Actions These are a collection of endpoints that allow you to interact with incidents.
Acknowledge Incident POST /api/v1/incident/acknowledge
Acknowledge a specified incident.
Show details
Required Parameters auth_token string
A valid auth token
incident string
A valid incident key
Response JSON structure with result indicator.
Example curl https://EXAMPLE.canary.tools/api/v1/incident/acknowledge \
-d auth_token = EXAMPLE_AUTH_TOKEN \
-d incident = EXAMPLE_INCIDENT_KEY
1 2 3
import requests
url = 'https://EXAMPLE.canary.tools/api/v1/incident/acknowledge'
payload = {
'auth_token' : 'EXAMPLE_AUTH_TOKEN' ,
'incident' : 'EXAMPLE_INCIDENT_KEY'
}
r = requests. post( url, data= payload)
print ( r. json( ) )
1 2 3 4 5 6 7 8 9 10 11 12
{
"action" : "acknowledged" ,
"key" : "<incident_key>" ,
"result" : "success"
}
1 2 3 4 5
Delete Incident DELETE /api/v1/incident/delete
Deletes a specified incident.
Show details
Required Parameters auth_token string
A valid auth token
incident string
A valid incident key
Response JSON structure with result indicator.
Example curl -X DELETE https://EXAMPLE.canary.tools/api/v1/incident/delete \
-d auth_token = EXAMPLE_AUTH_TOKEN \
-d incident = EXAMPLE_INCIDENT_KEY
1 2 3
import requests
url = 'https://EXAMPLE.canary.tools/api/v1/incident/delete'
payload = {
'auth_token' : 'EXAMPLE_AUTH_TOKEN' ,
'incident' : 'EXAMPLE_INCIDENT_KEY'
}
r = requests. delete( url, data= payload)
print ( r. json( ) )
1 2 3 4 5 6 7 8 9 10 11 12
{
"action" : "deleted" ,
"key" : "<incident_key>" ,
"result" : "success"
}
1 2 3 4 5
Fetch Incident GET /api/v1/incident/fetch
Retrieve a specified incident.
Show details
Required Parameters auth_token string
A valid auth token
Optional Parameters incident string
A valid incident key
hash_id string
A valid incident hash
extended_details boolean
Return all incident fields
tz string
Timezone for standardised timestamps (fields that end in "_std"). Use the
pytz names to specify the timezone
TIP
Either incident
or hash_id
is required.
Response JSON structure containing the specified incident.
Example curl https://EXAMPLE.canary.tools/api/v1/incident/fetch \
-d auth_token = EXAMPLE_AUTH_TOKEN \
-d incident = EXAMPLE_INCIDENT_KEY \
-G
1 2 3 4
import requests
url = 'https://EXAMPLE.canary.tools/api/v1/incident/fetch'
payload = {
'auth_token' : 'EXAMPLE_AUTH_TOKEN' ,
'incident' : 'EXAMPLE_INCIDENT_KEY'
}
r = requests. get( url, params= payload)
print ( r. json( ) )
1 2 3 4 5 6 7 8 9 10 11 12
{
"incident" : {
"acknowledged" : "False" ,
"created" : "1586260854" ,
"created_std" : "2020-04-07 12:00:54 UTC+0000" ,
"description" : "Telnet Login Attempt" ,
"dst_host" : "<destination_ip>" ,
"dst_port" : "23" ,
"events" : [
{
"PASSWORD" : "<password>" ,
"TERMSIZE" : "91x44" ,
"TERMTYPE" : "XTERM-256COLOR" ,
"USERNAME" : "<username>" ,
"timestamp" : 1586260854 ,
"timestamp_std" : "2020-04-07 12:00:54 UTC+0000"
} ,
] ,
"events_count" : "3" ,
"id" : "<incident_key>" ,
"ip_address" : "" ,
"ippers" : "" ,
"local_time" : "2020-04-07 12:00:53" ,
"logtype" : "6001" ,
"mac_address" : "" ,
"node_id" : "<node_id>" ,
"notified" : "False" ,
"src_host" : "<source_ip>" ,
"src_host_reverse" : "<source_hostname>" ,
"src_port" : "54968"
} ,
"result" : "success"
}
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33
Unacknowledge Incident POST /api/v1/incident/unacknowledge
Unacknowledge a specified incident.
Show details
Required Parameters auth_token string
A valid auth token
incident string
A valid incident key
Response JSON structure with result indicator.
Example curl https://EXAMPLE.canary.tools/api/v1/incident/unacknowledge \
-d auth_token = EXAMPLE_AUTH_TOKEN \
-d incident = EXAMPLE_INCIDENT_KEY
1 2 3
import requests
url = 'https://EXAMPLE.canary.tools/api/v1/incident/unacknowledge'
payload = {
'auth_token' : 'EXAMPLE_AUTH_TOKEN' ,
'incident' : 'EXAMPLE_INCIDENT_KEY'
}
r = requests. post( url, data= payload)
print ( r. json( ) )
1 2 3 4 5 6 7 8 9 10 11 12
{
"action" : "unacknowledged" ,
"key" : "<incident_key>" ,
"result" : "success"
}
1 2 3 4 5
Acknowledge Multiple Incidents POST /api/v1/incidents/acknowledge
Acknowledge multiple incidents.
Show details
Required Parameters auth_token string
A valid auth token
Optional Parameters flock_id string
Acknowledge incidents for a specific flock
node_id string
Acknowledge incidents for a specific node (cannot be used in conjunction with src_host)
src_host string
Acknowledge incidents for a specific source IP address (cannot be used in conjunction with node_id)
older_than string
Acknowledge incidents older than the provided period. Periods are "[quantity][unit]", where "[unit]" is one of 'h', 'd', 'w' (hours, days or weeks) e.g. 1h or 1d or 1w
filter_str string
The string used when searching for incidents to be acknowledged. This string will attempt to match against incident details such
filter_logtypes string
The logtype of the incidents to be acknowledged
TIP
At least one of the optional parameters is required.
Response JSON structure with result indicator.
Example curl https://EXAMPLE.canary.tools/api/v1/incidents/acknowledge \
-d auth_token = EXAMPLE_AUTH_TOKEN \
-d node_id = EXAMPLE_NODE_ID
1 2 3
import requests
url = 'https://EXAMPLE.canary.tools/api/v1/incidents/acknowledge'
payload = {
'auth_token' : 'EXAMPLE_AUTH_TOKEN' ,
'node_id' : 'EXAMPLE_NODE_ID'
}
r = requests. post( url, data= payload)
print ( r. json( ) )
1 2 3 4 5 6 7 8 9 10 11 12
{
"action" : "acknowledged" ,
"keys" : [
"<incident_key>" ,
"<incident_key>" ,
"<incident_key>" ,
"<incident_key>" ,
"<incident_key>" ,
"<incident_key>" ,
"<incident_key>"
] ,
"result" : "success"
}
1 2 3 4 5 6 7 8 9 10 11 12 13
Delete Multiple Incidents DELETE /api/v1/incidents/delete
Delete multiple acknowledged incidents.
Show details
Required Parameters auth_token string
A valid auth token
Optional Parameters flock_id string
Delete incidents for a specific flock
node_id string
Delete incidents for a specific node (cannot be used in conjunction with src_host)
src_host string
Delete incidents for a specific source IP address (cannot be used in conjunction with src_host)
older_than string
Delete incidents older than the provided period. Periods are "[quantity][unit]", where "[unit]" is one of 'h', 'd', 'w' (hours, days or weeks) e.g. 1h or 1d or 1w
filter_str string
The string used when searching for incidents to be deleted. This string will attempt to match against incident details such
filter_logtypes string
The logtype of the incidents to be deleted
include_unacknowledged boolean
Include unacknowledged incidents when deleting
TIP
At least one of the optional parameters is required.
Response JSON structure with result indicator.
Example curl -X DELETE https://EXAMPLE.canary.tools/api/v1/incidents/delete \
-d auth_token = EXAMPLE_AUTH_TOKEN \
-d node_id = EXAMPLE_NODE_ID
1 2 3
import requests
url = 'https://EXAMPLE.canary.tools/api/v1/incidents/delete'
payload = {
'auth_token' : 'EXAMPLE_AUTH_TOKEN' ,
'node_id' : 'EXAMPLE_NODE_ID'
}
r = requests. delete( url, data= payload)
print ( r. json( ) )
1 2 3 4 5 6 7 8 9 10 11 12
{
"action" : "deleted" ,
"keys" : [
"<incident_key>" ,
"<incident_key>" ,
"<incident_key>" ,
"<incident_key>"
] ,
"result" : "success"
}
1 2 3 4 5 6 7 8 9 10
Unacknowledge Multiple Incidents POST /api/v1/incidents/unacknowledge
Unacknowledge multiple incidents.
Show details
Required Parameters auth_token string
A valid auth token
Optional Parameters flock_id string
Unacknowledge incidents for a specific flock
node_id string
Unacknowledge incidents for a specific node (cannot be used in conjunction with src_host)
src_host string
Unacknowledge incidents for a specific source IP address (cannot be used in conjunction with src_host)
older_than string
Unacknowledge incidents older than the provided period. Periods are "[quantity][unit]", where "[unit]" is one of 'h', 'd', 'w' (hours, days or weeks) e.g. 1h or 1d or 1w
filter_str string
The string used when searching for incidents to be unacknowledged. This string will attempt to match against incident details such
filter_logtypes string
The logtype of the incidents to be unacknowledged
TIP
At least one of the optional parameters is required.
Response JSON structure with result indicator.
Example curl https://EXAMPLE.canary.tools/api/v1/incidents/unacknowledge \
-d auth_token = EXAMPLE_AUTH_TOKEN \
-d node_id = EXAMPLE_NODE_ID
1 2 3
import requests
url = 'https://EXAMPLE.canary.tools/api/v1/incidents/unacknowledge'
payload = {
'auth_token' : 'EXAMPLE_AUTH_TOKEN' ,
'node_id' : 'EXAMPLE_NODE_ID'
}
r = requests. post( url, data= payload)
print ( r. json( ) )
1 2 3 4 5 6 7 8 9 10 11 12
{
"action" : "unacknowledged" ,
"keys" : [
"<incident_key>" ,
"<incident_key>" ,
"<incident_key>" ,
"<incident_key>" ,
"<incident_key>" ,
"<incident_key>" ,
"<incident_key>"
] ,
"result" : "success"
}
1 2 3 4 5 6 7 8 9 10 11 12 13
Last Updated: 2/1/2021, 9:35:30 AM