Devo API

the devo platform is a cloud based data analytics platform that allows you to collect, analyze, and visualize large volumes of data from various sources the devo api connector enables automated interactions with devo's platform, allowing users to run queries and retrieve alerts programmatically devo is a powerful analytics platform that provides real time insights for security operations the devo api turbine connector allows users to seamlessly integrate devo's alerting and query capabilities into swimlane turbine's low code automation workflows by leveraging this connector, users can obtain a list of triggered alerts, filter them based on various parameters, and execute custom queries within the devo platform this integration enhances the swimlane turbine platform by enabling advanced data analysis and streamlined incident response, ultimately improving the efficiency and effectiveness of security operations prerequisites to effectively utilize the devo api connector with swimlane turbine, ensure you have the following http bearer authentication with these parameters url the endpoint url for the devo api token a valid oauth bearer token for authentication api key authentication with these parameters url the endpoint url for the devo api authentication token an api key provided by devo for secure access asset you can generate a token in the administration → credentials area of https //docs devo com/space/latest/95128442#api key & api secret to authorize your request capabilities query action get alerts notes for more details, please refer to the https //docs devo com/space/latest/127926341/working+with+triggered+alerts+using+the+api configurations devo api key authentication authenticates using an api key configuration parameters parameter description type required url a url to the target host url https //api us devo com string required standalonetoken authentication token string required verify ssl verify ssl certificate boolean optional http proxy a proxy to route requests through string optional http bearer authentication authenticates using bearer oauth token configuration parameters parameter description type required url a url to the target host ie https //apiv2 us devo com string required token the api token string required verify ssl verify ssl certificate boolean optional http proxy a proxy to route requests through string optional actions get alerts obtain a list of triggered alerts within a specified time range from devo api, with options to limit and offset results endpoint url alerts/v1/alerts/list method get input argument name type required description parameters limit number required maximum number of elements returned in the response parameters offset number required position of the first element in the returned list you will retrieve a subset of records starting with the offset value enter 0 if you don't want to specify a subset parameters from number required filters all alerts triggered after this date this must by an epoch time in milliseconds parameters to number required filters all alerts triggered before this date this must by an epoch time in milliseconds parameters orderby string optional order the alerts by a specific field parameters orderasc boolean optional set this parameter to true to retrieve the alert list in ascending order parameters showall boolean optional set this parameter to true to retrieve all the triggered alerts, including the ones with false positive and closed status the default value is false input example {"parameters" {"limit" 10,"offset" 0,"from" 1654008600000,"to" 1654008900000,"orderby" "id","orderasc"\ true,"showall"\ true}} output parameter type description status code number http status code of the response reason string response reason phrase headers object http headers for the request output example {"status code" 200,"reason" "ok","headers" {},"json body" \[{"id" 0,"domain" "string","priority" 0,"context" "string","category" "string","srcport" 0,"srcip" "string","srchost" "string","dstip" "string","dstport" 0,"dsthost" "string","protocol" "string","username" "string","application" "string","engine" "string"}]} get query run a specified query within the devo platform using a time range defined by 'from' and 'to' parameters endpoint url /search/query method post input argument name type required description query string optional parameter for get query queryid string optional unique identifier from string optional parameter for get query to string optional parameter for get query mode string optional parameter for get query dateformat string optional parameter for get query timezone string optional parameter for get query offset number optional parameter for get query skip number optional parameter for get query limit number optional parameter for get query ipasstring boolean optional parameter for get query vaultname string optional name of the resource progressinfo boolean optional parameter for get query allowpartialresults boolean optional result of the operation keepalive string optional parameter for get query input example {"json body" {"query" "from demo ecommerce data select ","queryid" "query 1","from" "1h","to" "now","mode" "json","dateformat" "default","timezone" "gmt 1","offset" 1,"skip" 1,"limit" 100,"ipasstring"\ true,"vaultname" "low","progressinfo"\ false,"allowpartialresults"\ false,"keepalive" "empty"}} output parameter type description status code number http status code of the response reason string response reason phrase headers object http headers for the request details object output field details details status number status value details cid string unique identifier details timestamp number output field details timestamp details msg string output field details msg details object array output field details object details object eventdate string date value details object host string output field details object host details object memory heap used string output field details object memory heap used details object memory non heap used string output field details object memory non heap used output example {"status code" 200,"reason" "ok","headers"\ null,"details" {"status" 0,"cid" "ue7bt8pfmn","timestamp" 1528308389081,"msg" "","object" \[{},{},{}]}} response headers header description example content type the media type of the resource application/json date the date and time at which the message was originated thu, 01 jan 2024 00 00 00 gmt