Logsign SIEM API Documentation

All endpoints require authentication via the api_key query parameter.
Base URL: https://<LOGSIGN_HOST>

1. Test API
2. Get Version
3. Feed List (GET)
4. Feed List (POST)
5. Get Count
6. Get Events
7. Get Columns
8. Get Incidents
9. Set Incident Status
10. Incident Comment
11. Get Alert Configs

1. Test API

Tests the API connection and validates the API key.

GET /test_api 10/min

Parameters

Parameter	Type	Required	Description
api_key	string	Yes	API key

Example Request

GET /test_api?api_key=YOUR_API_KEY

Example Response

{
  "success": true
}

2. Get Version

Returns the current Logsign SIEM version.

GET /get_version 10/min

Parameters

Parameter	Type	Required	Description
api_key	string	Yes	API key

Example Request

GET /get_version?api_key=YOUR_API_KEY

Example Response

{
  "success": true,
  "version": "6.4.1"
}

3. Feed List (GET)

Returns all entries from the specified feed list.

GET /feed_list 10/min

Parameters

Parameter	Type	Required	Description
api_key	string	Yes	API key
list_name	string	Yes	Name of the feed list
format	string	No	Set to `txt` to return the response as plain text

Example Request

GET /feed_list?api_key=YOUR_API_KEY&list_name=blocked_ips

4. Feed List (POST)

Adds a new entry to the specified feed list.

POST /feed_list 30/min

Query Parameters

Parameter	Type	Required	Description
api_key	string	Yes	API key
list_name	string	Yes	Name of the feed list

Body Parameters

Parameter	Type	Required	Description
value	string	Yes	The value to add
expire_time	int	No	Expiration time in seconds (default: 0 = no expiry)

Example Request

POST /feed_list?api_key=YOUR_API_KEY&list_name=blocked_ips
Content-Type: application/json

{
  "value": "192.168.1.100",
  "expire_time": 3600
}

5. Get Count

Returns the event count for a given query, grouped by a specified column.

GET /get_count 30/min

Parameters

Parameter	Type	Required	Description
api_key	string	Yes	API key
query	string	Yes	Search query
grouped_column	string	Yes	Column name to group by
criteria	string	Yes	Aggregation criteria (e.g. count, sum)
time_frame	string	Yes	Time frame for the query

Example Request

GET /get_count?api_key=YOUR_API_KEY&query=*&grouped_column=SourceIP&criteria=count&time_frame=last_1_hour

6. Get Events

Returns events matching the given query with pagination support.

GET /get_events 30/min

Parameters

Parameter	Type	Required	Description
api_key	string	Yes	API key
query	string	Yes	Search query
time_frame	string	Yes	Time frame for the query
page	int	No	Page number (default: 1)
size	int	No	Results per page (default: 100)

Example Request

GET /get_events?api_key=YOUR_API_KEY&query=SourceIP:10.0.0.1&time_frame=last_1_hour&page=1&size=50

7. Get Columns

Returns grouped column values for a given query.

GET /get_columns 30/min

Parameters

Parameter	Type	Required	Description
api_key	string	Yes	API key
query	string	Yes	Search query
grouped_column	string	Yes	Column name to group by
time_frame	string	Yes	Time frame for the query

Example Request

GET /get_columns?api_key=YOUR_API_KEY&query=*&grouped_column=SourceIP&time_frame=last_24_hours

8. Get Incidents

Returns incidents created after the specified timestamp.

GET /get_incidents 30/min

Parameters

Parameter	Type	Required	Description
api_key	string	Yes	API key
last_run	string	Yes	Timestamp; returns incidents created after this time
query	string	No	Filter query

Example Request

GET /get_incidents?api_key=YOUR_API_KEY&last_run=2026-04-17T00:00:00&query=severity:high

9. Set Incident Status

Updates the status of an incident.

POST /set_incident_status 30/min

Query Parameters

Parameter	Type	Required	Description
api_key	string	Yes	API key
incident_id	string	Yes	Incident ID

Body

JSON object containing the status update data.

Example Request

POST /set_incident_status?api_key=YOUR_API_KEY&incident_id=INC-001
Content-Type: application/json

{
  "status": "closed"
}

10. Incident Comment

Adds a comment to an incident.

POST /incident_comment 30/min

Query Parameters

Parameter	Type	Required	Description
api_key	string	Yes	API key

Body Parameters

Parameter	Type	Required	Description
incident_id	string	Yes	Incident ID
message	string	Yes	Comment text

Example Request

POST /incident_comment?api_key=YOUR_API_KEY
Content-Type: application/json

{
  "incident_id": "INC-001",
  "message": "Incident reviewed and closed as false positive."
}

11. Get Alert Configs

Returns all alert configurations grouped by alert blocks.

GET /get_alert_configs 1/min

Parameters

Parameter	Type	Required	Description
api_key	string	Yes	API key

Example Request

GET /get_alert_configs?api_key=YOUR_API_KEY

Example Response

[
  {
    "uid": "block-001",
    "name": "Network Alerts",
    "alerts": [
      {
        "uid": "alert-001",
        "name": "High Traffic Alert",
        "disabled": false,
        "block_uid": "block-001"
      }
    ]
  }
]

Error Responses

HTTP Code	Description
403	Invalid API key or missing required parameter
400	Invalid request body (JSON parse error)
429	Rate limit exceeded

Logsign SIEM API Documentation

Table of Contents

1. Test API

Parameters

Example Request

Example Response

2. Get Version

Parameters

Example Request

Example Response

3. Feed List (GET)

Parameters

Example Request

4. Feed List (POST)

Query Parameters

Body Parameters

Example Request

5. Get Count

Parameters

Example Request

6. Get Events

Parameters

Example Request

7. Get Columns

Parameters

Example Request

8. Get Incidents

Parameters

Example Request

9. Set Incident Status

Query Parameters

Body

Example Request

10. Incident Comment

Query Parameters

Body Parameters

Example Request

11. Get Alert Configs

Parameters

Example Request

Example Response

Error Responses