I'm trying to connect to our McAfee ESM using a PowerShell API call.
The API calls for parameters to be submitted to it in JSON form. I've tried to use the PowerShell ConvertTo-Json commandlet with a hash and i've also tried to use just straight json text.
$headers = @{
'Content-Type' = 'application/json'
'Accept' = 'application/json'
}
$body_json = {"datasource": {
"parentId": "123456789000",
"name": "(name)",
"id": "(value)",
"typeId": 0,
"childEnabled": false,
"childCount": 0,
"childType": 0,
"ipAddress": "(ipAddress)",
"zoneId": 0,
"url": "(url)",
"enabled": false,
"idmId": 123456789000,
"parameters": [{
"key": "(key)",
"value": "(value)"
}]
}}
$body_json_converted = @{
datasource = @(
@{
parentId = 123456789000
name = "name"
id = "value"
typeId = 0
childEnabled = $false
childCount = 0
childType = 0
ipAddress = "ipAddress"
zoneId = 0
url = "url"
enabled = $false
idmId = 123456789000
parameters = @( @{
key = "key"
value = "value"
})
})
} | ConvertTo-Json -Depth 4
Invoke-RestMethod $url -Body $body_json_converted -Method Post -Headers $headers
Invoke-WebRequest $url -Body $body_json -Method Post -Headers $headers
I expect to get a result back saying that it has sucessfully created the data source or to tell me that i'm missing a parameter of some sort. What i'm actually getting is
Invoke-RestMethod : Cannot deserialize instance of [ERROR] 'com.mcafee.siem.api.data.datasource.EsmDataSourceDetail' out of START_ARRAY [ERROR] token
This appears to be almost an identical issue to this user:
Powershell Invoke-Webrequest w/ JSON Body - Can not deserialize...? but the user doesn't explain how he/she fixed it.
Edit: The McAfee ESM has an API help page for the particular API call to add a data source. All of the other API calls are documented the same. Here is the majority of the content from it:
Description Add a data source.
Parameters datasource Type: EsmDataSourceDetail Description: datasource to add Return Value ("return" JSON root element IS returned) Type: EsmDataSourceId Description: datasource id of the datasource that was just added Example REST Call (with JSON if applicable) https://siem/rs/esm/dsAddDataSource
Example JSON Content:
{"datasource": {
"parentId": {"id": 123456789000},
"name": "(name)",
"id": {"id": "(id)"},
"typeId": {"id": 0},
"childEnabled": false,
"childCount": 0,
"childType": 0,
"ipAddress": "(ipAddress)",
"zoneId": 0,
"url": "(url)",
"enabled": false,
"idmId": 123456789000,
"parameters": [{
"key": "(key)",
"value": "(value)"
}]
}}
-ContentType 'application/json'
to theInvoke-RestMethod
– Theo