VMWare Lastline Network

the vmware lastline api offers cybersecurity, vulnerability detection, and network protection services the vmware lastline network api is accessible at https //user lastline com/papi/net/\<function> on premise customers should instead access this api on their lastline enterprise manager at https //user \<manager host name>/papi/net/\<function> an up to date version of this documentation can be browsed at lastlines api documentation overview https //user lastline com/papi doc/api/html/overview\ html prerequisites the vmware lastline api is a web based api to get started, you will need to request a set of credentials for accessing the api from lastline these credentials are a username and a password capabilities this plugin provides information on the following areas detected urls downloads incidents emails events configurations http basic authentication authenticates using username and password configuration parameters parameter description type required url a url to the target host string required username username string required password password string required verify ssl verify ssl certificate boolean optional http proxy a proxy to route requests through string optional actions get detected url stats get detected url stats endpoint url papi/net/url/stats method get input argument name type required description start date string required date value end date string required date value timezone string optional parameter for get detected url stats time scale string optional parameter for get detected url stats key string optional parameter for get detected url stats key id string optional unique identifier subkey id string optional unique identifier detected url id string optional url endpoint for the request output parameter type description status code number http status code of the response reason string response reason phrase priority string output field priority start date string date value end date string date value total urls number url endpoint for the request distinct urls number url endpoint for the request example \[ { "status code" 200, "response headers" { "date" "tue, 20 jun 2023 15 12 14 gmt", "content type" "application/json; charset=utf 8", "content length" 65, "strict transport security" "max age=15724800; includesubdomains", "server" "ingress nginx", "via" "1 1 google" }, "reason" "ok", "json body" { "priority" "", "start date" "", "end date" "", "total urls" 1, "distinct urls" 1 } } ] get download log stats get download log stats endpoint url papi/net/file/download log stats method get input argument name type required description start time string required time value end time string required time value timezone string optional parameter for get download log stats key string optional parameter for get download log stats key id string optional unique identifier subkey id string optional unique identifier application protocol string optional parameter for get download log stats filetype string optional type of the resource output parameter type description status code number http status code of the response reason string response reason phrase file category string output field file category start date string date value total files number output field total files distinct files number output field distinct files example \[ { "status code" 200, "response headers" { "date" "tue, 20 jun 2023 15 12 14 gmt", "content type" "application/json; charset=utf 8", "content length" 65, "strict transport security" "max age=15724800; includesubdomains", "server" "ingress nginx", "via" "1 1 google" }, "reason" "ok", "json body" { "file category" "", "start date" "", "total files" 1, "distinct files" 1 } } ] get download logs get download logs endpoint url papi/net/file/download logs method get input argument name type required description start time string required time value end time string required time value timezone string optional parameter for get download logs key string optional parameter for get download logs key id string optional unique identifier subkey id string optional unique identifier orderby string optional parameter for get download logs max results string optional result of the operation output parameter type description status code number http status code of the response reason string response reason phrase access key id string unique identifier subkey id string unique identifier time string time value file name string name of the resource file size string output field file size md5 string output field md5 example \[ { "status code" 200, "response headers" { "date" "tue, 20 jun 2023 15 12 14 gmt", "content type" "application/json; charset=utf 8", "content length" 65, "strict transport security" "max age=15724800; includesubdomains", "server" "ingress nginx", "via" "1 1 google" }, "reason" "ok", "json body" { "access key id" "", "subkey id" "", "time" "", "file name" "", "file size" "", "md5" "", "sha1" "", "raw url" "", "url" "", "score" "", "task uuid" "", "src host" "", "src hostname" "", "src port" "", "dst host" "" } } ] get download stats get download stats endpoint url papi/net/file/download stats method get input argument name type required description start time string required time value end time string required time value timezone string optional parameter for get download stats key string optional parameter for get download stats key id string optional unique identifier subkey id string optional unique identifier include not uploaded string optional parameter for get download stats application protocol string optional parameter for get download stats output parameter type description status code number http status code of the response reason string response reason phrase file category string output field file category start date string date value total files number output field total files distinct files number output field distinct files max score string score value example \[ { "status code" 200, "response headers" { "date" "tue, 20 jun 2023 15 12 14 gmt", "content type" "application/json; charset=utf 8", "content length" 65, "strict transport security" "max age=15724800; includesubdomains", "server" "ingress nginx", "via" "1 1 google" }, "reason" "ok", "json body" { "file category" "", "start date" "", "total files" 1, "distinct files" 1, "max score" "" } } ] get downloads get downloads endpoint url papi/net/file/downloads method get input argument name type required description start time string required time value end time string required time value timezone string optional parameter for get downloads key string optional parameter for get downloads key id string optional unique identifier subkey id string optional unique identifier orderby string optional parameter for get downloads max results string optional result of the operation output parameter type description status code number http status code of the response reason string response reason phrase access key id string unique identifier subkey id string unique identifier time string time value file name string name of the resource file size string output field file size md5 string output field md5 example \[ { "status code" 200, "response headers" { "date" "tue, 20 jun 2023 15 12 14 gmt", "content type" "application/json; charset=utf 8", "content length" 65, "strict transport security" "max age=15724800; includesubdomains", "server" "ingress nginx", "via" "1 1 google" }, "reason" "ok", "json body" { "access key id" "", "subkey id" "", "time" "", "file name" "", "file size" "", "md5" "", "sha1" "", "file type" "", "extracted filename" "", "score" "", "pending" "", "task uuid" "", "event id" "", "src host" "", "src hostname" "" } } ] get event get event endpoint url papi/net/event/get method get input argument name type required description timezone string optional parameter for get event event id string optional unique identifier start time string optional time value end time string optional time value output parameter type description status code number http status code of the response reason string response reason phrase event id string unique identifier access key id string unique identifier subkey id string unique identifier time string time value start time string time value end time string time value example \[ { "status code" 200, "response headers" { "date" "tue, 20 jun 2023 15 12 14 gmt", "content type" "application/json; charset=utf 8", "content length" 65, "strict transport security" "max age=15724800; includesubdomains", "server" "ingress nginx", "via" "1 1 google" }, "reason" "ok", "json body" { "event id" "", "access key id" "", "subkey id" "", "time" "20130623t13 22 0500", "start time" "23/01/2023", "end time" "23/01/2023", "transport" "", "occurrences" 1, "blocked" true, "relevant host ip" "", "other host ip" "", "server port" "", "relevant host hostname" "", "other host hostname" "", "src id" "" } } ] get event attributes get event attributes endpoint url papi/net/event/attributes method get input argument name type required description event id string required unique identifier event time string required time value key string optional parameter for get event attributes key id string optional unique identifier subkey id string optional unique identifier customer string optional parameter for get event attributes output parameter type description status code number http status code of the response reason string response reason phrase name string name of the resource value string value for the parameter example \[ { "status code" 200, "response headers" { "date" "tue, 20 jun 2023 15 12 14 gmt", "content type" "application/json; charset=utf 8", "content length" 65, "strict transport security" "max age=15724800; includesubdomains", "server" "ingress nginx", "via" "1 1 google" }, "reason" "ok", "json body" { "name" "", "value" "" } } ] get event blacklist match info get event blacklist match info endpoint url papi/net/event/blacklist match method get input argument name type required description event id string required unique identifier event time string required time value key string optional parameter for get event blacklist match info key id string optional unique identifier subkey id string optional unique identifier customer string optional parameter for get event blacklist match info output parameter type description status code number http status code of the response reason string response reason phrase domain string output field domain ip string output field ip url path string url endpoint for the request port string output field port is local blacklist string output field is local blacklist example \[ { "status code" 200, "response headers" { "date" "tue, 20 jun 2023 15 12 14 gmt", "content type" "application/json; charset=utf 8", "content length" 65, "strict transport security" "max age=15724800; includesubdomains", "server" "ingress nginx", "via" "1 1 google" }, "reason" "ok", "json body" { "domain" "", "ip" "", "url path" "", "port" "", "is local blacklist" "" } } ] get event evidence get event evidence endpoint url papi/net/event/evidence method get input argument name type required description event id string required unique identifier event time string required time value key string optional parameter for get event evidence key id string optional unique identifier subkey id string optional unique identifier customer string optional parameter for get event evidence output parameter type description status code number http status code of the response reason string response reason phrase threat string output field threat threat class string output field threat class confidence string unique identifier severity string output field severity impact string output field impact evidence type string unique identifier example \[ { "status code" 200, "response headers" { "date" "tue, 20 jun 2023 15 12 14 gmt", "content type" "application/json; charset=utf 8", "content length" 65, "strict transport security" "max age=15724800; includesubdomains", "server" "ingress nginx", "via" "1 1 google" }, "reason" "ok", "json