API

Create a security log stream

post
https://{hostname}/datastream-config-api/v3/log/appsec/streams

Creates a stream configuration for Security Information and Event Management (SIEM) events. Logging security events requires enabling data collection for SIEM integrations in your security configuration. For details on this log type, see Security logs.

Run List security configurations to get the security configuration id and name you can use as the appSecId and appSecName.

You can activate the stream when making the request, or later. Note that only active streams collect and send logs to their destinations. See Activate a stream.

Query Params
boolean
Defaults to false

Activates the stream at the time of the request, false by default. When you edit or patch an active stream, you need to set this to true.

Body Params

Provides information that you need to specify when creating a stream configuration.

appSecConfigs
array of objects
required

Details the Application Security configuration that you want to log SIEM events for.

Security configuration*
string
required

Identifies the contract that has access to the product.

deliveryConfiguration
object
required

Configures log lines, log file format, names of the log files sent to a destination, and delivery frequency for these files.

destination
required

The destination configuration in the stream to send logs. See Destinations for details and features available for each destination.

integer
required

Identifies the group that has access to the product and this stream configuration.

notificationEmails
array of strings
length ≥ 0

Email addresses where you want to send notifications about the stream's activations and deactivations. By omitting this or specifying an empty array, you can activate or deactivate the stream without notifications.

Notification emails
string
required
length ≤ 1000

The stream's name.

Response

Updated 21 days ago

Language
URL
LoadingLoading…
Response
Choose an example:
application/json

Updated 21 days ago