SOAP API AlarmService, Complex Types
Complex Type: AlarmCommentDataModel
Description
Response model for the current state of a single alarm including the last provided comment. This model is returned to the client in an array as a result of alarms returned by a provided query.
Derived by
Restricting anyType
Content Model
Contains elements as defined in the following table.
Component | Type | Nillable? | Description |
|---|---|---|---|
ID | long | No | The unique ID of this instance of an alarm. |
PersonID | int | No | The unique ID of the person associated to this instance of an alarm. |
PersonName | string | Yes | The name of the person associated to this instance of an alarm. |
Comment | string | Yes | The last comment provided for this instance of an alarm. |
DateInserted | dateTime | No | The date this instance of the alarm was created. |
Complex Type: AlarmEventDataModel
Description
Response model for alarms that include event data.
Derived by
Restricting anyType
Content Model
Contains elements as defined in the following table.
Component | Type | Nillable? | Description |
|---|---|---|---|
ID | long | No | The unique ID of this instance of an alarm. |
Events | ArrayOfLogDataModel | Yes | The event tabular object which includes details of all events associated to this instance of an alarm. |
Complex Type: AlarmHistoryDataModel
Description
Response model for alarms that includes alarm history.
Derived by
Restricting anyType
Content Model
Contains elements as defined in the following table.
Component | Type | Nillable? | Description |
|---|---|---|---|
AlarmID | long | No | The unique ID of this instance of an alarm. |
Notifications | ArrayOfAlarmNotificationDataModel | Yes | The historical tabular object which includes details of all status updates for this instance of an alarm. |
Comments | ArrayOfAlarmCommentDataModel | Yes | The historical tabular object which includes details of all comment updates for this instance of an alarm. |
Complex Type: AlarmNotificationDataModel
Description
Response model for alarms that include alarm notifications.
Derived by
Restricting anyType
Content Model
Contains elements as defined in the following table.
Component | Type | Nillable? | Description |
|---|---|---|---|
Order | long | No | Gets or sets the notification order. |
PersonID | int | No | The unique ID of the person associated to this alarm notification. |
PersonName | string | Yes | The name of the person associated to this alarm notification. |
ContactMethodType | ContactMethodTypeEnum | Yes | The enumerated value of the contact type used to make the alarm notification. |
Comment | string | Yes | The comments provided with the alarm notification. |
NotificationDate | dateTime | No | The date the alarm notification was created. |
Complex Type: AlarmSummaryDataModel
Description
Response model of an alarms current status.
Derived by
Restricting anyType
Content Model
Contains elements as defined in the following table.
Component | Type | Nillable? | Description |
|---|---|---|---|
AlarmID | long | No | The unique ID of this instance of an alarm. |
EntityId | int | No | The unique ID of this entity this instance of an alarm originated from. |
EntityName | string | Yes | The name of the entity this instance of an alarm originated from. |
LastUpdatedID | int | No | The unique ID of the change set for the last update of this instance of the alarm. |
LastUpdatedName | string | Yes | The name of the person whom last updated this instance of the alarm. |
AlarmRuleID | int | No | The unique ID of the Alarm Rule associated to this instance of the alarm. |
AlarmRuleName | string | Yes | The name of the Alarm Rule associated to this instance of the alarm. |
AlarmStatus | AlarmStatusEnum | No | The current alarm status of this instance of the alarm. |
EventCount | int | No | The number of events associated to this instance of the alarm. |
EventDateFirst | dateTime | No | The first normalized date time of an event associated to this instance of the alarm. |
EventDateLast | dateTime | No | The last normalized date time of an event associated to this instance of the alarm. |
RBPAvg | int | No | The average risk based priority of all events which generated this instance of the alarm. |
RBPMax | int | No | The max risk based priority of all events which generated this instance of the alarm. |
AlarmDate | dateTime | No | The normalized date time which this instance of the alarm was generated. |
DateInserted | dateTime | No | The normalized date time which this instance of the alarm was generated. |
DateUpdated | dateTime | No | The last normalized date and time that the comments or status of this instance of the alarm was updated. |
Complex Type: AlarmSummaryDataResults
Description
Response model for alarm summary.
Derived by
Restricting anyType
Content Model
Contains elements as defined in the following table.
Component | Type | Nillable? | Description |
|---|---|---|---|
Alarms | ArrayOfAlarmSummaryDataModel | Yes | This is a tabular object which represents the current state of all alarms which match query criteria. |
HasMoreResults | boolean | No | This is flag to identify if the result set has more records. |
NextPageID | string | Yes | The next page unique ID for the next page in the series of pages related to the provided query. |
Complex Type: ArrayOfLogDataModel
Derived by
Restricting anyType
Content Model
Contains elements as defined in the following table.
Component | Type | Nillable? | Description |
|---|---|---|---|
LogDataModel | LogDataModel | Yes | The data for a single log message and all associated metadata for that log. |
Complex Type: ErrorInfo
Description
Error details model.
Derived by
Restricting anyType
Content Model
Contains elements as defined in the following table.
Component | Type | Nillable? | Description |
|---|---|---|---|
ErrorID | int | No | The unique ID of the error details. |
Details | string | Yes | The error details for this instance of the error. |
ErrorMessage | string | Yes | The error message of the error. |
Complex Type: IPAddressDataModel
Description
IP Address object used in alarms and log queries.
Derived by
Restricting anyType
Content Model
Contains elements as defined in the following table.
Component | Type | Nillable? | Description |
|---|---|---|---|
Bytes | base64Binary | Yes | The byte length of the IP object value. |
Value | string | Yes | The IP address value. |
IsBroadcast | boolean | No | If true, this is a broadcast address. |
IsIPv4 | boolean | No | If true, this is an IPv4 address. |
IsIPv6 | boolean | No | If true, this is an IPv6 address. |
IsLinkLocal | boolean | No | If true, this is a link local address. |
IsLoopback | boolean | No | If true, this is a loopback address. |
IsNetwork | boolean | No | If true, this is a network address. |
IsPrivate | boolean | No | If true, this is private address. |
IsPublicIPv4 | boolean | No | If true, this is a public IPv4 address. |
IsResolvable | boolean | No | If true, the address is resolvable. |
Complex Type: LocationInfoDataModel
Description
Location detail object used in alarms and log queries. Only available when GeoIP service is connected to the servers.
Derived by
Restricting anyType
Content Model
Contains elements as defined in the following table.
Component | Type | Nillable? | Description |
|---|---|---|---|
CityName | string | Yes | The city name of the GeoIP location resolved for this address. |
CountryName | string | Yes | The country name of the GeoIP location resolved for this address. |
FullName | string | Yes | The full name of the GeoIP location resolved for this address. |
FullNameRegion | string | Yes | The region full name of the GeoIP location resolved for this address. |
HasCity | boolean | No | If true, the GeoIP location was able to resolve a city node. |
HasCountry | boolean | No | If true, the GeoIP location was able to resolve a country node. |
HasLatLong | boolean | No | If true, the GeoIP location was able to resolve a latitude and longitude. |
HasParentLocation | boolean | No | If true, the GeoIP location has a parent location. |
HasRegion | boolean | No | If true, the GeoIP location was able to resolve a region node. |
IsValid | boolean | No | If true, the GeoIP location has been validated. |
Latitude | double | No | The latitude of the GeoIP location resolved for this address. |
LocationID | int | No | The unique ID of the location object. |
LocationKey | string | Yes | The location abbreviation used on some displays. |
Longitude | double | No | The longitude of the GeoIP location resolved for this address. |
ParentLocationID | int | No | The unique ID of the parent location object. |
RegionName | string | Yes | The region name of the GeoIP location resolved for this address. |
Type | LocationTypeEnum | No | The location type of the GeoIP location resolved for this address. |
Complex Type: LogDataModel
Description
The data for a single log message and all associated metadata for that log.
Derived by
Restricting anyType
Content Model
Contains elements as defined in the following table.
Component | Type | Nillable? | Description |
|---|---|---|---|
Account | string | Yes | User account referenced or impacted by log activity. |
Amount | double | Yes | Amount of an item. |
Bytes | double | Yes | Amount of data sent and received from a device, system, or process. |
BytesIn | double | Yes | Number of bytes received or input from a device, system, or process. |
BytesOut | double | Yes | Number of bytes sent from a device, system, or process. |
ClassificationID | int | Yes | The unique ID of one of three major activity groups–Operations, Audit, or Security–and a more specific sub-classification. |
Command | string | Yes | The command that was executed. |
CommonEventId | int | Yes | The unique ID of the common event which determines its Classification. |
CommonEventName | string | Yes | A short, plain-language description of the log that determines its Classification. |
Count | int | Yes | The number of times the log entry occurred when aggregated with other identical log entries. |
Direction | DirectionEnum | No | The enumeration of the Direction of activity between a log's Origin and Impacted Zones. |
DirectionName | string | Yes | Direction by name of activity between a log's Origin and Impacted Zones. Values can be Internal, External, Outbound, Local, or Unknown. |
Domain | string | Yes | Windows of DNS referenced or impacted by log activity. |
Duration | double | Yes | Running time of a session, job, activity, etc. |
EntityID | int | Yes | The unique ID of the entity. |
EntityName | string | Yes | The name of the entity. |
Group | string | Yes | User group or role referenced or impacted by log activity. |
ImpactedEntityId | int | Yes | The unique ID of the Impacted Entity. |
