Endpoint Security Management API
Version: 1.5.2
Download the API specification
Introduction
The Endpoint Security Management API is a RESTful API that you can use to remotely monitor and manage devices that run these WatchGuard Endpoint Security products:
- Advanced EPDR
- Endpoint Protection Detection and Response (EPDR)
- Endpoint Detection and Response (EDR)
- Endpoint Detection and Response Core (EDR Core)
- Endpoint Protection Platform (EPP)
The availability of each API endpoint and the information it returns depends on the features your WatchGuard Endpoint Security product supports. See Supported Features by Product and WatchGuard EDR Core Features in WatchGuard Help Center.
This API documentation explains how to access the Endpoint Security Management API and includes examples to help you get started.
To monitor and manage devices that run Panda Aether platform endpoint security software, use the Aether Endpoint Security Management API. Both APIs include the same API endpoints, but the URLs are different.
Get Started
This section describes how to submit requests to the Endpoint Security Management API.
The Endpoint Security Management API URL is:
https://{base API URL}/rest/endpoint-security/management/
The base URL for WatchGuard public APIs varies by region. The base API URL for your account appears on the Managed Access page in WatchGuard Cloud.
Endpoint Path Parameters
Each WatchGuard public API has a version, expressed as <major>.<minor>.<patch>. You specify the major API version, such as v1, as part of the endpoint URI path.
All Endpoint Security Management API endpoint URIs must include your WatchGuard Cloud account ID in the {accountid}
path parameter.
Many endpoints return complex data structures, some of which consist of enumerations. Within each major version of the API, WatchGuard does not delete or change the meaning of enumeration values. However, we might add new values. Consider this when you develop integrations that use information provided by the API.
Authentication
WatchGuard public APIs use the Open Authorization (OAuth) 2.0 authorization framework for token-based authentication. To use the Endpoint Security Management API, you must first enable API access in your WatchGuard Cloud account and make an API request to generate an access token.
You must include the access token and your API Key in the header of each request you make to the Endpoint Security Management API.
For more information, see Authentication.
Request Headers
You must include this information in the header of each request you make to the Endpoint Security Management API:
Content-Type |
application/json |
Accept |
application/json |
Authorization |
The access token that you generate with the WatchGuard Authentication API. For more information, see Authentication. |
WatchGuard-API-Key |
The API key associated with your WatchGuard Cloud account (shown on the Managed Access page in WatchGuard Cloud). |
Retrieve Account License Information
/api/{v1}/accounts/{accountId}/licenses
Retrieves license information for WatchGuard Endpoint Security products associated with your WatchGuard Cloud account.
Path Parameters
When you send a request to this endpoint, you must include these path parameters:
accountId
|
Your WatchGuard Cloud account ID, as shown on the My Account page in WatchGuard Cloud. Example: WGC-1-123abc456 or ACC-1234567 |
Example Request
This request retrieves license information for the specified account:
curl -X GET https://api.usa.cloud.watchguard.com/rest/endpoint-security/management/api/v1/accounts/WGC-1-123abc456/licenses
-H 'Accept: application/json'
-H 'Content-Type: application/json'
-H 'WatchGuard-API-Key: s9t7El6RZFg8UcmRhYKdwXqBhyuioiWER83Nqd0tL'
-H 'Authorization: Bearer eyJraWQiOiJNWnpabklNK2V6Q3BXUE5mM2FXTHhoSmEza0ltcEFMbnluT05DcFdIT2tZPSIsImFsZyI6IlJTMjU2In0.eyJzdWIiOiJjNDQyMTJlMi05MmI1LTRiOTYtYTRmNS1lYWRlODA4OTM1YjIiLCJjdXN0b206YXBpX2tleXMiOiJwMHM1UmQzUkF2NlR2d0VuWEx5YUphR2x0ZWtieEFVUzcwVGVzOXlGIiwiaXNzIjoiaHR0cHM6XC9cL2NvZ25pdG8taWRwLnVzLXdlc3QtMi5hbWF6b25hd3MuY29tXC91cy13ZXN0LTJfa3hXeFdrTFZ5IiwiY29nbml0bzp1c2VybmFtZSI6IjAyNjk0OWM1OWI2NzIxOGNfcndfaWQiLCJhdWQiOiIzb3AybDBqazkxN3FudXFoZnVoanRvcXRzZyIsImV2ZW50X2lkIjoiODczM2ZmMjktOGNhMC00ODMyLTg0NzgtMDNiNWIxMDI3NmQ3IiwidG9rZW5fdXNlIjoiaWQiLCJhdXRoX3RpbWUiOjE1NjkzNTM0NDEsIm5hbWUiOiIwMjY5NDljNTliNjcyMThjX3J3X2lkIiwiY3VzdG9tOmFjY291bnRfaWQiOiJBQ0MtMTIzNTA2OCIsImV4cCI6MTU2OTM1NzA0MSwiY3VzdG9tOnJvbGUiOiIxIiwiaWF0IjoxNTY5MzUzNDQxfQ.MUAeG6QyM7Zog8mM--WK2uJVevLRwz8z2KPpGhQbUnHK04Hy_JdO4F4wH6IV0WVENGsBrcjp5boxcBZgdJE46123MGnB0HvghN5IoAZUOkfFPm7SAN68posHqYLoo14YNedc5GtvOzCxTmi9YepvE5LhsoC6Tgyc0e3ABn18gEZsyxmJFcMBHXOMei7AssYSWAdDyoI7j6jZslxmhXj7_h6T9PyqjLxLjFEq5S6oK9u4IVDVBlRxbURaRVAGb7ywfHiZEPDgceV-Wnv0AIhDzj5dL28AmiGIkWtWinF0UD-NSMKN4vtszK2sUWUSl8ZfVNGU650heiAaUAy7XmiqbA'
Example Response
This response contains license data and a count of how many licenses are associated with the specified account:
{
"product_license_counter": [
{
"product_id": 12345,
"license_type": 1,
"product_name": "Endpoint Protection Detection and Response",
"assigned_licenses": 3,
"unassigned_licenses": 7,
"without_license_devices": 2,
"expiration_date": "2020-01-14T00:00:00",
"license_items": [
{
"product_id": 4,
"license_type": 1,
"amount": 3,
"expiration_date": "2022-01-14T00:00:00"
}
]
}
]
}
This table lists and describes the data returned in the response:
product_license_counter
|
Array of license objects. |
product_id
|
Product internal ID. Example: 12345 |
license_type
|
Type of license. This can be one of these values:
Example: 1 |
product_name
|
Name of the licensed product. Example: Endpoint Protection Detection and Response |
assigned_licenses
|
Number of licenses assigned to devices. Example: 3 |
unassigned_licenses
|
Number of licenses that are not assigned to devices. Example: 7 |
without_license_devices
|
Number of devices that do not have a license assigned. Example: 2 |
expiration_date
|
Date when all licenses in the license contract expire and the devices are no longer protected. Example: 2022-01-14T00:00:00 |
license_items
|
Array of license items. |
product_id
|
Identification number for the product. Example: 4 |
license_type
|
Type of license. This can be one of these values:
Example: 1 |
amount
|
Maximum number of license installations allowed. If the number of installations exceeds this number, the administrator will receive an alert. Example: 3 |
expiration_date
|
Date when the license expires. Example: 2022-01-14T00:00:00 |
Retrieve a List of Devices
/api/{v1}/accounts/{accountId}/devices
Retrieves a list of devices, and additional information, such as the device IP address and operating system. The response to this request is limited to 3,000 records.
Path Parameters
When you send a request to this endpoint, you must include these path parameters:
accountId
|
Your WatchGuard Cloud account ID, as shown on the My Account page in WatchGuard Cloud. Example: WGC-1-123abc456 or ACC-1234567 |
Request Parameters
When you send a request to this endpoint, you can include these request parameters:
$top
|
Specifies the number of objects to retrieve. Example: 5 |
$skip
|
Bypasses the specified number of objects in the results returned. For example, if you specify 10, the results start at object 11. Example: 5 |
$search
|
Returns only objects that include the specified text string. For example, "name" returns objects that include "hostname" and "username." The supported search fields depend on the endpoint:
Example: name |
$count
|
Indicates whether to return a counter that shows the total number of objects in the Example: true |
$orderby
|
Specifies how to order results. You can order by any parameter in the response and sort results in ascending or descending order. Specify a parameter name with any underscores removed, followed by a For example, to order results by the Example: hostname+desc |
$config
|
Indicates whether the security configuration name and ID are returned. The default value is true. Example: true |
Example Request
This request returns a list of devices for the specified account, sorted by the host_name
parameter, and also returns a count of the devices:
curl -X GET https://api.usa.cloud.watchguard.com/rest/endpoint-security/management/api/v1/accounts/WGC-1-123abc456/devices?$count=true&$orderby=hostname&$config=true
-H 'accept: application/json'
-H 'Content-Type: application/json'
-H 'WatchGuard-API-Key: s9t7El6RZFg8UcmRhYKdwXqBhyuioiWER83Nqd0tL'
-H 'Authorization: Bearer eyJraWQiOiJNWnpabklNK2V6Q3BXUE5mM2FXTHhoSmEza0ltcEFMbnluT05DcFdIT2tZPSIsImFsZyI6IlJTMjU2In0.eyJzdWIiOiJjNDQyMTJlMi05MmI1LTRiOTYtYTRmNS1lYWRlODA4OTM1YjIiLCJjdXN0b206YXBpX2tleXMiOiJwMHM1UmQzUkF2NlR2d0VuWEx5YUphR2x0ZWtieEFVUzcwVGVzOXlGIiwiaXNzIjoiaHR0cHM6XC9cL2NvZ25pdG8taWRwLnVzLXdlc3QtMi5hbWF6b25hd3MuY29tXC91cy13ZXN0LTJfa3hXeFdrTFZ5IiwiY29nbml0bzp1c2VybmFtZSI6IjAyNjk0OWM1OWI2NzIxOGNfcndfaWQiLCJhdWQiOiIzb3AybDBqazkxN3FudXFoZnVoanRvcXRzZyIsImV2ZW50X2lkIjoiODczM2ZmMjktOGNhMC00ODMyLTg0NzgtMDNiNWIxMDI3NmQ3IiwidG9rZW5fdXNlIjoiaWQiLCJhdXRoX3RpbWUiOjE1NjkzNTM0NDEsIm5hbWUiOiIwMjY5NDljNTliNjcyMThjX3J3X2lkIiwiY3VzdG9tOmFjY291bnRfaWQiOiJBQ0MtMTIzNTA2OCIsImV4cCI6MTU2OTM1NzA0MSwiY3VzdG9tOnJvbGUiOiIxIiwiaWF0IjoxNTY5MzUzNDQxfQ.MUAeG6QyM7Zog8mM--WK2uJVevLRwz8z2KPpGhQbUnHK04Hy_JdO4F4wH6IV0WVENGsBrcjp5boxcBZgdJE46123MGnB0HvghN5IoAZUOkfFPm7SAN68posHqYLoo14YNedc5GtvOzCxTmi9YepvE5LhsoC6Tgyc0e3ABn18gEZsyxmJFcMBHXOMei7AssYSWAdDyoI7j6jZslxmhXj7_h6T9PyqjLxLjFEq5S6oK9u4IVDVBlRxbURaRVAGb7ywfHiZEPDgceV-Wnv0AIhDzj5dL28AmiGIkWtWinF0UD-NSMKN4vtszK2sUWUSl8ZfVNGU650heiAaUAy7XmiqbA'
Example Response
The response includes an array of device data that matches your request.
{
"data": [
{
"device_id": "af39deee-4db0-4409-9dca-fcb22c62d9d2",
"account_id": "f674161e-78b4-4945-bc3b-f7d61fde6344",
"site_id": "1f6ef943-c314-41cc-8484-27980d0d11f3",
"site_name": "WGC-1-6463e9ab95114a848b9d",
"host_name": "LINUX_DESKTOP_1",
"type": 1,
"description": null,
"domain": "WORKGROUP",
"platform_id": 2,
"ip_address": "192.168.0.212",
"mac_addresses": [
"2C:0A:E5:C2:DE:0F",
"00:0E:A6:F8:FE:FF",
"00:0E:A6:F9:1B:6D",
"00:15:AF:0A:C3:12",
"08:00:27:00:60:D5",
"20:41:53:59:4E:FF"
],
"operating_system": "Debian (10.10)",
"license_status": 0,
"isolation_state": 0,
"encryption": 6,
"reinstall_protection_requested": false,
"reinstall_agent_requested": false,
"reboot_requested": false,
"agent_version": "1.10.10.0001",
"last_connection": "2021-12-07T01:04:08.644Z",
"security_configuration_name": null,
"security_configuration_id": "ac6b4f17-bd6e-467f-9083-aa7d90a8fee2",
"logged_on_users_list": [
"user1",
"user2"
],
"custom_group_folder_path": "All\ServersFolderName\GroupName1",
"active_directory_canonical_name": "ROOTDOMAIN.local\Computers\Servers\Division\DEVICE_5"
}
],
"total_items": 1
}
This table lists and describes the data returned in the response:
data
|
Array of device data.
|
device_id
|
Identifier for the device. Example: 287324d8-194f-4f5a-a7ad-e2480d5ad1b2 |
account_id
|
Identifier for the account. Example: cd6c6dd6-r97o-453d-ld8o-a5976dc0596c |
site_id
|
Identifier for the site. Example: 8b7205bc-60e0-45a0-9956-b17b6a8673f6 |
site_name
|
Name of the site the device belongs to. Example: AD360 |
host_name
|
Host name of the device. Example: WIN_SERVER_6 |
type
|
Type of device. This can be one of these values:
Example: 3 |
description
|
Description of the device. Example: Marketing server |
domain
|
Domain where your devices belong on Microsoft networks. Example: WORKGROUP |
platform_id
|
Device platform. This can be one of these values:
Example: 1 |
ip_address
|
IP address of the device. Example: 192.0.2.1 |
mac_addresses
|
List of MAC addresses of the device. Example: 00:0E:A6:F8:FE:FF |
operating_system
|
Name of the operating system installed on the device. Example: Microsoft Windows 10 |
license_status
|
Status of the device license. This can be one of these values:
Example: 0 |
isolation_state
|
Isolation status of the device. This can be one of these values:
Example: 1 |
encryption
|
Device encryption status. This can be one of these values:
Example: 6 |
reinstall_protection_requested
|
Indicates whether reinstallation of protection is requested. Example: true |
reinstall_agent_requested
|
Indicates whether reinstallation of the agent is requested. Example: true |
reboot_requested
|
Indicates whether device reboot is requested. Example: true |
agent_version
|
Version of the agent installed on the endpoint. Example: 1.17.00.0000 |
last_connection
|
Date and time of the last connection of the device. Example: 2020-11-06T20:08:43.128Z |
security_configuration_name
|
Name of the security configuration. If the Example: Virtual machines |
security_configuration_id
|
Unique identifier of the security configuration. If the Example: 287324d8-194f-4f5a-a7ad-e2480d5ad1b2 |
logged_on_users_list
|
List of last logged on users. |
custom_group_folder_path
|
Full path to the group the device is assigned to. Example: All\ServersFolderName\GroupName1 |
active_directory_canonical_name
|
Full canonical path to the device in Active Directory. Example: ROOTDOMAIN.local\Computers\Servers\Division\DEVICE_5 |
total_items
|
Total number of devices. If the Example: 42 |
Retrieve a List of Managed Configurations
/api/{v1}/accounts/{accountId}/managedconfigurations/{type}
Retrieves a list of the specified type of managed configurations associated with your WatchGuard Cloud account.
