Syslog¶
Methods described in this section relate to the syslog API.
These methods can be accessed at TenableIE.syslog
.
- class SyslogAPI(api: APISession)[source]¶
- create(**kwargs) → List[Dict][source]¶
Creates a syslog object.
- Parameters:
profiles (List[int]) – The list of profile identifiers.
checkers (List[int], required_for=[
deviances
]) – The list of checker identifiers.input_type (str) – The type of input to send through the syslog. Allowed values are
deviances
orad_object_changes
orattacks
.description (optional, str) – The description for syslog object.
attack_types (List[int], required_for=[
attacks
]) – Filter on the types of attack that will be sent if input type isattack
.ip (str) – The collector ip address or hostname of the syslog.
port (int) – The port number of the collector ip address.
protocol (str) – The protocol used by the collector. Allowed values are
TCP
andUDP
.tls (bool, required_for=[
TCP
]) – Whether the configured syslog should connect using TLS. By default and ifUDP
is selected as the protocol, tls isFalse
.criticity_threshold (int, required_for=[
attacks
,deviances
]) – Threshold at which indicator alerts will be sent.directories (list[str]) – The list of directory identifiers.
should_notify_on_initial_full_security_check (bool) – Whether alerts should be sent when deviances are detected during the initial analysis phase.
filter_expression (optional, mapping) – An object describing a filter for searched items.
- Returns:
The created syslog object.
- Return type:
Example
Create a syslog object with input_type as
ad_object_changes
.>>> tie.syslog.create( ... description='test_syslog', ... input_type="ad_object_changes", ... ip='127.0.0.1', ... port=8888, ... protocol="TCP", ... tls=False, ... directories=[2], ... should_notify_on_initial_full_security_check=False, ... filter_expression={'OR': [{'systemOnly': 'True'}]} ... )
Create syslog object with input_type as
attacks
>>> tie.syslog.create( ... description='test_syslog', ... input_type="attacks", ... profiles=[1], ... attack_types=[1], ... ip='127.0.0.1', ... port=8888, ... protocol="TCP", ... tls=True, ... criticity_threshold=55, ... directories=[2], ... should_notify_on_initial_full_security_check=False, ... filter_expression={'OR': [{'systemOnly': 'True'}]} ... )
Create syslog object with input_type as
deviances
>>> tie.syslog.create( ... description='test_syslog', ... input_type="deviances", ... profiles=[1], ... checkers=[1], ... ip='127.0.0.1', ... port=8888, ... protocol="TCP", ... tls=True, ... criticity_threshold=55, ... directories=[2], ... should_notify_on_initial_full_security_check=False, ... filter_expression={'OR': [{'systemOnly': 'True'}]} ... )
Create syslog object with protocol as
UDP
without passingtls
>>> tie.syslog.create( ... description='test_syslog', ... input_type="deviances", ... profiles=[1], ... checkers=[1], ... ip='127.0.0.1', ... port=8888, ... protocol="UDP", ... criticity_threshold=55, ... directories=[2], ... should_notify_on_initial_full_security_check=False, ... filter_expression={'OR': [{'systemOnly': 'True'}]})
- delete(syslog_id: str) → None[source]¶
Deletes the syslog object of given syslog identifier.
- Parameters:
syslog_id (str) – The syslog object identifier.
- Return type:
None
Examples
>>> tie.syslog.delete(syslog_id='1')
- details(syslog_id: str) → Dict[source]¶
Returns the details of the syslog object of the given syslog identifier.
- Parameters:
syslog_id (str) – The syslog object identifier.
- Returns:
The details of the syslog object.
- Return type:
Examples
>>> tie.syslog.details(syslog_id='1')
- list() → List[Dict][source]¶
Returns all the syslog objects.
- Returns:
The list of syslog objects.
- Return type:
Examples
>>> tie.syslog.list()
- send_notification(**kwargs) → None[source]¶
Send a test syslog notification.
- Parameters:
profiles (List[int]) – The list of profile identifiers.
checkers (optional, List[int], required_for=[
deviances
]) – The list of checker identifiers.input_type (str) – The type of input to send through the syslog. Allowed values for
deviances
orad_object_changes
orattacks
.description (optional, str) – The description for syslog object.
attack_types (optional, List[int], required_for=[
attacks
]) – Filter on the types of attack that will be sent if input type isattack
.ip (str) – The collector ip address or hostname of the syslog.
port (int) – The port number of the collector ip address.
protocol (str) – The protocol used by the collector. Allowed values are
TCP
andUDP
.tls (bool, required if protocol is
tcp
) – Whether the configured syslog should connect using TLS. By default and ifUDP
is selected as the protocol, tls isFalse
.criticity_threshold (int, required_for=[
attacks
,deviances
]) – Threshold at which indicator alerts will be sent.directories (list[str]) – The list of directory identifiers.
- Return type:
None
Examples
Send test syslog with input_type as
ad_object_changes
.>>> tie.syslog.send_notification( ... input_type="ad_object_changes", ... ip='127.0.0.1', ... port=8888, ... protocol="TCP", ... tls=True, ... directories=[2], ... )
Send test syslog with input_type as
deviances
.>>> tie.syslog.send_notification( ... checkers=[1], ... profiles=[1], ... input_type="deviances", ... ip='127.0.0.1', ... port=8888, ... protocol="TCP", ... tls=True, ... criticity_threshold=10, ... directories=[2], ... )
Send test syslog with input_type as
attacks
>>> tie.syslog.send_notification( ... profiles=[1], ... input_type="attacks", ... attack_types=[1], ... ip='127.0.0.1', ... port=8888, ... protocol="TCP", ... tls=True, ... criticity_threshold=10, ... directories=[2], ... )
- send_syslog_notification_by_id(syslog_id: str) → None[source]¶
Send a test syslog notification by syslog identifier.
- Parameters:
syslog_id (str) – The syslog object identifier.
- Return type:
None
Examples
>>> tie.syslog.send_syslog_notification_by_id(syslog_id='1')
- update(syslog_id: str, **kwargs) → Dict[source]¶
Updates the existing syslog object.
- Parameters:
syslog_id (str) – The syslog object identifier.
profiles (optional, List[int]) – The list of profile identifiers.
checkers (optional, List[int], required_for=[
deviances
]) – The list of checker identifiers.input_type (optional, str) – The type of input to send through the syslog. Allowed values for
deviances
orad_object_changes
orattacks
.description (optional, str) – The description for syslog object.
attack_types (optional, List[int], required_for=[
attacks
]) – Filter on the types of attack that will be sent if input type isattack
.ip (optional, str) – The collector ip address or hostname of the syslog.
port (optional, int) – The port number of the collector ip address.
protocol (optional, str) – The protocol used by the collector. Allowed values are
TCP
andUDP
.tls (optional, bool, required if protocol is
tcp
) – Whether the configured syslog should connect using TLS. By default and ifUDP
is selected as the protocol, tls isFalse
.criticity_threshold (optional, int, required_for=[
attacks
,deviances
]) – Threshold at which indicator alerts will be sent.directories (optional, list[str]) – The list of directory identifiers.
should_notify_on_initial_full_security_check (bool) – Whether alerts should be sent when deviances are detected during the initial analysis phase.
filter_expression (optional, mapping) – An object describing a filter for searched items.
- Returns:
The updated syslog object.
- Return type:
Examples
>>> tie.syslog.update( ... syslog_id='1', ... filter_expression={'OR': [{'systemOnly': 'True'}]} ... )