Incident Reporting Feed

The AppArmor Incident Reporting Feed allows you to pull down Incident Report data from your AppArmor Dashboard. The Feed can be used by qualified developers to create integrations between third party systems and the AppArmor platform.

Please note that the API must be used by a qualified developer. AppArmor does not provide software development training, nor does our team know the details of implementing the API in all programming environments. Our support team is able to provide general support and troubleshooting help for the API, but they will be unable to assist with the unique implementation details of your systems.

API Key

Access to the Feed requires a unique “API Key” provided by AppArmor. The API Key is a randomized string of text that is used as a parameter to all requests. Please contact AppArmor Support, or your AppArmor representative for information about licensing and obtaining an API Key.

Accessing the Feed

Each client has a unique hostname associated with their AppArmor Dashboard account. The Incident Reporting Feed is accessed by appending the path “/IncidentReporting/Feed/” and the “[KEY]” parameter to the Dashboard url. For instance, if your AppArmor Dashboard URL is clientname.apparmor.com, and your API key is “abcd-1234-abcd-1234” then the API can be accessed at the following URL:

https://clientname.apparmor.com/IncidentReporting/Feed/?[KEY]=abcd-1234-abcd-1234

Data Format

By default, the feed will show a table of the reports, but you can adjust the format of the feed by specifying the [format] attribute to one of "CSV", "XML", "JSON".  Here's an example:

https://clientname.apparmor.com/IncidentReporting/Feed/?[KEY]=abcd-1234-abcd-1234&[format]=XML

Date Range

Similarly, you can adjust the number of days that is shown in the feed by adding the [days] parameter. Ommitting the [days] parameter will default to “3” days. Here's an example limiting to 1 day:

https://clientname.apparmor.com/IncidentReporting/Feed/?[KEY]=abcd-1234-abcd-1234&[format]=XML&[days]=1

Minute Range

Alternatively, if you need to poll frequently, you use the [minutes] parameter.

Here's an example limiting to 15 minutes:

https://clientname.apparmor.com/IncidentReporting/Feed/?[KEY]=abcd-1234-abcd-1234&[format]=XML&[minutes]=15

Sort Order

The sort order defaults to descending by date, but can be reversed by adding [sortorder]=ASC like this:

https://clientname.apparmor.com/IncidentReporting/Feed/?[KEY]=abcd-1234-abcd-1234&[format]=XML&[days]=1&[sortorder]=ASC 

Max Rows

If you need to specify the number of rows, use the [maxrows] parameter. Defaults to 100.

https://clientname.apparmor.com/IncidentReporting/Feed/?[KEY]=abcd-1234-abcd-1234&[format]=XML&[days]=1&[maxrows]=1000 

Showing ID Columns

By default, the ID and BadgeID columns are not shown in the feed. To enable them add “&[ID]=true” or “&[BadgeID]=true to the URL. Here is an example:

https://clientname.apparmor.com/IncidentReporting/Feed/?[KEY]=abcd-1234-abcd-1234&[ID]=true&[BadgeID]=true

Badge Override Column

A column indicating whether the badge has been manually overridden can be showing by adding “&[Override]=true” to the feed URL. Here is an example:

https://clientname.apparmor.com/IncidentReporting/Feed/?[KEY]=abcd-1234-abcd-1234&[Override]=true

Custom Filters

You can also add any custom filters on the data you'd like by specifying the field name in the url with the format "&fieldname=value". Here's an example using "User Email":

https://clientname.apparmor.com/IncidentReporting/Feed/?[KEY]=abcd-1234-abcd-1234&[format]=XML&[days]=1&[sortorder]=ASC&User%20Email=testuser@clientname.edu

You can combine multiple filter fields. In the example below, I filter on the user email and only reports where the "Outcome" field is "Approved":

https://clientname.apparmor.com/IncidentReporting/Feed/?[KEY]=abcd-1234-abcd-1234&[format]=XML&[days]=1&[sortorder]=ASC&User%20Email=testuser@clientname.edu&Outcome=Approved