立即与支持人员聊天
与支持团队交流

One Identity Safeguard for Privileged Sessions 6.5.0 - REST API Reference Guide

Introduction Using the SPS REST API Basic settings User management and access control Managing SPS General connection settings HTTP connections Citrix ICA connections MSSQL connections RDP connections SSH connections Telnet connections VNC connections Search, download, and index sessions Reporting Health and maintenance Advanced authentication and authorization Completing the Welcome Wizard using REST Enable and configure analytics using REST

Alerting

Contains the endpoints for configuring alerting on SPS.

URL
GET https://<IP-address-of-SPS>/api/configuration/alerting
Cookies
Cookie name Description Required Values
session_id Contains the authentication token of the user Required

The value of the session ID cookie received from the REST server in the authentication response, for example, a1f71d030e657634730b9e887cb59a5e56162860. For details on authentication, see Authenticate to the SPS REST API.

Note that this session ID refers to the connection between the REST client and the SPS REST API. It is not related to the sessions that SPS records (and which also have a session ID, but in a different format).

Sample request

The following command lists alerting configuration endpoints.

curl --cookie cookies https://<IP-address-of-SPS>/api/configuration/alerting
Response

The following is a sample response received when listing alerting configuration endpoints.

For details of the meta object, see Message format.

{
  "items": [
    {
      "key": "system_alerts",
      "meta": {
        "href": "/api/configuration/alerting/system_alerts"
      }
    },
    {
      "key": "traffic_alerts",
      "meta": {
        "href": "/api/configuration/alerting/traffic_alerts"
      }
    }
  ],
  "meta": {
    "first": "/api/configuration/aaa",
    "href": "/api/configuration/alerting",
    "last": "/api/configuration/x509",
    "next": "/api/configuration/datetime",
    "parent": "/api/configuration",
    "previous": "/api/configuration/aaa",
    "transaction": "/api/transaction"
  }
}
Element Description
system_alerts Configuration options for system-related alerts.
traffic_alerts Configuration options for traffic-related alerts.
Status and error codes

The following table lists the typical status and error codes for this request. For a complete list of error codes, see Application level error codes.

Code Description Notes
401 Unauthenticated The requested resource cannot be retrieved because the client is not authenticated and the resource requires authorization to access it. The details section contains the path that was attempted to be accessed, but could not be retrieved.
403 Unauthorized The requested resource cannot be retrieved because the client is not authorized to access it. The details section contains the path that was attempted to be accessed, but could not be retrieved.
404 NotFound The requested object does not exist.

System alerts

Configuration options for sending system-related alerts.

E-mail alerts, when enabled, are sent to the e-mail address configured in the alerting_address element of the /api/configuration/management/email endoint.

SNMP alerts, when enabled, are sent to the SNMP server configured at the /api/configuration/management/snmp/trap endpoint.

URL
GET https://<IP-address-of-SPS>/api/configuration/alerting/system_alerts
Cookies
Cookie name Description Required Values
session_id Contains the authentication token of the user Required

The value of the session ID cookie received from the REST server in the authentication response, for example, a1f71d030e657634730b9e887cb59a5e56162860. For details on authentication, see Authenticate to the SPS REST API.

Note that this session ID refers to the connection between the REST client and the SPS REST API. It is not related to the sessions that SPS records (and which also have a session ID, but in a different format).

Sample request

The following command lists configuration options for system-related alerts.

curl --cookie cookies https://<IP-address-of-SPS>/api/configuration/alerting/system_alerts
Response

The following is a sample response received when listing configuration options for system-related alerts.

For details of the meta object, see Message format.

{
  "body": {
    "xcbAlert": {
      "email": false,
      "snmp": false
    },
    "xcbArchiveFailed": {
      "email": false,
      "snmp": false
    },
    "xcbBackupFailed": {
      "email": false,
      "snmp": false
    },
    "xcbBruteForceAttempt": {
      "email": false,
      "snmp": false
    },
    "xcbConfigChange": {
      "email": false,
      "snmp": false
    },
    "xcbDBError": {
      "email": false,
      "snmp": false
    },
    "xcbDiskFull": {
      "email": false,
      "snmp": false
    },
    "xcbError": {
      "email": false,
      "snmp": false
    },
    "xcbFirmwareTainted": {
      "email": false,
      "snmp": false
    },
    "xcbHWError": {
      "email": false,
      "snmp": false
    },
    "xcbHaNodeChanged": {
      "email": false,
      "snmp": false
    },
    "xcbLicenseAlmostExpired": {
      "email": false,
      "snmp": false
    },
    "xcbLimitReached": {
      "email": false,
      "snmp": false
    },
    "xcbLoadAvgHigh": {
      "email": false,
      "snmp": false
    },
    "xcbLogin": {
      "email": false,
      "snmp": false
    },
    "xcbLoginFailure": {
      "email": false,
      "snmp": false
    },
    "xcbLogout": {
      "email": false,
      "snmp": false
    },
    "xcbRaidStatus": {
      "email": false,
      "snmp": false
    },
    "xcbSwapFull": {
      "email": false,
      "snmp": false
    },
    "xcbTimeSyncLost": {
      "email": false,
      "snmp": false
    },
    "xcbTimestampError": {
      "email": false,
      "snmp": false
    }
  },
  "key": "system_alerts",
  "meta": {
    "first": "/api/configuration/alerting/system_alerts",
    "href": "/api/configuration/alerting/system_alerts",
    "last": "/api/configuration/alerting/traffic_alerts",
    "next": "/api/configuration/alerting/traffic_alerts",
    "parent": "/api/configuration/alerting",
    "previous": null,
    "transaction": "/api/transaction"
  }
}
Element Type Description
key string Top level element, contains the ID of the endpoint.
body Top level element (string) Contains the configuration options for system-related alerts.
xcbAlert Top level item General alert.
email boolean Set to true to enable e-mail alerts.
snmp boolean Set to true to enable SNMP alerts.
xcbArchiveFailed Top level item Data archiving failure.
email boolean Set to true to enable e-mail alerts.
snmp boolean Set to true to enable SNMP alerts.
xcbBackupFailed Top level item Data and configuration backup failure.
email boolean Set to true to enable e-mail alerts.
snmp boolean Set to true to enable SNMP alerts.
xcbBruteForceAttempt Top level item Too many successive failed login attempts.
email boolean Set to true to enable e-mail alerts.
snmp boolean Set to true to enable SNMP alerts.
xcbConfigChange Top level item Configuration change.
email boolean Set to true to enable e-mail alerts.
snmp boolean Set to true to enable SNMP alerts.
xcbDBError Top level item Database error occured.
email boolean Set to true to enable e-mail alerts.
snmp boolean Set to true to enable SNMP alerts.
xcbDiskFull Top level item Disk utilization reached the percentage configured in the maximum_disk_utilization_ratio element of the api/configuration/management/monitoring endpoint.
email boolean Set to true to enable e-mail alerts.
snmp boolean Set to true to enable SNMP alerts.
xcbError Top level item General error.
email boolean Set to true to enable e-mail alerts.
snmp boolean Set to true to enable SNMP alerts.
xcbFirmwareTainted Top level item The firmware is tainted.
email boolean Set to true to enable e-mail alerts.
snmp boolean Set to true to enable SNMP alerts.
xcbHWError Top level item Hardware error.
email boolean Set to true to enable e-mail alerts.
snmp boolean Set to true to enable SNMP alerts.
xcbHaNodeChanged Top level item HA node state changed.
email boolean Set to true to enable e-mail alerts.
snmp boolean Set to true to enable SNMP alerts.
xcbLicenseAlmostExpired Top level item License expires soon.
email boolean Set to true to enable e-mail alerts.
snmp boolean Set to true to enable SNMP alerts.
xcbLimitReached Top level item License limit reached.
email boolean Set to true to enable e-mail alerts.
snmp boolean Set to true to enable SNMP alerts.
xcbLoadAvgHigh Top level item The average load exceeded any of the values configured in the maximum_load1, maximum_load5 or maximum_load15 elements of the api/configuration/management/monitoring endpoint.
email boolean Set to true to enable e-mail alerts.
snmp boolean Set to true to enable SNMP alerts.
xcbLogin Top level item Successful login.
email boolean Set to true to enable e-mail alerts.
snmp boolean Set to true to enable SNMP alerts.
xcbLoginFailure Top level item Failed login.
email boolean Set to true to enable e-mail alerts.
snmp boolean Set to true to enable SNMP alerts.
xcbLogout Top level item Logout from the web configuration interface.
email boolean Set to true to enable e-mail alerts.
snmp boolean Set to true to enable SNMP alerts.
xcbRaidStatus Top level item RAID status changed.
email boolean Set to true to enable e-mail alerts.
snmp boolean Set to true to enable SNMP alerts.
xcbSwapFull Top level item The utilization of the swap exceeded the value configured in the maximum_swap_utilization_ratio element of the api/configuration/management/monitoring endpoint.
email boolean Set to true to enable e-mail alerts.
snmp boolean Set to true to enable SNMP alerts.
xcbTimeSyncLost Top level item Time sync lost.
email boolean Set to true to enable e-mail alerts.
snmp boolean Set to true to enable SNMP alerts.
xcbTimestampError Top level item Time stamping error.
email boolean Set to true to enable e-mail alerts.
snmp boolean Set to true to enable SNMP alerts.
Modify a system-related alert

