Tenable Security Center API: Alert

Gets the list of Alerts.

Fields Parameter

Expand

The fields parameter should be specified along the query string, and it takes the syntax

    ?fields=<field>,...

Allowed Fields

*id
**name
**description
**status
owner
ownerGroup
triggerName
triggerOperator
triggerValue
modifiedTime
createdTime
lastTriggered
lastEvaluated
executeOnEveryTrigger
didTriggerLastEvaluation
schedule
action
query
canUse
canManage

Legend

* = always comes back

** = comes back if fields list not specified on GET all

redFont =  field is a JSON object ( e.g. "repository" :{ "id" : <id>, "name" : <name> } )

Filter Parameters

usable - The response will be an object containing an array of usable Alerts. By default, both usable and manageable objects are returned.
manageable - The response will be an object containing all manageable Alerts. By default, both usable and manageable objects are returned.

Request Query Parameters

None

Example Response

Expand

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23

{     "type" : "regular",     "response" : {         "usable" : [             {                 "id" : "1",                 "name" : "Test Alert 1",                 "description" : "All Action Types, vuln query",                 "status" : "0"          }         ],         "manageable" : [             {                 "id" : "1",                 "name" : "Test Alert 1",                 "description" : "All Action Types, vuln query",                 "status" : "0"          }         ]     },     "error_code" : 0,     "error_msg" : "",     "warnings" : [],     "timestamp" : 1424975381 }

Adds an Alert.

NOTE: Alerts do not currently support Queries of type 'all', 'alert' or 'mobile'. Values for triggerName are based on the Query's 'type' and are as follows:

• query type 'lce': sumip, sumport, listdata
• query type 'vuln': sumip, sumport, sumid
• query type 'ticket': listtickets
• query type 'user': listusers

Request Parameters

Expand

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55

{     "name" : <string>,     "description" : <string> DEFAULT "",     "query" : {         <valid Query Object> | "id" : <number>  },     "triggerName" : <string>,     "triggerOperator" : <string> '>=' | '<=' | '=' | '!=',     "triggerValue" : <number>,     "executeOnEveryTrigger" : <string> "false" | "true" DEFAULT "false",     "schedule" : {         "type" : <string> "dependent" | "ical" | "never" | "rollover" | "template" DEFAULT "never"        type "ical"     -----------         "start" : <string> (This value takes the iCal format),         "repeatRule" : <string> (This value takes the repeat rule format)     },     "action" : [         {             "type" : <string> "email" | "notification" | "report" | "scan" | "syslog" | "ticket",               type "email"            ------------             "subject" : <string>,             "message" : <string> DEFAULT "",             "addresses" : <string> (valid email addresses separated by '\n') DEFAULT "",             "users" : [                 {                     "id" : <number>               }...             ] DEFAULT [],             "includeResults" : <string> "false" | "true" DEFAULT "true"                       type "notification"         ------------             "message" : <string>,             "users" : [                 {                     "id" : <string>               }...             ]                           type "report"           ------------             "report" : {                 "id" : <number>           }                           type "scan"         ------------             "scan" : {                 "id" : <number>,             }                           type "syslog"           ------------             "host" : <string> (valid IP address),             "port" : <string> (valid server port),             "message"   : <string>,             "severity"  : <string> "Critical" | "Notice" | "Warning"          type "ticket"           ------------             "assignee" : {                 "id" : <number>           },             "name" : <string> DEFAULT "",             "description" : <string> DEFAULT "",             "notes" : <string> DEFAULT ""     }...     ] }

