The following procedure will help you integrate the Alert Logic® network intrusion detection system and log management with PowerBI via API. This will allow you to track your Alert Logic metrics through PowerBI, which is a business intelligence service that provides interactive visualizations of analytics.
Note: The following information applies only to Alert Logic customers with Cloud Defender, Threat Manager, or Log Manager entitlements.
Resolution
- Request an API key from the Get Your API Key form.
Note: There are different endpoints for each data center. Use the endpoint for the data center that you're data resides in. These include:
Denver: https://publicapi.alertlogic.net
Ashburn: https://publicapi.alertlogic.com
Newport: https://publicapi.alertlogic.co.uk - In PowerBI, set up a new data source. Select Home > Get Data > Web.
- Enter the API endpoint into the URL text box.
Note: There are various API endpoints for different sources:
Threat Manager: /api/tm/v1/appliances/
Log Manager: /api/lm/v1/appliances/
Protected hosts: /api/tm/v1/protectedhosts/
Log sources: /api/lm/v1/sources/ - When you are prompted for authentication, choose Basic from the left panel. Enter the API key that you requested in step #1.
Your query should now be visible under Fields in the right-hand panel. - Expand your query to view all of the information from the API. To do so, select Home > Edit Queries > Edit Queries.
- Your query should now be in the Query Editor. Choose List > Convert > Into Table. When you are prompted to Create a table from a list of values, choose OK.
The table created above should look like the image below:
These are all of the fields that PowerBI has pulled from the API. Click the expand button in the top right corner next to the Column1 title to display all of the information. You will need to do this for each layer within the json outputs that you want to display. - Expand all columns and delete anything that you don't need. You should have something like the below image:
- In your PowerBI Desktop, click Apply Changes. Your updated query will now be visible in the Fields panel.
- Visualize your data. There are various ways to do this. Some examples are below:
- You can complete this procedure for Log Manager appliances, as well. Add a new source as in step #2, then enter your Log Manager API endpoint. It will use the same authentication as the setup for Threat Manager.
Additional Information
Additional information and procedures about our API are included in our Alert Logic API documentation.
Comments
0 comments
Please sign in to leave a comment.