# Reputation logs Get a list of all Reputation logs in Guardicore. ## Configuration ### Parameters * `parameters.domain` will store the value of the API URL, excluding the endpoint paths like `/v1/cp/oauth/token` or `/v1/cp/alerts` ### Secrets * Username (`username`) * Password (`password`) Open the **Secret** fields and click **New secret** to create a new one: * Give the secret a **Name**. * Turn off the **Expiration date** option. * Click **Add new value** and paste the secret corresponding to the value. * Click **Save**.

{% hint style="info" %} Learn more about secrets in Onum in [this article](https://docs.onum.com/administration/global-settings/organization-settings/secrets-management). {% endhint %} You can now select the secret you just created in the corresponding fields. After entering the required parameters and secrets, you can choose to manually enter the Falcon API **Alerts** fields, or simply paste the given YAML: {% tabs %} {% tab title="Config as YAML" %} Toggle this **ON** to enable a free text field where you can paste your **CrowdStrike Falcon API** YAML. ```yaml withTemporalWindow: true temporalWindow: duration: 5m offset: 5m tz: UTC format: EpochMillis withAuthentication: true authentication: type: token token: request: method: POST url: https://${parameters.domain}/api/v3.0/authenticate headers: - name: Content-Type value: application/json bodyType: raw bodyRaw: | { "username": "${secrets.username}", "password": "${secrets.password}" } tokenPath: ".access_token" authInjection: in: header name: Authorization prefix: 'Bearer ' suffix: '' withEnumerationPhase: false collectionPhase: paginationType: offsetLimit limit: 1000 isZeroIndex: true request: responseType: json method: GET url: https://${parameters.domain}/api/v3.0/reputation-log queryParams: - name: from_time value: ${temporalWindow.from} - name: to_time value: ${temporalWindow.to} - name: offset value: ${pagination.offset} - name: limit value: ${pagination.limit} output: select: ".objects" map: "." outputMode: element ``` {% endtab %} {% tab title="Manually configure" %} **Temporal Window** Toggle **ON** to add a temporal window for events. This repeatedly shifts the time window over which data is collected. * **Duration -** 5 minutes (`5m`) as default, adjust based on your needs. * **Offset -** `5m` * **Format** - `EpochMillis` **Authentication Phase** Toggle **ON** to configure the authentication phase. This is required to get the token to pull data using **OAuth**. * **Type****\***** -** `token` * **Request Method****\***** -** `POST` * **URL****\***** -** `https://${parameters.domain}/api/v3.0/authenticate` * **Headers** * **Name** - `Content-type` * **Value** - `application/json` * **BodyType****\*** - `raw` * **Body Raw -** `|`\ `{`\ `"username": "${secrets.username}",`\ `"password": "${secrets.password}"`\ `}` * **Token Path****\*** - `.access_token` * **Auth Injection** * **In****\*** - `header` * **Name****\*** - `authorization` * **Prefix** - `Bearer` * **Suffix** - `''` **Enumeration Phase** **OFF** **Collection Phase** * **Pagination Type****\***** -** `offsetLimit` * **Limit -** `1000` * **Zero Index -** `true` * **Request** * **Method****\***** -** `GET` * **URL****\***** -** `https://${parameters.domain}/api/v3.0/reputation-log` * **Query Params -** * **Name** - `from_time` * **Value -** `${temporalWindow.from}` * **Name** - `to_time` * **Value -** `${temporalWindow.to}` * **Name** - `offset` * **Value -** `${pagination.offset}` * **Name** - `limit` * **Value -** `${pagination.limit}` * **Output** * **Select -** `.objects` * **Map -** `.` * **Output Mode** - `element` {% endtab %} {% endtabs %} This HTTP Pull Listener now uses the data export API to extract events. Click **Create labels** to move on to the next step and define the required [Labels](https://docs.onum.com/the-workspace/listeners/labels) if needed.