SharePoint integration through REST API Flex Connector
As a part of a project, it is necessary for me to integrate ArcSight ESM with an MS SharePoint-based website, the most reasonable way of doing which seems to be via a REST API FlexConnector (the SharePoint site acts as an event source). When trying to achieve this goal, three main problems arose:
1) The REST API FlexConnector only accepts json-type data. SharePoint-based websites are capable of sending responses in JSON format, but only if the request headers specify "application/json; odata=verbose" as the accepted data type; otherwise it will always return XML. There doesn't seem to be any way to edit the request headers using the FlexConnector's internal tools;
2) The SharePoint API is capable of portioning and selecting specific entries (for example, all entries created after a certain date), but that requires the request URL to be changed dynamically;
3) Extracting data directly from the database is out of the question due to it being highly fragmented and scattered across a plethora of tables.
Thus, taking into account the issues listed above, I would like to know if there is any way to add specific headers to the requests that the REST API FlexConnector makes without having to utilize a third-party proxy server, and also if it is possible to change the request URL dynamically to avoid having to process the same data multiple times.
If neither of the specified things are possible, is there any kind of another recommended procedure or workaround for integrating SharePoint-based websites with ArcSight ESM?
Even I encountered similar issues with REST API thus I'm using DataPower to process REST API which feeds JSON/XML to ArcSight connector and created XML/JSON file flex connector to parse logs..
Yep, that's basically the solution we arrived to: sending an API request via a third-party tool, outputting the response into a file and then parsing it with a standard JSON file flex connector. I was just hoping that maybe someone has been able to find a more... elegant solution.
Well, thank you for the response, at least now I can be sure that we're not missing something obvious, and also that this approach is eligable.
Try to see if there is a possibility to have an API pull script developed or if there is one readily available, requesting the data and storing it in a XML file, using SCP to copy it to a location available for a XML flexconnector to read it in.