Contents x
    Set Output
    • 20 Jun 2024
    • 1 Minute to read
    • Contributors
    • Print
    • Dark
      Light
    Contents

    Set Output

    • Updated on 20 Jun 2024
    • 1 Minute to read
    • Contributors
    • Print
    • Dark
      Light
    Article summary

    Post
    /outputs/{oid}

    Enable a specific output module for an organization.

    Security
    HTTP
    Type bearer
    Path parameters
    oid
    stringRequired

    organization id

    Query parameters
    module
    string

    output module name to enable

    type
    string

    data type for output

    name
    string

    what to name this output

    inv_id
    string

    if specified, only events part of this investigation id will be sent to this output

    tag
    string

    if specified, only events coming from sensors with the specific tag will be sent to this output

    cat
    string

    if specified, only detections in this category will be sent to this output

    is_flat
    string

    if the json should be flattened (true, false)

    is_compression
    string

    if data should be sent compressed (true, false)

    dir
    string

    directory for output

    max_bytes
    string

    max size in bytes before rotation

    backup_count
    string

    maximum number of output in rotation

    bucket
    string

    name of the bucket for output

    key_id
    string

    public key id for auth

    sec_per_file
    string

    seconds per output files

    dest_host
    string

    destination host for output

    username
    string

    username for auth

    slack_channel
    string

    slack channel to output to

    is_tls
    string

    whether connection should be secured over tls (true, false)

    is_no_header
    string

    whether protocol header should be sent before the data (true, false)

    is_delete_on_failure
    string

    if enabled, the output will be deleted as soon as a connection error occurs (true, false)

    event_white_list
    string

    whitelist of event types to allow

    event_black_list
    string

    blacklist of event types to disallow

    cat_black_list
    string

    blacklist of categories to disallow

    routing_topic
    string

    topic to publish on from the routing of then event

    literal_topic
    string

    literal topic to publish on

    is_no_routing
    string

    if true, do not include event routing, acts as an event pass-through

    sample_rate
    string

    sample events out as 1/sample_rate

    is_payload_as_string
    string

    include the event as a JSON string instead of a JSON object

    is_prefix_data
    string

    encapsulate the data inside a JSON object with a key equal to the event type

    Body parameters
    object
    custom_transform
    string

    custom transform expression

    structured_data
    string

    structured data expression

    password
    string

    password for auth

    slack_api_token
    string

    slack api token

    secret_key
    string

    secret key for auth

    Responses
    200

    successful operation

    401

    Access token is missing or invalid

    Was this article helpful?
    What's Next