Appearance
API Endpoint Index
All Telovix API v2 endpoints at a glance. Click any endpoint to go directly to its full documentation with request parameters, response schema, and code examples in Python, TypeScript, Go, and cURL.
AI Assistant
| Method | Endpoint | Scope | Description |
|---|---|---|---|
POST | /api/v2/chat | chat:read | Streaming AI assistant chat over Server-Sent Events |
Alerts
| Method | Endpoint | Scope | Description |
|---|---|---|---|
GET | /api/v2/alerts | alerts:read | List alerts with filtering by status, severity, and sensor |
GET | /api/v2/alerts/export | alerts:read | Export matching alerts as a JSON array (up to 200 rows) |
GET | /api/v2/alerts/{alert_id} | alerts:read | Get a single alert record with full detail |
PATCH | /api/v2/alerts/{alert_id} | alerts:write | Update alert status, assignee, or resolution |
POST | /api/v2/alerts/{alert_id}/notes | alerts:write | Add an analyst note to an alert |
Anomalies
| Method | Endpoint | Scope | Description |
|---|---|---|---|
GET | /api/v2/anomalies/baselines | anomalies:read | List behavioral baselines across the fleet |
GET | /api/v2/anomalies/baselines/fingerprint | anomalies:read | Get the behavioral fingerprint for a specific binary on a sensor |
POST | /api/v2/anomalies/baselines/rebuild | anomalies:write | Trigger a full behavioral baseline rebuild |
GET | /api/v2/anomalies/chains | anomalies:read | List correlated multi-stage attack chain detections |
GET | /api/v2/anomalies/chains/{id} | anomalies:read | Get a single attack chain by row ID |
POST | /api/v2/anomalies/chains/{id}/suppress | anomalies:write | Suppress or un-suppress an attack chain |
GET | /api/v2/anomalies/scores | anomalies:read | List behavioral anomaly scores sorted by score |
GET | /api/v2/anomalies/scores/{score_id} | anomalies:read | Get a single anomaly score by ID |
PATCH | /api/v2/anomalies/scores/{score_id} | anomalies:write | Mark a score as true positive or false positive |
GET | /api/v2/anomalies/suppressions | anomalies:read | List suppression rules with 24-hour match counts |
POST | /api/v2/anomalies/suppressions | anomalies:write | Create a new suppression rule |
DELETE | /api/v2/anomalies/suppressions/{rule_id} | anomalies:write | Delete a suppression rule |
Audit Log
| Method | Endpoint | Scope | Description |
|---|---|---|---|
GET | /api/v2/audit | audit:read | Query audit log entries with filtering and cursor pagination |
Compliance
| Method | Endpoint | Scope | Description |
|---|---|---|---|
GET | /api/v2/compliance/controls | compliance:read | Per-control status for a single framework |
GET | /api/v2/compliance/controls/{control_id}/evidence | compliance:read | Runtime evidence items for a specific control |
GET | /api/v2/compliance/export | compliance:read | Export compliance evidence as JSON or CSV |
GET | /api/v2/compliance/posture | compliance:read | Fleet compliance scores across all frameworks |
Energy
| Method | Endpoint | Scope | Description |
|---|---|---|---|
GET | /api/v2/energy/fleet | sensors:read | Fleet-wide aggregated daily energy data |
Events
| Method | Endpoint | Scope | Description |
|---|---|---|---|
GET | /api/v2/events | events:read | Query runtime events from ClickHouse with filtering and pagination |
GET | /api/v2/events/stream | events:stream | Real-time Server-Sent Events stream |
Investigations
| Method | Endpoint | Scope | Description |
|---|---|---|---|
GET | /api/v2/investigations | investigations:read | List all investigation cases |
POST | /api/v2/investigations | investigations:write | Create a new investigation case |
GET | /api/v2/investigations/{case_id} | investigations:read | Get investigation with events and notes |
POST | /api/v2/investigations/{case_id}/events | investigations:write | Link a runtime event to an investigation |
POST | /api/v2/investigations/{case_id}/notes | investigations:write | Add an analyst note to an investigation |
Kubernetes
| Method | Endpoint | Scope | Description |
|---|---|---|---|
GET | /api/v2/kubernetes/admission/decisions | sensors:read | Recent admission webhook allow/deny decisions |
GET | /api/v2/kubernetes/images | sensors:read | Container image inventory |
GET | /api/v2/kubernetes/workloads | sensors:read | Kubernetes workload inventory |
Network
| Method | Endpoint | Scope | Description |
|---|---|---|---|
GET | /api/v2/network/connections | events:read | Active TCP connections across the fleet |
GET | /api/v2/network/listening | events:read | Listening services across the fleet |
Policies
| Method | Endpoint | Scope | Description |
|---|---|---|---|
GET | /api/v2/policies/enforcement | policies:read | List current enforcement policy state |
PUT | /api/v2/policies/enforcement/{rule_id} | policies:write | Enable or disable an enforcement rule |
GET | /api/v2/policies/rules | policies:read | List all enforcement policy rules |
POST | /api/v2/policies/rules | policies:write | Create a new policy rule from a template or custom YAML |
PUT | /api/v2/policies/rules/{rule_id} | policies:write | Update exceptions or enabled state of a rule |
DELETE | /api/v2/policies/rules/{rule_id} | policies:write | Delete a policy rule |
SBOM and Vulnerabilities
| Method | Endpoint | Scope | Description |
|---|---|---|---|
GET | /api/v2/sbom/scans | sbom:read | List container image SBOM scans |
GET | /api/v2/sbom/scans/{scan_id} | sbom:read | Get a single SBOM scan record |
GET | /api/v2/sbom/scans/{scan_id}/cyclonedx | sbom:read | Export CycloneDX 1.4 SBOM document |
GET | /api/v2/sbom/scans/{scan_id}/vulnerabilities | sbom:read | Get the full CVE list for a completed scan |
Sensors
| Method | Endpoint | Scope | Description |
|---|---|---|---|
POST | /api/v2/sensors/{sensor_id}/contain | sensors:write | Place sensor in network containment |
GET | /api/v2/sensors/{sensor_id}/energy | sensors:read | Per-sensor energy consumption with savings estimate |
GET | /api/v2/sensors/{sensor_id}/health | sensors:read | Current health state and resource snapshot |
GET | /api/v2/sensors/{sensor_id}/metrics | sensors:read | Time-series CPU, memory, and BPF loss metrics |
POST | /api/v2/sensors/{sensor_id}/release | sensors:write | Release sensor from network containment |
GET | /api/v2/sensors | sensors:read | List all enrolled sensors with health and status |
GET | /api/v2/sensors/enrollment-tokens | sensors:read | List enrollment tokens (up to 200 rows) |
POST | /api/v2/sensors/enrollment-tokens | sensors:write | Create an enrollment token |
POST | /api/v2/sensors/enrollment-tokens/{token_id}/revoke | sensors:write | Revoke an active enrollment token |
GET | /api/v2/sensors/{sensor_id} | sensors:read | Get a single sensor by ID |
Telecom
| Method | Endpoint | Scope | Description |
|---|---|---|---|
GET | /api/v2/telco/nf-inventory | sensors:read | Detected 5G/4G/O-RAN network function inventory |
GET | /api/v2/telco/ran/snapshot | sensors:read | Latest RAN component telemetry snapshot |
GET | /api/v2/telco/security/alerts | sensors:read | Telecom-specific security findings across the fleet |
GET | /api/v2/telco/slo/{sensor_id} | sensors:read | NF SLO availability and breach status for a sensor |
Webhooks
| Method | Endpoint | Scope | Description |
|---|---|---|---|
GET | /api/v2/webhooks | alerts:read | List configured webhook destinations |
POST | /api/v2/webhooks | alerts:write | Create a new webhook destination |
PUT | /api/v2/webhooks/{webhook_id} | alerts:write | Update a webhook destination |
DELETE | /api/v2/webhooks/{webhook_id} | alerts:write | Delete a webhook destination |
POST | /api/v2/webhooks/{webhook_id}/test | alerts:write | Send a test delivery |
Scope quick reference
| Scope | Endpoints it unlocks |
|---|---|
alerts:read | Alert list, alert detail, alert export, webhooks list |
alerts:write | Alert status updates, notes, webhook management |
anomalies:read | Scores, chains, suppressions, baselines, fingerprints |
anomalies:write | Verdicts, suppressions, chain suppression, rebuild |
audit:read | Audit log |
chat:read | AI assistant |
compliance:read | Posture, controls, evidence, export |
events:read | Events query, network connections and listeners |
events:stream | Real-time SSE event stream |
investigations:read | List and read investigations |
investigations:write | Create investigations, add events and notes |
policies:read | Policy rules, enforcement state |
policies:write | Create, update, delete rules; toggle enforcement |
sbom:read | SBOM scans, vulnerabilities, CycloneDX export |
sensors:read | Sensors, enrollment tokens, metrics, health, energy, K8s, telecom |
sensors:write | Contain/release, enrollment token create/revoke |