This API endpoint retrieves a list of threats detected by the Suricata engine in the gateways.
Each threat in the returned list includes comprehensive details such as action, application protocol, client MAC address, customer ID, CVE reference, description, destination city, destination country, destination IP, destination port, device IP, device model, device name, device serial number, flow ID, group ID, group name, threat ID, malware family, protocol, severity, signature ID, signature name, site ID, site name, source city, source country, source IP, source port, strategy, timestamp, type, username, and user role. Some fields might be missing if the data is not available, but most fields should be present.
The API supports filtering, sorting, and pagination.
This API requires a mandatory query parameter of start-time (the starting time point for the threats you want in milliseconds) and an optional query parameter of end-time (the ending time point for the threats you want in milliseconds).
The results will contain only the latest 20 threats sorted in descending order of timestamp if no sorting and pagination are applied. Otherwise, it will contain the requested number of threats starting from the given offset, with the default offset value being 0.
Sorting and filtering are not supported for the CVE reference, description, malware family, and signature name fields.
get https://ge1.api.central.arubanetworks.com/network-monitoring/v1alpha1/threats