Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Nikolajs_Matjus
Participant

API logging and profiles

Hello ! 

Customer is concerned about API logging, generally they want to see logs from API requests/responses in TE blade log in SmartLog. Is that possible ?  If not, what is the way to get similar logging ? (Verdict, filename, malware, etc).

Another question is about NGTX profile - how to apply it to API requests ? 

Thanks in advance !

7 Replies
PhoneBoy
Admin
Admin

Are you querying against the API on a local Threat Emulation appliance or ThreatCloud? 

For a local Threat Emulation appliance, this information should log the same way as if a gateway generated the request.

See also: /var/log/huntress_api_logs 

For ThreatCloud, I'm not sure that's possible.

For your second question, I'm not sure I understand, can you clarify?

Nikolajs_Matjus
Participant

We are quering local TE appliance.

Regarding second question - how do we define protection profile for API queries ?

Just like we do for protection scope in Threat Prevention tab, or differently ? 

0 Kudos
PhoneBoy
Admin
Admin

Profiles do not apply to API calls.

It is up to the application calling the API to determine what to do with the result of the API call.

Nikolajs_Matjus
Participant

Thank you for quick reply!

But then how do we define emulation environment for API calls ?

0 Kudos
PhoneBoy
Admin
Admin

The images you wish to emulate against are specified in the API call.

0 Kudos
freedom_apps
Explorer

We are quering local TE appliance.

Regarding second question - how do we define protection profile for API queries ?

Just like we do for protection scope in Threat Prevention tab, or differently ?  Thanks for This MAmazing Forum.

0 Kudos
PhoneBoy
Admin
Admin

Threat Prevention profiles don't make sense when you're calling the API directly, which gives you the raw verdict on a given file.

The actual enforcement decision/logic lies elsewhere in this case.