Perception Point Integration

Perception Point Integration Document This document outlines the steps for integrating Perception Point with BluSapphire Log collection platform.

#Pre-requisites:

Before proceeding, request the following details from your client:

• API Address: The URL for Perception Point's API endpoint.

• API Key/Token: The authentication token required to access the Perception Point API.

Verify the data using CURL command

curl -X GET 'https://api.perception-point.io/api/v1/scans/list/ -H 'Authorization: Token 52abceaa0e90a843b32b1b9a56a57949c275f9bb'

#Backend Configuration:

1. Pipeline Configuration

   a. Edit the pipelines.yml file located at /opt/lc/conf/collector/gateway-client/pipelines.yml.

   b. Add the following configuration snippet to define a new pipeline named proxy-mail-perception-point:

YAML

• pipeline.id: proxy-mail-perceptionpoint pipeline.workers: 4 # Number of worker threads for the pipeline (default: 1) pipeline.batch.size: 300 # Number of events processed per batch (default: 100) pipeline.batch.delay: 50 # Delay (in milliseconds) between batches (default: 10) path.config: "/opt/lc/pipelines/processors/proxy/mail/perception-point/*.conf" # Path to processor configuration files

2. Input Configuration

   a. Navigate to the directory containing processor configurations:

cd /opt/lc/pipelines/processors/proxy/mail

b. Copy an existing processor directory (e.g., <source_dir>) and rename it to perception-point:

cp -r <source_dir> perception-point cd perception-point

c. Rename the file 01-input-tcp.conf to 01-input-http.conf as Perception Point uses an HTTP API.

d. Edit 01-input-http.conf with the following content, replacing placeholders with the obtained client details:

input {

http_poller {

urls => {

perception_point => {

method => get

url => "${PER_API_URL}"

headers => {

"Authorization" => "${PER_AUTH_TOKEN}"

}

}

}

request_timeout => 60

schedule => { cron => "* * * * * UTC"}

codec => "json"

}

}

3. Filter Configuration

Edit the file 02-metadata-filter.conf with the following content:

filter {

mutate { add_field => { "[@metadata][debug]" => "${DEBUG_PROXY_MAIL_PERCEPTIONPOINT:False}" } }

mutate { add_field => { "[@metadata][prefix_path]" => "${PREFIX_PATH:logs}" } }

mutate { add_field => { "[@metadata][log_type]" => "${LOG_PROXY_MAIL_PERCEPTIONPOINT:proxy-mail-perceptionpoint}" } }

mutate { add_field => { "[@metadata][client_id]" => "${CLIENT_ID}" } }

mutate { add_field => { "[@metadata][sensor_id]" => "${SENSOR_ID}" } }

}

4. Blucluster Configuration

   1. Edit the main configuration file /opt/lc/conf/blucluster.conf.

   2. Set the following environment variables:

      •DEBUG_PROXY_MAIL_PERCEPTIONPOINT=False (or desired value)

      •LOG_PROXY_MAIL_PERCEPTIONPOINT=proxy-mail-perceptionpoint

   3. Add the following section under a designated area (e.g., Perception Point Configuration):

#Perception point Configuration

PER_API_URL="https://api.perception-point.io/api/v1/scans/list/"

PER_AUTH_TOKEN="Token 52abceaa0e90a843b32b1b9a56a57949c275f9bb"

Important: Replace PER_API_URL and PER_AUTH_TOKEN with the values obtained from the client.

5. Restart Service Restart the Log collector service:

sudo systemctl restart blu_gc.service

6. Verification

• Check the temporary directory (/optllc/temp) for any log files generated during the integration process and check in S3.