UEBA
UEBA - CreateEntity
Adds new entities for UEBA analysis.
POST
https://api-server-host-name/configapi/{pool_UUID}/{logpoint_identifier}/UEBA/UEBAEntitySelections
Parameter
Field |
Label in UI |
Type |
Description |
|---|
content_type |
Content Type |
String |
It can have values as CIDR, IP or HOSTNAME. Mandatory only when machine is entity_type_rb is selected as Machine. Optional Field |
entity_group_name |
CREATE ENTITY |
String |
The name of the entity group. Mandatory Field |
entity_type_rb |
Users/Machines |
String |
The type of the entities in the group. It can either be User or Machine. Mandatory Field |
source_field_name |
Select the field name that can uniquely identify Users |
String |
Field from the selected enrichment source that can uniquely identify each entity. Mandatory Field |
source_name |
Name |
String |
Name of the enrichment source used. Obtain the value of this parameter using EnrichmentSource - List API. Mandatory Field |
source_type |
Source Type |
String |
The type of the enrichment source used for entity selection. It can be LDAP, CSV, or ODBC. Mandatory Field |
uebafiltering |
Entities filtering |
[json] |
- Array of key-value pair objects to filter the entities within the selected enrichment source. Each object in the array must include the following parameters:
-
Optional Field
|
update_license_rg |
Yes/No |
boolean |
Select True to update the selected entities every time the content of the enrichment source changes. Select False to never update the selected entities. Can have value as True or False only. Mandatory Field |
Request Example
{
"data": {
"content_type": "CIDR",
"entity_group_name": "entity1",
"entity_type_rb": "Machine",
"source_field_name": "device_ips",
"source_name": "csv1",
"source_type": "CSV",
"uebafiltering": [
{
"criteria_query": "fabric",
"field_cb": "device_name"
}
],
"update_license_rg": "true"
}
}
Success Response
{
"status": "Success",
"message": "/monitorapi/{pool_UUID}/{logpoint_identifier}/orders/{request_id}"
}
UEBA - EditEntity
Edit the UEBA entities with the given ID.
PUT
https://api-server-host-name/configapi/{pool_UUID}/{logpoint_identifier}/UEBA/UEBAEntitySelections/{id}
Parameter
Field |
Label in UI |
Type |
Description |
|---|
content_type |
Content Type |
String |
It can have values as CIDR, IP or HOSTNAME. Mandatory only when machine is entity_type_rb is selected as Machine. Optional Field |
entity_type_rb |
Users/Machines |
String |
The type of the entities in the group. It can either be User or Machine. Mandatory Field |
id |
- |
String |
Entity id to edit. Mandatory Field |
source_field_name |
Select the field name that can uniquely identify Users |
String |
Field from the selected enrichment source that can uniquely identify each entity. Mandatory Field |
source_name |
Name |
String |
Name of the enrichment source used. Obtain the value of this parameter using EnrichmentSource - List API. Mandatory Field |
source_type |
Source Type |
String |
The type of the enrichment source used for entity selection. It can be LDAP, CSV, or ODBC. Mandatory Field |
uebafiltering |
Entities filtering |
[json] |
- Array of key-value pair objects to filter the entities within the selected enrichment source. Each object in the array must include the following parameters:
-
Optional Field
|
update_license_rg |
Yes/No |
boolean |
Select True to update the selected entities every time the content of the enrichment source changes. Select False to never update the selected entities. Can have value as True or False only. Mandatory Field |
Request Example
{
"data": {
"content_type": "CIDR",
"entity_type_rb": "Machine",
"source_field_name": "device_ips",
"source_name": "csv1",
"source_type": "CSV",
"uebafiltering": [
{
"criteria_query": "fabric",
"field_cb": "device_name"
}
],
"update_license_rg": "true"
}
}
Success Response
{
"status": "Success",
"message": "/monitorapi/{pool_UUID}/{logpoint_identifier}/orders/{request_id}"
}
UEBA - EnableUEBAMode
Enables or disables the UEBA configuration in the given LogPoint.
POST
https://api-server-host-name/configapi/{pool_UUID}/{logpoint_identifier}/UEBA/UEBAConfigurations
Parameter
Field |
Label in UI |
Type |
Description |
|---|
enable_ueba_mode |
ENABLE UEBA |
boolean |
Value of the parameter can be true or false. Setting this value as “true” sends request to enable UEBA and vice-versa. Mandatory Field |
Request Example
{
"data": {
"enable_ueba_mode": "true"
}
}
Success Response
{
"status": "Success",
"message": "/monitorapi/{pool_UUID}/{logpoint_identifier}/orders/{request_id}"
}
UEBA - FetchHealthStatus
Fetches the health status and validation information of the UEBA.
POST
https://api-server-host-name/configapi/{pool_UUID}/{logpoint_identifier}/UEBA/UEBAHealth/fetch
Request Example
Success Response
{
"status": "Success",
"message": "/monitorapi/{pool_UUID}/{logpoint_identifier}/orders/{request_id}/{data_node}"
}
UEBA - FetchUEBALicenseState
Returns the details of UEBA License consumption in the given LogPoint.
POST
https://api-server-host-name/configapi/{pool_UUID}/{logpoint_identifier}/UEBA/UEBALicenseInfo/fetch
Request Example
Success Response
{
"status": "Success",
"message": "/monitorapi/{pool_UUID}/{logpoint_identifier}/orders/{request_id}/{data_node}"
}
UEBA - FetchValidationReport
Fetches the validation report of the UEBA.
POST
https://api-server-host-name/configapi/{pool_UUID}/{logpoint_identifier}/UEBA/UEBAValidationReport/fetch
Request Example
Success Response
{
"status": "Success",
"message": "/monitorapi/{pool_UUID}/{logpoint_identifier}/orders/{request_id}/{data_node}"
}
UEBA - GetEntity
Fetches the details of the UEBA entity with the given ID.
GET
https://api-server-host-name/configapi/{pool_UUID}/{logpoint_identifier}/UEBA/UEBAEntitySelections/{id}
Parameter
Field |
Label in UI |
Type |
Description |
|---|
id |
- |
String |
Existing Entity id . |
Success Response
{
"id": "726a2e28880965cf253a18de",
"info": {
"entities_count": 15,
"selection_updated": 1651126276,
"status": "updated"
},
"priority": 1,
"uebacreateentity": {
"entity_group_name": "entityUser",
"entity_type_rb": "User"
},
"uebafilterentity": {
"source_field_name": "protocol",
"update_license_rg": "true"
},
"uebaselectsource": {
"source_name": "UEBA_ProtocolTable",
"source_type": "CSV"
}
}
UEBA - InstallUEBALicense
Installs the UEBA license.
POST
https://api-server-host-name/configapi/{pool_UUID}/{logpoint_identifier}/UEBA/install
Parameter
Field |
Label in UI |
Type |
Description |
|---|
confirm_override |
- |
String |
Select this value as “yes” to install the UEBA license with a different client ID. Value can be yes/no. Default value is “yes”. Optional Field |
file_location |
- |
String |
Location of fabric storage where the UEBA license is uploaded. Can be either ‘private’ or ‘public’. Mandatory Field |
file_name |
- |
String |
Name of the pak file containing UEBA license. Mandatory Field |
Request Example
{
"data": {
"confirm_override": "yes",
"file_location": "private",
"file_name": "license1.pak"
}
}
Success Response
{
"status": "Success",
"message": "/monitorapi/{pool_UUID}/{logpoint_identifier}/orders/{request_id}"
}
UEBA - ListEntities
Returns a list of all the UEBA entities information.
GET
https://api-server-host-name/configapi/{pool_UUID}/{logpoint_identifier}/UEBA/UEBAEntitySelections
Success Response
[
{
"id": "726a2e28880965cf253a18de",
"info": {
"entities_count": 15,
"selection_updated": 1651126276,
"status": "updated"
},
"priority": 1,
"uebacreateentity": {
"entity_group_name": "entityUser",
"entity_type_rb": "User"
},
"uebafilterentity": {
"source_field_name": "protocol",
"update_license_rg": "true"
},
"uebaselectsource": {
"source_name": "UEBA_ProtocolTable",
"source_type": "CSV"
}
}
]
UEBA - ListPrivateUploads
Lists the UEBA license package files available in the private storage.
GET
https://api-server-host-name/configapi/{pool_UUID}/UEBA/list
Success Response
UEBA - ListPublicUploads
Lists the UEBA license package files available in public storage.
GET
https://api-server-host-name/configapi/UEBA/list
Success Response
UEBA - ListUEBAConfiguration
Lists all the UEBA configurations in the LogPoint.
GET
https://api-server-host-name/configapi/{pool_UUID}/{logpoint_identifier}/UEBA/UEBAConfigurations
Success Response
[
{
"connector": null,
"enable_ueba_mode": false,
"first_repo_selected_ts": null,
"history_service_status": null,
"history_service_used": null,
"id": "623d816e1151a0d03ee82c3f",
"is_repo_selected": null,
"licensed_entities_count": null,
"mode": "master",
"settings_valid": true,
"source_repos": null,
"source_repos_check": null,
"status": "disabled",
"streaming_server": null,
"streaming_server_vpn_ip": null,
"validity_period": null
}
]
UEBA - ListUEBALicenseInfo
Lists the details of the UEBA license currently used in the given LogPoint.
GET
https://api-server-host-name/configapi/{pool_UUID}/{logpoint_identifier}/UEBA/UEBALicense
Success Response
[
{
"customer": {
"address1": "kathmandu",
"address2": "",
"name": "amrit",
"phone": ""
},
"hardware_key": "00159-8FD3E-2801A-43049-DC859-9F297-6BA4D",
"id": "523d8d7b1151a1d03ee72c42",
"licensed_entities_count": "2600",
"products": {
"UEBA": {
"id": "bc48ee12-caba-4844-b18e-d129f8640d74",
"period": "2022/03/25-2028/10/03",
"tenant_id": "q10"
}
}
}
]
UEBA - RefreshUEBAConfigurationLists
Syncs the current UEBA Configuration List with LogPoint’s Configuration List.
