Contains the endpoints for configuring alerting on SPS.
GET https://<IP-address-of-SPS>/api/configuration/alerting
Cookie name | Description | Required | Values |
---|---|---|---|
session_id | Contains the authentication token of the user | Required |
The value of the session ID cookie received from the REST server in the authentication response, for example, a1f71d030e657634730b9e887cb59a5e56162860. For details on authentication, see Authenticate to the SPS REST API. Note that this session ID refers to the connection between the REST client and the SPS REST API. It is not related to the sessions that SPS records (and which also have a session ID, but in a different format). |
The following command lists alerting configuration endpoints.
curl --cookie cookies https://<IP-address-of-SPS>/api/configuration/alerting
The following is a sample response received when listing alerting configuration endpoints.
For details of the meta object, see Message format.
{ "items": [ { "key": "system_alerts", "meta": { "href": "/api/configuration/alerting/system_alerts" } }, { "key": "traffic_alerts", "meta": { "href": "/api/configuration/alerting/traffic_alerts" } } ], "meta": { "first": "/api/configuration/aaa", "href": "/api/configuration/alerting", "last": "/api/configuration/x509", "next": "/api/configuration/datetime", "parent": "/api/configuration", "previous": "/api/configuration/aaa", "transaction": "/api/transaction" } }
Element | Description |
---|---|
system_alerts | Configuration options for system-related alerts. |
traffic_alerts | Configuration options for traffic-related alerts. |
The following table lists the typical status and error codes for this request. For a complete list of error codes, see Application level error codes.
Code | Description | Notes |
---|---|---|
401 | Unauthenticated | The requested resource cannot be retrieved because the client is not authenticated and the resource requires authorization to access it. The details section contains the path that was attempted to be accessed, but could not be retrieved. |
403 | Unauthorized | The requested resource cannot be retrieved because the client is not authorized to access it. The details section contains the path that was attempted to be accessed, but could not be retrieved. |
404 | NotFound | The requested object does not exist. |
Configuration options for sending system-related alerts.
E-mail alerts, when enabled, are sent to the e-mail address configured in the alerting_address element of the /api/configuration/management/email endoint.
SNMP alerts, when enabled, are sent to the SNMP server configured at the /api/configuration/management/snmp/trap endpoint.
GET https://<IP-address-of-SPS>/api/configuration/alerting/system_alerts
Cookie name | Description | Required | Values |
---|---|---|---|
session_id | Contains the authentication token of the user | Required |
The value of the session ID cookie received from the REST server in the authentication response, for example, a1f71d030e657634730b9e887cb59a5e56162860. For details on authentication, see Authenticate to the SPS REST API. Note that this session ID refers to the connection between the REST client and the SPS REST API. It is not related to the sessions that SPS records (and which also have a session ID, but in a different format). |
The following command lists configuration options for system-related alerts.
curl --cookie cookies https://<IP-address-of-SPS>/api/configuration/alerting/system_alerts
The following is a sample response received when listing configuration options for system-related alerts.
For details of the meta object, see Message format.
{ "body": { "xcbAlert": { "email": false, "snmp": false }, "xcbArchiveFailed": { "email": false, "snmp": false }, "xcbBackupFailed": { "email": false, "snmp": false }, "xcbBruteForceAttempt": { "email": false, "snmp": false }, "xcbConfigChange": { "email": false, "snmp": false }, "xcbDBError": { "email": false, "snmp": false }, "xcbDiskFull": { "email": false, "snmp": false }, "xcbError": { "email": false, "snmp": false }, "xcbFirmwareTainted": { "email": false, "snmp": false }, "xcbHWError": { "email": false, "snmp": false }, "xcbHaNodeChanged": { "email": false, "snmp": false }, "xcbLicenseAlmostExpired": { "email": false, "snmp": false }, "xcbLimitReached": { "email": false, "snmp": false }, "xcbLoadAvgHigh": { "email": false, "snmp": false }, "xcbLogin": { "email": false, "snmp": false }, "xcbLoginFailure": { "email": false, "snmp": false }, "xcbLogout": { "email": false, "snmp": false }, "xcbRaidStatus": { "email": false, "snmp": false }, "xcbSwapFull": { "email": false, "snmp": false }, "xcbTimeSyncLost": { "email": false, "snmp": false }, "xcbTimestampError": { "email": false, "snmp": false } }, "key": "system_alerts", "meta": { "first": "/api/configuration/alerting/system_alerts", "href": "/api/configuration/alerting/system_alerts", "last": "/api/configuration/alerting/traffic_alerts", "next": "/api/configuration/alerting/traffic_alerts", "parent": "/api/configuration/alerting", "previous": null, "transaction": "/api/transaction" } }
To enable or disable an alert, you have to:
For details, see Open a transaction.
