REST API Documentation | GuardMode 2024.3

Returns all agent tags

get

Authorizations

AuthorizationstringRequired

Basic Authorization header

Header parameters

api-versionstringRequired

Responses

200

A list of all currently added tags

get

/settings/tags

GET /settings/tags HTTP/1.1
Host: 
Authorization: Basic username:password
api-version: text
Accept: */*

200

A list of all currently added tags

[
  {
    "id": "123e4567-e89b-12d3-a456-426614174000",
    "tag": "text",
    "createdAt": "2025-12-13T10:06:25.312Z"
  }
]

Adds a new agent tag

post

Authorizations

AuthorizationstringRequired

Basic Authorization header

Header parameters

api-versionstringRequired

Body

tagstring · min: 1 · max: 250Required

Responses

201

Tag was successfully added

400

Bad request was sent

409

Tag limit was reached

post

/settings/tags

POST /settings/tags HTTP/1.1
Host: 
Authorization: Basic username:password
api-version: text
Content-Type: application/json-patch+json
Accept: */*
Content-Length: 14

{
  "tag": "text"
}

{
  "id": "123e4567-e89b-12d3-a456-426614174000",
  "tag": "text",
  "createdAt": "2025-12-13T10:06:25.312Z"
}

Removes an agent tag

delete

Authorizations

AuthorizationstringRequired

Basic Authorization header

Path parameters

idstring · uuidRequired

Header parameters

api-versionstringRequired

Responses

204

Tag was removed

400

Bad request was sent

delete

/settings/tags/{id}

DELETE /settings/tags/{id} HTTP/1.1
Host: 
Authorization: Basic username:password
api-version: text
Accept: */*

No content

Update password for default user

put

Authorizations

AuthorizationstringRequired

Basic Authorization header

Header parameters

api-versionstringRequired

Body

newPasswordstring · min: 5 · max: 20000Required

Responses

204

Password was successfully updated

400

Request validation failed

application/json

500

Configuration file is malformed

put

/authentication/password

PUT /authentication/password HTTP/1.1
Host: 
Authorization: Basic username:password
api-version: text
Content-Type: application/json-patch+json
Accept: */*
Content-Length: 22

{
  "newPassword": "text"
}

No content

Deprecated

Update file system events configuration

put

Authorizations

AuthorizationstringRequired

Basic Authorization header

Header parameters

api-versionstringRequired

Body

queryingDelaystring · date-spanRequired

savingDelaystring · date-spanRequired

Responses

200

Updated file system events configuration

application/json

400

Request validation failed

application/json

put

/settings/events

PUT /settings/events HTTP/1.1
Host: 
Authorization: Basic username:password
api-version: text
Content-Type: application/json-patch+json
Accept: */*
Content-Length: 45

{
  "queryingDelay": "text",
  "savingDelay": "text"
}

{
  "queryingDelay": "text",
  "savingDelay": "text",
  "incidentDetection": {
    "enabled": true,
    "yaraAnalysisEnabled": true,
    "inactivityPeriod": "text"
  }
}

Get current file system events configuration

get

Authorizations

AuthorizationstringRequired

Basic Authorization header

Header parameters

api-versionstringRequired

Responses

200

Current file system events configuration

application/json

get

/settings/events

GET /settings/events HTTP/1.1
Host: 
Authorization: Basic username:password
api-version: text
Accept: */*

200

Current file system events configuration

{
  "queryingDelay": "text",
  "savingDelay": "text",
  "incidentDetection": {
    "enabled": true,
    "yaraAnalysisEnabled": true,
    "inactivityPeriod": "text"
  }
}

Get all excluded paths

get

Authorizations

AuthorizationstringRequired

Basic Authorization header

Header parameters

api-versionstringRequired

Responses

200

Current listing of excluded paths

404

Excluded paths file was not found

get

/settings/excluded-paths

GET /settings/excluded-paths HTTP/1.1
Host: 
Authorization: Basic username:password
api-version: text
Accept: */*

{
  "paths": [
    {
      "id": "123e4567-e89b-12d3-a456-426614174000",
      "path": "text",
      "user": "text"
    }
  ]
}

Create new excluded path

post

Authorizations

AuthorizationstringRequired

Basic Authorization header

Header parameters

api-versionstringRequired

Body

pathstring · min: 1Required

Path to exclude

userstring | nullableOptional

Username for which the path should be excluded from monitoring

Responses

201

An excluded path entry was created

400

Request validation failed

404

Excluded paths file was not found

409

Excluded path already exists in the file

post

/settings/excluded-paths

POST /settings/excluded-paths HTTP/1.1
Host: 
Authorization: Basic username:password
api-version: text
Content-Type: application/json-patch+json
Accept: */*
Content-Length: 29

{
  "path": "text",
  "user": "text"
}

{
  "id": "123e4567-e89b-12d3-a456-426614174000",
  "path": "text",
  "user": "text"
}

