Configuring Event Reports

See also. Event Reports configuration uses GuardMode Agent’s REST API. For a full list of available commands, see REST API documentation.

Configuring Event Reports is available through the Agent’s REST API (accessible from http://localhost:5000/swagger).

Viewing Event Reports configuration

To view the current Event Reports configuration, send a GET request to /settings/reports/file-event-report:

get
Authorizations
Header parameters
api-versionstringRequired
Responses
200
Success
get
GET /settings/reports/file-event-report HTTP/1.1
Host: 
Authorization: Basic username:password
api-version: text
Accept: */*
200

Success

{
  "enabled": true,
  "scheduledHours": [
    "04:02:50"
  ]
}

By default, Event Reports use the following settings:

  • enabled: false

  • Time zone: UTC

  • Reporting time: 08:00 AM

Listing time zones

To get the list of available time zones, send a GET request to /settings/timezones:

Returns current timezone configuration

get
Authorizations
Header parameters
api-versionstringRequired
Responses
200
Current timezone configuration
get
GET /settings/timezone HTTP/1.1
Host: 
Authorization: Basic username:password
api-version: text
Accept: */*
200

Current timezone configuration

{
  "timeZone": {
    "id": "text",
    "offset": "text"
  }
}

Listed time zones include offset, which accounts for daylight saving time.

Modifying Event Reports configuration

You can enable Event Reports and set the time zone using a PUT request to /settings/reports/file-event-report:

put
Authorizations
Header parameters
api-versionstringRequired
Body
enabledbooleanRequired
Responses
200
Success
put
PUT /settings/reports/file-event-report HTTP/1.1
Host: 
Authorization: Basic username:password
api-version: text
Content-Type: application/json-patch+json
Accept: */*
Content-Length: 16

{
  "enabled": true
}
{
  "enabled": true,
  "scheduledHours": [
    "04:02:50"
  ]
}

Managing Included Paths for Event Reports

To view the current list of included paths for Event Reports, send a GET request to /settings/reports/file-event-report/included-paths:

get
Authorizations
Header parameters
api-versionstringRequired
Responses
200
Success
get
GET /settings/reports/file-event-report/included-paths HTTP/1.1
Host: 
Authorization: Basic username:password
api-version: text
Accept: */*
200

Success

[
  {
    "id": "123e4567-e89b-12d3-a456-426614174000",
    "path": "text",
    "user": "text"
  }
]

This endpoint returns a list of paths that are currently included in the Event Reports. Each path in this list is checked against the excluded paths to determine if it should be included in the report.

Adding Included Paths

To add a new path to the list of included paths, send a POST request to /settings/reports/file-event-report/included-paths:

post
Authorizations
Header parameters
api-versionstringRequired
Body
pathstring · min: 1Required

Path to include

userstring | nullableOptional

Username for which the path should be included in file event reports

Responses
201
Created
post
POST /settings/reports/file-event-report/included-paths HTTP/1.1
Host: 
Authorization: Basic username:password
api-version: text
Content-Type: application/json-patch+json
Accept: */*
Content-Length: 29

{
  "path": "text",
  "user": "text"
}
{
  "id": "123e4567-e89b-12d3-a456-426614174000",
  "path": "text",
  "user": "text"
}

Deleting Included Paths

To remove a path from the list of included paths, send a DELETE request to /settings/reports/file-event-report/included-paths/{id}:

delete
Authorizations
Path parameters
idstring · uuidRequired
Header parameters
api-versionstringRequired
Responses
204
No Content
delete
DELETE /settings/reports/file-event-report/included-paths/{id} HTTP/1.1
Host: 
Authorization: Basic username:password
api-version: text
Accept: */*

No content

Replace {id} with the identifier of the path you want to remove. You can obtain this identifier from the response of the GET request to view included paths.

Adding Event Reports reporting hours

To add new Event Reports reporting time, send a POST request to /settings/reports/file-event-report/hours with the time in HH:MM:SS format.

post
Authorizations
Header parameters
api-versionstringRequired
Body
hourstring · timeRequired
Responses
200
Success
post
POST /settings/reports/file-event-report/hours HTTP/1.1
Host: 
Authorization: Basic username:password
api-version: text
Content-Type: application/json-patch+json
Accept: */*
Content-Length: 19

{
  "hour": "04:02:50"
}
{
  "enabled": true,
  "scheduledHours": [
    "04:02:50"
  ]
}

Deleting Event Reports reporting hours

You can remove reporting hours using a DELETE request to /settings/reports/file-event-report/hours with the time you want to remove in HH:MM:SS format.

delete
Authorizations
Query parameters
hourstring · timeOptional
Header parameters
api-versionstringRequired
Responses
200
Success
delete
DELETE /settings/reports/file-event-report/hours HTTP/1.1
Host: 
Authorization: Basic username:password
api-version: text
Accept: */*
{
  "enabled": true,
  "scheduledHours": [
    "04:02:50"
  ]
}

Tip. Event Reports require at least one reporting hour to work. Trying to remove the only remaining reporting hour will result in an error.

Last updated