ArcSight APIs SDK Service-Oriented Architecture ESM
-
Upload
rgarcp2348 -
Category
Documents
-
view
324 -
download
6
Transcript of ArcSight APIs SDK Service-Oriented Architecture ESM
-
7/23/2019 ArcSight APIs SDK Service-Oriented Architecture ESM
1/34
www.arcsight.com 1 2010 ArcSight Confidential
2010 ArcSight, Inc. All rights reserved.ArcSight and the ArcSight logo are trademarks of ArcSight, Inc. All other product and company names may be trademarks or registered trademarks of their respective owners.
SN66: APIs, SDK and Service-Oriented
Architecture in ArcSight ESM
Yanlin WangSoftware Architect
September 2010
-
7/23/2019 ArcSight APIs SDK Service-Oriented Architecture ESM
2/34
www.arcsight.com 2 2010 ArcSight Confidential
Overview
This session will be geared towards the advance ArcSight ESMuser, system integrator, ISV, etc.
To learn how to programmatically consume ArcSight ESMfunctionalities
Run report in your portal Retrieve ArcSight ESM resource data
Coding required
-
7/23/2019 ArcSight APIs SDK Service-Oriented Architecture ESM
3/34
www.arcsight.com 3 2010 ArcSight Confidential
Agenda
Server architecture overview
ArcSight ESM service layer
SDK & development environment
Developing ArcSight ESM application
-
7/23/2019 ArcSight APIs SDK Service-Oriented Architecture ESM
4/34
www.arcsight.com 4 2010 ArcSight Confidential
Server Architecture Overview
-
7/23/2019 ArcSight APIs SDK Service-Oriented Architecture ESM
5/34
www.arcsight.com 5 2010 ArcSight Confidential
ArcSight ESM The Open Platform
Web 2.0 Client Web Service Client iPhone/iPad
ESM Open Platform
JMX-WS/WS-Man Client
Plugin DM
Plugin DM
ESM Plugin
Server Architecture Overview
-
7/23/2019 ArcSight APIs SDK Service-Oriented Architecture ESM
6/34
www.arcsight.com 6 2010 ArcSight Confidential
Demo
Server Architecture Overview
-
7/23/2019 ArcSight APIs SDK Service-Oriented Architecture ESM
7/34www.arcsight.com 7 2010 ArcSight Confidential
Server Architecture
Next generation J2EE technology ArcSight DM Framework
ArcSight ESM service layer enterprise SOA platform
Expose ArcSight ESM functionalities to web services: SOAP,REST/JSON, REST/XML, GWTRPC, etc.
SDK
New management tools
ArcSight DM console
Remote JMX tool
Server Architecture Overview
-
7/23/2019 ArcSight APIs SDK Service-Oriented Architecture ESM
8/34www.arcsight.com 8 2010 ArcSight Confidential
ArcSight ESM Manager Components Diagram
JVM
ESM Service LayerDynamic Modules
Plugin DM
ArcSight DM Framework
J2EE Container DMService
ArcSight DMCore Services
Equinox (OSGI)
ArcSight DMService Extention
ESM ManagerServer DM
Plugin DMPlugin DM
Server Architecture Overview
-
7/23/2019 ArcSight APIs SDK Service-Oriented Architecture ESM
9/34www.arcsight.com 9 2010 ArcSight Confidential
ArcSight ESM Service Layer
-
7/23/2019 ArcSight APIs SDK Service-Oriented Architecture ESM
10/34www.arcsight.com 10 2010 ArcSight Confidential
What is ArcSight ESM Service Layer
A SOA platform
Expose ArcSight ESM functionalities to web services
Provides a suite of loosely coupled services with multipleprotocols
SOAP, REST (XML/JSON), GWTRPC, JMX-WS (WS-Man), etc.