PUT the modified JSON object to the https://<IP-address-of-SPS>/api/configuration/alerting/system_alerts endpoint. You can find a detailed description of the available parameters listed in Element .
For details, see Commit a transaction.
The following table lists the typical status and error codes for this request. For a complete list of error codes, see Application level error codes.
Code | Description | Notes |
---|---|---|
201 | Created | The new resource was successfully created. |
401 | Unauthenticated | The requested resource cannot be retrieved because the client is not authenticated and the resource requires authorization to access it. The details section contains the path that was attempted to be accessed, but could not be retrieved. |
403 | Unauthorized | The requested resource cannot be retrieved because the client is not authorized to access it. The details section contains the path that was attempted to be accessed, but could not be retrieved. |
404 | NotFound | The requested object does not exist. |
Configuration options for sending traffic-related alerts.
E-mail alerts, when enabled, are sent to the e-mail address configured in the alerting_address element of the /api/configuration/management/email endoint.
SNMP alerts, when enabled, are sent to the SNMP server configured at the /api/configuration/management/snmp/trap endpoint.
GET https://<IP-address-of-SPS>/api/configuration/alerting/traffic_alerts
Cookie name | Description | Required | Values |
---|---|---|---|
session_id | Contains the authentication token of the user | Required |
The value of the session ID cookie received from the REST server in the authentication response, for example, a1f71d030e657634730b9e887cb59a5e56162860. For details on authentication, see Authenticate to the SPS REST API. Note that this session ID refers to the connection between the REST client and the SPS REST API. It is not related to the sessions that SPS records (and which also have a session ID, but in a different format). |
The following command lists the configuration options for traffic-related alerts..
curl --cookie cookies https://<IP-address-of-SPS>/api/configuration/alerting/traffic_alerts
The following is a sample response received when listing the configuration options for traffic-related alerts.
For details of the meta object, see Message format.
{ "body": { "scbAuthFailure": { "email": false, "snmp": false }, "scbAuthSuccess": { "email": false, "snmp": false }, "scbChannelDenied": { "email": false, "snmp": false }, "scbConnectionDenied": { "email": false, "snmp": false }, "scbConnectionFailed": { "email": false, "snmp": false }, "scbConnectionTimedout": { "email": false, "snmp": false }, "scbCredStoreClosed": { "email": false, "snmp": false }, "scbCredStoreDecryptError": { "email": false, "snmp": false }, "scbCredStoreUnlockFailure": { "email": false, "snmp": false }, "scbGWAuthFailure": { "email": false, "snmp": false }, "scbGWAuthSuccess": { "email": false, "snmp": false }, "scbProtocolViolation": { "email": false, "snmp": false }, "scbRealTimeAlert": { "email": false, "snmp": false }, "scbSshHostKeyLearned": { "email": false, "snmp": false }, "scbSshHostKeyMismatch": { "email": false, "snmp": false }, "scbUserMappingFailure": { "email": false, "snmp": false } }, "key": "traffic_alerts", "meta": { "first": "/api/configuration/alerting/system_alerts", "href": "/api/configuration/alerting/traffic_alerts", "last": "/api/configuration/alerting/traffic_alerts", "next": null, "parent": "/api/configuration/alerting", "previous": "/api/configuration/alerting/system_alerts", "transaction": "/api/transaction" } }
To enable or disable an alert, you have to:
For details, see Open a transaction.
PUT the modified JSON object to the https://<IP-address-of-SPS>/api/configuration/alerting/traffic_alerts endpoint. You can find a detailed description of the available parameters listed in Element .
