As an administrator, you would like to verify/test the export of the logs from the Cloud SWG (WSS) for use in a SIEM such as Splunk.
Web Security Service
Cloud SWG
SyncAPI
curl -vvv "https://portal.threatpulse.com/reportpod/logs/sync?startDate=1525917600000&endDate=0&token=none" -H "X-APIUsername: APIUsername" -H "X-APIPassword: APIPassword" -o name_of_the_log_file_here.zip
It is recommended that a recent date be used when generating a timestamp and running the command.
For example, choose a "startDate" from two days ago (to no longer than one week ago). This helps to ensure that a large amount of data is NOT downloaded during the test. The main purpose of this curl command test is to ensure that the log export is working through the API with a small amount of data.
If the command is successful, a log file should be generated within the directory from where the command is being run. This indicates that the API is available and working as expected using the provided API credentials.
For use with PowerShell scripts, the Invoke-WebRequest would need to be used.
Ex.
Invoke-WebRequest -H @{'X-APIUsername'='xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx'; 'X-APIPassword'='xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx'} "https://portal.threatpulse.com/reportpod/logs/sync?startDate=1597687200000&endDate=0&token=none" -OutFile C:\temp\$config.zip
Reference: