post
/public_api/v1/incidents/update_incident
Update one or more fields of a specific incident. Missing fields are ignored. Note the following:
assigned_user_mailfield is validated by Cortex XDR to confirm the provided assignee email address belongs to a user that exists in the same Cortex XDR tenant.- To unassign an incident pass
noneor”assigned_user_mail”: “”. - To remove a manually set severity pass
noneor“manual_severity”: “”.
Request headers
Authorization
String
required
{api_key}
{api_key}
Example:
authorization_example
x-xdr-auth-id
String
required
{api_key_id}
{api_key_id}
Example:
xXdrAuthId_example
Accept-Encoding
String
For retrieving a compressed gzipped response
For retrieving a compressed gzipped response
Example:
acceptEncoding_example
Default:
gzip
CLIENT REQUEST
curl -X 'POST'
-H
'Accept: application/json'
-H
'Content-Type: application/json'
-H
'Authorization: authorization_example'
-H
'x-xdr-auth-id: xXdrAuthId_example'
-H
'Accept-Encoding: acceptEncoding_example'
'https://api-yourfqdn/public_api/v1/incidents/update_incident'
-d
''
import http.client
conn = http.client.HTTPSConnection("api-yourfqdn")
payload = "\"{ \\n \\\"request_data\\\":{ \\n \\\"incident_id\\\":\\\"<incident ID>\\\",\\n \\\"update_data\\\":{ \\n \\\"assigned_user_mail\\\":\\\"username@test.com\\\",\\n \\\"manual_severity\\\":\\\"low\\\",\\n \\\"status\\\":\\\"resolved_other\\\",\\n \\\"resolve_comment\\\":\\\"This incident is resolved\\\"\\n }\\n }\""
headers = {
'Authorization': "SOME_STRING_VALUE",
'x-xdr-auth-id': "SOME_STRING_VALUE",
'Accept-Encoding': "SOME_STRING_VALUE",
'content-type': "application/json"
}
conn.request("POST", "/public_api/v1/incidents/update_incident", payload, headers)
res = conn.getresponse()
data = res.read()
print(data.decode("utf-8"))require 'uri'
require 'net/http'
require 'openssl'
url = URI("https://api-yourfqdn/public_api/v1/incidents/update_incident")
http = Net::HTTP.new(url.host, url.port)
http.use_ssl = true
http.verify_mode = OpenSSL::SSL::VERIFY_NONE
request = Net::HTTP::Post.new(url)
request["Authorization"] = 'SOME_STRING_VALUE'
request["x-xdr-auth-id"] = 'SOME_STRING_VALUE'
request["Accept-Encoding"] = 'SOME_STRING_VALUE'
request["content-type"] = 'application/json'
request.body = "\"{ \\n \\\"request_data\\\":{ \\n \\\"incident_id\\\":\\\"<incident ID>\\\",\\n \\\"update_data\\\":{ \\n \\\"assigned_user_mail\\\":\\\"username@test.com\\\",\\n \\\"manual_severity\\\":\\\"low\\\",\\n \\\"status\\\":\\\"resolved_other\\\",\\n \\\"resolve_comment\\\":\\\"This incident is resolved\\\"\\n }\\n }\""
response = http.request(request)
puts response.read_bodyconst data = JSON.stringify("{ \n \"request_data\":{ \n \"incident_id\":\"<incident ID>\",\n \"update_data\":{ \n \"assigned_user_mail\":\"username@test.com\",\n \"manual_severity\":\"low\",\n \"status\":\"resolved_other\",\n \"resolve_comment\":\"This incident is resolved\"\n }\n }");
const xhr = new XMLHttpRequest();
xhr.withCredentials = true;
xhr.addEventListener("readystatechange", function () {
if (this.readyState === this.DONE) {
console.log(this.responseText);
}
});
xhr.open("POST", "https://api-yourfqdn/public_api/v1/incidents/update_incident");
xhr.setRequestHeader("Authorization", "SOME_STRING_VALUE");
xhr.setRequestHeader("x-xdr-auth-id", "SOME_STRING_VALUE");
xhr.setRequestHeader("Accept-Encoding", "SOME_STRING_VALUE");
xhr.setRequestHeader("content-type", "application/json");
xhr.send(data);HttpResponse<String> response = Unirest.post("https://api-yourfqdn/public_api/v1/incidents/update_incident")
.header("Authorization", "SOME_STRING_VALUE")
.header("x-xdr-auth-id", "SOME_STRING_VALUE")
.header("Accept-Encoding", "SOME_STRING_VALUE")
.header("content-type", "application/json")
.body("\"{ \\n \\\"request_data\\\":{ \\n \\\"incident_id\\\":\\\"<incident ID>\\\",\\n \\\"update_data\\\":{ \\n \\\"assigned_user_mail\\\":\\\"username@test.com\\\",\\n \\\"manual_severity\\\":\\\"low\\\",\\n \\\"status\\\":\\\"resolved_other\\\",\\n \\\"resolve_comment\\\":\\\"This incident is resolved\\\"\\n }\\n }\"")
.asString();import Foundation
let headers = [
"Authorization": "SOME_STRING_VALUE",
"x-xdr-auth-id": "SOME_STRING_VALUE",
"Accept-Encoding": "SOME_STRING_VALUE",
"content-type": "application/json"
]
let parameters = "{
\"request_data\":{
\"incident_id\":\"<incident ID>\",
\"update_data\":{
\"assigned_user_mail\":\"username@test.com\",
\"manual_severity\":\"low\",
\"status\":\"resolved_other\",
\"resolve_comment\":\"This incident is resolved\"
}
}" as [String : Any]
let postData = JSONSerialization.data(withJSONObject: parameters, options: [])
let request = NSMutableURLRequest(url: NSURL(string: "https://api-yourfqdn/public_api/v1/incidents/update_incident")! as URL,
cachePolicy: .useProtocolCachePolicy,
timeoutInterval: 10.0)
request.httpMethod = "POST"
request.allHTTPHeaderFields = headers
request.httpBody = postData as Data
let session = URLSession.shared
let dataTask = session.dataTask(with: request as URLRequest, completionHandler: { (data, response, error) -> Void in
if (error != nil) {
print(error)
} else {
let httpResponse = response as? HTTPURLResponse
print(httpResponse)
}
})
dataTask.resume()<?php
$curl = curl_init();
curl_setopt_array($curl, [
CURLOPT_URL => "https://api-yourfqdn/public_api/v1/incidents/update_incident",
CURLOPT_RETURNTRANSFER => true,
CURLOPT_ENCODING => "",
CURLOPT_MAXREDIRS => 10,
CURLOPT_TIMEOUT => 30,
CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1,
CURLOPT_CUSTOMREQUEST => "POST",
CURLOPT_POSTFIELDS => "\"{ \\n \\\"request_data\\\":{ \\n \\\"incident_id\\\":\\\"<incident ID>\\\",\\n \\\"update_data\\\":{ \\n \\\"assigned_user_mail\\\":\\\"username@test.com\\\",\\n \\\"manual_severity\\\":\\\"low\\\",\\n \\\"status\\\":\\\"resolved_other\\\",\\n \\\"resolve_comment\\\":\\\"This incident is resolved\\\"\\n }\\n }\"",
CURLOPT_HTTPHEADER => [
"Accept-Encoding: SOME_STRING_VALUE",
"Authorization: SOME_STRING_VALUE",
"content-type: application/json",
"x-xdr-auth-id: SOME_STRING_VALUE"
],
]);
$response = curl_exec($curl);
$err = curl_error($curl);
curl_close($curl);
if ($err) {
echo "cURL Error #:" . $err;
} else {
echo $response;
}CURL *hnd = curl_easy_init();
curl_easy_setopt(hnd, CURLOPT_CUSTOMREQUEST, "POST");
curl_easy_setopt(hnd, CURLOPT_URL, "https://api-yourfqdn/public_api/v1/incidents/update_incident");
struct curl_slist *headers = NULL;
headers = curl_slist_append(headers, "Authorization: SOME_STRING_VALUE");
headers = curl_slist_append(headers, "x-xdr-auth-id: SOME_STRING_VALUE");
headers = curl_slist_append(headers, "Accept-Encoding: SOME_STRING_VALUE");
headers = curl_slist_append(headers, "content-type: application/json");
curl_easy_setopt(hnd, CURLOPT_HTTPHEADER, headers);
curl_easy_setopt(hnd, CURLOPT_POSTFIELDS, "\"{ \\n \\\"request_data\\\":{ \\n \\\"incident_id\\\":\\\"<incident ID>\\\",\\n \\\"update_data\\\":{ \\n \\\"assigned_user_mail\\\":\\\"username@test.com\\\",\\n \\\"manual_severity\\\":\\\"low\\\",\\n \\\"status\\\":\\\"resolved_other\\\",\\n \\\"resolve_comment\\\":\\\"This incident is resolved\\\"\\n }\\n }\"");
CURLcode ret = curl_easy_perform(hnd);var client = new RestClient("https://api-yourfqdn/public_api/v1/incidents/update_incident");
var request = new RestRequest(Method.POST);
request.AddHeader("Authorization", "SOME_STRING_VALUE");
request.AddHeader("x-xdr-auth-id", "SOME_STRING_VALUE");
request.AddHeader("Accept-Encoding", "SOME_STRING_VALUE");
request.AddHeader("content-type", "application/json");
request.AddParameter("application/json", "\"{ \\n \\\"request_data\\\":{ \\n \\\"incident_id\\\":\\\"<incident ID>\\\",\\n \\\"update_data\\\":{ \\n \\\"assigned_user_mail\\\":\\\"username@test.com\\\",\\n \\\"manual_severity\\\":\\\"low\\\",\\n \\\"status\\\":\\\"resolved_other\\\",\\n \\\"resolve_comment\\\":\\\"This incident is resolved\\\"\\n }\\n }\"", ParameterType.RequestBody);
IRestResponse response = client.Execute(request);Body parameters
application/json
request_dataobjectrequired
incident_idstringA string representing the incident ID you want to update.
A string representing the incident ID you want to update.
update_dataobjectThe data to update the incident with.
The data to update the incident with.
assigned_user_mailstringUpdated email address of the incident assignee.
Updated email address of the incident assignee.
manual_severitystringAdministrator-defined severity.Updated incident status.
Administrator-defined severity.Updated incident status.
statusstringUpdated incident status.
Updated incident status.
resolve_commentstringDescriptive comment explaining the incident change. This can be set only for resolved incidents.
Descriptive comment explaining the incident change. This can be set only for resolved incidents.
commentobjectrequiredAdd a comment to the incident.
Add a comment to the incident.
comment_actionstringThe comment action must be 'add'.
The comment action must be 'add'.
valuestringThe comment text.
The comment text.
<custom_fields>stringYou can include custom incident fields in the request. The names of the custom fields are standardized into lowercase with no white spaces.
or example, Single Select would be included as singleselect.
You can include custom incident fields in the request. The names of the custom fields are standardized into lowercase with no white spaces.
or example, Single Select would be included as singleselect.
notesstringNotes for the incident. If there are already notes, these notes will replace existing notes.
Notes for the incident. If there are already notes, these notes will replace existing notes.
REQUEST
{
"request_data": {
"incident_id": "2927",
"update_data": {
"assigned_user_mail": "username@test.com",
"manual_severity": "low",
"status": "resolved_other",
"resolve_comment": "This incident is resolved"
}
}
}Responses
Successful response
Body
application/json
Whether the incident update was successful.
booleanWhether the incident update was successful.
Whether the incident update was successful.
RESPONSE
falseBad Request. Got an invalid JSON.
Body
application/json
The query result upon error.
err_codestringHTTP response code.
HTTP response code.
err_msgstringError message.
Error message.
Example:
"{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}"err_extrastringAdditional information describing the error.
Additional information describing the error.
RESPONSE
{
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}Unauthorized access. An issue occurred during authentication. This can indicate an incorrect key, id, or other invalid authentication parameters.
Body
application/json
RESPONSE
{
"info": {
"contact": {}
},
"components": {
"securitySchemes": {
"api_key": null
},
"schemas": {
"event": {
"agent_install_type": "example",
"agent_host_boot_time": 0,
"event_sub_type": "example",
"module_id": "example",
"association_strength": "example",
"dst_association_strength": "example",
"story_id": "example",
"event_id": "example",
"event_type": "example",
"event_timestamp": 0,
"actor_process_instance_id": "example",
"actor_process_image_path": "example",
"actor_process_image_name": "example",
"actor_process_command_line": "example",
"actor_process_signature_status": "example",
"actor_process_signature_vendor": "example",
"actor_process_image_sha256": "example",
"actor_process_image_md5": "example",
"actor_process_causality_id": "example",
"actor_causality_id": "example",
"actor_process_os_pid": "example",
"actor_thread_thread_id": "example",
"causality_actor_process_image_name": "example",
"causality_actor_process_command_line": "example",
"causality_actor_process_image_path": "example",
"causality_actor_process_signature_vendor": "example",
"causality_actor_process_signature_status": "example",
"causality_actor_causality_id": "example",
"causality_actor_process_execution_time": 0,
"causality_actor_process_image_md5": "example",
"causality_actor_process_image_sha256": "example",
"action_file_path": "example",
"action_file_name": "example",
"action_file_md5": "example",
"action_file_sha256": "example",
"action_file_macro_sha256": "example",
"action_registry_data": "example",
"action_registry_key_name": "example",
"action_registry_value_name": "example",
"action_registry_full_key": "example",
"action_local_ip": "example",
"action_local_port": "example",
"action_remote_ip": "example",
"action_remote_port": "example",
"action_external_hostname": "example",
"action_country": "example",
"action_process_instance_id": "example",
"action_process_causality_id": "example",
"action_process_image_name": "example",
"action_process_image_sha256": "example",
"action_process_image_command_line": "example",
"action_process_signature_status": "example",
"action_process_signature_vendor": "example",
"os_actor_effective_username": "example",
"os_actor_process_instance_id": "example",
"os_actor_process_image_path": "example",
"os_actor_process_image_name": "example",
"os_actor_process_command_line": "example",
"os_actor_process_signature_status": "example",
"os_actor_process_signature_vendor": "example",
"os_actor_process_image_sha256": "example",
"os_actor_process_causality_id": "example",
"os_actor_causality_id": "example",
"os_actor_process_os_pid": "example",
"os_actor_thread_thread_id": "example",
"fw_app_id": "example",
"fw_interface_from": "example",
"fw_interface_to": "example",
"fw_rule": "example",
"fw_rule_id": "example",
"fw_device_name": "example",
"fw_serial_number": 0,
"fw_url_domain": "example",
"fw_email_subject": "example",
"fw_email_sender": "example",
"fw_email_recipient": "example",
"fw_app_subcategory": "example",
"fw_app_category": "example",
"fw_app_technology": "example",
"fw_vsys": "example",
"fw_xff": "example",
"fw_misc": "example",
"fw_is_phishing": "example",
"dst_agent_id": "example",
"dst_causality_actor_process_execution_time": 0,
"dns_query_name": "example",
"dst_action_external_hostname": "example",
"dst_action_country": "example",
"dst_action_external_port": "example",
"user_name": "example"
},
"alert": {
"external_id": "example",
"severity": "example",
"matching_status": "example",
"end_match_attempt_ts": 0,
"local_insert_ts": 0,
"bioc_indicator": "example",
"matching_service_rule_id": "example",
"attempt_counter": 0,
"bioc_category_enum_key": "example",
"is_whitelisted": false,
"starred": false,
"deduplicate_tokens": "example",
"filter_rule_id": "example",
"mitre_technique_id_and_name": [
"example"
],
"mitre_tactic_id_and_name": [
"example"
],
"agent_version": "example",
"agent_device_domain": "example",
"agent_fqdn": "example",
"agent_os_type": "example",
"agent_os_sub_type": "example",
"agent_data_collection_status": false,
"mac": "example",
"mac_address": [
"example"
],
"agent_is_vdi": false,
"contains_featured_host": "YES",
"contains_featured_user": "YES",
"contains_featured_ip": "YES",
"events": [
{
"agent_install_type": "example",
"agent_host_boot_time": 0,
"event_sub_type": "example",
"module_id": "example",
"association_strength": "example",
"dst_association_strength": "example",
"story_id": "example",
"event_id": "example",
"event_type": "example",
"event_timestamp": 0,
"actor_process_instance_id": "example",
"actor_process_image_path": "example",
"actor_process_image_name": "example",
"actor_process_command_line": "example",
"actor_process_signature_status": "example",
"actor_process_signature_vendor": "example",
"actor_process_image_sha256": "example",
"actor_process_image_md5": "example",
"actor_process_causality_id": "example",
"actor_causality_id": "example",
"actor_process_os_pid": "example",
"actor_thread_thread_id": "example",
"causality_actor_process_image_name": "example",
"causality_actor_process_command_line": "example",
"causality_actor_process_image_path": "example",
"causality_actor_process_signature_vendor": "example",
"causality_actor_process_signature_status": "example",
"causality_actor_causality_id": "example",
"causality_actor_process_execution_time": 0,
"causality_actor_process_image_md5": "example",
"causality_actor_process_image_sha256": "example",
"action_file_path": "example",
"action_file_name": "example",
"action_file_md5": "example",
"action_file_sha256": "example",
"action_file_macro_sha256": "example",
"action_registry_data": "example",
"action_registry_key_name": "example",
"action_registry_value_name": "example",
"action_registry_full_key": "example",
"action_local_ip": "example",
"action_local_port": "example",
"action_remote_ip": "example",
"action_remote_port": "example",
"action_external_hostname": "example",
"action_country": "example",
"action_process_instance_id": "example",
"action_process_causality_id": "example",
"action_process_image_name": "example",
"action_process_image_sha256": "example",
"action_process_image_command_line": "example",
"action_process_signature_status": "example",
"action_process_signature_vendor": "example",
"os_actor_effective_username": "example",
"os_actor_process_instance_id": "example",
"os_actor_process_image_path": "example",
"os_actor_process_image_name": "example",
"os_actor_process_command_line": "example",
"os_actor_process_signature_status": "example",
"os_actor_process_signature_vendor": "example",
"os_actor_process_image_sha256": "example",
"os_actor_process_causality_id": "example",
"os_actor_causality_id": "example",
"os_actor_process_os_pid": "example",
"os_actor_thread_thread_id": "example",
"fw_app_id": "example",
"fw_interface_from": "example",
"fw_interface_to": "example",
"fw_rule": "example",
"fw_rule_id": "example",
"fw_device_name": "example",
"fw_serial_number": 0,
"fw_url_domain": "example",
"fw_email_subject": "example",
"fw_email_sender": "example",
"fw_email_recipient": "example",
"fw_app_subcategory": "example",
"fw_app_category": "example",
"fw_app_technology": "example",
"fw_vsys": "example",
"fw_xff": "example",
"fw_misc": "example",
"fw_is_phishing": "example",
"dst_agent_id": "example",
"dst_causality_actor_process_execution_time": 0,
"dns_query_name": "example",
"dst_action_external_hostname": "example",
"dst_action_country": "example",
"dst_action_external_port": "example",
"user_name": "example"
}
],
"alert_id": "example",
"detection_timestamp": 0,
"name": "example",
"category": "example",
"endpoint_id": "example",
"description": "example",
"host_ip": [
"example"
],
"host_name": "example",
"source": "example",
"action": "example",
"action_pretty": "example"
},
"reply": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
},
"violation": {
"hostname": "example",
"username": "example",
"ip": "example",
"timestamp": 0,
"violation_id": 0,
"type": "example",
"vendor_id": "example",
"vendor": "example",
"product_id": "example",
"product": "example",
"serial": "example",
"endpoint_id": "example"
}
}
},
"paths": {
"/public_api/v1/xql/start_xql_query": {
"post": {
"requestBody": {
"content": {
"application/json": {
"schema": {
"request_data": {
"query": "dataset=xdr_data | fields event_id, event_type, event_sub_type | limit 3",
"tenants": [],
"timeframe": {
"from": "1598907600000",
"to": "1599080399000"
}
}
},
"examples": {
"example-1": {
"value": {
"request_data": {
"timeframe": {}
}
}
}
}
}
}
},
"responses": {
"200": {
"content": {
"application/json": {
"schema": {
"reply": "example"
},
"examples": {
"Example 1": {
"value": {}
}
}
}
}
},
"400": {
"content": {
"application/json": {
"schema": {
"reply": {
"err_code": 0,
"err_msg": "example",
"err_extra": {
"err_msg": "example",
"query_cost": 0,
"remaining_quota": 0,
"total_daily_running_queries": 0,
"total_daily_concurrent_rejected_queries": 0
}
}
},
"examples": {
"Example 1": {
"value": {
"reply": {
"err_extra": {}
}
}
}
}
}
}
},
"401": {
"content": {
"application/json": {
"schema": {
"reply": {
"err_code": 0,
"err_msg": "example",
"err_extra": {
"err_msg": "example",
"query_cost": 0,
"remaining_quota": 0,
"total_daily_running_queries": 0,
"total_daily_concurrent_rejected_queries": 0
}
}
},
"examples": {
"Example 1": {
"value": {
"reply": {
"err_extra": {}
}
}
}
}
}
}
},
"402": {
"content": {
"application/json": {
"schema": {
"reply": {
"err_code": 0,
"err_msg": "example",
"err_extra": {
"err_msg": "example",
"query_cost": 0,
"remaining_quota": 0,
"total_daily_running_queries": 0,
"total_daily_concurrent_rejected_queries": 0
}
}
},
"examples": {
"Example 1": {
"value": {
"reply": {
"err_extra": {}
}
}
}
}
}
}
},
"403": {
"content": {
"application/json": {
"schema": {
"reply": {
"err_code": 0,
"err_msg": "example",
"err_extra": {
"err_msg": "example",
"query_cost": 0,
"remaining_quota": 0,
"total_daily_running_queries": 0,
"total_daily_concurrent_rejected_queries": 0
}
}
},
"examples": {
"Example 1": {
"value": {
"reply": {
"err_extra": {}
}
}
}
}
}
}
},
"500": {
"content": {
"application/json": {
"schema": {
"reply": {
"err_code": 0,
"err_msg": "example",
"err_extra": {
"err_msg": "example",
"query_cost": 0,
"remaining_quota": 0,
"total_daily_running_queries": 0,
"total_daily_concurrent_rejected_queries": 0
}
}
},
"examples": {
"Example 1": {
"value": {
"reply": {
"err_extra": {}
}
}
}
}
}
}
}
}
}
},
"/public_api/v1/xql/get_query_results": {
"post": {
"requestBody": {
"content": {
"application/json": {
"schema": {
"request_data": {
"query_id": "061880b4867446_4356_inv",
"pending_flag": true,
"limit": 100,
"format": "json"
}
},
"examples": {
"example-1": {
"value": {
"request_data": {}
}
}
}
}
}
},
"responses": {
"200": {
"content": {
"application/json": {
"schema": {
"reply": {
"status": "example",
"number_of_results": 0,
"query_cost": {
"9995067425505": 0.1
},
"remaining_quota": 0.1,
"results": {
"data": [
{
"event_id": "example",
"agent_version": "example",
"_product": "example",
"_time": 0,
"_vendor": "example",
"insert_timestamp": 0,
"agent_os_type": "example",
"event_type": "example",
"event_sub_type": "example"
}
]
}
}
},
"examples": {
"pending_flag=true": {
"value": {
"reply": {}
}
},
"Up to 1,000 results, JSON format, Single Tenant Investigation": {
"value": {
"reply": {
"query_cost": {},
"results": {}
}
}
},
"Up to 1,000 results, CSV format, Single Tenant Investigation": {
"value": {
"reply": {
"query_cost": {},
"results": {}
}
}
},
"Up to 1,000 results, JSON format, Multi Tenant Investigation": {
"value": {
"reply": {
"query_cost": {},
"results": {}
}
}
},
"More than 1,000 results": {
"value": {
"reply": {
"query_cost": {},
"results": {}
}
}
}
}
}
}
},
"400": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"401": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"402": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"403": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"500": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
}
}
}
},
"/public_api/v1/xql/get_quota": {
"post": {
"requestBody": {
"content": {
"application/json": {
"schema": {
"request_data": {}
}
}
}
},
"responses": {
"200": {
"content": {
"application/json": {
"schema": {
"reply": {
"license_quota": 0,
"additional_purchased_quota": 0,
"used_quota": 0.1,
"eval_quota": 0,
"total_daily_running_queries": 0,
"total_daily_concurrent_rejected_queries": 0,
"current_concurrent_active_queries": {
"additionalProperties": "example"
},
"current_concurrent_active_queries_count": 0,
"max_daily_concurrent_active_query_count": 0
}
},
"examples": {
"example-1": {
"value": {
"reply": {
"current_concurrent_active_queries": {
"debee6b0c41f47_911_inv": {}
}
}
}
}
}
}
}
},
"400": {
"content": {
"application/json": {
"schema": {
"reply": {
"err_code": 0,
"err_msg": "example",
"err_extra": {
"err_msg": "example",
"query_cost": 0,
"remaining_quota": 0,
"total_daily_running_queries": 0,
"total_daily_concurrent_rejected_queries": 0
}
}
},
"examples": {
"Example 1": {
"value": {
"reply": {
"err_extra": {}
}
}
}
}
}
}
},
"401": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"402": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"403": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"500": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
}
}
}
},
"/public_api/v1/xql/get_query_results_stream": {
"post": {
"requestBody": {
"content": {
"application/json": {
"schema": {
"request_data": {
"stream_id": "563c5e24-===-9a1f8139d3c5",
"is_gzip_compressed": true
}
}
}
}
},
"responses": {
"200": {
"content": {
"application/json": {
"examples": {}
}
}
},
"400": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"401": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"402": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"403": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"500": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
}
}
}
},
"/public_api/v1/incidents/get_incidents": {
"post": {
"requestBody": {
"content": {
"application/json": {
"schema": {
"request_data": {
"filters": [
{
"field": "modification_time",
"operator": "in",
"value": null
}
],
"search_from": 0,
"search_to": 0,
"sort": {
"field": "creation_time",
"keyword": "asc"
}
}
},
"examples": {
"Request all results": {
"value": {
"request_data": {}
}
},
"Request filtered results": {
"value": {
"request_data": {
"sort": {}
}
}
}
}
}
}
},
"responses": {
"200": {
"content": {
"application/json": {
"schema": {
"reply": {
"total_count": 0,
"result_count": 0,
"incidents": [
{
"incident_id": "example",
"incident_name": "example",
"creation_time": 0,
"modification_time": 0,
"detection_time": {},
"status": "example",
"severity": "example",
"description": "example",
"assigned_user_mail": {},
"assigned_user_pretty_name": {},
"alert_count": 0,
"low_severity_alert_count": 0,
"med_severity_alert_count": 0,
"high_severity_alert_count": 0,
"critical_severity_alert_count": 0,
"user_count": 0,
"host_count": 0,
"notes": {},
"resolve_comment": {},
"resolved_timestamp": 0,
"manual_severity": {},
"manual_description": "example",
"xdr_url": "example",
"starred": false,
"starred_manually": false,
"hosts": [
"example"
],
"users": [
"example"
],
"incident_sources": [
"example"
],
"rule_based_score": 0,
"manual_score": {},
"wildfire_hits": 0,
"alerts_grouping_status": "example",
"mitre_tactics_ids_and_names": [
"example"
],
"mitre_techniques_ids_and_names": [
"example"
],
"alert_categories": [
"example"
],
"original_tags": [
"example"
],
"tags": [
"example"
]
}
],
"restricted_incident_ids": [
{}
]
}
},
"examples": {
"Success Response Example": {
"value": {
"reply": {}
}
}
}
}
}
},
"400": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"401": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"402": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"403": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"500": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
}
}
}
},
"/public_api/v1/alerts/get_alerts": {
"post": {
"responses": {
"200": {
"content": {
"application/json": {
"schema": {
"reply": {
"total_count": 0,
"result_count": 0,
"alerts": [
{
"external_id": "example",
"severity": "example",
"matching_status": "example",
"end_match_attempt_ts": 0,
"local_insert_ts": 0,
"bioc_indicator": {},
"matching_service_rule_id": {},
"attempt_counter": 0,
"bioc_category_enum_key": {},
"is_whitelisted": false,
"starred": false,
"deduplicate_tokens": {},
"filter_rule_id": {},
"mitre_technique_id_and_name": [
"example"
],
"mitre_tactic_id_and_name": [
"example"
],
"agent_version": "example",
"agent_device_domain": {},
"agent_fqdn": "example",
"agent_os_type": "example",
"agent_os_sub_type": "example",
"agent_data_collection_status": false,
"mac": {},
"mac_address": [
"example"
],
"agent_is_vdi": {},
"contains_featured_host": false,
"contains_featured_user": false,
"contains_featured_ip": false,
"events": [
{
"agent_install_type": "example",
"agent_host_boot_time": {},
"event_sub_type": {},
"module_id": "example",
"association_strength": {},
"dst_association_strength": {},
"story_id": {},
"event_id": {},
"event_type": "example",
"event_timestamp": 0,
"actor_process_instance_id": "example",
"actor_process_image_path": "example",
"actor_process_image_name": "example",
"actor_process_command_line": "example",
"actor_process_signature_status": "example",
"actor_process_signature_vendor": {},
"actor_process_image_sha256": "example",
"actor_process_image_md5": {},
"actor_process_causality_id": {},
"actor_causality_id": {},
"actor_process_os_pid": "example",
"actor_thread_thread_id": {},
"causality_actor_process_image_name": {},
"causality_actor_process_command_line": {},
"causality_actor_process_image_path": {},
"causality_actor_process_signature_vendor": {},
"causality_actor_process_signature_status": "example",
"causality_actor_causality_id": {},
"causality_actor_process_execution_time": {},
"causality_actor_process_image_md5": {},
"causality_actor_process_image_sha256": {},
"action_file_path": {},
"action_file_name": {},
"action_file_md5": {},
"action_file_sha256": {},
"action_file_macro_sha256": {},
"action_registry_data": {},
"action_registry_key_name": {},
"action_registry_value_name": {},
"action_registry_full_key": {},
"action_local_ip": {},
"action_local_port": {},
"action_remote_ip": {},
"action_remote_port": {},
"action_external_hostname": {},
"action_country": "example",
"action_process_instance_id": {},
"action_process_causality_id": {},
"action_process_image_name": {},
"action_process_image_sha256": {},
"action_process_image_command_line": {},
"action_process_signature_status": "example",
"action_process_signature_vendor": {},
"os_actor_effective_username": {},
"os_actor_process_instance_id": {},
"os_actor_process_image_path": {},
"os_actor_process_image_name": {},
"os_actor_process_command_line": {},
"os_actor_process_signature_status": "example",
"os_actor_process_signature_vendor": {},
"os_actor_process_image_sha256": {},
"os_actor_process_causality_id": {},
"os_actor_causality_id": {},
"os_actor_process_os_pid": {},
"os_actor_thread_thread_id": {},
"fw_app_id": {},
"fw_interface_from": {},
"fw_interface_to": {},
"fw_rule": {},
"fw_rule_id": {},
"fw_device_name": {},
"fw_serial_number": {},
"fw_url_domain": {},
"fw_email_subject": {},
"fw_email_sender": {},
"fw_email_recipient": {},
"fw_app_subcategory": {},
"fw_app_category": {},
"fw_app_technology": {},
"fw_vsys": {},
"fw_xff": {},
"fw_misc": {},
"fw_is_phishing": "example",
"dst_agent_id": {},
"dst_causality_actor_process_execution_time": {},
"dns_query_name": {},
"dst_action_external_hostname": {},
"dst_action_country": {},
"dst_action_external_port": {},
"user_name": {}
}
],
"alert_id": "example",
"detection_timestamp": 0,
"name": "example",
"category": "example",
"endpoint_id": "example",
"description": "example",
"host_ip": [
"example"
],
"host_name": "example",
"source": "example",
"action": "example",
"action_pretty": "example"
}
]
}
},
"examples": {
"Example 1": {
"value": {
"reply": {}
}
}
}
}
}
},
"400": {},
"401": {},
"402": {},
"403": {},
"500": {}
},
"requestBody": {
"content": {
"application/json": {
"schema": {
"request_data": {
"filters": [
{
"field": "alert_id_list",
"operator": "in",
"value": null
}
],
"search_from": 0,
"search_to": 0,
"sort": {
"field": "example",
"keyword": "example"
}
}
},
"examples": {
"Request all results": {
"value": {
"request_data": {}
}
},
"Request filtered results": {
"value": {
"request_data": {
"sort": {}
}
}
}
}
}
}
}
}
},
"/public_api/v1/incidents/update_incident": {
"post": {
"requestBody": {
"content": {
"application/json": {
"schema": "{ \n \"request_data\":{ \n \"incident_id\":\"<incident ID>\",\n \"update_data\":{ \n \"assigned_user_mail\":\"username@test.com\",\n \"manual_severity\":\"low\",\n \"status\":\"resolved_other\",\n \"resolve_comment\":\"This incident is resolved\"\n }\n }",
"examples": {
"Request example": {
"value": {
"request_data": {
"update_data": {}
}
}
}
}
}
}
},
"responses": {
"200": {
"content": {
"application/json": {
"schema": false
}
}
},
"400": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"401": {
"content": {
"application/json": {
"schema": {
"info": {
"contact": {}
},
"components": {
"securitySchemes": {
"api_key": null
},
"schemas": {
"event": {
"agent_install_type": "example",
"agent_host_boot_time": 0,
"event_sub_type": "example",
"module_id": "example",
"association_strength": "example",
"dst_association_strength": "example",
"story_id": "example",
"event_id": "example",
"event_type": "example",
"event_timestamp": 0,
"actor_process_instance_id": "example",
"actor_process_image_path": "example",
"actor_process_image_name": "example",
"actor_process_command_line": "example",
"actor_process_signature_status": "example",
"actor_process_signature_vendor": "example",
"actor_process_image_sha256": "example",
"actor_process_image_md5": "example",
"actor_process_causality_id": "example",
"actor_causality_id": "example",
"actor_process_os_pid": "example",
"actor_thread_thread_id": "example",
"causality_actor_process_image_name": "example",
"causality_actor_process_command_line": "example",
"causality_actor_process_image_path": "example",
"causality_actor_process_signature_vendor": "example",
"causality_actor_process_signature_status": "example",
"causality_actor_causality_id": "example",
"causality_actor_process_execution_time": 0,
"causality_actor_process_image_md5": "example",
"causality_actor_process_image_sha256": "example",
"action_file_path": "example",
"action_file_name": "example",
"action_file_md5": "example",
"action_file_sha256": "example",
"action_file_macro_sha256": "example",
"action_registry_data": "example",
"action_registry_key_name": "example",
"action_registry_value_name": "example",
"action_registry_full_key": "example",
"action_local_ip": "example",
"action_local_port": "example",
"action_remote_ip": "example",
"action_remote_port": "example",
"action_external_hostname": "example",
"action_country": "example",
"action_process_instance_id": "example",
"action_process_causality_id": "example",
"action_process_image_name": "example",
"action_process_image_sha256": "example",
"action_process_image_command_line": "example",
"action_process_signature_status": "example",
"action_process_signature_vendor": "example",
"os_actor_effective_username": "example",
"os_actor_process_instance_id": "example",
"os_actor_process_image_path": "example",
"os_actor_process_image_name": "example",
"os_actor_process_command_line": "example",
"os_actor_process_signature_status": "example",
"os_actor_process_signature_vendor": "example",
"os_actor_process_image_sha256": "example",
"os_actor_process_causality_id": "example",
"os_actor_causality_id": "example",
"os_actor_process_os_pid": "example",
"os_actor_thread_thread_id": "example",
"fw_app_id": "example",
"fw_interface_from": "example",
"fw_interface_to": "example",
"fw_rule": "example",
"fw_rule_id": "example",
"fw_device_name": "example",
"fw_serial_number": 0,
"fw_url_domain": "example",
"fw_email_subject": "example",
"fw_email_sender": "example",
"fw_email_recipient": "example",
"fw_app_subcategory": "example",
"fw_app_category": "example",
"fw_app_technology": "example",
"fw_vsys": "example",
"fw_xff": "example",
"fw_misc": "example",
"fw_is_phishing": "example",
"dst_agent_id": "example",
"dst_causality_actor_process_execution_time": 0,
"dns_query_name": "example",
"dst_action_external_hostname": "example",
"dst_action_country": "example",
"dst_action_external_port": "example",
"user_name": "example"
},
"alert": {
"external_id": "example",
"severity": "example",
"matching_status": "example",
"end_match_attempt_ts": 0,
"local_insert_ts": 0,
"bioc_indicator": "example",
"matching_service_rule_id": "example",
"attempt_counter": 0,
"bioc_category_enum_key": "example",
"is_whitelisted": false,
"starred": false,
"deduplicate_tokens": "example",
"filter_rule_id": "example",
"mitre_technique_id_and_name": [
"example"
],
"mitre_tactic_id_and_name": [
"example"
],
"agent_version": "example",
"agent_device_domain": "example",
"agent_fqdn": "example",
"agent_os_type": "example",
"agent_os_sub_type": "example",
"agent_data_collection_status": false,
"mac": "example",
"mac_address": [
"example"
],
"agent_is_vdi": false,
"contains_featured_host": "YES",
"contains_featured_user": "YES",
"contains_featured_ip": "YES",
"events": [
{
"agent_install_type": "example",
"agent_host_boot_time": 0,
"event_sub_type": "example",
"module_id": "example",
"association_strength": "example",
"dst_association_strength": "example",
"story_id": "example",
"event_id": "example",
"event_type": "example",
"event_timestamp": 0,
"actor_process_instance_id": "example",
"actor_process_image_path": "example",
"actor_process_image_name": "example",
"actor_process_command_line": "example",
"actor_process_signature_status": "example",
"actor_process_signature_vendor": "example",
"actor_process_image_sha256": "example",
"actor_process_image_md5": "example",
"actor_process_causality_id": "example",
"actor_causality_id": "example",
"actor_process_os_pid": "example",
"actor_thread_thread_id": "example",
"causality_actor_process_image_name": "example",
"causality_actor_process_command_line": "example",
"causality_actor_process_image_path": "example",
"causality_actor_process_signature_vendor": "example",
"causality_actor_process_signature_status": "example",
"causality_actor_causality_id": "example",
"causality_actor_process_execution_time": 0,
"causality_actor_process_image_md5": "example",
"causality_actor_process_image_sha256": "example",
"action_file_path": "example",
"action_file_name": "example",
"action_file_md5": "example",
"action_file_sha256": "example",
"action_file_macro_sha256": "example",
"action_registry_data": "example",
"action_registry_key_name": "example",
"action_registry_value_name": "example",
"action_registry_full_key": "example",
"action_local_ip": "example",
"action_local_port": "example",
"action_remote_ip": "example",
"action_remote_port": "example",
"action_external_hostname": "example",
"action_country": "example",
"action_process_instance_id": "example",
"action_process_causality_id": "example",
"action_process_image_name": "example",
"action_process_image_sha256": "example",
"action_process_image_command_line": "example",
"action_process_signature_status": "example",
"action_process_signature_vendor": "example",
"os_actor_effective_username": "example",
"os_actor_process_instance_id": "example",
"os_actor_process_image_path": "example",
"os_actor_process_image_name": "example",
"os_actor_process_command_line": "example",
"os_actor_process_signature_status": "example",
"os_actor_process_signature_vendor": "example",
"os_actor_process_image_sha256": "example",
"os_actor_process_causality_id": "example",
"os_actor_causality_id": "example",
"os_actor_process_os_pid": "example",
"os_actor_thread_thread_id": "example",
"fw_app_id": "example",
"fw_interface_from": "example",
"fw_interface_to": "example",
"fw_rule": "example",
"fw_rule_id": "example",
"fw_device_name": "example",
"fw_serial_number": 0,
"fw_url_domain": "example",
"fw_email_subject": "example",
"fw_email_sender": "example",
"fw_email_recipient": "example",
"fw_app_subcategory": "example",
"fw_app_category": "example",
"fw_app_technology": "example",
"fw_vsys": "example",
"fw_xff": "example",
"fw_misc": "example",
"fw_is_phishing": "example",
"dst_agent_id": "example",
"dst_causality_actor_process_execution_time": 0,
"dns_query_name": "example",
"dst_action_external_hostname": "example",
"dst_action_country": "example",
"dst_action_external_port": "example",
"user_name": "example"
}
],
"alert_id": "example",
"detection_timestamp": 0,
"name": "example",
"category": "example",
"endpoint_id": "example",
"description": "example",
"host_ip": [
"example"
],
"host_name": "example",
"source": "example",
"action": "example",
"action_pretty": "example"
},
"reply": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
},
"violation": {
"hostname": "example",
"username": "example",
"ip": "example",
"timestamp": 0,
"violation_id": 0,
"type": "example",
"vendor_id": "example",
"vendor": "example",
"product_id": "example",
"product": "example",
"serial": "example",
"endpoint_id": "example"
}
}
},
"paths": {
"/public_api/v1/xql/start_xql_query": {
"post": {
"requestBody": {
"content": {
"application/json": {
"schema": {
"request_data": {
"query": "dataset=xdr_data | fields event_id, event_type, event_sub_type | limit 3",
"tenants": [],
"timeframe": {
"from": "1598907600000",
"to": "1599080399000"
}
}
},
"examples": {
"example-1": {
"value": {
"request_data": {
"timeframe": {}
}
}
}
}
}
}
},
"responses": {
"200": {
"content": {
"application/json": {
"schema": {
"reply": "example"
},
"examples": {
"Example 1": {
"value": {}
}
}
}
}
},
"400": {
"content": {
"application/json": {
"schema": {
"reply": {
"err_code": 0,
"err_msg": "example",
"err_extra": {
"err_msg": "example",
"query_cost": 0,
"remaining_quota": 0,
"total_daily_running_queries": 0,
"total_daily_concurrent_rejected_queries": 0
