Organization Setting Management
Flags manage organization settings for automatic clone activation and reactivation, and for obtaining permissions from the Census API or a local database.
Enabling clone detection
Users sometimes need to disable clone detection as a safety valve. For example, if a customer has workloads in a particular environment that behave unexpectedly, they might end up with runaway clones being activated.
Functionality | HTTP | Properties Added | URI |
|---|---|---|---|
This is for VEN or URI to fetch the current clone detection settings. Authorization is for the org user and the interservice. |
|
|
|
This is for the org admin to set new clone detection settings. Authorization is for the org admin. |
|
|
|
Two properties have been added to the schemas settings_get and settings_put:
clone_detection_enabledautomatic_clone_reactivation
Depending on whether they are added to the PUT or GET method, they require different types of authorization: org admin for PUT and org user or inter-service authorization for GET.
If
automatic_clone_reactivationisdisabled, there is no automatic clone reactivation.
Census
A new property use_census_permissions was added to the schemas settings_get and settings_put to indicate whether PCE will obtain permissions from the Census API or a local database.
The flag is set to TRUE to get permissions from the census and to FALSE for the local database.
Functionality | HTTP | Properties Added | URI |
|---|---|---|---|
This flag indicates whether the PCE will obtain permissions from the census or a local database. |
|
|
|
Organization Settings Reference
This topic covers examples of organizational settings.
Examples
Example JSON Response Body for Get Events Settings
{
"audit_event_retention_seconds": 180,
"audit_event_min_severity": "informational",
"format": "JSON"
}
Update Events Settings
Example JSON Request Body for Update Events
{
"audit_event_retention_seconds": 90,
"audit_event_min_severity": "informational"
}Example JSON Response Body with Local and Remote Syslog Location Information
[
{
"href": "/api/v2/orgs/1/settings/syslog/destinations/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx",
"pce_scope": [ "remote-my-company0.com", "remote-my-company1.com" ],
"type": "remote_syslog",
"description": "remotesyslog",
"audit_event_logger": {
"configuration_event_included": true,
"system_event_included": false,
"min_severity": "warning"
},
"traffic_event_logger": {
"traffic_flow_allowed_event_included": true,
"traffic_flow_potentially_blocked_event_included": true,
"traffic_flow_blocked_event_included": true
},
"node_status_logger": {
"node_status_included": true
},
"remote_syslog": {
"address" : "my-company-20.com",
"port" : 12345,
"protocol" : 6,
"tls_enabled" : false,
"tls_verify_cert" : false
}
}
]Example JSON Response Body with Remote Syslog Location Information
{
"href": "/api/v2/orgs/1/settings/syslog/destinations/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx",
"pce_scope": [ "remote-my-company0.com", "remote-my-company1.com" ],
"type": "remote_syslog",
"description": "remotesyslog",
"audit_event_logger": {
"configuration_event_included": true,
"system_event_included": false,
"min_severity": "warning"
},
"traffic_event_logger": {
"traffic_flow_allowed_event_included": true,
"traffic_flow_potentially_blocked_event_included": true,
"traffic_flow_blocked_event_included": true
},
"node_status_logger": {
"node_status_included": true
},
"remote_syslog": {
"address" : "my-company-20.com",
"port" : 12345,
"protocol" : 6,
"tls_enabled" : false,
"tls_verify_cert" : false
}
}Example JSON Request Body to Create a Remote Syslog Destination
{
"pce_scope": [ "my-company0.com", "my-company1.com", "my-company2.com" ],
"type": "remote_syslog",
"description": "remote syslog",
"audit_event_logger": {
"configuration_event_included": true,
"system_event_included": false,
"min_severity": "warning"
},
"traffic_event_logger": {
"traffic_flow_allowed_event_included": true,
"traffic_flow_potentially_blocked_event_included": true,
"traffic_flow_blocked_event_included": true
},
"node_status_logger": {
"node_status_included": true
},
"remote_syslog": {
"address" : "my-company-20.com",
"port" : 12345,
"protocol" : 6,
"tls_enabled" : false,
"tls_verify_cert" : false
}
}Example JSON Request Body to Update a Syslog Destination
{
"href": "/api/v2/orgs/1/settings/syslog/destinations/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx",
"pce_scope": [ "my-company0.com", "my-company1.com", "my-company2.com" ],
"type": "remote_syslog",
"description": "localhost syslog",
"audit_event_logger": {
"configuration_event_included": true,
"system_event_included": true,
"min_severity": "informational"
},
"traffic_event_logger": {
"traffic_flow_allowed_event_included": true,
"traffic_flow_potentially_blocked_event_included": true,
"traffic_flow_blocked_event_included": true
},
"node_status_logger": {
"node_status_included": false
},
"remote_syslog": {
"address" : "my-company-20.com",
"port" : 67890,
"protocol" : 6,
"tls_enabled" : false,
"tls_verify_cert" : false
}
}Examples for Enabling clone detection:
(Only new fields in the schema settings_get are shown)
"clone_detection_enabled": {
"description": "When true, clone detection is done for this org",
"type": "boolean"
},
"automatic_clone_reactivation": {
"description": "When true, automatic clone reactivation should be done on clone detection for this org",
"type": "string",
"enum": [ "disabled", "windows_domain_joined_workloads_only" ]
}Example reply (only for "clone_detection_enabled")
{
"clone_detection_enabled": true,
"automatic_clone_reactivation": "windows_domain_joined_workloads_only"
}