REST API Documentation

See also. To access the Swagger API using HTTPS, see Using TLS.

Returns all agent tags

get
Authorizations
Header parameters
api-versionstringRequired
Responses
200
A list of all currently added tags
get
GET /settings/tags HTTP/1.1
Host: 
Authorization: Basic username:password
api-version: text
Accept: */*
200

A list of all currently added tags

[
  {
    "id": "123e4567-e89b-12d3-a456-426614174000",
    "tag": "text",
    "createdAt": "2025-07-01T03:38:23.906Z"
  }
]

Adds a new agent tag

post
Authorizations
Header parameters
api-versionstringRequired
Body
tagstring · min: 1 · max: 250Required
Responses
201
Tag was successfully added
post
POST /settings/tags HTTP/1.1
Host: 
Authorization: Basic username:password
api-version: text
Content-Type: application/json-patch+json
Accept: */*
Content-Length: 14

{
  "tag": "text"
}
{
  "id": "123e4567-e89b-12d3-a456-426614174000",
  "tag": "text",
  "createdAt": "2025-07-01T03:38:23.906Z"
}

Removes an agent tag

delete
Authorizations
Path parameters
idstring · uuidRequired
Header parameters
api-versionstringRequired
Responses
204
Tag was removed
delete
DELETE /settings/tags/{id} HTTP/1.1
Host: 
Authorization: Basic username:password
api-version: text
Accept: */*

No content

Update password for default user

put
Authorizations
Header parameters
api-versionstringRequired
Body
newPasswordstring · min: 5 · max: 20000Required
Responses
204
Password was successfully updated
put
PUT /authentication/password HTTP/1.1
Host: 
Authorization: Basic username:password
api-version: text
Content-Type: application/json-patch+json
Accept: */*
Content-Length: 22

{
  "newPassword": "text"
}
No content
Deprecated

Update file system events configuration

put
Authorizations
Header parameters
api-versionstringRequired
Body
queryingDelaystring · date-spanRequired
savingDelaystring · date-spanRequired
Responses
200
Updated file system events configuration
application/json
put
PUT /settings/events HTTP/1.1
Host: 
Authorization: Basic username:password
api-version: text
Content-Type: application/json-patch+json
Accept: */*
Content-Length: 45

{
  "queryingDelay": "text",
  "savingDelay": "text"
}
{
  "queryingDelay": "text",
  "savingDelay": "text",
  "incidentDetection": {
    "enabled": true,
    "yaraAnalysisEnabled": true,
    "inactivityPeriod": "text"
  }
}

Get current file system events configuration

get
Authorizations
Header parameters
api-versionstringRequired
Responses
200
Current file system events configuration
application/json
get
GET /settings/events HTTP/1.1
Host: 
Authorization: Basic username:password
api-version: text
Accept: */*
200

Current file system events configuration

{
  "queryingDelay": "text",
  "savingDelay": "text",
  "incidentDetection": {
    "enabled": true,
    "yaraAnalysisEnabled": true,
    "inactivityPeriod": "text"
  }
}

Get all excluded paths

get
Authorizations
Header parameters
api-versionstringRequired
Responses
200
Current listing of excluded paths
get
GET /settings/excluded-paths HTTP/1.1
Host: 
Authorization: Basic username:password
api-version: text
Accept: */*

{
  "paths": [
    {
      "id": "123e4567-e89b-12d3-a456-426614174000",
      "path": "text",
      "user": "text"
    }
  ]
}

Create new excluded path

post
Authorizations
Header parameters
api-versionstringRequired
Body
pathstring · min: 1Required

Path to exclude

userstring | nullableOptional

Username for which the path should be excluded from monitoring

Responses
201
An excluded path entry was created
post
POST /settings/excluded-paths HTTP/1.1
Host: 
Authorization: Basic username:password
api-version: text
Content-Type: application/json-patch+json
Accept: */*
Content-Length: 29

{
  "path": "text",
  "user": "text"
}
{
  "id": "123e4567-e89b-12d3-a456-426614174000",
  "path": "text",
  "user": "text"
}

