Devo Api

the devo platform is a cloud based data analytics platform that allows you to collect, analyze, and visualize large volumes of data from various sources devo is a data analytics platform that provides real time insights and analytics for large volumes of data devo is a real time security analytics platform that provides comprehensive visibility and insights into security events the devo api connector allows swimlane turbine users to seamlessly integrate devo's capabilities, enabling automated retrieval of alerts and execution of queries within specified time ranges this integration enhances the efficiency of security operations by automating data collection and analysis, allowing users to focus on critical threat response activities prerequisites before you can use the devo api connector for turbine, you'll need access to the devo api this requires the following an api key authentication using the following parameters url the endpoint for accessing the devo api authentication token a token used to authenticate api requests and http bearer authorization using the following parameters url the endpoint for accessing the devo api token a bearer token used for oauth authentication asset you can generate a token in the administration → credentials area of https //docs devo com/space/latest/95128442#api key & api secret to authorize your request capabilities query action get alerts notes for more details, please refer to the https //docs devo com/space/latest/127926341/working+with+triggered+alerts+using+the+api additional documentation https //docs swimlane com/connectors/devo api https //docs devo com/space/latest/127926341/working+with+triggered+alerts+using+the+api configurations devo api key authentication authenticates using an api key configuration parameters parameter description type required url a url to the target host url https //api us devo com string required standalonetoken authentication token string required verify ssl verify ssl certificate boolean optional http proxy a proxy to route requests through string optional http bearer authentication authenticates using bearer oauth token configuration parameters parameter description type required url a url to the target host ie https //apiv2 us devo com string required token the api token string required verify ssl verify ssl certificate boolean optional http proxy a proxy to route requests through string optional actions get alerts obtain a list of triggered alerts within a specified time range from devo api, with options to limit and offset results endpoint url alerts/v1/alerts/list method get input argument name type required description parameters limit number required maximum number of elements returned in the response parameters offset number required position of the first element in the returned list you will retrieve a subset of records starting with the offset value enter 0 if you don't want to specify a subset parameters from number required filters all alerts triggered after this date this must by an epoch time in milliseconds parameters to number required filters all alerts triggered before this date this must by an epoch time in milliseconds parameters orderby string optional order the alerts by a specific field parameters orderasc boolean optional set this parameter to true to retrieve the alert list in ascending order parameters showall boolean optional set this parameter to true to retrieve all the triggered alerts, including the ones with false positive and closed status the default value is false input example {"parameters" {"limit" 10,"offset" 0,"from" 1654008600000,"to" 1654008900000,"orderby" "id","orderasc"\ true,"showall"\ true}} output parameter type description status code number http status code of the response reason string response reason phrase headers object http headers for the request output example {"status code" 200,"reason" "ok","headers" {},"json body" \[{"id" 0,"domain" "string","priority" 0,"context" "string","category" "string","srcport" 0,"srcip" "string","srchost" "string","dstip" "string","dstport" 0,"dsthost" "string","protocol" "string","username" "string","application" "string","engine" "string"}]} get query run a specified query within the devo platform using a time range defined by 'from' and 'to' parameters endpoint url /search/query method post input argument name type required description query string optional parameter for get query queryid string optional unique identifier from string optional parameter for get query to string optional parameter for get query mode string optional parameter for get query dateformat string optional parameter for get query timezone string optional parameter for get query offset number optional parameter for get query skip number optional parameter for get query limit number optional parameter for get query ipasstring boolean optional parameter for get query vaultname string optional name of the resource progressinfo boolean optional parameter for get query allowpartialresults boolean optional result of the operation keepalive string optional parameter for get query input example {"json body" {"query" "from demo ecommerce data select ","queryid" "query 1","from" "1h","to" "now","mode" "json","dateformat" "default","timezone" "gmt 1","offset" 1,"skip" 1,"limit" 100,"ipasstring"\ true,"vaultname" "low","progressinfo"\ false,"allowpartialresults"\ false,"keepalive" "empty"}} output parameter type description status code number http status code of the response reason string response reason phrase headers object http headers for the request details object output field details details status number status value details cid string unique identifier details timestamp number output field details timestamp details msg string output field details msg details object array output field details object details object eventdate string date value details object host string output field details object host details object memory heap used string output field details object memory heap used details object memory non heap used string output field details object memory non heap used output example {"status code" 200,"reason" "ok","headers"\ null,"details" {"status" 0,"cid" "ue7bt8pfmn","timestamp" 1528308389081,"msg" "","object" \[{},{},{}]}} response headers header description example content type the media type of the resource application/json date the date and time at which the message was originated thu, 01 jan 2024 00 00 00 gmt