API

Scanner lets you turn your logs in S3 into an API, giving you the ability to execute ad hoc queries, create detection rules, and more.

API URL

To locate your team API URL, go to Settings > API Keys.

Authentication

Scanner uses API keys for authentication. To create an API key or to locate existing API keys, go to Settings > API Keys. API keys are secret, so be sure not to share them publicly.

Scanner will look for the API key in Authorization header after a Bearer prefix.

Authorization: Bearer <Scanner API Key>

For example, if here is how you would use curl to get a list of all of your detection rules using your team's API URL:

curl -G $API_BASE/v1/detection_rule \
--data-urlencode "tenant_id=00000000-0000-0000-0000-000000000001" \
-H "Authorization: Bearer $SCANNER_API_KEY" \
-H "Content-Type: application/json"

PreviousMITRE Tags NextAd hoc queries

Last updated 4 months ago

Was this helpful?