AsyncOS 11.0 API - Getting Started Guide for Security Appliances

Similar documents
Application Launcher User Guide

Cisco FindIT Plugin for Kaseya Quick Start Guide

Cisco Unified Communications Self Care Portal User Guide, Release

Recovery Guide for Cisco Digital Media Suite 5.4 Appliances

Migration and Upgrade: Frequently Asked Questions

Cisco Connected Mobile Experiences REST API Getting Started Guide, Release 10.2

Cisco Terminal Services (TS) Agent Guide, Version 1.1

CPS UDC MoP for Session Migration, Release

Cisco TelePresence FindMe Cisco TMSPE version 1.2

Cisco Nexus 1000V for KVM Interface Configuration Guide, Release 5.x

Cisco Jabber IM for iphone Frequently Asked Questions

SAML SSO Okta Identity Provider 2

Cisco Terminal Services (TS) Agent Guide, Version 1.1

Cisco Meeting Management

Cisco Terminal Services (TS) Agent Guide, Version 1.0

Cisco Unified Communications Manager Device Package 8.6(2)( ) Release Notes

Cisco Jabber for Android 10.5 Quick Start Guide

Cisco Unified Communications Self Care Portal User Guide, Release 11.5(1)

Cisco UC Integration for Microsoft Lync 9.7(4) User Guide

Cisco UCS Performance Manager Release Notes

Cisco TEO Adapter Guide for

Cisco UCS Director API Integration and Customization Guide, Release 5.4

Cisco TEO Adapter Guide for SAP Java

IP Routing: ODR Configuration Guide, Cisco IOS Release 15M&T

Installation and Configuration Guide for Visual Voic Release 8.5

Cisco TEO Adapter Guide for Microsoft System Center Operations Manager 2007

Cisco Report Server Readme

Flow Sensor and Load Balancer Integration Guide. (for Stealthwatch System v6.9.2)

Software Configuration Guide, Cisco IOS XE Everest 16.6.x (Catalyst 9300 Switches)

Cisco IOS Flexible NetFlow Command Reference

Cisco Expressway Authenticating Accounts Using LDAP

Cisco CSPC 2.7x. Configure CSPC Appliance via CLI. Feb 2018

Prime Service Catalog: UCS Director Integration Best Practices Importing Advanced Catalogs

Cisco UCS Performance Manager Release Notes

Cisco UCS Director F5 BIG-IP Management Guide, Release 5.0

Cisco Prime Network Registrar IPAM 8.3 Quick Start Guide

NNMi Integration User Guide for CiscoWorks Network Compliance Manager 1.6

Cisco TelePresence Authenticating Cisco VCS Accounts Using LDAP

Cisco TEO Adapter Guide for Microsoft Windows

Authenticating Cisco VCS accounts using LDAP

Cisco Jabber Video for ipad Frequently Asked Questions

Cisco Meeting App. Cisco Meeting App (OS X) Release Notes. July 21, 2017

Cisco Meeting Server. Cisco Meeting Server Release 2.0+ Multi-tenancy considerations. December 20, Cisco Systems, Inc.

Cisco Unified Communications Manager Device Package 10.5(1)( ) Release Notes

Cisco 1000 Series Connected Grid Routers QoS Software Configuration Guide

Interdomain Federation for the IM and Presence Service, Release 10.x

Quick Start Guide for Cisco Prime Network Registrar IPAM 8.0

Cisco Nexus 1000V for KVM OpenStack REST API Configuration Guide, Release 5.x

Cisco Proximity Desktop

Backup and Restore Guide for Cisco Unified Communications Domain Manager 8.1.3

TechNote on Handling TLS Support with UCCX

Cisco Evolved Programmable Network System Test Topology Reference Guide, Release 5.0

Cisco CIMC Firmware Update Utility User Guide

Interdomain Federation for IM and Presence Service on Cisco Unified Communications Manager, Release 10.5(1)

Media Services Proxy Command Reference

Host Upgrade Utility User Guide for Cisco UCS E-Series Servers and the Cisco UCS E-Series Network Compute Engine

Cisco Meeting App. Cisco Meeting App (Windows) Release Notes. March 08, Cisco Systems, Inc.

Authenticating Devices

IP Addressing: IPv4 Addressing Configuration Guide, Cisco IOS Release 15S

IP Addressing: IPv4 Addressing Configuration Guide, Cisco IOS Release 12.4

Cisco TEO Adapter Guide for SAP ABAP

Cisco Unified Contact Center Express Historical Reporting Guide, Release 10.5(1)

Cisco Meeting Management

Cisco TelePresence Management Suite Extension for Microsoft Exchange Software version 3.1

Firepower REST API Quick Start Guide, Version 6.1

Quantum Policy Suite Subscriber Services Portal 2.9 Interface Guide for Managers

Release Notes for Cisco Unified Intelligence Center, Release 10.0(1)

Cisco ACI Simulator Installation Guide

Release Notes for Cisco Virtualization Experience Client 2111/2211 PCoIP Firmware Release 4.0.2

CPS UDC SNMP and Alarms Guide, Release

Videoscape Distribution Suite Software Installation Guide

User Guide for Accessing Cisco Unity Connection Voice Messages in an Application

Cisco CSPC 2.7.x. Quick Start Guide. Feb CSPC Quick Start Guide

User Guide for Cisco Jabber for Mac 11.6

Cisco Unified Contact Center Express Historical Reporting Guide, Release 10.6(1)

This document was written and prepared by Dale Ritchie in Cisco s Collaboration Infrastructure Business Unit (CIBU), Oslo, Norway.

IP Addressing: Fragmentation and Reassembly Configuration Guide, Cisco IOS XE Release 3S (Cisco ASR 1000)

HTTP Errors User Guide

Cisco Process Orchestrator REST Web Services Guide

Embedded Packet Capture Configuration Guide

Cisco Meeting Management

Tetration Cluster Cloud Deployment Guide

Cisco Nexus 1000V for KVM REST API Configuration Guide, Release 5.x

Embedded Packet Capture Configuration Guide

Cisco IOS Shell Command Reference

Cisco TelePresence Management Suite Extension for Microsoft Exchange Software version 5.7. User Guide July 2018

Cisco Prime Network Registrar IPAM MySQL Database Replication Guide

Cisco Terminal Services (TS) Agent Guide, Version 1.2

Cisco UCS C-Series IMC Emulator Quick Start Guide. Cisco IMC Emulator 2 Overview 2 Setting up Cisco IMC Emulator 3 Using Cisco IMC Emulator 9

Cisco Meeting App. Cisco Meeting App (ios) Release Notes. October 06, 2017

Embedded Packet Capture Configuration Guide, Cisco IOS Release 15M&T

Cisco IOS HTTP Services Command Reference

Flexible Netflow Configuration Guide, Cisco IOS XE Release 3SE (Catalyst 3850 Switches)

Cisco Nexus 7000 Series Switches Configuration Guide: The Catena Solution

Direct Upgrade Procedure for Cisco Unified Communications Manager Releases 6.1(2) 9.0(1) to 9.1(x)

FindMe. Cisco TelePresence Deployment Guide Cisco VCS X6 D

Cisco WebEx Best Practices for Secure Meetings for Site Administrators and Hosts

Cisco UCS Performance Manager Release Notes

Addendum to Cisco Physical Security Operations Manager Documentation, Release 6.1

Cisco UCS Director PowerShell Agent Installation and Configuration Guide, Release 5.4

Transcription:

AsyncOS 11.0 API - Getting Started Guide for Email Security Appliances First Published: 2017-12-27 Last Modified: -- Americas Headquarters Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134-1706 USA http://www.cisco.com Tel: 408 526-4000 800 553-NETS (6387) Fax: 408 527-0883 Text Part Number:

