Page Contents

NormalizationPackage

NormalizationPackage¶

NormalizationPackage - AddSignature¶

Adds a new signature to the Normalization Package.

POST

https://api-server-host-name/configapi/{pool_UUID}/{logpoint_identifier}/NormalizationPackage/Signatures

Parameter

Field	Label in UI	Type	Description
package_id	-	String	ID of the normalization package. Mandatory Field
extra_key_value	Key Values	json	Add extra key value pair to the normalized log. Optional Field
replace_key_value	Replace Keys	json	Replace the name of the keys. Optional Field
pattern	Pattern	String	Pattern of the signature. Mandatory Field
example	Example	String	Example of the log to be matched with the newsignature parameter. Optional Field

Request Example

{
    "data": {
        "package_id": "574fceedd8aaa40740736302",
        "extra_key_value": {
            "label": "Sonic,Firewall,Notice",
            "norm_id": "SonicFirewall"
        },
        "replace_key_value": {
            "label": "Sonic",
            "norm_id": "SonicFirewall"
        },
        "pattern": "user<user:word><action:all>from source<source_address:ip>",
        "example": "user Bob logged in from source 192.168.2.10"
    }
}

Success Response

{
    "status": "Success",
    "message": "/monitorapi/{pool_UUID}/{logpoint_identifier}/orders/{request_id}"
}

NormalizationPackage - CheckPattern¶

Check if the pattern matches with the example

POST

https://api-server-host-name/configapi/{pool_UUID}/{logpoint_identifier}/NormalizationPackage/checkPattern

Parameter

Field	Label in UI	Type	Description
pattern	Pattern	String	Pattern of the signature. Mandatory Field
example	Example	String	Example of the log. Mandatory Field

Request Example

{
    "data": {
        "pattern": "&lt;:all&gt;&lt;process:'kernel'&gt;&lt;:all&gt;&lt;object:'logging'&gt;&lt;:all&gt;&lt;action:'stopped'&gt;",
        "example": "Jun 1 22:20:05 secserv kernel: Kernel logging (proc) stopped."
    }
}

Success Response

{
    "status": "Success",
    "message": "/monitorapi/{pool_UUID}/{logpoint_identifier}/orders/{request_id}"
}

NormalizationPackage - ClonePackage¶

Clone the normalization package

POST

https://api-server-host-name/configapi/{pool_UUID}/{logpoint_identifier}/NormalizationPackage/clonePackage

Parameter

Field	Label in UI	Type	Description
clone_name	CHOOSE NEW NAMES	String	Name of the package to be cloned. Mandatory Field
replace	Replace Existing?	String	Set value as “on”(exact) to replace an existing package with the same name. Optional Field
package_id	-	String	ID of the normalization package which should be cloned. Mandatory Field

Request Example

{
    "data": {
        "clone_name": "package_clone",
        "replace": "on",
        "package_id": "5bd56ce6d8aaa414dc86587d"
    }
}

Success Response

{
    "status": "Success",
    "message": "/monitorapi/{pool_UUID}/{logpoint_identifier}/orders/{request_id}"
}

NormalizationPackage - Create¶

Adds a new Normalization Package.

POST

https://api-server-host-name/configapi/{pool_UUID}/{logpoint_identifier}/NormalizationPackage

Parameter

Field	Label in UI	Type	Description
name	Name	String	Name of the Normalization Package. The value of the name field must be unique alphanumeric values with hyphen (-) and underscore (_) characters, and it must not begin or end with a white space character, hyphen (-) and an underscore (_) . The total length has to be between 2 and 100 characters. Mandatory Field
description	Description	String	Description of the normalization package. Optional Field

Request Example

{
    "data": {
        "name": "LP_LogPoint",
        "description": "LogPoint System"
    }
}

Success Response

{
    "status": "Success",
    "message": "/monitorapi/{pool_UUID}/{logpoint_identifier}/orders/{request_id}"
}

NormalizationPackage - Edit¶

Edits a Normalization Package with given ID

PUT

https://api-server-host-name/configapi/{pool_UUID}/{logpoint_identifier}/NormalizationPackage/{id}

Parameter

Field	Label in UI	Type	Description
description	Description	String	Description of the normalization package. Optional Field
unused_signatures	-	[Integer]	List of the signature id(s) to be unused. Optional Field
order	-	[Integer]	List of all signature id(s) in the desired order. Optional Field
id	-	String	Existing normalization package id . Mandatory Field