Remove excluded path

delete
Authorizations
Path parameters
idstring · uuidRequired

Excluded path identifier

Header parameters
api-versionstringRequired
Responses
204
Excluded path was removed
delete
DELETE /settings/excluded-paths/{id} HTTP/1.1
Host: 
Authorization: Basic username:password
api-version: text
Accept: */*

No content

Get single excluded path

get
Authorizations
Path parameters
idstring · uuidRequired

Excluded path identifier

Header parameters
api-versionstringRequired
Responses
200
A single excluded path
get
GET /settings/excluded-paths/{id} HTTP/1.1
Host: 
Authorization: Basic username:password
api-version: text
Accept: */*

{
  "id": "123e4567-e89b-12d3-a456-426614174000",
  "path": "text",
  "user": "text"
}
get
Authorizations
Header parameters
api-versionstringRequired
Responses
200
OK
get
GET /settings/reports/file-event-report HTTP/1.1
Host: 
Authorization: Basic username:password
api-version: text
Accept: */*
200

OK

{
  "enabled": true,
  "scheduledHours": [
    "03:38:23"
  ]
}
put
Authorizations
Header parameters
api-versionstringRequired
Body
enabledbooleanRequired
Responses
200
OK
put
PUT /settings/reports/file-event-report HTTP/1.1
Host: 
Authorization: Basic username:password
api-version: text
Content-Type: application/json-patch+json
Accept: */*
Content-Length: 16

{
  "enabled": true
}
{
  "enabled": true,
  "scheduledHours": [
    "03:38:23"
  ]
}
post
Authorizations
Header parameters
api-versionstringRequired
Body
hourstring · timeRequired
Responses
200
OK
post
POST /settings/reports/file-event-report/hours HTTP/1.1
Host: 
Authorization: Basic username:password
api-version: text
Content-Type: application/json-patch+json
Accept: */*
Content-Length: 19

{
  "hour": "03:38:23"
}
{
  "enabled": true,
  "scheduledHours": [
    "03:38:23"
  ]
}
delete
Authorizations
Query parameters
hourstring · timeOptional
Header parameters
api-versionstringRequired
Responses
200
OK
delete
DELETE /settings/reports/file-event-report/hours HTTP/1.1
Host: 
Authorization: Basic username:password
api-version: text
Accept: */*

{
  "enabled": true,
  "scheduledHours": [
    "03:38:23"
  ]
}
get
Authorizations
Header parameters
api-versionstringRequired
Responses
200
OK
get
GET /settings/reports/file-event-report/excluded-paths HTTP/1.1
Host: 
Authorization: Basic username:password
api-version: text
Accept: */*
200

OK

[
  {
    "id": "123e4567-e89b-12d3-a456-426614174000",
    "path": "text",
    "user": "text"
  }
]
post
Authorizations
Header parameters
api-versionstringRequired
Body
pathstring · min: 1Required

Path to exclude

userstring | nullableOptional

Username for which the path should be excluded from monitoring

Responses
201
Created
post
POST /settings/reports/file-event-report/excluded-paths HTTP/1.1
Host: 
Authorization: Basic username:password
api-version: text
Content-Type: application/json-patch+json
Accept: */*
Content-Length: 29

{
  "path": "text",
  "user": "text"
}
{
  "id": "123e4567-e89b-12d3-a456-426614174000",
  "path": "text",
  "user": "text"
}
delete
Authorizations
Path parameters
idstring · uuidRequired
Header parameters
api-versionstringRequired
Responses
204
No Content
delete
DELETE /settings/reports/file-event-report/excluded-paths/{id} HTTP/1.1
Host: 
Authorization: Basic username:password
api-version: text
Accept: */*

No content
get
Authorizations
Header parameters
api-versionstringRequired
Responses
200
OK
get
GET /settings/reports/file-event-report/included-paths HTTP/1.1
Host: 
Authorization: Basic username:password
api-version: text
Accept: */*
200

OK

[
  {
    "id": "123e4567-e89b-12d3-a456-426614174000",
    "path": "text",
    "user": "text"
  }
]
post
Authorizations
Header parameters
api-versionstringRequired
Body
pathstring · min: 1Required

