Announcing the Saviynt Knowledge Exchange unifying the Saviynt forums, documentation, training,
and more in a single search tool across platforms. Read the announcement here.
This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

REST API - CrowdStrike

Go to solution
rushikeshvartak
All-Star
All-Star

‎02/01/2024 12:04 PM - last edited on ‎02/01/2024 01:27 PM by Community Manager

We are integrating crowdstrike with REST Connector

For Accounts we have 2 APIs

  • First API provides all account ids 
  • Second API provide all account information ( providing all account ids  in body)

For Entitlements - 2 APIs

  • First API provides all Entitlements ids 
  • Second API provide all Entitlement information ( providing all entitlement ids  in body)

Questions:

  • How can we pass call1 response to call2 
  • call1 since we just have accountid /Entitlementid , whats will needs to be set for account name /entitlement name as those are mandatory in colsToProp.


Please help us with ImportAccountEntJSON

API 1 - Response : Accounts 

{
    "meta": {
        "query_time": 0.020086269,
        "pagination": {
            "offset": 0,
            "limit": 100,
            "total": 57
        },
        "powered_by": "cs.flightcontrolapi",
        "trace_id": "d447c481-b30f-47ce-9a0e-0b8c0e4c58eb"
    },
    "resources": [
        "aafdc9b2-7d48-4864-8b43-6f08156914ba"
    ]
}

API 2 - Account Info

Body :

curl --location "https://amaskedurlrushi.com" --header "Authorization: Bearer abcd" --header "Content-Type: application/json" --data "{\"ids\":[
\"aafdc9b2-7d48-4864-8b43-6f08156914ba\"]}"

Response:

{
    "meta": {
        "query_time": 0.016138583,
        "powered_by": "cs.flightcontrolapi",
        "trace_id": "fd90cdcf-d4d4-4b7b-b140-9199372f5a82"
    },
    "resources": [
        {
            "uuid": "aafdc9b2-7d48-4864-8b43-6f08156914ba",
            "cid": "2acae8639bf649789b74bd8fea38a732",
            "uid": "rushi.vartak@rushi.com",
            "first_name": "Rsuhi",
            "last_name": "Jenkins",
            "last_login_at": "2021-10-27T14:47:25.991Z",
            "created_at": "2021-08-05T19:23:26.566Z"
        }
    ]
}

Entitlements

Call 1 : Get Entitlement ID 

{
    "meta": {
        "query_time": 0.013671067,
        "powered_by": "cs.flightcontrolapi",
        "trace_id": "396a72d5-eea3-4caa-9438-3faad8388fff"
    },
    "resources": [
        "image_viewer"
    ]
}

Call 2 : Get Entitlement Information

Body :

curl --location "https://masked.com/roles/v1?ids=image_viewer" --header "Authorization: Bearer masked"

Response

{
    "meta": {
        "query_time": 0.10586239,
        "powered_by": "cs.flightcontrolapi",
        "trace_id": "8f80b588-9fd6-47b6-9ed6-2d31ed5ddb53"
    },
    "resources": [
        {
            "id": "image_viewer",
            "display_name": "Container Image Viewer",
            "description": "View details about image vulnerabilities, Image Assessment policies, and registry connections.",
            "is_global": true
        }
    ]
}

 


Regards,
Rushikesh Vartak
If you find the response useful, kindly consider selecting Accept As Solution and clicking on the kudos button.
Labels:
0 Kudos
10 REPLIES 10

Go to solution
Dhruv_S
Saviynt Employee
Saviynt Employee

‎02/05/2024 04:51 AM

Please refer to the developer's handbook and modify the JSON as per the requirement.

Developers Handbook (saviyntcloud.com)

Example 1: Add multiple calls in the accountParams attribute. This example uses the ${accountName} binding variable to iterate the accounts imported as part of call1. Set the dependentCall variable under inputParams to true when the call2 is dependent on call1.

JSON
{
  "accountParams": {
    "connection": "acctAuth",
    "createUsers": true,
    "adminName": "admin",
    "processingType": "SequentialAndIterative",
    "statusAndThresholdConfig": {
      "deleteLinks": false,
      "accountThresholdValue": 30,
      "correlateInactiveAccounts": false,
      "inactivateAccountsNotInFile": false,
      "deleteAccEntForActiveAccounts": true
    },
    "call": {
      "call1": {
        "callOrder": 0,
        "stageNumber": 0,
        "http": {
          "url": "https://api.**************.com/v1/enterprise/345992/users",
          "httpHeaders": {
            "Authorization": "${access_token}"
          },
          "httpContentType": "application/x-www-form-urlencoded",
          "httpMethod": "GET"
        },
        "listField": "users",
        "keyField": "accountID",
        "colsToPropsMap": {
          "accountID": "id~#~char",
          "name": "id~#~char"
        },
        "disableDeletedAccounts": true
      },
      "call2": {
        "callOrder": 1,
        "stageNumber": 3,
        "http": {
          "url": "https://api.**************.com/v1/user/${accountName}",
          "httpHeaders": {
            "Authorization": "${access_token}"
          },
          "httpContentType": "application/x-www-form-urlencoded",
          "httpMethod": "GET"
        },
        "inputParams": {
          "dependentCall": true
        },
        "listField": "",
        "keyField": "accountID",
        "nextApiKeyField": "accountID",
        "colsToPropsMap": {
          "accountID": "id~#~char",
          "name": "username~#~char",
          "customproperty1": "emailId~#~char",
          "customproperty2": "lastName~#~char",
          "customproperty3": "company~#~char",
          "customproperty4": "timezone~#~char",
          "customproperty5": "defaultEndpoint~#~char",
          "customproperty6": "lastLogin~#~char"
        }
      }
    }
  }
}
 

Example 2: Add multiple calls in the entitlementParams attribute. This example uses the ${entitlementID} binding variable to iterate the entitlementIDs imported as part of call1. Set the entitlementname variable under inputParams to the name of entitlement type when the call2 is dependent on call1.

