Were you able to review the REST API documentation? It's available at https://x.x.x.x/rs/esm/help/commands where x.x.x.x is your ESM IP.
I personally would try to accomplish this in PHP, but that's my language of choice.
What you would want to do is the following:
1. Write some code to query the OU to determine what servers need to exist on the SIEM, I'm guessing LDAP could be used PHP: LDAP - Manual
2. Write some code to query the ESM REST API, this will be done in multiple steps
- Identify the ERC where the datasources should be added/removed (may use grpGetDeviceTree API endpoint)
- Get a datasource listing from the identified ERC (using dsGetDataSourceList API endpoint)
3. Now that you have a datasource listing, you should filter it for the type of datasources you are interested in (e.g. Microsoft -- WMI)
4. Compare the results from the OU query, and the REST API query
5. Add or remove data sources based on the comparison (using dsAddDataSource and dsDeleteDataSource API endpoint)
Let me know if this helps. The documentation explains how to query the API along with example JSON.
Thx Jon. I will give a shot.
Did you want to automatically add data sources from an OU or have these servers automatically populate a watch list, or both, your question seems broad.
The requirement is now obsolete for my organization as the infrastructure is changed to Parent-Child & Parent-Client.