Zabbix

the zabbix connector allows for the integration of zabbix's robust monitoring capabilities into swimlane's security automation workflows zabbix is a comprehensive network monitoring solution that enables organizations to identify and resolve it infrastructure issues before they impact critical business processes the zabbix turbine connector allows users to integrate zabbix's robust monitoring capabilities directly into swimlane turbine's low code security automation platform this integration empowers users to automate event acknowledgment, retrieve detailed event information, and manage triggers within zabbix, streamlining incident response and enhancing operational efficiency limitations to simplify api versioning, since zabbix 2 0 4, the version of the api matches the version of zabbix itself you can use the apiinfo version method to find out the version of the api you are working with this can be useful for adjusting your application to use version specific features supported version zabbix api implements json rpc version 2 0 configuration prerequisites to effectively utilize the zabbix connector with swimlane turbine, ensure you have the following prerequisites custom authentication via the user login method with the following parameters url the endpoint url for your zabbix api username your zabbix username to authenticate api requests password your zabbix password associated with the provided username id a unique identifier for the api session or call authentication methods url the endpoint url for the zabbix api username the zabbix user account name password the password associated with the zabbix user account id a unique identifier for the api session by auth property specific property used for authentication purposes if this property is true, auth property will be used and if false, the authorization header will be used setup instructions the api token is obtained by to access any data in zabbix, you need to either use an existing api token (created in zabbix frontend or using the token api) use an authentication token obtained with the user login method document reference https //www zabbix com/documentation/6 4/en/manual/api to set up the zabbix connector in turbine, follow these steps ensure to enable by auth property in the asset to choose either "authorization" header or "auth" property if by auth property is true, then it will work using by "auth" property authentication method if by auth property is false, then it will work using by "authorization" header authentication method other required fields are url, username, password and id by "authorization" header all api requests require an authentication or an api token you can provide the credentials by using the "authorization" request header curl request post \\ \ url 'https //example com/zabbix/api jsonrpc php' \\ \ header 'authorization bearer 0424bd59b807674191e7d77572075f33' by "auth" property an api request can be authorized by the "auth" property note that the "auth" property is deprecated it will be removed in the future releases curl request post \\ \ url 'https //example com/zabbix/api jsonrpc php' \\ \ header 'content type application/json rpc' \\ \ data '{"jsonrpc" "2 0","method" "host get","params" {"output" \["hostid"]},"auth" "0424bd59b807674191e7d77572075f33","id" 1}' troubleshoot tips if you wanted to obtain a new authentication token by logging in as a standard admin user, then a json request would look like this \ url 'https //example com/zabbix/api jsonrpc php' \\ \ header 'content type application/json rpc' \\ \ data '{"jsonrpc" "2 0","method" "user login","params" {"username" "admin","password" "zabbix"},"id" 1}' if you provided the credentials correctly, the response returned by the api should contain the user authentication token { "jsonrpc" "2 0", "result" "0424bd59b807674191e7d77572075f33", "id" 1 } capabilities event acknowledge get event get trigger event acknowledge this method allows to update events the following update actions can be performed close event if event is already resolved, this action will be skipped acknowledge event if event is already acknowledged, this action will be skipped unacknowledge event if event is not acknowledged, this action will be skipped add message change event severity if event already has same severity, this action will be skipped suppress event if event is already suppressed, this action will be skipped unsuppress event if event is not suppressed, this action will be skipped more details on this actions can be found https //www zabbix com/documentation/current/en/manual/api/reference/event/acknowledge get event the method allows to retrieve events according to the given parameters this method may return events of a deleted entity if these events have not been removed by the housekeeper yet this method is available to users of any type permissions to call the method can be revoked in user role settings see user roles for more information more details on this method can be found https //www zabbix com/documentation/current/en/manual/api/reference/event/get#retrieving trigger events get trigger the method allows to retrieve triggers according to the given parameters this method is available to users of any type permissions to call the method can be revoked in user role settings see https //www zabbix com/documentation/current/en/manual/web interface/frontend sections/users/user roles for more information more details on this method can be found https //www zabbix com/documentation/current/en/manual/api/reference/trigger/get configurations zabbix user login authentication an api request can be authorized by the user login method configuration parameters parameter description type required url a url to the target host string required username username for authentication string required password password for authentication string required id id of the request string required by auth property if this property is true, auth property will be used and if false, the authorization header will be used boolean optional verify ssl verify ssl certificate boolean optional http proxy a proxy to route requests through string optional actions event acknowledge updates event statuses in zabbix, allowing users to manage problem events with options to close or modify severity requires read/write trigger rights endpoint url /zabbix/api jsonrpc php method post input argument name type required description jsonrpc string optional version of the json rpc protocol default value is 2 0 id number optional id of the request method string optional method to call params object optional parameters for the method params eventids array required ids of the events to acknowledge params action number required event update actions to perform possible bitmap values are 1 close problem; 2 acknowledge event; 4 add message; 8 change severity; 16 unacknowledge event; 32 suppress event; 64 unsuppress event; 128 change event rank to cause; 256 change event rank to symptom this is a bitmask field; any sum of possible bitmap values is acceptable (for example, 34 for acknowledge and suppress event) params cause eventid string optional cause event id for symptom rank it is required if action contains the "change event rank to symptom" bit params message string optional text of the message to add it is required if action contains the "add message" bit params severity number optional new severity for events possible values are 0 not classified; 1 information; 2 warning; 3 average; 4 high; 5 disaster it is required if action contains the "change severity" bit params suppress until number optional unix timestamp until which event must be suppressed if set to "0", the suppression will be indefinite parameter behavior required if action contains the "suppress event" bit input example {"jsonrpc" 2 0,"id" 123,"method" "event acknowledge","params" {"eventids" \["string"],"action" 123,"cause eventid" "string","message" "string","severity" 123,"suppress until" 123}} output parameter type description status code number http status code of the response reason string response reason phrase jsonrpc string output field jsonrpc result object result of the operation result eventids array unique identifier id number unique identifier output example {"status code" 200,"response headers" {"content length" "140","content type" "application/json","date" "thu, 2 may 2024 20 37 23 gmt"},"reason" "ok","json body" {"jsonrpc" "2 0","result" {"eventids" \[]},"id" 1}} get event retrieves specified events from zabbix, including details on deleted entities awaiting cleanup requires jsonrpc, id, method, and params endpoint url /zabbix/api jsonrpc php method post input argument name type required description jsonrpc string optional version of the json rpc protocol default value is 2 0 id number optional id of the request method string optional method to call params object optional parameter for get event params eventids array optional return only events with the given ids params groupids array optional return only events created by objects that belong to the given host groups params hostids array optional return only events created by objects that belong to the given hosts params objectids array optional return only events created by the given objects params source number optional return only events with the given type refer to the event object page for a list of supported event types type of the event possible values are 0 event created by a trigger; 1 event created by a discovery rule; 2 event created by active agent autoregistration; 3 internal event; 4 event created on service status update params object number optional return only events created by objects of the given type possible values if source is set to "event created by a trigger" 0 trigger possible values if source is set to "event created by a discovery rule" 1 discovered host; 2 discovered service possible values if source is set to "event created by active agent autoregistration" 3 auto registered host possible values if source is set to "internal event" 0 trigger; 4 item; 5 lld rule possible values if source is set to "event created on service status update" 6 service params acknowledged boolean optional if set to true return only acknowledged events params action number optional return only events for which the given event update actions have been performed for multiple actions, use a sum of any acceptable bitmap values as bitmask (for example, 34 for acknowledge and suppress event) possible bitmap values are 1 close problem; 2 acknowledge event; 4 add message; 8 change severity; 16 unacknowledge event; 32 suppress event; 64 unsuppress event; 128 change event rank to cause; 256 change event rank to symptom params action userids array optional return only events with the given ids of users who performed the event update actions params suppressed boolean optional true return only suppressed events false return events in the normal state params symptom boolean optional true return only symptom events false return only cause events params severities array optional return only events with the given event severities applies only if object is trigger params trigger severities array optional return only events with the given trigger severities applies only if object is trigger params evaltype number optional rules for tag searching possible values 0 (default) and/or; 2 or params tags array optional return only events with the given tags exact match by tag and case insensitive search by value and operator an empty array returns all events params tags tag string optional parameter for get event params tags value string optional value for the parameter params tags operator string optional possible operator types are 0 (default) like; 1 equal; 2 not like; 3 not equal; 4 exists; 5 not exists params eventid from string optional return only events with ids greater or equal to the given id params eventid till string optional return only events with ids less or equal to the given id params time from string optional return only events that have been created after or at the given time input example {"jsonrpc" 2 0,"id" 123,"method" "event get","params" {"eventids" \["string"],"groupids" \["string"],"hostids" \["string"],"objectids" \["string"],"source" 123,"object" 123,"acknowledged"\ true,"action" 123,"action userids" \["string"],"suppressed"\ true,"symptom"\ true,"severities" \[123],"trigger severities" \[123],"evaltype" 123,"tags" \[{"tag" "string","value" "string","operator" "string"}],"eventid from" "string","eventid till" "string","time from" "string","time till" "string","problem time from" "string","problem time till" "string","value" \[123],"selectacknowledges" "string","selectalerts" "string","selecthosts" "string","selectrelatedobject" "string","selectsuppressiondata" "string","selecttags" "string","filter" {},"sortfield" \["string"],"groupby" \["string"],"countoutput"\ true,"editable"\ true,"excludesearch"\ true,"limit" 123,"output" "extend","preservekeys"\ true,"search" {},"searchbyany"\ true,"searchwildcardsenabled"\ true,"sortorder" "asc","startsearch"\ true}} output parameter type description status code number http status code of the response reason string response reason phrase jsonrpc string output field jsonrpc result array result of the operation result eventid string unique identifier result source string result of the operation result object string result of the operation result