Remove excluded path

delete

Authorizations

AuthorizationstringRequired

Basic Authorization header

Path parameters

idstring · uuidRequired

Excluded path identifier

Header parameters

api-versionstringRequired

Responses

204

Excluded path was removed

404

Excluded paths file was not found

delete

/settings/excluded-paths/{id}

DELETE /settings/excluded-paths/{id} HTTP/1.1
Host: 
Authorization: Basic username:password
api-version: text
Accept: */*

No content

Get single excluded path

get

Authorizations

AuthorizationstringRequired

Basic Authorization header

Path parameters

idstring · uuidRequired

Excluded path identifier

Header parameters

api-versionstringRequired

Responses

200

A single excluded path

404

Excluded path was not found or excluded paths file was not found

get

/settings/excluded-paths/{id}

GET /settings/excluded-paths/{id} HTTP/1.1
Host: 
Authorization: Basic username:password
api-version: text
Accept: */*

{
  "id": "123e4567-e89b-12d3-a456-426614174000",
  "path": "text",
  "user": "text"
}

get

Authorizations

AuthorizationstringRequired

Basic Authorization header

Header parameters

api-versionstringRequired

Responses

200

OK

get

/settings/reports/file-event-report

GET /settings/reports/file-event-report HTTP/1.1
Host: 
Authorization: Basic username:password
api-version: text
Accept: */*

200

OK

{
  "enabled": true,
  "scheduledHours": [
    "10:06:25"
  ]
}

put

Authorizations

AuthorizationstringRequired

Basic Authorization header

Header parameters

api-versionstringRequired

Body

enabledbooleanRequired

Responses

200

OK

400

Bad Request

put

/settings/reports/file-event-report

PUT /settings/reports/file-event-report HTTP/1.1
Host: 
Authorization: Basic username:password
api-version: text
Content-Type: application/json-patch+json
Accept: */*
Content-Length: 16

{
  "enabled": true
}

{
  "enabled": true,
  "scheduledHours": [
    "10:06:25"
  ]
}

post

Authorizations

AuthorizationstringRequired

Basic Authorization header

Header parameters

api-versionstringRequired

Body

hourstring · timeRequired

Responses

200

OK

400

Bad Request

409

Conflict

post

/settings/reports/file-event-report/hours

POST /settings/reports/file-event-report/hours HTTP/1.1
Host: 
Authorization: Basic username:password
api-version: text
Content-Type: application/json-patch+json
Accept: */*
Content-Length: 19

{
  "hour": "10:06:25"
}

{
  "enabled": true,
  "scheduledHours": [
    "10:06:25"
  ]
}

delete

Authorizations

AuthorizationstringRequired

Basic Authorization header

Query parameters

hourstring · timeOptional

Header parameters

api-versionstringRequired

Responses

200

OK

400

Bad Request

422

Unprocessable Content

delete

/settings/reports/file-event-report/hours

DELETE /settings/reports/file-event-report/hours HTTP/1.1
Host: 
Authorization: Basic username:password
api-version: text
Accept: */*

{
  "enabled": true,
  "scheduledHours": [
    "10:06:25"
  ]
}

get

Authorizations

AuthorizationstringRequired

Basic Authorization header

Header parameters

api-versionstringRequired

Responses

200

OK

get

/settings/reports/file-event-report/excluded-paths

GET /settings/reports/file-event-report/excluded-paths HTTP/1.1
Host: 
Authorization: Basic username:password
api-version: text
Accept: */*

200

OK

[
  {
    "id": "123e4567-e89b-12d3-a456-426614174000",
    "path": "text",
    "user": "text"
  }
]

post

Authorizations

AuthorizationstringRequired

Basic Authorization header

Header parameters

api-versionstringRequired

Body

pathstring · min: 1Required

Path to exclude

userstring | nullableOptional

Username for which the path should be excluded from monitoring

Responses

201

Created

400

Bad Request

409

Conflict

post

/settings/reports/file-event-report/excluded-paths

POST /settings/reports/file-event-report/excluded-paths HTTP/1.1
Host: 
Authorization: Basic username:password
api-version: text
Content-Type: application/json-patch+json
Accept: */*
Content-Length: 29

{
  "path": "text",
  "user": "text"
}

{
  "id": "123e4567-e89b-12d3-a456-426614174000",
  "path": "text",
  "user": "text"
}

delete

Authorizations

AuthorizationstringRequired

Basic Authorization header

Path parameters

idstring · uuidRequired

Header parameters

api-versionstringRequired

Responses

204

No Content

400

Bad Request

delete

/settings/reports/file-event-report/excluded-paths/{id}

DELETE /settings/reports/file-event-report/excluded-paths/{id} HTTP/1.1
Host: 
Authorization: Basic username:password
api-version: text
Accept: */*

