Request to display alert information

To create a request to display information about Kaspersky Anti Targeted Attack Platform alerts, the HTTP GET method is used. You can create a request by using the cURL command-line utility, for example.

Command syntax

curl --cert <path to the TLS certificate file> --key <path to the private key file> -X GET "<URL of the server with the Central Node component>:<port, 443 by default>/kata/scanner/v1/sensors/<sensorId>/detects?detect_type=<one or more technologies that were used to generate the alert>&limit=<number of alerts in the response to the request>&token=<request ID>"

If the request is processed successfully, you will see a list of alerts generated by Kaspersky Anti Targeted Attack Platform on the server of the external system.

Settings

Parameter

Type

Description

sensorId

String

Unique ID of the external system used for authorization in Kaspersky Anti Targeted Attack Platform.

detect_type

Array

Technology that was used to generate the alert. You can specify a comma-separated list of technologies.

Possible values:

  • am – Anti-Malware Engine
  • sb – Sandbox
  • yara – YARA
  • url_reputation – URL Reputation
  • ids – Intrusion Detection System

If the parameter is not specified, information about all alerts is provided.

limit

Integer

Number of objects for which information is provided in response to the request. Allowed values: integers from 1 to 10,000.

The default value is 1000.

token

String

Request ID. If this parameter is specified, a repeated request does not show alert information that was obtained by prior requests. This helps avoid the duplication of information about the same alerts in case of repeated requests.

If this parameter is not specified, information about all alerts is provided.

Response

HTTP code: 200

Format: JSON

type Response struct {

Detects array `json:"detects"`

Token string `json:"token"`

}

Returned value

Return code

Description

400

Incorrect parameters.

429

Number of requests exceeded.

401

Authorization required.

500

Internal server error. Repeat the request later.

Example of entering a command with switches

curl --cert /root/cert.pem --key /root/server.key -X GET "https://10.10.10.1:443/kata/scanner/v1/sensors/dd11a1ee-a00b-111c-b11a-11001b1f1111/detects?detect_type=am,sb&limit=100&token=7b226f6666736574223a20307d"

Page top