Step 1
|
Select , then , and upload the client certificate that will be used by the Threat Defense device for secure communication. See Uploading Internal and Internal CA Certificates for detailed information.
|
Step 2
|
Select , then , and upload the CA certificate that will be used by the Threat Defense device to verify the identity of the collector. See Uploading Trusted CA Certificates for detailed information.
|
Step 3
|
Select , then +, to create the network object that identifies the telemetry collector. See Configuring Network Objects and Groups for detailed information.
Either create a Host object with the IPv4 address of the collector, or an FQDN object that includes the fully qualified name
of the collector, such as telemetry.domain.com. An FQDN must resolve to an IPv4 address, and you must also configure DNS so
the name can be correctly translated.
|
Step 4
|
Obtain the ID of the network object.
-
Select API Explorer from the more options button to access the API pages.
-
Under NetworkObject, select GET /object/networks.
-
In the Filter field in the Parameters section, filter the output to equal the object name. For example, if the network object you created is TelemetryCollector,
the filter would be:
-
Scroll to the bottom of the GET /object/networks section and click Try It Out.
-
If the call is correct, you should get a 200 response code and a meaningful object body, such as the following. Look for the
id entry and make note of the value. In this example, the id value is 79ee2ea9-76b7-11ef-9515-f5b34b7d9531.
{
"items": [
{
"version": "p4qjmqtqn5c5e",
"name": "TelemetryCollector",
"description": null,
"subType": "HOST",
"value": "10.1.1.1",
"isSystemDefined": false,
"dnsResolution": "IPV4_AND_IPV6",
"id": "79ee2ea9-76b7-11ef-9515-f5b34b7d9531",
"type": "networkobject",
"links": {
"self": "https://ftd1.domain.com/api/fdm/v6/object/networks/79ee2ea9-76b7-11ef-9515-f5b34b7d9531"
}
}
|
Step 5
|
Obtain the ID of the internal certificate object.
-
In the API Explorer, under Certificate, select GET /object/internalcertificates.
-
In the Filter field, filter by the certificate name. For example, if the internal certificate for the Threat Defense device is FTD1Cert, the filter would be:
-
Scroll to the bottom of the GET /object/internalcertificates section and click Try It Out.
-
If the call is correct, you should get a 200 response code and a meaningful object body, such as the following. Look for the
id entry and make note of the value. In this example, the id value is d874dfa3-7423-11ef-b3a0-09429aedc3d3.
{
"items": [
{
"version": "gr573izgdsj2o",
"name": "FTD1Cert",
…
ATTRIBUTES REMOVED
…
"id": "d874dfa3-7423-11ef-b3a0-09429aedc3d3",
"type": "internalcertificate",
"links": {
"self": "https://ftd1.domain.com/api/fdm/v6/object/internalcertificates/d874dfa3-7423-11ef-b3a0-09429aedc3d3"
}
}
|
Step 6
|
Obtain the ID of the trusted CA certificate object.
-
In the API Explorer, under Certificate, select GET /object/externalcacertificates .
-
In the Filter field, filter by the certificate name. For example, if the trusted CA certificate for the telemetry collector is TelemetryCollectorCert,
the filter would be:
name:TelemetryCollectorCert
-
Scroll to the bottom of the GET /object/externalcacertificates section and click Try It Out.
-
If the call is correct, you should get a 200 response code and a meaningful object body, such as the following. Look for the
id entry and make note of the value. In this example, the id value is c3d925b4-7423-11ef-b3a0-bf815c0136ac.
{
"items": [
{
"version": "fkry47nobvcnu",
"name": "TelemetryCollectorCert",
…
ATTRIBUTES REMOVED
…
"id": "c3d925b4-7423-11ef-b3a0-bf815c0136ac",
"type": "externalcacertificate",
"links": {
"self": "https://ftd1.domain.com/api/fdm/v6/object/externalcacertificates/c3d925b4-7423-11ef-b3a0-bf815c0136ac"
}
}
|
Step 7
|
Configure the connection between the Threat Defense device and the telemetry collector.
-
In the API Explorer, under TelemetryStreamingConfig, select POST /devicesettings/default/telemetrystreamingconfig.
-
Under , type in the following template into the Value edit box (to avoid copying hidden invalid characters). The meaning of each field is explained in this template. Explanations
within <> characters are variables that you must replace; the other values need to remain as shown. Comma, parentheses, colon,
and {} placement are critical.
{
"name": “<a unique name for the gRPC streaming config API>",
"connectionMode": "DIAL_OUT",
"port": "<port on which the collector is waiting for connections from the
Threat Defense device, 1-65535. Check the collector configuration
for the right value.>",
"targetHost": {
"name": "<name of the network object that identifies the telemetry collector host>",
"id": "<ID of the network object>",
"type": "networkobject"
},
"clientCertificate": {
"name": "<The name of the internal certificate that identifies the Threat Defense device>",
"id": "<ID of the internal certificate object.>",
"type": internalcertificate
}
"caCertificate": {
"name": "<The name of the trusted CA certificate for the telemetry collector>",
"id": "<ID of the trusted CA certificate>",
"type": "externalcacertificate"
},
"type": "telemetrystreamingconfig"
}
Given the example values shown in this procedure, the following would be a correct payload. Note that the name and port values
are not determined by the previous steps, you can change these as needed.
{
"name": "YourCompanyTelemetry",
"connectionMode": "DIAL_OUT",
"port": 50051,
"targetHost": {
"name": "TelemetryCollector",
"id": "79ee2ea9-76b7-11ef-9515-f5b34b7d9531",
"type": "networkobject"
},
"clientCertificate": {
"name": "FTD1Cert",
"id": "d874dfa3-7423-11ef-b3a0-09429aedc3d3",
"type": "internalcertificate"
},
"caCertificate": {
"name": "TelemetryCollectorCert",
"id": "c3d925b4-7423-11ef-b3a0-bf815c0136ac",
"type": "externalcacertificate"
},
"type": "telemetrystreamingconfig"
}
-
Scroll to the bottom of the section and click Try It Out.
-
Look for a response code of 200. If you see any other code, fix the errors and try again. The successful response body should
look like the following:
{
"version": "jfwu476cue32n",
"name": "YourCompanyTelemetry",
"connectionMode": "DIAL_OUT",
"port": 50051,
"targetHost": {
"version": "p4qjmqtqn5c5e",
"name": "TelemetryCollector",
"id": "79ee2ea9-76b7-11ef-9515-f5b34b7d9531",
"type": "networkobject"
},
"clientCertificate": {
"version": "gr573izgdsj2o",
"name": "FTD1Cert",
"id": "d874dfa3-7423-11ef-b3a0-09429aedc3d3",
"type": "internalcertificate"
},
"caCertificate": {
"version": "fkry47nobvcnu",
"name": "TelemetryCollectorCert",
"id": "c3d925b4-7423-11ef-b3a0-bf815c0136ac",
"type": "externalcacertificate"
},
"id": "b6dc6f28-76c1-11ef-9515-8ff976794f92",
"type": "telemetrystreamingconfig",
"links": {
"self": "https://ftd1.domain.com/api/fdm/v6/devicesettings/default/telemetrystreamingconfig/b6dc6f28-76c1-11ef-9515-8ff976794f92"
}
}
|