shuangyang.zhan1 Absent Member.
Absent Member.
483 views

How to apply condition to Active List via Rest API?

Hey Everyone,

I have an active list that contains IP Address information for the users in my company. I am working on a python script that would be able to query the active list with a specific IP address using the Arcsight ESM 6.8 Rest API ,and pull the information in the other fields in that list based on that information, such as username, MAC address, etc. The list itself contains some 600k+ entries, and as I've seen on another question on this site, and in my own testing, the entries the API can pull from active lists are capped at 2k.

My question is, is there a way that I can apply a condition to my ActiveList query so that I can pull just one (or a few) entries based on an IP? Ideally I'd would be able to reproduce the "Filter" functionality in the active list.

Below is the current query that I am using.

payload={'authToken': authToken, 'resourceId': listID, 'alt': 'json'}

r = requests.get('https://'+hostname+':8443/www/manager-service/rest/ActiveListService/getEntries', params=payload, verify=False)

Labels (1)
0 Likes
1 Reply
Acclaimed Contributor.. Shaun Acclaimed Contributor..
Acclaimed Contributor..

Re: How to apply condition to Active List via Rest API?

According to the WSDL, it doesn't support any filters.

I would recommend running a report to dump the contents of the active list.

You might be able to pass custom conditions to a report, but I've yet to see any examples of that.

0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.