: Add Your API Client to Data Security
Focus
Focus

Add Your API Client to Data Security

Table of Contents

Add Your API Client to Data Security

Follow these steps to generate a client ID and client secret so you can add an API client to Data Security.
You can configure a third-party API client (for example, Cortex XSOAR) to authenticate to Data Security using an OAuth connection for efficient incident management and remediation. To do so, you must first add an API client on Data Security to retrieve the Client ID and Client Secret that your API client requires for authentication. When you add the API client on Data Security, you specify the incident management and remediation access you want to grant the third-party API client. You can only connect one third-party API client.
Data Security currently supports one Syslog receiver AND one API client app with access to log data. So, you can use the two protocols and connect SIEM and SOAR software separately. However, Data Security does not support using multiple Syslog receivers or multiple API clients concurrently. Alternatively, if you want to use both Splunk and Cortex XSOAR, directly connect Splunk to Cortex XSOAR using the Splunk integration, and create a Client ID and Client Secret for Cortex XSOAR to directly connect to Data Security.
  1. To add your API client, go to SettingsDirectory & External Services.
  2. Click Add Client App to register an API client.
  3. Enter a unique Name for the API client.
  4. Authorize the API client for specific Scopes.
    • Log access—Access log files. You can either provide this API client log access or add a syslog receiver for this purpose.
    • Incident management—Retrieve and change incident status.
    • Quarantine managementQuarantine assets and restore quarantined assets.
    You use these scopes in the POST request to the /oauth/token endpoint.
  5. Save your changes to grant Data Security the ability to generate and display a Client ID and a Client Secret.
    Immediately record the Client Secret that displays. After dismissal, you cannot access the Client Secret again. Configure your API client with the Client ID and Client Secret to authenticate your API client to Data Security.
  6. (Optional) To delete a client, click Delete.