swagger: '2.0' info: title: LogRhythm NetMon API version: v1 description: NetMon REST API communicates over HTTPS using JSON. The available routes and methods can be used to get session information, general appliance information, capture configurations, as well as download PCAPs and reconstructed file attachments. API requests will be done on behalf of an API account, identified by the API key passed in with each request. **The base URL (/api) should be prefixed to each API path below.** host: localhost:3000 schemes: - https basePath: "/api" produces: - application/json securityDefinitions: basicAuth: type: basic description: API requests are authenticated using HTTP Basic Authorization. The username is the same username used when logging into NetMon. The password is the API key assigned to that user, which can be found in the API Key panel that appears at the top of the User tab under the Configuration top navigation option. Certain routes may be restricted to the admin user. paths: "/applications": get: operationId: getApplications summary: Returns the list of applications classified by NetMon. security: - basicAuth: [] description: Returns the list of applications classified by NetMon. responses: 200: description: List of applications classified by NetMon. schema: $ref: '#/definitions/ApplicationList' default: description: In case of an error, an error payload containing error code, name, and description is returned. schema: $ref: '#/definitions/ErrorObject' "/configuration/ntp": get: operationId: getNTPConfig summary: Returns the primary and secondary NTP server configuration. security: - basicAuth: [] description: Returns the primary and secondary NTP server configuration. responses: 200: description: The primary and secondary NTP server configuration. schema: $ref: '#/definitions/NTPConfiguration' default: description: In case of an error, an error payload containing error code, name, and description is returned. schema: $ref: '#/definitions/ErrorObject' put: operationId: setNTPConfig summary: Sets the primary and secondary NTP server configuration. security: - basicAuth: [] description: Sets the primary and secondary NTP server configuration. **A restart of the NetMon services IS required.** parameters: - name: NTP Configuration in: body description: The primary and secondary NTP server configuration. required: true schema: $ref: "#/definitions/NTPConfiguration" responses: 200: description: The primary and secondary NTP server configuration is returned. schema: $ref: "#/definitions/NTPConfiguration" default: description: In case of an error, an error payload containing error code, name, and description is returned. schema: $ref: '#/definitions/ErrorObject' "/dpaRules/actions/upload": post: operationId: uploadDPARule consumes: - multipart/form-data summary: Uploads a DPA Rule in lrl format. description: Uploads a DPA Rule in lrl format. **The /api/dpaRules/reload route needs to be called in order for processing threads to run the latest set of DPA Rules.** security: - basicAuth: [] parameters: - name: file in: formData description: .lrl file to upload. required: true type: file responses: 200: description: Message indicating that the upload completed successfully. schema: $ref: '#/definitions/UploadResponse' default: description: In case of an error, an error payload containing the error code, name, and description is returned. schema: $ref: '#/definitions/ErrorObject' "/dpaRules/custom": delete: operationId: deleteCustomRules summary: Remove all Custom DPA Rules. This operation cannot be undone. security: - basicAuth: [] description: Remove all Custom DPA Rules. This operation cannot be undone. **The /api/dpaRules/reload route needs to be called in order for processing threads to run the latest set of DPA Rules.** responses: '200': description: An empty response. default: description: In case of an error, an error payload containing error code, name, and description is returned. schema: $ref: '#/definitions/ErrorObject' get: operationId: getCustomRules summary: Retrieve metadata for all Custom DPA Rules. security: - basicAuth: [] description: Retrieve metadata for all Custom DPA Rules. responses: 200: description: An array of all Custom DPA Rules and their associated metadata. schema: $ref: '#/definitions/DpaRulesResponse' default: description: In case of an error, an error payload containing error code, name, and description is returned. schema: $ref: '#/definitions/ErrorObject' post: operationId: updateCustomRules summary: Create or update one or more Custom DPA Rules. security: - basicAuth: [] description: Create or update one or more Custom DPA Rules. If the rule name provided already exists as a Custom DPA Rule, it will be updated. If the rule name provided does not exist as a Custom DPA Rule, it will be created. **The /api/dpaRules/reload route needs to be called in order for processing threads to run the latest set of DPA Rules.** parameters: - name: UpdateCustomRules in: body description: Array of Custom DPA Rules to add or update. required: true schema: $ref: "#/definitions/CustomDpaRuleRequest" responses: 200: description: An array of all Custom DPA Rules and their associated metadata. schema: $ref: '#/definitions/DpaRulesResponse' default: description: In case of an error, an error payload containing error code, name, and description is returned. schema: $ref: '#/definitions/ErrorObject' "/dpaRules/custom/bulk": delete: operationId: bulkDeleteCustomRules summary: Delete one or more Custom DPA Rules. This operation cannot be undone. security: - basicAuth: [] description: Delete one or more Custom DPA Rules. This operation cannot be undone. **The /api/dpaRules/reload route needs to be called in order for processing threads to run the latest set of DPA Rules.** parameters: - name: BulkDeleteCustomRuleNames in: body description: An array of Custom DPA Rule names to delete. required: true schema: $ref: "#/definitions/BulkDeleteCustomRuleNames" responses: 200: description: An array of all Custom DPA Rules and their associated metadata. schema: $ref: '#/definitions/DpaRulesResponse' default: description: In case of an error, an error payload containing error code, name, and description is returned. schema: $ref: '#/definitions/ErrorObject' "/dpaRules/custom/{ruleName}": delete: operationId: deleteCustomRule summary: Delete the Custom DPA Rule with the given rule name. This operation cannot be undone. security: - basicAuth: [] parameters: - $ref: "#/parameters/ruleName" description: Delete the Custom DPA Rule with the given rule name. This operation cannot be undone. **The /api/dpaRules/reload route needs to be called in order for processing threads to run the latest set of DPA Rules.** responses: 200: description: An array of all Custom DPA Rules and their associated metadata. schema: $ref: '#/definitions/DpaRulesResponse' default: description: In case of an error, an error payload containing error code, name, and description is returned. schema: $ref: '#/definitions/ErrorObject' "/dpaRules/reload": put: operationId: reloadDpaRules description: Notify NetMon processing threads to reload DPA Rules. **ProbeReader and ProbeLogger processes must be active.** summary: Reload DPA Rules. responses: 200: description: Message indicating that the reload was successful. schema: $ref: '#/definitions/CommandResponse' default: description: In case of an error, an error payload containing the error code, name, and description is returned. schema: $ref: '#/definitions/ErrorObject' "/dpaRules/system": get: operationId: getSystemRules summary: Retrieve metadata for all System DPA Rules. security: - basicAuth: [] description: Retrieve metadata for all System DPA Rules. responses: 200: description: An array of all System DPA Rules and their associated metadata. schema: $ref: '#/definitions/DpaRulesResponse' default: description: In case of an error, an error payload containing error code, name, and description is returned. schema: $ref: '#/definitions/ErrorObject' post: operationId: updateSystemRules summary: Enable or disable a System DPA Rule. security: - basicAuth: [] description: Enable or disable a System DPA Rule. **The /api/dpaRules/reload route needs to be called in order for processing threads to run the latest set of DPA Rules.