Feed Management User Guide

How to authenticate with the Chronicle API

This Chronicle API uses the OAuth 2.0 protocol for authentication and authorization. Your application can complete these tasks using either of the following implementations:

  • Using the Google API client library for your computer language.

  • Directly interfacing with the OAuth 2.0 system using HTTP.

See the reference documentation for the Google Authentication library in Python.

Google Authentication libraries are a subset of the Google API client libraries. See other language implementations.

Getting API authentication credentials

Your Chronicle representative will provide you with a Google Developer Service Account Credential to enable the API client to communicate with the API.

You also need to provide the Auth Scope when initializing your API client. OAuth 2.0 uses a scope to limit an application's access to an account. When an application requests a scope, the access token issued to the application is limited to the scope granted.

Use the following scope to initialize your Google API client:

https://www.googleapis.com/auth/chronicle-backstory

Python example

The following Python example demonstrates how to use the OAuth2 credentials and HTTP client using google.oauth2 and googleapiclient.

# Imports required for the sample - Google Auth and API Client Library Imports.
# Get these packages from https://pypi.org/project/google-api-python-client/ or run $ pip
# install google-api-python-client from your terminal
from google.oauth2 import service_account
from googleapiclient import _auth

SCOPES = ['https://www.googleapis.com/auth/chronicle-backstory']

# The apikeys-demo.json file contains the customer's OAuth 2 credentials.
# SERVICE_ACCOUNT_FILE is the full path to the apikeys-demo.json file
# ToDo: Replace this with the full path to your OAuth2 credentials
SERVICE_ACCOUNT_FILE = '/customer-keys/apikeys-demo.json'

# Create a credential using Google Developer Service Account Credential and Chronicle API
# Scope.
credentials = service_account.Credentials.from_service_account_file(SERVICE_ACCOUNT_FILE, scopes=SCOPES)

# Build an HTTP client to make authorized OAuth requests.
http_client = _auth.authorized_http(credentials)

# <your code continues here>

Overview

Chronicle Feed Management enables you to create and manage data feeds to your Chronicle account.

Creating and Editing Feeds

To access the Feed Management interface, select the **Settings **option from the main menu icon.

Settings Settings

You can then navigate to the Feeds page. The data feeds listed on this page include all the feeds Chronicle has configured for your account in addition to the feeds you have configured.

Feeds Feeds

Adding a new feed

To add a new feed to your Chronicle account, complete the following steps:

  1. Click ADD NEW. The ADD FEED window is displayed.

  2. Starting from the Set Properties tab, select the SOURCE TYPE from the drop down menu. You can select from the following feed source types:

    • Amazon S3
    • Amazon SQS
    • Google Cloud Storage
    • HTTP(S) URI
    • Microsoft Azure Blob Storage
    • Third party API

Source type selection

Source Type Selection

  1. Select the LOG TYPE from the drop down menu. The logs available vary depending on which source type you selected previously. Click NEXT.

Log type selection

Log Type Selection

  1. Specify the parameters needed from the Input Parameters tab. The options presented here vary depending on the source and log type selected on the Set Properties tab. Hover over the question icon above each field to get additional information on what you need to provide.

Click NEXT.

Input parameter configuration

Input Parameter Configuration

  1. Review your new feed configuration from the Finalize tab. Click SUBMIT when you are ready. Chronicle completes a validation check of the new feed. If the feed passes the check, a name is generated for the feed and it is submitted to Chronicle for evaluation.

Finalize feed request

Finalize Feed Request

  1. A Chronicle representative ensures that the feed has been configured correctly and includes the necessary parameters. They then activate the feed. You can monitor the status of the feed from the initial **Feeds **page. Feeds in review have a status of Pending.

Editing feeds

From the Feeds page, you can edit an existing feed:

  1. Hover over an existing feed and click the three dot menu in the right column.

  2. Click Edit Feed. You can now alter the Input Parameters for the Feed and resubmit it to Chronicle. Edited feeds undergo the same evaluation process by Chronicle personnel as do new feeds.

Deleting feeds

From the Feeds page, you can also delete an existing feed:

  1. Hover over an existing feed and click the three dot menu in the right column.

  2. Click Delete Feed. The DELETE FEED window opens. To permanently delete the feed, click Yes, Delete It.