Skip to content
API Enriched

Security Incidents Scroll Query.

POST
/api/data/namespaces/{namespace}/app_security/incidents/scroll
curl --request POST \
  --url https://example-corp.console.ves.volterra.io/api/v1/api/production/us-east-1/namespaces/default/api/data/namespaces/example/app_security/incidents/scroll \
  --header 'Authorization: <Authorization>' \
  --header 'Content-Type: application/json' \
  --data '{ "namespace": "example", "scroll_id": "example" }'

Scroll request is used to fetch large number of security incidents in multiple batches with each SecurityIncidentsResponse containing no more than 500 messages. To scroll through more than 500 or all messages, one can use the SecurityIncidentsScrollRequest. Use the scroll_id returned in the SecurityIncidentsResponse to fetch the next batch of security incidents and one can continue this process till the scroll_id returned is "" which indicates no more events to scroll.

Examples of this operation.

Authorizations

Section titled “Authorizations”

Parameters

Section titled “Parameters”

Path Parameters

Section titled “Path Parameters”
namespace
required
string

Namespace Fetch security incidents for a given namespace.

Request Bodyrequired

Section titled “Request Bodyrequired”
Media typeapplication/json
Security Incidents Scroll Request

Scroll request is used to fetch large number of security incidents in multiple batches with each SecurityIncidentsResponse containing no more than 500 messages. To scroll through more than 500 or all security incidents, one can use the SecurityIncidentsScrollRequest. Use the scroll_id returned in the SecurityIncidentsResponse to fetch the next batch of security events and one can continue this process till the scroll_id returned is "" which indicates no more messages to scroll.

object
namespace
namespace

Fetch security incidents for a given namespace.

string
>= 6 characters <= 1024 characters
scroll_id
scroll id

Long Base-64 encoded string which can be used to retrieve next batch of security events.

string
<= 1024 characters
Examplegenerated
{
  "namespace": "example",
  "scroll_id": "example"
}

Responses

Section titled “Responses”

200

Section titled “200”

A successful response.

Media typeapplication/json
Security Incidents Response

Response message for SecurityIncidentsRequest/SecurityIncidentsScrollRequest.

object
aggs
aggregations

Aggregations provide summary/analytics data over the security incidents response. If the number of security incidents that matched the query is large and cannot be returned in a single response message, user can GET helpful insights/summary using aggregations.

object
incidents
incidents

List of security incidents that matched the query. Contains no more than 500 messages.

Array<string>
scroll_id
scroll id

Long Base-64 encoded string which can be used to retrieve the next batch of security incidents using the scroll request. Empty scroll_id indicates no more messages to scroll (EOF). Note: scroll_id is valid only for 2 minutes. I.e., If one intend to retrieve next batch of the result, then the scroll request should be sent within 2 minutes upon receiving the SecurityIncidentsResponse.

string
<= 1024 characters
total_hits
total hits

Total number of security events that matched the query.

string format: uint64
<= 1024 characters
last_sort_values
object
last_doc_id
last_doc_id

This is a unique UUID generated by elastic search.

string
<= 1024 characters
last_timestamp
last timestamp

Configuration parameter for last timestamp

number format: double
Examplegenerated
{
  "aggs": {},
  "incidents": [
    "example"
  ],
  "scroll_id": "example",
  "total_hits": "example",
  "last_sort_values": {
    "last_doc_id": "example",
    "last_timestamp": 1
  }
}

401

Section titled “401”

Returned when operation is not authorized.

Media typeapplication/json
string format: string
Examplegenerated
example

403

Section titled “403”

Returned when there is no permission to access resource.

Media typeapplication/json
string format: string
Examplegenerated
example

404

Section titled “404”

Returned when resource is not found.

Media typeapplication/json
string format: string
Examplegenerated
example

409

Section titled “409”

Returned when operation on resource is conflicting with current value.

Media typeapplication/json
string format: string
Examplegenerated
example

429

Section titled “429”

Returned when operation has been rejected as it is happening too frequently.

Media typeapplication/json
string format: string
Examplegenerated
example

500

Section titled “500”

Returned when server encountered an error in processing API.

Media typeapplication/json
string format: string
Examplegenerated
example

503

Section titled “503”

Returned when service is unavailable temporarily.

Media typeapplication/json
string format: string
Examplegenerated
example

504

Section titled “504”

Returned when server timed out processing request.

Media typeapplication/json
string format: string
Examplegenerated
example