Update security event

This method updates the status of a security event to open or closed

URL

  • Make sure there are no spaces in the URL.

  • The following characters are not supported in URL values: + & %

  • If the URL includes a dot (.), add a forward slash (/) at the end of the URL. For example: api/Safes/MySafe/Members/user@cyber.com/

 

 

 
https://<IIS_Server_Ip>/PasswordVault/API/pta/API/Events/<security event id>

The following values can be added in the URL. None of them are mandatory.

Resource information

HTTP method

PATCH

Content type

application/json

Header parameter

Parameter

Authorization

Type

String

Description

The JWT token that identifies the session.

Valid values

A session token that was returned from the “Logon” method.

Body parameters

  
{
	"mStatus": "OPEN"
}

Parameter

mStatus

Type

Enum

Description

The new status of the event

Valid values

open or closed

Result

  
{
	"id": "444445e56bbb0b0a063f4444",
	"type": "PSMSuspiciousActivity",
	"score": 70,
	"createTime": 1586134861000,
	"lastUpdateTime": 1586134861000,
	"audits": [
		{
			"id": "5e3045e56bbb0b0a063fbbbb",
			"type": "PSM_SSH_COMMAND",
			"sensorType": "VAULT",
			"action": "PSM Command",
			"psmCommand": "bla",
			"createTime": 1586134861000,
			"vaultUser": "vuser",
			"account": {
				"accountAsStr": "hi2@example.cyber-ark.co.il",
				"type": "LOCAL_UNIX",
				"account": {
					"mTarget": {
						"mOriginalAddress": "10.1.8.182",
						"mResolvedAddress": {
							"mOriginalAddress": "10.1.8.182",
							"mAddress": "10.1.8.182",
							"mHostName": "cyber",
							"mFqdn": "example.cyber-ark.co.il"
						}
					},
					"mUser": "hi2"
				}
			},
			"source": {
				"mOriginalAddress": "1.1.1.1"
			},
			"target": {
				"mOriginalAddress": "10.1.8.182",
				"mResolvedAddress": {
					"mOriginalAddress": "10.1.8.182",
					"mAddress": "10.1.8.182",
					"mHostName": "cyber",
					"mFqdn": "example.cyber-ark.co.il"
				}
			},
			"cloudData": {}
		}
	],
	"additionalData": {
		"matchPatterns": "kill(.*)"
	},
	"mStatus": "CLOSED"
}

Parameter

id

Type

String

Description

Event ID

Parameter

type

Type

String

Description

Event type

Parameter

score

Type

Integer

Description

Event score

Parameter

createTime

Type

Double

Description

The creation date of the event (represented in seconds)

Parameter

lastUpdateTime

Type

Double

Description

The last time the event was updated (represented in seconds)

Parameter

audits

Type

Array

Description

Array of audits for the event

audits

Parameter

id

Type

String

Description

Audit ID

Parameter

type

Type

String

Description

Audit type

Parameter

sensorType

Type

String

Description

The type of the sensor that sent the audit

Parameter

action

Type

String

Description

The action of the audit. For example, Vault retrieve password, Vault logon, PSM suspicious activity, and so on

Parameter

psmCommand

Type

String

Description

The suspicious activity

Parameter

createTime

Type

Double

Description

The creation date of the audit

Parameter

vaultUser

Type

String

Description

The Vault user who triggered the session

Parameter

account

Type

 

Description

The account used in the session

account

Parameter

accountAsStr

Type

String

Description

String representation of the account used in the session

Parameter

type

Description

String

Description

Account type

Parameter

account

Type

  

Description

 Detailed account information

Parameter

mtarget

Type

String

Description

Detailed target account information

mtarget

Parameter

mOriginalAddress

Type

String

Description

The original address of the target machine

Parameter

mResolvedAddress

Type

 

Description

The resolved address obof the target machineject

mResolvedAddress

Parameter

mAddress

Type

String

Description

The address of the target machine

Parameter

mHostName

Type

String

Description

The host name of the target machine

Parameter

mFqdn

Type

String

Description

The Fqdn of the target machine

account

Parameter

source

Type

String

Description

The source of the audit

source

Parameter

mOriginalAddress

Type

String

Description

The original address that was sent as a source

Parameter

mResolvedAddress

Type

 

Description

The resolved address object

mResolvedAddress

Parameter

mAddress

Type

String

Description

The original address

Parameter

mHostName

Type

String

Description

The host name representation of the source address

Parameter

mFqdn

Type

String

Description

The Fqdn representation of the source address

account

Parameter

target

Type

String

Description

The target address of the audit

target

Parameter

mOriginalAddress

Type

String

Description

The original target address of the audit

Parameter

mResolvedAddress

Type

 

Description

The resolved target address as an object

mResolvedAddress

Parameter

mAddress

Type

String

Description

The original target address

Parameter

mHostName

Type

String

Description

The host name of the target address

Parameter

mFqdn

Type

String

Description

The Fqdn representation of the target address

additionalData

Parameter

mitigationAction

Type

String

Description

The mitigation action of the session, either terminate or suspend

Parameter

sessionIsLive

Type

String

Description

True or false indicator of whether the session is live

Parameter

matchPatterns

Type

String

Description

The matching patterns of the suspicious activity audit

Parameter

sessionIDs

Type

Array of strings

Description

The session ID

Parameter

mStatus

Type

String

Description

The status of the security event (open or closed)