CLOUD SOLUTIONS

setPushEventSettings

This method sets the push event settings.

Important

  • Event Push Service requires the HTTP collector running on the third-party platforms to support SSL with TLS 1.2 or higher, to send events successfully.

  • The following IP addresses must be whitelisted to ensure end-to-end communication between the GravityZone Event Push Service and the SIEM/HTTP collector:

    • 34.196.132.25

    • 52.58.244.109

  • The HTTP collector must respond with the status HTTP 200 OK to the push events received from the above-mentioned IP addresses if the messages are correctly received. Any other response or no response is considered an error.

Parameters

Parameter

Type

Optional

Description

status

Number

No

0 - disabled, 1 - enabled

serviceType

String

No

Type of the web service. Valid values: jsonRPC, splunk and cef

serviceSettings

Array

No

Specific settings for each service type. For information regarding the service settings, refer to Service Type Settings.

subscribeToEventTypes

Array

No

List of event types to be sent to the web service.

Service Type Settings

Service Type

Service Settings

jsonRPC

  • url - a String representing the Web service URL

  • requireValidSslCertificate - a Boolean to validate the SSL certificate of the web service: True to perform the validation, False otherwise

  • authorization - a String representing the authorization header

splunk

  • url - a String representing the Web service URL

  • requireValidSslCertificate - a Boolean to validate the SSL certificate of the web service: True to perform the validation, False otherwise

  • splunkAuthorization - a String representing the Splunk authorization header

cef

  • url - a String representing the Web service URL

  • requireValidSslCertificate - a Boolean to validate the SSL certificate of the web service: True to perform the validation, False otherwise

  • authorization - a String representing the CEF basic authorization header

Return value

This method returns a Boolean which is True when the settings were saved successfully.

Example

Request:

  {
       "params": {
          "status": 1,
          "serviceType": "jsonRPC",
          "serviceSettings": {
               "url": "http://example.com",
               "authorization": "Bearer sfasdfw34243",
               "requireValidSslCertificate": true
          },
          "subscribeToEventTypes": {
              "modules": true,
              "sva": true,
              "registration": true,
              "supa-update-status": true,
              "av": true,
              "aph": true,
              "fw": true,
              "avc": true,
              "uc": true,
              "dp": true,
              "sva-load": true,
              "task-status": true,
              "exchange-malware": true,
              "network-sandboxing": true,
              "adcloud": true,
              "exchange-user-credentials": true,
              "endpoint-moved-out": true, 
              "endpoint-moved-in": true,
              "troubleshooting-activity": true,
              "uninstall": true,
              "install": true,
              "hwid-change": true,
              "new-incident": true,
              "antiexploit": true,
              "network-monitor": true,
              "ransomware-mitigation": true,
              "security-container-update-available": true
           },
           
       },
       "jsonrpc": "2.0",
       "method": "setPushEventSettings",
       "id": "ad12cb61-52b3-4209-a87a-93a8530d91cb"
  }  

Response:

  {
      "id":"ad12cb61-52b3-4209-a87a-93a8530d91cb",
      "jsonrpc":"2.0",
      "result": true
  }