Versions Compared

Old Version 16

changes.mady.by.user Juan Tomás Alonso Nieto

Saved on

compared with

New Version 17

changes.mady.by.user Juan Tomás Alonso Nieto

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Table of Contents
minLevel2
maxLevel2
typeflat

Overview

In the Administration → Credentials → Authentication tokens area, you can manage the existing tokens in your domain or generate new ones. You can create tokens to authorize requests to our Devo APIs or to send data using an HTTP endpoint.

Apart from the tokens generated in this area, this area also displays the OData tokens generated in the search window. Learn more about OData feeds in this article.

Create a new token

Click the Create token button at the top right of this area to generate a new token. Fill the fields in the window that appears:

Image RemovedImage Added
Rw ui steps macro
Rw step

Enter a Name for the new token and assign it to yourself or to another user in your domain in the Authorized user field. Only that user will be able to use the token.

Note

Note that the selected user must have permission to access the data tables specified in the field below.

Rw step

Use the Target table/s field to limit the tables in which the token will be used. Choose the required option(s) from the dropdown menu or enter the required tables manually and press

Status
titleENTER
to add them.

If you enter the target tables manually, you can use wildcards as needed to reference a family of tables. The following table describes how to use wildcard symbols to specify the required target tables:

Wildcard

Description

Example

Matches

?

Matches a single character where the wildcard is placed.

siem.logtrust.web.inf?

siem.logtrust.web.info

firewall.fortinet.even?.user

firewall.fortinet.event.user

*

Matches zero or more characters in only one tag element.

siem.logtrust.alert.*

siem.logtrust.alert.info

siem.logtrust.alert.error

web.a*.error

web.apache.error

**

Matches zero or more characters in one or more tag elements.

web.aws.**

web.aws.elb.access

firewal.fortinet.**

firewal.fortinet.event.user

firewal.fortinet.event.vpn

firewall.fortinet.traffic.forward

firewall.fortinet.traffic.local

Rw step

Select one of the allowed actions for the new token in the Type area:

  • HTTP ingestion: Create a token to send data using HTTP. See the HTTP endpoint article for more information.

  • Query API (Query data and manage my jobs): With this kind of token, you can use the Query API to start, stop and remove your own jobs or any matching the target tables. Learn more about using the Query API here.

  • Query API (Query data and manage all domain jobs): This is the same as the option above but allows you to start, stop, or remove any job within your domain. Learn more about using the Query API here.

  • Alert API (Create and manage alerts using the API): With this token, you can use the Alerts API to define new alerts and manage them. Learn more about using the Alerts API here.

  • Aggregation Tasks API: Use this token to authorize your requests through the Aggregation Tasks API.

Rw step

Optionally, check the Enabled box in the Expiration date field if you want to enter an expiration date for the new token. Choose the required date in the calendar.

Rw step

Click Create to generate the token. 

The token will now appear in the table of this area. To copy the generated token to your clipboard, click its name in the table and copy it from the window that appears.

Image RemovedImage Added

Manage tokens

All the tokens generated in the domain will appear in the table of this area. Click the ellipsis button that appears at the end of a token in the table to access the following actions:

Image RemovedImage Added

More info

Click to see the details of the token. Alternatively, you can click its name in the table.

In the Token info window that appears, you can change the name of the token, copy the token and its associated scope to your clipboard, and add tags to it. You can later filter the token list by tags to find your tokens easily.

Disable / Enable

Click to disable/enable the selected token. The color in the Status column of the table shows if the token is enabled (green) or disabled (red).

Alternatively, you can check one or several tokens from the table and click the icon that appears at the top of the table.

Delete

Click to delete the token from the domain.

Alternatively, you can check one or several tokens from the table and click the trash icon that appears at the top of the table.

Filter tokens

You can use the options at the top of the table to filter the list of tokens as required according to different parameters:

  • Use the time buttons to display only tokens created during the last hour, day, etc. By default, the selected option is All.

  • Filter tokens by status. The available options are All (default), Disabled and Enabled.

  • Filter tokens by specific characteristics. Open the dropdown menu next to the search box to select the required parameter (Tags, Type, Name, Owner, Scope, Token and Authorized User) and enter the value to filter by in the search box. Note that you must enter complete values, and not part of them.

Important considerations

  • Tokens assigned to a deleted user will be reassigned to the domain owner and remain enabled. We recommend disabling them if these credentials are known or accessible by an undesired person.

  • Tokens assigned to a disabled user will remain enabled and still assigned to that user.