Configuring Event Reports

See also. Event Reports configuration uses GuardMode Agent’s REST API. For a full list of available commands, see REST API documentation.

Configuring Event Reports is available through the Agent’s REST API (accessible from http://localhost:5000/swagger).

Viewing Event Reports configuration

To view the current Event Reports configuration, send a GET request to /settings/reports/file-event-report:

get

Authorizations

AuthorizationstringRequired

Basic Authorization header

Header parameters

api-versionstringRequired

Responses

200

Success

get

/settings/reports/file-event-report

GET /settings/reports/file-event-report HTTP/1.1
Host: 
Authorization: Basic username:password
api-version: text
Accept: */*

200

Success

{
  "enabled": true,
  "scheduledHours": [
    "10:26:41"
  ]
}

By default, Event Reports use the following settings:

enabled: false
Time zone: UTC
Reporting time: 08:00 AM

Listing time zones

To get the list of available time zones, send a GET request to /settings/timezones:

Returns current timezone configuration

get

Authorizations

AuthorizationstringRequired

Basic Authorization header

Header parameters

api-versionstringRequired

Responses

200

Current timezone configuration

get

/settings/timezone

GET /settings/timezone HTTP/1.1
Host: 
Authorization: Basic username:password
api-version: text
Accept: */*

200

Current timezone configuration

{
  "timeZone": {
    "id": "text",
    "offset": "text"
  }
}

Listed time zones include offset, which accounts for daylight saving time.

Modifying Event Reports configuration

You can enable Event Reports and set the time zone using a PUT request to /settings/reports/file-event-report:

put

Authorizations

AuthorizationstringRequired

Basic Authorization header

Header parameters

api-versionstringRequired

Body

enabledbooleanRequired

Responses

200

Success

400

Bad Request

put

/settings/reports/file-event-report

PUT /settings/reports/file-event-report HTTP/1.1
Host: 
Authorization: Basic username:password
api-version: text
Content-Type: application/json-patch+json
Accept: */*
Content-Length: 16

{
  "enabled": true
}

{
  "enabled": true,
  "scheduledHours": [
    "10:26:41"
  ]
}

Managing Included Paths for Event Reports

To view the current list of included paths for Event Reports, send a GET request to /settings/reports/file-event-report/included-paths:

get

Authorizations

AuthorizationstringRequired

Basic Authorization header

Header parameters

api-versionstringRequired

Responses

200

Success

get

/settings/reports/file-event-report/included-paths

GET /settings/reports/file-event-report/included-paths HTTP/1.1
Host: 
Authorization: Basic username:password
api-version: text
Accept: */*

200

Success

[
  {
    "id": "123e4567-e89b-12d3-a456-426614174000",
    "path": "text",
    "user": "text"
  }
]

This endpoint returns a list of paths that are currently included in the Event Reports. Each path in this list is checked against the excluded paths to determine if it should be included in the report.

Adding Included Paths

To add a new path to the list of included paths, send a POST request to /settings/reports/file-event-report/included-paths:

post

Authorizations

AuthorizationstringRequired

Basic Authorization header

Header parameters

api-versionstringRequired

Body

pathstring · min: 1Required

Path to include

userstring | nullableOptional

Username for which the path should be included in file event reports

Responses

201

Created

400

Bad Request

409

Conflict

post

/settings/reports/file-event-report/included-paths

POST /settings/reports/file-event-report/included-paths HTTP/1.1
Host: 
Authorization: Basic username:password
api-version: text
Content-Type: application/json-patch+json
Accept: */*
Content-Length: 29

{
  "path": "text",
  "user": "text"
}

{
  "id": "123e4567-e89b-12d3-a456-426614174000",
  "path": "text",
  "user": "text"
}

Deleting Included Paths

To remove a path from the list of included paths, send a DELETE request to /settings/reports/file-event-report/included-paths/{id}:

delete

Authorizations

AuthorizationstringRequired

Basic Authorization header

Path parameters

idstring · uuidRequired

Header parameters

api-versionstringRequired

Responses

204

No Content

400

Bad Request

delete

/settings/reports/file-event-report/included-paths/{id}

DELETE /settings/reports/file-event-report/included-paths/{id} HTTP/1.1
Host: 
Authorization: Basic username:password
api-version: text
Accept: */*

No content

Replace {id} with the identifier of the path you want to remove. You can obtain this identifier from the response of the GET request to view included paths.

Attention! Be specific with your paths to avoid unintentional exclusions. For example, including /var/foo and excluding /var/foo/bar will include /var/foo/baz.txt but exclude /var/foo/bar/other1/test.bin.

Adding Event Reports reporting hours

To add new Event Reports reporting time, send a POST request to /settings/reports/file-event-report/hours with the time in HH:MM:SS format.

post

Authorizations

AuthorizationstringRequired

Basic Authorization header

Header parameters

api-versionstringRequired

Body

hourstring · timeRequired

Responses

200

Success

400

Bad Request

409

Conflict

post

/settings/reports/file-event-report/hours

POST /settings/reports/file-event-report/hours HTTP/1.1
Host: 
Authorization: Basic username:password
api-version: text
Content-Type: application/json-patch+json
Accept: */*
Content-Length: 19

{
  "hour": "10:26:41"
}

{
  "enabled": true,
  "scheduledHours": [
    "10:26:41"
  ]
}

Deleting Event Reports reporting hours

You can remove reporting hours using a DELETE request to /settings/reports/file-event-report/hours with the time you want to remove in HH:MM:SS format.

delete

Authorizations

AuthorizationstringRequired

Basic Authorization header

Query parameters

hourstring · timeOptional

Header parameters

api-versionstringRequired

Responses

200

Success

400

Bad Request

422

Client Error

delete

/settings/reports/file-event-report/hours

DELETE /settings/reports/file-event-report/hours HTTP/1.1
Host: 
Authorization: Basic username:password
api-version: text
Accept: */*

{
  "enabled": true,
  "scheduledHours": [
    "10:26:41"
  ]
}

Tip. Event Reports require at least one reporting hour to work. Trying to remove the only remaining reporting hour will result in an error.

PreviousEvent Reports NextExcluding Paths From Event Reports

Last updated 10 months ago