ini-icam-send-event
Send a security event to INI-ICAM Platform.
Syntax
ini-icam-send-event profile=PROFILE severity=SEVERITY [src-ip=SRC-IP] [dst-ip=DST-IP] [dst-port=DST-PORT] [user=USER] category=CATEGORY [msg=MSG] [dry-run=DRY-RUN]
Options
- profile=PROFILE
- Required. Name of the INI-ICAM connect profile to use for authentication
- severity=SEVERITY
- Required. Event severity level (0~10, higher value means more critical)
- src-ip=SRC-IP
- Optional. Source IP address where the event originated (e.g. 192.168.1.100)
- dst-ip=DST-IP
- Optional. Destination IP address targeted by the event (e.g. 10.0.0.1)
- dst-port=DST-PORT
- Optional. Destination port number targeted by the event (e.g. 443)
- user=USER
- Optional. ICAM-registered user identifier associated with the event. Must match an existing ICAM user for the score to be applied. If omitted or unrecognized, the event is accepted (HTTP 200) but not reflected in the user's score.
- category=CATEGORY
- Required. Event category or type that classifies the security event (e.g. malware, authentication)
- msg=MSG
- Optional. Detailed description or message explaining the content of the security event
- dry-run=DRY-RUN
- Optional. Dry run mode — validates options without sending to ICAM (t or f, default: t)
Output Fields
| Field | Type | Name | Description |
|---|---|---|---|
| profile | String | Connect profile | INI-ICAM connect profile |
| _result | String | Result | success or fail (real run) |
| _expected | String | Expected | success or fail (dry-run only) |