Data Description
XTD SIEM API Integration Guide
The data available in the response:
| Field | Type | Description |
|---|---|---|
| id | string | Unique identifier for the detection record. Can be used for uniqueness filtering |
| riskLevel | LOW | SUSPICIOUS | HIGH | |
| spuid | Customer assigned identifier to the application instance. See VUIT integration docs | |
| detectedType | See OpenAPI document | |
| createdAt | ISO 8601 formatted date | |
| appId | Application package id | |
| aiid | UUID | |
| os | ANDROID | IOS | IPADOS | TVOS | |
| model | string | |
| geoip | Structure describing a location | |
| ip | IP address | Masked IP address of remote application instance |
| pagination | Object containing a single field ‘last’ | Used to poll data incrementally over time. Cursor into the position last retrieved |
JSON
{
"status" : "Ok",
"pagination" : {
"last" : "<cursor-value>"
},
"detections" : [
{
"id" : "<detection id>",
"riskLevel" : "HIGH",
"spuid" : "SP::acme-vuit",
"detectedType" : "OverlayDetected",
"createdAt" : "2024-05-21T16:33:16.504Z",
"appId" : "com.verimatrix.acme",
"aiid" : "726F93C5-EAB8-AEF8-293B-CD8BB388A81E",
"os" : "ANDROID",
"model" : "pixel 6",
"geoip" : {
"city" : "San Diego",
"continentName" : "North America",
"countryCode" : "US",
"countryName" : "United States",
"regionCode" : "US-CA",
"lat" : 32.7157,
"lng": 117.1611
},
"ip": "127.0.0.0"
}
]
}
Comma Separated Values
id,riskLevel,detectedType,createdAt,appId,aiid,spuid,os,model,geoip,ip
<detectionid>,HIGH,HookingDetected,2024-05-21T16:33:16.504Z,com.verimatrix.acme,726F93C5-EAB8-AEF8-293B-CD8BB388A81E,SP::acme-vuit,ANDROID,pixel6,San Diego North America US United States 32.7157 117.1611" +
Pagination Header
To maintain a valid CSV format of the returned payload, CSV response will in addition contain a special header, x-pagination-last-event, that signals the pagination last event. This is the same as 'pagination.last' property of the JSON response.
Updated about 20 hours ago