THE SPECIFICATIONS AND INFORMATION REGARDING THE PRODUCTS IN THIS MANUAL ARE SUBJECT TO CHANGE WITHOUT NOTICE. ALL STATEMENTS, INFORMATION, AND RECOMMENDATIONS IN THIS MANUAL ARE BELIEVED TO BE ACCURATE BUT ARE PRESENTED WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED. USERS MUST TAKE FULL RESPONSIBILITY FOR THEIR APPLICATION OF ANY PRODUCTS. THE SOFTWARE LICENSE AND LIMITED WARRANTY FOR THE ACCOMPANYING PRODUCT ARE SET FORTH IN THE INFORMATION PACKET THAT SHIPPED WITH THE PRODUCT AND ARE INCORPORATED HEREIN BY THIS REFERENCE. IF YOU ARE UNABLE TO LOCATE THE SOFTWARE LICENSE OR LIMITED WARRANTY, CONTACT YOUR CISCO REPRESENTATIVE FOR A COPY. The Cisco implementation of TCP header compression is an adaptation of a program developed by the University of California, Berkeley (UCB) as part of UCB's public domain version of the UNIX operating system. All rights reserved. Copyright 1981, Regents of the University of California. NOTWITHSTANDING ANY OTHER WARRANTY HEREIN, ALL DOCUMENT FILES AND SOFTWARE OF THESE SUPPLIERS ARE PROVIDED AS IS" WITH ALL FAULTS. CISCO AND THE ABOVE-NAMED SUPPLIERS DISCLAIM ALL WARRANTIES, EXPRESSED OR IMPLIED, INCLUDING, WITHOUT LIMITATION, THOSE OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OR ARISING FROM A COURSE OF DEALING, USAGE, OR TRADE PRACTICE. IN NO EVENT SHALL CISCO OR ITS SUPPLIERS BE LIABLE FOR ANY INDIRECT, SPECIAL, CONSEQUENTIAL, OR INCIDENTAL DAMAGES, INCLUDING, WITHOUT LIMITATION, LOST PROFITS OR LOSS OR DAMAGE TO DATA ARISING OUT OF THE USE OR INABILITY TO USE THIS MANUAL, EVEN IF CISCO OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. Any Internet Protocol (IP) addresses and phone numbers used in this document are not intended to be actual addresses and phone numbers. Any examples, command display output, network topology diagrams, and other figures included in the document are shown for illustrative purposes only. Any use of actual IP addresses or phone numbers in illustrative content is unintentional and coincidental. Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S. and other countries. To view a list of Cisco trademarks, go to this URL: http:// www.cisco.com/go/trademarks. Third-party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (1110R) 2017 Cisco Systems, Inc. All rights reserved.

CONTENTS CHAPTER 1 AsyncOS API for Cisco Email Security Appliances - Getting Started Guide 1 Overview of AsyncOS API for Cisco Email Security Appliances 1 Prerequisites for Using AsyncOS API 1 Enabling AsyncOS API 2 Securely Communicating with AsyncOS API 2 AsyncOS API Authentication and Authorization 3 Authorization 3 Authentication 3 AsyncOS API Requests and Responses 4 AsyncOS API Requests 4 Request Structure 5 AsyncOS API Responses 5 Key Components of Responses 5 HTTP Response Codes 6 AsyncOS API Capabilities 7 Retrieve Current Health Parameters of the Appliance 7 Example 7 Retrieving Email Security Appliance Statistical Reports 8 Examples 10 Simple Report Type 10 Top-N Report Type 11 Query-based Report Type 12 Accessing AsyncOS API for Cisco Email Security Appliances Inline Help 12 Troubleshooting AsyncOS API 13 API Logs 13 Alerts 13 Alert About Network Configuration or Certificate Changes Not Communicated to AsyncOS API 14 iii

Contents Certificate Error while Using curl 14 AsyncOS API Reference 14 iv

CHAPTER 1 AsyncOS API for Cisco Email Security Appliances - Getting Started Guide This chapter contains the following sections: Overview of AsyncOS API for Cisco Email Security Appliances, page 1 Prerequisites for Using AsyncOS API, page 1 Enabling AsyncOS API, page 2 AsyncOS API Authentication and Authorization, page 3 AsyncOS API Requests and Responses, page 4 AsyncOS API Capabilities, page 7 Troubleshooting AsyncOS API, page 13 AsyncOS API Reference, page 14 Overview of AsyncOS API for Cisco Email Security Appliances The AsyncOS API for Cisco Email Security Appliances (or AsyncOS API) is a Representational StateTransfer (REST)-based set of operations that provide secure and authenticated access to the Email Security appliance reports and report counters. You can retrieve the Email Security appliance reporting data using this API. Prerequisites for Using AsyncOS API To use AsyncOS API, you need: An Email Security appliance running on AsyncOS 9.0 or above. Knowledge of: HTTP, which is the protocol used for API transactions. Secure communication over TLS. 1

