Having problems with your account or logging in?
A lot of changes are happening in the community right now. Some may affect you. READ MORE HERE
Joelle Nader Frequent Contributor.
Frequent Contributor.
473 views

Connector that makes Automatic API Calls

Is there a type of connector that AUTOMATICALLY makes API Calls in a way that is transparent to the user ?
I want ArcSight to check automatically a certain field against an API and return a certain value maybe in a JSON String which we will parse.
not sure which type of connector can do that ? or if it can even be done

it's a way of data enrichment I want to make the API call and populate a kind of field before showing it in the active channel.

3 Replies
Highlighted
Micro Focus Expert
Micro Focus Expert

Re: Connector that makes Automatic API Calls

You are in luck! What you are looking for is the ArcSight Rest Flexconnector :)

It is used to retrieve data from external API sources, parse it and send it off to your ESM.

On the other hand, you also have a REST connector that waits for incoming API calls i think, which would be the other way around.

Documentation can be found here: https://community.softwaregrp.com/t5/ArcSight-Connectors/FlexConnector-REST-Developer-s-Guide/ta-p/1587440?nm

-----------------------------------------------------------------------------------------
All topics and replies made is based on my personal opinion, viewpoint and experience, it does not represent the viewpoints of MicroFocus.
All replies is based on best effort, and can not be taken as official support replies.
//Marius
Joelle Nader Frequent Contributor.
Frequent Contributor.

Re: Connector that makes Automatic API Calls

@Marius2
Thanks Marius :)

I want the smart connector while getting the logs to call the API, I wanna check the hash of the files ( the hash field ) against the API of Virus Total  and return the result and then repopulate a certain field, like external mapping.

Is there any way to do this while getting the logs ? without me having to do a certain action, meaning it will happen automatically ? ( no correlation rule or something of that sort ) 


I appreciate the help.

0 Likes
Micro Focus Expert
Micro Focus Expert

Re: Connector that makes Automatic API Calls

Hmm not that i know off. I am quite sure someone that is really good in flex connectors would know this, you could also ask HP's support, as they are normally quite straightforward with helping.

I myself would most likely have done it on the ESM itself using a script and python. Or in more modern cases, using threat intel feeds that is already populating or intergrated with the ESM.

-----------------------------------------------------------------------------------------
All topics and replies made is based on my personal opinion, viewpoint and experience, it does not represent the viewpoints of MicroFocus.
All replies is based on best effort, and can not be taken as official support replies.
//Marius
0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.