Path to include

userstring | nullableOptional

Username for which the path should be included in file event reports

Responses
201
Created
post
POST /settings/reports/file-event-report/included-paths HTTP/1.1
Host: 
Authorization: Basic username:password
api-version: text
Content-Type: application/json-patch+json
Accept: */*
Content-Length: 29

{
  "path": "text",
  "user": "text"
}
{
  "id": "123e4567-e89b-12d3-a456-426614174000",
  "path": "text",
  "user": "text"
}
delete
Authorizations
Path parameters
idstring · uuidRequired
Header parameters
api-versionstringRequired
Responses
204
No Content
delete
DELETE /settings/reports/file-event-report/included-paths/{id} HTTP/1.1
Host: 
Authorization: Basic username:password
api-version: text
Accept: */*

No content

Returns current file integrity configuration

get
Authorizations
Header parameters
api-versionstringRequired
Responses
200
File integrity configuration
get
GET /settings/file-integrity HTTP/1.1
Host: 
Authorization: Basic username:password
api-version: text
Accept: */*
200

File integrity configuration

{
  "enabled": true,
  "paths": [
    {
      "id": "123e4567-e89b-12d3-a456-426614174000",
      "prefix": "text",
      "checkFileContents": true
    }
  ]
}

Adds new monitored path to file integrity configuration

post
Authorizations
Header parameters
api-versionstringRequired
Body

Request to add new monitored path to file integrity configuration

prefixstring · min: 1Required

Path prefix to monitor

checkFileContentsbooleanRequired

Indicates if the file contents are checked to reduce number of false positives

Responses
200
OK
post
POST /settings/file-integrity HTTP/1.1
Host: 
Authorization: Basic username:password
api-version: text
Content-Type: application/json-patch+json
Accept: */*
Content-Length: 42

{
  "prefix": "text",
  "checkFileContents": true
}
{
  "enabled": true,
  "paths": [
    {
      "id": "123e4567-e89b-12d3-a456-426614174000",
      "prefix": "text",
      "checkFileContents": true
    }
  ]
}

Updates file integrity strategy configuration

put
Authorizations
Header parameters
api-versionstringRequired
Body

Updates file integrity strategy configuration

enabledbooleanRequired

Indicates if the file integrity strategy is enabled

Responses
200
OK
put
PUT /settings/file-integrity HTTP/1.1
Host: 
Authorization: Basic username:password
api-version: text
Content-Type: application/json-patch+json
Accept: */*
Content-Length: 16

{
  "enabled": true
}
{
  "enabled": true,
  "paths": [
    {
      "id": "123e4567-e89b-12d3-a456-426614174000",
      "prefix": "text",
      "checkFileContents": true
    }
  ]
}

Removes path with specified ID from file integrity configuration

delete
Authorizations
Query parameters
idstring · uuidOptional

ID of the path to be removed

Header parameters
api-versionstringRequired
Responses
200
Path was successfully removed
delete
DELETE /settings/file-integrity HTTP/1.1
Host: 
Authorization: Basic username:password
api-version: text
Accept: */*

{
  "enabled": true,
  "paths": [
    {
      "id": "123e4567-e89b-12d3-a456-426614174000",
      "prefix": "text",
      "checkFileContents": true
    }
  ]
}

Updates one of monitored paths

put
Authorizations
Path parameters
idstring · uuidRequired

ID of path to update

Header parameters
api-versionstringRequired
Body
checkFileContentsbooleanRequired

Indicates if the file contents are checked to reduce number of false positives

Responses
200
OK
put
PUT /settings/file-integrity/{id} HTTP/1.1
Host: 
Authorization: Basic username:password
api-version: text
Content-Type: application/json-patch+json
Accept: */*
Content-Length: 26

{
  "checkFileContents": true
}
{
  "enabled": true,
  "paths": [
    {
      "id": "123e4567-e89b-12d3-a456-426614174000",
      "prefix": "text",
      "checkFileContents": true
    }
  ]
}

List all file system event types

get
Authorizations
Header parameters
api-versionstringRequired
Responses
200
A collection of all file system event types
application/json
get
GET /events/types HTTP/1.1
Host: 
Authorization: Basic username:password
api-version: text
Accept: */*
200

