Skip to content

Instantly share code, notes, and snippets.

@bvarghese1

bvarghese1/navigation_and_config.json

Created June 30, 2017 01:29
Show Gist options

  • Select an option

    Learn more about clone URLs
  • Save bvarghese1/49cea9d2afda27913f2f1ae2d3209770 to your computer and use it in GitHub Desktop.

Select an option

Learn more about clone URLs
Save bvarghese1/49cea9d2afda27913f2f1ae2d3209770 to your computer and use it in GitHub Desktop.
Download ZIP
navigation and config API response
Raw
navigation_and_config.json
GET https://10.43.7.112/api/configuration/getNavigationAndConfig/logs
{
"data": {
"data_sources": {
"fields": [
{
"enumValues": [
{
"internalValue": "new_source",
"visibleValue": "New Source"
}
],
"externalName": "Source",
"fieldType": "enum",
"internalName": "source"
},
{
"enumValues": [
{
"internalValue": "splunk",
"visibleValue": "Splunk"
},
{
"internalValue": "syslog",
"visibleValue": "Syslog"
},
{
"internalValue": "ldap",
"visibleValue": "LDAP"
},
{
"internalValue": "wmi",
"visibleValue": "WMI"
},
{
"internalValue": "soltra",
"visibleValue": "soltra"
},
{
"internalValue": "amoncollector",
"visibleValue": "AMON collector"
}
],
"externalName": "Source Type",
"fieldType": "enum",
"internalName": "source_type"
},
{
"asciiOnly": true,
"externalName": "Label",
"fieldType": "string",
"internalName": "label"
},
{
"externalName": "Username",
"fieldType": "string",
"internalName": "userName",
"isOptional": true
},
{
"externalName": "Password",
"fieldType": "string",
"internalName": "password",
"isOptional": true,
"isPassword": true
},
{
"asciiOnly": true,
"externalName": "IP or Host",
"fieldType": "hostNameOrIpAddress",
"internalName": "wmiIpOrHost",
"isOptional": true
},
{
"asciiOnly": true,
"externalName": "Hostname",
"fieldType": "hostNameOrIpAddress",
"internalName": "hostName",
"isOptional": true
},
{
"externalName": "Time Offset",
"fieldType": "integer",
"internalName": "timeOffset",
"isOptional": true
},
{
"externalName": "Port",
"fieldRange": "1-65535",
"fieldType": "integer",
"internalName": "hostPort",
"isOptional": true
},
{
"externalName": "TCP Port",
"fieldRange": "1-65535",
"fieldType": "integer",
"internalName": "syslogListenTcpPort",
"isOptional": true
},
{
"externalName": "UDP Port",
"fieldRange": "1-65535",
"fieldType": "integer",
"internalName": "syslogListenUdpPort",
"isOptional": true
},
{
"externalName": "Base DN",
"fieldType": "LDAPDN",
"internalName": "queryDN",
"isOptional": true
},
{
"externalName": "Filter Query",
"fieldType": "string",
"internalName": "filterQuery",
"isOptional": true
},
{
"enumValues": [
{
"internalValue": "true",
"visibleValue": "Enabled"
},
{
"internalValue": "starttls",
"visibleValue": "STARTTLS"
},
{
"internalValue": "false",
"visibleValue": "Disabled"
}
],
"externalName": "SSL",
"fieldType": "enum",
"internalName": "use_ssl",
"isOptional": true
},
{
"enumValues": [
{
"internalValue": "clear_text",
"visibleValue": "Clear Text"
},
{
"internalValue": "https",
"visibleValue": "HTTPS"
},
{
"internalValue": "two_way_handshake",
"visibleValue": "Two-Way SSL Handshake"
}
],
"externalName": "Connect Using",
"fieldType": "enum",
