REST API Documentation
Last updated
Last updated
Registration is removed
Success
Success
A list of all possible values of affected file modification types
ID of returned value
Descriptive name of this value
A collection of all file system event types
ID of returned value
Descriptive name of this value
OK
A list of all currently added tags
Current block list data
A timestamp which indicates when the block list was last updated
Count of pattern/file groups
Current honeypot configuration
Honeypot files source path
File placement path collection
Excluded path identifier
Excluded path was removed
A list of all detected security incidents
Identifier of the incident
User for whom the incident was opened
Incident start time
Incident end time, or null
if it is still ongoing
No Content
No Content
Tag was removed
OK
Timezone ID that can be used set this timezone in configuration
Base UTC offset of this timezone (current offset might be different, depending on daylight saving time, etc.)
OK
Excluded path identifier
Path to exclude
Username for which the path should be excluded from monitoring
OK
Included path identifier
Path to include
Username for which the path should be included in file event reports
Current timezone configuration
Timezone information
Current file system events configuration
Controls the frequency of the execution of queries that access file system events, like all detection strategies
Indicates how often the events are saved to the database
Security incident detection configuration update response
Skip list pattern identifier
Skip pattern was removed
An updated honeypot configuration without the selected placement path
Honeypot files source path
File placement path collection
Current SMB monitoring configuration
Indicates whether the SMB listener is enabled or disabled
File integrity configuration
Indicates if the file integrity strategy is enabled
List of monitored paths
Current skip list
List of skip list filter patterns
Scan was successfully stopped
Incident identifier
A list of affected files connected to an incident with a given identifier
Path to affected file before the incident started
Last registered path to affected file
Time of the first suspicious modification of this affected file
Represents enumeration values, defined by ID and name
Current configuration
ID of a timezone that will be set
Configuration was successfully updated
Collection of path filters
Skip list patterns updated
Password was successfully updated
Excluded path identifier
A single excluded path
Excluded path identifier
Path to exclude
Username for which the path should be excluded from monitoring
Path was successfully removed
Indicates if the file integrity strategy is enabled
List of monitored paths
Incident identifier
A collection of events connected to an incident with a given identifier
Updated file system events configuration
Controls the frequency of the execution of queries that access file system events, like all detection strategies
Indicates how often the events are saved to the database
Security incident detection configuration update response
The timestamp which will be set as the 'last update time' for the block list
Collection of path filters
Block list patterns were updated
OK
OK
Current listing of excluded paths
A collection of excluded paths
A collection of file system events
A set of placement paths
An updated honeypot configuration with the new placement path
Honeypot files source path
File placement path collection
Updated SMB monitoring configuration
Indicates whether the SMB listener is enabled or disabled
File path pattern
Skip pattern added
Request received
Indicates if the file integrity strategy is enabled
OK
Indicates if the file integrity strategy is enabled
List of monitored paths
ID of path to update
Request received
Indicates if the file contents are checked to reduce number of false positives
OK
Indicates if the file integrity strategy is enabled
List of monitored paths
Paths that will be recursively scanned
Indicates if file names found during scan should be analyzed to find files with names often used by ransomware
Indicates if files should be scanned using YARA rules
If true, Agent will raise alert on suspicious file found
If present, causes exclusions to work as if filesystem root was at each of provided paths
Returns a newly created scan
Returns a scan with provided ID
Identifier of the scan
Scan start time
Scan end time if it has ended, or null
otherwise
Last file path scanned by this scan, or null
if no files were scanned yet
Number of files that were scanned
Number of suspicious files found
Represents enumeration values, defined by ID and name
Paths requested by the user to be scanned
A set of placement paths
Source path honeypot files
Updated honeypot configuration
Honeypot files source path
File placement path collection
Returns a list of all scans, both ended and ongoing
Identifier of the scan
Scan start time
Scan end time if it has ended, or null
otherwise
Last file path scanned by this scan, or null
if no files were scanned yet
Number of files that were scanned
Number of suspicious files found
Represents enumeration values, defined by ID and name
Paths requested by the user to be scanned
OK
Tag was successfully added
Path to exclude
Username for which the path should be excluded from monitoring
Created
Excluded path identifier
Path to exclude
Username for which the path should be excluded from monitoring
Path to include
Username for which the path should be included in file event reports
Created
Included path identifier
Path to include
Username for which the path should be included in file event reports
Updated configuration
Current threshold configuration
Indicates if magic number check is enabled and how many files per user are checked
Number of threshold buckets
Limit of data points to analyze
Indicates the threshold levels of a given setting
Indicates the threshold levels of a given setting
Request received
Path prefix to monitor
Indicates if the file contents are checked to reduce number of false positives
OK
Indicates if the file integrity strategy is enabled
List of monitored paths
Returns a list of suspicious files found by this scan
Identifier of the scan
Scan start time
Scan end time if it has ended, or null
otherwise
Last file path scanned by this scan, or null
if no files were scanned yet
Number of files that were scanned
Number of suspicious files found
Represents enumeration values, defined by ID and name
Paths requested by the user to be scanned
Path to exclude
Username for which the path should be excluded from monitoring
An excluded path entry was created
Excluded path identifier
Path to exclude
Username for which the path should be excluded from monitoring
Registration request
Agent instance identifier
The Guard Mode management server address/host
API key identifier
API key secret
Registration response with an extra data about the node
Fully qualified domain name of the registered agent
Agent's operating system
Indicates if magic number check is enabled and how many files per user are checked
Number of threshold buckets
Limit of data points to analyze
Indicates the threshold levels of a given setting
Indicates the threshold levels of a given setting
Updated threshold configuration
Indicates if magic number check is enabled and how many files per user are checked
Number of threshold buckets
Limit of data points to analyze
Indicates the threshold levels of a given setting
Indicates the threshold levels of a given setting