This section provides some examples to illustrate how to use Cloud App Security APIs, for example, the Log Retrieval API.
The examples include:
-
Using the Log Retrieval API in Windows PowerShell
-
Using the Log Retrieval API in cURL
-
Using the Log Retrieval API in Postman
-
Using Python to write a script to use the Log Retrieval API
Before you start,
-
Log on to the Cloud App Security management console, and go to to generate an authentication token. For details, see Generating an Authentication Token.
-
Get the data ready for the following placeholders that will be used in the examples:
-
REPLACE_WITH_YOUR_TOKEN: Authentication token you created on the Cloud App Security management console
-
REPLACE_WITH_CAS_SERVICE_URL: Cloud App Security service URL, for example, api.tmcas.trendmicro.com. It is subject to the site where your Cloud App Security service is hosted and used in REPLACE_WITH_YOUR_REQUEST_URL below. Find the service URL for your serving site at Understanding the URL Structure.
-
REPLACE_WITH_YOUR_REQUEST_URL: HTTPS request URL structured to use the API, for example, https://api.tmcas.trendmicro.com/siem/v1/security_events?service=exchange&event=securityrisk&start=2020-05-28T02:33:07.000Z&end=2020-05-29T07:12:59.000Z&limit=100
-
Using the Log Retrieval API in Windows PowerShell
Launch Windows PowerShell as an administrator, copy and paste the following
into the command prompt window that appears, and then press
Enter.
$headers = New-Object "System.Collections.Generic.Dictionary[[String],[String]]" $headers.Add("Authorization", "Bearer REPLACE_WITH_YOUR_TOKEN") $response = Invoke-RestMethod 'REPLACE_WITH_YOUR_REQUEST_URL' -Method 'GET' -Headers $headers -Body $body $response | ConvertTo-Json
The requested logs display on the command prompt window.
See Using the Log Retrieval API Sample Script
for Windows PowerShell for a sample
script.
Using the Log Retrieval API in cURL
Launch cURL in a supported operating system, copy and paste the following into
the command prompt window that appears, and then press Enter.
NoteIf you run the following command on the Windows Command Prompt, replace the single
quotation marks with double quotation marks.
|
curl --location --request GET 'REPLACE_WITH_YOUR_REQUEST_URL' --header 'Authorization: Bearer ${REPLACE_WITH_YOUR_TOKEN}'
The requested logs display on the command prompt window.
Using the Log Retrieval API in Postman
Go to the Postman official website to download and install the application.
Launch Postman in a supported operating system, specify the following fields, and
then click
Send.
-
Select the request method, GET for the Log Retrieval API.
-
Copy and paste the value of REPLACE_WITH_YOUR_REQUEST_URL in the text box next to the request method.
-
On the Authorization tab, select Bearer Token from the TYPE drop-down list.
-
Copy and paste the value of REPLACE_WITH_YOUR_TOKEN in the Token text box.
The requested logs display in the Response area
below.
Using Python to write a script to use the Log Retrieval API
If you are using Python to write a script to use the API, the following is a
script sample.
import http.client import mimetypes conn = http.client.HTTPSConnection("REPLACE_WITH_CAS_API_PORTAL_URL") payload = '' headers = { 'Authorization': 'Bearer REPLACE_WITH_YOUR_TOKEN' } conn.request("GET", "REPLACE_WITH_YOUR_REQUEST_URL", payload, headers) res = conn.getresponse() data = res.read() print(data.decode("utf-8"))