Skip to main content

setPushEventSettings

This method sets the push event settings.

Important

  • Event Push Service requires the HTTP collector running on the third-party platforms to support SSL with TLS 1.2 or higher, to send events successfully.

  • The following IP addresses must be whitelisted to ensure end-to-end communication between the GravityZone Event Push Service and the SIEM/HTTP collector:

    • 34.148.142.174

    • 34.126.111.12

    • 34.48.74.208

    • 35.198.138.109

    • 35.246.228.213

    • 35.234.118.64

    • 34.159.83.241

    • 34.159.47.15

    • 34.159.150.228

    • 34.85.152.87

    • 34.85.155.173

    • 34.90.162.143

    • 34.91.218.129

    • 35.204.90.200

    • 34.90.110.196

    • 34.147.0.186

    • 34.129.193.31

  • The HTTP collector must respond with the status HTTP 200 OK to the push events received from the above-mentioned IP addresses if the messages are correctly received. Any other response or no response is considered an error.

  • The SIEM and NodeJS connector receiving events from the event push require a Public IP assigned for the GravityZone Event Push server to forward events to.

Parameters

Parameter

Type

Optional

Description

status

Number

No

0 - disabled, 1 - enabled

serviceType

String

No

Type of the web service. Valid values: jsonRPC, splunk and cef

serviceSettings

Array

No

Specific settings for each service type. For information regarding the service settings, refer to Service Type Settings.

subscribeToEventTypes

Array

No

List of event types to be sent to the web service.

subscribeToCompanies

Array

No

The list of companies under your management for which you want to receive the events. You need to mention your own company as well. The list cannot be empty. If the field is missing or has the null value, you will receive events for all companies you manage.

Service Type Settings

Service Type

Service Settings

jsonRPC

  • url - a String representing the Web service URL

  • requireValidSslCertificate - a Boolean to validate the SSL certificate of the web service: True to perform the validation, False otherwise

  • authorization - a String representing the authorization header

splunk

  • url - a String representing the Web service URL

  • requireValidSslCertificate - a Boolean to validate the SSL certificate of the web service: True to perform the validation, False otherwise

  • splunkAuthorization - a String representing the Splunk authorization header

cef

  • url - a String representing the Web service URL

  • requireValidSslCertificate - a Boolean to validate the SSL certificate of the web service: True to perform the validation, False otherwise

  • authorization - a String representing the CEF basic authorization header

qradar

  • url - a String representing the Web service URL

  • requireValidSslCertificate - a Boolean to validate the SSL certificate of the web service: True to perform the validation, False otherwise

  • authorization - a String representing the authorization header

azuresentinel

  • url - a String representing the Web service URL

  • requireValidSslCertificate - a Boolean to validate the SSL certificate of the web service: True to perform the validation, False otherwise

  • authorization - a String representing the authorization header

Return value

This method returns a Boolean which is True when the settings were saved successfully.

Example

Request:

  {
       "params": {
          "status": 1,
          "serviceType": "jsonRPC",
          "serviceSettings": {
               "url": "http://web_service_url_example.com",
               "authorization": "Bearer sfasdfw34243",
               "requireValidSslCertificate": true
          },
          "subscribeToEventTypes": {
              "modules": true,
              "sva": true,
              "registration": true,
              "supa-update-status": true,
              "av": true,
              "aph": true,
              "fw": true,
              "avc": true,
              "uc": true,
              "dp": true,
              "sva-load": true,
              "task-status": true,
              "exchange-malware": true,
              "network-sandboxing": true,
              "adcloud": true,
              "exchange-user-credentials": true,
              "endpoint-moved-out": true, 
              "endpoint-moved-in": true,
              "troubleshooting-activity": true,
              "uninstall": true,
              "install": true,
              "hwid-change": true,
              "new-incident": true,
              "antiexploit": true,
              "network-monitor": true,
              "ransomware-mitigation": true,
              "security-container-update-available": true,
              "partner-changed": true
           }
           "subscribeToCompanies": [
               "54a295d8b1a43d7c4a7b23c6",
               "54a295d8b1a43d7c4a7be321"
           ]
       },
       "jsonrpc": "2.0",
       "method": "setPushEventSettings",
       "id": "ad12cb61-52b3-4209-a87a-93a8530d91cb"
  }  

Response:

  {
      "id":"ad12cb61-52b3-4209-a87a-93a8530d91cb",
      "jsonrpc":"2.0",
      "result": true
  }