API Guide - Event - Banyan Security Documentation

API Guide - Event

Updated on Apr 27, 2022

Get Events
Usecase: To filters events by service account name
Usecase: To filters events by multiple service account names
Get Events Count
Usecase: To get events count filters by service account name
Usecase: To get events count filters by multiple service account names
Get Events Feed

Get Events

Fetches a list of events from your Banyan organization system log.

Review the Event Spec Syntax for more information on the Event data structures.

HTTP Request

GET /v1/events

URL Parameters

N/A

Query Parameters

Parameter	Format	Description
order	String	Sets the order for returned events based on created_at timestamp. Supported values ASC, DESC. Default is DESC
before	Int	Filters events that occurred before a specific [ epoch timestamp ] ( https://www.epochconverter.com/ ) (in milliseconds)
after	Int	Filters events that occurred after a specific [ epoch timestamp ] ( https://www.epochconverter.com/ ) (in milliseconds)
type	String	Filters events based on event types. Multiple types could be passed separated by a pipe
sub_type	String	Filters events of one subtype (conditionally depends on `type` , such as `Access` (type) and `Connection` (sub_type)
user_email	String	Filters events associated with users. Multiple email addresses could be passed separated by a pipe
device_id	String	Filters events associated with a single device, based on its device ID
serialnumber	String	Filters events associated with devices. Multiple serialnumber could be passed separated by a pipe
workload_container_id	String	Filters events associated with services. Multiple service_name could be passed separated by a pipe
service_name	String	Filters events associated with services. Multiple service_name could be passed separated by a pipe
skip	Int	Used in Pagination. Specifies the number of records to skip. Default is 0
limit	Int	Used in Pagination. Specifies the maximum number of records to return. Default is 10
action	String	Filters events by one of the possible event action values
id	String	Filters events based on its event ID
external_id	String	Filters events based on its external_id
severity	String	Filters events based on its severity value. The order of severity is DEBUG -> INFO -> WARN -> ERROR. So a severity of INFO will return all events of severity INFO and above
service_account_name	String	Filters events associated with service accounts. Multiple service account names could be passed separated by a pipe
start_time	Int	Filters events that occurred after a specific [ epoch timestamp ] (in nanoseconds, but event timestamps are stored at millisecond granularity)
end_time	Int	Filters events that occurred before a specific [ epoch timestamp ] (in nanoseconds, but event timestamps are stored at millisecond granularity)

Request Headers

Authorization: Bearer $AUTHTOKEN

Request Body

N/A

Status Codes and Errors

Value	Description
	200	OK
	401	Unauthorized
	403	Forbidden
	500	InternalServerError

Response Headers

N/A

HTTP Response Body

Example Event Response

{
  "data": [{
    "id": "8f4a3c39-7fdd-469a-9a23-7857194387c9",
    "org_id": "88adaa4d-00b4-49a3-a8db-546dd41b6689",
    "org_name": "exampleorg",
    "severity": "INFO",
    "action": "Register",
    "type": "Registration",
    "sub_type": "Device",
    "message": "Device registered successfully",
    "result": "INFO",
    "created_at": 1589469516170,
    "created_at_ns": 1589469516170000000,

    "user_principal":
    {
        "device":
        {
            "id": "a1c5dc86-5077-4476-9665-0d01e00e6fb7",
            "friendly_name": "computer-name",
            "mac_address": "",
            "serial_number": "ABCDEFGHIJKL",
            "registration_status": "FALSE",
            "compromised_status": "FALSE",
            "compliance_status": "",
            "oem_info": "",
            "model": "MacBook Pro",
            "platform": "Darwin",
            "ownership": "Corporate Dedicated",
            "architecture": "amd64",
            "udid": "",
            "source": "BNN",
            "last_mdm_data_synced_at": 1589469323245456400
        },
        "user":
        {
            "email": "user@email.com",
            "groups":
            [
                "Engineering",
                "Everyone"
            ],
            "roles":
            [
                "Engineering"
            ]
        }
    }
  }]
}

Usecase: To filters events by service account name

Request URL GET /v1/events?service_account_name=dsrini-web-service

Usecase: To filters events by multiple service account names

Request URL GET /v1/events?service_account_name=dsrini-web-service | dsrini-demo-service

Get Events Count

Fetches a count of events from your Banyan organization system log.

HTTP Request

GET /v1/events/count

URL Parameters

N/A

Query Parameters

Parameter	Format	Description
before	Int	Filters events that occurred before a specific [ epoch timestamp ] ( https://www.epochconverter.com/ ) (in milliseconds)
after	Int	Filters events that occurred after a specific [ epoch timestamp ] ( https://www.epochconverter.com/ ) (in milliseconds)
type	String	Filters events based on event types. Multiple types could be passed separated by a pipe
sub_type	String	Filters events of one subtype (conditionally depends on `type` , such as `Access` (type) and `Connection` (sub_type)
user_email	String	Filters events associated with users. Multiple email addresses could be passed separated by a pipe
device_id	String	Filters events associated with a single device, based on its device ID
serialnumber	String	Filters events associated with devices. Multiple serialnumber could be passed separated by a pipe
workload_container_id	String	Filters events associated with services. Multiple service_name could be passed separated by a pipe
service_name	String	Filters events associated with services. Multiple service_name could be passed separated by a pipe
action	String	Filters events by one of the possible event action values
id	String	Filters events based on its event ID
external_id	String	Filters events based on its external_id
severity	String	Filters events based on its severity value. The order of severity is DEBUG -> INFO -> WARN -> ERROR. So a severity of INFO will return all events of severity INFO and above
service_account_name	String	Filters events associated with service accounts. Multiple service account names could be passed separated by a pipe
start_time	Int	Filters events that occurred after a specific [ epoch timestamp ] (in nanoseconds, but event timestamps are stored at millisecond granularity)
end_time	Int	Filters events that occurred before a specific [ epoch timestamp ] (in nanoseconds, but event timestamps are stored at millisecond granularity)

Request Headers

Authorization: Bearer $AUTHTOKEN

Request Body

N/A

Status Codes and Errors

Value	Description
	200	OK
	401	Unauthorized
	403	Forbidden
	500	InternalServerError

Response Headers

N/A

HTTP Response Body

Example Event Response

{
    "data": 571
}

Usecase: To get events count filters by service account name

Request URL GET /v1/events/count?service_account_name=dsrini-web-service

Usecase: To get events count filters by multiple service account names

Request URL GET /v1/events/count?service_account_name=dsrini-web-service | dsrini-demo-service

Get Events Feed

HTTP Request

GET /v1/events/feed

URL Parameters

N/A

Query Parameters

Parameter	Format	Description
order	String	set order for returned dataset based on timestamp
before	Int	Filter - epoch timestamp in ms setting the inclusive upper time range limit
after	Int	Filter - epoch timestamp in ms setting the inclusive lower time range limit
skip	Int	Pagination - the number of records to skip
limit	Int	Pagination - the maximum number of records to return

Request Headers

Authorization: Bearer $AUTHTOKEN

Request Body

N/A

Status Codes and Errors

Value	Description
200	OK

Response Headers

N/A

HTTP Response Body

{
  "data": [{
    "action": "Register",
    "created_at": 1589469516170,
    "group_id": "05746a72-6a19-49fd-9660-96f01cee25cf",
    "id": "8f4a3c39-7fdd-469a-9a23-7857194387c9",
    "messages": "Device registered successfully",
    "org_id": "88adaa4d-00b4-49a3-a8db-546dd41b6689",
    "org_name": "eventsv2",
    "result": "INFO",
    "severity": "INFO",
    "sub_type": "Device",
    "type": "Registration",
    "user_principal":
    {
        "device":
        {
            "architecture": "amd64",
            "compliance_status": "",
            "compromised_status": "FALSE",
            "friendly_name": "computer-name",
            "id": "a1c5dc86-5077-4476-9665-0d01e00e6fb7",
            "last_mdm_data_synced_at": 1589469323245456400,
            "mac_address": "",
            "model": "MacBook Pro",
            "oem_info": "",
            "ownership": "Corporate Dedicated",
            "platform": "Darwin",
            "registration_status": "FALSE",
            "serial_number": "ABCDEFGHIJKL",
            "source": "BNN",
            "udid": ""
        },
        "user":
        {
            "email": "user@email.com",
            "groups":
            [
                "Engineering",
                "Everyone"
            ],
            "roles":
            [
                "Engineering"
            ]
        }
    }
  }]
}