This website uses cookies. By continuing to browse or login to this website, you consent to the use of cookies. Learn more.
OK
Ermilalex
Cadet 1st Class
Cadet 1st Class
‎2019-01-11 12:31
770 views

SharePoint integration through REST API Flex Connector

As a part of a project, it is necessary for me to integrate ArcSight ESM with an MS SharePoint-based website, the most reasonable way of doing which seems to be via a REST API FlexConnector (the SharePoint site acts as an event source). When trying to achieve this goal, three main problems arose:

1) The REST API FlexConnector only accepts json-type data. SharePoint-based websites are capable of sending responses in JSON format, but only if the request headers specify "application/json; odata=verbose" as the accepted data type; otherwise it will always return XML. There doesn't seem to be any way to edit the request headers using the FlexConnector's internal tools;
2) The SharePoint API is capable of portioning and selecting specific entries (for example, all entries created after a certain date), but that requires the request URL to be changed dynamically;
3) Extracting data directly from the database is out of the question due to it being highly fragmented and scattered across a plethora of tables.

Thus, taking into account the issues listed above, I would like to know if there is any way to add specific headers to the requests that the REST API FlexConnector makes without having to utilize a third-party proxy server, and also if it is possible to change the request URL dynamically to avoid having to process the same data multiple times.
If neither of the specified things are possible, is there any kind of another recommended procedure or workaround for integrating SharePoint-based websites with ArcSight ESM?

0 Likes
Reply
Report Inappropriate Content
4 Replies
manojs
Commodore
Commodore
‎2019-01-15 13:53

Even I encountered similar issues with REST API thus I'm using DataPower to process REST API which feeds JSON/XML to ArcSight connector and created XML/JSON file flex connector to parse logs..

Manoj S.
Reply
Report Inappropriate Content
Ermilalex
Cadet 1st Class
Cadet 1st Class
‎2019-01-16 16:20

Yep, that's basically the solution we arrived to: sending an API request via a third-party tool, outputting the response into a file and then parsing it with a standard JSON file flex connector. I was just hoping that maybe someone has been able to find a more... elegant solution.

Well, thank you for the response, at least now I can be sure that we're not missing something obvious, and also that this approach is eligable.

0 Likes
Reply
Report Inappropriate Content
SecLex
Knowledge Partner Knowledge Partner
Knowledge Partner
‎2019-01-16 12:40

Try to see if there is a possibility to have an API pull script developed or if there is one readily available, requesting the data and storing it in a XML file, using SCP to copy it to a location available for a XML flexconnector to read it in.

0 Likes
Reply
Report Inappropriate Content
Ermilalex
Cadet 1st Class
Cadet 1st Class
‎2019-01-16 16:23

We've started doing exactly that, and it seems like this really is the best available alternative.  Thank you for advice!

0 Likes
Reply
Report Inappropriate Content
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.