Syslog

Methods described in this section relate to the syslog API. These methods can be accessed at TenableIE.syslog.

class SyslogAPI(api: APISession)[source]
create(**kwargs) List[Dict][source]

Creates a syslog object.

Parameters:
  • profiles (List[int]) – The list of profile identifiers.

  • checkers (List[int], required_for=[deviances]) – The list of checker identifiers.

  • input_type (str) – The type of input to send through the syslog. Allowed values are deviances or ad_object_changes or attacks.

  • description (optional, str) – The description for syslog object.

  • attack_types (List[int], required_for=[attacks]) – Filter on the types of attack that will be sent if input type is attack.

  • ip (str) – The collector ip address or hostname of the syslog.

  • port (int) – The port number of the collector ip address.

  • protocol (str) – The protocol used by the collector. Allowed values are TCP and UDP.

  • tls (bool, required_for=[TCP]) – Whether the configured syslog should connect using TLS. By default and if UDP is selected as the protocol, tls is False.

  • criticity_threshold (int, required_for=[attacks, deviances]) – Threshold at which indicator alerts will be sent.

  • directories (list[str]) – The list of directory identifiers.

  • should_notify_on_initial_full_security_check (bool) – Whether alerts should be sent when deviances are detected during the initial analysis phase.

  • filter_expression (optional, mapping) – An object describing a filter for searched items.

Returns:

The created syslog object.

Return type:

list[dict]

Example

Create a syslog object with input_type as ad_object_changes.

>>> tie.syslog.create(
...     description='test_syslog',
...     input_type="ad_object_changes",
...     ip='127.0.0.1',
...     port=8888,
...     protocol="TCP",
...     tls=False,
...     directories=[2],
...     should_notify_on_initial_full_security_check=False,
...     filter_expression={'OR': [{'systemOnly': 'True'}]}
...     )

Create syslog object with input_type as attacks

>>> tie.syslog.create(
...     description='test_syslog',
...     input_type="attacks",
...     profiles=[1],
...     attack_types=[1],
...     ip='127.0.0.1',
...     port=8888,
...     protocol="TCP",
...     tls=True,
...     criticity_threshold=55,
...     directories=[2],
...     should_notify_on_initial_full_security_check=False,
...     filter_expression={'OR': [{'systemOnly': 'True'}]}
...     )

Create syslog object with input_type as deviances

>>> tie.syslog.create(
...     description='test_syslog',
...     input_type="deviances",
...     profiles=[1],
...     checkers=[1],
...     ip='127.0.0.1',
...     port=8888,
...     protocol="TCP",
...     tls=True,
...     criticity_threshold=55,
...     directories=[2],
...     should_notify_on_initial_full_security_check=False,
...     filter_expression={'OR': [{'systemOnly': 'True'}]}
...     )

Create syslog object with protocol as UDP without passing tls

>>> tie.syslog.create(
...     description='test_syslog',
...     input_type="deviances",
...     profiles=[1],
...     checkers=[1],
...     ip='127.0.0.1',
...     port=8888,
...     protocol="UDP",
...     criticity_threshold=55,
...     directories=[2],
...     should_notify_on_initial_full_security_check=False,
...     filter_expression={'OR': [{'systemOnly': 'True'}]})
delete(syslog_id: str) None[source]

Deletes the syslog object of given syslog identifier.

Parameters:

syslog_id (str) – The syslog object identifier.

Return type:

None

Examples

>>> tie.syslog.delete(syslog_id='1')
details(syslog_id: str) Dict[source]

Returns the details of the syslog object of the given syslog identifier.

Parameters:

syslog_id (str) – The syslog object identifier.

Returns:

The details of the syslog object.

Return type:

dict

Examples

>>> tie.syslog.details(syslog_id='1')
list() List[Dict][source]

Returns all the syslog objects.

Returns:

The list of syslog objects.

Return type:

list

Examples

>>> tie.syslog.list()
send_notification(**kwargs) None[source]

Send a test syslog notification.

Parameters:
  • profiles (List[int]) – The list of profile identifiers.

  • checkers (optional, List[int], required_for=[deviances]) – The list of checker identifiers.

  • input_type (str) – The type of input to send through the syslog. Allowed values for deviances or ad_object_changes or attacks.

  • description (optional, str) – The description for syslog object.

  • attack_types (optional, List[int], required_for=[attacks]) – Filter on the types of attack that will be sent if input type is attack.

  • ip (str) – The collector ip address or hostname of the syslog.

  • port (int) – The port number of the collector ip address.

  • protocol (str) – The protocol used by the collector. Allowed values are TCP and UDP.

  • tls (bool, required if protocol is tcp) – Whether the configured syslog should connect using TLS. By default and if UDP is selected as the protocol, tls is False.

  • criticity_threshold (int, required_for=[attacks, deviances]) – Threshold at which indicator alerts will be sent.

  • directories (list[str]) – The list of directory identifiers.

Return type:

None

Examples

Send test syslog with input_type as ad_object_changes.

>>> tie.syslog.send_notification(
...     input_type="ad_object_changes",
...     ip='127.0.0.1',
...     port=8888,
...     protocol="TCP",
...     tls=True,
...     directories=[2],
...     )

Send test syslog with input_type as deviances.

>>> tie.syslog.send_notification(
...     checkers=[1],
...     profiles=[1],
...     input_type="deviances",
...     ip='127.0.0.1',
...     port=8888,
...     protocol="TCP",
...     tls=True,
...     criticity_threshold=10,
...     directories=[2],
...     )

Send test syslog with input_type as attacks

>>> tie.syslog.send_notification(
...     profiles=[1],
...     input_type="attacks",
...     attack_types=[1],
...     ip='127.0.0.1',
...     port=8888,
...     protocol="TCP",
...     tls=True,
...     criticity_threshold=10,
...     directories=[2],
...     )
send_syslog_notification_by_id(syslog_id: str) None[source]

Send a test syslog notification by syslog identifier.

Parameters:

syslog_id (str) – The syslog object identifier.

Return type:

None

Examples

>>> tie.syslog.send_syslog_notification_by_id(syslog_id='1')
update(syslog_id: str, **kwargs) Dict[source]

Updates the existing syslog object.

Parameters:
  • syslog_id (str) – The syslog object identifier.

  • profiles (optional, List[int]) – The list of profile identifiers.

  • checkers (optional, List[int], required_for=[deviances]) – The list of checker identifiers.

  • input_type (optional, str) – The type of input to send through the syslog. Allowed values for deviances or ad_object_changes or attacks.

  • description (optional, str) – The description for syslog object.

  • attack_types (optional, List[int], required_for=[attacks]) – Filter on the types of attack that will be sent if input type is attack.

  • ip (optional, str) – The collector ip address or hostname of the syslog.

  • port (optional, int) – The port number of the collector ip address.

  • protocol (optional, str) – The protocol used by the collector. Allowed values are TCP and UDP.

  • tls (optional, bool, required if protocol is tcp) – Whether the configured syslog should connect using TLS. By default and if UDP is selected as the protocol, tls is False.

  • criticity_threshold (optional, int, required_for=[attacks, deviances]) – Threshold at which indicator alerts will be sent.

  • directories (optional, list[str]) – The list of directory identifiers.

  • should_notify_on_initial_full_security_check (bool) – Whether alerts should be sent when deviances are detected during the initial analysis phase.

  • filter_expression (optional, mapping) – An object describing a filter for searched items.

Returns:

The updated syslog object.

Return type:

dict

Examples

>>> tie.syslog.update(
...     syslog_id='1',
...     filter_expression={'OR': [{'systemOnly': 'True'}]}
...     )