REST API Examples
------------------

Authentication
""""""""""""""

LOGIN
+++++

To authenticate with the HAWK SIEM, you must do the following:

.. code::

 curl -X POST --data "username=<USERNAME>&password=<PASSWORD>" --cookie-jar hawk_cookies.txt https://<hawk-server>:8080/API/1.1/login

This will save your session ID to a cookie file, which must be referenced in each subsquent reqeust. 


LOGOUT
++++++

To expire your session with the HAWK SIEM, you must do the following:

.. code::

 curl -X GET --cookie-jar hawk_cookies.txt https://<hawk-server>:8080/API/1.1/logout

This will expire your saved session ID.


Retrieving Event Data.
""""""""""""""""""""""

To retrive a list of events:

.. code::
 
 curl -X POST --data 'column[]=priority&column[]=alert_name&column[]=hour date_added&column[]=minute date_added&column[]=date_added&column[]=ip_src&column[]=count ip_src&group_by=date_added_hour,date_added_minute,ip_src&where[]=priority %3d (1 or 2 or 3)&where[]=alert_name %3d ("RFC" or "Attempted Authentication")&order_by=date_added,ip_src_count&limit=25&begin=2014-06-17 12:15:23&end=2014-06-18 12:15:00' --cookie hawk_cookies.txt https://<hawk-server>:8080/API/1.1/search/events