For details, see Commit a transaction.
The following table lists the typical status and error codes for this request. For a complete list of error codes, see Application level error codes.
Code | Description | Notes |
---|---|---|
201 | Created | The new resource was successfully created. |
401 | Unauthenticated | The requested resource cannot be retrieved because the client is not authenticated and the resource requires authorization to access it. The details section contains the path that was attempted to be accessed, but could not be retrieved. |
403 | Unauthorized | The requested resource cannot be retrieved because the client is not authorized to access it. The details section contains the path that was attempted to be accessed, but could not be retrieved. |
404 | NotFound | The requested object does not exist. |
Trust stores serve as local certificate storages where users can store the certificate chains of trusted Certificate Authorities (CAs). These certificates are then used to ensure secure communication between external parties and the SPS.
There are two types of trust stores: built-in and custom.
The built-in trust store has well known root CAs (such as Google, Microsoft, Verisign, etc.), and it is not modifiable.
Before establishing secure communication (TLS), SPS verifies the certificate of the other party using the assigned trust store. Only certificates signed by any of the CAs in the trust store are accepted.
NOTE: CRL URLs must be listed explicitly in the appropriate field, as those CRL URLs that are embedded in the extensions of the certificates, will be ignored.
GET https://<IP-address-of-SPS>/api/configuration/trust_stores
Cookie name | Description | Required | Values |
---|---|---|---|
session_id | Contains the authentication token of the user | Required |
The value of the session ID cookie received from the REST server in the authentication response, for example, a1f71d030e657634730b9e887cb59a5e56162860. For details on authentication, see Authenticate to the SPS REST API. Note that this session ID refers to the connection between the REST client and the SPS REST API. It is not related to the sessions that SPS records (and which also have a session ID, but in a different format). |
Operations with the trust_stores endpoint include:
Operation
|
HTTP method |
URL |
Notes |
---|---|---|---|
Create a trust store | POST | /api/configuration/trust_stores | The name of the trust store must be unique. |
List trust stores | GET | /api/configuration/trust_stores |
Users who were not given read access to the trust_stores endpoint explicitly, are still able to retrieve information from it, if they have access to other /configuration related endpoints, which reference trust stores. Examples of trust store referrer ACL (read access):
|
Query a trust store | GET | /api/configuration/trust_stores/<id of the trust store> | |
Query the built-in trust store | GET | /api/configuration/trust_stores/-7001 | |
Update a trust store | PUT | /api/configuration/trust_stores/<id of the trust store> |
Users who were not given access to the trust_stores endpoint explicitly, but are still able to retrieve information from it because they have access to configuration endpoints which reference trust stores, are unable to modify trust stores. With the exception of /config/xcb/management, where the same access level is granted to the trust stores for the user as they have for /config/xcb/management. |
Delete a trust store | DELETE | /api/configuration/trust_stores/<id of the trust store> |
The following command lists the trust stores:
curl --cookie cookies https://<IP-address-of-SPS>/api/configuration/trust_stores
The following is a sample response received when listing trust stores.
For details of the meta object, see Message format.
