Retrieve log collection settings

Cortex XSIAM Platform APIs
post /public_api/v1/configurations/agent/cortex_xdr_log_collection

Returns the current Cortex XDR log collection configuration for the tenant.

Authentication: api-key-header-x-xdr-auth-id Api Key "x-xdr-auth-id"
Authentication: api-key-header-authorization Api Key "Authorization"
CLIENT REQUEST
curl -X 'POST'
-H "x-xdr-auth-id: [[apiKey]]" \
-H "Authorization: [[apiKey]]" \
-H 'Accept: application/json'
'https://api-yourfqdn/public_api/v1/configurations/agent/cortex_xdr_log_collection'
import http.client conn = http.client.HTTPSConnection("api-yourfqdn") headers = { 'x-xdr-auth-id': "REPLACE_KEY_VALUE" } conn.request("POST", "/public_api/v1/configurations/agent/cortex_xdr_log_collection", headers=headers) res = conn.getresponse() data = res.read() print(data.decode("utf-8"))
require 'uri' require 'net/http' require 'openssl' url = URI("https://api-yourfqdn/public_api/v1/configurations/agent/cortex_xdr_log_collection") http = Net::HTTP.new(url.host, url.port) http.use_ssl = true http.verify_mode = OpenSSL::SSL::VERIFY_NONE request = Net::HTTP::Post.new(url) request["x-xdr-auth-id"] = 'REPLACE_KEY_VALUE' response = http.request(request) puts response.read_body
const data = null; const xhr = new XMLHttpRequest(); xhr.withCredentials = true; xhr.addEventListener("readystatechange", function () { if (this.readyState === this.DONE) { console.log(this.responseText); } }); xhr.open("POST", "https://api-yourfqdn/public_api/v1/configurations/agent/cortex_xdr_log_collection"); xhr.setRequestHeader("x-xdr-auth-id", "REPLACE_KEY_VALUE"); xhr.send(data);
HttpResponse<String> response = Unirest.post("https://api-yourfqdn/public_api/v1/configurations/agent/cortex_xdr_log_collection") .header("x-xdr-auth-id", "REPLACE_KEY_VALUE") .asString();
import Foundation let headers = ["x-xdr-auth-id": "REPLACE_KEY_VALUE"] let request = NSMutableURLRequest(url: NSURL(string: "https://api-yourfqdn/public_api/v1/configurations/agent/cortex_xdr_log_collection")! as URL, cachePolicy: .useProtocolCachePolicy, timeoutInterval: 10.0) request.httpMethod = "POST" request.allHTTPHeaderFields = headers let session = URLSession.shared let dataTask = session.dataTask(with: request as URLRequest, completionHandler: { (data, response, error) -> Void in if (error != nil) { print(error) } else { let httpResponse = response as? HTTPURLResponse print(httpResponse) } }) dataTask.resume()
<?php $curl = curl_init(); curl_setopt_array($curl, [ CURLOPT_URL => "https://api-yourfqdn/public_api/v1/configurations/agent/cortex_xdr_log_collection", CURLOPT_RETURNTRANSFER => true, CURLOPT_ENCODING => "", CURLOPT_MAXREDIRS => 10, CURLOPT_TIMEOUT => 30, CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1, CURLOPT_CUSTOMREQUEST => "POST", CURLOPT_HTTPHEADER => [ "x-xdr-auth-id: REPLACE_KEY_VALUE" ], ]); $response = curl_exec($curl); $err = curl_error($curl); curl_close($curl); if ($err) { echo "cURL Error #:" . $err; } else { echo $response; }
CURL *hnd = curl_easy_init(); curl_easy_setopt(hnd, CURLOPT_CUSTOMREQUEST, "POST"); curl_easy_setopt(hnd, CURLOPT_URL, "https://api-yourfqdn/public_api/v1/configurations/agent/cortex_xdr_log_collection"); struct curl_slist *headers = NULL; headers = curl_slist_append(headers, "x-xdr-auth-id: REPLACE_KEY_VALUE"); curl_easy_setopt(hnd, CURLOPT_HTTPHEADER, headers); CURLcode ret = curl_easy_perform(hnd);
var client = new RestClient("https://api-yourfqdn/public_api/v1/configurations/agent/cortex_xdr_log_collection"); var request = new RestRequest(Method.POST); request.AddHeader("x-xdr-auth-id", "REPLACE_KEY_VALUE"); IRestResponse response = client.Execute(request);
Responses

Successful response containing the current log collection configuration.

Body
application/json

Current Cortex XDR log collection configuration.

replyobject
allow_logs_collectionboolean

Indicates whether agents are currently allowed to collect and send diagnostic logs.

Example:true
RESPONSE
{ "reply": { "allow_logs_collection": true } }

Bad request. The request was malformed or contained invalid parameters.

Body
application/json

Standard error response returned when a request fails.

replyobject

Error details container.

err_codeinteger

Numeric error code identifying the type of error.

err_msgstring

Human-readable error message describing what went wrong.

err_extrastring

Additional context about the error, if available.

RESPONSE
{ "reply": { "err_code": 400, "err_msg": "Bad request. Got an invalid JSON.", "err_extra": "Additional error context" } }

Unauthorized. Authentication credentials are missing or invalid.

Body
application/json

Standard error response returned when a request fails.

replyobject

Error details container.

err_codeinteger

Numeric error code identifying the type of error.

err_msgstring

Human-readable error message describing what went wrong.

err_extrastring

Additional context about the error, if available.

RESPONSE
{ "reply": { "err_code": 401, "err_msg": "Public API request unauthorized", "err_extra": "Additional error context" } }

Forbidden. The API key does not have the required permissions.

Body
application/json

Standard error response returned when a request fails.

replyobject

Error details container.

err_codeinteger

Numeric error code identifying the type of error.

err_msgstring

Human-readable error message describing what went wrong.

err_extrastring

Additional context about the error, if available.

RESPONSE
{ "reply": { "err_code": 403, "err_msg": "Forbidden. Access was denied to this resource.", "err_extra": "Insufficient permissions for api key" } }

Internal server error.

Body
application/json

Standard error response returned when a request fails.

replyobject

Error details container.

err_codeinteger

Numeric error code identifying the type of error.

err_msgstring

Human-readable error message describing what went wrong.

err_extrastring

Additional context about the error, if available.

RESPONSE
{ "reply": { "err_code": 500, "err_msg": "Internal server error", "err_extra": "Additional error context" } }