Page Contents

Configuring CSV Enrichment Source

Configuring CSV Enrichment Source¶

Uploading a CSV File in the Fabric Storage¶

Private Storage¶

You can upload a CSV file to private storage in the Fabric storage using the PluginConfiguration-Upload API.

Endpoint URL:

https://api-server-host-name/configapi/{pool_UUID}/PluginConfiguration/CSVEnrichmentSource/upload

Method:

POST

Header:

FIELD	LABEL IN UI	DESCRIPTION
Content-Type	–	Content type of the CSV file. It must be `Multipart/Form-data`.

Parameters:

FIELD	LABEL IN UI	TYPE	DESCRIPTION	REQUIRED
file_name	–	Object	File to be uploaded.	Mandatory

Success Response:

{
    "status": "Success",
    "message": "enrichmentsource.csv successfully uploaded in private storage."
}

Public Storage¶

You can upload a CSV file to public storage in the Fabric storage using the PluginConfiguration-UploadPublic API.

Endpoint URL:

https://api-server-host-name/configapi/PluginConfiguration/CSVEnrichmentSource/publicupload

Method:

POST

Header:

FIELD	LABEL IN UI	DESCRIPTION
Content-Type	–	Content type of the CSV file. It must be `Multipart/Form-data`.

Parameters:

FIELD	LABEL IN UI	TYPE	DESCRIPTION	REQUIRED
file_name	–	Object	File to be uploaded.	Mandatory

Success Response:

{
    "status": "Success",
    "message": "enrichmentsource.csv successfully uploaded in public storage."
}

Configuring CSV Enrichment Source Using a CSV File¶

You can configure CSV Enrichment Source in a Fabric-enabled LogPoint using the PluginConfiguration - Create API.

Endpoint URL:

https://api-server-host-name/configapi/{pool_UUID}/{logpoint_identifier}/PluginConfiguration/CSVEnrichmentSource

Method:

POST

Parameters:

FIELD	LABEL IN UI	TYPE	DESCRIPTION	REQUIRED
charset	Charset	String	Existing LogPoint charset. Obtain the value of the required charset using the Charsets - List API.	Mandatory
csv_mode	Upload Options	String	Option to provide the CSV file. It must be the file option.	Mandatory
delimiter	Delimiter	String	Type of data included in the CSV file.	Mandatory
source_fields	Source Fields	JSON	The field headers of the CSV file along with the sample data: field: Names of the fields in the CSV. type: Type of the fields in the CSV.	Mandatory
source_name	Name	String	Name for the configuration.	Mandatory
file_location	–	String	Location of the CSV file. Can be either `private` or `public`.	Mandatory
files	CSV file	String	The CSV file to enrich search results: csvfileupload: Name of the uploaded CSV file.	Mandatory

Request Example:

{
    "data": {
                "charset": "utf_8",
                "csv_mode": "file",
                "delimiter": ",",
                "include_headers": true,
   "source_fields": [
            {
                "field": "user",
                "type": "string",
            }
                  ],
   "source_name": "one_field",
   "file_location": "public",
   "files": {
                "csvfileupload": "enrichmentsource.csv"
            }
            }
}

Success Response:

{
    "status": "Success",
    "message": "/monitorapi/{pool_UUID}/{logpoint_identifier}/orders/{request_id}"
}

Configuring CSV Enrichment Source Using a URL¶

You can configure CSV Enrichment Source in a Fabric-enabled LogPoint using the PluginConfiguration - Create API.

Endpoint URL:

https://api-server-host-name/configapi/{pool_UUID}/{logpoint_identifier}/PluginConfiguration/CSVEnrichmentSource

Method:

POST

Parameters:

FIELD	LABEL IN UI	TYPE	DESCRIPTION	REQUIRED
charset	Charset	String	Existing LogPoint charset. Obtain the value of the required charset using the Charsets - List API.	Mandatory
csv_mode	Upload Options	String	Option to provide the CSV file. It must be the url option.	Mandatory
delimiter	Delimiter	String	Type of data included in the CSV file.	Mandatory
include_headers	CSV file includes header	Boolean	Option to select if the CSV file contains field headers.	Optional
source_fields	Source Fields	JSON	The field headers of the CSV file along with the sample data: field: Names of the fields in the CSV. type: Type of the fields in the CSV.	Mandatory
source_name	Name	String	Name for the configuration.	Mandatory
auth_mode	Authentication	String	Authentication method of the provided CSV URL. It can be `none` or `basic` or `key`.	Mandatory
none	None	String	Authentication mode.	Optional
basic	Basic	String	Authentication mode: Username: Parameter to access the URL. Password: Parameter to access the URL.	Mandatory
key	Key	String	Authentication mode: Key: API Key to access the CSV URL.	Mandatory
csvfileurl	CSV URL	String	URL that links to the CSV file.	Mandatory
interval_day	Update Interval	Integer	Time interval in day to update the CSV URL.	Mandatory
interval_hour	Update Interval	Integer	Time interval in hour to update the CSV URL.	Mandatory
interval_minute	Update Interval	Integer	Time interval in minute to update the CSV URL.	Mandatory

Request Example:

{
        "data":{
            "charset": "utf_8",
            "csv_mode":"url",
            "delimiter": ",",
            "include_headers": true,
            "source_fields":
                    [
                        {
                            "field": "ip",
                            "type": "IP"
                        },
                        {
                            "field": "category",
                            "type": "string"
                        },
                        {
                            "field": "score",
                            "type": "integer"
                        },
                        {
                            "field": "first_seen",
                            "type": "string"
                        },
                        {
                            "field": "last_seen",
                            "type": "string"
                        },
                        {
                            "field": "ports",
                            "type": "integer"
                        }
                ],

        "source_name": "working_url",
        "auth_mode": "none",
        "csvfileurl": "https://csvfile.com/spreadsheets/d/enrichmentsource.csv",
        "interval_day": 30,
        "interval_hour": 23,
        "interval_minute": 30

           }
}

Success Response:

{
    "status": "Success",
    "message": "/monitorapi/{pool_UUID}/{logpoint_identifier}/orders/{request_id}"
}

Note

CSV Enrichment Source, by default validates the HTTPS certificate provided by the CSV URL. In case the provided certificate is invalid or to invalidate the HTTPS certificate, you must set the value of validate_certificate column in Validating HTTPS Certificate to false.

It invalidates the certificate sent by the server if one of the three conditions matches:

Certificate hostname does not match with the hostname of the CSV URL.

The Certificate Revocation List (CRL) indicates that the certificate has expired.

An unrecognized Certificate Authority (CA) signed the certificate.

Validating HTTPS Certificate¶

You can validate the HTTPS certificate provided by the CSV URL using the PluginConfiguration - Create API.

Endpoint URL:

https://api-server-host-name/configapi/{pool_UUID}/{logpoint_identifier}/PluginConfiguration/CSVEnrichmentSource

Method:

POST

Success Response:

 {
    "data":{
    "validate_certificate": true,
    "action": "setting"
    }
}

Getting the HTTPS Certificate Validation Settings by ID¶

You can fetch the HTTPS certificate validation settings with the given ID using the PluginConfiguration - Get API.

Endpoint URL:

https://api-server-host-name/configapi/{pool_UUID}/{logpoint_identifier}/PluginConfiguration/Csvenrichment_defaults

Method:

GET

Success Response:

 [
    {
    "validate_certificate": true,
    "id": "5f576cfb7ac5ce58e54c3500"
    }
]

Listing the CSV Enrichment Source Configurations¶

You can list the CSV Enrichment Source configurations using the PluginConfiguration - List API.

Endpoint URL:

https://api-server-host-name/configapi/{pool_UUID}/{logpoint_identifier}/PluginConfiguration/EnrichmentSource

Method:

GET

Success Response:

{
       "delete_status": "",
       "source_name": "fileP",
       "source_type": "CSV",
       "plugin_info": {
       "includes_header": true,
       "charset": "utf_8",
       "delimiter": ";",
       "source_name": "fileP",
       "csv_file": "/opt/immune/app_store/norm/enrichment/csv/enrichmentsource.csv",
       "source_fields": [
              {
              "field": "ip",
              "type": "string",
              "name": "ip"
              },
              {
              "field": "score",
              "type": "string",
              "name": "score"
              },
              {
              "field": "category",
              "type": "string",
              "name": "category"
              },
              {
              "field": "port",
              "type": "string",
              "name": "port"
              }
              ],
       "csv_mode": "file"
        },
               "tid": "",
                   "source_info": {
                   "id": "6befbfbd70364e64efbfbd6fefbfbd6c0f292a5349efbfbd",
                   "source_name": "CSV"
                    },
                   "active": true,
                   "result": "Updated",
                   "reason": null,
                   "last_updated": 1599717155,
                   "id": "5f59bf1f3d73545286029239"
      }

Getting CSV Enrichment Source Configurations by ID¶

You can fetch CSV Enrichment Source configurations with the given ID using the PluginConfiguration - Get API.

Endpoint URL:

https://api-server-host-name/configapi/{pool_UUID}/{logpoint_identifier}/PluginConfiguration/EnrichmentSource/id

Method:

GET

Parameters:

FIELD	TYPE	DESCRIPTION	Required
id	String	The ID of the existing CSV Enrichment Source configurations you want to fetch. Obtain the value of the ID using the EnrichmentSource - List API.	Mandatory

Success Response:

{
       "delete_status": "",
       "source_name": "fileP",
       "source_type": "CSV",
       "plugin_info": {
       "includes_header": true,
       "charset": "utf_8",
       "delimiter": ";",
       "source_name": "fileP",
       "csv_file": "/opt/immune/app_store/norm/enrichment/csv/enrichmentsource.csv",
       "source_fields": [
              {
              "field": "ip",
              "type": "string",
              "name": "ip"
              },
              {
              "field": "score",
              "type": "string",
              "name": "score"
              },
              {
              "field": "category",
              "type": "string",
              "name": "category"
              },
              {
              "field": "port",
              "type": "string",
              "name": "port"
              }
              ],
       "csv_mode": "file"
        },
               "tid": "",
                   "source_info": {
                   "id": "6befbfbd70364e64efbfbd6fefbfbd6c0f292a5349efbfbd",
                   "source_name": "CSV"
                    },
                   "active": true,
                   "result": "Updated",
                   "reason": null,
                   "last_updated": 1599717155,
                   "id": "5f59bf1f3d73545286029239"
      }

Removing CSV Enrichment Source Configurations by ID¶

You can delete CSV Enrichment Source configurations using the PluginConfiguration - Trash API.

Endpoint URL:

https://api-server-host-name/configapi/{pool_UUID}/{logpoint_identifier}/PluginConfiguration/EnrichmentSource/id

Method:

DELETE

Parameters:

FIELD	TYPE	DESCRIPTION	Required
id	String	The ID of the existing CSV Enrichment Source configurations you want to delete. Obtain the value of the ID using the EnrichmentSource - List API.	Mandatory

Success Response:

{
    "status": "Success",
    "message": "/monitorapi/{pool_UUID}/{logpoint_identifier}/orders/{request_id}"
}

Editing the CSV Enrichment Source Configuration Using a CSV File¶

You can edit a CSV Enrichment Source configuration in a Fabric-enabled LogPoint using the PluginConfiguration - Edit API.

Endpoint URL:

https://api-server-host-name/configapi/{pool_UUID}/{logpoint_identifier}/PluginConfiguration/EnrichmentSource/{id}

Method:

PUT

Parameters:

FIELD	LABEL IN UI	TYPE	DESCRIPTION	REQUIRED
charset	Charset	String	Existing LogPoint charset. Obtain the value of the required charset using the Charsets - List API.	Mandatory
csv_mode	Upload Options	String	Option to provide the CSV file. It must be the file option.	Mandatory
delimiter	Delimiter	String	Type of data included in the CSV file.	Mandatory
source_fields	Source Fields	JSON	The field headers of the CSV file along with the sample data: field: Names of the fields in the CSV. type: Type of the fields in the CSV.	Mandatory
source_name	Name	String	Name for the configuration.	Mandatory
file_location	–	String	Location of the CSV file. Can be either `private` or `public`.	Mandatory
files	CSV file	String	The CSV file to enrich search results: csvfileupload: Name of the uploaded CSV file.	Mandatory
id	–	String	Existing CSV Enrichment Source ID. Obtain the value of the ID using the EnrichmentSource - List API.	Mandatory

Request Example:

{
    "data": {
                "charset": "utf_8",
                "csv_mode": "file",
                "delimiter": ",",
                "include_headers": true,
   "source_fields": [
            {
                "field": "user",
                "type": "string",
            }
                  ],
   "source_name": "one_field",
   "file_location": "public",
   "files": {
                "csvfileupload": "enrichmentsource.csv"
            }
            }
}

Success Response:

{
    "status": "Success",
    "message": "/monitorapi/{pool_UUID}/{logpoint_identifier}/orders/{request_id}"
}

Editing the CSV Enrichment Source Configuration Using a URL¶

You can edit a CSV Enrichment Source configuration in a Fabric-enabled LogPoint using the PluginConfiguration - Edit API.

