Catalogic Software Knowledge Base MySupport

REST API Documentation

PreviousUsing GuardMode Agent Command Line NextOn-demand Scanning

Last updated 6 months ago

Returns all agent tags

get

/settings/tags

Authorizations

Header parameters

api-versionstringrequired

Responses

cURL

JavaScript

Python

HTTP

curl -L \
  --url '/settings/tags' \
  --header 'Authorization: Basic username:password' \
  --header 'api-version: text'

200

text/plain

application/json

text/json

[
  {
    "id": "123e4567-e89b-12d3-a456-426614174000",
    "tag": "text",
    "createdAt": "2025-02-28T07:02:47.194Z"
  }
]

A list of all currently added tags

Adds a new agent tag

post

/settings/tags

Authorizations

Header parameters

api-versionstringrequired

Body

tagstring · min: 1 · max: 250required

Responses

cURL

JavaScript

Python

HTTP

curl -L \
  --request POST \
  --url '/settings/tags' \
  --header 'Authorization: Basic username:password' \
  --header 'api-version: text' \
  --header 'Content-Type: application/json-patch+json' \
  --data '{
    "tag": "text"
  }'

201

400

409

text/plain

application/json

text/json

{
  "id": "123e4567-e89b-12d3-a456-426614174000",
  "tag": "text",
  "createdAt": "2025-02-28T07:02:47.194Z"
}

Tag was successfully added

Removes an agent tag

delete

/settings/tags/{id}

Authorizations

Path parameters

idstring · uuidrequired

Header parameters

api-versionstringrequired

Responses

cURL

JavaScript

Python

HTTP

curl -L \
  --request DELETE \
  --url '/settings/tags/{id}' \
  --header 'Authorization: Basic username:password' \
  --header 'api-version: text'

204

400

No body

Tag was removed

Update password for default user

put

/authentication/password

Authorizations

Header parameters

api-versionstringrequired

Body

newPasswordstring · min: 5 · max: 20000required

Responses

application/json

cURL

JavaScript

Python

HTTP

curl -L \
  --request PUT \
  --url '/authentication/password' \
  --header 'Authorization: Basic username:password' \
  --header 'api-version: text' \
  --header 'Content-Type: application/json-patch+json' \
  --data '{
    "newPassword": "text"
  }'

204

400

500

No body

Password was successfully updated

Update file system events configuration

Deprecated

put

/settings/events

Authorizations

Header parameters

api-versionstringrequired

Body

queryingDelaystring · date-spanrequired

savingDelaystring · date-spanrequired

Responses

application/json

cURL

JavaScript

Python

HTTP

curl -L \
  --request PUT \
  --url '/settings/events' \
  --header 'Authorization: Basic username:password' \
  --header 'api-version: text' \
  --header 'Content-Type: application/json-patch+json' \
  --data '{
    "queryingDelay": "text",
    "savingDelay": "text"
  }'

200

400

{
  "queryingDelay": "text",
  "savingDelay": "text",
  "incidentDetection": {
    "enabled": true,
    "yaraAnalysisEnabled": true,
    "inactivityPeriod": "text"
  }
}

Updated file system events configuration

Get current file system events configuration

get

/settings/events

Authorizations

Header parameters

api-versionstringrequired

Responses

application/json

cURL

JavaScript

Python

HTTP

curl -L \
  --url '/settings/events' \
  --header 'Authorization: Basic username:password' \
  --header 'api-version: text'

200

{
  "queryingDelay": "text",
  "savingDelay": "text",
  "incidentDetection": {
    "enabled": true,
    "yaraAnalysisEnabled": true,
    "inactivityPeriod": "text"
  }
}

Current file system events configuration

Get all excluded paths

get

/settings/excluded-paths

Authorizations

Header parameters

api-versionstringrequired

Responses

cURL

JavaScript

Python

HTTP

curl -L \
  --url '/settings/excluded-paths' \
  --header 'Authorization: Basic username:password' \
  --header 'api-version: text'

200

404

text/plain

application/json

text/json

{
  "paths": [
    {
      "id": "123e4567-e89b-12d3-a456-426614174000",
      "path": "text",
      "user": "text"
    }
  ]
}

Current listing of excluded paths

Create new excluded path

post

/settings/excluded-paths

Authorizations

Header parameters

api-versionstringrequired

Body

pathstring · min: 1required

Path to exclude

userstring | nullable

Username for which the path should be excluded from monitoring

Responses

cURL

JavaScript

Python

HTTP

curl -L \
  --request POST \
  --url '/settings/excluded-paths' \
  --header 'Authorization: Basic username:password' \
  --header 'api-version: text' \
  --header 'Content-Type: application/json-patch+json' \
  --data '{
    "path": "text",
    "user": "text"
  }'

201

400

404

409

text/plain

application/json

text/json

{
  "id": "123e4567-e89b-12d3-a456-426614174000",
  "path": "text",
  "user": "text"
}

An excluded path entry was created

Remove excluded path

delete

/settings/excluded-paths/{id}

Authorizations

Path parameters

idstring · uuidrequired

Excluded path identifier

Header parameters

api-versionstringrequired

Responses

cURL

JavaScript

Python

HTTP

curl -L \
  --request DELETE \
  --url '/settings/excluded-paths/{id}' \
  --header 'Authorization: Basic username:password' \
  --header 'api-version: text'

204

404

No body

Excluded path was removed

Get single excluded path

get

/settings/excluded-paths/{id}

Authorizations

Path parameters

idstring · uuidrequired

Excluded path identifier

Header parameters

api-versionstringrequired

Responses

cURL

JavaScript

Python

HTTP

curl -L \
  --url '/settings/excluded-paths/{id}' \
  --header 'Authorization: Basic username:password' \
  --header 'api-version: text'

200

404

text/plain

application/json

text/json

{
  "id": "123e4567-e89b-12d3-a456-426614174000",
  "path": "text",
  "user": "text"
}

A single excluded path

get

/settings/reports/file-event-report

Authorizations

Header parameters

api-versionstringrequired

Responses

cURL

JavaScript

Python

HTTP

curl -L \
  --url '/settings/reports/file-event-report' \
  --header 'Authorization: Basic username:password' \
  --header 'api-version: text'

200

text/plain

application/json

text/json

{
  "enabled": true,
  "scheduledHours": [
    "07:02:47"
  ]
}

put

/settings/reports/file-event-report

Authorizations

Header parameters

api-versionstringrequired

Body

enabledbooleanrequired

Responses

cURL

JavaScript

Python

HTTP

curl -L \
  --request PUT \
  --url '/settings/reports/file-event-report' \
  --header 'Authorization: Basic username:password' \
  --header 'api-version: text' \
  --header 'Content-Type: application/json-patch+json' \
  --data '{
    "enabled": true
  }'

200

400

text/plain

application/json

text/json

{
  "enabled": true,
  "scheduledHours": [
    "07:02:47"
  ]
}

post

/settings/reports/file-event-report/hours

Authorizations

Header parameters

api-versionstringrequired

Body

hourstring · timerequired

Responses

cURL

JavaScript

Python

HTTP

curl -L \
  --request POST \
  --url '/settings/reports/file-event-report/hours' \
  --header 'Authorization: Basic username:password' \
  --header 'api-version: text' \
  --header 'Content-Type: application/json-patch+json' \
  --data '{
    "hour": "07:02:47"
  }'

200

400

409

text/plain

application/json

text/json

{
  "enabled": true,
  "scheduledHours": [
    "07:02:47"
  ]
}

delete

/settings/reports/file-event-report/hours

Authorizations

Query parameters

hourstring · time

Header parameters

api-versionstringrequired

Responses

cURL

JavaScript

Python

HTTP

curl -L \
  --request DELETE \
  --url '/settings/reports/file-event-report/hours' \
  --header 'Authorization: Basic username:password' \
  --header 'api-version: text'

200

400

422

text/plain

application/json

text/json

{
  "enabled": true,
  "scheduledHours": [
    "07:02:47"
  ]
}

get

/settings/reports/file-event-report/excluded-paths

Authorizations

Header parameters

api-versionstringrequired

Responses

cURL

JavaScript

Python

HTTP

curl -L \
  --url '/settings/reports/file-event-report/excluded-paths' \
  --header 'Authorization: Basic username:password' \
  --header 'api-version: text'

200

text/plain

application/json

text/json

[
  {
    "id": "123e4567-e89b-12d3-a456-426614174000",
    "path": "text",
    "user": "text"
  }
]

post

/settings/reports/file-event-report/excluded-paths

Authorizations

Header parameters

api-versionstringrequired

Body

pathstring · min: 1required

Path to exclude

userstring | nullable

Username for which the path should be excluded from monitoring

Responses

cURL

JavaScript

Python

HTTP

curl -L \
  --request POST \
  --url '/settings/reports/file-event-report/excluded-paths' \
  --header 'Authorization: Basic username:password' \
  --header 'api-version: text' \
  --header 'Content-Type: application/json-patch+json' \
  --data '{
    "path": "text",
    "user": "text"
  }'

201

400

409

text/plain

application/json

text/json

{
  "id": "123e4567-e89b-12d3-a456-426614174000",
  "path": "text",
  "user": "text"
}

Created

delete

/settings/reports/file-event-report/excluded-paths/{id}

Authorizations

Path parameters

idstring · uuidrequired

Header parameters

api-versionstringrequired

Responses

cURL

JavaScript

Python

HTTP

curl -L \
  --request DELETE \
  --url '/settings/reports/file-event-report/excluded-paths/{id}' \
  --header 'Authorization: Basic username:password' \
  --header 'api-version: text'

204

400

No body

No Content

get

/settings/reports/file-event-report/included-paths

Authorizations

Header parameters

api-versionstringrequired

Responses

cURL

JavaScript

Python

HTTP

curl -L \
  --url '/settings/reports/file-event-report/included-paths' \
  --header 'Authorization: Basic username:password' \
  --header 'api-version: text'

200

text/plain

application/json

text/json

[
  {
    "id": "123e4567-e89b-12d3-a456-426614174000",
    "path": "text",
    "user": "text"
  }
]

post

/settings/reports/file-event-report/included-paths

Authorizations

Header parameters

api-versionstringrequired

Body

pathstring · min: 1required

Path to include

userstring | nullable

Username for which the path should be included in file event reports

Responses

cURL

JavaScript

Python

HTTP

curl -L \
  --request POST \
  --url '/settings/reports/file-event-report/included-paths' \
  --header 'Authorization: Basic username:password' \
  --header 'api-version: text' \
  --header 'Content-Type: application/json-patch+json' \
  --data '{
    "path": "text",
    "user": "text"
  }'

201

400

409

text/plain

application/json

text/json

{
  "id": "123e4567-e89b-12d3-a456-426614174000",
  "path": "text",
  "user": "text"
}

Created

delete

/settings/reports/file-event-report/included-paths/{id}

Authorizations

Path parameters

idstring · uuidrequired

Header parameters

api-versionstringrequired

Responses

cURL

JavaScript

Python

HTTP

curl -L \
  --request DELETE \
  --url '/settings/reports/file-event-report/included-paths/{id}' \
  --header 'Authorization: Basic username:password' \
  --header 'api-version: text'

204

400

No body

No Content

Returns current file integrity configuration

get

/settings/file-integrity

Authorizations

Header parameters

api-versionstringrequired

Responses

cURL

JavaScript

Python

HTTP

curl -L \
  --url '/settings/file-integrity' \
  --header 'Authorization: Basic username:password' \
  --header 'api-version: text'

200

text/plain

application/json

text/json

{
  "enabled": true,
  "paths": [
    {
      "id": "123e4567-e89b-12d3-a456-426614174000",
      "prefix": "text",
      "checkFileContents": true
    }
  ]
}

File integrity configuration

Adds new monitored path to file integrity configuration

post

/settings/file-integrity

Authorizations

Header parameters

api-versionstringrequired

Body

prefixstring · min: 1required

Path prefix to monitor

checkFileContentsbooleanrequired

Indicates if the file contents are checked to reduce number of false positives

Responses

cURL

JavaScript

Python

HTTP

curl -L \
  --request POST \
  --url '/settings/file-integrity' \
  --header 'Authorization: Basic username:password' \
  --header 'api-version: text' \
  --header 'Content-Type: application/json-patch+json' \
  --data '{
    "prefix": "text",
    "checkFileContents": true
  }'

200

201

400

409

text/plain

application/json

text/json

{
  "enabled": true,
  "paths": [
    {
      "id": "123e4567-e89b-12d3-a456-426614174000",
      "prefix": "text",
      "checkFileContents": true
    }
  ]
}

Updates file integrity strategy configuration

put

/settings/file-integrity

Authorizations

Header parameters

api-versionstringrequired

Body

enabledbooleanrequired

Indicates if the file integrity strategy is enabled

Responses

cURL

JavaScript

Python

HTTP

curl -L \
  --request PUT \
  --url '/settings/file-integrity' \
  --header 'Authorization: Basic username:password' \
  --header 'api-version: text' \
  --header 'Content-Type: application/json-patch+json' \
  --data '{
    "enabled": true
  }'

200

400

text/plain

application/json

text/json

{
  "enabled": true,
  "paths": [
    {
      "id": "123e4567-e89b-12d3-a456-426614174000",
      "prefix": "text",
      "checkFileContents": true
    }
  ]
}

Removes path with specified ID from file integrity configuration

delete

/settings/file-integrity

Authorizations

Query parameters

idstring · uuid

ID of the path to be removed

Header parameters

api-versionstringrequired

Responses

cURL

JavaScript

Python

HTTP

curl -L \
  --request DELETE \
  --url '/settings/file-integrity' \
  --header 'Authorization: Basic username:password' \
  --header 'api-version: text'

200

204

400

text/plain

application/json

text/json

{
  "enabled": true,
  "paths": [
    {
      "id": "123e4567-e89b-12d3-a456-426614174000",
      "prefix": "text",
      "checkFileContents": true
    }
  ]
}

Path was successfully removed

Updates one of monitored paths

put

/settings/file-integrity/{id}

Authorizations

Path parameters

idstring · uuidrequired

ID of path to update

Header parameters

api-versionstringrequired

Body

checkFileContentsbooleanrequired

Indicates if the file contents are checked to reduce number of false positives

Responses

cURL

JavaScript

Python

HTTP

curl -L \
  --request PUT \
  --url '/settings/file-integrity/{id}' \
  --header 'Authorization: Basic username:password' \
  --header 'api-version: text' \
  --header 'Content-Type: application/json-patch+json' \
  --data '{
    "checkFileContents": true
  }'