ImpactedEntityName | string | Yes | The resolved Entity of the impacted host. |
ImpactedHostId | int | Yes | The unique ID of the Host such as a DNS name or NetBIOS impacted by the log activity. |
ImpactedInterface | string | Yes | The impacted interface number of a device or the physical port number of a switch. |
ImpactedIP | string | Yes | The IP address impacted by the log activity. |
ImpactedHostName | string | Yes | The name of the Host such as a DNS name or NetBIOS name impacted by the log activity. |
ImpactedLocation | LocationInfoDataModel | Yes | Country, region, and/or city impacted by the logged activity as derived from the GeoIP resolution. |
ImpactedLocationID | int | Yes | The unique ID of the Impacted Location object. |
ImpactedMAC | string | Yes | The host/device impacted MAC address. |
ImpactedName | string | Yes | The device name impacted. |
ImpactedNATIP | string | Yes | The IP address the Impacted IP was translated to/from via NAT device logs. |
ImpactedNATPort | int | Yes | The TCP/UDP address the Impacted IP was translated to/from via NAT device logs. |
ImpactedNetwork | NetworkDataModel | Yes | Known Network that was impacted by the log activity. |
ImpactedNetworkId | int | Yes | The unique ID for the Known Network that was impacted by the log activity. |
ImpactedPort | int | Yes | The destination/client TCP/UDP port number. |
ImpactedZone | HostZoneEnum | No | The enumeration value of the resolved Zone that was impacted by the activity - Internal, External, or DMZ. |
ImpactedZoneName | string | Yes | The name of this specific zone. |
ItemsPacketsIn | double | Yes | Items such as packets received or input from a device, system, or process. |
ItemsPacketsOut | double | Yes | Items such as packets sent or output from a device, system, or process. |
LogDate/NormalDate | dateTime | Yes | Timestamp when the log was generated or received, corrected to UTC. |
LogMessage | string | Yes | The log message generated due to the activity detected by the source. |
Login | string | Yes | User associated with the log activity. |
LogSourceHost | string | Yes | The system or device where the Log Source originates. |
LogSourceHostId | int | Yes | The unique ID of the log source host object. |
LogSourceHostName | string | Yes | The name of the log source host. |
LogSourceId | int | Yes | The unique ID of the log source. |
LogSourceName | string | Yes | A unique log originator on a specific Host. |
LogSourceType | int | Yes | Type of facility or source where the log originated. |
LogSourceTypeName | string | Yes | Type of facility or source where the log originated. |
MessageID | long | Yes | The unique ID for this log Message. |
MessageType | MessageTypeEnum | No | The Message Type that could be: Message, Log, Known Log, Event, Alarm. |
MPERuleId | int | Yes | The unique ID of the associated MPE Rule object. |
MPERuleName | string | Yes | Message Processing Engine (MPE) Rule. It identifies and normalizes a log messages and assigns it a Common Event. |
NormalDateMax | dateTime | Yes | If message is aggregated the max creation date contained in the group of logs. It can be in UTC or user-selected time zone. |
Object | string | Yes | Resource such as a file, file path, or registry key that is referenced or impacted by log activity. |
ObjectName | string | Yes | Name of the resource such as a file, file path, or registry key that is referenced or impacted by log activity. |
OriginEntityId | int | Yes | The unique ID of the Origin Entity. |
OriginEntityName | string | Yes | The resolved Entity of the origin host. |
OriginHostId | int | Yes | The unique ID of the Origin Host object. |
OriginInterface | string | Yes | The origin interface number of a device or the physical port number of a switch. |
OriginIP | string | Yes | The IP address that was the origin of the log activity. |
OriginHostName | string | Yes | The name of the Host such as a DNS name or NetBIOS name that was the origin of the log activity. |
OriginLocation | LocationInfoDataModel | Yes | Country, region, and/or city where the logged activity originated as derived from the GeoIP resolution. |
OriginLocationID | int | Yes | The unique ID of the Origin Location object. |
OriginLogin | string | Yes | User associated with the log activity. |
OriginMAC | string | Yes | The host/device origin MAC address. |
OriginName | string | Yes | The orgin of the transaction captured by the log. |
OriginNATIP | string | Yes | The IP address the Origin IP was translated to/from via NAT device logs. |
OriginNATPort | int | Yes | The TCP/UDP address the Origin IP was translated to/from via NAT device logs. |
OriginNetwork | NetworkDataModel | Yes | Known Network that was the origin of the log activity. |
OriginNetworkId | int | Yes | The unique ID of the Origin Network object. |
OriginPort | int | Yes | The source/client TCP/UDP port number. |
OriginZone | HostZoneEnum | No | The enumeration value of the resolved Zone that was the origin of the activity - Internal, External, or DMZ. |
OriginZoneName | string | Yes | The name given to this specific zone. |
Priority | int | Yes | Calculated Risk Based Priority (RBP) of the log entry. |
Process | string | Yes | Name or value that identifies a process. |
ProcessID | int | Yes | The unique ID of the process object. |
ProtocolId | int | Yes | The unique ID of the Protocol object. |
ProtocolName | string | Yes | Network protocol applicable to the log message. |
Quantity | double | Yes | The item quantity. |
Rate | double | Yes | Rate of an item. |
Recipient | string | Yes | Email address or VOIP caller number. For non-email logs, it might represent who received some form of information. |
Sender | string | Yes | Email originator or VOIP caller number. For non-email logs, it might represent who sent some form of information. |
SequenceNumber | int | Yes | The collection sequence of events obtained to generate an alarm. |
ServiceId | int | Yes | The unique ID of the Service object. |
ServiceName | string | Yes | The name of a service which transferred the recorded traffic. |
Session | string | Yes | User, system, or application session. |
Severity | string | Yes | Value indicating severity of the log. |
Size | double | Yes | Item Size. |
Subject | string | Yes | Email subject line. For other logs, it might represent the subject of some form of communicated information. |
URL | string | Yes | URL referenced or impacted by log activity. |
VendorMsgID | string | Yes | Unique, vendor-assigned value that IDs the log message. |
Version | string | Yes | Value representing the version (i.e., OS version, patch version, doc version, etc.). |
ClassificationName | string | Yes | The name of one of three major activity groups–Operations, Audit, or Security–and a more specific sub-classification. |
ClassificationTypeName | string | Yes | One of three major activity groups: Operations, Audit, or Security. |
Complex Type: LogRhythmWebServiceFault
Description
This is the error message object for all of LogRhythm Web Services. This object provides custom meaningful error messages to the client while retaining security precautions for the system.
Derived by
Restricting anyType
Content Model
Contains elements as defined in the following table.
Component | Type | Nillable? | Description |
|---|---|---|---|
FaultID | guid | No | The unique ID for the fault object. |
Details | string | Yes | The fault details. |
FaultTime | dateTime | No | The time the fault instance occurred. |
ErrorID | int | No | The unique ID of the error object. |
Complex Type: NetworkDataModel
Description
Network detail object used in alarms.
Derived by
Restricting anyType
Content Model
Contains elements as defined in the following table.
Component | Type | Nillable? | Description |
|---|---|---|---|
BeginIPRange | IPAddressDataModel | Yes | The beginning value of the IP range of the network. |
DestinationRiskLevel | unsignedByte | No | The destination risk level assigned to this network. |
DestinationRiskLevelName | string | Yes | The destination risk level name assigned to this network. |
DisplayValue | string | Yes | The display value. |
EndIPRange | IPAddressDataModel | Yes | The ending value of the IP address range for the network. |
EntityID | int | Yes | The unique ID for the entity object. |
HasLocationID | boolean | No | If true, the network has a location association. |
HasLocationKey | boolean | No | If true, the network has a location key association. |
HostZone | HostZoneEnum | No | The host zone object associated to the network. |
HostZoneName | string | Yes | The host zone name associated to the network. |
LocationID | int | Yes | The unique ID for location object. |
LocationKey | string | Yes | The location key for the network. |
NetworkId | int | Yes | The unique ID for the network object. |
SourceThreatLevel | int | Yes | The source threat level assigned to the network. |
WatchLevel | WatchItemDataModel | Yes | The watch level assigned to the network. |
WatchLevelName | string | Yes | The watch level name assigned to the network. |
Complex Type: SaveResult
Description
A response object which supplies information about an attempt to insert data. This information includes record ID if created and error / warning messages if generated.
Derived by
Restricting anyType
Content Model
Contains elements as defined in the following table.
Component | Type | Nillable? | Description |
|---|---|---|---|
Succeeded | boolean | No | A flag indicating whether the update succeeded or failed. |
DataID | long | No | The unique ID of the data artifact which were updated. |
Errors | ArrayOfErrorInfo | Yes | The tabular errors object of all errors associated to this save result. |
Warnings | ArrayOfstring | Yes | The tabular warning object of all warnings associated with this save result. |
Complex Type: WatchItemDataModel
Description
An object that defines a Watch Item.
Derived by
Restricting anyType
Content Model
Contains elements as defined in the following table.
Component | Type | Nillable? | Description |
|---|---|---|---|
Comments | string | Yes | The comments set on a watch item. |
HostID | int | No | The unique ID of the requested host for this watch item. |
Login | string | Yes | The login of the request account for this watch item. |
NetworkId | int | No | The unique ID for the network for this watch item. |
PersonID | int | No | The unique ID for the person for this watch item. |
WatchItemType | WatchItemTypeEnum | No | The enumeration of the type of watch item. |
WatchLevel | WatchLevelEnum | No | The enumeration of the watch level requested. |
WatchLevelName | string | Yes | The name of the watch level requested. |