- Configure and Authenticate Cloud Apps
- Add Open API Authentication and Roles
- Accounts API v1
- Authentication
- Objects used with these APIs
- Get all accounts
- Get single account
- Create an account
- Modify an account
- Delete an account
- Reset an account’s history
- Get all accounts’ health statuses
- Get an account’s health status
- Activate an account
- Deactivate an account
- (Deprecated) Activate an account’s endpoint
- (Deprecated) Deactivate an account’s endpoint
- Activate an account’s endpoint
- Deactivate an account’s endpoint
- Test Account Connection
- Get Account Users
- Get Exposed Resources
- Export Account
- Import Account
- Get ConnectorsSyncSettings
- Set ConnectorsSyncSettings
- Accounts API v2
- Monitoring API
- Remediation API
- Settings and Reports API
- SIEM API
- Tenancy API
- Version API
Add Open API Authentication and Roles
Note
This guide is for Exabeam Cloud Connectors 2.1.21 and later releases. If you are using an older release, you must upgrade before you perform this workflow.
API access is disabled by default. To enable it, create an integration user and password for use with Basic Authentication by following the steps below.
SSH into the Linux machine that hosts the Exabeam Cloud Connectors app with an account that has root-level permissions.
Enter the command docker inspect sk4_conf. If you see an entry with key device, the value is the location of the conf volume. Otherwise (if the device does not exist), the value of the key Mountpoint is the location of the conf volume.
root@ip-172-31-13-90:~#
docker volume inspect sk4_conf[ { "CreatedAt":"2019-06-10T15:13:05Z", "Driver":"local", "Labels":{ "com.docker.compose.project":"sk4", "com.docker.compose.volume":"conf" }, "Mountpoint":"/var/lib/docker/volumes/sk4_conf/_data", /* If device does not exist, use this as the location.*/ "Name":"sk4_conf", "Options":{ "device":"/opt/exabeam/data/sk4/conf", /* If this line exists, use this as the location.*/ "o":"bind", "type":"none" }, "Scope":"local" } ]Change to the directory mentioned in the mountpoint value, for example:
root@ip-172-31-38-29:~#
cd /var/lib/docker/volumes/sk4_conf/_dataroot@ip-172-31-38-29:/var/lib/docker/volumes/sk4_conf/_data#Make a backup copy to the file shiro/client-shiro.ini by typing the following command:
cp shiro/openapi-shiro.ini shiro/openapi-shiro.ini.origEdit the file shiro/client-shiro.ini as described below to add one or more read-only or admin users:
To add basic authentication read only integration user:
In the file
shiro/openapi-shiro.ini, under[users], add a new line withusername = passwordformatExample:
[users] mynewuser = somepassword
To add basic authentication admin integration user:
In the file
shiro/openapi-shiro.ini, under[users], add a new line withusername = password,integration-adminformatExample:
[users] mynewuser = somepassword,integration-admin
* You can add multiple integration users, both read only and admin users
Example:
[users] bob = bob123 alice = alice123,integration-admin
Here we've defined two integration users, bob as read only integration user and alice as an integration admin
Restart the Cloud Connectors app by running the command:
sudo service sk4compose restart