Streaming API tab

The Streaming API tab allows you to create a notification stream that is used to retrieve information about specific events which are selected based on trigger configurations. Triggers, like in other notification types, can be tailored by frequency, quantity per day, and specific types of alerts.

The quick search field above the list provides fast, as-you-type search. It filters the rows in the list, displaying only those rows that have text, in any field, that matches the query string.

Click the plus icon to add a notification.

The columns to be displayed in the list can be customized by clicking the additional content icon.

Customize the number of rows to be displayed. The default is 20 entries. Use the left arrow (back) and right arrow (forward) icons to navigate through multiple pages.

The Streaming API notifications list contains the following:

Appliance

The appliance or sensor that triggers the notifications.

Click edit to edit the notification.

Click delete to delete the notification. Click the Delete button in the Delete confirmation pop-up.

Click unread to view a summary of the notification configuration. The summary is displayed in a pop-up. Click the Send test notification button to send a test. Click the Edit button to edit the notification configuration. Click cancel/close or the Close button to dismiss the pop-up.

Click heartbeat/test to send a test notification. The icon will be grayed out if the notification is disabled.

Max daily notifications

The maximum number of notifications to send within a 24 hour period.

Stream name

A unique name for this stream.

Stream URL

The URL to the stream. This URL is automatically generated when the stream is created.

Include pcap

Whether to include pcap information inside the notification for network events.

Enabled

Shows True if the notification is enabled, False otherwise. Click power to toggle the enable/disable status of the notification.

Create streaming API notification page

On the Create Streaming API Notification page, fill in the following:

Appliance

The appliance or sensor that triggers the notifications. Select from the License pull-down menu:

  • All licenses Automatically selects all sensors.

  • All sensors Use the Sensor pull-down menu to select any specific sensor from any license.

  • Specific license Use the Sensor pull-down menu to select All sensors for that license or any specific sensor.

Daily limit

Select the maximum number of notifications to send within a 24 hour period. 0 (zero) means unlimited.

Timezone

Select the timezone within which daily limits are computed. By default, the current system timezone is selected.

Enable/disable notification

Click the Enabled button to toggle whether the notification will be enabled upon being saved. Notifications can be enabled or disabled at any time.

Streaming API settings

Stream name

Enter a unique name for the stream.

Include pcap

If Enabled, notification messages will include a base-64-encoded dump of the packet capture associated with the event.

Triggers

Select the appropriate triggers for the notification. For more information, see About notification triggers. Also see Sensor group notifications for some caveats about notifications and sensor groups.

Appliance triggers

By default, Appliance triggers are set to Enabled.

Audit triggers

By default, Audit triggers are set to Disabled.

Network triggers

By default, Network triggers are set to Enabled.

Campaign triggers

By default, Campaign triggers are set to Disabled.

Mail triggers

By default, Mail triggers are set to Disabled.

Network IoC triggers

By default, Network IoC triggers are set to Enabled.

Intelligence triggers

By default, Intelligence triggers are set to Disabled. These triggers are only available when All licenses is selected.

Once the notification is properly configured, click the Save button to apply the changes. The Streaming API notification configuration summary pop-up is displayed. When you close it, the Streaming API notifications list is displayed.