Zabbix

the zabbix connector allows for the integration of zabbix's robust monitoring capabilities into swimlane's security automation workflows zabbix is a comprehensive network monitoring solution that enables organizations to identify and resolve it infrastructure issues before they impact critical business processes the zabbix turbine connector allows users to integrate zabbix's robust monitoring capabilities directly into swimlane turbine's low code security automation platform this integration empowers users to automate event acknowledgment, retrieve detailed event information, and manage triggers within zabbix, streamlining incident response and enhancing operational efficiency limitations to simplify api versioning, since zabbix 2 0 4, the version of the api matches the version of zabbix itself you can use the apiinfo version method to find out the version of the api you are working with this can be useful for adjusting your application to use version specific features supported version zabbix api implements json rpc version 2 0 configuration prerequisites to effectively utilize the zabbix connector with swimlane turbine, ensure you have the following prerequisites custom authentication via the user login method with the following parameters url the endpoint url for your zabbix api username your zabbix username to authenticate api requests password your zabbix password associated with the provided username id a unique identifier for the api session or call authentication methods zabbix user login authentication url the endpoint url for the zabbix api username the zabbix user account name password the password associated with the zabbix user account id a unique identifier for the api session by auth property specific property used for authentication purposes if this property is true, auth property will be used and if false, the authorization header will be used setup instructions the api token is obtained by to access any data in zabbix, you need to either use an existing api token (created in zabbix frontend or using the token api) use an authentication token obtained with the user login method document reference https //www zabbix com/documentation/6 4/en/manual/api https //www zabbix com/documentation/6 4/en/manual/api to set up the zabbix connector in turbine, follow these steps ensure to enable by auth property in the asset to choose either "authorization" header or "auth" property if by auth property is true, then it will work using by "auth" property authentication method if by auth property is false, then it will work using by "authorization" header authentication method other required fields are url, username, password and id by "authorization" header all api requests require an authentication or an api token you can provide the credentials by using the "authorization" request header curl request post \\ \ url 'https //example com/zabbix/api jsonrpc php' \\ \ header 'authorization bearer 0424bd59b807674191e7d77572075f33' by "auth" property an api request can be authorized by the "auth" property note that the "auth" property is deprecated it will be removed in the future releases curl request post \\ \ url 'https //example com/zabbix/api jsonrpc php' \\ \ header 'content type application/json rpc' \\ \ data '{"jsonrpc" "2 0","method" "host get","params" {"output" \["hostid"]},"auth" "0424bd59b807674191e7d77572075f33","id" 1}' troubleshoot tips if you wanted to obtain a new authentication token by logging in as a standard admin user, then a json request would look like this \ url 'https //example com/zabbix/api jsonrpc php' \\ \ header 'content type application/json rpc' \\ \ data '{"jsonrpc" "2 0","method" "user login","params" {"username" "admin","password" "zabbix"},"id" 1}' if you provided the credentials correctly, the response returned by the api should contain the user authentication token { "jsonrpc" "2 0", "result" "0424bd59b807674191e7d77572075f33", "id" 1 } capabilities event acknowledge get event get trigger event acknowledge this method allows to update events the following update actions can be performed close event if event is already resolved, this action will be skipped acknowledge event if event is already acknowledged, this action will be skipped unacknowledge event if event is not acknowledged, this action will be skipped add message change event severity if event already has same severity, this action will be skipped suppress event if event is already suppressed, this action will be skipped unsuppress event if event is not suppressed, this action will be skipped more details on this actions can be found here https //www zabbix com/documentation/current/en/manual/api/reference/event/acknowledge get event the method allows to retrieve events according to the given parameters this method may return events of a deleted entity if these events have not been removed by the housekeeper yet this method is available to users of any type permissions to call the method can be revoked in user role settings see user roles for more information more details on this method can be found here https //www zabbix com/documentation/current/en/manual/api/reference/event/get#retrieving trigger events get trigger the method allows to retrieve triggers according to the given parameters this method is available to users of any type permissions to call the method can be revoked in user role settings see user roles https //www zabbix com/documentation/current/en/manual/web interface/frontend sections/users/user roles for more information more details on this method can be found here https //www zabbix com/documentation/current/en/manual/api/reference/trigger/get configurations zabbix