"internalName": "connect_using",
"isOptional": true
},
{
"externalName": "Certificate",
"fieldType": "string",
"internalName": "certificate_path",
"isOptional": true
},
{
"externalName": "Private Key",
"fieldType": "string",
"internalName": "private_key_path",
"isOptional": true
},
{
"externalName": "Key Password",
"fieldType": "string",
"internalName": "key_password",
"isOptional": true,
"isPassword": true
}
],
"section": {
"groupName": "Logs",
"id": "cfg_data_sources",
"name": "Data Sources"
}
},
"data_types": {
"fields": [
{
"enumValues": [
{
"internalValue": "splunk",
"visibleValue": "Splunk"
},
{
"internalValue": "syslog",
"visibleValue": "Syslog"
},
{
"internalValue": "wmi",
"visibleValue": "WMI"
},
{
"internalValue": "ldap",
"visibleValue": "LDAP"
},
{
"internalValue": "soltra",
"visibleValue": "soltra"
},
{
"internalValue": "amoncollector",
"visibleValue": "AMON collector"
}
],
"externalName": "Source Type",
"fieldType": "enum",
"internalName": "source_type"
},
{
"asciiOnly": true,
"externalName": "Label",
"fieldType": "string",
"internalName": "label"
},
{
"enumValues": [
{
"internalValue": "standard",
"visibleValue": "Standard"
},
{
"internalValue": "cef",
"visibleValue": "CEF"
},
{
"internalValue": "stix/taxii",
"visibleValue": "STIX/ TAXII"
},
{
"internalValue": "multiline",
"visibleValue": "Multi-line"
},
{
"internalValue": "nxlog",
"visibleValue": "NXLog"
},
{
"internalValue": "acs",
"visibleValue": "ACS"
},
{
"internalValue": "cef_xml",
"visibleValue": "CEF/XML"
},
{
"internalValue": "qradar",
"visibleValue": "QRadar"
},
{
"internalValue": "rsa",
"visibleValue": "RSA"
},
{
"internalValue": "intrust",
"visibleValue": "Intrust"
},
{
"internalValue": "snare",
"visibleValue": "Snare"
},
{
"internalValue": "amon",
"visibleValue": "AMON"
}
],
"externalName": "Format",
"fieldType": "enum",
"internalName": "format"
},
{
"enumValues": [
{
"internalValue": "microsoft",
"visibleValue": "Microsoft"
},
{
"internalValue": "juniper",
"visibleValue": "Juniper"
},
{
"internalValue": "paloAlto",
"visibleValue": "Palo Alto"
},
{
"internalValue": "cisco",
"visibleValue": "Cisco"
},
{
"internalValue": "bro",
"visibleValue": "Bro"
},
{
"internalValue": "infoblox",
"visibleValue": "Infoblox"
},
{
"internalValue": "hp",
"visibleValue": "HPE"
},
{
"internalValue": "bluecoat",
"visibleValue": "Bluecoat"
},
{
"internalValue": "fortinet",
"visibleValue": "Fortinet"
},
{
"internalValue": "dnsmasq",
"visibleValue": "Dnsmasq"
},
{
"internalValue": "mcafee",
"visibleValue": "McAfee"
},
{
"internalValue": "checkpoint",
"visibleValue": "Checkpoint"
},
{
"internalValue": "f5",
"visibleValue": "F5"
},
{
"internalValue": "fireeye",
"visibleValue": "FireEye"
},
{
"internalValue": "soltra",
"visibleValue": "Soltra"
},
{
"internalValue": "bind",
"visibleValue": "Bind"
},
{
"internalValue": "symantec",
"visibleValue": "Symantec"
},
{
"internalValue": "bluecat",
"visibleValue": "Bluecat"
},
{
"internalValue": "box",
"visibleValue": "Box"
},
{
"internalValue": "beyondtrust",
"visibleValue": "BeyondTrust"
},
{
"internalValue": "highlander",
"visibleValue": "Highlander"
},
{
"internalValue": "aruba",
"visibleValue": "Aruba"
