# Documentation fot UTMStack ## Docs - [API Authentication Guide](https://docs.insecureweb.com/v11/Getting started/api.md): Complete guide for authenticating with the UTMStack API using Bearer Token or API Key methods. Learn how to access secured endpoints and find official API documentation. - [Architecture Overview](https://docs.insecureweb.com/v11/Installation/architecture.md): Understanding UTMStack v11's modern, scalable architecture and deployment models. - [Firewall Rules and Network Configuration](https://docs.insecureweb.com/v11/Installation/firewall_rules.md): Configure firewall rules and network ports for secure UTMStack v11 operation. - [Installation Guide](https://docs.insecureweb.com/v11/Installation/installation.md): Complete guide to installing UTMStack v11 on Ubuntu 24.04 LTS - [Installation from ISO](https://docs.insecureweb.com/v11/Installation/installation-from-iso.md): Automated installation of UTMStack v11 Community Edition using the official ISO - [Manual Update Guide](https://docs.insecureweb.com/v11/Installation/manual-update.md): Step-by-step guide for manually updating UTMStack using the update script - [SSL Certificate Management](https://docs.insecureweb.com/v11/Installation/ssl_certificate.md): Complete guide for installing, generating, and managing SSL certificates in UTMStack v11. - [System Requirements](https://docs.insecureweb.com/v11/Installation/system-requirements.md): Hardware and software requirements for UTMStack v11 - [List Alerts API](https://docs.insecureweb.com/v11/apidoc/alerts-list.md): Retrieve and filter alerts from UTMStack's Elasticsearch index with advanced search capabilities, pagination, and sorting options. - [API Keys Management](https://docs.insecureweb.com/v11/apidoc/api-keys.md): Create and manage API keys for secure programmatic access to UTMStack - [Authentication API](https://docs.insecureweb.com/v11/apidoc/authentication.md): UTMStack Authentication API for issuing JWT tokens to authenticate users and access protected resources. - [Convert to Incident API](https://docs.insecureweb.com/v11/apidoc/convert-incident.md): Convert one or more alerts into a formal security incident for comprehensive case management and investigation tracking. - [Count Open Alerts API](https://docs.insecureweb.com/v11/apidoc/count-alerts.md): Get the total count of open alerts in the system for dashboard displays and monitoring purposes. - [CSV Export API](https://docs.insecureweb.com/v11/apidoc/csv-export.md): Export alert data to CSV format for reporting, analysis, and integration with external tools. - [API Documentation Overview](https://docs.insecureweb.com/v11/apidoc/overview.md): Complete guide to UTMStack's API endpoints for managing alerts, authentication, and security operations programmatically. - [Postman Collection Download](https://docs.insecureweb.com/v11/apidoc/postman-collection.md): Download the complete UTMStack Alerts API Postman collection with pre-configured examples, authentication, and test scripts. - [Property Values with Count API](https://docs.insecureweb.com/v11/apidoc/property-values.md): Get unique values for alert properties along with their occurrence counts for analytics and filtering purposes. - [Update Alert Notes API](https://docs.insecureweb.com/v11/apidoc/update-notes.md): Add or update notes for a specific alert to document observations, investigations, or remediation steps. - [Update Alert Status API](https://docs.insecureweb.com/v11/apidoc/update-status.md): Update the status of one or more alerts with auditing and optional false positive tagging capabilities. - [Update Alert Tags API](https://docs.insecureweb.com/v11/apidoc/update-tags.md): Add or update tags for one or multiple alerts with optional automatic rule creation and auditing capabilities. - [Integration guide for Apache2](https://docs.insecureweb.com/v11/integrations/apache2.md): HTTPD - Apache2 Web Server. Apache is the most commonly used Web server on Linux systems. Web servers are used to serve Web pages requested by client computers. - [Integration guide for AWS Cloudwatch](https://docs.insecureweb.com/v11/integrations/aws.md): AWS Cloudwatch enables auditing, security monitoring, and operational troubleshooting by tracking user activity and API usage. CloudTrail logs, continuously monitors, and retains account activity related to actions across your AWS infrastructure, giving you control over storage, analysis, and remedi… - [Integration guide for Azure](https://docs.insecureweb.com/v11/integrations/azure.md): At its core, Azure is a public cloud computing platform—with solutions including Infrastructure as a Service (IaaS), Platform as a Service (PaaS), and Software as a Service (SaaS) that can be used for services such as analytics, virtual computing, storage, networking, and much more. - [Integration guide for Cisco ASA](https://docs.insecureweb.com/v11/integrations/cisco_asa.md): Adaptive Security Appliances, or simply Cisco ASA, is Cisco's line of network security devices. This integration configures UTMStack ingestion of logs from this device. - [Integration guide for Cisco Switch](https://docs.insecureweb.com/v11/integrations/ciscosw.md): Cisco network switches deliver performance, flexibility, and security. Cisco switches are scalable and cost-efficient and meet the demands of hybrid work. - [How to Install cURL in Windows](https://docs.insecureweb.com/v11/integrations/config_curl.md): This guide walks you through installing and configuring curl on Windows, verifying it works, and making it accessible from any terminal - [Integration guide for Elasticsearch](https://docs.insecureweb.com/v11/integrations/elastic.md): Elasticsearch is a highly scalable open-source full-text search and analytics engine. It allows you to store, search, and analyze big volumes of data quickly and in near real time. It is generally used as the underlying engine/technology that powers applications that have complex search features and… - [Integration guide for Fire Power](https://docs.insecureweb.com/v11/integrations/firepower.md): Cisco Networks Firepower Next-Generation Firewalls (NGFW) offer superior cyber threat protection, intrusion prevention, and enterprise security management controls for organizations of all sizes and deployments. - [Integration guide for FortiGate](https://docs.insecureweb.com/v11/integrations/fortigate.md): Fortinet's FortiGate next-generation firewalls (NGFW) provide organizations supreme protection against web-based network threats, including known and unknown threats and intrusion strategies. - [Integration guide for FortiWeb](https://docs.insecureweb.com/v11/integrations/fortiweb.md): FortiWeb is a web application firewall (WAF) developed by Fortinet. It provides protection for web applications against various types of attacks, including SQL injection, cross-site scripting (XSS), and other common web exploits. - [Integration guide for Google Cloud Platform](https://docs.insecureweb.com/v11/integrations/googlecloud.md): Google Cloud Platform is a suite of public cloud computing services offered by Google. The platform includes a range of hosted services for compute, storage and application development that run on Google hardware - [Integration guide for High Availability Proxy](https://docs.insecureweb.com/v11/integrations/haproxy.md): HAProxy (High Availability Proxy) is open source proxy and load balancing server software. It provides high availability at the network (TCP) and application (HTTP/S) layers, improving speed and performance by distributing workload across multiple servers. - [Integration guide for IBM AIX](https://docs.insecureweb.com/v11/integrations/ibm_aix.md): AIX (Advanced Interactive eXecutive) is a series of proprietary Unix operating systems developed and sold by IBM for several of its computer platforms. - [Integration guide for IBM AS/400](https://docs.insecureweb.com/v11/integrations/ibmas400.md): The IBM AS/400 is a family of midrange computers from IBM announced in June 1988 and released in August 1988. It was the successor to the System/36 and System/38 platforms, and ran the OS/400 operating system. - [Integration guide for Internet Information Services](https://docs.insecureweb.com/v11/integrations/iis.md): Internet Information Services (IIS) is a flexible, general-purpose web server from Microsoft that runs on Windows systems to serve requested HTML pages or files. An IIS web server accepts requests from remote client computers and returns the appropirate response. - [Integration guide for Kafka](https://docs.insecureweb.com/v11/integrations/kafka.md): Kafka is primarily used to build real-time streaming data pipelines and applications that adapt to the data streams. It combines messaging, storage, and stream processing to allow storage and analysis of both historical and real-time data. - [Integration guide for Kibana](https://docs.insecureweb.com/v11/integrations/kibana.md): Kibana is a data visualization and exploration tool used for log and time-series analytics, application monitoring, and operational intelligence use cases. It offers powerful and easy-to-use features such as histograms, line graphs, pie charts, heat maps, and built-in geospatial support. - [Integration guide for Linux Agent](https://docs.insecureweb.com/v11/integrations/linuxagent.md): By installing and configuring this agent on the Linux systems family you can send the logs generated by this operating system to UTMStack - [Integration guide for Logstash](https://docs.insecureweb.com/v11/integrations/logstash.md): Logstash is a light-weight, open-source, server-side data processing pipeline that allows you to collect data from a variety of sources, transform it on the fly, and send it to your desired destination. It is most often used as a data pipeline for Elasticsearch, an open-source analytics and search e… - [Integration guide for MacOS](https://docs.insecureweb.com/v11/integrations/macos.md): The macOS agent collects system and application logs, monitors activity, and communicates securely with the UTMStack master server or proxy. It also enables incident response actions. - [Integration guide for MikroTik](https://docs.insecureweb.com/v11/integrations/mikrotik.md): MikroTik is company provides routing, switching and wireless equipment for all possible uses – from the customer location, up to high end data centres. MikroTik uses RouterOS, is an operating system and software capable of acting as a Router, Bridge, Firewall, Bandwidth Management, Wireless AP & Cli… - [Integration guide for MongoDB](https://docs.insecureweb.com/v11/integrations/mongodb.md): MongoDB is a document database used to build highly available and scalable internet applications. - [Integration guide for MySQL](https://docs.insecureweb.com/v11/integrations/mysql.md): MySQL is a relational database management system based on SQL. The most common use for mySQL however, is for the purpose of a web database. It can be used to store anything from a single record of information to an entire inventory of available products for an online store. - [Integration guide for Netflow](https://docs.insecureweb.com/v11/integrations/netflow.md): Integrating NetFlow you can redirect all logs of the network traffic to UTMStack, allowing you to monitor and analyze this logs more efficiently and effectively. - [Integration guide for Nginx](https://docs.insecureweb.com/v11/integrations/nginx.md): NGINX is open source software for web serving, reverse proxying, caching, load balancing, media streaming, and more. - [Integration guide for Office365](https://docs.insecureweb.com/v11/integrations/office365.md): Microsoft 365, formerly Office 365, is a line of subscription services offered by Microsoft which adds to and includes the Microsoft Office product line - [Integration guide for Oracle](https://docs.insecureweb.com/v11/integrations/oracle.md): Oracle Database Audit Logs provide detailed records of database activity, including user actions, access attempts, and changes to data or configurations. These logs help ensure compliance, support forensic investigations, and enhance security monitoring. - [Integration guide for Palo Alto](https://docs.insecureweb.com/v11/integrations/paloalto.md): Palo Alto Networks® next-generation firewalls inspect all traffic (including applications, threats, and content), and tie that traffic to the user, regardless of location or device type. The user, application, and content—the elements that run your business—become integral components of your enterpr… - [Integration guide for PfSense](https://docs.insecureweb.com/v11/integrations/pfsense.md): PfSense is a free and open-source firewall and router that also features unified threat management load balancing, multi-WAN and more. - [Integration guide for PostgreSQL](https://docs.insecureweb.com/v11/integrations/pgsql.md): PostgreSQL is used as the primary data store or data warehouse for many web, mobile, geospatial, and analytics applications. - [Integration guide for Redis](https://docs.insecureweb.com/v11/integrations/redis.md): Redis can be used with streaming solutions such as Apache Kafka and Amazon Kinesis as an in-memory data store to ingest, process, and analyze real-time data with sub-millisecond latency. Redis is an ideal choice for real-time analytics use cases such as social media analytics, ad targeting, personal… - [Integration guide for SentinelOne Endpoint Security](https://docs.insecureweb.com/v11/integrations/sentinelone.md): SentinelOne Endpoint Security technology provides solutions with three different tiers of functionality, Core, Control and Complete. - [Integration guide for SonicWall](https://docs.insecureweb.com/v11/integrations/sonicwall.md): SonicWall next-generation firewalls (NGFW) provide the security, control and visibility you need to maintain an effective cybersecurity posture. SonicWall’s award-winning hardware and advanced technology are built into each firewall to give you the edge on envolving threats. - [Integration guide for Sophos XG](https://docs.insecureweb.com/v11/integrations/sophos_xg.md): Features full protection for your home network, including anti-malware, web security and URL filtering, application control, IPS, traffic shaping, VPN, reporting and monitoring, and much more. - [Integration guide for Sophos Central](https://docs.insecureweb.com/v11/integrations/sophoscentral.md): Sophos Central is a single cloud management solution for all your Sophos next-gen technologies: endpoint, server, mobile, firewall, ZTNA, email, and so much more - [Integration guide for SysLog](https://docs.insecureweb.com/v11/integrations/syslog.md): Syslog is a standard for sending and receiving notification messages, in a particular format, from various network devices. UTMStack accepts syslog from firewalls and other devices that support it - [Integration guide for Traefik](https://docs.insecureweb.com/v11/integrations/taefik.md): Traefik is the modern standard for Routing, Load Balancing, and Proxies for the Cloud, On-Prem, and Hybrid workloads. - [Integration guide for VMWare Syslog](https://docs.insecureweb.com/v11/integrations/vmware.md): VMWare allows businesses to run multiple application and operating system workloads on the one server. You can use the Syslog Service to redirect and store ESXi messages to UTMStack - [Integration guide for Windows Agent](https://docs.insecureweb.com/v11/integrations/windowsagent.md): By installing and configuring this agent on windows systems you can send the logs generated by this operating system to UTMStack - [Introduction to UTMStack v11](https://docs.insecureweb.com/v11/introduction.md): Welcome to UTMStack v11 - A Major Evolution in SIEM and XDR Technology - [Adding Custom Filters to Data Sources](https://docs.insecureweb.com/v11/rules-and-filters/adding-custom-filters.md): Create custom filters for syslog and other data sources that aren't covered in standard integration guides - [Best Practices for Rules and Filters](https://docs.insecureweb.com/v11/rules-and-filters/best-practices.md): Optimization techniques, performance tips, and development patterns for UTMStack v11 - [Implementing Data Filters](https://docs.insecureweb.com/v11/rules-and-filters/implementing-filters.md): Complete guide for creating data extraction and transformation filters in UTMStack v11 - [Implementing Correlation Rules](https://docs.insecureweb.com/v11/rules-and-filters/implementing-rules.md): Complete guide for creating security detection rules in UTMStack v11 EventProcessor - [Rules and Filters - Developer Reference](https://docs.insecureweb.com/v11/rules-and-filters/overview.md): Introduction to EventProcessor, Rules, and Filters - A practical reference for developers ## OpenAPI Specs - [openapi](https://docs.insecureweb.com/api-reference/openapi.json) - [api-docs](https://docs.insecureweb.com/v10/api-reference/api-docs.json)