POST
https://api-server-host-name/configapi/{pool_UUID}/{logpoint_identifier}/UEBA/UEBAConfigurations/refreshlist
Request Example
Success Response
{
"status": "Success",
"message": "/monitorapi/{pool_UUID}/{logpoint_identifier}/orders/{request_id}"
}
UEBA - RefreshUEBAEntityLists
Syncs the current UEBA Entity List with LogPoint’s Entity List.
POST
https://api-server-host-name/configapi/{pool_UUID}/{logpoint_identifier}/UEBA/UEBAEntitySelections/refreshlist
Request Example
Success Response
{
"status": "Success",
"message": "/monitorapi/{pool_UUID}/{logpoint_identifier}/orders/{request_id}"
}
UEBA - TrashEntity
Delete a UEBA entity with the given ID.
DELETE
https://api-server-host-name/configapi/{pool_UUID}/{logpoint_identifier}/UEBA/UEBAEntitySelections/{id}
Parameter
Field |
Label in UI |
Type |
Description |
|---|
id |
- |
String |
Existing entity ID. Mandatory Field |
Success Response
{
"status": "Success",
"message": "/monitorapi/{pool_UUID}/{logpoint_identifier}/orders/{request_id}"
}
UEBA - TrashPrivateUploads
Deletes the UEBA license with the given name from private storage.
DELETE
https://api-server-host-name/configapi/{pool_UUID}/UEBA/{file_name}
Parameter
Field |
Label in UI |
Type |
Description |
|---|
file_name |
|
String |
Name of the file to be deleted. Mandatory Field |
Success Response
{
"status": "Success",
"message": "ueba.pak successfully deleted"
}
UEBA - TrashPublicUploads
Deletes the UEBA license with the given name from public storage.
DELETE
https://api-server-host-name/configapi/UEBA/{file_name}
Parameter
Field |
Label in UI |
Type |
Description |
|---|
file_name |
|
String |
Name of the file to be deleted. Mandatory Field |
Success Response
{
"status": "Success",
"message": "ueba.pak successfully deleted"
}
UEBA - UpdateEntityPriorities
Updates the UEBA entities priorities.
POST
https://api-server-host-name/configapi/{pool_UUID}/{logpoint_identifier}/UEBA/updatePriorities
Parameter
Field |
Label in UI |
Type |
Description |
|---|
priorities |
UPDATE PRIORITIES |
[json] |
Array of entity priorities where each object is a key-value pair of an entity and its priority. Each object in the array must include the following parameters:
* name : Name of the entity
* priority : Priority of the entity in number. 0 has the highest priority. The priority is used to discard an entity group when the selected entities exceed the number of licensed entities. By default, LogPoint prioritizes the entities on the basis of time they were added.
Mandatory Field
|
Request Example
{
"data": {
"priorities": [
{
"name": "entity994",
"priority": 0
},
{
"name": "entity999",
"priority": 1
}
]
}
}
Success Response
{
"status": "Success",
"message": "/monitorapi/{pool_UUID}/{logpoint_identifier}/orders/{request_id}"
}
UEBA - Upload
Uploads UEBA license package files to private storage. This upload should be used for UEBA only.
POST
https://api-server-host-name/configapi/{pool_UUID}/UEBA/upload
Header
Field |
Label in UI |
Description |
|---|
file_name |
|
Name of the file to be uploaded. |
Content-Type |
|
application/octet-stream |
replace_existing |
|
Set the value of this parameter as ‘true’ to replace the existing file with the same name with the new file. Default value is ‘false’. Value can be ‘true’ or ‘false’. Optional field |
Parameter
Field |
Label in UI |
Type |
Description |
|---|
file |
- |
[Object] |
(pak) to be uploaded. Mandatory Field |
Success Response
{
"status": "Success",
"message": "ueba1.pak successfully uploaded in private storage. "
}
UEBA - UploadPublic
Uploads UEBA license package files to public storage. This upload should be used for UEBA only.
POST
https://api-server-host-name/configapi/UEBA/publicupload
Header
Field |
Label in UI |
Description |
|---|
file_name |
|
Name of the file to be uploaded. |
Content-Type |
|
application/octet-stream |
replace_existing |
|
Set the value of this parameter as ‘true’ to replace the existing file with the same name. Default value is ‘false’. Optional field |
Parameter
Field |
Label in UI |
Type |
Description |
|---|
file |
- |
[Object] |
(pak) to be uploaded. Mandatory Field |
Success Response
{
"status": "Success",
"message": "ueba1.pak successfully uploaded in public storage."
}
