UEBA

base_risk_check

UEBA alert risk score. Value can be a number between 0 and 100. Default value is 75. LogPoint classifies the risk scores into four different types: - Low Risk Score Range: 00 to 25 - Medium Risk Score Range: 26 to 50 - High Risk Score Range: 51 to 75 - Extreme Risk Score Range: 76 to 100 Mandatory Field

enable_history_service

Select this value as "true" to enable the history service to forward 30 days of historical data to UEBA. Default value is "true". You can enable the history service only once. Select the value as "false" for LogPoint to forward input data from the date you configure the repos. Optional Field

include_all_repos

Set this value as "true" to select all the repos for UEBA configurations. Either "include_all_repos" with value "true" or non-empty "source_repos" must be present while configuring UEBA Repos. Optional Field

source_repos

Repositories of the LogPoint Search Head and Distributed LogPoints for UEBA analysis. Optional Field

content_type

It can have values as CIDR, IP or HOSTNAME. Mandatory only when machine is entity_type_rb is selected as Machine. Optional Field

entity_group_name

The name of the entity group. Mandatory Field

entity_type_rb

The type of the entities in the group. It can either be User or Machine. Mandatory Field

source_field_name

Field from the selected enrichment source that can uniquely identify each entity. Mandatory Field

source_name

Name of the enrichment source used. Obtain the value of this parameter using EnrichmentSource - List API. Mandatory Field

source_type

The type of the enrichment source used for entity selection. It can be LDAP, CSV, or ODBC. Mandatory Field

uebafiltering

Array of key-value pair objects to filter the entities within the selected enrichment source. Each object in the array must include: - field_cb : Field from the selected enrichment source. - criteria_query : Query in the regex format. Optional Field

update_license_rg

Select True to update the selected entities every time the content of the enrichment source changes. Select False to never update the selected entities. Can have value as True or False only. Mandatory Field

content_type

It can have values as CIDR, IP or HOSTNAME. Mandatory only when machine is entity_type_rb is selected as Machine. Optional Field

entity_type_rb

The type of the entities in the group. It can either be User or Machine. Mandatory Field

id

Entity id to edit. Mandatory Field

source_field_name

Field from the selected enrichment source that can uniquely identify each entity. Mandatory Field

source_name

Name of the enrichment source used. Obtain the value of this parameter using EnrichmentSource - List API. Mandatory Field

source_type

The type of the enrichment source used for entity selection. It can be LDAP, CSV, or ODBC. Mandatory Field

uebafiltering

Array of key-value pair objects to filter the entities within the selected enrichment source. Each object in the array must include: - field_cb: Field from the selected enrichment source - criteria_query: Query in the regex format. Optional Field

update_license_rg

Select True to update the selected entities every time the content of the enrichment source changes. Select False to never update the selected entities. Can have value as True or False only. Mandatory Field

enable_ueba_mode

Value of the parameter can be true or false. Setting this value as "true" sends request to enable UEBA and vice-versa. Mandatory Field

id

Existing Entity id .

confirm_override

Select this value as "yes" to install the UEBA license with a different client ID. Value can be yes/no. Default value is "yes". Optional Field

file_location

Location of fabric storage where the UEBA license is uploaded. Can be either 'private' or 'public'. Mandatory Field

file_name

Name of the pak file containing UEBA license. Mandatory Field

id

Existing entity ID. Mandatory Field

file_name

Name of the file to be deleted. Mandatory Field

file_name

Name of the file to be deleted. Mandatory Field

priorities

Array of entity priorities where each object is a key-value pair of an entity and its priority. Each object in the array must include the following parameters: - name : Name of the entity - priority : Priority of the entity in number. 0 has the highest priority. The priority is used to discard an entity group when the selected entities exceed the number of licensed entities. By default, LogPoint prioritizes the entities on the basis of time they were added. Mandatory Field

file_name

Name of the file to be uploaded.

Content-Type

application/octet-stream

replace_existing

Set the value of this parameter as 'true' to replace the existing file with the same name with the new file. Default value is 'false'. Value can be 'true' or 'false'. Optional field

file

(pak) to be uploaded. Mandatory Field

file_name

Name of the file to be uploaded.

Content-Type

application/octet-stream

replace_existing

Set the value of this parameter as 'true' to replace the existing file with the same name. Default value is 'false'. Optional field

file

(pak) to be uploaded. Mandatory Field