No content

get

Authorizations

AuthorizationstringRequired

Basic Authorization header

Header parameters

api-versionstringRequired

Responses

200

OK

get

/settings/reports/file-event-report/included-paths

GET /settings/reports/file-event-report/included-paths HTTP/1.1
Host: 
Authorization: Basic username:password
api-version: text
Accept: */*

200

OK

[
  {
    "id": "123e4567-e89b-12d3-a456-426614174000",
    "path": "text",
    "user": "text"
  }
]

post

Authorizations

AuthorizationstringRequired

Basic Authorization header

Header parameters

api-versionstringRequired

Body

pathstring · min: 1Required

Path to include

userstring | nullableOptional

Username for which the path should be included in file event reports

Responses

201

Created

400

Bad Request

409

Conflict

post

/settings/reports/file-event-report/included-paths

POST /settings/reports/file-event-report/included-paths HTTP/1.1
Host: 
Authorization: Basic username:password
api-version: text
Content-Type: application/json-patch+json
Accept: */*
Content-Length: 29

{
  "path": "text",
  "user": "text"
}

{
  "id": "123e4567-e89b-12d3-a456-426614174000",
  "path": "text",
  "user": "text"
}

delete

Authorizations

AuthorizationstringRequired

Basic Authorization header

Path parameters

idstring · uuidRequired

Header parameters

api-versionstringRequired

Responses

204

No Content

400

Bad Request

delete

/settings/reports/file-event-report/included-paths/{id}

DELETE /settings/reports/file-event-report/included-paths/{id} HTTP/1.1
Host: 
Authorization: Basic username:password
api-version: text
Accept: */*

No content

Returns current file integrity configuration

get

Authorizations

AuthorizationstringRequired

Basic Authorization header

Header parameters

api-versionstringRequired

Responses

200

File integrity configuration

get

/settings/file-integrity

GET /settings/file-integrity HTTP/1.1
Host: 
Authorization: Basic username:password
api-version: text
Accept: */*

200

File integrity configuration

{
  "enabled": true,
  "paths": [
    {
      "id": "123e4567-e89b-12d3-a456-426614174000",
      "prefix": "text",
      "checkFileContents": true
    }
  ]
}

Adds new monitored path to file integrity configuration

post

Authorizations

AuthorizationstringRequired

Basic Authorization header

Header parameters

api-versionstringRequired

Body

Request to add new monitored path to file integrity configuration

prefixstring · min: 1Required

Path prefix to monitor

checkFileContentsbooleanRequired

Indicates if the file contents are checked to reduce number of false positives

Responses

200

OK

201

New path was successfully added

400

Request validation failed

409

Conflict

post

/settings/file-integrity

POST /settings/file-integrity HTTP/1.1
Host: 
Authorization: Basic username:password
api-version: text
Content-Type: application/json-patch+json
Accept: */*
Content-Length: 42

{
  "prefix": "text",
  "checkFileContents": true
}

{
  "enabled": true,
  "paths": [
    {
      "id": "123e4567-e89b-12d3-a456-426614174000",
      "prefix": "text",
      "checkFileContents": true
    }
  ]
}

Updates file integrity strategy configuration

put

Authorizations

AuthorizationstringRequired

Basic Authorization header

Header parameters

api-versionstringRequired

Body

Updates file integrity strategy configuration

enabledbooleanRequired

Indicates if the file integrity strategy is enabled

Responses

200

OK

400

Request validation failed

put

/settings/file-integrity

PUT /settings/file-integrity HTTP/1.1
Host: 
Authorization: Basic username:password
api-version: text
Content-Type: application/json-patch+json
Accept: */*
Content-Length: 16

{
  "enabled": true
}

{
  "enabled": true,
  "paths": [
    {
      "id": "123e4567-e89b-12d3-a456-426614174000",
      "prefix": "text",
      "checkFileContents": true
    }
  ]
}

Removes path with specified ID from file integrity configuration

delete

Authorizations

AuthorizationstringRequired

Basic Authorization header

Query parameters

idstring · uuidOptional

ID of the path to be removed

Header parameters

api-versionstringRequired

Responses

200

Path was successfully removed

204

No Content

400

Request validation failed

delete

/settings/file-integrity

DELETE /settings/file-integrity HTTP/1.1
Host: 
Authorization: Basic username:password
api-version: text
Accept: */*

{
  "enabled": true,
  "paths": [
    {
      "id": "123e4567-e89b-12d3-a456-426614174000",
      "prefix": "text",
      "checkFileContents": true
    }
  ]
}

Updates one of monitored paths

put

Authorizations

AuthorizationstringRequired

Basic Authorization header

Path parameters

idstring · uuidRequired

ID of path to update

Header parameters

api-versionstringRequired

Body

checkFileContentsbooleanRequired

Indicates if the file contents are checked to reduce number of false positives

Responses

200

OK

404

Not Found

put

/settings/file-integrity/{id}

PUT /settings/file-integrity/{id} HTTP/1.1
Host: 
Authorization: Basic username:password
api-version: text
Content-Type: application/json-patch+json
Accept: */*
Content-Length: 26