}
}
},
"examples": {
"Example 1": {
"value": {
"reply": {
"err_extra": {}
}
}
}
}
}
}
},
"401": {
"content": {
"application/json": {
"schema": {
"reply": {
"err_code": 0,
"err_msg": "example",
"err_extra": {
"err_msg": "example",
"query_cost": 0,
"remaining_quota": 0,
"total_daily_running_queries": 0,
"total_daily_concurrent_rejected_queries": 0
}
}
},
"examples": {
"Example 1": {
"value": {
"reply": {
"err_extra": {}
}
}
}
}
}
}
},
"402": {
"content": {
"application/json": {
"schema": {
"reply": {
"err_code": 0,
"err_msg": "example",
"err_extra": {
"err_msg": "example",
"query_cost": 0,
"remaining_quota": 0,
"total_daily_running_queries": 0,
"total_daily_concurrent_rejected_queries": 0
}
}
},
"examples": {
"Example 1": {
"value": {
"reply": {
"err_extra": {}
}
}
}
}
}
}
},
"403": {
"content": {
"application/json": {
"schema": {
"reply": {
"err_code": 0,
"err_msg": "example",
"err_extra": {
"err_msg": "example",
"query_cost": 0,
"remaining_quota": 0,
"total_daily_running_queries": 0,
"total_daily_concurrent_rejected_queries": 0
}
}
},
"examples": {
"Example 1": {
"value": {
"reply": {
"err_extra": {}
}
}
}
}
}
}
},
"500": {
"content": {
"application/json": {
"schema": {
"reply": {
"err_code": 0,
"err_msg": "example",
"err_extra": {
"err_msg": "example",
"query_cost": 0,
"remaining_quota": 0,
"total_daily_running_queries": 0,
"total_daily_concurrent_rejected_queries": 0
}
}
},
"examples": {
"Example 1": {
"value": {
"reply": {
"err_extra": {}
}
}
}
}
}
}
}
}
}
},
"/public_api/v1/xql/get_query_results": {
"post": {
"requestBody": {
"content": {
"application/json": {
"schema": {
"request_data": {
"query_id": "061880b4867446_4356_inv",
"pending_flag": true,
"limit": 100,
"format": "json"
}
},
"examples": {
"example-1": {
"value": {
"request_data": {}
}
}
}
}
}
},
"responses": {
"200": {
"content": {
"application/json": {
"schema": {
"reply": {
"status": "example",
"number_of_results": 0,
"query_cost": {
"9995067425505": 0.1
},
"remaining_quota": 0.1,
"results": {
"data": [
{
"event_id": "example",
"agent_version": "example",
"_product": "example",
"_time": 0,
"_vendor": "example",
"insert_timestamp": 0,
"agent_os_type": "example",
"event_type": "example",
"event_sub_type": "example"
}
]
}
}
},
"examples": {
"pending_flag=true": {
"value": {
"reply": {}
}
},
"Up to 1,000 results, JSON format, Single Tenant Investigation": {
"value": {
"reply": {
"query_cost": {},
"results": {}
}
}
},
"Up to 1,000 results, CSV format, Single Tenant Investigation": {
"value": {
"reply": {
"query_cost": {},
"results": {}
}
}
},
"Up to 1,000 results, JSON format, Multi Tenant Investigation": {
"value": {
"reply": {
"query_cost": {},
"results": {}
}
}
},
"More than 1,000 results": {
"value": {
"reply": {
"query_cost": {},
"results": {}
}
}
}
}
}
}
},
"400": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"401": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"402": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"403": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"500": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
}
}
}
},
"/public_api/v1/xql/get_quota": {
"post": {
"requestBody": {
"content": {
"application/json": {
"schema": {
"request_data": {}
}
}
}
},
"responses": {
"200": {
"content": {
"application/json": {
"schema": {
"reply": {
"license_quota": 0,
"additional_purchased_quota": 0,
"used_quota": 0.1,
"eval_quota": 0,
"total_daily_running_queries": 0,
"total_daily_concurrent_rejected_queries": 0,
"current_concurrent_active_queries": {
"additionalProperties": "example"
},
"current_concurrent_active_queries_count": 0,
"max_daily_concurrent_active_query_count": 0
}
},
"examples": {
"example-1": {
"value": {
"reply": {
"current_concurrent_active_queries": {
"debee6b0c41f47_911_inv": {}
}
}
}
}
}
}
}
},
"400": {
"content": {
"application/json": {
"schema": {
"reply": {
"err_code": 0,
"err_msg": "example",
"err_extra": {
"err_msg": "example",
"query_cost": 0,
"remaining_quota": 0,
"total_daily_running_queries": 0,
"total_daily_concurrent_rejected_queries": 0
}
}
},
"examples": {
"Example 1": {
"value": {
"reply": {
"err_extra": {}
}
}
}
}
}
}
},
"401": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"402": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"403": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"500": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
}
}
}
},
"/public_api/v1/xql/get_query_results_stream": {
"post": {
"requestBody": {
"content": {
"application/json": {
"schema": {
"request_data": {
"stream_id": "563c5e24-===-9a1f8139d3c5",
"is_gzip_compressed": true
}
}
}
}
},
"responses": {
"200": {
"content": {
"application/json": {
"examples": {}
}
}
},
"400": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"401": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"402": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"403": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"500": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
}
}
}
},
"/public_api/v1/incidents/get_incidents": {
"post": {
"requestBody": {
"content": {
"application/json": {
"schema": {
"request_data": {
"filters": [
{
"field": "modification_time",
"operator": "in",
"value": null
}
],
"search_from": 0,
"search_to": 0,
"sort": {
"field": "creation_time",
"keyword": "asc"
}
}
},
"examples": {
"Request all results": {
"value": {
"request_data": {}
}
},
"Request filtered results": {
"value": {
"request_data": {
"sort": {}
}
}
}
}
}
}
},
"responses": {
"200": {
"content": {
"application/json": {
"schema": {
"reply": {
"total_count": 0,
"result_count": 0,
"incidents": [
{
"incident_id": "example",
"incident_name": "example",
"creation_time": 0,
"modification_time": 0,
"detection_time": {},
"status": "example",
"severity": "example",
"description": "example",
"assigned_user_mail": {},
"assigned_user_pretty_name": {},
"alert_count": 0,
"low_severity_alert_count": 0,
"med_severity_alert_count": 0,
"high_severity_alert_count": 0,
"critical_severity_alert_count": 0,
"user_count": 0,
"host_count": 0,
"notes": {},
"resolve_comment": {},
"resolved_timestamp": 0,
"manual_severity": {},
"manual_description": "example",
"xdr_url": "example",
"starred": false,
"starred_manually": false,
"hosts": [
"example"
],
"users": [
"example"
],
"incident_sources": [
"example"
],
"rule_based_score": 0,
"manual_score": {},
"wildfire_hits": 0,
"alerts_grouping_status": "example",
"mitre_tactics_ids_and_names": [
"example"
],
"mitre_techniques_ids_and_names": [
"example"
],
"alert_categories": [
"example"
],
"original_tags": [
"example"
],
"tags": [
"example"
]
}
],
"restricted_incident_ids": [
{}
]
}
},
"examples": {
"Success Response Example": {
"value": {
"reply": {}
}
}
}
}
}
},
"400": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"401": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"402": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"403": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"500": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
}
}
}
},
"/public_api/v1/alerts/get_alerts": {
"post": {
"responses": {
"200": {
"content": {
"application/json": {
"schema": {
"reply": {
"total_count": 0,
"result_count": 0,
"alerts": [
{
"external_id": "example",
"severity": "example",
"matching_status": "example",
"end_match_attempt_ts": 0,
"local_insert_ts": 0,
"bioc_indicator": {},
"matching_service_rule_id": {},
"attempt_counter": 0,
"bioc_category_enum_key": {},
"is_whitelisted": false,
"starred": false,
"deduplicate_tokens": {},
"filter_rule_id": {},
"mitre_technique_id_and_name": [
"example"
],
"mitre_tactic_id_and_name": [
"example"
],
"agent_version": "example",
"agent_device_domain": {},
"agent_fqdn": "example",
"agent_os_type": "example",
"agent_os_sub_type": "example",
"agent_data_collection_status": false,
"mac": {},
"mac_address": [
"example"
],
"agent_is_vdi": {},
"contains_featured_host": false,
"contains_featured_user": false,
"contains_featured_ip": false,
"events": [
{
"agent_install_type": "example",
"agent_host_boot_time": {},
"event_sub_type": {},
"module_id": "example",
"association_strength": {},
"dst_association_strength": {},
"story_id": {},
"event_id": {},
"event_type": "example",
"event_timestamp": 0,
"actor_process_instance_id": "example",
"actor_process_image_path": "example",
"actor_process_image_name": "example",
"actor_process_command_line": "example",
"actor_process_signature_status": "example",
"actor_process_signature_vendor": {},
"actor_process_image_sha256": "example",
"actor_process_image_md5": {},
"actor_process_causality_id": {},
"actor_causality_id": {},
"actor_process_os_pid": "example",
"actor_thread_thread_id": {},
"causality_actor_process_image_name": {},
"causality_actor_process_command_line": {},
"causality_actor_process_image_path": {},
"causality_actor_process_signature_vendor": {},
"causality_actor_process_signature_status": "example",
"causality_actor_causality_id": {},
"causality_actor_process_execution_time": {},
"causality_actor_process_image_md5": {},
"causality_actor_process_image_sha256": {},
"action_file_path": {},
"action_file_name": {},
"action_file_md5": {},
"action_file_sha256": {},
"action_file_macro_sha256": {},
"action_registry_data": {},
"action_registry_key_name": {},
"action_registry_value_name": {},
"action_registry_full_key": {},
"action_local_ip": {},
"action_local_port": {},
"action_remote_ip": {},
"action_remote_port": {},
"action_external_hostname": {},
"action_country": "example",
"action_process_instance_id": {},
"action_process_causality_id": {},
"action_process_image_name": {},
"action_process_image_sha256": {},
"action_process_image_command_line": {},
"action_process_signature_status": "example",
"action_process_signature_vendor": {},
"os_actor_effective_username": {},
"os_actor_process_instance_id": {},
"os_actor_process_image_path": {},
"os_actor_process_image_name": {},
"os_actor_process_command_line": {},
"os_actor_process_signature_status": "example",
"os_actor_process_signature_vendor": {},
"os_actor_process_image_sha256": {},
"os_actor_process_causality_id": {},
"os_actor_causality_id": {},
"os_actor_process_os_pid": {},
"os_actor_thread_thread_id": {},
"fw_app_id": {},
"fw_interface_from": {},
"fw_interface_to": {},
"fw_rule": {},
"fw_rule_id": {},
"fw_device_name": {},
"fw_serial_number": {},
"fw_url_domain": {},
"fw_email_subject": {},
"fw_email_sender": {},
"fw_email_recipient": {},
"fw_app_subcategory": {},
"fw_app_category": {},
"fw_app_technology": {},
"fw_vsys": {},
"fw_xff": {},
"fw_misc": {},
"fw_is_phishing": "example",
"dst_agent_id": {},
"dst_causality_actor_process_execution_time": {},
"dns_query_name": {},
"dst_action_external_hostname": {},
"dst_action_country": {},
"dst_action_external_port": {},
"user_name": {}
}
],
"alert_id": "example",
"detection_timestamp": 0,
"name": "example",
"category": "example",
"endpoint_id": "example",
"description": "example",
"host_ip": [
"example"
],
"host_name": "example",
"source": "example",
"action": "example",
"action_pretty": "example"
}
]
}
},
"examples": {
"Example 1": {
"value": {
"reply": {}
}
}
}
}
}
},
"400": {},
"401": {},
"402": {},
"403": {},
"500": {}
},
"requestBody": {
"content": {
"application/json": {
"schema": {
"request_data": {
"filters": [
{
"field": "alert_id_list",
"operator": "in",
"value": null
}
],
"search_from": 0,
"search_to": 0,
"sort": {
"field": "example",
"keyword": "example"
}
}
},
"examples": {
"Request all results": {
"value": {
"request_data": {}
}
},
"Request filtered results": {
"value": {
"request_data": {
"sort": {}
}
}
}
}
}
}
}
}
},
"/public_api/v1/incidents/update_incident": {
"post": {
"requestBody": {
"content": {
"application/json": {
"schema": "{ \n \"request_data\":{ \n \"incident_id\":\"<incident ID>\",\n \"update_data\":{ \n \"assigned_user_mail\":\"username@test.com\",\n \"manual_severity\":\"low\",\n \"status\":\"resolved_other\",\n \"resolve_comment\":\"This incident is resolved\"\n }\n }",
"examples": {
"Request example": {
"value": {
"request_data": {
"update_data": {}
}
}
}
}
}
}
},
"responses": {
"200": {
"content": {
"application/json": {
"schema": false
}
}
},
"400": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"401": {
"content": {
"application/json": {
"schema": {}
}
}
},
"402": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"403": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"500": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
}
}
}
},
"/public_api/v1/alerts/update_alerts": {
"post": {
"requestBody": {
"content": {
"application/json": {
"schema": {
"request_data": {
"alert_id_list": [
"104173821",
"574203823",
"395720183"
],
"update_data": {
"severity": "medium",
"status": "resolved_other",
"comment": "This incident is resolved"
}
}
},
"examples": {
"example-1": {
"value": {
"request_data": {
"update_data": {}
}
}
}
}
}
}
},
"responses": {
"200": {
"content": {
"application/json": {
"schema": [
"example"
],
"examples": {
"example-1": {
"value": {
"reply": {}
}
}
}
}
}
},
"400": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"401": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"402": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"403": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"500": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
}
}
}
},
"/public_api/v1/alerts/insert_cef_alerts": {
"post": {
"requestBody": {
"content": {
"application/json": {
"schema": {
"request_data": {
"alerts": [
"CEF:0|Check Point|VPN-1 & FireWall-1|Check Point|Log|microsoft-ds|Unknown|act=AcceptdeviceDirection=0 rt=1569---000 spt=5---57 dpt=4---5cs2Label=Rule Name cs2=ADPrimerylayer_name=FW_Device_blackenedSecuritylayer_uuid=07-----fc7-1a5c-71b8c match_id=1---6parent_rule=0rule_action=Accept rule_uid=8----be5cifname=bond2logid=0loguid={0x5d8c5388,0x61,0x29321fac,0xc0000022}origin=1.1.1.1originsicname=CN=DWdeviceBlackend,O=Blackend sequencenum=363version=5dst=1.1.1.1 inzone=External outzone=Internal product=VPN-1 & FireWall-1proto=6service_id=microsoft-ds src=1.1.1.1",
"CEF:0|Check Point|VPN-1 & FireWall-1|Check Point|Log|Log|Unknown|act=AcceptdeviceDirection=0 rt=1569477501000 spt=63088 dpt=5985cs2Label=RuleNamelayer_name=FW_Device_blackenedSecuritylayer_uuid=07693f---e96c71b8c match_id=8----9parent_rule=0rule_action=Acceptrule_uid=ae9---70f-ab1c-1ad552c82369conn_direction=Internal ifname=bond1.12logid=0loguid={0x5d8c537d,0xbb,0x29321fac,0xc0000014}origin=1.1.1.1originsicname=CN=DWdeviceBlackend,O=Blackend sequencenum=899version=5dst=1.1.1.1 product=VPN-1 & FireWall-1 proto=6 src=1.1.1.1"
]
}
},
"examples": {
"example-1": {
"value": {
"request_data": {}
}
}
}
}
}
},
"responses": {
"200": {
"content": {
"application/json": {
"schema": false
}
}
},
"400": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"401": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"402": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"403": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"500": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
}
}
}
},
"/public_api/v1/alerts/insert_parsed_alerts": {
"post": {
"requestBody": {
"content": {
"application/json": {
"schema": {
"request_data": {
"alerts": [
{
"product": "example",
"vendor": "example",
"local_ip": "example",
"local_port": "example",
"remote_ip": "example",
"remote_port": "example",
"event_timestamp": 0,
"severity": "example",
"alert_name": "example",
"alert_description": "example",
"action_status": "example",
"local_ip_v6": "example",
"remote_ip_v6": "example"
}
]
}
},
"examples": {
"example-1": {
"value": {
"request_data": {}
}
}
}
}
}
},
"responses": {
"200": {
"content": {
"application/json": {
"schema": false
}
}
},
"400": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"401": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"402": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"403": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"500": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
}
}
}
},
"/public_api/v1/alerts/get_alerts_pcap": {
"post": {
"requestBody": {
"content": {
"application/json": {
"schema": {
"request_data": {
"filters": [
{
"field": "severity",
"operator": "in",
"value": [
"medium",
"high"
]
}
],
"search_from": "0",
"search_to": "5",
"sort": {
"field": "severity",
"keyword": "asc"
}
}
},
"examples": {
"Request all results": {
"value": {
"request_data": {}
}
},
"Request filtered results": {
"value": {
"request_data": {
"sort": {}
}
}
}
}
}
}
},
"responses": {
"200": {
"content": {
"application/json": {
"schema": {
"reply": {
"total_count": 0,
"result_count": 0,
"alerts": [
{
"id": "example",
"pcap_data": "example"
}
]
}
},
"examples": {
"example-1": {
"value": {}
}
}
}
}
},
"400": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"401": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"402": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"403": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"500": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
}
}
}
},
"/public_api/v2/alerts/get_alerts_multi_events": {
"post": {
"responses": {
"200": {
"content": {
"application/json": {
"schema": {
"reply": {
"total_count": 0,
"result_count": 0,
"alerts": [
{
"agent_os_sub_type": "example",
"fw_app_category": {},
"fw_app_id": {},
"fw_app_subcategory": {},
"fw_app_technology": {},
"category": "example",
"causality_actor_process_command_line": [
"example"
],
"causality_actor_process_image_md5": [
"example"
],
"causality_actor_process_image_name": [
"example"
],
"causality_actor_process_image_path": [
"example"
],
"causality_actor_process_image_sha256": [
"example"
],
"causality_actor_process_signature_status": [
"example"
],
"causality_actor_process_signature_vendor": [
"example"
],
"causality_actor_causality_id": [
"example"
],
"identity_sub_type": {},
"identity_type": {},
"operation_name": {},
"project": {},
"cloud_provider": {},
"referenced_resource": {},
"resource_sub_type": {},
"resource_type": {},
"cluster_name": {},
"container_id": {},
"contains_featured_host": [
"example"
],
"contains_featured_ip": [
"example"
],
"contains_featured_user": [
"example"
],
"action_country": [
"example"
],
"description": "example",
"fw_interface_to": {},
"dns_query_name": {},
"agent_device_domain": {},
"fw_email_recipient": {},
"fw_email_sender": {},
"fw_email_subject": {},
"event_type": [
"example"
],
"is_whitelisted": false,
"action_file_macro_sha256": {},
"action_file_md5": {},
"action_file_name": {},
"action_file_path": {},
"action_file_sha256": {},
"fw_device_name": {},
"fw_rule_id": {},
"fw_rule": {},
"fw_serial_number": {},
"agent_fqdn": {},
"agent_os_type": "example",
"image_name": {},
"actor_process_image_name": [
"example"
],
"actor_process_command_line": [
"example"
],
"actor_process_image_md5": [
"example"
],
"actor_process_image_path": [
"example"
],
"actor_process_os_pid": [
0
],
"actor_process_image_sha256": [
"example"
],
"actor_process_signature_status": [
"example"
],
"actor_process_signature_vendor": [
"example"
],
"actor_thread_thread_id": [
0
],
"fw_is_phishing": [
"example"
],
"action_local_ip": {},
"action_local_port": {},
"fw_misc": {},
"mitre_tactic_id_and_name": [
"example"
],
"mitre_technique_id_and_name": [
"example"
],
"module_id": {},
"fw_vsys": {},
"os_actor_process_command_line": [
"example"
],
"os_actor_thread_thread_id": [
0
],
"os_actor_process_image_name": [
"example"
],
"os_actor_process_os_pid": [
0
],
"os_actor_process_image_sha256": [
"example"
],
"os_actor_process_signature_status": [
"example"
],
"os_actor_process_signature_vendor": [
"example"
],
"os_actor_effective_username": {},
"action_process_signature_status": [
"example"
],
"action_process_signature_vendor": {},
"action_registry_data": {},
"action_registry_full_key": {},
"action_external_hostname": {},
"action_remote_ip": {},
"action_remote_port": {},
"matching_service_rule_id": "example",
"fw_interface_from": {},
"starred": false,
"action_process_image_command_line": {},
"action_process_image_name": {},
"action_process_image_sha256": {},
"fw_url_domain": {},
"user_agent": {},
"fw_xff": {},
"external_id": "example",
"severity": "example",
"matching_status": "example",
"end_match_attempt_ts": {},
"local_insert_ts": 0,
"last_modified_ts": {},
"bioc_indicator": {},
"attempt_counter": 0,
"bioc_category_enum_key": {},
"case_id": 0,
"deduplicate_tokens": {},
"filter_rule_id": {},
"agent_version": "example",
"agent_ip_addresses_v6": {},
"agent_data_collection_status": {},
"agent_is_vdi": false,
"agent_install_type": "example",
"agent_host_boot_time": [
0
],
"event_sub_type": [
0
],
"association_strength": [
0
],
"dst_association_strength": {},
"story_id": {},
"event_id": [
"example"
],
"event_timestamp": [
0
],
"actor_process_instance_id": [
"example"
],
"actor_process_causality_id": [
"example"
],
"actor_causality_id": [
"example"
],
"causality_actor_process_execution_time": [
0
],
"action_registry_key_name": {},
"action_registry_value_name": {},
"action_local_ip_v6": {},
"action_remote_ip_v6": {},
"action_process_instance_id": {},
"action_process_causality_id": {},
"os_actor_process_instance_id": [
"example"
],
"os_actor_process_image_path": [
"example"
],
"os_actor_process_causality_id": [
"example"
],
"os_actor_causality_id": {},
"dst_agent_id": [
"example"
],
"dst_causality_actor_process_execution_time": {},
"dst_action_external_hostname": {},
"dst_action_country": {},
"dst_action_external_port": {},
"is_pcap": false,
"alert_type": "example",
"resolution_status": "example",
"resolution_comment": {},
"dynamic_fields": {},
"tags": [
"example"
],
"alert_id": "example",
"detection_timestamp": 0,
"name": "example",
"endpoint_id": "example",
"host_ip": [
"example"
],
"host_name": "example",
"action": "example",
"original_tags": [
"example"
],
"user_name": [
"example"
],
"mac_addresses": {},
"source": {},
"action_pretty": "example"
}
]
}
}
}
}
},
"400": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"401": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"402": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"403": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"500": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
}
},
"requestBody": {
"content": {
"application/json": {
"schema": {
"request_data": {
"filters": [
{
"field": "alert_id_list",
"operator": "in",
"value": null
}
]
}
},
"examples": {
"Example 1": {
"value": {
"request_data": {}
}
}
}
}
}
}
}
},
"/public_api/v1/alerts/get_alerts_multi_events": {
"post": {
"requestBody": {
"content": {
"application/json": {
"schema": {
"request_data": {
"filters": [
{
"field": "severity",
"operator": "in",
"value": [
"medium",
"high"
]
}
],
"search_from": 0,
"search_to": 5,
"sort": {
"field": "severity",
"keyword": "asc"
}
}
},
"examples": {
"Request all results": {
"value": {
"request_data": {}
}
},
"Request filtered results": {
"value": {
"request_data": {
"sort": {}
}
}
}
}
}
}
},
"responses": {
"200": {
"content": {
"application/json": {
"schema": {
"total_count": 0,
"result_count": 0,
"alerts": [
{
"external_id": "example",
"severity": "example",
"matching_status": "example",
"end_match_attempt_ts": 0,
"local_insert_ts": 0,
"bioc_indicator": "example",
"matching_service_rule_id": "example",
"attempt_counter": 0,
"bioc_category_enum_key": "example",
"is_whitelisted": false,
"starred": false,
"deduplicate_tokens": "example",
"filter_rule_id": "example",
"mitre_technique_id_and_name": [
"example"
],
"mitre_tactic_id_and_name": [
"example"
],
"agent_version": "example",
"agent_device_domain": "example",
"agent_fqdn": "example",
"agent_os_type": "example",
"agent_os_sub_type": "example",
"agent_data_collection_status": false,
"mac": "example",
"mac_address": [
"example"
],
"agent_is_vdi": false,
"contains_featured_host": "YES",
"contains_featured_user": "YES",
"contains_featured_ip": "YES",
"events": [
{
"agent_install_type": "example",
"agent_host_boot_time": 0,
"event_sub_type": "example",
"module_id": "example",
"association_strength": "example",
"dst_association_strength": "example",
"story_id": "example",
"event_id": "example",
"event_type": "example",
"event_timestamp": 0,
"actor_process_instance_id": "example",
"actor_process_image_path": "example",
"actor_process_image_name": "example",
"actor_process_command_line": "example",
"actor_process_signature_status": "example",
"actor_process_signature_vendor": "example",
"actor_process_image_sha256": "example",
"actor_process_image_md5": "example",
"actor_process_causality_id": "example",
"actor_causality_id": "example",
"actor_process_os_pid": "example",
"actor_thread_thread_id": "example",
"causality_actor_process_image_name": "example",
"causality_actor_process_command_line": "example",
"causality_actor_process_image_path": "example",
"causality_actor_process_signature_vendor": "example",
"causality_actor_process_signature_status": "example",
"causality_actor_causality_id": "example",
"causality_actor_process_execution_time": 0,
"causality_actor_process_image_md5": "example",
"causality_actor_process_image_sha256": "example",
"action_file_path": "example",
"action_file_name": "example",
"action_file_md5": "example",
"action_file_sha256": "example",
"action_file_macro_sha256": "example",
"action_registry_data": "example",
"action_registry_key_name": "example",
"action_registry_value_name": "example",
"action_registry_full_key": "example",
"action_local_ip": "example",
"action_local_port": "example",
"action_remote_ip": "example",
"action_remote_port": "example",
"action_external_hostname": "example",
"action_country": "example",
"action_process_instance_id": "example",
"action_process_causality_id": "example",
"action_process_image_name": "example",
"action_process_image_sha256": "example",
"action_process_image_command_line": "example",
"action_process_signature_status": "example",
"action_process_signature_vendor": "example",
"os_actor_effective_username": "example",
"os_actor_process_instance_id": "example",
"os_actor_process_image_path": "example",
"os_actor_process_image_name": "example",
"os_actor_process_command_line": "example",
"os_actor_process_signature_status": "example",
"os_actor_process_signature_vendor": "example",
"os_actor_process_image_sha256": "example",
"os_actor_process_causality_id": "example",
"os_actor_causality_id": "example",
"os_actor_process_os_pid": "example",
"os_actor_thread_thread_id": "example",
"fw_app_id": "example",
"fw_interface_from": "example",
"fw_interface_to": "example",
"fw_rule": "example",
"fw_rule_id": "example",
"fw_device_name": "example",
"fw_serial_number": 0,
"fw_url_domain": "example",
"fw_email_subject": "example",
"fw_email_sender": "example",
"fw_email_recipient": "example",
"fw_app_subcategory": "example",
"fw_app_category": "example",
"fw_app_technology": "example",
"fw_vsys": "example",
"fw_xff": "example",
"fw_misc": "example",
"fw_is_phishing": "example",
"dst_agent_id": "example",
"dst_causality_actor_process_execution_time": 0,
"dns_query_name": "example",
"dst_action_external_hostname": "example",
"dst_action_country": "example",
"dst_action_external_port": "example",
"user_name": "example"
}
],
"alert_id": "example",
"detection_timestamp": 0,
"name": "example",
"category": "example",
"endpoint_id": "example",
"description": "example",
"host_ip": [
"example"
],
"host_name": "example",
"source": "example",
"action": "example",
"action_pretty": "example"
}
],
"alert_id": "example",
"detection_timestamp": 0,
"name": "example",
"category": "example",
"endpoint_id": "example",
"description": "example",
"host_ip": [
"example"
],
"host_name": "example",
"source": "example",
"action": "example",
"action_pretty": "example",
"malicious_urls": [
"example"
]
},
"examples": {
"Success response": {
"value": {
"reply": {}
}
}
}
}
}
},
"400": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"401": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"402": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"403": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"500": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
}
}
}
},
"/public_api/v1/featured_fields/replace_hosts": {
"post": {
"requestBody": {
"content": {
"application/json": {
"schema": {
"request_data": {
"fields": [
{
"value": "example",
"comment": "example"
}
]
}
},
"examples": {
"example-1": {
"value": {
"request_data": {}
}
}
}
}
}
},
"responses": {
"200": {
"content": {
"application/json": {
"schema": false
}
}
},
"400": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"401": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"402": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"403": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"500": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
}
}
}
},
"/public_api/v1/featured_fields/replace_users": {
"post": {
"requestBody": {
"content": {
"application/json": {
"schema": {
"request_data": {
"fields": [
{
"value": "example",
"comment": "example"
}
]
}
},
"examples": {
"example-1": {
"value": {
"request_data": {}
}
}
}
}
}
},
"responses": {
"200": {
"content": {
"application/json": {
"schema": false
}
}
},
"400": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"401": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"402": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"403": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"500": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
}
}
}
},
"/public_api/v1/featured_fields/replace_ip_addresses": {
"post": {
"requestBody": {
"content": {
"application/json": {
"schema": {
"request_data": {
"fields": [
{
"value": "example",
"comment": "example"
}
]
}
},
"examples": {
"example-1": {
"value": {
"request_data": {}
}
}
}
}
}
},
"responses": {
"200": {
"content": {
"application/json": {
"schema": false
}
}
},
"400": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"401": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"402": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"403": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"500": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
}
}
}
},
"/public_api/v1/featured_fields/replace_ad_groups": {
"post": {
"requestBody": {
"content": {
"application/json": {
"schema": {
"request_data": {
"fields": [
{
"value": "example",
"type": "group",
"comment": "example"
}
]
}
},
"examples": {
"example-1": {
"value": {
"request_data": {}
}
}
}
}
}
},
"responses": {
"200": {
"content": {
"application/json": {
"schema": false
}
}
},
"400": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"401": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"402": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"403": {
"content": {
"application/json": {
"schema": {}
}
}
},
"500": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
}
}
}
},
"/public_api/v1/distributions/get_versions": {
"post": {
"requestBody": {
"content": {
"application/json": {
"schema": {}
}
}
},
"responses": {
"200": {
"content": {
"application/json": {
"schema": {
"reply": {
"windows": [
"example"
],
"linux": [
"example"
],
"macos": [
"example"
]
}
}
}
}
},
"400": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"401": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"402": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"403": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"500": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
}
}
}
},
"/public_api/v1/endpoints/get_endpoints": {
"post": {
"requestBody": {
"content": {
"application/json": {
"schema": {}
}
}
},
"responses": {
"200": {
"content": {
"application/json": {
"schema": {
"reply": [
{
"agent_id": "example",
"agent_status": "example",
"operational_status": "example",
"host_name": "example",
"agent_type": "example",
"ip": [
"example"
],
"last_seen": 0,
"tags": {
"server_tags": [
{}
],
"endpoint_tags": [
{}
]
},
"users": [
"example"
]
}
]
},
"examples": {
"example-1": {
"value": {}
}
}
}
}
},
"400": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"401": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"402": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"403": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"500": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
}
}
}
},
"/public_api/v1/endpoints/get_policy": {
"post": {
"requestBody": {
"content": {
"application/json": {
"schema": {
"request_data": {
"endpoint_id": "example"
}
},
"examples": {
"example-1": {
"value": {
"request_data": {}
}
}
}
}
}
},
"responses": {
"200": {
"content": {
"application/json": {
"schema": {
"reply": {
"policy_name": "example"
}
},
"examples": {
"example-1": {
"value": {
"reply": {}
}
}
}
}
}
},
"400": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"401": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"402": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"403": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"500": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
}
}
}
},
"/public_api/v1/endpoints/delete": {
"post": {
"requestBody": {
"content": {
"application/json": {
"schema": {
"request_data": {
"filters": [
{
"field": "example",
"operator": "in",
"value": [
"example"
]
}
]
}
},
"examples": {
"example-1": {
"value": {
"request_data": {}
}
}
}
}
}
},
"responses": {
"200": {
"content": {
"application/json": {}
}
},
"400": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"401": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"402": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"403": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"500": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
}
}
}
},
"/public_api/v1/distributions/create": {
"post": {
"requestBody": {
"content": {
"application/json": {
"schema": {
"request_data": {
"name": "example",
"platform": "windows",
"package_type": "example",
"agent_version": "example",
"windows_version": "example",
"linux_version": "example",
"macos_version": "example",
"deployment_platform": "example",
"default_namespace": "example",
"node_selector": {
"additionalProperties": {}
},
"proxy": [
"example"
],
"cluster_name": "example",
"run_on_master_node": false,
"run_on_all_nodes": false
}
},
"examples": {
"New Installation example": {
"value": {
"request_data": {}
}
},
"Upgrade example": {
"value": {
"request_data": {}
}
},
"Kubernetes distribution": {
"value": {
"request_data": {
"node_selector": {}
}
}
}
}
}
}
},
"responses": {
"200": {
"content": {
"application/json": {
"schema": {
"reply": {
"distribution_id": "example"
}
}
}
}
},
"400": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"401": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"402": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"403": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"500": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
}
}
}
},
"/public_api/v1/device_control/get_violations": {
"post": {
"requestBody": {
"content": {
"application/json": {
"schema": {
"request_data": {
"filters": [
{
"field": "endpoint_id_list",
"operator": "in",
"value": null
}
],
"search_from": 0,
"search_to": 0,
"sort": {
"field": "endpoint_id_list",
"value": "asc"
}
}
},
"examples": {
"Request all results": {
"value": {
"request_data": {}
}
},
"Request filtered results": {
"value": {
"request_data": {}
}
}
}
}
}
},
"responses": {
"200": {
"content": {
"application/json": {
"schema": {
"reply": {
"total_count": 0,
"result_count": 0,
"violations": [
{
"hostname": "example",
"username": "example",
"ip": "example",
"timestamp": 0,
"violation_id": 0,
"type": "example",
"vendor_id": "example",
"vendor": "example",
"product_id": "example",
"product": "example",
"serial": "example",
"endpoint_id": "example"
}
]
}
}
}
}
},
"400": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"401": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"402": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"403": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"500": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
}
}
}
},
"/public_api/v1/distributions/get_status": {
"post": {
"requestBody": {
"content": {
"application/json": {
"schema": {
"request_data": {
"distribution_id": "example"
}
}
}
}
},
"responses": {
"200": {
"content": {
"application/json": {
"schema": {
"reply": {
"status": "example"
}
}
}
}
},
"400": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"401": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"402": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"403": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"500": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
}
}
}
},
"/public_api/v1/distributions/get_dist_url": {
"post": {
"requestBody": {
"content": {
"application/json": {
"schema": {
"request_data": {
"distribution_id": "example",
"package_type": "example"
}
},
"examples": {
"example-1": {
"value": {
"request_data": {}
}
}
}
}
}
},
"responses": {
"200": {
"content": {
"application/json": {
"schema": {
"reply": {
"distribution_url": "example"
}
},
"examples": {
"example-1": {
"value": {
"reply": {}
}
}
}
}
}
},
"400": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"401": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"402": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"403": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"500": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
}
}
}
},
"/public_api/v1/endpoints/update_agent_name": {
"post": {
"requestBody": {
"content": {
"application/json": {
"schema": {
"request_data": {
"filters": [
{
"field": "endpoint_id_list",
"operator": "in",
"value": null
}
],
"alias": "example"
}
},
"examples": {
"example-1": {
"value": {
"request_data": {}
}
}
}
}
}
},
"responses": {
"200": {
"content": {
"application/json": {
"schema": false
}
}
},
"400": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"401": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"402": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"403": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"500": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
}
}
}
},
"/public_api/v1/tags/agents/assign": {
"post": {
"requestBody": {
"content": {
"application/json": {
"schema": {
"request_data": {
"filters": [
{
"field": "endpoint_id_list",
"operator": "in",
"value": null
}
],
"tag": "example"
}
},
"examples": {
"example-1": {
"value": {
"request_data": {}
}
}
}
}
}
},
"responses": {
"200": {
"content": {
"application/json": {
"schema": false
}
}
},
"400": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"401": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"402": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"403": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"500": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
}
}
}
},
"/public_api/v1/tags/agents/remove": {
"post": {
"requestBody": {
"content": {
"application/json": {
"schema": {
"request_data": {
"filters": [
{
"field": "endpoint_id_list",
"operator": "in",
"value": null
}
],
"tag": "example"
}
},
"examples": {
"example-1": {
"value": {
"request_data": {}
}
}
}
}
}
},
"responses": {
"200": {
"content": {
"application/json": {
"schema": false
}
}
},
"400": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"401": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"402": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"403": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"500": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
}
}
}
},
"/public_api/v1/endpoints/restore": {
"post": {
"requestBody": {
"content": {
"application/json": {
"schema": {
"request_data": {
"file_hash": "example",
"endpoint_id": "example",
"incident_id": 0
}
},
"examples": {
"example-1": {
"value": {
"request_data": {}
}
}
}
}
}
},
"responses": {
"200": {
"content": {
"application/json": {
"schema": {
"reply": {
"action_id": "example",
"endpoints_count": "example"
}
},
"examples": {
"example-1": {
"value": {
"reply": {}
}
}
}
}
}
},
"400": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"401": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"402": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"403": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"500": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
}
}
}
},
"/public_api/v1/actions/file_retrieval_details": {
"post": {
"requestBody": {
"content": {
"application/json": {
"schema": {
"request_data": {
"group_action_id": "example"
}
},
"examples": {
"example-1": {
"value": {
"request_data": {}
}
}
}
}
}
},
"responses": {
"200": {
"content": {
"application/json": {
"schema": {
"reply": {
"data": {
"endpoint_ID": "example"
}
}
},
"examples": {
"Example 1": {
"value": {
"reply": {
"data": {}
}
}
}
}
}
}
},
"400": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"401": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"402": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"403": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"500": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
}
}
}
},
"/public_api/v1/hash_exceptions/allowlist": {
"post": {
"requestBody": {
"content": {
"application/json": {
"schema": {
"request_data": {
"hash_list": [
"example"
],
"comment": "example",
"incident_id": 0
}
},
"examples": {
"example-1": {
"value": {
"request_data": {}
}
}
}
}
}
},
"responses": {
"200": {
"content": {
"application/json": {
"schema": false
}
}
},
"400": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"401": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"402": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"403": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"500": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
}
}
}
},
"/public_api/v1/quarantine/status": {
"post": {
"requestBody": {
"content": {
"application/json": {
"schema": {
"request_data": {
"files": [
{
"endpoint_id": "example",
"file_path": "example",
"file_hash": "example"
}
]
}
},
"examples": {
"example-1": {
"value": {
"request_data": {}
}
}
}
}
}
},
"responses": {
"200": {
"content": {
"application/json": {
"schema": {
"reply": [
{
"endpoint_id": "example",
"file_path": "example",
"file_hash": "example",
"status": false
}
]
},
"examples": {
"example-1": {
"value": {}
}
}
}
}
},
"400": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"401": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"402": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"403": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"500": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
}
}
}
},
"/public_api/v1/endpoints/quarantine": {
"post": {
"requestBody": {
"content": {
"application/json": {
"schema": {
"request_data": {
"filters": [
{
"field": "endpoint_id_list",
"operator": "in",
"value": [
"example"
]
}
],
"file_path": "example",
"file_hash": "example"
}
},
"examples": {
"example-1": {
"value": {
"request_data": {}
}
}
}
}
}
},
"responses": {
"200": {
"content": {
"application/json": {
"schema": {
"reply": {
"action_id": "example",
"status": "example",
"endpoints_count": "example"
}
},
"examples": {
"example-1": {
"value": {
"reply": {}
}
}
}
}
}
},
"400": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"401": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"402": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"403": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"500": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
}
}
}
},
"/public_api/v1/hash_exceptions/blocklist": {
"post": {
"requestBody": {
"content": {
"application/json": {
"schema": {
"request_data": {
"hash_list": [
"example"
],
"comment": "example",
"incident_id": 0
}
},
"examples": {
"example-1": {
"value": {
"request_data": {}
}
}
}
}
}
},
"responses": {
"200": {
"content": {
"application/json": {
"schema": false
}
}
},
"400": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"401": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"402": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"403": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"500": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
}
}
}
},
"/public_api/v1/endpoints/unisolate": {
"post": {
"requestBody": {
"content": {
"application/json": {
"schema": {
"request_data": {
"filters": [
{
"field": "endpoint_id_list",
"operator": "IN",
"value": [
"example"
]
}
],
"endpoint_id": "example",
"incident_id": "example"
}
},
"examples": {
"Unisolate one endpoint": {
"value": {
"request_data": {}
}
},
"Unisolate more than one endpoint": {
"value": {
"request_data": {}
}
}
}
}
}
},
"responses": {
"200": {
"content": {
"application/json": {
"schema": {
"reply": {
"action_id": "example",
"endpoints_count": "example"
}
},
"examples": {
"example-1": {
"value": {
"reply": {}
}
}
}
}
}
},
"400": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"401": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"402": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"403": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"500": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
}
}
}
},
"/public_api/v1/endpoints/abort_scan": {
"post": {
"requestBody": {
"content": {
"application/json": {
"schema": {
"request_data": {
"filters": null,
"incident_id": "example"
}
},
"examples": {
"To cancel scan of all endpoints": {
"value": {
"request_data": {}
}
},
"To cancel scan of filtered endpoints": {
"value": {
"request_data": {}
}
}
}
}
}
},
"responses": {
"200": {
"content": {
"application/json": {
"schema": {
"reply": {
"action_id": "example",
"endpoints_count": "example"
}
}
}
}
},
"400": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"401": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"402": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"403": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"500": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
}
}
}
},
"/public_api/v1/endpoints/scan": {
"post": {
"requestBody": {
"content": {
"application/json": {
"schema": {
"request_data": {
"filters": {
"additionalProperties": {
"field": "endpoint_id_list",
"operator": "in",
"value": null
}
},
"incident_id": "example"
}
},
"examples": {
"Scan all endpoints": {
"value": {
"request_data": {}
}
},
"Scan filtered endpoints": {
"value": {
"request_data": {}
}
}
}
}
}
},
"responses": {
"200": {
"content": {
"application/json": {
"schema": {
"reply": {
"action_id": "example",
"endpoints_count": "example"
}
}
}
}
},
"400": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"401": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"402": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"403": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"500": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
}
}
}
},
"/public_api/v1/actions/get_action_status": {
"post": {
"requestBody": {
"content": {
"application/json": {
"schema": {
"request_data": {
"group_action_id": 0
}
},
"examples": {
"example-1": {
"value": {
"request_data": {}
}
}
}
}
}
},
"responses": {
"200": {
"content": {
"application/json": {
"schema": {
"reply": {
"data": {
"agent_id": "PENDING"
}
}
},
"examples": {
"example-1": {
"value": {
"reply": {
"data": {}
}
}
}
}
}
}
},
"400": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"401": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"402": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"403": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"500": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
}
}
}
},
"/public_api/v1/scripts/run_snippet_code_script": {
"post": {
"requestBody": {
"content": {
"application/json": {
"schema": {
"request_data": {
"filters": [
{
"field": "endpoint_id_list",
"operator": "in",
"value": [
"example"
]
}
],
"timeout": 0,
"snippet_code": "example",
"incident_id": "example"
}
},
"examples": {
"example-1": {
"value": {
"request_data": {}
}
}
}
}
}
},
"responses": {
"200": {
"content": {
"application/json": {
"schema": {
"reply": {
"action_id": "example",
"endpoints_count": 0
}
},
"examples": {
"example-1": {
"value": {
"reply": {}
}
}
}
}
}
},
"400": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"401": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"402": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"403": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"500": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
}
}
}
},
"/public_api/v1/scripts/run_script": {
"post": {
"requestBody": {
"content": {
"application/json": {
"schema": {
"request_data": {
"filters": [
{
"field": "endpoint_id_list",
"operator": "in",
"value": [
"example"
]
}
],
"script_uid": "example",
"parameters_values": {
"x": "example",
"y": 0
},
"timeout": 0,
"incident_id": "example"
}
},
"examples": {
"example-1": {
"value": {
"request_data": {
"parameters_values": {}
}
}
}
}
}
}
},
"responses": {
"200": {
"content": {
"application/json": {
"schema": {
"reply": {
"action_id": 0,
"endpoints_count": 0,
"status": 0
}
},
"examples": {
"example-1": {
"value": {
"reply": {}
}
}
}
}
}
},
"400": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"401": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"402": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"403": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"500": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
}
}
}
},
"/public_api/v1/scripts/get_script_metadata": {
"post": {
"requestBody": {
"content": {
"application/json": {
"schema": {
"request_data": {
"script_uid": "example"
}
},
"examples": {
"example-1": {
"value": {
"request_data": {}
}
}
}
}
}
},
"responses": {
"200": {
"content": {
"application/json": {
"schema": {
"reply": {
"script_id": "example",
"name": "example",
"description": "example",
"modification_date": 0,
"created_by": "example",
"is_high_risk": false,
"windows_supported": false,
"linux_supported": false,
"macos_supported": false,
"script_uid": "example",
"entry_point": "example",
"script_input": [
{
"name": "example",
"type": "example",
"friendly_name": "example"
}
],
"script_output_type": "auto_detect",
"script_output_dictionary_definitions": [
{
"friendly_name": "example",
"name": "example",
"type": "example"
}
]
}
},
"examples": {
"When entry_point is returned as run": {
"value": {
"reply": {}
}
},
"When entry_point field is empty": {
"value": {
"reply": {}
}
}
}
}
}
},
"400": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"401": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"402": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"403": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"500": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
}
}
}
},
"/public_api/v1/scripts/get_scripts": {
"post": {
"requestBody": {
"content": {
"application/json": {
"schema": {
"request_data": {
"filters": [
{
"field": "name",
"operator": "in",
"value": null
}
]
}
},
"examples": {
"Request all results": {
"value": {
"request_data": {}
}
},
"Request filtered results": {
"value": {
"request_data": {}
}
}
}
}
}
},
"responses": {
"200": {
"content": {
"application/json": {
"schema": {
"reply": {
"total_count": 0,
"result_count": 0,
"scripts": [
{
"script_id": "example",
"name": "example",
"description": "example",
"modification_date": 0,
"created_by": "example",
"is_high_risk": false,
"windows_supported": false,
"linux_supported": false,
"macos_supported": false,
"script_uid": "example"
}
]
}
},
"examples": {
"example-1": {
"value": {
"reply": {}
}
}
}
}
}
},
"400": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"401": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"402": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"403": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"500": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
}
}
}
},
"/public_api/v1/scripts/get_script_execution_status": {
"post": {
"requestBody": {
"content": {
"application/json": {
"schema": {
"request_data": {
"action_id": "example"
}
},
"examples": {
"example-1": {
"value": {
"request_data": {}
}
}
}
}
}
},
"responses": {
"200": {
"content": {
"application/json": {
"schema": {
"reply": {
"general_status": "example",
"endpoints_pending": 0,
"endpoints_canceled": 0,
"endpoints_in_progress": 0,
"endpoints_timeout": 0,
"endpoints_failed": 0,
"endpoints_completed_successfully": 0,
"endpoints_pending_abort": 0,
"endpoints_aborted": 0,
"endpoints_expired": 0,
"error_message": "example"
}
},
"examples": {
"example-1": {
"value": {
"reply": {}
}
}
}
}
}
},
"400": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"401": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"402": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"403": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"500": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
}
}
}
},
"/public_api/v1/scripts/get_script_execution_results": {
"post": {
"requestBody": {
"content": {
"application/json": {
"schema": {
"request_data": {
"action_id": "example"
}
},
"examples": {
"example-1": {
"value": {
"request_data": {}
}
}
}
}
}
},
"responses": {
"200": {
"content": {
"application/json": {
"schema": {
"reply": {
"script_name": "example",
"script_description": "example",
"script_parameters": [
{}
],
"date_created": "example",
"scope": "example",
"error_message": "example",
"results": [
{
"endpoint_name": "example",
"endpoint_ip_address": [
"example"
],
"endpoint_status": "example",
"domain": "example",
"endpoint_id": "example",
"execution_status": "example",
"standard_output": {},
"retrieved_files": 0,
"failed_files": 0,
"retention_date": {}
}
]
}
},
"examples": {
"example-1": {
"value": {
"reply": {}
}
}
}
}
}
},
"400": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"401": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"402": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"403": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"500": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
}
}
}
},
"/public_api/v1/scripts/get_script_execution_results_files": {
"post": {
"requestBody": {
"content": {
"application/json": {
"schema": {
"request_data": {
"action_id": "example",
"endpoint_id": "example"
}
}
}
}
},
"responses": {
"200": {
"content": {
"application/json": {
"schema": {
"reply": {
"data": "example"
}
},
"examples": {
"example-1": {
"value": {
"reply": {}
}
}
}
}
}
},
"400": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"401": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"402": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"403": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"500": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
}
}
}
},
"/public_api/v1/scripts/get_script_code": {
"post": {
"requestBody": {
"content": {
"application/json": {
"schema": {
"request_data": {
"script_uid": "example"
}
},
"examples": {
"example-1": {
"value": {
"request_data": {}
}
}
}
}
}
},
"responses": {
"200": {
"content": {
"application/json": {
"schema": {
"reply": "example"
},
"examples": {
"example-1": {
"value": {}
}
}
}
}
},
"400": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"401": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"402": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"403": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"500": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
}
}
}
},
"/public_api/v1/indicators/insert_csv": {
"post": {
"requestBody": {
"content": {
"application/json": {
"schema": {
"request_data": "example",
"validate": false
},
"examples": {
"Request filtered results": {
"value": {}
},
"Request all results": {
"value": {
"request_data": {}
}
}
}
}
}
},
"responses": {
"200": {
"content": {
"application/json": {
"schema": {
"reply": {
"success": false,
"validation_errors": [
{
"indicator": "example",
"error": "example"
}
]
}
},
"examples": {
"example-1": {
"value": {
"reply": {}
}
}
}
}
}
},
"400": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"401": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"402": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"403": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"500": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
}
}
}
},
"/public_api/v1/indicators/insert_jsons": {
"post": {
"responses": {
"200": {
"content": {
"application/json": {
"schema": {
"reply": {
"success": false,
"validation_errors": [
{
"indicator": "example",
"error": "example"
}
]
}
},
"examples": {
"example-1": {
"value": {
"reply": {}
}
}
}
}
}
},
"400": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"401": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"402": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"403": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"500": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
}
},
"requestBody": {
"content": {
"application/json": {
"schema": {
"request_data": [
{
"indicator": "example",
"type": "HASH",
"severity": "INFO",
"expiration_date": 0,
"comment": "example",
"reputation": "GOOD",
"reliability": "A",
"vendors": [
{
"vendor_name": "example",
"reliability": "example",
"reputation": "example"
}
],
"class": "example"
}
],
"validate": false
},
"examples": {
"example-1": {
"value": {}
}
}
}
}
}
}
},
"/public_api/v1/audits/management_logs": {
"post": {
"requestBody": {
"content": {
"application/json": {
"schema": {
"request_data": {
"filters": [
{
"field": "email",
"operator": "in",
"value": null
}
],
"search_from": 0,
"search_to": 0,
"sort": {
"field": "type",
"keyword": "asc"
}
}
},
"examples": {
"Request all management logs from older to newer": {
"value": {
"request_data": {
"sort": {}
}
}
},
"Request all results": {
"value": {
"request_data": {}
}
},
"Request all successful login events after 06-Aug-19, sorted by timestamp oldest to newest": {
"value": {
"request_data": {
"sort": {}
}
}
}
}
}
}
},
"responses": {
"200": {
"content": {
"application/json": {
"schema": {
"reply": {
"total_count": 0,
"result_count": 0,
"data": [
{
"AUDIT_ID": 0,
"AUDIT_OWNER_NAME": "example",
"AUDIT_OWNER_EMAIL": "example",
"AUDIT_ASSET_JSON": "example",
"AUDIT_ASSET_NAMES": "example",
"AUDIT_HOSTNAME": "example",
"AUDIT_RESULT": "example",
"AUDIT_REASON": "example",
"AUDIT_DESCRIPTION": "example",
"AUDIT_ENTITY": "LIVE_TERMINAL",
"AUDIT_ENTITY_SUBTYPE": "example",
"AUDIT_SESSION_ID": 0,
"AUDIT_CASE_ID": 0,
"AUDIT_INSERT_TIME": 0,
"AUDIT_SEVERITY": "example",
"AUDIT_LINK": "example",
"AUDIT_SOURCE_IP": "example",
"AUDIT_USER_AGENT": "example",
"AUDIT_USER_ROLES": [
"example"
],
"AUDIT_ADDITIONAL_INFORMATION": {
"endpoint_names": [
"example"
],
"endpoint_count": 0
}
}
]
}
},
"examples": {
"example-1": {
"value": {
"reply": {}
}
}
}
}
}
},
"400": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"401": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"402": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"403": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"500": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
}
}
}
},
"/public_api/v1/healthcheck": {
"get": {
"responses": {
"200": {
"content": {
"application/json": {
"schema": {
"status": "example"
}
}
}
},
"400": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"401": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"402": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"403": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"500": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
}
}
}
},
"/public_api/v1/system/get_tenant_info": {
"post": {
"responses": {
"200": {
"content": {
"application/json": {
"schema": {
"reply": {
"pro_per_endpoint_expiration": 0,
"purchased_pro_per_endpoint": {
"agents": 0
},
"data_enabled_pro_per_endpoint": 0,
"prevent_expiration": 0,
"purchased_prevent": 0,
"installed_prevent": 0,
"pro_tb_expiration": 0,
"purchased_pro_gb": {
"gb": 0
},
"installed_pro_gb": 0,
"compute_unit_expiration": 0,
"purchased_compute_unit": 0,
"host_insights_expiration": 0,
"enabled_host_insights": 0,
"purchased_host_insights": 0,
"forensics_expiration": 0,
"enabled_forensics": 0,
"pro_cloud_expiration": 0,
"purchased_pro_cloud": {
"agents": 0
},
"installed_pro_cloud": 0,
"data_enabled_pro_cloud": 0,
"identity_threat_expiration": 0,
"xth_expiration": 0,
"purchased_xth": 0,
"xdr_ep_hot_expiration": "example",
"purchased_xdr_ep_hot": 0,
"xdr_ep_cold_expiration": "example",
"purchased_xdr_ep_cold": 0,
"xdr_gb_hot_expiration": "example",
"purchased_xdr_gb_hot": 0,
"xdr_gb_cold_expiration": "example",
"purchased_xdr_gb_cold": 0
}
},
"examples": {
"example-1": {
"value": {
"reply": {
"purchased_pro_per_endpoint": {},
"purchased_pro_tb": {}
}
}
}
}
}
}
}
},
"requestBody": {
"content": {
"application/json": {
"schema": {
"request_data": {}
}
}
}
}
}
},
"/public_api/v1/incidents/get_incident_extra_data": {
"post": {
"responses": {
"200": {
"content": {
"application/json": {
"schema": {
"reply": {
"incident": {
"incident_id": "example",
"incident_name": "example",
"creation_time": 0,
"modification_time": 0,
"detection_time": {},
"status": "example",
"severity": "example",
"description": "example",
"assigned_user_mail": "example",
"assigned_user_pretty_name": "example",
"alert_count": 0,
"low_severity_alert_count": 0,
"med_severity_alert_count": 0,
"high_severity_alert_count": 0,
"critical_severity_alert_count": 0,
"user_count": 0,
"host_count": 0,
"notes": "example",
"resolve_comment": "example",
"manual_description": "example",
"xdr_url": "example",
"starred": false,
"hosts": [
"example"
],
"users": [
{}
],
"incident_sources": [
"example"
],
"rule_based_score": 0,
"manual_score": {},
"wildfire_hits": 0,
"alerts_grouping_status": "example",
"mitre_techniques_ids_and_names": [
"example"
],
"mitre_tactics_ids_and_names": [
"example"
],
"alert_categories": [
"example"
],
"original_tags": [
"example"
],
"tags": [
"example"
],
"incident_domain": "example",
"custom_fields": {}
},
"alerts": {
"total_count": 0,
"data": [
{
"external_id": "example",
"severity": "example",
"matching_status": "example",
"end_match_attempt_ts": {},
"local_insert_ts": 0,
"bioc_indicator": {},
"matching_service_rule_id": {},
"attempt_counter": {},
"bioc_category_enum_key": {},
"case_id": 0,
"is_whitelisted": false,
"starred": false,
"deduplicate_tokens": "example",
"filter_rule_id": {},
"mitre_technique_id_and_name": {},
"mitre_tactic_id_and_name": {},
"agent_version": {},
"agent_device_domain": {},
"agent_fqdn": {},
"agent_os_type": "example",
"agent_os_sub_type": {},
"agent_data_collection_status": {},
"mac": {},
"agent_is_vdi": {},
"agent_install_type": "example",
"agent_host_boot_time": {},
"event_sub_type": {},
"module_id": {},
"association_strength": {},
"dst_association_strength": {},
"story_id": {},
"event_id": {},
"event_type": "example",
"events_length": 0,
"event_timestamp": {},
"actor_process_instance_id": {},
"actor_process_image_path": {},
"actor_process_image_name": {},
"actor_process_command_line": {},
"actor_process_signature_status": "example",
"actor_process_signature_vendor": {},
"actor_process_image_sha256": {},
"actor_process_image_md5": {},
"actor_process_causality_id": {},
"actor_causality_id": {},
"actor_process_os_pid": {},
"actor_thread_thread_id": {},
"causality_actor_process_image_name": {},
"causality_actor_process_command_line": {},
"causality_actor_process_image_path": {},
"causality_actor_process_signature_vendor": {},
"causality_actor_process_signature_status": "example",
"causality_actor_causality_id": {},
"causality_actor_process_execution_time": {},
"causality_actor_process_image_md5": {},
"causality_actor_process_image_sha256": {},
"action_file_path": {},
"action_file_name": {},
"action_file_md5": {},
"action_file_sha256": {},
"action_file_macro_sha256": {},
"action_registry_data": {},
"action_registry_key_name": {},
"action_registry_value_name": {},
"action_registry_full_key": {},
"action_local_ip": "example",
"action_local_port": "example",
"action_remote_ip": "example",
"action_remote_port": "example",
"action_external_hostname": "example",
"action_country": "example",
"action_process_instance_id": {},
"action_process_causality_id": {},
"action_process_image_name": {},
"action_process_image_sha256": {},
"action_process_image_command_line": {},
"action_process_signature_status": "example",
"action_process_signature_vendor": {},
"os_actor_effective_username": {},
"os_actor_process_instance_id": {},
"os_actor_process_image_path": {},
"os_actor_process_image_name": {},
"os_actor_process_command_line": {},
"os_actor_process_signature_status": "example",
"os_actor_process_signature_vendor": {},
"os_actor_process_image_sha256": {},
"os_actor_process_causality_id": {},
"os_actor_causality_id": {},
"os_actor_process_os_pid": {},
"os_actor_thread_thread_id": {},
"fw_app_id": {},
"fw_interface_from": {},
"fw_interface_to": {},
"fw_rule": {},
"fw_rule_id": {},
"fw_device_name": {},
"fw_serial_number": "example",
"fw_url_domain": {},
"fw_email_subject": "example",
"fw_email_sender": {},
"fw_email_recipient": {},
"fw_app_subcategory": {},
"fw_app_category": {},
"fw_app_technology": {},
"fw_vsys": {},
"fw_xff": {},
"fw_misc": {},
"fw_is_phishing": "example",
"dst_agent_id": {},
"dst_causality_actor_process_execution_time": {},
"dns_query_name": {},
"dst_action_external_hostname": {},
"dst_action_country": {},
"dst_action_external_port": {},
"alert_id": "example",
"detection_timestamp": 0,
"name": "example",
"category": "example",
"endpoint_id": {},
"description": "example",
"host_ip": "example",
"host_name": "example",
"source": "example",
"action": "example",
"action_pretty": "example",
"user_name": {},
"contains_featured_host": "example",
"contains_featured_user": "example",
"contains_featured_ip_address": "example",
"tags": [
"example"
],
"original_tags": "example"
}
]
},
"network_artifacts": {
"total_count": 0,
"data": [
{
"type": "example",
"alert_count": 0,
"is_manual": false,
"network_domain": "example",
"network_remote_ip": "example",
"network_remote_port": "example",
"network_country": "example"
}
]
},
"file_artifacts": {
"total_count": 0,
"data": [
{
"alert_count": 0,
"file_name": "example",
"File_sha256": "example",
"file_signature_status": "example",
"file_wildfire_verdict": "example",
"is_malicous": false,
"is_manual": false,
"is_process": false,
"low_confidence": false,
"type": "example"
}
]
}
}
},
"examples": {
"Example 1": {
"value": {
"reply": {
"incident": {},
"alerts": {},
"network_artifacts": {},
"file_artifacts": {}
}
}
}
}
}
}
},
"400": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"401": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"402": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"403": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"404": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"500": {}
},
"requestBody": {
"content": {
"application/json": {
"schema": {
"request_data": {
"incident_id": "example",
"alerts_limit": 0
}
},
"examples": {
"Example 1": {
"value": {
"request_data": {}
}
}
}
}
}
}
}
},
"/public_api/v1/rbac/get_users": {
"post": {
"responses": {
"200": {
"content": {
"application/json": {
"schema": {
"reply": [
{
"user_email": "example",
"user_first_name": "example",
"user_last_name": "example",
"role_name": "example",
"last_logged_in": 0,
"user_type": "example",
"groups": [
{}
],
"scope": [
{}
]
}
]
},
"examples": {
"Example 1": {
"value": {}
}
}
}
}
},
"400": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"401": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"402": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"403": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"500": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
}
},
"requestBody": {
"content": {
"application/json": {
"schema": {},
"examples": {
"Example 1": {
"value": {
"request_data": {}
}
}
}
}
}
}
}
},
"/public_api/v1/rbac/get_roles": {
"post": {
"responses": {
"200": {
"content": {
"application/json": {
"schema": {
"reply": [
{
"pretty_name": "example",
"permissions": [
"example"
],
"insert_time": 0,
"update_time": 0,
"created_by": "example",
"description": "example",
"groups": [
"example"
],
"users": [
"example"
]
}
]
},
"examples": {
"Example 1": {
"value": {}
}
}
}
}
},
"400": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"401": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"402": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"403": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"500": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
}
},
"requestBody": {
"content": {
"application/json": {
"schema": {
"request_data": {
"role_names": [
"example"
]
}
},
"examples": {
"Example 1": {
"value": {
"request_data": {}
}
}
}
}
}
}
}
},
"/public_api/v1/rbac/get_user_group": {
"post": {
"responses": {
"200": {
"content": {
"application/json": {
"schema": {
"reply": [
{
"group_name": "example",
"description": {},
"pretty_name": "example",
"insert_time": 0,
"update_time": 0,
"user_email": [
"example"
],
"source": "example"
}
]
},
"examples": {
"Example 1": {
"value": {}
}
}
}
}
},
"400": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"401": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"402": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"403": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"500": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
}
},
"requestBody": {
"content": {
"application/json": {
"schema": {
"request_data": {
"group_names": [
"example"
]
}
},
"examples": {
"Example 1": {
"value": {
"request_data": {}
}
}
}
}
}
}
}
},
"/public_api/v1/rbac/set_user_role": {
"post": {
"responses": {
"200": {
"content": {
"application/json": {
"schema": {
"reply": {
"update_count": "example"
}
},
"examples": {
"Example 1": {
"value": {
"reply": {}
}
}
}
}
}
},
"400": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"401": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"402": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"403": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"500": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
}
},
"requestBody": {
"content": {
"application/json": {
"schema": {
"request_data": {
"user_emails": [
"example"
],
"role_name": "example"
}
},
"examples": {
"Example 1": {
"value": {
"request_data": {}
}
}
}
}
}
}
}
},
"/public_api/v1/endpoints/get_endpoint": {
"post": {
"responses": {
"200": {
"content": {
"application/json": {
"schema": {
"reply": {
"total_count": 0,
"result_count": 0,
"endpoints": [
{
"endpoint_id": "example",
"endpoint_name": "example",
"endpointTags": "example",
"endpoint_type": "example",
"endpoint_status": "example",
"os_type": "example",
"os_version": "example",
"ip": [
"example"
],
"ipv6": [
{}
],
"public_ip": "example",
"users": [
"example"
],
"domain": "example",
"alias": "example",
"first_seen": 0,
"last_seen": 0,
"content_version": "example",
"installation_package": "example",
"active_directory": {},
"install_date": 0,
"endpoint_version": "example",
"is_isolated": "example",
"isolated_date": {},
"group_name": [
{}
],
"operational_status": "example",
"operational_status_description": "example",
"scan_status": "example",
"content_release_timestamp": 0,
"last_content_update_time": 0,
"content_status": "example",
"operating_system": "example",
"mac_address": [
"example"
],
"assigned_prevention_policy": "example",
"assigned_extensions_policy": "example"
}
]
}
},
"examples": {
"Example 1": {
"value": {
"reply": {}
}
},
"Example 2": {
"value": {
"reply": {}
}
}
}
}
}
},
"400": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"401": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"402": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"403": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"500": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
}
},
"requestBody": {
"content": {
"application/json": {
"schema": {
"request_data": {
"filters": [
{
"field": "endpoint_id_list",
"operator": "in",
"value": null
}
],
"search_from": 0,
"search_to": 0,
"sort": {
"field": "endpoint_id",
"keyword": "ASC"
}
}
},
"examples": {
"Request filtered results": {
"value": {
"request_data": {
"sort": {}
}
}
},
"Request all results": {
"value": {
"request_data": {}
}
}
}
}
}
}
}
},
"/public_api/v1/get_risk_score": {
"post": {
"responses": {
"200": {
"content": {
"application/json": {
"schema": {
"reply": {
"type": "example",
"id": "example",
"score": 0,
"norm_risk_score": 0,
"risk_level": "LOW",
"reasons": [
{
"date created": "example",
"description": "example",
"severity": "example",
"status": "example",
"points": 0
}
],
"email": "example"
}
},
"examples": {
"Example 1": {
"value": {
"reply": null
}
}
}
}
}
},
"400": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"401": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"402": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"403": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"500": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
}
},
"requestBody": {
"content": {
"application/json": {
"schema": {
"request_data": {
"id": "example"
}
},
"examples": {
"Example 1": {
"value": {
"request_data": {}
}
}
}
}
}
}
}
},
"/public_api/v1/get_risky_users": {
"post": {
"responses": {
"200": {
"content": {
"application/json": {
"schema": {
"reply": [
{
"type": "example",
"id": "example",
"score": 0,
"norm_risk_score": 20,
"risk_level": "MED",
"reasons": [
{
"date created": "example",
"description": "example",
"severity": "example",
"status": "example",
"points": 0
}
],
"email": "example"
}
]
},
"examples": {
"Example 1": {
"value": {}
}
}
}
}
},
"400": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"401": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"402": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"403": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"500": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
}
},
"requestBody": {
"content": {
"application/json": {
"schema": {}
}
}
}
}
},
"/public_api/v1/get_risky_hosts": {
"post": {
"responses": {
"200": {
"content": {
"application/json": {
"schema": {
"reply": [
{
"type": "example",
"id": "example",
"score": 0,
"norm_risk_score": 20,
"risk_level": "LOW",
"reasons": [
{
"date created": "example",
"description": "example",
"severity": "example",
"status": "example",
"points": 0
}
]
}
]
},
"examples": {
"Example 1": {
"value": {}
}
}
}
}
},
"400": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"401": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"402": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"403": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"500": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
}
},
"requestBody": {
"content": {
"application/json": {
"schema": {}
}
}
}
}
},
"/public_api/v1/endpoints/file_retrieval": {
"post": {
"responses": {
"200": {
"content": {
"application/json": {
"schema": {
"reply": {
"action_id": "example",
"status": "example",
"endpoints_count": "example"
}
}
}
}
},
"400": {},
"401": {},
"402": {},
"403": {},
"500": {}
},
"requestBody": {
"content": {
"application/json": {
"schema": {
"request_data": {
"filters": [
{
"field": "endpoint_id_list",
"operator": "in",
"value": [
"example"
]
}
],
"files": {
"windows": [
"example"
],
"linux": [
"example"
],
"macos": [
"example"
]
},
"incident_id": "example"
}
}
}
}
}
}
},
"/public_api/v1/endpoints/isolate": {
"post": {
"responses": {
"200": {
"content": {
"application/json": {
"schema": {
"reply": {
"action_id": "example",
"endpoints_count": "example"
}
},
"examples": {
"Example 1": {
"value": {
"reply": {}
}
}
}
}
}
},
"400": {},
"401": {},
"402": {},
"403": {},
"500": {}
},
"requestBody": {
"content": {
"application/json": {
"schema": {
"request_data": {
"filters": [
{
"field": "endpoint_id_list",
"operator": "in",
"value": [
"example"
]
}
],
"endpoint_id": "example",
"incident_id": "example"
}
},
"examples": {
"Isolate one endpoint": {
"value": {
"request_data": {}
}
},
"Isolate more than one endpoint": {
"value": {
"request_data": {}
}
}
}
}
}
}
}
},
"/public_api/v1/audits/agents_reports": {
"post": {
"responses": {
"200": {
"content": {
"application/json": {
"schema": {
"reply": {
"total_count": 0,
"result_count": 0,
"data": [
{
"TIMESTAMP": 0.1,
"RECEIVEDTIME": 0.1,
"ENDPOINTID": "example",
"ENDPOINTNAME": "example",
"DOMAIN": "example",
"TRAPSVERSION": "example",
"CATEGORY": "example",
"TYPE": "example",
"SUBTYPE": "example",
"RESULT": "example",
"REASON": "example",
"DESCRIPTION": "example"
}
]
}
}
}
}
},
"400": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"401": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"402": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"403": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"500": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
}
},
"requestBody": {
"content": {
"application/json": {
"schema": {
"request_data": {
"filters": [
{
"field": "endpoint_id",
"operator": "in",
"value": null
}
],
"search_from": 0,
"search_to": 0,
"sort": {
"field": "type",
"keyword": "asc"
}
}
},
"examples": {
"Request all results": {
"value": {
"request_data": {}
}
},
"Request filtered values": {
"value": {
"request_data": {
"sort": {}
}
}
}
}
}
}
}
}
},
"/public_api/v1/triage_endpoint": {
"post": {
"responses": {
"200": {
"content": {
"application/json": {
"schema": {
"reply": {
"group_action_id": 0,
"successful_agent_ids": [
"example"
],
"unsuccessful_agent_ids": [
{}
]
}
},
"examples": {
"Example 1": {
"value": {
"reply": {}
}
}
}
}
}
},
"400": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"401": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"402": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"403": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"500": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
}
},
"requestBody": {
"content": {
"application/json": {
"schema": {
"request_data": {
"agent_ids": [
"example"
],
"collector_uuid": "example"
}
},
"examples": {
"Example 1": {
"value": {
"request_data": {}
}
}
}
}
}
}
}
},
"/public_api/v1/xql/add_dataset": {
"post": {
"responses": {
"200": {
"content": {
"application/json": {
"schema": {
"dataset_name": "example"
}
}
}
},
"400": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"401": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"402": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"403": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"500": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
}
},
"requestBody": {
"content": {
"application/json": {
"schema": {
"request": {
"dataset_name": "example",
"dataset_type": "lookup",
"dataset_schema": {
"additionalProperties": "datetime"
}
}
},
"examples": {
"Example 1": {
"value": {
"request": {
"dataset_schema": {}
}
}
}
}
}
}
}
}
},
"/public_api/v2/xql/delete_dataset": {
"post": {
"responses": {
"200": {},
"400": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"401": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"402": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"403": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"500": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
}
},
"requestBody": {
"content": {
"application/json": {
"schema": {
"request": {
"dataset_name": "example",
"force": false
}
},
"examples": {
"Example 1": {
"value": {
"request": {}
}
}
}
}
}
}
}
},
"/public_api/v1/xql/get_datasets": {
"post": {
"responses": {
"200": {
"content": {
"application/json": {
"schema": {
"reply": [
{
"dataset_name": "example",
"type": "example",
"log_update_type": "example",
"last_updated": 0,
"total_days_stored": 0,
"hot_range": {
"from": 0,
"to": 0
},
"cold_range": {
"from": 0,
"to": 0
},
"total_size_stored": 0,
"average_daily_size": 0,
"total_events": 0,
"average_event_size": 0,
"ttl": 0,
"default_query_target": false
}
]
},
"examples": {
"Example 1": {
"value": {}
}
}
}
}
},
"400": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"401": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"402": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"403": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"500": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
}
},
"requestBody": {
"content": {
"application/json": {
"schema": {
"request": {}
}
}
}
}
}
},
"/public_api/v1/xql/lookups/add_data": {
"post": {
"responses": {
"200": {
"content": {
"application/json": {
"schema": {
"added": 0,
"updated": 0,
"skipped": 0
}
}
}
},
"400": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"401": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"402": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"403": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"500": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
}
},
"requestBody": {
"content": {
"application/json": {
"schema": {
"request": {
"dataset_name": "example",
"key_fields": [
"example"
],
"data": {
"additionalProperties": {}
}
}
},
"examples": {
"Example 1": {
"value": {
"request": {}
}
}
}
}
}
}
}
},
"/public_api/v1/xql/lookups/remove_data": {
"post": {
"responses": {
"200": {
"content": {
"application/json": {
"schema": {
"deleted": 0
}
}
}
},
"400": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"401": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"402": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"403": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"500": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
}
},
"requestBody": {
"content": {
"application/json": {
"schema": {
"request": {
"dataset_name": "example",
"filters": {
"additionalProperties": "example"
}
}
},
"examples": {
"Example 1": {
"value": {
"request": {}
}
}
}
}
}
}
}
},
"/public_api/v1/xql/lookups/get_data": {
"post": {
