Domain administration / Security credentials

Security credentials

The Administration → Credentials area consists of three tabs:

Access keys - Consult and copy the API keys and API secrets used to set up the Devo In-House Relay and authorize your API requests.
X.509 certificates - Download the X.509 certificates used to authenticate the data sources that send events directly to the Devo Platform.
Authentication tokens - Generate OAuth 2.0 tokens used to send data using the HTTP protocol and authorize API requests.

The following video describes the security credentials and how to access them:

Access keys

When an account is created, a pair of access keys (API key and API secret) is automatically generated. The purpose of these credentials is to provide security for REST API or query protocol communications with Devo API services.

To generate a new pair of access keys, click the Create new API key button on the top right.

To display an API key/API secret, click Show in the required column. A dialog will appear to show the requested API.
To copy the displayed API key/API secret to your clipboard, click the Copy to Clipboard icon next to it.

To delete a pair of access keys, place the cursor on the required row to highlight it and an ellipsis icon will appear at the end of the row. Click it and select Delete.

X.509 Certificates

These certificates are used to make secure Syslog protocol requests to Devo.

To download the Certificate Authority certificates, select Chain CA.
To generate a new set of certificates, click New Certificate.
To download a certificate, click the type name on the required row under the required column.
To delete a set of certificates, place the cursor on the required row to highlight it and an ellipsis icon will appear at the end of the row. Click it and select Delete.

Authentication tokens

This is where you can manage the existing OAuth 2.0 tokens or generate new ones. You can create tokens to query data using the Devo API or tokens to send data using an HTTP endpoint.

To generate a new token:

Click Create new token.
Enter a Token name.

Select one of the three possible allowed actions for the new token.

Sending data via HTTP	Create a token to send data using HTTP. See the HTTP endpoint article for more information.
Query data using REST API	Use this token to restrict REST API query requests to a specific set of tables. With this kind of token you can start, stop and remove your own jobs or any matching the target tables.
Query data and manage jobs using REST API	This is the same as Query data using REST API, but allows you to start, stop, or remove any job within your domain. See the Authorizing REST API requests article for more information.

Use the Target Table(s) field to limit the tables in which the token will be used. Use wildcards as needed to reference a family of tables. The following table describes how to use wildcard symbols to specify the tables in the Target Table(s) field.

Wildcard	Description	Example	Matches
?	Matches a single character where the wildcard is placed.	siem.logtrust.web.inf?	siem.logtrust.web.info
?	Matches a single character where the wildcard is placed.	firewall.fortinet.even?.user	firewall.fortinet.event.user
*	Matches zero or more characters in only one tag element	siem.logtrust.alert.*	siem.logtrust.alert.info siem.logtrust.alert.error
*	Matches zero or more characters in only one tag element	web.a*.error	web.apache.error
**	Matches zero or more characters in one or more tag elements	web.aws.**	web.aws.elb.access
**	Matches zero or more characters in one or more tag elements	firewal.fortinet.**	firewal.fortinet.event.user firewal.fortinet.event.vpn firewall.fortinet.traffic.forward firewall.fortinet.traffic.local

Click Accept to create the token.

To disable a token, place the cursor on the required row to highlight it and an ellipsis icon will appear at the end of the row. Click it and select Disable. You will be able to enable it later using the ellipsis menu again and clicking Enable.
To delete an existing token, place the cursor on the required row to highlight it and an ellipsis icon will appear at the end of the row. Click it and select Delete. When you delete a token, it is completely removed from the platform. If you disable a token, you will be able to enable it later using the ellipsis menu.
To view and edit the details of a token, go to Administration → Data Management and select the API & OData Feeds tab. Learn more in the Data processes and feeds article.

Download as PDF

Did you find what you were looking for?

If not, please let us know what you need. Your feedback will help us to improve.