{
  "checkFileContents": true
}

{
  "enabled": true,
  "paths": [
    {
      "id": "123e4567-e89b-12d3-a456-426614174000",
      "prefix": "text",
      "checkFileContents": true
    }
  ]
}

List all file system event types

get

Authorizations

AuthorizationstringRequired

Basic Authorization header

Header parameters

api-versionstringRequired

Responses

200

A collection of all file system event types

application/json

get

/events/types

GET /events/types HTTP/1.1
Host: 
Authorization: Basic username:password
api-version: text
Accept: */*

200

A collection of all file system event types

[
  {
    "id": 1,
    "name": "text"
  }
]

List file system events

get

Authorizations

AuthorizationstringRequired

Basic Authorization header

Query parameters

Startstring · date-timeOptional

Endstring · date-timeOptional

Limitinteger · int32 · min: 1 · max: 5000Optional

CursorstringOptional

incidentstring · uuidOptional

Header parameters

api-versionstringRequired

Responses

200

A collection of file system events

application/json

400

Request validation failed

application/json

get

/events

GET /events HTTP/1.1
Host: 
Authorization: Basic username:password
api-version: text
Accept: */*

{
  "events": [
    {
      "filename": "text",
      "oldFilename": "text",
      "occurrenceTimeStamp": "2025-12-13T10:06:25.312Z",
      "insertionTimeStamp": "2025-12-13T10:06:25.312Z",
      "type": {
        "id": 1,
        "name": "text"
      },
      "username": "text",
      "pid": 1,
      "networkUsername": "text"
    }
  ],
  "nextRequestCursor": "text",
  "numberOfItems": 1
}

Update honeypot configuration

put

Authorizations

AuthorizationstringRequired

Basic Authorization header

Header parameters

api-versionstringRequired

Body

placementPathsstring[]Required

A set of placement paths

sourcePathstring | nullableOptional

Source path honeypot files

Responses

200

Updated honeypot configuration

400

Request validation failed

put

/settings/honeypot

PUT /settings/honeypot HTTP/1.1
Host: 
Authorization: Basic username:password
api-version: text
Content-Type: application/json-patch+json
Accept: */*
Content-Length: 47

{
  "placementPaths": [
    "text"
  ],
  "sourcePath": "text"
}

{
  "sourcePath": "text",
  "placementPaths": [
    "text"
  ]
}

Get current honeypot configuration

get

Authorizations

AuthorizationstringRequired

Basic Authorization header

Header parameters

api-versionstringRequired

Responses

200

Current honeypot configuration

get

/settings/honeypot

GET /settings/honeypot HTTP/1.1
Host: 
Authorization: Basic username:password
api-version: text
Accept: */*

200

Current honeypot configuration

{
  "sourcePath": "text",
  "placementPaths": [
    "text"
  ]
}

Add placement path to honeypot configuration

post

Authorizations

AuthorizationstringRequired

Basic Authorization header

Header parameters

api-versionstringRequired

Body

placementPathstring · min: 1Required

A set of placement paths

Responses

200

An updated honeypot configuration with the new placement path

400

Request validation failed

post

/settings/honeypot

POST /settings/honeypot HTTP/1.1
Host: 
Authorization: Basic username:password
api-version: text
Content-Type: application/json-patch+json
Accept: */*
Content-Length: 24

{
  "placementPath": "text"
}

{
  "sourcePath": "text",
  "placementPaths": [
    "text"
  ]
}

Remove placement path from honeypot configuration

delete

Authorizations

AuthorizationstringRequired

Basic Authorization header

Query parameters

pathstringOptional

Placement path

Header parameters

api-versionstringRequired

Responses

200

An updated honeypot configuration without the selected placement path

400

Request validation failed

delete

/settings/honeypot

DELETE /settings/honeypot HTTP/1.1
Host: 
Authorization: Basic username:password
api-version: text
Accept: */*

{
  "sourcePath": "text",
  "placementPaths": [
    "text"
  ]
}

List all affected files linked to an incident with provided identifier

get

Authorizations

AuthorizationstringRequired

Basic Authorization header

Path parameters

incidentIdstring · uuidRequired

Incident identifier

Query parameters

Limitinteger · int32 · min: 1 · max: 2000Optional

Maximum number of entries to be returned

CursorstringOptional

Cursor to filter out already returned entries

Header parameters

api-versionstringRequired

Responses

200

A list of affected files connected to an incident with a given identifier

application/json

400

Request validation failed

application/json

404

An incident with provided identifier was not found

application/json

get

/security-incidents/{incidentId}/files

GET /security-incidents/{incidentId}/files HTTP/1.1
Host: 
Authorization: Basic username:password
api-version: text
Accept: */*

[
  {
    "originalPath": "text",
    "mostRecentPath": "text",
    "firstModificationTime": "2025-12-13T10:06:25.312Z",
    "modification": {
      "id": 1,
      "name": "text"
    }
  }
]

Get suspicious events connected to an incident with provided identifier

get

Authorizations

AuthorizationstringRequired

Basic Authorization header

Path parameters

idstring · uuidRequired

Incident identifier

Query parameters

Startstring · date-timeOptional

Endstring · date-timeOptional

Limitinteger · int32 · min: 1 · max: 5000Optional

CursorstringOptional

Header parameters

api-versionstringRequired

Responses

200

A collection of events connected to an incident with a given identifier

application/json

400

Request validation failed

application/json

404

An incident with provided identifier was not found

application/json

get

/security-incidents/{id}/events

GET /security-incidents/{id}/events HTTP/1.1
Host: 
Authorization: Basic username:password
api-version: text
Accept: */*

{
  "events": [
    {
      "filename": "text",
      "oldFilename": "text",
      "occurrenceTimeStamp": "2025-12-13T10:06:25.312Z",
      "insertionTimeStamp": "2025-12-13T10:06:25.312Z",
      "type": {
        "id": 1,
        "name": "text"
      },
      "username": "text",
      "pid": 1,
      "networkUsername": "text"
    }
  ],
  "nextRequestCursor": "text",
  "numberOfItems": 1
}

List all security incidents

get

Authorizations

AuthorizationstringRequired

Basic Authorization header

Query parameters

userstringOptional

User name. Only includes the incidents which were created for a specific user

Header parameters

api-versionstringRequired

Responses

200

A list of all detected security incidents

application/json

get

/security-incidents

GET /security-incidents HTTP/1.1
Host: 
Authorization: Basic username:password
api-version: text
Accept: */*

200

A list of all detected security incidents

[
  {
    "id": "123e4567-e89b-12d3-a456-426614174000",
    "user": "text",
    "start": "2025-12-13T10:06:25.312Z",
    "end": "2025-12-13T10:06:25.312Z"
  }
]

Get all possible values of affected file modification types

get

Authorizations

AuthorizationstringRequired

Basic Authorization header

Header parameters

api-versionstringRequired

Responses

200

A list of all possible values of affected file modification types

application/json

get

/security-incidents/modification-types

GET /security-incidents/modification-types HTTP/1.1
Host: 
Authorization: Basic username:password
api-version: text
Accept: */*

200

A list of all possible values of affected file modification types

[
  {
    "id": 1,
    "name": "text"
  }
]

Registers the agent's node with a management server

post

Authorizations

AuthorizationstringRequired

Basic Authorization header

Header parameters

api-versionstringRequired

Body

A request that registers an agent with a management server

instance_idstring · uuidRequired

Agent instance identifier

server_addressstring · min: 1Required

The Guard Mode management server address/host

key_idstring · uuidRequired

API key identifier

api_key_secretstring · min: 1Required

API key secret

Responses

200

Registration response with an extra data about the node

400

Request validation failed

409

Agent is already registered with a server instance

post

/registrations

POST /registrations HTTP/1.1
Host: 
Authorization: Basic username:password
api-version: text
Content-Type: application/json-patch+json
Accept: */*
Content-Length: 150

{
  "instance_id": "123e4567-e89b-12d3-a456-426614174000",
  "server_address": "text",
  "key_id": "123e4567-e89b-12d3-a456-426614174000",
  "api_key_secret": "text"
}

{
  "fqdn": "text",
  "operatingSystem": "text"
}

Removes the current registration from a management server

delete

Authorizations

AuthorizationstringRequired

Basic Authorization header

Header parameters

api-versionstringRequired

Responses

204

Registration is removed

delete

/registrations

DELETE /registrations HTTP/1.1
Host: 
Authorization: Basic username:password
api-version: text
Accept: */*

204

Registration is removed

No content

Returns block list information

get

Authorizations

AuthorizationstringRequired

Basic Authorization header

Header parameters

api-versionstringRequired

Responses

200

Current block list data

get

/settings/block-list

GET /settings/block-list HTTP/1.1
Host: 
Authorization: Basic username:password
api-version: text
Accept: */*

200

Current block list data

{
  "lastUpdated": "2025-12-13T10:06:25.312Z",
  "fileGroupCount": 1
}

Update block list patterns

put

Authorizations

AuthorizationstringRequired

Basic Authorization header

Header parameters

api-versionstringRequired

Body

lastUpdatedstring · date-timeRequired

The timestamp which will be set as the 'last update time' for the block list

filtersstring[]Required

Collection of path filters

Example: ["*.exe"]

Responses

204

Block list patterns were updated

304

Block list was not modified because it is already up to date

400

Request validation failed

put

/settings/block-list

PUT /settings/block-list HTTP/1.1
Host: 
Authorization: Basic username:password
api-version: text
Content-Type: application/json-patch+json
Accept: */*
Content-Length: 62

