Installing

The ExtAPI plugin requires SourceAgent with 1.4.70 or above. Both are available for downloading from https://www.spectx.com/get-spectx.

The ExtAPI downloads the logs from cloud API’s and stores them in a directory on local filesystem. SourceAgent exposes the same directory to SpectX for querying. Both SourceAgent and ExtAPI need to be appropriately configured for this to work.

Installation

To install the SourceAgent follow the steps in SourceAgent installation.

To install ExtApi plugin:

  1. Copy downloaded sa-plugin-extapi-v{version}.jar into SourceAgent’s lib directory.

  2. Copy SpectX license file spectx.lic into SourceAgent’s directory:

    └── sa
        :
        ├── lib
        │   :
        │   └── sa-plugin-extapi-v{version}.jar
        └── spectx.lic
    

Initial Configuration

To enter into configuration mode you need to execute bin/sa.sh configure command (on Linux, Mac OSX terminal) or bin\sa.exe run -r (on Windows Command Prompt).

You can change all the settings at any time by manually editing the SourceAgent’s configuration file and the plugin’s configuration file.

SourceAgent

See the initial configuration items of SourceAgent here.

To make ExtAPI plugin work correctly you’ll need to add a mount point at step 6. This should point at a directory with a write permission in the local filesystem. SourceAgent will use it to expose the content to SpectX for running the queries on. The same container should be configured for ExtAPI to store the retrieved logs (at step 3 below).

Adding a mount point will create a virtual root container entry in the SourceAgent configuration. For example creating a mount point named cloud-logs with path /var/log/cloud-audit-logs will create following root container in the SourceAgent configuration file:

roots.cloud-logs.path=/var/log/cloud-audit-logs

You’ll need to remember the name of the mount point/root container for ExtAPI configuration.

ExtAPI

Configure ExtAPI plugin (doc: https://go.spectx.com/link/123)

    Do you wish to add ext API config (Y/n)?             [Y]:
1   API internal name                                    : o365
2   API type (plugin.extapi.api.o365.type)               []: microsoft_office365
3   Container (plugin.extapi.api.o365.container)         [cloud-logs]:
4   Office 365 plan (plugin.extapi.api.o365.plan)        [ent]:
5   Tenant Id (plugin.extapi.api.o365.tenantId)          []: 7c945a53-fb8d-464a-affb-41b54844d4e1
6   Client Id (plugin.extapi.api.o365.clientId)          []: 0e39b241-6852-44bb-a6bf-fb99ed2323c5
7   Secret key (plugin.extapi.api.o365.secretKey)        []:
    API "o365" of type "microsoft_office365" configured.

    Do you wish to add another API config (y/N)?         [N]:

    ExtAPI plugin's configuration saved to /....../sa/conf/sa-plugin-extapi.conf

where:

  1. Defines a name for the API configuration settings (see API fetching common settings). Can be any string containing no dots.
  2. Defines the type of the API (the configuration key plugin.extapi.api.<name>.type). The valid values are: microsoft_azure, microsoft_azure_ad, microsoft_office365, google_workspace_activities, google_workspace_reports.
  3. Specifies the root container name in the SourceAgent configuration to retrieve the directory path for storing the logs retrieved from the API. The configuration key is plugin.extapi.api.<name>.container

4-7. Define API specific settings (such as API access credentials, etc).

Once complete the configuration is saved to conf/sa-plugin-extapi.conf.

Note

the above is the minimal set of configuration settings. Refer to ExtAPI configuration section to explore all available settings.