Cloudflare integration with RSA SA
Cloudflare makes available Logpull a RESTful API to request logs over HTTP from its platform.
Question is, is there a module or method within RSA SA to make queries to an external API such as Logpull, requesting for logs, and then subsequently ingest them within the Decoder?
Logs are generated in JSON format, for which a custom parser can be managed, however how do I get the logs consumed by RSA SA, to begin with?
- API Query
- Community Thread
- Forum Thread
- restful api reference guide
- RSA NetWitness
- RSA NetWitness Platform
The Plugin Collection capability sounds like what you're looking for: https://community.rsa.com/docs/DOC-84695
That document walks through the process for developing your own plugin to pull from *any* API.