API commands
available for version 9.5.2:
<?xml version="1.0"
encoding="UTF-8" standalone="yes" ?>
- <esmCommandList
xmlns="http://mcafee.com/siem/api/v3">
- <esmCommand
name="alarmAcknowledgeTriggeredAlarm">
<description>Mark a triggered alarm as
acknowledged</description>
</esmCommand>
- <esmCommand
name="alarmDeleteTriggeredAlarm">
<description>Delete a triggered
alarm</description>
</esmCommand>
- <esmCommand
name="alarmGetTriggeredAlarms">
<description>Retrieves a list of all
alarms that have been triggered, if no user specified, the current user will be
used.</description>
</esmCommand>
- <esmCommand
name="alarmGetTriggeredAlarmsPaged">
<description>Retrieves a paged list of
alarms that have been triggered, if no user specified, the current user will be
used.</description>
</esmCommand>
- <esmCommand
name="alarmGetUnacknowledgedTriggeredAlarms">
<description>Retrieves a list of alarms
that have been triggered and have not been acknowledged</description>
</esmCommand>
- <esmCommand
name="alarmUnacknowledgeTriggeredAlarm">
<description>Mark a triggered alarm as
unacknowledged</description>
</esmCommand>
- <esmCommand
name="caseAddCase">
<description>Add a case to the
system.</description>
</esmCommand>
- <esmCommand
name="caseEditCase">
<description>Edit an existing
case.</description>
</esmCommand>
- <esmCommand
name="caseGetCaseDetail">
<description>Get detail on an existing
case.</description>
</esmCommand>
- <esmCommand
name="caseGetCaseList">
<description>Get a list of cases from
the system</description>
</esmCommand>
- <esmCommand
name="caseGetCaseStatusList">
<description>Get a list of valid case
statuses from the system</description>
</esmCommand>
- <esmCommand
name="devGetDeviceList">
<description>Get a list of all devices
defined in the system.</description>
</esmCommand>
- <esmCommand
name="dsAddDataSource">
<description>Add a data
source.</description>
</esmCommand>
- <esmCommand
name="dsAddDataSourceList">
<description>Add a list of data
sources.</description>
</esmCommand>
- <esmCommand
name="dsDeleteDataSource">
<description>Delete a data
source.</description>
</esmCommand>
- <esmCommand
name="dsEditDataSource">
<description>Edit a data source's
properties.</description>
</esmCommand>
- <esmCommand
name="dsGetDataSourceDetail">
<description>Get the details for a
specifc data sources.</description>
</esmCommand>
- <esmCommand
name="dsGetDataSourceList">
<description>Get a list of defined data
sources.</description>
</esmCommand>
- <esmCommand
name="dsGetDataSourceTypes">
<description>Get all data source
types.</description>
</esmCommand>
- <esmCommand
name="dsGetUserDefinedDataSources">
<description>Get user defined data
sources.</description>
</esmCommand>
- <esmCommand
name="dsSetUserDefinedDataSources">
<description>Set user defined data
sources.</description>
</esmCommand>
- <esmCommand
name="essmgtESSReboot">
<description>Reboots the ESM
Device</description>
</esmCommand>
- <esmCommand
name="essmgtESSRestart">
<description>Restarts the services on
the ESM Device</description>
</esmCommand>
- <esmCommand
name="essmgtGetESSTime">
<description>Get the system time of the
ESM Device</description>
</esmCommand>
- <esmCommand
name="geoGetGeoLocRegionList">
<description>Get the top level geo
locations</description>
</esmCommand>
- <esmCommand
name="geoGetGeoLocs">
<description>Get geo locations within
the given location</description>
</esmCommand>
- <esmCommand
name="getActiveResponseCollectors">
<description>Get a list of Active
Response Collectors</description>
</esmCommand>
- <esmCommand
name="getVersion">
<description>Get the version
information for this ESM</description>
</esmCommand>
- <esmCommand
name="grpGetDeviceTree">
<description>Gets the basic device tree
structure with only basic properties loaded. Each entry in the returned list is
a root node in the tree.</description>
</esmCommand>
- <esmCommand
name="grpGetDeviceTreeEx">
<description>This version of the call
returns more detail per device than getDeviceList, wrapped in an esmDeviceList
object.</description>
</esmCommand>
- <esmCommand
name="plcyGetPolicyList">
<description>Get the list of all
policies defined in the ESM.</description>
</esmCommand>
- <esmCommand
name="plcyGetVariableList">
<description>Get all variables defined
in the system</description>
</esmCommand>
- <esmCommand
name="qryClose">
<description>Closes the query results,
must be called after a query's results have been processed. If no exception is
thrown, the close operation completed normally.</description>
</esmCommand>
- <esmCommand
name="qryExecuteDetail">
<description>Execute a standard detail
(non-grouped) query.</description>
</esmCommand>
- <esmCommand
name="qryExecuteGrouped">
<description>Execute a grouped query on
a field.</description>
</esmCommand>
- <esmCommand
name="qryGetCorrEventDataForID">
<description>Get the source events and
flows for a given correlated event ID</description>
</esmCommand>
- <esmCommand
name="qryGetFilterFields">
<description>Get all fields that can be
used in query filters, with type information for each
field.</description>
</esmCommand>
- <esmCommand
name="qryGetResults">
<description>Get the results for a
query.</description>
</esmCommand>
- <esmCommand
name="qryGetSelectFields">
<description>Get the fields available
for selecting in queries. The groupType can be used to filter the fields to
only ones that can be used to group results in a particular way. For example,
if you want all fields that can be grouped to count the number of events per
group, the groupType should be COUNT. If not provided, it is equivalent to
passing NO_GROUP which returns all available select fields regardless of
whether they can be used in grouped queries. This is useful for getting
available fields for detail queries. (qryExecuteDetail)</description>
</esmCommand>
- <esmCommand
name="qryGetStatus">
<description>Get the status for a query
that has been executed.</description>
</esmCommand>
- <esmCommand
name="runActiveResponseSearch">
<description>Execute a ActiveResponse
search and return the results</description>
</esmCommand>
- <esmCommand
name="sysAddWatchlist">
<description>Add a watchlist to the
system.</description>
</esmCommand>
- <esmCommand
name="sysAddWatchlistValues">
<description>Add values to a watchlist.
This call is not supported for hidden watchlists, for example
GTI.</description>
</esmCommand>
- <esmCommand
name="sysEditWatchlist">
<description>Edit properties of a
watchlist. (Watchlist Type will not be modified) This call is not supported for
hidden watchlists, for example GTI.</description>
</esmCommand>
- <esmCommand
name="sysGetWatchlistDetails">
<description>Get detailed information
about a watchlist.</description>
</esmCommand>
- <esmCommand
name="sysGetWatchlistFields">
<description>Get watchlist
fields/types.</description>
</esmCommand>
- <esmCommand
name="sysGetWatchlists">
<description>Return basic information
on all watchlists in the system</description>
</esmCommand>
- <esmCommand
name="sysGetWatchlistValues">
<description>Read the content of a
watchlist value file. Note that the EsmFileData object will contain information
on how many bytes were read, as well as the total size of the file. The size of
the data returned may be less than count, depending on the amount of file data
available. Note that the watchlist file property on EsmWatchlistDetails is used
as a parameter to this call. The file will contain the values as they existed
when the call to sysGetWatchlistDetails was made. If subsequent changes were
made to the watchlist after getting the details, another EsmWatchlistDetails
object should be obtained by calling sysGetWatchlistDetails before using its
EsmWatchlistFile object to retrieve the updated list of watchlist values. This
call is not supported for hidden watchlists, for example
GTI.</description>
</esmCommand>
- <esmCommand
name="sysRemoveWatchlist">
<description>Remove a watchlist from
the system. This call is not supported for hidden watchlists, for example
GTI.</description>
</esmCommand>
- <esmCommand
name="sysRemoveWatchlistValues">
<description>Remove values from a
watchlist. This call is not supported for hidden watchlists, for example
GTI.</description>
</esmCommand>
- <esmCommand
name="userAddAccessGroup">
<description>Add an access
group</description>
</esmCommand>
- <esmCommand
name="userAddUser">
<description>Add a user to the
system.</description>
</esmCommand>
- <esmCommand
name="userDeleteAccessGroup">
<description>Delete an access
group.</description>
</esmCommand>
- <esmCommand
name="userDeleteUser">
<description>Delete a user from the
system.</description>
</esmCommand>
- <esmCommand
name="userEditAccessGroup">
<description>Edit properties of an
access group.</description>
</esmCommand>
- <esmCommand
name="userEditUser">
<description>Used by the master user to
update information about another user.</description>
</esmCommand>
- <esmCommand
name="userGetAccessGroupDetail">
<description>Get extended information
about an access group.</description>
</esmCommand>
- <esmCommand
name="userGetAccessGroupList">
<description>Get all user access groups
defined in the system.</description>
</esmCommand>
- <esmCommand
name="userGetRightsList">
<description>Get all rights defined in
the system.</description>
</esmCommand>
- <esmCommand
name="userGetTimeZones">
<description>Get a list of timezones
this system recognizes</description>
</esmCommand>
- <esmCommand
name="userGetUserList">
<description>Get a list of all
users.</description>
</esmCommand>
- <esmCommand
name="userGetUserRights">
<description>Get all rights defined for
the current user.</description>
</esmCommand>
- <esmCommand
name="userLogin">
<description>Log into the SIEM with the
given username and password.</description>
</esmCommand>
- <esmCommand
name="userLogout">
<description>Log the user out of their
SIEM session</description>
</esmCommand>
- <esmCommand
name="zoneAddSubZone">
<description>Add a new subzone under a
zone</description>
</esmCommand>
- <esmCommand
name="zoneAddZone">
<description>Create a new
zone.</description>
</esmCommand>
- <esmCommand
name="zoneDeleteSubZone">
<description>Delete the sub
zone</description>
</esmCommand>
- <esmCommand
name="zoneDeleteZone">
<description>Delete the
zone</description>
</esmCommand>
- <esmCommand
name="zoneEditSubZone">
<description>Edit the given sub zone.
Note that ID must be set to an existing sub zone for this to work properly. The
ID value will be set if the zone was gotten from
zoneGetSubZone().</description>
</esmCommand>
- <esmCommand
name="zoneEditZone">
<description>Edit the given zone. Note
that ID must be set to an existing zone for this to work properly. The ID value
will be set if the zone was gotten from zoneGetZone().</description>
</esmCommand>
- <esmCommand
name="zoneGetSubZone">
<description>Get detailed information
on a sub zone</description>
</esmCommand>
- <esmCommand
name="zoneGetZone">
<description>Get extended detail on a
zone.</description>
</esmCommand>
- <esmCommand
name="zoneGetZoneTree">
<description>Get the full tree of zones
defined in the ESM.</description>
</esmCommand>
</esmCommandList>
No comments:
Post a Comment