Ms Cwaf Ddos Siem API Quick Guide

The Radware CWAF/DDOS SIEM API v1.2 Quick Guide outlines how to integrate a SIEM with Radware's secure API for extracting security events. It details the initial setup process for APIKeys on the Radware Portal and provides an example of using Postman to run API commands for customized event extraction. The API allows for flexible event type selection and data formatting for seamless integration with customer SIEMs.

Uploaded by

Nityendra Singh

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as PDF, TXT or read online on Scribd

0% found this document useful (0 votes)

52 views2 pages

Ms Cwaf Ddos Siem API Quick Guide

Uploaded by

Nityendra Singh

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as PDF, TXT or read online on Scribd

You are on page 1/ 2

Radware CWAF/DDOS SIEM API v1.

2 - Quick Guide

CWAF/DDOS SIEM INTEGRATION via API

How does integrating a SIEM with API work?
The Radware Portal offers customers a fully secure CWAF/DDOS API for all operations
including extracting security events. This approach is much more customizable since you can
pull events by type, date and time, etc. This Guide will show how to setup the API and how to
extract events using Postman commands. Obviously, any custom DevOps can code event
extraction in different formats for transfer to the customer SIEM. With the Portal API all event
types which include WAF, WebDDOS, DDOS, and BOTM can be extracted.
Please note, that the WAF/DDOS API requires initial setup with the Radware Portal. The API
authentication is based on a APIKey secret (token) that is generated in the Radware Portal.
Account IDs for identification of the Account is presented in the APIKeys Panel at the upper
right corner. An explanation of the API Keys, is found in the Cloud WAF/DDOS Cloud Services.

APIKeys Initial Setup on the Radware Portal

Click on on the left side → APIKeys → Choose to add a new APIKey

Figure 1: APIKey Creation Process

Figure 3: Account ID Details: WAF and DDOS

Figure 2: Save the APIKey secret on disk for API use

The API can be found here in the Radware CWAF/DDOS API Document .

1
Radware CWAF/DDOS SIEM API v1.2 - Quick Guide

API Event Report Example with Postman

Once a customer has an APIKey’s secret token, API commands can be run based on the
authentication header parameters x-api-key and Context. Account ID can be attained on the
account’s APIKey panel. The header body normally include JSON describing the criteria to
extract. Below is an example of a WAF security events report request using the API request:
https://api.radwarecloud.app/mgmt/monitor/reporter/reports-ext/APPWALL_REPORTS.

Figure 2: Postman Headers Authentication (APIKey and AccountID)

Figure 3: The main Postman Panel with HTTP Body and Post command

The API requests advantage is the customer’s ability to customize the event types, time periods,
event format, etc. as required. Obviously, the API calls can be scripted to periodically scan the
events and then reformat the returned data for a SIEM import interface.
_______________________________________________________________________
©2024 Radware Ltd. All rights reserved. The Radware products and solutions mentioned in this document are protected by
trademarks, patents and pending patent applications of Radware in the U.S. and other countries.
For more details please see: https://www.radware.com/LegalNotice/. All other trademarks and names are property of their
respective owners.