Tenable Security Center API: Alert

 

/alert

Methods
GET

Gets the list of Alerts.

Fields Parameter
Expand

The fields parameter should be specified along the query string, and it takes the syntax

    ?fields=<field>,...

Allowed Fields

*id
**name
**description
**status
owner
ownerGroup

triggerName
triggerOperator
triggerValue
modifiedTime
createdTime
lastTriggered
lastEvaluated
executeOnEveryTrigger
didTriggerLastEvaluation
schedule
action
query
canUse
canManage

Legend

* = always comes back

** = comes back if fields list not specified on GET all
redFont =  field is a JSON object e.g. "repository" :{ "id" : <id>, "name" : <name> } )
Filter Parameters

usable - The response will be an object containing an array of usable Alerts. By default, both usable and manageable objects are returned.
manageable - The response will be an object containing all manageable Alerts. By default, both usable and manageable objects are returned.

Request Query Parameters

None

Example Response
Expand
{
	"type" : "regular",
	"response" : {
		"usable" : [
			{
				"id" : "1",
				"name" : "Test Alert 1",
				"description" : "All Action Types, vuln query",
				"status" : "0"
			}
		],
		"manageable" : [
			{
				"id" : "1",
				"name" : "Test Alert 1",
				"description" : "All Action Types, vuln query",
				"status" : "0"
			}
		]
	},
	"error_code" : 0,
	"error_msg" : "",
	"warnings" : [],
	"timestamp" : 1424975381
}

POST

Adds an Alert.

NOTE: Alerts do not currently support Queries of type 'all', 'alert' or 'mobile'. Values for triggerName are based on the Query's 'type' and are as follows:

  • query type 'lce': sumip, sumport, listdata
  • query type 'vuln': sumip, sumport, sumid
  • query type 'ticket': listtickets
  • query type 'user': listusers
Request Parameters
Expand
{
	"name" : <string>,
	"description" : <string> DEFAULT "",
	"query" : {
		<valid Query Object> | "id" : <number>
	},
	"triggerName" : <string>,
	"triggerOperator" : <string> '>=' | '<=' | '=' | '!=',
	"triggerValue" : <number>,
	"executeOnEveryTrigger" : <string> "false" | "true" DEFAULT "false",
	"schedule" : {
		"type" : <string> "dependent" | "ical" | "never" | "rollover" | "template" DEFAULT "never"
		type "ical"
		-----------
		"start" : <string> (This value takes the iCal format),
		"repeatRule" : <string> (This value takes the repeat rule format)
	},
	"action" : [
		{
			"type" : <string> "email" | "notification" | "report" | "scan" | "syslog" | "ticket",

			type "email"
			------------
			"subject" : <string>,
			"message" : <string> DEFAULT "",
			"addresses" : <string> (valid email addresses separated by '\n') DEFAULT "",
			"users" : [
				{
					"id" : <number>
				}...
			] DEFAULT [],
			"includeResults" : <string> "false" | "true" DEFAULT "true"
			
			type "notification"
			------------
			"message" : <string>,
			"users" : [
				{
					"id" : <string>
				}...
			]
			
			type "report"
			------------
			"report" : {
				"id" : <number>
			}
			
			type "scan"
			------------
			"scan" : {
				"id" : <number>,
			}
			
			type "syslog"
			------------
			"host" : <string> (valid IP address),
			"port" : <string> (valid server port),
			"message"	: <string>,
			"severity"	: <string> "Critical" | "Notice" | "Warning"
			type "ticket"
			------------
			"assignee" : {
				"id" : <number>
			},
			"name" : <string> DEFAULT "",
			"description" : <string> DEFAULT "",
			"notes" : <string> DEFAULT ""
		}...
	]
}
Example Response
Expand
{
	"type" : "regular",
	"response" : {
		"id" : "2",
		"name" : "Test Patch",
		"description" : "All Action Types, vuln query",
		"triggerName" : "sumip",
		"triggerOperator" : "=",
		"triggerValue" : "1000",
		"modifiedTime" : "1424978025",
		"createdTime" : "1424976588",
		"lastTriggered" : "0",
		"lastEvaluated" : "1424978004",
		"executeOnEveryTrigger" : "false",
		"didTriggerLastEvaluation" : "false",
		"status" : "0",
		"action" : [
			{
				"id" : "61",
				"type" : "email",
				"definition" : {
					"subject" : "Test Email Action",
					"message" : "",
					"addresses" : "",
					"users" : [
						{
							"id" : "1",
							"username" : "head",
							"firstname" : "Security Manager",
							"lastname" : "",
							"uuid" : "11B3FACD-5E6F-4D8D-B596-5992EECC9104"
						}
					],
					"includeResults" : "true"
				},
				"objectID" : "-1",
				"status" : "0",
				"users" : [
					{
						"id" : "1",
						"username" : "head",
						"firstname" : "Security Manager",
						"lastname" : "",
						"uuid" : "11B3FACD-5E6F-4D8D-B596-5992EECC9104"
					}
				]
			},
			{
				"id" : "62",
				"type" : "notification",
				"definition" : {
					"message" : "Test Notification Action",
					"users" : [
						{
							"id" : "1",
							"username" : "head",
							"firstname" : "Security Manager",
							"lastname" : "",
							"uuid" : "11B3FACD-5E6F-4D8D-B596-5992EECC9104"
						}
					]
				},
				"objectID" : "-1",
				"status" : "0",
				"users" : [
					{
						"id" : "1",
						"username" : "head",
						"firstname" : "Security Manager",
						"lastname" : "",
						"uuid" : "11B3FACD-5E6F-4D8D-B596-5992EECC9104"
					}
				]
			},
			{
				"id" : "63",
				"type" : "report",
				"definition" : {
					"reportID" : "11",
					"report" : {
						"id" : -1,
						"name" : "",
						"description" : ""
					}
				},
				"objectID" : "11",
				"status" : "0",
				"users" : []
			},
			{
				"id" : "64",
				"type" : "scan",
				"definition" : {
					"scan" : {
						"id" : "60",
						"name" : "Test Scan",
						"description" : "Used for Alert - needs to be default template schedule",
						"type" : "policy",
						"uuid" : "29F2B9E1-ADE9-4550-B63C-CEA1423E52FC"
					}
				},
				"objectID" : "60",
				"status" : "0",
				"users" : []
			},
			{
				"id" : "65",
				"type" : "syslog",
				"definition" : {
					"host" : "127.0.0.1",
					"port" : "22",
					"message" : "127.0.0.1 port 22",
					"severity" : {
						"id" : -1,
						"name" : "",
						"description" : ""
					}
				},
				"objectID" : "-1",
				"status" : "0",
				"users" : []
			},
			{
				"id" : "66",
				"type" : "ticket",
				"definition" : {
					"name" : "",
					"description" : "",
					"notes" : "",
					"assigneeID" : "1",
					"assignee" : {
						"id" : "1",
						"username" : "head",
						"firstname" : "Security Manager",
						"lastname" : "",
						"uuid" : "11B3FACD-5E6F-4D8D-B596-5992EECC9104"
					}
				},
				"objectID" : "-1",
				"status" : "0",
				"users" : []
			}
		],
		"schedule" : {
			"type" : "never",
			"start" : "",
			"repeatRule" : ""
		},
		"query" : {
			"id" : "2",
			"name" : "Post Copy Response Example",
			"description" : ""
		},
		"canUse" : "true",
		"canManage" : "true",
		"owner" : {
			"id" : "1",
			"username" : "head",
			"firstname" : "Security Manager",
			"lastname" : "",
			"uuid" : "11B3FACD-5E6F-4D8D-B596-5992EECC9104"
		},
		"ownerGroup" : {
			"id" : "0",
			"name" : "Full Access",
			"description" : "Full Access group"
		}
	},
	"error_code" : 0,
	"error_msg" : "",
	"warnings" : [],
	"timestamp" : 1426867363
}

/alert/{id}

Methods
GET

Gets the Alert associated with {id}.

Fields Parameter
Expand

The fields parameter should be specified along the query string, and it takes the syntax

    ?fields=<field>,...

Allowed Fields

*id
**name
**description
**status
owner
ownerGroup

triggerName
triggerOperator
triggerValue
modifiedTime
createdTime
lastTriggered
lastEvaluated
executeOnEveryTrigger
didTriggerLastEvaluation
schedule
action
query
canUse
canManage

Legend

* = always comes back

** = comes back if fields list not specified on GET all
redFont =  field is a JSON object e.g. "repository" :{ "id" : <id>, "name" : <name> } )
Request Parameters

