-
Notifications
You must be signed in to change notification settings - Fork 1
Get and Process Events
This is a guide to explain how to get events and process through iland's API with PHP.
To follow along with this example run the following command:
git clone https://github.com/ilanddev/php-examples.git
And then cd
into the get-events
directory and follow along with the PHP file labeled get-events-example
.
To get events we are going to use the GET endpoint /events/
documented here.
We must pass a entityUuid
and entityType
. For this example we will be getting all the events of a Company so we have to pass a companyId
.
To get a company's id we will lazily get the first one from a user's inventory.
Read here to understand how to get a user's inventory.
After getting a company's id we can make a basic request with the following code:
uri_path = '%s/events?entityUuid=%s&entityType=%s';
return doRequest(sprintf($uri_path, BASE_API, $entity_uuid, $entity_type));
Where the entityUuid
is the company's id and the entityType
is COMPANY
. You can find all the entity type you can filter for in the documentation.
Looking at the documentation we can see that there are many event filters. In this example we'll be using the fields timestampBefore
, timestampAfter
and includeDescendantEvents
.
Note: Though the documentation implies that all the event filter fields are required only the entityType
and entityUuid
are actually required.
For this example we are going to continuously loop every minute and get the events for the past minute thus we need our timestamp fields need to reflect that we are getting the events for the past minute.
The following code is how you get the timestamps for the current time and the last minute:
$current_time = time();
$one_minute_ago = strtotime(date("Y-m-d H:i:s", $current_time) . " -60 second");
After getting those times we have to multiply them by 1000 since the timestamps must be in epoch time in milliseconds.
The other field I've included in the field is the includeDescendantEvents
which is a boolean that I set to true. This field allows us to get all the descendant events for whatever entity we pass. This is useful since we are interested in all of the events happening within the company.
So now that we have gotten events back from the API we know look to see how to process them. If you look at the documentation for the /events
endpoint we can see the fields for the events that we get back.
In this example we will filter the events by specific event types that we specify, for example the following code defines an array of vm event types:
$vm_event_types = array('vm_antimalware_event', 'vm_dpi_event', 'vm_firewall_event', 'vm_integrity_event',
'vm_log_inspection_event', 'vm_web_reputation_event');
When we get the events back we do a for each loop and process them by looking for the specified event types like this:
if (($event['entity_type'] == 'IAAS_VM' && in_array($event['type'], $vm_event_types))
If this is the event we are looking for we then print out some basic information about the event with this line of code:
echo sprintf('User %s initiated event %s for entity %s',
$event['initiated_by_username'], $event['type'], $event['entity_name']) . PHP_EOL;
To conclude note that all of this code is within a while loop that sleeps every 60 seconds, we then retrieve the past 60 seconds events and process them to see if they are the ones we are interested in.