{
  "lastUpdated": "2025-12-13T10:06:25.312Z",
  "filters": [
    "*.exe"
  ]
}

No content

Returns skip list information

get

Authorizations

AuthorizationstringRequired

Basic Authorization header

Header parameters

api-versionstringRequired

Responses

200

Current skip list

get

/settings/block-list/skip

GET /settings/block-list/skip HTTP/1.1
Host: 
Authorization: Basic username:password
api-version: text
Accept: */*

200

Current skip list

{
  "filters": [
    {
      "id": "123e4567-e89b-12d3-a456-426614174000",
      "createdDate": "2025-12-13T10:06:25.312Z",
      "pattern": "text"
    }
  ]
}

Update skip list patterns

put

Authorizations

AuthorizationstringRequired

Basic Authorization header

Header parameters

api-versionstringRequired

Body

filtersstring[]Required

Collection of path filters

Example: ["*.exe"]

Responses

204

Skip list patterns updated

400

Request validation failed

put

/settings/block-list/skip

PUT /settings/block-list/skip HTTP/1.1
Host: 
Authorization: Basic username:password
api-version: text
Content-Type: application/json-patch+json
Accept: */*
Content-Length: 21

{
  "filters": [
    "*.exe"
  ]
}

No content

Add a pattern to skip list

post

Authorizations

AuthorizationstringRequired

Basic Authorization header

Header parameters

api-versionstringRequired

Body

patternstring · min: 1Required

File path pattern

Responses

204

Skip pattern added

400

Request validation failed

409

Pattern already exists in the skip list

post

/settings/block-list/skip

POST /settings/block-list/skip HTTP/1.1
Host: 
Authorization: Basic username:password
api-version: text
Content-Type: application/json-patch+json
Accept: */*
Content-Length: 18

{
  "pattern": "text"
}

No content

Remove a pattern from skip list

delete

Authorizations

AuthorizationstringRequired

Basic Authorization header

Path parameters

idstring · uuidRequired

Skip list pattern identifier

Header parameters

api-versionstringRequired

Responses

204

Skip pattern was removed

400

Request validation failed

delete

/settings/block-list/skip/{id}

DELETE /settings/block-list/skip/{id} HTTP/1.1
Host: 
Authorization: Basic username:password
api-version: text
Accept: */*

No content

Get all scans

get

Authorizations

AuthorizationstringRequired

Basic Authorization header

Query parameters

Limitinteger · int32 · min: 1 · max: 2000Optional

Maximum number of entries to be returned

CursorstringOptional

Cursor to filter out already returned entries

Header parameters

api-versionstringRequired

Responses

200

Returns a list of all scans, both ended and ongoing

400

Bad Request

get

/scans

GET /scans HTTP/1.1
Host: 
Authorization: Basic username:password
api-version: text
Accept: */*

[
  {
    "id": "123e4567-e89b-12d3-a456-426614174000",
    "startedAt": "2025-12-13T10:06:25.312Z",
    "endedAt": "2025-12-13T10:06:25.312Z",
    "lastScannedPath": "text",
    "scannedFilesCount": 1,
    "suspiciousFilesCount": 1,
    "state": {
      "id": 1,
      "name": "text"
    },
    "pathsToScan": [
      {
        "value": "text",
        "errorMessage": "text"
      }
    ]
  }
]

Start new scan

post

Authorizations

AuthorizationstringRequired

Basic Authorization header

Header parameters

api-versionstringRequired

Body

Scan creation request

pathsstring[]Required

Paths that will be recursively scanned

checkBlockListPatternsbooleanRequired

Indicates if file names found during scan should be analyzed to find files with names often used by ransomware

checkYaraRulesbooleanOptional

Indicates if files should be scanned using YARA rules

sendAlertsbooleanOptional

If true, Agent will raise alert on suspicious file found

rootMountPointsstring[] | nullableOptional

If present, causes exclusions to work as if filesystem root was at each of provided paths

Responses

200

Returns a newly created scan

No content

202

Accepted

400

Bad request was sent

post

/scans

POST /scans HTTP/1.1
Host: 
Authorization: Basic username:password
api-version: text
Content-Type: application/json-patch+json
Accept: */*
Content-Length: 115

{
  "paths": [
    "text"
  ],
  "checkBlockListPatterns": true,
  "checkYaraRules": true,
  "sendAlerts": true,
  "rootMountPoints": [
    "text"
  ]
}

No content

Get a scan with a given ID

get

Authorizations

AuthorizationstringRequired

Basic Authorization header

Path parameters

idstring · uuidRequired

Header parameters

api-versionstringRequired

Responses

200

Returns a scan with provided ID

404

There is no scan with a given ID

get

/scans/{id}

GET /scans/{id} HTTP/1.1
Host: 
Authorization: Basic username:password
api-version: text
Accept: */*