Enabling AsyncOS API AsyncOS API for Cisco Email Security Appliances - Getting Started Guide JavaScript Object Notation (JSON), which the API uses to construct resource representations. A client or programming library that initiates requests and receives responses from the AsyncOS API using HTTP or HTTPS, for example, curl. The client or programming library must support JSON to interpret the response from the API. Authorization to access the AsyncOS API. See Authorization, on page 3. AsyncOS API enabled using web interface or CLI. See Enabling AsyncOS API, on page 2. Enabling AsyncOS API Before You Begin Make sure that you are authorized to access the IP Interfaces page on the web interface or the interfaceconfig command on CLI. Only administrators and operators are authorized to access this page or command. Procedure Step 1 Step 2 Step 3 Step 4 Step 5 Log in to the web interface. Click Network > IP Interfaces. Edit the Management interface. Note You can enable AsyncOS API on any IP interface. However, Cisco recommends that you enable AsyncOS API on the Management interface. Under AsyncOS API (Monitoring) section, depending on your requirements, select HTTP, HTTPS, or both and the ports to use. Note AsyncOS API communicates using HTTP / 1.0. If you have selected HTTPS and you want to use your own certificate for secure communication, see Securely Communicating with AsyncOS API, on page 2. Note Cisco recommends that you always use HTTPS in the production environment. Use HTTP only for troubleshooting and testing the API. Submit and commit your changes. What to Do Next You can also enable the AsyncOS API using the interfaceconfig command in CLI. Securely Communicating with AsyncOS API You can communicate with AsyncOS API over secure HTTP using your own certificate. 2

AsyncOS API for Cisco Email Security Appliances - Getting Started Guide AsyncOS API Authentication and Authorization Note Do not perform this procedure if you are already running the web interface over HTTPS and using your own certificate for secure communication. AsyncOS API uses the same certificate as web interface, for communicating over HTTPS. Procedure Step 1 Step 2 Step 3 Setup a certificate using the Network > Certificates page on web interface or the certconfig command in the CLI. For instructions, refer the User Guide or Online Help. Change the HTTPS certificate used by the IP interface to your certificate using the Network > IP Interfaces page on web interface or the interfaceconfig command in CLI. For instructions, refer the User Guide or Online Help. Submit and commit your changes. AsyncOS API Authentication and Authorization Authorization Email Security appliance users with the following roles can access the AsyncOS API: Administrator Read-Only Operator Operator Guest Note Users from centralized authentication system (LDAP or RADIUS directory) are not authorized to access the AsyncOS API for Cisco Email Security Appliances. If an LDAP or RADIUS directory user attempts to access the API, the API sends a 401 error message. Authentication API users must submit an Email Security appliance username and password with all the requests to the API in base64-encoded format. If a request does not include valid credentials in the Authorization header, the API sends a 401 error message. You can use any base64 library to convert your credentials into base64-encoded format. The following table shows an example of base64-encoded credentials: 3

AsyncOS API Requests and Responses AsyncOS API for Cisco Email Security Appliances - Getting Started Guide Item Username Password Credentials Base64-encoded Credentials Value administrator Password$123 administrator:password$123 YWRtaW5pc3RyYXRvcjpQYXNzd29yZCQxMjM= Note Encoded credentials must be on a single line within the header. AsyncOS API Requests and Responses AsyncOS API Requests Requests made to the API have the following characteristics: Requests are sent over HTTP or HTTPS Each request must contain a valid URI in the following format: https://{appliance}:{port}/api/v1.0/{resource}?{resource_attributes}, where: {appliance}:{port} is the FQDN or the IP address of the appliance and the TCP port number on which the appliance is listening. {resource} is the resource you are attempting to access, for example, reports or counters. {resource_attributes} are the supported attributes for a resource, for example, duration, max, and so on. Each request must contain a valid Authorization header in base64 encoded format. Each request must be set Accept as: application/json Requests sent over HTTPS (using your own certificate) must contain your CA certificate. For example, in case of curl, you can specify the CA certificate in API request as follows: curl --cacert <ca_cert.crt> -u"username:password" https://<fqdn>:<port>/api/v1.0/{resource}?{resource_attributes} Note API requests are case sensitive and should be entered as shown in this guide. 4

AsyncOS API for Cisco Email Security Appliances - Getting Started Guide AsyncOS API Responses Request Structure The following table lists the types of request operations that you can use with the AsyncOS API. Request Type GET Description Requests data from a specified resource. The following table lists the mandatory headers for requests: Header Host Accept Values {appliance}:{port} application/json */* Description The domain name or the IP address of the appliance, and the TCP port number on which the appliance is listening. Indicates to the server what media type(s) this client is willing to accept including the resource version. Authorization Basic {base64-encoded(username:password)} Identifies the authorized user making this request. AsyncOS API Responses Key Components of Responses Components Status Code and Reason Values See HTTP Response Codes, on page 6. Description HTTP response code and the reason. 5

AsyncOS API Responses AsyncOS API for Cisco Email Security Appliances - Getting Started Guide Components Message Header Message Body Content-Type Content-Length Connection Values application/json n/a close n/a Description Indicates the format of the message body. The length of the response body in octets. Options that are desired for the connection. The message body is in the format defined by the Content-Type header. The following are the components of the message body: 1 URI. The URI you specified in the request to the API. Example "uri":"/api/v1.0/health/" 2 Links or Data Links. The list of next level resources in the hierarchy. Example "links": {"percentage_ram_utilization": "Percentage...} Data. The reporting data provided by the API based on the specified URI. Example "data": {"percentage_diskio": 10} 3 (Only for Error Events) Error. This component includes three subcomponents message, code, and explanation. Example "error": {"message": "Unexpected attribute - starts_with.","code": "404", "explanation": "404 = Nothing matches the given URI."} If the message body contains empty braces ({}), it means that the API could not find any records matching the query. HTTP Response Codes The following is a list of HTTP response codes returned by AsyncOS API: 200 400 6

AsyncOS API for Cisco Email Security Appliances - Getting Started Guide AsyncOS API Capabilities 401 404 406 413 414 500 501 505 For descriptions of these HTTP response codes, refer the following RFCs: RFC1945 RFC7231 AsyncOS API Capabilities You can use the AsyncOS API to perform the following actions: Retrieve Current Health Parameters of the Appliance You can retrieve the current key health parameters of the appliance such as RAM utilization, queue utilization, messages in work queue, and so on to assess the health of the appliance. Description Synopsis Request Headers Response Headers Retrieve the key health parameters of the Email Security appliance. GET /api/v1.0/health GET /api/v1.0/health/{parameter} Host, Accept, Authorization Content-Type, Content-Length, Connection Example Sample Request GET /api/v1.0/health HTTP/1.0 User-Agent: curl/7.30.0 Host: mail.example.com:8080 Authorization: Basic dxnlcm5hbwu6cgfzc3dvcmq= Accept: application/json 7

Retrieving Email Security Appliance Statistical Reports AsyncOS API for Cisco Email Security Appliances - Getting Started Guide Sample Response HTTP/1.0 200 OK Server: EmailAPI/1.0 Date: Wed, 02 Jul 2014 05:07:50 GMT Content-type: application/json Content-Length: 246 Connection: close { "data":{ "percentage_ram_utilization":10, "percentage_diskio":20, "resource_conservation":3, "messages_in_workqueue":189, "messages_in_pvo_quarantines":12, "percentage_swap_utilization":2.0, "percentage_queue_utilization":5.0, "percentage_cpu_load":12 }, "uri":"/api/v1.0/health/" } Note For more information about these health parameters, access the API inline help using the following URI: https://{appliance}:{port}/api/v1.0/health/help. See Accessing AsyncOS API for Cisco Email Security Appliances Inline Help, on page 12. Retrieving Email Security Appliance Statistical Reports You can retrieve various statistical reports such as Incoming Mail Summary, Virus Types, and so on from your appliance. Statistical reports can be categorized into three different types: Simple Report. This report category counts various events in your appliance such as how many authentication attempts failed, how many content filters were triggered, and so on for a specified duration. Examples are mail_authentication_summary and mail_dlp_outgoing_traffic_summary. Top-N Report. This report category counts various events in your appliance against an entity (IP address, domain name, and so on) for a specified duration and lists the top-n events, where N is a user specified value. Examples are mail_content_filter_incoming and mail_dmarc_incoming_traffic_summary. Query-based Report. This report category counts various events in your appliance against a user-specified entity (IP address, domain name, and so on) for a specified duration. Examples are mail_authentication_incoming_domain and mail_content_filter_outgoing. For a list of reports under each category, see AsyncOS API Reference, on page 14. Description Retrieve various statistical reports from the Email Security appliance. 8