objectid string unique identifier result clock string result of the operation result value string value for the parameter result acknowledged string result of the operation result ns string result of the operation result name string name of the resource result severity string result of the operation result r eventid string unique identifier result c eventid string unique identifier result correlationid string unique identifier result userid string unique identifier result cause eventid string unique identifier result acknowledges array result of the operation result acknowledges acknowledgeid string unique identifier result acknowledges userid string unique identifier result acknowledges clock string result of the operation result acknowledges message string result of the operation result acknowledges action string result of the operation output example {"status code" 200,"response headers" {"content length" "140","content type" "application/json","date" "thu, 6 mar 2025 20 37 23 gmt"},"reason" "ok","json body" {"jsonrpc" "2 0","result" \[{},{}],"id" 1}} get trigger retrieves zabbix triggers based on specified parameters, with role based permissions for access control endpoint url /zabbix/api jsonrpc php method post input argument name type required description jsonrpc string optional version of the json rpc protocol default value is 2 0 id number optional id of the request method string optional method to call params object optional parameters for the method params triggerids array optional return only triggers with the given ids params groupids array optional return only triggers that belong to hosts or templates from the given host groups or template groups params templateids array optional return only triggers that belong to the given templates params hostids array optional return only triggers that belong to the given hosts params itemids array optional return only triggers that contain the given items params functions array optional return only triggers that use the given functions refer to the supported function page for a list of supported functions params group string optional return only triggers that belong to hosts or templates from the host group or template group with the given name params host string optional return only triggers that belong to host with the given technical name params inherited boolean optional if set to true return only triggers inherited from a template params templated boolean optional if set to true return only triggers that belong to templates params dependent boolean optional if set to true return only triggers that have dependencies if set to false return only triggers that do not have dependencies params monitored boolean optional return only enabled triggers that belong to monitored hosts and contain only enabled items params active boolean optional return only enabled triggers that belong to monitored hosts params maintenance boolean optional if set to true return only enabled triggers that belong to hosts in maintenance params withunacknowledgedevents boolean optional return only triggers that have unacknowledged events params withacknowledgedevents boolean optional return only triggers with all events acknowledged params withlasteventunacknowledged boolean optional return only triggers with the last event unacknowledged params skipdependent boolean optional skip triggers in a problem state that are dependent on other triggers note that the other triggers are ignored if disabled, have disabled items or disabled item hosts params lastchangesince string optional return only triggers that have changed their state after the given time params lastchangetill string optional return only triggers that have changed their state before the given time params only true boolean optional return only triggers that have recently been in a problem state input example {"jsonrpc" 2 0,"id" 123,"method" "trigger get","params" {"triggerids" \["string"],"groupids" \["string"],"templateids" \["string"],"hostids" \["string"],"itemids" \["string"],"functions" \["string"],"group" "string","host" "string","inherited"\ true,"templated"\ true,"dependent"\ true,"monitored"\ true,"active"\ true,"maintenance"\ true,"withunacknowledgedevents"\ true,"withacknowledgedevents"\ true,"withlasteventunacknowledged"\ true,"skipdependent"\ true,"lastchangesince" "string","lastchangetill" "string","only true"\ true,"min severity" 123,"evaltype" 123,"tags" \[{"tag" "string","value" "string","operator" "string"}],"expandcomment"\ true,"expanddescription"\ true,"expandexpression"\ true,"selecthostgroups" "string","selecthosts" "string","selectitems" "string","selectfunctions" "string","selectdependencies" "string","selectdiscoveryrule" "string","selectlastevent" "string","selecttags" "string","selecttemplategroups" "string","selecttriggerdiscovery" "string","filter" {},"limitselects" 123,"sortfield" \["string"],"countoutput"\ true,"editable"\ true,"excludesearch"\ true,"limit" 123,"output" \["string"],"preservekeys"\ true,"search" {},"searchbyany"\ true,"searchwildcardsenabled"\ true,"sortorder" "asc"}} output parameter type description status code number http status code of the response reason string response reason phrase jsonrpc string output field jsonrpc result array result of the operation result triggerid string unique identifier result expression string result of the operation result description string result of the operation result url string url endpoint for the request result status string status value result value string value for the parameter result priority string result of the operation result lastchange string result of the operation result comments string result of the operation result error string result of the operation result templateid string unique identifier result type string type of the resource result state string result of the operation result flags string result of the operation result recovery mode string result of the operation result recovery expression string result of the operation result correlation mode string result of the operation result correlation tag string result of the operation result manual close string result of the operation result opdata string response data result event name string name of the resource output example {"status code" 200,"response headers" {"content length" "140","content type" "application/json","date" "thu, 6 mar 2025 20 37 23 gmt"},"reason" "ok","json body" {"jsonrpc" "2 0","result" \[{}],"id" 1}} response headers header description example content length the length of the response body in bytes 140 content type the media type of the resource application/json date the date and time at which the message was originated thu, 2 may 2024 20 37 23 gmt