Generic HTTP Connector

the generic http connector lets you export nile siem events to an http or https endpoint for ingestion by your security or analytics platform overview use the generic http connector when you want nile to send security event data to a destination that can receive json payloads over http or https the connector supports flexible delivery options, including multiple authentication methods, selectable payload formats, and configurable request behavior you can create and manage a generic http connector in nile portal by entering the endpoint details, selecting the authentication method, and choosing the event categories to export prerequisites before you begin, make sure you have the following a customer managed http or https endpoint that is reachable from the nile cloud the endpoint url for your http or https receiver your preferred authentication method token based authentication, basic authentication, or mutual tls authentication if using token based authentication, have the header name and token value available for the requests sent by nile if using mutual tls, have a client certificate in p12 or pfx format and the corresponding keystore password are available if your receiver uses a private or self signed server certificate and you want certificate validation enabled, have the custom ca certificate ready so it can be uploaded and trusted for this connection the nile event categories you want to export, such as alerts, end user device events, and audit trail supported configuration options the generic http connector currently supports the following options http and https destinations post and put request methods post is the default json payload delivery in either event per line format or json array format mutual tls authentication with client certificate upload in p12 or pfx format and a keystore password basic authentication token based authentication, including bearer style headers additional custom http headers when needed by the destination system payload formats the connector supports two json payload formats event per line in this format, the request body contains newline delimited json, where each line is a valid json object this format is useful for destinations that expect streaming style event ingestion similar to http event collectors json array in this format, the request body is a standard json array containing multiple event objects tls and certificate behavior when certificate validation is enabled, the connector validates both the server certificate trust chain and the certificate hostname the certificate's common name must match the hostname in the configured url, and the certificate must be trusted by the connection if certificate validation is disabled, hostname validation and trust validation are both skipped if your destination uses a private ca or self signed certificate, nile can support it in one of two ways disable certificate validation for that connection keep certificate validation enabled and upload the custom ca certificate to trust for that specific connector instance for production deployments, using certificate validation with a trusted public ca or an uploaded custom ca is the preferred approach configure a generic http connector in nile portal follow these steps to create a generic http connector in the nile portal step 1 sign in to nile portal sign in to nile portal using an administrator account step 2 open the integrations page from the main navigation, go to global settings and then open the integrations subtab step 3 start a new integration click the ”+ setup integration” icon to open the list of available integrations step 4 select generic http connector from the available integration types, select generic http connector step 5 enter name, endpoint url, http method, and payload format in the connector configuration window, provide a name and endpoint url for your http or https receiver select the required request method and payload format for your destination use post or put as required by your receiver, and choose either event per line json or json array format step 6 select the authentication method choose the authentication method required by your receiver token based authentication basic authentication mutual tls if you select token based authentication, enter the header name and token value if you select basic authentication, enter the username and password if you select mutual tls, upload the client certificate in p12 or pfx format and enter the keystore password both fields are required step 7 configure certificate validation if your destination uses https, choose whether certificate validation should remain enabled if the server certificate is signed by a private or self signed ca, upload the ca certificate so nile can trust the connection step 8 add optional custom headers if your destination platform requires extra headers, add them in the custom headers section once the customer headers are added, click next to enable the subscriptions step 9 select event categories choose the event categories you want nile to export through this connector the subscription options include audit, user device events, and alerts step 10 save the connector review the configuration and click save to create the generic http connector step 11 validate the connection after saving the connector, verify that the integration shows a healthy status and confirm that events are arriving at your destination endpoint validation after configuration is complete, confirm that your destination receives nile events in the expected format and that authentication and tls settings behave as intended if your platform supports request inspection or event search, verify that events are arriving under the expected source and topic naming conventions for your environment troubleshooting if events are not arriving as expected, review the following the configured destination url is correct and reachable from the nile cloud the selected authentication method matches what the receiver expects the token header name, token value, username, password, or client certificate details are valid the payload format configured in nile matches what the receiver can parse certificate validation settings are appropriate for the receiver certificate chain and hostname if using a private ca, the correct ca certificate has been provided for that connector instance