Get Security Events

5 min

description retrieve all privileged threat analytics (pta) security events from cyberark to monitor and analyze threats endpoint url /passwordvault/api/pta/api/events/ method get inputs parameters (object) fromupdatedate (number) the starting date to get the security events from (calculated by the number of seconds since 1970) status (string) the status of the security event (open or closed) accountid (string) the unique account identifier of the account that is referred to in the security event output example \[ { "status code" 200, "response headers" {}, "reason" "success", "json body" \[ { "id" "444445e56bbb0b0a063f4444", "type" "psmsuspiciousactivity", "score" 70, "createtime" 1586134861000, "lastupdatetime" 1586134861000, "audits" \[ { "id" "5e3045e56bbb0b0a063fbbbb", "type" "psm ssh command", "sensortype" "vault", "action" "psm command", "psmcommand" "bla", "createtime" 1586134861000, "vaultuser" "vuser", "account" { "accountasstr" "hi2\@example cyber ark co il", "type" "local unix", "account" { "mtarget" { "moriginaladdress" "10 1 8 182", "mresolvedaddress" { "moriginaladdress" "10 1 8 182", "maddress" "10 1 8 182", "mhostname" "cyber", "mfqdn" "example cyber ark co il" } }, "muser" "hi2" } }, "source" { "moriginaladdress" "1 1 1 1" }, "target" { "moriginaladdress" "10 1 8 182", "mresolvedaddress" { "moriginaladdress" "10 1 8 182", "maddress" "10 1 8 182", "mhostname" "cyber", "mfqdn" "example cyber ark co il" } }, "clouddata" {} } ], "additionaldata" { "matchpatterns" "kill( )" }, "mstatus" "open" }, { "id" "555545e56aaa0b0a063ff555", "type" "psmsuspiciousactivity", "score" 70, "createtime" 1586134862000, "lastupdatetime" 1586134862000, "audits" \[ { "id" "5e3045e56bbb0b0a063faaaa", "type" "psm ssh command", "sensortype" "vault", "action" "psm command", "psmcommand" "bla", "createtime" 1586134861000, "vaultuser" "vuser", "account" { "accountasstr" "hi2\@example cyber ark co il", "type" "local unix", "account" { "mtarget" { "moriginaladdress" "10 1 8 182", "mresolvedaddress" { "moriginaladdress" "10 1 8 182", "maddress" "10 1 8 182", "mhostname" "cyber", "mfqdn" "example cyber ark co il" } }, "muser" "hi2" } }, "source" { "moriginaladdress" "1 1 1 1" }, "target" { "moriginaladdress" "10 1 8 182", "mresolvedaddress" { "moriginaladdress" "10 1 8 182", "maddress" "10 1 8 182", "mhostname" "cyber", "mfqdn" "example cyber ark co il" } }, "clouddata" {}, "accountid" "id 1" } ], "additionaldata" { "matchpatterns" "kill( )" }, "mstatus" "closed", "closereason" "handled", "reasontext" "handled by soc team" } ] } ] output parameters status code (number) reason (string) json body (array) id (string) type (string) score (number) createtime (number) lastupdatetime (number) audits (array) id (string) type (string) sensortype (string) action (string) psmcommand (string) createtime (number) vaultuser (string) account (object) accountasstr (string) type (string) account (object) mtarget (object) moriginaladdress (string) mresolvedaddress (object) moriginaladdress (string) maddress (string) mhostname (string) mfqdn (string) muser (string) source (object) moriginaladdress (string) target (object) moriginaladdress (string) mresolvedaddress (object) moriginaladdress (string) maddress (string) mhostname (string) mfqdn (string) clouddata (object) accountid (string) additionaldata (object) matchpatterns (string) mstatus (string) closereason (string) reasontext (string)

Get Password Value

Get User Details