Armis Centrix API

Toggle this ON to enable a free text field where you can paste your YAML.

Temporal Window

Toggle ON to add a temporal window for events. This repeatedly shifts the time window over which data is collected.

• Duration - 5 minutes (5m) as default, adjust based on your needs.

• Offset - initial offset should be 5m

• Format - 2006-01-02T15:04:05

Authentication Phase

Toggle ON to configure the authentication phase.

• Type* - token

• Token

  • Method* - POST

  • URL* -${parameters.domain}/api/v1/access_token/

  • Headers

    • Name - Content-Type

    • Value - application/x-www-form-urlencoded

    • Name - Accept

    • Value - application/json

  • Body Type - urlEncoded

  • Body Params

    • Name - secret_key

    • Value - ${secrets.armis_key}

• Token Path - .data.access_token

• Auth injection

  • In - header

  • Name - authorization

  • Prefix - ''

  • Suffix - ''

Enumeration Phase

OFF

Collection Phase

• Pagination Type* - offsetLimit

• Limit - 200

• Request

  • Method* - GET

  • URL* - ${parameters.domain}/api/v1/search/

  • Query Params -

    • Name - aql

    • Value - in:alerts after:${temporalWindow.from} before:${temporalWindow.to}

    • Name - from

    • Value - ${pagination.offset}

    • Name - length value

    • Value - ${pagination.limit}

• Output

  • Select - .data.results

  • Map - .

  • Output Mode - element