> For the complete documentation index, see [llms.txt](https://docs.onum.com/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://docs.onum.com/the-workspace/listeners/listener-integrations/pull-data-from-http-endpoints/collect-data-from-armis-centrix.md).
# Collect data from Armis Centrix
## Overview
Get a list of Armis Centrix audit events through the [Armis Centrix API](https://docs.query.ai/docs/armis-centrix) using the **HTTP Pull** Listener.
## HTTP Pull Listener configuration
### Parameters
Add the following parameter:
* **Name** - `domain`
* **Value** - Enter your Armis instance name.
### Secrets
You must define these credentials in Onum:
* `armis_key` will reference your Armis API key.
To do it, click **Add element** and enter a **Name** for the secret (in this case, `armis_key`). Then, click the **Value** field and select **New secret** to create a new one:
* Give the secret a **Name**.
* Turn off the **Expiration date** option.
* Click **Add new value** and paste the secret corresponding to the value.
* Click **Save**.
You can now select the secret you just created in the **Value** field list.
{% hint style="info" %}
Learn more about secrets in Onum in [this article](/administration/global-settings/organization-settings/secrets-management.md).
{% endhint %}
### Setup
After entering the required parameters and secrets, you can choose to manually enter the rest of configuration fields, or simply paste the given YAML:
{% tabs %}
{% tab title="Config as YAML" %}
Toggle this **ON** to enable a free text field where you can paste your **Tenable** YAML.
```yaml
withTemporalWindow: true
temporalWindow:
duration: 5m
offset: 5m
tz: UTC
format: "2006-01-02T15:04:05"
withAuthentication: true
authentication:
type: token
token:
request:
method: POST
url: ${parameters.domain}/api/v1/access_token/
headers:
- name: Content-Type
value: application/x-www-form-urlencoded
- name: Accept
value: application/json
bodyType: urlEncoded
bodyParams:
- name: secret_key
value: ${secrets.armis_key}
tokenPath: ".data.access_token"
authInjection:
in: header
name: Authorization
prefix: ''
suffix: ''
withEnumerationPhase: false
collectionPhase:
paginationType: offsetLimit
isZeroIndex: false
limit: 200
request:
responseType: json
method: GET
url: ${parameters.domain}/api/v1/search/
queryParams:
- name: aql
value: in:alerts after:${temporalWindow.from} before:${temporalWindow.to}
- name: from
value: ${pagination.offset}
- name: length
value: ${pagination.limit}
output:
select: ".data.results"
map: "."
outputMode: element
```
{% endtab %}
{% tab title="Manually configure" %}
**Temporal Window**
Toggle **ON** to add a temporal window for events. This repeatedly shifts the time window over which data is collected.
* **Duration** - `5m`
* **Offset** - `5m`
* **Format** - `RFC3339`
**Authentication**
Toggle **ON** and configure these parameters:
* **Type****\*** - `Token`
**Token Retrieve Based Authentication**
* **Request**
* **Method****\*** - `POST`
* **URL****\*** - `${parameters.domain}/api/v1/access_token/`
* **Headers**
* **Name** - `Content-Type`
* **Value** - `application/x-www-form-urlencoded`
* **Name** - `Accept`
* **Value** - `application/json`
* **Body Type****\***** -** `URLEncoded`
* **Body Params**
* **Name** - `secret_key`
* **Value** - `${secrets.armis_key}`
* **Token path****\*** - `.data.access_token`
* **Auth Injection**
* **In****\*** - `Header`
* **Name****\*** - `Authorization`
* **Prefix** - `''`
* **Suffix** - `''`
**Collection Phase**
* **Pagination Type****\*** - `Offset/Limit`
* **Zero Index****\*** - `false`
* **Limit****\*** - `200`
* **Request**
* **Response Type****\*** - `JSON`
* **Method****\*** - `GET`
* **URL****\*** - `${parameters.domain}/api/v1/search/`
* **Query Params**
* **Name** - `aql`
* **Value** - `in:alerts after:${temporalWindow.from} before:${temporalWindow.to}`
* **Name** - `from`
* **Value** - `${pagination.offset}`
* **Name** - `length`
* **Value** - `${pagination.limit}`
**Output**
* **Select****\*** - `.data.results`
* **Map** - `.`
* **Output Mode****\*** - `element`
{% endtab %}
{% endtabs %}
Click **Create labels** to move on to the next step and define the required [Labels](/the-workspace/listeners/labels.md) if needed.
---
# Agent Instructions
This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com.
## Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.
Perform an HTTP GET request on the current page URL with the `ask` query parameter:
```
GET https://docs.onum.com/the-workspace/listeners/listener-integrations/pull-data-from-http-endpoints/collect-data-from-armis-centrix.md?ask=
```
The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.
Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.