SCIM Playground

Appearance

Security Event Token

Events are delivered in the form of a Security Event Token (SET). A SET contains information about the security event, such as the event type, timestamp, subject, and additional context. It is used for auditing, monitoring, and analyzing security-related activities within a system.

Specifically for SCIM, the SCIM Profile for Security Event Tokens defines how SET tokens in a SCIM environment should be structured.

Retrieve Events

To retrieve events, you can make a GET request to the /events endpoint. This will return a list of recent security events. This endpoints implements (parts of) RFC8936: Poll-Based Security Event Token (SET) Delivery Using HTTP.

The request can include the following parameters:

  • ack: A list of event identifiers

  • maxEvents: This is the maximum number of events that the server will return in a single response.

  • shouldReturnImmediately: This is a boolean value that determines whether the server should return immediately if there are no events to retrieve. This server only supports true.

/Events/Click to fill ⚡
{
"returnImmediately": true,
"maxEvents": 10
}

Ackknowledge Events

After processing the SETs, the SET Recipient acknowledges received SETs and can poll for more.

/Events/Click to fill ⚡
{
"returnImmediately": true,
"maxEvents": 10,
"ack": [
"Click to fill ⚡"
]
}