REST API Documentation

PreviousAgent CLI Reference NextOn-demand Scanning

delete

DELETE /settings/tags/{id} HTTP/1.1
Host: 
Authorization: Basic username:password
api-version: text
Accept: */*

No content

Get current file system events configuration

get

Authorizations

Header parameters

api-versionstringRequired

Responses

get

GET /settings/events HTTP/1.1
Host: 
Authorization: Basic username:password
api-version: text
Accept: */*

200

Current file system events configuration

{
  "queryingDelay": "text",
  "savingDelay": "text",
  "incidentDetection": {
    "enabled": true,
    "inactivityPeriod": "text"
  }
}

get

GET /settings/excluded-paths HTTP/1.1
Host: 
Authorization: Basic username:password
api-version: text
Accept: */*

{
  "paths": [
    {
      "id": "123e4567-e89b-12d3-a456-426614174000",
      "path": "text",
      "user": "text"
    }
  ]
}

get

GET /settings/excluded-paths/{id} HTTP/1.1
Host: 
Authorization: Basic username:password
api-version: text
Accept: */*

{
  "id": "123e4567-e89b-12d3-a456-426614174000",
  "path": "text",
  "user": "text"
}

delete

DELETE /settings/excluded-paths/{id} HTTP/1.1
Host: 
Authorization: Basic username:password
api-version: text
Accept: */*

No content

get

GET /settings/reports/file-event-report HTTP/1.1
Host: 
Authorization: Basic username:password
api-version: text
Accept: */*

200

Success

{
  "enabled": true,
  "timeZone": "text",
  "scheduledHours": [
    "13:42:14"
  ]
}

delete

DELETE /settings/reports/file-event-report/hours HTTP/1.1
Host: 
Authorization: Basic username:password
api-version: text
Accept: */*

{
  "enabled": true,
  "timeZone": "text",
  "scheduledHours": [
    "13:42:14"
  ]
}

get

GET /settings/reports/file-event-report/excluded-paths HTTP/1.1
Host: 
Authorization: Basic username:password
api-version: text
Accept: */*

200

Success

[
  {
    "id": "123e4567-e89b-12d3-a456-426614174000",
    "path": "text",
    "user": "text"
  }
]

delete

DELETE /settings/reports/file-event-report/excluded-paths/{id} HTTP/1.1
Host: 
Authorization: Basic username:password
api-version: text
Accept: */*

No content

get

GET /settings/reports/file-event-report/timezones HTTP/1.1
Host: 
Authorization: Basic username:password
api-version: text
Accept: */*

200

Success

[
  {
    "id": "text",
    "offset": "text"
  }
]

get

GET /settings/file-integrity HTTP/1.1
Host: 
Authorization: Basic username:password
api-version: text
Accept: */*

200

File integrity configuration

{
  "enabled": true,
  "paths": [
    {
      "id": "123e4567-e89b-12d3-a456-426614174000",
      "prefix": "text",
      "checkFileContents": true
    }
  ]
}

delete

DELETE /settings/file-integrity HTTP/1.1
Host: 
Authorization: Basic username:password
api-version: text
Accept: */*

{
  "enabled": true,
  "paths": [
    {
      "id": "123e4567-e89b-12d3-a456-426614174000",
      "prefix": "text",
      "checkFileContents": true
    }
  ]
}

List all file system event types

get

Authorizations

Header parameters

api-versionstringRequired

Responses

get

GET /events/types HTTP/1.1
Host: 
Authorization: Basic username:password
api-version: text
Accept: */*

200

A collection of all file system event types

[
  {
    "id": 1,
    "name": "text"
  }
]

List file system events

get

Authorizations

Query parameters

Startstring · date-timeOptional

Endstring · date-timeOptional

Limitinteger · int32 · min: 1 · max: 5000Optional

CursorstringOptional

incidentstring · uuidOptional

Header parameters

api-versionstringRequired

Responses

get

GET /events HTTP/1.1
Host: 
Authorization: Basic username:password
api-version: text
Accept: */*

{
  "events": [
    {
      "filename": "text",
      "oldFilename": "text",
      "occurrenceTimeStamp": "2025-04-27T13:42:14.045Z",
      "insertionTimeStamp": "2025-04-27T13:42:14.045Z",
      "type": {
        "id": 1,
        "name": "text"
      },
      "username": "text",
      "pid": 1,
      "networkUsername": "text"
    }
  ],
  "nextRequestCursor": "text",
  "numberOfItems": 1
}

get

GET /settings/honeypot HTTP/1.1
Host: 
Authorization: Basic username:password
api-version: text
Accept: */*

200

Current honeypot configuration

{
  "sourcePath": "text",
  "placementPaths": [
    "text"
  ]
}

delete

DELETE /settings/honeypot HTTP/1.1
Host: 
Authorization: Basic username:password
api-version: text
Accept: */*

{
  "sourcePath": "text",
  "placementPaths": [
    "text"
  ]
}

List all security incidents

get

Authorizations

Query parameters

userstringOptional

User name. Only includes the incidents which were created for a specific user

Header parameters

api-versionstringRequired

Responses

get

GET /security-incidents HTTP/1.1
Host: 
Authorization: Basic username:password
api-version: text
Accept: */*

200

A list of all detected security incidents

[
  {
    "id": "123e4567-e89b-12d3-a456-426614174000",
    "user": "text",
    "start": "2025-04-27T13:42:14.045Z",
    "end": "2025-04-27T13:42:14.045Z"
  }
]

List all affected files linked to an incident with provided identifier

get

Authorizations

Path parameters

incidentIdstring · uuidRequired

Incident identifier

Query parameters

Limitinteger · int32 · min: 1 · max: 2000Optional

Maximum number of entries to be returned

CursorstringOptional

Cursor to filter out already returned entries

Header parameters

api-versionstringRequired

Responses

get

GET /security-incidents/{incidentId}/files HTTP/1.1
Host: 
Authorization: Basic username:password
api-version: text
Accept: */*

[
  {
    "originalPath": "text",
    "mostRecentPath": "text",
    "firstModificationTime": "2025-04-27T13:42:14.045Z",
    "modification": {
      "id": 1,
      "name": "text"
    }
  }
]

Get suspicious events connected to an incident with provided identifier

get

Authorizations

Path parameters

idstring · uuidRequired

Incident identifier

Query parameters

Startstring · date-timeOptional

Endstring · date-timeOptional

Limitinteger · int32 · min: 1 · max: 5000Optional

CursorstringOptional

Header parameters

api-versionstringRequired

Responses

get

GET /security-incidents/{id}/events HTTP/1.1
Host: 
Authorization: Basic username:password
api-version: text
Accept: */*

{
  "events": [
    {
      "filename": "text",
      "oldFilename": "text",
      "occurrenceTimeStamp": "2025-04-27T13:42:14.045Z",
      "insertionTimeStamp": "2025-04-27T13:42:14.045Z",
      "type": {
        "id": 1,
        "name": "text"
      },
      "username": "text",
      "pid": 1,
      "networkUsername": "text"
    }
  ],
  "nextRequestCursor": "text",
  "numberOfItems": 1
}

Get all possible values of affected file modification types

get

Authorizations

Header parameters

api-versionstringRequired

Responses

get

GET /security-incidents/modification-types HTTP/1.1
Host: 
Authorization: Basic username:password
api-version: text
Accept: */*

200

A list of all possible values of affected file modification types

[
  {
    "id": 1,
    "name": "text"
  }
]

Removes the current registration from a management server

delete

Authorizations

Header parameters

api-versionstringRequired

Responses

delete

DELETE /registrations HTTP/1.1
Host: 
Authorization: Basic username:password
api-version: text
Accept: */*

204

Registration is removed

No content

get

GET /settings/block-list HTTP/1.1
Host: 
Authorization: Basic username:password
api-version: text
Accept: */*

200

Current block list data

{
  "lastUpdated": "2025-04-27T13:42:14.045Z",
  "fileGroupCount": 1
}

get

GET /settings/block-list/skip HTTP/1.1
Host: 
Authorization: Basic username:password
api-version: text
Accept: */*

200

Current skip list

{
  "filters": [
    {
      "id": "123e4567-e89b-12d3-a456-426614174000",
      "createdDate": "2025-04-27T13:42:14.045Z",
      "pattern": "text"
    }
  ]
}

delete

DELETE /settings/block-list/skip/{id} HTTP/1.1
Host: 
Authorization: Basic username:password
api-version: text
Accept: */*

