SaaS Security
Add Your API Client to Data Security
Table of Contents
Expand All
|
Collapse All
SaaS Security Docs
Add Your API Client to Data Security
Follow these steps to generate a client ID and client
secret so you can add an API client to Data Security.
Where Can I Use This? | What Do I Need? |
---|---|
|
Or any of the following licenses that include the Data Security license:
|
You can configure a third-party API client
(for example, Cortex XSOAR)
to authenticate to
Data Security using an OAuth connection for efficient incident
management and remediation. To do so, you must first add an API
client on Data Security to retrieve the Client ID and Client
Secret that your API client requires for authentication. When you
add the API client on Data Security, you specify the incident
management and remediation access you want to grant the third-party
API client. You can only connect one third-party API client.
Data Security currently supports one Syslog receiver
AND one API client app with access to log data. So, you can use the two protocols
and connect SIEM and SOAR software separately. However, Data Security does not
support using multiple Syslog receivers or multiple API clients concurrently.
Alternatively, if you want to use both Splunk and Cortex XSOAR, directly connect
Splunk to Cortex XSOAR using the Splunk integration, and create a Client ID and Client
Secret for Cortex XSOAR to directly connect to Data Security.
- Log in to Strata Cloud Manager.Select ManageConfigurationSaaS SecuritySettingsDirectory & External ServicesAdd Syslog/API Client.Choose API Client to register an API client.Enter a unique Name for the API client.Authorize the API client for specific Scopes.
- Log File Access—Access log files. You can either provide this API client log access or add a syslog receiver for this purpose.
- Incident Management—Retrieve and change incident status.
- Quarantine Management—Quarantine assets and restore quarantined assets.
- Violation Management
- Posture Management
Save your changes to grant Data Security the ability to generate and display a Client ID and a Client Secret.Immediately record the Client Secret that displays. After dismissal, you cannot access the Client Secret again. Configure your API client with the Client ID and Client Secret to authenticate your API client to Data Security.(Optional) To delete a client, select ActionsDelete.