setPushEventSettings
This method sets the push event settings.
Important
Event Push Service requires the HTTP collector running on the third-party platforms to support SSL with TLS 1.2 or higher, to send events successfully.
The following IP addresses must be whitelisted to ensure end-to-end communication between the GravityZone Event Push Service and the SIEM/HTTP collector:
34.148.142.174
34.126.111.12
34.48.74.208
35.198.138.109
35.246.228.213
35.234.118.64
34.159.83.241
34.159.47.15
34.159.150.228
34.85.152.87
34.85.155.173
34.90.162.143
34.91.218.129
35.204.90.200
34.90.110.196
34.147.0.186
34.129.193.31
The HTTP collector must respond with the status
HTTP 200 OK
to the push events received from the above-mentioned IP addresses if the messages are correctly received. Any other response or no response is considered an error.The SIEM and NodeJS connector receiving events from the event push require a Public IP assigned for the GravityZone Event Push server to forward events to.
Parameters
Parameter | Type | Optional | Description |
---|---|---|---|
| Number | No | 0 - disabled, 1 - enabled |
| String | No | Type of the web service. Valid values: |
| Array | No | Specific settings for each service type. For information regarding the service settings, refer to Service Type Settings. |
| Array | No | List of event types to be sent to the web service. |
| Array | No | The list of companies under your management for which you want to receive the events. You need to mention your own company as well. The list cannot be empty. If the field is missing or has the null value, you will receive events for all companies you manage. |
Service Type Settings
Service Type | Service Settings |
---|---|
|
|
|
|
|
|
|
|
|
|
Return value
This method returns a Boolean which is True when the settings were saved successfully.
Example
Request:
{ "params": { "status": 1, "serviceType": "jsonRPC", "serviceSettings": { "url": "http://web_service_url_example.com", "authorization": "Bearer sfasdfw34243", "requireValidSslCertificate": true }, "subscribeToEventTypes": { "modules": true, "sva": true, "registration": true, "supa-update-status": true, "av": true, "aph": true, "fw": true, "avc": true, "uc": true, "dp": true, "sva-load": true, "task-status": true, "exchange-malware": true, "network-sandboxing": true, "adcloud": true, "exchange-user-credentials": true, "endpoint-moved-out": true, "endpoint-moved-in": true, "troubleshooting-activity": true, "uninstall": true, "install": true, "hwid-change": true, "new-incident": true, "antiexploit": true, "network-monitor": true, "ransomware-mitigation": true, "security-container-update-available": true, "partner-changed": true } "subscribeToCompanies": [ "54a295d8b1a43d7c4a7b23c6", "54a295d8b1a43d7c4a7be321" ] }, "jsonrpc": "2.0", "method": "setPushEventSettings", "id": "ad12cb61-52b3-4209-a87a-93a8530d91cb" }
Response:
{ "id":"ad12cb61-52b3-4209-a87a-93a8530d91cb", "jsonrpc":"2.0", "result": true }