Security Information and Event Management API Debugging

This section provides details on the data object that reflects the API’s common response to error cases, and lists the API’s range of response status codes for both error and success cases.

To facilitate issue investigation and troubleshooting, make all the data returned in case of a failed response (which is any HTTP error code other than 200 OK) accessible to the SIEM administrator and users. When creating your SIEM connector, show error messages, relevant server IPs, and so on. At the very least, show the error code and error message in your connector user interface.

Error Responses

The SIEM API responds with JSON objects that adhere to the HTTP Problem Details specification. The following shows a sample rate-limiting error response:

  "type": "",
  "title": "Too many requests",
  "instance": ";GWJY-imjtGH-XXXXXXXXXX",
  "detail": "Too many requests made from clients of this account",
  "method": "GET",
  "serverIp": "",
  "clientIp": "",
  "requestId": "2eebd8",
  "requestTime": "2015-08-21T18:11:34Z"

HTTP Status Codes

The table below lists the full range of response codes the API may generate.

Code Description
200 The operation was successful. If there is no data for the requested criteria, the response may contain an empty array.
400 Bad Request. The response message states the cause, which could be missing mandatory API parameters or illegal parameter values.
403 The connecting client lacks permission to make the request.
404 At least one of the objects specified, such as a specified configId, does not exist.
429 You have exceeded the rate limit on requests.
500 Any other error. Response message states the specific reason.
503 The service on which this API depends is temporarily unavailable.

Last modified: 1/25/2018