Skip to content

Custom Enrichment API

This tutorial demonstrates how to set up Custom Enrichment using the Coralogix API.

API endpoint

Select the API endpoint associated with your Coralogix domain.

To use this API you need to create a personal or team API key. It’s recommended to use permission presets, as they are automatically updated with all relevant permissions. Alternatively, you can manually add individual permissions.

PresetActionDescription
EnrichmentsCLOUD-METADATA-ENRICHMENT:READCONFIG
CLOUD-METADATA-ENRICHMENT:UPDATECONFIG
GEO-ENRICHMENT:READCONFIG
GEO-ENRICHMENT:UPDATECONFIG
SECURITY-ENRICHMENT:READCONFIG
SECURITY-ENRICHMENT:UPDATECONFIG
TEAM-CUSTOM-ENRICHMENT:READCONFIG
TEAM-CUSTOM-ENRICHMENT:READDATA
TEAM-CUSTOM-ENRICHMENT:UPDATECONFIG
TEAM-CUSTOM-ENRICHMENT:UPDATEDATA
View AWS Enrichment Configuration
Manage AWS Enrichment Configuration
View Geo Enrichment Configuration
Manage Geo Enrichment Configuration
View Unified Threat Intelligence Enrichment Configuration
Manage Unified Threat Intelligence Enrichment Configuration
View Custom Enrichment Configuration
View Custom Enrichment Data
Manage Custom Enrichment Configuration
Manage Data for Custom Enrichment Ingestion

Supported API calls

The following Custom Enrichments API calls are supported:

  • Create

  • Update

  • Delete

  • List

Create

Create a new Custom Enrichment. Copy the curl commands below and customize them for your environment before sending them to the API. Please remember to use the correct endpoint for your deployment.

Request:

curl --location --request POST 'https://api.<span class="domain-value"></span>/api/v1/external/custom-enrichments' \
--header 'Authorization: Bearer <cx_api_key>' \
--form 'name="\"YOUR_ENRICHMENT_NAME\""' \
--form 'description="\"YOUR_ENRICHMENT_DESCRIPTION\""' \
--form 'file=@"PATH_TO_YOUR_ENRICHMENT.CSV_FILE"'

Note:

The PATH_TO_YOUR_ENRICHMENT.CSV_FILE as for example: "/Users/Test/CustomEnrichment.csv".

Response:

{
    "message": "accepted new enrichment request with id 14",
    "customEnrichmentId": 14
}

Status Codes: 202, 406, 502.

Update

Request:

curl --location --request PUT 'https://webapi.coralogix.com/api/v1/external/custom-enrichments/14' \
--header 'Authorization: Bearer <cx_api_key>' \
--form 'name="\"YOUR_ENRICHMENT_NAME_V2\""' \
--form 'description="\"YOUR_ENRICHMENT_DESCRIPTION\""' \
--form 'file=@"PATH_TO_YOUR_ENRICHMENT.CSV_FILE"'

Notes:

  • Please take a look at the Update Custom Enrichment URL: https://webapi.coralogix.com/api/v1/external/custom-enrichments/<customEnrichmentID>
    The customEnrichmentID used in the Endpoint (14 in this example), is taken from the initial POST request when the Custom Enrichment to update was created.

  • The PATH_TO_YOUR_ENRICHMENT.CSV_FILE as for example: "/Users/Test/CustomEnrichment_V2.csv".

Response:

{
    "message": "accepted update to enrichment request with id 14",
    "customEnrichmentId": 14
}

Status Codes: 202, 502.

Delete

Request:

curl --location --request DELETE 'https://webapi.coralogix.com/api/v1/external/custom-enrichments/14' \
--header 'Authorization: Bearer <cx_api_key>' \
--data-raw ''

Note:

  • Please take a look at the Delete Custom Enrichment URL: https://webapi.coralogix.com/api/v1/external/custom-enrichments/<customEnrichmentID>
    The customEnrichmentID used in the Endpoint (14 in this example), is taken from the initial POST request when the Custom Enrichment to delete  was created.

Response:

{
    "message": "deleted custom enrichment 14",
    "customEnrichmentId": 14
}

Status Codes: 200, 409, 502.

List

Request:

curl --location --request GET 'https://webapi.coralogix.com/api/v1/external/custom-enrichments/' \
--header 'Authorization: Bearer <cx_api_key>'

Response:

[    {        "id": 13,        "name": "Enrichment Test",        "description": "First Coralogix API Custom Enrichment Test",        "version": 1    },    {         "id": 14, "name": "customer's UUID to customer name V2",         "description": "This enrichment is for mapping UUID to name",         "version": 2     }]

Status Codes: 200, 500.

Additional resources

DocumentationCustom Enrichment

Support

Need help?

Our world-class customer success team is available 24/7 to walk you through your setup and answer any questions that may come up.

Feel free to reach out to us via our in-app chat or by emailing [email protected].