No content

get

GET /scans HTTP/1.1
Host: 
Authorization: Basic username:password
api-version: text
Accept: */*

[
  {
    "id": "123e4567-e89b-12d3-a456-426614174000",
    "startedAt": "2025-04-27T13:42:14.045Z",
    "endedAt": "2025-04-27T13:42:14.045Z",
    "lastScannedPath": "text",
    "scannedFilesCount": 1,
    "suspiciousFilesCount": 1,
    "state": {
      "id": 1,
      "name": "text"
    },
    "pathsToScan": [
      {
        "value": "text",
        "errorMessage": "text"
      }
    ]
  }
]

get

GET /scans/{id} HTTP/1.1
Host: 
Authorization: Basic username:password
api-version: text
Accept: */*

{
  "id": "123e4567-e89b-12d3-a456-426614174000",
  "startedAt": "2025-04-27T13:42:14.045Z",
  "endedAt": "2025-04-27T13:42:14.045Z",
  "lastScannedPath": "text",
  "scannedFilesCount": 1,
  "suspiciousFilesCount": 1,
  "state": {
    "id": 1,
    "name": "text"
  },
  "pathsToScan": [
    {
      "value": "text",
      "errorMessage": "text"
    }
  ]
}

get

GET /scans/{id}/suspicious-files HTTP/1.1
Host: 
Authorization: Basic username:password
api-version: text
Accept: */*

{
  "id": "123e4567-e89b-12d3-a456-426614174000",
  "startedAt": "2025-04-27T13:42:14.045Z",
  "endedAt": "2025-04-27T13:42:14.045Z",
  "lastScannedPath": "text",
  "scannedFilesCount": 1,
  "suspiciousFilesCount": 1,
  "state": {
    "id": 1,
    "name": "text"
  },
  "pathsToScan": [
    {
      "value": "text",
      "errorMessage": "text"
    }
  ]
}

post

POST /scans/{id}/stop HTTP/1.1
Host: 
Authorization: Basic username:password
api-version: text
Accept: */*

No content

Returns current SMB monitoring configuration

get

Authorizations

Header parameters

api-versionstringRequired

Responses

get

GET /settings/smb HTTP/1.1
Host: 
Authorization: Basic username:password
api-version: text
Accept: */*

200

Current SMB monitoring configuration

{
  "enabled": true,
  "message": {
    "template": "text"
  },
  "listener": {
    "port": 1,
    "endMarker": "text"
  }
}

get

GET /settings/threshold HTTP/1.1
Host: 
Authorization: Basic username:password
api-version: text
Accept: */*

200

Current threshold configuration

{
  "entropyCheck": {
    "enabled": true,
    "maxCheckAttempts": 1
  },
  "magicNumberCheck": {
    "enabled": true,
    "filesChecked": 1
  },
  "numberOfBuckets": 1,
  "pointsLimit": 1,
  "writesPerSecond": {
    "high": 1,
    "medium": 1,
    "low": 1
  },
  "riskWeights": {
    "high": 1,
    "medium": 1,
    "low": 1
  }
}

get

GET /settings/tags HTTP/1.1
Host: 
Authorization: Basic username:password
api-version: text
Accept: */*

200

A list of all currently added tags

[
  {
    "id": "123e4567-e89b-12d3-a456-426614174000",
    "tag": "text",
    "createdAt": "2025-04-27T13:42:14.045Z"
  }
]

post

POST /settings/tags HTTP/1.1
Host: 
Authorization: Basic username:password
api-version: text
Content-Type: application/json-patch+json
Accept: */*
Content-Length: 14

{
  "tag": "text"
}

{
  "id": "123e4567-e89b-12d3-a456-426614174000",
  "tag": "text",
  "createdAt": "2025-04-27T13:42:14.045Z"
}

Update password for default user

put

Authorizations

Header parameters

api-versionstringRequired

Body

newPasswordstring · min: 5 · max: 20000Required

Responses

put

PUT /authentication/password HTTP/1.1
Host: 
Authorization: Basic username:password
api-version: text
Content-Type: application/json-patch+json
Accept: */*
Content-Length: 22

{
  "newPassword": "text"
}

No content

Deprecated

Update file system events configuration

put

Authorizations

Header parameters

api-versionstringRequired

Body

queryingDelaystring · date-spanOptional

savingDelaystring · date-spanOptional

Responses

put

PUT /settings/events HTTP/1.1
Host: 
Authorization: Basic username:password
api-version: text
Content-Type: application/json-patch+json
Accept: */*
Content-Length: 45

{
  "queryingDelay": "text",
  "savingDelay": "text"
}

{
  "queryingDelay": "text",
  "savingDelay": "text",
  "incidentDetection": {
    "enabled": true,
    "inactivityPeriod": "text"
  }
}

post

POST /settings/excluded-paths HTTP/1.1
Host: 
Authorization: Basic username:password
api-version: text
Content-Type: application/json-patch+json
Accept: */*
Content-Length: 29

{
  "path": "text",
  "user": "text"
}

{
  "id": "123e4567-e89b-12d3-a456-426614174000",
  "path": "text",
  "user": "text"
}

put

PUT /settings/reports/file-event-report HTTP/1.1
Host: 
Authorization: Basic username:password
api-version: text
Content-Type: application/json-patch+json
Accept: */*
Content-Length: 34

{
  "enabled": true,
  "timeZone": "text"
}

{
  "enabled": true,
  "timeZone": "text",
  "scheduledHours": [
    "13:42:14"
  ]
}

post

POST /settings/reports/file-event-report/hours HTTP/1.1
Host: 
Authorization: Basic username:password
api-version: text
Content-Type: application/json-patch+json
Accept: */*
Content-Length: 19

{
  "hour": "13:42:14"
}

{
  "enabled": true,
  "timeZone": "text",
  "scheduledHours": [
    "13:42:14"
  ]
}

post

POST /settings/reports/file-event-report/excluded-paths HTTP/1.1
Host: 
Authorization: Basic username:password
api-version: text
Content-Type: application/json-patch+json
Accept: */*
Content-Length: 29

{
  "path": "text",
  "user": "text"
}

{
  "id": "123e4567-e89b-12d3-a456-426614174000",
  "prefix": {
    "isQualified": true,
    "fileName": "text"
  },
  "username": "text"
}

post

POST /settings/file-integrity HTTP/1.1
Host: 
Authorization: Basic username:password
api-version: text
Content-Type: application/json-patch+json
Accept: */*
Content-Length: 42

{
  "prefix": "text",
  "checkFileContents": true
}

{
  "enabled": true,
  "paths": [
    {
      "id": "123e4567-e89b-12d3-a456-426614174000",
      "prefix": "text",
      "checkFileContents": true
    }
  ]
}

put

PUT /settings/file-integrity HTTP/1.1
Host: 
Authorization: Basic username:password
api-version: text
Content-Type: application/json-patch+json
Accept: */*
Content-Length: 16

{
  "enabled": true
}

{
  "enabled": true,
  "paths": [
    {
      "id": "123e4567-e89b-12d3-a456-426614174000",
      "prefix": "text",
      "checkFileContents": true
    }
  ]
}

put

PUT /settings/file-integrity/{id} HTTP/1.1
Host: 
Authorization: Basic username:password
api-version: text
Content-Type: application/json-patch+json
Accept: */*
Content-Length: 26

{
  "checkFileContents": true
}

{
  "enabled": true,
  "paths": [
    {
      "id": "123e4567-e89b-12d3-a456-426614174000",
      "prefix": "text",
      "checkFileContents": true
    }
  ]
}

post

POST /settings/honeypot HTTP/1.1
Host: 
Authorization: Basic username:password
api-version: text
Content-Type: application/json-patch+json
Accept: */*
Content-Length: 24

{
  "placementPath": "text"
}

{
  "sourcePath": "text",
  "placementPaths": [
    "text"
  ]
}

put

PUT /settings/honeypot HTTP/1.1
Host: 
Authorization: Basic username:password
api-version: text
Content-Type: application/json-patch+json
Accept: */*
Content-Length: 27

{
  "placementPaths": [
    "text"
  ]
}

{
  "sourcePath": "text",
  "placementPaths": [
    "text"
  ]
}

post

POST /registrations HTTP/1.1
Host: 
Authorization: Basic username:password
api-version: text
Content-Type: application/json-patch+json
Accept: */*
Content-Length: 150

{
  "instance_id": "123e4567-e89b-12d3-a456-426614174000",
  "server_address": "text",
  "key_id": "123e4567-e89b-12d3-a456-426614174000",
  "api_key_secret": "text"
}

{
  "fqdn": "text",
  "operatingSystem": "text"
}

put

PUT /settings/block-list HTTP/1.1
Host: 
Authorization: Basic username:password
api-version: text
Content-Type: application/json-patch+json
Accept: */*
Content-Length: 62

{
  "lastUpdated": "2025-04-27T13:42:14.045Z",
  "filters": [
    "*.exe"
  ]
}

No content

post

POST /settings/block-list/skip HTTP/1.1
Host: 
Authorization: Basic username:password
api-version: text
Content-Type: application/json-patch+json
Accept: */*
Content-Length: 18

{
  "pattern": "text"
}

No content

put

PUT /settings/block-list/skip HTTP/1.1
Host: 
Authorization: Basic username:password
api-version: text
Content-Type: application/json-patch+json
Accept: */*
Content-Length: 21

{
  "filters": [
    "*.exe"
  ]
}

No content

post

POST /scans HTTP/1.1
Host: 
Authorization: Basic username:password
api-version: text
Content-Type: application/json-patch+json
Accept: */*
Content-Length: 66

{
  "paths": [
    "text"
  ],
  "checkBlockListPatterns": true,
  "sendAlerts": true
}

No content

Updates SMB monitoring configuration

put

Authorizations

Header parameters

api-versionstringRequired

Body

enabledbooleanRequired

Responses

put

PUT /settings/smb HTTP/1.1
Host: 
Authorization: Basic username:password
api-version: text
Content-Type: application/json-patch+json
Accept: */*
Content-Length: 87

{
  "enabled": true,
  "message": {
    "template": "text"
  },
  "listener": {
    "port": 1,
    "endMarker": "text"
  }
}

{
  "enabled": true,
  "message": {
    "template": "text"
  },
  "listener": {
    "port": 1,
    "endMarker": "text"
  }
}

put

PUT /settings/threshold HTTP/1.1
Host: 
Authorization: Basic username:password
api-version: text
Content-Type: application/json-patch+json
Accept: */*
Content-Length: 235

{
  "entropyCheck": {
    "enabled": true,
    "maxCheckAttempts": 1
  },
  "magicNumberCheck": {
    "enabled": true,
    "filesChecked": 1
  },
  "numberOfBuckets": 1,
  "pointsLimit": 1,
  "writesPerSecond": {
    "high": 1,
    "medium": 1,
    "low": 1
  },
  "riskWeights": {
    "high": 1,
    "medium": 1,
    "low": 1
  }
}

{
  "entropyCheck": {
    "enabled": true,
    "maxCheckAttempts": 1
  },
  "magicNumberCheck": {
    "enabled": true,
    "filesChecked": 1
  },
  "numberOfBuckets": 1,
  "pointsLimit": 1,
  "writesPerSecond": {
    "high": 1,
    "medium": 1,
    "low": 1
  },
  "riskWeights": {
    "high": 1,
    "medium": 1,
    "low": 1
  }
}

Removes an agent tag

Get current file system events configuration

Get all excluded paths

Get single excluded path

Remove excluded path

Returns current file integrity configuration

Removes path with specified ID from file integrity configuration

List all file system event types

List file system events

Get current honeypot configuration

Remove placement path from honeypot configuration

List all security incidents

List all affected files linked to an incident with provided identifier

Get suspicious events connected to an incident with provided identifier

Get all possible values of affected file modification types

Removes the current registration from a management server

Returns block list information

Returns skip list information

Remove a pattern from skip list

Get all scans

Get a scan with a given ID

Get suspicious files' details from a scan with a given ID

Attempts to stop a scan with given ID

Returns current SMB monitoring configuration

Get current threshold configuration.

Get OpenTelemetry metrics of the Agent as a Prometheus log

Get Agent's healtcheck

Returns all agent tags

Adds a new agent tag

Update password for default user

Update file system events configuration

Create new excluded path

Adds new monitored path to file integrity configuration

Updates file integrity strategy configuration

Updates one of monitored paths

Add placement path to honeypot configuration

Update honeypot configuration

Registers the agent's node with a management server

Update block list patterns

Add a pattern to skip list

Update skip list patterns

Start new scan

Updates SMB monitoring configuration

Update threshold configuration.