Example Response

Expand

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160

{     "type" : "regular",     "response" : {         "id" : "2",         "name" : "Test Patch",         "description" : "All Action Types, vuln query",         "triggerName" : "sumip",         "triggerOperator" : "=",         "triggerValue" : "1000",         "modifiedTime" : "1424978025",         "createdTime" : "1424976588",         "lastTriggered" : "0",         "lastEvaluated" : "1424978004",         "executeOnEveryTrigger" : "false",         "didTriggerLastEvaluation" : "false",         "status" : "0",         "action" : [             {                 "id" : "61",                 "type" : "email",                 "definition" : {                     "subject" : "Test Email Action",                     "message" : "",                     "addresses" : "",                     "users" : [                         {                             "id" : "1",                             "username" : "head",                             "firstname" : "Security Manager",                             "lastname" : "",                             "uuid" : "11B3FACD-5E6F-4D8D-B596-5992EECC9104"                     }                     ],                     "includeResults" : "true"               },                 "objectID" : "-1",                 "status" : "0",                 "users" : [                     {                         "id" : "1",                         "username" : "head",                         "firstname" : "Security Manager",                         "lastname" : "",                         "uuid" : "11B3FACD-5E6F-4D8D-B596-5992EECC9104"                 }                 ]             },             {                 "id" : "62",                 "type" : "notification",                 "definition" : {                     "message" : "Test Notification Action",                     "users" : [                         {                             "id" : "1",                             "username" : "head",                             "firstname" : "Security Manager",                             "lastname" : "",                             "uuid" : "11B3FACD-5E6F-4D8D-B596-5992EECC9104"                     }                     ]                 },                 "objectID" : "-1",                 "status" : "0",                 "users" : [                     {                         "id" : "1",                         "username" : "head",                         "firstname" : "Security Manager",                         "lastname" : "",                         "uuid" : "11B3FACD-5E6F-4D8D-B596-5992EECC9104"                 }                 ]             },             {                 "id" : "63",                 "type" : "report",                 "definition" : {                     "reportID" : "11",                     "report" : {                         "id" : -1,                         "name" : "",                         "description" : ""                  }                 },                 "objectID" : "11",                 "status" : "0",                 "users" : []             },             {                 "id" : "64",                 "type" : "scan",                 "definition" : {                     "scan" : {                         "id" : "60",                         "name" : "Test Scan",                         "description" : "Used for Alert - needs to be default template schedule",                         "type" : "policy",                         "uuid" : "29F2B9E1-ADE9-4550-B63C-CEA1423E52FC"                 }                 },                 "objectID" : "60",                 "status" : "0",                 "users" : []             },             {                 "id" : "65",                 "type" : "syslog",                 "definition" : {                     "host" : "127.0.0.1",                     "port" : "22",                     "message" : "127.0.0.1 port 22",                     "severity" : {                         "id" : -1,                         "name" : "",                         "description" : ""                  }                 },                 "objectID" : "-1",                 "status" : "0",                 "users" : []             },             {                 "id" : "66",                 "type" : "ticket",                 "definition" : {                     "name" : "",                     "description" : "",                     "notes" : "",                     "assigneeID" : "1",                     "assignee" : {                         "id" : "1",                         "username" : "head",                         "firstname" : "Security Manager",                         "lastname" : "",                         "uuid" : "11B3FACD-5E6F-4D8D-B596-5992EECC9104"                 }                 },                 "objectID" : "-1",                 "status" : "0",                 "users" : []             }         ],         "schedule" : {             "type" : "never",             "start" : "",             "repeatRule" : ""       },         "query" : {             "id" : "2",             "name" : "Post Copy Response Example",             "description" : ""      },         "canUse" : "true",         "canManage" : "true",         "owner" : {             "id" : "1",             "username" : "head",             "firstname" : "Security Manager",             "lastname" : "",             "uuid" : "11B3FACD-5E6F-4D8D-B596-5992EECC9104"     },         "ownerGroup" : {             "id" : "0",             "name" : "Full Access",             "description" : "Full Access group"     }     },     "error_code" : 0,     "error_msg" : "",     "warnings" : [],     "timestamp" : 1426867363 }

Gets the Alert associated with {id}.

Fields Parameter

Expand

The fields parameter should be specified along the query string, and it takes the syntax

    ?fields=<field>,...

Allowed Fields

*id
**name
**description
**status
owner
ownerGroup
triggerName
triggerOperator
triggerValue
modifiedTime
createdTime
lastTriggered
lastEvaluated
executeOnEveryTrigger
didTriggerLastEvaluation
schedule
action
query
canUse
canManage

Legend

* = always comes back

** = comes back if fields list not specified on GET all

redFont =  field is a JSON object ( e.g. "repository" :{ "id" : <id>, "name" : <name> } )

Request Parameters

None

Example Response

Expand

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160

{     "type" : "regular",     "response" : {         "id" : "2",         "name" : "Test Patch",         "description" : "All Action Types, vuln query",         "triggerName" : "sumip",         "triggerOperator" : "=",         "triggerValue" : "1000",         "modifiedTime" : "1424978025",         "createdTime" : "1424976588",         "lastTriggered" : "0",         "lastEvaluated" : "1424978004",         "executeOnEveryTrigger" : "false",         "didTriggerLastEvaluation" : "false",         "status" : "0",         "action" : [             {                 "id" : "61",                 "type" : "email",                 "definition" : {                     "subject" : "Test Email Action",                     "message" : "",                     "addresses" : "",                     "users" : [                         {                             "id" : "1",                             "username" : "head",                             "firstname" : "Security Manager",                             "lastname" : "",                             "uuid" : "11B3FACD-5E6F-4D8D-B596-5992EECC9104"                     }                     ],                     "includeResults" : "true"               },                 "objectID" : "-1",                 "status" : "0",                 "users" : [                     {                         "id" : "1",                         "username" : "head",                         "firstname" : "Security Manager",                         "lastname" : "",                         "uuid" : "11B3FACD-5E6F-4D8D-B596-5992EECC9104"                 }                 ]             },             {                 "id" : "62",                 "type" : "notification",                 "definition" : {                     "message" : "Test Notification Action",                     "users" : [                         {                             "id" : "1",                             "username" : "head",                             "firstname" : "Security Manager",                             "lastname" : "",                             "uuid" : "11B3FACD-5E6F-4D8D-B596-5992EECC9104"                     }                     ]                 },                 "objectID" : "-1",                 "status" : "0",                 "users" : [                     {                         "id" : "1",                         "username" : "head",                         "firstname" : "Security Manager",                         "lastname" : "",                         "uuid" : "11B3FACD-5E6F-4D8D-B596-5992EECC9104"                 }                 ]             },             {                 "id" : "63",                 "type" : "report",                 "definition" : {                     "reportID" : "11",                     "report" : {                         "id" : -1,                         "name" : "",                         "description" : ""                  }                 },                 "objectID" : "11",                 "status" : "0",                 "users" : []             },             {                 "id" : "64",                 "type" : "scan",                 "definition" : {                     "scan" : {                         "id" : "60",                         "name" : "Test Scan",                         "description" : "Used for Alert - needs to be default template schedule",                         "type" : "policy",                         "uuid" : "29F2B9E1-ADE9-4550-B63C-CEA1423E52FC"                 }                 },                 "objectID" : "60",                 "status" : "0",                 "users" : []             },             {                 "id" : "65",                 "type" : "syslog",                 "definition" : {                     "host" : "127.0.0.1",                     "port" : "22",                     "message" : "127.0.0.1 port 22",                     "severity" : {                         "id" : -1,                         "name" : "",                         "description" : ""                  }                 },                 "objectID" : "-1",                 "status" : "0",                 "users" : []             },             {                 "id" : "66",                 "type" : "ticket",                 "definition" : {                     "name" : "",                     "description" : "",                     "notes" : "",                     "assigneeID" : "1",                     "assignee" : {                         "id" : "1",                         "username" : "head",                         "firstname" : "Security Manager",                         "lastname" : "",                         "uuid" : "11B3FACD-5E6F-4D8D-B596-5992EECC9104"                 }                 },                 "objectID" : "-1",                 "status" : "0",                 "users" : []             }         ],         "schedule" : {             "type" : "never",             "start" : "",             "repeatRule" : ""       },         "query" : {             "id" : "2",             "name" : "Post Copy Response Example",             "description" : ""      },         "canUse" : "true",         "canManage" : "true",         "owner" : {             "id" : "1",             "username" : "head",             "firstname" : "Security Manager",             "lastname" : "",             "uuid" : "11B3FACD-5E6F-4D8D-B596-5992EECC9104"     },         "ownerGroup" : {             "id" : "0",             "name" : "Full Access",             "description" : "Full Access group"     }     },     "error_code" : 0,     "error_msg" : "",     "warnings" : [],     "timestamp" : 1426867363 }

Edits the Alert associated with {id}, changing only the passed in fields.

Request Parameters

(All fields are optional)

See /alert::POST for parameters.

Example Response

See /alert/{id}::GET for example response.

Deletes the Alert associated with {id}, depending on access and permissions.

Request Parameters

None

Example Response

Expand

1 2 3 4 5 6 7 8

{     "type" : "regular",     "response" : "1",     "error_code" : 0,     "error_msg" : "",     "warnings" : [],     "timestamp" : 1401911117 }

Executes the Alert associated with {id}, depending on access and permissions

Request Parameters

None

Example Response

Expand

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169

{     "type" : "regular",     "response" : {         "id" : "1",         "name" : "Test Alert 1",         "description" : "All Action Types, vuln query",         "triggerName" : "sumip",         "triggerOperator" : "=",         "triggerValue" : "1000",         "modifiedTime" : "1424812161",         "createdTime" : "1424812161",         "lastTriggered" : "0",         "lastEvaluated" : "0",         "executeOnEveryTrigger" : "false",         "didTriggerLastEvaluation" : "false",         "status" : "0",         "action" : [             {                 "id" : "1",                 "type" : "email",                 "definition" : {                     "subject" : "Test Email Action",                     "message" : "",                     "addresses" : "",                     "users" : [                         {                             "id" : "1",                             "username" : "head",                             "firstname" : "Security Manager",                             "lastname" : "",                             "uuid" : "11B3FACD-5E6F-4D8D-B596-5992EECC9104"                     }                     ],                     "includeResults" : "true"               },                 "objectID" : "-1",                 "status" : "0",                 "subject" : "Test Email Action",                 "message" : "",                 "addresses" : "",                 "users" : [                     {                         "id" : "1",                         "username" : "head",                         "firstname" : "Security Manager",                         "lastname" : "",                         "uuid" : "11B3FACD-5E6F-4D8D-B596-5992EECC9104"                 }                 ],                 "includeResults" : "true"           },             {                 "id" : "2",                 "type" : "notification",                 "definition" : {                     "message" : "Test Notification Action",                     "users" : [                         {                             "id" : "1",                             "username" : "head",                             "firstname" : "Security Manager",                             "lastname" : "",                             "uuid" : "11B3FACD-5E6F-4D8D-B596-5992EECC9104"                     }                     ]                 },                 "objectID" : "-1",                 "status" : "0",                 "message" : "Test Notification Action",                 "users" : [                     {                         "id" : "1",                         "username" : "head",                         "firstname" : "Security Manager",                         "lastname" : "",                         "uuid" : "11B3FACD-5E6F-4D8D-B596-5992EECC9104"                 }                 ]             },             {                 "id" : "3",                 "type" : "report",                 "definition" : {                     "report" : {                         "id" : "11"                 }                 },                 "objectID" : "11",                 "status" : "0",                 "report" : {                     "id" : "11"             },                 "users" : []             },             {                 "id" : "4",                 "type" : "scan",                 "definition" : {                     "scan" : {                         "id" : "60",                         "name" : "Test Scan",                         "description" : "Used for Alert - needs to be default template schedule",                         "type" : "policy",                         "uuid" : "29F2B9E1-ADE9-4550-B63C-CEA1423E52FC"                 }                 },                 "objectID" : "60",                 "status" : "0",                 "users" : []             },             {                 "id" : "5",                 "type" : "syslog",                 "definition" : {                     "host" : "127.0.0.1",                     "port" : "22",                     "message" : "127.0.0.1 port 22",                     "severity" : {                         "id" : -1,                         "name" : "",                         "description" : ""                  }                 },                 "objectID" : "-1",                 "status" : "0",                 "host" : "127.0.0.1",                 "port" : "22",                 "message" : "127.0.0.1 port 22",                 "severity" : {                     "id" : -1,                     "name" : "",                     "description" : ""              },                 "users" : []             },             {                 "id" : "6",                 "type" : "ticket",                 "definition" : {                     "assignee" : {                         "id" : "1",                         "username" : "head",                         "firstname" : "Security Manager",                         "lastname" : "",                         "uuid" : "11B3FACD-5E6F-4D8D-B596-5992EECC9104"                 },                     "name" : "",                     "description" : "",                     "notes" : ""                },                 "objectID" : "-1",                 "status" : "0",                 "name" : "",                 "description" : "",                 "notes" : "",                 "users" : []             }         ],         "schedule" : {             "type" : "never",             "start" : "",             "repeatRule" : ""       },         "query" : {             "id" : "2"      },         "canUse" : "true",         "canManage" : "true",         "owner" : {             "id" : "1",             "username" : "head",             "firstname" : "Security Manager",             "lastname" : "",             "uuid" : "11B3FACD-5E6F-4D8D-B596-5992EECC9104"     },         "ownerGroup" : {             "id" : "0",             "name" : "Full Access",             "description" : "Full Access group"     }     },     "error_code" : 0,     "error_msg" : "",     "warnings" : [],     "timestamp" : 1424975475 }