}
],
"externalName": "Vendor",
"fieldType": "enum",
"internalName": "vendor"
},
{
"enumValues": [
{
"internalValue": "nac",
"visibleValue": "NAC"
},
{
"internalValue": "connlogs",
"visibleValue": "Conn Logs"
},
{
"internalValue": "ftp",
"visibleValue": "FTP"
},
{
"internalValue": "dhcp",
"visibleValue": "DHCP"
},
{
"internalValue": "dns",
"visibleValue": "DNS"
},
{
"internalValue": "security",
"visibleValue": "Windows AD Security"
},
{
"internalValue": "ldap",
"visibleValue": "Windows AD Users and groups"
},
{
"internalValue": "vpn",
"visibleValue": "VPN"
},
{
"internalValue": "firewall",
"visibleValue": "Firewall"
},
{
"internalValue": "wildfire",
"visibleValue": "Wildfire"
},
{
"internalValue": "anyconnectVpn",
"visibleValue": "Anyconnect VPN"
},
{
"internalValue": "webProxy",
"visibleValue": "Web Proxy"
},
{
"internalValue": "session",
"visibleValue": "Session"
},
{
"internalValue": "alerts",
"visibleValue": "Alerts"
},
{
"internalValue": "endpoint",
"visibleValue": "EndPoint"
},
{
"internalValue": "asa",
"visibleValue": "ASA"
},
{
"internalValue": "ironport",
"visibleValue": "IronPort"
},
{
"internalValue": "ata",
"visibleValue": "ATA"
},
{
"internalValue": "threat_intel",
"visibleValue": "Threat Intelligence"
},
{
"internalValue": "event",
"visibleValue": "Event"
},
{
"internalValue": "powerbroker",
"visibleValue": "PowerBroker"
},
{
"internalValue": "highlander",
"visibleValue": "Highlander"
}
],
"externalName": "category",
"fieldType": "enum",
"internalName": "category"
},
{
"externalName": "Splunk Search",
"fieldType": "string",
"internalName": "splunkSearch",
"isOptional": true
},
{
"asciiOnly": true,
"externalName": "Syslog Identifier",
"fieldRange": "1-50",
"fieldType": "string",
"internalName": "syslogIdentifier",
"isOptional": true
},
{
"externalName": "Feeds",
"fieldType": "string",
"internalName": "feeds",
"isOptional": true
}
],
"section": {
"groupName": "Logs",
"id": "cfg_data_types",
"name": "Data Types"
}
},
"navigation": {
"amoncollector_source_type": {
"label": "none",
"order": [
"label"
]
},
"aruba": {
"category": [
"firewall",
"dns"
],
"dns": {
"amon": {
"new_source": {
"source_type": [
"amoncollector"
]
},
"source": [
"new_source"
]
},
"format": [
"amon"
]
},
"firewall": {
"amon": {
"new_source": {
"source_type": [
"amoncollector"
]
},
"source": [
"new_source"
]
},
"format": [
"amon"
]
}
},
"beyondtrust": {
"category": [
"powerbroker"
],
"powerbroker": {
"format": [
"standard"
],
"standard": {
"new_source": {
"source_type": [
"syslog"
],
"syslog": {
"syslogIdentifier": "none"
}
},
"source": [
"new_source"
]
}
}
},
"bind": {
"alerts": {
"format": [
"standard"
],
"standard": {
"new_source": {
"source_type": [
"syslog"
],
"syslog": {
"syslogIdentifier": "named"
}
},
"source": [
"new_source"
]
}
},
"category": [
"alerts"
]
},
"bluecat": {
"category": [
"dhcp"
],
"dhcp": {
"format": [
"standard"
],
"standard": {
"new_source": {
"source_type": [
"syslog"
],
"syslog": {
"syslogIdentifier": "dhcpd"
}
},
"source": [
"new_source"
]
}
}
},
"bluecoat": {
"category": [
"webProxy"
],
"webProxy": {
"format": [
"standard"
],
"standard": {
"new_source": {
"source_type": [
"splunk"
],
"splunk": {
"splunkSearch": "sourcetype=webproxy"
}
},
"source": [
"new_source"
]
}
}
},
"box": {
"category": [
"event"
],
"event": {
"format": [
"standard"
],
"standard": {
"new_source": {
"source_type": [
"syslog"
],
"syslog": {
"syslogIdentifier": "none"
}
},
"source": [
"new_source"
]
}
}
},
"bro": {
"category": [
"connlogs",
"ftp",
"dns"
],
"connlogs": {
"format": [
"standard"
],
"standard": {
"new_source": {
"source_type": [
"syslog"
],
"syslog": {
"syslogIdentifier": "none"
}
},
"source": [
"new_source"
]
}
},
"dns": {
"format": [
"standard"
],
"standard": {
"new_source": {
"source_type": [
"syslog"
],
"syslog": {
"syslogIdentifier": "none"
}
},
"source": [
"new_source"
]
}
},
"ftp": {
"format": [
"standard"
],
"standard": {
"new_source": {
"source_type": [
"syslog"
],
"syslog": {
"syslogIdentifier": "none"
}
},
"source": [
"new_source"
]
}
}
},
"checkpoint": {
"category": [
"firewall",
"vpn"
],
"firewall": {
"format": [
"standard"
],
"standard": {
"new_source": {
"source_type": [
"splunk"
],
"splunk": {
"splunkSearch": "type=firewall"
}
},
"source": [
"new_source"
]
}
},
"vpn": {
"format": [
"standard"
],
"standard": {
"new_source": {
"source_type": [
"syslog"
],
"syslog": {
"syslogIdentifier": "product: Identity Awareness"
}
},
"source": [
"new_source"
]
}
}
},
"cisco": {
"anyconnectVpn": {
"format": [
"standard"
],
"standard": {
"new_source": {
"source_type": [
"syslog"
],
"syslog": {
"syslogIdentifier": "%ASA"
}
},
"source": [
"new_source"
]
}
},
"asa": {
"cef": {
"new_source": {
"source_type": [
"syslog"
],
"syslog": {
"syslogIdentifier": "none"
}
},
"source": [
"new_source"
]
},
"format": [
"standard",
"cef"
],
"standard": {
"new_source": {
"source_type": [
"splunk"
],
"splunk": {
"splunkSearch": "type=firewall"
}
},
"source": [
"new_source"
]
}
},
"category": [
"anyconnectVpn",
"asa",
"ironport",
"vpn"
],
"ironport": {
"format": [
"standard"
],
"standard": {
"new_source": {
"source_type": [
"splunk",
"syslog"
],
"splunk": {
"splunkSearch": "type=email"
},
"syslog": {
"syslogIdentifier": "raw"
}
},
"source": [
"new_source"
]
}
},
"vpn": {
"acs": {
"new_source": {
"source_type": [
"splunk",
"syslog"
],
"splunk": {
"splunkSearch": "vpn acs"
},
"syslog": {
"syslogIdentifier": "CSCOacs_RADIUS_Accounting"
}
},
"source": [
"new_source"
]
},
"format": [
"acs"
]
}
},
"dnsmasq": {
"category": [
"dhcp"
],
"dhcp": {
"format": [
"standard"
],
"standard": {
"new_source": {
"source_type": [
"syslog"
],
"syslog": {
"syslogIdentifier": "none"
}
},
"source": [
"new_source"
]
}
}
},
"f5": {
"category": [
"vpn"
],
"vpn": {
"format": [
"standard"
],
"standard": {
"new_source": {
"source_type": [
"splunk"
],
"splunk": {
"splunkSearch": "type=vpn"
}
},
"source": [
"new_source"
]
}
}
},
"fireeye": {
"alerts": {
"cef_xml": {
"new_source": {
"source_type": [
"syslog"
],
"syslog": {
"syslogIdentifier": "fenotify"
}
},
"source": [
"new_source"
]
},
"format": [
"cef_xml"
]
},
"category": [
"alerts"
]
},
"fortinet": {
"category": [
"session",
"vpn"
],
"session": {
"format": [
"standard"
],
"standard": {
"new_source": {
"source_type": [
"splunk"
],
"splunk": {
"splunkSearch": "type=traffic subtype=forward"
}
},
"source": [
"new_source"
]
}
},
"vpn": {
"format": [
"standard"
],
"standard": {
"new_source": {
"source_type": [
"splunk"
],
"splunk": {
"splunkSearch": "type=event subtype=vpn"
}
},
"source": [
"new_source"
]
}
}
},
"highlander": {
"category": [
"highlander"
],
"highlander": {
"format": [
"standard"
],
"standard": {
"new_source": {
"source_type": [
"syslog"
],
"syslog": {
"syslogIdentifier": "none"
}
},
"source": [
"new_source"
]
}
}
},
"hp": {
"category": [
"nac"
],
"nac": {
"format": [
"standard"
],
"standard": {
"new_source": {
"source_type": [
"syslog"
],
"syslog": {
"syslogIdentifier": "none"
}
},
"source": [
"new_source"
]
}
}
},
"infoblox": {
"category": [
"dhcp",
"dns"
],
"dhcp": {
"format": [
"standard"
],
"standard": {
"new_source": {
"source_type": [
"splunk",
"syslog"
],
"splunk": {
"splunkSearch": "sourcetype=cisco_syslog"
},
"syslog": {
"syslogIdentifier": "dhcpd"
}
},
"source": [
"new_source"
]
}
},
"dns": {
"format": [
"standard"
],
"standard": {
"new_source": {
"source_type": [
"splunk",
"syslog"
],
"splunk": {
"splunkSearch": "sourcetype=query"
},
"syslog": {
"syslogIdentifier": "named"
}
},
"source": [
"new_source"
]
}
}
},
"juniper": {
"category": [
"vpn",
"firewall"
],
"firewall": {
"format": [
"standard"
],
"standard": {
"new_source": {
"source_type": [
"splunk"
],
"splunk": {
"splunkSearch": "type=firewall"
}
},
"source": [
"new_source"
]
}
},
"vpn": {
"format": [
"standard"
],
"standard": {
"new_source": {
"source_type": [
"splunk"
],
"splunk": {
"splunkSearch": "type=vpn"
}
},
"source": [
"new_source"
]
}
}
},
"ldap_source_type": {
"filterQuery": "(|(sAMAccountType=805306368){UPDATED})",
"hostName": "none",
"hostPort": "none",
"label": "none",
"order": [
"hostName",
"hostPort",
"queryDN",
"filterQuery",
"use_ssl",
"userName",
"password",
"label"
],
"password": "none",
"queryDN": "none",
"use_ssl": "false",
"userName": "none"
},
"mcafee": {
"category": [
"webProxy"
],
"webProxy": {
"format": [
"standard"
],
"standard": {
"new_source": {
"source_type": [
"splunk"
],
"splunk": {
"splunkSearch": "sourcetype=webproxy"
}
},
"source": [
"new_source"
]
}
}
},
"microsoft": {
"ata": {
"format": [
"standard"
],
"standard": {
"new_source": {
"source_type": [
"splunk"
],
"splunk": {
"splunkSearch": "index=msft-ata"
}
},
"source": [
"new_source"
]
}
},
"category": [
"dns",
"dhcp",
"security",
"ldap",
"ata"
],
"dhcp": {
"cef": {
"new_source": {
"source_type": [
"syslog"
],
"syslog": {
"syslogIdentifier": "none"
}
},
"source": [
"new_source"
]
},
"format": [
"standard",
"cef"
],
"standard": {
"new_source": {
"source_type": [
"splunk",
"syslog"
],
"splunk": {
"splunkSearch": "sourcetype=DhcpSrvLog"
},
"syslog": {
"syslogIdentifier": "Win-DHCP"
}
},
"source": [
"new_source"
]
}
},
"dns": {
"format": [
"standard"
],
"standard": {
"new_source": {
"source_type": [
"splunk",
"syslog"
],
"splunk": {
"splunkSearch": "sourcetype=MSAD:NT6:DNS"
},
"syslog": {
"syslogIdentifier": "Win-DNS"
}
},
"source": [
"new_source"
]
}
},
"ldap": {
"format": [
"standard"
],
"standard": {
"new_source": {
"source_type": [
"splunk",
"ldap",
"wmi"
],
"splunk": {
"splunkSearch": "none"
}
},
"source": [
"new_source"
