Version:

Configuring CSV Enrichment Source

Uploading a CSV File in the Fabric Storage

Private Storage

You can upload a CSV file to private storage in the Fabric storage using the PluginConfiguration-Upload API.

Endpoint URL:

https://api-server-host-name/configapi/{pool_UUID}/PluginConfiguration/CSVEnrichmentSource/upload

Method:

POST

Header:

FIELD

LABEL IN UI

DESCRIPTION

Content-Type

Content type of the CSV file. It must be Multipart/Form-data.

Parameters:

FIELD

LABEL IN UI

TYPE

DESCRIPTION

REQUIRED

file_name

Object

File to be uploaded.

Mandatory

Success Response:

{
    "status": "Success",
    "message": "enrichmentsource.csv successfully uploaded in private storage."
}

Public Storage

You can upload a CSV file to public storage in the Fabric storage using the PluginConfiguration-UploadPublic API.

Endpoint URL:

https://api-server-host-name/configapi/PluginConfiguration/CSVEnrichmentSource/publicupload

Method:

POST

Header:

FIELD

LABEL IN UI

DESCRIPTION

Content-Type

Content type of the CSV file. It must be Multipart/Form-data.

Parameters:

FIELD

LABEL IN UI

TYPE

DESCRIPTION

REQUIRED

file_name

Object

File to be uploaded.

Mandatory

Success Response:

{
    "status": "Success",
    "message": "enrichmentsource.csv successfully uploaded in public storage."
}

Configuring CSV Enrichment Source Using a CSV File

You can configure CSV Enrichment Source in a Fabric-enabled LogPoint using the PluginConfiguration - Create API.

Endpoint URL:

https://api-server-host-name/configapi/{pool_UUID}/{logpoint_identifier}/PluginConfiguration/CSVEnrichmentSource

Method:

POST

Parameters:

FIELD

LABEL IN UI

TYPE

DESCRIPTION

REQUIRED

charset

Charset

String

Existing LogPoint charset. Obtain the value of the required charset using the Charsets - List API.

Mandatory

csv_mode

Upload Options

String

Option to provide the CSV file. It must be file.

Mandatory

delimiter

Delimiter

String

Type of data included in the CSV file.

Mandatory

source_fields

Source Fields

JSON

The field headers of the CSV file along with the sample data:

field: Names of the fields in the CSV.
type: Type of the fields in the CSV.

Mandatory

source_name

Name

String

Name for the configuration.

Mandatory

file_location

String

Location of the CSV file. Can be either private or public.

Mandatory

files

CSV file

String

The CSV file to enrich search results:

csvfileupload: Name of the uploaded CSV file.

Mandatory

Request Example:

{
    "data": {
                "charset": "utf_8",
                "csv_mode": "file",
                "delimiter": ",",
                "include_headers": true,
   "source_fields": [
            {
                "field": "user",
                "type": "string",
            }
                  ],
   "source_name": "one_field",
   "file_location": "public",
   "files": {
                "csvfileupload": "enrichmentsource.csv"
            }
            }
}

Success Response:

{
    "status": "Success",
    "message": "/monitorapi/{pool_UUID}/{logpoint_identifier}/orders/{request_id}"
}

Configuring CSV Enrichment Source Using a URL

You can configure CSV Enrichment Source in a Fabric-enabled LogPoint using the PluginConfiguration - Create API.

Endpoint URL:

https://api-server-host-name/configapi/{pool_UUID}/{logpoint_identifier}/PluginConfiguration/CSVEnrichmentSource

Method:

POST

Parameters:

FIELD

LABEL IN UI

TYPE

DESCRIPTION

REQUIRED

charset

Charset

String

Existing LogPoint charset. Obtain the value of the required charset using the Charsets - List API.

Mandatory

csv_mode

Upload Options

String

Option to provide the CSV file. It must be url.

Mandatory

delimiter

Delimiter

String

Type of data included in the CSV file.

Mandatory

include_headers

CSV file includes header

Boolean

Option to select if the CSV file contains field headers.

Optional

source_fields

Source Fields

JSON

The field headers of the CSV file along with the sample data:

field: Names of the fields in the CSV.
type: Type of the fields in the CSV.

Mandatory

source_name

Name

String

Name for the configuration.

Mandatory

auth_mode

Authentication

String

Authentication method of the provided CSV URL. It can be none or basic or key.

Mandatory

none

None

String

Authentication mode.

Optional

basic

Basic

String

Authentication mode:

Username: Parameter to access the URL.
Password: Parameter to access the URL.

Mandatory

key

Key

String

Authentication mode:

Key: API Key to access the CSV URL.

Mandatory

csvfileurl

CSV URL

String

URL that links to the CSV file.

Mandatory

interval_day

Update Interval

Integer

Time interval in day to update the CSV URL.

Mandatory

interval_hour

Update Interval

Integer

Time interval in hour to update the CSV URL.

Mandatory

interval_minute

Update Interval

Integer

Time interval in minute to update the CSV URL.

Mandatory

verify

Verify

boolean

Parameter to to ensure a secure connection.

Optional

upload_cert_file

Upload Certificate File

Object

Option to upload a self-signed SSL certificate.

Optional

file_location

String

Location of the file.

Mandatory

files

Files

JSON

Self-signed SSL certificate:

cert_file: Self-signed SSL certificate.

Mandatory

Request Example:

{
        "data":{
            "charset": "utf_8",
            "csv_mode":"url",
            "delimiter": ",",
            "include_headers": true,
            "source_fields":
                    [
                        {
                            "field": "ip",
                            "type": "IP"
                        },
                        {
                            "field": "category",
                            "type": "string"
                        },
                        {
                            "field": "score",
                            "type": "integer"
                        },
                        {
                            "field": "first_seen",
                            "type": "string"
                        },
                        {
                            "field": "last_seen",
                            "type": "string"
                        },
                        {
                            "field": "ports",
                            "type": "integer"
                        }
                ],

        "source_name": "working_url",
        "auth_mode": "none",
        "csvfileurl": "https://csvfile.com/spreadsheets/d/enrichmentsource.csv",
        "interval_day": 30,
        "interval_hour": 23,
        "interval_minute": 30,
        "verify": true,
        "upload_cert_file": true,
        "file_location": "public",
        "files": {
            "cert_file": "cert.pem"
                 }


           }
}

Success Response:

{
    "status": "Success",
    "message": "/monitorapi/{pool_UUID}/{logpoint_identifier}/orders/{request_id}"
}

Fetching CSV Enrichment Source Sample Data

You can fetch CSV Enrichment Source sample data using the PluginConfiguration - Create API.

Endpoint URL:

https://api-server-host-name/configapi/{pool_UUID}/{logpoint_identifier}/PluginConfiguration/CSVEnrichmentSource/

Method:

POST

Request Example:

{
        "data":{
            "charset": "utf_8",
            "csv_mode":"url",
            "delimiter": ",",
            "include_headers": true,
        "source_name": "working_url",
        "auth_mode": "none",
        "csvfileurl": "https://csvfile.com/spreadsheets/d/enrichmentsource.csv",
        "interval_day": 30,
        "interval_hour": 23,
        "interval_minute": 30,
        "action": "fetch_sample_csv_data",
        "verify": true,
        "upload_cert_file": false,


           }
}

Success Response:

    {

"request": {},

"logpoint_identifier": "4789cebbe0b14bc28ea898118c9185c0",

"pool_uuid": "dccd20bc72e847d4b01db4b500888da3",

"response": {

    "success": true,

    "data": {

        "data": [

            [

                "ip",

                "category",

                "score",

                "not_seen",

                "data"

            ],

            [

                "1.1.1.1",

                "DDOS",

                "50",

                "2/10/71",

                "1234"

            ]

        ]

    },

    "message": ""

}

}

Listing the CSV Enrichment Source Configurations

You can list the CSV Enrichment Source configurations using the PluginConfiguration - List API.

Endpoint URL:

https://api-server-host-name/configapi/{pool_UUID}/{logpoint_identifier}/PluginConfiguration/CSVEnrichmentSource

Method:

GET

Success Response:

{
       "delete_status": "",
       "source_name": "fileP",
       "source_type": "CSV",
       "plugin_info": {
       "includes_header": true,
       "charset": "utf_8",
       "delimiter": ";",
       "source_name": "fileP",
       "csv_file": "/opt/immune/app_store/norm/enrichment/csv/enrichmentsource.csv",
       "source_fields": [
              {
              "field": "ip",
              "type": "string",
              "name": "ip"
              },
              {
              "field": "score",
              "type": "string",
              "name": "score"
              },
              {
              "field": "category",
              "type": "string",
              "name": "category"
              },
              {
              "field": "port",
              "type": "string",
              "name": "port"
              }
              ],
       "csv_mode": "file"
        },
               "tid": "",
                   "source_info": {
                   "id": "6befbfbd70364e64efbfbd6fefbfbd6c0f292a5349efbfbd",
                   "source_name": "CSV"
                    },
                   "active": true,
                   "result": "Updated",
                   "reason": null,
                   "last_updated": 1599717155,
                   "id": "5f59bf1f3d73545286029239"
      }

Getting CSV Enrichment Source Configurations by ID

You can fetch CSV Enrichment Source configurations with the given ID using the PluginConfiguration - Get API.

