diagnostic" "{\\"serverinfo\\" {\\"datacenter\\" \\"west us 2\\",\\"slice\\" \\"e\\" retrieve dictionaries obtain the dictionaries from alienvault usm central, which contain structured information for use in analysis and reporting endpoint url api/1 1/dictionaries method get output parameter type description status code number http status code of the response reason string response reason phrase barracudarules dict object output field barracudarules dict barracudarules dict strategy object output field barracudarules dict strategy barracudarules dict strategy configuration change array output field barracudarules dict strategy configuration change barracudarules dict strategy suspicious security critical event array output field barracudarules dict strategy suspicious security critical event barracudarules dict intent object output field barracudarules dict intent barracudarules dict intent reconnaissance & probing array output field barracudarules dict intent reconnaissance & probing barracudarules dict intent environmental awareness array output field barracudarules dict intent environmental awareness barracudarules dict method object http method to use barracudarules dict method multiple cross site request forgery attempts array http method to use suricatamalwarerules dict object output field suricatamalwarerules dict suricatamalwarerules dict strategy object output field suricatamalwarerules dict strategy suricatamalwarerules dict strategy phishing array output field suricatamalwarerules dict strategy phishing suricatamalwarerules dict intent object output field suricatamalwarerules dict intent suricatamalwarerules dict intent reconnaissance & probing array output field suricatamalwarerules dict intent reconnaissance & probing suricatamalwarerules dict method object http method to use suricatamalwarerules dict method cylance multiple av detections array http method to use output example {"status code" 200,"response headers" {"cache control" "no store, no cache","transfer encoding" "chunked","content type" "application/json;odata metadata=minimal;odata streaming=true;ieee754compatible=f ","content encoding" "gzip","vary" "accept encoding","strict transport security" "max age=31536000","request id" "cccf20e1 f938 4314 a076 4bebaff51f34","client request id" "cccf20e1 f938 4314 a076 4bebaff51f34","x ms ags diagnostic" "{\\"serverinfo\\" {\\"datacenter\\" \\"west us 2\\",\\"slice\\" \\"e\\" response headers header description example cache control directives for caching mechanisms no store, no cache client request id http response header client request id cccf20e1 f938 4314 a076 4bebaff51f34 content encoding http response header content encoding gzip content type the media type of the resource application/json;odata metadata=minimal;odata streaming=true;ieee754compatible=false;charset=utf 8 date the date and time at which the message was originated thu, 29 dec 2022 20 37 23 gmt odata version http response header odata version 4 0 reason http response header reason created request id http response header request id cccf20e1 f938 4314 a076 4bebaff51f34 strict transport security http response header strict transport security max age=31536000 transfer encoding http response header transfer encoding chunked vary http response header vary accept encoding x ms ags diagnostic http response header x ms ags diagnostic {"serverinfo" {"datacenter" "west us 2","slice" "e","ring" "1","scaleunit" "002","roleinstance" "mwh0epf00070f96"}}