body" { "threat" "", "threat class" "", "confidence" "", "severity" "", "impact" "", "evidence type" "", "detector" "", "activity" "", "subject" "", "signature id" "" } } ] get event network iocs get event network iocs endpoint url papi/net/event/network iocs method get input argument name type required description event id string required unique identifier event time string required time value key string optional parameter for get event network iocs key id string optional unique identifier subkey id string optional unique identifier customer string optional parameter for get event network iocs limit number optional parameter for get event network iocs output parameter type description status code number http status code of the response reason string response reason phrase task uuid string unique identifier score string score value domain string output field domain ip string output field ip url path string url endpoint for the request port string output field port example \[ { "status code" 200, "response headers" { "date" "tue, 20 jun 2023 15 12 14 gmt", "content type" "application/json; charset=utf 8", "content length" 65, "strict transport security" "max age=15724800; includesubdomains", "server" "ingress nginx", "via" "1 1 google" }, "reason" "ok", "json body" { "task uuid" "", "score" "", "domain" "", "ip" "", "url path" "", "port" "", "detector" "", "threat" "", "impact" "" } } ] get incident get incident endpoint url papi/net/incident/get method get input argument name type required description incident id string required unique identifier timezone string optional parameter for get incident output parameter type description status code number http status code of the response reason string response reason phrase incident id string unique identifier access key id string unique identifier subkey id string unique identifier time string time value start time string time value end time string time value example \[ { "status code" 200, "response headers" { "date" "tue, 20 jun 2023 15 12 14 gmt", "content type" "application/json; charset=utf 8", "content length" 65, "strict transport security" "max age=15724800; includesubdomains", "server" "ingress nginx", "via" "1 1 google" }, "reason" "ok", "json body" { "incident id" "", "access key id" "", "subkey id" "", "time" "", "start time" "", "end time" "", "events" 1, "src host" "", "num src ips" 1, "src hostname" "", "blocked" "", "src id" "", "src label" "", "host label" "", "host whitelisted" "" } } ] get incident evidence get incident evidence endpoint url papi/net/incident/evidence method get input argument name type required description incident id string required unique identifier key string optional parameter for get incident evidence key id string optional unique identifier subkey id string optional unique identifier customer string optional parameter for get incident evidence timezone string optional parameter for get incident evidence extended boolean optional parameter for get incident evidence output parameter type description status code number http status code of the response reason string response reason phrase threat string output field threat threat class string output field threat class confidence string unique identifier severity string output field severity impact string output field impact evidence type string unique identifier example \[ { "status code" 200, "response headers" { "date" "tue, 20 jun 2023 15 12 14 gmt", "content type" "application/json; charset=utf 8", "content length" 65, "strict transport security" "max age=15724800; includesubdomains", "server" "ingress nginx", "via" "1 1 google" }, "reason" "ok", "json body" { "threat" "", "threat class" "", "confidence" "", "severity" "", "impact" "", "evidence type" "", "detector" "", "activity" "", "subject" "", "first seen" "", "last seen" "", "reference type" "", "reference id" "", "reference time" "", "reference event" "" } } ] get incident stats get incident stats endpoint url papi/net/file/incident stats method get input argument name type required description start date string required date value end date string required date value time scale string required parameter for get incident stats timezone string optional parameter for get incident stats key string optional parameter for get incident stats key id string optional unique identifier subkey id string optional unique identifier group by impact string optional parameter for get incident stats output parameter type description status code number http status code of the response reason string response reason phrase max impact string output field max impact incidents number unique identifier events number output field events sources number output field sources priority string output field priority start date string date value example \[ { "status code" 200, "response headers" { "date" "tue, 20 jun 2023 15 12 14 gmt", "content type" "application/json; charset=utf 8", "content length" 65, "strict transport security" "max age=15724800; includesubdomains", "server" "ingress nginx", "via" "1 1 google" }, "reason" "ok", "json body" { "max impact" "", "incidents" 1, "events" 1, "sources" 1, "priority" "", "start date" "", "end date" "" } } ] get mail attachment stats get mail attachment stats endpoint url papi/net/mail/attachment stats method get input argument name type required description start date string required date value end date string required date value timezone string optional parameter for get mail attachment stats key string optional parameter for get mail attachment stats key id string optional unique identifier subkey id string optional unique identifier mail message id string optional unique identifier recipient string optional parameter for get mail attachment stats output parameter type description status code number http status code of the response reason string response reason phrase file type string type of the resource start date string date value total files number output field total files distinct files number output field distinct files max score string score value example \[ { "status code" 200, "response headers" { "date" "tue, 20 jun 2023 15 12 14 gmt", "content type" "application/json; charset=utf 8", "content length" 65, "strict transport security" "max age=15724800; includesubdomains", "server" "ingress nginx", "via" "1 1 google" }, "reason" "ok", "json body" { "file type" "", "start date" "", "total files" 1, "distinct files" 1, "max score" "" } } ] get mail attachments get mail attachments endpoint url papi/net/mail/attachments method get input argument name type required description start time string required time value end time string required time value timezone string optional parameter for get mail attachments key string optional parameter for get mail attachments key id string optional unique identifier subkey id string optional unique identifier orderby string optional parameter for get mail attachments max results string optional result of the operation output parameter type description status code number http status code of the response reason string response reason phrase mail message id string unique identifier subkey id string unique identifier time string time value message id string unique identifier timestamp string output field timestamp file name string name of the resource example \[ { "status code" 200, "response headers" { "date" "tue, 20 jun 2023 15 12 14 gmt", "content type" "application/json; charset=utf 8", "content length" 65, "strict transport security" "max age=15724800; includesubdomains", "server" "ingress nginx", "via" "1 1 google" }, "reason" "ok", "json body" { "mail message id" "", "subkey id" "", "time" "", "message id" "", "timestamp" "", "file name" "", "file type" "", "file size" "", "md5" "", "sha1" "", "task uuid" "", "score" "", "llfiletype" "", "sender" "", "recipient" "" } } ] get mail delivery log get mail delivery log endpoint url papi/net/mail/mail delivery log method get input argument name type required description start time string required time value end time string required time value timezone string optional parameter for get mail delivery log mail message id string optional unique identifier mail message log id string optional unique identifier output parameter type description status code number http status code of the response reason string response reason phrase mail delivery outcome string output field mail delivery outcome delivery timestamp string output field delivery timestamp details string output field details host string output field host example \[ { "status code" 200, "response headers" { "date" "tue, 20 jun 2023 15 12 14 gmt", "content type" "application/json; charset=utf 8", "content length" 65, "strict transport security" "max age=15724800; includesubdomains", "server" "ingress nginx", "via" "1 1 google" }, "reason" "ok", "json body" { "mail delivery outcome" "", "delivery timestamp" "", "details" "", "host" "" } } ] get mail detections get mail detections endpoint url papi/net/mail/detections method get input argument name type required description start time string required time value end time string required time value timezone string optional parameter for get mail detections mail message id string optional unique identifier output parameter type description status code number http status code of the response reason string response reason phrase detector string output field detector action string output field action threat string output field threat threat class string output field threat class example \[ { "status code" 200, "response headers" { "date" "tue, 20 jun 2023 15 12 14 gmt", "content type" "application/json; charset=utf 8", "content length" 65, "strict transport security" "max age=15724800; includesubdomains", "server" "ingress nginx", "via" "1 1 google" }, "reason" "ok", "json body" { "detector" "", "action" "", "threat" "", "threat class" "" } } ] get mail message get mail message endpoint url papi/net/mail/messages method get input argument name type required description start time string required time value end time string required time value timezone string optional parameter for get mail message mail message id string optional unique identifier include typed tags string optional type of the resource output parameter type description status code number http status code of the response reason string response reason phrase mail message id string unique identifier subkey id string unique identifier date string date value message id string unique identifier timestamp string output field timestamp size string output field size example \[ { "status code" 200, "response headers" { "date" "tue, 20 jun 2023 15 12 14 gmt", "content type" "application/json; charset=utf 8", "content length" 65, "strict transport security" "max age=15724800; includesubdomains", "server" "ingress nginx", "via" "1 1 google" }, "reason" "ok", "json body" { "mail message id" "", "subkey id" "", "date" "", "message id" "", "timestamp" "", "size" "", "sender" "", "recipient" "", "subject" "", "threat" "", "threat class" "", "attachments" 1, "urls" 1, "impact" "", "relevant content" "" } } ] get mail message headers get mail message headers endpoint url papi/net/mail/mail message headers method get input argument name type required description start time string required time value end time string required time value timezone string optional parameter for get mail message headers mail message id string optional unique identifier mail message log id string optional unique identifier output parameter type description status code number http status code of the response reason string response reason phrase header field name string name of the resource header field body string request body data example \[ { "status code" 200, "response headers" { "date" "tue, 20 jun 2023 15 12 14 gmt", "content type" "application/json; charset=utf 8", "content length" 65, "strict transport security" "max age=15724800; includesubdomains", "server" "ingress nginx", "via" "1 1 google" }, "reason" "ok", "json body" { "header field name" "", "header field body" "" } } ] get mail messages get mail messages endpoint url papi/net/mail/messages method get input argument name type required description start time string required time value end time string required time value timezone string optional parameter for get mail messages key string optional parameter for get mail messages key id string optional unique identifier subkey id string optional unique identifier orderby string optional parameter for get mail messages max results string optional result of the operation output parameter type description status code number http status code of the response reason string response reason phrase mail message id string unique identifier subkey id string unique identifier date string date value message id string unique identifier timestamp string output field timestamp size string output field size example \[ { "status code" 200, "response headers" { "date" "tue, 20 jun 2023 15 12 14 gmt", "content type" "application/json; charset=utf 8", "content length" 65, "strict transport security" "max age=15724800; includesubdomains", "server" "ingress nginx", "via" "1 1 google" }, "reason" "ok", "json body" { "mail message id" "", "subkey id" "", "date" "", "message id" "", "timestamp" "", "size" "", "sender" "", "recipient" "", "subject" "", "threat" "", "threat class" "", "attachments" 1, "urls" 1, "impact" "", "relevant content" "" } } ] get mail messages malware get mail messages malware endpoint url papi/net/mail/messages malware method get input argument name type required description start date string required date value end date string required date value timezone string optional parameter for get mail messages malware key string optional parameter for get mail messages malware key id string optional unique identifier subkey id string optional unique identifier recipient string optional parameter for get mail messages malware subject string optional parameter for get mail messages malware output parameter type description status code number http status code of the response reason string response reason phrase start time string time value end time string time value max impact string output field max impact occurrences number output field occurrences threat string output field threat threat class string output field threat class example \[ { "status code" 200, "response headers" { "date" "tue, 20 jun 2023 15 12 14 gmt", "content type" "application/json; charset=utf 8", "content length" 65, "strict transport security" "max age=15724800; includesubdomains", "server" "ingress nginx", "via" "1 1 google" }, "reason" "ok", "json body" { "start time" "", "end time" "", "max impact" "", "occurrences" 1, "threat" "", "threat class" "", "priority" "" } } ] get mail messages malware priority get mail messages malware priority endpoint url papi/net/mail/messages malware priority method get input argument name type required description start date string required date value end date string required date value timezone string optional parameter for get mail messages malware priority key string optional parameter for get mail messages malware priority key id string optional unique identifier subkey id string optional unique identifier recipient string optional parameter for get mail messages malware priority subject string optional parameter for get mail messages malware priority output parameter type description status code number http status code of the response reason string response reason phrase example \[ { "status code" 200, "response headers" { "date" "tue, 20 jun 2023 15 12 14 gmt", "content type" "application/json; charset=utf 8", "content length" 65, "strict transport security" "max age=15724800; includesubdomains", "server" "ingress nginx", "via" "1 1 google" }, "reason" "ok", "json body" {} } ] get mail messages stats get mail messages stats endpoint url papi/net/mail/messages stats method get input argument name type required description start date string required date value end date string required date value timezone string optional parameter for get mail messages stats time scale string optional parameter for get mail messages stats key string optional parameter for get mail messages stats key id string optional unique identifier subkey id string optional unique identifier group by priority string optional parameter for get mail messages stats output parameter type description status code number http status code of the response reason string response reason phrase start date string date value end date string date value max impact string output field max impact occurrences number output field occurrences priority string output field priority example \[ { "status code" 200, "response headers" { "date" "tue, 20 jun 2023 15 12 14 gmt", "content type" "application/json; charset=utf 8", "content length" 65, "strict transport security" "max age=15724800; includesubdomains", "server" "ingress nginx", "via" "1 1 google" }, "reason" "ok", "json body" { "start date" "", "end date" "", "max impact" "", "occurrences" 1, "priority" "" } } ] get mail processing log get mail processing log endpoint url papi/net/mail/mail processing log method get input argument name type required description start time string required time value end time string required time value timezone string optional parameter for get mail processing log mail message id string optional unique identifier mail message log id string optional unique identifier output parameter type description status code number http status code of the response reason string response reason phrase state string output field state timestamp string output field timestamp example \[ { "status code" 200, "response headers" { "date" "tue, 20 jun 2023 15 12 14 gmt", "content type" "application/json; charset=utf 8", "content length" 65, "strict transport security" "max age=15724800; includesubdomains", "server" "ingress nginx", "via" "1 1 google" }, "reason" "ok", "json body" { "state" "", "timestamp" "" } } ] get mail url stats get mail url stats endpoint url papi/net/mail/url stats method get input argument name type required description start date string required date value end date string required date value timezone string optional parameter for get mail url stats key string optional parameter for get mail url stats key id string optional unique identifier subkey id string optional unique identifier mail message id string optional unique identifier recipient string optional parameter for get mail url stats output parameter type description status code number http status code of the response reason string response reason phrase start date string date value total urls number url endpoint for the request distinct url number url endpoint for the request max score string score value example \[ { "status code" 200, "response headers" { "date" "tue, 20 jun 2023 15 12 14 gmt", "content type" "application/json; charset=utf 8", "content length" 65, "strict transport security" "max age=15724800; includesubdomains", "server" "ingress nginx", "via" "1 1 google" }, "reason" "ok", "json body" { "start date" "", "total urls" 1, "distinct url" 1, "max score" "" } } ] get mail urls get mail urls endpoint url papi/net/mail/urls method get input argument name type required description start time string required time value end time string required time value timezone string optional parameter for get mail urls key string optional parameter for get mail urls key id string optional unique identifier subkey id string optional unique identifier orderby string optional parameter for get mail urls max results string optional result of the operation output parameter type description status code number http status code of the response reason string response reason phrase mail message id string unique identifier access key id string unique identifier subkey id string unique identifier time string time value date string date value message id string unique identifier example \[ { "status code" 200, "response headers" { "date" "tue, 20 jun 2023 15 12 14 gmt", "content type" "application/json; charset=utf 8", "content length" 65, "strict transport security" "max age=15724800; includesubdomains", "server" "ingress nginx", "via" "1 1 google" }, "reason" "ok", "json body" { "mail message id" "", "access key id" "", "subkey id" "", "time" "", "date" "", "message id" "", "timestamp" "", "url" "", "raw url" "", "md5" "", "task uuid" "", "score" "", "sender" "", "recipient" "", "subject" "" } } ] get malware get malware endpoint url papi/net/incident/malware method get input argument name type required description start date string required date value end date string required date value timezone string optional parameter for get malware key string optional parameter for get malware key id string optional unique identifier subkey id string optional unique identifier split by priority string optional parameter for get malware whitelisting string optional parameter for get malware output parameter type description status code number http status code of the response reason string response reason phrase start time string time value end time string time value max impact string output field max impact incidents number unique identifier events number output field events sources number output field sources example \[ { "status code" 200, "response headers" { "date" "tue, 20 jun 2023 15 12 14 gmt", "content type" "application/json; charset=utf 8", "content length" 65, "strict transport security" "max age=15724800; includesubdomains", "server" "ingress nginx", "via" "1 1 google" }, "reason" "ok", "json body" { "start time" "", "end time" "", "max impact" "", "incidents" 1, "events" 1, "sources" 1, "threat" "", "threat class" "", "priority" "" } } ] get similar event filters get similar event filters endpoint url papi/net/event/similar events filters/get method get input argument name type required description event id string required unique identifier event time string required time value key string optional parameter for get similar event filters key id string optional unique identifier subkey id string optional unique identifier output parameter type description status code number http status code of the response reason string response reason phrase relevant host ip string output field relevant host ip other host ip string output field other host ip server port string output field server port other host hostname string name of the resource transport protocol string output field transport protocol relevant host in homenet string output field relevant host in homenet example \[ { "status code" 200, "response headers" { "date" "tue, 20 jun 2023 15 12 14 gmt", "content type" "application/json; charset=utf 8", "content length" 65, "strict transport security" "max age=15724800; includesubdomains", "server" "ingress nginx", "via" "1 1 google" }, "reason" "ok", "json body" { "relevant host ip" "", "other host ip" "", "server port" "", "other host hostname" "", "transport protocol" "", "relevant host in homenet" "", "other host in homenet" "", "relevant host whitelisted" "", "detector" "", "threat" "", "threat class" "", "event outcome" "", "event type" "", "file category" "", "file type" "" } } ] get source incident evidence get source incident evidence endpoint url papi/net/incident/host evidence method get input argument name type required description start time string required time value end time string required time value src ip string optional parameter for get source incident evidence key string optional parameter for get source incident evidence key id string optional unique identifier subkey id string optional unique identifier customer string optional parameter for get source incident evidence timezone string optional parameter for get source incident evidence output parameter type description status code number http status code of the response reason string response reason phrase incident id string unique identifier reference event string output field reference event urls string url endpoint for the request blacklist match info string output field blacklist match info dga domains string output field dga domains dga domain count number count value example \[ { "status code" 200, "response headers" { "date" "tue, 20 jun 2023 15 12 14 gmt", "content type" "application/json; charset=utf 8", "content length" 65, "strict transport security" "max age=15724800; includesubdomains", "server" "ingress nginx", "via" "1 1 google" }, "reason" "ok", "json body" { "incident id" "", "reference event" "", "urls" "", "blacklist match info" "", "dga domains" "", "dga domain count" 1, "download file type" "", "download file name" "", "llanta rule name" "", "detector goal" "" } } ] get unique detected urls get unique detected urls endpoint url papi/net/url/unique method get input argument name type required description start time string required time value end time string required time value timezone string optional parameter for get unique detected urls key string optional parameter for get unique detected urls key id string optional unique identifier subkey id string optional unique identifier orderby string optional parameter for get unique detected urls max results string optional result of the operation output parameter type description status code number http status code of the response reason string response reason phrase url string url endpoint for the request md5 string output field md5 num requests number output field num requests num sensors number output field num sensors first seen string output field first seen last seen string output field last seen example \[ { "status code" 200, "response headers" { "date" "tue, 20 jun 2023 15 12 14 gmt", "content type" "application/json; charset=utf 8", "content length" 65, "strict transport security" "max age=15724800; includesubdomains", "server" "ingress nginx", "via" "1 1 google" }, "reason" "ok", "json body" { "url" "", "md5" "", "num requests" 1, "num sensors" 1, "first seen" "", "last seen" "", "score" "", "pending" "", "task uuid" "", "src ip" "", "dst ip" "", "num source ips" 1, "num dst ips" 1, "http host" "", "num http host" 1 } } ] get unique downloads get unique downloads endpoint url papi/net/file/unique downloads method get input argument name type required description start time string required time value end time string required time value timezone string optional parameter for get unique downloads key string optional parameter for get unique downloads key id string optional unique identifier subkey id string optional unique identifier orderby string optional parameter for get unique downloads max results string optional result of the operation output parameter type description status code number http status code of the response reason string response reason phrase access key id string unique identifier subkey id string unique identifier time string time value file name string name of the resource file size string output field file size md5 string output field md5 example \[ { "status code" 200, "response headers" { "date" "tue, 20 jun 2023 15 12 14 gmt", "content type" "application/json; charset=utf 8", "content length" 65, "strict transport security" "max age=15724800; includesubdomains", "server" "ingress nginx", "via" "1 1 google" }, "reason" "ok", "json body" { "access key id" "", "subkey id" "", "time" "", "file name" "", "file size" "", "md5" "", "sha1" "", "file type" "", "extracted filename" "", "score" "", "pending" "", "task uuid" "", "event id" "", "src host" "", "src hostname" "" } } ] get unique mail attachments get unique mail attachments endpoint url papi/net/mail/unique attachments method get input argument name type required description start time string required time value end time string required time value timezone string optional parameter for get unique mail attachments key string optional parameter for get unique mail attachments key id string optional unique identifier subkey id string optional unique identifier orderby string optional parameter for get unique mail attachments max results string optional result of the operation output parameter type description status code number http status code of the response reason string response reason phrase mail message id string unique identifier subkey id string unique identifier time string time value message id string unique identifier timestamp string output field timestamp file name string name of the resource example \[ { "status code" 200, "response headers" { "date" "tue, 20 jun 2023 15 12 14 gmt", "content type" "application/json; charset=utf 8", "content length" 65, "strict transport security" "max age=15724800; includesubdomains", "server" "ingress nginx", "via" "1 1 google" }, "reason" "ok", "json body" { "mail message id" "", "subkey id" "", "time" "", "message id" "", "timestamp" "", "file name" "", "file type" "", "file size" "", "md5" "", "sha1" "", "task uuid" "", "score" "", "llfiletype" "", "sender" "", "recipient" "" } } ] get unique mail urls get unique mail urls endpoint url papi/net/mail/unique urls method get input argument name type required description start time string required time value end time string required time value timezone string optional parameter for get unique mail urls key string optional parameter for get unique mail urls key id string optional unique identifier subkey id string optional unique identifier orderby string optional parameter for get unique mail urls max results string optional result of the operation output parameter type description status code number http status code of the response reason string response reason phrase mail message id string unique identifier access key id string unique identifier subkey id string unique identifier time string time value date string date value message id string unique identifier example \[ { "status code" 200, "response headers" { "date" "tue, 20 jun 2023 15 12 14 gmt", "content type" "application/json; charset=utf 8", "content length" 65, "strict transport security" "max age=15724800; includesubdomains", "server" "ingress nginx", "via" "1 1 google" }, "reason" "ok", "json body" { "mail message id" "", "access key id" "", "subkey id" "", "time" "", "date" "", "message id" "", "timestamp" "", "url" "", "raw url" "", "md5" "", "task uuid" "", "score" "", "sender" "", "recipient" "", "subject" "" } } ] get url detections get url detections endpoint url papi/net/url/all method get input argument name type required description start time string required time value end time string required time value timezone string optional parameter for get url detections key string optional parameter for get url detections key id string optional unique identifier subkey id string optional unique identifier orderby string optional parameter for get url detections max results string optional result of the operation output parameter type description status code number http status code of the response reason string response reason phrase url string url endpoint for the request md5 string output field md5 detected url id string url endpoint for the request access key id string unique identifier subkey id string unique identifier timestamp string output field timestamp example \[ { "status code" 200, "response headers" { "date" "tue, 20 jun 2023 15 12 14 gmt", "content type" "application/json; charset=utf 8", "content length" 65, "strict transport security" "max age=15724800; includesubdomains", "server" "ingress nginx", "via" "1 1 google" }, "reason" "ok", "json body" { "url" "", "md5" "", "detected url id" "", "access key id" "", "subkey id" "", "timestamp" "", "detection time" "", "event id" "", "score" "", "pending" "", "task uuid" "", "src host" "", "src ip" "", "src port" "", "dst host" "" } } ] list event urls list event urls endpoint url papi/net/event/urls method get input argument name type required description event id string optional unique identifier event time string optional time value key string optional parameter for list event urls key id string optional unique identifier subkey id string optional unique identifier customer string optional parameter for list event urls limit number optional parameter for list event urls output parameter type description status code number http status code of the response reason string response reason phrase url string url endpoint for the request raw url string url endpoint for the request method string http method to use example \[ { "status code" 200, "response headers" { "date" "tue, 20 jun 2023 15 12 14 gmt", "content type" "application/json; charset=utf 8", "content length" 65, "strict transport security" "max age=15724800; includesubdomains", "server" "ingress nginx", "via" "1 1 google" }, "reason" "ok", "json body" { "url" "", "raw url" "", "method" "" } } ] list events list events endpoint url papi/net/event/list method get input argument name type required description start time string optional time value end time string optional time value timezone string optional parameter for list events key string optional parameter for list events key id string optional unique identifier subkey id string optional unique identifier orderby string optional parameter for list events max results number optional result of the operation output parameter type description status code number http status code of the response reason string response reason phrase event id string unique identifier access key id string unique identifier subkey id string unique identifier time string time value start time string time value end time string time value example \[ { "status code" 200, "response headers" { "date" "tue, 20 jun 2023 15 12 14 gmt", "content type" "application/json; charset=utf 8", "content length" 65, "strict transport security" "max age=15724800; includesubdomains", "server" "ingress nginx", "via" "1 1 google" }, "reason" "ok", "json body" { "event id" "", "access key id" "", "subkey id" "", "time" "20130623t13 22 0500", "start time" "23/01/2023", "end time" "23/01/2023", "transport" "", "occurrences" 1, "blocked" true, "relevant host ip" "", "other host ip" "", "server port" 1, "relevant host hostname" "", "other host hostname" "", "src host" "" } } ] list incidents list incidents endpoint url papi/net/incident/list method get input argument name type required description start time string required time value end time string required time value timezone string optional parameter for list incidents key string optional parameter for list incidents key id string optional unique identifier subkey id string optional unique identifier max results number optional result of the operation offset results number optional result of the operation output parameter type description status code number http status code of the response reason string response reason phrase incident id string unique identifier access key id string unique identifier subkey id string unique identifier time string time value start time string time value end time string time value example \[ { "status code" 200, "response headers" { "date" "tue, 20 jun 2023 15 12 14 gmt", "content type" "application/json; charset=utf 8", "content length" 65, "strict transport security" "max age=15724800; includesubdomains", "server" "ingress nginx", "via" "1 1 google" }, "reason" "ok", "json body" { "incident id" "", "access key id" "", "subkey id" "", "time" "20130623t13 22 0500", "start time" "", "end time" "", "events" 1, "src host" "", "num src ips" 1, "src hostname" "", "blocked" "", "src id" "", "src label" "", "host label" "", "host whitelisted" "" } } ] response headers header description example content length the length of the response body in bytes 65 content type the media type of the resource application/json; charset=utf 8 date the date and time at which the message was originated tue, 20 jun 2023 15 12 14 gmt server information about the software used by the origin server ingress nginx strict transport security http response header strict transport security max age=15724800; includesubdomains via http response header via 1 1 google