cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1501
Views
0
Helpful
1
Replies

StealthWatch API : Create tag without "ranges" (or empty "ranges")

Hello,

I successfully create a method in python to create tag (Host Group) base on that example :

https://github.com/CiscoDevNet/stealthwatch-enterprise-sample-scripts/blob/master/python/add_tag.py

But in some case, i need to create a tag with empty "ranges" but with this API :

'https://' + SMC_HOST + '/smc-configuration/rest/v1/tenants/' + SMC_TENANT_ID + '/tags

But the following JSON :

    request_data = [
        {
            "name": "Sample Threat Feed",
            "location": "OUTSIDE",
            "description": "A sample of a threat feed",
            "ranges": [
                "149.202.170.60",
                "23.129.64.101",
                "37.187.129.166",
                "91.146.121.3"
            ],
            "hostBaselines": False,
            "suppressExcludedServices": True,
            "inverseSuppression": False,
            "hostTrap": False,
            "sendToCta": False,
            "parentId": 0
        }
    ]

With this kind of JSON with an empty "ranges", i have a "400" error code :

    request_data = [
        {
            "name": "Sample Threat Feed",
            "location": "OUTSIDE",
            "description": "A sample of a threat feed",
            "ranges": [ ],
            "hostBaselines": False,
            "suppressExcludedServices": True,
            "inverseSuppression": False,
            "hostTrap": False,
            "sendToCta": False,
            "parentId": 0
        }
    ]

So I suppose the "ranges" is needed.

Is there a way to create a tag with empty ranges ? Perhaps, i miss something.

I successfully do that by editing XML Host Group previously but I miss that part to completely switch to the API.

I work with 7.1.2 version of Cisco StealthWatch.

Regards.

1 Accepted Solution

Accepted Solutions

Hello,

 

I have solved this issue since several months with the Cisco support team.

Lately I answer to myself because perhaps it can help some one else ...

 

My request was not exactly the one describe in my precedent post. I have put this "request_data" in a function and this function was call with a variable "ipaddr" and in some case, I just want to create an empty HostGroup(tag). this variable was set like this :

ipaddr = ""

So the request data was really like this :

    request_data = [
        {
            "name": "Sample Threat Feed",
            "location": "OUTSIDE",
            "description": "A sample of a threat feed",
            "ranges": [ "" ],
            "hostBaselines": False,
            "suppressExcludedServices": True,
            "inverseSuppression": False,
            "hostTrap": False,
            "sendToCta": False,
            "parentId": 0
        }
    ]

And the StealthWatch didn't accept this JSON, so I have test like this to avoid that :

    if not ipaddr:
        request_data = [
            {
                "name": name,
                "location": "INSIDE",
                "description": "Automatique",
                "ranges": [],
                "hostBaselines": True,
                "suppressExcludedServices": True,
                "inverseSuppression": False,
                "hostTrap": False,
                "sendToCta": False,
                "parentId": parentid
            }
        ]
    else:
        request_data = [
            {
                "name": name,
                "location": "INSIDE",
                "description": "Automatique",
                "ranges": [
                    ipaddr
                ],
                "hostBaselines": True,
                "suppressExcludedServices": True,
                "inverseSuppression": False,
                "hostTrap": False,
                "sendToCta": False,
                "parentId": parentid
            }
        ]

Regards

View solution in original post

1 Reply 1

Hello,

 

I have solved this issue since several months with the Cisco support team.

Lately I answer to myself because perhaps it can help some one else ...

 

My request was not exactly the one describe in my precedent post. I have put this "request_data" in a function and this function was call with a variable "ipaddr" and in some case, I just want to create an empty HostGroup(tag). this variable was set like this :

ipaddr = ""

So the request data was really like this :

    request_data = [
        {
            "name": "Sample Threat Feed",
            "location": "OUTSIDE",
            "description": "A sample of a threat feed",
            "ranges": [ "" ],
            "hostBaselines": False,
            "suppressExcludedServices": True,
            "inverseSuppression": False,
            "hostTrap": False,
            "sendToCta": False,
            "parentId": 0
        }
    ]

And the StealthWatch didn't accept this JSON, so I have test like this to avoid that :

    if not ipaddr:
        request_data = [
            {
                "name": name,
                "location": "INSIDE",
                "description": "Automatique",
                "ranges": [],
                "hostBaselines": True,
                "suppressExcludedServices": True,
                "inverseSuppression": False,
                "hostTrap": False,
                "sendToCta": False,
                "parentId": parentid
            }
        ]
    else:
        request_data = [
            {
                "name": name,
                "location": "INSIDE",
                "description": "Automatique",
                "ranges": [
                    ipaddr
                ],
                "hostBaselines": True,
                "suppressExcludedServices": True,
                "inverseSuppression": False,
                "hostTrap": False,
                "sendToCta": False,
                "parentId": parentid
            }
        ]

Regards