cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted

Full list of programmable API for ESM suite? (there is one for Watchlists)

Has anyone obtained documentation on API for ESM appliances (esm, elm, rec)?

The documentation mentions one for watchlists and I obtained further documentation on it from support.

I am wondering if there are API for other parts of the suite, the kind that you get only by asking

And has anyone here used the Watchlist API? How did you use it in terms of new functionality? I am thinking of using it to automically add data from our other feeds.

2 Replies
McAfee Employee anthony_hardin
McAfee Employee
Report Inappropriate Content
Message 2 of 3

Re: Full list of programmable API for ESM suite? (there is one for Watchlists)

There is currently no other supported API for the McAfee SIEM. Support does have a example perl script and some documentation. Perhaps that is the documentation you are referring too but if not please contact support and request that information.

yugbe
Level 7
Report Inappropriate Content
Message 3 of 3

Re: Full list of programmable API for ESM suite? (there is one for Watchlists)

To see the full API List avaiable at this time, simply utilize your local SIEM to report it using the following.

https://[IPofYourSIEM]/rs/esm/help/commands

This will give you the full list for your version.

Here is the output from our SIEM which is runnig 9.5

 

alarmAcknowledgeTriggeredAlarm

Mark a triggered alarm as acknowledged

alarmDeleteTriggeredAlarm

Delete a triggered alarm

alarmGetTriggeredAlarms

Retrieves a list of all alarms that have been triggered, if no user specified, the current user will be used.

alarmGetTriggeredAlarmsPaged

Retrieves a paged list of alarms that have been triggered, if no user specified, the current user will be used.

alarmGetUnacknowledgedTriggeredAlarms

Retrieves a list of alarms that have been triggered and have not been acknowledged

alarmUnacknowledgeTriggeredAlarm

Mark a triggered alarm as unacknowledged

caseAddCase

Add a case to the system.

caseEditCase

Edit an existing case.

caseGetCaseDetail

Get detail on an existing case.

caseGetCaseList

Get a list of cases from the system

caseGetCaseStatusList

Get a list of valid case statuses from the system

devGetDeviceList

Get a list of all devices defined in the system.

dsAddDataSource

Add a data source.

dsAddDataSourceList

Add a list of data sources.

dsDeleteDataSource

Delete a data source.

dsEditDataSource

Edit a data source's properties.

dsGetDataSourceDetail

Get the details for a specifc data sources.

dsGetDataSourceList

Get a list of defined data sources.

dsGetDataSourceTypes

Get all data source types.

dsGetUserDefinedDataSources

Get user defined data sources.

dsSetUserDefinedDataSources

Set user defined data sources.

essmgtESSReboot

Reboots the ESM Device

essmgtESSRestart

Restarts the services on the ESM Device

essmgtGetESSTime

Get the system time of the ESM Device

geoGetGeoLocRegionList

Get the top level geo locations

geoGetGeoLocs

Get geo locations within the given location

getVersion

Get the version information for this ESM

grpGetDeviceTree

Gets the basic device tree structure with only basic properties loaded. Each entry in the returned list is a root node in the tree.

grpGetDeviceTreeEx

This version of the call returns more detail per device than getDeviceList, wrapped in an esmDeviceList object.

plcyGetPolicyList

Get the list of all policies defined in the ESM.

plcyGetVariableList

Get all variables defined in the system

qryClose

Closes the query results, must be called after a query's results have been processed. If no exception is thrown, the close operation completed normally.

qryExecuteDetail

Execute a standard detail (non-grouped) query.

qryExecuteGrouped

Execute a grouped query on a field.

qryGetCorrEventDataForID

Get the source events and flows for a given correlated event ID

qryGetFilterFields

Get all fields that can be used in query filters, with type information for each field.

qryGetResults

Get the results for a query.

qryGetSelectFields

Get the fields available for selecting in queries. The groupType can be used to filter the fields to only ones that can be used to group results in a particular way. For example, if you want all fields that can be grouped to count the number of events per group, the groupType should be COUNT. If not provided, it is equivalent to passing NO_GROUP which returns all available select fields regardless of whether they can be used in grouped queries. This is useful for getting available fields for detail queries. (qryExecuteDetail)

qryGetStatus

Get the status for a query that has been executed.

sysAddWatchlist

Add a watchlist to the system.

sysAddWatchlistValues

Add values to a watchlist. This call is not supported for hidden watchlists, for example GTI.

sysEditWatchlist

Edit properties of a watchlist. (Watchlist Type will not be modified) This call is not supported for hidden watchlists, for example GTI.

sysGetWatchlistDetails

Get detailed information about a watchlist.

sysGetWatchlistFields

Get watchlist fields/types.

sysGetWatchlists

Return basic information on all watchlists in the system

sysGetWatchlistValues

Read the content of a watchlist value file. Note that the EsmFileData object will contain information on how many bytes were read, as well as the total size of the file. The size of the data returned may be less than count, depending on the amount of file data available. Note that the watchlist file property on EsmWatchlistDetails is used as a parameter to this call. The file will contain the values as they existed when the call to sysGetWatchlistDetails was made. If subsequent changes were made to the watchlist after getting the details, another EsmWatchlistDetails object should be obtained by calling sysGetWatchlistDetails before using its EsmWatchlistFile object to retrieve the updated list of watchlist values. This call is not supported for hidden watchlists, for example GTI.

sysRemoveWatchlist

Remove a watchlist from the system. This call is not supported for hidden watchlists, for example GTI.

sysRemoveWatchlistValues

Remove values from a watchlist. This call is not supported for hidden watchlists, for example GTI.

userAddAccessGroup

Add an access group

userAddUser

Add a user to the system.

userDeleteAccessGroup

Delete an access group.

userDeleteUser

Delete a user from the system.

userEditAccessGroup

Edit properties of an access group.

userEditUser

Used by the master user to update information about another user.

userGetAccessGroupDetail

Get extended information about an access group.

userGetAccessGroupList

Get all user access groups defined in the system.

userGetRightsList

Get all rights defined in the system.

userGetTimeZones

Get a list of timezones this system recognizes

userGetUserList

Get a list of all users.

userGetUserRights

Get all rights defined for the current user.

userLogin

Log into the SIEM with the given username and password.

userLogout

Log the user out of their SIEM session

zoneAddSubZone

Add a new subzone under a zone

zoneAddZone

Create a new zone.

zoneDeleteSubZone

Delete the sub zone

zoneDeleteZone

Delete the zone

zoneEditSubZone

Edit the given sub zone. Note that ID must be set to an existing sub zone for this to work properly. The ID value will be set if the zone was gotten from zoneGetSubZone().

zoneEditZone

Edit the given zone. Note that ID must be set to an existing zone for this to work properly. The ID value will be set if the zone was gotten from zoneGetZone().

zoneGetSubZone

Get detailed information on a sub zone

zoneGetZone

Get extended detail on a zone.

zoneGetZoneTree

Get the full tree of zones defined in the ESM.

More McAfee Tools to Help You
  • Subscription Service Notification (SNS)
  • How-to: Endpoint Removal Tool
  • Support: Endpoint Security
  • eSupport: Policy Orchestrator
  • Community Help Hub

      New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

    • Find Forum FAQs
    • Learn How to Earn Badges
    • Ask for Help
    Go to Community Help

    Join the Community

      Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

    • Get helpful solutions from McAfee experts.
    • Stay connected to product conversations that matter to you.
    • Participate in product groups led by McAfee employees.
    Join the Community
    Join the Community