...
3.1) In the LMC go to the menu Project services → External services → SIEM and click on Create Secret Key.
3.2) Copyx Copy the Secret Key and save it in a secure location. Enter the Secret Key in your SIEM system afterwards.
4. Beispiel-Befehle in der SIEM-) Example commands in the SIEM API:
| Info |
|---|
Die You can find the SIEM -API-Dokumentation finden Sie unter dem folgenden LinkAPI documentation under the following link: |
Um die SIEM-API verwenden zu können, benötigen Sie die UUID Ihres LMC-Projektes sowie den In order to be able to use the SIEM API, you need the UUID of your LMC project as well as the API Secret Key (siehe Schritt see step 3).
| Info |
|---|
Wenn Sie in dem LMC-Projekt eingebucht sind, finden Sie die UUID in der Adresszeile des Browsers hinter When you are logged in to your LMC project, you can find the UUID in the adress bar of the browser after project/.
|
DeviceLogs:Mit dem Endpunkt DeviceLogs können die Geräte-Logs für den angegebenen Account ausgelesen werden
With the endpoint DeviceLogs you can read out the device logs for the specified account.
| Codeblock | ||
|---|---|---|
| ||
curl --request GET \ --url https://cloud.lancom.de/cloud-service-siem/accounts/<UUID of desyour LMC-Projektes> project>/logs \ --header 'Authorization: LMC-API-KEY <API Secret Key ausfrom Schrittstep 3>' \ |
| Codeblock | ||
|---|---|---|
| ||
curl --request GET \ --url https://cloud.lancom.de/cloud-service-siem/accounts/ea96d5d0-01f6-498a-b9ec-629be24eae9e/logs \ --header 'Authorization: LMC-API-KEY eyJraWQiOiIxIiwidHlwIjoiTE1DLUFQSS1LRVkiLCJhbGciOiJIUzI1NiJ9.3zezFHKzCYJlCgh-3V1KN0yEe8lTUQEE75DXc-Vv2Dc._93wf35NVk8Q6yt7omWzyohTgW58424tQzRFIPgr111' \ |
| Codeblock | ||
|---|---|---|
| ||
{
"startOffset": 10,
"endOffset": 109,
"nextOffset": 110,
"count": 100,
"deviceLogs": [
{
"deviceId": "ea96d5d0-01f6-498a-b9ec-629be24eae9e",
"accountId": "ea96d5d0-01f6-498a-b9ec-629be24eae9e",
"siteId": "ea96d5d0-01f6-498a-b9ec-629be24eae9e",
"messageId": "8bb136e3-0c4e-459e-8cd7-85b8209e2e3b",
"createdAt": "2022-12-21T13:17:40.78731Z",
"receivedAt": "2022-12-21T13:17:40.78731Z",
"rawMessage": "IDPS: Malicious message detected [Classification: ] [Severity: 3] [Signature Id: 5000000] [Action: allowed] [Source: 10.10.10.20:0] [Destination: 8.8.76.5:0]",
"severity": "3",
"additionalProperties": {
"category": "IDPS",
"idps_event_type": "alert",
"signature": "5000000",
"idps_category": "",
"source_ip": "10.10.10.20",
"source_port": "0",
"destination_ip": "8.8.76.5",
"destination_port": "0",
"action": "allowed"
}
}
],
"_links": {
"self": "https://cloud.lancom.de/cloud-service-siem/accounts/ea96d5d0-01f6-498a-b9ec-629be24eae9e/logs?offset=1&limit=100",
"next": "https://cloud.lancom.de/cloud-service-siem/accounts/ea96d5d0-01f6-498a-b9ec-629be24eae9e/logs?offset=101&limit=100"
}
} |
Offsets:Mit dem Endpunkt Offsets wird für den angegebenen Account die Nummer der ersten und der nächsten ungelesenen Log-Datei sowie die Grenze an Log-Dateien ausgegeben
With the endpoint Offsets you can read out the number of the first logfile and the next unread logfile as well as offset limit for the specified account.
| Codeblock | ||
|---|---|---|
| ||
curl --request GET \ --url https://cloud.lancom.de/cloud-service-siem/accounts/<UUID desof your LMC-Projektes> project>/offsets \ --header 'Authorization: LMC-API-KEY <API Secret Key ausfrom Schrittstep 3>' \ |
| Codeblock | ||
|---|---|---|
| ||
curl --request GET \ --url https://cloud.lancom.de/cloud-service-siem/accounts/30995a43-3705-439a-9c2c-da1331bb5106/offsets \ --header 'Authorization: LMC-API-KEY eyJraWQiOiIxIiwidHlwIjoiTE1DLUFQSS1LRVkiLCJhbGciOiJIUzI1NiJ9.3zezFHKzCYJlCgh-3V1KN0yEe8lTUQEE75DXc-Vv2Dc._93wf35NVk8Q6yt7omWzyohTgW58424tQzRFIP11111' \ |
| Codeblock | ||
|---|---|---|
| ||
{
"startMinOffset": 0,
"nextUnreadOffset": 99,
"endMaxOffset": 100
} |
...