08-13-2020 01:32 AM
Hello,
I successfully create a method in python to create tag (Host Group) base on that example :
https://github.com/CiscoDevNet/stealthwatch-enterprise-sample-scripts/blob/master/python/add_tag.py
But in some case, i need to create a tag with empty "ranges" but with this API :
'https://' + SMC_HOST + '/smc-configuration/rest/v1/tenants/' + SMC_TENANT_ID + '/tags
But the following JSON :
request_data = [ { "name": "Sample Threat Feed", "location": "OUTSIDE", "description": "A sample of a threat feed", "ranges": [ "149.202.170.60", "23.129.64.101", "37.187.129.166", "91.146.121.3" ], "hostBaselines": False, "suppressExcludedServices": True, "inverseSuppression": False, "hostTrap": False, "sendToCta": False, "parentId": 0 } ]
With this kind of JSON with an empty "ranges", i have a "400" error code :
request_data = [ { "name": "Sample Threat Feed", "location": "OUTSIDE", "description": "A sample of a threat feed", "ranges": [ ], "hostBaselines": False, "suppressExcludedServices": True, "inverseSuppression": False, "hostTrap": False, "sendToCta": False, "parentId": 0 } ]
So I suppose the "ranges" is needed.
Is there a way to create a tag with empty ranges ? Perhaps, i miss something.
I successfully do that by editing XML Host Group previously but I miss that part to completely switch to the API.
I work with 7.1.2 version of Cisco StealthWatch.
Regards.
Solved! Go to Solution.
06-08-2022 08:23 AM
Hello,
I have solved this issue since several months with the Cisco support team.
Lately I answer to myself because perhaps it can help some one else ...
My request was not exactly the one describe in my precedent post. I have put this "request_data" in a function and this function was call with a variable "ipaddr" and in some case, I just want to create an empty HostGroup(tag). this variable was set like this :
ipaddr = ""
So the request data was really like this :
request_data = [ { "name": "Sample Threat Feed", "location": "OUTSIDE", "description": "A sample of a threat feed", "ranges": [ "" ], "hostBaselines": False, "suppressExcludedServices": True, "inverseSuppression": False, "hostTrap": False, "sendToCta": False, "parentId": 0 } ]
And the StealthWatch didn't accept this JSON, so I have test like this to avoid that :
if not ipaddr: request_data = [ { "name": name, "location": "INSIDE", "description": "Automatique", "ranges": [], "hostBaselines": True, "suppressExcludedServices": True, "inverseSuppression": False, "hostTrap": False, "sendToCta": False, "parentId": parentid } ] else: request_data = [ { "name": name, "location": "INSIDE", "description": "Automatique", "ranges": [ ipaddr ], "hostBaselines": True, "suppressExcludedServices": True, "inverseSuppression": False, "hostTrap": False, "sendToCta": False, "parentId": parentid } ]
Regards
06-08-2022 08:23 AM
Hello,
I have solved this issue since several months with the Cisco support team.
Lately I answer to myself because perhaps it can help some one else ...
My request was not exactly the one describe in my precedent post. I have put this "request_data" in a function and this function was call with a variable "ipaddr" and in some case, I just want to create an empty HostGroup(tag). this variable was set like this :
ipaddr = ""
So the request data was really like this :
request_data = [ { "name": "Sample Threat Feed", "location": "OUTSIDE", "description": "A sample of a threat feed", "ranges": [ "" ], "hostBaselines": False, "suppressExcludedServices": True, "inverseSuppression": False, "hostTrap": False, "sendToCta": False, "parentId": 0 } ]
And the StealthWatch didn't accept this JSON, so I have test like this to avoid that :
if not ipaddr: request_data = [ { "name": name, "location": "INSIDE", "description": "Automatique", "ranges": [], "hostBaselines": True, "suppressExcludedServices": True, "inverseSuppression": False, "hostTrap": False, "sendToCta": False, "parentId": parentid } ] else: request_data = [ { "name": name, "location": "INSIDE", "description": "Automatique", "ranges": [ ipaddr ], "hostBaselines": True, "suppressExcludedServices": True, "inverseSuppression": False, "hostTrap": False, "sendToCta": False, "parentId": parentid } ]
Regards
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide