Skip to main content

REST APIs 25.2.10 and 25.2.20

Organization Settings

For Organization Settings examples, see Organization Settings Reference.

Enabling clone detection

Users sometimes need to disable clone detection as a safety valve. For example, if a customer has workloads in a particular environment that behave unexpectedly, they might end up with runaway clones being activated.

Functionality

HTTP

Properties Added

URI

This is for VEN or URI to fetch the current clone detection settings.

Authorization is for the org user and the interservice.

GET

automatic_clone_ reactivation

clone_detection_ enabled

/api/v2/orgs/:xorg_id/ settings

This is for the org admin to set new clone detection settings.

Authorization is for the org admin.

PUT

automatic_clone_ reactivation

clone_detection _ enabled

/api/v2/orgs/:xorg_id/ settings

Two properties have been added to the schemas settings_get and settings_put:

  • clone_detection_enabled

  • automatic_clone_reactivation

Depending on whether they are added to the PUT or GET method, they require different types of authorization: org admin for PUT and org user or interservice authorization for GET.

  • If automatic_clone_reactivation is disabled, there is no automatic clone reactivation.

Organization Settings Reference

This topic covers examples of organizational settings.

Examples

Example JSON Response Body for Get Events Settings

{
    "audit_event_retention_seconds": 180,
    "audit_event_min_severity": "informational",
    "format": "JSON"
}
Update Events Settings

Example JSON Request Body for Update Events

{
    "audit_event_retention_seconds": 90,
    "audit_event_min_severity": "informational"
}

Example JSON Response Body with Local and Remote Syslog Location Information

[
    {
        "href": "/api/v2/orgs/1/settings/syslog/destinations/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx",
        "pce_scope": [ "remote-my-company0.com", "remote-my-company1.com" ],
        "type": "remote_syslog",
        "description": "remotesyslog",
        "audit_event_logger": {
            "configuration_event_included": true,
            "system_event_included": false,
            "min_severity": "warning"
        },
        "traffic_event_logger": {
            "traffic_flow_allowed_event_included": true,
            "traffic_flow_potentially_blocked_event_included": true,
            "traffic_flow_blocked_event_included": true
        },
        "node_status_logger": {
            "node_status_included": true
        },
        "remote_syslog": {
            "address"  : "my-company-20.com",
            "port"     : 12345,
            "protocol" : 6,
            "tls_enabled"     : false,
            "tls_verify_cert" : false
        }
    }
]

Example JSON Response Body with Remote Syslog Location Information

{
    "href": "/api/v2/orgs/1/settings/syslog/destinations/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx",
    "pce_scope": [ "remote-my-company0.com", "remote-my-company1.com" ],
    "type": "remote_syslog",
    "description": "remotesyslog",
    "audit_event_logger": {
        "configuration_event_included": true,
        "system_event_included": false,
        "min_severity": "warning"
    },
    "traffic_event_logger": {
        "traffic_flow_allowed_event_included": true,
        "traffic_flow_potentially_blocked_event_included": true,
        "traffic_flow_blocked_event_included": true
    },
    "node_status_logger": {
        "node_status_included": true
    },
    "remote_syslog": {
        "address"  : "my-company-20.com",
        "port"     : 12345,
        "protocol" : 6,
        "tls_enabled"     : false,
        "tls_verify_cert" : false
    }
}

Example JSON Request Body to Create a Remote Syslog Destination

{
    "pce_scope": [ "my-company0.com", "my-company1.com", "my-company2.com" ],
    "type": "remote_syslog",
    "description": "remote syslog",
    "audit_event_logger": {
        "configuration_event_included": true,
        "system_event_included": false,
        "min_severity": "warning"
    },
    "traffic_event_logger": {
       "traffic_flow_allowed_event_included": true,
       "traffic_flow_potentially_blocked_event_included": true,
       "traffic_flow_blocked_event_included": true
    },
    "node_status_logger": {
        "node_status_included": true
    },
    "remote_syslog": {
        "address"  : "my-company-20.com",
        "port"     : 12345,
        "protocol" : 6,
        "tls_enabled"     : false,
        "tls_verify_cert" : false
    }
}

Example JSON Request Body to Update a Syslog Destination

{
    "href": "/api/v2/orgs/1/settings/syslog/destinations/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx",
    "pce_scope": [ "my-company0.com", "my-company1.com", "my-company2.com"  ],
    "type": "remote_syslog",
    "description": "localhost syslog",
    "audit_event_logger": {
        "configuration_event_included": true,
        "system_event_included": true,
        "min_severity": "informational"
    },
    "traffic_event_logger": {
       "traffic_flow_allowed_event_included": true,
       "traffic_flow_potentially_blocked_event_included": true,
       "traffic_flow_blocked_event_included": true
    },
    "node_status_logger": {
        "node_status_included": false
    },
    "remote_syslog": {
        "address"  : "my-company-20.com",
        "port"     : 67890,
        "protocol" : 6,
        "tls_enabled"     : false,
        "tls_verify_cert" : false
    }
}
Examples for Enabling clone detection:

(Only new fields in the schema settings_get are shown)

"clone_detection_enabled": {
	"description": "When true, clone detection is done for this org",
	"type": "boolean"
   },
	"automatic_clone_reactivation": {
	"description": "When true, automatic clone reactivation should be done on clone detection for this org",
	"type": "string",
	"enum": [ "disabled", "windows_domain_joined_workloads_only" ]
}

Example reply (only for "clone_detection_enabled")

{
	"clone_detection_enabled": true,
	"automatic_clone_reactivation": "windows_domain_joined_workloads_only"
}