{ "items": [ { "key": "-7001", "meta": { "href": "/api/configuration/trust_stores/-7001" }, "body": { "name": "Built-in", "revocation_check": "none", "trust_store_type": "built-in" } }, { "key": "XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX", "meta": { "href": "/api/configuration/trust_stores/XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX" }, "body": { "name": "My_Custom_Trust_Store", "authorities": [ { "fingerprint": { "digest": "01:25:1f:a2:df:2a:31:1a:29:7a:ba:43:c4:03:42:a5:d7:30:ec:2d:e0:d7:7a:72:a7:1b:c3:99:c5:6c:10:ea", "hash_algorithm": "sha256" }, "issuer": "C=HU/ST=Budapest/L=None/O=Internet Widgits Pty Ltd/OU=None/CN=None/emailAddress=None", "pem": "-----BEGIN CERTIFICATE-----\nMIIDZzCCAk+gAwIBAgIUMlI5+EgTDAh2zqRDGYrzFRyozI8wDQYJKoZIhvcNAQEL\nBQAwQzELMAkGA1UEBhMCSFUxETAPBgNVBAgMCEJ1ZGFwZXN0MSEwHwYDVQQKDBhJ\nbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMTQwODEyMTIzNjQ4WhcNMzQwNjE4\nMTIzNjQ4WjBDMQswCQYDVQQGEwJIVTERMA8GA1UECAwIQnVkYXBlc3QxITAfBgNV\nBAoMGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDCCASIwDQYJKoZIhvcNAQEBBQAD\nggEPADCCAQoCggEBALffJBDD6A/ZGBTgFbyLXHulU+hGnMW3DoPo2q4HY1/FfbkS\nrzmK+Fiz+3EwJCWi+EwK9mqve/nh6YRRw/VaAVQ7CkA7f7to+I7gP647Bq1wk0lh\nBVEJNlN0jfYYSumGxzPotw/fon1MkXuMbLc0Pr/vFX3NQC7/STAV5dZFcdboXDA7\nZZ3rzBIr93ThObsGj01MRO6wrS3rfE7Px9D7C2u9YSkP3OQ1Sfm/jqyLNaT6xt4i\nhrLnfYEc8mClnrlvILi+q/D6mIUSjb4IGvergAyl4jgPjO02UcvBzOIA9tDlBJBi\nQxZx+T620ubmEwOl9Q0G8RAWKz7szrBcXEjXhYUCAwEAAaNTMFEwHQYDVR0OBBYE\nFCDfEeq5Hsm8jMrG110iNpt5cikTMB8GA1UdIwQYMBaAFCDfEeq5Hsm8jMrG110i\nNpt5cikTMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAK3iizM4\nCx69YD+4CWOUswULrCJA38C+nDYONLbNkact8JKXqCn/MaZTII+dZoV9RjjX4AzA\nPTQkZT+RoVeCZyt+qWHMdjq6koabXwQmXNozUtaxEZTrnoUDEWtNIbjV/gNtRcSG\nsU7i9L2YnwDzTw0cR/pu1Hykq8fwqNqjQGYnmXtJspMkKAtVe1CrtnPLiC6JBr0g\n5GZF58sHx5+gO0RkqdzJgRAGnImdfAahqfHmKRFmxoxWLyylRyqDgQ+KqcaDvZI+\ni36M+NQHVrDX4jo4CFoXhFlSOepvtDOpmzoWhugwDNMPuU1IEY7//CJBXQnjp+uf\nLO6PsNmMKDGi9Dk=\n-----END CERTIFICATE-----\n", "subject": "C=HU/ST=Budapest/L=None/O=Internet Widgits Pty Ltd/OU=None/CN=None/emailAddress=None" } ], "crl_urls": [ "http://crl.it/sec" ], "revocation_check": "full", "trust_store_type": "custom" } } ] }
Elements of the response message body include:
Elements of items |
|
Type |
Description |
Notes |
---|---|---|---|---|
items |
|
object array |
List of JSON objects available from the current endpoint. |
|
key |
string |
The ID of the trust store. |
Each trust store has a unique key. The built-in trust store's ID is "-7001". | |
meta |
string (uri) |
The href field contains the URL of the trust store. |
||
The following table lists the typical status and error codes for this request. For a complete list of error codes, see Application level error codes.
Code | Description | Notes |
---|---|---|
400 | SyntacticError |
A value to be set is not accepted syntactically. The details section contains the path that was found to be invalid. Possible syntactic error messages related to trust store:
|
400 | SemanticError |
The configuration contains semantic errors, inconsistencies or other problems that would put the system into an unreliable state if the configuration had been applied. The details section contains the errors that were found in the configuration. Possible semantic error messages related to trust store:
|
401 | Unauthenticated | The requested resource cannot be retrieved because the client is not authenticated and the resource requires authorization to access it. The details section contains the path that was attempted to be accessed, but could not be retrieved. |
403 | Unauthorized | The requested resource cannot be retrieved because the client is not authorized to access it. The details section contains the path that was attempted to be accessed, but could not be retrieved. |
© 2024 One Identity LLC. ALL RIGHTS RESERVED. Conditions d’utilisation Confidentialité Cookie Preference Center