None

Example Response
Expand
{
	"type" : "regular",
	"response" : {
		"id" : "2",
		"name" : "Test Patch",
		"description" : "All Action Types, vuln query",
		"triggerName" : "sumip",
		"triggerOperator" : "=",
		"triggerValue" : "1000",
		"modifiedTime" : "1424978025",
		"createdTime" : "1424976588",
		"lastTriggered" : "0",
		"lastEvaluated" : "1424978004",
		"executeOnEveryTrigger" : "false",
		"didTriggerLastEvaluation" : "false",
		"status" : "0",
		"action" : [
			{
				"id" : "61",
				"type" : "email",
				"definition" : {
					"subject" : "Test Email Action",
					"message" : "",
					"addresses" : "",
					"users" : [
						{
							"id" : "1",
							"username" : "head",
							"firstname" : "Security Manager",
							"lastname" : "",
							"uuid" : "11B3FACD-5E6F-4D8D-B596-5992EECC9104"
						}
					],
					"includeResults" : "true"
				},
				"objectID" : "-1",
				"status" : "0",
				"users" : [
					{
						"id" : "1",
						"username" : "head",
						"firstname" : "Security Manager",
						"lastname" : "",
						"uuid" : "11B3FACD-5E6F-4D8D-B596-5992EECC9104"
					}
				]
			},
			{
				"id" : "62",
				"type" : "notification",
				"definition" : {
					"message" : "Test Notification Action",
					"users" : [
						{
							"id" : "1",
							"username" : "head",
							"firstname" : "Security Manager",
							"lastname" : "",
							"uuid" : "11B3FACD-5E6F-4D8D-B596-5992EECC9104"
						}
					]
				},
				"objectID" : "-1",
				"status" : "0",
				"users" : [
					{
						"id" : "1",
						"username" : "head",
						"firstname" : "Security Manager",
						"lastname" : "",
						"uuid" : "11B3FACD-5E6F-4D8D-B596-5992EECC9104"
					}
				]
			},
			{
				"id" : "63",
				"type" : "report",
				"definition" : {
					"reportID" : "11",
					"report" : {
						"id" : -1,
						"name" : "",
						"description" : ""
					}
				},
				"objectID" : "11",
				"status" : "0",
				"users" : []
			},
			{
				"id" : "64",
				"type" : "scan",
				"definition" : {
					"scan" : {
						"id" : "60",
						"name" : "Test Scan",
						"description" : "Used for Alert - needs to be default template schedule",
						"type" : "policy",
						"uuid" : "29F2B9E1-ADE9-4550-B63C-CEA1423E52FC"
					}
				},
				"objectID" : "60",
				"status" : "0",
				"users" : []
			},
			{
				"id" : "65",
				"type" : "syslog",
				"definition" : {
					"host" : "127.0.0.1",
					"port" : "22",
					"message" : "127.0.0.1 port 22",
					"severity" : {
						"id" : -1,
						"name" : "",
						"description" : ""
					}
				},
				"objectID" : "-1",
				"status" : "0",
				"users" : []
			},
			{
				"id" : "66",
				"type" : "ticket",
				"definition" : {
					"name" : "",
					"description" : "",
					"notes" : "",
					"assigneeID" : "1",
					"assignee" : {
						"id" : "1",
						"username" : "head",
						"firstname" : "Security Manager",
						"lastname" : "",
						"uuid" : "11B3FACD-5E6F-4D8D-B596-5992EECC9104"
					}
				},
				"objectID" : "-1",
				"status" : "0",
				"users" : []
			}
		],
		"schedule" : {
			"type" : "never",
			"start" : "",
			"repeatRule" : ""
		},
		"query" : {
			"id" : "2",
			"name" : "Post Copy Response Example",
			"description" : ""
		},
		"canUse" : "true",
		"canManage" : "true",
		"owner" : {
			"id" : "1",
			"username" : "head",
			"firstname" : "Security Manager",
			"lastname" : "",
			"uuid" : "11B3FACD-5E6F-4D8D-B596-5992EECC9104"
		},
		"ownerGroup" : {
			"id" : "0",
			"name" : "Full Access",
			"description" : "Full Access group"
		}
	},
	"error_code" : 0,
	"error_msg" : "",
	"warnings" : [],
	"timestamp" : 1426867363
}

PATCH

Edits the Alert associated with {id}, changing only the passed in fields.

Request Parameters

(All fields are optional)

See /alert::POST for parameters.

Example Response

See /alert/{id}::GET for example response.

DELETE

Deletes the Alert associated with {id}, depending on access and permissions.

