2.2.2. MetaAccess API

The MetaAccess API input allow Splunk administrator to collect data from a MetaAccess account.

The below table explains meaning of each field when you create/update a MetaAccess Logs input.

Input Name

Required

Description

Name

Yes

Appropriate unique name for the Input you are creating. This box will not accept the space in name

Interval (seconds)

Yes

Frequency at which Splunk makes an API call to fetch the latest logs. Please be mindful of the interval you set for the Input as smaller value of interval for some less frequently updated APIs can ingest duplicate data at each run and counts against the Splunk License quota also. For ex: Vulnerability details doesn’t get updated that frequently so running Get Vulnerability API every 60 second will end up ingesting duplicate data every 60 seconds. Intervals less than 60 seconds are NOT permitted and will generate an error when saving the input.

Index

Yes

Select the appropriate Index from the dropdown for this input.

Global Account

Yes

Select the Account (that you have created in previous steps) from the drop-down menu.

API Endpoint

Yes

Please provide the appropriate API Endpoint value. Refer to the API Documentation here to get the valid endpoint values.

HTTP Request Method

Yes

Select the appropriate HTTP request method (GET or POST), depending on the API endpoint you have chosen.

Body

No

Optional Parameter. Apply any additional parameters in JSON format that you want to pass to the API request body.

MetaAccess API input - Body Example

{
"filter": {
"severity": [
"critical",
"important"
]
},
"sort": {
"order": "desc",
"field": "opswat_score"
}
}

MetaAccess API Input Configuration Example

images/download/attachments/2568844/MetaAccess_API_Example.png