C2

c2_ip_connection_aggregated

Request method: GET/POST

Description: Returns a list of C2 IPs in the system.

Additional payloads: Supports the Unified API query parameters through both the GET and POST HTTP methods. This endpoint also supports quick searching for C2 events by IP when using the POST method, by using "q":"<ip"> instead of the aq parameter of the Unified API Query: POST /c2_ip_connection_aggregated?apikey=API_KEY HTTP/1.1 Host: 192.168.1.127 Content-Type: application/json {"q": "192.168.1.1"}

Output: data: {src_ip, dest_ip, count, time_stamp, scr_ip_country, dest_ip_country}; extraPKValues; positionInTable: {offset}

Response codes: 200 OK - List of Files are returned

c2_ip_connection

Request method: GET/POST

Description: Returns a more detailed list of C2 IPs in the system.

Additional payloads: Supports the Unified API query parameters through both the GET and POST HTTP methods.

Output: data: {id, ip, time_stamp, src_port, dest_ip, dest_port, details, src_ip_country, dest_ip_country, workflow, workflow_id, workflow_owner, workflow_mtime}; extraPKValues; positionInTable: {offset}

Response codes:200 OK - List of C2 DNS events are returned

c2_dns_connection_aggregated

Request method: GET/POST

Description: Returns a list of C2 DNS connections in the system.

Additional payloads: Supports the Unified API query parameters through both the GET and POST HTTP methods. This endpoint also supports quick searching for C2 events by IP when using the POST method, by using "q":"<ip>" or "q":"<domain>" instead of the aq parameter of the Unified API Query

Output: data: {src_ip, dest_ip, count, time_stamp, scr_ip_country, dest_ip_country}; extraPKValues; positionInTable: {offset}

Response codes: 200 OK - List of C2 DNS events are returned

c2_dns_connection

Request method: GET/POST

Description: Returns a list of more detailed C2 DNS connections in the system.

Additional payloads: Supports the Unified API query parameters through both the GET and POST HTTP methods. This endpoint also supports quick searching for C2 events by IP when using the POST method, by using "q":"<ip>" or "q":"<domain>" instead of the aq parameter of the Unified API Query

Output: data: {src_ip, dest_ip, count, time_stamp, scr_ip_country, dest_ip_country}; extraPKValues; positionInTable: {offset}

Response codes: 200 OK - List of C2 DNS events are returned

Type to search, ESC to discard
Type to search, ESC to discard
Type to search, ESC to discard
Next to read:
Files
On This Page
C2c2_ip_connection_aggregatedc2_ip_connectionc2_dns_connection_aggregatedc2_dns_connection