Chatee ahora con Soporte
Chat con el soporte

Change Auditor 7.3 - SIEM Integration User Guide

Integrating Change Auditor and SIEM Tools Subscription Management
Adding the PowerShell module Viewing available commands and help Connecting to Change Auditor Managing subscriptions Working with event subscriptions in the client Managing a Splunk integration Managing an IBM QRadar integration Managing a Micro Focus Security ArcSight Logger and Enterprise Security Manager (ESM) integration Managing a Quest IT Security Search integration (Preview) Managing a Syslog integration Managing a Microsoft Sentinel integration
Webhook technical insights

Remove-CASentinelEventSubscription

Use this command to remove a subscription.

-Connection

A connection obtained by using the Connect-CAClient command. See the Change Auditor Command Guide for details.

-Subscription

The PSCASentinelEventSubscriptionStatus object obtained using Get-CASentinelEventSubscriptions that corresponds to the subscription to remove. This parameter is required if the SubscriptionId parameter is not specified.

-SubscriptionId

The ID of the subscription to remove. This parameter is required if the Subscription parameter is not specified. Use the Get-CASentinelEventSubscriptions command to find the ID.

Remove-CASentinelEventSubscription -Subscription $subscription

 

 

Webhook technical insights

Handling webhook responses

To see the response codes, run the associated Get command and review the LastEventResponse and LastHeartbeatResponse in the output for the following response codes:

HTTP 200

Notification successfully received

This response code is expected for every notification.

HTTP 429

Too many events being sent

When this occurs, Change Auditor will automatically reduce the batch size when it sends its next notification.

HTTP 400

Bad Request

This occurs when the receiving server is unreachable or the data is improperly formatted. Review the information provided with the response for details.

HTTP 401

 

Unauthorized access

For example, the notification message has an incorrect or expired AuthorizationID configured in the subscription. In this case, the subscription will be disabled until the error is corrected.

HTTP 500

Internal Server Error

This can be either an issue with the Change Auditor coordinator or the receiving server.

 

Our brand, our vision. Together.

Our logo reflects our story: innovation, community and support. An important part of this story begins with the letter Q. It is a perfect circle, representing our commitment to technological precision and strength. The space in the Q itself symbolizes our need to add the missing piece — you — to the community, to the new Quest.

Documentos relacionados

The document was helpful.

Seleccionar calificación

I easily found the information I needed.

Seleccionar calificación