2019-01-28 03:37 AM
Cloudflare makes available Logpull a RESTful API to request logs over HTTP from its platform.
Question is, is there a module or method within RSA SA to make queries to an external API such as Logpull, requesting for logs, and then subsequently ingest them within the Decoder?
Logs are generated in JSON format, for which a custom parser can be managed, however how do I get the logs consumed by RSA SA, to begin with?
2019-01-28 12:32 PM
The Plugin Collection capability sounds like what you're looking for: https://community.rsa.com/docs/DOC-84695
That document walks through the process for developing your own plugin to pull from *any* API.
2020-06-24 04:09 PM
2020-08-06 03:31 PM
Interesting how Splunk has a plug-in for Cloudflare for their customer base.