: Add Your API Client to Data Security
Focus
Focus

Add Your API Client to Data Security

Table of Contents

Add Your API Client to
Data Security

Follow these steps to generate a client ID and client secret so you can add an API client to
Data Security
.
You can configure a third-party API client (for example, Cortex XSOAR) to authenticate to
Data Security
using an OAuth connection for efficient incident management and remediation. To do so, you must first add an API client on
Data Security
to retrieve the Client ID and Client Secret that your API client requires for authentication. When you add the API client on
Data Security
, you specify the incident management and remediation access you want to grant the third-party API client. You can only connect one third-party API client.
Data Security
currently supports one Syslog receiver AND one API client app with access to log data. So, you can use the two protocols and connect SIEM and SOAR software separately. However,
Data Security
does not support using multiple Syslog receivers or multiple API clients concurrently. Alternatively, if you want to use both Splunk and Cortex XSOAR, directly connect Splunk to Cortex XSOAR using the Splunk integration, and create a Client ID and Client Secret for Cortex XSOAR to directly connect to
Data Security
.
  1. To add your API client, go to
    Settings
    Directory & External Services
    .
  2. Click
    Add Client App
    to register an API client.
  3. Enter a unique
    Name
    for the API client.
  4. Authorize the API client for specific
    Scopes
    .
    • Log access
      —Access log files. You can either provide this API client log access or add a syslog receiver for this purpose.
    • Incident management
      —Retrieve and change incident status.
    • Quarantine management
      Quarantine assets and restore quarantined assets.
    You use these scopes in the
    POST
    request to the
    /oauth/token
    endpoint.
  5. Save
    your changes to grant
    Data Security
    the ability to generate and display a Client ID and a Client Secret.
    Immediately record the Client Secret that displays. After dismissal, you cannot access the Client Secret again. Configure your API client with the Client ID and Client Secret to authenticate your API client to
    Data Security
    .
  6. (
    Optional
    ) To delete a client, click
    Delete
    .

Recommended For You