In order to make requests into the event and alert APIs, you have to generate an API key, which you use to generate a token, and then you can setup any kind of integration that you would like to make authenticated requests into the Blu Event and Alert APIS.
Generate an Auth Token
Create an API key by navigating to Settings > API Keys
Enter a name for the key
Select
Integration
from the drop downSelect
Generate Key
Save the JSON/CSV file to your desktop
Open the JSON/CSV file and copy the value of the token
{ "api_keys": { "https://mycompany.blubracket.com": { "id": "BLU-a492144b-f118-4598-991e-f1d4d6209edf", "key": "TofsB.....EqwGg", "token": "QkxVL....xd0dn" } } }
With that token, you can make requests directly into the Event and Alert search APIz. You will need to set the
Authorization
header and use the provided token asBearer
token.Here are some examples using curl.
curl -H "Authorization: Bearer TOKEN_FROM_STEP_2" --data '{"filters":[]}' https://mycompany.blubracket.com/api/public/event/search curl -H "Authorization: Bearer TOKEN_FROM_STEP_2" --data '{"filters":[]}' https://mycompany.blubracket.com/api/public/alert/search
Note: As per ISO 8601, date formatting requires either the Z or the +00:00 be supplied at the end. This is required to determine that the datetime is in the UTC timezone.
Example python code is shown below:
from datetime import datetime, timezone
datetime.now(timezone.utc).isoformat()
Example Output
'2021-07-20T23:45:06.342716+00:00'
Alert/Event API Reference Material
Alerts
Resource | Parameters | Response | ||
---|---|---|---|---|
Name | Description | Code | Response | |
Search alerts using filters over attributes | body | One or more filters Example: { "filters":[ { "id":"alert_type", "value":["REPO_SCAN_MATCH"], "exact_match":true }, { "id":"repo_type", "value":["ENTERPRISE_PUBLIC","PUBLIC"], "exact_match":true }, { "id":"state", "value":["ACTIVE"], "exact_match":true } ] } | 200 | Number of alerts |
| body | One or more filters, optional Example 1: { "filters":[ { "id":"alert_type", "value":["REPO_SCAN_MATCH"], "exact_match":true }, { "id":"repo_type", "value":["ENTERPRISE_PRIVATE", "ENTERPRISE_PUBLIC"], "exact_match":true }, { "id":"state", "value":["ACTIVE"], "exact_match":true }, { "id":"created", "value":["2020-08-23T00:01:01.123Z"], "op": "GE", "exact_match":true }, { "id":"created", "value":["2020-12-23T23:21:46.999Z"], "op": "LE", "exact_match":true } ], "orderBy": "alert_id", "limit": 1000, "page": 1 } Example 2: with group by { "filters":[ { "id":"alert_type", "value":["REPO_SCAN_MATCH"], "exact_match":true }, { "id":"repo_type", "value":["ENTERPRISE_PUBLIC","PUBLIC"], "exact_match":true }, { "id":"state", "value":["ACTIVE"], "exact_match":true } ], "groupBy":"url" } | 200 | Example { "alerts": [ { "alert_id": "ea076e86-1400-4c57-92e6-0c9eca57419a", "last_updated": "2021-03-02T04:10:41.398634+00:00", "state": "ACTIVE", "url": "git://github.com/acmeorg/agentosx.git", "developer_id": "2fa5555e-36e5-4d7f-a79c-03fea9c9656b", "created": "2020-11-03T18:43:46.218665+00:00", "alert_type": "REPO_SCAN_MATCH", "sub_type": "discord_client_secret", "tenant_name": "acme", "commit_id": "355d54b1fbc76cb35a29446f66632ad09ad76252", "developer_name": "johndoe <59456239+johndoe@users.noreply.github.com>", "tenant_id": "892c6ffc-2217-4eb4-794f-05b0d20dd0cb", "details": { "files": [ { "path": "Pac-Code.txt", "line_secrets": [ { "cols": [ 17, 49 ], "line": 28, "line_hash": "4dc0b223-6baf-6b5a-1e30-0b4d80b157c5", "description": "Discord client secret", "secret_hash": "749d5007-1752-44f0-9adf-fd620f3883bb", "secret_type": "discord_client_secret", "textual_context": "disCORD_secret= \"***\"" } ], "metadata_secrets": [] } ], "deep_link_url": "https://github.com/acmeorg/agentosx/blob/355d54b1fbc76cb35a29446f66632ad09ad76252/Pac-Code.txt#L28" } } ] } |
Update state of one or more alerts | body | {"alerts": [ { "alert_id": "31df52c4-62ef-45db-b2fc-4ab22a6d29b9", "state": "FALSE_POSITIVE" }, { "alert_id": "fed89523-ddc4-4ede-834e-29ec1eeb5762", "state": "RESOLVED" }, { "alert_id": "3974dff7-6e94-449c-bdee-c67024e059da", "state": "NOT_IMPORTANT" }, { "alert_id": "ed89523-ddc4-4ede-834e-29ec1eeb5762", "state": "ACTIVE" } ]} | 200 |
Events
RESOURCE | Parameters | Response | ||
---|---|---|---|---|
Name | Description | Code | Description | |
Search events using filters over attributes and return count. The handler returns the count for each secret type when: | body | One or filters { "countAttr": "string", "filters": [ { "exact_match": false, "id": "string", "value": [ "string" ] } ], "groupBy": "string", "limit": 0, "orderBy": "string", "page": 0 } | 200 | Integer value as JSON |
| body | One or more filters, optional { "countAttr": "string", "filters": [ { "exact_match": false, "id": "string", "value": [ "string" ] } ], "groupBy": "string", "limit": 0, "orderBy": "string", "page": 0 } | 200 | Example { "events": [ { "client_hash": "string", "client_ip": "string", "client_os": "string", "created": "2020-03-03T00:25:17.453Z", "details": "string", "developer_id": "string", "developer_name": "string", "local_path": "string", "source_name": "string", "source_type": "string", "time_generated": "2020-03-03T00:25:17.453Z", "url": "string", "user_name": "string" } ] } |
Comments
0 comments
Please sign in to leave a comment.