Last Updated: 7/4/2021 12:14:51 PM
You can use GET /SMPI/service/rmx/api/siem/syslog/soc_events to retrieve the SOC events of all your customers in syslog format.
method = "GET" request_uri = "/SMPI/service/rmx/api/siem/syslog/soc_events?start_time=%d&end_time=%d" % (1611289300, 1611290000) res_status, res_data = send_request(method, request_uri) print "Response status: %s", res_status print "Response data: \n%s", res_data res_data = json.loads(res_data) print "SOC Events: %s", res_data
If successful, the response data will show as:
Response status: 200
Response data:
{ "paging": { "total": 1, "page": 1, "limit": 100 }, "details": [ { "vendor": "Trend Micro", "product": "WFBS-SVC-AC", "event_id": "45D0F5FD-8F3A-489E-B415-B977B6E430E1_27085", "timestamp": 1611289498, "rule": "Test_Email", "device_name": "john_172_16_0_1", "device_id": "d4b4e57c96dfe844a3a1812f1451fc8d", "host": "-", "company_name": "yune_CO_EDR_Endpoint_Email", "event_link": "https://rm-stg-nabu.trendmicro.com/?TenantID=v4yqW&continue=%23/threat_investigation/noteworthy/eventID%3D45D0F5FD-8F3A-489E-B415-B977B6E430E1_27085", "signature_id": 10000, "object_count": 3 } ]}