"responses": {
"200": {
"content": {
"application/json": {
"schema": {
"data": {
"additionalProperties": "example"
},
"filter_count": 0,
"total_count": 0
},
"examples": {
"Example 1": {
"value": {
"reply": {}
}
}
}
}
}
},
"400": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"401": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"402": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"403": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"500": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
}
},
"requestBody": {
"content": {
"application/json": {
"schema": {
"request": {
"dataset_name": "example",
"filters": [
{
"additionalProperties": "example"
}
],
"limit": 0
}
},
"examples": {
"Example 1": {
"value": {
"request": {}
}
}
}
}
}
}
}
},
"/public_api/v1/get_triage_presets": {
"post": {
"responses": {
"200": {
"content": {
"application/json": {
"schema": {
"reply": {
"triage_presets": [
{
"uuid": "example",
"name": "example",
"os": "example",
"description": "example",
"created_by": "example",
"type": "example"
}
]
}
},
"examples": {
"Example 1": {
"value": {
"reply": {}
}
}
}
}
}
},
"400": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"401": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"402": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"403": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"500": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
}
},
"requestBody": {
"content": {
"application/json": {
"schema": {
"request_data": {}
}
}
}
}
}
},
"/public_api/v1/automations/get_automation_rules": {
"post": {
"responses": {
"200": {
"content": {
"application/json": {
"schema": {
"reply": {
"data": [
{
"rule_id": "example",
"rule_priority": 0,
"rule_name": "example",
"rule_action": "example",
"action_params": {
"alert_status": "example",
"resolution_comment": "example",
"user": "example",
"assignment_status": "example"
},
"alerts_filter": {
"filter_data": {
"filter": {
"and": [
{
"or": [
{
"search_field": "example",
"search_type": "example",
"search_value": null
}
],
"search_field": "example",
"search_type": "example",
"search_value": null
}
]
}
}
},
"endpoints_filter": {},
"is_stop_processing": 0,
"rule_version": 0,
"version_triggers_count": 0,
"rule_status": "example",
"created_by": "example",
"modify_ts": 0
}
]
}
}
}
}
},
"400": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"401": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"402": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"403": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"500": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
}
},
"requestBody": {
"content": {
"application/json": {
"schema": {
"request": {}
}
}
}
}
}
},
"/public_api/v1/endpoints/terminate_process": {
"post": {
"responses": {
"200": {
"content": {
"application/json": {
"schema": {
"reply": {
"group_action_id": 0
}
}
}
}
},
"400": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"401": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"402": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"403": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"500": {
"content": {
"application/json": {
"schema": {}
}
}
}
},
"requestBody": {
"content": {
"application/json": {
"schema": {
"request_data": {
"agent_id": "example",
"instance_id": "example",
"process_name": "example",
"incident_id": "example"
}
},
"examples": {
"Example 1": {
"value": {
"request_data": {}
}
}
}
}
}
}
}
},
"/public_api/v1/endpoints/terminate_causality": {
"post": {
"responses": {
"200": {
"content": {
"application/json": {
"schema": {
"reply": {
"group_action_id": "example"
}
}
}
}
},
"400": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"401": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"402": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"403": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"500": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
}
},
"requestBody": {
"content": {
"application/json": {
"schema": {
"request_data": {
"agent_id": "example",
"causality_id": "example",
"process_name": "example",
"incident_id": "example"
}
},
"examples": {
"Example 1": {
"value": {
"request_data": {}
}
}
}
}
}
}
}
},
"/public_api/v1/integrations/syslog/create": {
"post": {
"responses": {
"200": {
"content": {
"application/json": {
"schema": {
"syslog_integration_id": 0,
"name": "example"
},
"examples": {
"Example 1": {
"value": {}
}
}
}
}
},
"400": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"401": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"402": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"403": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"500": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
}
},
"requestBody": {
"content": {
"application/json": {
"schema": {
"request_data": {
"name": "example",
"address": "example",
"port": 0,
"protocol": "TCP",
"facility": "example",
"security_info": {
"certificate_name": "example",
"ignore_cert_errors": false,
"certificate_content": "[binary file]"
}
}
},
"examples": {
"Example 1": {
"value": {
"request_data": {}
}
},
"Example 2": {
"value": {
"request_data": {
"security_info": {}
}
}
}
}
}
}
}
}
},
"/public_api/v1/integrations/syslog/get": {
"post": {
"responses": {
"200": {
"content": {
"application/json": {
"schema": {
"objects_count": 0,
"objects": [
{
"SYSLOG_INTEGRATION_ID": 0,
"SYSLOG_INTEGRATION_NAME": "example",
"SYSLOG_INTEGRATION_ADDRESS": "example",
"SYSLOG_INTEGRATION_PORT": 0,
"SYSLOG_INTEGRATION_PROTOCOL": "example",
"FACILITY": "example",
"SYSLOG_INTEGRATION_STATUS": "example",
"SYSLOG_INTEGRATION_ERROR": {},
"SYSLOG_INTEGRATION_CERTIFICATE_NAME": {},
"SYSLOG_INTEGRATION_IGNORE_CERTIFICATE_ERROR": "example"
}
]
}
}
}
},
"400": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"401": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"402": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"403": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"500": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
}
},
"requestBody": {
"content": {
"application/json": {
"schema": {
"request_data": {
"filters": [
{
"field": "name",
"operator": "eq",
"value": "example"
}
]
}
},
"examples": {
"Example 1": {
"value": {
"request_data": {}
}
},
"Example 2": {
"value": {
"request_data": {}
}
}
}
}
}
}
}
},
"/public_api/v1/integrations/syslog/update": {
"post": {
"responses": {
"200": {
"content": {
"application/json": {
"schema": {
"reply": false
}
}
}
},
"400": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"401": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"402": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"403": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"500": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
}
},
"requestBody": {
"content": {
"application/json": {
"schema": {
"request_data": {
"syslog_id": "example",
"name": "example",
"address": "example",
"port": "example",
"protocol": "TCP",
"facility": "example",
"security_info": {
"certificate_name": "example",
"ignore_cert_errors": false,
"certificate_content": "[binary file]"
}
}
},
"examples": {
"Example 1": {
"value": {
"request_data": {
"security_info": {}
}
}
}
}
}
}
}
}
},
"/public_api/v1/integrations/syslog/delete": {
"post": {
"responses": {
"200": {},
"400": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"401": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"402": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"403": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"500": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
}
},
"requestBody": {
"content": {
"application/json": {
"schema": {
"request_data": {
"filters": [
{
"field": "name",
"operator": "eq",
"value": "example"
}
]
}
},
"examples": {
"Example 1": {
"value": {
"request_data": {}
}
}
}
}
}
}
}
},
"/public_api/v1/integrations/syslog/test": {
"post": {
"responses": {
"200": {},
"400": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"401": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"402": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"403": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"500": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
}
},
"requestBody": {
"content": {
"application/json": {
"schema": {
"request_data": {
"syslog_id": "example",
"name": "example",
"address": "example",
"port": "example",
"protocol": "TCP",
"facility": "example",
"security_info": {
"certificate_name": "example",
"ignore_cert_errors": false,
"certificate_content": "[binary file]"
}
}
},
"examples": {
"Example 1": {
"value": {
"request_data": {}
}
}
}
}
}
}
}
},
"/public_api/v1/distributions/delete": {
"post": {
"responses": {
"200": {
"content": {
"application/json": {
"schema": {
"reply": false
},
"examples": {
"Example 1": {
"value": {}
}
}
}
}
}
},
"requestBody": {
"content": {
"application/json": {
"schema": {
"request_data": {
"distribution_id": "example"
}
},
"examples": {
"Example 1": {
"value": {
"request_data": {}
}
}
}
}
}
}
}
},
"/public_api/v1/authentication-settings/create": {
"post": {
"responses": {
"200": {
"content": {
"application/json": {
"schema": {
"reply": false
},
"examples": {
"Example 1": {
"value": {}
}
}
}
}
},
"400": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"401": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"402": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"403": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"500": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
}
},
"requestBody": {
"content": {
"application/json": {
"schema": {
"request_data": {
"name": "example",
"default_role": "example",
"is_account_role": false,
"domain": "example",
"mappings": {
"email": "example",
"firstname": "example",
"lastname": "example",
"group_name": "example"
},
"advanced_settings": {
"relay_state": "example",
"idp_single_logout_url": "example",
"service_provider_public_cert": "example",
"service_provider_private_key": "example",
"authn_context_enabled": false,
"force_authn": false
},
"idp_sso_url": "example",
"idp_certificate": "example",
"idp_issuer": "example",
"metadata_url": "example"
}
},
"examples": {
"Example 1": {
"value": {
"request_data": {
"mappings": {},
"advanced_settings": {}
}
}
}
}
}
}
}
}
},
"/public_api/v1/authentication-settings/update": {
"post": {
"requestBody": {
"content": {
"application/json": {
"schema": {
"request_data": {
"name": "example",
"default_role": "example",
"is_account_role": false,
"current_domain_value": "example",
"new_domain_value": "example",
"mappings": {
"email": "example",
"firstname": "example",
"lastname": "example",
"group_name": "example"
},
"advanced_settings": {
"relay_state": "example",
"idp_single_logout_url": "example",
"service_provider_public_cert": "example",
"service_provider_private_key": "example",
"authn_context_enabled": false,
"force_authn": false
},
"idp_sso_url": "example",
"idp_certificate": "example",
"idp_issuer": "example",
"metadata_url": "example"
}
},
"examples": {
"Example 1": {
"value": {
"request_data": {
"mappings": {},
"advanced_settings": {}
}
}
}
}
}
}
},
"responses": {
"200": {
"content": {
"application/json": {
"schema": {
"reply": false
}
}
}
},
"400": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"401": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"402": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"403": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"500": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
}
}
}
},
"/public_api/v1/authentication-settings/delete": {
"post": {
"responses": {
"200": {
"content": {
"application/json": {
"schema": {
"reply": false
},
"examples": {
"Example 1": {
"value": {}
}
}
}
}
},
"400": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"401": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"402": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"403": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"500": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
}
},
"requestBody": {
"content": {
"application/json": {
"schema": {
"request_data": {
"domain": "example"
}
},
"examples": {
"Example 1": {
"value": {
"request_data": {}
}
}
}
}
}
}
}
},
"/public_api/v1/authentication-settings/get/settings": {
"post": {
"responses": {
"200": {
"content": {
"application/json": {
"schema": {
"reply": [
{
"tenant_id": "example",
"name": "example",
"domain": "example",
"idp_enabled": false,
"default_role": null,
"is_account_role": null,
"idp_certificate": "example",
"idp_issuer": "example",
"idp_sso_url": "example",
"metadata_url": "example",
"mappings": {
"email": "example",
"firstname": "example",
"group_name": "example",
"lastname": "example"
},
"advanced_settings": {
"authn_context_enabled": false,
"force_authn": null,
"idp_single_logout_url": "example",
"relay_state": "example",
"service_provider_private_key": "example",
"service_provider_public_cert": "example"
},
"sp_entity_id": "example",
"sp_logout_url": "example",
"sp_url": "example"
}
]
},
"examples": {
"Example 1": {
"value": {}
}
}
}
}
},
"400": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"401": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"402": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"403": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"500": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
}
},
"requestBody": {
"content": {
"application/json": {
"schema": {
"request_data": {}
}
}
}
}
}
},
"/public_api/v1/authentication-settings/get/metadata": {
"post": {
"responses": {
"200": {
"content": {
"application/json": {
"schema": {
"reply": {
"sp_entity_id": "example",
"sp_logout_url": "example",
"sp_url": "example",
"tenant_id": "example"
}
},
"examples": {
"Example 1": {
"value": {
"reply": {}
}
}
}
}
}
},
"400": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"401": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"402": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"403": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"500": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
}
},
"requestBody": {
"content": {
"application/json": {
"schema": {
"request_data": {}
}
}
}
}
}
}
}
}
}
}
},
"402": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"403": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"500": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
}
}
}
},
"/public_api/v1/alerts/update_alerts": {
"post": {
"requestBody": {
"content": {
"application/json": {
"schema": {
"request_data": {
"alert_id_list": [
"104173821",
"574203823",
"395720183"
],
"update_data": {
"severity": "medium",
"status": "resolved_other",
"comment": "This incident is resolved"
}
}
},
"examples": {
"example-1": {
"value": {
"request_data": {
"update_data": {}
}
}
}
}
}
}
},
"responses": {
"200": {
"content": {
"application/json": {
"schema": [
"example"
],
"examples": {
"example-1": {
"value": {
"reply": {}
}
}
}
}
}
},
"400": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"401": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"402": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"403": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"500": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
}
}
}
},
"/public_api/v1/alerts/insert_cef_alerts": {
"post": {
"requestBody": {
"content": {
"application/json": {
"schema": {
"request_data": {
"alerts": [
"CEF:0|Check Point|VPN-1 & FireWall-1|Check Point|Log|microsoft-ds|Unknown|act=AcceptdeviceDirection=0 rt=1569---000 spt=5---57 dpt=4---5cs2Label=Rule Name cs2=ADPrimerylayer_name=FW_Device_blackenedSecuritylayer_uuid=07-----fc7-1a5c-71b8c match_id=1---6parent_rule=0rule_action=Accept rule_uid=8----be5cifname=bond2logid=0loguid={0x5d8c5388,0x61,0x29321fac,0xc0000022}origin=1.1.1.1originsicname=CN=DWdeviceBlackend,O=Blackend sequencenum=363version=5dst=1.1.1.1 inzone=External outzone=Internal product=VPN-1 & FireWall-1proto=6service_id=microsoft-ds src=1.1.1.1",
"CEF:0|Check Point|VPN-1 & FireWall-1|Check Point|Log|Log|Unknown|act=AcceptdeviceDirection=0 rt=1569477501000 spt=63088 dpt=5985cs2Label=RuleNamelayer_name=FW_Device_blackenedSecuritylayer_uuid=07693f---e96c71b8c match_id=8----9parent_rule=0rule_action=Acceptrule_uid=ae9---70f-ab1c-1ad552c82369conn_direction=Internal ifname=bond1.12logid=0loguid={0x5d8c537d,0xbb,0x29321fac,0xc0000014}origin=1.1.1.1originsicname=CN=DWdeviceBlackend,O=Blackend sequencenum=899version=5dst=1.1.1.1 product=VPN-1 & FireWall-1 proto=6 src=1.1.1.1"
]
}
},
"examples": {
"example-1": {
"value": {
"request_data": {}
}
}
}
}
}
},
"responses": {
"200": {
"content": {
"application/json": {
"schema": false
}
}
},
"400": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"401": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"402": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"403": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"500": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
}
}
}
},
"/public_api/v1/alerts/insert_parsed_alerts": {
"post": {
"requestBody": {
"content": {
"application/json": {
"schema": {
"request_data": {
"alerts": [
{
"product": "example",
"vendor": "example",
"local_ip": "example",
"local_port": "example",
"remote_ip": "example",
"remote_port": "example",
"event_timestamp": 0,
"severity": "example",
"alert_name": "example",
"alert_description": "example",
"action_status": "example",
"local_ip_v6": "example",
"remote_ip_v6": "example"
}
]
}
},
"examples": {
"example-1": {
"value": {
"request_data": {}
}
}
}
}
}
},
"responses": {
"200": {
"content": {
"application/json": {
"schema": false
}
}
},
"400": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"401": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"402": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"403": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"500": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
}
}
}
},
"/public_api/v1/alerts/get_alerts_pcap": {
"post": {
"requestBody": {
"content": {
"application/json": {
"schema": {
"request_data": {
"filters": [
{
"field": "severity",
"operator": "in",
"value": [
"medium",
"high"
]
}
],
"search_from": "0",
"search_to": "5",
"sort": {
"field": "severity",
"keyword": "asc"
}
}
},
"examples": {
"Request all results": {
"value": {
"request_data": {}
}
},
"Request filtered results": {
"value": {
"request_data": {
"sort": {}
}
}
}
}
}
}
},
"responses": {
"200": {
"content": {
"application/json": {
"schema": {
"reply": {
"total_count": 0,
"result_count": 0,
"alerts": [
{
"id": "example",
"pcap_data": "example"
}
]
}
},
"examples": {
"example-1": {
"value": {}
}
}
}
}
},
"400": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"401": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"402": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"403": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"500": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
}
}
}
},
"/public_api/v2/alerts/get_alerts_multi_events": {
"post": {
"responses": {
"200": {
"content": {
"application/json": {
"schema": {
"reply": {
"total_count": 0,
"result_count": 0,
"alerts": [
{
"agent_os_sub_type": "example",
"fw_app_category": {},
"fw_app_id": {},
"fw_app_subcategory": {},
"fw_app_technology": {},
"category": "example",
"causality_actor_process_command_line": [
"example"
],
"causality_actor_process_image_md5": [
"example"
],
"causality_actor_process_image_name": [
"example"
],
"causality_actor_process_image_path": [
"example"
],
"causality_actor_process_image_sha256": [
"example"
],
"causality_actor_process_signature_status": [
"example"
],
"causality_actor_process_signature_vendor": [
"example"
],
"causality_actor_causality_id": [
"example"
],
"identity_sub_type": {},
"identity_type": {},
"operation_name": {},
"project": {},
"cloud_provider": {},
"referenced_resource": {},
"resource_sub_type": {},
"resource_type": {},
"cluster_name": {},
"container_id": {},
"contains_featured_host": [
"example"
],
"contains_featured_ip": [
"example"
],
"contains_featured_user": [
"example"
],
"action_country": [
"example"
],
"description": "example",
"fw_interface_to": {},
"dns_query_name": {},
"agent_device_domain": {},
"fw_email_recipient": {},
"fw_email_sender": {},
"fw_email_subject": {},
"event_type": [
"example"
],
"is_whitelisted": false,
"action_file_macro_sha256": {},
"action_file_md5": {},
"action_file_name": {},
"action_file_path": {},
"action_file_sha256": {},
"fw_device_name": {},
"fw_rule_id": {},
"fw_rule": {},
"fw_serial_number": {},
"agent_fqdn": {},
"agent_os_type": "example",
"image_name": {},
"actor_process_image_name": [
"example"
],
"actor_process_command_line": [
"example"
],
"actor_process_image_md5": [
"example"
],
"actor_process_image_path": [
"example"
],
"actor_process_os_pid": [
0
],
"actor_process_image_sha256": [
"example"
],
"actor_process_signature_status": [
"example"
],
"actor_process_signature_vendor": [
"example"
],
"actor_thread_thread_id": [
0
],
"fw_is_phishing": [
"example"
],
"action_local_ip": {},
"action_local_port": {},
"fw_misc": {},
"mitre_tactic_id_and_name": [
"example"
],
"mitre_technique_id_and_name": [
"example"
],
"module_id": {},
"fw_vsys": {},
"os_actor_process_command_line": [
"example"
],
"os_actor_thread_thread_id": [
0
],
"os_actor_process_image_name": [
"example"
],
"os_actor_process_os_pid": [
0
],
"os_actor_process_image_sha256": [
"example"
],
"os_actor_process_signature_status": [
"example"
],
"os_actor_process_signature_vendor": [
"example"
],
"os_actor_effective_username": {},
"action_process_signature_status": [
"example"
],
"action_process_signature_vendor": {},
"action_registry_data": {},
"action_registry_full_key": {},
"action_external_hostname": {},
"action_remote_ip": {},
"action_remote_port": {},
"matching_service_rule_id": "example",
"fw_interface_from": {},
"starred": false,
"action_process_image_command_line": {},
"action_process_image_name": {},
"action_process_image_sha256": {},
"fw_url_domain": {},
"user_agent": {},
"fw_xff": {},
"external_id": "example",
"severity": "example",
"matching_status": "example",
"end_match_attempt_ts": {},
"local_insert_ts": 0,
"last_modified_ts": {},
"bioc_indicator": {},
"attempt_counter": 0,
"bioc_category_enum_key": {},
"case_id": 0,
"deduplicate_tokens": {},
"filter_rule_id": {},
"agent_version": "example",
"agent_ip_addresses_v6": {},
"agent_data_collection_status": {},
"agent_is_vdi": false,
"agent_install_type": "example",
"agent_host_boot_time": [
0
],
"event_sub_type": [
0
],
"association_strength": [
0
],
"dst_association_strength": {},
"story_id": {},
"event_id": [
"example"
],
"event_timestamp": [
0
],
"actor_process_instance_id": [
"example"
],
"actor_process_causality_id": [
"example"
],
"actor_causality_id": [
"example"
],
"causality_actor_process_execution_time": [
0
],
"action_registry_key_name": {},
"action_registry_value_name": {},
"action_local_ip_v6": {},
"action_remote_ip_v6": {},
"action_process_instance_id": {},
"action_process_causality_id": {},
"os_actor_process_instance_id": [
"example"
],
"os_actor_process_image_path": [
"example"
],
"os_actor_process_causality_id": [
"example"
],
"os_actor_causality_id": {},
"dst_agent_id": [
"example"
],
"dst_causality_actor_process_execution_time": {},
"dst_action_external_hostname": {},
"dst_action_country": {},
"dst_action_external_port": {},
"is_pcap": false,
"alert_type": "example",
"resolution_status": "example",
"resolution_comment": {},
"dynamic_fields": {},
"tags": [
"example"
],
"alert_id": "example",
"detection_timestamp": 0,
"name": "example",
"endpoint_id": "example",
"host_ip": [
"example"
],
"host_name": "example",
"action": "example",
"original_tags": [
"example"
],
"user_name": [
"example"
],
"mac_addresses": {},
"source": {},
"action_pretty": "example"
}
]
}
}
}
}
},
"400": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"401": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"402": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"403": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"500": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
}
},
"requestBody": {
"content": {
"application/json": {
"schema": {
"request_data": {
"filters": [
{
"field": "alert_id_list",
"operator": "in",
"value": null
}
]
}
},
"examples": {
"Example 1": {
"value": {
"request_data": {}
}
}
}
}
}
}
}
},
"/public_api/v1/alerts/get_alerts_multi_events": {
"post": {
"requestBody": {
"content": {
"application/json": {
"schema": {
"request_data": {
"filters": [
{
"field": "severity",
"operator": "in",
"value": [
"medium",
"high"
]
}
],
"search_from": 0,
"search_to": 5,
"sort": {
"field": "severity",
"keyword": "asc"
}
}
},
"examples": {
"Request all results": {
"value": {
"request_data": {}
}
},
"Request filtered results": {
"value": {
"request_data": {
"sort": {}
}
}
}
}
}
}
},
"responses": {
"200": {
"content": {
"application/json": {
"schema": {
"total_count": 0,
"result_count": 0,
"alerts": [
{
"external_id": "example",
"severity": "example",
"matching_status": "example",
"end_match_attempt_ts": 0,
"local_insert_ts": 0,
"bioc_indicator": "example",
"matching_service_rule_id": "example",
"attempt_counter": 0,
"bioc_category_enum_key": "example",
"is_whitelisted": false,
"starred": false,
"deduplicate_tokens": "example",
"filter_rule_id": "example",
"mitre_technique_id_and_name": [
"example"
],
"mitre_tactic_id_and_name": [
"example"
],
"agent_version": "example",
"agent_device_domain": "example",
"agent_fqdn": "example",
"agent_os_type": "example",
"agent_os_sub_type": "example",
"agent_data_collection_status": false,
"mac": "example",
"mac_address": [
"example"
],
"agent_is_vdi": false,
"contains_featured_host": "YES",
"contains_featured_user": "YES",
"contains_featured_ip": "YES",
"events": [
{
"agent_install_type": "example",
"agent_host_boot_time": 0,
"event_sub_type": "example",
"module_id": "example",
"association_strength": "example",
"dst_association_strength": "example",
"story_id": "example",
"event_id": "example",
"event_type": "example",
"event_timestamp": 0,
"actor_process_instance_id": "example",
"actor_process_image_path": "example",
"actor_process_image_name": "example",
"actor_process_command_line": "example",
"actor_process_signature_status": "example",
"actor_process_signature_vendor": "example",
"actor_process_image_sha256": "example",
"actor_process_image_md5": "example",
"actor_process_causality_id": "example",
"actor_causality_id": "example",
"actor_process_os_pid": "example",
"actor_thread_thread_id": "example",
"causality_actor_process_image_name": "example",
"causality_actor_process_command_line": "example",
"causality_actor_process_image_path": "example",
"causality_actor_process_signature_vendor": "example",
"causality_actor_process_signature_status": "example",
"causality_actor_causality_id": "example",
"causality_actor_process_execution_time": 0,
"causality_actor_process_image_md5": "example",
"causality_actor_process_image_sha256": "example",
"action_file_path": "example",
"action_file_name": "example",
"action_file_md5": "example",
"action_file_sha256": "example",
"action_file_macro_sha256": "example",
"action_registry_data": "example",
"action_registry_key_name": "example",
"action_registry_value_name": "example",
"action_registry_full_key": "example",
"action_local_ip": "example",
"action_local_port": "example",
"action_remote_ip": "example",
"action_remote_port": "example",
"action_external_hostname": "example",
"action_country": "example",
"action_process_instance_id": "example",
"action_process_causality_id": "example",
"action_process_image_name": "example",
"action_process_image_sha256": "example",
"action_process_image_command_line": "example",
"action_process_signature_status": "example",
"action_process_signature_vendor": "example",
"os_actor_effective_username": "example",
"os_actor_process_instance_id": "example",
"os_actor_process_image_path": "example",
"os_actor_process_image_name": "example",
"os_actor_process_command_line": "example",
"os_actor_process_signature_status": "example",
"os_actor_process_signature_vendor": "example",
"os_actor_process_image_sha256": "example",
"os_actor_process_causality_id": "example",
"os_actor_causality_id": "example",
"os_actor_process_os_pid": "example",
"os_actor_thread_thread_id": "example",
"fw_app_id": "example",
"fw_interface_from": "example",
"fw_interface_to": "example",
"fw_rule": "example",
"fw_rule_id": "example",
"fw_device_name": "example",
"fw_serial_number": 0,
"fw_url_domain": "example",
"fw_email_subject": "example",
"fw_email_sender": "example",
"fw_email_recipient": "example",
"fw_app_subcategory": "example",
"fw_app_category": "example",
"fw_app_technology": "example",
"fw_vsys": "example",
"fw_xff": "example",
"fw_misc": "example",
"fw_is_phishing": "example",
"dst_agent_id": "example",
"dst_causality_actor_process_execution_time": 0,
"dns_query_name": "example",
"dst_action_external_hostname": "example",
"dst_action_country": "example",
"dst_action_external_port": "example",
"user_name": "example"
}
],
"alert_id": "example",
"detection_timestamp": 0,
"name": "example",
"category": "example",
"endpoint_id": "example",
"description": "example",
"host_ip": [
"example"
],
"host_name": "example",
"source": "example",
"action": "example",
"action_pretty": "example"
}
],
"alert_id": "example",
"detection_timestamp": 0,
"name": "example",
"category": "example",
"endpoint_id": "example",
"description": "example",
"host_ip": [
"example"
],
"host_name": "example",
"source": "example",
"action": "example",
"action_pretty": "example",
"malicious_urls": [
"example"
]
},
"examples": {
"Success response": {
"value": {
"reply": {}
}
}
}
}
}
},
"400": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"401": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"402": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"403": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"500": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
}
}
}
},
"/public_api/v1/featured_fields/replace_hosts": {
"post": {
"requestBody": {
"content": {
"application/json": {
"schema": {
"request_data": {
"fields": [
{
"value": "example",
"comment": "example"
}
]
}
},
"examples": {
"example-1": {
"value": {
"request_data": {}
}
}
}
}
}
},
"responses": {
"200": {
"content": {
"application/json": {
"schema": false
}
}
},
"400": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"401": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"402": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"403": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"500": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
}
}
}
},
"/public_api/v1/featured_fields/replace_users": {
"post": {
"requestBody": {
"content": {
"application/json": {
"schema": {
"request_data": {
"fields": [
{
"value": "example",
"comment": "example"
}
]
}
},
"examples": {
"example-1": {
"value": {
"request_data": {}
}
}
}
}
}
},
"responses": {
"200": {
"content": {
"application/json": {
"schema": false
}
}
},
"400": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"401": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"402": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"403": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"500": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
}
}
}
},
"/public_api/v1/featured_fields/replace_ip_addresses": {
"post": {
"requestBody": {
"content": {
"application/json": {
"schema": {
"request_data": {
"fields": [
{
"value": "example",
"comment": "example"
}
]
}
},
"examples": {
"example-1": {
"value": {
"request_data": {}
}
}
}
}
}
},
"responses": {
"200": {
"content": {
"application/json": {
"schema": false
}
}
},
"400": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"401": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"402": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"403": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"500": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
}
}
}
},
"/public_api/v1/featured_fields/replace_ad_groups": {
"post": {
"requestBody": {
"content": {
"application/json": {
"schema": {
"request_data": {
"fields": [
{
"value": "example",
"type": "group",
"comment": "example"
}
]
}
},
"examples": {
"example-1": {
"value": {
"request_data": {}
}
}
}
}
}
},
"responses": {
"200": {
"content": {
"application/json": {
"schema": false
}
}
},
"400": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"401": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"402": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"403": {
"content": {
"application/json": {
"schema": {
"info": {
"contact": {}
},
"components": {
"securitySchemes": {
"api_key": null
},
"schemas": {
"event": {
"agent_install_type": "example",
"agent_host_boot_time": 0,
"event_sub_type": "example",
"module_id": "example",
"association_strength": "example",
"dst_association_strength": "example",
"story_id": "example",
"event_id": "example",
"event_type": "example",
"event_timestamp": 0,
"actor_process_instance_id": "example",
"actor_process_image_path": "example",
"actor_process_image_name": "example",
"actor_process_command_line": "example",
"actor_process_signature_status": "example",
"actor_process_signature_vendor": "example",
"actor_process_image_sha256": "example",
"actor_process_image_md5": "example",
"actor_process_causality_id": "example",
"actor_causality_id": "example",
"actor_process_os_pid": "example",
"actor_thread_thread_id": "example",
"causality_actor_process_image_name": "example",
"causality_actor_process_command_line": "example",
"causality_actor_process_image_path": "example",
"causality_actor_process_signature_vendor": "example",
"causality_actor_process_signature_status": "example",
"causality_actor_causality_id": "example",
"causality_actor_process_execution_time": 0,
"causality_actor_process_image_md5": "example",
"causality_actor_process_image_sha256": "example",
"action_file_path": "example",
"action_file_name": "example",
"action_file_md5": "example",
"action_file_sha256": "example",
"action_file_macro_sha256": "example",
"action_registry_data": "example",
"action_registry_key_name": "example",
"action_registry_value_name": "example",
"action_registry_full_key": "example",
"action_local_ip": "example",
"action_local_port": "example",
"action_remote_ip": "example",
"action_remote_port": "example",
"action_external_hostname": "example",
"action_country": "example",
"action_process_instance_id": "example",
"action_process_causality_id": "example",
"action_process_image_name": "example",
"action_process_image_sha256": "example",
"action_process_image_command_line": "example",
"action_process_signature_status": "example",
"action_process_signature_vendor": "example",
"os_actor_effective_username": "example",
"os_actor_process_instance_id": "example",
"os_actor_process_image_path": "example",
"os_actor_process_image_name": "example",
"os_actor_process_command_line": "example",
"os_actor_process_signature_status": "example",
"os_actor_process_signature_vendor": "example",
"os_actor_process_image_sha256": "example",
"os_actor_process_causality_id": "example",
"os_actor_causality_id": "example",
"os_actor_process_os_pid": "example",
"os_actor_thread_thread_id": "example",
"fw_app_id": "example",
"fw_interface_from": "example",
"fw_interface_to": "example",
"fw_rule": "example",
"fw_rule_id": "example",
"fw_device_name": "example",
"fw_serial_number": 0,
"fw_url_domain": "example",
"fw_email_subject": "example",
"fw_email_sender": "example",
"fw_email_recipient": "example",
"fw_app_subcategory": "example",
"fw_app_category": "example",
"fw_app_technology": "example",
"fw_vsys": "example",
"fw_xff": "example",
"fw_misc": "example",
"fw_is_phishing": "example",
"dst_agent_id": "example",
"dst_causality_actor_process_execution_time": 0,
"dns_query_name": "example",
"dst_action_external_hostname": "example",
"dst_action_country": "example",
"dst_action_external_port": "example",
"user_name": "example"
},
"alert": {
"external_id": "example",
"severity": "example",
"matching_status": "example",
"end_match_attempt_ts": 0,
"local_insert_ts": 0,
"bioc_indicator": "example",
"matching_service_rule_id": "example",
"attempt_counter": 0,
"bioc_category_enum_key": "example",
"is_whitelisted": false,
"starred": false,
"deduplicate_tokens": "example",
"filter_rule_id": "example",
"mitre_technique_id_and_name": [
"example"
],
"mitre_tactic_id_and_name": [
"example"
],
"agent_version": "example",
"agent_device_domain": "example",
"agent_fqdn": "example",
"agent_os_type": "example",
"agent_os_sub_type": "example",
"agent_data_collection_status": false,
"mac": "example",
"mac_address": [
"example"
],
"agent_is_vdi": false,
"contains_featured_host": "YES",
"contains_featured_user": "YES",
"contains_featured_ip": "YES",
"events": [
{
"agent_install_type": "example",
"agent_host_boot_time": 0,
"event_sub_type": "example",
"module_id": "example",
"association_strength": "example",
"dst_association_strength": "example",
"story_id": "example",
"event_id": "example",
"event_type": "example",
"event_timestamp": 0,
"actor_process_instance_id": "example",
"actor_process_image_path": "example",
"actor_process_image_name": "example",
"actor_process_command_line": "example",
"actor_process_signature_status": "example",
"actor_process_signature_vendor": "example",
"actor_process_image_sha256": "example",
"actor_process_image_md5": "example",
"actor_process_causality_id": "example",
"actor_causality_id": "example",
"actor_process_os_pid": "example",
"actor_thread_thread_id": "example",
"causality_actor_process_image_name": "example",
"causality_actor_process_command_line": "example",
"causality_actor_process_image_path": "example",
"causality_actor_process_signature_vendor": "example",
"causality_actor_process_signature_status": "example",
"causality_actor_causality_id": "example",
"causality_actor_process_execution_time": 0,
"causality_actor_process_image_md5": "example",
"causality_actor_process_image_sha256": "example",
"action_file_path": "example",
"action_file_name": "example",
"action_file_md5": "example",
"action_file_sha256": "example",
"action_file_macro_sha256": "example",
"action_registry_data": "example",
"action_registry_key_name": "example",
"action_registry_value_name": "example",
"action_registry_full_key": "example",
"action_local_ip": "example",
"action_local_port": "example",
"action_remote_ip": "example",
"action_remote_port": "example",
"action_external_hostname": "example",
"action_country": "example",
"action_process_instance_id": "example",
"action_process_causality_id": "example",
"action_process_image_name": "example",
"action_process_image_sha256": "example",
"action_process_image_command_line": "example",
"action_process_signature_status": "example",
"action_process_signature_vendor": "example",
"os_actor_effective_username": "example",
"os_actor_process_instance_id": "example",
"os_actor_process_image_path": "example",
"os_actor_process_image_name": "example",
"os_actor_process_command_line": "example",
"os_actor_process_signature_status": "example",
"os_actor_process_signature_vendor": "example",
"os_actor_process_image_sha256": "example",
"os_actor_process_causality_id": "example",
"os_actor_causality_id": "example",
"os_actor_process_os_pid": "example",
"os_actor_thread_thread_id": "example",
"fw_app_id": "example",
"fw_interface_from": "example",
"fw_interface_to": "example",
"fw_rule": "example",
"fw_rule_id": "example",
"fw_device_name": "example",
"fw_serial_number": 0,
"fw_url_domain": "example",
"fw_email_subject": "example",
"fw_email_sender": "example",
"fw_email_recipient": "example",
"fw_app_subcategory": "example",
"fw_app_category": "example",
"fw_app_technology": "example",
"fw_vsys": "example",
"fw_xff": "example",
"fw_misc": "example",
"fw_is_phishing": "example",
"dst_agent_id": "example",
"dst_causality_actor_process_execution_time": 0,
"dns_query_name": "example",
"dst_action_external_hostname": "example",
"dst_action_country": "example",
"dst_action_external_port": "example",
"user_name": "example"
}
],
"alert_id": "example",
"detection_timestamp": 0,
"name": "example",
"category": "example",
"endpoint_id": "example",
"description": "example",
"host_ip": [
"example"
],
"host_name": "example",
"source": "example",
"action": "example",
"action_pretty": "example"
},
"reply": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
},
"violation": {
"hostname": "example",
"username": "example",
"ip": "example",
"timestamp": 0,
"violation_id": 0,
"type": "example",
"vendor_id": "example",
"vendor": "example",
"product_id": "example",
"product": "example",
"serial": "example",
"endpoint_id": "example"
}
}
},
"paths": {