Endpoint URL:

https://api-server-host-name/configapi/{pool_UUID}/{logpoint_identifier}/PluginConfiguration/CSVEnrichmentSource/id

Method:

GET

Parameters:

FIELD

TYPE

DESCRIPTION

Required

id

String

The ID of the existing CSV Enrichment Source configurations to fetch. Obtain the value of the ID using the EnrichmentSource - List API.

Mandatory

Success Response:

{
       "delete_status": "",
       "source_name": "fileP",
       "source_type": "CSV",
       "plugin_info": {
       "includes_header": true,
       "charset": "utf_8",
       "delimiter": ";",
       "source_name": "fileP",
       "csv_file": "/opt/immune/app_store/norm/enrichment/csv/enrichmentsource.csv",
       "source_fields": [
              {
              "field": "ip",
              "type": "string",
              "name": "ip"
              },
              {
              "field": "score",
              "type": "string",
              "name": "score"
              },
              {
              "field": "category",
              "type": "string",
              "name": "category"
              },
              {
              "field": "port",
              "type": "string",
              "name": "port"
              }
              ],
       "csv_mode": "file"
        },
               "tid": "",
                   "source_info": {
                   "id": "6befbfbd70364e64efbfbd6fefbfbd6c0f292a5349efbfbd",
                   "source_name": "CSV"
                    },
                   "active": true,
                   "result": "Updated",
                   "reason": null,
                   "last_updated": 1599717155,
                   "id": "5f59bf1f3d73545286029239"
      }

Removing CSV Enrichment Source Configurations by ID

You can delete CSV Enrichment Source configurations using the PluginConfiguration - Trash API.

Endpoint URL:

https://api-server-host-name/configapi/{pool_UUID}/{logpoint_identifier}/PluginConfiguration/CSVEnrichmentSource/id

Method:

DELETE

Parameters:

FIELD

TYPE

DESCRIPTION

Required

id

String

The ID of the existing CSV Enrichment Source configurations to delete. Obtain the value of the ID using the EnrichmentSource - List API.

Mandatory

Success Response:

{
    "status": "Success",
    "message": "/monitorapi/{pool_UUID}/{logpoint_identifier}/orders/{request_id}"
}

Editing the CSV Enrichment Source Configuration Using a CSV File

You can edit a CSV Enrichment Source configuration in a Fabric-enabled LogPoint using the PluginConfiguration - Edit API.

Endpoint URL:

https://api-server-host-name/configapi/{pool_UUID}/{logpoint_identifier}/PluginConfiguration/CSVEnrichmentSource/{id}

Method:

PUT

Parameters:

FIELD

LABEL IN UI

TYPE

DESCRIPTION

REQUIRED

charset

Charset

String

Existing LogPoint charset. Obtain the value of the required charset using the Charsets - List API.

Mandatory

csv_mode

Upload Options

String

Option to provide the CSV file. It must be file.

Mandatory

delimiter

Delimiter

String

Type of data included in the CSV file.

Mandatory

source_fields

Source Fields

JSON

The field headers of the CSV file along with the sample data:

field: Names of the fields in the CSV.
type: Type of the fields in the CSV.

Mandatory

source_name

Name

String

Name for the configuration.

Mandatory

file_location

String

Location of the CSV file. Can be either private or public.

Mandatory

files

CSV file

String

The CSV file to enrich search results:

csvfileupload: Name of the uploaded CSV file.

Mandatory

id

String

Existing CSV Enrichment Source ID. Obtain the value of the ID using the EnrichmentSource - List API.

Mandatory

Request Example:

{
    "data": {
                "charset": "utf_8",
                "csv_mode": "file",
                "delimiter": ",",
                "include_headers": true,
   "source_fields": [
            {
                "field": "user",
                "type": "string",
            }
                  ],
   "source_name": "one_field",
   "file_location": "public",
   "files": {
                "csvfileupload": "enrichmentsource.csv"
            }
            }
}

Success Response:

{
    "status": "Success",
    "message": "/monitorapi/{pool_UUID}/{logpoint_identifier}/orders/{request_id}"
}

Editing the CSV Enrichment Source Configuration Using a URL

You can edit a CSV Enrichment Source configuration in a Fabric-enabled LogPoint using the PluginConfiguration - Edit API.

Endpoint URL:

https://api-server-host-name/configapi/{pool_UUID}/{logpoint_identifier}/PluginConfiguration/CSVEnrichmentSource/{id}

Method:

PUT

Parameters:

FIELD

LABEL IN UI

TYPE

DESCRIPTION

REQUIRED

charset

Charset

String

Existing LogPoint charset. Obtain the value of the required charset using the Charsets - List API.

Mandatory

csv_mode

Upload Options

String

Option to provide the CSV file. It must be url.

Mandatory

delimiter

Delimiter

String

Type of data included in the CSV file.

