arcsight apis sdk service-oriented architecture esm

7/23/2019 ArcSight APIs SDK Service-Oriented Architecture ESM

1/34

www.arcsight.com 1 2010 ArcSight Confidential

2010 ArcSight, Inc. All rights reserved.ArcSight and the ArcSight logo are trademarks of ArcSight, Inc. All other product and company names may be trademarks or registered trademarks of their respective owners.

SN66: APIs, SDK and Service-Oriented

Architecture in ArcSight ESM

Yanlin WangSoftware Architect

September 2010


2/34


Overview

This session will be geared towards the advance ArcSight ESMuser, system integrator, ISV, etc.

To learn how to programmatically consume ArcSight ESMfunctionalities

Run report in your portal Retrieve ArcSight ESM resource data

Coding required


3/34


Agenda

Server architecture overview

ArcSight ESM service layer

SDK & development environment

Developing ArcSight ESM application


4/34


Server Architecture Overview


5/34


ArcSight ESM The Open Platform

Web 2.0 Client Web Service Client iPhone/iPad

ESM Open Platform

JMX-WS/WS-Man Client

Plugin DM

Plugin DM

ESM Plugin



6/34


Demo



7/34www.arcsight.com 7 2010 ArcSight Confidential

Server Architecture

Next generation J2EE technology ArcSight DM Framework

ArcSight ESM service layer enterprise SOA platform

Expose ArcSight ESM functionalities to web services: SOAP,REST/JSON, REST/XML, GWTRPC, etc.

SDK

New management tools

ArcSight DM console

Remote JMX tool




ArcSight ESM Manager Components Diagram

JVM

ESM Service LayerDynamic Modules

Plugin DM

ArcSight DM Framework

J2EE Container DMService

ArcSight DMCore Services

Equinox (OSGI)

ArcSight DMService Extention

ESM ManagerServer DM

Plugin DMPlugin DM




ArcSight ESM Service Layer



What is ArcSight ESM Service Layer

A SOA platform

Expose ArcSight ESM functionalities to web services

Provides a suite of loosely coupled services with multipleprotocols

SOAP, REST (XML/JSON), GWTRPC, JMX-WS (WS-Man), etc.

Options to consume the ArcSight ESM service

By Java service client API (ArcSight ESM SDK)

SOAP Client API

RESTful Scripts GWTRPC Client API

By protocol

WSDL




Service Implementation

ArcSight ESM Manager


AXIS2JAXWS

JerseyJAXRS1.0

JSR262RI

GWTRPC

SOAP REST/JSON,XML

JMXWS

GWTRPC




General Steps of Consuming Service

Login through LoginService and get auth token

Use auth token to consume services




Example of Consuming Service via REST XML (1 of 3)

Login and get auth token

https://myhost:8443/www/core-service/rest/LoginService/login?login=admin&password=password




Example of Consuming Service via REST XML (2 of 3)

Search a data monitor with text string (Same function as consolefull text search)

https://myhost:8443/www/manager-service/rest/ManagerSearchService/search1?authToken= hudcmyGWThlIGhJtWr9ZZxUZvvT9gIhKpTg4S8QHgPw.&queryStr=datamonitor

event throughput&pageSize=50


S S S



Example of Consuming Service via REST (3 of 3)

Get the detailed resource data https://myhost:8443/www/manager-

service/rest/ResourceService/findByUUID?authToken=hudcmyGWThlIGhJtWr9ZZxUZvvT9gIhKpTg4S8QHgPw.&id=C6G3MNPMAABCAbTjjDsBRuQ==


A Si ht ESM S i L



Service Layer in ArcSight ESM 5.0

SOA infrastructure ArcSight ESM 5.0 Services

ArchiveReportService ManagerSearchService ResourceService

DashboardService

Currently Service Layer provides service around following resources ArchiveReport Dashboard DataMonitor

FileResource

Portlet Report Basic Resource (contains attributes share among all resources) Resource Reference

ViewerConfigurarion


A Si ht ESM S i L



How to Find Out Services

https://myhost:8443/www/manager-service/services/listServices


A Si ht ESM S i L



How to Find Out WSDL

https://myhost:8443/www/manager-service/services/servicename?wsdl



19/34


SDK & Development Environment

SDK & D l t E i t


20/34


ArcSight ESM Service Layer SDK

SDK is a set of tools and libraries provided for softwaredevelopers to create their own application which consumesservices provided by ArcSight ESM service layer

SDK contains SOAP and GWTRPC client Java API

Generate report Full text search

Retrieve resource data

SDK is installed within ArcSight ESM manager

$ARCSIGHT_HOME/utilites/sdk/lib Service client API libraries

Java doc are located




21/34


Setup JDK

Install JDK 1.6.0_17 or above

Import ArcSight ESM managers CA cert or self signed cert tojdk/lib/security/cacerts

self signed certificate with ip address in CN will get exception

j ava. secur i t y. cer t . Cer t i f i cat eExcept i on: No subj ectal t er nat i ve names pr esent

Wrong CA cert or self signed cert will get exception

sun. secur i t y. val i dat or . Val i dat or Except i on: PKI X pat hbui l di ng f ai l ed




22/34


Setup IDE Eclipse

Add user libraries Preferences->Java->Build Path->Classpath Variables

Create Variable (eg. ESM_SDK_LIB) pointing to$ARCSIGHT_HOME/utilites/sdk/lib

User JDK 1.6.0_17 as default JDK Create new project

Add SDK library jar files to project build path

Project->properties->Java Build Path->Libraries->Add Variable

Choose ESM_SDK_LIB -> Extend Add all SDK library jar files



23/34


Developing ArcSight ESM Application



24/34


Example of Consuming Service

via SOAP Client API Provided in SDK (Slide 1 of 2)