Endpoint URL:

https://api-server-host-name/configapi/{pool_UUID}/{logpoint_identifier}/PluginConfiguration/EnrichmentSource/{id}

Method:

PUT

Parameters:

FIELD	LABEL IN UI	TYPE	DESCRIPTION	REQUIRED
charset	Charset	String	Existing LogPoint charset. Obtain the value of the required charset using the Charsets - List API.	Mandatory
csv_mode	Upload Options	String	Option to provide the CSV file. It must be the url option.	Mandatory
delimiter	Delimiter	String	Type of data included in the CSV file.	Mandatory
include_headers	CSV file includes header	Boolean	Option to select if the CSV file contains field headers.	Optional
source_fields	Source Fields	JSON	The field headers of the CSV file along with the sample data: field: Names of the fields in the CSV. type: Type of the fields in the CSV.	Mandatory
auth_mode	Authentication	String	Authentication method of the provided CSV URL. It can be `none` or `basic` or `key`.	Mandatory
none	None	String	Authentication mode.	Optional
basic	Basic	String	Authentication mode: Username: Parameter to access the URL. Password: Parameter to access the URL.	Mandatory
key	Key	String	Authentication mode: Key: API Key to access the CSV URL.	Mandatory
csvfileurl	CSV URL	String	URL that links to the CSV file.	Mandatory
interval_day	Update Interval	Integer	Time interval in days to update the CSV URL.	Mandatory
interval_hour	Update Interval	Integer	Time interval in hours to update the CSV URL.	Mandatory
interval_minute	Update Interval	Integer	Time interval in minutes to update the CSV URL.	Mandatory
id	–	String	Existing CSV Enrichment Source ID . Obtain the value of the ID using the EnrichmentSource - List API.	Mandatory

Request Example:

{
    "data":{
        "charset": "utf_8",
        "csv_mode":"url",
        "delimiter": ",",
        "include_headers": true,
        "source_fields":
                [
                    {
                        "field": "ip",
                        "type": "IP"
                    },
                    {
                        "field": "category",
                        "type": "string"
                    },
                    {
                        "field": "score",
                        "type": "integer"
                    },
                    {
                        "field": "first_seen",
                        "type": "string"
                    },
                    {
                        "field": "last_seen",
                        "type": "string"
                    },
                    {
                        "field": "ports",
                        "type": "integer"
                    }
            ],

    "source_name": "working_url",
    "auth_mode": "none",
    "csvfileurl": "https://csvfile.com/spreadsheets/d/enrichmentsource.csv",
    "interval_day": 30,
    "interval_hour": 23,
    "interval_minute": 30

       }
}

Success Response:

{
    "status": "Success",
    "message": "/monitorapi/{pool_UUID}/{logpoint_identifier}/orders/{request_id}"
}

Deleting the CSV Enrichment Source Configuration¶

You can delete a CSV Enrichment Source configuration in a Fabric-enabled LogPoint using the PluginConfiguration - Trash API.

Endpoint URL:

https://api-server-host-name/configapi/{pool_UUID}/{logpoint_identifier}/PluginConfiguration/CSVEnrichmentSource/{id}

Method:

Delete

Parameters:

FIELD	LABEL IN UI	TYPE	DESCRIPTION	REQUIRED
id	–	String	Existing CSVEnrichmentSource id. Obtain the value of the ID using the EnrichmentSource - List API.	Mandatory

Success Response:

{
    "status": "Success",
    "message": "/monitorapi/{pool_UUID}/{logpoint_identifier}/orders/{request_id}"
}

Deleting the CSV File in the Fabric Storage¶

Trash Private Uploads¶

You can delete the uploaded CSV files in private storage in the Fabric storage using the PluginConfiguration-TrashPrivateUploads API.

Endpoint URL:

https://api-server-host-name/configapi/{pool_UUID}/PluginConfiguration/CSVEnrichmentSource/{file_name}

Method:

DELETE

Parameters:

FIELD	LABEL IN UI	TYPE	DESCRIPTION	REQUIRED
file_name	–	String	File to be deleted.	Mandatory

Success Response:

{
    "status": "Success",
    "message": "enrichmentsource.csv successfully deleted."
}

Trash Public Uploads¶

You can delete the uploaded CSV files in public storage in the Fabric storage using the PluginConfiguration-TrashPublicUploads API.

Endpoint URL:

https://api-server-host-name/configapi/PluginConfiguration/CSVEnrichmentSource/{file_name}

Method:

DELETE

Header:

FIELD	LABEL IN UI	DESCRIPTION
Content-Type	–	Content type of the CSV file. It must be `Multipart/Form-data`.

Parameters:

FIELD	LABEL IN UI	TYPE	DESCRIPTION	REQUIRED
file_name	–	String	File to be deleted.	Mandatory

Success Response:

{
    "status": "Success",
    "message": "enrichmentsource.csv successfully deleted."
}

Helpful?