A collection of all file system event types

[
  {
    "id": 1,
    "name": "text"
  }
]

List file system events

get
Authorizations
Query parameters
Startstring · date-timeOptional
Endstring · date-timeOptional
Limitinteger · int32 · min: 1 · max: 5000Optional
CursorstringOptional
incidentstring · uuidOptional
Header parameters
api-versionstringRequired
Responses
200
A collection of file system events
application/json
get
GET /events HTTP/1.1
Host: 
Authorization: Basic username:password
api-version: text
Accept: */*

{
  "events": [
    {
      "filename": "text",
      "oldFilename": "text",
      "occurrenceTimeStamp": "2025-07-01T03:38:23.906Z",
      "insertionTimeStamp": "2025-07-01T03:38:23.906Z",
      "type": {
        "id": 1,
        "name": "text"
      },
      "username": "text",
      "pid": 1,
      "networkUsername": "text"
    }
  ],
  "nextRequestCursor": "text",
  "numberOfItems": 1
}

Update honeypot configuration

put
Authorizations
Header parameters
api-versionstringRequired
Body
placementPathsstring[]Required

A set of placement paths

sourcePathstring | nullableOptional

Source path honeypot files

Responses
200
Updated honeypot configuration
put
PUT /settings/honeypot HTTP/1.1
Host: 
Authorization: Basic username:password
api-version: text
Content-Type: application/json-patch+json
Accept: */*
Content-Length: 47

{
  "placementPaths": [
    "text"
  ],
  "sourcePath": "text"
}
{
  "sourcePath": "text",
  "placementPaths": [
    "text"
  ]
}

Get current honeypot configuration

get
Authorizations
Header parameters
api-versionstringRequired
Responses
200
Current honeypot configuration
get
GET /settings/honeypot HTTP/1.1
Host: 
Authorization: Basic username:password
api-version: text
Accept: */*
200

Current honeypot configuration

{
  "sourcePath": "text",
  "placementPaths": [
    "text"
  ]
}

Add placement path to honeypot configuration

post
Authorizations
Header parameters
api-versionstringRequired
Body
placementPathstring · min: 1Required

A set of placement paths

Responses
200
An updated honeypot configuration with the new placement path
post
POST /settings/honeypot HTTP/1.1
Host: 
Authorization: Basic username:password
api-version: text
Content-Type: application/json-patch+json
Accept: */*
Content-Length: 24

{
  "placementPath": "text"
}
{
  "sourcePath": "text",
  "placementPaths": [
    "text"
  ]
}

Remove placement path from honeypot configuration

delete
Authorizations
Query parameters
pathstringOptional

Placement path

Header parameters
api-versionstringRequired
Responses
200
An updated honeypot configuration without the selected placement path
delete
DELETE /settings/honeypot HTTP/1.1
Host: 
Authorization: Basic username:password
api-version: text
Accept: */*

{
  "sourcePath": "text",
  "placementPaths": [
    "text"
  ]
}

List all affected files linked to an incident with provided identifier

get
Authorizations
Path parameters
incidentIdstring · uuidRequired

Incident identifier

Query parameters
Limitinteger · int32 · min: 1 · max: 2000Optional

Maximum number of entries to be returned

CursorstringOptional

Cursor to filter out already returned entries

Header parameters
api-versionstringRequired
Responses
200
A list of affected files connected to an incident with a given identifier
application/json
get
GET /security-incidents/{incidentId}/files HTTP/1.1
Host: 
Authorization: Basic username:password
api-version: text
Accept: */*

[
  {
    "originalPath": "text",
    "mostRecentPath": "text",
    "firstModificationTime": "2025-07-01T03:38:23.906Z",
    "modification": {
      "id": 1,
      "name": "text"
    }
  }
]

Get suspicious events connected to an incident with provided identifier

get
Authorizations
Path parameters
idstring · uuidRequired

Incident identifier

Query parameters
Startstring · date-timeOptional
Endstring · date-timeOptional
Limitinteger · int32 · min: 1 · max: 5000Optional
CursorstringOptional
Header parameters
api-versionstringRequired
Responses
200
A collection of events connected to an incident with a given identifier
application/json
get
GET /security-incidents/{id}/events HTTP/1.1
Host: 
Authorization: Basic username:password
api-version: text
Accept: */*