Request Example

{
    "data": {
        "description": "LogPoint System",
        "unused_signatures": [
            500004,
            500005,
            500006
        ],
        "order": [
            500009,
            500010,
            500011,
            500003
        ]
    }
}

Success Response

{
    "status": "Success",
    "message": "/monitorapi/{pool_UUID}/{logpoint_identifier}/orders/{request_id}"
}

NormalizationPackage - EditSignature¶

Edit a signature of the given normalization package

PUT

https://api-server-host-name/configapi/{pool_UUID}/{logpoint_identifier}/NormalizationPackage/Signatures/{id}

Parameter

Field	Label in UI	Type	Description
id	-	int	ID of the signature. Mandatory Field
extra_key_value	Key Values	json	Add extra key value pair to the normalized log. Optional Field
replace_key_value	Replace Values	json	Replace the name of the field. Optional Field
pattern	Pattern	String	Pattern of the signature. Mandatory Field
example	Example	String	Example of the log. Optional Field

Request Example

{
    "data": {
        "extra_key_value": {
            "label": "Sonic,Firewall,Notice",
            "norm_id": "SonicFirewall"
        },
        "replace_key_value": {
            "label": "Sonic",
            "norm_id": "SonicFirewall"
        },
        "pattern": "user<user:word><action:all>from source<source_address:ip>",
        "example": "user Bob logged in from source 192.168.2.10"
    }
}

Success Response

{
    "status": "Success",
    "message": "/monitorapi/{pool_UUID}/{logpoint_identifier}/orders/{request_id}"
}

NormalizationPackage - Get¶

Fetches a Normalization Package with given ID.

GET

https://api-server-host-name/configapi/{pool_UUID}/{logpoint_identifier}/NormalizationPackage/{id}

Parameter

Field	Label in UI	Type	Description
id	-	String	Existing normalization package id .

Success Response

{
    "signatures": [
        {
            "kb_version": [
                "2"
            ],
            "hash": "4bc60c361723ce6ba26249a3ecb822b9",
            "package_name": "LP_LogPointAlerts",
            "vid": "SIG_40002",
            "pattern": "&lt;process:'config'&gt;&lt;:all&gt;&lt;action:'loaded'&gt;&lt;object:'resource data'&gt;from&lt;path:all_max&gt;/&lt;file:all_max&gt;",
            "extra_key_value": {
                "norm_id": "vShieldEdgeLoadBalancer",
                "label": "Resource,Load"
            },
            "which_norm_package": 80,
            "unused": true,
            "replace_key_value": {},
            "sig_id": 40002,
            "example": "<30>Mar 7 04:20:40 vShieldEdge config: INFO :: CONFIG_MGR :: loaded resource data from /var/db/vre/vseld/vse_one/config_se.psf"
        }
    ],
    "name": "LP_LogPointAlerts",
    "vid": "NORMPACKAGE_771",
    "unused_signatures": [
        40010
    ],
    "last_sig_id": 405001,
    "active": true,
    "version": 3,
    "share_is": false,
    "tid": "",
    "fields_info": [],
    "type": "vendor",
    "id": "594b8e0ed8aaa46207ac6309",
    "description": "LogPoint Alert Triggered Incident"
}

NormalizationPackage - Install¶

Install a given normalization package pak file

POST

https://api-server-host-name/configapi/{pool_UUID}/{logpoint_identifier}/NormalizationPackage/install

Parameter

Field	Label in UI	Type	Description
file_name	Normalization Package	String	Name of the pak file for normalization package. Mandatory Field
file_location	-	String	Location of the file to install. Can be either ‘private’ or ‘public’. Mandatory Field

Request Example

{
    "data": {
        "file_name": "normpackage_1.pak",
        "file_location": "private"
    }
}

Success Response

{
    "status": "Success",
    "message": "/monitorapi/{pool_UUID}/{logpoint_identifier}/orders/{request_id}"
}

NormalizationPackage - List¶

Lists all Normalization Packages.

GET

https://api-server-host-name/configapi/{pool_UUID}/{logpoint_identifier}/NormalizationPackage

Success Response

[
    {
        "signatures": [
            {
                "kb_version": [
                    "2"
                ],
                "hash": "4bc60c361723ce6ba26249a3ecb822b9",
                "package_name": "LP_LogPointAlerts",
                "vid": "SIG_40002",
                "pattern": "&lt;process:'config'&gt;&lt;:all&gt;&lt;action:'loaded'&gt;&lt;object:'resource data'&gt;from&lt;path:all_max&gt;/&lt;file:all_max&gt;",
                "extra_key_value": {
                    "norm_id": "vShieldEdgeLoadBalancer",
                    "label": "Resource,Load"
                },
                "which_norm_package": 80,
                "unused": true,
                "replace_key_value": {},
                "sig_id": 40002,
                "example": "<30>Mar 7 04:20:40 vShieldEdge config: INFO :: CONFIG_MGR :: loaded resource data from /var/db/vre/vseld/vse_one/config_se.psf"
            }
        ],
        "name": "LP_LogPointAlerts",
        "vid": "NORMPACKAGE_771",
        "unused_signatures": [
            40010
        ],
        "last_sig_id": 405001,
        "active": true,
        "version": 3,
        "share_is": false,
        "tid": "",
        "fields_info": [],
        "type": "vendor",
        "id": "594b8e0ed8aaa46207ac6309",
        "description": "LogPoint Alert Triggered Incident"
    },
    {
        "signatures": [
            {
                "kb_version": [
                    "2"
                ],
                "hash": "4bc60c361723ce6ba26249a3ecb822b9",
                "package_name": "LP_vShield Edge LoadBalancer",
                "vid": "SIG_40002",
                "pattern": "&lt;:all&gt;&lt;process:'kernel'&gt;&lt;:all&gt;&lt;object:'logging'&gt;&lt;:all&gt;&lt;action:'stopped'&gt;",
                "extra_key_value": {
                    "norm_id": "vShieldEdgeLoadBalancer",
                    "label": "Resource,Load"
                },
                "which_norm_package": 82,
                "unused": false,
                "replace_key_value": {},
                "sig_id": 40010,
                "example": "Jun 1 22:20:05 secserv kernel: Kernel logging (proc) stopped."
            }
        ],
        "name": "LP_vShield Edge LoadBalancer",
        "vid": "NORMPACKAGE_761",
        "unused_signatures": [],
        "last_sig_id": 405010,
        "active": true,
        "version": 3,
        "share_is": false,
        "tid": "",
        "fields_info": [],
        "id": "694b8e0ed8aaa46227ac6309",
        "type": "vendor",
        "description": "Edge LoadBalancer"
    }
]

NormalizationPackage - ListCompiledNormalizers¶

Lists all Compiled Normalizers installed in the LogPoint

GET

https://api-server-host-name/configapi/{pool_UUID}/{logpoint_identifier}/NormalizationPackage/CompiledNormalizers

Success Response

[
    {
        "version": "3.3.0",
        "name": "CheckPointOpsecCompiledNormalizer"
    },
    {
        "version": "3.3.0",
        "name": "CheckPointInfinityCompiledNormalizer"
    },
    {
        "version": "3.0.0.1",
        "name": "RubrikCompiledNormalizer"
    },
    {
        "version": "3.0.0.1",
        "name": "PaloAltoCompiledNormalizer"
    }
]

NormalizationPackage - ListPrivateUploads¶

List all the pak files that contains normalization package in private storage

GET

https://api-server-host-name/configapi/{pool_UUID}/NormalizationPackage/list

Success Response

[
    "normpackage_1.pak"
]

NormalizationPackage - ListPublicUploads¶

List all the pak files that contains normalization package in public storage

GET

https://api-server-host-name/configapi/NormalizationPackage/list

Success Response

[
    "normpackage_1.pak"
]

NormalizationPackage - RefreshCompiledNormalizersList¶

Updates the CompiledNormalizers list to ensure consistency with the updated compiled normalizers list in Logpoint.

POST

https://api-server-host-name/configapi/{pool_UUID}/{logpoint_identifier}/NormalizationPackage/CompiledNormalizers/refreshlist

Request Example

{
    "data": {}
}

Success Response

{
    "status": "Success",
    "message": "/monitorapi/{pool_UUID}/{logpoint_identifier}/orders/{request_id}"
}

NormalizationPackage - ReorderSignature¶

Reorder signatures of given normalization package

POST

https://api-server-host-name/configapi/{pool_UUID}/{logpoint_identifier}/NormalizationPackage/{id}/reorderSignatures

Parameter

Field	Label in UI	Type	Description
id	ID	String	Existing Normalization Package id . Mandatory Field
order	-	[Integer]	List of all signatures id(s) in the desired order. Mandatory Field

Request Example

Success Response

{
    "status": "Success",
    "message": "/monitorapi/{pool_UUID}/{logpoint_identifier}/orders/{request_id}"
}

NormalizationPackage - Trash¶

Deletes a Normalization Package with given ID

DELETE

https://api-server-host-name/configapi/{pool_UUID}/{logpoint_identifier}/NormalizationPackage/{id}

Parameter

Field	Label in UI	Type	Description
id	-	String	Existing normalization package id. Mandatory Field

Success Response

{
    "status": "Success",
    "message": "/monitorapi/{pool_UUID}/{logpoint_identifier}/orders/{request_id}"
}

NormalizationPackage - TrashPrivateUploads¶

Delete the file with given name from private storage

DELETE

https://api-server-host-name/configapi/{pool_UUID}/NormalizationPackage/{file_name}

Parameter

Field	Label in UI	Type	Description
file_name		String	Name of the file to be deleted. Mandatory Field

Success Response

{
    "status": "Success",
    "message": "normpackage_1.pak successfully deleted"
}

NormalizationPackage - TrashPublicUploads¶

Delete the file with given name from public storage

DELETE

https://api-server-host-name/configapi/NormalizationPackage/{file_name}

Parameter

Field	Label in UI	Type	Description
file_name		String	Name of the file to be deleted. Mandatory Field

Success Response

{
    "status": "Success",
    "message": "normpackage_1.pak successfully deleted"
}

NormalizationPackage - TrashSignature¶

Delete a signature with given ID

DELETE

https://api-server-host-name/configapi/{pool_UUID}/{logpoint_identifier}/NormalizationPackage/Signatures/{id}

Parameter

Field	Label in UI	Type	Description
id	-	int	Existing signature id. Mandatory Field

Success Response

{
    "status": "Success",
    "message": "/monitorapi/{pool_UUID}/{logpoint_identifier}/orders/{request_id}"
}

NormalizationPackage - UnuseSignature¶

Unuse given signatures of given normalization package

POST

https://api-server-host-name/configapi/{pool_UUID}/{logpoint_identifier}/NormalizationPackage/{id}/unuseSignatures

Parameter

Field	Label in UI	Type	Description
unused_signatures	-	[Integer]	List of the signature id(s) to be unused. Optional Field
id	ID	String	Existing normalization package id. Mandatory Field

Request Example

{
    "data": {
        "unused_signatures": [
            500004,
            500005,
            500006
        ]
    }
}

Success Response

{
    "status": "Success",
    "message": "/monitorapi/{pool_UUID}/{logpoint_identifier}/orders/{request_id}"
}

NormalizationPackage - Upload¶

Upload pak files that contains normalization package to private storage. This upload should be used for normalization package only.

POST

https://api-server-host-name/configapi/{pool_UUID}/NormalizationPackage/upload

Header

Field	Label in UI	Description
file_name		Name of the file to be uploaded.
Content-Type		application/octet-stream
replace_existing		Set the value of this parameter as ‘true’ to replace the existing file with the same name with the new file. Default value is ‘false’. Value can be ‘true’ or ‘false’. Optional field

Parameter

Field	Label in UI	Type	Description
file	-	[Object]	(pak) to be uploaded. Mandatory Field

Success Response

{
    "status": "Success",
    "message": "normpackage_1.pak successfully uploaded in private storage. "
}

NormalizationPackage - UploadPublic¶

Upload pak files that contains normalization package to to public storage. This upload should be used for normalization package only.

POST

https://api-server-host-name/configapi/NormalizationPackage/publicupload

Header

Field	Label in UI	Description
file_name		Name of the file to be uploaded.
Content-Type		application/octet-stream
replace_existing		Set the value of this parameter as ‘true’ to replace the existing file with the same name with the new file. Default value is ‘false’. Value can be ‘true’ or ‘false’. Optional field

Parameter

Field	Label in UI	Type	Description
file	-	[Object]	(pak) to be uploaded. Mandatory Field

Success Response

{
    "status": "Success",
    "message": "normpackage_1.pak successfully uploaded in public storage."
}

Helpful?