200

404

text/plain

application/json

text/json

{
  "enabled": true,
  "paths": [
    {
      "id": "123e4567-e89b-12d3-a456-426614174000",
      "prefix": "text",
      "checkFileContents": true
    }
  ]
}

List all file system event types

get

/events/types

Authorizations

Header parameters

api-versionstringrequired

Responses

application/json

cURL

JavaScript

Python

HTTP

curl -L \
  --url '/events/types' \
  --header 'Authorization: Basic username:password' \
  --header 'api-version: text'

200

[
  {
    "id": 1,
    "name": "text"
  }
]

A collection of all file system event types

List file system events

get

/events

Authorizations

Query parameters

Startstring · date-time

Endstring · date-time

Limitinteger · int32 · min: 1 · max: 5000

Cursorstring

incidentstring · uuid

Header parameters

api-versionstringrequired

Responses

application/json

cURL

JavaScript

Python

HTTP

curl -L \
  --url '/events' \
  --header 'Authorization: Basic username:password' \
  --header 'api-version: text'

200

400

{
  "nextRequestCursor": "text",
  "numberOfItems": 1,
  "events": [
    {
      "filename": "text",
      "oldFilename": "text",
      "occurrenceTimeStamp": "2025-02-28T07:02:47.194Z",
      "insertionTimeStamp": "2025-02-28T07:02:47.194Z",
      "type": {
        "id": 1,
        "name": "text"
      },
      "username": "text",
      "pid": 1,
      "networkUsername": "text"
    }
  ]
}

A collection of file system events

Update honeypot configuration

put

/settings/honeypot

Authorizations

Header parameters

api-versionstringrequired

Body

sourcePathstring | nullable

Source path honeypot files

placementPathsstring[]required

Responses

cURL

JavaScript

Python

HTTP

curl -L \
  --request PUT \
  --url '/settings/honeypot' \
  --header 'Authorization: Basic username:password' \
  --header 'api-version: text' \
  --header 'Content-Type: application/json-patch+json' \
  --data '{
    "sourcePath": "text",
    "placementPaths": [
      "text"
    ]
  }'

200

400

text/plain

application/json

text/json

{
  "sourcePath": "text",
  "placementPaths": [
    "text"
  ]
}

Updated honeypot configuration

Get current honeypot configuration

get

/settings/honeypot

Authorizations

Header parameters

api-versionstringrequired

Responses

cURL

JavaScript

Python

HTTP

curl -L \
  --url '/settings/honeypot' \
  --header 'Authorization: Basic username:password' \
  --header 'api-version: text'

200

text/plain

application/json

text/json

{
  "sourcePath": "text",
  "placementPaths": [
    "text"
  ]
}

Current honeypot configuration

Add placement path to honeypot configuration

post

/settings/honeypot

Authorizations

Header parameters

api-versionstringrequired

Body

placementPathstring · min: 1required

A set of placement paths

Responses

cURL

JavaScript

Python

HTTP

curl -L \
  --request POST \
  --url '/settings/honeypot' \
  --header 'Authorization: Basic username:password' \
  --header 'api-version: text' \
  --header 'Content-Type: application/json-patch+json' \
  --data '{
    "placementPath": "text"
  }'

200

400

text/plain

application/json

text/json

{
  "sourcePath": "text",
  "placementPaths": [
    "text"
  ]
}

An updated honeypot configuration with the new placement path

Remove placement path from honeypot configuration

delete

/settings/honeypot

Authorizations

Query parameters

pathstring

Placement path

Header parameters

api-versionstringrequired

Responses

cURL

JavaScript

Python

HTTP

curl -L \
  --request DELETE \
  --url '/settings/honeypot' \
  --header 'Authorization: Basic username:password' \
  --header 'api-version: text'

200

400

text/plain

application/json

text/json

{
  "sourcePath": "text",
  "placementPaths": [
    "text"
  ]
}

An updated honeypot configuration without the selected placement path

List all affected files linked to an incident with provided identifier

get

/security-incidents/{incidentId}/files

Authorizations

Path parameters

incidentIdstring · uuidrequired

Incident identifier

Query parameters

Limitinteger · int32 · min: 1 · max: 2000

Maximum number of entries to be returned

Cursorstring

Cursor to filter out already returned entries

Header parameters

api-versionstringrequired

Responses

application/json

cURL

JavaScript

Python

HTTP

curl -L \
  --url '/security-incidents/{incidentId}/files' \
  --header 'Authorization: Basic username:password' \
  --header 'api-version: text'

200

400

404

[
  {
    "originalPath": "text",
    "mostRecentPath": "text",
    "firstModificationTime": "2025-02-28T07:02:47.194Z",
    "modification": {
      "id": 1,
      "name": "text"
    }
  }
]

A list of affected files connected to an incident with a given identifier

Get suspicious events connected to an incident with provided identifier

get

/security-incidents/{id}/events

Authorizations

Path parameters

idstring · uuidrequired

Incident identifier

Query parameters

Startstring · date-time

Endstring · date-time

Limitinteger · int32 · min: 1 · max: 5000

Cursorstring

Header parameters

api-versionstringrequired

Responses

application/json

cURL

JavaScript

Python

HTTP

curl -L \
  --url '/security-incidents/{id}/events' \
  --header 'Authorization: Basic username:password' \
  --header 'api-version: text'

200

400

404

{
  "nextRequestCursor": "text",
  "numberOfItems": 1,
  "events": [
    {
      "filename": "text",
      "oldFilename": "text",
      "occurrenceTimeStamp": "2025-02-28T07:02:47.194Z",
      "insertionTimeStamp": "2025-02-28T07:02:47.194Z",
      "type": {
        "id": 1,
        "name": "text"
      },
      "username": "text",
      "pid": 1,
      "networkUsername": "text"
    }
  ]
}

A collection of events connected to an incident with a given identifier

List all security incidents

get

/security-incidents

Authorizations

Query parameters

userstring

User name. Only includes the incidents which were created for a specific user

Header parameters

api-versionstringrequired

Responses

application/json

cURL

JavaScript

Python

HTTP

curl -L \
  --url '/security-incidents' \
  --header 'Authorization: Basic username:password' \
  --header 'api-version: text'

200

[
  {
    "id": "123e4567-e89b-12d3-a456-426614174000",
    "user": "text",
    "start": "2025-02-28T07:02:47.194Z",
    "end": "2025-02-28T07:02:47.194Z"
  }
]

A list of all detected security incidents

Get all possible values of affected file modification types

get

/security-incidents/modification-types

Authorizations

Header parameters

api-versionstringrequired

Responses

application/json

cURL

JavaScript

Python

HTTP

curl -L \
  --url '/security-incidents/modification-types' \
  --header 'Authorization: Basic username:password' \
  --header 'api-version: text'

200

[
  {
    "id": 1,
    "name": "text"
  }
]

A list of all possible values of affected file modification types

Registers the agent's node with a management server

post

/registrations

Authorizations

Header parameters

api-versionstringrequired

Body

instance_idstring · uuidrequired

Agent instance identifier

server_addressstring · min: 1required

The Guard Mode management server address/host

key_idstring · uuidrequired

API key identifier

api_key_secretstring · min: 1required

API key secret

Responses

cURL

JavaScript

Python

HTTP

curl -L \
  --request POST \
  --url '/registrations' \
  --header 'Authorization: Basic username:password' \
  --header 'api-version: text' \
  --header 'Content-Type: application/json-patch+json' \
  --data '{
    "instance_id": "123e4567-e89b-12d3-a456-426614174000",
    "server_address": "text",
    "key_id": "123e4567-e89b-12d3-a456-426614174000",
    "api_key_secret": "text"
  }'

200

400

409

text/plain

application/json

text/json

{
  "fqdn": "text",
  "operatingSystem": "text"
}

Registration response with an extra data about the node

Removes the current registration from a management server

delete

/registrations

Authorizations

Header parameters

api-versionstringrequired

Responses

cURL

JavaScript

Python

HTTP

curl -L \
  --request DELETE \
  --url '/registrations' \
  --header 'Authorization: Basic username:password' \
  --header 'api-version: text'

204

No body

Registration is removed

Returns block list information

get

/settings/block-list

Authorizations

Header parameters

api-versionstringrequired

Responses

cURL

JavaScript

Python

HTTP

curl -L \
  --url '/settings/block-list' \
  --header 'Authorization: Basic username:password' \
  --header 'api-version: text'

200

text/plain

application/json

text/json

{
  "lastUpdated": "2025-02-28T07:02:47.194Z",
  "fileGroupCount": 1
}

Current block list data

Update block list patterns

put

/settings/block-list

Authorizations

Header parameters

api-versionstringrequired

Body

lastUpdatedstring · date-timerequired

The timestamp which will be set as the 'last update time' for the block list

filtersstring[]required

Example: ["*.exe"]

Responses

cURL

JavaScript

Python

HTTP

curl -L \
  --request PUT \
  --url '/settings/block-list' \
  --header 'Authorization: Basic username:password' \
  --header 'api-version: text' \
  --header 'Content-Type: application/json-patch+json' \
  --data '{
    "lastUpdated": "2025-02-28T07:02:47.194Z",
    "filters": [
      "*.exe"
    ]
  }'

204

304

400

No body

Block list patterns were updated

Returns skip list information

get

/settings/block-list/skip

Authorizations

Header parameters

api-versionstringrequired

Responses

cURL

JavaScript

Python

HTTP

curl -L \
  --url '/settings/block-list/skip' \
  --header 'Authorization: Basic username:password' \
  --header 'api-version: text'

200

text/plain

application/json

text/json

{
  "filters": [
    {
      "id": "123e4567-e89b-12d3-a456-426614174000",
      "createdDate": "2025-02-28T07:02:47.194Z",
      "pattern": "text"
    }
  ]
}

Current skip list

Update skip list patterns

put

/settings/block-list/skip

Authorizations

Header parameters

api-versionstringrequired

Body

filtersstring[]required

Example: ["*.exe"]

Responses

cURL

JavaScript

Python

HTTP

curl -L \
  --request PUT \
  --url '/settings/block-list/skip' \
  --header 'Authorization: Basic username:password' \
  --header 'api-version: text' \
  --header 'Content-Type: application/json-patch+json' \
  --data '{
    "filters": [
      "*.exe"
    ]
  }'

204

400

No body

Skip list patterns updated

Add a pattern to skip list

post

/settings/block-list/skip

Authorizations

Header parameters

api-versionstringrequired

Body

patternstring · min: 1required

File path pattern

Responses

cURL

JavaScript

Python

HTTP

curl -L \
  --request POST \
  --url '/settings/block-list/skip' \
  --header 'Authorization: Basic username:password' \
  --header 'api-version: text' \
  --header 'Content-Type: application/json-patch+json' \
  --data '{
    "pattern": "text"
  }'

204

400

409

No body

Skip pattern added

Remove a pattern from skip list

delete

/settings/block-list/skip/{id}

Authorizations

Path parameters

idstring · uuidrequired

Skip list pattern identifier

Header parameters

api-versionstringrequired

Responses

cURL

JavaScript

Python

HTTP

curl -L \
  --request DELETE \
  --url '/settings/block-list/skip/{id}' \
  --header 'Authorization: Basic username:password' \
  --header 'api-version: text'

204

400

No body

Skip pattern was removed

Get all scans

get

/scans

Authorizations

Query parameters

Limitinteger · int32 · min: 1 · max: 2000

Maximum number of entries to be returned

Cursorstring

Cursor to filter out already returned entries

Header parameters

api-versionstringrequired

Responses

cURL

JavaScript

Python

HTTP

curl -L \
  --url '/scans' \
  --header 'Authorization: Basic username:password' \
  --header 'api-version: text'

200

400

text/plain

application/json

text/json

[
  {
    "id": "123e4567-e89b-12d3-a456-426614174000",
    "startedAt": "2025-02-28T07:02:47.194Z",
    "endedAt": "2025-02-28T07:02:47.194Z",
    "lastScannedPath": "text",
    "scannedFilesCount": 1,
    "suspiciousFilesCount": 1,
    "state": {
      "id": 1,
      "name": "text"
    },
    "pathsToScan": [
      {
        "value": "text",
        "errorMessage": "text"
      }
    ]
  }
]

Returns a list of all scans, both ended and ongoing

Start new scan

post

/scans

Authorizations

Header parameters

api-versionstringrequired

Body

checkBlockListPatternsbooleanrequired

Indicates if file names found during scan should be analyzed to find files with names often used by ransomware

checkYaraRulesboolean

Indicates if files should be scanned using YARA rules

sendAlertsboolean

If true, Agent will raise alert on suspicious file found

pathsstring[]required

rootMountPointsstring[] | nullable

Responses

cURL

JavaScript

Python

HTTP

curl -L \
  --request POST \
  --url '/scans' \
  --header 'Authorization: Basic username:password' \
  --header 'api-version: text' \
  --header 'Content-Type: application/json-patch+json' \
  --data '{
    "checkBlockListPatterns": true,
    "checkYaraRules": true,
    "sendAlerts": true,
    "paths": [
      "text"
    ],
    "rootMountPoints": [
      "text"
    ]
  }'

200

202

400

No body

Returns a newly created scan

Get a scan with a given ID

get

/scans/{id}

Authorizations

Path parameters

idstring · uuidrequired

Header parameters

api-versionstringrequired

Responses

cURL

JavaScript

Python

HTTP

curl -L \
  --url '/scans/{id}' \
  --header 'Authorization: Basic username:password' \
  --header 'api-version: text'

200

404

text/plain

application/json

text/json

{
  "id": "123e4567-e89b-12d3-a456-426614174000",
  "startedAt": "2025-02-28T07:02:47.194Z",
  "endedAt": "2025-02-28T07:02:47.194Z",
  "lastScannedPath": "text",
  "scannedFilesCount": 1,
  "suspiciousFilesCount": 1,
  "state": {
    "id": 1,
    "name": "text"
  },
  "pathsToScan": [
    {
      "value": "text",
      "errorMessage": "text"
    }
  ]
}

Returns a scan with provided ID

Get suspicious files' details from a scan with a given ID

get

/scans/{id}/suspicious-files

Authorizations

Path parameters

idstring · uuidrequired

Query parameters

Limitinteger · int32 · min: 1 · max: 1000

Maximum number of entries to be returned

Cursorstring

Cursor to filter out already returned entries

Header parameters

api-versionstringrequired

Responses

cURL

JavaScript

Python

HTTP

curl -L \
  --url '/scans/{id}/suspicious-files' \
  --header 'Authorization: Basic username:password' \
  --header 'api-version: text'

200

400

404

text/plain

application/json

text/json

{
  "id": "123e4567-e89b-12d3-a456-426614174000",
  "startedAt": "2025-02-28T07:02:47.194Z",
  "endedAt": "2025-02-28T07:02:47.194Z",
  "lastScannedPath": "text",
  "scannedFilesCount": 1,
  "suspiciousFilesCount": 1,
  "state": {
    "id": 1,
    "name": "text"
  },
  "pathsToScan": [
    {
      "value": "text",
      "errorMessage": "text"
    }
  ]
}

Returns a list of suspicious files found by this scan

Attempts to stop a scan with given ID

post

/scans/{id}/stop

Authorizations

Path parameters

idstring · uuidrequired

Header parameters

api-versionstringrequired

Responses

cURL

JavaScript

Python

HTTP

curl -L \
  --request POST \
  --url '/scans/{id}/stop' \
  --header 'Authorization: Basic username:password' \
  --header 'api-version: text'

200

204

404

422

No body

Scan was successfully stopped

Returns current SMB monitoring configuration

get

/settings/smb

Authorizations

Header parameters

api-versionstringrequired

Responses

application/json

cURL

JavaScript

Python

HTTP

curl -L \
  --url '/settings/smb' \
  --header 'Authorization: Basic username:password' \
  --header 'api-version: text'

200

{
  "enabled": true,
  "message": {
    "separator": "text",
    "template": "text"
  },
  "listener": {
    "port": 1,
    "endMarker": "text"
  }
}

Current SMB monitoring configuration

Updates SMB monitoring configuration

put

/settings/smb

Authorizations

Header parameters

api-versionstringrequired

Body

enabledbooleanrequired

messageobjectrequired

listenerobjectrequired

Responses

application/json

cURL

JavaScript

Python

HTTP

curl -L \
  --request PUT \
  --url '/settings/smb' \
  --header 'Authorization: Basic username:password' \
  --header 'api-version: text' \
  --header 'Content-Type: application/json-patch+json' \
  --data '{
    "enabled": true,
    "message": {
      "template": "text"
    },
    "listener": {
      "port": 1,
      "endMarker": "text"
    }
  }'

200

400

{
  "enabled": true,
  "message": {
    "separator": "text",
    "template": "text"
  },
  "listener": {
    "port": 1,
    "endMarker": "text"
  }
}

Updated SMB monitoring configuration

Update threshold configuration.

put

/settings/threshold

Authorizations

Header parameters

api-versionstringrequired

Body

entropyCheckobjectrequired

magicNumberCheckobject

Indicates if magic number check is enabled and how many files per user are checked

yaraCheckobject

numberOfBucketsinteger · int32 · max: 1000required

Number of threshold buckets

pointsLimitinteger · int32 · max: 1000required

Limit of data points to analyze

writesPerSecondobjectrequired

Indicates the threshold levels of a given setting

riskWeightsobjectrequired

Indicates the threshold levels of a given setting

Responses

cURL

JavaScript

Python

HTTP

curl -L \
  --request PUT \
  --url '/settings/threshold' \
  --header 'Authorization: Basic username:password' \
  --header 'api-version: text' \
  --header 'Content-Type: application/json-patch+json' \
  --data '{
    "entropyCheck": {
      "enabled": true,
      "maxCheckAttempts": 1
    },
    "magicNumberCheck": {
      "enabled": true,
      "filesChecked": 1
    },
    "yaraCheck": {
      "enabled": true
    },
    "numberOfBuckets": 1,
    "pointsLimit": 1,
    "writesPerSecond": {
      "high": 1,
      "medium": 1,
      "low": 1
    },
    "riskWeights": {
      "high": 1,
      "medium": 1,
      "low": 1
    }
  }'

200

400

text/plain

application/json

text/json

{
  "entropyCheck": {
    "enabled": true,
    "maxCheckAttempts": 1
  },
  "magicNumberCheck": {
    "enabled": true,
    "filesChecked": 1
  },
  "yaraCheck": {
    "isEnabled": true
  },
  "numberOfBuckets": 1,
  "pointsLimit": 1,
  "writesPerSecond": {
    "high": 1,
    "medium": 1,
    "low": 1
  },
  "riskWeights": {
    "high": 1,
    "medium": 1,
    "low": 1
  }
}

Updated threshold configuration

Get current threshold configuration.

get

/settings/threshold

Authorizations

Header parameters

api-versionstringrequired

Responses

cURL

JavaScript

Python

HTTP

curl -L \
  --url '/settings/threshold' \
  --header 'Authorization: Basic username:password' \
  --header 'api-version: text'

200

text/plain

application/json

text/json

{
  "entropyCheck": {
    "enabled": true,
    "maxCheckAttempts": 1
  },
  "magicNumberCheck": {
    "enabled": true,
    "filesChecked": 1
  },
  "yaraCheck": {
    "isEnabled": true
  },
  "numberOfBuckets": 1,
  "pointsLimit": 1,
  "writesPerSecond": {
    "high": 1,
    "medium": 1,
    "low": 1
  },
  "riskWeights": {
    "high": 1,
    "medium": 1,
    "low": 1
  }
}

Current threshold configuration

Update YARA analysis configuration

put

/settings/yara

Authorizations

Header parameters

api-versionstringrequired

Body

scansobjectrequired

thresholdobjectrequired

fileIntegrityobjectrequired

incidentsobjectrequired

Responses

cURL

JavaScript

Python

HTTP

curl -L \
  --request PUT \
  --url '/settings/yara' \
  --header 'Authorization: Basic username:password' \
  --header 'api-version: text' \
  --header 'Content-Type: application/json-patch+json' \
  --data '{
    "scans": {
      "rulesPath": "text",
      "maxFileSizeInBytes": 1
    },
    "threshold": {
      "rulesPath": "text",
      "maxFileSizeInBytes": 1
    },
    "fileIntegrity": {
      "rulesPath": "text",
      "maxFileSizeInBytes": 1
    },
    "incidents": {
      "rulesPath": "text",
      "maxFileSizeInBytes": 1
    }
  }'

200

400

text/plain

application/json

text/json

{
  "scans": {
    "rulesPath": "text",
    "maxFileSizeInBytes": 1
  },
  "threshold": {
    "rulesPath": "text",
    "maxFileSizeInBytes": 1
  },
  "fileIntegrity": {
    "rulesPath": "text",
    "maxFileSizeInBytes": 1
  },
  "incidents": {
    "rulesPath": "text",
    "maxFileSizeInBytes": 1
  }
}

Updated configuration

Get current YARA analysis configuration

get

/settings/yara

Authorizations

Header parameters

api-versionstringrequired

Responses

cURL

JavaScript

Python

HTTP

curl -L \
  --url '/settings/yara' \
  --header 'Authorization: Basic username:password' \
  --header 'api-version: text'

200

text/plain

application/json

text/json

{
  "scans": {
    "rulesPath": "text",
    "maxFileSizeInBytes": 1
  },
  "threshold": {
    "rulesPath": "text",
    "maxFileSizeInBytes": 1
  },
  "fileIntegrity": {
    "rulesPath": "text",
    "maxFileSizeInBytes": 1
  },
  "incidents": {
    "rulesPath": "text",
    "maxFileSizeInBytes": 1
  }
}

Current configuration

Returns information about all timezones defined in the system that agent is operating on

get

/settings/available-timezones

Authorizations

Header parameters

api-versionstringrequired

Responses

cURL

JavaScript

Python

HTTP

curl -L \
  --url '/settings/available-timezones' \
  --header 'Authorization: Basic username:password' \
  --header 'api-version: text'

200

204

text/plain

application/json

text/json

[
  {
    "id": "text",
    "offset": "text"
  }
]

Updates timezone configuration

put

/settings/timezone

Authorizations

Header parameters

api-versionstringrequired

Body

timeZonestring · min: 1required

ID of a timezone that will be set

Responses

cURL

JavaScript

Python

HTTP

curl -L \
  --request PUT \
  --url '/settings/timezone' \
  --header 'Authorization: Basic username:password' \
  --header 'api-version: text' \
  --header 'Content-Type: application/json-patch+json' \
  --data '{
    "timeZone": "text"
  }'

204

400

No body

Configuration was successfully updated

Returns current timezone configuration

get

/settings/timezone

Authorizations

Header parameters

api-versionstringrequired

Responses

cURL

JavaScript

Python

HTTP

curl -L \
  --url '/settings/timezone' \
  --header 'Authorization: Basic username:password' \
  --header 'api-version: text'

200

text/plain

application/json

text/json

{
  "timeZone": {
    "id": "text",
    "offset": "text"
  }
}

Current timezone configuration

Returns all agent tags

Adds a new agent tag

Removes an agent tag

Update password for default user

Update file system events configuration

Get current file system events configuration

Get all excluded paths

Create new excluded path

Remove excluded path

Get single excluded path

Returns current file integrity configuration

Adds new monitored path to file integrity configuration

Updates file integrity strategy configuration

Removes path with specified ID from file integrity configuration

Updates one of monitored paths

List all file system event types

List file system events

Update honeypot configuration

Get current honeypot configuration

Add placement path to honeypot configuration

Remove placement path from honeypot configuration

List all affected files linked to an incident with provided identifier

Get suspicious events connected to an incident with provided identifier

List all security incidents

Get all possible values of affected file modification types

Registers the agent's node with a management server

Removes the current registration from a management server

Returns block list information

Update block list patterns

Returns skip list information

Update skip list patterns

Add a pattern to skip list

Remove a pattern from skip list

Get all scans

Start new scan

Get a scan with a given ID

Get suspicious files' details from a scan with a given ID

Attempts to stop a scan with given ID

Returns current SMB monitoring configuration

Updates SMB monitoring configuration

Update threshold configuration.

Get current threshold configuration.

Get Agent's healtcheck

Get OpenTelemetry metrics of the Agent as a Prometheus log

Update YARA analysis configuration

Get current YARA analysis configuration

Returns information about all timezones defined in the system that agent is operating on

Updates timezone configuration

Returns current timezone configuration