Options to consume the ArcSight ESM service
By Java service client API (ArcSight ESM SDK)
SOAP Client API
RESTful Scripts GWTRPC Client API
By protocol
WSDL
ArcSight ESM Service Layer
-
7/23/2019 ArcSight APIs SDK Service-Oriented Architecture ESM
11/34www.arcsight.com 11 2010 ArcSight Confidential
Service Implementation
ArcSight ESM Manager
ArcSight ESM Service Layer
AXIS2JAXWS
JerseyJAXRS1.0
JSR262RI
GWTRPC
SOAP REST/JSON,XML
JMXWS
GWTRPC
ArcSight ESM Service Layer
-
7/23/2019 ArcSight APIs SDK Service-Oriented Architecture ESM
12/34www.arcsight.com 12 2010 ArcSight Confidential
General Steps of Consuming Service
Login through LoginService and get auth token
Use auth token to consume services
ArcSight ESM Service Layer
-
7/23/2019 ArcSight APIs SDK Service-Oriented Architecture ESM
13/34www.arcsight.com 13 2010 ArcSight Confidential
Example of Consuming Service via REST XML (1 of 3)
Login and get auth token
https://myhost:8443/www/core-service/rest/LoginService/login?login=admin&password=password
ArcSight ESM Service Layer
-
7/23/2019 ArcSight APIs SDK Service-Oriented Architecture ESM
14/34www.arcsight.com 14 2010 ArcSight Confidential
Example of Consuming Service via REST XML (2 of 3)
Search a data monitor with text string (Same function as consolefull text search)
https://myhost:8443/www/manager-service/rest/ManagerSearchService/search1?authToken= hudcmyGWThlIGhJtWr9ZZxUZvvT9gIhKpTg4S8QHgPw.&queryStr=datamonitor
event throughput&pageSize=50
ArcSight ESM Service Layer
S S S
-
7/23/2019 ArcSight APIs SDK Service-Oriented Architecture ESM
15/34www.arcsight.com 15 2010 ArcSight Confidential
Example of Consuming Service via REST (3 of 3)
Get the detailed resource data https://myhost:8443/www/manager-
service/rest/ResourceService/findByUUID?authToken=hudcmyGWThlIGhJtWr9ZZxUZvvT9gIhKpTg4S8QHgPw.&id=C6G3MNPMAABCAbTjjDsBRuQ==
ArcSight ESM Service Layer
A Si ht ESM S i L
-
7/23/2019 ArcSight APIs SDK Service-Oriented Architecture ESM
16/34www.arcsight.com 16 2010 ArcSight Confidential
Service Layer in ArcSight ESM 5.0
SOA infrastructure ArcSight ESM 5.0 Services
ArchiveReportService ManagerSearchService ResourceService
DashboardService
Currently Service Layer provides service around following resources ArchiveReport Dashboard DataMonitor
FileResource
Portlet Report Basic Resource (contains attributes share among all resources) Resource Reference
ViewerConfigurarion
ArcSight ESM Service Layer
A Si ht ESM S i L
-
7/23/2019 ArcSight APIs SDK Service-Oriented Architecture ESM
17/34www.arcsight.com 17 2010 ArcSight Confidential
How to Find Out Services
https://myhost:8443/www/manager-service/services/listServices
ArcSight ESM Service Layer
A Si ht ESM S i L
-
7/23/2019 ArcSight APIs SDK Service-Oriented Architecture ESM
18/34www.arcsight.com 18 2010 ArcSight Confidential
How to Find Out WSDL
https://myhost:8443/www/manager-service/services/servicename?wsdl
ArcSight ESM Service Layer
-
7/23/2019 ArcSight APIs SDK Service-Oriented Architecture ESM
19/34
www.arcsight.com 19 2010 ArcSight Confidential
SDK & Development Environment
SDK & D l t E i t
-
7/23/2019 ArcSight APIs SDK Service-Oriented Architecture ESM
20/34
www.arcsight.com 20 2010 ArcSight Confidential
ArcSight ESM Service Layer SDK
SDK is a set of tools and libraries provided for softwaredevelopers to create their own application which consumesservices provided by ArcSight ESM service layer
SDK contains SOAP and GWTRPC client Java API
Generate report Full text search
Retrieve resource data
SDK is installed within ArcSight ESM manager
$ARCSIGHT_HOME/utilites/sdk/lib Service client API libraries
Java doc are located
SDK & Development Environment
SDK & Development Environment
-
7/23/2019 ArcSight APIs SDK Service-Oriented Architecture ESM
21/34
www.arcsight.com 21 2010 ArcSight Confidential
Setup JDK
Install JDK 1.6.0_17 or above
Import ArcSight ESM managers CA cert or self signed cert tojdk/lib/security/cacerts
self signed certificate with ip address in CN will get exception
j ava. secur i t y. cer t . Cer t i f i cat eExcept i on: No subj ectal t er nat i ve names pr esent
Wrong CA cert or self signed cert will get exception
sun. secur i t y. val i dat or . Val i dat or Except i on: PKI X pat hbui l di ng f ai l ed
