# Perception Point Integration

Perception Point Integration Document This document outlines the steps for integrating Perception Point with BluSapphire Log collection platform.

## #Pre-requisites:

Before proceeding, request the following details from your client:

• API Address: The URL for Perception Point's API endpoint.

• API Key/Token: The authentication token required to access the Perception Point API.

**Verify the data using CURL command**

curl -X GET '<https://api.perception-point.io/api/v1/scans/list/> -H 'Authorization: Token 52abceaa0e90a843b32b1b9a56a57949c275f9bb'

## #**Backend Configuration:**

1. **Pipeline Configuration**

   a. Edit the pipelines.yml file located at /opt/lc/conf/collector/gateway-client/pipelines.yml.

   b. Add the following configuration snippet to define a new pipeline named proxy-mail-perception-point:

YAML

* [pipeline.id](http://pipeline.id): proxy-mail-perceptionpoint pipeline.workers: 4 # Number of worker threads for the pipeline (default: 1) pipeline.batch.size: 300 # Number of events processed per batch (default: 100) pipeline.batch.delay: 50 # Delay (in milliseconds) between batches (default: 10) path.config: "/opt/lc/pipelines/processors/proxy/mail/perception-point/\*.conf" # Path to processor configuration files

2. **Input Configuration**

   a. Navigate to the directory containing processor configurations:

cd /opt/lc/pipelines/processors/proxy/mail

b. Copy an existing processor directory (e.g., \<source\_dir>) and rename it to perception-point:

cp -r \<source\_dir> perception-point cd perception-point

c. Rename the file 01-input-tcp.conf to 01-input-http.conf as Perception Point uses an HTTP API.

d. Edit 01-input-http.conf with the following content, replacing placeholders with the obtained client details:

input {

http\_poller {

urls => {

perception\_point => {

method => get

url => "${PER\_API\_URL}"

headers => {

"Authorization" => "${PER\_AUTH\_TOKEN}"

&#x20; }

&#x20;}

}

request\_timeout => 60

schedule => { cron => "\* \* \* \* \* UTC"}

codec => "json"

&#x20;}

}

**3. Filter Configuration**

Edit the file 02-metadata-filter.conf with the following content:

filter {

mutate { add\_field => { "\[@metadata]\[debug]" => "${DEBUG\_PROXY\_MAIL\_PERCEPTIONPOINT:False}" } }

mutate { add\_field => { "\[@metadata]\[prefix\_path]" => "${PREFIX\_PATH:logs}" } }

mutate { add\_field => { "\[@metadata]\[log\_type]" => "${LOG\_PROXY\_MAIL\_PERCEPTIONPOINT:proxy-mail-perceptionpoint}" } }

mutate { add\_field => { "\[@metadata]\[client\_id]" => "${CLIENT\_ID}" } }

mutate { add\_field => { "\[@metadata]\[sensor\_id]" => "${SENSOR\_ID}" } }

}

4. **Blucluster Configuration**
   1. Edit the main configuration file /opt/lc/conf/blucluster.conf.
   2. Set the following environment variables:

      •DEBUG\_PROXY\_MAIL\_PERCEPTIONPOINT=False (or desired value)

      •LOG\_PROXY\_MAIL\_PERCEPTIONPOINT=proxy-mail-perceptionpoint
   3. Add the following section under a designated area (e.g., Perception Point Configuration):

\#Perception point Configuration

PER\_API\_URL="<https://api.perception-point.io/api/v1/scans/list/>"

PER\_AUTH\_TOKEN="Token 52abceaa0e90a843b32b1b9a56a57949c275f9bb"

**Important:** Replace PER\_API\_URL and PER\_AUTH\_TOKEN with the values obtained from the client.

**5. Restart Service Restart the Log collector service:**

sudo systemctl restart blu\_gc.service

**6. Verification**

• Check the temporary directory (/optllc/temp) for any log files generated during the integration process and check in S3.