Path Parameters
When you send a request to this endpoint, you must include these path parameters:
accountId
|
Your WatchGuard Cloud account ID, as shown on the My Account page in WatchGuard Cloud. Example: WGC-1-123abc456 or ACC-1234567 |
type
|
Type of configuration to return. Specify one of these values:
Example: 2 |
Request Parameters
When you send a request to this endpoint, you can include these request parameters:
$top
|
Specifies the number of objects to retrieve. Example: 5 |
$skip
|
Bypasses the specified number of objects in the results returned. For example, if you specify 10, the results start at object 11. Example: 5 |
$search
|
Returns only objects that include the specified text string. For example, "name" returns objects that include "hostname" and "username." The supported search fields depend on the endpoint:
Example: name |
$count
|
Indicates whether to return a counter that shows the total number of objects in the Example: true |
$orderby
|
Specifies how to order results. You can order by any parameter in the response and sort results in ascending or descending order. Specify a parameter name with any underscores removed, followed by a For example, to order results by the Example: hostname+desc |
Example Request
This request retrieves managed configurations for workstations and servers for the specified account:
curl -X GET https://api.usa.cloud.watchguard.com/rest/endpoint-security/management/api/v1/accounts/WGC-1-123abc456/managedconfigurations/2
-H 'Accept: application/json'
-H 'Content-Type: application/json'
-H 'WatchGuard-API-Key: s9t7El6RZFg8UcmRhYKdwXqBhyuioiWER83Nqd0tL'
-H 'Authorization: Bearer eyJraWQiOiJNWnpabklNK2V6Q3BXUE5mM2FXTHhoSmEza0ltcEFMbnluT05DcFdIT2tZPSIsImFsZyI6IlJTMjU2In0.eyJzdWIiOiJjNDQyMTJlMi05MmI1LTRiOTYtYTRmNS1lYWRlODA4OTM1YjIiLCJjdXN0b206YXBpX2tleXMiOiJwMHM1UmQzUkF2NlR2d0VuWEx5YUphR2x0ZWtieEFVUzcwVGVzOXlGIiwiaXNzIjoiaHR0cHM6XC9cL2NvZ25pdG8taWRwLnVzLXdlc3QtMi5hbWF6b25hd3MuY29tXC91cy13ZXN0LTJfa3hXeFdrTFZ5IiwiY29nbml0bzp1c2VybmFtZSI6IjAyNjk0OWM1OWI2NzIxOGNfcndfaWQiLCJhdWQiOiIzb3AybDBqazkxN3FudXFoZnVoanRvcXRzZyIsImV2ZW50X2lkIjoiODczM2ZmMjktOGNhMC00ODMyLTg0NzgtMDNiNWIxMDI3NmQ3IiwidG9rZW5fdXNlIjoiaWQiLCJhdXRoX3RpbWUiOjE1NjkzNTM0NDEsIm5hbWUiOiIwMjY5NDljNTliNjcyMThjX3J3X2lkIiwiY3VzdG9tOmFjY291bnRfaWQiOiJBQ0MtMTIzNTA2OCIsImV4cCI6MTU2OTM1NzA0MSwiY3VzdG9tOnJvbGUiOiIxIiwiaWF0IjoxNTY5MzUzNDQxfQ.MUAeG6QyM7Zog8mM--WK2uJVevLRwz8z2KPpGhQbUnHK04Hy_JdO4F4wH6IV0WVENGsBrcjp5boxcBZgdJE46123MGnB0HvghN5IoAZUOkfFPm7SAN68posHqYLoo14YNedc5GtvOzCxTmi9YepvE5LhsoC6Tgyc0e3ABn18gEZsyxmJFcMBHXOMei7AssYSWAdDyoI7j6jZslxmhXj7_h6T9PyqjLxLjFEq5S6oK9u4IVDVBlRxbURaRVAGb7ywfHiZEPDgceV-Wnv0AIhDzj5dL28AmiGIkWtWinF0UD-NSMKN4vtszK2sUWUSl8ZfVNGU650heiAaUAy7XmiqbA'
Example Response
The response includes an array of managed configurations for workstations and servers for the specified account.
{
"data": [
{
"id": "f6c469cf-d2b3-4e53-b2f3-08bb917e4d43",
"name": "WorkstationAndServer Settings",
"description": "Workstation and server configuration pre-patch installation",
"is_default": true
},
{
"id": "e9798e72-8893-41d8-fa6b-c712aab4969a",
"name": "Security Settings",
"description": "Security Settings for workstations and servers",
"is_default": false
}
],
"total_items": null
}
This table lists and describes the data returned in the response:
data
|
List of managed configurations. |
id
|
Unique identifier of the managed configuration. Example: f6c469cf-d2b3-4e53-b2f3-08bb917e4d43 |
name
|
Name of the managed configuration. Example: WorkstationAndServer Settings |
description
|
Description of the managed configuration. Example: Workstation and server configuration pre-patch installation |
is_default
|
Indicates whether this is the default managed configuration. Example: false |
total_items
|
Total number of managed configurations of this type. If the Example: 3 |
Retrieve an Installation Package URL
/api/{v1}/accounts/{accountId}/installers
Retrieves the URL to download an installation package that installs endpoint security software with the specified managed configuration settings on a device.
Path Parameters
When you send a request to this endpoint, you must include these path parameters:
accountId
|
Your WatchGuard Cloud account ID, as shown on the My Account page in WatchGuard Cloud. Example: WGC-1-123abc456 or ACC-1234567 |
Request Parameters
platformId
|
Identifier of the platform you want to retrieve the installation package URL for. Specify one of these values:
Example: 1 |
managedConfigurationId
|
Identifier of the managed configuration you want to retrieve the installation package URL for. Example: f6c469cf-d2b3-4e53-b2f3-08bb917e4d43 |
useActiveDirectory
|
Indicates whether to integrate the device into Active Directory. Example: true |
Example Request
This request returns the URL to download an installation package for the specified managed configuration:
curl -X GET https://api.usa.cloud.watchguard.com/rest/endpoint-security/management/api/v1/accounts/WGC-1-123abc456/installers?platformId=1&managedConfigurationId=f6c469cf-d2b3-4e53-b2f3-08bb917e4d43&useActiveDirectory=false
-H 'Accept: application/json'
-H 'Content-Type: application/json'
-H 'WatchGuard-API-Key: s9t7El6RZFg8UcmRhYKdwXqBhyuioiWER83Nqd0tL'
-H 'Authorization: Bearer eyJraWQiOiJNWnpabklNK2V6Q3BXUE5mM2FXTHhoSmEza0ltcEFMbnluT05DcFdIT2tZPSIsImFsZyI6IlJTMjU2In0.eyJzdWIiOiJjNDQyMTJlMi05MmI1LTRiOTYtYTRmNS1lYWRlODA4OTM1YjIiLCJjdXN0b206YXBpX2tleXMiOiJwMHM1UmQzUkF2NlR2d0VuWEx5YUphR2x0ZWtieEFVUzcwVGVzOXlGIiwiaXNzIjoiaHR0cHM6XC9cL2NvZ25pdG8taWRwLnVzLXdlc3QtMi5hbWF6b25hd3MuY29tXC91cy13ZXN0LTJfa3hXeFdrTFZ5IiwiY29nbml0bzp1c2VybmFtZSI6IjAyNjk0OWM1OWI2NzIxOGNfcndfaWQiLCJhdWQiOiIzb3AybDBqazkxN3FudXFoZnVoanRvcXRzZyIsImV2ZW50X2lkIjoiODczM2ZmMjktOGNhMC00ODMyLTg0NzgtMDNiNWIxMDI3NmQ3IiwidG9rZW5fdXNlIjoiaWQiLCJhdXRoX3RpbWUiOjE1NjkzNTM0NDEsIm5hbWUiOiIwMjY5NDljNTliNjcyMThjX3J3X2lkIiwiY3VzdG9tOmFjY291bnRfaWQiOiJBQ0MtMTIzNTA2OCIsImV4cCI6MTU2OTM1NzA0MSwiY3VzdG9tOnJvbGUiOiIxIiwiaWF0IjoxNTY5MzUzNDQxfQ.MUAeG6QyM7Zog8mM--WK2uJVevLRwz8z2KPpGhQbUnHK04Hy_JdO4F4wH6IV0WVENGsBrcjp5boxcBZgdJE46123MGnB0HvghN5IoAZUOkfFPm7SAN68posHqYLoo14YNedc5GtvOzCxTmi9YepvE5LhsoC6Tgyc0e3ABn18gEZsyxmJFcMBHXOMei7AssYSWAdDyoI7j6jZslxmhXj7_h6T9PyqjLxLjFEq5S6oK9u4IVDVBlRxbURaRVAGb7ywfHiZEPDgceV-Wnv0AIhDzj5dL28AmiGIkWtWinF0UD-NSMKN4vtszK2sUWUSl8ZfVNGU650heiAaUAy7XmiqbA'
Example Response
The response includes the URL to download the installation package.
{
"installer_download_url": "https://example.com/api/v1/accounts/5a5246d8-21f1-465c-83d2-b0316dd047a8/sites/279b5ffd-fa95-45c9-b7b4-7be51ff6e3e8/installers?installerType=2&platform=1&managedConfigurationId=f6c469cf-d2b3-4e53-b2f3-08bb917e4d43&customGroupId=c81fb727-69aa-45a1-8cc0-8e1e18ecc6ae&integrationGroupType=0"
}
This table lists and describes the data returned in the response:
installer_download_url
|
URL to download the installation package. Example: https://example.com/api/v1/accounts/5a5246d8-21f1-465c-83d2-b0316dd047a8/sites/279b5ffd-fa95-45c9-b7b4-7be51ff6e3e8/installers?installerType=2&platform=1&managedConfigurationId=f6c469cf-d2b3-4e53-b2f3-08bb917e4d43&customGroupId=c81fb727-69aa-45a1-8cc0-8e1e18ecc6ae&integrationGroupType=0 |
Link Devices to Managed Configurations
/api/{v1}/accounts/{accountId}/managedconfigurations/{type}/{configId}
Links devices to a specified configuration.
Path Parameters
When you send a request to this endpoint, you must include these path parameters:
accountId
|
Your WatchGuard Cloud account ID, as shown on the My Account page in WatchGuard Cloud. Example: WGC-1-123abc456 or ACC-1234567 |
type
|
Type of configuration. Currently, only option 2 is supported. 2 — Workstations and servers Example: 2 |
configId
|
Identifier of the managed configuration to associate with the devices. Example: dab50d3d-cbda-4d36-8c79-2df0b0789b49 |
Request Body
device_ids
|
List of IDs of devices to link to the specified managed configuration. Example: "00ab3e54-7bb7-4bd3-bd39-237a9d191a44", "287324d8-194f-4f5a-a7ad-e2480d5ad1b2" |
Example Request
This request links two devices to the specified managed configuration:
curl -X PATCH https://api.usa.cloud.watchguard.com/rest/endpoint-security/management/api/v1/accounts/WGC-1-123abc456/managedconfigurations/2/dab50d3d-cbda-4d36-8c79-2df0b0789b49
-H 'Accept: application/json'
-H 'Content-Type: application/json'
-H 'WatchGuard-API-Key: s9t7El6RZFg8UcmRhYKdwXqBhyuioiWER83Nqd0tL'
-H 'Authorization: Bearer eyJraWQiOiJNWnpabklNK2V6Q3BXUE5mM2FXTHhoSmEza0ltcEFMbnluT05DcFdIT2tZPSIsImFsZyI6IlJTMjU2In0.eyJzdWIiOiJjNDQyMTJlMi05MmI1LTRiOTYtYTRmNS1lYWRlODA4OTM1YjIiLCJjdXN0b206YXBpX2tleXMiOiJwMHM1UmQzUkF2NlR2d0VuWEx5YUphR2x0ZWtieEFVUzcwVGVzOXlGIiwiaXNzIjoiaHR0cHM6XC9cL2NvZ25pdG8taWRwLnVzLXdlc3QtMi5hbWF6b25hd3MuY29tXC91cy13ZXN0LTJfa3hXeFdrTFZ5IiwiY29nbml0bzp1c2VybmFtZSI6IjAyNjk0OWM1OWI2NzIxOGNfcndfaWQiLCJhdWQiOiIzb3AybDBqazkxN3FudXFoZnVoanRvcXRzZyIsImV2ZW50X2lkIjoiODczM2ZmMjktOGNhMC00ODMyLTg0NzgtMDNiNWIxMDI3NmQ3IiwidG9rZW5fdXNlIjoiaWQiLCJhdXRoX3RpbWUiOjE1NjkzNTM0NDEsIm5hbWUiOiIwMjY5NDljNTliNjcyMThjX3J3X2lkIiwiY3VzdG9tOmFjY291bnRfaWQiOiJBQ0MtMTIzNTA2OCIsImV4cCI6MTU2OTM1NzA0MSwiY3VzdG9tOnJvbGUiOiIxIiwiaWF0IjoxNTY5MzUzNDQxfQ.MUAeG6QyM7Zog8mM--WK2uJVevLRwz8z2KPpGhQbUnHK04Hy_JdO4F4wH6IV0WVENGsBrcjp5boxcBZgdJE46123MGnB0HvghN5IoAZUOkfFPm7SAN68posHqYLoo14YNedc5GtvOzCxTmi9YepvE5LhsoC6Tgyc0e3ABn18gEZsyxmJFcMBHXOMei7AssYSWAdDyoI7j6jZslxmhXj7_h6T9PyqjLxLjFEq5S6oK9u4IVDVBlRxbURaRVAGb7ywfHiZEPDgceV-Wnv0AIhDzj5dL28AmiGIkWtWinF0UD-NSMKN4vtszK2sUWUSl8ZfVNGU650heiAaUAy7XmiqbA'
-d '{
"device_ids":[
"00ab3e54-7bb7-4bd3-bd39-237a9d191a44","287324d8-194f-4f5a-a7ad-e2480d5ad1b2"
]
}'
Example Response
A successful request returns the 200 OK
status code.
Retrieve Device Protection Status
/api/{v1}/accounts/{accountId}/devicesprotectionstatus
Retrieves a list of devices with their protection status and other device information. The response to this request is limited to 3,000 records.
Path Parameters
When you send a request to this endpoint, you must include this path parameter:
accountId
|
Your WatchGuard Cloud account ID, as shown on the My Account page in WatchGuard Cloud. Example: WGC-1-123abc456 or ACC-1234567 |
Request Parameters
When you send a request to this endpoint, you can include these request parameters:
$top
|
Specifies the number of objects to retrieve. Example: 5 |
$skip
|
Bypasses the specified number of objects in the results returned. For example, if you specify 10, the results start at object 11. Example: 5 |
$search
|
Returns only objects that include the specified text string. For example, "name" returns objects that include "hostname" and "username." The supported search fields depend on the endpoint:
Example: name |
$count
|
Indicates whether to return a counter that shows the total number of objects in the Example: true |
$orderby
|
Specifies how to order results. You can order by any parameter in the response and sort results in ascending or descending order. Specify a parameter name with any underscores removed, followed by a For example, to order results by the Example: hostname+desc |
Example Request
This request retrieves the protection status of the first two devices and the total count of devices with protection:
curl -X GET https://api.usa.cloud.watchguard.com/rest/endpoint-security/management/api/v1/accounts/WGC-1-123abc456/devicesprotectionstatus?$top=2&$count=true
-H 'Accept: application/json'
-H 'Content-Type: application/json'
-H 'WatchGuard-API-Key: s9t7El6RZFg8UcmRhYKdwXqBhyuioiWER83Nqd0tL'
-H 'Authorization: Bearer eyJraWQiOiJNWnpabklNK2V6Q3BXUE5mM2FXTHhoSmEza0ltcEFMbnluT05DcFdIT2tZPSIsImFsZyI6IlJTMjU2In0.eyJzdWIiOiJjNDQyMTJlMi05MmI1LTRiOTYtYTRmNS1lYWRlODA4OTM1YjIiLCJjdXN0b206YXBpX2tleXMiOiJwMHM1UmQzUkF2NlR2d0VuWEx5YUphR2x0ZWtieEFVUzcwVGVzOXlGIiwiaXNzIjoiaHR0cHM6XC9cL2NvZ25pdG8taWRwLnVzLXdlc3QtMi5hbWF6b25hd3MuY29tXC91cy13ZXN0LTJfa3hXeFdrTFZ5IiwiY29nbml0bzp1c2VybmFtZSI6IjAyNjk0OWM1OWI2NzIxOGNfcndfaWQiLCJhdWQiOiIzb3AybDBqazkxN3FudXFoZnVoanRvcXRzZyIsImV2ZW50X2lkIjoiODczM2ZmMjktOGNhMC00ODMyLTg0NzgtMDNiNWIxMDI3NmQ3IiwidG9rZW5fdXNlIjoiaWQiLCJhdXRoX3RpbWUiOjE1NjkzNTM0NDEsIm5hbWUiOiIwMjY5NDljNTliNjcyMThjX3J3X2lkIiwiY3VzdG9tOmFjY291bnRfaWQiOiJBQ0MtMTIzNTA2OCIsImV4cCI6MTU2OTM1NzA0MSwiY3VzdG9tOnJvbGUiOiIxIiwiaWF0IjoxNTY5MzUzNDQxfQ.MUAeG6QyM7Zog8mM--WK2uJVevLRwz8z2KPpGhQbUnHK04Hy_JdO4F4wH6IV0WVENGsBrcjp5boxcBZgdJE46123MGnB0HvghN5IoAZUOkfFPm7SAN68posHqYLoo14YNedc5GtvOzCxTmi9YepvE5LhsoC6Tgyc0e3ABn18gEZsyxmJFcMBHXOMei7AssYSWAdDyoI7j6jZslxmhXj7_h6T9PyqjLxLjFEq5S6oK9u4IVDVBlRxbURaRVAGb7ywfHiZEPDgceV-Wnv0AIhDzj5dL28AmiGIkWtWinF0UD-NSMKN4vtszK2sUWUSl8ZfVNGU650heiAaUAy7XmiqbA'
Example Response
The response includes an array of data about your devices and their protection status.
{
"data": [
{
"host_name": "WIN_SERVER_6",
"device_id": "287324d8-194f-4f5a-a7ad-e2480d5ad1b2",
"platform_id": 1,
"device_type": 3,
"accumulated_protection_status": 1,
"adaptive_defense_status": 2,
"file_antivirus_status": 1,
"firewall_status": 6,
"isolation_state": 0,
"protection_engine_update_status": 1,
"protection_engine_version": "8.00.17.0001",
"knowledge_catalog_update_status": 2,
"knowledge_catalog_date": "2020-10-23T17:36:04.401Z",
"last_connection_date": "2020-10-23T17:36:04.401Z",
"reboot_requested": true,
"reinstall_protection_requested": true,
"reinstall_agent_requested": true,
"license_status": 0
},
{
"host_name": "WIN_WORKSTATION_12",
"device_id": "123456d8-910f-4f5a-a7ad-e2480d5ad1b2",
"platform_id": 1,
"device_type": 1,
"accumulated_protection_status": 1,
"adaptive_defense_status": 1,
"file_antivirus_status": 1,
"firewall_status": 3,
"isolation_state": 3,
"protection_engine_update_status": 2,
"protection_engine_version": "8.00.18.0002",
"knowledge_catalog_update_status": 2,
"knowledge_catalog_date": "2021-01-15T13:00:01Z",
"last_connection_date": "2021-01-15T16:08:24.253Z",
"reboot_requested": false,
"reinstall_protection_requested": true,
"reinstall_agent_requested": true,
"license_status": 0
"reinstall_agent_error": 2
"reinstall_protection_error": 8
}
],
"total_items": 10
}
This table lists and describes the data returned in the response:
data
|
Array of device data. |
host_name
|
Host name of the device. Example: WIN_SERVER_6 |
device_id
|
Identification number of the device. Example: 287324d8-194f-4f5a-a7ad-e2480d5ad1b2 |
platform_id
|
Device platform. This can be one of these values:
Example: 1 |
device_type
|
Type of device. This can be one of these values:
Example: 1 |
accumulated_protection_status
|
General protection status. This can be one of these values:
Example: 2 |
adaptive_defense_status
|
Adaptive Defense status. This can be one of these values:
Example: 2 |
file_antivirus_status
|
Antivirus status. This can be one of these values:
Example: 2 |
firewall_status
|
Firewall status. This can be one of these values:
Example: 6 |
isolation_state
|
Isolation state of the device. This can be one of these values:
Example: 1 |
protection_engine_update_status
|
Protection engine update status. This can be one of these values:
Example: 1 |
protection_engine_version
|
Protection engine version. Example: 8.00.17.0001 |
knowledge_catalog_update_status
|
Update status of the catalog. This can be one of these values:
Example: 2 |
knowledge_catalog_date
|
Date and time when the knowledge catalog installed on the device. Example: 2020-09-28T06:13:01.695Z |
last_connection_date
|
Date and time when the device last connected. Example: 2020-09-28T06:13:01.883Z |
reboot_requested
|
Indicates whether device reboot is requested. Example: true |
reinstall_protection_requested
|
Indicates whether reinstallation of the protection is requested. Example: true |
reinstall_agent_requested
|
Indicates whether reinstallation of the agent is requested. Example: true |
license_status
|
Status of the license. This can be one of these values:
Example: 0 |
reinstall_agent_error
|
Additional information in the event of a reinstall agent error in JSON format. The step parameter can be one of these values:
Example: {"error":58,"code":2020,"date_time":"2020-11-20T20:27:18.725Z","step":2} |
reinstall_protection_error
|
Additional information in the event of a reinstall protection error in JSON format. The step parameter can be one of these values:
Example: {"error":36,"code":4001,"date_time":"2020-11-20T20:27:18.725Z","step":8} |
total_items
|
Total number of devices. If the Example: 5 |
Retrieve Counts of Security Events
/api/{v1}/accounts/{accountId}/securityeventcounters/{type}
Retrieves counts of detected security events for the specified types.
Path Parameters
When you send a request to this endpoint, you must include these path parameters:
accountId
|
Your WatchGuard Cloud account ID, as shown on the My Account page in WatchGuard Cloud. Example: WGC-1-123abc456 or ACC-1234567 |
type
|
Types of security event counters to retrieve. This parameter is a mask. Add the values of the security event counter types you want to retrieve. For example, if you want to retrieve only programs blocked, specify 8. If you want to retrieve both PUPs and programs blocked, specify 10 because 8 (programs blocked) + 2 (PUPs) = 10.
Example: 10 |
Request Parameters
When you send a request to this endpoint, you can include this request parameter:
filter
|
Filters the security event counters by date. Specify the type of security event:
Specify the length of the time period in the format
For example, this retrieves threats detected by AV for the last 7 days: This retrieves security event counters for the other types for the last 3 months: If you do not specify a filter, the API returns all of the security events for the last 30 days. Example: 33001%20AmongTheLast%20[7,3]
|
Example Request
This request retrieves all security event counters for the specified account:
curl -X GET https://api.usa.cloud.watchguard.com/rest/endpoint-security/management/api/v1/accounts/WGC-1-123abc456/securityeventcounters/255
-H 'Accept: application/json'
-H 'Content-Type: application/json'
-H 'WatchGuard-API-Key: s9t7El6RZFg8UcmRhYKdwXqBhyuioiWER83Nqd0tL'
-H 'Authorization: Bearer eyJraWQiOiJNWnpabklNK2V6Q3BXUE5mM2FXTHhoSmEza0ltcEFMbnluT05DcFdIT2tZPSIsImFsZyI6IlJTMjU2In0.eyJzdWIiOiJjNDQyMTJlMi05MmI1LTRiOTYtYTRmNS1lYWRlODA4OTM1YjIiLCJjdXN0b206YXBpX2tleXMiOiJwMHM1UmQzUkF2NlR2d0VuWEx5YUphR2x0ZWtieEFVUzcwVGVzOXlGIiwiaXNzIjoiaHR0cHM6XC9cL2NvZ25pdG8taWRwLnVzLXdlc3QtMi5hbWF6b25hd3MuY29tXC91cy13ZXN0LTJfa3hXeFdrTFZ5IiwiY29nbml0bzp1c2VybmFtZSI6IjAyNjk0OWM1OWI2NzIxOGNfcndfaWQiLCJhdWQiOiIzb3AybDBqazkxN3FudXFoZnVoanRvcXRzZyIsImV2ZW50X2lkIjoiODczM2ZmMjktOGNhMC00ODMyLTg0NzgtMDNiNWIxMDI3NmQ3IiwidG9rZW5fdXNlIjoiaWQiLCJhdXRoX3RpbWUiOjE1NjkzNTM0NDEsIm5hbWUiOiIwMjY5NDljNTliNjcyMThjX3J3X2lkIiwiY3VzdG9tOmFjY291bnRfaWQiOiJBQ0MtMTIzNTA2OCIsImV4cCI6MTU2OTM1NzA0MSwiY3VzdG9tOnJvbGUiOiIxIiwiaWF0IjoxNTY5MzUzNDQxfQ.MUAeG6QyM7Zog8mM--WK2uJVevLRwz8z2KPpGhQbUnHK04Hy_JdO4F4wH6IV0WVENGsBrcjp5boxcBZgdJE46123MGnB0HvghN5IoAZUOkfFPm7SAN68posHqYLoo14YNedc5GtvOzCxTmi9YepvE5LhsoC6Tgyc0e3ABn18gEZsyxmJFcMBHXOMei7AssYSWAdDyoI7j6jZslxmhXj7_h6T9PyqjLxLjFEq5S6oK9u4IVDVBlRxbURaRVAGb7ywfHiZEPDgceV-Wnv0AIhDzj5dL28AmiGIkWtWinF0UD-NSMKN4vtszK2sUWUSl8ZfVNGU650heiAaUAy7XmiqbA'
Example Response
This response contains counts of detected security events.
{
"malware_counters": {
"total_alerts": 0,
"total_executed": 0,
"total_data_access": 0,
"total_external_communications": 0,
"total_affected_devices": 0
},
"pups_counters": {
"total_alerts": 0,
"total_executed": 0,
"total_data_access": 0,
"total_external_communications": 0,
"total_affected_devices": 0
},
"exploit_counters": {
"total_alerts": 0,
"total_executed": 0,
"total_data_access": 0,
"total_external_communications": 0,
"total_affected_devices": 0
},
"program_blocked_counters": {
"total_programs_blocked": 0
},
"threats_by_av_counters": {
"total_phishing_detected_by_av": 0,
"total_tracking_cookies_detected_by_av": 0,
"total_devices_blocked_by_av": 0,
"total_malware_urls_blocked_by_av": 0,
"total_intrusion_attempted_blocked_by_av": 0,
"total_dangerous_actions_blocked_by_av": 0
},
"network_attack_counters": {
"total_alerts": 0,
"total_affected_devices": 0
}
This table lists and describes the data returned in the response:
malware_counters
|
Array of data about malware. |
total_alerts
|
Number of malware alerts. Example: 4 |
total_executed
|
Number of executed malware instances. Example: 2 |
total_data_access
|
Number of times malware accessed data. Example: 1 |
total_external_communications
|
Number of external communications by malware. Example: 0 |
total_affected_devices
|
Number of devices affected by malware. Example: 3 |
pups_counters
|
Array of data about potentially unwanted programs (PUPs). |
total_alerts
|
Number of PUP alerts. Example: 3 |
total_executed
|
Number of PUPs that ran successfully. Example: 0 |
total_data_access
|
Number of times PUPs accessed data. Example: 1 |
total_external_communications
|
Number of external communications by PUPs. Example: 2 |
total_affected_devices
|
Number of affected devices. Example: 5 |
exploit_counters
|
Array of data about vulnerability exploit attacks. |
total_alerts
|
Number of exploit alerts. Example: 2 |
total_executed
|
Number of exploits executed. Example: 1 |
total_data_access
|
Number of times exploits accessed data. Example: 0 |
total_external_communications
|
Number of external communications by exploits. Example: 1 |
total_affected_devices
|
Number of devices affected by exploits. Example: 2 |
program_blocked_counters
|
Array of data about programs blocked. |
total_programs_blocked
|
Number of blocked programs. Example: 0 |
threats_by_av_counters
|
Array of data about threats detected by antivirus. |
total_phishing_detected_by_av
|
Number of phishing attempts detected by antivirus. Example: 1 |
total_tracking_cookies_detected_by_av
|
Number of tracking cookies detected by antivirus. Example: 1 |
total_devices_blocked_by_av
|
Number of devices blocked by antivirus. Example: 1 |
total_malware_urls_blocked_by_av
|
Number of malware URLs blocked by antivirus. Example: 2 |
total_intrusion_attempted_blocked_by_av
|
Number of intrusion attempts blocked by antivirus. Example: 2 |
total_dangerous_actions_blocked_by_av
|
Number of dangerous actions blocked by antivirus. Example: 3 |
network_attack_counters
|
Array of data about network attacks blocked. |
total_alerts
|
Number of alerts. Example: 2 |
total_affected_devices
|
Number of affected devices. Example: 20 |
Retrieve a Security Overview
/api/{v1}/accounts/{accountId}/securityoverview/{period}
Retrieves a security overview that includes security event counters for a specified time period.
Path Parameters
When you send a request to this endpoint, you must include these path parameters:
accountId
|
Your WatchGuard Cloud account ID, as shown on the My Account page in WatchGuard Cloud. Example: WGC-1-123abc456 or ACC-1234567 |
period
|
Period of time to retrieve security event counters for. Specify one of these values:
Example: 7 |
Example Request
This request retrieves security event counters for the specified account for the previous 24 hours:
curl -X GET https://api.usa.cloud.watchguard.com/rest/endpoint-security/management/api/v1/accounts/WGC-1-123abc456/securityoverview/1
-H 'Accept: application/json'
-H 'Content-Type: application/json'
-H 'WatchGuard-API-Key: s9t7El6RZFg8UcmRhYKdwXqBhyuioiWER83Nqd0tL'
-H 'Authorization: Bearer eyJraWQiOiJNWnpabklNK2V6Q3BXUE5mM2FXTHhoSmEza0ltcEFMbnluT05DcFdIT2tZPSIsImFsZyI6IlJTMjU2In0.eyJzdWIiOiJjNDQyMTJlMi05MmI1LTRiOTYtYTRmNS1lYWRlODA4OTM1YjIiLCJjdXN0b206YXBpX2tleXMiOiJwMHM1UmQzUkF2NlR2d0VuWEx5YUphR2x0ZWtieEFVUzcwVGVzOXlGIiwiaXNzIjoiaHR0cHM6XC9cL2NvZ25pdG8taWRwLnVzLXdlc3QtMi5hbWF6b25hd3MuY29tXC91cy13ZXN0LTJfa3hXeFdrTFZ5IiwiY29nbml0bzp1c2VybmFtZSI6IjAyNjk0OWM1OWI2NzIxOGNfcndfaWQiLCJhdWQiOiIzb3AybDBqazkxN3FudXFoZnVoanRvcXRzZyIsImV2ZW50X2lkIjoiODczM2ZmMjktOGNhMC00ODMyLTg0NzgtMDNiNWIxMDI3NmQ3IiwidG9rZW5fdXNlIjoiaWQiLCJhdXRoX3RpbWUiOjE1NjkzNTM0NDEsIm5hbWUiOiIwMjY5NDljNTliNjcyMThjX3J3X2lkIiwiY3VzdG9tOmFjY291bnRfaWQiOiJBQ0MtMTIzNTA2OCIsImV4cCI6MTU2OTM1NzA0MSwiY3VzdG9tOnJvbGUiOiIxIiwiaWF0IjoxNTY5MzUzNDQxfQ.MUAeG6QyM7Zog8mM--WK2uJVevLRwz8z2KPpGhQbUnHK04Hy_JdO4F4wH6IV0WVENGsBrcjp5boxcBZgdJE46123MGnB0HvghN5IoAZUOkfFPm7SAN68posHqYLoo14YNedc5GtvOzCxTmi9YepvE5LhsoC6Tgyc0e3ABn18gEZsyxmJFcMBHXOMei7AssYSWAdDyoI7j6jZslxmhXj7_h6T9PyqjLxLjFEq5S6oK9u4IVDVBlRxbURaRVAGb7ywfHiZEPDgceV-Wnv0AIhDzj5dL28AmiGIkWtWinF0UD-NSMKN4vtszK2sUWUSl8ZfVNGU650heiAaUAy7XmiqbA'
Example Response
This response contains counts of detected security events.
{ "total_devices": 4, "total_unmanaged_devices": 6, "malware": { "total_alerts": 0, "total_executed": 0, "total_data_access": 0, "total_external_communications": 0, "total_affected_devices": 0 }, "pups": { "total_alerts": 0, "total_executed": 0, "total_data_access": 0, "total_external_communications": 0, "total_affected_devices": 0 }, "exploits": { "total_alerts": 0, "total_executed": 0, "total_data_access": 0, "total_external_communications": 0, "total_affected_devices": 0 }, "programs_blocked": { "total_programs_blocked": 0 }, "threats_by_av_counters": { "total_phishing_detected_by_av": 0, "total_tracking_cookies_detected_by_av": 0, "total_devices_blocked_by_av": 0, "total_malware_urls_blocked_by_av": 0, "total_intrusion_attempted_blocked_by_av": 0, "total_dangerous_actions_blocked_by_av": 0,
"total_hacking_tools_by_av": 0, "total_spyware_by_av": 0, "total_virus_by_av": 0 }, "indicators_of_attack_counters": { "total_indicators_of_attack": 0
} }
This table lists and describes the data returned in the response:
total_devices
|
Number of devices. |
total_unmanaged_devices
|
Number of unmanaged devices. |
malware
|
Array of data about malware. |
total_alerts
|
Number of malware alerts. Example: 4 |
total_executed
|
Number of executed malware instances. Example: 2 |
total_data_access
|
Number of times malware accessed data. Example: 1 |
total_external_communications
|
Number of external communications by malware. Example: 0 |
total_affected_devices
|
Number of devices affected by malware. Example: 3 |
pups
|
Array of data about potentially unwanted programs (PUPs). |
total_alerts
|
Number of PUP alerts. Example: 3 |
total_executed
|
Number of PUPs that ran successfully. Example: 0 |
total_data_access
|
Number of times PUPs accessed data. Example: 1 |
total_external_communications
|
Number of external communications by PUPs. Example: 2 |
total_affected_devices
|
Number of affected devices. Example: 5 |
exploits
|
Array of data about vulnerability exploit attacks. |
total_alerts
|
Number of exploit alerts. Example: 2 |
total_executed
|
Number of exploits executed. Example: 1 |
total_data_access
|
Number of times exploits accessed data. Example: 0 |
total_external_communications
|
Number of external communications by exploits. Example: 1 |
total_affected_devices
|
Number of devices affected by exploits. Example: 2 |
programs_blocked
|
Array of data about programs blocked. |
total_programs_blocked
|
Number of blocked programs. Example: 0 |
threats_by_av_counters
|
Array of data about threats detected by antivirus. |
total_phishing_detected_by_av
|
Number of phishing attempts detected by antivirus. Example: 1 |
total_tracking_cookies_detected_by_av
|
Number of tracking cookies detected by antivirus. Example: 1 |
total_devices_blocked_by_av
|
Number of devices blocked by antivirus. Example: 1 |
total_malware_urls_blocked_by_av
|
Number of malware URLs blocked by antivirus. Example: 2 |
total_intrusion_attempted_blocked_by_av
|
Number of intrusion attempts blocked by antivirus. Example: 2 |
total_dangerous_actions_blocked_by_av
|
Number of dangerous actions blocked by antivirus. Example: 3 |
total_hacking_tools_by_av
|
Number of hacking tools detected by antivirus. Example: 3 |
total_spyware_by_av
|
Number of spyware detected by antivirus. Example: 2 |
total_virus_by_av
|
Number of viruses detected by antivirus. Example: 2 |
indicators_of_attack_counters
|
Array of data about indicators of attack. |
total_indicators_of_attack
|
Number of indicators of attack. Example: 3 |
Retrieve Security Events for Devices
/api/{v1}/accounts/{accountId}/securityevents/{type}/export/{period}
Retrieves a list of security events of the specified type for the specified device for a specific time period. The response to this request is limited to 3,000 records.
Path Parameters
When you send a request to this endpoint, you must include these path parameters:
accountId
|
Your WatchGuard Cloud account ID, as shown on the My Account page in WatchGuard Cloud. Example: WGC-1-123abc456 or ACC-1234567 |
type
|
Type of security event. Specify one of these values:
Example: 13 |
period
|
Period of time to retrieve security events for. Specify one of these values:
Example: 7 |
Request Parameters
When you send a request to this endpoint, you can include this request parameter:
hostname
|
Host name (base-64 encoded) of the device you want to retrieve security events for.
|
Example Request
This request retrieves malware URL security events for the previous 7 days:
curl -X GET https://api.usa.cloud.watchguard.com/rest/endpoint-security/management/api/v1/accounts/WGC-1-123abc456/securityevents/13/export/7
-H 'Accept: application/json'
-H 'Content-Type: application/json'
-H 'WatchGuard-API-Key: s9t7El6RZFg8UcmRhYKdwXqBhyuioiWER83Nqd0tL'
-H 'Authorization: Bearer eyJraWQiOiJNWnpabklNK2V6Q3BXUE5mM2FXTHhoSmEza0ltcEFMbnluT05DcFdIT2tZPSIsImFsZyI6IlJTMjU2In0.eyJzdWIiOiJjNDQyMTJlMi05MmI1LTRiOTYtYTRmNS1lYWRlODA4OTM1YjIiLCJjdXN0b206YXBpX2tleXMiOiJwMHM1UmQzUkF2NlR2d0VuWEx5YUphR2x0ZWtieEFVUzcwVGVzOXlGIiwiaXNzIjoiaHR0cHM6XC9cL2NvZ25pdG8taWRwLnVzLXdlc3QtMi5hbWF6b25hd3MuY29tXC91cy13ZXN0LTJfa3hXeFdrTFZ5IiwiY29nbml0bzp1c2VybmFtZSI6IjAyNjk0OWM1OWI2NzIxOGNfcndfaWQiLCJhdWQiOiIzb3AybDBqazkxN3FudXFoZnVoanRvcXRzZyIsImV2ZW50X2lkIjoiODczM2ZmMjktOGNhMC00ODMyLTg0NzgtMDNiNWIxMDI3NmQ3IiwidG9rZW5fdXNlIjoiaWQiLCJhdXRoX3RpbWUiOjE1NjkzNTM0NDEsIm5hbWUiOiIwMjY5NDljNTliNjcyMThjX3J3X2lkIiwiY3VzdG9tOmFjY291bnRfaWQiOiJBQ0MtMTIzNTA2OCIsImV4cCI6MTU2OTM1NzA0MSwiY3VzdG9tOnJvbGUiOiIxIiwiaWF0IjoxNTY5MzUzNDQxfQ.MUAeG6QyM7Zog8mM--WK2uJVevLRwz8z2KPpGhQbUnHK04Hy_JdO4F4wH6IV0WVENGsBrcjp5boxcBZgdJE46123MGnB0HvghN5IoAZUOkfFPm7SAN68posHqYLoo14YNedc5GtvOzCxTmi9YepvE5LhsoC6Tgyc0e3ABn18gEZsyxmJFcMBHXOMei7AssYSWAdDyoI7j6jZslxmhXj7_h6T9PyqjLxLjFEq5S6oK9u4IVDVBlRxbURaRVAGb7ywfHiZEPDgceV-Wnv0AIhDzj5dL28AmiGIkWtWinF0UD-NSMKN4vtszK2sUWUSl8ZfVNGU650heiAaUAy7XmiqbA'
Example Response
The response indicates whether data has been accessed by a security threat, and indicates the action performed by Aether Endpoint Security.
{
"data": [
"accessed_data": true,
"action": 10,
"date": "2020-11-20T20:27:18.725Z",
"device_id": "8b7205bc-60e0-45a0-9956-b17b6a8673f6",
"site_id": "8b7205bc-60e0-45a0-9956-b17b6a8673f6",
"event_id": 69608597,
"event_type": -86726288.19318274,
"dwell_time": 51373899,
"is_excluded": true,
"hash": "009a9b4ff00946f9a5a5659dfe9086da",
"host_name": "WIN_SERVER_6",
"item_name": "NameMalware",
"made_external_connections": true,
"path": "ThreatPath",
"protection_mode": 5799409.122032538,
"reclassified_to_type": -88047622.99579449,
"like_lihood_of_being_malicious": -18274273.348011777,
"discard_motive": -77046516.51787202,
"lock_plus_rule_id": -22540451.640785083,
"user_name": "Username",
"was_run": true,
"source_ip": "SourceIPName",
"source_machine_name": "SourceDeviceName",
"source_user": "SourceUsername",
"detection_technology": "DetectionTechnologyName",
"exploit_technique": "ExploitTechnique",
"risk": true,
"description": "DeviceDescriptionName",
"domain": "DeviceDomain",
"detected_by": 68864810.84915292,
"device_type": -73108038.14936246,
"platform_id": -70290399.75311546,
"excluded": true,
"file_info_discard": "FileIndentifierHash",
"id": "8b7205bc-60e0-45a0-9956-b17b6a8673f6",
"ip_address": "192.168.1.10",
"malware_name": "MalwareName",
"malware_category": -85107213.72887051,
"malware_type": -62357590.74048821,
"number_of_occurrences": 20674256,
"security_event_date": "2021-07-20T20:27:18.725Z",
"site_name": "SiteName",
"network_activity_type": -85774927.58794248,
"direction": 50845497.54724711,
"protocol": -86318449.566446,
"local_endpoint": {},
"remote_endpoint": {},
"firewall_rule_definition": {},
"rule_id": "8b7205bc-60e0-45a0-9956-b17b6a8673f6",
"rule_name": "RuleName",
"rule_configuration_id": "9b7205bc-60e0-45a0-9956-b17b6a8673f6",
"rule_obsolete": false,
"alias": "AliasName",
"instance_id": "9b7205bc-60e0-45a0-9956-b17b6a8673f6",
"type": -51429435.96722382,
"rule_risk": -54492359.89028178,
"rule_mitre": "tactic: TA0006, technique: T1003",
"status": 31156035.444223955,
"endpoint_event_date": "2021-07-20T20:27:18.725Z",
"filed_date": "2021-07-20T20:27:18.725Z",
"since_until_filed": "8.07:06:05",
"count": -10808344,
"custom_group_folder_id": "1b7205bc-60e0-45a0-9956-b17b6a8673f6",
"custom_group_folder_info": [
{
"name": "Root",
"is_translatable": true,
"type": 1
},
{
"name": "Windows",
"type": 2
},
{
"name": "Server",
"type": 2
}
],
"network_attack": null,
"local_ip_address": 192.168.1.1,
"remote_ip_address": 192.168.10.1
],
"total_items": null
}
This table lists and describes the data returned in the response:
data
|
Array of security event data. |
accessed_data
|
Indicates if the data has been accessed. Example: true |
action
|
Indicates the action performed. For indicators of attack, this can be one of these values:
For other detections, this can be one of these values:
|
date
|
Date and time of detection. Example: "2020-11-20T20:27:18.725Z" |
device_id
|
Identifier of the device. Example: 8b7205bc-60e0-45a0-9956-b17b6a8673f6 |
site_id
|
Identifier of the site. Example: 8b7205bc-60e0-45a0-9956-b17b6a8673f6 |
event_id
|
Identifier of the event. Example: 69608597 |
event_type
|
Indicates the event type. This can be one of these values:
|
dwell_time
|
Indicates the number of seconds that the threat was on the device without classification. Example: 60 |
is_excluded
|
Indicates if data has been excluded. Example: true |
hash
|
Hash of an element. Example: 009a9b4ff00946f9a5a5659dfe9086da |
host_name
|
Name of the host. Example: WIN_SERVER_6 |
item_name
|
Name of the threat. Example: MalwareName |
made_external_connections
|
Indicates if malware made external connections. Example: true |
path
|
Name of the threat path. Example: ThreatPathName |
protection_mode
|
Indicates the protection mode. This can be one of these values:
|
reclassified_to_type
|
Indicates the type to which it has been reclassified. This can be one of these values:
|
like_lihood_of_being_malicious
|
Indicates the likelihood of being malicious. This can be one of these values:
|
discard_motive
|
Reason for discarding the knowledge sample. This can be one of these values:
|
lock_plus_rule_id
|
LockPlus Rule ID. This can be one of these values:
|
user_name
|
Username. Example: Name |
was_run
|
Indicates if the item has been executed. Example: true |
source_ip
|
Name of the source IP. Example: SourceIPName |
source_machine_name
|
Name of the source device. Example: SourceDeviceName |
source_user
|
Source username. Example: SourceUserName |
detection_technology
|
Name of detection technology in exploit detections. Example: DetectionTechnologyName |
exploit_technique
|
Exploit technique. Example: ExploitTechnique |
risk
|
Indicates whether it is a risk exploit. Example: true |
description
|
Device description in antivirus detections. Example: DeviceDescription |
domain
|
Domain of device in antivirus detections. Example: DeviceDomain |
detected_by
|
Protection or technology in antivirus detections. This can be one of these values:
|
device_type
|
Device type in antivirus and firewall detections. This can be one of these values:
|
platform_id
|
Platform of the affected device. This can be one of these values:
|
excluded
|
Indicates if the element has been excluded in antivirus detection. Example: true |
file_info_discard
|
Hash to identify the file in antivirus detections. Example: 009a9b4ff00946f9a5a5659dfe9086da |
id
|
Identifier in antivirus detections. Example: 8b7205bc-60e0-45a0-9956-b17b6a8673f6 |
ip_address
|
IP address of the device in antivirus and firewall detections. Example: 192.168.1.10 |
malware_name
|
Malware name in antivirus detections. Example: MalwareName |
malware_category
|
Malware category in antivirus detections. This can be one of these values:
|
malware_type
|
Malware type in antivirus detections. This can be one of these values:
|
number_of_occurrences
|
Number of occurrences in antivirus detections. Example: 3 |
security_event_date
|
Security event date and time for antivirus, firewall, and device control detections. Example: "2021-07-20T20:27:18.725Z" |
site_name
|
Site name in antivirus and firewall detections. Example: SiteName |
network_activity_type
|
Network activity type in firewall detections. This can be one of these values:
|
direction
|
Direction of firewall blocked connections. This can be one of these values:
|
protocol
|
Protocol of firewall blocked connections. This can be one of these values:
|
local_endpoint
|
Firewall blocked connections for a local endpoint, in JSON format: Mac Address, IP Address, Port, and IP Type. IP type can be one of these values:
Example: {"mac_address": "34:0A:E5:C2:DE:0C","ip_address": "192.168.0.173","port": 58550,"ip_type": 1} |
remote_endpoint
|
Firewall blocked connections for a remote endpoint, in JSON format: Mac Address, IP Address, Port, and IP Type. IP type can be one of these values:
Example: {"mac_address": "47:0A:E5:C2:DE:2F","ip_address": "192.168.0.75","port": 58550,"ip_type": 1} |
rule_id
|
Identifier of a rule in firewall blocked connections and in indicators of attack detections. Example: 8b7205bc-60e0-45a0-9956-b17b6a8673f6 |
rule_name
|
Rule name for firewall blocked connections and for indicators of attack detections. Example: MyRule |
rule_configuration_id
|
Identifier of rule configuration in firewall blocked connections. Example: 9b7205bc-60e0-45a0-9956-b17b6a8673f6 |
rule_obsolete
|
Indicates if the rule is obsolete in firewall blocked connections. Example: false |
alias
|
Alias name for device control detections. Example: AliasName |
instance_id
|
Instance identifier for device control detections. Example: 9b7205bc-60e0-45a0-9956-b17b6a8673f6 |
type
|
Type of device for device control detections. This can beone of these values:
|
rule_risk
|
Indicates the rule risk for indicators of attack detections. This can be one of these values:
|
rule_mitre
|
Array with JSON pairs of the MITRE attack tactic and technique in indicators of attack detections. Example: [{tactic: "TA0006", technique: "T1003"}] |
status
|
Indicates the status in indicators of attack detections. This can be one of these values:
|
endpoint_event_date
|
Endpoint event date in indicators of attack detections. Example: "2021-07-20T20:27:18.725Z" |
filed_date
|
Filed date in indicators of attack detections. Example: "2021-07-20T20:27:18.725Z" |
since_until_filed
|
Time since the filed date in indicators of attack detections. Example: 8.07:06:05 specifies 8 days, 7 hours, 6 minutes, and 5 seconds |
count
|
Number of occurrences in indicators of attack detections. Example: 3 |
custom_group_folder_id
|
Identifier of the assigned custom group folder. Example: 1b7205bc-60e0-45a0-9956-b17b6a8673f6 |
custom_group_folder_info
|
Array of folders that represents the path where the device is located in the management UI. |
name
|
Name of the folder. Example: Windows |
type
|
Type of folder. This can be one of these values:
|
is_translatable
|
Indicates whether you can rename the folder. This can be one of these values:
|
network_attack
|
Network attack name. Example: Denial of Service attack (DoS) |
local_ip_address
|
Local IP address in network attack detections. Example: 192.168.1.1 |
remote_ip_address
|
Remote IP address in network attack detections. Example: 192.168.10.1 |
total_items
|
Count is not supported. Currently, null is always displayed in this field. Example: null |
Uninstall Protection from Devices
/api/{v1}/accounts/{accountId}/devices/uninstall
Uninstalls protection from the specified devices.
