Security credentials
The Administration → Credentials area consists of three tabs:
- Access keys - Consult and copy the API keys and API secrets used to set up the Devo In-House Relay and authorize your API requests.
- X.509 certificates - Download the X.509 certificates used to authenticate the data sources that send events directly to the Devo Platform.
- HTTP/APIv2 tokens - Generate OAuth 2.0 tokens used to send data using the HTTP protocol and authorize API requests.
The following video describes the security credentials and how to access them:
Access keys
When an account is created, a pair of access keys (API key and API secret) is automatically generated. The purpose of these credentials is to provide security for REST API or query protocol communications with Devo API services.
Click the Create new APIkey button to generate a new pair of access keys. You can display an API key/secret by clicking Show in the required column. Click the icon next to the key to copy it to your clipboard.
Click the ellipsis icon at the end of a row and select Delete to remove a pair of access keys.
X.509 Certificates
These certificates are used to make secure Syslog protocol requests to Devo. Select Chain CA to download the Certificate Authority certificates and click New Certificate to generate a new set of certificates.
Select the name of the required certificate to download it. Click the ellipsis icon at the end of a row and select Delete to remove those certificates.
HTTP/APIv2 tokens
This is where you can manage the existing OAuth 2.0 tokens or generate new ones. You can create tokens to query data using the Devo API or tokens to send data using an HTTP endpoint.
You can delete or disable any existing tokens shown in the list. When you delete a token, it is completely removed from the platform. If you disable a token, you will be able to enable it later using the ellipsis menu. To generate a new token:
Click Create new token.
- Enter a Token name.
Select one of the three possible allowed actions for the new token.
Http Send Create a token to send data using HTTP. See the HTTP endpoint article for more information. Queries with Api v2 Use this token to restrict REST API query requests to a specific set of tables. With this kind of token you can start, stop and remove your own jobs or any matching the target tables. Queries with Api v2 and task/jobs administrator This is the same as Queries with Api v2, but allows you to start, stop, or remove any job within your domain. See the Authorizing REST API requests article for more information. Use the Target table(s) field to limit the tables in which the token will be used. Use wildcards as needed to reference a family of tables. The following table describes how to use wildcard symbols to specify the tables in the Target table(s) field.
Wildcard Description Example Matches
?Matches a single character where the wildcard is placed.
siem.logtrust.web.inf?
siem.logtrust.web.info
firewall.fortinet.even?.user firewall.fortinet.event.user *
Matches zero or more characters in only one tag element
siem.logtrust.alert.*
siem.logtrust.alert.info
siem.logtrust.alert.error
web.a*.error web.apache.error **
Matches zero or more characters in one or more tag elements
web.aws.**
web.aws.elb.access
firewal.fortinet.**
firewal.fortinet.event.user
firewal.fortinet.event.vpn
firewall.fortinet.traffic.forward
firewall.fortinet.traffic.local
- Click Accept to create the token.
To view and edit the details of a token, go to Administration → Data Management and select the API/OData tab. Learn more in the Data processes and feeds article.