rest access to esm web services - hewlett packard enterprise · 3 © copyright 2014 hewlett-packard...
TRANSCRIPT
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
REST access to ESM Web Services Dmitry Udalov, Sr. Software Engineer #HPProtect
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. 3
This is a rolling (up to three year) Roadmap and is subject to change without notice.
Forward-looking statements
This document contains forward looking statements regarding future operations, product development, product capabilities and availability dates. This information is subject to substantial uncertainties and is subject to change at any time without prior notification. Statements contained in this document concerning these matters only reflect Hewlett Packard's predictions and / or expectations as of the date of this document and actual results and future plans of Hewlett-Packard may differ significantly as a result of, among other things, changes in product strategy resulting from technological, internal corporate, market and other changes. This is not a commitment to deliver any material, code or functionality and should not be relied upon in making purchasing decisions.
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. 4
This is a rolling (up to three year) Roadmap and is subject to change without notice.
HP confidential information
This Roadmap contains HP Confidential Information.
If you have a valid Confidential Disclosure Agreement with HP, disclosure of the Roadmap is subject to that CDA. If not, it is subject to the following terms: for a period of 3 years after the date of disclosure, you may use the Roadmap solely for the purpose of evaluating purchase decisions from HP and use a reasonable standard of care to prevent disclosures. You will not disclose the contents of the Roadmap to any third party unless it becomes publically known, rightfully received by you from a third party without duty of confidentiality, or disclosed with HP’s prior written approval.
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. 5
Agenda
1. Use cases
2. Available web services
3. Provided SDK – what’s in it
4. How-tos
5. Dos and don’ts
6. Q&A
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. 6
When do you need ESM web services API?
Use cases
• Integrations with ESM
• Building custom UI
• Extending functionality
HP ArcSight
Console
ACC
REST
HP ArcSight
? ESM
HP ArcSight
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. 7
Provided by two web-applications: Core-service and manager-service
Web services supported in next ESM
1. LoginService (10 methods)
2. GroupService (93 methods)
3. CaseService (80 methods)
4. SecurityEventService (75 methods)
5. ReportService (72 methods)
6. ResourceService (72 methods)
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
Software Development Kit
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. 9
Provided SDK – what’s in it
Developer’s guide • How to develop client-side applications
• Where to find information (published and live queries)
Javadoc (html + pdf) • Standard descriptions of client-side classes
• URL, Http Method, Content-type, JSON prototypes, Statuses
• Available in both html and pdf-formats
Client-side SDK (utilities/sdk/lib)
Examples (utilities/sdk/examples/)
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. 10
Objective
Provided SDK – how to use
We have an external ticketing system and we want to add information from ArcSight ESM to the related cases in that system. Added information will contain data enriched by ESM correlation analysis: 1. For any open case, note the related event Ids (e.g. integration command)
2. Using ESM API, get these events from ESM
3. Retrieve Event field in question
4. Submit the value of the field as additional data to the ticketing system via its API
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. 11
Available services (running ESM)
Provided SDK – how to use
https://myhost:8443/www/core-service/services/listServices
https://myhost:8443/www/manager-service/services/listServices
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. 12
Available services (offline docs)
Provided SDK – how to use
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. 13
First request to authenticate a session
Provided SDK – how to use
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. 14
Available services (offline docs)
Provided SDK – how to use
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. 15
REST request (offline docs)
Provided SDK – how to use
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. 16
REST request (execution)
Provided SDK – how to use
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. 17
REST response
Provided SDK – how to use
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
How-tos
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. 19
How to
Q: How do I find out what will be returned?
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. 20
How to – expected response
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. 21
How to
Q: How do I find out what will be returned? A: Check the provided javadoc
Q: Can I do it programmatically? Any examples?
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. 22
Java example with java.net.HttpURLConnection (page 1)
How to – do it programmatically
public String doGet(String urlstr, Map<String, String> props) {
java.net.URL url = new java.net.URL(urlstr);
HttpURLConnection connection = (HttpURLConnection)url.openConnection();
for (Map.Entry<String, String> nextParam : props.entrySet()) {
connection.setRequestProperty(nextParam.getKey(), nextParam.getValue());
}
int code = connection.getResponseCode();
if ( HttpURLConnection.HTTP_NO_CONTENT == code ) {
return "";
}
// read connection.getInputStream()
}
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. 23
Java example with java.net.HttpURLConnection (page 2)
How to – do it programmatically
private String login() {
Map<String, String> props = new HashMap<String, String>();
props.put(“accept", “application/json");
return doGet("https://localhost:8443/www/ core-service/rest/LoginService/login ?login=admin&password=password", props);
}
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. 24
How to
Q: How do I find out what will be returned? A: Check the provided javadoc
Q: Can I do it programmatically? Any examples? A: Yes, HttpUrlConnection, apache HttpClient
Q: How do I prepare the correct request body?
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. 25
Request body preparation, option A
How to – request body preparation
1. Identify web-service and method
2. Open correspondent page in javadoc
3. Note Content-type to prepare request in XML or JSON
4. Start with provided JSON prototype for the class { "sev.getSecurityEvents" : { "sev.authToken" : value, "sev.ids" : [ "a1", "a2", "a3" ], "sev.timeField" : { "JSON for the nested object" }, "sev.startMillis" : "value", "sev.endMillis" : "value“ } }
5. Add parts for nested classes recursively
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. 26
Request body preparation, option B
How to – request body preparation
1. Identify web-service and method
2. Open correspondent page in javadoc and note class for parameter public SecurityEventServiceGetSecurityEventsResponse getSecurityEvents(SecurityEventServiceGetSecurityEvents value)
3. Add to your project client-side SDK (utilities/sdk/lib/manager-service*.jar)
4. In your code create an instance of that class and fill it in final List<Long> eventIds = ... SecurityEventServiceGetSecurityEvents requestObject = new SecurityEventServiceGetSecurityEvents(); requestObject.setAuthToken(authToken); requestObject.setIds(eventIds); requestObject.setStartMillis(-1L); requestObject.setEndMillis(-1L);
5. Use third-party libraries to convert that object into JSON (e.g. http://jettison.codehaus.org/)
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. 27
How to
Q: How do I find out what will be returned? A: Check the provided javadoc
Q: Can I do it programmatically? Any examples? A: Yes, HttpUrlConnection, apache HttpClient
Q: How do I prepare the correct request body? A: Manually using JSON prototypes or using imported SDK classes.
Q: Provided examples. What’s provided, where, and how to use? A: utilities/sdk/examples/TestKit/
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. 28
How to – provided examples Print the list of existing examples
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. 29
How to – provided examples Run an example
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
Dos and don’ts
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. 31
Things to remember
1. For missed request parameter, ESM uses default values
2. Make sure that request uses correct names for parameters
3. URL encoding for reserved URI symbols: (URI syntax: http://tools.ietf.org/html/rfc3986)
4. Before reading HTTP response, check response code (204 No Content)
5. Be aware of JSON syntax for single element array (jettison)
6. Do not forget to log out
! * ' ( ) ; : @ & = + $ , / ? # [ ]
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. 32
For more information
Visit these demos
• HP ArcSight ESM - Leave the bad guys with no place to hide
After the event
• Contact your sales rep
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. 33
Please fill out a survey.
Hand it to the door monitor on your way out.
Thank you for providing your feedback, which helps us enhance content for future events.
Session TB2978 Speaker Dmitry Udalov
Please give me your feedback
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
Thank you
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.