Path Parameters
When you send a request to this endpoint, you must include this path parameter:
accountId
|
Your WatchGuard Cloud account ID, as shown on the My Account page in WatchGuard Cloud. Example: WGC-1-123abc456 or ACC-1234567 |
Request Body
device_ids
|
List of IDs of devices to uninstall protection from. Example: "00ab3e54-7bb7-4bd3-bd39-237a9d191a44", "287324d8-194f-4f5a-a7ad-e2480d5ad1b2" |
Example Request
This request uninstalls protection from two devices.
curl -X POST https://api.usa.cloud.watchguard.com/rest/endpoint-security/management/api/v1/accounts/WGC-1-123abc456/devices/uninstall
-H 'Accept: application/json'
-H 'Content-Type: application/json'
-H 'WatchGuard-API-Key: s9t7El6RZFg8UcmRhYKdwXqBhyuioiWER83Nqd0tL'
-H 'Authorization: Bearer eyJraWQiOiJNWnpabklNK2V6Q3BXUE5mM2FXTHhoSmEza0ltcEFMbnluT05DcFdIT2tZPSIsImFsZyI6IlJTMjU2In0.eyJzdWIiOiJjNDQyMTJlMi05MmI1LTRiOTYtYTRmNS1lYWRlODA4OTM1YjIiLCJjdXN0b206YXBpX2tleXMiOiJwMHM1UmQzUkF2NlR2d0VuWEx5YUphR2x0ZWtieEFVUzcwVGVzOXlGIiwiaXNzIjoiaHR0cHM6XC9cL2NvZ25pdG8taWRwLnVzLXdlc3QtMi5hbWF6b25hd3MuY29tXC91cy13ZXN0LTJfa3hXeFdrTFZ5IiwiY29nbml0bzp1c2VybmFtZSI6IjAyNjk0OWM1OWI2NzIxOGNfcndfaWQiLCJhdWQiOiIzb3AybDBqazkxN3FudXFoZnVoanRvcXRzZyIsImV2ZW50X2lkIjoiODczM2ZmMjktOGNhMC00ODMyLTg0NzgtMDNiNWIxMDI3NmQ3IiwidG9rZW5fdXNlIjoiaWQiLCJhdXRoX3RpbWUiOjE1NjkzNTM0NDEsIm5hbWUiOiIwMjY5NDljNTliNjcyMThjX3J3X2lkIiwiY3VzdG9tOmFjY291bnRfaWQiOiJBQ0MtMTIzNTA2OCIsImV4cCI6MTU2OTM1NzA0MSwiY3VzdG9tOnJvbGUiOiIxIiwiaWF0IjoxNTY5MzUzNDQxfQ.MUAeG6QyM7Zog8mM--WK2uJVevLRwz8z2KPpGhQbUnHK04Hy_JdO4F4wH6IV0WVENGsBrcjp5boxcBZgdJE46123MGnB0HvghN5IoAZUOkfFPm7SAN68posHqYLoo14YNedc5GtvOzCxTmi9YepvE5LhsoC6Tgyc0e3ABn18gEZsyxmJFcMBHXOMei7AssYSWAdDyoI7j6jZslxmhXj7_h6T9PyqjLxLjFEq5S6oK9u4IVDVBlRxbURaRVAGb7ywfHiZEPDgceV-Wnv0AIhDzj5dL28AmiGIkWtWinF0UD-NSMKN4vtszK2sUWUSl8ZfVNGU650heiAaUAy7XmiqbA'
-d '{
"device_ids": ["00ab3e54-7bb7-4bd3-bd39-237a9d191a44", "287324d8-194f-4f5a-a7ad-e2480d5ad1b2"]
}'
Example Response
A successful request returns the 200 OK
status code.
Isolate Devices
/api/{v1}/accounts/{accountId}/devices/isolation
Isolates the specified devices. When you isolate a device, communication to and from the device is denied.
Path Parameters
When you send a request to this endpoint, you must include these path parameters:
accountId
|
Your WatchGuard Cloud account ID, as shown on the My Account page in WatchGuard Cloud. Example: WGC-1-123abc456 or ACC-1234567 |
Request Body
device_ids
|
List of IDs of devices to isolate. Example: "00ab3e54-7bb7-4bd3-bd39-237a9d191a44", "287324d8-194f-4f5a-a7ad-e2480d5ad1b2" |
exclusion_programs
|
List of programs to exclude from isolation and allow to communicate normally. Example: "Chrome.exe" |
customized_message
|
Text to show in an alert message on the isolated devices. Example: This computer has been isolated by an administrator. |
hide_customized_alert
|
Indicates whether to hide the customized alert message on isolated devices. Example: true |
Example Request
This request isolates two devices, displays a custom alert message on the devices, and allows the Chrome.exe program to continue to communicate normally:
curl -X POST https://api.usa.cloud.watchguard.com/rest/endpoint-security/management/api/v1/accounts/WGC-1-123abc456/devices/isolation
-H 'Accept: application/json'
-H 'Content-Type: application/json'
-H 'WatchGuard-API-Key: s9t7El6RZFg8UcmRhYKdwXqBhyuioiWER83Nqd0tL'
-H 'Authorization: Bearer eyJraWQiOiJNWnpabklNK2V6Q3BXUE5mM2FXTHhoSmEza0ltcEFMbnluT05DcFdIT2tZPSIsImFsZyI6IlJTMjU2In0.eyJzdWIiOiJjNDQyMTJlMi05MmI1LTRiOTYtYTRmNS1lYWRlODA4OTM1YjIiLCJjdXN0b206YXBpX2tleXMiOiJwMHM1UmQzUkF2NlR2d0VuWEx5YUphR2x0ZWtieEFVUzcwVGVzOXlGIiwiaXNzIjoiaHR0cHM6XC9cL2NvZ25pdG8taWRwLnVzLXdlc3QtMi5hbWF6b25hd3MuY29tXC91cy13ZXN0LTJfa3hXeFdrTFZ5IiwiY29nbml0bzp1c2VybmFtZSI6IjAyNjk0OWM1OWI2NzIxOGNfcndfaWQiLCJhdWQiOiIzb3AybDBqazkxN3FudXFoZnVoanRvcXRzZyIsImV2ZW50X2lkIjoiODczM2ZmMjktOGNhMC00ODMyLTg0NzgtMDNiNWIxMDI3NmQ3IiwidG9rZW5fdXNlIjoiaWQiLCJhdXRoX3RpbWUiOjE1NjkzNTM0NDEsIm5hbWUiOiIwMjY5NDljNTliNjcyMThjX3J3X2lkIiwiY3VzdG9tOmFjY291bnRfaWQiOiJBQ0MtMTIzNTA2OCIsImV4cCI6MTU2OTM1NzA0MSwiY3VzdG9tOnJvbGUiOiIxIiwiaWF0IjoxNTY5MzUzNDQxfQ.MUAeG6QyM7Zog8mM--WK2uJVevLRwz8z2KPpGhQbUnHK04Hy_JdO4F4wH6IV0WVENGsBrcjp5boxcBZgdJE46123MGnB0HvghN5IoAZUOkfFPm7SAN68posHqYLoo14YNedc5GtvOzCxTmi9YepvE5LhsoC6Tgyc0e3ABn18gEZsyxmJFcMBHXOMei7AssYSWAdDyoI7j6jZslxmhXj7_h6T9PyqjLxLjFEq5S6oK9u4IVDVBlRxbURaRVAGb7ywfHiZEPDgceV-Wnv0AIhDzj5dL28AmiGIkWtWinF0UD-NSMKN4vtszK2sUWUSl8ZfVNGU650heiAaUAy7XmiqbA'
-d '{
"device_ids": ["00ab3e54-7bb7-4bd3-bd39-237a9d191a44", "287324d8-194f-4f5a-a7ad-e2480d5ad1b2"]
"exclusion_programs": ["Chrome.exe"],
"customized_message": "This computer has been isolated by an administrator",
"hide_customized_alert": false
}'
Example Response
The response contains IDs of the isolated devices.
{
"processed_device_ids": ["00ab3e54-7bb7-4bd3-bd39-237a9d191a44", "287324d8-194f-4f5a-a7ad-e2480d5ad1b2"]
}
This table lists and describes the data returned in the response:
processed_device_ids
|
List of IDs of the isolated devices. Example: [ "00ab3e54-7bb7-4bd3-bd39-237a9d191a44", "287324d8-194f-4f5a-a7ad-e2480d5ad1b2" ] |
Stop Device Isolation
/api/{v1}/accounts/{accountId}/devices/noisolation
Stops isolation on the specified devices.
Path Parameters
When you send a request to this endpoint, you must include these path parameters:
accountId
|
Your WatchGuard Cloud account ID, as shown on the My Account page in WatchGuard Cloud. Example: WGC-1-123abc456 or ACC-1234567 |
Request Body
device_ids
|
List of IDs of isolated devices to remove from isolation. Example: ["00ab3e54-7bb7-4bd3-bd39-237a9d191a44", "287324d8-194f-4f5a-a7ad-e2480d5ad1b2"] |
Example Request
This request stops isolation for two isolated devices:
curl -X POST https://api.usa.cloud.watchguard.com/rest/endpoint-security/management/api/v1/accounts/WGC-1-123abc456/devices/noisolation
-H 'Accept: application/json'
-H 'Content-Type: application/json'
-H 'WatchGuard-API-Key: s9t7El6RZFg8UcmRhYKdwXqBhyuioiWER83Nqd0tL'
-H 'Authorization: Bearer eyJraWQiOiJNWnpabklNK2V6Q3BXUE5mM2FXTHhoSmEza0ltcEFMbnluT05DcFdIT2tZPSIsImFsZyI6IlJTMjU2In0.eyJzdWIiOiJjNDQyMTJlMi05MmI1LTRiOTYtYTRmNS1lYWRlODA4OTM1YjIiLCJjdXN0b206YXBpX2tleXMiOiJwMHM1UmQzUkF2NlR2d0VuWEx5YUphR2x0ZWtieEFVUzcwVGVzOXlGIiwiaXNzIjoiaHR0cHM6XC9cL2NvZ25pdG8taWRwLnVzLXdlc3QtMi5hbWF6b25hd3MuY29tXC91cy13ZXN0LTJfa3hXeFdrTFZ5IiwiY29nbml0bzp1c2VybmFtZSI6IjAyNjk0OWM1OWI2NzIxOGNfcndfaWQiLCJhdWQiOiIzb3AybDBqazkxN3FudXFoZnVoanRvcXRzZyIsImV2ZW50X2lkIjoiODczM2ZmMjktOGNhMC00ODMyLTg0NzgtMDNiNWIxMDI3NmQ3IiwidG9rZW5fdXNlIjoiaWQiLCJhdXRoX3RpbWUiOjE1NjkzNTM0NDEsIm5hbWUiOiIwMjY5NDljNTliNjcyMThjX3J3X2lkIiwiY3VzdG9tOmFjY291bnRfaWQiOiJBQ0MtMTIzNTA2OCIsImV4cCI6MTU2OTM1NzA0MSwiY3VzdG9tOnJvbGUiOiIxIiwiaWF0IjoxNTY5MzUzNDQxfQ.MUAeG6QyM7Zog8mM--WK2uJVevLRwz8z2KPpGhQbUnHK04Hy_JdO4F4wH6IV0WVENGsBrcjp5boxcBZgdJE46123MGnB0HvghN5IoAZUOkfFPm7SAN68posHqYLoo14YNedc5GtvOzCxTmi9YepvE5LhsoC6Tgyc0e3ABn18gEZsyxmJFcMBHXOMei7AssYSWAdDyoI7j6jZslxmhXj7_h6T9PyqjLxLjFEq5S6oK9u4IVDVBlRxbURaRVAGb7ywfHiZEPDgceV-Wnv0AIhDzj5dL28AmiGIkWtWinF0UD-NSMKN4vtszK2sUWUSl8ZfVNGU650heiAaUAy7XmiqbA'
-d '{
"device_ids": ["00ab3e54-7bb7-4bd3-bd39-237a9d191a44", "287324d8-194f-4f5a-a7ad-e2480d5ad1b2"]
}'
Example Response
The response includes the IDs of devices that are no longer isolated.
{
"processed_device_ids": ["00ab3e54-7bb7-4bd3-bd39-237a9d191a44", "287324d8-194f-4f5a-a7ad-e2480d5ad1b2"]
}
This table lists and describes the data returned in the response:
processed_device_ids
|
List of IDs of devices removed from isolation. Example: ["00ab3e54-7bb7-4bd3-bd39-237a9d191a44", "287324d8-194f-4f5a-a7ad-e2480d5ad1b2"] |
Send Device Action
/api/{v1}/accounts/{accountId}/devices/action
Initiates an action on the specified devices. For example, sends an action to reboot a device.
Path Parameters
When you send a request to this endpoint, you must include these path parameters:
accountId
|
Your WatchGuard Cloud account ID, as shown on the My Account page in WatchGuard Cloud. Example: WGC-1-123abc456 or ACC-1234567 |
Request Body
device_ids
|
List of IDs of the devices to initiate an action on. Example: ["00ab3e54-7bb7-4bd3-bd39-237a9d191a44", "287324d8-194f-4f5a-a7ad-e2480d5ad1b2"] |
action_type
|
Type of action to initiate on the device. Specify one of these values:
|
count_down_type
|
Amount of time to count down to the action. Specify one of these values:
|
Example Request
This request reboots two devices:
curl -X POST https://api.usa.cloud.watchguard.com/rest/endpoint-security/management/api/v1/accounts/WGC-1-123abc456/devices/action
-H 'Accept: application/json'
-H 'Content-Type: application/json'
-H 'WatchGuard-API-Key: s9t7El6RZFg8UcmRhYKdwXqBhyuioiWER83Nqd0tL'
-H 'Authorization: Bearer eyJraWQiOiJNWnpabklNK2V6Q3BXUE5mM2FXTHhoSmEza0ltcEFMbnluT05DcFdIT2tZPSIsImFsZyI6IlJTMjU2In0.eyJzdWIiOiJjNDQyMTJlMi05MmI1LTRiOTYtYTRmNS1lYWRlODA4OTM1YjIiLCJjdXN0b206YXBpX2tleXMiOiJwMHM1UmQzUkF2NlR2d0VuWEx5YUphR2x0ZWtieEFVUzcwVGVzOXlGIiwiaXNzIjoiaHR0cHM6XC9cL2NvZ25pdG8taWRwLnVzLXdlc3QtMi5hbWF6b25hd3MuY29tXC91cy13ZXN0LTJfa3hXeFdrTFZ5IiwiY29nbml0bzp1c2VybmFtZSI6IjAyNjk0OWM1OWI2NzIxOGNfcndfaWQiLCJhdWQiOiIzb3AybDBqazkxN3FudXFoZnVoanRvcXRzZyIsImV2ZW50X2lkIjoiODczM2ZmMjktOGNhMC00ODMyLTg0NzgtMDNiNWIxMDI3NmQ3IiwidG9rZW5fdXNlIjoiaWQiLCJhdXRoX3RpbWUiOjE1NjkzNTM0NDEsIm5hbWUiOiIwMjY5NDljNTliNjcyMThjX3J3X2lkIiwiY3VzdG9tOmFjY291bnRfaWQiOiJBQ0MtMTIzNTA2OCIsImV4cCI6MTU2OTM1NzA0MSwiY3VzdG9tOnJvbGUiOiIxIiwiaWF0IjoxNTY5MzUzNDQxfQ.MUAeG6QyM7Zog8mM--WK2uJVevLRwz8z2KPpGhQbUnHK04Hy_JdO4F4wH6IV0WVENGsBrcjp5boxcBZgdJE46123MGnB0HvghN5IoAZUOkfFPm7SAN68posHqYLoo14YNedc5GtvOzCxTmi9YepvE5LhsoC6Tgyc0e3ABn18gEZsyxmJFcMBHXOMei7AssYSWAdDyoI7j6jZslxmhXj7_h6T9PyqjLxLjFEq5S6oK9u4IVDVBlRxbURaRVAGb7ywfHiZEPDgceV-Wnv0AIhDzj5dL28AmiGIkWtWinF0UD-NSMKN4vtszK2sUWUSl8ZfVNGU650heiAaUAy7XmiqbA'
-d '{
"device_ids": ["00ab3e54-7bb7-4bd3-bd39-237a9d191a44", "287324d8-194f-4f5a-a7ad-e2480d5ad1b2"],
"action_type": 1,
"count_down_type": 5
Example Response
The response includes the IDs of the rebooted devices.
