Introducing the Stellar Cyber API
Stellar Cyber provides a public API that lets you interact with the product programmatically, allowing you to write your own scripts to retrieve data from the product or create entities within it.
-
Stellar Cyber is always adding new public APIs to the product. The Summary of Public APIs, below, shows you the types of information you can retrieve and create.
-
Once you are ready to get started working with the API, use the following steps:
-
Use the information in Configuring API Authentication to create a user with the necessary privileges and an API key.
-
Use the detailed reference material from the API's swagger.json file to create your own scripts and API calls.
-
-
Refer to the Stellar Cyber Public API Examples for a set of sample scripts and API calls that you can use as inspiration for your own work.
The API replaces access to port 8889 on the DP.
Summary of Public APIs
As summarized in the interactive API Reference, Stellar Cyber provides public APIs for the following features:
-
Create, Delete, and List Connectors
-
Retrieve Detailed Sensor Information
-
Retrieve Detailed Case Information
-
Retrieve Case Observables
-
Update Case Information
-
Retrieve information on Storage Usage
-
Retrieve Ingestion Statistics
-
Retrieve information on the configuration and hits of log filters.
-
Retrieve user activity logs for Stellar Cyber user accounts.
-
Retrieve storage usage and ingestion statistics.
-
Create, Delete, Update, and List Tenants
-
Create, Delete, Update, and List Tenant Groups
-
Update Tags, Status, and Comments for Events
-
Perform an ElasticSearch Query on a Specific Index
-
Reset User Passwords
-
Add events to the Security Index (Bulk or Standard)
-
Create, Delete, and List Lookup Tables (by Tenant or by All Tenants)
-
Create, Delete, and List Reports
-
Create, Delete, and List Security Event Filters