Syslog¶

Methods described in this section relate to the syslog API. These methods can be accessed at TenableIE.syslog.

class SyslogAPI(api: APISession)[source]¶

create(**kwargs) → List[Dict][source]¶

Creates a syslog object.

Parameters:

profiles (List[int]) – The list of profile identifiers.
checkers (List[int], required_for=[deviances]) – The list of checker identifiers.
input_type (str) – The type of input to send through the syslog. Allowed values are deviances or ad_object_changes or attacks.
description (optional, str) – The description for syslog object.
attack_types (List[int], required_for=[attacks]) – Filter on the types of attack that will be sent if input type is attack.
ip (str) – The collector ip address or hostname of the syslog.
port (int) – The port number of the collector ip address.
protocol (str) – The protocol used by the collector. Allowed values are TCP and UDP.
tls (bool, required_for=[TCP]) – Whether the configured syslog should connect using TLS. By default and if UDP is selected as the protocol, tls is False.
criticity_threshold (int, required_for=[attacks, deviances]) – Threshold at which indicator alerts will be sent.
directories (list[str]) – The list of directory identifiers.
should_notify_on_initial_full_security_check (bool) – Whether alerts should be sent when deviances are detected during the initial analysis phase.
filter_expression (optional, mapping) – An object describing a filter for searched items.

Returns:

The created syslog object.

Return type:

list[dict]

Example

Create a syslog object with input_type as ad_object_changes.

>>> tie.syslog.create(
...     description='test_syslog',
...     input_type="ad_object_changes",
...     ip='127.0.0.1',
...     port=8888,
...     protocol="TCP",
...     tls=False,
...     directories=[2],
...     should_notify_on_initial_full_security_check=False,
...     filter_expression={'OR': [{'systemOnly': 'True'}]}
...     )

Create syslog object with input_type as attacks

>>> tie.syslog.create(
...     description='test_syslog',
...     input_type="attacks",
...     profiles=[1],
...     attack_types=[1],
...     ip='127.0.0.1',
...     port=8888,
...     protocol="TCP",
...     tls=True,
...     criticity_threshold=55,
...     directories=[2],
...     should_notify_on_initial_full_security_check=False,
...     filter_expression={'OR': [{'systemOnly': 'True'}]}
...     )

Create syslog object with input_type as deviances

>>> tie.syslog.create(
...     description='test_syslog',
...     input_type="deviances",
...     profiles=[1],
...     checkers=[1],
...     ip='127.0.0.1',
...     port=8888,
...     protocol="TCP",
...     tls=True,
...     criticity_threshold=55,
...     directories=[2],
...     should_notify_on_initial_full_security_check=False,
...     filter_expression={'OR': [{'systemOnly': 'True'}]}
...     )

Create syslog object with protocol as UDP without passing tls

>>> tie.syslog.create(
...     description='test_syslog',
...     input_type="deviances",
...     profiles=[1],
...     checkers=[1],
...     ip='127.0.0.1',
...     port=8888,
...     protocol="UDP",
...     criticity_threshold=55,
...     directories=[2],
...     should_notify_on_initial_full_security_check=False,
...     filter_expression={'OR': [{'systemOnly': 'True'}]})

delete(syslog_id: str) → None[source]¶

Deletes the syslog object of given syslog identifier.

Parameters:: syslog_id (str) – The syslog object identifier.
Return type:: None

Examples

>>> tie.syslog.delete(syslog_id='1')

details(syslog_id: str) → Dict[source]¶

Returns the details of the syslog object of the given syslog identifier.

Parameters:: syslog_id (str) – The syslog object identifier.
Returns:: The details of the syslog object.
Return type:: dict

Examples

>>> tie.syslog.details(syslog_id='1')

list() → List[Dict][source]¶

Returns all the syslog objects.

Returns:: The list of syslog objects.
Return type:: list

Examples

>>> tie.syslog.list()

send_notification(**kwargs) → None[source]¶

Send a test syslog notification.

Parameters:

profiles (List[int]) – The list of profile identifiers.
checkers (optional, List[int], required_for=[deviances]) – The list of checker identifiers.
input_type (str) – The type of input to send through the syslog. Allowed values for deviances or ad_object_changes or attacks.
description (optional, str) – The description for syslog object.
attack_types (optional, List[int], required_for=[attacks]) – Filter on the types of attack that will be sent if input type is attack.
ip (str) – The collector ip address or hostname of the syslog.
port (int) – The port number of the collector ip address.
protocol (str) – The protocol used by the collector. Allowed values are TCP and UDP.
tls (bool, required if protocol is tcp) – Whether the configured syslog should connect using TLS. By default and if UDP is selected as the protocol, tls is False.
criticity_threshold (int, required_for=[attacks, deviances]) – Threshold at which indicator alerts will be sent.
directories (list[str]) – The list of directory identifiers.

Return type:

None

Examples

Send test syslog with input_type as ad_object_changes.

>>> tie.syslog.send_notification(
...     input_type="ad_object_changes",
...     ip='127.0.0.1',
...     port=8888,
...     protocol="TCP",
...     tls=True,
...     directories=[2],
...     )

Send test syslog with input_type as deviances.

>>> tie.syslog.send_notification(
...     checkers=[1],
...     profiles=[1],
...     input_type="deviances",
...     ip='127.0.0.1',
...     port=8888,
...     protocol="TCP",
...     tls=True,
...     criticity_threshold=10,
...     directories=[2],
...     )

Send test syslog with input_type as attacks

>>> tie.syslog.send_notification(
...     profiles=[1],
...     input_type="attacks",
...     attack_types=[1],
...     ip='127.0.0.1',
...     port=8888,
...     protocol="TCP",
...     tls=True,
...     criticity_threshold=10,
...     directories=[2],
...     )

send_syslog_notification_by_id(syslog_id: str) → None[source]¶

Send a test syslog notification by syslog identifier.

Parameters:: syslog_id (str) – The syslog object identifier.
Return type:: None

Examples

>>> tie.syslog.send_syslog_notification_by_id(syslog_id='1')

update(syslog_id: str, **kwargs) → Dict[source]¶

Updates the existing syslog object.

Parameters:

syslog_id (str) – The syslog object identifier.
profiles (optional, List[int]) – The list of profile identifiers.
checkers (optional, List[int], required_for=[deviances]) – The list of checker identifiers.
input_type (optional, str) – The type of input to send through the syslog. Allowed values for deviances or ad_object_changes or attacks.
description (optional, str) – The description for syslog object.
attack_types (optional, List[int], required_for=[attacks]) – Filter on the types of attack that will be sent if input type is attack.
ip (optional, str) – The collector ip address or hostname of the syslog.
port (optional, int) – The port number of the collector ip address.
protocol (optional, str) – The protocol used by the collector. Allowed values are TCP and UDP.
tls (optional, bool, required if protocol is tcp) – Whether the configured syslog should connect using TLS. By default and if UDP is selected as the protocol, tls is False.
criticity_threshold (optional, int, required_for=[attacks, deviances]) – Threshold at which indicator alerts will be sent.
directories (optional, list[str]) – The list of directory identifiers.
should_notify_on_initial_full_security_check (bool) – Whether alerts should be sent when deviances are detected during the initial analysis phase.
filter_expression (optional, mapping) – An object describing a filter for searched items.

Returns:

The updated syslog object.

Return type:

dict

Examples

>>> tie.syslog.update(
...     syslog_id='1',
...     filter_expression={'OR': [{'systemOnly': 'True'}]}
...     )