{
"processed_device_ids": ["00ab3e54-7bb7-4bd3-bd39-237a9d191a44", "287324d8-194f-4f5a-a7ad-e2480d5ad1b2"]
}
This table lists and describes the data returned in the response:
processed_device_ids
|
List of IDs of rebooted devices. Example: ["00ab3e54-7bb7-4bd3-bd39-237a9d191a44", "287324d8-194f-4f5a-a7ad-e2480d5ad1b2"] |
Scan Devices Immediately
/api/{v1}/accounts/{accountId}/immediatescan
Starts a task to scan the specified devices immediately.
Path Parameters
When you send a request to this endpoint, you must include these path parameters:
accountId
|
Your WatchGuard Cloud account ID, as shown on the My Account page in WatchGuard Cloud. Example: WGC-1-123abc456 or ACC-1234567 |
Request Body
device_ids
|
List of IDs of devices to scan. Example: "00ab3e54-7bb7-4bd3-r0lo-237a9d191a44", "287324d8-194f-4f5a-a7ad-e2480d5ad1b2" |
task_name
|
Name of the scan task. Example: Routine scan. |
task_description
|
Description of the scan task. Example: Windows 8 machines only. |
scan_scope
|
Scope of the scan task. Specify one of these values:
Example: 0 |
specified_items_to_scan
|
List of specific locations or items to scan. All folders and files in the specified locations are scanned. Works only when Example: "C:\Downloads", "C:\Documents" |
detect_hacking_tools
|
Indicates whether to detect hacking tools. This detects potentially unwanted programs, as well as programs used by hackers. Example: false |
detect_suspicious_files
|
Indicates whether to detect suspicious files. In scheduled scans, the tool scans computer software but does not run it. Some types of threats have a lower chance of detection. Set this option to Example: true |
scan_compressed_files
|
Indicates whether to scan compressed files. This decompresses compressed files and scans their contents. Example: true |
apply_exclusions_on_scan
|
Indicates whether to exclude items from the scan, such as specific files, files with a specific extension, or a specific directory. Example: true |
extensions_to_exclude
|
List of file extensions to exclude from the scan. Works only when Example: "exe", "pdf" |
files_to_exclude
|
List of file names (with their extensions) to exclude from the scan. Works only when Example: "Chrome.exe", "Explorer.exe" |
folders_to_exclude
|
List of folders to exclude from the scan. You must include the full path. Works only when Example: "D:/shared_drive/documents" |
execution_window_expiration
|
Time period in which the scan must run before it times out. The default is 7 days. Example: 8.07:06:05 specifies 8 days, 7 hours, 6 minutes, and 5 seconds |
Example Request
This request immediately scans critical areas on two devices:
curl -X POST https://api.usa.cloud.watchguard.com/rest/endpoint-security/management/api/v1/accounts/WGC-1-123abc456/immediatescan
-H 'Accept: application/json'
-H 'Content-Type: application/json'
-H 'WatchGuard-API-Key: s9t7El6RZFg8UcmRhYKdwXqBhyuioiWER83Nqd0tL'
-H 'Authorization: Bearer eyJraWQiOiJNWnpabklNK2V6Q3BXUE5mM2FXTHhoSmEza0ltcEFMbnluT05DcFdIT2tZPSIsImFsZyI6IlJTMjU2In0.eyJzdWIiOiJjNDQyMTJlMi05MmI1LTRiOTYtYTRmNS1lYWRlODA4OTM1YjIiLCJjdXN0b206YXBpX2tleXMiOiJwMHM1UmQzUkF2NlR2d0VuWEx5YUphR2x0ZWtieEFVUzcwVGVzOXlGIiwiaXNzIjoiaHR0cHM6XC9cL2NvZ25pdG8taWRwLnVzLXdlc3QtMi5hbWF6b25hd3MuY29tXC91cy13ZXN0LTJfa3hXeFdrTFZ5IiwiY29nbml0bzp1c2VybmFtZSI6IjAyNjk0OWM1OWI2NzIxOGNfcndfaWQiLCJhdWQiOiIzb3AybDBqazkxN3FudXFoZnVoanRvcXRzZyIsImV2ZW50X2lkIjoiODczM2ZmMjktOGNhMC00ODMyLTg0NzgtMDNiNWIxMDI3NmQ3IiwidG9rZW5fdXNlIjoiaWQiLCJhdXRoX3RpbWUiOjE1NjkzNTM0NDEsIm5hbWUiOiIwMjY5NDljNTliNjcyMThjX3J3X2lkIiwiY3VzdG9tOmFjY291bnRfaWQiOiJBQ0MtMTIzNTA2OCIsImV4cCI6MTU2OTM1NzA0MSwiY3VzdG9tOnJvbGUiOiIxIiwiaWF0IjoxNTY5MzUzNDQxfQ.MUAeG6QyM7Zog8mM--WK2uJVevLRwz8z2KPpGhQbUnHK04Hy_JdO4F4wH6IV0WVENGsBrcjp5boxcBZgdJE46123MGnB0HvghN5IoAZUOkfFPm7SAN68posHqYLoo14YNedc5GtvOzCxTmi9YepvE5LhsoC6Tgyc0e3ABn18gEZsyxmJFcMBHXOMei7AssYSWAdDyoI7j6jZslxmhXj7_h6T9PyqjLxLjFEq5S6oK9u4IVDVBlRxbURaRVAGb7ywfHiZEPDgceV-Wnv0AIhDzj5dL28AmiGIkWtWinF0UD-NSMKN4vtszK2sUWUSl8ZfVNGU650heiAaUAy7XmiqbA'
-d '{
"device_ids": ["00ab3e54-7bb7-4bd3-bd39-237a9d191a44", "287324d8-194f-4f5a-a7ad-e2480d5ad1b2"],
"task_name": "Scan laptops",
"task_description": "Scan Marketing laptops",
"scan_scope": 1,
"specified_items_to_scan": [""],
"detect_hacking_tools": true,
"detect_suspicious_files": true,
"scan_compressed_files": true,
"apply_exclusions_on_scan": false,
"extensions_to_exclude": [""],
"files_to_exclude": [""],
"folders_to_exclude": [""],
"execution_window_expiration": "10.00:00:00"
}'
Example Response
The response contains a task ID.
{
"task_id": "12a345a6-a789-0123-a4aa-56a7890a12a3"
}
This table lists and describes the data returned in the response:
task_id
|
ID of the completed scan task. Example: 12a345a6-a789-0123-a4aa-56a7890a12a3 |
Retrieve a List of Unmanaged Devices
/api/{v1}/accounts/{accountId}/unmanageddevices
Retrieves a list of unmanaged devices discovered on the network. The response to this request is limited to 3,000 records.
Path Parameters
When you send a request to this endpoint, you must include these path parameters:
accountId
|
Your WatchGuard Cloud account ID, as shown on the My Account page in WatchGuard Cloud. Example: WGC-1-123abc456 or ACC-1234567 |
Request Parameters
When you send a request to this endpoint, you can include these request parameters:
$top
|
Specifies the number of objects to retrieve. Example: 5 |
$skip
|
Bypasses the specified number of objects in the results returned. For example, if you specify 10, the results start at object 11. Example: 5 |
$search
|
Returns only objects that include the specified text string. For example, "name" returns objects that include "hostname" and "username." The supported search fields depend on the endpoint:
Example: name |
$count
|
Indicates whether to return a counter that shows the total number of objects in the Example: true |
$orderby
|
Specifies how to order results. You can order by any parameter in the response and sort results in ascending or descending order. Specify a parameter name with any underscores removed, followed by a For example, to order results by the Example: hostname+desc |
Example Request
This request retrieves a list of unmanaged devices associated with the specified account ID:
curl -X GET https://api.usa.cloud.watchguard.com/rest/endpoint-security/management/api/v1/accounts/WGC-1-123abc456/unmanageddevices"
-H 'Accept: application/json'
-H 'Content-Type: application/json'
-H 'WatchGuard-API-Key: s9t7El6RZFg8UcmRhYKdwXqBhyuioiWER83Nqd0tL'
-H 'Authorization: Bearer eyJraWQiOiJNWnpabklNK2V6Q3BXUE5mM2FXTHhoSmEza0ltcEFMbnluT05DcFdIT2tZPSIsImFsZyI6IlJTMjU2In0.eyJzdWIiOiJjNDQyMTJlMi05MmI1LTRiOTYtYTRmNS1lYWRlODA4OTM1YjIiLCJjdXN0b206YXBpX2tleXMiOiJwMHM1UmQzUkF2NlR2d0VuWEx5YUphR2x0ZWtieEFVUzcwVGVzOXlGIiwiaXNzIjoiaHR0cHM6XC9cL2NvZ25pdG8taWRwLnVzLXdlc3QtMi5hbWF6b25hd3MuY29tXC91cy13ZXN0LTJfa3hXeFdrTFZ5IiwiY29nbml0bzp1c2VybmFtZSI6IjAyNjk0OWM1OWI2NzIxOGNfcndfaWQiLCJhdWQiOiIzb3AybDBqazkxN3FudXFoZnVoanRvcXRzZyIsImV2ZW50X2lkIjoiODczM2ZmMjktOGNhMC00ODMyLTg0NzgtMDNiNWIxMDI3NmQ3IiwidG9rZW5fdXNlIjoiaWQiLCJhdXRoX3RpbWUiOjE1NjkzNTM0NDEsIm5hbWUiOiIwMjY5NDljNTliNjcyMThjX3J3X2lkIiwiY3VzdG9tOmFjY291bnRfaWQiOiJBQ0MtMTIzNTA2OCIsImV4cCI6MTU2OTM1NzA0MSwiY3VzdG9tOnJvbGUiOiIxIiwiaWF0IjoxNTY5MzUzNDQxfQ.MUAeG6QyM7Zog8mM--WK2uJVevLRwz8z2KPpGhQbUnHK04Hy_JdO4F4wH6IV0WVENGsBrcjp5boxcBZgdJE46123MGnB0HvghN5IoAZUOkfFPm7SAN68posHqYLoo14YNedc5GtvOzCxTmi9YepvE5LhsoC6Tgyc0e3ABn18gEZsyxmJFcMBHXOMei7AssYSWAdDyoI7j6jZslxmhXj7_h6T9PyqjLxLjFEq5S6oK9u4IVDVBlRxbURaRVAGb7ywfHiZEPDgceV-Wnv0AIhDzj5dL28AmiGIkWtWinF0UD-NSMKN4vtszK2sUWUSl8ZfVNGU650heiAaUAy7XmiqbA'
Example Response
The response contains a list of unmanaged devices as well as information about each unmanaged device.
{
"data": [
{
"device_id": "287324d8-194f-4f5a-a7ad-e2480d5ad1b2",
"account_id": "cd6c6dd6-b97f-453d-ad81-a5976dc0596c",
"site_id": "8b7205bc-60e0-45a0-9956-b17b6a8673f6",
"host_name": "WIN_SERVER_6",
"ip_address": "192.0.2.1",
"mac_address": "00:0a:95:9d:68:16",
"probe_name": "Probe computer 7",
"last_seen_datetime": "2020-11-18T22:25:22.641Z",
"network_interface_controller_vendor": "Intel",
"visible": true,
"description": "Finance mac01",
"status": "0_Undefined",
"installation_error": 200000
}
],
"total_items": null
}
This table lists and describes the data returned in the response:
data
|
Array of device data. |
device_id
|
Identifier for the device. Example: 287324d8-194f-4f5a-a7ad-e2480d5ad1b2 |
account_id
|
Identifier of the account. Example: cd6c6dd6-b97f-453d-ad81-a5976dc0596c |
site_id
|
Identifier of the site. Example: 8b7205bc-60e0-45a0-9956-b17b6a8673f6 |
host_name
|
Name of the host. Example: WIN_SERVER_6 |
ip_address
|
IP address of the device. Example: 192.0.2.1 |
mac_address
|
MAC address of the device. Example: 00:0a:95:9d:68:16 |
probe_name
|
Name of the device that discovered the unmanaged device. Example: Probe computer 7 |
last_seen_datetime
|
Date and time the unmanaged device was found. Example: 2020-11-20T20:27:18.725Z |
network_interface_controller_vendor
|
Manufacturer of the network card in the device. Example: Intel |
description
|
Description of the device. Example: Finance mac01 |
status
|
Status of the device. This can be one of these values:
Example: 1 |
installation_error
|
Unmanaged device installation error. This can be one of these values:
Example: 200000 |
total_items
|
Total number of unmanaged devices. If the Example: 2 |
Retrieve Company Risk Information
/api/{v1}/accounts/{accountId}/riskassessment/companyrisksummary
Retrieves a summary of the company risk status.
Path Parameters
When you send a request to this endpoint, you must include these path parameters:
accountId
|
Your WatchGuard Cloud account ID, as shown on the My Account page in WatchGuard Cloud. Example: WGC-1-123abc456 or ACC-1234567 |
Example Request
This request retrieves a count of devices associated with each risk level:
curl -X GET https://api.usa.cloud.watchguard.com/rest/endpoint-security/management/api/v1/accounts/WGC-1-123abc456/riskassessment/companyrisksummary"
-H 'Accept: application/json'
-H 'Content-Type: application/json'
-H 'WatchGuard-API-Key: s9t7El6RZFg8UcmRhYKdwXqBhyuioiWER83Nqd0tL'
-H 'Authorization: Bearer eyJraWQiOiJNWnpabklNK2V6Q3BXUE5mM2FXTHhoSmEza0ltcEFMbnluT05DcFdIT2tZPSIsImFsZyI6IlJTMjU2In0.eyJzdWIiOiJjNDQyMTJlMi05MmI1LTRiOTYtYTRmNS1lYWRlODA4OTM1YjIiLCJjdXN0b206YXBpX2tleXMiOiJwMHM1UmQzUkF2NlR2d0VuWEx5YUphR2x0ZWtieEFVUzcwVGVzOXlGIiwiaXNzIjoiaHR0cHM6XC9cL2NvZ25pdG8taWRwLnVzLXdlc3QtMi5hbWF6b25hd3MuY29tXC91cy13ZXN0LTJfa3hXeFdrTFZ5IiwiY29nbml0bzp1c2VybmFtZSI6IjAyNjk0OWM1OWI2NzIxOGNfcndfaWQiLCJhdWQiOiIzb3AybDBqazkxN3FudXFoZnVoanRvcXRzZyIsImV2ZW50X2lkIjoiODczM2ZmMjktOGNhMC00ODMyLTg0NzgtMDNiNWIxMDI3NmQ3IiwidG9rZW5fdXNlIjoiaWQiLCJhdXRoX3RpbWUiOjE1NjkzNTM0NDEsIm5hbWUiOiIwMjY5NDljNTliNjcyMThjX3J3X2lkIiwiY3VzdG9tOmFjY291bnRfaWQiOiJBQ0MtMTIzNTA2OCIsImV4cCI6MTU2OTM1NzA0MSwiY3VzdG9tOnJvbGUiOiIxIiwiaWF0IjoxNTY5MzUzNDQxfQ.MUAeG6QyM7Zog8mM--WK2uJVevLRwz8z2KPpGhQbUnHK04Hy_JdO4F4wH6IV0WVENGsBrcjp5boxcBZgdJE46123MGnB0HvghN5IoAZUOkfFPm7SAN68posHqYLoo14YNedc5GtvOzCxTmi9YepvE5LhsoC6Tgyc0e3ABn18gEZsyxmJFcMBHXOMei7AssYSWAdDyoI7j6jZslxmhXj7_h6T9PyqjLxLjFEq5S6oK9u4IVDVBlRxbURaRVAGb7ywfHiZEPDgceV-Wnv0AIhDzj5dL28AmiGIkWtWinF0UD-NSMKN4vtszK2sUWUSl8ZfVNGU650heiAaUAy7XmiqbA'
Example Response
The response contains a count of devices associated with each risk level:
{
"without_risk": 25,
"medium_risk": 43,
"high_risk": 14,
"critical_risk": 0
}
This table lists and describes the data returned in the response:
without_risk
|
Total number of devices with no risk. Example: 25 |
medium_risk
|
Total number of devices with medium risk. Example: 43 |
high_risk
|
Total number of devices with high risk. Example: 14 |
critical_risk
|
Total number of devices with critical risk. Example: 0 |
Retrieve Detected Risks
/api/{v1}/accounts/{accountId}/riskassessment/detectedrisks
Retrieves a count of detected devices for each type of risk.
