Alert API
The Alert API allows to set alerts on our platform. These alerts will execute search queries using the ONYPHE Query Language (OQL). You can pass as many search filters as you wish, the syntax is always FILTER:VALUE. More details in the ONYPHE Query Language chapter.
Alerts will be triggered every day on the previous day of data. Thus, every day, you may received on alert regarding an event that has been detected the day before.
There are 3 available endpoints:
- /alert/list: fetch your currently set alert;
- /alert/add: add a new alert;
- /alert/del: delete a stored alert.
Using curl: adding an alert
You can use curl in the following way to call the Alert API:
curl -H 'Content-Type: application/json' -H 'Authorization: bearer YOUR_APIKEY' -XPOST 'https://www.onyphe.io/api/v2/alert/add' -d '{ "name":"My alert","query":"category:vulnscan domain:google.com -exists:cve","email":"destination@example.com","threshold":">0" }'
Output:
{"count":0,"error":0,"myip":"<redacted>","status":"ok","text":"Success","took":0,"total":0}
Using curl: listing alerts
You can use curl in the following way to call the Alert API:
curl -H 'Content-Type: application/json' -H 'Authorization: bearer YOUR_APIKEY' -XGET 'https://www.onyphe.io/api/v2/alert/list'
Output:
{
"count": 1,
"error": 0,
"myip": "<redacted>",
"results": [
{
"email": "destination@example.com",
"id": 0,
"name": "My alert",
"query": "category:vulnscan domain:google.com -exists:cve -dayago:1",
"threshold": ">0"
}
],
"status": "ok",
"text": "Success",
"took": "0.000",
"total": 1
}
Using curl: deleting an alert
You can use curl in the following way to call the Alert API:
curl -H 'Content-Type: application/json' -H 'Authorization: bearer YOUR_APIKEY' -XPOST 'https://www.onyphe.io/api/v2/alert/del/0'
Output:
{"count":0,"error":0,"myip":"<redacted>","status":"ok","text":"Success","took":0,"total":0}