lss¶

The following methods allow for interaction with the ZPA Log Streaming Service Controller API endpoints.

Methods are accessible via zpa.lss

Permission to use, copy, modify, and/or distribute this software for any purpose with or without fee is hereby granted, provided that the above copyright notice and this permission notice appear in all copies.

THE SOFTWARE IS PROVIDED “AS IS” AND THE AUTHOR DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.

class LSSConfigControllerAPI¶

Bases: APIClient

add_lss_config(lss_host, lss_port, name, source_log_type, app_connector_group_ids=None, enabled=True, source_log_format='csv', use_tls=False, **kwargs)¶

Adds a new LSS Receiver Config to ZPA.

Parameters:

app_connector_group_ids (list) – A list of unique IDs for the App Connector Groups associated with this LSS Config.
enabled (bool) – Enable the LSS Receiver. Defaults to True.
lss_host (str) – The IP address of the LSS Receiver.
lss_port (str) – The port number for the LSS Receiver.
name (str) – The name of the LSS Config.
source_log_format (str) – The format for the logs. Defaults to csv.
source_log_type (str) – The type of logs that will be sent to the receiver as part of this config.
use_tls (bool) – Enable to use TLS on the log traffic between LSS components. Defaults to False.

Keyword Arguments:

description (str) – Additional information about the LSS Config.
filter_status_codes (list) – A list of Session Status Codes that will be excluded by LSS.
log_stream_content (str) – Custom log stream content formatting for the LSS Host.
policy_rules (list) – A list of policy rule tuples, such as (object_type, [object_id]).

Returns:

The newly created LSS Config resource object.

Return type:

LSSConfig

Examples

Add an LSS Receiver config that receives App Connector Metrics logs.

>>> zpa.lss.add_lss_config(
        app_connector_group_ids=["app_conn_group_id"],
        lss_host="192.0.2.100",
        lss_port="8080",
        name="app_con_metrics_to_siem",
        source_log_type="app_connector_metrics"
    )

Add an LSS Receiver config that receives User Activity logs.

>>> zpa.lss.add_lss_config(
        app_connector_group_ids=["app_conn_group_id"],
        lss_host="192.0.2.100",
        lss_port="8080",
        name="user_activity_to_siem",
        policy_rules=[
            ("idp", ["idp_id"]),
            ("app", ["app_seg_id"]),
            ("app_group", ["app_seg_group_id"]),
            ("saml", [("saml_attr_id", "saml_attr_value")])
        ],
        source_log_type="user_activity"
    )

delete_lss_config(lss_config_id)¶

Deletes the specified LSS Receiver Config.

Parameters:: lss_config_id (str) – The unique identifier of the LSS Receiver config to be deleted.
Returns:: Status code of the delete operation.
Return type:: int

get_all_log_formats(log_type=None, query_params=None)¶

Returns all available pre-configured LSS Log Formats or a specific log format if specified.

Parameters:: log_type (str, optional) – The name of the log type to retrieve (e.g., ‘zpn_ast_comprehensive_stats’).
Returns:: Dictionary containing pre-configured LSS Log Formats.
Return type:: dict

Examples

>>> all_log_formats = zpa.lss.get_log_formats()
>>> specific_format = zpa.lss.get_log_formats('zpn_ast_comprehensive_stats')

get_client_types(client_type=None)¶

Returns all available LSS Client Types or a specific Client Type if specified.

Parameters:: client_type (str, optional) – The human-readable name of the client type to filter for.
Returns:: Dictionary containing all or a specific LSS Client Type with human-readable name as the key.
Return type:: dict

Examples

>>> client_types = zpa.lss.get_client_types()
>>> web_browser_type = zpa.lss.get_client_types('web_browser')

get_config(lss_config_id, query_params=None)¶

Gets information on the specified LSS Receiver config.

Parameters:: lss_config_id (str) – The unique identifier of the LSS Receiver config.
Returns:: The corresponding LSS Receiver config object.
Return type:: LSSConfig

get_status_codes(log_type='all')¶

Returns a list of LSS Session Status Codes filtered by log type.

Parameters:: log_type (str) – Filter the LSS Session Status Codes by Log Type.
Returns:: Dictionary containing all LSS Session Status Codes.
Return type:: dict

Examples

>>> all_status_codes = zpa.lss.get_status_codes()
>>> user_activity_codes = zpa.lss.get_status_codes(log_type="user_activity")

list_configs(query_params=None)¶

Enumerates log receivers in your organization with pagination. A subset of log receivers can be returned that match a supported filter expression or query.

Parameters:

{dict} (query_params) –

Map of query parameters for the request.

[query_params.page] {str}: Specifies the page number.

[query_params.page_size] {int}: Specifies the page size.: If not provided, the default page size is 20. The max page size is 500.

[query_params.search] {str}: The search string used to support search by features and fields for the API.

Returns:

A tuple containing (list of LSS Config instances, Response, error)

Return type:

tuple

Example

>>> lss_configs = zpa.lss.list_configs(search="example", pagesize=100)

source_log_map = {'app_connector_metrics': 'zpn_ast_comprehensive_stats', 'app_connector_status': 'zpn_ast_auth_log', 'audit_logs': 'zpn_audit_log', 'browser_access': 'zpn_http_trans_log', 'private_svc_edge_status': 'zpn_sys_auth_log', 'user_activity': 'zpn_trans_log', 'user_status': 'zpn_auth_log', 'web_inspection': 'zpn_waf_http_exchanges_log'}¶

update_lss_config(lss_config_id, **kwargs)¶

Updates the specified LSS Receiver Config.

Parameters:

lss_config_id (str) – The unique identifier for the LSS Receiver config.

Keyword Arguments:

description (str) – Additional information about the LSS Config.
enabled (bool) – Enable the LSS host. Defaults to True.
filter_status_codes (list) – A list of Session Status Codes that will be excluded by LSS.
log_stream_content (str) – Formatter for the log stream content that will be sent to the LSS Host.
policy_rules (list) – A list of policy rule tuples for conditional logic.
source_log_format (str) – The format for the logs. Must be one of csv, json, tsv. Defaults to csv.
source_log_type (str) – The type of logs that will be sent to the receiver as part of this config.
use_tls (bool) – Enable TLS on the log traffic between LSS components. Defaults to False.

Returns:

The updated LSS Receiver config object.

Return type:

LSSConfig

Examples

Update an LSS Log Receiver config to change from user activity to user status.

zpa.lss.update_lss_config(
    lss_config_id="99999",
    name="user_status_to_siem",
    policy_rules=[
        ("idp", ["idp_id"]),
        ("client_type", ["machine_tunnel"]),
        ("saml", [("attribute_id", "11111")]),
    ],
    source_log_type="user_status")