Organization Settings Reference
This topic covers examples of organizational settings.
Examples
Example JSON Response Body for Get Events Settings
{
"audit_event_retention_seconds": 180,
"audit_event_min_severity": "informational",
"format": "JSON"
}
Update Events Settings
Example JSON Request Body for Update Events
{
"audit_event_retention_seconds": 90,
"audit_event_min_severity": "informational"
}Example JSON Response Body with Local and Remote Syslog Location Information
[
{
"href": "/api/v2/orgs/1/settings/syslog/destinations/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx",
"pce_scope": [ "remote-my-company0.com", "remote-my-company1.com" ],
"type": "remote_syslog",
"description": "remotesyslog",
"audit_event_logger": {
"configuration_event_included": true,
"system_event_included": false,
"min_severity": "warning"
},
"traffic_event_logger": {
"traffic_flow_allowed_event_included": true,
"traffic_flow_potentially_blocked_event_included": true,
"traffic_flow_blocked_event_included": true
},
"node_status_logger": {
"node_status_included": true
},
"remote_syslog": {
"address" : "my-company-20.com",
"port" : 12345,
"protocol" : 6,
"tls_enabled" : false,
"tls_verify_cert" : false
}
}
]Example JSON Response Body with Remote Syslog Location Information
{
"href": "/api/v2/orgs/1/settings/syslog/destinations/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx",
"pce_scope": [ "remote-my-company0.com", "remote-my-company1.com" ],
"type": "remote_syslog",
"description": "remotesyslog",
"audit_event_logger": {
"configuration_event_included": true,
"system_event_included": false,
"min_severity": "warning"
},
"traffic_event_logger": {
"traffic_flow_allowed_event_included": true,
"traffic_flow_potentially_blocked_event_included": true,
"traffic_flow_blocked_event_included": true
},
"node_status_logger": {
"node_status_included": true
},
"remote_syslog": {
"address" : "my-company-20.com",
"port" : 12345,
"protocol" : 6,
"tls_enabled" : false,
"tls_verify_cert" : false
}
}Example JSON Request Body to Create a Remote Syslog Destination
{
"pce_scope": [ "my-company0.com", "my-company1.com", "my-company2.com" ],
"type": "remote_syslog",
"description": "remote syslog",
"audit_event_logger": {
"configuration_event_included": true,
"system_event_included": false,
"min_severity": "warning"
},
"traffic_event_logger": {
"traffic_flow_allowed_event_included": true,
"traffic_flow_potentially_blocked_event_included": true,
"traffic_flow_blocked_event_included": true
},
"node_status_logger": {
"node_status_included": true
},
"remote_syslog": {
"address" : "my-company-20.com",
"port" : 12345,
"protocol" : 6,
"tls_enabled" : false,
"tls_verify_cert" : false
}
}Example JSON Request Body to Update a Syslog Destination
{
"href": "/api/v2/orgs/1/settings/syslog/destinations/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx",
"pce_scope": [ "my-company0.com", "my-company1.com", "my-company2.com" ],
"type": "remote_syslog",
"description": "localhost syslog",
"audit_event_logger": {
"configuration_event_included": true,
"system_event_included": true,
"min_severity": "informational"
},
"traffic_event_logger": {
"traffic_flow_allowed_event_included": true,
"traffic_flow_potentially_blocked_event_included": true,
"traffic_flow_blocked_event_included": true
},
"node_status_logger": {
"node_status_included": false
},
"remote_syslog": {
"address" : "my-company-20.com",
"port" : 67890,
"protocol" : 6,
"tls_enabled" : false,
"tls_verify_cert" : false
}
}Examples for Enabling clone detection:
(Only new fields in the schema settings_get are shown)
"clone_detection_enabled": {
"description": "When true, clone detection is done for this org",
"type": "boolean"
},
"automatic_clone_reactivation": {
"description": "When true, automatic clone reactivation should be done on clone detection for this org",
"type": "string",
"enum": [ "disabled", "windows_domain_joined_workloads_only" ]
}Example reply (only for "clone_detection_enabled")
{
"clone_detection_enabled": true,
"automatic_clone_reactivation": "windows_domain_joined_workloads_only"
}