Custom Enrichment API
This tutorial demonstrates how to set up Custom Enrichment using the Coralogix API.
API endpoint
Select the API endpoint associated with your Coralogix domain.
To use this API you need to create a personal or team API key. It’s recommended to use permission presets, as they are automatically updated with all relevant permissions. Alternatively, you can manually add individual permissions.
| Preset | Action | Description |
|---|---|---|
| Enrichments | CLOUD-METADATA-ENRICHMENT:READCONFIG CLOUD-METADATA-ENRICHMENT:UPDATECONFIG GEO-ENRICHMENT:READCONFIG GEO-ENRICHMENT:UPDATECONFIG SECURITY-ENRICHMENT:READCONFIG SECURITY-ENRICHMENT:UPDATECONFIG TEAM-CUSTOM-ENRICHMENT:READCONFIG TEAM-CUSTOM-ENRICHMENT:READDATA TEAM-CUSTOM-ENRICHMENT:UPDATECONFIG TEAM-CUSTOM-ENRICHMENT:UPDATEDATA |
View AWS Enrichment Configuration Manage AWS Enrichment Configuration View Geo Enrichment Configuration Manage Geo Enrichment Configuration View Unified Threat Intelligence Enrichment Configuration Manage Unified Threat Intelligence Enrichment Configuration View Custom Enrichment Configuration View Custom Enrichment Data Manage Custom Enrichment Configuration Manage Data for Custom Enrichment Ingestion |
Supported API calls
The following Custom Enrichments API calls are supported:
-
Create
-
Update
-
Delete
-
List
Create
Create a new Custom Enrichment. Copy the curl commands below and customize them for your environment before sending them to the API. Please remember to use the correct endpoint for your deployment.
Request:
curl --location --request POST 'https://api.<span class="domain-value"></span>/api/v1/external/custom-enrichments' \
--header 'Authorization: Bearer <cx_api_key>' \
--form 'name="\"YOUR_ENRICHMENT_NAME\""' \
--form 'description="\"YOUR_ENRICHMENT_DESCRIPTION\""' \
--form 'file=@"PATH_TO_YOUR_ENRICHMENT.CSV_FILE"'
Note
An example of the PATH_TO_YOUR_ENRICHMENT.CSV_FILE variable: "/Users/Test/CustomEnrichment.csv".
Response:
Status Codes: 202, 406, 502.
Update
curl --location --request PUT 'https://api.<span class="domain-value"></span>/api/v1/external/custom-enrichments/14' \
--header 'Authorization: Bearer <cx_api_key>' \
--form 'name="\"YOUR_ENRICHMENT_NAME_V2\""' \
--form 'description="\"YOUR_ENRICHMENT_DESCRIPTION\""' \
--form 'file=@"PATH_TO_YOUR_ENRICHMENT.CSV_FILE"'
Note
-
The customEnrichmentID used in the Custom Enrichment PUT endpoint (14 in this example) is taken from the initial Custom Enrichment creation POST request.
-
An example of the PATH_TO_YOUR_ENRICHMENT.CSV_FILE variable: "/Users/Test/CustomEnrichment_V2.csv".
Response:
Status Codes: 202, 502.
Delete
Request:
curl --location --request DELETE 'https://api.<span class="domain-value"></span>/api/v1/external/custom-enrichments/14' \
--header 'Authorization: Bearer <cx_api_key>' \
--data-raw ''
Note
The customEnrichmentID used in the Custom Enrichment DELETE endpoint (14 in this example) is taken from the initial Custom Enrichment creation POST request.
Status Codes: 200, 409, 502.
List
Request:
curl --location --request GET 'https://api.<span class="domain-value"></span>/api/v1/external/custom-enrichments/' \
--header 'Authorization: Bearer <cx_api_key>'
[
{
"id": 13,
"name": "Enrichment Test",
"description": "First Coralogix API Custom Enrichment Test",
"version": 1
},
{
"id": 14,
"name": "customer's UUID to customer name V2",
"description": "This enrichment is for mapping UUID to name",
"version": 2
}
]
Status Codes: 200, 500.
Additional resources
| Documentation | Custom Enrichment |
Support
Need help?
Our world-class customer success team is available 24/7 to walk you through your setup and answer any questions that may come up.
Feel free to reach out to us via our in-app chat or by emailing [email protected].
Parsing Rules API
Light
light
dark
User Guides
DataPrime
Integrations
OpenTelemetry
Developer Portal