Create a syslog integration

Cortex XDR REST API
post /public_api/v1/integrations/syslog/create

Create a new syslog integration.

You must have View/Edit Alert Notification permissions to run this endpoint.

Request headers
Authorization
String
required
{api_key}
Example: authorization_example
x-xdr-auth-id
String
required
{api_key_id}
Example: xXdrAuthId_example
Body parameters
request_dataObject

A dictionary containing the API request fields.

nameString

Unique name for the syslog server integration.

addressString

IP address or fully qualified domain name (FQDN) of the syslog server.

portInteger

The port number on which the syslog server listens for messages.

protocolObject (Enum)

Select a method of communication: - TCP: No validation is made on the connection with the syslog server. However, if an error occurred with the domain used to make the connection, the Test connection will fail. - UDP: No error checking, error correction, or acknowledgment. No validation is done for the connection or when sending data. - TLS: Cortex validates the syslog server certificate and uses the certificate signature and public key to encrypt the data sent over the connection.

Allowed values:"TCP""UDP""TLS"
facilityString

Choose one of the syslog standard values. The value maps to how your syslog server uses the facility field to manage messages. For details on the facility field, see RFC 5424.

security_infoObject

The security_info parameters are necessary only when protocol is TLS.

certificate_nameString

When using TLS for communication between Cortex and the syslog server, Cortex validates that the syslog receiver has a certificate. Specify the certificate name here.

ignore_cert_errorsBoolean

Whether to ignore certificate errors. For security reasons, this is not recommended. If you set this to true, logs will be forwarded even if the certificate contains errors.

certificate_contentStringbinary

Binary string of the certificate.

REQUEST BODY
{ "request_data": { "address": "xdr-splunk-qa.traps.company.com", "facility": "FAC_USER", "name": "Syslog_PAPI_Test_7H55R76T", "port": 5006, "protocol": "TCP", "security_info": "None" } }
CURL
curl -X 'POST'
-H 'Accept: application/json'
-H 'Content-Type: application/json'
-H 'Authorization: authorization_example' -H 'x-xdr-auth-id: xXdrAuthId_example'
'https://api-yourfqdn/public_api/v1/integrations/syslog/create'
-d ''
Responses

OK

Body
syslog_integration_idInteger
nameString
RESPONSE
{ "syslog_integration_id": 630, "name": "Test PAPI" }

Bad Request

Body
err_codeString

HTTP response code.

err_msgString

Error message.

Example:"{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}"
err_extraString

Additional information describing the error.

RESPONSE
{ "err_code": "err_code_example", "err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}", "err_extra": "err_extra_example" }

Unauthorized

Body
err_codeString

HTTP response code.

err_msgString

Error message.

Example:"{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}"
err_extraString

Additional information describing the error.

RESPONSE
{ "err_code": "err_code_example", "err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}", "err_extra": "err_extra_example" }

Payment Required

Body
err_codeString

HTTP response code.

err_msgString

Error message.

Example:"{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}"
err_extraString

Additional information describing the error.

RESPONSE
{ "err_code": "err_code_example", "err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}", "err_extra": "err_extra_example" }

Forbidden

Body
err_codeString

HTTP response code.

err_msgString

Error message.

Example:"{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}"
err_extraString

Additional information describing the error.

RESPONSE
{ "err_code": "err_code_example", "err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}", "err_extra": "err_extra_example" }

Internal Server Error

Body
err_codeString

HTTP response code.

err_msgString

Error message.

Example:"{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}"
err_extraString

Additional information describing the error.

RESPONSE
{ "err_code": "err_code_example", "err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}", "err_extra": "err_extra_example" }