SDK & Development Environment
SDK & Development Environment
-
7/23/2019 ArcSight APIs SDK Service-Oriented Architecture ESM
22/34
www.arcsight.com 22 2010 ArcSight Confidential
Setup IDE Eclipse
Add user libraries Preferences->Java->Build Path->Classpath Variables
Create Variable (eg. ESM_SDK_LIB) pointing to$ARCSIGHT_HOME/utilites/sdk/lib
User JDK 1.6.0_17 as default JDK Create new project
Add SDK library jar files to project build path
Project->properties->Java Build Path->Libraries->Add Variable
Choose ESM_SDK_LIB -> Extend Add all SDK library jar files
SDK & Development Environment
-
7/23/2019 ArcSight APIs SDK Service-Oriented Architecture ESM
23/34
www.arcsight.com 23 2010 ArcSight Confidential
Developing ArcSight ESM Application
Developing ArcSight ESM Application
-
7/23/2019 ArcSight APIs SDK Service-Oriented Architecture ESM
24/34
www.arcsight.com 24 2010 ArcSight Confidential
Example of Consuming Service
via SOAP Client API Provided in SDK (Slide 1 of 2)
// =================================================// Invoke Login Service// =================================================// construct LoginServiceFactory (LoginService is part of core service// module)LoginServiceClientFactory loginServiceClientFactory = new LoginServiceClientFactory();
// set the service base url. ESMs service base url is// https://host:port/www/System.setProperty("com.arcsight.coma.client.ws.baseURL","https://yanlinwang-pc:8443/www/");// loginServiceClientFactory.setBaseURL("https://10.4.21.186:8443/www/");
// create service client instance from factoryLoginService loginService = loginServiceClientFactory.createClient();
// invoke login service and get authTokenString authToken = loginService.login(null, "admin", "password");
Developing ArcSight ESM Application
Developing ArcSight ESM Application
-
7/23/2019 ArcSight APIs SDK Service-Oriented Architecture ESM
25/34
www.arcsight.com 25 2010 ArcSight Confidential
Example of Consuming Service
via SOAP Client API Provided in SDK (Slide 2 of 2)
// =================================================
// Invoke Archive Report Service// =================================================ArchiveReportServiceClientFactory archiveReportServiceClientFactory = newArchiveReportServ iceClientFactory();
// create service client instance from factoryArchiveReportService archiveReportService = archiveReportServiceClientFactory.createClient();
// invoke report service to create achiveReport by a reported, the
// return will be archive report file id, you can use that to download// report.
String fileId = archiveReportService.initDefaultArchiveReportDownloadByURI(authToken,"/All Reports/ArcSight Administration/ESM/Configuration Changes/Resources/Resource Updated Report","Manual");
// Download report using the download job iddownload(
new URL(
"https://yanlinwang-pc:8443/www/manager-service/fileservlet?file.command=download&file.id="+ fileId), "Resources Updated Report.html");
Developing ArcSight ESM Application
Developing ArcSight ESM Application
-
7/23/2019 ArcSight APIs SDK Service-Oriented Architecture ESM
26/34
www.arcsight.com 26 2010 ArcSight Confidential
APIs
ArchiveReportService generate archive report
ManagerSearchService full text search resources
DashboardService retrieve dashboard data
ResourceService retrieve resource data
InfoService retrieve manager server info
Developing ArcSight ESM Application
Developing ArcSight ESM Application
-
7/23/2019 ArcSight APIs SDK Service-Oriented Architecture ESM
27/34
www.arcsight.com 27 2010 ArcSight Confidential
Documents
Find ArcSight ESM webservices API in$ARCSIGHT_HOME/utilites/sdk/lib/manager-javadoc-1.0.0.release.xxx.jar
Extract jar file into a folder
Open index.html in theextracted folder with webbrowser
Get SDK development guidefrom support
Developing ArcSight ESM Application
Developing ArcSight ESM Application
-
7/23/2019 ArcSight APIs SDK Service-Oriented Architecture ESM
28/34
www.arcsight.com 28 2010 ArcSight Confidential
Test and Debug
Check ArcSight ESM manager log
Use browser and REST URL to test
Write unit test before integrating into the system
Developing ArcSight ESM Application
Developing ArcSight ESM Application
-
7/23/2019 ArcSight APIs SDK Service-Oriented Architecture ESM
29/34
