All API URLs should be prefixed with
https://<your-server-ip>:8443/openapi/api/rest/v1/siem
Preface
The following post detail how to interact with the SkyFormation cloud apps connector accounts using APIs.
A SkyFormation SIEM represent an instance of a SIEM configuration, which can then be assigned to a tenant. Once the assosiation to a tenant is done, all the tenant's accounts' (aka cloud connectors) data is sent to that SIEM.
Authentication
See guide
Objects used with these APIs
SIEM
{
"is-deleted": boolean,
"created-at": timestamp, e.g. 1505657187.215,
"last-updated-at": timestamp, e.g. 1505657187.215,
"id": string, optional, if absent the id would be auto generated,
"tenant-id": string,
"name": string,
"description": string optional,
"host": string, IP or host of the SIEM,
"port": int,
"message-format": string enum, RFC_5424|RFC_3162,
"protocol": string enum, UDP|TCP|TLS
}
TestResult
{
"success": boolean,
"status": int, http status-like result. 200|400
"msg": string, unique message that was sent to the SIEM, e,g, "Device Vendor: [Skyformation], Message: [Test message number # [1796971490]]"
}
Get all SIEMs
GET /
Response:
200,
List<SIEM>
Get a SIEM
GET /{siem-id}
Response:
200,
SIEM
Add a SIEM
POST /
Body:
SIEM
w/o id
Response:
200,
SIEM
Update a SIEM
PUT /{siem-id}
Body:
SIEM
Response:
200
Delete a SIEM
DELETE /{siem-id}
Response:
200
Send test message to a SIEM
The SIEM being tested does not need to be a persisted one
POST /test
Body:
SIEM
Response:
200,
TestResult
400 if TCP or TLS and connection could not be established
Comments
0 comments
Please sign in to leave a comment.