** parameters: - name: UpdateSystemRulesState in: body description: Array of names and new enabled states of System DPA Rules. required: true schema: $ref: "#/definitions/SystemRulesState" responses: 200: description: An array of all System DPA Rules and their associated metadata. schema: $ref: "#/definitions/DpaRulesResponse" default: description: In case of an error, an error payload containing error code, name, and description is returned. schema: $ref: '#/definitions/ErrorObject' "/dpaRules/{ruleName}/actions/download": get: operationId: getLrlRule produces: - "application/octet-stream" security: - basicAuth: [] description: Download the LRL file associated with this DPA rule. summary: Download the LRL file associated with this DPA rule. parameters: - $ref: "#/parameters/ruleName" responses: '200': description: The LRL file associated with this DPA rule will be downloaded. schema: type: file default: description: In case of an error, an error payload containing error code, name, and description is returned. schema: $ref: '#/definitions/ErrorObject' "/eula/actions/download": get: operationId: downloadEula produces: - "text/plain" security: - basicAuth: [] description: Download the NetMon End User License Agreement. summary: Download the NetMon End User License Agreement. responses: '200': description: A text file containing the End User License Agreement. schema: type: file default: description: In case of an error, an error payload containing error code, name, and description is returned. schema: $ref: '#/definitions/ErrorObject' "/indices/metadata": get: operationId: getMetadataIndices summary: Returns all metadata indices for NetMon. security: - basicAuth: [] description: Returns all metadata indices for NetMon. responses: 200: description: An array of all metadata indices is returned. schema: $ref: '#/definitions/MetadataIndices' default: description: In case of an error, an error payload containing error code, name, and description is returned. schema: $ref: '#/definitions/ErrorObject' "/indices/metadata/{index}": delete: operationId: deleteMetadataIndex summary: Deletes the metadata index using the provided index. This operation cannot be undone. This route is admin-only. security: - basicAuth: [] parameters: - $ref: "#/parameters/index" description: Deletes the metadata index using the provided index. This operation cannot be undone. This route is admin-only. responses: 200: description: An array of all remaining metadata indices is returned. schema: $ref: '#/definitions/MetadataIndices' default: description: In case of an error, an error payload containing error code, name, and description is returned. schema: $ref: '#/definitions/ErrorObject' "/indices/upgrade": get: operationId: getUpgradeIndices summary: Returns all indices for NetMon's upgrade history. security: - basicAuth: [] description: Returns all indices for NetMon's upgrade history. responses: 200: description: All upgrade indices are returned. schema: $ref: '#/definitions/UpgradeIndices' default: description: In case of an error, an error payload containing error code, name, and description is returned. schema: $ref: '#/definitions/ErrorObject' "/licenses": get: operationId: getNetmonLicense summary: Returns NetMon license information. security: - basicAuth: [] description: Returns NetMon license information. responses: 200: description: A listing of NetMon license information. schema: $ref: '#/definitions/LicenseInformation' default: description: In case of an error, an error payload containing error code, name, and description is returned. schema: $ref: '#/definitions/ErrorObject' post: operationId: licenseNetmon consumes: - multipart/form-data parameters: - name: file in: formData description: .lic license file to install. required: false type: file description: License NetMon with an .lic file, or install Freemium by leaving the request body empty. A reboot is required for license changes to take effect. summary: Uploads and installs an enterprise or Freemium license. Reboot required. responses: 200: description: Message indicating if license was installed successfully. schema: $ref: '#/definitions/CommandResponse' default: description: In case of an error, an error payload containing the error code, name, and description is returned. schema: $ref: '#/definitions/ErrorObject' "/login": post: operationId: postLogin summary: Validate Login Credentials. description: Authenticate the user with the provided username and password. parameters: - name: loginCredentials in: body description: Username and Password. required: true schema: $ref: "#/definitions/LoginCredentials" responses: 200: description: JWT used by the browser, and the user's API key. schema: $ref: "#/definitions/LoginResponse" default: description: In case of an error, an error payload containing error code, name, and description is returned. schema: $ref: '#/definitions/ErrorObject' "/logs/{logName}/actions/download": get: operationId: downloadLog produces: - "text/plain" security: - basicAuth: [] description: Download the specified NetMon log. summary: Download the specified NetMon log. parameters: - $ref: "#/parameters/logName" responses: '200': description: A text file containing the specified log is downloaded. schema: type: file default: description: In case of an error, an error payload containing error code, name, and description is returned. schema: $ref: '#/definitions/ErrorObject' "/me": get: operationId: getMe summary: Retrieves details for the current user. security: - basicAuth: [] description: Retrieves details for the current user. responses: 200: description: Details for the current user. schema: $ref: '#/definitions/DetailedUserResponse' default: description: In case of an error, an error payload containing error code, name, and description is returned. schema: $ref: '#/definitions/ErrorObject' put: operationId: putMe summary: Updates details for the current user. security: - basicAuth: [] description: Updates details for the current user. parameters: - name: userDetails in: body required: true description: User details. schema: $ref: "#/definitions/UserDetails" responses: 200: description: Details for the current user. schema: $ref: '#/definitions/DetailedUserResponse' default: description: In case of an error, an error payload containing error code, name, and description is returned. schema: $ref: '#/definitions/ErrorObject' "/me/actions/changePassword": post: operationId: changePassword summary: Change Current User's Password security: - basicAuth: [] description: Change the password of the current user with the provided new password information. parameters: - name: ChangePasswordInfo in: body description: Current Password, New Password, and Verify New Password. required: true schema: $ref: "#/definitions/ChangePasswordInfo" responses: 200: description: A message indicating a successful password change. schema: $ref: "#/definitions/CommandResponse" "/me/actions/resetApiKey": post: operationId: resetApiKey security: - basicAuth: [] description: Resets the current user's API key. summary: Resets the current user's API key. responses: 200: description: The new API key. schema: $ref: '#/definitions/ApiKeyResponse' default: description: In case of an error, an error payload containing error code, name, and description is returned. schema: $ref: '#/definitions/ErrorObject' "/network/hostname": get: operationId: getHostName summary: Returns the hostname of the NetMon appliance. security: - basicAuth: [] description: Returns the hostname of the NetMon appliance. responses: 200: description: Response object containing the hostname of this NetMon appliance. schema: $ref: '#/definitions/NetworkHostInfo' default: description: In case of an error, an error payload containing error code, name, and description is returned. schema: $ref: '#/definitions/ErrorObject' put: operationId: setHostName summary: Sets the hostname of the NetMon appliance. Returns the new hostname if successful. security: - basicAuth: [] description: Sets the hostname of the NetMon appliance. **A reboot of the NetMon device IS required.** parameters: - name: hostname in: body description: The hostname to set for the NetMon. required: true schema: type: string minLength: 1 maxLength: 63 items: $ref: '#/definitions/ErrorObject' responses: 200: description: The hostname of the NetMon is returned. schema: $ref: '#/definitions/NetworkHostInfo' default: description: In case of an error, an error payload containing error code, name, and description is returned. schema: $ref: '#/definitions/ErrorObject' "/pcap/actions/download": post: operationId: downloadPcaps produces: - "application/x-7z-compressed" security: - basicAuth: [] summary: Download multiple PCAPs at one time. description: Download multiple PCAPs at one time. The is route is equivalent to the deprecated endpoint "/pcap/action/download", which may be removed in the future. parameters: - name: downloadPcaps in: body description: Includes a list of sessions to download the pcaps. required: true schema: $ref: "#/definitions/SessionList" responses: '200': description: A zip file containing the PCAPs associated with the provided session ids will be returned. schema: type: file default: description: In case of an error, an error payload containing error code, name, and description is returned. schema: $ref: '#/definitions/ErrorObject' "/pcap/actions/upload": post: operationId: uploadPcap consumes: - multipart/form-data summary: Uploads a PCAP for replay. security: - basicAuth: [] description: Uploads a PCAP for replay. parameters: - name: file in: formData description: PCAP file to upload. required: true type: file responses: 200: description: Message indicating that the upload completed successfully. schema: $ref: '#/definitions/CommandResponse' default: description: In case of an error, an error payload containing error code, name, and description is returned. schema: $ref: '#/definitions/ErrorObject' "/queryRules": get: operationId: getAllQueryRules summary: Returns the list of Query Rules. security: - basicAuth: [] description: Returns the list of Query Rules. responses: 200: description: List of all Query Rules on the system. schema: type: array minLength: 1 maxLength: 100 items: $ref: "#/definitions/QueryRule" default: description: In case of an error, an error payload containing error code, name, and description is returned. schema: $ref: '#/definitions/ErrorObject' put: operationId: setQueryRules summary: Set Query Rules. security: - basicAuth: [] description: Set NetMon Query Rules to the list of rules provided. **A restart of NetMon services is NOT required. Changes will take effect immediately.** parameters: - name: queryRuleArray in: body description: A list of Query Rules to add to NetMon. required: true schema: type: array minLength: 1 maxLength: 100 items: $ref: "#/definitions/QueryRule" responses: 200: description: A list of all Query Rules in NetMon is returned. schema: type: array items: $ref: "#/definitions/QueryRule" default: description: In case of an error, an error payload containing error code, name, and description is returned. schema: $ref: '#/definitions/ErrorObject' delete: operationId: deleteAllQueryRules summary: Removes all Query Rules. security: - basicAuth: [] description: Removes all Query Rules. responses: 200: description: An empty list is returned, because all query rules have been removed. schema: type: array minLength: 1 maxLength: 100 items: $ref: "#/definitions/QueryRule" default: description: In case of an error, an error payload containing error code, name, and description is returned. schema: $ref: '#/definitions/ErrorObject' "/queryRules/{queryRuleId}": get: operationId: getIndividualQueryRule summary: Returns the specified Query Rule. security: - basicAuth: [] description: Returns the specified Query Rule. parameters: - $ref: "#/parameters/queryRuleId" responses: 200: description: An object containing the requested query rule and its metadata. schema: $ref: "#/definitions/QueryRule" default: description: In case of an error, an error payload containing error code, name, and description is returned. schema: $ref: '#/definitions/ErrorObject' put: operationId: addIndividualQueryRule summary: Add a single Query Rule. security: - basicAuth: [] description: Create or update a single NetMon Query Rule based on the query rule's ID. **A restart of NetMon services is NOT required. Changes will take effect immediately.** parameters: - $ref: "#/parameters/queryRuleId" - name: queryRule in: body required: true description: Query Rule to add. schema: $ref: "#/definitions/QueryRule" responses: 200: description: A list of all Query Rules in NetMon is returned. schema: type: array items: $ref: "#/definitions/QueryRule" default: description: In case of an error, an error payload containing error code, name, and description is returned. schema: $ref: '#/definitions/ErrorObject' delete: operationId: deleteIndividualQueryRule summary: Removes the specified Query Rule. security: - basicAuth: [] description: Removes the specified Query Rule. parameters: - $ref: "#/parameters/queryRuleId" responses: 200: description: A list of all remaining Query Rules is returned. schema: type: array items: $ref: "#/definitions/QueryRule" default: description: In case of an error, an error payload containing error code, name, and description is returned. schema: $ref: '#/definitions/ErrorObject' "/search": post: operationId: search summary: Allows direct queries into ElasticSearch. security: - basicAuth: [] description: Returns the results of an arbitrary query into ElasticSearch. parameters: - name: ESQuery in: body description: A valid ElasticSearch query. See https://www.elastic.co/guide/en/elasticsearch/reference/1.7/query-dsl.html for details about constructing ElasticSearch queries. The example below is one possible query, however any valid query is supported. Please remember that queries should be targeted. Wide time-ranges and aggregations are not recommended. schema: $ref: '#/definitions/SearchBody' responses: 200: description: Returns an array containing query results. This example response corresponds with the above example request. The response will vary greatly based on the supplied query. schema: $ref: '#/definitions/SearchResponse' default: description: In case of an error, an error payload containing error code, name, and description is returned. If valid JSON is provided but ElasticSearch cannot parse the query, ElasticSearch will return its own 500 and error messages. schema: $ref: '#/definitions/ErrorObject' "/services": get: operationId: getServices summary: Returns current status of all NetMon services. security: - basicAuth: [] description: Returns current status of all NetMon services. responses: 200: description: Response object containing status of all NetMon services. schema: $ref: '#/definitions/Services' default: description: In case of an error, an error payload containing error code, name, and description is returned. schema: $ref: '#/definitions/ErrorObject' "/services/actions/restart": put: operationId: restartServices security: - basicAuth: [] description: Restart NetMon services. This route is admin-only. summary: Restart NetMon services. This route is admin-only. parameters: - name: restartServices in: body description: If an empty JSON is passed in the body of the request, all NetMon services are restarted. Alternately, a list of services can be provided if only certain services need to be restarted. required: false schema: type: object properties: services: $ref: "#/definitions/ListOfServicesToRestart" responses: '200': description: A message indicating that a restart was initiated. schema: $ref: "#/definitions/CommandResponse" default: description: In case of an error, an error payload containing error code, name, and description is returned. schema: $ref: '#/definitions/ErrorObject' "/services/capture": get: operationId: getCaptureSettings summary: Returns the current Capture configuration. security: - basicAuth: [] description: Returns the current Capture configuration. responses: 200: description: The current capture configuration. schema: $ref: '#/definitions/CaptureConfiguration' default: description: In case of an error, an error payload containing error code, name, and description is returned. schema: $ref: '#/definitions/ErrorObject' put: operationId: configureCaptureSettings summary: Configures Capture settings. security: - basicAuth: [] description: Configure Capture Settings on NetMon. **In order for your changes to take effect, please make a request to the RestartServices route with no request body.** parameters: - name: configureCapture in: body description: Modify capture configuration parameters. required: true schema: $ref: "#/definitions/ConfigureCapture" responses: '200': description: The current capture configuration. schema: $ref: "#/definitions/CaptureConfiguration" default: description: In case of an error, an error payload containing error code, name, and description is returned. schema: $ref: '#/definitions/ErrorObject' "/services/capture/actions/addCapturedApplications": put: operationId: addCapturedApplications summary: Appends applications to an existing list of captured applications. security: - basicAuth: [] description: Appends applications to an existing list of captured applications. **In order for your changes to take effect, please make a request to the RestartServices route with no request body.** parameters: - name: addCapturedApplications in: body description: List of applications to add to the capture list. required: true schema: $ref: "#/definitions/AddCapturedApplications" responses: '200': description: The current capture configuration is returned. schema: $ref: "#/definitions/CaptureConfiguration" default: description: In case of an error, an error payload containing error code, name, and description is returned. schema: $ref: '#/definitions/ErrorObject' "/services/capture/actions/addExcludedApplications": put: operationId: addExcludedApplications summary: Appends applications to an existing list of excluded applications. security: - basicAuth: [] description: Appends applications to an existing list of excluded applications. **In order for your changes to take effect, please make a request to the RestartServices route with no request body.** parameters: - name: addExcludedApplications in: body description: List of applications to add to the exclude list. required: true schema: $ref: "#/definitions/AddExcludedApplications" responses: '200': description: The current capture configuration is returned. schema: $ref: "#/definitions/CaptureConfiguration" default: description: In case of an error, an error payload containing error code, name, and description is returned. schema: $ref: '#/definitions/ErrorObject' "/services/capture/actions/removeCapturedApplications": put: operationId: removeCapturedApplications summary: Removes applications from an existing list of captured applications. security: - basicAuth: [] description: Remove applications from an existing list of captured applications. **In order for your changes to take effect, please make a request to the RestartServices route with no request body.** parameters: - name: removeCapturedApplications in: body description: List of applications to remove from the capture list. required: true schema: $ref: "#/definitions/RemoveCapturedApplications" responses: '200': description: The current capture configuration is returned. schema: $ref: "#/definitions/CaptureConfiguration" "default": description: In case of an error, an error payload containing error code, name, and description is returned. schema: $ref: '#/definitions/ErrorObject' "/services/capture/actions/removeExcludedApplications": put: operationId: removeExcludedApplications summary: Removes applications from an existing list of excluded applications. security: - basicAuth: [] description: Remove applications from an existing list of excluded applications. **In order for your changes to take effect, please make a request to the RestartServices route with no request body.** parameters: - name: removeExcludedApplications in: body description: List of applications to remove from the exclude list. required: true schema: $ref: "#/definitions/RemoveExcludedApplications" responses: '200': description: The current capture configuration is returned. schema: $ref: "#/definitions/CaptureConfiguration" default: description: In case of an error, an error payload containing error code, name, and description is returned. schema: $ref: '#/definitions/ErrorObject' "/services/filters/application/blacklist": get: operationId: getApplicationBlacklist summary: Retreives the list of all blacklisted applications. This route is admin-only. security: - basicAuth: [] description: Retreives the list of all blacklisted applications. This route is admin-only. responses: '200': description: Current state of the application blacklist schema: $ref: "#/definitions/ApplicationBlacklist" default: description: In case of an error, an error payload containing error code, name, and description is returned. schema: $ref: '#/definitions/ErrorObject' delete: operationId: deleteApplicationBlacklist summary: Removes all applications from the application blacklist. This route is admin-only. security: - basicAuth: [] description: Removes all applications from the application blacklist. This route is admin-only. responses: '200': description: An empty response default: description: In case of an error, an error payload containing error code, name, and description is returned. schema: $ref: '#/definitions/ErrorObject' post: operationId: postApplicationBlacklist summary: Adds one or more applications to the application blacklist. This route is admin-only. security: - basicAuth: [] description: Adds one or more applications to the application blacklist. This route is admin-only. parameters: - name: applicationList in: body description: An array of one or more applications to add to the application blacklist. required: true schema: $ref: "#/definitions/ApplicationBlacklist" responses: '200': description: Current state of the application blacklist schema: $ref: "#/definitions/ApplicationBlacklist" default: description: In case of an error, an error payload containing error code, name, and description is returned. schema: $ref: '#/definitions/ErrorObject' put: operationId: putApplicationBlacklist summary: Sets the application blacklist. This route is admin-only. security: - basicAuth: [] description: Sets the application blacklist to the array provided. This route is admin-only. parameters: - name: applicationList in: body description: An array of applications to blacklist. required: true schema: $ref: "#/definitions/ApplicationBlacklist" responses: '200': description: Current state of the application blacklist schema: $ref: "#/definitions/ApplicationBlacklist" default: description: In case of an error, an error payload containing error code, name, and description is returned. schema: $ref: '#/definitions/ErrorObject' "/services/filters/application/blacklist/{application}": delete: operationId: deleteApplicationFromBlacklist summary: Removes the specified application from the application blacklist. This route is admin-only. security: - basicAuth: [] parameters: - in: path name: application required: true type: string description: The application to delete from the application blacklist. description: Removes the specified application from the application blacklist. This route is admin-only. responses: '200': description: Current state of the application blacklist schema: $ref: "#/definitions/ApplicationBlacklist" default: description: In case of an error, an error payload containing error code, name, and description is returned. schema: $ref: '#/definitions/ErrorObject' "/services/filters/ip/blacklist": get: operationId: getIpFilterBlacklist summary: Gets the IP filter blacklist. This route is admin-only. security: - basicAuth: [] description: Gets the IP filter blacklist. This route is admin-only. responses: '200': description: Current state of the IP filter blacklist schema: type: array items: $ref: "#/definitions/ipFilterObject" default: description: In case of an error, an error payload containing error code, name, and description is returned. schema: $ref: '#/definitions/ErrorObject' delete: operationId: deleteIpFilterBlacklist summary: Deletes the entire IP filter blacklist. This route is admin-only. security: - basicAuth: [] description: Deletes the entire IP filter blacklist. This route is admin-only. responses: '200': description: An empty response default: description: In case of an error, an error payload containing error code, name, and description is returned. schema: $ref: '#/definitions/ErrorObject' post: operationId: postIpFilterBlacklist summary: Adds or updates one or more IP filters to the blacklist. This route is admin-only. security: - basicAuth: [] description: Adds or updates one or more IP filters to the blacklist. This route is admin-only. parameters: - name: ipFilter in: body description: A complete IP filter object required: true schema: $ref: "#/definitions/ipFilterObject" responses: '200': description: Current state of the IP filter configuration schema: type: array items: $ref: "#/definitions/ipFilterObject" default: description: In case of an error, an error payload containing error code, name, and description is returned. schema: $ref: '#/definitions/ErrorObject' put: operationId: putIpFilterBlacklist summary: Sets the IP filter blacklist. This route is admin-only. security: - basicAuth: [] description: Sets the IP filter blacklist. This route is admin-only. parameters: - name: ipFilterList in: body description: A list of IP filter objects to be set as the new blacklist required: true schema: type: array items: $ref: "#/definitions/ipFilterObject" responses: '200': description: Current state of the IP filter configuration schema: $ref: "#/definitions/ipFilterFullConfig" default: description: In case of an error, an error payload containing error code, name, and description is returned. schema: $ref: '#/definitions/ErrorObject' "/services/filters/ip/blacklist/{filter}": delete: operationId: deleteIpFilterBlacklistFilter summary: Deletes an individual filter from the IP filter blacklist. This route is admin-only. security: - basicAuth: [] parameters: - in: path name: filter required: true type: string description: The filter that is to be deleted from the blacklist description: Deletes the specified filter from the IP filter blacklist. This route is admin-only. responses: '200': description: The updated blacklist of filtered IPs schema: type: array items: $ref: "#/definitions/ipFilterObject" default: description: In case of an error, an error payload containing error code, name, and description is returned. schema: $ref: '#/definitions/ErrorObject' "/services/filters/ip/whitelist/{filter}": delete: operationId: deleteIpFilterWhitelistFilter summary: Deletes an individual filter from the IP filter whitelist. This route is admin-only. security: - basicAuth: [] parameters: - in: path name: filter required: true type: string description: The filter that is to be deleted from the whitelist description: Deletes the specified filter from the IP filter whitelist. This route is admin-only. responses: '200': description: The updated whitelist of filtered IPs schema: type: array items: $ref: "#/definitions/ipFilterObject" default: description: In case of an error, an error payload containing error code, name, and description is returned. schema: $ref: '#/definitions/ErrorObject' "/services/filters/ip/whitelist": get: operationId: getIpFilterWhitelist summary: Gets the IP filter whitelist. This route is admin-only. security: - basicAuth: [] description: Gets the IP filter whitelist. This route is admin-only. responses: '200': description: Current state of the IP filter whitelist schema: type: array items: $ref: "#/definitions/ipFilterObject" default: description: In case of an error, an error payload containing error code, name, and description is returned. schema: $ref: '#/definitions/ErrorObject' delete: operationId: deleteIpFilterWhitelist summary: Deletes the entire IP filter whitelist. This route is admin-only. security: - basicAuth: [] description: Deletes the entire IP filter whitelist. This route is admin-only. responses: '200': description: An empty response default: description: In case of an error, an error payload containing error code, name, and description is returned. schema: $ref: '#/definitions/ErrorObject' post: operationId: postIpFilterWhitelist summary: Adds or updates one or more IP filters to the whitelist. This route is admin-only. security: - basicAuth: [] description: Adds or updates one or more IP filters to the whitelist. This route is admin-only. parameters: - name: ipFilter in: body description: A complete IP filter object required: true schema: $ref: "#/definitions/ipFilterObject" responses: '200': description: Current state of the IP filter configuration schema: type: array items: $ref: "#/definitions/ipFilterObject" default: description: In case of an error, an error payload containing error code, name, and description is returned. schema: $ref: '#/definitions/ErrorObject' put: operationId: putIpFilterWhitelist summary: Sets the IP filter whitelist. This route is admin-only. security: - basicAuth: [] description: Sets the IP filter whitelist. This route is admin-only. parameters: - name: ipFilterList in: body description: A list of IP filter objects to be set as the new whitelist required: true schema: type: array items: $ref: "#/definitions/ipFilterObject" responses: '200': description: Current state of the IP filter configuration schema: $ref: "#/definitions/ipFilterFullConfig" default: description: In case of an error, an error payload containing error code, name, and description is returned. schema: $ref: '#/definitions/ErrorObject' "/services/filters/ip/mode": get: operationId: getIpFilterMode summary: Gets the IP filter mode. This route is admin-only. security: - basicAuth: [] description: Gets the IP filter mode. This route is admin-only. responses: '200': description: The filter mode (whitelist or blacklist) for IP filtering schema: type: string description: The filter mode enum: ["whitelist", "blacklist"] default: description: In case of an error, an error payload containing error code, name, and description is returned. schema: $ref: '#/definitions/ErrorObject' put: operationId: putIpFilterMode summary: Updates the IP filter mode. This route is admin-only. security: - basicAuth: [] description: Updates the IP filter mode. This route is admin-only. parameters: - name: ipFilterMode in: body description: A IP filter mode object required: true schema: $ref: "#/definitions/ipFilterModeObject" responses: '200': description: Current state of the IP filter configuration schema: $ref: "#/definitions/ipFilterFullConfig" default: description: In case of an error, an error payload containing error code, name, and description is returned. schema: $ref: '#/definitions/ErrorObject' "/session/{id}": get: operationId: getSessionInfo produces: - "application/x-7z-compressed" security: - basicAuth: [] description: Get session metadata, such as the application, if it is captured, total bytes, etc. summary: Get session metadata, such as the application, if it is captured, total bytes, etc. parameters: - $ref: "#/parameters/id" responses: '200': description: Metadata associated with the session id is returned in the response. schema: $ref: "#/definitions/SessionInfo" "/session/{id}/csv": get: operationId: getSessionCsv produces: - "application/csv" security: - basicAuth: [] description: Get session metadata for the session id and return the data in a comma separated file summary: Get session metadata downloaded into a csv file parameters: - $ref: "#/parameters/id" responses: '200': description: Session metadata will be downloaded in a .csv file. schema: type: file default: description: In case of an error, an error payload containing the error code, name, and description is returned. schema: $ref: '#/definitions/ErrorObject' "/session/{id}/files": get: operationId: getReconstructedFile produces: - "application/x-7z-compressed" security: - basicAuth: [] description: Reconstruct and download the attached files associated with a session ID. summary: Download reconstructed files contained in the session. parameters: - $ref: "#/parameters/id" responses: '200': description: Reconstructed files will be downloaded in a .zip archive, regardless of the number of files attached. schema: type: file default: description: In case of an error, an error payload containing the error code, name, and description is returned. schema: $ref: '#/definitions/ErrorObject' "/session/{id}/pcap": get: operationId: getReconstructedPcap produces: - "application/x-7z-compressed" security: - basicAuth: [] description: Reconstruct and download the pcap associated with a session ID. summary: Reconstruct and download the pcap associated with a session ID. parameters: - $ref: "#/parameters/id" responses: '200': description: Reconstructed pcap will be downloaded in a .zip archive. schema: type: file default: description: In case of an error, an error payload containing the error code, name, and description is returned. schema: $ref: '#/definitions/ErrorObject' "/session/replayed": get: operationId: getReplayedSessions produces: - "array" security: - basicAuth: [] description: Get the session information for replayed pcaps in a given timeframe. summary: Get replayed session information. parameters: - $ref: "#/parameters/timeFrame" responses: '200': description: Responds with an array of objects containing replayed session information from the requested timeframe in chronological order by TimeStart (oldest first). schema: $ref: '#/definitions/ReplayedSessionsList' default: description: In case of an error, an error payload containing the error code, name, and description is returned. schema: $ref: '#/definitions/ErrorObject' "/system/actions/reboot": post: operationId: rebootNetmon description: Reboot NetMon. This route is admin-only. summary: Reboot NetMon. This route is admin-only. responses: 200: description: Message indicating that the reboot was initiated. schema: $ref: '#/definitions/CommandResponse' default: description: In case of an error, an error payload containing the error code, name, and description is returned. schema: $ref: '#/definitions/ErrorObject' "/system/actions/shutdown": post: operationId: shutdownNetmon description: Shutdown NetMon. This route is admin-only. **After shutdown the server must be physically turned on to regain connectivity.** summary: Shutdown NetMon. This route is admin-only. responses: 200: description: Message indicating that the shutdown was initiated. schema: $ref: '#/definitions/CommandResponse' default: description: In case of an error, an error payload containing the error code, name, and description is returned. schema: $ref: '#/definitions/ErrorObject' "/system/actions/upgrade": post: operationId: upgradeNetmon consumes: - multipart/form-data parameters: - name: file in: formData description: .lrp upgrade file to install. required: true type: file description: Upgrade NetMon with an .lrp file. A reboot is required for changes to take effect. This route is admin-only. summary: Upgrades NetMon. Reboot required. This route is admin-only. responses: 200: description: Message indicating if the upgrade succeeded. schema: $ref: '#/definitions/CommandResponse' default: description: In case of an error, an error payload containing the error code, name, and description is returned. schema: $ref: '#/definitions/ErrorObject' "/system/time": get: operationId: getSystemTime summary: Returns the current system time in milliseconds. security: - basicAuth: [] description: Returns the current system time in milliseconds. responses: 200: description: The current system time in milliseconds. schema: $ref: '#/definitions/SystemTime' default: description: In case of an error, an error payload containing error code, name, and description is returned. schema: $ref: '#/definitions/ErrorObject' "/system/storage/filesystems": get: operationId: getFilesystems summary: Returns filesystem configurations for NetMon. security: - basicAuth: [] description: Returns filesystem configurations for NetMon. responses: 200: description: The configuration for each NetMon filesystem is returned. schema: $ref: '#/definitions/FilesystemConfiguration' default: description: In case of an error, an error payload containing error code, name, and description is returned. schema: $ref: '#/definitions/ErrorObject' "/systemInfo": get: operationId: getSystemInfo summary: NetMon System Information. description: Get basic information about this NetMon. responses: 200: description: NetMon system information is returned. schema: $ref: '#/definitions/SystemInfo' default: description: In case of an error, an error payload containing the error code, name, and description is returned. schema: $ref: '#/definitions/ErrorObject' "/users": get: operationId: getAllUsers summary: Returns a list of all users. This route is admin-only. security: - basicAuth: [] description: Returns a list of all users. This route is admin-only. responses: 200: description: A list of all users. schema: $ref: '#/definitions/UserResponseArray' default: description: In case of an error, an error payload containing error code, name, and description is returned. schema: $ref: '#/definitions/ErrorObject' put: operationId: batchPutUsers summary: Update or add multiple users at once. This route is admin-only. security: - basicAuth: [] parameters: - name: Users to Add or Update in: body description: List of users to add or update. required: true schema: $ref: "#/definitions/UserDetailsCompleteArray" description: This route is used to update or add multiple users at once. This route reads the provided list of users and updates the user if it already exists, or creates the user if it does not. Any existing users that are not included in the user list will be deleted. The user's username cannot be changed. The user with username "admin" must be excluded from the list of users, as that user can only be self-updated using the "/me" API routes. This route is admin-only. responses: 200: description: A list of all existing users, including the user that was just added or updated. schema: $ref: '#/definitions/UserResponseArray' default: description: In case of an error, an error payload containing error code, name, and description is returned. schema: $ref: '#/definitions/ErrorObject' "/users/{username}": get: operationId: getUser summary: Retrieves a user from the provided username. This route is admin-only. security: - basicAuth: [] parameters: - $ref: "#/parameters/username" description: Retrieves a user from the provided username. This route is admin-only. responses: 200: description: Details for the requested user. schema: $ref: '#/definitions/UserResponse' default: description: In case of an error, an error payload containing error code, name, and description is returned. schema: $ref: '#/definitions/ErrorObject' put: operationId: putOrUpdateUser summary: Updates a user if it already exists, and creates a user if it does not. This route is admin-only. security: - basicAuth: [] parameters: - $ref: "#/parameters/username" - name: User to Add or Update in: body description: User to add or update. required: true schema: $ref: "#/definitions/UserDetailsComplete" description: Updates a user if it already exists, and creates a user if it does not. The username in the request body must match the username in the URI. The username cannot be changed. This route is admin-only. responses: 200: description: A list of all existing users, including the user that was just added or updated. schema: $ref: '#/definitions/UserResponseArray' default: description: In case of an error, an error payload containing error code, name, and description is returned. schema: $ref: '#/definitions/ErrorObject' delete: operationId: deleteUser summary: Deletes the user using the provided username. This operation cannot be undone. This route is admin-only. security: - basicAuth: [] parameters: - $ref: "#/parameters/username" description: Deletes the user using the provided username. This operation cannot be undone. This route is admin-only. responses: 200: description: An array of all remaining users is returned. schema: $ref: '#/definitions/UserResponseArray' default: description: In case of an error, an error payload containing error code, name, and description is returned. schema: $ref: '#/definitions/ErrorObject' "/users/{username}/actions/resetPassword": post: operationId: resetPassword summary: Reset A User's Password. This route is admin-only. security: - basicAuth: [] description: Reset the password of the specified user to 'changeme'. This route is admin-only. parameters: - $ref: "#/parameters/username" responses: 200: description: A message indicating a successful password reset. schema: $ref: "#/definitions/CommandResponse" parameters: id: in: path name: id required: true type: string format: uuid description: UUID of the session index: in: path name: index required: true type: string description: Name of the index to remove. logName: in: path name: logName required: true type: string description: Shorthand name of the log to download enum: ['engine', 'logger', 'manager', 'cassandra', 'metrics', 'maintenance', 'dispatch', 'licenseServer', 'websiteError', 'websiteAccess', 'elasticSearch', 'flowRules', 'packetRules', 'audit', 'fileExtraction'] queryRuleId: in: path name: queryRuleId required: true type: string description: ID of Query Rule ruleName: in: path name: ruleName required: true type: string description: Name of the DPA Rule timeFrame: in: query name: timeFrame required: true type: number description: Number of seconds back in time from the current time. username: in: path name: username required: true type: string description: Username of the user on which you want to perform the operation. definitions: AddExcludedApplications: type: object properties: addToExcludeList: type: array description: List of applications to add to the exclude list when Capture All is turned ON. items: type: string AddCapturedApplications: type: object properties: addToCaptureList: type: array description: List of applications to add to the capture list when Capture All is turned OFF. items: type: string ApiKeyResponse: properties: apiKey: type: string description: API key used for accessing the NetMon API. ApplicationBlacklist: type: array description: A list of blacklisted applications. items: type: string ApplicationList: properties: applications: type: array description: List of applications classified by NetMon. items: type: string BulkDeleteCustomRuleNames: type: array description: An array of Custom DPA Rule names to delete. items: type: string CaptureConfiguration: type: object properties: captureAll: type: boolean description: Returns true/false based on whether Capture All is turned ON/OFF. capturedApplications: type: array description: Returns a list of applications that are captured when Capture All is turned ON. items: type: string excludedApplications: type: array description: Returns a list of white-listed applications that are captured when Capture All is turned OFF. items: type: string ChangePasswordInfo: type: object properties: currentPassword: description: Current password of the user attempting to change their password. type: string newPassword: description: A new password the user is attempting to change their password to. type: string verifyNewPassword: description: A copy of the new password to ensure the new password was entered accurately. type: string CommandResponse: type: object properties: message: type: string ConfigureCapture: type: object properties: captureAll: type: boolean description: Configure this parameter as true/false to turn Capture All ON/OFF. capturedApplications: type: array description: Configure a list of applications that will be captured when Capture All is turned ON. items: type: string excludedApplications: type: array description: Configure a list of white-listed applications that will be captured when Capture All is turned OFF. items: type: string CustomDpaRuleRequest: type: array items: type: object properties: name: type: string description: Name of the Custom DPA Rule. This name must match the function name in the code. executionState: type: string enum: ["FLOW", "PACKET"] description: The execution state of the DPA Rule. code: type: string description: The code for the entire DPA Rule function. description: type: string description: A description of the DPA Rule. enabled: type: boolean description: Whether or not the DPA Rule is enabled on the backend. author: type: string description: The author of the DPA Rule. DetailedUserResponse: type: object properties: username: type: string description: The user's unique username. firstName: type: string description: The user's first name. lastName: type: string description: The user's last name. email: type: string description: The user's email address. lastModifiedDate: type: string description: The ISO 8601 timestamp of when the user was last edited. passwordExpirationDate: type: string description: The ISO 8601 timestamp of when the user's password will expire. role: type: string description: The role that determines the user's access permissions. Either 'admin' or 'analyst'. apiKey: type: string description: The user's API key, used for authenticating API requests. DpaRulesResponse: type: array items: type: object properties: type: type: string enum: ["CUSTOM", "SYSTEM"] description: The type of DPA Rule. executionState: type: string enum: ["FLOW", "PACKET"] description: The execution state of the DPA Rule. code: type: string description: The code for the entire DPA Rule function. displayCode: type: string description: The code generated for the UI. visibleAndDownloadable: type: boolean description: Whether or not the rule can be viewed and downloaded in the UI. editable: type: boolean description: Whether or not the rule can be updated. name: type: string description: The name of the DPA Rule. enabled: type: boolean description: Whether or not the DPA Rule is enabled on the backend. description: type: string description: A description of the DPA Rule. author: type: string description: The author of the DPA Rule. uuid: type: string description: The uuid assigned to the DPA Rule. lastModifiedDate: type: integer description: The last time the DPA Rule was modified in epoch time. error: type: string description: If the DPA Rule contains an error, the full error message associated with the rule. example: "syntax error: [string \"function newRule (dpiMsg, ruleEngine)...\"]:5: unexpected symbol near ';'" shortError: type: string description: If the DPA Rule contains an error, the type of error in the code. example: "syntax" errorLineNumber: type: string description: If the DPA Rule contains an error, the line number of the error in the code. example: "5" errorText: type: string description: If the DPA Rule contains an error, the specific error message. example: " unexpected symbol near ';'" ErrorObject: properties: statusCode: type: integer description: HTTP status code associated with the error. name: type: string description: HTTP message associated with the HTTP status code. message: type: string description: Description of the error returned by NetMon. This field can contain one or more error messages. FilesystemConfiguration: type: array items: type: object properties: name: type: string description: The name of the filesystem. type: type: string description: The type of the filesystem. size: type: string description: The sector size. used: type: string description: Amount of the sector used. available: type: string description: Amount of the sector available. mount: type: string description: Device the filesystem is mounted to. ipFilterFullConfig: properties: mode: type: string enum: ["whitelist", "blacklist"] description: The mode for IP filtering (whitelist or blacklist) whitelist: description: The whitelist of filtered IPs type: array items: $ref: "#/definitions/ipFilterObject" blacklist: description: The blacklist of filtered IPs type: array items: $ref: "#/definitions/ipFilterObject" ipFilterObject: properties: filter: type: string description: The actual string IP filter which is either single (10.0.0.1), range (10.0.0.2 - 10.0.0.4), or CIDR (10.0.0.0/24) enabled: type: boolean description: Where or not the filter is going to be enabled on the backend ipFilterModeObject: properties: mode: type: string enum: ["whitelist", "blacklist"] description: The mode for IP filtering (whitelist or blacklist) LicenseInformation: type: object properties: licenseType: type: integer description: An identifying number for the type of license installed. isLicensed: type: boolean description: Returns 'true' if Netmon is licensed. licensedProductName: type: string description: The name of the Netmon product license. licensedProductLogo: type: string description: The logo displayed for the Netmon product. bandWidthInMbps: type: integer description: The bandwidth in MB/s for this license level. masterLicenseId: type: integer description: The identification number of the master license. pcapFileSize: type: integer description: The file size for PCAP downloads, if defined by license level. pcapStorageInMB: type: integer description: Storage allocated for PCAPs in MB, if defined by license level. maxIndexesInDays: type: integer description: The number of days that search indexes are stored, if defined by license level. expireTime: type: integer description: License expiration datetime in UTC milliseconds. installationTime: type: integer description: The time the license was installed. expireDurationInDays: type: integer description: The number of days until license expiration. hasExpired: type: boolean description: Returns 'true' if the license has expired. ListOfServicesToRestart: type: array maxLength: 2 description: List of services to restart. Valid values include "probereader", "probelogger". items: type: string LoginCredentials: type: object properties: username: description: Username of the user attempting a login. type: string password: description: Password of the user attempting a login. type: string LoginResponse: type: object properties: token: description: The JSON Web Token generated at login. This token is used by the browser to maintain a login session, and is not necessary to access the API. type: string apiKey: description: The user's API key. This api key should be put in the HTTP Basic Auth header for all API requests. type: string MetadataIndices: type: array items: type: object properties: index: type: string description: The name of the index. count: type: integer description: The number of records in the index. size: type: string description: The index size. NetworkHostInfo: type: object properties: hostname: description: The hostname of the system. type: string NTPConfiguration: type: object properties: primary: description: Primary NTP server IP address or hostname. type: string secondary: description: Secondary NTP server IP address or hostname, to be used if the system is unable to sync with the primary server. This field is required, but may be left empty. type: string QueryRule: type: object required: - id - enabled - severity - query properties: id: type: string description: Name of the Query Rule. enabled: type: boolean