// =================================================// Invoke Login Service// =================================================// construct LoginServiceFactory (LoginService is part of core service// module)LoginServiceClientFactory loginServiceClientFactory = new LoginServiceClientFactory();

// set the service base url. ESMs service base url is// https://host:port/www/System.setProperty("com.arcsight.coma.client.ws.baseURL","https://yanlinwang-pc:8443/www/");// loginServiceClientFactory.setBaseURL("https://10.4.21.186:8443/www/");

// create service client instance from factoryLoginService loginService = loginServiceClientFactory.createClient();

// invoke login service and get authTokenString authToken = loginService.login(null, "admin", "password");




25/34


Example of Consuming Service

via SOAP Client API Provided in SDK (Slide 2 of 2)

// =================================================

// Invoke Archive Report Service// =================================================ArchiveReportServiceClientFactory archiveReportServiceClientFactory = newArchiveReportServ iceClientFactory();

// create service client instance from factoryArchiveReportService archiveReportService = archiveReportServiceClientFactory.createClient();

// invoke report service to create achiveReport by a reported, the

// return will be archive report file id, you can use that to download// report.

String fileId = archiveReportService.initDefaultArchiveReportDownloadByURI(authToken,"/All Reports/ArcSight Administration/ESM/Configuration Changes/Resources/Resource Updated Report","Manual");

// Download report using the download job iddownload(

new URL(

"https://yanlinwang-pc:8443/www/manager-service/fileservlet?file.command=download&file.id="+ fileId), "Resources Updated Report.html");




26/34


APIs

ArchiveReportService generate archive report

ManagerSearchService full text search resources

DashboardService retrieve dashboard data

ResourceService retrieve resource data

InfoService retrieve manager server info




27/34


Documents

Find ArcSight ESM webservices API in$ARCSIGHT_HOME/utilites/sdk/lib/manager-javadoc-1.0.0.release.xxx.jar

Extract jar file into a folder

Open index.html in theextracted folder with webbrowser

Get SDK development guidefrom support




28/34


Test and Debug

Check ArcSight ESM manager log

Use browser and REST URL to test

Write unit test before integrating into the system




29/34


Consuming Service

via REST Programmatically (Slide 1 of 4)

Pros Simple

No need to setup SDK libraries

Return data will be XML/JSON

Cons Not strong typed

Not suitable for large application




30/34


Consuming Service


/*** generate ESM REST service URL based on parameters** @param moduleName - ESM service module (eg. manager-service)* @param serviceName - ESM service name (eg. ManagerSearchService)* @param methodName - service method name (eg. search1)* @param params - REST service parameters* @return url string*/

public static String getRestUrl (String moduleName, String serviceName, String methodName, HashMap params)

{

String url = "https://yanlinwang-pc:8443/www/" + moduleName + "/rest/" + serviceName + "/" + methodName;

boolean questionMark = false;

for(Entry param : params.entrySet()){

if (!questionMark) {

url = url + "?" + param.getKey() + "=" + new String(URLEncoder.encode(param.getValue()));questionMark = true;

} else {

url = url + "&" + param.getKey() + "=" + new String(URLEncoder.encode(param.getValue()));}}return url;

}




31/34


Consuming Service


/*** Query a REST service and return the xml data** @param moduleName - ESM service modu le (eg. manager-service)* @param serviceName - ESM service name (eg. ManagerSearchService)* @param methodName - service method name (eg. search1)* @param params - REST service parameters* @return REST response xml* @throws Exception*/

public static String getRestXml(String moduleName, String serviceName,

String methodName, HashMap params) throws Exception {String urlstr = getRestUrl(moduleName, serviceName, methodName, params);URL url = new URL(urlstr);URLConnection connection = url.openConnection();BufferedReader in = new BufferedReader(new InputStreamReader(connection.getInputStream()));StringBuffer sb = new StringBuffer();String line;

while ((line = in.readLi ne()) != null) {sb.append(line);

}in.close();return sb.toString();

}




32/34


Consuming Service


//Login through RESTHashMap params = new HashMap();params.put("login", "admin");params.put("password", "password");String xml = getRestXml("core-service", "LoginService", "login", params);

// Parse the XML for tokenDocumentBuilderFactory f = DocumentBuilderFactory.newInstance();DocumentBuilder b = f.newDocumentBuilder();Document d = b.parse(new ByteArrayInputStream( xml.getBytes()));

Node node = d.getDocumentElement().getChildNodes().item(0);String token = node.getTextContent();if (token==null){

System.out.println("Failed to login");System.out.println (xml);return;

}

//Search datamonitor resource

params = new HashMap();params.put("authToken", token);params.put("queryStr", "datamonitor event throughput" );params.put("pageSize", "50");String resXml = getRestXml("manager-service", "ManagerSearchService", "search1", params);



33/34


Your Feedback Builds a Better Conference!

Download session replays after the conference:

https://protect724.arcsight.com/community/protect10

Excellent Good Fair Poor

Rate the speaker a b c d

Rate the content e f g h

Please provide comments: (*) enter any comments/feedback

Text to 32075 (USA & Canada) or 447786204951 (Non-USA)

TypeARCS 66 and the letter to each response

SMS body example: ARCS 66ae*your comments


34/34

ArcSight, Inc.

Corporate Headquarters: 1 888 415 ARST

EMEA Headquarters: +44 (0)844 745 2068

Asia Pac Headquarters: +65 6248 4795

www.arcsight.com