2 Replies Latest reply on Jan 20, 2016 11:21 AM by itgfcsys

    ESM API Question

    pfabrizi

      I am able to get my case details but the detail is limited to a few fields lile ID, summary, eventid. I was looking to see if it is possible to retrieve details of the source event?

       

      I am on version 9.4.2 and using C#

       

      Thank You!

        • 1. Re: ESM API Question
          Peter M

          Moved to SIEM for better handling.

          ---

          Peter

          Moderator

          • 2. Re: ESM API Question
            itgfcsys

            pfabrizi

            Some of these may help you

             

            - <esmCommand name="qryGetCorrEventDataForID">

              <description>Get the source events and flows for a
            given correlated event ID
            </description>

              </esmCommand>

             

             

            - <esmCommand name="qryGetFilterFields">

              <description>Get all fields that can be used in
            query filters, with type information for each field.
            </description>

              </esmCommand>

             

              - <esmCommand name="qryGetResults">

              <description>Get the results for a query.</description>

              </esmCommand>

             

            - <esmCommand name="qryGetSelectFields">

              <description>Get the fields available for selecting
            in queries. The groupType can be used to filter the fields to only ones that
            can be used to group results in a particular way. For example, if you want all
            fields that can be grouped to count the number of events per group, the
            groupType should be COUNT. If not provided, it is equivalent to passing
            NO_GROUP which returns all available select fields regardless of whether they
            can be used in grouped queries. This is useful for getting available fields for
            detail queries. (qryExecuteDetail)
            </description>

              </esmCommand>