Views:
This section provides some examples to illustrate how to use Cloud App Security APIs, for example, the Log Retrieval API.
The examples include:
  • Using the Log Retrieval API in Windows PowerShell
  • Using the Log Retrieval API in cURL
  • Using the Log Retrieval API in Postman
  • Using Python to write a script to use the Log Retrieval API
Before you start,
  • Log on to the Cloud App Security management console, and go to AdministrationAutomation and Integration APIsAddFor External Applications to generate an authentication token. For details, see Generating an Authentication Token.
  • Get the data ready for the following placeholders that will be used in the examples:
    • REPLACE_WITH_YOUR_TOKEN: Authentication token you created on the Cloud App Security management console
    • REPLACE_WITH_CAS_SERVICE_URL: Cloud App Security service URL, for example, api.tmcas.trendmicro.com. It is subject to the site where your Cloud App Security service is hosted and used in REPLACE_WITH_YOUR_REQUEST_URL below. Find the service URL for your serving site at Understanding the URL Structure.
    • REPLACE_WITH_YOUR_REQUEST_URL: HTTPS request URL structured to use the API, for example, https://api.tmcas.trendmicro.com/siem/v1/security_events?service=exchange&event=securityrisk&start=2020-05-28T02:33:07.000Z&end=2020-05-29T07:12:59.000Z&limit=100

Using the Log Retrieval API in Windows PowerShell

Launch Windows PowerShell as an administrator, copy and paste the following into the command prompt window that appears, and then press Enter.
$headers = New-Object "System.Collections.Generic.Dictionary[[String],[String]]"
$headers.Add("Authorization", "Bearer REPLACE_WITH_YOUR_TOKEN")
$response = Invoke-RestMethod 'REPLACE_WITH_YOUR_REQUEST_URL' -Method 'GET' -Headers $headers -Body $body
$response | ConvertTo-Json
The requested logs display on the command prompt window.

Using the Log Retrieval API in cURL

Launch cURL in a supported operating system, copy and paste the following into the command prompt window that appears, and then press Enter.
Note
Note
If you run the following command on the Windows Command Prompt, replace the single quotation marks with double quotation marks.
curl --location --request GET 'REPLACE_WITH_YOUR_REQUEST_URL' --header 'Authorization: Bearer ${REPLACE_WITH_YOUR_TOKEN}'
The requested logs display on the command prompt window.

Using the Log Retrieval API in Postman

Go to the Postman official website to download and install the application. Launch Postman in a supported operating system, specify the following fields, and then click Send.
  • Select the request method, GET for the Log Retrieval API.
  • Copy and paste the value of REPLACE_WITH_YOUR_REQUEST_URL in the text box next to the request method.
  • On the Authorization tab, select Bearer Token from the TYPE drop-down list.
  • Copy and paste the value of REPLACE_WITH_YOUR_TOKEN in the Token text box.
The requested logs display in the Response area below.

Using Python to write a script to use the Log Retrieval API

If you are using Python to write a script to use the API, the following is a script sample.
import http.client
import mimetypes
conn = http.client.HTTPSConnection("REPLACE_WITH_CAS_API_PORTAL_URL")
payload = ''
headers = {
  'Authorization': 'Bearer REPLACE_WITH_YOUR_TOKEN'
}
conn.request("GET", "REPLACE_WITH_YOUR_REQUEST_URL", payload, headers)
res = conn.getresponse()
data = res.read()
print(data.decode("utf-8"))