Welcome to the Sentinel API (Beta) Documentation

Access to the majority of the functionality in Sentinel is accessible via an Application Programming Interface (API). This API is an HTTP based one, and is a RESTful programming interface.

The intended uses of this API include both built-in user interfaces as well as external access to Sentinel. Users of Sentinel can externally access the API in order to integrate, automate, or to build an alternate user interface for the data with-in Sentinel. Some types of Sentinel users that this would be particularly useful for are Managed Security Service Providers (MSSPs), partners, and other users that need deeper access to the data with-in Sentinel. Typically, end users of Sentinel do not need to directly use this API. An example of how this API may be used is an MSSP accessing it from a web portal they've built that consolidates information from various services, including Sentinel. The APIs make it easy to retrieve display information so it can be shown in user interfaces other than the one built into Sentinel.

Resource	GET	PUT	POST	DELETE
Collection URI, such as http://example.com/resources/	List the URIs and perhaps other details of the collection's members.	Replace the entire collection with another collection.	Create a new entry in the collection. The new entry's URL is assigned automatically and is usually returned by the operation.	Delete the entire collection.
Element URI, such as http://example.com/resources/142	Retrieve a representation of the addressed member of the collection, expressed in an appropriate Internet media type.	Replace the addressed member of the collection, or if it doesn't exist, create it.	Treat the addressed member as a collection in its own right and create a new entry in it.	Delete the addressed member of the collection.

API Security

Request	curl -k -XPOST -H "Authorization: Basic YWRtaW46bm92ZWxs" "https://localhost:8443/SentinelAuthServices/auth/tokens"