To enable or disable an alert, you have to:

  1. Open a transaction.

    For details, see Open a transaction.

  2. Modify the JSON object of the endpoint.

    PUT the modified JSON object to the https://<IP-address-of-SPS>/api/configuration/alerting/system_alerts endpoint. You can find a detailed description of the available parameters listed in Element .

  3. Commit your changes.

    For details, see Commit a transaction.

Status and error codes

The following table lists the typical status and error codes for this request. For a complete list of error codes, see Application level error codes.

Code Description Notes
201 Created The new resource was successfully created.
401 Unauthenticated The requested resource cannot be retrieved because the client is not authenticated and the resource requires authorization to access it. The details section contains the path that was attempted to be accessed, but could not be retrieved.
403 Unauthorized The requested resource cannot be retrieved because the client is not authorized to access it. The details section contains the path that was attempted to be accessed, but could not be retrieved.
404 NotFound The requested object does not exist.

Traffic alerts

Configuration options for sending traffic-related alerts.

E-mail alerts, when enabled, are sent to the e-mail address configured in the alerting_address element of the /api/configuration/management/email endoint.

SNMP alerts, when enabled, are sent to the SNMP server configured at the /api/configuration/management/snmp/trap endpoint.

URL
GET https://<IP-address-of-SPS>/api/configuration/alerting/traffic_alerts
Cookies
Cookie name Description Required Values
session_id Contains the authentication token of the user Required

The value of the session ID cookie received from the REST server in the authentication response, for example, a1f71d030e657634730b9e887cb59a5e56162860. For details on authentication, see Authenticate to the SPS REST API.

Note that this session ID refers to the connection between the REST client and the SPS REST API. It is not related to the sessions that SPS records (and which also have a session ID, but in a different format).

Sample request

The following command lists the configuration options for traffic-related alerts..

curl --cookie cookies https://<IP-address-of-SPS>/api/configuration/alerting/traffic_alerts
Response

The following is a sample response received when listing the configuration options for traffic-related alerts.

For details of the meta object, see Message format.

{
  "body": {
    "scbAuthFailure": {
      "email": false,
      "snmp": false
    },
    "scbAuthSuccess": {
      "email": false,
      "snmp": false
    },
    "scbChannelDenied": {
      "email": false,
      "snmp": false
    },
    "scbConnectionDenied": {
      "email": false,
      "snmp": false
    },
    "scbConnectionFailed": {
      "email": false,
      "snmp": false
    },
    "scbConnectionTimedout": {
      "email": false,
      "snmp": false
    },
    "scbCredStoreClosed": {
      "email": false,
      "snmp": false
    },
    "scbCredStoreDecryptError": {
      "email": false,
      "snmp": false
    },
    "scbCredStoreUnlockFailure": {
      "email": false,
      "snmp": false
    },
    "scbGWAuthFailure": {
      "email": false,
      "snmp": false
    },
    "scbGWAuthSuccess": {
      "email": false,
      "snmp": false
    },
    "scbProtocolViolation": {
      "email": false,
      "snmp": false
    },
    "scbRealTimeAlert": {
      "email": false,
      "snmp": false
    },
    "scbSshHostKeyLearned": {
      "email": false,
      "snmp": false
    },
    "scbSshHostKeyMismatch": {
      "email": false,
      "snmp": false
    },
    "scbUserMappingFailure": {
      "email": false,
      "snmp": false
    }
  },
  "key": "traffic_alerts",
  "meta": {
    "first": "/api/configuration/alerting/system_alerts",
    "href": "/api/configuration/alerting/traffic_alerts",
    "last": "/api/configuration/alerting/traffic_alerts",
    "next": null,
    "parent": "/api/configuration/alerting",
    "previous": "/api/configuration/alerting/system_alerts",
    "transaction": "/api/transaction"
  }
}
Element Type Description
key string Top level element, contains the ID of the endpoint.
body Top level element (string) Contains the configuration options for traffic-related alerts.
scbAuthFailure Top level item User authentication failed.
email boolean Set to true to enable e-mail alerts.
snmp boolean Set to true to enable SNMP alerts.
scbAuthSuccess Top level item Successful user authentication.
email boolean Set to true to enable e-mail alerts.
snmp boolean Set to true to enable SNMP alerts.
scbChannelDenied Top level item Channel opening denied.
email boolean Set to true to enable e-mail alerts.
snmp boolean Set to true to enable SNMP alerts.
scbConnectionDenied Top level item Connection denied.
email boolean Set to true to enable e-mail alerts.
snmp boolean Set to true to enable SNMP alerts.
scbConnectionFailed Top level item Connection to the server failed.
email boolean Set to true to enable e-mail alerts.
snmp boolean Set to true to enable SNMP alerts.
scbConnectionTimedout Top level item Connection timed out.
email boolean Set to true to enable e-mail alerts.
snmp boolean Set to true to enable SNMP alerts.
scbCredStoreClosed Top level item The requested credential store is closed.
email boolean Set to true to enable e-mail alerts.
snmp boolean Set to true to enable SNMP alerts.
scbCredStoreDecryptError Top level item Failure to decrypt a credential.
email boolean Set to true to enable e-mail alerts.
snmp boolean Set to true to enable SNMP alerts.
scbCredStoreUnlockFailure Top level item Failure to unlock the credential store.
email boolean Set to true to enable e-mail alerts.
snmp boolean Set to true to enable SNMP alerts.
scbGWAuthFailure Top level item The user failed to authenticate on the gateway.
email boolean Set to true to enable e-mail alerts.
snmp boolean Set to true to enable SNMP alerts.
scbGWAuthSuccess Top level item Successful authentication on the gateway.
email boolean Set to true to enable e-mail alerts.
snmp boolean Set to true to enable SNMP alerts.
scbProtocolViolation Top level item Protocol violation.
email boolean Set to true to enable e-mail alerts.
snmp boolean Set to true to enable SNMP alerts.
scbRealTimeAlert Top level item Real-time audit event detected.
email boolean Set to true to enable e-mail alerts.
snmp boolean Set to true to enable SNMP alerts.
scbSshHostKeyLearned Top level item New SSH hostkey learned.
email boolean Set to true to enable e-mail alerts.
snmp boolean Set to true to enable SNMP alerts.
scbSshHostKeyMismatch Top level item SSH host key mismatch.
email boolean Set to true to enable e-mail alerts.
snmp boolean Set to true to enable SNMP alerts.
scbUserMappingFailure Top level item User mapping failed on the gateway.
email boolean Set to true to enable e-mail alerts.
snmp boolean Set to true to enable SNMP alerts.
Modify a traffic-related alert

To enable or disable an alert, you have to:

  1. Open a transaction.

    For details, see Open a transaction.

  2. Modify the JSON object of the endpoint.

    PUT the modified JSON object to the https://<IP-address-of-SPS>/api/configuration/alerting/traffic_alerts endpoint. You can find a detailed description of the available parameters listed in Element .

  3. Commit your changes.

    For details, see Commit a transaction.

Status and error codes

The following table lists the typical status and error codes for this request. For a complete list of error codes, see Application level error codes.

Code Description Notes
201 Created The new resource was successfully created.
401 Unauthenticated The requested resource cannot be retrieved because the client is not authenticated and the resource requires authorization to access it. The details section contains the path that was attempted to be accessed, but could not be retrieved.
403 Unauthorized The requested resource cannot be retrieved because the client is not authorized to access it. The details section contains the path that was attempted to be accessed, but could not be retrieved.
404 NotFound The requested object does not exist.

User management and access control

Topics:
相关文档