Armis Centrix

this connector gives ability to pull in alerts, and device details from armis centrix platform in swimlane turbine prerequisites an url , and a secret api key required to authenticate armis centrix connector capabilities this connector provides the following capabilities get device info search alerts tag device untag device update alert status configurations armis centrix custom authentication authenticates using secret key configuration parameters parameter description type required url a url to the target host string required secret key secret api key string required verify ssl verify ssl certificate boolean optional http proxy a proxy to route requests through string optional actions get device info get device information for given identifier such as ip, mac, device id and search also must provide exactly one of 'id', 'ip', 'mac', 'search', or 'tag' endpoint url /api/v1/devices/ method get input argument name type required description id number optional the armis device id ip string optional the ipv4 or ipv6 address of the device(s) mac string optional the mac address of the device(s) tag string optional the tag of the device(s) search string optional the search string fields string optional fields to show if omitted, returns a default subset of fields from number optional paging from length number optional paging from output parameter type description status code number http status code of the response reason string response reason phrase data object response data count number count value data array response data accessswitch object output field accessswitch boundaries string output field boundaries businessimpact string output field businessimpact category string output field category customproperties object output field customproperties datasources array response data file name string name of the resource file string output field file firstseen string output field firstseen id number unique identifier ipaddress string output field ipaddress ipv6 object output field ipv6 lastseen string output field lastseen macaddress string output field macaddress manufacturer string output field manufacturer model string output field model name string name of the resource names string name of the resource operatingsystem object output field operatingsystem operatingsystemversion object output field operatingsystemversion example \[ { "status code" 200, "response headers" { "date" "thu, 29 feb 2024 09 46 48 gmt", "content type" "application/json", "content length" "816", "connection" "keep alive", "content encoding" "gzip", "cf cache status" "dynamic", "server" "cloudflare", "cf ray" "85cffb7069d585d8 bom", "alt svc" "h3=\\" 443\\"; ma=86400" }, "reason" "ok", "json body" { "data" {}, "success" true } } ] search alerts returns search results for given aql search query endpoint url /api/v1/search/ method get input argument name type required description aql string required the aql search string fields string optional fields to show if omitted, returns a default subset of fields from number optional information about paging from length number optional information about paging length includetotal boolean optional if set to "false", the total count will not be calculated orderby string optional sort order for results, values separated by commas default direction is asc tz string optional the time zone to run the query with output parameter type description status code number http status code of the response reason string response reason phrase data object response data count number count value next number output field next prev number output field prev results array result of the operation activityuuids array unique identifier affecteddevicescount number count value alertid number unique identifier classification string output field classification connectionids array unique identifier file name string name of the resource file string output field file description string output field description deviceids array unique identifier policyid object unique identifier policylabels object output field policylabels policytitle object output field policytitle severity string output field severity status string status value time string time value title string output field title type string type of the resource total string output field total example \[ { "status code" 200, "response headers" { "date" "thu, 29 feb 2024 09 01 52 gmt", "content type" "application/json", "content length" "802", "connection" "keep alive", "content encoding" "gzip", "cf cache status" "dynamic", "server" "cloudflare", "cf ray" "85cfb99e6d0185d8 bom", "alt svc" "h3=\\" 443\\"; ma=86400" }, "reason" "ok", "json body" { "data" {}, "success" true } } ] tag device add tags to device endpoint url /api/v1/devices/{{device id}}/tags/ method post input argument name type required description device id number required unique identifier tags array required parameter for tag device output parameter type description status code number http status code of the response reason string response reason phrase success boolean whether the operation was successful example \[ { "status code" 200, "response headers" { "date" "thu, 29 feb 2024 09 57 38 gmt", "content type" "application/json", "content length" "17", "connection" "keep alive", "cf cache status" "dynamic", "server" "cloudflare", "cf ray" "85d00b4acd8d85d8 bom", "alt svc" "h3=\\" 443\\"; ma=86400" }, "reason" "ok", "json body" { "success" true } } ] untag device remove tags from device endpoint url /api/v1/devices/{{device id}}/tags/ method delete input argument name type required description device id number required unique identifier tags array required parameter for untag device output parameter type description status code number http status code of the response reason string response reason phrase success boolean whether the operation was successful example \[ { "status code" 200, "response headers" { "date" "thu, 29 feb 2024 10 03 08 gmt", "content type" "application/json", "content length" "17", "connection" "keep alive", "cf cache status" "dynamic", "server" "cloudflare", "cf ray" "85d013608aec85d8 bom", "alt svc" "h3=\\" 443\\"; ma=86400" }, "reason" "ok", "json body" { "success" true } } ] update alert status update alert status by given alert id endpoint url /api/v1/alerts/{{alert id}}/ method patch input argument name type required description alert id number optional unique identifier headers object required http headers for the request content type string optional type of the resource data body object required response data status string optional the status of the designated alert output parameter type description status code number http status code of the response reason string response reason phrase success boolean whether the operation was successful example \[ { "status code" 200, "response headers" { "date" "thu, 29 feb 2024 09 30 03 gmt", "content type" "application/json", "content length" "17", "connection" "keep alive", "cf cache status" "dynamic", "server" "cloudflare", "cf ray" "85cfe2dee83c85d8 bom", "alt svc" "h3=\\" 443\\"; ma=86400" }, "reason" "ok", "json body" { "success" true } } ] response headers header description example alt svc http response header alt svc h3=" 443 "; ma=86400 cf cache status http response header cf cache status dynamic cf ray http response header cf ray 85d00b4acd8d85d8 bom connection http response header connection keep alive content encoding http response header content encoding gzip content length the length of the response body in bytes 816 content type the media type of the resource application/json date the date and time at which the message was originated thu, 29 feb 2024 09 30 03 gmt server information about the software used by the origin server cloudflare notes search alerts action can search below entities with the help of aql search string as below given example { "aql" "in\ devices name (system)" } { "aql" "in\ alerts alertid (57)" } alerts devices activity application businessapplications connections users operatingsystems riskfactors vulnerabilities for swagger docs login here https //integration partner armis com/api/v1/docs using your username and password