{
  "events": [
    {
      "filename": "text",
      "oldFilename": "text",
      "occurrenceTimeStamp": "2025-07-01T03:38:23.906Z",
      "insertionTimeStamp": "2025-07-01T03:38:23.906Z",
      "type": {
        "id": 1,
        "name": "text"
      },
      "username": "text",
      "pid": 1,
      "networkUsername": "text"
    }
  ],
  "nextRequestCursor": "text",
  "numberOfItems": 1
}

List all security incidents

get
Authorizations
Query parameters
userstringOptional

User name. Only includes the incidents which were created for a specific user

Header parameters
api-versionstringRequired
Responses
200
A list of all detected security incidents
application/json
get
GET /security-incidents HTTP/1.1
Host: 
Authorization: Basic username:password
api-version: text
Accept: */*
200

A list of all detected security incidents

[
  {
    "id": "123e4567-e89b-12d3-a456-426614174000",
    "user": "text",
    "start": "2025-07-01T03:38:23.906Z",
    "end": "2025-07-01T03:38:23.906Z"
  }
]

Get all possible values of affected file modification types

get
Authorizations
Header parameters
api-versionstringRequired
Responses
200
A list of all possible values of affected file modification types
application/json
get
GET /security-incidents/modification-types HTTP/1.1
Host: 
Authorization: Basic username:password
api-version: text
Accept: */*
200

A list of all possible values of affected file modification types

[
  {
    "id": 1,
    "name": "text"
  }
]

Registers the agent's node with a management server

post
Authorizations
Header parameters
api-versionstringRequired
Body

A request that registers an agent with a management server

instance_idstring · uuidRequired

Agent instance identifier

server_addressstring · min: 1Required

The Guard Mode management server address/host

key_idstring · uuidRequired

API key identifier

api_key_secretstring · min: 1Required

API key secret

Responses
200
Registration response with an extra data about the node
post
POST /registrations HTTP/1.1
Host: 
Authorization: Basic username:password
api-version: text
Content-Type: application/json-patch+json
Accept: */*
Content-Length: 150

{
  "instance_id": "123e4567-e89b-12d3-a456-426614174000",
  "server_address": "text",
  "key_id": "123e4567-e89b-12d3-a456-426614174000",
  "api_key_secret": "text"
}
{
  "fqdn": "text",
  "operatingSystem": "text"
}

Removes the current registration from a management server

delete
Authorizations
Header parameters
api-versionstringRequired
Responses
204
Registration is removed
delete
DELETE /registrations HTTP/1.1
Host: 
Authorization: Basic username:password
api-version: text
Accept: */*
204

Registration is removed

No content

Returns block list information

get
Authorizations
Header parameters
api-versionstringRequired
Responses
200
Current block list data
get
GET /settings/block-list HTTP/1.1
Host: 
Authorization: Basic username:password
api-version: text
Accept: */*
200

Current block list data

{
  "lastUpdated": "2025-07-01T03:38:23.906Z",
  "fileGroupCount": 1
}

Update block list patterns

put
Authorizations
Header parameters
api-versionstringRequired
Body
lastUpdatedstring · date-timeRequired

The timestamp which will be set as the 'last update time' for the block list

filtersstring[]Required

Collection of path filters

Example: ["*.exe"]
Responses
204
Block list patterns were updated
put
PUT /settings/block-list HTTP/1.1
Host: 
Authorization: Basic username:password
api-version: text
Content-Type: application/json-patch+json
Accept: */*
Content-Length: 62

{
  "lastUpdated": "2025-07-01T03:38:23.906Z",
  "filters": [
    "*.exe"
  ]
}
No content

Returns skip list information

get
Authorizations
Header parameters
api-versionstringRequired
Responses
200
Current skip list
get
GET /settings/block-list/skip HTTP/1.1
Host: 
Authorization: Basic username:password
api-version: text
Accept: */*
200

Current skip list

{
  "filters": [
    {
      "id": "123e4567-e89b-12d3-a456-426614174000",
      "createdDate": "2025-07-01T03:38:23.906Z",
      "pattern": "text"
    }
  ]
}

Update skip list patterns

put
Authorizations
Header parameters
api-versionstringRequired
Body
filtersstring[]Required

Collection of path filters

Example: ["*.exe"]
Responses
204
Skip list patterns updated
put
PUT /settings/block-list/skip HTTP/1.1
Host: 
Authorization: Basic username:password
api-version: text
Content-Type: application/json-patch+json
Accept: */*
Content-Length: 21

{
  "filters": [
    "*.exe"
  ]
}
No content

Add a pattern to skip list

post
Authorizations
Header parameters
api-versionstringRequired
Body
patternstring · min: 1Required

File path pattern

Responses
204
Skip pattern added
post
POST /settings/block-list/skip HTTP/1.1
Host: 
Authorization: Basic username:password
api-version: text
Content-Type: application/json-patch+json
Accept: */*
Content-Length: 18

{
  "pattern": "text"
}
No content

Remove a pattern from skip list

delete
Authorizations
Path parameters
idstring · uuidRequired

Skip list pattern identifier

Header parameters
api-versionstringRequired
Responses
204
Skip pattern was removed
delete
DELETE /settings/block-list/skip/{id} HTTP/1.1
Host: 
Authorization: Basic username:password
api-version: text
Accept: */*

No content

Get all scans

get
Authorizations
Query parameters
Limitinteger · int32 · min: 1 · max: 2000Optional

Maximum number of entries to be returned

CursorstringOptional

Cursor to filter out already returned entries

Header parameters
api-versionstringRequired
Responses
200
Returns a list of all scans, both ended and ongoing
get
GET /scans HTTP/1.1
Host: 
Authorization: Basic username:password
api-version: text
Accept: */*

[
  {
    "id": "123e4567-e89b-12d3-a456-426614174000",
    "startedAt": "2025-07-01T03:38:23.906Z",
    "endedAt": "2025-07-01T03:38:23.906Z",
    "lastScannedPath": "text",
    "scannedFilesCount": 1,
    "suspiciousFilesCount": 1,
    "state": {
      "id": 1,
      "name": "text"
    },
    "pathsToScan": [
      {
        "value": "text",
        "errorMessage": "text"
      }
    ]
  }
]

Start new scan

post
Authorizations
Header parameters
api-versionstringRequired
Body

Scan creation request

pathsstring[]Required

Paths that will be recursively scanned

checkBlockListPatternsbooleanRequired

Indicates if file names found during scan should be analyzed to find files with names often used by ransomware

checkYaraRulesbooleanOptional

Indicates if files should be scanned using YARA rules

sendAlertsbooleanOptional

If true, Agent will raise alert on suspicious file found

rootMountPointsstring[] | nullableOptional

If present, causes exclusions to work as if filesystem root was at each of provided paths

Responses
200
Returns a newly created scan
post
POST /scans HTTP/1.1
Host: 
Authorization: Basic username:password
api-version: text
Content-Type: application/json-patch+json
Accept: */*
Content-Length: 115

{
  "paths": [
    "text"
  ],
  "checkBlockListPatterns": true,
  "checkYaraRules": true,
  "sendAlerts": true,
  "rootMountPoints": [
    "text"
  ]
}
No content

Get a scan with a given ID

get
Authorizations
Path parameters
idstring · uuidRequired
Header parameters
api-versionstringRequired
Responses
200
Returns a scan with provided ID
get
GET /scans/{id} HTTP/1.1
Host: 
Authorization: Basic username:password
api-version: text
Accept: */*

{
  "id": "123e4567-e89b-12d3-a456-426614174000",
  "startedAt": "2025-07-01T03:38:23.906Z",
  "endedAt": "2025-07-01T03:38:23.906Z",
  "lastScannedPath": "text",
  "scannedFilesCount": 1,
  "suspiciousFilesCount": 1,
  "state": {
    "id": 1,
    "name": "text"
  },
  "pathsToScan": [
    {
      "value": "text",
      "errorMessage": "text"
    }
  ]
}

Get suspicious files' details from a scan with a given ID

get
Authorizations
Path parameters
idstring · uuidRequired
Query parameters
Limitinteger · int32 · min: 1 · max: 1000Optional

Maximum number of entries to be returned

CursorstringOptional

Cursor to filter out already returned entries

Header parameters
api-versionstringRequired
Responses
200
Returns a list of suspicious files found by this scan
get
GET /scans/{id}/suspicious-files HTTP/1.1
Host: 
Authorization: Basic username:password
api-version: text
Accept: */*

{
  "id": "123e4567-e89b-12d3-a456-426614174000",
  "startedAt": "2025-07-01T03:38:23.906Z",
  "endedAt": "2025-07-01T03:38:23.906Z",
  "lastScannedPath": "text",
  "scannedFilesCount": 1,
  "suspiciousFilesCount": 1,
  "state": {
    "id": 1,
    "name": "text"
  },
  "pathsToScan": [
    {
      "value": "text",
      "errorMessage": "text"
    }
  ]
}

Attempts to stop a scan with given ID

post
Authorizations
Path parameters
idstring · uuidRequired
Header parameters
api-versionstringRequired
Responses
200
Scan was successfully stopped
post
POST /scans/{id}/stop HTTP/1.1
Host: 
Authorization: Basic username:password
api-version: text
Accept: */*

No content

Returns current SMB monitoring configuration

get
Authorizations
Header parameters
api-versionstringRequired
Responses
200
Current SMB monitoring configuration
application/json
get
GET /settings/smb HTTP/1.1
Host: 
Authorization: Basic username:password
api-version: text
Accept: */*
200

Current SMB monitoring configuration

{
  "enabled": true,
  "message": {
    "template": "text"
  },
  "listener": {
    "port": 1,
    "endMarker": "text"
  }
}

Updates SMB monitoring configuration

put
Authorizations
Header parameters
api-versionstringRequired
Body
enabledbooleanRequired
Responses
200
Updated SMB monitoring configuration
application/json
put
PUT /settings/smb HTTP/1.1
Host: 
Authorization: Basic username:password
api-version: text
Content-Type: application/json-patch+json
Accept: */*
Content-Length: 87

{
  "enabled": true,
  "message": {
    "template": "text"
  },
  "listener": {
    "port": 1,
    "endMarker": "text"
  }
}
{
  "enabled": true,
  "message": {
    "template": "text"
  },
  "listener": {
    "port": 1,
    "endMarker": "text"
  }
}

Update threshold configuration.

put
Authorizations
Header parameters
api-versionstringRequired
Body
numberOfBucketsinteger · int32 · max: 1000Required

Number of threshold buckets

pointsLimitinteger · int32 · max: 1000Required

Limit of data points to analyze

Responses
200
Updated threshold configuration
put
PUT /settings/threshold HTTP/1.1
Host: 
Authorization: Basic username:password
api-version: text
Content-Type: application/json-patch+json
Accept: */*
Content-Length: 264

{
  "entropyCheck": {
    "enabled": true,
    "maxCheckAttempts": 1
  },
  "magicNumberCheck": {
    "enabled": true,
    "filesChecked": 1
  },
  "yaraCheck": {
    "enabled": true
  },
  "numberOfBuckets": 1,
  "pointsLimit": 1,
  "writesPerSecond": {
    "high": 1,
    "medium": 1,
    "low": 1
  },
  "riskWeights": {
    "high": 1,
    "medium": 1,
    "low": 1
  }
}
{
  "entropyCheck": {
    "enabled": true,
    "maxCheckAttempts": 1
  },
  "magicNumberCheck": {
    "enabled": true,
    "filesChecked": 1
  },
  "yaraCheck": {
    "isEnabled": true
  },
  "numberOfBuckets": 1,
  "pointsLimit": 1,
  "writesPerSecond": {
    "high": 1,
    "medium": 1,
    "low": 1
  },
  "riskWeights": {
    "high": 1,
    "medium": 1,
    "low": 1
  }
}

Get current threshold configuration.

get
Authorizations
Header parameters
api-versionstringRequired
Responses
200
Current threshold configuration
get
GET /settings/threshold HTTP/1.1
Host: 
Authorization: Basic username:password
api-version: text
Accept: */*
200

Current threshold configuration

{
  "entropyCheck": {
    "enabled": true,
    "maxCheckAttempts": 1
  },
  "magicNumberCheck": {
    "enabled": true,
    "filesChecked": 1
  },
  "yaraCheck": {
    "isEnabled": true
  },
  "numberOfBuckets": 1,
  "pointsLimit": 1,
  "writesPerSecond": {
    "high": 1,
    "medium": 1,
    "low": 1
  },
  "riskWeights": {
    "high": 1,
    "medium": 1,
    "low": 1
  }
}

Get Agent's healtcheck

get
Responses
200
Success
get
GET /health HTTP/1.1
Host: 
Accept: */*
200

Success

No content

Get OpenTelemetry metrics of the Agent as a Prometheus log

get
Responses
200
Success
get
GET /metrics HTTP/1.1
Host: 
Accept: */*
200

Success

No content

Update YARA analysis configuration

put
Authorizations
Header parameters
api-versionstringRequired
Body
Responses
200
Updated configuration
put
PUT /settings/yara HTTP/1.1
Host: 
Authorization: Basic username:password
api-version: text
Content-Type: application/json-patch+json
Accept: */*
Content-Length: 225

{
  "scans": {
    "rulesPath": "text",
    "maxFileSizeInBytes": 1
  },
  "threshold": {
    "rulesPath": "text",
    "maxFileSizeInBytes": 1
  },
  "fileIntegrity": {
    "rulesPath": "text",
    "maxFileSizeInBytes": 1
  },
  "incidents": {
    "rulesPath": "text",
    "maxFileSizeInBytes": 1
  }
}
{
  "scans": {
    "rulesPath": "text",
    "maxFileSizeInBytes": 1
  },
  "threshold": {
    "rulesPath": "text",
    "maxFileSizeInBytes": 1
  },
  "fileIntegrity": {
    "rulesPath": "text",
    "maxFileSizeInBytes": 1
  },
  "incidents": {
    "rulesPath": "text",
    "maxFileSizeInBytes": 1
  }
}

Get current YARA analysis configuration

get
Authorizations
Header parameters
api-versionstringRequired
Responses
200
Current configuration
get
GET /settings/yara HTTP/1.1
Host: 
Authorization: Basic username:password
api-version: text
Accept: */*
200

Current configuration

{
  "scans": {
    "rulesPath": "text",
    "maxFileSizeInBytes": 1
  },
  "threshold": {
    "rulesPath": "text",
    "maxFileSizeInBytes": 1
  },
  "fileIntegrity": {
    "rulesPath": "text",
    "maxFileSizeInBytes": 1
  },
  "incidents": {
    "rulesPath": "text",
    "maxFileSizeInBytes": 1
  }
}

Returns information about all timezones defined in the system that agent is operating on

get
Authorizations
Header parameters
api-versionstringRequired
Responses
200
OK
get
GET /settings/available-timezones HTTP/1.1
Host: 
Authorization: Basic username:password
api-version: text
Accept: */*

[
  {
    "id": "text",
    "offset": "text"
  }
]

Updates timezone configuration

put
Authorizations
Header parameters
api-versionstringRequired
Body

Timezone configuration update request

timeZonestring · min: 1Required

ID of a timezone that will be set

Responses
204
Configuration was successfully updated
put
PUT /settings/timezone HTTP/1.1
Host: 
Authorization: Basic username:password
api-version: text
Content-Type: application/json-patch+json
Accept: */*
Content-Length: 19

{
  "timeZone": "text"
}
No content

Returns current timezone configuration

get
Authorizations
Header parameters
api-versionstringRequired
Responses
200
Current timezone configuration
get
GET /settings/timezone HTTP/1.1
Host: 
Authorization: Basic username:password
api-version: text
Accept: */*
200

Current timezone configuration

{
  "timeZone": {
    "id": "text",
    "offset": "text"
  }
}
PreviousUsing GuardMode Agent Command LineNextOn-demand Scanning