{
  "id": "123e4567-e89b-12d3-a456-426614174000",
  "startedAt": "2025-12-13T10:06:25.312Z",
  "endedAt": "2025-12-13T10:06:25.312Z",
  "lastScannedPath": "text",
  "scannedFilesCount": 1,
  "suspiciousFilesCount": 1,
  "state": {
    "id": 1,
    "name": "text"
  },
  "pathsToScan": [
    {
      "value": "text",
      "errorMessage": "text"
    }
  ]
}

Get suspicious files' details from a scan with a given ID

get

Authorizations

AuthorizationstringRequired

Basic Authorization header

Path parameters

idstring · uuidRequired

Query parameters

Limitinteger · int32 · min: 1 · max: 1000Optional

Maximum number of entries to be returned

CursorstringOptional

Cursor to filter out already returned entries

Header parameters

api-versionstringRequired

Responses

200

Returns a list of suspicious files found by this scan

400

Bad Request

404

There is no scan with a given ID

get

/scans/{id}/suspicious-files

GET /scans/{id}/suspicious-files HTTP/1.1
Host: 
Authorization: Basic username:password
api-version: text
Accept: */*

{
  "id": "123e4567-e89b-12d3-a456-426614174000",
  "startedAt": "2025-12-13T10:06:25.312Z",
  "endedAt": "2025-12-13T10:06:25.312Z",
  "lastScannedPath": "text",
  "scannedFilesCount": 1,
  "suspiciousFilesCount": 1,
  "state": {
    "id": 1,
    "name": "text"
  },
  "pathsToScan": [
    {
      "value": "text",
      "errorMessage": "text"
    }
  ]
}

Attempts to stop a scan with given ID

post

Authorizations

AuthorizationstringRequired

Basic Authorization header

Path parameters

idstring · uuidRequired

Header parameters

api-versionstringRequired

Responses

200

Scan was successfully stopped

No content

204

Scan has already finished

404

Scan with provided ID doesn't exist

422

Scan with provided ID cannot be stopped

post

/scans/{id}/stop

POST /scans/{id}/stop HTTP/1.1
Host: 
Authorization: Basic username:password
api-version: text
Accept: */*

No content

Returns current SMB monitoring configuration

get

Authorizations

AuthorizationstringRequired

Basic Authorization header

Header parameters

api-versionstringRequired

Responses

200

Current SMB monitoring configuration

application/json

get

/settings/smb

GET /settings/smb HTTP/1.1
Host: 
Authorization: Basic username:password
api-version: text
Accept: */*

200

Current SMB monitoring configuration

{
  "enabled": true,
  "message": {
    "template": "text"
  },
  "listener": {
    "port": 1,
    "endMarker": "text"
  }
}

Updates SMB monitoring configuration

put

Authorizations

AuthorizationstringRequired

Basic Authorization header

Header parameters

api-versionstringRequired

Body

enabledbooleanRequired

Responses

200

Updated SMB monitoring configuration

application/json

400

Request validation failed

application/json

put

/settings/smb

PUT /settings/smb HTTP/1.1
Host: 
Authorization: Basic username:password
api-version: text
Content-Type: application/json-patch+json
Accept: */*
Content-Length: 87

{
  "enabled": true,
  "message": {
    "template": "text"
  },
  "listener": {
    "port": 1,
    "endMarker": "text"
  }
}

{
  "enabled": true,
  "message": {
    "template": "text"
  },
  "listener": {
    "port": 1,
    "endMarker": "text"
  }
}

Update threshold configuration.

put

Authorizations

AuthorizationstringRequired

Basic Authorization header

Header parameters

api-versionstringRequired

Body

numberOfBucketsinteger · int32 · max: 1000Required

Number of threshold buckets

pointsLimitinteger · int32 · max: 1000Required

Limit of data points to analyze

Responses

200

Updated threshold configuration

400

Request validation failed

put

/settings/threshold

PUT /settings/threshold HTTP/1.1
Host: 
Authorization: Basic username:password
api-version: text
Content-Type: application/json-patch+json
Accept: */*
Content-Length: 264

{
  "entropyCheck": {
    "enabled": true,
    "maxCheckAttempts": 1
  },
  "magicNumberCheck": {
    "enabled": true,
    "filesChecked": 1
  },
  "yaraCheck": {
    "enabled": true
  },
  "numberOfBuckets": 1,
  "pointsLimit": 1,
  "writesPerSecond": {
    "high": 1,
    "medium": 1,
    "low": 1
  },
  "riskWeights": {
    "high": 1,
    "medium": 1,
    "low": 1
  }
}

{
  "entropyCheck": {
    "enabled": true,
    "maxCheckAttempts": 1
  },
  "magicNumberCheck": {
    "enabled": true,
    "filesChecked": 1
  },
  "yaraCheck": {
    "isEnabled": true
  },
  "numberOfBuckets": 1,
  "pointsLimit": 1,
  "writesPerSecond": {
    "high": 1,
    "medium": 1,
    "low": 1
  },
  "riskWeights": {
    "high": 1,
    "medium": 1,
    "low": 1
  }
}

Get current threshold configuration.

get

Authorizations

AuthorizationstringRequired

Basic Authorization header

Header parameters

api-versionstringRequired

Responses

200

Current threshold configuration

get

/settings/threshold

GET /settings/threshold HTTP/1.1
Host: 
Authorization: Basic username:password
api-version: text
Accept: */*

200

Current threshold configuration

{
  "entropyCheck": {
    "enabled": true,
    "maxCheckAttempts": 1
  },
  "magicNumberCheck": {
    "enabled": true,
    "filesChecked": 1
  },
  "yaraCheck": {
    "isEnabled": true
  },
  "numberOfBuckets": 1,
  "pointsLimit": 1,
  "writesPerSecond": {
    "high": 1,
    "medium": 1,
    "low": 1
  },
  "riskWeights": {
    "high": 1,
    "medium": 1,
    "low": 1
  }
}

Get Agent's healtcheck

get

Authorizations

Responses

200

Success

No content

get

/health

GET /health HTTP/1.1
Host: 
Accept: */*

200

Success

No content

Get OpenTelemetry metrics of the Agent as a Prometheus log

get

Authorizations

Responses

200

Success

No content

get

/metrics

GET /metrics HTTP/1.1
Host: 
Accept: */*

200

Success

No content

Update YARA analysis configuration

put

Authorizations

AuthorizationstringRequired

Basic Authorization header

Header parameters

api-versionstringRequired

Body

Responses

200

Updated configuration

400

Bad request was sent

put

/settings/yara

PUT /settings/yara HTTP/1.1
Host: 
Authorization: Basic username:password
api-version: text
Content-Type: application/json-patch+json
Accept: */*
Content-Length: 225

{
  "scans": {
    "rulesPath": "text",
    "maxFileSizeInBytes": 1
  },
  "threshold": {
    "rulesPath": "text",
    "maxFileSizeInBytes": 1
  },
  "fileIntegrity": {
    "rulesPath": "text",
    "maxFileSizeInBytes": 1
  },
  "incidents": {
    "rulesPath": "text",
    "maxFileSizeInBytes": 1
  }
}

{
  "scans": {
    "rulesPath": "text",
    "maxFileSizeInBytes": 1
  },
  "threshold": {
    "rulesPath": "text",
    "maxFileSizeInBytes": 1
  },
  "fileIntegrity": {
    "rulesPath": "text",
    "maxFileSizeInBytes": 1
  },
  "incidents": {
    "rulesPath": "text",
    "maxFileSizeInBytes": 1
  }
}

Get current YARA analysis configuration

get

Authorizations

AuthorizationstringRequired

Basic Authorization header

Header parameters

api-versionstringRequired

Responses

200

Current configuration

get

/settings/yara

GET /settings/yara HTTP/1.1
Host: 
Authorization: Basic username:password
api-version: text
Accept: */*

200

Current configuration

{
  "scans": {
    "rulesPath": "text",
    "maxFileSizeInBytes": 1
  },
  "threshold": {
    "rulesPath": "text",
    "maxFileSizeInBytes": 1
  },
  "fileIntegrity": {
    "rulesPath": "text",
    "maxFileSizeInBytes": 1
  },
  "incidents": {
    "rulesPath": "text",
    "maxFileSizeInBytes": 1
  }
}

Returns information about all timezones defined in the system that agent is operating on

get

Authorizations

AuthorizationstringRequired

Basic Authorization header

Header parameters

api-versionstringRequired

Responses

200

OK

204

List of all known timezones

get

/settings/available-timezones

GET /settings/available-timezones HTTP/1.1
Host: 
Authorization: Basic username:password
api-version: text
Accept: */*

[
  {
    "id": "text",
    "offset": "text"
  }
]

Updates timezone configuration

put

Authorizations

AuthorizationstringRequired

Basic Authorization header

Header parameters

api-versionstringRequired

Body

Timezone configuration update request

timeZonestring · min: 1Required

ID of a timezone that will be set

Responses

204

Configuration was successfully updated

400

Bad request was sent

put

/settings/timezone

PUT /settings/timezone HTTP/1.1
Host: 
Authorization: Basic username:password
api-version: text
Content-Type: application/json-patch+json
Accept: */*
Content-Length: 19

{
  "timeZone": "text"
}

No content

Returns current timezone configuration

get

Authorizations

AuthorizationstringRequired

Basic Authorization header

Header parameters

api-versionstringRequired

Responses

200

Current timezone configuration

get

/settings/timezone

GET /settings/timezone HTTP/1.1
Host: 
Authorization: Basic username:password
api-version: text
Accept: */*

200

Current timezone configuration

{
  "timeZone": {
    "id": "text",
    "offset": "text"
  }
}