Security Event Scroll Query.

GET

/api/data/namespaces/{namespace}/app_security/events/scroll

curl --request GET \
  --url https://example-corp.console.ves.volterra.io/api/v1/api/production/us-east-1/namespaces/default/api/data/namespaces/example/app_security/events/scroll \
  --header 'Authorization: <Authorization>'

• F5 Distributed Cloud Console

Scroll request is used to fetch large number of security events in multiple batches with each SecurityEventResponse containing no more than 500 messages. To scroll through more than 500 or all messages, one can use the SecurityEventScrollRequest. Use the scroll_id returned in the SecurityEventResponse to fetch the next batch of security events and one can continue this process till the scroll_id returned is "" which indicates no more events to scroll.

Examples of this operation.

Authorizations

• ApiToken

Parameters

Path Parameters

namespace

required

string

Namespace fetch the WAF security events scoped by namespace.

Query Parameters

scroll_id

string

Long Base-64 encoded string which can be used to retrieve next batch of security events.

Responses

200

A successful response.

Media typeapplication/json

Security Events Response

Response message for SecurityEventsRequest/SecurityEventsScrollRequest.

object

aggs

aggregations

Aggregations provide summary/analytics data over the security events response. If the number of security events that matched the query is large and cannot be returned in a single response message, user can GET helpful insights/summary using aggregations.

object

events

events

List of security events that matched the query. Contains no more than 500 messages.

Array<string>

scroll_id

scroll id

Long Base-64 encoded string which can be used to retrieve the next batch of security events using the scroll request. Empty scroll_id indicates no more messages to scroll (EOF). Note: scroll_id is valid only for 2 minutes. I.e., If one intend to retrieve next batch of the result, then the scroll request should be sent within 2 minutes upon receiving the SecurityEventsResponse.

string

<= 1024 characters

total_hits

total hits

Total number of security events that matched the query.

string format: uint64

<= 1024 characters

last_sort_values

object

last_doc_id

last_doc_id

This is a unique UUID generated by elastic search.

string

<= 1024 characters

last_timestamp

last timestamp

Configuration parameter for last timestamp

number format: double

Example^generated

{
  "aggs": {},
  "events": [
    "example"
  ],
  "scroll_id": "example",
  "total_hits": "example",
  "last_sort_values": {
    "last_doc_id": "example",
    "last_timestamp": 1
  }
}

401

Returned when operation is not authorized.

Media typeapplication/json

string format: string

Example^generated

example

403

Returned when there is no permission to access resource.

Media typeapplication/json

string format: string

Example^generated

example

404

Returned when resource is not found.

Media typeapplication/json

string format: string

Example^generated

example

409

Returned when operation on resource is conflicting with current value.

Media typeapplication/json

string format: string

Example^generated

example

429

Returned when operation has been rejected as it is happening too frequently.

Media typeapplication/json

string format: string

Example^generated

example

500

Returned when server encountered an error in processing API.

Media typeapplication/json

string format: string

Example^generated

example

503

Returned when service is unavailable temporarily.

Media typeapplication/json

string format: string

Example^generated

example

504

Returned when server timed out processing request.

Media typeapplication/json

string format: string

Example^generated

example