Path Parameters
When you send a request to this endpoint, you must include these path parameters:
accountId
|
Your WatchGuard Cloud account ID, as shown on the My Account page in WatchGuard Cloud. Example: WGC-1-123abc456 or ACC-1234567 |
Request Parameters
When you send a request to this endpoint, you can include this request parameter:
$filter
|
Specifies the device or type of device to retrieve risk information from. You can combine two or more values with the boolean operators %20And%20 and %20Or%20:
|
Example Request
This request returns a count of the Linux laptops where each type of risk was detected.
curl -X GET https://api.usa.cloud.watchguard.com/rest/endpoint-security/management/api/v1/accounts/WGC-1-123abc456/riskassessment/detectedrisks?$filter=4005%20Eq%202%20And%204004%20Eq%202
-H 'Accept: application/json'
-H 'Content-Type: application/json'
-H 'WatchGuard-API-Key: s9t7El6RZFg8UcmRhYKdwXqBhyuioiWER83Nqd0tL'
-H 'Authorization: Bearer eyJraWQiOiJNWnpabklNK2V6Q3BXUE5mM2FXTHhoSmEza0ltcEFMbnluT05DcFdIT2tZPSIsImFsZyI6IlJTMjU2In0.eyJzdWIiOiJjNDQyMTJlMi05MmI1LTRiOTYtYTRmNS1lYWRlODA4OTM1YjIiLCJjdXN0b206YXBpX2tleXMiOiJwMHM1UmQzUkF2NlR2d0VuWEx5YUphR2x0ZWtieEFVUzcwVGVzOXlGIiwiaXNzIjoiaHR0cHM6XC9cL2NvZ25pdG8taWRwLnVzLXdlc3QtMi5hbWF6b25hd3MuY29tXC91cy13ZXN0LTJfa3hXeFdrTFZ5IiwiY29nbml0bzp1c2VybmFtZSI6IjAyNjk0OWM1OWI2NzIxOGNfcndfaWQiLCJhdWQiOiIzb3AybDBqazkxN3FudXFoZnVoanRvcXRzZyIsImV2ZW50X2lkIjoiODczM2ZmMjktOGNhMC00ODMyLTg0NzgtMDNiNWIxMDI3NmQ3IiwidG9rZW5fdXNlIjoiaWQiLCJhdXRoX3RpbWUiOjE1NjkzNTM0NDEsIm5hbWUiOiIwMjY5NDljNTliNjcyMThjX3J3X2lkIiwiY3VzdG9tOmFjY291bnRfaWQiOiJBQ0MtMTIzNTA2OCIsImV4cCI6MTU2OTM1NzA0MSwiY3VzdG9tOnJvbGUiOiIxIiwiaWF0IjoxNTY5MzUzNDQxfQ.MUAeG6QyM7Zog8mM--WK2uJVevLRwz8z2KPpGhQbUnHK04Hy_JdO4F4wH6IV0WVENGsBrcjp5boxcBZgdJE46123MGnB0HvghN5IoAZUOkfFPm7SAN68posHqYLoo14YNedc5GtvOzCxTmi9YepvE5LhsoC6Tgyc0e3ABn18gEZsyxmJFcMBHXOMei7AssYSWAdDyoI7j6jZslxmhXj7_h6T9PyqjLxLjFEq5S6oK9u4IVDVBlRxbURaRVAGb7ywfHiZEPDgceV-Wnv0AIhDzj5dL28AmiGIkWtWinF0UD-NSMKN4vtszK2sUWUSl8ZfVNGU650heiAaUAy7XmiqbA'
Example Response
The response contains information about each type of risk and a count of devices where the risk was detected.
{
"data": [
{
"risk_factor": 70,
"risk_severity": 40,
"total_active_devices_counter": 1",
"total_without_risk": 2,
"total_not_applicable_by_platform": 0,
"total_not_evaluated_on_device": 0
}
]
"total_items": 1
}
This table lists and describes the data returned in the response:
data
|
Array of risk data. |
risk_factor
|
Identifier of the risk. This can be one of these values:
Example: 70 (File antivirus disabled) |
risk_severity
|
Assigned risk level. This can be one of these values:
Example: 40 (Critical risk) |
total_active_devices_counter
|
Number of devices where the risk was detected. Example: 1 |
total_without_risk
|
Number of devices where the risk was not detected. Example: 2 |
total_not_applicable_by_platform
|
Number of devices where the risk was not evaluated because it is not compatible with the type of device. Example: 0 |
total_not_evaluated_on_device
|
Number of devices where the risk was not evaluated because you did not enable it for detection. Example: 0 |
total_items
|
Total number of retrieved risks. If the Example: 1 |
Retrieve Risks Detected for Devices
/api/{v1}/accounts/{accountId}/riskassessment/devicesrisk
Retrieves a count of risks detected on each device by risk level. The response to this request is limited to 3,000 records.
Path Parameters
When you send a request to this endpoint, you must include these path parameters:
accountId
|
Your WatchGuard Cloud account ID, as shown on the My Account page in WatchGuard Cloud. Example: WGC-1-123abc456 or ACC-1234567 |
Request Parameters
When you send a request to this endpoint, you can include these request parameters:
$top
|
Specifies the number of objects to retrieve. Example: 5 |
$skip
|
Bypasses the specified number of objects in the results returned. For example, if you specify 10, the results start at object 11. Example: 5 |
$search
|
Returns only objects that include the specified text string. For example, "name" returns objects that include "hostname" and "username". The supported search field is the device host name. |
$count
|
Indicates whether to return a counter that shows the total number of objects in the Example: true |
$filter
|
Specifies a filter to retrieve devices. You can combine two or more values with the boolean operators %20And%20 and %20Or%20:
Specify the length of the time period in the format
Example: Retrieves devices for the last 7 days: Example: Retrieves devices outside the last 3 months. |
Example Request
This request retrieves risk information for Windows servers.
curl -X GET https://api.usa.cloud.watchguard.com/rest/endpoint-security/management/api/v1/accounts/WGC-1-123abc456/riskassessment/devicesrisk?$filter=4005%20Eq%202%20And%204004%20Eq%202
-H 'Accept: application/json'
-H 'Content-Type: application/json'
-H 'WatchGuard-API-Key: s9t7El6RZFg8UcmRhYKdwXqBhyuioiWER83Nqd0tL'
-H 'Authorization: Bearer eyJraWQiOiJNWnpabklNK2V6Q3BXUE5mM2FXTHhoSmEza0ltcEFMbnluT05DcFdIT2tZPSIsImFsZyI6IlJTMjU2In0.eyJzdWIiOiJjNDQyMTJlMi05MmI1LTRiOTYtYTRmNS1lYWRlODA4OTM1YjIiLCJjdXN0b206YXBpX2tleXMiOiJwMHM1UmQzUkF2NlR2d0VuWEx5YUphR2x0ZWtieEFVUzcwVGVzOXlGIiwiaXNzIjoiaHR0cHM6XC9cL2NvZ25pdG8taWRwLnVzLXdlc3QtMi5hbWF6b25hd3MuY29tXC91cy13ZXN0LTJfa3hXeFdrTFZ5IiwiY29nbml0bzp1c2VybmFtZSI6IjAyNjk0OWM1OWI2NzIxOGNfcndfaWQiLCJhdWQiOiIzb3AybDBqazkxN3FudXFoZnVoanRvcXRzZyIsImV2ZW50X2lkIjoiODczM2ZmMjktOGNhMC00ODMyLTg0NzgtMDNiNWIxMDI3NmQ3IiwidG9rZW5fdXNlIjoiaWQiLCJhdXRoX3RpbWUiOjE1NjkzNTM0NDEsIm5hbWUiOiIwMjY5NDljNTliNjcyMThjX3J3X2lkIiwiY3VzdG9tOmFjY291bnRfaWQiOiJBQ0MtMTIzNTA2OCIsImV4cCI6MTU2OTM1NzA0MSwiY3VzdG9tOnJvbGUiOiIxIiwiaWF0IjoxNTY5MzUzNDQxfQ.MUAeG6QyM7Zog8mM--WK2uJVevLRwz8z2KPpGhQbUnHK04Hy_JdO4F4wH6IV0WVENGsBrcjp5boxcBZgdJE46123MGnB0HvghN5IoAZUOkfFPm7SAN68posHqYLoo14YNedc5GtvOzCxTmi9YepvE5LhsoC6Tgyc0e3ABn18gEZsyxmJFcMBHXOMei7AssYSWAdDyoI7j6jZslxmhXj7_h6T9PyqjLxLjFEq5S6oK9u4IVDVBlRxbURaRVAGb7ywfHiZEPDgceV-Wnv0AIhDzj5dL28AmiGIkWtWinF0UD-NSMKN4vtszK2sUWUSl8ZfVNGU650heiAaUAy7XmiqbA'
Example Response
The response returns risk information for each Windows server:
{
"data": [
{
"device_id": 18421fc0-285a-41e6-8a67-a8cb400bedd0,
"host_name": "WIN-SERVER-1",
"last_connection_date": 2022-12-20T00:39:21.574Z",
"device_risk_severity": 40,
"risk_status_counters": {
"total_critical_risk": 1,
"total_high_risk": 0,
"total_medium_risk": 0,
"total_without_risk": 4,
"total_not_applicable_by_platform": 9,
"total_not_evaluated_on_device": 2
}
}
]
"total_items": 1
}
This table lists and describes the data returned in the response:
data
|
Array of risk data. |
device_id
|
Identifier for the device. Example: 18421fc0-285a-41e6-8a67-a8cb400bedd0 |
host_name
|
Host name of the device. Example: WIN-SERVER-1 |
last_connection_date
|
Date and time of the last connection of the device. Example: 2022-12-20T00:39:21.574Z |
device_risk_severity
|
Risk level associated with the device. This can be one of these values:
Example: 40 |
risk_status_counters
|
Number of risks found on the device by risk level. |
total_critical_risk
|
Number of critical-level risks found on the device. Example: 1 |
total_high_risk
|
Number of high-level risks found on the device. Example: 0 |
total_medium_risk
|
Number of medium-level risks found on the device. Example: 0 |
total_without_risk
|
Number of risks not found on the device. Example: 4 |
total_not_applicable_by_platform
|
Number of risks not compatible with the operating system or type of device. Example: 9 |
total_not_evaluated_on_device
|
Number of risks not evaluated on the device because they were not enabled for detection. Example: 2 |
total_items
|
Total number of retrieved devices. If the Example: 1 |
Retrieve a Risk Detection Overview
/api/{v1}/accounts/{accountId}/riskassessment/statisticsbydate/{period}
Retrieves an overview of the number and types of risks detected over time.
Path Parameters
When you send a request to this endpoint, you must include these path parameters:
accountId
|
Your WatchGuard Cloud account ID, as shown on the My Account page in WatchGuard Cloud. Example: WGC-1-123abc456 or ACC-1234567 |
period
|
Period of time to retrieve risk detection counters for. Specify one of these values:
|
Example Request
This request retrieves risk detection counters for the specified account for the previous 7 days:
curl -X GET https://api.usa.cloud.watchguard.com/rest/endpoint-security/management/api/v1/accounts/WGC-1-123abc456/riskassessment/statisticsbydate/7
-H 'Accept: application/json'
-H 'Content-Type: application/json'
-H 'WatchGuard-API-Key: s9t7El6RZFg8UcmRhYKdwXqBhyuioiWER83Nqd0tL'
-H 'Authorization: Bearer eyJraWQiOiJNWnpabklNK2V6Q3BXUE5mM2FXTHhoSmEza0ltcEFMbnluT05DcFdIT2tZPSIsImFsZyI6IlJTMjU2In0.eyJzdWIiOiJjNDQyMTJlMi05MmI1LTRiOTYtYTRmNS1lYWRlODA4OTM1YjIiLCJjdXN0b206YXBpX2tleXMiOiJwMHM1UmQzUkF2NlR2d0VuWEx5YUphR2x0ZWtieEFVUzcwVGVzOXlGIiwiaXNzIjoiaHR0cHM6XC9cL2NvZ25pdG8taWRwLnVzLXdlc3QtMi5hbWF6b25hd3MuY29tXC91cy13ZXN0LTJfa3hXeFdrTFZ5IiwiY29nbml0bzp1c2VybmFtZSI6IjAyNjk0OWM1OWI2NzIxOGNfcndfaWQiLCJhdWQiOiIzb3AybDBqazkxN3FudXFoZnVoanRvcXRzZyIsImV2ZW50X2lkIjoiODczM2ZmMjktOGNhMC00ODMyLTg0NzgtMDNiNWIxMDI3NmQ3IiwidG9rZW5fdXNlIjoiaWQiLCJhdXRoX3RpbWUiOjE1NjkzNTM0NDEsIm5hbWUiOiIwMjY5NDljNTliNjcyMThjX3J3X2lkIiwiY3VzdG9tOmFjY291bnRfaWQiOiJBQ0MtMTIzNTA2OCIsImV4cCI6MTU2OTM1NzA0MSwiY3VzdG9tOnJvbGUiOiIxIiwiaWF0IjoxNTY5MzUzNDQxfQ.MUAeG6QyM7Zog8mM--WK2uJVevLRwz8z2KPpGhQbUnHK04Hy_JdO4F4wH6IV0WVENGsBrcjp5boxcBZgdJE46123MGnB0HvghN5IoAZUOkfFPm7SAN68posHqYLoo14YNedc5GtvOzCxTmi9YepvE5LhsoC6Tgyc0e3ABn18gEZsyxmJFcMBHXOMei7AssYSWAdDyoI7j6jZslxmhXj7_h6T9PyqjLxLjFEq5S6oK9u4IVDVBlRxbURaRVAGb7ywfHiZEPDgceV-Wnv0AIhDzj5dL28AmiGIkWtWinF0UD-NSMKN4vtszK2sUWUSl8ZfVNGU650heiAaUAy7XmiqbA'
Example Response
This response contains counts of devices associated with each risk level for the previous 7 days:
[
{
"key": {
"date": "2022-12-07T23:59:59.999Z",
"device_risk_severity": 5
},
"value": 10
}
]
This table lists and describes the data returned in the response:
key
|
Array with the date key and risk level assigned. |
date
|
Date and time of the overview. Example: 2022-11-21T23:59:59.999Z |
device_risk_severity
|
Risk level associated with the device. This can be one of these values:
|
value
|
Number of devices found for the specified key. Example: 14 |
Retrieve Risk Configuration
/api/{v1}/accounts/{accountId}/riskassessment/configuration
Retrieves the risk configuration.
