Cisco AMP for Endpoints API

POST /v1/event_streams

Description

Creates a new AMQP messaging resource for events information

When successfully requested, will create a streaming resource accessible using the Advanced Messaging Queue Protocol (AMQP)

The credentials that can be used to connect to this queue are returned in the API response, which includes amqp_credentials hash with keys user_name, password, queue_name, host, port, and proto. You can use these to connect to queue with any client adhering to the AMQP protocol

Other important notes:

The passive and durable bits should be set on the queue
The protocol is over SSL/TLS. Therefore you should either prefix the uri with amqps:// or explicitly enable TLS on your client
This is the only time you will see the password

Example implementation in Ruby:

Client implementation with the bunny gem:

require 'bunny'

connection_url = "#{amqp_credentials['proto']}://#{amqp_credentials['user_name']}:#{amqp_credentials['password']}@#{amqp_credentials['host']}:#{amqp_credentials['port']}"

conn = Bunny.new(connection_url)
conn.start

ch = conn.create_channel
q  = ch.queue(amqp_credentials['queue_name'], :passive => true, :durable => true)
x  = ch.default_exchange

q.subscribe(:block => true) do |delivery_info, metadata, payload|
  puts "Received #{payload}"
end

Please note that you can obtain the information about event stream not only from API response immediately after create action, but via the endpoint GET '/v1/event_streams/' without showing the password.

API Limitations

Events have a time-to-live (TTL) of 10 days within each streaming resource
limit of 5 active resources across each organization

Show Response Fields

Name	Type	Description
version	String
metadata.links.self	String
data.id	Integer
data.name	String
data.amqp_credentials.user_name	String
data.amqp_credentials.password	String
data.amqp_credentials.queue_name	String
data.amqp_credentials.host	String
data.amqp_credentials.port	String
data.amqp_credentials.proto	String

Write

Preview

Describe this action in markdown

Creates a new AMQP messaging resource for events information

When successfully requested, will create a streaming resource accessible using the Advanced Messaging Queue Protocol [(AMQP)](https://en.wikipedia.org/wiki/Advanced_Message_Queuing_Protocol)

The credentials that can be used to connect to this queue are returned in the API response, which includes `amqp_credentials` hash with keys `user_name`, `password`, `queue_name`, `host`, `port`, and `proto`. You can use these to connect to queue with any client adhering to the AMQP protocol

Other important notes:

* The passive and durable bits should be set on the queue
* The protocol is over SSL/TLS. Therefore you should either prefix the uri with  `amqps://` or explicitly enable TLS  on your client
* This is the only time you will see the password

#### Example implementation in Ruby:
Client implementation with the [bunny](https://github.com/ruby-amqp/bunny) gem:  
```
require 'bunny'

connection_url = "#{amqp_credentials['proto']}://#{amqp_credentials['user_name']}:#{amqp_credentials['password']}@#{amqp_credentials['host']}:#{amqp_credentials['port']}"

conn = Bunny.new(connection_url)
conn.start

ch = conn.create_channel
q  = ch.queue(amqp_credentials['queue_name'], :passive => true, :durable => true)
x  = ch.default_exchange

q.subscribe(:block => true) do |delivery_info, metadata, payload|
  puts "Received #{payload}"
end
```

Please note that you can obtain the information about event stream not only from API response immediately after create action, but via the endpoint GET '/v1/event_streams/<stream id>' without showing the password.

### API Limitations

* Events have a time-to-live (TTL) of 10 days within each streaming resource
* limit of 5 active resources across each organization

[Show Response Fields](response-fields)

|Name|Type|Description|
|---|---|---|
|version|String||
|metadata.links.self|String||
|data.id|Integer||
|data.name|String||
|data.amqp_credentials.user_name|String||
|data.amqp_credentials.password|String||
|data.amqp_credentials.queue_name|String||
|data.amqp_credentials.host|String||
|data.amqp_credentials.port|String||
|data.amqp_credentials.proto|String||

Auto Generate

Examples

Creates a new event stream

Creates a new event stream without event types

Creates a new event stream

Request

Requires Authorization

POST /v1/event_streams

Headers

accept: application/json
content-type: application/json
authorization: Basic FILTERED
content-length: 99

cURL Edit, then copy and paste on your terminal

curl -X POST \
-H 'accept: application/json' \
-H 'content-type: application/json' \
-H 'content-length: 99' \
--compressed -H 'Accept-Encoding: gzip, deflate' \
-d '{"name":"IAcHMChr","event_type":[1090519054],"group_guid":["5cdf70dd-1b14-46a0-be90-e08da14172d8"]}' \
-u YOUR_API_CLIENT_ID \
'https://api.amp.cisco.com/v1/event_streams'

Body

{"name":"IAcHMChr","event_type":[1090519054],"group_guid":["5cdf70dd-1b14-46a0-be90-e08da14172d8"]}

Response

Shortened for readability

strict-transport-security: max-age=31536000
content-type: application/json; charset=utf-8
status: 201 Created
x-ratelimit-limit: 3000
x-ratelimit-reset: 3569
x-ratelimit-remaining: 2954
x-frame-options: SAMEORIGIN
x-ratelimit-resetdate: 2020-02-20T19:42:33Z
transfer-encoding: chunked

{
  "version": "v1.2.0",
  "metadata": {
    "links": {
      "self": "https://api.amp.cisco.com/v1/event_streams"
    }
  },
  "data": {
    "id": 26392,
    "name": "IAcHMChr",
    "group_guids": [
      "5cdf70dd-1b14-46a0-be90-e08da14172d8"
    ],
    "event_types": [
      1090519054
    ],
    "amqp_credentials": {
      "user_name": "26392-16db5cf986eec6f44422",
      "queue_name": "event_stream_26392",
      "password": "5e867b39f480e6490d9729661f6b1609027cc677",
      "host": "export-streaming-lb-int.qa1.immunet.com",
      "port": "443",
      "proto": "https"
    }
  }
}