Introducing SOC Insights for BloxOne Threat Defense: Boost your SOC efficiency with AI-driven insights to eliminate manual work and accelerate investigation and response times. Read the blog announcement here.

API Examples

Reply

A sample outbound template to send syslog messages (to a syslog endpoint)

[ Edited ]
Adviser
Posts: 81
2107     0

The template logs variables into the debug log and send a simple syslog message to an endpoint.

{
	"name": "Send syslog",
	"comment": "Send Syslog message",
	"type": "SYSLOG_EVENT",
	"version": "5.0",
	"event_type": ["RPZ", "TUNNEL", "LEASE", "NETWORK_IPV4", "RANGE_IPV4", "FIXED_ADDRESS_IPV4", "HOST_ADDRESS_IPV4", "NETWORK_IPV6", "RANGE_IPV6", "FIXED_ADDRESS_IPV6", "HOST_ADDRESS_IPV6", "DNS_RECORD", "DNS_ZONE"
	],
	"action_type": "Send syslog",
	"content_type": "application/json",
	"vendor_identifier": "Syslog",
	"quoting": "XML",
	"steps": [
		{
			"name": "Debug",
			"operation": "NOP",
			"body": "${XC:DEBUG:{H:}}${XC:DEBUG:{E:}}${XC:DEBUG:{I:}}${XC:DEBUG:{L:}}${XC:DEBUG:{S:}}${XC:DEBUG:{P:}}${XC:DEBUG:{R:}}${XC:DEBUG:{RH:}}${XC:DEBUG:{UT:}}"
		},
		{
			"name": "Send Syslog",
			"operation": "SYSLOG_SEND_EVENT",
			"body": "${E::event_type} ${E::object_type} ${E::operation_type}"
		}

	]
}

 

 

BR,

Vadim

Showing results for 
Search instead for 
Did you mean: 

Recommended for You