1. Logsign Support Center
  2. Logsign Unified SecOps Platform
  3. Integration

Logsign SIEM API Documentation

Updated

All endpoints require authentication via the api_key query parameter.
Base URL: https://<LOGSIGN_HOST>

1. Test API

Tests the API connection and validates the API key.

GET/test_api10/min

Parameters

Parameter Type Required Description
api_key string Yes API key

Example Request

GET /test_api?api_key=YOUR_API_KEY

Example Response

{
  "success": true
}

2. Get Version

Returns the current Logsign SIEM version.

GET/get_version10/min

Parameters

Parameter Type Required Description
api_key string Yes API key

Example Request

GET /get_version?api_key=YOUR_API_KEY

Example Response

{
  "success": true,
  "version": "6.4.1"
}

3. Feed List (GET)

Returns all entries from the specified feed list.

GET/feed_list10/min

Parameters

Parameter Type Required Description
api_key string Yes API key
list_name string Yes Name of the feed list
format string No Set to txt to return the response as plain text

Example Request

GET /feed_list?api_key=YOUR_API_KEY&list_name=blocked_ips

4. Feed List (POST)

Adds a new entry to the specified feed list.

POST/feed_list30/min

Query Parameters

Parameter Type Required Description
api_key string Yes API key
list_name string Yes Name of the feed list

Body Parameters

Parameter Type Required Description
value string Yes The value to add
expire_time int No Expiration time in seconds (default: 0 = no expiry)

Example Request

POST /feed_list?api_key=YOUR_API_KEY&list_name=blocked_ips
Content-Type: application/json

{
  "value": "192.168.1.100",
  "expire_time": 3600
}

5. Get Count

Returns the event count for a given query, grouped by a specified column.

GET/get_count30/min

Parameters

Parameter Type Required Description
api_key string Yes API key
query string Yes Search query
grouped_column string Yes Column name to group by
criteria string Yes Aggregation criteria (e.g. count, sum)
time_frame string Yes Time frame for the query

Example Request

GET /get_count?api_key=YOUR_API_KEY&query=*&grouped_column=SourceIP&criteria=count&time_frame=last_1_hour

6. Get Events

Returns events matching the given query with pagination support.

GET/get_events30/min

Parameters

Parameter Type Required Description
api_key string Yes API key
query string Yes Search query
time_frame string Yes Time frame for the query
page int No Page number (default: 1)
size int No Results per page (default: 100)

Example Request

GET /get_events?api_key=YOUR_API_KEY&query=SourceIP:10.0.0.1&time_frame=last_1_hour&page=1&size=50

7. Get Columns

Returns grouped column values for a given query.

GET/get_columns30/min

Parameters

Parameter Type Required Description
api_key string Yes API key
query string Yes Search query
grouped_column string Yes Column name to group by
time_frame string Yes Time frame for the query

Example Request

GET /get_columns?api_key=YOUR_API_KEY&query=*&grouped_column=SourceIP&time_frame=last_24_hours

8. Get Incidents

Returns incidents created after the specified timestamp.

GET/get_incidents30/min

Parameters

Parameter Type Required Description
api_key string Yes API key
last_run string Yes Timestamp; returns incidents created after this time
query string No Filter query

Example Request

GET /get_incidents?api_key=YOUR_API_KEY&last_run=2026-04-17T00:00:00&query=severity:high

9. Set Incident Status

Updates the status of an incident.

POST/set_incident_status30/min

Query Parameters

Parameter Type Required Description
api_key string Yes API key
incident_id string Yes Incident ID

Body

JSON object containing the status update data.

Example Request

POST /set_incident_status?api_key=YOUR_API_KEY&incident_id=INC-001
Content-Type: application/json

{
  "status": "closed"
}

10. Incident Comment

Adds a comment to an incident.

POST/incident_comment30/min

Query Parameters

Parameter Type Required Description
api_key string Yes API key

Body Parameters

Parameter Type Required Description
incident_id string Yes Incident ID
message string Yes Comment text

Example Request

POST /incident_comment?api_key=YOUR_API_KEY
Content-Type: application/json

{
  "incident_id": "INC-001",
  "message": "Incident reviewed and closed as false positive."
}

11. Get Alert Configs

Returns all alert configurations grouped by alert blocks.

GET/get_alert_configs1/min

Parameters

Parameter Type Required Description
api_key string Yes API key

Example Request

GET /get_alert_configs?api_key=YOUR_API_KEY

Example Response

[
  {
    "uid": "block-001",
    "name": "Network Alerts",
    "alerts": [
      {
        "uid": "alert-001",
        "name": "High Traffic Alert",
        "disabled": false,
        "block_uid": "block-001"
      }
    ]
  }
]

Error Responses

HTTP Code Description
403 Invalid API key or missing required parameter
400 Invalid request body (JSON parse error)
429 Rate limit exceeded

 

 

 

 

Was this article helpful?
0 out of 0 found this helpful

Articles in this section

See more
Become a Certified Logsign User/Administrator
Sign-up for Logsign Academy and take the courses to learn about Logsign USO Platform in detail. Enjoy the courses, and get your badges and certificates. In these courses, you'll learn how to use Logsign in your work and add value to your career.
Visit Our Blog
Our Logsign USO Platform illustrate our expertise. So do the blog. Through our blog posts, deepen your knowledge on various SecOps topics or get updated about important news & modern approaches for cybersecurity. Get into the habit of reading valuable information provided by Logsign. Be a step ahead.