Response	{"Token":"nVbZkqJKEH33KwznscNmUWwwWifYRFBUBLWblwkoikVZlAJZvv6ijjN2R8+NuTfCB/OQmXVOZWVVvn4vo7B9hikKknjUIZ7xThvGIHGC2Bt1NsakS3e+j1+RFYXkkEUIplnj2G6CYjS8oqNOnsbDxEIBGsZWBNEwA0OdVedD8hkfWveQTlsWRp0BPaABidtdAlCg27f7TNeiB3Z34Lo4JCiLciiy8UQoh3KMMivORh0SJ4gu3vwog6CHJD7sMc+9PmF22ts77Walzp3kNTgd//iBYJwFMQzZPPN1mDYaf/x4xT44vTpoqAdebGV5Cn+KctCo42fZcYhhRVE8F73nJPUwEsdxDGewxsdBgfetM27dg6Ejx25ys3krTuIAWGFQWxfVKsz8xGmzoZekQeZHf0hNYAR+Sd2FJegCoh9/62C/F7iy+8tMH0imyOoi3yLuydbQhWlTXdjerOVR59tfVeMWaqRWjNwkjdAn+78xgvEZhskROl10F3Yn9/cZv9it8SsEQzkGYY6CM1xcjuHRAhD9rCkEf5+qvUqhG5TzADVnz0Ht64FpSL5ijyQbztgX2yIEHkTZ/6nVY51uWbZWmMNxDo4J6cSOt6gwXuXq46oCpKAscwaMrhQenW+kfpX5p/35kP46Uz+DuLlESmc95DRyT81JViL1rX3qLVd43Vci3dQq8f1sx8qp3k3ZgwWQgZBIaXPPIiIc0j4T9+bBLAM7NSZadegme7qIegYmocVgO1ulTz4wNhUZSIt87TNzSKg6sy9KVVPeaZWuQL3OLLzZsmm0nSUHypq8KXG9AlzQmu6lKeNoFbkBoTcg/cGSHf3W9KjhomsGq6vIy/83CmcEK7N+GfzlGnKb1szgWJVlXq95nrV1jy1kjvVk0Vha5ZPALjjvcPIPgcQUOMdqmwkrcCdVQwWvvQtbTZPEQtluanGusgeJJTZii+dUfhuJpVBfghdbjgUGF5pHc0fl74a4Uln86sj7qmREDGnuSqSuxUIorgnnYuErprTNHSnEW9AQTZUD1wC22aHNVDnb5LunvW1xa7IIQWyGYM/CSYGXqiCWqnEoF7VcLAzTumIGW6kGuGKtC6hKScnXrHJj9m6w4dZ4kCM3cnaPLLlSlbZRGNoR5asaXQg3v1lLLMyl3TNDWypK0WBXt4TI4MXw0EjFrbc1pa4PxeQmq+HGaSBizmbAcc7bOtmQ28qJtpUqS27rshqvnyRdtnuCJl42mmX70oIVeC7QZpyn8ad9DquIstKnurD3Cgby1eFFIqu1LKhZ342UtP8SK64stpSc4U7VYcKcd/xsnvjJ4MSHU5GZkbGzwoPdLinmdpi5i9yhWECfCtKeGpCal0bY4zdmjOYFQWsi4R+g2wJciZn+wSp7xslar/trX5cmDNqcik0/eMKz/U4RslOPlqU9flruzH5JRlQhC6zGcp9VtbibLI5lvZSGYPVUu1ZWR+nU5Pk+cgJ6ZVov+Bus3iqNHZiB4QQDhSZgVpA83tvwT4P3mGOaNinelq2qJ09faoleHlkNbU9UQolisSrrYjMIqqnHy3itcTUOfXtCnb3Txj3viZdK32izueaCCbZMdORa+nFt97DWE1zSdF4eyqyvKO8sjjPJHj+oT+t1AK799bllfoG3psIe2+1DP96fYT239xBkd/NyJctCe9JclVb255GBeCauSOB03avrMI/REYKGBnQ6Y8uJgvj+ht9Sju/mpwUvr36sZw33qJkDPqB8Emew/BLjw2Zgae7P8b/ONGAILn4N/MDuzuPLdF99/Ag+UL3D99Fp/A8="}
Note	YWRtaW46bm92ZWxs is in base64encode(admin:novell), modify this for appropriate user.

Request	curl -k -v -XGET -H "Authorization: X-SAML nVbZkqJKEH33KwznscNmUWwwWifYRFBUBLWblwkoikVZlAJZvv6ijjN2R8+NuTfCB/OQmXVOZWVVvn4vo7B9hikKknjUIZ7xThvGIHGC2Bt1NsakS3e+j1+RFYXkkEUIplnj2G6CYjS8oqNOnsbDxEIBGsZWBNEwA0OdVedD8hkfWveQTlsWRp0BPaABidtdAlCg27f7TNeiB3Z34Lo4JCiLciiy8UQoh3KMMivORh0SJ4gu3vwog6CHJD7sMc+9PmF22ts77Walzp3kNTgd//iBYJwFMQzZPPN1mDYaf/x4xT44vTpoqAdebGV5Cn+KctCo42fZcYhhRVE8F73nJPUwEsdxDGewxsdBgfetM27dg6Ejx25ys3krTuIAWGFQWxfVKsz8xGmzoZekQeZHf0hNYAR+Sd2FJegCoh9/62C/F7iy+8tMH0imyOoi3yLuydbQhWlTXdjerOVR59tfVeMWaqRWjNwkjdAn+78xgvEZhskROl10F3Yn9/cZv9it8SsEQzkGYY6CM1xcjuHRAhD9rCkEf5+qvUqhG5TzADVnz0Ht64FpSL5ijyQbztgX2yIEHkTZ/6nVY51uWbZWmMNxDo4J6cSOt6gwXuXq46oCpKAscwaMrhQenW+kfpX5p/35kP46Uz+DuLlESmc95DRyT81JViL1rX3qLVd43Vci3dQq8f1sx8qp3k3ZgwWQgZBIaXPPIiIc0j4T9+bBLAM7NSZadegme7qIegYmocVgO1ulTz4wNhUZSIt87TNzSKg6sy9KVVPeaZWuQL3OLLzZsmm0nSUHypq8KXG9AlzQmu6lKeNoFbkBoTcg/cGSHf3W9KjhomsGq6vIy/83CmcEK7N+GfzlGnKb1szgWJVlXq95nrV1jy1kjvVk0Vha5ZPALjjvcPIPgcQUOMdqmwkrcCdVQwWvvQtbTZPEQtluanGusgeJJTZii+dUfhuJpVBfghdbjgUGF5pHc0fl74a4Uln86sj7qmREDGnuSqSuxUIorgnnYuErprTNHSnEW9AQTZUD1wC22aHNVDnb5LunvW1xa7IIQWyGYM/CSYGXqiCWqnEoF7VcLAzTumIGW6kGuGKtC6hKScnXrHJj9m6w4dZ4kCM3cnaPLLlSlbZRGNoR5asaXQg3v1lLLMyl3TNDWypK0WBXt4TI4MXw0EjFrbc1pa4PxeQmq+HGaSBizmbAcc7bOtmQ28qJtpUqS27rshqvnyRdtnuCJl42mmX70oIVeC7QZpyn8ad9DquIstKnurD3Cgby1eFFIqu1LKhZ342UtP8SK64stpSc4U7VYcKcd/xsnvjJ4MSHU5GZkbGzwoPdLinmdpi5i9yhWECfCtKeGpCal0bY4zdmjOYFQWsi4R+g2wJciZn+wSp7xslar/trX5cmDNqcik0/eMKz/U4RslOPlqU9flruzH5JRlQhC6zGcp9VtbibLI5lvZSGYPVUu1ZWR+nU5Pk+cgJ6ZVov+Bus3iqNHZiB4QQDhSZgVpA83tvwT4P3mGOaNinelq2qJ09faoleHlkNbU9UQolisSrrYjMIqqnHy3itcTUOfXtCnb3Txj3viZdK32izueaCCbZMdORa+nFt97DWE1zSdF4eyqyvKO8sjjPJHj+oT+t1AK799bllfoG3psIe2+1DP96fYT239xBkd/NyJctCe9JclVb255GBeCauSOB03avrMI/REYKGBnQ6Y8uJgvj+ht9Sju/mpwUvr36sZw33qJkDPqB8Emew/BLjw2Zgae7P8b/ONGAILn4N/MDuzuPLdF99/Ag+UL3D99Fp/A8=" "https://localhost:8443/SentinelRESTServices/preauthorize?path=/objects/identity&httpMethod=GET"
Response	{"Authorized":"true"}
Note	The X-SAML token in the header is used to identify the user

Request	curl -k -XGET -H "Authorization: Basic YWRtaW46bm92ZWxs" "https://localhost:8443/SentinelAuthServices/auth/tokens/nVbZkqJKEH33KwznscNmUWwwWifYRFBUBLWblwkoikVZlAJZvv6ijjN2R8%2BNuTfCB%2FOQmXVOZWVVvn4vo7B9hikKknjUIZ7xThvGIHGC2Bt1NsakS3e%2Bj1%2BRFYXkkEUIplnj2G6CYjS8oqNOnsbDxEIBGsZWBNEwA0OdVedD8hkfWveQTlsWRp0BPaABidtdAlCg27f7TNeiB3Z34Lo4JCiLciiy8UQoh3KMMivORh0SJ4gu3vwog6CHJD7sMc%2B9PmF22ts77Walzp3kNTgd%2F%2FiBYJwFMQzZPPN1mDYaf%2Fx4xT44vTpoqAdebGV5Cn%2BKctCo42fZcYhhRVE8F73nJPUwEsdxDGewxsdBgfetM27dg6Ejx25ys3krTuIAWGFQWxfVKsz8xGmzoZekQeZHf0hNYAR%2BSd2FJegCoh9%2F62C%2FF7iy%2B8tMH0imyOoi3yLuydbQhWlTXdjerOVR59tfVeMWaqRWjNwkjdAn%2B78xgvEZhskROl10F3Yn9%2FcZv9it8SsEQzkGYY6CM1xcjuHRAhD9rCkEf5%2BqvUqhG5TzADVnz0Ht64FpSL5ijyQbztgX2yIEHkTZ%2F6nVY51uWbZWmMNxDo4J6cSOt6gwXuXq46oCpKAscwaMrhQenW%2BkfpX5p%2F35kP46Uz%2BDuLlESmc95DRyT81JViL1rX3qLVd43Vci3dQq8f1sx8qp3k3ZgwWQgZBIaXPPIiIc0j4T9%2BbBLAM7NSZadegme7qIegYmocVgO1ulTz4wNhUZSIt87TNzSKg6sy9KVVPeaZWuQL3OLLzZsmm0nSUHypq8KXG9AlzQmu6lKeNoFbkBoTcg%2FcGSHf3W9KjhomsGq6vIy%2F83CmcEK7N%2BGfzlGnKb1szgWJVlXq95nrV1jy1kjvVk0Vha5ZPALjjvcPIPgcQUOMdqmwkrcCdVQwWvvQtbTZPEQtluanGusgeJJTZii%2BdUfhuJpVBfghdbjgUGF5pHc0fl74a4Uln86sj7qmREDGnuSqSuxUIorgnnYuErprTNHSnEW9AQTZUD1wC22aHNVDnb5LunvW1xa7IIQWyGYM%2FCSYGXqiCWqnEoF7VcLAzTumIGW6kGuGKtC6hKScnXrHJj9m6w4dZ4kCM3cnaPLLlSlbZRGNoR5asaXQg3v1lLLMyl3TNDWypK0WBXt4TI4MXw0EjFrbc1pa4PxeQmq%2BHGaSBizmbAcc7bOtmQ28qJtpUqS27rshqvnyRdtnuCJl42mmX70oIVeC7QZpyn8ad9DquIstKnurD3Cgby1eFFIqu1LKhZ342UtP8SK64stpSc4U7VYcKcd%2FxsnvjJ4MSHU5GZkbGzwoPdLinmdpi5i9yhWECfCtKeGpCal0bY4zdmjOYFQWsi4R%2Bg2wJciZn%2BwSp7xslar%2FtrX5cmDNqcik0%2FeMKz%2FU4RslOPlqU9flruzH5JRlQhC6zGcp9VtbibLI5lvZSGYPVUu1ZWR%2BnU5Pk%2BcgJ6ZVov%2BBus3iqNHZiB4QQDhSZgVpA83tvwT4P3mGOaNinelq2qJ09faoleHlkNbU9UQolisSrrYjMIqqnHy3itcTUOfXtCnb3Txj3viZdK32izueaCCbZMdORa%2BnFt97DWE1zSdF4eyqyvKO8sjjPJHj%2BoT%2Bt1AK799bllfoG3psIe2%2B1DP96fYT239xBkd%2FNyJctCe9JclVb255GBeCauSOB03avrMI%2FREYKGBnQ6Y8uJgvj%2Bht9Sju%2FmpwUvr36sZw33qJkDPqB8Emew%2FBLjw2Zgae7P8b%2FONGAILn4N%2FMDuzuPLdF99%2FAg%2BUL3D99Fp%2FA8%3D"
Response	{"UserId":"admin","FirstName":"Arnie","LastName":"Admin","Initials":"AA","Email":"arnie@admin.com","Expiration":"1294255239335","Roles":["distSearchAccept","distSearchInitiate","isReportManager","manageTags","runReportOnDB","viewInternalEvents"]}
Note	Token on URL on curl request is url encoded version of token returned in "Create SAML Token"

Request	curl -k -XDELETE -H "Authorization: Basic YWRtaW46bm92ZWxs" "https://localhost:8443/SentinelAuthServices/auth/tokens/nVbZkqJKEH33KwznscNmUWwwWifYRFBUBLWblwkoikVZlAJZvv6ijjN2R8%2BNuTfCB%2FOQmXVOZWVVvn4vo7B9hikKknjUIZ7xThvGIHGC2Bt1NsakS3e%2Bj1%2BRFYXkkEUIplnj2G6CYjS8oqNOnsbDxEIBGsZWBNEwA0OdVedD8hkfWveQTlsWRp0BPaABidtdAlCg27f7TNeiB3Z34Lo4JCiLciiy8UQoh3KMMivORh0SJ4gu3vwog6CHJD7sMc%2B9PmF22ts77Walzp3kNTgd%2F%2FiBYJwFMQzZPPN1mDYaf%2Fx4xT44vTpoqAdebGV5Cn%2BKctCo42fZcYhhRVE8F73nJPUwEsdxDGewxsdBgfetM27dg6Ejx25ys3krTuIAWGFQWxfVKsz8xGmzoZekQeZHf0hNYAR%2BSd2FJegCoh9%2F62C%2FF7iy%2B8tMH0imyOoi3yLuydbQhWlTXdjerOVR59tfVeMWaqRWjNwkjdAn%2B78xgvEZhskROl10F3Yn9%2FcZv9it8SsEQzkGYY6CM1xcjuHRAhD9rCkEf5%2BqvUqhG5TzADVnz0Ht64FpSL5ijyQbztgX2yIEHkTZ%2F6nVY51uWbZWmMNxDo4J6cSOt6gwXuXq46oCpKAscwaMrhQenW%2BkfpX5p%2F35kP46Uz%2BDuLlESmc95DRyT81JViL1rX3qLVd43Vci3dQq8f1sx8qp3k3ZgwWQgZBIaXPPIiIc0j4T9%2BbBLAM7NSZadegme7qIegYmocVgO1ulTz4wNhUZSIt87TNzSKg6sy9KVVPeaZWuQL3OLLzZsmm0nSUHypq8KXG9AlzQmu6lKeNoFbkBoTcg%2FcGSHf3W9KjhomsGq6vIy%2F83CmcEK7N%2BGfzlGnKb1szgWJVlXq95nrV1jy1kjvVk0Vha5ZPALjjvcPIPgcQUOMdqmwkrcCdVQwWvvQtbTZPEQtluanGusgeJJTZii%2BdUfhuJpVBfghdbjgUGF5pHc0fl74a4Uln86sj7qmREDGnuSqSuxUIorgnnYuErprTNHSnEW9AQTZUD1wC22aHNVDnb5LunvW1xa7IIQWyGYM%2FCSYGXqiCWqnEoF7VcLAzTumIGW6kGuGKtC6hKScnXrHJj9m6w4dZ4kCM3cnaPLLlSlbZRGNoR5asaXQg3v1lLLMyl3TNDWypK0WBXt4TI4MXw0EjFrbc1pa4PxeQmq%2BHGaSBizmbAcc7bOtmQ28qJtpUqS27rshqvnyRdtnuCJl42mmX70oIVeC7QZpyn8ad9DquIstKnurD3Cgby1eFFIqu1LKhZ342UtP8SK64stpSc4U7VYcKcd%2FxsnvjJ4MSHU5GZkbGzwoPdLinmdpi5i9yhWECfCtKeGpCal0bY4zdmjOYFQWsi4R%2Bg2wJciZn%2BwSp7xslar%2FtrX5cmDNqcik0%2FeMKz%2FU4RslOPlqU9flruzH5JRlQhC6zGcp9VtbibLI5lvZSGYPVUu1ZWR%2BnU5Pk%2BcgJ6ZVov%2BBus3iqNHZiB4QQDhSZgVpA83tvwT4P3mGOaNinelq2qJ09faoleHlkNbU9UQolisSrrYjMIqqnHy3itcTUOfXtCnb3Txj3viZdK32izueaCCbZMdORa%2BnFt97DWE1zSdF4eyqyvKO8sjjPJHj%2BoT%2Bt1AK799bllfoG3psIe2%2B1DP96fYT239xBkd%2FNyJctCe9JclVb255GBeCauSOB03avrMI%2FREYKGBnQ6Y8uJgvj%2Bht9Sju%2FmpwUvr36sZw33qJkDPqB8Emew%2FBLjw2Zgae7P8b%2FONGAILn4N%2FMDuzuPLdF99%2FAg%2BUL3D99Fp%2FA8%3D"
Response	{"GUID":"nVbZkqJKEH33KwznscNmUWwwWifYRFBUBLWblwkoikVZlAJZvv6ijjN2R8+NuTfCB/OQmXVOZWVVvn4vo7B9hikKknjUIZ7xThvGIHGC2Bt1NsakS3e+j1+RFYXkkEUIplnj2G6CYjS8oqNOnsbDxEIBGsZWBNEwA0OdVedD8hkfWveQTlsWRp0BPaABidtdAlCg27f7TNeiB3Z34Lo4JCiLciiy8UQoh3KMMivORh0SJ4gu3vwog6CHJD7sMc+9PmF22ts77Walzp3kNTgd//iBYJwFMQzZPPN1mDYaf/x4xT44vTpoqAdebGV5Cn+KctCo42fZcYhhRVE8F73nJPUwEsdxDGewxsdBgfetM27dg6Ejx25ys3krTuIAWGFQWxfVKsz8xGmzoZekQeZHf0hNYAR+Sd2FJegCoh9/62C/F7iy+8tMH0imyOoi3yLuydbQhWlTXdjerOVR59tfVeMWaqRWjNwkjdAn+78xgvEZhskROl10F3Yn9/cZv9it8SsEQzkGYY6CM1xcjuHRAhD9rCkEf5+qvUqhG5TzADVnz0Ht64FpSL5ijyQbztgX2yIEHkTZ/6nVY51uWbZWmMNxDo4J6cSOt6gwXuXq46oCpKAscwaMrhQenW+kfpX5p/35kP46Uz+DuLlESmc95DRyT81JViL1rX3qLVd43Vci3dQq8f1sx8qp3k3ZgwWQgZBIaXPPIiIc0j4T9+bBLAM7NSZadegme7qIegYmocVgO1ulTz4wNhUZSIt87TNzSKg6sy9KVVPeaZWuQL3OLLzZsmm0nSUHypq8KXG9AlzQmu6lKeNoFbkBoTcg/cGSHf3W9KjhomsGq6vIy/83CmcEK7N+GfzlGnKb1szgWJVlXq95nrV1jy1kjvVk0Vha5ZPALjjvcPIPgcQUOMdqmwkrcCdVQwWvvQtbTZPEQtluanGusgeJJTZii+dUfhuJpVBfghdbjgUGF5pHc0fl74a4Uln86sj7qmREDGnuSqSuxUIorgnnYuErprTNHSnEW9AQTZUD1wC22aHNVDnb5LunvW1xa7IIQWyGYM/CSYGXqiCWqnEoF7VcLAzTumIGW6kGuGKtC6hKScnXrHJj9m6w4dZ4kCM3cnaPLLlSlbZRGNoR5asaXQg3v1lLLMyl3TNDWypK0WBXt4TI4MXw0EjFrbc1pa4PxeQmq+HGaSBizmbAcc7bOtmQ28qJtpUqS27rshqvnyRdtnuCJl42mmX70oIVeC7QZpyn8ad9DquIstKnurD3Cgby1eFFIqu1LKhZ342UtP8SK64stpSc4U7VYcKcd/xsnvjJ4MSHU5GZkbGzwoPdLinmdpi5i9yhWECfCtKeGpCal0bY4zdmjOYFQWsi4R+g2wJciZn+wSp7xslar/trX5cmDNqcik0/eMKz/U4RslOPlqU9flruzH5JRlQhC6zGcp9VtbibLI5lvZSGYPVUu1ZWR+nU5Pk+cgJ6ZVov+Bus3iqNHZiB4QQDhSZgVpA83tvwT4P3mGOaNinelq2qJ09faoleHlkNbU9UQolisSrrYjMIqqnHy3itcTUOfXtCnb3Txj3viZdK32izueaCCbZMdORa+nFt97DWE1zSdF4eyqyvKO8sjjPJHj+oT+t1AK799bllfoG3psIe2+1DP96fYT239xBkd/NyJctCe9JclVb255GBeCauSOB03avrMI/REYKGBnQ6Y8uJgvj+ht9Sju/mpwUvr36sZw33qJkDPqB8Emew/BLjw2Zgae7P8b/ONGAILn4N/MDuzuPLdF99/Ag+UL3D99Fp/A8=","Status":"OK"}
Note	Token on URL on curl request is url encoded version of token returned in "Create SAML Token"

DataObject REST API

REST API methods

Actions

Advisor Data

Analyze

API documentation

The API for api documentation generation.

Asset Data

An Asset Data object contains identification and location information about enterprise assets.

BackupCommand

Collection

The API calls to obtain collection statistics

Get Average EPS

Correlation

Associates a correlation event with the events that triggered the correlation event.

Data Collection

Data Collectors are objects that represent the various parts of a Sentinel system that monitor and report events that occur in the enterprise.

Data Sync

The API calls for data synchronization.

Distributed Search

The API calls for setting up distributed search.

EventDataSyncPolicyMetaData

Events

Events and related objects are the fundamental building block of Sentinel data.

Filters

The API calls to manage lucene filters

GlobalDataSyncMetaData

GlobalFilter

Identities

Identities, Accounts, and associated objects are information about people in the enterprise that is monitored by the Sentinel System. Sentinel can determine which incoming events are associated with people and establish a link between the event and the Identity data of one or more persons.