Returns a list of all Next-Generation Firewalls (NGFWs) currently connected to the Cloud Logging and Collection Service (CLCS) for the authenticated tenant.
Each device in the response includes its serial number (device_id), the CSP account ID it belongs to, and the region it is deployed in.
Required license: This feature is included with a Cortex XSIAM Premium license. It is also included with any other Cortex XSIAM product that has the Cloud Runtime Security or Cloud Posture Security add-ons.
Required permission: Data Collection > Data Sources > View
Authorization
String
required
Your Cortex XSIAM API key.
Your Cortex XSIAM API key.
{api_key}
x-xdr-auth-id
String
required
Your Cortex XSIAM API key ID.
Your Cortex XSIAM API key ID.
{api_key_id}
x-xdr-nonce
String
A unique nonce value used for request authentication.
A unique nonce value used for request authentication.
0123456789abcdef
x-xdr-timestamp
String
The Unix timestamp in milliseconds at the time the request is sent.
The Unix timestamp in milliseconds at the time the request is sent.
1714118400000
curl -X 'GET'
-H
'Accept: application/json'
-H
'Authorization: {api_key}'
-H
'x-xdr-auth-id: {api_key_id}'
-H
'x-xdr-nonce: 0123456789abcdef'
-H
'x-xdr-timestamp: 1714118400000'
'https://api-yourfqdn/public_api/v1/clcs/get_connected_devices'
import http.client
conn = http.client.HTTPSConnection("api-yourfqdn")
headers = {
'Authorization': "{api_key}",
'x-xdr-auth-id': "{api_key_id}",
'x-xdr-nonce': "0123456789abcdef",
'x-xdr-timestamp': "1714118400000"
}
conn.request("GET", "/public_api/v1/clcs/get_connected_devices", headers=headers)
res = conn.getresponse()
data = res.read()
print(data.decode("utf-8"))require 'uri'
require 'net/http'
require 'openssl'
url = URI("https://api-yourfqdn/public_api/v1/clcs/get_connected_devices")
http = Net::HTTP.new(url.host, url.port)
http.use_ssl = true
http.verify_mode = OpenSSL::SSL::VERIFY_NONE
request = Net::HTTP::Get.new(url)
request["Authorization"] = '{api_key}'
request["x-xdr-auth-id"] = '{api_key_id}'
request["x-xdr-nonce"] = '0123456789abcdef'
request["x-xdr-timestamp"] = '1714118400000'
response = http.request(request)
puts response.read_bodyconst data = null;
const xhr = new XMLHttpRequest();
xhr.withCredentials = true;
xhr.addEventListener("readystatechange", function () {
if (this.readyState === this.DONE) {
console.log(this.responseText);
}
});
xhr.open("GET", "https://api-yourfqdn/public_api/v1/clcs/get_connected_devices");
xhr.setRequestHeader("Authorization", "{api_key}");
xhr.setRequestHeader("x-xdr-auth-id", "{api_key_id}");
xhr.setRequestHeader("x-xdr-nonce", "0123456789abcdef");
xhr.setRequestHeader("x-xdr-timestamp", "1714118400000");
xhr.send(data);HttpResponse<String> response = Unirest.get("https://api-yourfqdn/public_api/v1/clcs/get_connected_devices")
.header("Authorization", "{api_key}")
.header("x-xdr-auth-id", "{api_key_id}")
.header("x-xdr-nonce", "0123456789abcdef")
.header("x-xdr-timestamp", "1714118400000")
.asString();import Foundation
let headers = [
"Authorization": "{api_key}",
"x-xdr-auth-id": "{api_key_id}",
"x-xdr-nonce": "0123456789abcdef",
"x-xdr-timestamp": "1714118400000"
]
let request = NSMutableURLRequest(url: NSURL(string: "https://api-yourfqdn/public_api/v1/clcs/get_connected_devices")! as URL,
cachePolicy: .useProtocolCachePolicy,
timeoutInterval: 10.0)
request.httpMethod = "GET"
request.allHTTPHeaderFields = headers
let session = URLSession.shared
let dataTask = session.dataTask(with: request as URLRequest, completionHandler: { (data, response, error) -> Void in
if (error != nil) {
print(error)
} else {
let httpResponse = response as? HTTPURLResponse
print(httpResponse)
}
})
dataTask.resume()<?php
$curl = curl_init();
curl_setopt_array($curl, [
CURLOPT_URL => "https://api-yourfqdn/public_api/v1/clcs/get_connected_devices",
CURLOPT_RETURNTRANSFER => true,
CURLOPT_ENCODING => "",
CURLOPT_MAXREDIRS => 10,
CURLOPT_TIMEOUT => 30,
CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1,
CURLOPT_CUSTOMREQUEST => "GET",
CURLOPT_HTTPHEADER => [
"Authorization: {api_key}",
"x-xdr-auth-id: {api_key_id}",
"x-xdr-nonce: 0123456789abcdef",
"x-xdr-timestamp: 1714118400000"
],
]);
$response = curl_exec($curl);
$err = curl_error($curl);
curl_close($curl);
if ($err) {
echo "cURL Error #:" . $err;
} else {
echo $response;
}CURL *hnd = curl_easy_init();
curl_easy_setopt(hnd, CURLOPT_CUSTOMREQUEST, "GET");
curl_easy_setopt(hnd, CURLOPT_URL, "https://api-yourfqdn/public_api/v1/clcs/get_connected_devices");
struct curl_slist *headers = NULL;
headers = curl_slist_append(headers, "Authorization: {api_key}");
headers = curl_slist_append(headers, "x-xdr-auth-id: {api_key_id}");
headers = curl_slist_append(headers, "x-xdr-nonce: 0123456789abcdef");
headers = curl_slist_append(headers, "x-xdr-timestamp: 1714118400000");
curl_easy_setopt(hnd, CURLOPT_HTTPHEADER, headers);
CURLcode ret = curl_easy_perform(hnd);var client = new RestClient("https://api-yourfqdn/public_api/v1/clcs/get_connected_devices");
var request = new RestRequest(Method.GET);
request.AddHeader("Authorization", "{api_key}");
request.AddHeader("x-xdr-auth-id", "{api_key_id}");
request.AddHeader("x-xdr-nonce", "0123456789abcdef");
request.AddHeader("x-xdr-timestamp", "1714118400000");
IRestResponse response = client.Execute(request);A list of NGFW devices currently connected to CLCS.
The response envelope for the get connected devices operation.
replyobjectThe response payload containing the list of connected devices.
The response payload containing the list of connected devices.
devicesarrayrequiredA list of NGFW devices currently connected to CLCS. Returns an empty array if no devices are connected.
A list of NGFW devices currently connected to CLCS. Returns an empty array if no devices are connected.
[{"device_id":"01234567890","csp_account_id":123456,"region":"us"}]device_idstringrequiredThe unique serial number of the NGFW device.
The unique serial number of the NGFW device.
"01234567890"csp_account_idintegerrequiredThe CSP (Cloud Service Provider) account ID that the device belongs to.
The CSP (Cloud Service Provider) account ID that the device belongs to.
123456regionstringrequiredThe cloud region where the device is deployed.
The cloud region where the device is deployed.
"us"{
"reply": {
"devices": [
{
"device_id": "01234567890",
"csp_account_id": 123456,
"region": "us"
},
{
"device_id": "01234567891",
"csp_account_id": 123456,
"region": "eu"
}
]
}
}{
"reply": {
"devices": []
}
}Unauthorized. The API key or key ID is missing or invalid.
A standard error response envelope returned when a request fails.
replyobjectThe error payload containing the status code, message, and additional detail.
The error payload containing the status code, message, and additional detail.
err_codeintegerrequiredThe HTTP status code of the error.
The HTTP status code of the error.
400err_msgstringrequiredA short description of the error.
A short description of the error.
"Bad Request"err_extrastringAdditional detail about the error, including remediation guidance where applicable.
Additional detail about the error, including remediation guidance where applicable.
"Duplicate device IDs found: 01234567890"{
"reply": {
"err_code": 400,
"err_msg": "Bad Request",
"err_extra": "Duplicate device IDs found: 01234567890"
}
}Forbidden. The API key does not have the required permissions to list connected devices. Ensure the key has Data Collection > Data Sources > View permission.
A standard error response envelope returned when a request fails.
replyobjectThe error payload containing the status code, message, and additional detail.
The error payload containing the status code, message, and additional detail.
err_codeintegerrequiredThe HTTP status code of the error.
The HTTP status code of the error.
400err_msgstringrequiredA short description of the error.
A short description of the error.
"Bad Request"err_extrastringAdditional detail about the error, including remediation guidance where applicable.
Additional detail about the error, including remediation guidance where applicable.
"Duplicate device IDs found: 01234567890"{
"reply": {
"err_code": 400,
"err_msg": "Bad Request",
"err_extra": "Duplicate device IDs found: 01234567890"
}
}Internal server error. An unexpected error occurred on the server.
A standard error response envelope returned when a request fails.
replyobjectThe error payload containing the status code, message, and additional detail.
The error payload containing the status code, message, and additional detail.
err_codeintegerrequiredThe HTTP status code of the error.
The HTTP status code of the error.
400err_msgstringrequiredA short description of the error.
A short description of the error.
"Bad Request"err_extrastringAdditional detail about the error, including remediation guidance where applicable.
Additional detail about the error, including remediation guidance where applicable.
"Duplicate device IDs found: 01234567890"{
"reply": {
"err_code": 400,
"err_msg": "Bad Request",
"err_extra": "Duplicate device IDs found: 01234567890"
}
}