Request Parameters

None

Example Response
Expand
{
	"type" : "regular",
	"response" : "1",
	"error_code" : 0,
	"error_msg" : "",
	"warnings" : [],
	"timestamp" : 1401911117
}

/alert/{id}/execute

Methods
POST

Executes the Alert associated with {id}, depending on access and permissions

Request Parameters

None

Example Response
Expand
{
	"type" : "regular",
	"response" : {
		"id" : "1",
		"name" : "Test Alert 1",
		"description" : "All Action Types, vuln query",
		"triggerName" : "sumip",
		"triggerOperator" : "=",
		"triggerValue" : "1000",
		"modifiedTime" : "1424812161",
		"createdTime" : "1424812161",
		"lastTriggered" : "0",
		"lastEvaluated" : "0",
		"executeOnEveryTrigger" : "false",
		"didTriggerLastEvaluation" : "false",
		"status" : "0",
		"action" : [
			{
				"id" : "1",
				"type" : "email",
				"definition" : {
					"subject" : "Test Email Action",
					"message" : "",
					"addresses" : "",
					"users" : [
						{
							"id" : "1",
							"username" : "head",
							"firstname" : "Security Manager",
							"lastname" : "",
							"uuid" : "11B3FACD-5E6F-4D8D-B596-5992EECC9104"
						}
					],
					"includeResults" : "true"
				},
				"objectID" : "-1",
				"status" : "0",
				"subject" : "Test Email Action",
				"message" : "",
				"addresses" : "",
				"users" : [
					{
						"id" : "1",
						"username" : "head",
						"firstname" : "Security Manager",
						"lastname" : "",
						"uuid" : "11B3FACD-5E6F-4D8D-B596-5992EECC9104"
					}
				],
				"includeResults" : "true"
			},
			{
				"id" : "2",
				"type" : "notification",
				"definition" : {
					"message" : "Test Notification Action",
					"users" : [
						{
							"id" : "1",
							"username" : "head",
							"firstname" : "Security Manager",
							"lastname" : "",
							"uuid" : "11B3FACD-5E6F-4D8D-B596-5992EECC9104"
						}
					]
				},
				"objectID" : "-1",
				"status" : "0",
				"message" : "Test Notification Action",
				"users" : [
					{
						"id" : "1",
						"username" : "head",
						"firstname" : "Security Manager",
						"lastname" : "",
						"uuid" : "11B3FACD-5E6F-4D8D-B596-5992EECC9104"
					}
				]
			},
			{
				"id" : "3",
				"type" : "report",
				"definition" : {
					"report" : {
						"id" : "11"
					}
				},
				"objectID" : "11",
				"status" : "0",
				"report" : {
					"id" : "11"
				},
				"users" : []
			},
			{
				"id" : "4",
				"type" : "scan",
				"definition" : {
					"scan" : {
						"id" : "60",
						"name" : "Test Scan",
						"description" : "Used for Alert - needs to be default template schedule",
						"type" : "policy",
						"uuid" : "29F2B9E1-ADE9-4550-B63C-CEA1423E52FC"
					}
				},
				"objectID" : "60",
				"status" : "0",
				"users" : []
			},
			{
				"id" : "5",
				"type" : "syslog",
				"definition" : {
					"host" : "127.0.0.1",
					"port" : "22",
					"message" : "127.0.0.1 port 22",
					"severity" : {
						"id" : -1,
						"name" : "",
						"description" : ""
					}
				},
				"objectID" : "-1",
				"status" : "0",
				"host" : "127.0.0.1",
				"port" : "22",
				"message" : "127.0.0.1 port 22",
				"severity" : {
					"id" : -1,
					"name" : "",
					"description" : ""
				},
				"users" : []
			},
			{
				"id" : "6",
				"type" : "ticket",
				"definition" : {
					"assignee" : {
						"id" : "1",
						"username" : "head",
						"firstname" : "Security Manager",
						"lastname" : "",
						"uuid" : "11B3FACD-5E6F-4D8D-B596-5992EECC9104"
					},
					"name" : "",
					"description" : "",
					"notes" : ""
				},
				"objectID" : "-1",
				"status" : "0",
				"name" : "",
				"description" : "",
				"notes" : "",
				"users" : []
			}
		],
		"schedule" : {
			"type" : "never",
			"start" : "",
			"repeatRule" : ""
		},
		"query" : {
			"id" : "2"
		},
		"canUse" : "true",
		"canManage" : "true",
		"owner" : {
			"id" : "1",
			"username" : "head",
			"firstname" : "Security Manager",
			"lastname" : "",
			"uuid" : "11B3FACD-5E6F-4D8D-B596-5992EECC9104"
		},
		"ownerGroup" : {
			"id" : "0",
			"name" : "Full Access",
			"description" : "Full Access group"
		}
	},
	"error_code" : 0,
	"error_msg" : "",
	"warnings" : [],
	"timestamp" : 1424975475
}