Perception Point Integration
Perception Point Integration Document This document outlines the steps for integrating Perception Point with BluSapphire Log collection platform.
#Pre-requisites:
Before proceeding, request the following details from your client:
• API Address: The URL for Perception Point's API endpoint.
• API Key/Token: The authentication token required to access the Perception Point API.
Verify the data using CURL command
curl -X GET 'https://api.perception-point.io/api/v1/scans/list/ -H 'Authorization: Token 52abceaa0e90a843b32b1b9a56a57949c275f9bb'
#Backend Configuration:
Pipeline Configuration
a. Edit the pipelines.yml file located at /opt/lc/conf/collector/gateway-client/pipelines.yml.
b. Add the following configuration snippet to define a new pipeline named proxy-mail-perception-point:
YAML
pipeline.id: proxy-mail-perceptionpoint pipeline.workers: 4 # Number of worker threads for the pipeline (default: 1) pipeline.batch.size: 300 # Number of events processed per batch (default: 100) pipeline.batch.delay: 50 # Delay (in milliseconds) between batches (default: 10) path.config: "/opt/lc/pipelines/processors/proxy/mail/perception-point/*.conf" # Path to processor configuration files
Input Configuration
a. Navigate to the directory containing processor configurations:
cd /opt/lc/pipelines/processors/proxy/mail
b. Copy an existing processor directory (e.g., <source_dir>) and rename it to perception-point:
cp -r <source_dir> perception-point cd perception-point
c. Rename the file 01-input-tcp.conf to 01-input-http.conf as Perception Point uses an HTTP API.
d. Edit 01-input-http.conf with the following content, replacing placeholders with the obtained client details:
input {
http_poller {
urls => {
perception_point => {
method => get
url => "${PER_API_URL}"
headers => {
"Authorization" => "${PER_AUTH_TOKEN}"
}
}
}
request_timeout => 60
schedule => { cron => "* * * * * UTC"}
codec => "json"
}
}
3. Filter Configuration
Edit the file 02-metadata-filter.conf with the following content:
filter {
mutate { add_field => { "[@metadata][debug]" => "${DEBUG_PROXY_MAIL_PERCEPTIONPOINT:False}" } }
mutate { add_field => { "[@metadata][prefix_path]" => "${PREFIX_PATH:logs}" } }
mutate { add_field => { "[@metadata][log_type]" => "${LOG_PROXY_MAIL_PERCEPTIONPOINT:proxy-mail-perceptionpoint}" } }
mutate { add_field => { "[@metadata][client_id]" => "${CLIENT_ID}" } }
mutate { add_field => { "[@metadata][sensor_id]" => "${SENSOR_ID}" } }
}
Blucluster Configuration
Edit the main configuration file /opt/lc/conf/blucluster.conf.
Set the following environment variables:
•DEBUG_PROXY_MAIL_PERCEPTIONPOINT=False (or desired value)
•LOG_PROXY_MAIL_PERCEPTIONPOINT=proxy-mail-perceptionpoint
Add the following section under a designated area (e.g., Perception Point Configuration):
#Perception point Configuration
PER_API_URL="https://api.perception-point.io/api/v1/scans/list/"
PER_AUTH_TOKEN="Token 52abceaa0e90a843b32b1b9a56a57949c275f9bb"
Important: Replace PER_API_URL and PER_AUTH_TOKEN with the values obtained from the client.
5. Restart Service Restart the Log collector service:
sudo systemctl restart blu_gc.service
6. Verification
• Check the temporary directory (/optllc/temp) for any log files generated during the integration process and check in S3.
Last updated