UEBA
UEBA - ConfigureAlertLogs
Configures the UEBA alerts risk score which is used to categorize the UEBA anomalies based on their risk level.
POST
https://api-server-host-name/configapi/{pool_UUID}/{logpoint_identifier}/UEBA/configureAlertParameters
base_risk_check
ALERT LOGS CONFIGURATION
int
UEBA alert risk score. Value can be a number between 0 and 100. Default value is 75. LogPoint classifies the risk scores into four different types: - Low Risk Score Range: 00 to 25 - Medium Risk Score Range: 26 to 50 - High Risk Score Range: 51 to 75 - Extreme Risk Score Range: 76 to 100 Mandatory Field
Request Example
{
"data": {
"base_risk_check": 46
}
}Success Response
{
"status": "Success",
"message": "/monitorapi/{pool_UUID}/{logpoint_identifier}/orders/{request_id}"
}UEBA - ConfigureRepo
Adds the repositories for UEBA analysis. You can also enable the history service to forward 30 days of historical data to UEBA.
POST
Parameters
enable_history_service
Enable history service
boolean
Select this value as "true" to enable the history service to forward 30 days of historical data to UEBA. Default value is "true". You can enable the history service only once. Select the value as "false" for LogPoint to forward input data from the date you configure the repos. Optional Field
include_all_repos
-
boolean
Set this value as "true" to select all the repos for UEBA configurations. Either "include_all_repos" with value "true" or non-empty "source_repos" must be present while configuring UEBA Repos. Optional Field
source_repos
SELECT REPOS
[String]
Repositories of the LogPoint Search Head and Distributed LogPoints for UEBA analysis. Optional Field
Request Example
Success Response
UEBA - CreateEntity
Adds new entities for UEBA analysis.
POST
Parameters
content_type
Content Type
String
It can have values as CIDR, IP or HOSTNAME. Mandatory only when machine is entity_type_rb is selected as Machine. Optional Field
entity_group_name
CREATE ENTITY
String
The name of the entity group. Mandatory Field
entity_type_rb
Users/Machines
String
The type of the entities in the group. It can either be User or Machine. Mandatory Field
source_field_name
Select the field name that can uniquely identify Users
String
Field from the selected enrichment source that can uniquely identify each entity. Mandatory Field
source_name
Name
String
Name of the enrichment source used. Obtain the value of this parameter using EnrichmentSource - List API. Mandatory Field
source_type
Source Type
String
The type of the enrichment source used for entity selection. It can be LDAP, CSV, or ODBC. Mandatory Field
uebafiltering
Entities filtering
[json]
Array of key-value pair objects to filter the entities within the selected enrichment source. Each object in the array must include: - field_cb : Field from the selected enrichment source. - criteria_query : Query in the regex format. Optional Field
update_license_rg
Yes/No
boolean
Select True to update the selected entities every time the content of the enrichment source changes. Select False to never update the selected entities. Can have value as True or False only. Mandatory Field
Request Example
Success Response
UEBA - EditEntity
Edit the UEBA entities with the given ID.
PUT
Parameters
content_type
Content Type
String
It can have values as CIDR, IP or HOSTNAME. Mandatory only when machine is entity_type_rb is selected as Machine. Optional Field
entity_type_rb
Users/Machines
String
The type of the entities in the group. It can either be User or Machine. Mandatory Field
id
-
String
Entity id to edit. Mandatory Field
source_field_name
Select the field name that can uniquely identify Users
String
Field from the selected enrichment source that can uniquely identify each entity. Mandatory Field
source_name
Name
String
Name of the enrichment source used. Obtain the value of this parameter using EnrichmentSource - List API. Mandatory Field
source_type
Source Type
String
The type of the enrichment source used for entity selection. It can be LDAP, CSV, or ODBC. Mandatory Field
uebafiltering
Entities filtering
[json]
Array of key-value pair objects to filter the entities within the selected enrichment source. Each object in the array must include: - field_cb: Field from the selected enrichment source - criteria_query: Query in the regex format. Optional Field
update_license_rg
Yes/No
boolean
Select True to update the selected entities every time the content of the enrichment source changes. Select False to never update the selected entities. Can have value as True or False only. Mandatory Field
Request Example
Success Response
UEBA - EnableUEBAMode
Enables or disables the UEBA configuration in the given LogPoint.
POST
Parameters
enable_ueba_mode
ENABLE UEBA
boolean
Value of the parameter can be true or false. Setting this value as "true" sends request to enable UEBA and vice-versa. Mandatory Field
Request Example
Success Response
UEBA - FetchHealthStatus
Fetches the health status and validation information of the UEBA.
POST
Request Example
Success Response
UEBA - FetchUEBALicenseState
Returns the details of UEBA License consumption in the given LogPoint.
POST
Request Example
Success Response
UEBA - FetchValidationReport
Fetches the validation report of the UEBA.
POST
Request Example
Success Response
UEBA - GetEntity
Fetches the details of the UEBA entity with the given ID.
GET
Parameters
id
-
String
Existing Entity id .
Success Response
UEBA - InstallUEBALicense
Installs the UEBA license.
POST
Parameters
confirm_override
-
String
Select this value as "yes" to install the UEBA license with a different client ID. Value can be yes/no. Default value is "yes". Optional Field
file_location
-
String
Location of fabric storage where the UEBA license is uploaded. Can be either 'private' or 'public'. Mandatory Field
file_name
-
String
Name of the pak file containing UEBA license. Mandatory Field
Request Example
Success Response
UEBA - ListEntities
Returns a list of all the UEBA entities information.
GET
Success Response
UEBA - ListPrivateUploads
Lists the UEBA license package files available in the private storage.
GET
Success Response
UEBA - ListPublicUploads
Lists the UEBA license package files available in public storage.
GET
Success Response
UEBA - ListUEBAConfiguration
Lists all the UEBA configurations in the LogPoint.
GET
Success Response
UEBA - ListUEBALicenseInfo
Lists the details of the UEBA license currently used in the given LogPoint.
GET
Success Response
UEBA - RefreshUEBAConfigurationLists
Syncs the current UEBA Configuration List with LogPoint's Configuration List.
POST
Request Example
Success Response
UEBA - RefreshUEBAEntityLists
Syncs the current UEBA Entity List with LogPoint's Entity List.
POST
Request Example
Success Response
UEBA - TrashEntity
Delete a UEBA entity with the given ID.
DELETE
Parameters
id
-
String
Existing entity ID. Mandatory Field
Success Response
UEBA - TrashPrivateUploads
Deletes the UEBA license with the given name from private storage.
DELETE
Parameters
file_name
String
Name of the file to be deleted. Mandatory Field
Success Response
UEBA - TrashPublicUploads
Deletes the UEBA license with the given name from public storage.
DELETE
Parameters
file_name
String
Name of the file to be deleted. Mandatory Field
Success Response
UEBA - UpdateEntityPriorities
Updates the UEBA entities priorities.
POST
Parameters
priorities
UPDATE PRIORITIES
[json]
Array of entity priorities where each object is a key-value pair of an entity and its priority. Each object in the array must include the following parameters: - name : Name of the entity - priority : Priority of the entity in number. 0 has the highest priority. The priority is used to discard an entity group when the selected entities exceed the number of licensed entities. By default, LogPoint prioritizes the entities on the basis of time they were added. Mandatory Field
Request Example
Success Response
UEBA - Upload
Uploads UEBA license package files to private storage. This upload should be used for UEBA only.
POST
Headers
file_name
Name of the file to be uploaded.
Content-Type
application/octet-stream
replace_existing
Set the value of this parameter as 'true' to replace the existing file with the same name with the new file. Default value is 'false'. Value can be 'true' or 'false'. Optional field
Parameters
file
-
[Object]
(pak) to be uploaded. Mandatory Field
Success Response
UEBA - UploadPublic
Uploads UEBA license package files to public storage. This upload should be used for UEBA only.
POST
Headers
file_name
Name of the file to be uploaded.
Content-Type
application/octet-stream
replace_existing
Set the value of this parameter as 'true' to replace the existing file with the same name. Default value is 'false'. Optional field
Parameters
file
-
[Object]
(pak) to be uploaded. Mandatory Field
Success Response
Last updated
Was this helpful?