- Configure and Authenticate Cloud Apps
- Add Open API Authentication and Roles
- Accounts API v1
- Authentication
- Objects used with these APIs
- Get all accounts
- Get single account
- Create an account
- Modify an account
- Delete an account
- Reset an account’s history
- Get all accounts’ health statuses
- Get an account’s health status
- Activate an account
- Deactivate an account
- (Deprecated) Activate an account’s endpoint
- (Deprecated) Deactivate an account’s endpoint
- Activate an account’s endpoint
- Deactivate an account’s endpoint
- Test Account Connection
- Get Account Users
- Get Exposed Resources
- Export Account
- Import Account
- Get ConnectorsSyncSettings
- Set ConnectorsSyncSettings
- Accounts API v2
- Monitoring API
- Remediation API
- Settings and Reports API
- SIEM API
- Tenancy API
- Version API
PrevNext
SIEM API
An Exabeam SIEM represents an instance of a SIEM configuration that you can assign to a tenant. After you associate a tenant with a SIEM, all the tenant's accounts' (aka cloud connectors) data is sent to that SIEM.
Prefix all API URLs with:
https://<your-server-ip>:8443/openapi/api/rest/v1/siem
Authentication
Objects used with these APIs
SIEM
{
"is-deleted": boolean,
"created-at": timestamp, e.g. 1505657187.215,
"last-updated-at": timestamp, e.g. 1505657187.215,
"id": string, optional, if absent the id would be auto generated,
"tenant-id": string,
"name": string,
"description": string optional,
"host": string, IP or host of the SIEM,
"port": int,
"message-format": string enum, RFC_5424|RFC_3162,
"protocol": string enum, UDP|TCP|TLS
}TestResult
{
"success": boolean,
"status": int, http status-like result. 200|400
"msg": string, unique message that was sent to the SIEM, e,g, "Device Vendor: [Skyformation], Message: [Test message number # [1796971490]]"
}Get all SIEMs
GET /
Response:
200,
List<SIEM>
Get a SIEM
GET /{siem-id}
Response:
200,
SIEM
Add a SIEM
POST /
Body:
SIEM w/o id
Response:
200,
SIEM
Update a SIEM
PUT /{siem-id}
Body:
SIEM
Response:
200
Delete a SIEM
DELETE /{siem-id}
Response:
200
Send test message to a SIEM
The SIEM being tested does not need to be a persisted one
POST /test
Body:
SIEM
Response:
200,
TestResult
400 if TCP or TLS and connection could not be established