REST API documentation | GuardMode 2022.1

Fetch all alert types

get

Authorizations

Responses

200

Returns a collection of all possible alert types

application/json

get

GET /alerts/types HTTP/1.1
Host: 
Authorization: Basic username:password
Accept: */*

200

Returns a collection of all possible alert types

[
  {
    "id": 1,
    "name": "text"
  }
]

Update password for default user

put

Authorizations

Body

newPasswordstring · min: 5 · max: 20000Required

Responses

204

Password updated successfully

No content

400

Will be returned if body is not correct

application/json

500

Will be returned if there was error with parsing configuration file

put

PUT /authentication/password HTTP/1.1
Host: 
Authorization: Basic username:password
Content-Type: application/json-patch+json
Accept: */*
Content-Length: 22

{
  "newPassword": "text"
}

No content

Get all excluded paths

get

Authorizations

Responses

200

Returns array of excluded paths

404

Excluded paths file not found

get

GET /settings/excluded-paths HTTP/1.1
Host: 
Authorization: Basic username:password
Accept: */*

{
  "paths": [
    {
      "id": "123e4567-e89b-12d3-a456-426614174000",
      "path": "text",
      "user": "text"
    }
  ]
}

Create new excluded path

post

Authorizations

Body

pathstring · min: 1Required

userstring | nullableOptional

Responses

201

Returns single excluded path

400

Bad request was sent

404

Excluded paths file not found

409

Excluded path already exists

post

POST /settings/excluded-paths HTTP/1.1
Host: 
Authorization: Basic username:password
Content-Type: application/json-patch+json
Accept: */*
Content-Length: 29

{
  "path": "text",
  "user": "text"
}

{
  "id": "123e4567-e89b-12d3-a456-426614174000",
  "path": "text",
  "user": "text"
}

Get single excluded path

get

Authorizations

Path parameters

idstring · uuidRequired

Responses

200

Returns single excluded path

404

Excluded path not found or excluded paths file not found

get

GET /settings/excluded-paths/{id} HTTP/1.1
Host: 
Authorization: Basic username:password
Accept: */*

{
  "id": "123e4567-e89b-12d3-a456-426614174000",
  "path": "text",
  "user": "text"
}

Remove excluded path

delete

Authorizations

Path parameters

idstring · uuidRequired

Responses

204

Excluded path was removed

No content

404

Excluded paths file not found

delete

DELETE /settings/excluded-paths/{id} HTTP/1.1
Host: 
Authorization: Basic username:password
Accept: */*

No content

Fetch all file system event types

get

Authorizations

Responses

200

Returns a collection of all possible file system event types

application/json

get

GET /events/types HTTP/1.1
Host: 
Authorization: Basic username:password
Accept: */*

200

Returns a collection of all possible file system event types

[
  {
    "id": 1,
    "name": "text"
  }
]

Fetch file system events from database

get

Authorizations

Query parameters

Startstring · date-timeOptional

Endstring · date-timeOptional

Limitinteger · int32 · min: 1 · max: 5000Optional

CursorstringOptional

incidentstring · uuidOptional

Responses

200

Returns a response object containing the collection of file system events

application/json

400

Will be returned if request is not valid

application/json

404

Incident with provided id was not found

application/json

get

GET /events HTTP/1.1
Host: 
Authorization: Basic username:password
Accept: */*

{
  "events": [
    {
      "filename": "text",
      "oldFilename": "text",
      "occurrenceTimeStamp": "2025-10-16T01:36:42.545Z",
      "insertionTimeStamp": "2025-10-16T01:36:42.545Z",
      "type": {
        "id": 1,
        "name": "text"
      },
      "username": "text",
      "pid": 1,
      "networkUsername": "text"
    }
  ],
  "nextRequestCursor": "text",
  "numberOfItems": 1
}

Get current file system events configuration.

get

Authorizations

Responses

200

Returns file system events configuration

application/json

get

GET /settings/events HTTP/1.1
Host: 
Authorization: Basic username:password
Accept: */*

200

Returns file system events configuration

{
  "queryingDelay": "text",
  "savingDelay": "text"
}

Update file system events configuration.

put

Authorizations

Body

queryingDelaystring · date-spanOptional

savingDelaystring · date-spanOptional

Responses

200

File system events configuration has been updated

application/json

400

Bad request was sent

application/json

put

PUT /settings/events HTTP/1.1
Host: 
Authorization: Basic username:password
Content-Type: application/json-patch+json
Accept: */*
Content-Length: 45

{
  "queryingDelay": "text",
  "savingDelay": "text"
}

{
  "queryingDelay": "text",
  "savingDelay": "text"
}

Get current honeypot configuration.

get

Authorizations

Responses

200

Honeypot configuration has been updated

get

GET /settings/honeypot HTTP/1.1
Host: 
Authorization: Basic username:password
Accept: */*

200

Honeypot configuration has been updated

{
  "sourcePath": "text",
  "placementPaths": [
    "text"
  ]
}

Add placement path to honeypot configuration

post

Authorizations

Body

placementPathstring · min: 1Required

Responses

200

Placement path added

400

Bad request was sent

post

POST /settings/honeypot HTTP/1.1
Host: 
Authorization: Basic username:password
Content-Type: application/json-patch+json
Accept: */*
Content-Length: 24

{
  "placementPath": "text"
}

{
  "sourcePath": "text",
  "placementPaths": [
    "text"
  ]
}

Update honeypot configuration.

put

Authorizations

Body

placementPathsstring[]Required

Responses

200

Honeypot configuration has been updated

400

Bad request was sent

put

PUT /settings/honeypot HTTP/1.1
Host: 
Authorization: Basic username:password
Content-Type: application/json-patch+json
Accept: */*
Content-Length: 27

{
  "placementPaths": [
    "text"
  ]
}

{
  "sourcePath": "text",
  "placementPaths": [
    "text"
  ]
}

Remove placement path from honeypot configuration

delete

Authorizations

Query parameters

pathstringOptional

Responses

200

Placement path removed

400

Bad request was sent

delete

DELETE /settings/honeypot HTTP/1.1
Host: 
Authorization: Basic username:password
Accept: */*

{
  "sourcePath": "text",
  "placementPaths": [
    "text"
  ]
}

Get current security incident detection configuration

get

Authorizations

Responses

200

Returns current configuration

application/json

get

GET /settings/security-incidents HTTP/1.1
Host: 
Authorization: Basic username:password
Accept: */*

200

Returns current configuration

{
  "enabled": true,
  "inactivityPeriod": "text"
}

Update security incident detection configuration

put

Authorizations

Body

Security incident detection configuration update request

enabledbooleanRequired

Indicates if security incident detection is enabled

inactivityPeriodstring · date-spanRequired

A period of inactivity after which incidents will be closed

Responses

200

Returns successfully updated configuration

application/json

400

Bad request was sent

application/json

put

PUT /settings/security-incidents HTTP/1.1
Host: 
Authorization: Basic username:password
Content-Type: application/json-patch+json
Accept: */*
Content-Length: 42

{
  "enabled": true,
  "inactivityPeriod": "text"
}

{
  "enabled": true,
  "inactivityPeriod": "text"
}

Get all security incidents

get

Authorizations

Query parameters

userstringOptional

Responses

200

Returns a list of all detected security incidents

application/json

get

GET /security-incidents HTTP/1.1
Host: 
Authorization: Basic username:password
Accept: */*

200

Returns a list of all detected security incidents

[
  {
    "id": "123e4567-e89b-12d3-a456-426614174000",
    "user": "text",
    "start": "2025-10-16T01:36:42.545Z",
    "end": "2025-10-16T01:36:42.545Z"
  }
]

Get all alerts linked to a specified incident

get

Authorizations

Path parameters

idstring · uuidRequired

Responses

200

Returns a list of linked alerts

application/json

get

GET /security-incidents/{id}/alerts HTTP/1.1
Host: 
Authorization: Basic username:password
Accept: */*

200

Returns a list of linked alerts

[
  {
    "id": "123e4567-e89b-12d3-a456-426614174000",
    "occurredAt": "2025-10-16T01:36:42.545Z",
    "type": {
      "id": 1,
      "name": "text"
    },
    "userName": "text"
  }
]

Returns block list info

get

Authorizations

Responses

200

Returns block list info

404

Block list file not found

get

GET /settings/block-list HTTP/1.1
Host: 
Authorization: Basic username:password
Accept: */*

{
  "lastUpdated": "2025-10-16T01:36:42.545Z",
  "patternFilters": [
    {
      "regex": {
        "options": 0,
        "rightToLeft": true,
        "matchTimeout": "text"
      },
      "value": "text"
    }
  ]
}

Update block list patterns

put

Authorizations

Body

lastUpdatedstring · date-timeRequired

filtersstring[]Required

Responses

204

Block list patterns were updated

No content

304

Block list was not modified because it is already up to date

400

Bad request was sent

put

PUT /settings/block-list HTTP/1.1
Host: 
Authorization: Basic username:password
Content-Type: application/json-patch+json
Accept: */*
Content-Length: 61

{
  "lastUpdated": "2025-10-16T01:36:42.545Z",
  "filters": [
    "text"
  ]
}

No content

Returns skip list info

get

Authorizations

Responses

200

Returns skip list info

404

Skip list file not found

get

GET /settings/block-list/skip HTTP/1.1
Host: 
Authorization: Basic username:password
Accept: */*

{
  "filters": [
    {
      "id": "123e4567-e89b-12d3-a456-426614174000",
      "createdDate": "2025-10-16T01:36:42.545Z",
      "pattern": "text"
    }
  ]
}

Add pattern to skip list

post

Authorizations

Body

patternstring · min: 1Required

Responses

204

Skip pattern added

No content

400

Bad request was sent

404

Skip list file not found

409

Pattern already exists in skip list

post

POST /settings/block-list/skip HTTP/1.1
Host: 
Authorization: Basic username:password
Content-Type: application/json-patch+json
Accept: */*
Content-Length: 18

{
  "pattern": "text"
}

No content

Update skip list patterns

put

Authorizations

Body

filtersstring[]Required

Responses

204

Skip list patterns updated

No content

400

Bad request was sent

put

PUT /settings/block-list/skip HTTP/1.1
Host: 
Authorization: Basic username:password
Content-Type: application/json-patch+json
Accept: */*
Content-Length: 20

{
  "filters": [
    "text"
  ]
}

No content

Remove pattern from skip list

delete

Authorizations

Path parameters

idstring · uuidRequired

Responses

204

Skip pattern removed

No content

400

Bad request was sent

404

Skip list file not found

delete

DELETE /settings/block-list/skip/{id} HTTP/1.1
Host: 
Authorization: Basic username:password
Accept: */*

No content

Returns current SMB monitoring configuration

get

Authorizations

Responses

200

Configuration retrieval succeeded

application/json

get

GET /settings/smb HTTP/1.1
Host: 
Authorization: Basic username:password
Accept: */*

200

Configuration retrieval succeeded

{
  "enabled": true,
  "message": {
    "separator": "text",
    "template": "text"
  },
  "listener": {
    "port": 1,
    "endMarker": "text"
  }
}

Updates SMB monitoring configuration

put

Authorizations

Body

enabledbooleanRequired

Responses

200

Configuration update succeeded

application/json

400

Bad request was sent

application/json

put

PUT /settings/smb HTTP/1.1
Host: 
Authorization: Basic username:password
Content-Type: application/json-patch+json
Accept: */*
Content-Length: 106

{
  "enabled": true,
  "message": {
    "separator": "text",
    "template": "text"
  },
  "listener": {
    "port": 1,
    "endMarker": "text"
  }
}

{
  "enabled": true,
  "message": {
    "separator": "text",
    "template": "text"
  },
  "listener": {
    "port": 1,
    "endMarker": "text"
  }
}

Get current threshold configuration.

get

Authorizations

Responses

200

Threshold configuration has been updated

get

GET /settings/threshold HTTP/1.1
Host: 
Authorization: Basic username:password
Accept: */*

200

Threshold configuration has been updated

{
  "entropyCheck": {
    "enabled": true,
    "maxCheckAttempts": 1
  },
  "magicNumberCheck": {
    "enabled": true,
    "filesChecked": 1
  },
  "numberOfBuckets": 1,
  "pointsLimit": 1,
  "writesPerSecond": {
    "high": 1,
    "medium": 1,
    "low": 1
  },
  "riskWeights": {
    "high": 1,
    "medium": 1,
    "low": 1
  }
}

Update threshold configuration.

put

Authorizations

Body

numberOfBucketsinteger · int32 · max: 1000Required

Number of threshold buckets

pointsLimitinteger · int32 · max: 1000Required

Limit of data points to analyze

Responses

200

Threshold configuration has been updated

400

Bad request was sent

put

PUT /settings/threshold HTTP/1.1
Host: 
Authorization: Basic username:password
Content-Type: application/json-patch+json
Accept: */*
Content-Length: 235

{
  "entropyCheck": {
    "enabled": true,
    "maxCheckAttempts": 1
  },
  "magicNumberCheck": {
    "enabled": true,
    "filesChecked": 1
  },
  "numberOfBuckets": 1,
  "pointsLimit": 1,
  "writesPerSecond": {
    "high": 1,
    "medium": 1,
    "low": 1
  },
  "riskWeights": {
    "high": 1,
    "medium": 1,
    "low": 1
  }
}

{
  "entropyCheck": {
    "enabled": true,
    "maxCheckAttempts": 1
  },
  "magicNumberCheck": {
    "enabled": true,
    "filesChecked": 1
  },
  "numberOfBuckets": 1,
  "pointsLimit": 1,
  "writesPerSecond": {
    "high": 1,
    "medium": 1,
    "low": 1
  },
  "riskWeights": {
    "high": 1,
    "medium": 1,
    "low": 1
  }
}