Table of Contents
Introduction to Postman and Trellix SaaS API
In this guide, we will walk you through the process of using Postman to test the Trellix SaaS API, focusing on how to retrieve threat and Data Loss Prevention (DLP) incident data. Postman is a powerful tool for API testing that simplifies request construction and response validation.
Setting Up Postman
First, ensure that you have Postman installed on your system. Once installed, you will need to set up your workspace to organize your tests effectively. This includes creating a new collection specifically for the Trellix API, where you can store your requests for retrieving incident data.
Authentication and Request Construction
The next step is to authenticate your requests. Trellix requires you to use API keys or tokens. In Postman, navigate to the Authorization tab in your request to input your credentials. After authentication, you can start constructing your request. Specify the appropriate endpoint for retrieving threat and DLP incident data and choose the correct HTTP method, typically GET.
Make sure to include any necessary headers or parameters as specified by the Trellix API documentation. After setting everything up, send your request and observe the response.
Scope list
epo.agtdp.r audit.svc.r epo.tasks.r epo.tasks.w epo.device.r epo.device.w dpim.api.r udlp.im.vf udlp.im.vm epo.evt.r epo.grps.r epo.grps.w ins.ms.r ins.suser ins.user epo.repo.r epo.tags.r epo.tags.w epo.taggroup.r epo.taggroup.w ePO API: https://api.manage.trellix.com/*******
DLP API URL: https://api.manage.trellix.com/dpim/v2/incident
Token URL :https://auth.trellix.com/auth/realms/IAM/protocol/openid-connect/token
-----------------------------------------------------------------------------------------------------------------------------
API token Curl
curl --location --request POST 'https://auth.trellix.com/auth/realms/IAM/protocol/openid-connect/token'
--header 'Content-Type: application/x-www-form-urlencoded'
--header 'Authorization: Basic <Base64 Encoded CLIENT_ID:CLIENT_SECRET>'
--data-urlencode 'grant_type=client_credentials'
--data-urlencode 'scope=<Scope required(space separated). Scopes should be from the list of selected scopes in client credentials management page>'
-----------------------------------------------------------------------------------------------------------------------------
API Call
curl --location --request GET 'https://api.manage.trellix.com/epo/v2/devices'
--header 'Content-Type: application/vnd.api+json’
--header 'x-api-key: <TRELLIX_API_KEY>’
--header 'Authorization: Bearer <ACCESS_TOKEN>
----------------------------------------------------------------------------------------------------------------------------
https://api.manage.trellix.com/*******
/epo/v2/devices
/epo/v2/events
/epo/v2/tags
/epo/v2/groups
/epo/v2/agentdeploymenturls
/epo/v2/repositoryPackages
Etc...
Response Validation
Upon receiving a response, validate the data to ensure it meets your expectations. Look for the status code to confirm a successful request and inspect the body of the response for the incident data you need. This step is crucial as it helps to verify the integrity of the data retrieved using the Trellix SaaS API.
By following these steps, you can effectively leverage Postman for testing the Trellix API’s capabilities in managing threat and DLP incident data. elearninginfoit
