6. REST API Examples

6.1. Authentication

6.1.1. LOGIN

To authenticate with the HAWK SIEM, you must do the following:

curl -X POST --data "username=<USERNAME>&password=<PASSWORD>" --cookie-jar hawk_cookies.txt https://<hawk-server>:8080/API/1.1/login

This will save your session ID to a cookie file, which must be referenced in each subsquent reqeust.

6.1.2. LOGOUT

To expire your session with the HAWK SIEM, you must do the following:

curl -X GET --cookie-jar hawk_cookies.txt https://<hawk-server>:8080/API/1.1/logout

This will expire your saved session ID.

6.2. Retrieving Event Data.

To retrive a list of events:

curl -X POST --data 'column[]=priority&column[]=alert_name&column[]=hour date_added&column[]=minute date_added&column[]=date_added&column[]=ip_src&column[]=count ip_src&group_by=date_added_hour,date_added_minute,ip_src&where[]=priority %3d (1 or 2 or 3)&where[]=alert_name %3d ("RFC" or "Attempted Authentication")&order_by=date_added,ip_src_count&limit=25&begin=2014-06-17 12:15:23&end=2014-06-18 12:15:00' --cookie hawk_cookies.txt https://<hawk-server>:8080/API/1.1/search/events