Armis Centrix

this connector gives ability to pull in alerts, and device details from armis centrix platform in swimlane turbine prerequisites an url , and a secret api key required to authenticate armis centrix connector capabilities this connector provides the following capabilities get device info search alerts tag device untag device update alert status notes search alerts action can search below entities with the help of aql search string as below given example { "aql" "in\ devices name (system)" } { "aql" "in\ alerts alertid (57)" } alerts devices activity application businessapplications connections users operatingsystems riskfactors vulnerabilities for swagger docs https //integration partner armis com/api/v1/docs using your username and password configurations armis centrix custom authentication authenticates using secret key configuration parameters parameter description type required url a url to the target host string required secret key secret api key string required verify ssl verify ssl certificate boolean optional http proxy a proxy to route requests through string optional actions get device info get device information for given identifier such as ip, mac, device id and search also must provide exactly one of 'id', 'ip', 'mac', 'search', or 'tag' endpoint url /api/v1/devices/ method get input argument name type required description parameters id number optional the armis device id parameters ip string optional the ipv4 or ipv6 address of the device(s) parameters mac string optional the mac address of the device(s) parameters tag string optional the tag of the device(s) parameters search string optional the search string parameters fields string optional fields to show if omitted, returns a default subset of fields parameters from number optional paging from parameters length number optional paging from input example {"parameters" {"id" 1,"ip" "8 8 8 8","mac" "","search" "in\ devices","fields" "","from" 0,"length" 2}} output parameter type description status code number http status code of the response reason string response reason phrase data object response data data count number response data data data array response data data data accessswitch object response data data data boundaries string response data data data businessimpact string response data data data category string response data data data customproperties object response data data data datasources array response data data data datasources file name string response data data data datasources file string response data data data firstseen string response data data data id number response data data data ipaddress string response data data data ipv6 object response data data data lastseen string response data data data macaddress string response data data data manufacturer string response data data data model string response data data data name string response data data data names string response data data data operatingsystem object response data data data operatingsystemversion object response data output example {"status code" 200,"response headers" {"date" "thu, 29 feb 2024 09 46 48 gmt","content type" "application/json","content length" "816","connection" "keep alive","content encoding" "gzip","cf cache status" "dynamic","server" "cloudflare","cf ray" "85cffb7069d585d8 bom","alt svc" "h3=\\" 443\\"; ma=86400"},"reason" "ok","json body" {"data" {"count" 2,"data" \[],"next" 2,"prev"\ null,"total" 3231},"success"\ true}} search alerts returns search results for given aql search query endpoint url /api/v1/search/ method get input argument name type required description parameters aql string required the aql search string parameters fields string optional fields to show if omitted, returns a default subset of fields parameters from number optional information about paging from parameters length number optional information about paging length parameters includetotal boolean optional if set to "false", the total count will not be calculated parameters orderby string optional sort order for results, values separated by commas default direction is asc parameters tz string optional the time zone to run the query with input example {"parameters" {"aql" "in\ alerts","from" 1,"length" 15,"includetotal"\ true,"orderby" "asc"}} output parameter type description status code number http status code of the response reason string response reason phrase data object response data data count number response data data next number response data data prev number response data data results array response data data results activityuuids array response data data results affecteddevicescount number response data data results alertid number response data data results classification string response data data results connectionids array response data data results connectionids file name string response data data results connectionids file string response data data results description string response data data results deviceids array response data data results policyid object response data data results policylabels object response data data results policytitle object response data data results severity string response data data results status string response data data results time string response data data results title string response data data results type string response data data total string response data output example {"status code" 200,"response headers" {"date" "thu, 29 feb 2024 09 01 52 gmt","content type" "application/json","content length" "802","connection" "keep alive","content encoding" "gzip","cf cache status" "dynamic","server" "cloudflare","cf ray" "85cfb99e6d0185d8 bom","alt svc" "h3=\\" 443\\"; ma=86400"},"reason" "ok","json body" {"data" {"count" 5,"next" 6,"prev" 0,"results" \[],"total" "many"},"success"\ true}} tag device add tags to device endpoint url /api/v1/devices/{{device id}}/tags/ method post input argument name type required description path parameters device id number required parameters for the tag device action tags array optional parameter for tag device input example {"json body" {"tags" \["foo","bar"]},"path parameters" {"device id" 1}} output parameter type description status code number http status code of the response reason string response reason phrase success boolean whether the operation was successful output example {"status code" 200,"response headers" {"date" "thu, 29 feb 2024 09 57 38 gmt","content type" "application/json","content length" "17","connection" "keep alive","cf cache status" "dynamic","server" "cloudflare","cf ray" "85d00b4acd8d85d8 bom","alt svc" "h3=\\" 443\\"; ma=86400"},"reason" "ok","json body" {"success"\ true}} untag device remove tags from device endpoint url /api/v1/devices/{{device id}}/tags/ method delete input argument name type required description path parameters device id number required parameters for the untag device action tags array optional parameter for untag device input example {"json body" {"tags" \["foo"]},"path parameters" {"device id" 1}} output parameter type description status code number http status code of the response reason string response reason phrase success boolean whether the operation was successful output example {"status code" 200,"response headers" {"date" "thu, 29 feb 2024 10 03 08 gmt","content type" "application/json","content length" "17","connection" "keep alive","cf cache status" "dynamic","server" "cloudflare","cf ray" "85d013608aec85d8 bom","alt svc" "h3=\\" 443\\"; ma=86400"},"reason" "ok","json body" {"success"\ true}} update alert status update alert status by given alert id endpoint url /api/v1/alerts/{{alert id}}/ method patch input argument name type required description path parameters alert id number optional parameters for the update alert status action headers object required http headers for the request headers content type string optional http headers for the request data body object required response data data body status string optional the status of the designated alert input example {"path parameters" {"alert id" 57},"headers" {"content type" "application/x www form urlencoded"},"data body" {"status" "suppressed"}} output parameter type description status code number http status code of the response reason string response reason phrase success boolean whether the operation was successful output example {"status code" 200,"response headers" {"date" "thu, 29 feb 2024 09 30 03 gmt","content type" "application/json","content length" "17","connection" "keep alive","cf cache status" "dynamic","server" "cloudflare","cf ray" "85cfe2dee83c85d8 bom","alt svc" "h3=\\" 443\\"; ma=86400"},"reason" "ok","json body" {"success"\ true}} response headers header description example alt svc http response header alt svc h3=" 443 "; ma=86400 cf cache status http response header cf cache status dynamic cf ray http response header cf ray 85d00b4acd8d85d8 bom connection http response header connection keep alive content encoding http response header content encoding gzip content length the length of the response body in bytes 802 content type the media type of the resource application/json date the date and time at which the message was originated thu, 29 feb 2024 09 46 48 gmt server information about the software used by the origin server cloudflare