user login authentication an api request can be authorized by the user login method configuration parameters parameter description type required url a url to the target host string required username username for authentication string required password password for authentication string required id id of the request string required by auth property if this property is true, auth property will be used and if false, the authorization header will be used boolean optional verify ssl verify ssl certificate boolean optional http proxy a proxy to route requests through string optional actions event acknowledge updates event statuses in zabbix, allowing users to manage problem events with options to close or modify severity requires read/write trigger rights endpoint url /zabbix/api jsonrpc php method post input argument name type required description input argument name type required description jsonrpc string required version of the json rpc protocol default value is 2 0 id number required id of the request method string required method to call params object required parameters for the method eventids array required ids of the events to acknowledge action number required event update actions to perform possible bitmap values are 1 close problem; 2 acknowledge event; 4 add message; 8 change severity; 16 unacknowledge event; 32 suppress event; 64 unsuppress event; 128 change event rank to cause; 256 change event rank to symptom this is a bitmask field; any sum of possible bitmap values is acceptable (for example, 34 for acknowledge and suppress event) cause eventid string optional cause event id for symptom rank it is required if action contains the "change event rank to symptom" bit message string optional text of the message to add it is required if action contains the "add message" bit severity number optional new severity for events possible values are 0 not classified; 1 information; 2 warning; 3 average; 4 high; 5 disaster it is required if action contains the "change severity" bit suppress until number optional unix timestamp until which event must be suppressed if set to "0", the suppression will be indefinite parameter behavior required if action contains the "suppress event" bit output parameter type description output parameter type description status code number http status code of the response reason string response reason phrase jsonrpc string output field jsonrpc result object result of the operation eventids array unique identifier id number unique identifier example \[ { "status code" 200, "response headers" { "content length" "140", "content type" "application/json", "date" "thu, 2 may 2024 20 37 23 gmt" }, "reason" "ok", "json body" { "jsonrpc" "2 0", "result" {}, "id" 1 } } ] get event retrieves specified events from zabbix, including details on deleted entities awaiting cleanup requires jsonrpc, id, method, and params endpoint url /zabbix/api jsonrpc php method post input argument name type required description argument name type required description jsonrpc string required version of the json rpc protocol default value is 2 0 id number required id of the request method string required method to call params object required parameter for get event eventids array optional return only events with the given ids groupids array optional return only events created by objects that belong to the given host groups hostids array optional return only events created by objects that belong to the given hosts objectids array optional return only events created by the given objects source number optional return only events with the given type refer to the event object page for a list of supported event types type of the event possible values are 0 event created by a trigger; 1 event created by a discovery rule; 2 event created by active agent autoregistration; 3 internal event; 4 event created on service status update object number optional return only events created by objects of the given type possible values if source is set to "event created by a trigger" 0 trigger possible values if source is set to "event created by a discovery rule" 1 discovered host; 2 discovered service possible values if source is set to "event created by active agent autoregistration" 3 auto registered host possible values if source is set to "internal event" 0 trigger; 4 item; 5 lld rule possible values if source is set to "event created on service status update" 6 service acknowledged boolean optional if set to true return only acknowledged events action number optional return only events for which the given event update actions have been performed for multiple actions, use a sum of any acceptable bitmap values as bitmask (for example, 34 for acknowledge and suppress event) possible bitmap values are 1 close problem; 2 acknowledge event; 4 add message; 8 change severity; 16 unacknowledge event; 32 suppress event; 64 unsuppress event; 128 change event rank to cause; 256 change event rank to symptom action userids array optional return only events with the given ids of users who performed the event update actions suppressed boolean optional true return only suppressed events false return events in the normal state symptom boolean optional true return only symptom events false return only cause events severities array optional return only events with the given event severities applies only if object is trigger trigger severities array optional return only events with the given trigger severities applies only if object is trigger evaltype number optional rules for tag searching possible values 0 (default) and/or; 2 or tags array optional return only events with the given tags exact match by tag and case insensitive