Event¶
This index stores all the incoming events.
Schema¶
Field |
Type |
Required |
Readonly |
Auto Managed |
Example |
|
---|---|---|---|---|---|---|
|
String |
True |
True |
False |
dsalkasdioi232382yieyqwuiy |
Warning
It is not possible to update readonly fields.
it is not possible to set the Auto managed fields.
Note
id
is required but it is auto-generated if not provided. It is recommended to provide a friendly for simplify the retrieve of connected date in other indices.
Create¶
To create a new event use the following REST call:
-
POST
/event/
(string: id)¶ with the request body in JSON format:
POST /event HTTP/1.1 Host: cb-manager.example.com Content-Type: application/json { "id": "<event-id>" }
- Parameters
id – optional event id.
- Request Headers
Authorization – HTTP Basic Authentication with username and password.
Content-Type – application/json
- Response Headers
Content-Type – application/json
- Status Codes
201 Created – Event correctly created.
204 No Content – No content to create event based on the request.
400 Bad Request – Request not valid.
401 Unauthorized – Authentication failed.
406 Not Acceptable – Request validation failed.
415 Unsupported Media Type – Media type not supported.
422 Unprocessable Entity – Not possible to create ore or more events based on the request.
500 Internal Server Error – Server not available to satisfy the request.
Replace the data with the correct values, for example <event-id> with
alert-attack
.Note
It is possible to add additional data.
If the creation is correctly executed the response is:
HTTP/1.1 201 Created Content-Type: application/json [ { "status": "Created", "code": 201, "error": false, "message": "Event with id=<event-id> correctly created" } ]
Otherwise, if, for example, an event with the given
id
is already found, this is the response:HTTP/1.1 406 Not Acceptable Content-Type: application/json [ { "status": "Not Acceptable", "code": 406, "error": true, "message": "Id already found" } ]
Read¶
To get the list of events:
-
GET
/event/(string: id)
¶ The response includes all the events created.
It is possible to filter the results using the following request body:
GET /event HTTP/1.1 Host: cb-manager.example.com Content-Type: application/json { "select": [ "id" ], "where": { "equals": { "target:" "id", "expr": "<event-id>" } } }
- Parameters
id – optional event id.
- Request Headers
Authorization – HTTP Basic Authentication with username and password.
Content-Type – application/json
- Response Headers
Content-Type – application/json
- Status Codes
200 OK – List of events filtered by the query in the request body.
400 Bad Request – Request not valid.
401 Unauthorized – Authentication failed.
404 Not Found – Event based on the request query not found.
406 Not Acceptable – Request validation failed.
415 Unsupported Media Type – Media type not supported.
422 Unprocessable Entity – Not possible to get events with the request query.
500 Internal Server Error – Server not available to satisfy the request.
In this way, it will be returned only the
id
of the event withid
= “<event-id>”.
Update¶
To update an event, use:
-
PUT
/event/
(string: id)¶ PUT /event HTTP/1.1 Host: cb-manager.example.com Content-Type: application/json { "id": "<event-id>", "source": "<ip-address>" }
- Parameters
id – optional event id.
- Request Headers
Authorization – HTTP Basic Authentication with username and password.
Content-Type – application/json
- Response Headers
Content-Type – application/json
- Status Codes
200 OK – All events correctly updated.
204 No Content – No content to update events based on the request.
304 Not Modified – Update for one or more events not necessary.
400 Bad Request – Request not valid.
401 Unauthorized – Authentication failed.
406 Not Acceptable – Request validation failed.
415 Unsupported Media Type – Media type not supported.
422 Unprocessable Entity – Not possible to update one or more events based on the request.
500 Internal Server Error – Server not available to satisfy the request.
This example add a new field
source
for the event withid
= “<event-id>”.A possible response is:
HTTP/1.1 200 OK Content-Type: application/json [ { "status": "OK", "code": 200, "error": false, "message": "Event with id=<event-id> correctly updated" } ]
Instead, if the are not changes the response is:
HTTP/1.1 304 Not Modified Content-Type: application/json [ { "status": "Not Modified", "code": 304, "error": false, "message": "Update for event with id=<event-id> not necessary" } ]
Delete¶
To delete events, use:
-
DELETE
/event/
(string: id)¶ DELETE /event HTTP/1.1 Host: cb-manager.example.com Content-Type: application/json { "where": { "equals": { "target:" "id", "expr": "<event-id>" } } }
- Parameters
id – optional event id.
- Request Headers
Authorization – HTTP Basic Authentication with username and password.
Content-Type – application/json
- Response Headers
Content-Type – application/json
- Status Codes
205 Reset Content – All events correctly deleted.
400 Bad Request – Request not valid.
401 Unauthorized – Authentication failed.
404 Not Found – Event based on the request query not found.
406 Not Acceptable – Request validation failed.
415 Unsupported Media Type – Media type not supported.
422 Unprocessable Entity – Not possible to delete one or more events based on the request query.
500 Internal Server Error – Server not available to satisfy the request.
This request removes the event with
id
= “<event-id>”.This is a possible response:
HTTP/1.1 205 Reset Content Content-Type: application/json [ { "status": "Reset Content", "code": 200, "error": false, "message": "Event with id=<event-id> correctly deleted" } ]
Caution
Without request body, it removes all the events.