Custom Enrichment API
This tutorial demonstrates how to set up Custom Enrichment using the Coralogix API.
API endpoint
Select the API endpoint associated with your Coralogix domain.
To use this API you need to create a personal or team API key. It’s recommended to use permission presets, as they are automatically updated with all relevant permissions. Alternatively, you can manually add individual permissions.
Preset | Action | Description |
---|---|---|
Enrichments | CLOUD-METADATA-ENRICHMENT:READCONFIG CLOUD-METADATA-ENRICHMENT:UPDATECONFIG GEO-ENRICHMENT:READCONFIG GEO-ENRICHMENT:UPDATECONFIG SECURITY-ENRICHMENT:READCONFIG SECURITY-ENRICHMENT:UPDATECONFIG TEAM-CUSTOM-ENRICHMENT:READCONFIG TEAM-CUSTOM-ENRICHMENT:READDATA TEAM-CUSTOM-ENRICHMENT:UPDATECONFIG TEAM-CUSTOM-ENRICHMENT:UPDATEDATA | View AWS Enrichment Configuration Manage AWS Enrichment Configuration View Geo Enrichment Configuration Manage Geo Enrichment Configuration View Unified Threat Intelligence Enrichment Configuration Manage Unified Threat Intelligence Enrichment Configuration View Custom Enrichment Configuration View Custom Enrichment Data Manage Custom Enrichment Configuration Manage Data for Custom Enrichment Ingestion |
Supported API calls
The following Custom Enrichments API calls are supported:
Create
Update
Delete
List
Create
Create a new Custom Enrichment. Copy the curl commands below and customize them for your environment before sending them to the API. Please remember to use the correct endpoint for your deployment.
Request:
curl --location --request POST 'https://api.<span class="domain-value"></span>/api/v1/external/custom-enrichments' \
--header 'Authorization: Bearer <cx_api_key>' \
--form 'name="\"YOUR_ENRICHMENT_NAME\""' \
--form 'description="\"YOUR_ENRICHMENT_DESCRIPTION\""' \
--form 'file=@"PATH_TO_YOUR_ENRICHMENT.CSV_FILE"'
Note:
The PATH_TO_YOUR_ENRICHMENT.CSV_FILE as for example: "/Users/Test/CustomEnrichment.csv".
Response:
Status Codes: 202, 406, 502.
Update
curl --location --request PUT 'https://webapi.coralogix.com/api/v1/external/custom-enrichments/14' \
--header 'Authorization: Bearer <cx_api_key>' \
--form 'name="\"YOUR_ENRICHMENT_NAME_V2\""' \
--form 'description="\"YOUR_ENRICHMENT_DESCRIPTION\""' \
--form 'file=@"PATH_TO_YOUR_ENRICHMENT.CSV_FILE"'
Notes:
Please take a look at the Update Custom Enrichment URL: https://webapi.coralogix.com/api/v1/external/custom-enrichments/
<customEnrichmentID>
The customEnrichmentID used in the Endpoint (14 in this example), is taken from the initial POST request when the Custom Enrichment to update was created.The PATH_TO_YOUR_ENRICHMENT.CSV_FILE as for example: "/Users/Test/CustomEnrichment_V2.csv".
Response:
Status Codes: 202, 502.
Delete
Request:
curl --location --request DELETE 'https://webapi.coralogix.com/api/v1/external/custom-enrichments/14' \
--header 'Authorization: Bearer <cx_api_key>' \
--data-raw ''
Note:
- Please take a look at the Delete Custom Enrichment URL: https://webapi.coralogix.com/api/v1/external/custom-enrichments/
<customEnrichmentID>
The customEnrichmentID used in the Endpoint (14 in this example), is taken from the initial POST request when the Custom Enrichment to delete was created.
Status Codes: 200, 409, 502.
List
Request:
curl --location --request GET 'https://webapi.coralogix.com/api/v1/external/custom-enrichments/' \
--header 'Authorization: Bearer <cx_api_key>'
[ { "id": 13, "name": "Enrichment Test", "description": "First Coralogix API Custom Enrichment Test", "version": 1 }, { "id": 14, "name": "customer's UUID to customer name V2", "description": "This enrichment is for mapping UUID to name", "version": 2 }]
Status Codes: 200, 500.
Additional resources
Documentation | Custom Enrichment |
Support
Need help?
Our world-class customer success team is available 24/7 to walk you through your setup and answer any questions that may come up.
Feel free to reach out to us via our in-app chat or by emailing [email protected].