Configuration APIs
Using Configuration APIs, you can configure and manage following entities in a Fabric-enabled Logpoint:
Devices
Device groups
Distributed Collectors
Normalization policies
Repos
Distributed LogPoints
Parsers
Enrichment sources
Enrichment policies
Routing policies
Processing policies
SNMP policies
LogCollection policies
RawSyslog forwarder
UEBA Settings
Devices API
Devices are the machines from which LogPoint collects logs.
Endpoint
Description
AddIgnoredIps
Adds a device to the ignored IP list.
Attach
Attaches devices on behalf of the collector LogPoint from the main LogPoint in a Distributed LogPoint setup.
Create
Creates a new device.
Detach
Detaches devices on behalf of the collector LogPoint from the main LogPoint in a Distributed LogPoint setup.
Edit
Edits the device configurations with the given ID.
Get
Fetches the device configurations with the given ID.
GetPlugins
Fetches the plugins with the given ID.
Install
Installs the given CSV file with device configurations.
List
Lists the devices.
ListBlockedIps
Lists the IPs of all the devices in the blocked IP list.
ListIgnoredIps
Lists the IPs of all the devices in the ignored IP list.
ListPrivateUploads
Lists the files from the private storage of the API.
ListPublicUploads
Lists the files from the public storage of the API.
RefreshBlockedIps
Updates the blocked IP list.
Trash
Deletes the device with the given ID.
TrashIgnoredIps
Removes the device IP of the given ID from the ignored IP list.
TrashPrivateUploads
Deletes the file with the given name from the private storage of the API.
TrashPublicUploads
Deletes the file with the given name from the public storage of the API.
Upload
Uploads the given file in the private storage of the API.
UploadPublic
Uploads the given file in the public storage of the API.
Devices - Install
Devices - ListPrivateUploads
Devices - ListPublicUploads
Devices - TrashPrivateUploads
Devices - TrashPublicUploads
Devices - Upload
Devices - UploadPublic
DeviceGroups API
Device Groups are a cluster of log collecting devices. One device can be associated with more than one device group.
Endpoint
Description
Create
Creates a new device group.
Edit
Edits the settings of the device group with the given ID.
Get
Fetches the device group with the given ID.
List
Lists the device groups.
Trash
Deletes the device group with the given ID.
DistributedCollectors API
The DistributedCollectors API allows you to activate, deactivate, and delete LogPoint Collectors of a Fabric-enabled LogPoint.
A LogPoint Collector collects logs from different sources, normalizes them against the signatures applied, and forwards them.
Endpoint
Description
Activate
Activates the distributed collector with the given ID.
Deactivate
Deactivates the distributed collector with the given ID.
Get
Fetches the distributed collector with the given ID.
List
Lists the distributed collectors.
RefreshList
Updates the distributed collectors data list.
Trash
Deletes the distributed collector with the given ID.
NormalizationPolicy API
Normalization policies determine the process through which data in the incoming logs are grouped into key-value pairs. Each normalization policy is a combination of one or more normalization packages.
Endpoint
Description
Create
Creates a new normalization policy.
Edit
Edits the settings of the normalization policy with the given ID.
Get
Fetches the normalization policy with the given ID.
List
Lists the normalization policies.
Trash
Deletes the normalization policy with the given ID.
Repos API
Repos (repositories) in a LogPoint collect streaming logs and store them securely. A single repo consists of one or more repo paths with their respective retention policies. The retainment of the logs in the repos depends on the retention policy.
Endpoint
Description
Create
Creates a new repo.
Edit
Updates the configuration settings of a repo with the given ID.
FetchRemoteRepos
Fetches the local and remote repos.
Get
Fetches the repo with the given ID.
List
Lists the repos.
ListRepoPaths
Lists the allowed repo paths created from LogPoint by the li-admin user.
RefreshRepoPaths
Syncs the repo path with LogPoint repo path.
Trash
Deletes the repo with the given ID.
DistributedLogPoints API
Using this API, you can connect multiple Fabric-enabled LogPoint instances and store their logs. You can monitor, configure, and analyze the logs on the connected machines.
Endpoint
Description
Create
Adds a distributed LogPoint.
Edit
Edits the distributed LogPoint settings with the given ID.
Get
Fetches the distributed LogPoint with the given ID.
List
Lists the distributed LogPoints.
RefreshList
Syncs the distributed LogPoint's data.
Trash
Deletes the distributed LogPoint with the given ID.
Parsers API
Parsers analyze the incoming log data and extract individual logs from them. These logs are then broken into smaller elements so that further processing can be done on each log separately.
Endpoint
Description
Check
Checks the regex pattern.
Create
Creates a new parser.
Edit
Edits the parser with the given ID.
Get
Fetches the parser with the given ID.
List
Lists the parsers.
Trash
Deletes the parser with the given ID.
EnrichmentSource API
An enrichment source maintains the data that a Fabric-enabled LogPoint can use to enrich its logs.
Endpoint
Description
Get
Fetches an enrichment source with the given ID.
List
Lists the enrichment sources.
RefreshList
Syncs the enrichment sources.
EnrichmentPolicy API
An enrichment policy is a set of enrichment specifications which consist of enrichment criteria and enrichment rules. The enrichment criteria are the conditions that must match the key-value pairs of the normalized event logs. Once the criteria are matched, the Fabric-enabled LogPoint uses the enrichment rules to enrich the logs.
Endpoint
Description
Create
Creates a new enrichment policy.
Edit
Edits the enrichment policy with the given ID.
Get
Fetches the enrichment policy with the given ID.
List
Lists the enrichment policies.
Trash
Deletes the enrichment policy with the given ID.
RoutingPolicies API
Routing policies allow you to selectively direct the incoming logs into different repos. You can perform routing by key-value match or key-present criteria.
Endpoint
Description
Create
Creates a new routing policy.
Edit
Edits the routing policy with the given ID.
Get
Fetches the routing policy with the given ID.
List
Lists the routing policies.
Trash
Deletes the routing policy with the given ID.
ProcessingPolicy API
A processing policy integrates a normalization policy, an enrichment policy, and a routing policy into a single policy. This method eliminates the need to add a normalization policy, an enrichment policy, and a routing policy every time you configure a collector or a fetcher.
Endpoint
Description
Create
Creates a new processing policy.
Edit
Edits the processing policy with the given ID.
Get
Fetches the processing policy with the given ID.
List
Lists the processing policies.
Trash
Deletes the processing policy with the given ID.
SNMPPolicy API
Endpoint
Description
Create
Creates a new SNMP policy.
Edit
Edits the SNMP policy with the given ID.
Get
Fetches the SNMP policy with the given ID.
List
Lists the SNMP policies.
Trash
Deletes the SNMP policy with the given ID.
LogCollectionPolicies API
Log Collection Policies are the rules that Fabric-enabled LogPoint uses to collect logs.
Endpoint
Description
Create
Creates a new log collection policy.
Edit
Edits the log collection policy with the given ID.
Get
Fetches the log collection policy with the given ID.
GetPlugins
Fetches the plugins that use the log collection policy with the given ID.
List
Lists the log collection policies.
Trash
Deletes the log collection policy with the given ID.
RawSyslogForwarder API
LogPoint collects and forwards the raw syslog messages from the devices to the targets. Raw Syslog Forwarder (RSF) collects logs from different sources and forwards the raw messages to a remote server. Refer to the Raw Syslog Forwarder section for more details.
Endpoint
Description
Create
Creates a new raw syslog forwarder device.
CreateTarget
Creates a new target.
Edit
Updates the existing configuration of the raw syslog forwarder with the given ID.
EditTarget
Edits the target settings with the given ID.
Get
Fetches the raw syslog forwarder with the given ID.
GetTarget
Fetches the target with the given ID.
List
Lists all raw syslog forwarders.
ListTarget
Lists all targets in the Fabric-enabled Logpoint.
Trash
Deletes the raw syslog fowarder with the given ID.
TrashTarget
Deletes the target with the given id.
UEBA API
Using the UEBA endpoints, you can:
Enable and disable UEBA,
Add UEBA license,
Select repos, alert logs, and entities for UEBA analysis, and
Monitor the health status and validation logs of the UEBA system.
User and Entity Behavior Analytics (UEBA) enables LogPoint to detect abnormal and risky behaviors by evaluating activities that differ from the previously set baselines. To learn more, see the UEBA guide.
Endpoint
Description
ConfigureAlertLogs
Configures risk score for UEBA alerts. LogPoint uses the risk score to categorize the UEBA anomalies based on their risk level.
ConfigureRepo
Adds the given repositories for UEBA analysis.
EnableUEBAMode
Enables or disables the UEBA configurations in the given LogPoint.
CreateEntity
Adds new entities for UEBA analysis.
EditEntity
Updates the UEBA entity with the given ID.
FetchHealthStatus
Returns UEBA's health status and validation information summary.
FetchUEBALicenseState
Returns the current status of the UEBA license in the given LogPoint.
FetchValidationReport
Returns the details of the violated logs for all data sources in the given LogPoint.
GetEntity
Fetches the details of the UEBA entity with the given ID.
InstallUEBALicense
Installs the UEBA license in the given LogPoint.
ListEntities
Returns an array of the UEBA entities' information.
ListPrivateUploads
Returns the list of the UEBA license package files available in the API server's private storage.
ListPublicUploads
Returns the list of the UEBA license package files available in the API server's public storage.
ListUEBAConfiguration
Returns the details of UEBA License consumption in the given LogPoint.
ListUEBALicenseInfo
Lists the details of the UEBA license currently used in the given LogPoint.
RefreshConfigurationLists
Syncs the UEBA configuration list in the API server with LogPoint's configuration list.
RefreshEntityLists
Syncs UEBA entity list in the API server with LogPoint's entity list.
TrashEntity
Deletes the UEBA entity with the given ID.
TrashPrivateUploads
Deletes the UEBA license with the given name from the API server's private storage.
TrashPublicUploads
Deletes the UEBA license with the given name from the API server's public storage.
UpdateEntityPriorities
Updates the UEBA entities' priorities.
Upload
Uploads the given UEBA license package file to the API server's private storage.
UploadPublic
Uploads the given UEBA license package file to the API server's public storage.
Last updated
Was this helpful?