SIEM API Reference

SIEM APIs are Representational State Transfer (REST) and use the HTTP protocol. You can use cURL or a REST client in a browser to send requests and receive responses from a specific Logpoint instance or server.

Logpoint APIs support JSON with UTF-8 encoding. You can forward either a JSON array or a JSON object in a request. The request methods are POST and GET. The output response is always a JSON object.

You can implement custom features using HTTP libraries of programming languages to access the APIs.

Logpoint exposes the following APIs:

Search API

Search API endpoints enable you to search for logs and retrieve search information. You can retrieve information related to user timezone, Logpoint, devices, and repos from the Logpoint servers.

Incident API

Incident API endpoints enable you to perform incident-related actions and retrieve incident information. You can retrieve information like incident id, incident states, incident user name, and incident user groups.

Alert Rule API

Alert Rule APIs enable you to configure alert rules across multiple Logpoints. These APIs also allow you to set up email and HTTP notifications, view repos and distributed Logpoint instances, and access lists.

Mandatory Parameters

For authentication and authorization, two request parameters are mandatory for all API endpoints:

• username: Logpoint username. Your API access depends on your user role in Logpoint.

• secret_key: Access key to uniquely identify an authorized user.

Get the Secret Key / Access Key

• Click the user icon in the navigation bar.

• Click My Preferences. Your access key is displayed in API Access Key.