Integration Noname API Security

Question

Hello!I successfully integrated Noname Api Security with Secops via webhook, according to the documentation. However, I'm still not receiving incident logs. According to the client API, I should be receiving these types of logs, but I only have a test message from the integration that is “Noname webhook integration". Do I need to configure anything else on Noname's side to receive these logs via webhook? I use theses documentation https://cloud.google.com/chronicle/docs/administration/feed-management#webhook-endpoint-url. The status from the feed is active, so I don’t know if I need to configure something more on Noname to receive this events.

chrisproudley · Answer

Hi ​@leezanelatto, do you see anything in a raw log search in SecOps (e.g. raw = “noname”), or is the feed totally silent? It’s a little difficult to find out much about how to enable things on the NoName side as they were acquired by Akamai, so their documentation is closed to me. Maybe you would have more luck:https://techdocs.akamai.com/api-security/docs/welcome-to-api-securityFor reference, in case you didn’t find it already, we published exactly what our parser is looking for here, but of course that depends on the feed sending any data at all:https://cloud.google.com/chronicle/docs/ingestion/parser-list/noname-api-security-changelogIf none of the above gets you any further forward, a support ticket filed on our side would allow you to conclusively prove whether the feed is totally silent or not, and if it is, I think involving Akamai/NoName support would be essential, to figure out how to turn the feed on at the other end.

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded