POST /config/flow/common_destination_ports/active_configurations

Creates a new active configuration.

Creates a new active configuration. You must have System Administrator or Security Admin permissions to use this endpoint.

Table 1. POST /config/flow/common_destination_ports/active_configurations resource details
MIME Type

application/json

Table 2. POST /config/flow/common_destination_ports/active_configurations request body details
Parameter Data Type MIME Type Description Sample

body

Object

application/json

Only port, application_id, content_capture_size, app_detection_enabled and flow_direciton_enabled fields can be set when creating an active Common Destination Port configuration. All other fields are ignored.
  • port - Integer - The unique port number that you want to configure.
  • application_id - Long - (Optional) The application ID for this port configuration. The application ID for this port configuration that is used by the QRadar port-based mapping algorithm.
  • content_capture_size - Integer - The maximum amount of payload to capture and store for an application on this port. Set this value to 1 if you want the application to inherit the content capture size from the SV_CONTENT_CAPTURE_LENGTH field in the nva.conf file.
  • app_detection_enabled - Boolean - TRUE if the port configuration will be used to determine the application. If true, you must set the application_id.
  • flow_direction_enabled - Boolean - TRUE if the port configuration will be used to determine the flow direction.

{ "app_detection_enabled": true, "application_id": 42, "content_capture_size": 42, "flow_direction_enabled": true, "port": 42 }

Table 3. POST /config/flow/common_destination_ports/active_configurations response codes
HTTP Response Code Unique Code Description

201

The active Common Destination Port configuration was created.

409

3000

A configuration already exists for this port number.

422

3001

The port field is required, but was not provided.

422

3002

The port must be between 1 and 65535 (inclusive).

422

3003

The application_id field is required, but was not provided.

422

3004

The application ID is not valid.

422

3005

The content_capture_size field is required, but was not provided.

422

3006

The content capture size must be between 0 and 65535 (inclusive).

422

3007

The app_detection_enabled field is required, but was not provided.

422

3008

The flow_direction_enabled field is required, but was not provided.

500

1020

An error occurred while creating new active Common Destination Port configuration.

Response Description

201 response with the new active Common Destination Port configuration structure. Location header set to the URL of the new active Common Destination Port.
  • id - Long - The unique ID of the configuration.
  • port - Integer - The unique port number that you want to configure.
  • application_id - Long - The application ID for this port configuration. The application ID for this port configuration that is used by the QRadar port-based mapping algorithm.
  • application_name - String - The name of the application as it would appear on the Network Activity tab.
  • content_capture_size - Integer - The maximum amount of payload to capture and store for an application on this port. Set this value to 1 if you want the application to inherit the content capture size from the SV_CONTENT_CAPTURE_LENGTH field in the nva.conf file.
  • app_detection_enabled - Boolean - TRUE if the port configuration will be used to determine the application. If true, you must set the application_id.
  • flow_direction_enabled - Boolean - TRUE if the port configuration will be used to determine the flow direction.
  • uuid - String - The unique global ID of the configuration, specified as a UUID.
  • last_update_time - Long - The epoch timestamp, represented in milliseconds, since this configuration was last modified.

Response Sample


{
    "app_detection_enabled": true,
    "application_id": 42,
    "application_name": "String",
    "content_capture_size": 42,
    "flow_direction_enabled": true,
    "id": 42,
    "last_update_time": 42,
    "port": 42,
    "uuid": "String"
}