JSON
{
  "accountParams": {},
  "entitlementParams": {
    "connection": "acctAuth",
    "processingType": "SequentialAndIterative",
    "entTypes": {
      "zone": {
        "entTypeOrder": 0,
        "call": {
          "call1": {
            "callOrder": 0,
            "stageNumber": 0,
            "http": {
              "url": "https://*****/Group",
              "httpHeaders": {
                "Authorization": "${access_token}",
                "Accept": "text/json"
              },
              "httpContentType": "application/json",
              "httpMethod": "GET"
            },
            "listField": "Rsp.Result",
            "keyField": "entitlementID",
            "colsToPropsMap": {
              "entitlementID": "Guid~#~char",
              "entitlement_value": "Guid~#~char"
            },
            "disableDeletedEntitlements": true
          },
          "call2": {
            "connection": "acctAuth",
            "callOrder": 1,
            "stageNumber": 3,
            "http": {
              "url": "https://****/groupID/${entitlementID}",
              "httpHeaders": {
                "Authorization": "${access_token}",
                "Accept": "text/json"
              },
              "httpContentType": "application/json",
              "httpMethod": "GET"
            },
            "inputParams": {
              "entitlementname": "zone"
            },
            "listField": "",
            "keyField": "entitlementID",
            "colsToPropsMap": {
              "entitlementID": "Rsp.Result.Guid~#~char",
              "entitlement_value": "Rsp.Result.Guid~#~char",
              "customproperty1": "Rsp.Result.AccessPermissionLevel~#~char",
              "customproperty2": "Rsp.Result.Name~#~char",
              "customproperty3": "Rsp.Result.OwnerRole~#~char"
            },
            "disableDeletedEntitlements": true
          }
        }
      }
    }
  },
  "acctEntParams": {
  }
}

Regards,

Dhruv Sharma

0 Kudos

Go to solution
rushikeshvartak
All-Star
All-Star
In response to Dhruv_S

‎02/05/2024 05:04 AM

As per saviynt crowstrick documents, account import is not supported and here we need to send all account id from first api to second not individual.


Regards,
Rushikesh Vartak
If you find the response useful, kindly consider selecting Accept As Solution and clicking on the kudos button.
0 Kudos

Go to solution
SB
Saviynt Employee
Saviynt Employee
In response to rushikeshvartak

‎02/05/2024 12:21 PM

So your call2 is ideally giving more details on the account profile. For this I think you should be able to use dependentCall function with the REST Connector. An individual call will be made for each account that was part of call1 automatically. 

https://docs.saviyntcloud.com/bundle/REST-v24x/page/Content/Developers-Handbook.htm


Regards,
Sahil
0 Kudos

Go to solution
Ben
New Contributor
New Contributor

‎02/05/2024 06:41 PM

Hi Sahil, I'm running into a similar issue as Rushikesh. From my understanding, the dependantCall function will pass the value in the url variable, however, this doesn't work with CrowdStrike. The CrowdStrike API requires that the array of resources returned with the first call, be in the body of the second call to return the account details. @rushikeshvartak have you had any luck getting this working?

0 Kudos

Go to solution
rushikeshvartak
All-Star
All-Star
In response to Ben

‎02/05/2024 06:43 PM

@Ben  I am also in same boat.

As per documentation its not supported.

https://docs-be.saviyntcloud.com/bundle/EIC-Connectors/page/Content/Resources/Attachments/CrowdStrik...

No luck so far.

Does your connection json working ?


Regards,
Rushikesh Vartak
If you find the response useful, kindly consider selecting Accept As Solution and clicking on the kudos button.
0 Kudos

Go to solution
SB
Saviynt Employee
Saviynt Employee
In response to Ben

‎02/06/2024 10:17 AM - edited ‎02/06/2024 10:17 AM

In this case, it is currently not supported. You can raise an enactment request on the ideas portal for it.


Regards,
Sahil
0 Kudos

Go to solution
rushikeshvartak
All-Star
All-Star
In response to SB

‎02/07/2024 09:03 AM

Idea ticket raised.

https://ideas.saviynt.com/ideas/EIC-I-5499


Regards,
Rushikesh Vartak
If you find the response useful, kindly consider selecting Accept As Solution and clicking on the kudos button.
0 Kudos

Go to solution
rushikeshvartak
All-Star
All-Star
In response to rushikeshvartak

‎04/22/2024 06:52 AM

With help of CSM and client , this idea has been accepted by Saviynt 


Regards,
Rushikesh Vartak
If you find the response useful, kindly consider selecting Accept As Solution and clicking on the kudos button.
0 Kudos

Go to solution
Ben
New Contributor
New Contributor

‎02/05/2024 07:17 PM

Mmm that's annoying. I was hoping there was a way to iterate through the resources response and store each one against an account with dummy values, then use the second call to true up the attributes.

Yeah, the connection JSON is all fine.

I might just park this for the time being.

0 Kudos

Go to solution
rushikeshvartak
All-Star
All-Star
In response to Ben

‎02/05/2024 07:19 PM

Can you share connection JSON 


Regards,
Rushikesh Vartak
If you find the response useful, kindly consider selecting Accept As Solution and clicking on the kudos button.
0 Kudos
Copyright © 2024 Khoros, LLC