List The Security Events For An Organization
GET {{baseUrl}}/organizations/:organizationId/appliance/security/events
List the security events for an organization
Request Params
| Key | Datatype | Required | Description |
|---|---|---|---|
t0 | string | The beginning of the timespan for the data. Data is gathered after the specified t0 value. The maximum lookback period is 365 days from today. | |
t1 | string | The end of the timespan for the data. t1 can be a maximum of 365 days after t0. | |
timespan | string | The timespan for which the information will be fetched. If specifying timespan, do not specify parameters t0 and t1. The value must be in seconds and be less than or equal to 365 days. The default is 31 days. | |
perPage | string | The number of entries per page returned. Acceptable range is 3 - 1000. Default is 100. | |
startingAfter | string | A token used by the server to indicate the start of the page. Often this is a timestamp or an ID but it is not limited to those. This parameter should not be defined by client applications. The link for the first, last, prev, or next page in the HTTP Link header should define it. | |
endingBefore | string | A token used by the server to indicate the end of the page. Often this is a timestamp or an ID but it is not limited to those. This parameter should not be defined by client applications. The link for the first, last, prev, or next page in the HTTP Link header should define it. | |
sortOrder | string | Sorted order of security events based on event detection time. Order options are 'ascending' or 'descending'. Default is ascending order. |
HEADERS
| Key | Datatype | Required | Description |
|---|---|---|---|
X-Cisco-Meraki-API-Key | null |
RESPONSES
status: OK
[{"ts":"2020-03-20T16:00:10.144989Z","eventType":"File Scanned","clientName":"COMPUTER-M-V78J","clientMac":"10:dd:b1:eb:88:f8","clientIp":"192.168.128.2","srcIp":"192.168.128.2","destIp":"119.192.233.48","protocol":"http","uri":"http://www.favorite-icons.com/program/FavoriteIconsUninstall.exe","canonicalName":"PUA.Win.Dropper.Kraddare::1201","destinationPort":80,"fileHash":"3ec1b9a95fe62aa25fc959643a0f227b76d253094681934daaf628d3574b3463","fileType":"MS_EXE","fileSizeBytes":193688,"disposition":"Malicious","action":"Blocked"},{"ts":"2018-02-11T00:00:00.090210Z","eventType":"IDS Alert","deviceMac":"00:18:0a:01:02:03","clientMac":"A1:B2:C3:D4:E5:F6","srcIp":"1.2.3.4:34195","destIp":"10.20.30.40:80","protocol":"tcp/ip","priority":"2","classification":"4","blocked":true,"message":"SERVER-WEBAPP JBoss JMX console access attempt","signature":"1:21516:9","sigSource":"","ruleId":"meraki:intrusion/snort/GID/1/SID/26267"},{"ts":"2018-02-11T00:00:00.090210Z","eventType":"IDS Alert","deviceMac":"00:18:0a:01:02:03","clientMac":"A1:B2:C3:D4:E5:F6","srcIp":"1.2.3.4:56023","destIp":"10.20.30.40:80","protocol":"tcp/ip","priority":"1","classification":"33","blocked":true,"message":"POLICY-OTHER Adobe ColdFusion admin interface access attempt","signature":"1:25975:2","sigSource":"","ruleId":"meraki:intrusion/snort/GID/1/SID/26267"}]