...
In the Administration → Credentials → TokensAuthentication tokens area, you can manage the existing tokens in your domain or generate new ones. You can create tokens to authorize requests to our Devo APIs or to send data using an HTTP endpoint.
...
| Rw ui steps macro |
|---|
Enter a Name for the new token and assign it to yourself or to another user in your domain in the Authorized user field. Only that user will be able to use the token. | Note |
|---|
Note that the selected user must have permission to access the data tables specified in the field below. |
Use the Target table/s field to limit the tables in which the token will be used. Choose the required option(s) from the dropdown menu or enter the required tables manually and press to add them.If you enter the target tables manually, you can use wildcards as needed to reference a family of tables. The following table describes how to use wildcard symbols to specify the required target tables: Wildcard | Description | Example | Matches |
|---|
? | Matches a single character where the wildcard is placed. | siem.logtrust.web.inf? | siem.logtrust.web.info | firewall.fortinet.even?.user | firewall.fortinet.event.user | * | Matches zero or more characters in only one tag element. | siem.logtrust.alert.* | siem.logtrust.alert.info siem.logtrust.alert.error | web.a*.error | web.apache.error | ** | Matches zero or more characters in one or more tag elements. | web.aws.** | web.aws.elb.access | firewal.fortinet.** | firewal.fortinet.event.user firewal.fortinet.event.vpn firewall.fortinet.traffic.forward firewall.fortinet.traffic.local |
Select one of the allowed actions for the new token in the Type area: HTTP ingestion: Create a token to send data using HTTP. See the HTTP endpoint article for more information. Query API (Query data and manage my jobs): With this kind of token, you can use the Query API to start, stop and remove your own jobs or any matching the target tables. Learn more about using the Query API here. Query API (Query data and manage all domain jobs): This is the same as the option above but allows you to start, stop, or remove any job within your domain. Learn more about using the Query API here. Alert API (Create and manage alerts using the API): With this token, you can use the Alerts API to define new alerts and manage them. Learn more about using the Alerts API here. Aggregation Tasks API: Use this token to authorize your requests through the Aggregation Tasks API.
Optionally, check the Enabled box in the Expiration date field if you want to enter an expiration date for the new token. Choose the required date in the calendar. Click Apply Create to create generate the token. |
The token will now appear in the table of this area. To copy the generated token to your clipboard, click its name in the table and copy it from the window that appears.
...