search by value and operator an empty array returns all events tag string optional parameter for get event value string optional value for the parameter operator string optional possible operator types are 0 (default) like; 1 equal; 2 not like; 3 not equal; 4 exists; 5 not exists eventid from string optional return only events with ids greater or equal to the given id eventid till string optional return only events with ids less or equal to the given id output parameter type description parameter type description status code number http status code of the response reason string response reason phrase jsonrpc string output field jsonrpc result array result of the operation eventid string unique identifier source string output field source object string output field object objectid string unique identifier clock string output field clock value string value for the parameter acknowledged string output field acknowledged ns string output field ns name string name of the resource severity string output field severity r eventid string unique identifier c eventid string unique identifier correlationid string unique identifier userid string unique identifier cause eventid string unique identifier acknowledges array output field acknowledges acknowledgeid string unique identifier userid string unique identifier clock string output field clock message string response message example \[ { "status code" 200, "response headers" { "content length" "140", "content type" "application/json", "date" "thu, 6 mar 2025 20 37 23 gmt" }, "reason" "ok", "json body" { "jsonrpc" "2 0", "result" \[], "id" 1 } } ] get trigger retrieves zabbix triggers based on specified parameters, with role based permissions for access control endpoint url /zabbix/api jsonrpc php method post input argument name type required description argument name type required description jsonrpc string required version of the json rpc protocol default value is 2 0 id number required id of the request method string required method to call params object required parameters for the method triggerids array optional return only triggers with the given ids groupids array optional return only triggers that belong to hosts or templates from the given host groups or template groups templateids array optional return only triggers that belong to the given templates hostids array optional return only triggers that belong to the given hosts itemids array optional return only triggers that contain the given items functions array optional return only triggers that use the given functions refer to the supported function page for a list of supported functions group string optional return only triggers that belong to hosts or templates from the host group or template group with the given name host string optional return only triggers that belong to host with the given technical name inherited boolean optional if set to true return only triggers inherited from a template templated boolean optional if set to true return only triggers that belong to templates dependent boolean optional if set to true return only triggers that have dependencies if set to false return only triggers that do not have dependencies monitored boolean optional return only enabled triggers that belong to monitored hosts and contain only enabled items active boolean optional return only enabled triggers that belong to monitored hosts maintenance boolean optional if set to true return only enabled triggers that belong to hosts in maintenance withunacknowledgedevents boolean optional return only triggers that have unacknowledged events withacknowledgedevents boolean optional return only triggers with all events acknowledged withlasteventunacknowledged boolean optional return only triggers with the last event unacknowledged skipdependent boolean optional skip triggers in a problem state that are dependent on other triggers note that the other triggers are ignored if disabled, have disabled items or disabled item hosts lastchangesince string optional return only triggers that have changed their state after the given time lastchangetill string optional return only triggers that have changed their state before the given time output parameter type description parameter type description status code number http status code of the response reason string response reason phrase jsonrpc string output field jsonrpc result array result of the operation triggerid string unique identifier expression string output field expression description string output field description url string url endpoint for the request status string status value value string value for the parameter priority string output field priority lastchange string output field lastchange comments string output field comments error string error message if any templateid string unique identifier type string type of the resource state string output field state flags string output field flags recovery mode string output field recovery mode recovery expression string output field recovery expression correlation mode string output field correlation mode correlation tag string output field correlation tag manual close string output field manual close opdata string response data example \[ { "status code" 200, "response headers" { "content length" "140", "content type" "application/json", "date" "thu, 6 mar 2025 20 37 23 gmt" }, "reason" "ok", "json body" { "jsonrpc" "2 0", "result" \[], "id" 1 } } ] response headers header description example content length the length of the response body in bytes 140 content type the media type of the resource application/json date the date and time at which the message was originated thu, 6 mar 2025 20 37 23 gmt