Taking actions on security events

Single security event

URI - POST

To use this endpoint, send a POST request to perform a single action on a specific security event or multiple events (a single action is supported per multiple events): /action/event

Request

The request includes HTTP headers (obtained in the authentication/authorization process and used to sign the request) with request parameters posted on the request body.

Request Headers

Header	Type	Required	Format	Description/Sample
x-av-req-id	String	Yes	UUID – Generated and supplied on the request.	d290f1ee-6c54-4b01-90e6-d701748f085 1
Authorization	Bearer Token	Yes	Bearer <API Access Token>	A string Bearer followed by the API Access Token. See Generating API Access Token. For example, assuming that the API Access Token is 1234, the Bearer Token will be Bearer 1234

Header

Type

Required

Format

Description/Sample

x-av-req-id

String

Yes

UUID – Generated and supplied on the request.

d290f1ee-6c54-4b01-90e6-d701748f085 1

Authorization

Bearer Token

Yes

Bearer <API Access Token>

A string Bearer followed by the API Access Token. See Generating API Access Token.

For example, assuming that the API Access Token is 1234, the Bearer Token will be Bearer 1234

Request String Parameters

None

Request Body

All applicable request parameters are posted on the request body JSON:

Copy

{
    "requestData": 
    { 
        "eventIds": ["string"],
        "eventActionName": ["string"], 
        "eventActionParam": ["string"]
    }
}

Request Body Parameters

The JSON parameters:

Parameter	Type	Required	Description/Sample
requestData	Object		A container for action request
entityIds	Array of String	Yes	An array of event ID identifiers that the single action applies to
eventActionName	String	Yes	Action name to take
eventActionParam	String		Optional string with all action parameters

Request sample (CURL) format

This request sample shows URI base in USA region. For URI base in other regions, see URLs and URL Base.

Copy

curl -X POST -H "Accept: application/json" \
    -H "x-av-req-id: d290f1ee-6c54-4b01-90e6-d701748f3351" \
    -H "Authorization: Bearer 2462b23346ab0642b65d7d094aca5fb4c29fd96d0468deceae2704d258e81497" \
    -d "{
        "requestData": 
            {
                "us:customername",
                "eventIds": ["7ded0371a3e1475c9a877e452f23a049"],
                "eventActionName": ["dismiss"],
                "eventActionParam": [""]
            }
        }" \
    https://cloudinfra-gw-us.portal.checkpoint.com/app/hec-api/v1.0/action/event

This request sample dismisses the event with event ID: “7ded0371a3e1475c9a877e452f23a049”

Response

The response obtained from the service includes an HTTP response code and JSON formatted structure. The JSON structure contains response envelope and response data, which have a detailed response code for each entityId in the request.

Response Structure

A valid response obtained from the service (JSON format):

Copy

{
    "responseEnvelope": 
    {
        "requestId": "string", 
        "responseCode": integer, 
        "responseText": "string", 
        "additionalText": "string", 
        "recordsNumber": integer,
        "totalRecordsNumber": integer, 
        "scrollId": "string"
    },
    "responseData": [
    {
        "eventId": "string", 
        "entityId": "string", 
        "taskId": integer
    }
    ]
}

Response Parameters

The response parameters:

Parameter		Type	Description
responseEnvelope		Object	A container of metadata properties
	requestId	Integer	Request ID (from the request header x-av-req-id value)
	responseCode	Integer	0 = Success Other values = Failure
	responseTest	String	The text value of the response
	additionalText	String	Additional information
	recordsNumber	Integer	Number of records in response
	totalRecordsNumber	Integer	Total number of records
	scrollId	String	Unique ID used for scrolling
responseData		Object	Array of security event identifiers and their corresponding action response codes and additional text
	eventId	String	Security event ID the action applies to
	entityId	String	Harmony Email & Collaboration event SaaS entity ID the action applies to
	taskId	Integer	Unique ID of the Harmony Email & Collaboration task

Response Sample

A valid response from the service:

Copy

{
    "responseEnvelope": 
    {
        "requestId": "d290f1ee-6c54-4b01-90e6-d701748f3351", 
        "responseCode": 0,
        "responseText": "success", 
        "additionalText": "", 
        "recordsNumber": 1,
        "totalRecordsNumber": 1,
        "scrollId": "9898989898"
    },
    "responseData": [
    {
        "eventId": "7ded0371a3e1475c9a877e452f23a049", 
        "entityId": "a60ba316c8d4f19b2913194386fb0070", 
        "taskId": "123445311234"
    }
    ]
}