AsyncOS API for Cisco Email Security Appliances - Getting Started Guide Retrieving Email Security Appliance Statistical Reports Synopsis Supported Resource Attributes Simple Report GET /api/v1.0/stats/report?resource_attribute GET /api/v1.0/stats/report/counter?resource_attribute time_range. Use this attribute to retrieve report(s) for a specified duration. This attribute can assume the following values: 1h - Aggregate report(s) for the last one hour 1d - Aggregate report(s) for the last one day duration=yyyy-mm-ddthh:mmtzd/yyyy-mm-ddthh:mmtzd - Aggregate report(s) for the specified duration. Supported values of TZD are Z, +hh:mm, or -hh:mm. Top-N Report time_range. Use this attribute to retrieve report(s) for a specified duration. This attribute can assume the following values: 1h - Aggregate report(s) for the last one hour 1d - Aggregate report(s) for the last one day duration=yyyy-mm-ddthh:mmtzd/yyyy-mm-ddthh:mmtzd - Aggregate report(s) for the specified duration. Supported values of TZD are Z, +hh:mm, or -hh:mm. max=n. Use this attribute to limit the number of results returned by the report. n is the number of results that you want the report to return and can assume values from 1 through 1000. Query-based Report time_range. Use this attribute to retrieve report(s) for a specified duration. This attribute can assume the following values: 1h - Aggregate report(s) for the last one hour 1d - Aggregate report(s) for the last one day duration=yyyy-mm-ddthh:mmtzd/yyyy-mm-ddthh:mmtzd - Aggregate report(s) for the specified duration. Supported values of TZD are Z, +hh:mm, or -hh:mm. 9

Retrieving Email Security Appliance Statistical Reports AsyncOS API for Cisco Email Security Appliances - Getting Started Guide entity=value. Use this attribute to retrieve reports based on a specified entity such as email address, IP address, and so on. You can choose whether to exactly match the specified text or look for items starting with the specified text (for instance, starts with "ex" will match "example.com"). Note The definition of this attribute varies from report type to report type. For the permissible values of this attribute, see AsyncOS API Reference, on page 14. To retrieve items starting with the specified text, you must use this attribute in conjunction with starts_with attribute, for example, entity=us&starts_with=true starts_with=value. Use this attribute to retrieve items starting with the specified entity value. This attribute must be used in conjunction with the entity attribute and value must be set to true, for example, entity=us&starts_with=true. max=n. Use this attribute to limit the number of results returned by the report. n is the number of results that you want the report to return and can assume values from 1 through 1000. Note You cannot use the entity and max=n attributes in the same request. Request Headers Response Headers Host, Accept, Authorization Content-Type, Content-Length, Connection Note Use an AND ( & ) operator to use multiple attributes, for example: https://{appliance}:{port}/api/v1.0/stats/report/counter?attribute1&attribute2. For more information about statistical reports and counters, access the API inline help. See Accessing AsyncOS API for Cisco Email Security Appliances Inline Help, on page 12. Examples Simple Report Type The following example shows how to retrieve aggregate Incoming Mail Summary report for the last one day. Sample Request GET /api/v1.0/stats/mail_incoming_traffic_summary?1d HTTP/1.0 User-Agent: curl/7.30.0 Host: mail.example.com:8080 Authorization: Basic dxnlcm5hbwu6cgfzc3dvcmq= Accept: application/json 10

AsyncOS API for Cisco Email Security Appliances - Getting Started Guide Retrieving Email Security Appliance Statistical Reports Sample Response HTTP/1.0 200 OK Server: EmailAPI/1.0 Date: Tue, 15 Jul 2014 08:26:46 GMT Content-type: application/json Content-Length: 461 Connection: close { "verif_decrypt_success": 0, "detected_virus": 99, "total_threat_recipients": 102, "threat_content_filter": 0, "total_recipients": 102, "blocked_invalid_recipient": 0, "blocked_dmarc": 0, "marketing_mail": 0, "ims_spam_increment_over_case": 0, "detected_amp": 0, "total_graymail_recipients": 0, "social_mail": 0, "detected_spam": 0, "total_clean_recipients": 0, "verif_decrypt_fail": 0, "malicious_url": 0, "bulk_mail": 0, "blocked_reputation": 3 }, "uri":"/api/v1.0/stats/mail_incoming_traffic_summary?1d" } Top-N Report Type The following example shows how to retrieve top five subjects of high volume mails for a specified duration. Sample Request GET /api/v1.0/stats/mail_subject_stats?duration=2014-04-23t00:00-00:00/2014-10-21t00:00-00:00&max=5 HTTP/1.0 User-Agent: curl/7.30.0 Host: mail.example.com:8080 Authorization: Basic dxnlcm5hbwu6cgfzc3dvcmq= Accept: application/json Sample Response HTTP/1.0 200 OK Server: EmailAPI/1.0 Date: Tue, 15 Jul 2014 08:26:46 GMT Content-type: application/json Content-Length: 182 Connection: close { "data":{ "num_msgs":{ "Buying judgments":44584, "Additional Income":39691, "Why pay more?":46044, "Message contains":50460, "Off shore":56954 } }, "uri":"/api/v1.0/stats/mail_subject_stats?duration=2014-04-23t00:00-00:00/2014-10-21t00:00-00:00&max=5" } 11

Accessing AsyncOS API for Cisco Email Security Appliances Inline Help AsyncOS API for Cisco Email Security Appliances - Getting Started Guide Query-based Report Type The following example shows how to retrieve aggregate Outgoing Sender report for IP addresses starting with 2001::6 for a specified duration. Sample Request GET /api/v1.0/stats/mail_sender_ip_hostname_detail?duration=2014-04-23t00:00-00:00/2014-10-21t00:00-00:00&entity=2001::63&starts_with=true HTTP/1.0 User-Agent: curl/7.30.0 Host: mail.example.com:8080 Authorization: Basic dxnlcm5hbwu6cgfzc3dvcmq= Accept: application/json Sample Response HTTP/1.0 200 OK Server: EmailAPI/1.0 Date: Thu, 04 Sep 2014 09:27:58 GMT Content-type: application/json Content-Length: 633 Connection: close { "data":{ "2001::63":{ "detected_virus":2, "threat_content_filter":0, "total_dlp_incidents":0, "total_clean_recipients":4372, "total_recipients_processed":4374, "detected_spam":0, "total_threat_recipients":2 } "2001::6":{ "detected_virus":2, "threat_content_filter":0, "total_dlp_incidents":0, "total_clean_recipients":1232, "total_recipients_processed":1234, "detected_spam":0, "total_threat_recipients":2 } }, "uri":"/api/v1.0/stats/mail_sender_ip_hostname_detail?duration=2014-04-23t00:00-00:00/2014-10-21t00:00-00:00&entity= 2001::6&starts_with=true" } Accessing AsyncOS API for Cisco Email Security Appliances Inline Help AsyncOS API provides comprehensive inline help for all of the supported reports and counters. You can access the inline help of a report or counter by appending its URL to: /help The following are a few examples: 12

AsyncOS API for Cisco Email Security Appliances - Getting Started Guide Troubleshooting AsyncOS API GET /api/v1.0/stats/help allows you to retrieve a list of statistical reports and their descriptions. GET /api/v1.0/ health /help allows you to retrieve a list of key health parameters of the appliance and their descriptions. GET /api/v1.0/stats/mail_incoming_traffic_summary /help allows you to retrieve description of the Incoming Mail Summary report, supported counters in this report and their descriptions, and the report category. GET /api/v1.0/stats/mail_incoming_traffic_summary/detected_virus/ help allows you to retrieve the description of the counter detected_virus in the Incoming Mail Summary report. Troubleshooting AsyncOS API API Logs Subscribe to the API logs using System Administration > Log Subscriptions. For instructions, see Cisco AsyncOS for Email User Guide or Online Help. The following are some of the events that are logged in the API logs: API has started or stopped Connection to the API failed or closed (after providing response) Authentication succeeded or failed Request contains errors Error while communicating network configuration changes with AsyncOS API Alerts Ensure that the appliance is configured to send you alerts related to AsyncOS API. You will receive alerts when: Alert Description API has restarted due to an error Network configuration or certificate changes made using web interface or CLI are not communicated to the API. See Alert About Network Configuration or Certificate Changes Not Communicated to AsyncOS API, on page 14. Type System System Severity Warning Critical 13

Certificate Error while Using curl AsyncOS API for Cisco Email Security Appliances - Getting Started Guide Alert About Network Configuration or Certificate Changes Not Communicated to AsyncOS API Problem You receive a critical alert stating that the network configuration or certificate changes made using web interface or CLI are not communicated to the API. Solution Try the following: Restart the appliance. If the problem persists, contact TAC. Certificate Error while Using curl Problem If you are using HTTPS and your own certificate for secure communication with API, on some operating systems (such as Unix, Ubantu, Mac OS X, and so on) you may receive certificate errors while requesting API resources using curl. The following are a few examples: curl: (60) SSL certificate problem: Invalid certificate chain curl: (77) error setting certificate verify locations Solution Refer curl documentation: https://curl.haxx.se/. AsyncOS API Reference Simple Report Type The following are the supported Simple reports: mail_authentication_summary mail_dlp_outgoing_traffic_summary mail_incoming_malware_threat_file_detail_summary mail_incoming_traffic_summary mail_mailbox_auto_remediation mail_outgoing_traffic_summary mail_security_summary mail_sender_group_summary mail_system_capacity 14

AsyncOS API for Cisco Email Security Appliances - Getting Started Guide AsyncOS API Reference Top-N Report Type The following are the supported Top-N reports: mail_authentication_incoming_domain_ip mail_content_filter_incoming mail_dmarc_incoming_traffic_summary mail_env_sender_rate_limit mail_env_sender_stats mail_fed_content_filter_incoming mail_hvm_msg_filter_stats mail_incoming_hat_connections mail_incoming_malware_threat_file_detail mail_incoming_web_interaction_track_malicious_users mail_incoming_web_interaction_track_urls mail_md_attachment_incoming_file_type mail_md_attachment_outgoing_file_type mail_outgoing_web_interaction_track_malicious_users mail_outgoing_web_interaction_track_urls mail_msg_filter_stats mail_sender_group_detail mail_subject_stats mail_url_category_summary mail_url_domain_summary mail_url_reputation_summary mail_vof_threat_summary mail_vof_threats_by_level mail_vof_threats_by_threat_type mail_vof_threats_by_time_threshold mail_vof_threats_by_type mail_vof_threats_rewritten_url Query-specific Report Type The following are the supported Query-specific reports: mail_authentication_incoming_domain 15

AsyncOS API Reference AsyncOS API for Cisco Email Security Appliances - Getting Started Guide Entity Value: Domain name, for example, abc.com. mail_content_filter_outgoing Entity Value: Name of the outgoing Content Filter. mail_destination_domain_detail Entity Value: Domain name, for example, abc.com. mail_dlp_outgoing_policy_detail Entity Value: Name of the DLP policy. mail_incoming_domain_detail Entity Value: Domain name, for example, abc.com. mail_incoming_ip_hostname_detail Entity Value: IPv4 or IPv6 address. mail_incoming_network_detail Entity Value: Name of the network owner, for example Xyz Corporation. mail_sender_domain_detail Entity Value: Domain name, for example, abc.com. mail_sender_ip_hostname_detail Entity Value: IPv4 or IPv6 address. mail_users_detail Entity Value: Email ID of the internal user, for example, user@example.com. mail_virus_type_detail Entity Value: Name of viruses. 16

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback