Enable Access to the API from External Programs

To enable access to the Cytomic Orion API from an application:

Page for enabling API access from a third-party application

In the top menu, select Settings. In the side menu, selectAuthorized applications. Click Authorize application. A page opens for you to enter the information required to validate the application through the OAuth protocol.
In the Application (1) field, enter the name of the program that you want to access the API. This is a descriptive field. It has no effect on the process described in this section.
Clients (2): Click the icon to configure the SOC clients from which you want to retrieve data in each call to the Cytomic Orion API.
Actions (3): Specifies the sources of information the application can access.
- Get indicators: See Indicator API.
- Import IOCs: See Import and Search for IOCs in the Telemetry Generated by a Client’s Computers.
- Delete IOCs: See Delete IOCs Imported onto the Platform.
- Search for IOCs: See List IOCs Loaded onto the Platform by Attributes
- View information about a file, get the computers on which it was seen, and view details about the computers: See Knowledge API.
- Isolate/deisolate computers: See Isolate Computers and Deisolate Computers.
- Restart computers: See Restart.
- Access to OSQuery: See OSQuery Access API.
- Access to data/Access to advanced queries: See Get Information from the Data Lake.
Click Authorize. Cytomic Orion registers the application on the platform and shows the user name and password generated.
Keep the Username character string in a safe place. This string is used as the content of the username field in requests from the application.
Save the Password character block. This block must be used as the content of the password field in requests from the application.

The password block is shown only once in the Cytomic Orion console: when you create the application. If you lose the password, you cannot retrieve it. In such case, you must delete the application and create it again with a different password. Do the same if the password is compromised.

Regardless of the credentials generated in the username and password fields, the OAuth authentication system requires that you specify these client credentials:
- client_id: aaf1461b714646a8a593197641df9665
- client_secret: cnmB6rbT4xoZsnTzwHsgBpm1BtD-k_-1VKpZEl6bIvM
- client_id: client_secret: YWFmMTQ2MWI3MTQ2NDZhOGE1OTMxOTc2NDFkZjk2NjU6Y25tQjZyYlQ0e G9ac25UendIc2dCcG0xQnRELWtfLTFWS3BaRWw2Ykl2TQ==

When the procedure is complete, the application must authenticate on the Cytomic Orion platform using the OAuth protocol, as described in section Cytomic Orion and OAuth Authentication.