description: Enabled state of the Query Rule. severity: type: string description: Severity of alarm raised if the Query Rule is triggered. enum: ["low", "medium", "high"] query: type: string description: ElasticSearch query used to trigger the Query Rule. createdDate: type: string format: datetime description: Date and time of Query Rule creation. lastModifiedDate: type: string format: datetime description: Date and time of last modification of the Query Rule. RemoveCapturedApplications: type: object properties: removeFromCaptureList: type: array description: List of applications to remove from the existing capture list. items: type: string RemoveExcludedApplications: type: object properties: removeFromExcludeList: type: array description: List of applications to remove from the existing exclude list. items: type: string ReplayedSessionsList: type: array description: List of objects containing data about replayed sessions. items: type: object properties: session: type: string description: The session ID. pcapFilename: type: string description: The replayed PCAP file that the session originated from. timeStart: type: string description: The date and time when the replayed session was created. Search: type: object description: Results of the query directly from ElasticSearch. SearchBody: type: object properties: query: type: object properties: term: type: object properties: Session: type: string example: abcdef01-2345-6789-abcd-ef0123456789 SearchResponse: type: array items: type: object properties: id: type: string example: abcdef01-2345-6789-abcd-ef0123456789_1 TimeStartRaw: type: integer example: 1234567890 DestPort: type: integer example: 514 ConnectionEstablished: type: boolean example: false ApplicationPath: type: string example: /ip/tcp TimeStart: type: string example: 2018/04/10 16:30:00 FlowClassified: type: boolean example: false TimePrevious: type: string example: 2018/04/10 16:30:00 TimePreviousRaw: type: integer example: 1234567890 SrcBytes: type: integer example: 100 TimeDelta: type: integer example: 6 RepeatedFieldCountIndexed: type: integer example: 0 ChildFlowNumber: type: integer example: 1 MessageSize: type: integer example: 50000 TotalBytes: type: integer example: 128 LatestUpdate: type: boolean example: true Protocol: type: integer example: 6 ApplicationID: type: integer example: 734 Captured: type: boolean example: false TotalPackets: type: integer example: 2 SrcPort: type: integer example: 56789 DestMAC: type: string example: 00:0a:bc:de:ff:00 DestIP: type: string example: 10.11.12.13 SrcBytesDelta: type: integer example: 100 Duration: type: integer example: 6 PacketsDelta: type: integer example: 2 SrcIP: type: string example: 1.2.3.4 TimeUpdated: type: string example: 2018/04/10 16:30:00 TimeUpdatedRaw: type: integer example: 1234567890 TotalBytesDelta: type: integer example: 128 FieldCount: type: integer example: 38 Written: type: boolean example: false RepeatedFieldCount: type: integer example: 0 DestBytes: type: integer example: 54 JSONSize: type: integer example: 1025 ThreadID: type: integer example: 1 DestBytesDelta: type: integer example: 54 FlowCompleted: type: boolean example: true SrcMAC: type: string example: aa:0a:bc:de:ff:00 Application: type: string example: tcp MaxRepeatedFieldCount: type: integer example: 10000 Session: type: string example: abcdef01-2345-6789-abcd-ef0123456789 PacketPath: type: string example: /ip/tcp ServiceStatus: type: string description: Indicates whether the process is running, stopped, starting, stopping, or failed. enum: ["active", "inactive", "activating", "deactivating", "failed"] Services: type: object properties: probereader: $ref: '#/definitions/ServiceStatus' probelogger: $ref: '#/definitions/ServiceStatus' probemanager: $ref: '#/definitions/ServiceStatus' probetransmogrifier: $ref: '#/definitions/ServiceStatus' nmphonehome: $ref: '#/definitions/ServiceStatus' cassandra: $ref: '#/definitions/ServiceStatus' kibana: $ref: '#/definitions/ServiceStatus' elasticsearch: $ref: '#/definitions/ServiceStatus' SessionInfo: type: object properties: totalPackets: type: integer description: The total number of packets contained in the session. attach: type: boolean description: Whether or not the session contains files that can be reconstructed. totalBytes: type: integer description: The total number of bytes transmitted. destIP: description: The destination IP address. type: string filename: type: array description: List of file names for all files contained in the session. items: type: string timeStart: description: The time at which the session began. type: string timeUpdated: description: The time when the session was most recently updated. type: string srcIP: description: The source IP address. type: string application: type: string description: The session application. captured: type: boolean description: Whether or not the session is captured on disk and available for download. session: type: string description: The session ID associated with the requested session. pcapDownloadURL: type: string description: API route to download the PCAP associated with the session. fileDownloadURL: type: string description: API route to download the reconstructed files contained in the session. SessionList: type: object properties: sessions: type: array description: List of session IDs to download the packet captures for. items: type: string SystemInfo: properties: name: type: string description: The name of NetMon installation (either NetMon or NetMon Freemium). licensedName: type: string description: The name of the license installed on the system. versions: type: array description: A list of all NetMon versions that have been installed on the system. items: type: string ipAddress: description: The machine's IP address. type: string macAddress: description: The machine's MAC address. type: string licenseExpirationDate: type: string description: The license expiration date in ISO 8601 format. Example of this format 2016-01-11T17:31:10+00:00. format: dateTime masterLicenseId: description: Master License ID associated with the SIEM. type: string machineID: description: A hardware-specific identifier for NetMon appliance. type: string SystemRulesState: type: array items: type: object properties: name: type: string description: The name of the System DPA Rule. enabled: type: boolean description: The new enabled state of the System DPA Rule. SystemTime: type: object properties: timeMs: type: integer UpgradeIndices: type: array items: type: object properties: upgradeDate: type: string description: The date of the upgrade. version: type: string description: The version number of the upgrade. UploadResponse: type: object properties: message: type: string UserDetails: type: object required: ['firstName', 'lastName', 'email'] properties: firstName: type: string description: The user's first name. lastName: type: string description: The user's last name. email: type: string description: The user's email address. UserDetailsComplete: type: object required: ['username', 'role', 'firstName', 'lastName', 'email'] properties: username: type: string description: The user's username. role: type: string description: The user's role, used to determine access rights. Admin users may access and modify all pages and settings, and can modify other users. Analysts may not access advanced configuration settings or modify other users. enum: ['admin, analyst'] firstName: type: string description: The user's first name. lastName: type: string description: The user's last name. email: type: string description: The user's email address. UserDetailsCompleteArray: type: array maxLength: 100 description: List of services to add or update. Please do not include the user with username "admin" in this list. That user may only be self-modified using the "/me" API routes. items: $ref: "#/definitions/UserDetailsComplete" UserResponse: type: object properties: username: type: string description: The user's unique username. firstName: type: string description: The user's first name. lastName: type: string description: The user's last name. email: type: string description: The user's email address. lastModifiedDate: type: string description: The ISO 8601 timestamp of when the user was last edited. passwordExpirationDate: type: string description: The ISO 8601 timestamp of when the user's password will expire. role: type: string description: The role that determines the user's access permissions. Either 'admin' or 'analyst'. UserResponseArray: type: array items: $ref: "#/definitions/UserResponse"