NormalizationPackage
NormalizationPackage - AddSignature
Adds a new signature to the Normalization Package.
POST
https://api-server-host-name/configapi/{pool_UUID}/{logpoint_identifier}/NormalizationPackage/SignaturesParameters
package_id
-
String
ID of the normalization package. Mandatory Field
extra_key_value
Key Values
json
Add extra key value pair to the normalized log. Optional Field
replace_key_value
Replace Keys
json
Replace the name of the keys. Optional Field
pattern
Pattern
String
Pattern of the signature. Mandatory Field
example
Example
String
Example of the log to be matched with the newsignature parameter. Optional Field
Request Example
{
"data": {
"package_id": "574fceedd8aaa40740736302",
"extra_key_value": {
"label": "Sonic,Firewall,Notice",
"norm_id": "SonicFirewall"
},
"replace_key_value": {
"label": "Sonic",
"norm_id": "SonicFirewall"
},
"pattern": "user<user:word><action:all>from source<source_address:ip>",
"example": "user Bob logged in from source 192.168.2.10"
}
}Success Response
NormalizationPackage - CheckPattern
Check if the pattern matches with the example.
POST
Parameters
pattern
Pattern
String
Pattern of the signature. Mandatory Field
example
Example
String
Example of the log. Mandatory Field
Request Example
Success Response
NormalizationPackage - ClonePackage
Clone the normalization package.
POST
Parameters
clone_name
CHOOSE NEW NAMES
String
Name of the package to be cloned. Mandatory Field
replace
Replace Existing?
String
Set value as “on”(exact) to replace an existing package with the same name. Optional Field
package_id
-
String
ID of the normalization package which should be cloned. Mandatory Field
Request Example
Success Response
NormalizationPackage - Create
Adds a new Normalization Package.
POST
Parameters
name
Name
String
Name of the Normalization Package. The value of the name field must be unique alphanumeric values with hyphen (-) and underscore () characters, and it must not begin or end with a white space character, hyphen (-) and an underscore () . The total length has to be between 2 and 100 characters. Mandatory Field
description
Description
String
Description of the normalization package. Optional Field
Request Example
Success Response
NormalizationPackage - Edit
Edits a Normalization Package with given ID.
PUT
Parameters
description
Description
String
Description of the normalization package. Optional Field
unused_signatures
-
[Integer]
List of the signature id(s) to be unused. Optional Field
order
-
[Integer]
List of all signature id(s) in the desired order. Optional Field
id
-
String
Existing normalization package id. Mandatory Field
Request Example
Success Response
NormalizationPackage - EditSignature
Edit a signature of the given normalization package.
PUT
Parameters
id
-
int
ID of the signature. Mandatory Field
extra_key_value
Key Values
json
Add extra key value pair to the normalized log. Optional Field
replace_key_value
Replace Values
json
Replace the name of the field. Optional Field
pattern
Pattern
String
Pattern of the signature. Mandatory Field
example
Example
String
Example of the log. Optional Field
Request Example
Success Response
NormalizationPackage - Get
Fetches a Normalization Package with given ID.
GET
Parameters
id
-
String
Existing normalization package id.
Success Response
NormalizationPackage - Install
Install a given normalization package pak file.
POST
Parameters
file_name
Normalization Package
String
Name of the pak file for normalization package. Mandatory Field
file_location
-
String
Location of the file to install. Can be either 'private' or 'public'. Mandatory Field
Request Example
Success Response
List
Lists all Normalization Packages.
GET
Success Response
NormalizationPackage - ListCompiledNormalizers
Lists all Compiled Normalizers installed in the LogPoint.
GET
Success Response
NormalizationPackage - ListPrivateUploads
List all the pak files that contain normalization package in private storage.
GET
Success Response
NormalizationPackage - ListPublicUploads
List all the pak files that contain normalization package in public storage.
GET
Success Response
NormalizationPackage - RefreshCompiledNormalizersList
Updates the CompiledNormalizers list to ensure consistency with the updated compiled normalizers list in Logpoint.
POST
Request Example
Success Response
NormalizationPackage - ReorderSignature
Reorder signatures of given normalization package.
POST
Parameters
id
ID
String
Existing Normalization Package id. Mandatory Field
order
-
[Integer]
List of all signatures id(s) in the desired order. Mandatory Field
Request Example
Success Response
NormalizationPackage - Trash
Deletes a Normalization Package with given ID.
DELETE
Parameters
id
-
String
Existing normalization package id. Mandatory Field
Success Response
NormalizationPackage - TrashPrivateUploads
Delete the file with given name from private storage.
DELETE
Parameters
file_name
String
Name of the file to be deleted. Mandatory Field
Success Response
NormalizationPackage - TrashPublicUploads
Delete the file with given name from public storage.
DELETE
Parameters
file_name
String
Name of the file to be deleted. Mandatory Field
Success Response
NormalizationPackage - TrashSignature
Delete a signature with given ID.
DELETE
Parameters
id
-
int
Existing signature id. Mandatory Field
Success Response
NormalizationPackage - UnuseSignature
Unuse given signatures of given normalization package.
POST
Parameters
unused_signatures
-
[Integer]
List of the signature id(s) to be unused. Optional Field
id
ID
String
Existing normalization package id. Mandatory Field
Request Example
Success Response
NormalizationPackage - Upload
Upload pak files that contain normalization package to private storage. This upload should be used for normalization packages only.
POST
Headers
file_name
Name of the file to be uploaded.
Content-Type
application/octet-stream
replace_existing
Set the value of this parameter as 'true' to replace the existing file with the same name with the new file. Default value is 'false'. Value can be 'true' or 'false'. Optional field
Parameters
file
-
[Object]
(pak) to be uploaded. Mandatory Field
Success Response
NormalizationPackage - UploadPublic
Upload pak files that contain normalization package to public storage. This upload should be used for normalization packages only.
POST
Headers
file_name
Name of the file to be uploaded.
Content-Type
application/octet-stream
replace_existing
Set the value of this parameter as 'true' to replace the existing file with the same name with the new file. Default value is 'false'. Value can be 'true' or 'false'. Optional field
Parameters
file
-
[Object]
(pak) to be uploaded. Mandatory Field
Success Response
Last updated
Was this helpful?