"/public_api/v1/xql/start_xql_query": {
"post": {
"requestBody": {
"content": {
"application/json": {
"schema": {
"request_data": {
"query": "dataset=xdr_data | fields event_id, event_type, event_sub_type | limit 3",
"tenants": [],
"timeframe": {
"from": "1598907600000",
"to": "1599080399000"
}
}
},
"examples": {
"example-1": {
"value": {
"request_data": {
"timeframe": {}
}
}
}
}
}
}
},
"responses": {
"200": {
"content": {
"application/json": {
"schema": {
"reply": "example"
},
"examples": {
"Example 1": {
"value": {}
}
}
}
}
},
"400": {
"content": {
"application/json": {
"schema": {
"reply": {
"err_code": 0,
"err_msg": "example",
"err_extra": {
"err_msg": "example",
"query_cost": 0,
"remaining_quota": 0,
"total_daily_running_queries": 0,
"total_daily_concurrent_rejected_queries": 0
}
}
},
"examples": {
"Example 1": {
"value": {
"reply": {
"err_extra": {}
}
}
}
}
}
}
},
"401": {
"content": {
"application/json": {
"schema": {
"reply": {
"err_code": 0,
"err_msg": "example",
"err_extra": {
"err_msg": "example",
"query_cost": 0,
"remaining_quota": 0,
"total_daily_running_queries": 0,
"total_daily_concurrent_rejected_queries": 0
}
}
},
"examples": {
"Example 1": {
"value": {
"reply": {
"err_extra": {}
}
}
}
}
}
}
},
"402": {
"content": {
"application/json": {
"schema": {
"reply": {
"err_code": 0,
"err_msg": "example",
"err_extra": {
"err_msg": "example",
"query_cost": 0,
"remaining_quota": 0,
"total_daily_running_queries": 0,
"total_daily_concurrent_rejected_queries": 0
}
}
},
"examples": {
"Example 1": {
"value": {
"reply": {
"err_extra": {}
}
}
}
}
}
}
},
"403": {
"content": {
"application/json": {
"schema": {
"reply": {
"err_code": 0,
"err_msg": "example",
"err_extra": {
"err_msg": "example",
"query_cost": 0,
"remaining_quota": 0,
"total_daily_running_queries": 0,
"total_daily_concurrent_rejected_queries": 0
}
}
},
"examples": {
"Example 1": {
"value": {
"reply": {
"err_extra": {}
}
}
}
}
}
}
},
"500": {
"content": {
"application/json": {
"schema": {
"reply": {
"err_code": 0,
"err_msg": "example",
"err_extra": {
"err_msg": "example",
"query_cost": 0,
"remaining_quota": 0,
"total_daily_running_queries": 0,
"total_daily_concurrent_rejected_queries": 0
}
}
},
"examples": {
"Example 1": {
"value": {
"reply": {
"err_extra": {}
}
}
}
}
}
}
}
}
}
},
"/public_api/v1/xql/get_query_results": {
"post": {
"requestBody": {
"content": {
"application/json": {
"schema": {
"request_data": {
"query_id": "061880b4867446_4356_inv",
"pending_flag": true,
"limit": 100,
"format": "json"
}
},
"examples": {
"example-1": {
"value": {
"request_data": {}
}
}
}
}
}
},
"responses": {
"200": {
"content": {
"application/json": {
"schema": {
"reply": {
"status": "example",
"number_of_results": 0,
"query_cost": {
"9995067425505": 0.1
},
"remaining_quota": 0.1,
"results": {
"data": [
{
"event_id": "example",
"agent_version": "example",
"_product": "example",
"_time": 0,
"_vendor": "example",
"insert_timestamp": 0,
"agent_os_type": "example",
"event_type": "example",
"event_sub_type": "example"
}
]
}
}
},
"examples": {
"pending_flag=true": {
"value": {
"reply": {}
}
},
"Up to 1,000 results, JSON format, Single Tenant Investigation": {
"value": {
"reply": {
"query_cost": {},
"results": {}
}
}
},
"Up to 1,000 results, CSV format, Single Tenant Investigation": {
"value": {
"reply": {
"query_cost": {},
"results": {}
}
}
},
"Up to 1,000 results, JSON format, Multi Tenant Investigation": {
"value": {
"reply": {
"query_cost": {},
"results": {}
}
}
},
"More than 1,000 results": {
"value": {
"reply": {
"query_cost": {},
"results": {}
}
}
}
}
}
}
},
"400": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"401": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"402": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"403": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"500": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
}
}
}
},
"/public_api/v1/xql/get_quota": {
"post": {
"requestBody": {
"content": {
"application/json": {
"schema": {
"request_data": {}
}
}
}
},
"responses": {
"200": {
"content": {
"application/json": {
"schema": {
"reply": {
"license_quota": 0,
"additional_purchased_quota": 0,
"used_quota": 0.1,
"eval_quota": 0,
"total_daily_running_queries": 0,
"total_daily_concurrent_rejected_queries": 0,
"current_concurrent_active_queries": {
"additionalProperties": "example"
},
"current_concurrent_active_queries_count": 0,
"max_daily_concurrent_active_query_count": 0
}
},
"examples": {
"example-1": {
"value": {
"reply": {
"current_concurrent_active_queries": {
"debee6b0c41f47_911_inv": {}
}
}
}
}
}
}
}
},
"400": {
"content": {
"application/json": {
"schema": {
"reply": {
"err_code": 0,
"err_msg": "example",
"err_extra": {
"err_msg": "example",
"query_cost": 0,
"remaining_quota": 0,
"total_daily_running_queries": 0,
"total_daily_concurrent_rejected_queries": 0
}
}
},
"examples": {
"Example 1": {
"value": {
"reply": {
"err_extra": {}
}
}
}
}
}
}
},
"401": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"402": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"403": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"500": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
}
}
}
},
"/public_api/v1/xql/get_query_results_stream": {
"post": {
"requestBody": {
"content": {
"application/json": {
"schema": {
"request_data": {
"stream_id": "563c5e24-===-9a1f8139d3c5",
"is_gzip_compressed": true
}
}
}
}
},
"responses": {
"200": {
"content": {
"application/json": {
"examples": {}
}
}
},
"400": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"401": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"402": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"403": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"500": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
}
}
}
},
"/public_api/v1/incidents/get_incidents": {
"post": {
"requestBody": {
"content": {
"application/json": {
"schema": {
"request_data": {
"filters": [
{
"field": "modification_time",
"operator": "in",
"value": null
}
],
"search_from": 0,
"search_to": 0,
"sort": {
"field": "creation_time",
"keyword": "asc"
}
}
},
"examples": {
"Request all results": {
"value": {
"request_data": {}
}
},
"Request filtered results": {
"value": {
"request_data": {
"sort": {}
}
}
}
}
}
}
},
"responses": {
"200": {
"content": {
"application/json": {
"schema": {
"reply": {
"total_count": 0,
"result_count": 0,
"incidents": [
{
"incident_id": "example",
"incident_name": "example",
"creation_time": 0,
"modification_time": 0,
"detection_time": {},
"status": "example",
"severity": "example",
"description": "example",
"assigned_user_mail": {},
"assigned_user_pretty_name": {},
"alert_count": 0,
"low_severity_alert_count": 0,
"med_severity_alert_count": 0,
"high_severity_alert_count": 0,
"critical_severity_alert_count": 0,
"user_count": 0,
"host_count": 0,
"notes": {},
"resolve_comment": {},
"resolved_timestamp": 0,
"manual_severity": {},
"manual_description": "example",
"xdr_url": "example",
"starred": false,
"starred_manually": false,
"hosts": [
"example"
],
"users": [
"example"
],
"incident_sources": [
"example"
],
"rule_based_score": 0,
"manual_score": {},
"wildfire_hits": 0,
"alerts_grouping_status": "example",
"mitre_tactics_ids_and_names": [
"example"
],
"mitre_techniques_ids_and_names": [
"example"
],
"alert_categories": [
"example"
],
"original_tags": [
"example"
],
"tags": [
"example"
]
}
],
"restricted_incident_ids": [
{}
]
}
},
"examples": {
"Success Response Example": {
"value": {
"reply": {}
}
}
}
}
}
},
"400": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"401": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"402": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"403": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"500": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
}
}
}
},
"/public_api/v1/alerts/get_alerts": {
"post": {
"responses": {
"200": {
"content": {
"application/json": {
"schema": {
"reply": {
"total_count": 0,
"result_count": 0,
"alerts": [
{
"external_id": "example",
"severity": "example",
"matching_status": "example",
"end_match_attempt_ts": 0,
"local_insert_ts": 0,
"bioc_indicator": {},
"matching_service_rule_id": {},
"attempt_counter": 0,
"bioc_category_enum_key": {},
"is_whitelisted": false,
"starred": false,
"deduplicate_tokens": {},
"filter_rule_id": {},
"mitre_technique_id_and_name": [
"example"
],
"mitre_tactic_id_and_name": [
"example"
],
"agent_version": "example",
"agent_device_domain": {},
"agent_fqdn": "example",
"agent_os_type": "example",
"agent_os_sub_type": "example",
"agent_data_collection_status": false,
"mac": {},
"mac_address": [
"example"
],
"agent_is_vdi": {},
"contains_featured_host": false,
"contains_featured_user": false,
"contains_featured_ip": false,
"events": [
{
"agent_install_type": "example",
"agent_host_boot_time": {},
"event_sub_type": {},
"module_id": "example",
"association_strength": {},
"dst_association_strength": {},
"story_id": {},
"event_id": {},
"event_type": "example",
"event_timestamp": 0,
"actor_process_instance_id": "example",
"actor_process_image_path": "example",
"actor_process_image_name": "example",
"actor_process_command_line": "example",
"actor_process_signature_status": "example",
"actor_process_signature_vendor": {},
"actor_process_image_sha256": "example",
"actor_process_image_md5": {},
"actor_process_causality_id": {},
"actor_causality_id": {},
"actor_process_os_pid": "example",
"actor_thread_thread_id": {},
"causality_actor_process_image_name": {},
"causality_actor_process_command_line": {},
"causality_actor_process_image_path": {},
"causality_actor_process_signature_vendor": {},
"causality_actor_process_signature_status": "example",
"causality_actor_causality_id": {},
"causality_actor_process_execution_time": {},
"causality_actor_process_image_md5": {},
"causality_actor_process_image_sha256": {},
"action_file_path": {},
"action_file_name": {},
"action_file_md5": {},
"action_file_sha256": {},
"action_file_macro_sha256": {},
"action_registry_data": {},
"action_registry_key_name": {},
"action_registry_value_name": {},
"action_registry_full_key": {},
"action_local_ip": {},
"action_local_port": {},
"action_remote_ip": {},
"action_remote_port": {},
"action_external_hostname": {},
"action_country": "example",
"action_process_instance_id": {},
"action_process_causality_id": {},
"action_process_image_name": {},
"action_process_image_sha256": {},
"action_process_image_command_line": {},
"action_process_signature_status": "example",
"action_process_signature_vendor": {},
"os_actor_effective_username": {},
"os_actor_process_instance_id": {},
"os_actor_process_image_path": {},
"os_actor_process_image_name": {},
"os_actor_process_command_line": {},
"os_actor_process_signature_status": "example",
"os_actor_process_signature_vendor": {},
"os_actor_process_image_sha256": {},
"os_actor_process_causality_id": {},
"os_actor_causality_id": {},
"os_actor_process_os_pid": {},
"os_actor_thread_thread_id": {},
"fw_app_id": {},
"fw_interface_from": {},
"fw_interface_to": {},
"fw_rule": {},
"fw_rule_id": {},
"fw_device_name": {},
"fw_serial_number": {},
"fw_url_domain": {},
"fw_email_subject": {},
"fw_email_sender": {},
"fw_email_recipient": {},
"fw_app_subcategory": {},
"fw_app_category": {},
"fw_app_technology": {},
"fw_vsys": {},
"fw_xff": {},
"fw_misc": {},
"fw_is_phishing": "example",
"dst_agent_id": {},
"dst_causality_actor_process_execution_time": {},
"dns_query_name": {},
"dst_action_external_hostname": {},
"dst_action_country": {},
"dst_action_external_port": {},
"user_name": {}
}
],
"alert_id": "example",
"detection_timestamp": 0,
"name": "example",
"category": "example",
"endpoint_id": "example",
"description": "example",
"host_ip": [
"example"
],
"host_name": "example",
"source": "example",
"action": "example",
"action_pretty": "example"
}
]
}
},
"examples": {
"Example 1": {
"value": {
"reply": {}
}
}
}
}
}
},
"400": {},
"401": {},
"402": {},
"403": {},
"500": {}
},
"requestBody": {
"content": {
"application/json": {
"schema": {
"request_data": {
"filters": [
{
"field": "alert_id_list",
"operator": "in",
"value": null
}
],
"search_from": 0,
"search_to": 0,
"sort": {
"field": "example",
"keyword": "example"
}
}
},
"examples": {
"Request all results": {
"value": {
"request_data": {}
}
},
"Request filtered results": {
"value": {
"request_data": {
"sort": {}
}
}
}
}
}
}
}
}
},
"/public_api/v1/incidents/update_incident": {
"post": {
"requestBody": {
"content": {
"application/json": {
"schema": "{ \n \"request_data\":{ \n \"incident_id\":\"<incident ID>\",\n \"update_data\":{ \n \"assigned_user_mail\":\"username@test.com\",\n \"manual_severity\":\"low\",\n \"status\":\"resolved_other\",\n \"resolve_comment\":\"This incident is resolved\"\n }\n }",
"examples": {
"Request example": {
"value": {
"request_data": {
"update_data": {}
}
}
}
}
}
}
},
"responses": {
"200": {
"content": {
"application/json": {
"schema": false
}
}
},
"400": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"401": {
"content": {
"application/json": {
"schema": {}
}
}
},
"402": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"403": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"500": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
}
}
}
},
"/public_api/v1/alerts/update_alerts": {
"post": {
"requestBody": {
"content": {
"application/json": {
"schema": {
"request_data": {
"alert_id_list": [
"104173821",
"574203823",
"395720183"
],
"update_data": {
"severity": "medium",
"status": "resolved_other",
"comment": "This incident is resolved"
}
}
},
"examples": {
"example-1": {
"value": {
"request_data": {
"update_data": {}
}
}
}
}
}
}
},
"responses": {
"200": {
"content": {
"application/json": {
"schema": [
"example"
],
"examples": {
"example-1": {
"value": {
"reply": {}
}
}
}
}
}
},
"400": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"401": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"402": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"403": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"500": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
}
}
}
},
"/public_api/v1/alerts/insert_cef_alerts": {
"post": {
"requestBody": {
"content": {
"application/json": {
"schema": {
"request_data": {
"alerts": [
"CEF:0|Check Point|VPN-1 & FireWall-1|Check Point|Log|microsoft-ds|Unknown|act=AcceptdeviceDirection=0 rt=1569---000 spt=5---57 dpt=4---5cs2Label=Rule Name cs2=ADPrimerylayer_name=FW_Device_blackenedSecuritylayer_uuid=07-----fc7-1a5c-71b8c match_id=1---6parent_rule=0rule_action=Accept rule_uid=8----be5cifname=bond2logid=0loguid={0x5d8c5388,0x61,0x29321fac,0xc0000022}origin=1.1.1.1originsicname=CN=DWdeviceBlackend,O=Blackend sequencenum=363version=5dst=1.1.1.1 inzone=External outzone=Internal product=VPN-1 & FireWall-1proto=6service_id=microsoft-ds src=1.1.1.1",
"CEF:0|Check Point|VPN-1 & FireWall-1|Check Point|Log|Log|Unknown|act=AcceptdeviceDirection=0 rt=1569477501000 spt=63088 dpt=5985cs2Label=RuleNamelayer_name=FW_Device_blackenedSecuritylayer_uuid=07693f---e96c71b8c match_id=8----9parent_rule=0rule_action=Acceptrule_uid=ae9---70f-ab1c-1ad552c82369conn_direction=Internal ifname=bond1.12logid=0loguid={0x5d8c537d,0xbb,0x29321fac,0xc0000014}origin=1.1.1.1originsicname=CN=DWdeviceBlackend,O=Blackend sequencenum=899version=5dst=1.1.1.1 product=VPN-1 & FireWall-1 proto=6 src=1.1.1.1"
]
}
},
"examples": {
"example-1": {
"value": {
"request_data": {}
}
}
}
}
}
},
"responses": {
"200": {
"content": {
"application/json": {
"schema": false
}
}
},
"400": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"401": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"402": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"403": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"500": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
}
}
}
},
"/public_api/v1/alerts/insert_parsed_alerts": {
"post": {
"requestBody": {
"content": {
"application/json": {
"schema": {
"request_data": {
"alerts": [
{
"product": "example",
"vendor": "example",
"local_ip": "example",
"local_port": "example",
"remote_ip": "example",
"remote_port": "example",
"event_timestamp": 0,
"severity": "example",
"alert_name": "example",
"alert_description": "example",
"action_status": "example",
"local_ip_v6": "example",
"remote_ip_v6": "example"
}
]
}
},
"examples": {
"example-1": {
"value": {
"request_data": {}
}
}
}
}
}
},
"responses": {
"200": {
"content": {
"application/json": {
"schema": false
}
}
},
"400": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"401": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"402": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"403": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"500": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
}
}
}
},
"/public_api/v1/alerts/get_alerts_pcap": {
"post": {
"requestBody": {
"content": {
"application/json": {
"schema": {
"request_data": {
"filters": [
{
"field": "severity",
"operator": "in",
"value": [
"medium",
"high"
]
}
],
"search_from": "0",
"search_to": "5",
"sort": {
"field": "severity",
"keyword": "asc"
}
}
},
"examples": {
"Request all results": {
"value": {
"request_data": {}
}
},
"Request filtered results": {
"value": {
"request_data": {
"sort": {}
}
}
}
}
}
}
},
"responses": {
"200": {
"content": {
"application/json": {
"schema": {
"reply": {
"total_count": 0,
"result_count": 0,
"alerts": [
{
"id": "example",
"pcap_data": "example"
}
]
}
},
"examples": {
"example-1": {
"value": {}
}
}
}
}
},
"400": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"401": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"402": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"403": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"500": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
}
}
}
},
"/public_api/v2/alerts/get_alerts_multi_events": {
"post": {
"responses": {
"200": {
"content": {
"application/json": {
"schema": {
"reply": {
"total_count": 0,
"result_count": 0,
"alerts": [
{
"agent_os_sub_type": "example",
"fw_app_category": {},
"fw_app_id": {},
"fw_app_subcategory": {},
"fw_app_technology": {},
"category": "example",
"causality_actor_process_command_line": [
"example"
],
"causality_actor_process_image_md5": [
"example"
],
"causality_actor_process_image_name": [
"example"
],
"causality_actor_process_image_path": [
"example"
],
"causality_actor_process_image_sha256": [
"example"
],
"causality_actor_process_signature_status": [
"example"
],
"causality_actor_process_signature_vendor": [
"example"
],
"causality_actor_causality_id": [
"example"
],
"identity_sub_type": {},
"identity_type": {},
"operation_name": {},
"project": {},
"cloud_provider": {},
"referenced_resource": {},
"resource_sub_type": {},
"resource_type": {},
"cluster_name": {},
"container_id": {},
"contains_featured_host": [
"example"
],
"contains_featured_ip": [
"example"
],
"contains_featured_user": [
"example"
],
"action_country": [
"example"
],
"description": "example",
"fw_interface_to": {},
"dns_query_name": {},
"agent_device_domain": {},
"fw_email_recipient": {},
"fw_email_sender": {},
"fw_email_subject": {},
"event_type": [
"example"
],
"is_whitelisted": false,
"action_file_macro_sha256": {},
"action_file_md5": {},
"action_file_name": {},
"action_file_path": {},
"action_file_sha256": {},
"fw_device_name": {},
"fw_rule_id": {},
"fw_rule": {},
"fw_serial_number": {},
"agent_fqdn": {},
"agent_os_type": "example",
"image_name": {},
"actor_process_image_name": [
"example"
],
"actor_process_command_line": [
"example"
],
"actor_process_image_md5": [
"example"
],
"actor_process_image_path": [
"example"
],
"actor_process_os_pid": [
0
],
"actor_process_image_sha256": [
"example"
],
"actor_process_signature_status": [
"example"
],
"actor_process_signature_vendor": [
"example"
],
"actor_thread_thread_id": [
0
],
"fw_is_phishing": [
"example"
],
"action_local_ip": {},
"action_local_port": {},
"fw_misc": {},
"mitre_tactic_id_and_name": [
"example"
],
"mitre_technique_id_and_name": [
"example"
],
"module_id": {},
"fw_vsys": {},
"os_actor_process_command_line": [
"example"
],
"os_actor_thread_thread_id": [
0
],
"os_actor_process_image_name": [
"example"
],
"os_actor_process_os_pid": [
0
],
"os_actor_process_image_sha256": [
"example"
],
"os_actor_process_signature_status": [
"example"
],
"os_actor_process_signature_vendor": [
"example"
],
"os_actor_effective_username": {},
"action_process_signature_status": [
"example"
],
"action_process_signature_vendor": {},
"action_registry_data": {},
"action_registry_full_key": {},
"action_external_hostname": {},
"action_remote_ip": {},
"action_remote_port": {},
"matching_service_rule_id": "example",
"fw_interface_from": {},
"starred": false,
"action_process_image_command_line": {},
"action_process_image_name": {},
"action_process_image_sha256": {},
"fw_url_domain": {},
"user_agent": {},
"fw_xff": {},
"external_id": "example",
"severity": "example",
"matching_status": "example",
"end_match_attempt_ts": {},
"local_insert_ts": 0,
"last_modified_ts": {},
"bioc_indicator": {},
"attempt_counter": 0,
"bioc_category_enum_key": {},
"case_id": 0,
"deduplicate_tokens": {},
"filter_rule_id": {},
"agent_version": "example",
"agent_ip_addresses_v6": {},
"agent_data_collection_status": {},
"agent_is_vdi": false,
"agent_install_type": "example",
"agent_host_boot_time": [
0
],
"event_sub_type": [
0
],
"association_strength": [
0
],
"dst_association_strength": {},
"story_id": {},
"event_id": [
"example"
],
"event_timestamp": [
0
],
"actor_process_instance_id": [
"example"
],
"actor_process_causality_id": [
"example"
],
"actor_causality_id": [
"example"
],
"causality_actor_process_execution_time": [
0
],
"action_registry_key_name": {},
"action_registry_value_name": {},
"action_local_ip_v6": {},
"action_remote_ip_v6": {},
"action_process_instance_id": {},
"action_process_causality_id": {},
"os_actor_process_instance_id": [
"example"
],
"os_actor_process_image_path": [
"example"
],
"os_actor_process_causality_id": [
"example"
],
"os_actor_causality_id": {},
"dst_agent_id": [
"example"
],
"dst_causality_actor_process_execution_time": {},
"dst_action_external_hostname": {},
"dst_action_country": {},
"dst_action_external_port": {},
"is_pcap": false,
"alert_type": "example",
"resolution_status": "example",
"resolution_comment": {},
"dynamic_fields": {},
"tags": [
"example"
],
"alert_id": "example",
"detection_timestamp": 0,
"name": "example",
"endpoint_id": "example",
"host_ip": [
"example"
],
"host_name": "example",
"action": "example",
"original_tags": [
"example"
],
"user_name": [
"example"
],
"mac_addresses": {},
"source": {},
"action_pretty": "example"
}
]
}
}
}
}
},
"400": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"401": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"402": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"403": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"500": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
}
},
"requestBody": {
"content": {
"application/json": {
"schema": {
"request_data": {
"filters": [
{
"field": "alert_id_list",
"operator": "in",
"value": null
}
]
}
},
"examples": {
"Example 1": {
"value": {
"request_data": {}
}
}
}
}
}
}
}
},
"/public_api/v1/alerts/get_alerts_multi_events": {
"post": {
"requestBody": {
"content": {
"application/json": {
"schema": {
"request_data": {
"filters": [
{
"field": "severity",
"operator": "in",
"value": [
"medium",
"high"
]
}
],
"search_from": 0,
"search_to": 5,
"sort": {
"field": "severity",
"keyword": "asc"
}
}
},
"examples": {
"Request all results": {
"value": {
"request_data": {}
}
},
"Request filtered results": {
"value": {
"request_data": {
"sort": {}
}
}
}
}
}
}
},
"responses": {
"200": {
"content": {
"application/json": {
"schema": {
"total_count": 0,
"result_count": 0,
"alerts": [
{
"external_id": "example",
"severity": "example",
"matching_status": "example",
"end_match_attempt_ts": 0,
"local_insert_ts": 0,
"bioc_indicator": "example",
"matching_service_rule_id": "example",
"attempt_counter": 0,
"bioc_category_enum_key": "example",
"is_whitelisted": false,
"starred": false,
"deduplicate_tokens": "example",
"filter_rule_id": "example",
"mitre_technique_id_and_name": [
"example"
],
"mitre_tactic_id_and_name": [
"example"
],
"agent_version": "example",
"agent_device_domain": "example",
"agent_fqdn": "example",
"agent_os_type": "example",
"agent_os_sub_type": "example",
"agent_data_collection_status": false,
"mac": "example",
"mac_address": [
"example"
],
"agent_is_vdi": false,
"contains_featured_host": "YES",
"contains_featured_user": "YES",
"contains_featured_ip": "YES",
"events": [
{
"agent_install_type": "example",
"agent_host_boot_time": 0,
"event_sub_type": "example",
"module_id": "example",
"association_strength": "example",
"dst_association_strength": "example",
"story_id": "example",
"event_id": "example",
"event_type": "example",
"event_timestamp": 0,
"actor_process_instance_id": "example",
"actor_process_image_path": "example",
"actor_process_image_name": "example",
"actor_process_command_line": "example",
"actor_process_signature_status": "example",
"actor_process_signature_vendor": "example",
"actor_process_image_sha256": "example",
"actor_process_image_md5": "example",
"actor_process_causality_id": "example",
"actor_causality_id": "example",
"actor_process_os_pid": "example",
"actor_thread_thread_id": "example",
"causality_actor_process_image_name": "example",
"causality_actor_process_command_line": "example",
"causality_actor_process_image_path": "example",
"causality_actor_process_signature_vendor": "example",
"causality_actor_process_signature_status": "example",
"causality_actor_causality_id": "example",
"causality_actor_process_execution_time": 0,
"causality_actor_process_image_md5": "example",
"causality_actor_process_image_sha256": "example",
"action_file_path": "example",
"action_file_name": "example",
"action_file_md5": "example",
"action_file_sha256": "example",
"action_file_macro_sha256": "example",
"action_registry_data": "example",
"action_registry_key_name": "example",
"action_registry_value_name": "example",
"action_registry_full_key": "example",
"action_local_ip": "example",
"action_local_port": "example",
"action_remote_ip": "example",
"action_remote_port": "example",
"action_external_hostname": "example",
"action_country": "example",
"action_process_instance_id": "example",
"action_process_causality_id": "example",
"action_process_image_name": "example",
"action_process_image_sha256": "example",
"action_process_image_command_line": "example",
"action_process_signature_status": "example",
"action_process_signature_vendor": "example",
"os_actor_effective_username": "example",
"os_actor_process_instance_id": "example",
"os_actor_process_image_path": "example",
"os_actor_process_image_name": "example",
"os_actor_process_command_line": "example",
"os_actor_process_signature_status": "example",
"os_actor_process_signature_vendor": "example",
"os_actor_process_image_sha256": "example",
"os_actor_process_causality_id": "example",
"os_actor_causality_id": "example",
"os_actor_process_os_pid": "example",
"os_actor_thread_thread_id": "example",
"fw_app_id": "example",
"fw_interface_from": "example",
"fw_interface_to": "example",
"fw_rule": "example",
"fw_rule_id": "example",
"fw_device_name": "example",
"fw_serial_number": 0,
"fw_url_domain": "example",
"fw_email_subject": "example",
"fw_email_sender": "example",
"fw_email_recipient": "example",
"fw_app_subcategory": "example",
"fw_app_category": "example",
"fw_app_technology": "example",
"fw_vsys": "example",
"fw_xff": "example",
"fw_misc": "example",
"fw_is_phishing": "example",
"dst_agent_id": "example",
"dst_causality_actor_process_execution_time": 0,
"dns_query_name": "example",
"dst_action_external_hostname": "example",
"dst_action_country": "example",
"dst_action_external_port": "example",
"user_name": "example"
}
],
"alert_id": "example",
"detection_timestamp": 0,
"name": "example",
"category": "example",
"endpoint_id": "example",
"description": "example",
"host_ip": [
"example"
],
"host_name": "example",
"source": "example",
"action": "example",
"action_pretty": "example"
}
],
"alert_id": "example",
"detection_timestamp": 0,
"name": "example",
"category": "example",
"endpoint_id": "example",
"description": "example",
"host_ip": [
"example"
],
"host_name": "example",
"source": "example",
"action": "example",
"action_pretty": "example",
"malicious_urls": [
"example"
]
},
"examples": {
"Success response": {
"value": {
"reply": {}
}
}
}
}
}
},
"400": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"401": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"402": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"403": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"500": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
}
}
}
},
"/public_api/v1/featured_fields/replace_hosts": {
"post": {
"requestBody": {
"content": {
"application/json": {
"schema": {
"request_data": {
"fields": [
{
"value": "example",
"comment": "example"
}
]
}
},
"examples": {
"example-1": {
"value": {
"request_data": {}
}
}
}
}
}
},
"responses": {
"200": {
"content": {
"application/json": {
"schema": false
}
}
},
"400": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"401": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"402": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"403": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"500": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
}
}
}
},
"/public_api/v1/featured_fields/replace_users": {
"post": {
"requestBody": {
"content": {
"application/json": {
"schema": {
"request_data": {
"fields": [
{
"value": "example",
"comment": "example"
}
]
}
},
"examples": {
"example-1": {
"value": {
"request_data": {}
}
}
}
}
}
},
"responses": {
"200": {
"content": {
"application/json": {
"schema": false
}
}
},
"400": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"401": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"402": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"403": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"500": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
}
}
}
},
"/public_api/v1/featured_fields/replace_ip_addresses": {
"post": {
"requestBody": {
"content": {
"application/json": {
"schema": {
"request_data": {
"fields": [
{
"value": "example",
"comment": "example"
}
]
}
},
"examples": {
"example-1": {
"value": {
"request_data": {}
}
}
}
}
}
},
"responses": {
"200": {
"content": {
"application/json": {
"schema": false
}
}
},
"400": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"401": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"402": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"403": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"500": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
}
}
}
},
"/public_api/v1/featured_fields/replace_ad_groups": {
"post": {
"requestBody": {
"content": {
"application/json": {
"schema": {
"request_data": {
"fields": [
{
"value": "example",
"type": "group",
"comment": "example"
}
]
}
},
"examples": {
"example-1": {
"value": {
"request_data": {}
}
}
}
}
}
},
"responses": {
"200": {
"content": {
"application/json": {
"schema": false
}
}
},
"400": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"401": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"402": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"403": {
"content": {
"application/json": {
"schema": {}
}
}
},
"500": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
}
}
}
},
"/public_api/v1/distributions/get_versions": {
"post": {
"requestBody": {
"content": {
"application/json": {
"schema": {}
}
}
},
"responses": {
"200": {
"content": {
"application/json": {
"schema": {
"reply": {
"windows": [
"example"
],
"linux": [
"example"
],
"macos": [
"example"
]
}
}
}
}
},
"400": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"401": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"402": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"403": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"500": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
}
}
}
},
"/public_api/v1/endpoints/get_endpoints": {
"post": {
"requestBody": {
"content": {
"application/json": {
"schema": {}
}
}
},
"responses": {
"200": {
"content": {
"application/json": {
"schema": {
"reply": [
{
"agent_id": "example",
"agent_status": "example",
"operational_status": "example",
"host_name": "example",
"agent_type": "example",
"ip": [
"example"
],
"last_seen": 0,
"tags": {
"server_tags": [
{}
],
"endpoint_tags": [
{}
]
},
"users": [
"example"
]
}
]
},
"examples": {
"example-1": {
"value": {}
}
}
}
}
},
"400": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"401": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"402": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"403": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"500": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
}
}
}
},
"/public_api/v1/endpoints/get_policy": {
"post": {
"requestBody": {
"content": {
"application/json": {
"schema": {
"request_data": {
"endpoint_id": "example"
}
},
"examples": {
"example-1": {
"value": {
"request_data": {}
}
}
}
}
}
},
"responses": {
"200": {
"content": {
"application/json": {
"schema": {
"reply": {
"policy_name": "example"
}
},
"examples": {
"example-1": {
"value": {
"reply": {}
}
}
}
}
}
},
"400": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"401": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"402": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"403": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"500": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
}
}
}
},
"/public_api/v1/endpoints/delete": {
"post": {
"requestBody": {
"content": {
"application/json": {
"schema": {
"request_data": {
"filters": [
{
"field": "example",
"operator": "in",
"value": [
"example"
]
}
]
}
},
"examples": {
"example-1": {
"value": {
"request_data": {}
}
}
}
}
}
},
"responses": {
"200": {
"content": {
"application/json": {}
}
},
"400": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"401": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"402": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"403": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"500": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
}
}
}
},
"/public_api/v1/distributions/create": {
"post": {
"requestBody": {
"content": {
"application/json": {
"schema": {
"request_data": {
"name": "example",
"platform": "windows",
"package_type": "example",
"agent_version": "example",
"windows_version": "example",
"linux_version": "example",
"macos_version": "example",
"deployment_platform": "example",
"default_namespace": "example",
"node_selector": {
"additionalProperties": {}
},
"proxy": [
"example"
],
"cluster_name": "example",
"run_on_master_node": false,
"run_on_all_nodes": false
}
},
"examples": {
"New Installation example": {
"value": {
"request_data": {}
}
},
"Upgrade example": {
"value": {
"request_data": {}
}
},
"Kubernetes distribution": {
"value": {
"request_data": {
"node_selector": {}
}
}
}
}
}
}
},
"responses": {
"200": {
"content": {
"application/json": {
"schema": {
"reply": {
"distribution_id": "example"
}
}
}
}
},
"400": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"401": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"402": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"403": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"500": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
}
}
}
},
"/public_api/v1/device_control/get_violations": {
"post": {
"requestBody": {
"content": {
"application/json": {
"schema": {
"request_data": {
"filters": [
{
"field": "endpoint_id_list",
"operator": "in",
"value": null
}
],
"search_from": 0,
"search_to": 0,
"sort": {
"field": "endpoint_id_list",
"value": "asc"
}
}
},
"examples": {
"Request all results": {
"value": {
"request_data": {}
}
},
"Request filtered results": {
"value": {
"request_data": {}
}
}
}
}
}
},
"responses": {
"200": {
"content": {
"application/json": {
"schema": {
"reply": {
"total_count": 0,
"result_count": 0,
"violations": [
{
"hostname": "example",
"username": "example",
"ip": "example",
"timestamp": 0,
"violation_id": 0,
"type": "example",
"vendor_id": "example",
"vendor": "example",
"product_id": "example",
"product": "example",
"serial": "example",
"endpoint_id": "example"
}
]
}
}
}
}
},
"400": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"401": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"402": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"403": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"500": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
}
}
}
},
"/public_api/v1/distributions/get_status": {
"post": {
"requestBody": {
"content": {
"application/json": {
"schema": {
"request_data": {
"distribution_id": "example"
}
}
}
}
},
"responses": {
"200": {
"content": {
"application/json": {
"schema": {
"reply": {
"status": "example"
}
}
}
}
},
"400": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"401": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"402": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"403": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"500": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
}
}
}
},
"/public_api/v1/distributions/get_dist_url": {
"post": {
"requestBody": {
"content": {
"application/json": {
"schema": {
"request_data": {
"distribution_id": "example",
"package_type": "example"
}
},
"examples": {
"example-1": {
"value": {
"request_data": {}
}
}
}
}
}
},
"responses": {
"200": {
"content": {
"application/json": {
"schema": {
"reply": {
"distribution_url": "example"
}
},
"examples": {
"example-1": {
"value": {
"reply": {}
}
}
}
}
}
},
"400": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"401": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"402": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"403": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"500": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
}
}
}
},
"/public_api/v1/endpoints/update_agent_name": {
"post": {
"requestBody": {
"content": {
"application/json": {
"schema": {
"request_data": {
"filters": [
{
"field": "endpoint_id_list",
"operator": "in",
"value": null
}
],
"alias": "example"
}
},
"examples": {
"example-1": {
"value": {
"request_data": {}
}
}
}
}
}
},
"responses": {
"200": {
"content": {
"application/json": {
"schema": false
}
}
},
"400": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"401": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"402": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"403": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"500": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
}
}
}
},
"/public_api/v1/tags/agents/assign": {
"post": {
"requestBody": {
"content": {
"application/json": {
"schema": {
"request_data": {
"filters": [
{
"field": "endpoint_id_list",
"operator": "in",
"value": null
}
],
"tag": "example"
}
},
"examples": {
"example-1": {
"value": {
"request_data": {}
}
}
}
}
}
},
"responses": {
"200": {
"content": {
"application/json": {
"schema": false
}
}
},
"400": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"401": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"402": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"403": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"500": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
}
}
}
},
"/public_api/v1/tags/agents/remove": {
"post": {
"requestBody": {
"content": {
"application/json": {
"schema": {
"request_data": {
"filters": [
{
"field": "endpoint_id_list",
"operator": "in",
"value": null
}
],
"tag": "example"
}
},
"examples": {
"example-1": {
"value": {
"request_data": {}
}
}
}
}
}
},
"responses": {
"200": {
"content": {
"application/json": {
"schema": false
}
}
},
"400": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"401": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"402": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"403": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"500": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
}
}
}
},
"/public_api/v1/endpoints/restore": {
"post": {
"requestBody": {
"content": {
"application/json": {
"schema": {
"request_data": {
"file_hash": "example",
"endpoint_id": "example",
"incident_id": 0
}
},
"examples": {
"example-1": {
"value": {
"request_data": {}
}
}
}
}
}
},
"responses": {
"200": {
"content": {
"application/json": {
"schema": {
"reply": {
"action_id": "example",
"endpoints_count": "example"
}
},
"examples": {
"example-1": {
"value": {
"reply": {}
}
}
}
}
}
},
"400": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"401": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"402": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"403": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"500": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
}
}
}
},
"/public_api/v1/actions/file_retrieval_details": {
"post": {
"requestBody": {
"content": {
"application/json": {
"schema": {
"request_data": {
"group_action_id": "example"
}
},
"examples": {
"example-1": {
"value": {
"request_data": {}
}
}
}
}
}
},
"responses": {
"200": {
"content": {
"application/json": {
"schema": {
"reply": {
"data": {
"endpoint_ID": "example"
}
}
},
"examples": {
"Example 1": {
"value": {
"reply": {
"data": {}
}
}
}
}
}
}
},
"400": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"401": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"402": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"403": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"500": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
}
}
}
},
"/public_api/v1/hash_exceptions/allowlist": {
"post": {
"requestBody": {
"content": {
"application/json": {
"schema": {
"request_data": {
"hash_list": [
"example"
],
"comment": "example",
"incident_id": 0
}
},
"examples": {
"example-1": {
"value": {
"request_data": {}
}
}
}
}
}
},
"responses": {
"200": {
"content": {
"application/json": {
"schema": false
}
}
},
"400": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"401": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"402": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"403": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"500": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
}
}
}
},
"/public_api/v1/quarantine/status": {
"post": {
"requestBody": {
"content": {
"application/json": {
"schema": {
"request_data": {
"files": [
{
"endpoint_id": "example",
"file_path": "example",
"file_hash": "example"
}
]
}
},
"examples": {
"example-1": {
"value": {
"request_data": {}
}
}
}
}
}
},
"responses": {
"200": {
"content": {
"application/json": {
"schema": {
"reply": [
{
"endpoint_id": "example",
"file_path": "example",
"file_hash": "example",
"status": false
}
]
},
"examples": {
"example-1": {
"value": {}
}
}
}
}
},
"400": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"401": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"402": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"403": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"500": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
}
}
}
},
"/public_api/v1/endpoints/quarantine": {
"post": {
"requestBody": {
"content": {
"application/json": {
"schema": {
"request_data": {
"filters": [
{
"field": "endpoint_id_list",
"operator": "in",
"value": [
"example"
]
}
],
"file_path": "example",
"file_hash": "example"
}
},
"examples": {
"example-1": {
"value": {
"request_data": {}
}
}
}
}
}
},
"responses": {
"200": {
"content": {
"application/json": {
"schema": {
"reply": {
"action_id": "example",
"status": "example",
"endpoints_count": "example"
}
},
"examples": {
"example-1": {
"value": {
"reply": {}
}
}
}
}
}
},
"400": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"401": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"402": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"403": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"500": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
}
}
}
},
"/public_api/v1/hash_exceptions/blocklist": {
"post": {
"requestBody": {
"content": {
"application/json": {
"schema": {
"request_data": {
"hash_list": [
"example"
],
"comment": "example",
"incident_id": 0
}
},
"examples": {
"example-1": {
"value": {
"request_data": {}
}
}
}
}
}
},
"responses": {
"200": {
"content": {
"application/json": {
"schema": false
}
}
},
"400": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"401": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"402": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"403": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"500": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
}
}
}
},
"/public_api/v1/endpoints/unisolate": {
"post": {
"requestBody": {
"content": {
"application/json": {
"schema": {
"request_data": {
"filters": [
{
"field": "endpoint_id_list",
"operator": "IN",
"value": [
"example"
]
}
],
"endpoint_id": "example",
"incident_id": "example"
}
},
"examples": {
"Unisolate one endpoint": {
"value": {
"request_data": {}
}
},
"Unisolate more than one endpoint": {
"value": {
"request_data": {}
}
}
}
}
}
},
"responses": {
"200": {
"content": {
"application/json": {
"schema": {
"reply": {
"action_id": "example",
"endpoints_count": "example"
}
},
"examples": {
"example-1": {
"value": {
"reply": {}
}
}
}
}
}
},
"400": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"401": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"402": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"403": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"500": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
}
}
}
},
"/public_api/v1/endpoints/abort_scan": {
"post": {
"requestBody": {
"content": {
"application/json": {
"schema": {
"request_data": {
"filters": null,
"incident_id": "example"
}
},
"examples": {
"To cancel scan of all endpoints": {
"value": {
"request_data": {}
}
},
"To cancel scan of filtered endpoints": {
"value": {
"request_data": {}
}
}
}
}
}
},
"responses": {
"200": {
"content": {
"application/json": {
"schema": {
"reply": {
"action_id": "example",
"endpoints_count": "example"
}
}
}
}
},
"400": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"401": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"402": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"403": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"500": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
}
}
}
},
"/public_api/v1/endpoints/scan": {
"post": {
"requestBody": {
"content": {
"application/json": {
"schema": {
"request_data": {
"filters": {
"additionalProperties": {
"field": "endpoint_id_list",
"operator": "in",
"value": null
}
},
"incident_id": "example"
}
},
"examples": {
"Scan all endpoints": {
"value": {
"request_data": {}
}
},
"Scan filtered endpoints": {
"value": {
"request_data": {}
}
}
}
}
}
},
"responses": {
"200": {
"content": {
"application/json": {
"schema": {
"reply": {
"action_id": "example",
"endpoints_count": "example"
}
}
}
}
},
"400": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"401": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"402": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"403": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"500": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
}
}
}
},
"/public_api/v1/actions/get_action_status": {
"post": {
"requestBody": {
"content": {
"application/json": {
"schema": {
"request_data": {
"group_action_id": 0
}
},
"examples": {
"example-1": {
"value": {
"request_data": {}
}
}
}
}
}
},
"responses": {
"200": {
"content": {
"application/json": {
"schema": {
"reply": {
"data": {
"agent_id": "PENDING"
}
}
},
"examples": {
"example-1": {
"value": {
"reply": {
"data": {}
}
}
}
}
}
}
},
"400": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"401": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"402": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"403": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"500": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
}
}
}
},
"/public_api/v1/scripts/run_snippet_code_script": {
"post": {
"requestBody": {
"content": {
"application/json": {
"schema": {
"request_data": {
"filters": [
{
"field": "endpoint_id_list",
"operator": "in",
"value": [
"example"
]
}
],
"timeout": 0,
"snippet_code": "example",
"incident_id": "example"
}
},
"examples": {
"example-1": {
"value": {
"request_data": {}
}
}
}
}
}
},
"responses": {
"200": {
"content": {
"application/json": {
"schema": {
"reply": {
"action_id": "example",
"endpoints_count": 0
}
},
"examples": {
"example-1": {
"value": {
"reply": {}
}
}
}
}
}
},
"400": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"401": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"402": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"403": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"500": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
}
}
}
},
"/public_api/v1/scripts/run_script": {
"post": {
"requestBody": {
"content": {
"application/json": {
"schema": {
"request_data": {
"filters": [
{
"field": "endpoint_id_list",
"operator": "in",
"value": [
"example"
]
}
],
"script_uid": "example",
"parameters_values": {
"x": "example",
"y": 0
},
"timeout": 0,
"incident_id": "example"
}
},
"examples": {
"example-1": {
"value": {
"request_data": {
"parameters_values": {}
}
}
}
}
}
}
},
"responses": {
"200": {
"content": {
"application/json": {
"schema": {
"reply": {
"action_id": 0,
"endpoints_count": 0,
"status": 0
}
},
"examples": {
"example-1": {
"value": {
"reply": {}
}
}
}
}
}
},
"400": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"401": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"402": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"403": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"500": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
}
}
}
},
"/public_api/v1/scripts/get_script_metadata": {
"post": {
"requestBody": {
"content": {
"application/json": {
"schema": {
"request_data": {
"script_uid": "example"
}
},
"examples": {
"example-1": {
"value": {
"request_data": {}
}
}
}
}
}
},
"responses": {
"200": {
"content": {
"application/json": {
"schema": {
"reply": {
"script_id": "example",
"name": "example",
"description": "example",
"modification_date": 0,
"created_by": "example",
"is_high_risk": false,
"windows_supported": false,
"linux_supported": false,
"macos_supported": false,
"script_uid": "example",
"entry_point": "example",
"script_input": [
{
"name": "example",
"type": "example",
"friendly_name": "example"
}
],
"script_output_type": "auto_detect",
"script_output_dictionary_definitions": [
{
"friendly_name": "example",
"name": "example",
"type": "example"
}
]
}
},
"examples": {
"When entry_point is returned as run": {
"value": {
"reply": {}
}
},
"When entry_point field is empty": {
"value": {
"reply": {}
}
}
}
}
}
},
"400": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"401": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"402": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"403": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"500": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
}
}
}
},
"/public_api/v1/scripts/get_scripts": {
"post": {
"requestBody": {
"content": {
"application/json": {
"schema": {
"request_data": {
"filters": [
{
"field": "name",
"operator": "in",
"value": null
}
]
}
},
"examples": {
"Request all results": {
"value": {
"request_data": {}
}
},
"Request filtered results": {
"value": {
"request_data": {}
}
}
}
}
}
},
"responses": {
"200": {
"content": {
"application/json": {
"schema": {
"reply": {
"total_count": 0,
"result_count": 0,
"scripts": [
{
"script_id": "example",
"name": "example",
"description": "example",
"modification_date": 0,
"created_by": "example",
"is_high_risk": false,
"windows_supported": false,
"linux_supported": false,
"macos_supported": false,
"script_uid": "example"
}
]
}
},
"examples": {
"example-1": {
"value": {
"reply": {}
}
}
}
}
}
},
"400": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"401": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"402": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"403": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"500": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
}
}
}
},
"/public_api/v1/scripts/get_script_execution_status": {
"post": {
"requestBody": {
"content": {
"application/json": {
"schema": {
"request_data": {
"action_id": "example"
}
},
"examples": {
"example-1": {
"value": {
"request_data": {}
}
}
}
}
}
},
"responses": {
"200": {
"content": {
"application/json": {
"schema": {
"reply": {
"general_status": "example",
"endpoints_pending": 0,
"endpoints_canceled": 0,
"endpoints_in_progress": 0,
"endpoints_timeout": 0,
"endpoints_failed": 0,
"endpoints_completed_successfully": 0,
"endpoints_pending_abort": 0,
"endpoints_aborted": 0,
"endpoints_expired": 0,
"error_message": "example"
}
},
"examples": {
"example-1": {
"value": {
"reply": {}
}
}
}
}
}
},
"400": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"401": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"402": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"403": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"500": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
}
}
}
},
"/public_api/v1/scripts/get_script_execution_results": {
"post": {
"requestBody": {
"content": {
"application/json": {
"schema": {
"request_data": {
"action_id": "example"
}
},
"examples": {
"example-1": {
"value": {
"request_data": {}
}
}
}
}
}
},
"responses": {
"200": {
"content": {
"application/json": {
"schema": {
"reply": {
"script_name": "example",
"script_description": "example",
"script_parameters": [
{}
],
"date_created": "example",
"scope": "example",
"error_message": "example",
"results": [
{
"endpoint_name": "example",
"endpoint_ip_address": [
"example"
],
"endpoint_status": "example",
"domain": "example",
"endpoint_id": "example",
"execution_status": "example",
"standard_output": {},
"retrieved_files": 0,
"failed_files": 0,
"retention_date": {}
}
]
}
},
"examples": {
"example-1": {
"value": {
"reply": {}
}
}
}
}
}
},
"400": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"401": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"402": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"403": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"500": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
}
}
}
},
"/public_api/v1/scripts/get_script_execution_results_files": {
"post": {
"requestBody": {
"content": {
"application/json": {
"schema": {
"request_data": {
"action_id": "example",
"endpoint_id": "example"
}
}
}
}
},
"responses": {
"200": {
"content": {
"application/json": {
"schema": {
"reply": {
"data": "example"
}
},
"examples": {
"example-1": {
"value": {
"reply": {}
}
}
}
}
}
},
"400": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"401": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"402": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"403": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"500": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
}
}
}
},
"/public_api/v1/scripts/get_script_code": {
"post": {
"requestBody": {
"content": {
"application/json": {
"schema": {
"request_data": {
"script_uid": "example"
}
},
"examples": {
"example-1": {
"value": {
"request_data": {}
}
}
}
}
}
},
"responses": {
"200": {
"content": {
"application/json": {
"schema": {
"reply": "example"
},
"examples": {
"example-1": {
"value": {}
}
}
}
}
},
"400": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"401": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"402": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"403": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"500": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
}
}
}
},
"/public_api/v1/indicators/insert_csv": {
"post": {
"requestBody": {
"content": {
"application/json": {
"schema": {
"request_data": "example",
"validate": false
},
"examples": {
"Request filtered results": {
"value": {}
},
"Request all results": {
"value": {
"request_data": {}
}
}
}
}
}
},
"responses": {
"200": {
"content": {
"application/json": {
"schema": {
"reply": {
"success": false,
"validation_errors": [
{
"indicator": "example",
"error": "example"
}
]
}
},
"examples": {
"example-1": {
"value": {
"reply": {}
}
}
}
}
}
},
"400": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"401": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"402": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"403": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"500": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
}
}
}
},
"/public_api/v1/indicators/insert_jsons": {
"post": {
"responses": {
"200": {
"content": {
"application/json": {
"schema": {
"reply": {
"success": false,
"validation_errors": [
{
"indicator": "example",
"error": "example"
}
]
}
},
"examples": {
"example-1": {
"value": {
"reply": {}
}
}
}
}
}
},
"400": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"401": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"402": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"403": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"500": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
}
},
"requestBody": {
"content": {
"application/json": {
"schema": {
"request_data": [
{
"indicator": "example",
"type": "HASH",
"severity": "INFO",
"expiration_date": 0,
"comment": "example",
"reputation": "GOOD",
"reliability": "A",
"vendors": [
{
"vendor_name": "example",
"reliability": "example",
"reputation": "example"
}
],
"class": "example"
}
],
"validate": false
},
"examples": {
"example-1": {
"value": {}
}
}
}
}
}
}
},
"/public_api/v1/audits/management_logs": {
"post": {
"requestBody": {
"content": {
"application/json": {
"schema": {
"request_data": {
"filters": [
{
"field": "email",
"operator": "in",
"value": null
}
],
"search_from": 0,
"search_to": 0,
"sort": {
"field": "type",
"keyword": "asc"
}
}
},
"examples": {
"Request all management logs from older to newer": {
"value": {
"request_data": {
"sort": {}
}
}
},
"Request all results": {
"value": {
"request_data": {}
}
},
"Request all successful login events after 06-Aug-19, sorted by timestamp oldest to newest": {
"value": {
"request_data": {
"sort": {}
}
}
}
}
}
}
},
"responses": {
"200": {
"content": {
"application/json": {
"schema": {
"reply": {
"total_count": 0,
"result_count": 0,
"data": [
{
"AUDIT_ID": 0,
"AUDIT_OWNER_NAME": "example",
"AUDIT_OWNER_EMAIL": "example",
"AUDIT_ASSET_JSON": "example",
"AUDIT_ASSET_NAMES": "example",
"AUDIT_HOSTNAME": "example",
"AUDIT_RESULT": "example",
"AUDIT_REASON": "example",
"AUDIT_DESCRIPTION": "example",
"AUDIT_ENTITY": "LIVE_TERMINAL",
"AUDIT_ENTITY_SUBTYPE": "example",
"AUDIT_SESSION_ID": 0,
"AUDIT_CASE_ID": 0,
"AUDIT_INSERT_TIME": 0,
"AUDIT_SEVERITY": "example",
"AUDIT_LINK": "example",
"AUDIT_SOURCE_IP": "example",
"AUDIT_USER_AGENT": "example",
"AUDIT_USER_ROLES": [
"example"
],
"AUDIT_ADDITIONAL_INFORMATION": {
"endpoint_names": [
"example"
],
"endpoint_count": 0
}
}
]
}
},
"examples": {
"example-1": {
"value": {
"reply": {}
}
}
}
}
}
},
"400": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"401": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"402": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"403": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"500": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
}
}
}
},
"/public_api/v1/healthcheck": {
"get": {
"responses": {
"200": {
"content": {
"application/json": {
"schema": {
"status": "example"
}
}
}
},
"400": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"401": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"402": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"403": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"500": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
}
}
}
},
"/public_api/v1/system/get_tenant_info": {
"post": {
"responses": {
"200": {
"content": {
"application/json": {
"schema": {
"reply": {
"pro_per_endpoint_expiration": 0,
"purchased_pro_per_endpoint": {
"agents": 0
},
"data_enabled_pro_per_endpoint": 0,
"prevent_expiration": 0,
"purchased_prevent": 0,
"installed_prevent": 0,
"pro_tb_expiration": 0,
"purchased_pro_gb": {
"gb": 0
},
"installed_pro_gb": 0,
"compute_unit_expiration": 0,
"purchased_compute_unit": 0,
"host_insights_expiration": 0,
"enabled_host_insights": 0,
"purchased_host_insights": 0,
"forensics_expiration": 0,
"enabled_forensics": 0,
"pro_cloud_expiration": 0,
"purchased_pro_cloud": {
"agents": 0
},
"installed_pro_cloud": 0,
"data_enabled_pro_cloud": 0,
"identity_threat_expiration": 0,
"xth_expiration": 0,
"purchased_xth": 0,
"xdr_ep_hot_expiration": "example",
"purchased_xdr_ep_hot": 0,
"xdr_ep_cold_expiration": "example",
"purchased_xdr_ep_cold": 0,
"xdr_gb_hot_expiration": "example",
"purchased_xdr_gb_hot": 0,
"xdr_gb_cold_expiration": "example",
"purchased_xdr_gb_cold": 0
}
},
"examples": {
"example-1": {
"value": {
"reply": {
"purchased_pro_per_endpoint": {},
"purchased_pro_tb": {}
}
}
}
}
}
}
}
},
"requestBody": {
"content": {
"application/json": {
"schema": {
"request_data": {}
}
}
}
}
}
},
"/public_api/v1/incidents/get_incident_extra_data": {
"post": {
"responses": {
"200": {
"content": {
"application/json": {
"schema": {
"reply": {
"incident": {
"incident_id": "example",
"incident_name": "example",
"creation_time": 0,
"modification_time": 0,
"detection_time": {},
"status": "example",
"severity": "example",
"description": "example",
"assigned_user_mail": "example",
"assigned_user_pretty_name": "example",
"alert_count": 0,
"low_severity_alert_count": 0,
"med_severity_alert_count": 0,
"high_severity_alert_count": 0,
"critical_severity_alert_count": 0,
"user_count": 0,
"host_count": 0,
"notes": "example",
"resolve_comment": "example",
"manual_description": "example",
"xdr_url": "example",
"starred": false,
"hosts": [
"example"
],
"users": [
{}
],
"incident_sources": [
"example"
],
"rule_based_score": 0,
"manual_score": {},
"wildfire_hits": 0,
"alerts_grouping_status": "example",
"mitre_techniques_ids_and_names": [
"example"
],
"mitre_tactics_ids_and_names": [
"example"
],
"alert_categories": [
"example"
],
"original_tags": [
"example"
],
"tags": [
"example"
],
"incident_domain": "example",
"custom_fields": {}
},
"alerts": {
"total_count": 0,
"data": [
{
"external_id": "example",
"severity": "example",
"matching_status": "example",
"end_match_attempt_ts": {},
"local_insert_ts": 0,
"bioc_indicator": {},
"matching_service_rule_id": {},
"attempt_counter": {},
"bioc_category_enum_key": {},
"case_id": 0,
"is_whitelisted": false,
"starred": false,
"deduplicate_tokens": "example",
"filter_rule_id": {},
"mitre_technique_id_and_name": {},
"mitre_tactic_id_and_name": {},
"agent_version": {},
"agent_device_domain": {},
"agent_fqdn": {},
"agent_os_type": "example",
"agent_os_sub_type": {},
"agent_data_collection_status": {},
"mac": {},
"agent_is_vdi": {},
"agent_install_type": "example",
"agent_host_boot_time": {},
"event_sub_type": {},
"module_id": {},
"association_strength": {},
"dst_association_strength": {},
"story_id": {},
"event_id": {},
"event_type": "example",
"events_length": 0,
"event_timestamp": {},
"actor_process_instance_id": {},
"actor_process_image_path": {},
"actor_process_image_name": {},
"actor_process_command_line": {},
"actor_process_signature_status": "example",
"actor_process_signature_vendor": {},
"actor_process_image_sha256": {},
"actor_process_image_md5": {},
"actor_process_causality_id": {},
"actor_causality_id": {},
"actor_process_os_pid": {},
"actor_thread_thread_id": {},
"causality_actor_process_image_name": {},
"causality_actor_process_command_line": {},
"causality_actor_process_image_path": {},
"causality_actor_process_signature_vendor": {},
"causality_actor_process_signature_status": "example",
"causality_actor_causality_id": {},
"causality_actor_process_execution_time": {},
"causality_actor_process_image_md5": {},
"causality_actor_process_image_sha256": {},
"action_file_path": {},
"action_file_name": {},
"action_file_md5": {},
"action_file_sha256": {},
"action_file_macro_sha256": {},
"action_registry_data": {},
"action_registry_key_name": {},
"action_registry_value_name": {},
"action_registry_full_key": {},
"action_local_ip": "example",
"action_local_port": "example",
"action_remote_ip": "example",
"action_remote_port": "example",
"action_external_hostname": "example",
"action_country": "example",
"action_process_instance_id": {},
"action_process_causality_id": {},
"action_process_image_name": {},
"action_process_image_sha256": {},
"action_process_image_command_line": {},
"action_process_signature_status": "example",
"action_process_signature_vendor": {},
"os_actor_effective_username": {},
"os_actor_process_instance_id": {},
"os_actor_process_image_path": {},
"os_actor_process_image_name": {},
"os_actor_process_command_line": {},
"os_actor_process_signature_status": "example",
"os_actor_process_signature_vendor": {},
"os_actor_process_image_sha256": {},
"os_actor_process_causality_id": {},
"os_actor_causality_id": {},
"os_actor_process_os_pid": {},
"os_actor_thread_thread_id": {},
"fw_app_id": {},
"fw_interface_from": {},
"fw_interface_to": {},
"fw_rule": {},
"fw_rule_id": {},
"fw_device_name": {},
"fw_serial_number": "example",
"fw_url_domain": {},
"fw_email_subject": "example",
"fw_email_sender": {},
"fw_email_recipient": {},
"fw_app_subcategory": {},
"fw_app_category": {},
"fw_app_technology": {},
"fw_vsys": {},
"fw_xff": {},
"fw_misc": {},
"fw_is_phishing": "example",
"dst_agent_id": {},
"dst_causality_actor_process_execution_time": {},
"dns_query_name": {},
"dst_action_external_hostname": {},
"dst_action_country": {},
"dst_action_external_port": {},
"alert_id": "example",
"detection_timestamp": 0,
"name": "example",
"category": "example",
"endpoint_id": {},
"description": "example",
"host_ip": "example",
"host_name": "example",
"source": "example",
"action": "example",
"action_pretty": "example",
"user_name": {},
"contains_featured_host": "example",
"contains_featured_user": "example",
"contains_featured_ip_address": "example",
"tags": [
"example"
],
"original_tags": "example"
}
]
},
"network_artifacts": {
"total_count": 0,
"data": [
{
"type": "example",
"alert_count": 0,
"is_manual": false,
"network_domain": "example",
"network_remote_ip": "example",
"network_remote_port": "example",
"network_country": "example"
}
]
},
"file_artifacts": {
"total_count": 0,
"data": [
{
"alert_count": 0,
"file_name": "example",
"File_sha256": "example",
"file_signature_status": "example",
"file_wildfire_verdict": "example",
"is_malicous": false,
"is_manual": false,
"is_process": false,
"low_confidence": false,
"type": "example"
}
]
}
}
},
"examples": {
"Example 1": {
"value": {
"reply": {
"incident": {},
"alerts": {},
"network_artifacts": {},
"file_artifacts": {}
}
}
}
}
}
}
},
"400": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"401": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"402": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"403": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"404": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"500": {}
},
"requestBody": {
"content": {
"application/json": {
"schema": {
"request_data": {
"incident_id": "example",
"alerts_limit": 0
}
},
"examples": {
"Example 1": {
"value": {
"request_data": {}
}
}
}
}
}
}
}
},
"/public_api/v1/rbac/get_users": {
"post": {
"responses": {
"200": {
"content": {
"application/json": {
"schema": {
"reply": [
{
"user_email": "example",
"user_first_name": "example",
"user_last_name": "example",
"role_name": "example",
"last_logged_in": 0,
"user_type": "example",
"groups": [
{}
],
"scope": [
{}
]
}
]
},
"examples": {
"Example 1": {
"value": {}
}
}
}
}
},
"400": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"401": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"402": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"403": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"500": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
}
},
"requestBody": {
"content": {
"application/json": {
"schema": {},
"examples": {
"Example 1": {
"value": {
"request_data": {}
}
}
}
}
}
}
}
},
"/public_api/v1/rbac/get_roles": {
"post": {
"responses": {
"200": {
"content": {
"application/json": {
"schema": {
"reply": [
{
"pretty_name": "example",
"permissions": [
"example"
],
"insert_time": 0,
"update_time": 0,
"created_by": "example",
"description": "example",
"groups": [
"example"
],
"users": [
"example"
]
}
]
},
"examples": {
"Example 1": {
"value": {}
}
}
}
}
},
"400": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"401": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"402": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"403": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"500": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
}
},
"requestBody": {
"content": {
"application/json": {
"schema": {
"request_data": {
"role_names": [
"example"
]
}
},
"examples": {
"Example 1": {
"value": {
"request_data": {}
}
}
}
}
}
}
}
},
"/public_api/v1/rbac/get_user_group": {
"post": {
"responses": {
"200": {
"content": {
"application/json": {
"schema": {
"reply": [
{
"group_name": "example",
"description": {},
"pretty_name": "example",
"insert_time": 0,
"update_time": 0,
"user_email": [
"example"
],
"source": "example"
}
]
},
"examples": {
"Example 1": {
"value": {}
}
}
}
}
},
"400": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"401": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"402": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"403": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"500": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
}
},
"requestBody": {
"content": {
"application/json": {
"schema": {
"request_data": {
"group_names": [
"example"
]
}
},
"examples": {
"Example 1": {
"value": {
"request_data": {}
}
}
}
}
}
}
}
},
"/public_api/v1/rbac/set_user_role": {
"post": {
"responses": {
"200": {
"content": {
"application/json": {
"schema": {
"reply": {
"update_count": "example"
}
},
"examples": {
"Example 1": {
"value": {
"reply": {}
}
}
}
}
}
},
"400": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"401": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"402": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"403": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"500": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
}
},
"requestBody": {
"content": {
"application/json": {
"schema": {
"request_data": {
"user_emails": [
"example"
],
"role_name": "example"
}
},
"examples": {
"Example 1": {
"value": {
"request_data": {}
}
}
}
}
}
}
}
},
"/public_api/v1/endpoints/get_endpoint": {
"post": {
"responses": {
"200": {
"content": {
"application/json": {
"schema": {
"reply": {
"total_count": 0,
"result_count": 0,
"endpoints": [
{
"endpoint_id": "example",
"endpoint_name": "example",
"endpointTags": "example",
"endpoint_type": "example",
"endpoint_status": "example",
"os_type": "example",
"os_version": "example",
"ip": [
"example"
],
"ipv6": [
{}
],
"public_ip": "example",
"users": [
"example"
],
"domain": "example",
"alias": "example",
"first_seen": 0,
"last_seen": 0,
"content_version": "example",
"installation_package": "example",
"active_directory": {},
"install_date": 0,
"endpoint_version": "example",
"is_isolated": "example",
"isolated_date": {},
"group_name": [
{}
],
"operational_status": "example",
"operational_status_description": "example",
"scan_status": "example",
"content_release_timestamp": 0,
"last_content_update_time": 0,
"content_status": "example",
"operating_system": "example",
"mac_address": [
"example"
],
"assigned_prevention_policy": "example",
"assigned_extensions_policy": "example"
}
]
}
},
"examples": {
"Example 1": {
"value": {
"reply": {}
}
},
"Example 2": {
"value": {
"reply": {}
}
}
}
}
}
},
"400": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"401": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"402": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"403": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"500": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
}
},
"requestBody": {
"content": {
"application/json": {
"schema": {
"request_data": {
"filters": [
{
"field": "endpoint_id_list",
"operator": "in",
"value": null
}
],
"search_from": 0,
"search_to": 0,
"sort": {
"field": "endpoint_id",
"keyword": "ASC"
}
}
},
"examples": {
"Request filtered results": {
"value": {
"request_data": {
"sort": {}
}
}
},
"Request all results": {
"value": {
"request_data": {}
}
}
}
}
}
}
}
},
"/public_api/v1/get_risk_score": {
"post": {
"responses": {
"200": {
"content": {
"application/json": {
"schema": {
"reply": {
"type": "example",
"id": "example",
"score": 0,
"norm_risk_score": 0,
"risk_level": "LOW",
"reasons": [
{
"date created": "example",
"description": "example",
"severity": "example",
"status": "example",
"points": 0
}
],
"email": "example"
}
},
"examples": {
"Example 1": {
"value": {
"reply": null
}
}
}
}
}
},
"400": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"401": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"402": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"403": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"500": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
}
},
"requestBody": {
"content": {
"application/json": {
"schema": {
"request_data": {
"id": "example"
}
},
"examples": {
"Example 1": {
"value": {
"request_data": {}
}
}
}
}
}
}
}
},
"/public_api/v1/get_risky_users": {
"post": {
"responses": {
"200": {
"content": {
"application/json": {
"schema": {
"reply": [
{
"type": "example",
"id": "example",
"score": 0,
"norm_risk_score": 20,
"risk_level": "MED",
"reasons": [
{
"date created": "example",
"description": "example",
"severity": "example",
"status": "example",
"points": 0
}
],
"email": "example"
}
]
},
"examples": {
"Example 1": {
"value": {}
}
}
}
}
},
"400": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"401": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"402": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"403": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"500": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
}
},
"requestBody": {
"content": {
"application/json": {
"schema": {}
}
}
}
}
},
"/public_api/v1/get_risky_hosts": {
"post": {
"responses": {
"200": {
"content": {
"application/json": {
"schema": {
"reply": [
{
"type": "example",
"id": "example",
"score": 0,
"norm_risk_score": 20,
"risk_level": "LOW",
"reasons": [
{
"date created": "example",
"description": "example",
"severity": "example",
"status": "example",
"points": 0
}
]
}
]
},
"examples": {
"Example 1": {
"value": {}
}
}
}
}
},
"400": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"401": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"402": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"403": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"500": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
}
},
"requestBody": {
"content": {
"application/json": {
"schema": {}
}
}
}
}
},
"/public_api/v1/endpoints/file_retrieval": {
"post": {
"responses": {
"200": {
"content": {
"application/json": {
"schema": {
"reply": {
"action_id": "example",
"status": "example",
"endpoints_count": "example"
}
}
}
}
},
"400": {},
"401": {},
"402": {},
"403": {},
"500": {}
},
"requestBody": {
"content": {
"application/json": {
"schema": {
"request_data": {
"filters": [
{
"field": "endpoint_id_list",
"operator": "in",
"value": [
"example"
]
}
],
"files": {
"windows": [
"example"
],
"linux": [
"example"
],
"macos": [
"example"
]
},
"incident_id": "example"
}
}
}
}
}
}
},
"/public_api/v1/endpoints/isolate": {
"post": {
"responses": {
"200": {
"content": {
"application/json": {
"schema": {
"reply": {
"action_id": "example",
"endpoints_count": "example"
}
},
"examples": {
"Example 1": {
"value": {
"reply": {}
}
}
}
}
}
},
"400": {},
"401": {},
"402": {},
"403": {},
"500": {}
},
"requestBody": {
"content": {
"application/json": {
"schema": {
"request_data": {
"filters": [
{
"field": "endpoint_id_list",
"operator": "in",
"value": [
"example"
]
}
],
"endpoint_id": "example",
"incident_id": "example"
}
},
"examples": {
"Isolate one endpoint": {
"value": {
"request_data": {}
}
},
"Isolate more than one endpoint": {
"value": {
"request_data": {}
}
}
}
}
}
}
}
},
"/public_api/v1/audits/agents_reports": {
"post": {
"responses": {
"200": {
"content": {
"application/json": {
"schema": {
"reply": {
"total_count": 0,
"result_count": 0,
"data": [
{
"TIMESTAMP": 0.1,
"RECEIVEDTIME": 0.1,
"ENDPOINTID": "example",
"ENDPOINTNAME": "example",
"DOMAIN": "example",
"TRAPSVERSION": "example",
"CATEGORY": "example",
"TYPE": "example",
"SUBTYPE": "example",
"RESULT": "example",
"REASON": "example",
"DESCRIPTION": "example"
}
]
}
}
}
}
},
"400": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"401": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"402": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"403": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"500": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
}
},
"requestBody": {
"content": {
"application/json": {
"schema": {
"request_data": {
"filters": [
{
"field": "endpoint_id",
"operator": "in",
"value": null
}
],
"search_from": 0,
"search_to": 0,
"sort": {
"field": "type",
"keyword": "asc"
}
}
},
"examples": {
"Request all results": {
"value": {
"request_data": {}
}
},
"Request filtered values": {
"value": {
"request_data": {
"sort": {}
}
}
}
}
}
}
}
}
},
"/public_api/v1/triage_endpoint": {
"post": {
"responses": {
"200": {
"content": {
"application/json": {
"schema": {
"reply": {
"group_action_id": 0,
"successful_agent_ids": [
"example"
],
"unsuccessful_agent_ids": [
{}
]
}
},
"examples": {
"Example 1": {
"value": {
"reply": {}
}
}
}
}
}
},
"400": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"401": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"402": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"403": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"500": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
}
},
"requestBody": {
"content": {
"application/json": {
"schema": {
"request_data": {
"agent_ids": [
"example"
],
"collector_uuid": "example"
}
},
"examples": {
"Example 1": {
"value": {
"request_data": {}
}
}
}
}
}
}
}
},
"/public_api/v1/xql/add_dataset": {
"post": {
"responses": {
"200": {
"content": {
"application/json": {
"schema": {
"dataset_name": "example"
}
}
}
},
"400": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"401": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"402": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"403": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"500": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
}
},
"requestBody": {
"content": {
"application/json": {
"schema": {
"request": {
"dataset_name": "example",
"dataset_type": "lookup",
"dataset_schema": {
"additionalProperties": "datetime"
}
}
},
"examples": {
"Example 1": {
"value": {
"request": {
"dataset_schema": {}
}
}
}
}
}
}
}
}
},
"/public_api/v2/xql/delete_dataset": {
"post": {
"responses": {
"200": {},
"400": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"401": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"402": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"403": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"500": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
}
},
"requestBody": {
"content": {
"application/json": {
"schema": {
"request": {
"dataset_name": "example",
"force": false
}
},
"examples": {
"Example 1": {
"value": {
"request": {}
}
}
}
}
}
}
}
},
"/public_api/v1/xql/get_datasets": {
"post": {
"responses": {
"200": {
"content": {
"application/json": {
"schema": {
"reply": [
{
"dataset_name": "example",
"type": "example",
"log_update_type": "example",
"last_updated": 0,
"total_days_stored": 0,
"hot_range": {
"from": 0,
"to": 0
},
"cold_range": {
"from": 0,
"to": 0
},
"total_size_stored": 0,
"average_daily_size": 0,
"total_events": 0,
"average_event_size": 0,
"ttl": 0,
"default_query_target": false
}
]
},
"examples": {
"Example 1": {
"value": {}
}
}
}
}
},
"400": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"401": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"402": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"403": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"500": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
}
},
"requestBody": {
"content": {
"application/json": {
"schema": {
"request": {}
}
}
}
}
}
},
"/public_api/v1/xql/lookups/add_data": {
"post": {
"responses": {
"200": {
"content": {
"application/json": {
"schema": {
"added": 0,
"updated": 0,
"skipped": 0
}
}
}
},
"400": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"401": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"402": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"403": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"500": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
}
},
"requestBody": {
"content": {
"application/json": {
"schema": {
"request": {
"dataset_name": "example",
"key_fields": [
"example"
],
"data": {
"additionalProperties": {}
}
}
},
"examples": {
"Example 1": {
"value": {
"request": {}
}
}
}
}
}
}
}
},
"/public_api/v1/xql/lookups/remove_data": {
"post": {
"responses": {
"200": {
"content": {
"application/json": {
"schema": {
"deleted": 0
}
}
}
},
"400": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"401": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"402": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"403": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"500": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
}
},
"requestBody": {
"content": {
"application/json": {
"schema": {
"request": {
"dataset_name": "example",
"filters": {
"additionalProperties": "example"
}
}
},
"examples": {
"Example 1": {
"value": {
"request": {}
}
}
}
}
}
}
}
},
"/public_api/v1/xql/lookups/get_data": {
"post": {
"responses": {
"200": {
"content": {
"application/json": {
"schema": {
"data": {
"additionalProperties": "example"
},
"filter_count": 0,
"total_count": 0
},
"examples": {
"Example 1": {
"value": {
"reply": {}
}
}
}
}
}
},
"400": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"401": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"402": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"403": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"500": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
}
},
"requestBody": {
"content": {
"application/json": {
"schema": {
"request": {
"dataset_name": "example",
"filters": [
{
"additionalProperties": "example"
}
],
"limit": 0
}
},
"examples": {
"Example 1": {
"value": {
"request": {}
}
}
}
}
}
}
}
},
"/public_api/v1/get_triage_presets": {
"post": {
"responses": {
"200": {
"content": {
"application/json": {
"schema": {
"reply": {
"triage_presets": [
{
"uuid": "example",
"name": "example",
"os": "example",
"description": "example",
"created_by": "example",
"type": "example"
}
]
}
},
"examples": {
"Example 1": {
"value": {
"reply": {}
}
}
}
}
}
},
"400": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"401": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"402": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"403": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"500": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
}
},
"requestBody": {
"content": {
"application/json": {
"schema": {
"request_data": {}
}
}
}
}
}
},
"/public_api/v1/automations/get_automation_rules": {
"post": {
"responses": {
"200": {
"content": {
"application/json": {
"schema": {
"reply": {
"data": [
{
"rule_id": "example",
"rule_priority": 0,
"rule_name": "example",
"rule_action": "example",
"action_params": {
"alert_status": "example",
"resolution_comment": "example",
"user": "example",
"assignment_status": "example"
},
"alerts_filter": {
"filter_data": {
"filter": {
"and": [
{
"or": [
{
"search_field": "example",
"search_type": "example",
"search_value": null
}
],
"search_field": "example",
"search_type": "example",
"search_value": null
}
]
}
}
},
"endpoints_filter": {},
"is_stop_processing": 0,
"rule_version": 0,
"version_triggers_count": 0,
"rule_status": "example",
"created_by": "example",
"modify_ts": 0
}
]
}
}
}
}
},
"400": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"401": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"402": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"403": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"500": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
}
},
"requestBody": {
"content": {
"application/json": {
"schema": {
"request": {}
}
}
}
}
}
},
"/public_api/v1/endpoints/terminate_process": {
"post": {
"responses": {
"200": {
"content": {
"application/json": {
"schema": {
"reply": {
"group_action_id": 0
}
}
}
}
},
"400": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"401": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"402": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"403": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"500": {
"content": {
"application/json": {
"schema": {}
}
}
}
},
"requestBody": {
"content": {
"application/json": {
"schema": {
"request_data": {
"agent_id": "example",
"instance_id": "example",
"process_name": "example",
"incident_id": "example"
}
},
"examples": {
"Example 1": {
"value": {
"request_data": {}
}
}
}
}
}
}
}
},
"/public_api/v1/endpoints/terminate_causality": {
"post": {
"responses": {
"200": {
"content": {
"application/json": {
"schema": {
"reply": {
"group_action_id": "example"
}
}
}
}
},
"400": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"401": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"402": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"403": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"500": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
}
},
"requestBody": {
"content": {
"application/json": {
"schema": {
"request_data": {
"agent_id": "example",
"causality_id": "example",
"process_name": "example",
"incident_id": "example"
}
},
"examples": {
"Example 1": {
"value": {
"request_data": {}
}
}
}
}
}
}
}
},
"/public_api/v1/integrations/syslog/create": {
"post": {
"responses": {
"200": {
"content": {
"application/json": {
"schema": {
"syslog_integration_id": 0,
"name": "example"
},
"examples": {
"Example 1": {
"value": {}
}
}
}
}
},
"400": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"401": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"402": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"403": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"500": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
}
},
"requestBody": {
"content": {
"application/json": {
"schema": {
"request_data": {
"name": "example",
"address": "example",
"port": 0,
"protocol": "TCP",
"facility": "example",
"security_info": {
"certificate_name": "example",
"ignore_cert_errors": false,
"certificate_content": "[binary file]"
}
}
},
"examples": {
"Example 1": {
"value": {
"request_data": {}
}
},
"Example 2": {
"value": {
"request_data": {
"security_info": {}
}
}
}
}
}
}
}
}
},
"/public_api/v1/integrations/syslog/get": {
"post": {
"responses": {
"200": {
"content": {
"application/json": {
"schema": {
"objects_count": 0,
"objects": [
{
"SYSLOG_INTEGRATION_ID": 0,
"SYSLOG_INTEGRATION_NAME": "example",
"SYSLOG_INTEGRATION_ADDRESS": "example",
"SYSLOG_INTEGRATION_PORT": 0,
"SYSLOG_INTEGRATION_PROTOCOL": "example",
"FACILITY": "example",
"SYSLOG_INTEGRATION_STATUS": "example",
"SYSLOG_INTEGRATION_ERROR": {},
"SYSLOG_INTEGRATION_CERTIFICATE_NAME": {},
"SYSLOG_INTEGRATION_IGNORE_CERTIFICATE_ERROR": "example"
}
]
}
}
}
},
"400": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"401": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"402": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"403": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"500": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
}
},
"requestBody": {
"content": {
"application/json": {
"schema": {
"request_data": {
"filters": [
{
"field": "name",
"operator": "eq",
"value": "example"
}
]
}
},
"examples": {
"Example 1": {
"value": {
"request_data": {}
}
},
"Example 2": {
"value": {
"request_data": {}
}
}
}
}
}
}
}
},
"/public_api/v1/integrations/syslog/update": {
"post": {
"responses": {
"200": {
"content": {
"application/json": {
"schema": {
"reply": false
}
}
}
},
"400": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"401": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"402": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"403": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"500": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
}
},
"requestBody": {
"content": {
"application/json": {
"schema": {
"request_data": {
"syslog_id": "example",
"name": "example",
"address": "example",
"port": "example",
"protocol": "TCP",
"facility": "example",
"security_info": {
"certificate_name": "example",
"ignore_cert_errors": false,
"certificate_content": "[binary file]"
}
}
},
"examples": {
"Example 1": {
"value": {
"request_data": {
"security_info": {}
}
}
}
}
}
}
}
}
},
"/public_api/v1/integrations/syslog/delete": {
"post": {
"responses": {
"200": {},
"400": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"401": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"402": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"403": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"500": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
}
},
"requestBody": {
"content": {
"application/json": {
"schema": {
"request_data": {
"filters": [
{
"field": "name",
"operator": "eq",
"value": "example"
}
]
}
},
"examples": {
"Example 1": {
"value": {
"request_data": {}
}
}
}
}
}
}
}
},
"/public_api/v1/integrations/syslog/test": {
"post": {
"responses": {
"200": {},
"400": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"401": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"402": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"403": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"500": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
}
},
"requestBody": {
"content": {
"application/json": {
"schema": {
"request_data": {
"syslog_id": "example",
"name": "example",
"address": "example",
"port": "example",
"protocol": "TCP",
"facility": "example",
"security_info": {
"certificate_name": "example",
"ignore_cert_errors": false,
"certificate_content": "[binary file]"
}
}
},
"examples": {
"Example 1": {
"value": {
"request_data": {}
}
}
}
}
}
}
}
},
"/public_api/v1/distributions/delete": {
"post": {
"responses": {
"200": {
"content": {
"application/json": {
"schema": {
"reply": false
},
"examples": {
"Example 1": {
"value": {}
}
}
}
}
}
},
"requestBody": {
"content": {
"application/json": {
"schema": {
"request_data": {
"distribution_id": "example"
}
},
"examples": {
"Example 1": {
"value": {
"request_data": {}
}
}
}
}
}
}
}
},
"/public_api/v1/authentication-settings/create": {
"post": {
"responses": {
"200": {
"content": {
"application/json": {
"schema": {
"reply": false
},
"examples": {
"Example 1": {
"value": {}
}
}
}
}
},
"400": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"401": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"402": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"403": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"500": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
}
},
"requestBody": {
"content": {
"application/json": {
"schema": {
"request_data": {
"name": "example",
"default_role": "example",
"is_account_role": false,
"domain": "example",
"mappings": {
"email": "example",
"firstname": "example",
"lastname": "example",
"group_name": "example"
},
"advanced_settings": {
"relay_state": "example",
"idp_single_logout_url": "example",
"service_provider_public_cert": "example",
"service_provider_private_key": "example",
"authn_context_enabled": false,
"force_authn": false
},
"idp_sso_url": "example",
"idp_certificate": "example",
"idp_issuer": "example",
"metadata_url": "example"
}
},
"examples": {
"Example 1": {
"value": {
"request_data": {
"mappings": {},
"advanced_settings": {}
}
}
}
}
}
}
}
}
},
"/public_api/v1/authentication-settings/update": {
"post": {
"requestBody": {
"content": {
"application/json": {
"schema": {
"request_data": {
"name": "example",
"default_role": "example",
"is_account_role": false,
"current_domain_value": "example",
"new_domain_value": "example",
"mappings": {
"email": "example",
"firstname": "example",
"lastname": "example",
"group_name": "example"
},
"advanced_settings": {
"relay_state": "example",
"idp_single_logout_url": "example",
"service_provider_public_cert": "example",
"service_provider_private_key": "example",
"authn_context_enabled": false,
"force_authn": false
},
"idp_sso_url": "example",
"idp_certificate": "example",
"idp_issuer": "example",
"metadata_url": "example"
}
},
"examples": {
"Example 1": {
"value": {
"request_data": {
"mappings": {},
"advanced_settings": {}
}
}
}
}
}
}
},
"responses": {
"200": {
"content": {
"application/json": {
"schema": {
"reply": false
}
}
}
},
"400": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"401": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"402": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"403": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"500": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
}
}
}
},
"/public_api/v1/authentication-settings/delete": {
"post": {
"responses": {
"200": {
"content": {
"application/json": {
"schema": {
"reply": false
},
"examples": {
"Example 1": {
"value": {}
}
}
}
}
},
"400": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"401": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"402": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"403": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"500": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
}
},
"requestBody": {
"content": {
"application/json": {
"schema": {
"request_data": {
"domain": "example"
}
},
"examples": {
"Example 1": {
"value": {
"request_data": {}
}
}
}
}
}
}
}
},
"/public_api/v1/authentication-settings/get/settings": {
"post": {
"responses": {
"200": {
"content": {
"application/json": {
"schema": {
"reply": [
{
"tenant_id": "example",
"name": "example",
"domain": "example",
"idp_enabled": false,
"default_role": null,
"is_account_role": null,
"idp_certificate": "example",
"idp_issuer": "example",
"idp_sso_url": "example",
"metadata_url": "example",
"mappings": {
"email": "example",
"firstname": "example",
"group_name": "example",
"lastname": "example"
},
"advanced_settings": {
"authn_context_enabled": false,
"force_authn": null,
"idp_single_logout_url": "example",
"relay_state": "example",
"service_provider_private_key": "example",
"service_provider_public_cert": "example"
},
"sp_entity_id": "example",
"sp_logout_url": "example",
"sp_url": "example"
}
]
},
"examples": {
"Example 1": {
"value": {}
}
}
}
}
},
"400": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"401": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"402": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"403": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"500": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
}
},
"requestBody": {
"content": {
"application/json": {
"schema": {
"request_data": {}
}
}
}
}
}
},
"/public_api/v1/authentication-settings/get/metadata": {
"post": {
"responses": {
"200": {
"content": {
"application/json": {
"schema": {
"reply": {
"sp_entity_id": "example",
"sp_logout_url": "example",
"sp_url": "example",
"tenant_id": "example"
}
},
"examples": {
"Example 1": {
"value": {
"reply": {}
}
}
}
}
}
},
"400": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"401": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"402": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"403": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"500": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
}
},
"requestBody": {
"content": {
"application/json": {
"schema": {
"request_data": {}
}
}
}
}
}
}
}
}
}
}
},
"500": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
}
}
}
},
"/public_api/v1/distributions/get_versions": {
"post": {
"requestBody": {
"content": {
"application/json": {
"schema": {}
}
}
},
"responses": {
"200": {
"content": {
"application/json": {
"schema": {
"reply": {
"windows": [
"example"
],
"linux": [
"example"
],
"macos": [
"example"
]
}
}
}
}
},
"400": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"401": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"402": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"403": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"500": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
}
}
}
},
"/public_api/v1/endpoints/get_endpoints": {
"post": {
"requestBody": {
"content": {
"application/json": {
"schema": {}
}
}
},
"responses": {
"200": {
"content": {
"application/json": {
"schema": {
"reply": [
{
"agent_id": "example",
"agent_status": "example",
"operational_status": "example",
"host_name": "example",
"agent_type": "example",
"ip": [
"example"
],
"last_seen": 0,
"tags": {
"server_tags": [
{}
],
"endpoint_tags": [
{}
]
},
"users": [
"example"
]
}
]
},
"examples": {
"example-1": {
"value": {}
}
}
}
}
},
"400": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"401": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"402": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"403": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"500": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
}
}
}
},
"/public_api/v1/endpoints/get_policy": {
"post": {
"requestBody": {
"content": {
"application/json": {
"schema": {
"request_data": {
"endpoint_id": "example"
}
},
"examples": {
"example-1": {
"value": {
"request_data": {}
}
}
}
}
}
},
"responses": {
"200": {
"content": {
"application/json": {
"schema": {
"reply": {
"policy_name": "example"
}
},
"examples": {
"example-1": {
"value": {
"reply": {}
}
}
}
}
}
},
"400": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"401": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"402": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"403": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"500": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
}
}
}
},
"/public_api/v1/endpoints/delete": {
"post": {
"requestBody": {
"content": {
"application/json": {
"schema": {
"request_data": {
"filters": [
{
"field": "example",
"operator": "in",
"value": [
"example"
]
}
]
}
},
"examples": {
"example-1": {
"value": {
"request_data": {}
}
}
}
}
}
},
"responses": {
"200": {
"content": {
"application/json": {}
}
},
"400": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"401": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"402": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"403": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"500": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
}
}
}
},
"/public_api/v1/distributions/create": {
"post": {
"requestBody": {
"content": {
"application/json": {
"schema": {
"request_data": {
"name": "example",
"platform": "windows",
"package_type": "example",
"agent_version": "example",
"windows_version": "example",
"linux_version": "example",
"macos_version": "example",
"deployment_platform": "example",
"default_namespace": "example",
"node_selector": {
"additionalProperties": {}
},
"proxy": [
"example"
],
"cluster_name": "example",
"run_on_master_node": false,
"run_on_all_nodes": false
}
},
"examples": {
"New Installation example": {
"value": {
"request_data": {}
}
},
"Upgrade example": {
"value": {
"request_data": {}
}
},
"Kubernetes distribution": {
"value": {
"request_data": {
"node_selector": {}
}
}
}
}
}
}
},
"responses": {
"200": {
"content": {
"application/json": {
"schema": {
"reply": {
"distribution_id": "example"
}
}
}
}
},
"400": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"401": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"402": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"403": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"500": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
}
}
}
},
"/public_api/v1/device_control/get_violations": {
"post": {
"requestBody": {
"content": {
"application/json": {
"schema": {
"request_data": {
"filters": [
{
"field": "endpoint_id_list",
"operator": "in",
"value": null
}
],
"search_from": 0,
"search_to": 0,
"sort": {
"field": "endpoint_id_list",
"value": "asc"
}
}
},
"examples": {
"Request all results": {
"value": {
"request_data": {}
}
},
"Request filtered results": {
"value": {
"request_data": {}
}
}
}
}
}
},
"responses": {
"200": {
"content": {
"application/json": {
"schema": {
"reply": {
"total_count": 0,
"result_count": 0,
"violations": [
{
"hostname": "example",
"username": "example",
"ip": "example",
"timestamp": 0,
"violation_id": 0,
"type": "example",
"vendor_id": "example",
"vendor": "example",
"product_id": "example",
"product": "example",
"serial": "example",
"endpoint_id": "example"
}
]
}
}
}
}
},
"400": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"401": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"402": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"403": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"500": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
}
}
}
},
"/public_api/v1/distributions/get_status": {
"post": {
"requestBody": {
"content": {
"application/json": {
"schema": {
"request_data": {
"distribution_id": "example"
}
}
}
}
},
"responses": {
"200": {
"content": {
"application/json": {
"schema": {
"reply": {
"status": "example"
}
}
}
}
},
"400": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"401": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"402": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"403": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"500": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
}
}
}
},
"/public_api/v1/distributions/get_dist_url": {
"post": {
"requestBody": {
"content": {
"application/json": {
"schema": {
"request_data": {
"distribution_id": "example",
"package_type": "example"
}
},
"examples": {
"example-1": {
"value": {
"request_data": {}
}
}
}
}
}
},
"responses": {
"200": {
"content": {
"application/json": {
"schema": {
"reply": {
"distribution_url": "example"
}
},
"examples": {
"example-1": {
"value": {
"reply": {}
}
}
}
}
}
},
"400": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"401": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"402": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"403": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"500": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
}
}
}
},
"/public_api/v1/endpoints/update_agent_name": {
"post": {
"requestBody": {
"content": {
"application/json": {
"schema": {
"request_data": {
"filters": [
{
"field": "endpoint_id_list",
"operator": "in",
"value": null
}
],
"alias": "example"
}
},
"examples": {
"example-1": {
"value": {
"request_data": {}
}
}
}
}
}
},
"responses": {
"200": {
"content": {
"application/json": {
"schema": false
}
}
},
"400": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"401": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"402": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"403": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"500": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
}
}
}
},
"/public_api/v1/tags/agents/assign": {
"post": {
"requestBody": {
"content": {
"application/json": {
"schema": {
"request_data": {
"filters": [
{
"field": "endpoint_id_list",
"operator": "in",
"value": null
}
],
"tag": "example"
}
},
"examples": {
"example-1": {
"value": {
"request_data": {}
}
}
}
}
}
},
"responses": {
"200": {
"content": {
"application/json": {
"schema": false
}
}
},
"400": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"401": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"402": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"403": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"500": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
}
}
}
},
"/public_api/v1/tags/agents/remove": {
"post": {
"requestBody": {
"content": {
"application/json": {
"schema": {
"request_data": {
"filters": [
{
"field": "endpoint_id_list",
"operator": "in",
"value": null
}
],
"tag": "example"
}
},
"examples": {
"example-1": {
"value": {
"request_data": {}
}
}
}
}
}
},
"responses": {
"200": {
"content": {
"application/json": {
"schema": false
}
}
},
"400": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"401": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"402": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"403": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"500": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
}
}
}
},
"/public_api/v1/endpoints/restore": {
"post": {
"requestBody": {
"content": {
"application/json": {
"schema": {
"request_data": {
"file_hash": "example",
"endpoint_id": "example",
"incident_id": 0
}
},
"examples": {
"example-1": {
"value": {
"request_data": {}
}
}
}
}
}
},
"responses": {
"200": {
"content": {
"application/json": {
"schema": {
"reply": {
"action_id": "example",
"endpoints_count": "example"
}
},
"examples": {
"example-1": {
"value": {
"reply": {}
}
}
}
}
}
},
"400": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"401": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"402": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"403": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"500": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
}
}
}
},
"/public_api/v1/actions/file_retrieval_details": {
"post": {
"requestBody": {
"content": {
"application/json": {
"schema": {
"request_data": {
"group_action_id": "example"
}
},
"examples": {
"example-1": {
"value": {
"request_data": {}
}
}
}
}
}
},
"responses": {
"200": {
"content": {
"application/json": {
"schema": {
"reply": {
"data": {
"endpoint_ID": "example"
}
}
},
"examples": {
"Example 1": {
"value": {
"reply": {
"data": {}
}
}
}
}
}
}
},
"400": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"401": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"402": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"403": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"500": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
}
}
}
},
"/public_api/v1/hash_exceptions/allowlist": {
"post": {
"requestBody": {
"content": {
"application/json": {
"schema": {
"request_data": {
"hash_list": [
"example"
],
"comment": "example",
"incident_id": 0
}
},
"examples": {
"example-1": {
"value": {
"request_data": {}
}
}
}
}
}
},
"responses": {
"200": {
"content": {
"application/json": {
"schema": false
}
}
},
"400": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"401": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"402": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"403": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"500": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
}
}
}
},
"/public_api/v1/quarantine/status": {
"post": {
"requestBody": {
"content": {
"application/json": {
"schema": {
"request_data": {
"files": [
{
"endpoint_id": "example",
"file_path": "example",
"file_hash": "example"
}
]
}
},
"examples": {
"example-1": {
"value": {
"request_data": {}
}
}
}
}
}
},
"responses": {
"200": {
"content": {
"application/json": {
"schema": {
"reply": [
{
"endpoint_id": "example",
"file_path": "example",
"file_hash": "example",
"status": false
}
]
},
"examples": {
"example-1": {
"value": {}
}
}
}
}
},
"400": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"401": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"402": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"403": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"500": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
}
}
}
},
"/public_api/v1/endpoints/quarantine": {
"post": {
"requestBody": {
"content": {
"application/json": {
"schema": {
"request_data": {
"filters": [
{
"field": "endpoint_id_list",
"operator": "in",
"value": [
"example"
]
}
],
"file_path": "example",
"file_hash": "example"
}
},
"examples": {
"example-1": {
"value": {
"request_data": {}
}
}
}
}
}
},
"responses": {
"200": {
"content": {
"application/json": {
"schema": {
"reply": {
"action_id": "example",
"status": "example",
"endpoints_count": "example"
}
},
"examples": {
"example-1": {
"value": {
"reply": {}
}
}
}
}
}
},
"400": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"401": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"402": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"403": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"500": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
}
}
}
},
"/public_api/v1/hash_exceptions/blocklist": {
"post": {
"requestBody": {
"content": {
"application/json": {
"schema": {
"request_data": {
"hash_list": [
"example"
],
"comment": "example",
"incident_id": 0
}
},
"examples": {
"example-1": {
"value": {
"request_data": {}
}
}
}
}
}
},
"responses": {
"200": {
"content": {
"application/json": {
"schema": false
}
}
},
"400": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"401": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"402": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"403": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"500": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
}
}
}
},
"/public_api/v1/endpoints/unisolate": {
"post": {
"requestBody": {
"content": {
"application/json": {
"schema": {
"request_data": {
"filters": [
{
"field": "endpoint_id_list",
"operator": "IN",
"value": [
"example"
]
}
],
"endpoint_id": "example",
"incident_id": "example"
}
},
"examples": {
"Unisolate one endpoint": {
"value": {
"request_data": {}
}
},
"Unisolate more than one endpoint": {
"value": {
"request_data": {}
}
}
}
}
}
},
"responses": {
"200": {
"content": {
"application/json": {
"schema": {
"reply": {
"action_id": "example",
"endpoints_count": "example"
}
},
"examples": {
"example-1": {
"value": {
"reply": {}
}
}
}
}
}
},
"400": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"401": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"402": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"403": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"500": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
}
}
}
},
"/public_api/v1/endpoints/abort_scan": {
"post": {
"requestBody": {
"content": {
"application/json": {
"schema": {
"request_data": {
"filters": null,
"incident_id": "example"
}
},
"examples": {
"To cancel scan of all endpoints": {
"value": {
"request_data": {}
}
},
"To cancel scan of filtered endpoints": {
"value": {
"request_data": {}
}
}
}
}
}
},
"responses": {
"200": {
"content": {
"application/json": {
"schema": {
"reply": {
"action_id": "example",
"endpoints_count": "example"
}
}
}
}
},
"400": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"401": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"402": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"403": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"500": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
}
}
}
},
"/public_api/v1/endpoints/scan": {
"post": {
"requestBody": {
"content": {
"application/json": {
"schema": {
"request_data": {
"filters": {
"additionalProperties": {
"field": "endpoint_id_list",
"operator": "in",
"value": null
}
},
"incident_id": "example"
}
},
"examples": {
"Scan all endpoints": {
"value": {
"request_data": {}
}
},
"Scan filtered endpoints": {
"value": {
"request_data": {}
}
}
}
}
}
},
"responses": {
"200": {
"content": {
"application/json": {
"schema": {
"reply": {
"action_id": "example",
"endpoints_count": "example"
}
}
}
}
},
"400": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"401": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"402": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"403": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"500": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
}
}
}
},
"/public_api/v1/actions/get_action_status": {
"post": {
"requestBody": {
"content": {
"application/json": {
"schema": {
"request_data": {
"group_action_id": 0
}
},
"examples": {
"example-1": {
"value": {
"request_data": {}
}
}
}
}
}
},
"responses": {
"200": {
"content": {
"application/json": {
"schema": {
"reply": {
"data": {
"agent_id": "PENDING"
}
}
},
"examples": {
"example-1": {
"value": {
"reply": {
"data": {}
}
}
}
}
}
}
},
"400": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"401": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"402": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"403": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"500": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
}
}
}
},
"/public_api/v1/scripts/run_snippet_code_script": {
"post": {
"requestBody": {
"content": {
"application/json": {
"schema": {
"request_data": {
"filters": [
{
"field": "endpoint_id_list",
"operator": "in",
"value": [
"example"
]
}
],
"timeout": 0,
"snippet_code": "example",
"incident_id": "example"
}
},
"examples": {
"example-1": {
"value": {
"request_data": {}
}
}
}
}
}
},
"responses": {
"200": {
"content": {
"application/json": {
"schema": {
"reply": {
"action_id": "example",
"endpoints_count": 0
}
},
"examples": {
"example-1": {
"value": {
"reply": {}
}
}
}
}
}
},
"400": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"401": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"402": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"403": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"500": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
}
}
}
},
"/public_api/v1/scripts/run_script": {
"post": {
"requestBody": {
"content": {
"application/json": {
"schema": {
"request_data": {
"filters": [
{
"field": "endpoint_id_list",
"operator": "in",
"value": [
"example"
]
}
],
"script_uid": "example",
"parameters_values": {
"x": "example",
"y": 0
},
"timeout": 0,
"incident_id": "example"
}
},
"examples": {
"example-1": {
"value": {
"request_data": {
"parameters_values": {}
}
}
}
}
}
}
},
"responses": {
"200": {
"content": {
"application/json": {
"schema": {
"reply": {
"action_id": 0,
"endpoints_count": 0,
"status": 0
}
},
"examples": {
"example-1": {
"value": {
"reply": {}
}
}
}
}
}
},
"400": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"401": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"402": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"403": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"500": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
}
}
}
},
"/public_api/v1/scripts/get_script_metadata": {
"post": {
"requestBody": {
"content": {
"application/json": {
"schema": {
"request_data": {
"script_uid": "example"
}
},
"examples": {
"example-1": {
"value": {
"request_data": {}
}
}
}
}
}
},
"responses": {
"200": {
"content": {
"application/json": {
"schema": {
"reply": {
"script_id": "example",
"name": "example",
"description": "example",
"modification_date": 0,
"created_by": "example",
"is_high_risk": false,
"windows_supported": false,
"linux_supported": false,
"macos_supported": false,
"script_uid": "example",
"entry_point": "example",
"script_input": [
{
"name": "example",
"type": "example",
"friendly_name": "example"
}
],
"script_output_type": "auto_detect",
"script_output_dictionary_definitions": [
{
"friendly_name": "example",
"name": "example",
"type": "example"
}
]
}
},
"examples": {
"When entry_point is returned as run": {
"value": {
"reply": {}
}
},
"When entry_point field is empty": {
"value": {
"reply": {}
}
}
}
}
}
},
"400": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"401": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"402": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"403": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"500": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
}
}
}
},
"/public_api/v1/scripts/get_scripts": {
"post": {
"requestBody": {
"content": {
"application/json": {
"schema": {
"request_data": {
"filters": [
{
"field": "name",
"operator": "in",
"value": null
}
]
}
},
"examples": {
"Request all results": {
"value": {
"request_data": {}
}
},
"Request filtered results": {
"value": {
"request_data": {}
}
}
}
}
}
},
"responses": {
"200": {
"content": {
"application/json": {
"schema": {
"reply": {
"total_count": 0,
"result_count": 0,
"scripts": [
{
"script_id": "example",
"name": "example",
"description": "example",
"modification_date": 0,
"created_by": "example",
"is_high_risk": false,
"windows_supported": false,
"linux_supported": false,
"macos_supported": false,
"script_uid": "example"
}
]
}
},
"examples": {
"example-1": {
"value": {
"reply": {}
}
}
}
}
}
},
"400": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"401": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"402": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"403": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"500": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
}
}
}
},
"/public_api/v1/scripts/get_script_execution_status": {
"post": {
"requestBody": {
"content": {
"application/json": {
"schema": {
"request_data": {
"action_id": "example"
}
},
"examples": {
"example-1": {
"value": {
"request_data": {}
}
}
}
}
}
},
"responses": {
"200": {
"content": {
"application/json": {
"schema": {
"reply": {
"general_status": "example",
"endpoints_pending": 0,
"endpoints_canceled": 0,
"endpoints_in_progress": 0,
"endpoints_timeout": 0,
"endpoints_failed": 0,
"endpoints_completed_successfully": 0,
"endpoints_pending_abort": 0,
"endpoints_aborted": 0,
"endpoints_expired": 0,
"error_message": "example"
}
},
"examples": {
"example-1": {
"value": {
"reply": {}
}
}
}
}
}
},
"400": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"401": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"402": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"403": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"500": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
}
}
}
},
"/public_api/v1/scripts/get_script_execution_results": {
"post": {
"requestBody": {
"content": {
"application/json": {
"schema": {
"request_data": {
"action_id": "example"
}
},
"examples": {
"example-1": {
"value": {
"request_data": {}
}
}
}
}
}
},
"responses": {
"200": {
"content": {
"application/json": {
"schema": {
"reply": {
"script_name": "example",
"script_description": "example",
"script_parameters": [
{}
],
"date_created": "example",
"scope": "example",
"error_message": "example",
"results": [
{
"endpoint_name": "example",
"endpoint_ip_address": [
"example"
],
"endpoint_status": "example",
"domain": "example",
"endpoint_id": "example",
"execution_status": "example",
"standard_output": {},
"retrieved_files": 0,
"failed_files": 0,
"retention_date": {}
}
]
}
},
"examples": {
"example-1": {
"value": {
"reply": {}
}
}
}
}
}
},
"400": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"401": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"402": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"403": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"500": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
}
}
}
},
"/public_api/v1/scripts/get_script_execution_results_files": {
"post": {
"requestBody": {
"content": {
"application/json": {
"schema": {
"request_data": {
"action_id": "example",
"endpoint_id": "example"
}
}
}
}
},
"responses": {
"200": {
"content": {
"application/json": {
"schema": {
"reply": {
"data": "example"
}
},
"examples": {
"example-1": {
"value": {
"reply": {}
}
}
}
}
}
},
"400": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"401": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"402": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"403": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"500": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
}
}
}
},
"/public_api/v1/scripts/get_script_code": {
"post": {
"requestBody": {
"content": {
"application/json": {
"schema": {
"request_data": {
"script_uid": "example"
}
},
"examples": {
"example-1": {
"value": {
"request_data": {}
}
}
}
}
}
},
"responses": {
"200": {
"content": {
"application/json": {
"schema": {
"reply": "example"
},
"examples": {
"example-1": {
"value": {}
}
}
}
}
},
"400": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"401": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"402": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"403": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"500": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
}
}
}
},
"/public_api/v1/indicators/insert_csv": {
"post": {
"requestBody": {
"content": {
"application/json": {
"schema": {
"request_data": "example",
"validate": false
},
"examples": {
"Request filtered results": {
"value": {}
},
"Request all results": {
"value": {
"request_data": {}
}
}
}
}
}
},
"responses": {
"200": {
"content": {
"application/json": {
"schema": {
"reply": {
"success": false,
"validation_errors": [
{
"indicator": "example",
"error": "example"
}
]
}
},
"examples": {
"example-1": {
"value": {
"reply": {}
}
}
}
}
}
},
"400": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"401": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"402": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"403": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"500": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
}
}
}
},
"/public_api/v1/indicators/insert_jsons": {
"post": {
"responses": {
"200": {
"content": {
"application/json": {
"schema": {
"reply": {
"success": false,
"validation_errors": [
{
"indicator": "example",
"error": "example"
}
]
}
},
"examples": {
"example-1": {
"value": {
"reply": {}
}
}
}
}
}
},
"400": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"401": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"402": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"403": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"500": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
}
},
"requestBody": {
"content": {
"application/json": {
"schema": {
"request_data": [
{
"indicator": "example",
"type": "HASH",
"severity": "INFO",
"expiration_date": 0,
"comment": "example",
"reputation": "GOOD",
"reliability": "A",
"vendors": [
{
"vendor_name": "example",
"reliability": "example",
"reputation": "example"
}
],
"class": "example"
}
],
"validate": false
},
"examples": {
"example-1": {
"value": {}
}
}
}
}
}
}
},
"/public_api/v1/audits/management_logs": {
"post": {
"requestBody": {
"content": {
"application/json": {
"schema": {
"request_data": {
"filters": [
{
"field": "email",
"operator": "in",
"value": null
}
],
"search_from": 0,
"search_to": 0,
"sort": {
"field": "type",
"keyword": "asc"
}
}
},
"examples": {
"Request all management logs from older to newer": {
"value": {
"request_data": {
"sort": {}
}
}
},
"Request all results": {
"value": {
"request_data": {}
}
},
"Request all successful login events after 06-Aug-19, sorted by timestamp oldest to newest": {
"value": {
"request_data": {
"sort": {}
}
}
}
}
}
}
},
"responses": {
"200": {
"content": {
"application/json": {
"schema": {
"reply": {
"total_count": 0,
"result_count": 0,
"data": [
{
"AUDIT_ID": 0,
"AUDIT_OWNER_NAME": "example",
"AUDIT_OWNER_EMAIL": "example",
"AUDIT_ASSET_JSON": "example",
"AUDIT_ASSET_NAMES": "example",
"AUDIT_HOSTNAME": "example",
"AUDIT_RESULT": "example",
"AUDIT_REASON": "example",
"AUDIT_DESCRIPTION": "example",
"AUDIT_ENTITY": "LIVE_TERMINAL",
"AUDIT_ENTITY_SUBTYPE": "example",
"AUDIT_SESSION_ID": 0,
"AUDIT_CASE_ID": 0,
"AUDIT_INSERT_TIME": 0,
"AUDIT_SEVERITY": "example",
"AUDIT_LINK": "example",
"AUDIT_SOURCE_IP": "example",
"AUDIT_USER_AGENT": "example",
"AUDIT_USER_ROLES": [
"example"
],
"AUDIT_ADDITIONAL_INFORMATION": {
"endpoint_names": [
"example"
],
"endpoint_count": 0
}
}
]
}
},
"examples": {
"example-1": {
"value": {
"reply": {}
}
}
}
}
}
},
"400": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"401": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"402": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"403": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"500": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
}
}
}
},
"/public_api/v1/healthcheck": {
"get": {
"responses": {
"200": {
"content": {
"application/json": {
"schema": {
"status": "example"
}
}
}
},
"400": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"401": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"402": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"403": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"500": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
}
}
}
},
"/public_api/v1/system/get_tenant_info": {
"post": {
"responses": {
"200": {
"content": {
"application/json": {
"schema": {
"reply": {
"pro_per_endpoint_expiration": 0,
"purchased_pro_per_endpoint": {
"agents": 0
},
"data_enabled_pro_per_endpoint": 0,
"prevent_expiration": 0,
"purchased_prevent": 0,
"installed_prevent": 0,
"pro_tb_expiration": 0,
"purchased_pro_gb": {
"gb": 0
},
"installed_pro_gb": 0,
"compute_unit_expiration": 0,
"purchased_compute_unit": 0,
"host_insights_expiration": 0,
"enabled_host_insights": 0,
"purchased_host_insights": 0,
"forensics_expiration": 0,
"enabled_forensics": 0,
"pro_cloud_expiration": 0,
"purchased_pro_cloud": {
"agents": 0
},
"installed_pro_cloud": 0,
"data_enabled_pro_cloud": 0,
"identity_threat_expiration": 0,
"xth_expiration": 0,
"purchased_xth": 0,
"xdr_ep_hot_expiration": "example",
"purchased_xdr_ep_hot": 0,
"xdr_ep_cold_expiration": "example",
"purchased_xdr_ep_cold": 0,
"xdr_gb_hot_expiration": "example",
"purchased_xdr_gb_hot": 0,
"xdr_gb_cold_expiration": "example",
"purchased_xdr_gb_cold": 0
}
},
"examples": {
"example-1": {
"value": {
"reply": {
"purchased_pro_per_endpoint": {},
"purchased_pro_tb": {}
}
}
}
}
}
}
}
},
"requestBody": {
"content": {
"application/json": {
"schema": {
"request_data": {}
}
}
}
}
}
},
"/public_api/v1/incidents/get_incident_extra_data": {
"post": {
"responses": {
"200": {
"content": {
"application/json": {
"schema": {
"reply": {
"incident": {
"incident_id": "example",
"incident_name": "example",
"creation_time": 0,
"modification_time": 0,
"detection_time": {},
"status": "example",
"severity": "example",
"description": "example",
"assigned_user_mail": "example",
"assigned_user_pretty_name": "example",
"alert_count": 0,
"low_severity_alert_count": 0,
"med_severity_alert_count": 0,
"high_severity_alert_count": 0,
"critical_severity_alert_count": 0,
"user_count": 0,
"host_count": 0,
"notes": "example",
"resolve_comment": "example",
"manual_description": "example",
"xdr_url": "example",
"starred": false,
"hosts": [
"example"
],
"users": [
{}
],
"incident_sources": [
"example"
],
"rule_based_score": 0,
"manual_score": {},
"wildfire_hits": 0,
"alerts_grouping_status": "example",
"mitre_techniques_ids_and_names": [
"example"
],
"mitre_tactics_ids_and_names": [
"example"
],
"alert_categories": [
"example"
],
"original_tags": [
"example"
],
"tags": [
"example"
],
"incident_domain": "example",
"custom_fields": {}
},
"alerts": {
"total_count": 0,
"data": [
{
"external_id": "example",
"severity": "example",
"matching_status": "example",
"end_match_attempt_ts": {},
"local_insert_ts": 0,
"bioc_indicator": {},
"matching_service_rule_id": {},
"attempt_counter": {},
"bioc_category_enum_key": {},
"case_id": 0,
"is_whitelisted": false,
"starred": false,
"deduplicate_tokens": "example",
"filter_rule_id": {},
"mitre_technique_id_and_name": {},
"mitre_tactic_id_and_name": {},
"agent_version": {},
"agent_device_domain": {},
"agent_fqdn": {},
"agent_os_type": "example",
"agent_os_sub_type": {},
"agent_data_collection_status": {},
"mac": {},
"agent_is_vdi": {},
"agent_install_type": "example",
"agent_host_boot_time": {},
"event_sub_type": {},
"module_id": {},
"association_strength": {},
"dst_association_strength": {},
"story_id": {},
"event_id": {},
"event_type": "example",
"events_length": 0,
"event_timestamp": {},
"actor_process_instance_id": {},
"actor_process_image_path": {},
"actor_process_image_name": {},
"actor_process_command_line": {},
"actor_process_signature_status": "example",
"actor_process_signature_vendor": {},
"actor_process_image_sha256": {},
"actor_process_image_md5": {},
"actor_process_causality_id": {},
"actor_causality_id": {},
"actor_process_os_pid": {},
"actor_thread_thread_id": {},
"causality_actor_process_image_name": {},
"causality_actor_process_command_line": {},
"causality_actor_process_image_path": {},
"causality_actor_process_signature_vendor": {},
"causality_actor_process_signature_status": "example",
"causality_actor_causality_id": {},
"causality_actor_process_execution_time": {},
"causality_actor_process_image_md5": {},
"causality_actor_process_image_sha256": {},
"action_file_path": {},
"action_file_name": {},
"action_file_md5": {},
"action_file_sha256": {},
"action_file_macro_sha256": {},
"action_registry_data": {},
"action_registry_key_name": {},
"action_registry_value_name": {},
"action_registry_full_key": {},
"action_local_ip": "example",
"action_local_port": "example",
"action_remote_ip": "example",
"action_remote_port": "example",
"action_external_hostname": "example",
"action_country": "example",
"action_process_instance_id": {},
"action_process_causality_id": {},
"action_process_image_name": {},
"action_process_image_sha256": {},
"action_process_image_command_line": {},
"action_process_signature_status": "example",
"action_process_signature_vendor": {},
"os_actor_effective_username": {},
"os_actor_process_instance_id": {},
"os_actor_process_image_path": {},
"os_actor_process_image_name": {},
"os_actor_process_command_line": {},
"os_actor_process_signature_status": "example",
"os_actor_process_signature_vendor": {},
"os_actor_process_image_sha256": {},
"os_actor_process_causality_id": {},
"os_actor_causality_id": {},
"os_actor_process_os_pid": {},
"os_actor_thread_thread_id": {},
"fw_app_id": {},
"fw_interface_from": {},
"fw_interface_to": {},
"fw_rule": {},
"fw_rule_id": {},
"fw_device_name": {},
"fw_serial_number": "example",
"fw_url_domain": {},
"fw_email_subject": "example",
"fw_email_sender": {},
"fw_email_recipient": {},
"fw_app_subcategory": {},
"fw_app_category": {},
"fw_app_technology": {},
"fw_vsys": {},
"fw_xff": {},
"fw_misc": {},
"fw_is_phishing": "example",
"dst_agent_id": {},
"dst_causality_actor_process_execution_time": {},
"dns_query_name": {},
"dst_action_external_hostname": {},
"dst_action_country": {},
"dst_action_external_port": {},
"alert_id": "example",
"detection_timestamp": 0,
"name": "example",
"category": "example",
"endpoint_id": {},
"description": "example",
"host_ip": "example",
"host_name": "example",
"source": "example",
"action": "example",
"action_pretty": "example",
"user_name": {},
"contains_featured_host": "example",
"contains_featured_user": "example",
"contains_featured_ip_address": "example",
"tags": [
"example"
],
"original_tags": "example"
}
]
},
"network_artifacts": {
"total_count": 0,
"data": [
{
"type": "example",
"alert_count": 0,
"is_manual": false,
"network_domain": "example",
"network_remote_ip": "example",
"network_remote_port": "example",
"network_country": "example"
}
]
},
"file_artifacts": {
"total_count": 0,
"data": [
{
"alert_count": 0,
"file_name": "example",
"File_sha256": "example",
"file_signature_status": "example",
"file_wildfire_verdict": "example",
"is_malicous": false,
"is_manual": false,
"is_process": false,
"low_confidence": false,
"type": "example"
}
]
}
}
},
"examples": {
"Example 1": {
"value": {
"reply": {
"incident": {},
"alerts": {},
"network_artifacts": {},
"file_artifacts": {}
}
}
}
}
}
}
},
"400": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"401": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"402": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"403": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"404": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"500": {}
},
"requestBody": {
"content": {
"application/json": {
"schema": {
"request_data": {
"incident_id": "example",
"alerts_limit": 0
}
},
"examples": {
"Example 1": {
"value": {
"request_data": {}
}
}
}
}
}
}
}
},
"/public_api/v1/rbac/get_users": {
"post": {
"responses": {
"200": {
"content": {
"application/json": {
"schema": {
"reply": [
{
"user_email": "example",
"user_first_name": "example",
"user_last_name": "example",
"role_name": "example",
"last_logged_in": 0,
"user_type": "example",
"groups": [
{}
],
"scope": [
{}
]
}
]
},
"examples": {
"Example 1": {
"value": {}
}
}
}
}
},
"400": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"401": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"402": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"403": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"500": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
}
},
"requestBody": {
"content": {
"application/json": {
"schema": {},
"examples": {
"Example 1": {
"value": {
"request_data": {}
}
}
}
}
}
}
}
},
"/public_api/v1/rbac/get_roles": {
"post": {
"responses": {
"200": {
"content": {
"application/json": {
"schema": {
"reply": [
{
"pretty_name": "example",
"permissions": [
"example"
],
"insert_time": 0,
"update_time": 0,
"created_by": "example",
"description": "example",
"groups": [
"example"
],
"users": [
"example"
]
}
]
},
"examples": {
"Example 1": {
"value": {}
}
}
}
}
},
"400": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"401": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"402": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"403": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"500": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
}
},
"requestBody": {
"content": {
"application/json": {
"schema": {
"request_data": {
"role_names": [
"example"
]
}
},
"examples": {
"Example 1": {
"value": {
"request_data": {}
}
}
}
}
}
}
}
},
"/public_api/v1/rbac/get_user_group": {
"post": {
"responses": {
"200": {
"content": {
"application/json": {
"schema": {
"reply": [
{
"group_name": "example",
"description": {},
"pretty_name": "example",
"insert_time": 0,
"update_time": 0,
"user_email": [
"example"
],
"source": "example"
}
]
},
"examples": {
"Example 1": {
"value": {}
}
}
}
}
},
"400": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"401": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"402": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"403": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"500": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
}
},
"requestBody": {
"content": {
"application/json": {
"schema": {
"request_data": {
"group_names": [
"example"
]
}
},
"examples": {
"Example 1": {
"value": {
"request_data": {}
}
}
}
}
}
}
}
},
"/public_api/v1/rbac/set_user_role": {
"post": {
"responses": {
"200": {
"content": {
"application/json": {
"schema": {
"reply": {
"update_count": "example"
}
},
"examples": {
"Example 1": {
"value": {
"reply": {}
}
}
}
}
}
},
"400": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"401": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"402": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"403": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"500": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
}
},
"requestBody": {
"content": {
"application/json": {
"schema": {
"request_data": {
"user_emails": [
"example"
],
"role_name": "example"
}
},
"examples": {
"Example 1": {
"value": {
"request_data": {}
}
}
}
}
}
}
}
},
"/public_api/v1/endpoints/get_endpoint": {
"post": {
"responses": {
"200": {
"content": {
"application/json": {
"schema": {
"reply": {
"total_count": 0,
"result_count": 0,
"endpoints": [
{
"endpoint_id": "example",
"endpoint_name": "example",
"endpointTags": "example",
"endpoint_type": "example",
"endpoint_status": "example",
"os_type": "example",
"os_version": "example",
"ip": [
"example"
],
"ipv6": [
{}
],
"public_ip": "example",
"users": [
"example"
],
"domain": "example",
"alias": "example",
"first_seen": 0,
"last_seen": 0,
"content_version": "example",
"installation_package": "example",
"active_directory": {},
"install_date": 0,
"endpoint_version": "example",
"is_isolated": "example",
"isolated_date": {},
"group_name": [
{}
],
"operational_status": "example",
"operational_status_description": "example",
"scan_status": "example",
"content_release_timestamp": 0,
"last_content_update_time": 0,
"content_status": "example",
"operating_system": "example",
"mac_address": [
"example"
],
"assigned_prevention_policy": "example",
"assigned_extensions_policy": "example"
}
]
}
},
"examples": {
"Example 1": {
"value": {
"reply": {}
}
},
"Example 2": {
"value": {
"reply": {}
}
}
}
}
}
},
"400": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"401": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"402": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"403": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"500": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
}
},
"requestBody": {
"content": {
"application/json": {
"schema": {
"request_data": {
"filters": [
{
"field": "endpoint_id_list",
"operator": "in",
"value": null
}
],
"search_from": 0,
"search_to": 0,
"sort": {
"field": "endpoint_id",
"keyword": "ASC"
}
}
},
"examples": {
"Request filtered results": {
"value": {
"request_data": {
"sort": {}
}
}
},
"Request all results": {
"value": {
"request_data": {}
}
}
}
}
}
}
}
},
"/public_api/v1/get_risk_score": {
"post": {
"responses": {
"200": {
"content": {
"application/json": {
"schema": {
"reply": {
"type": "example",
"id": "example",
"score": 0,
"norm_risk_score": 0,
"risk_level": "LOW",
"reasons": [
{
"date created": "example",
"description": "example",
"severity": "example",
"status": "example",
"points": 0
}
],
"email": "example"
}
},
"examples": {
"Example 1": {
"value": {
"reply": null
}
}
}
}
}
},
"400": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"401": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"402": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"403": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"500": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
}
},
"requestBody": {
"content": {
"application/json": {
"schema": {
"request_data": {
"id": "example"
}
},
"examples": {
"Example 1": {
"value": {
"request_data": {}
}
}
}
}
}
}
}
},
"/public_api/v1/get_risky_users": {
"post": {
"responses": {
"200": {
"content": {
"application/json": {
"schema": {
"reply": [
{
"type": "example",
"id": "example",
"score": 0,
"norm_risk_score": 20,
"risk_level": "MED",
"reasons": [
{
"date created": "example",
"description": "example",
"severity": "example",
"status": "example",
"points": 0
}
],
"email": "example"
}
]
},
"examples": {
"Example 1": {
"value": {}
}
}
}
}
},
"400": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"401": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"402": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"403": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"500": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
}
},
"requestBody": {
"content": {
"application/json": {
"schema": {}
}
}
}
}
},
"/public_api/v1/get_risky_hosts": {
"post": {
"responses": {
"200": {
"content": {
"application/json": {
"schema": {
"reply": [
{
"type": "example",
"id": "example",
"score": 0,
"norm_risk_score": 20,
"risk_level": "LOW",
"reasons": [
{
"date created": "example",
"description": "example",
"severity": "example",
"status": "example",
"points": 0
}
]
}
]
},
"examples": {
"Example 1": {
"value": {}
}
}
}
}
},
"400": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"401": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"402": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"403": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"500": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
}
},
"requestBody": {
"content": {
"application/json": {
"schema": {}
}
}
}
}
},
"/public_api/v1/endpoints/file_retrieval": {
"post": {
"responses": {
"200": {
"content": {
"application/json": {
"schema": {
"reply": {
"action_id": "example",
"status": "example",
"endpoints_count": "example"
}
}
}
}
},
"400": {},
"401": {},
"402": {},
"403": {},
"500": {}
},
"requestBody": {
"content": {
"application/json": {
"schema": {
"request_data": {
"filters": [
{
"field": "endpoint_id_list",
"operator": "in",
"value": [
"example"
]
}
],
"files": {
"windows": [
"example"
],
"linux": [
"example"
],
"macos": [
"example"
]
},
"incident_id": "example"
}
}
}
}
}
}
},
"/public_api/v1/endpoints/isolate": {
"post": {
"responses": {
"200": {
"content": {
"application/json": {
"schema": {
"reply": {
"action_id": "example",
"endpoints_count": "example"
}
},
"examples": {
"Example 1": {
"value": {
"reply": {}
}
}
}
}
}
},
"400": {},
"401": {},
"402": {},
"403": {},
"500": {}
},
"requestBody": {
"content": {
"application/json": {
"schema": {
"request_data": {
"filters": [
{
"field": "endpoint_id_list",
"operator": "in",
"value": [
"example"
]
}
],
"endpoint_id": "example",
"incident_id": "example"
}
},
"examples": {
"Isolate one endpoint": {
"value": {
"request_data": {}
}
},
"Isolate more than one endpoint": {
"value": {
"request_data": {}
}
}
}
}
}
}
}
},
"/public_api/v1/audits/agents_reports": {
"post": {
"responses": {
"200": {
"content": {
"application/json": {
"schema": {
"reply": {
"total_count": 0,
"result_count": 0,
"data": [
{
"TIMESTAMP": 0.1,
"RECEIVEDTIME": 0.1,
"ENDPOINTID": "example",
"ENDPOINTNAME": "example",
"DOMAIN": "example",
"TRAPSVERSION": "example",
"CATEGORY": "example",
"TYPE": "example",
"SUBTYPE": "example",
"RESULT": "example",
"REASON": "example",
"DESCRIPTION": "example"
}
]
}
}
}
}
},
"400": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"401": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"402": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"403": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"500": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
}
},
"requestBody": {
"content": {
"application/json": {
"schema": {
"request_data": {
"filters": [
{
"field": "endpoint_id",
"operator": "in",
"value": null
}
],
"search_from": 0,
"search_to": 0,
"sort": {
"field": "type",
"keyword": "asc"
}
}
},
"examples": {
"Request all results": {
"value": {
"request_data": {}
}
},
"Request filtered values": {
"value": {
"request_data": {
"sort": {}
}
}
}
}
}
}
}
}
},
"/public_api/v1/triage_endpoint": {
"post": {
"responses": {
"200": {
"content": {
"application/json": {
"schema": {
"reply": {
"group_action_id": 0,
"successful_agent_ids": [
"example"
],
"unsuccessful_agent_ids": [
{}
]
}
},
"examples": {
"Example 1": {
"value": {
"reply": {}
}
}
}
}
}
},
"400": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"401": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"402": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"403": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"500": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
}
},
"requestBody": {
"content": {
"application/json": {
"schema": {
"request_data": {
"agent_ids": [
"example"
],
"collector_uuid": "example"
}
},
"examples": {
"Example 1": {
"value": {
"request_data": {}
}
}
}
}
}
}
}
},
"/public_api/v1/xql/add_dataset": {
"post": {
"responses": {
"200": {
"content": {
"application/json": {
"schema": {
"dataset_name": "example"
}
}
}
},
"400": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"401": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"402": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"403": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"500": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
}
},
"requestBody": {
"content": {
"application/json": {
"schema": {
"request": {
"dataset_name": "example",
"dataset_type": "lookup",
"dataset_schema": {
"additionalProperties": "datetime"
}
}
},
"examples": {
"Example 1": {
"value": {
"request": {
"dataset_schema": {}
}
}
}
}
}
}
}
}
},
"/public_api/v2/xql/delete_dataset": {
"post": {
"responses": {
"200": {},
"400": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"401": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"402": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"403": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"500": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
}
},
"requestBody": {
"content": {
"application/json": {
"schema": {
"request": {
"dataset_name": "example",
"force": false
}
},
"examples": {
"Example 1": {
"value": {
"request": {}
}
}
}
}
}
}
}
},
"/public_api/v1/xql/get_datasets": {
"post": {
"responses": {
"200": {
"content": {
"application/json": {
"schema": {
"reply": [
{
"dataset_name": "example",
"type": "example",
"log_update_type": "example",
"last_updated": 0,
"total_days_stored": 0,
"hot_range": {
"from": 0,
"to": 0
},
"cold_range": {
"from": 0,
"to": 0
},
"total_size_stored": 0,
"average_daily_size": 0,
"total_events": 0,
"average_event_size": 0,
"ttl": 0,
"default_query_target": false
}
]
},
"examples": {
"Example 1": {
"value": {}
}
}
}
}
},
"400": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"401": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"402": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"403": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"500": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
}
},
"requestBody": {
"content": {
"application/json": {
"schema": {
"request": {}
}
}
}
}
}
},
"/public_api/v1/xql/lookups/add_data": {
"post": {
"responses": {
"200": {
"content": {
"application/json": {
"schema": {
"added": 0,
"updated": 0,
"skipped": 0
}
}
}
},
"400": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"401": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"402": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"403": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"500": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
}
},
"requestBody": {
"content": {
"application/json": {
"schema": {
"request": {
"dataset_name": "example",
"key_fields": [
"example"
],
"data": {
"additionalProperties": {}
}
}
},
"examples": {
"Example 1": {
"value": {
"request": {}
}
}
}
}
}
}
}
},
"/public_api/v1/xql/lookups/remove_data": {
"post": {
"responses": {
"200": {
"content": {
"application/json": {
"schema": {
"deleted": 0
}
}
}
},
"400": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"401": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"402": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"403": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"500": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
}
},
"requestBody": {
"content": {
"application/json": {
"schema": {
"request": {
"dataset_name": "example",
"filters": {
"additionalProperties": "example"
}
}
},
"examples": {
"Example 1": {
"value": {
"request": {}
}
}
}
}
}
}
}
},
"/public_api/v1/xql/lookups/get_data": {
"post": {
"responses": {
"200": {
"content": {
"application/json": {
"schema": {
"data": {
"additionalProperties": "example"
},
"filter_count": 0,
"total_count": 0
},
"examples": {
"Example 1": {
"value": {
"reply": {}
}
}
}
}
}
},
"400": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"401": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"402": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"403": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"500": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
}
},
"requestBody": {
"content": {
"application/json": {
"schema": {
"request": {
"dataset_name": "example",
"filters": [
{
"additionalProperties": "example"
}
],
"limit": 0
}
},
"examples": {
"Example 1": {
"value": {
"request": {}
}
}
}
}
}
}
}
},
"/public_api/v1/get_triage_presets": {
"post": {
"responses": {
"200": {
"content": {
"application/json": {
"schema": {
"reply": {
"triage_presets": [
{
"uuid": "example",
"name": "example",
"os": "example",
"description": "example",
"created_by": "example",
"type": "example"
}
]
}
},
"examples": {
"Example 1": {
"value": {
"reply": {}
}
}
}
}
}
},
"400": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"401": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"402": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"403": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"500": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
}
},
"requestBody": {
"content": {
"application/json": {
"schema": {
"request_data": {}
}
}
}
}
}
},
"/public_api/v1/automations/get_automation_rules": {
"post": {
"responses": {
"200": {
"content": {
"application/json": {
"schema": {
"reply": {
"data": [
{
"rule_id": "example",
"rule_priority": 0,
"rule_name": "example",
"rule_action": "example",
"action_params": {
"alert_status": "example",
"resolution_comment": "example",
"user": "example",
"assignment_status": "example"
},
"alerts_filter": {
"filter_data": {
"filter": {
"and": [
{
"or": [
{
"search_field": "example",
"search_type": "example",
"search_value": null
}
],
"search_field": "example",
"search_type": "example",
"search_value": null
}
]
}
}
},
"endpoints_filter": {},
"is_stop_processing": 0,
"rule_version": 0,
"version_triggers_count": 0,
"rule_status": "example",
"created_by": "example",
"modify_ts": 0
}
]
}
}
}
}
},
"400": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"401": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"402": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"403": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"500": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
}
},
"requestBody": {
"content": {
"application/json": {
"schema": {
"request": {}
}
}
}
}
}
},
"/public_api/v1/endpoints/terminate_process": {
"post": {
"responses": {
"200": {
"content": {
"application/json": {
"schema": {
"reply": {
"group_action_id": 0
}
}
}
}
},
"400": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"401": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"402": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"403": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"500": {
"content": {
"application/json": {
"schema": {}
}
}
}
},
"requestBody": {
"content": {
"application/json": {
"schema": {
"request_data": {
"agent_id": "example",
"instance_id": "example",
"process_name": "example",
"incident_id": "example"
}
},
"examples": {
"Example 1": {
"value": {
"request_data": {}
}
}
}
}
}
}
}
},
"/public_api/v1/endpoints/terminate_causality": {
"post": {
"responses": {
"200": {
"content": {
"application/json": {
"schema": {
"reply": {
"group_action_id": "example"
}
}
}
}
},
"400": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"401": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"402": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"403": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"500": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
}
},
"requestBody": {
"content": {
"application/json": {
"schema": {
"request_data": {
"agent_id": "example",
"causality_id": "example",
"process_name": "example",
"incident_id": "example"
}
},
"examples": {
"Example 1": {
"value": {
"request_data": {}
}
}
}
}
}
}
}
},
"/public_api/v1/integrations/syslog/create": {
"post": {
"responses": {
"200": {
"content": {
"application/json": {
"schema": {
"syslog_integration_id": 0,
"name": "example"
},
"examples": {
"Example 1": {
"value": {}
}
}
}
}
},
"400": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"401": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"402": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"403": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"500": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
}
},
"requestBody": {
"content": {
"application/json": {
"schema": {
"request_data": {
"name": "example",
"address": "example",
"port": 0,
"protocol": "TCP",
"facility": "example",
"security_info": {
"certificate_name": "example",
"ignore_cert_errors": false,
"certificate_content": "[binary file]"
}
}
},
"examples": {
"Example 1": {
"value": {
"request_data": {}
}
},
"Example 2": {
"value": {
"request_data": {
"security_info": {}
}
}
}
}
}
}
}
}
},
"/public_api/v1/integrations/syslog/get": {
"post": {
"responses": {
"200": {
"content": {
"application/json": {
"schema": {
"objects_count": 0,
"objects": [
{
"SYSLOG_INTEGRATION_ID": 0,
"SYSLOG_INTEGRATION_NAME": "example",
"SYSLOG_INTEGRATION_ADDRESS": "example",
"SYSLOG_INTEGRATION_PORT": 0,
"SYSLOG_INTEGRATION_PROTOCOL": "example",
"FACILITY": "example",
"SYSLOG_INTEGRATION_STATUS": "example",
"SYSLOG_INTEGRATION_ERROR": {},
"SYSLOG_INTEGRATION_CERTIFICATE_NAME": {},
"SYSLOG_INTEGRATION_IGNORE_CERTIFICATE_ERROR": "example"
}
]
}
}
}
},
"400": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"401": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"402": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"403": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"500": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
}
},
"requestBody": {
"content": {
"application/json": {
"schema": {
"request_data": {
"filters": [
{
"field": "name",
"operator": "eq",
"value": "example"
}
]
}
},
"examples": {
"Example 1": {
"value": {
"request_data": {}
}
},
"Example 2": {
"value": {
"request_data": {}
}
}
}
}
}
}
}
},
"/public_api/v1/integrations/syslog/update": {
"post": {
"responses": {
"200": {
"content": {
"application/json": {
"schema": {
"reply": false
}
}
}
},
"400": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"401": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"402": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"403": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"500": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
}
},
"requestBody": {
"content": {
"application/json": {
"schema": {
"request_data": {
"syslog_id": "example",
"name": "example",
"address": "example",
"port": "example",
"protocol": "TCP",
"facility": "example",
"security_info": {
"certificate_name": "example",
"ignore_cert_errors": false,
"certificate_content": "[binary file]"
}
}
},
"examples": {
"Example 1": {
"value": {
"request_data": {
"security_info": {}
}
}
}
}
}
}
}
}
},
"/public_api/v1/integrations/syslog/delete": {
"post": {
"responses": {
"200": {},
"400": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"401": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"402": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"403": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"500": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
}
},
"requestBody": {
"content": {
"application/json": {
"schema": {
"request_data": {
"filters": [
{
"field": "name",
"operator": "eq",
"value": "example"
}
]
}
},
"examples": {
"Example 1": {
"value": {
"request_data": {}
}
}
}
}
}
}
}
},
"/public_api/v1/integrations/syslog/test": {
"post": {
"responses": {
"200": {},
"400": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"401": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"402": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"403": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"500": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
}
},
"requestBody": {
"content": {
"application/json": {
"schema": {
"request_data": {
"syslog_id": "example",
"name": "example",
"address": "example",
"port": "example",
"protocol": "TCP",
"facility": "example",
"security_info": {
"certificate_name": "example",
"ignore_cert_errors": false,
"certificate_content": "[binary file]"
}
}
},
"examples": {
"Example 1": {
"value": {
"request_data": {}
}
}
}
}
}
}
}
},
"/public_api/v1/distributions/delete": {
"post": {
"responses": {
"200": {
"content": {
"application/json": {
"schema": {
"reply": false
},
"examples": {
"Example 1": {
"value": {}
}
}
}
}
}
},
"requestBody": {
"content": {
"application/json": {
"schema": {
"request_data": {
"distribution_id": "example"
}
},
"examples": {
"Example 1": {
"value": {
"request_data": {}
}
}
}
}
}
}
}
},
"/public_api/v1/authentication-settings/create": {
"post": {
"responses": {
"200": {
"content": {
"application/json": {
"schema": {
"reply": false
},
"examples": {
"Example 1": {
"value": {}
}
}
}
}
},
"400": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"401": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"402": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"403": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"500": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
}
},
"requestBody": {
"content": {
"application/json": {
"schema": {
"request_data": {
"name": "example",
"default_role": "example",
"is_account_role": false,
"domain": "example",
"mappings": {
"email": "example",
"firstname": "example",
"lastname": "example",
"group_name": "example"
},
"advanced_settings": {
"relay_state": "example",
"idp_single_logout_url": "example",
"service_provider_public_cert": "example",
"service_provider_private_key": "example",
"authn_context_enabled": false,
"force_authn": false
},
"idp_sso_url": "example",
"idp_certificate": "example",
"idp_issuer": "example",
"metadata_url": "example"
}
},
"examples": {
"Example 1": {
"value": {
"request_data": {
"mappings": {},
"advanced_settings": {}
}
}
}
}
}
}
}
}
},
"/public_api/v1/authentication-settings/update": {
"post": {
"requestBody": {
"content": {
"application/json": {
"schema": {
"request_data": {
"name": "example",
"default_role": "example",
"is_account_role": false,
"current_domain_value": "example",
"new_domain_value": "example",
"mappings": {
"email": "example",
"firstname": "example",
"lastname": "example",
"group_name": "example"
},
"advanced_settings": {
"relay_state": "example",
"idp_single_logout_url": "example",
"service_provider_public_cert": "example",
"service_provider_private_key": "example",
"authn_context_enabled": false,
"force_authn": false
},
"idp_sso_url": "example",
"idp_certificate": "example",
"idp_issuer": "example",
"metadata_url": "example"
}
},
"examples": {
"Example 1": {
"value": {
"request_data": {
"mappings": {},
"advanced_settings": {}
}
}
}
}
}
}
},
"responses": {
"200": {
"content": {
"application/json": {
"schema": {
"reply": false
}
}
}
},
"400": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"401": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"402": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"403": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"500": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
}
}
}
},
"/public_api/v1/authentication-settings/delete": {
"post": {
"responses": {
"200": {
"content": {
"application/json": {
"schema": {
"reply": false
},
"examples": {
"Example 1": {
"value": {}
}
}
}
}
},
"400": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"401": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"402": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"403": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"500": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
}
},
"requestBody": {
"content": {
"application/json": {
"schema": {
"request_data": {
"domain": "example"
}
},
"examples": {
"Example 1": {
"value": {
"request_data": {}
}
}
}
}
}
}
}
},
"/public_api/v1/authentication-settings/get/settings": {
"post": {
"responses": {
"200": {
"content": {
"application/json": {
"schema": {
"reply": [
{
"tenant_id": "example",
"name": "example",
"domain": "example",
"idp_enabled": false,
"default_role": null,
"is_account_role": null,
"idp_certificate": "example",
"idp_issuer": "example",
"idp_sso_url": "example",
"metadata_url": "example",
"mappings": {
"email": "example",
"firstname": "example",
"group_name": "example",
"lastname": "example"
},
"advanced_settings": {
"authn_context_enabled": false,
"force_authn": null,
"idp_single_logout_url": "example",
"relay_state": "example",
"service_provider_private_key": "example",
"service_provider_public_cert": "example"
},
"sp_entity_id": "example",
"sp_logout_url": "example",
"sp_url": "example"
}
]
},
"examples": {
"Example 1": {
"value": {}
}
}
}
}
},
"400": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"401": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"402": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"403": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"500": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
}
},
"requestBody": {
"content": {
"application/json": {
"schema": {
"request_data": {}
}
}
}
}
}
},
"/public_api/v1/authentication-settings/get/metadata": {
"post": {
"responses": {
"200": {
"content": {
"application/json": {
"schema": {
"reply": {
"sp_entity_id": "example",
"sp_logout_url": "example",
"sp_url": "example",
"tenant_id": "example"
}
},
"examples": {
"Example 1": {
"value": {
"reply": {}
}
}
}
}
}
},
"400": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"401": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"402": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"403": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
},
"500": {
"content": {
"application/json": {
"schema": {
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}
}
}
}
},
"requestBody": {
"content": {
"application/json": {
"schema": {
"request_data": {}
}
}
}
}
}
}
}
}Unauthorized access. User does not have the required license type to run this API.
Body
application/json
The query result upon error.
err_codestringHTTP response code.
HTTP response code.
err_msgstringError message.
Error message.
Example:
"{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}"err_extrastringAdditional information describing the error.
Additional information describing the error.
RESPONSE
{
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}Forbidden access. The provided API Key does not have the required RBAC permissions to run this API.
Body
application/json
The query result upon error.
err_codestringHTTP response code.
HTTP response code.
err_msgstringError message.
Error message.
Example:
"{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}"err_extrastringAdditional information describing the error.
Additional information describing the error.
RESPONSE
{
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}Internal server error. A unified status for API communication type errors. For example, test@test.com is not a valid Cortex XDR email address.
Body
application/json
The query result upon error.
err_codestringHTTP response code.
HTTP response code.
err_msgstringError message.
Error message.
Example:
"{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}"err_extrastringAdditional information describing the error.
Additional information describing the error.
RESPONSE
{
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}