www.arcsight.com 29 2010 ArcSight Confidential
Consuming Service
via REST Programmatically (Slide 1 of 4)
Pros Simple
No need to setup SDK libraries
Return data will be XML/JSON
Cons Not strong typed
Not suitable for large application
Developing ArcSight ESM Application
Developing ArcSight ESM Application
-
7/23/2019 ArcSight APIs SDK Service-Oriented Architecture ESM
30/34
www.arcsight.com 30 2010 ArcSight Confidential
Consuming Service
via REST Programmatically (Slide 2 of 4)
/*** generate ESM REST service URL based on parameters** @param moduleName - ESM service module (eg. manager-service)* @param serviceName - ESM service name (eg. ManagerSearchService)* @param methodName - service method name (eg. search1)* @param params - REST service parameters* @return url string*/
public static String getRestUrl (String moduleName, String serviceName, String methodName, HashMap params)
{
String url = "https://yanlinwang-pc:8443/www/" + moduleName + "/rest/" + serviceName + "/" + methodName;
boolean questionMark = false;
for(Entry param : params.entrySet()){
if (!questionMark) {
url = url + "?" + param.getKey() + "=" + new String(URLEncoder.encode(param.getValue()));questionMark = true;
} else {
url = url + "&" + param.getKey() + "=" + new String(URLEncoder.encode(param.getValue()));}}return url;
}
Developing ArcSight ESM Application
Developing ArcSight ESM Application
-
7/23/2019 ArcSight APIs SDK Service-Oriented Architecture ESM
31/34
www.arcsight.com 31 2010 ArcSight Confidential
Consuming Service
via REST Programmatically (Slide 3 of 4)
/*** Query a REST service and return the xml data** @param moduleName - ESM service modu le (eg. manager-service)* @param serviceName - ESM service name (eg. ManagerSearchService)* @param methodName - service method name (eg. search1)* @param params - REST service parameters* @return REST response xml* @throws Exception*/
public static String getRestXml(String moduleName, String serviceName,
String methodName, HashMap params) throws Exception {String urlstr = getRestUrl(moduleName, serviceName, methodName, params);URL url = new URL(urlstr);URLConnection connection = url.openConnection();BufferedReader in = new BufferedReader(new InputStreamReader(connection.getInputStream()));StringBuffer sb = new StringBuffer();String line;
while ((line = in.readLi ne()) != null) {sb.append(line);
}in.close();return sb.toString();
}
Developing ArcSight ESM Application
Developing ArcSight ESM Application
-
7/23/2019 ArcSight APIs SDK Service-Oriented Architecture ESM
32/34
www.arcsight.com 32 2010 ArcSight Confidential
Consuming Service
via REST Programmatically (Slide 4 of 4)
//Login through RESTHashMap params = new HashMap();params.put("login", "admin");params.put("password", "password");String xml = getRestXml("core-service", "LoginService", "login", params);
// Parse the XML for tokenDocumentBuilderFactory f = DocumentBuilderFactory.newInstance();DocumentBuilder b = f.newDocumentBuilder();Document d = b.parse(new ByteArrayInputStream( xml.getBytes()));
Node node = d.getDocumentElement().getChildNodes().item(0);String token = node.getTextContent();if (token==null){
System.out.println("Failed to login");System.out.println (xml);return;
}
//Search datamonitor resource
params = new HashMap();params.put("authToken", token);params.put("queryStr", "datamonitor event throughput" );params.put("pageSize", "50");String resXml = getRestXml("manager-service", "ManagerSearchService", "search1", params);
Developing ArcSight ESM Application
-
7/23/2019 ArcSight APIs SDK Service-Oriented Architecture ESM
33/34
www.arcsight.com 33 2010 ArcSight Confidential
Your Feedback Builds a Better Conference!
Download session replays after the conference:
https://protect724.arcsight.com/community/protect10
Excellent Good Fair Poor
Rate the speaker a b c d
Rate the content e f g h
Please provide comments: (*) enter any comments/feedback
Text to 32075 (USA & Canada) or 447786204951 (Non-USA)
TypeARCS 66 and the letter to each response
SMS body example: ARCS 66ae*your comments
-
7/23/2019 ArcSight APIs SDK Service-Oriented Architecture ESM
34/34
ArcSight, Inc.
Corporate Headquarters: 1 888 415 ARST
EMEA Headquarters: +44 (0)844 745 2068
Asia Pac Headquarters: +65 6248 4795
www.arcsight.com