The Timezone API allows you to list all the time zones available for Fabric-enabled LogPoints.
Endpoint |
Description |
|---|---|
List |
Lists time zones available for the Fabric-enabled LogPoint. |
The Certificate API allows you to list the authorization certificates.
Endpoint |
Description |
|---|---|
FetchUserSSHCertificate |
Fetches the SSH public key of the Fabric-enabled LogPoint user with the given ID. |
List |
Lists the public key of the given Fabric-enabled LogPoint for SCP. |
ListSystemSSHCertificate |
Lists the SSH public key of the given Fabric-enabled LogPoint. |
The RefreshToken API allows you to generate a new token and a secret key for the Director Console API.
Endpoint |
Description |
|---|---|
Create |
Generates a new token and a secret key for the Public facing API. |
Note
Refer to the Refresh Token from API section for more details on refresh token.
The Director API allows you to fetch the health status and versions of the Director components.
Endpoint |
Description |
|---|---|
GetHealth |
Fetches the health status on the basis of version compatibility of the API Server and the Fabric Server(s). |
GetVersion |
Fetches the version of the Director components. |
The PluginConfiguration API allows you to configure various pluggable plugins for a Fabric-enabled LogPoint from the Director Console API.
Endpoint |
Description |
|---|---|
Create |
Configures the plugin in a Fabric-enabled LogPoint. |
Edit |
Updates the configurations of a plugin with given ID. |
Get |
Fetches the configurations of a plugin with given ID. |
InstallPlugin |
Installs the given file for the plugin in a Fabric-enabled LogPoint. |
List |
Lists the available plugin configurations. |
ListPlugins |
Lists the pluggable plugins installed in the given logpoint. |
RefreshList |
Syncs the plugin configurations. |
TextExisting |
Tests the existing plugin configurations. |
TestNew |
Tests the newly created plugin configurations. |
Trash |
Deletes the plugin configurations with given ID. |
TrashPrivate |
Deletes the file with given name from the private storage of the plugin. |
TrashPublic |
Deletes the file with given name from the public storage of the plugin. |
UploadPrivateFiles |
Uploads the given file in the private storage of the plugin. |
UploadPublicFiles |
Uploads the given file in the private storage of the plugin. |
UploadsList |
Lists the files in the private storage of the plugin. |
UploadsListPublic |
Lists the files in the private storage of the plugin. |
Note
Currently, the PluginConfiguration API supports the following plugins:
Threat Intelligence
CiscoAMP
StixTaxii
Microsoft Defender ATP
CiscoUmbrella
CSVEnrichmentSource
The Charsets API allows you to list the charsets available in the Fabric-enabled LogPoint.
Endpoint |
Description |
|---|---|
ListCharsets |
Lists the available charsets in a Fabric-enabled LogPoint. |
The Query API allows you to validate the given query.
Endpoint |
Description |
|---|---|
ValidateLabelQuery |
Validates the given search query for creating search labels. |
ValidateQuery |
Validates the given query. |
Refer to the API Documentation for further details on the usage of the APIs.
The Incidents API allows you to fetch and manage the incidents generated in a Fabric-enabled LogPoint.
Incidents help you to identify, analyze, correct, and prevent information hazards in the future. LogPoint generates incidents either on an ad hoc basis from the search logs or by pre-defined alert rules.
Endpoint |
Description |
|---|---|
Close |
Closes the incident with the given ID on behalf of a Fabric-enabled LogPoint user. |
Comment |
Adds comment on the incident with the given ID on behalf of a Fabric-enabled LogPoint user. |
FetchIncidentData |
Fetches the data of the incident with the given ID from a Fabric-enabled LogPoint. This endpoint also stores the fetched incident data in the Fabric Storage. |
FetchIncidents |
Fetches the incidents based on the given filter parameters. |
GetIncidentData |
Lists the data of the previously fetched incident with the given ID from the Fabric Storage. |
Reassign |
Reassigns the incident with the given ID to a new user on behalf of a Fabric-enabled LogPoint user. |
Reopen |
Reopens the incident with the given ID on behalf of a Fabric-enabled LogPoint user. |
Resolve |
Resolves the incident with the given ID on behalf of a Fabric-enabled LogPoint user. |
SendForInvestigation |
Manually triggers notifications for the incident with the given ID. |
The Diagnosis API allows you to fetch the system diagnostic information of a Fabric-enabled LogPoint and the Director components. It also allows you to fetch the current status of the various Fabric-enabled LogPoint components and Director components.
Endpoint |
Description |
|---|---|
GetDirectorDiagnosisAPIStat |
Fetches the system diagnostic information of API Server. |
GetDirectorDiagnosisFabricStat |
Fetches the system diagnostic information of Fabric Server. |
GetDirectorDiagnosisLPSMStat |
Fetches the system diagnostic information of LogPoint Search Master. |
GetHealth |
Fetches the health status on the basis of version compatibility of API Server and Fabric Servers. |
GetVersion |
Fetches the current version of the Director components. |
GetLogpointDiagnosisJava |
Fetches the diagnostic information of the Java processes running in a Fabric-enabled Logpoint. |
GetLogpointDiagnosisNormFront |
Fetches the diagnostic information related to the normalization layer of a Fabric-enabled LogPoint. |
GetLogpointDiagnosisNormalisers |
Fetches the diagnostic information of normalizers in a Fabric-enabled Logpoint. |
GetLogpointDiagnosisPremerger |
Fetches the diagnostic information of premerger in a Fabric-enabled Logpoint. |
GetLogpointDiagnosisStat |
Fetches the system diagnostic information of a Fabric-enabled Logpoint. |
GetLogpointDiagnosisStoreHandler |
Fetches the diagnostic information related to the storage layer of a Fabric-enabled LogPoint. |
GetPoolInfo |
Fetches pool and machine information. |
The MitreAttacks API allows you to list the MITRE ATT&CK details available in the Fabric-enabled LogPoint.
Endpoint |
Description |
|---|---|
FetchMitreAttacks |
Lists the MITRE ATT&CK details available in the Fabric-enabled LogPoint. |
The Search API allows you to search and filter logs in a LogPoint based on the given search conditions.
Endpoint |
Description |
|---|---|
FetchSearchLogs |
Lists the array of logs that match the given search conditions. |
Note
You can use the Search API to filter logs on Fabric-enabled LogPoint v7.0.0 and later.
The MachineInfo API allows you to list the version history of the patches installed in a Fabric-enabled LogPoint. The API also lists the basic information about the Fabric-enabled LogPoint machine such as its name, current version, and machine type.
Endpoint |
Description |
|---|---|
List |
Lists the basic information of the LogPoint and version history of the patches installed in the LogPoint. |
The HardwareKey API allows you to fetch the hardware key of the Fabric-enabled LogPoint machines.
Endpoint |
Description |
|---|---|
List |
Lists the hardware key of the given LogPoint. |