]
}
},
"security": {
"cef": {
"new_source": {
"source_type": [
"syslog"
],
"syslog": {
"syslogIdentifier": "Microsoft-Windows-Security-Auditing"
}
},
"source": [
"new_source"
]
},
"format": [
"standard",
"cef",
"nxlog",
"multiline",
"qradar",
"rsa",
"intrust",
"snare"
],
"intrust": {
"new_source": {
"source_type": [
"splunk"
],
"splunk": {
"splunkSearch": "intrust"
}
},
"source": [
"new_source"
]
},
"multiline": {
"new_source": {
"source_type": [
"syslog"
],
"syslog": {
"syslogIdentifier": "Microsoft Windows security auditing"
}
},
"source": [
"new_source"
]
},
"nxlog": {
"new_source": {
"source_type": [
"syslog"
],
"syslog": {
"syslogIdentifier": "Microsoft-Windows-Security-Auditing"
}
},
"source": [
"new_source"
]
},
"qradar": {
"new_source": {
"source_type": [
"syslog"
],
"syslog": {
"syslogIdentifier": "Microsoft-Windows-Security-Auditing"
}
},
"source": [
"new_source"
]
},
"rsa": {
"new_source": {
"source_type": [
"syslog"
],
"syslog": {
"syslogIdentifier": "Microsoft-Windows-Security-Auditing"
}
},
"source": [
"new_source"
]
},
"snare": {
"new_source": {
"source_type": [
"syslog"
],
"syslog": {
"syslogIdentifier": "Microsoft-Windows-Security-Auditing"
}
},
"source": [
"new_source"
]
},
"standard": {
"new_source": {
"source_type": [
"splunk",
"wmi"
],
"splunk": {
"splunkSearch": "sourcetype=WinEventLog:Security"
}
},
"source": [
"new_source"
]
}
}
},
"paloalto": {
"category": [
"wildfire",
"vpn",
"firewall"
],
"firewall": {
"cef": {
"new_source": {
"source_type": [
"syslog"
],
"syslog": {
"syslogIdentifier": "Palo Alto Networks"
}
},
"source": [
"new_source"
]
},
"format": [
"standard",
"cef"
],
"standard": {
"new_source": {
"source_type": [
"splunk",
"syslog"
],
"splunk": {
"splunkSearch": "type=firewall"
},
"syslog": {
"syslogIdentifier": "TRAFFIC"
}
},
"source": [
"new_source"
]
}
},
"vpn": {
"format": [
"standard"
],
"standard": {
"new_source": {
"source_type": [
"splunk",
"syslog"
],
"splunk": {
"splunkSearch": "GlobalProtect"
},
"syslog": {
"syslogIdentifier": "GlobalProtect"
}
},
"source": [
"new_source"
]
}
},
"wildfire": {
"format": [
"standard"
],
"standard": {
"new_source": {
"source_type": [
"splunk",
"syslog"
],
"splunk": {
"splunkSearch": "type=wildfire"
},
"syslog": {
"syslogIdentifier": "wildfire"
}
},
"source": [
"new_source"
]
}
}
},
"splunk_source_type": {
"hostName": "none",
"hostPort": "8089",
"label": "none",
"order": [
"hostName",
"userName",
"password",
"timeOffset",
"hostPort",
"label"
],
"password": "none",
"timeOffset": "60",
"userName": "none"
},
"syslog_source_type": {
"label": "none",
"order": [
"syslogListenTcpPort",
"syslogListenUdpPort",
"label"
],
"syslogListenTcpPort": "514",
"syslogListenUdpPort": "514"
},
"vendor": [
"microsoft",
"bro",
"juniper",
"paloAlto",
"cisco",
"hp",
"infoblox",
"bluecoat",
"fortinet",
"dnsmasq",
"mcafee",
"checkpoint",
"f5",
"fireeye",
"bind",
"bluecat",
"box",
"beyondtrust",
"highlander",
"aruba"
],
"wmi_source_type": {
"label": "none",
"order": [
"userName",
"password",
"wmiIpOrHost",
"label"
],
"password": "none",
"userName": "none",
"wmiIpOrHost": "none"
}
}
}
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment