Raw Records Fetch

Fetch Record

get

Fetches a specific context record per the id supplied in the path.

Note: flow records by ID are currently not available.

Authorizations

AuthorizationstringRequired

Bearer authentication header of the form Bearer <token>.

Path parameters

contextstring · enumRequired

Context of the Fields Request

Possible values:

idstringRequired

The ID of the record to be returned.

Responses

200

An object which contains response metadata information and a data array of records

application/json

400

Bad Request. Typically due to a malformatted JSON body, or parameter values are not validating.

application/json

401

Access token is missing or invalid

application/json

403

Access is forbidden

application/json

default

Unknown Error Occurred

application/json

get

/api/v1/fetch/{context}/{id}

GET /api/v1/fetch/{context}/{id} HTTP/1.1
Host: api.netography.com
Authorization: Bearer YOUR_SECRET_TOKEN
Accept: */*

{
  "meta": {
    "code": 200,
    "count": 1
  },
  "data": [
    {
      "alerttype": "start",
      "algorithm": "knownphisher",
      "categories": [
        "security"
      ],
      "description": "Srcip reputation is a known phisher",
      "dstports": [
        80,
        443
      ],
      "duration": 0,
      "end": 0,
      "flowsrcnames": [
        "myrouter.mydomain"
      ],
      "id": "7da7af39-04f8-49f7-9b20-74d61b100250",
      "ipinfo": [
        {
          "as": {
            "number": 65001,
            "org": "WebHostOrg"
          },
          "bogon": false,
          "count": 1,
          "firstseen": 1618433146,
          "geo": null,
          "ip": "10.0.0.1",
          "iprep": {
            "categories": [
              "Phishing"
            ],
            "count": 1
          },
          "lastseen": 1618433146,
          "pdns": {
            "count": null,
            "records": null
          },
          "rdns": [
            "web01.smarthosten.nl"
          ]
        }
      ],
      "ipinfocount": 2,
      "metrics": {
        "bits": {
          "min": 624,
          "max": 624,
          "avg": 624,
          "sum": 624
        },
        "bitsxrate": {
          "min": 624,
          "max": 624,
          "avg": 624,
          "sum": 624
        },
        "packets": {
          "min": 1,
          "max": 1,
          "avg": 1,
          "sum": 1
        },
        "packetsxrate": {
          "min": 1,
          "max": 1,
          "avg": 1,
          "sum": 1
        }
      },
      "rollupperiod": 300,
      "rulecount": 0,
      "rules": [],
      "search": "((tcpflagsint == 0 && protocol == tcp && srcport != 0 && dstport != 0 && (flowversion == 3 or flowversion == 4)) && flowtype == aws) && (dstip == 10.0.18.65)",
      "severity": "medium",
      "sites": [
        "mysite1"
      ],
      "srcports": [
        36834,
        39954,
        46108
      ],
      "start": 1618246683,
      "summary": "Knownphisher alert has started to dstip 10.0.0.1",
      "tag": "text",
      "tags": [
        "aws",
        "vpc-id:vpc-04db1588169de0100",
        "instance-id:i-0048f0897ae2d8b89",
        "subnet-id:subnet-01a3ecfbad0f2bc59",
        "instance-id:i-0458e0d3d24637924",
        "subnet-id:subnet-00a17206163ae6f9a"
      ],
      "threshold": "count(track_by) >= 1",
      "timestamp": 1618246748,
      "track": "srcip 192.168.1.1",
      "track_by": [
        "srcip",
        "dstip"
      ],
      "updateinterval": 300
    }
  ]
}

PreviousRaw Records Search NextBlock List

Last updated 8 hours ago

Good evening

Fetch Record