Mandatory

include_headers

CSV file includes header

Boolean

Option to select if the CSV file contains field headers.

Optional

source_fields

Source Fields

JSON

The field headers of the CSV file along with the sample data:

field: Names of the fields in the CSV.
type: Type of the fields in the CSV.

Mandatory

auth_mode

Authentication

String

Authentication method of the provided CSV URL. It can be none or basic or key.

Mandatory

none

None

String

Authentication mode.

Optional

basic

Basic

String

Authentication mode:

Username: Parameter to access the URL.
Password: Parameter to access the URL.

Mandatory

key

Key

String

Authentication mode:

Key: API Key to access the CSV URL.

Mandatory

csvfileurl

CSV URL

String

URL that links to the CSV file.

Mandatory

interval_day

Update Interval

Integer

Time interval in days to update the CSV URL.

Mandatory

interval_hour

Update Interval

Integer

Time interval in hours to update the CSV URL.

Mandatory

interval_minute

Update Interval

Integer

Time interval in minutes to update the CSV URL.

Mandatory

verify

Verify

boolean

Parameter to to ensure a secure connection.

Optional

upload_cert_file

Upload Certificate File

Object

Option to upload a self-signed SSL certificate.

Optional

file_location

String

Location of the file.

Mandatory

files

Files

JSON

Self-signed SSL certificate:

cert_file: Self-signed SSL certificate.

Mandatory

id

String

Existing CSV Enrichment Source ID . Obtain the value of the ID using the EnrichmentSource - List API.

Mandatory

Request Example:

{
    "data":{
        "charset": "utf_8",
        "csv_mode":"url",
        "delimiter": ",",
        "include_headers": true,
        "source_fields":
                [
                    {
                        "field": "ip",
                        "type": "IP"
                    },
                    {
                        "field": "category",
                        "type": "string"
                    },
                    {
                        "field": "score",
                        "type": "integer"
                    },
                    {
                        "field": "first_seen",
                        "type": "string"
                    },
                    {
                        "field": "last_seen",
                        "type": "string"
                    },
                    {
                        "field": "ports",
                        "type": "integer"
                    }
            ],

    "source_name": "working_url",
    "auth_mode": "none",
    "csvfileurl": "https://csvfile.com/spreadsheets/d/enrichmentsource.csv",
    "interval_day": 30,
    "interval_hour": 23,
    "interval_minute": 30

       }
}

Success Response:

{
    "status": "Success",
    "message": "/monitorapi/{pool_UUID}/{logpoint_identifier}/orders/{request_id}"
}

Deleting the CSV Enrichment Source Configuration

You can delete a CSV Enrichment Source configuration in a Fabric-enabled LogPoint using the PluginConfiguration - Trash API.

Endpoint URL:

https://api-server-host-name/configapi/{pool_UUID}/{logpoint_identifier}/PluginConfiguration/CSVEnrichmentSource/{id}

Method:

Delete

Parameters:

FIELD

LABEL IN UI

TYPE

DESCRIPTION

REQUIRED

id

String

Existing CSVEnrichmentSource id. Obtain the value of the ID using the EnrichmentSource - List API.

Mandatory

Success Response:

{
    "status": "Success",
    "message": "/monitorapi/{pool_UUID}/{logpoint_identifier}/orders/{request_id}"
}

Deleting the CSV File in the Fabric Storage

Trash Private Uploads

You can delete the uploaded CSV files in private storage in the Fabric storage using the PluginConfiguration-TrashPrivateUploads API.

Endpoint URL:

https://api-server-host-name/configapi/{pool_UUID}/PluginConfiguration/CSVEnrichmentSource/{file_name}

Method:

DELETE

Parameters:

FIELD

LABEL IN UI

TYPE

DESCRIPTION

REQUIRED

file_name

String

File to be deleted.

Mandatory

Success Response:

{
    "status": "Success",
    "message": "enrichmentsource.csv successfully deleted."
}

Trash Public Uploads

You can delete the uploaded CSV files in public storage in the Fabric storage using the PluginConfiguration-TrashPublicUploads API.

Endpoint URL:

https://api-server-host-name/configapi/PluginConfiguration/CSVEnrichmentSource/{file_name}

Method:

DELETE

Header:

FIELD

LABEL IN UI

DESCRIPTION

Content-Type

Content type of the CSV file. It must be Multipart/Form-data.

Parameters:

FIELD

LABEL IN UI

TYPE

DESCRIPTION

REQUIRED

file_name

String

File to be deleted.

Mandatory

Success Response:

{
    "status": "Success",
    "message": "enrichmentsource.csv successfully deleted."
}
Helpful?

We are glad this guide helped.


Please don't include any personal information in your comment

Contact Support