Path Parameters
When you send a request to this endpoint, you must include these path parameters:
accountId
|
Your WatchGuard Cloud account ID, as shown on the My Account page in WatchGuard Cloud. Example: WGC-1-123abc456 or ACC-1234567 |
Example Request
This request retrieves the list of risks and the configured risk levels.
curl -X GET https://api.usa.cloud.watchguard.com/rest/endpoint-security/management/api/v1/accounts/WGC-1-123abc456/riskassessment/configuration
-H 'Accept: application/json'
-H 'Content-Type: application/json'
-H 'WatchGuard-API-Key: s9t7El6RZFg8UcmRhYKdwXqBhyuioiWER83Nqd0tL'
-H 'Authorization: Bearer eyJraWQiOiJNWnpabklNK2V6Q3BXUE5mM2FXTHhoSmEza0ltcEFMbnluT05DcFdIT2tZPSIsImFsZyI6IlJTMjU2In0.eyJzdWIiOiJjNDQyMTJlMi05MmI1LTRiOTYtYTRmNS1lYWRlODA4OTM1YjIiLCJjdXN0b206YXBpX2tleXMiOiJwMHM1UmQzUkF2NlR2d0VuWEx5YUphR2x0ZWtieEFVUzcwVGVzOXlGIiwiaXNzIjoiaHR0cHM6XC9cL2NvZ25pdG8taWRwLnVzLXdlc3QtMi5hbWF6b25hd3MuY29tXC91cy13ZXN0LTJfa3hXeFdrTFZ5IiwiY29nbml0bzp1c2VybmFtZSI6IjAyNjk0OWM1OWI2NzIxOGNfcndfaWQiLCJhdWQiOiIzb3AybDBqazkxN3FudXFoZnVoanRvcXRzZyIsImV2ZW50X2lkIjoiODczM2ZmMjktOGNhMC00ODMyLTg0NzgtMDNiNWIxMDI3NmQ3IiwidG9rZW5fdXNlIjoiaWQiLCJhdXRoX3RpbWUiOjE1NjkzNTM0NDEsIm5hbWUiOiIwMjY5NDljNTliNjcyMThjX3J3X2lkIiwiY3VzdG9tOmFjY291bnRfaWQiOiJBQ0MtMTIzNTA2OCIsImV4cCI6MTU2OTM1NzA0MSwiY3VzdG9tOnJvbGUiOiIxIiwiaWF0IjoxNTY5MzUzNDQxfQ.MUAeG6QyM7Zog8mM--WK2uJVevLRwz8z2KPpGhQbUnHK04Hy_JdO4F4wH6IV0WVENGsBrcjp5boxcBZgdJE46123MGnB0HvghN5IoAZUOkfFPm7SAN68posHqYLoo14YNedc5GtvOzCxTmi9YepvE5LhsoC6Tgyc0e3ABn18gEZsyxmJFcMBHXOMei7AssYSWAdDyoI7j6jZslxmhXj7_h6T9PyqjLxLjFEq5S6oK9u4IVDVBlRxbURaRVAGb7ywfHiZEPDgceV-Wnv0AIhDzj5dL28AmiGIkWtWinF0UD-NSMKN4vtszK2sUWUSl8ZfVNGU650heiAaUAy7XmiqbA'
Example Response
The response contains the list of risks and the level assigned to each risk.
[
{
"recommended_severity": 40,
"factor": 10,
"enable": true,
"severity": 40,
"edited_by_user": false,
"supported": true,
"threshold": null
}
]
This table lists and describes the data returned in the response:
recommended_severity
|
Risk level recommended by default by WatchGuard Technologies Inc.. This can be one of these values:
Example: 40 |
factor
|
Risk type. This can be one of these values:
Example: 10 |
enable
|
Indicates whether the risk is enabled for detection in the settings. Example: true |
severity
|
Risk level. This can be one of these values:
Example: 40 |
edited_by_user
|
Indicates whether the risk level is the recommended value or it was modified by you. Example: false |
supported
|
Indicates whether the risk is compatible with the type of product assigned to the account. Example: false |
threshold
|
The value is null for all risks, except for these risks:
|
Update Risk Configuration
/api/{v1}/accounts/{accountId}/riskassessment/updateconfiguration
Modifies the risk configuration.
Path Parameters
When you send a request to this endpoint, you must include these path parameters:
accountId
|
Your WatchGuard Cloud account ID, as shown on the My Account page in WatchGuard Cloud. Example: WGC-1-123abc456 or ACC-1234567 |
Request Body
risk_settings_list
|
List of types of risks to configure. |
recommended_severity
|
Risk level recommended by WatchGuard Technologies Inc.. This value has no effect, but you must include it. This can be one of these values:
|
factor
|
Risk type. This can be one of these values:
Example: 10 |
enable
|
Indicates whether the risk is enabled for detection in the settings. Example: true |
severity
|
Risk level. This can be one of these values:
Example: 40. |
edited_by_user
|
Indicates whether the risk level is the recommended value or it was modified by you. This value has no effect, but you must include it. Example: true |
supported
|
Indicates whether the risk is compatible with the type of product assigned to the account. This value has no effect, but you must include it. Example:true |
threshold
|
This value has no effect for all risks, except for these risks:
|
Example Request
This request sets the risk configuration:
curl -X PATCH https://api.usa.cloud.watchguard.com/rest/endpoint-security/management/api/v1/accounts/WGC-1-123abc456/riskassessment/updateconfiguration
-H 'Accept: application/json'
-H 'Content-Type: application/json'
-H 'WatchGuard-API-Key: s9t7El6RZFg8UcmRhYKdwXqBhyuioiWER83Nqd0tL'
-H 'Authorization: Bearer eyJraWQiOiJNWnpabklNK2V6Q3BXUE5mM2FXTHhoSmEza0ltcEFMbnluT05DcFdIT2tZPSIsImFsZyI6IlJTMjU2In0.eyJzdWIiOiJjNDQyMTJlMi05MmI1LTRiOTYtYTRmNS1lYWRlODA4OTM1YjIiLCJjdXN0b206YXBpX2tleXMiOiJwMHM1UmQzUkF2NlR2d0VuWEx5YUphR2x0ZWtieEFVUzcwVGVzOXlGIiwiaXNzIjoiaHR0cHM6XC9cL2NvZ25pdG8taWRwLnVzLXdlc3QtMi5hbWF6b25hd3MuY29tXC91cy13ZXN0LTJfa3hXeFdrTFZ5IiwiY29nbml0bzp1c2VybmFtZSI6IjAyNjk0OWM1OWI2NzIxOGNfcndfaWQiLCJhdWQiOiIzb3AybDBqazkxN3FudXFoZnVoanRvcXRzZyIsImV2ZW50X2lkIjoiODczM2ZmMjktOGNhMC00ODMyLTg0NzgtMDNiNWIxMDI3NmQ3IiwidG9rZW5fdXNlIjoiaWQiLCJhdXRoX3RpbWUiOjE1NjkzNTM0NDEsIm5hbWUiOiIwMjY5NDljNTliNjcyMThjX3J3X2lkIiwiY3VzdG9tOmFjY291bnRfaWQiOiJBQ0MtMTIzNTA2OCIsImV4cCI6MTU2OTM1NzA0MSwiY3VzdG9tOnJvbGUiOiIxIiwiaWF0IjoxNTY5MzUzNDQxfQ.MUAeG6QyM7Zog8mM--WK2uJVevLRwz8z2KPpGhQbUnHK04Hy_JdO4F4wH6IV0WVENGsBrcjp5boxcBZgdJE46123MGnB0HvghN5IoAZUOkfFPm7SAN68posHqYLoo14YNedc5GtvOzCxTmi9YepvE5LhsoC6Tgyc0e3ABn18gEZsyxmJFcMBHXOMei7AssYSWAdDyoI7j6jZslxmhXj7_h6T9PyqjLxLjFEq5S6oK9u4IVDVBlRxbURaRVAGb7ywfHiZEPDgceV-Wnv0AIhDzj5dL28AmiGIkWtWinF0UD-NSMKN4vtszK2sUWUSl8ZfVNGU650heiAaUAy7XmiqbA'
-d '{
"risk_settings_list": [{
"recommended_severity":40,
"factor":10,
"enable": true,
"severity": 40,
"edited_by_user": false,
"supported": true,
"threshold": null
}, {
"recommended_severity": 30,
"factor": 20,
"enable": true,
"severity": 20,
"edited_by_user": false,
"supported": true,
"threshold": null
}
]
}'
Example Response
This response contains the result of applying the risk configuration:
{
"processed_ok": true
}
This table lists and describes the data returned in the response:
processed_ok
|
Result of applying the risk configuration. Example: true |
Retrieve Missing Patches
/api/v1/accounts/{accountId}/patchavailability
Retrieves published patches not installed on the devices on the network.
Path Parameters
When you send a request to this endpoint, you must include these path parameters:
accountId
|
Your WatchGuard Cloud account ID, as shown on the My Account page in WatchGuard Cloud. Example: WGC-1-123abc456 or ACC-1234567 |
Request Parameters
When you send a request to this endpoint, you can include these request parameters:
$top
|
Specifies the number of objects to retrieve. Example: 5 |
$skip
|
Bypasses the specified number of objects in the results returned. For example, if you specify 10, the results start at object 11. Example: 5 |
$count
|
Indicates whether to return a counter that shows the total number of objects in the Example: true |
$filter
|
Specifies a filter to retrieve patches. You can combine two or more values with the boolean operators %20And%20 and %20Or%20:
Example: Retrieves missing patches of the Operating System type and Critical severity: |
Example Request
This request retrieves information about missing patches of the Operating System type and Critical severity.
curl -X GET https://api.usa.cloud.watchguard.com/rest/endpoint-security/management/api/v1/accounts/WGC-1-123abc456/patchavailability?$count=true&$filter=26018%20Eq%201%20And%2026003%20Eq%20201
-H 'Accept: application/json'
-H 'Content-Type: application/json'
-H 'WatchGuard-API-Key: s9t7El6RZFg8UcmRhYKdwXqBhyuioiWER83Nqd0tL'
-H 'Authorization: Bearer eyJraWQiOiJNWnpabklNK2V6Q3BXUE5mM2FXTHhoSmEza0ltcEFMbnluT05DcFdIT2tZPSIsImFsZyI6IlJTMjU2In0.eyJzdWIiOiJjNDQyMTJlMi05MmI1LTRiOTYtYTRmNS1lYWRlODA4OTM1YjIiLCJjdXN0b206YXBpX2tleXMiOiJwMHM1UmQzUkF2NlR2d0VuWEx5YUphR2x0ZWtieEFVUzcwVGVzOXlGIiwiaXNzIjoiaHR0cHM6XC9cL2NvZ25pdG8taWRwLnVzLXdlc3QtMi5hbWF6b25hd3MuY29tXC91cy13ZXN0LTJfa3hXeFdrTFZ5IiwiY29nbml0bzp1c2VybmFtZSI6IjAyNjk0OWM1OWI2NzIxOGNfcndfaWQiLCJhdWQiOiIzb3AybDBqazkxN3FudXFoZnVoanRvcXRzZyIsImV2ZW50X2lkIjoiODczM2ZmMjktOGNhMC00ODMyLTg0NzgtMDNiNWIxMDI3NmQ3IiwidG9rZW5fdXNlIjoiaWQiLCJhdXRoX3RpbWUiOjE1NjkzNTM0NDEsIm5hbWUiOiIwMjY5NDljNTliNjcyMThjX3J3X2lkIiwiY3VzdG9tOmFjY291bnRfaWQiOiJBQ0MtMTIzNTA2OCIsImV4cCI6MTU2OTM1NzA0MSwiY3VzdG9tOnJvbGUiOiIxIiwiaWF0IjoxNTY5MzUzNDQxfQ.MUAeG6QyM7Zog8mM--WK2uJVevLRwz8z2KPpGhQbUnHK04Hy_JdO4F4wH6IV0WVENGsBrcjp5boxcBZgdJE46123MGnB0HvghN5IoAZUOkfFPm7SAN68posHqYLoo14YNedc5GtvOzCxTmi9YepvE5LhsoC6Tgyc0e3ABn18gEZsyxmJFcMBHXOMei7AssYSWAdDyoI7j6jZslxmhXj7_h6T9PyqjLxLjFEq5S6oK9u4IVDVBlRxbURaRVAGb7ywfHiZEPDgceV-Wnv0AIhDzj5dL28AmiGIkWtWinF0UD-NSMKN4vtszK2sUWUSl8ZfVNGU650heiAaUAy7XmiqbA'
Example Response
The response contains information about each patch found:
{
"data": [
{
"account_id": "cd6c6dd6-r97o-453d-ld8o-a5976dc0596c",
"site_id": "8b7205bc-60e0-45a0-9956-b17b6a8673f6",
"site_name": "AD360",
"device_id": "18421fc0-285a-41e6-8a67-a8cb400bedd0",
"host_name": "WIN-SERVER-1",
"device_type": 1,
"platform_id": 1,
"patch_management_status": 0,
"custom_group_folder_id": "225b2d1d-3115-428f-951d-1e58992ccd64",
"isolation_state": 1,
"license_status": 0,
"patch_id": "00012594-0000-0000-0000-000000000000",
"patch_name": "Microsoft security advisory: Update for vulnerabilities in Adobe Flash Player in Internet Explorer and Microsoft Edge: October 19, 2015",
"program_name": "Windows 10 (x64)",
"program_version": "6.4",
"patch_release_date": "2015-10-19T00:00:00Z",
"patch_criticality": 301,
"patch_type": 1,
"is_downloadable": true,
"is_allowed_manual_installation": true,
"automatic_reboot": false,
"download_url": "https://download.microsoft.com/download/1/6/D/16DB3B7D-57D0-4E1A-BF24-22BBC4EDBC6A/WSUS-KB2938066-amd64.exe",
"local_filename": "WSUS-KB2938066-amd64.exe",
"patch_installation_availability": 1,
"patch_cve_ids": [
"CVE-2010-3190"
],
"vendor_id": 1,
"family_id": 165,
"version_id": 1166,
"vendor_name": "Microsoft",
"family_name": "Windows"
}
],
"total_items": 1
}
This table lists and describes the data returned in the response:
data
|
Array of patch data. |
account_id
|
Identifier for the account. Example: cd6c6dd6-r97o-453d-ld8o-a5976dc0596c |
site_id
|
Identifier for the site. Example: 8b7205bc-60e0-45a0-9956-b17b6a8673f6 |
site_name
|
Name of the site the device belongs to. Example: AD360 |
device_id
|
Identifier for the device. Example: 18421fc0-285a-41e6-8a67-a8cb400bedd0 |
host_name
|
Host name of the device. Example: WIN-SERVER-1 |
device_type
|
Type of device. This can be one of these values:
Example: 1 |
platform_id
|
Device platform. This can be one of these values:
Example: 1 |
patch_management_status
|
Status of the Patch Management module. This can be one of these values:
Example: 0 |
custom_group_folder_id
|
Identifier of the assigned custom group folder. Example: 225b2d1d-3115-428f-951d-1e58992ccd64 |
isolation_state
|
Isolation status of the device. This can be one of these values:
Example: 1 |
license_status
|
Status of the device license. This can be one of these values:
Example: 0 |
patch_id
|
Identifier of the patch. Example: 00012594-0000-0000-0000-000000000000 |
patch_name
|
Name of the patch. Example: Microsoft security advisory: Update for vulnerabilities in Adobe Flash Player in Internet Explorer and Microsoft Edge: October 19, 2015 |
program_name
|
Name of the program associated with the patch. Example: Windows 10 (x64) |
program_version
|
Version of the program associated with the patch. Example: 6.4 |
patch_release_date
|
Patch release date. |
patch_criticality
|
Patch severity. This can be one of these values:
Example: 301 |
patch_type
|
Patch type. This can be one of these values:
Example: 1 |
is_downloadable
|
Indicates whether the patch is downloadable. This can be one of these values:
Example: true |
is_allowed_manual_installation
|
Indicates whether manual patch installation is allowed. This can be one of these values:
Example: true |
automatic_reboot
|
Indicates whether the patch can perform an automatic reboot. Example: false |
download_url
|
Manual patch download URL (if available). Example: https://download.microsoft.com/download/1/6/D/16DB3B7D-57D0-4E1A-BF24-22BBC4EDBC6A/WSUS-KB2938066-amd64.exe |
local_filename
|
Name of the local patch file (if available). Example: WSUS-KB2938066-amd64.exe |
patch_installation_availability
|
Indicates the patch availability for installation. This can be one of these values:
Example: 1 |
patch_cve_ids
|
List of CVEs associated with the patch (if available). Example: [ "CVE-2010-3190" ] |
vendor_id
|
Numeric identifier of the vendor associated with the patch (if available). Example:1 |
family_id
|
Numeric identifier of the program family associated with the patch (if available). Example: 165 |
version_id
|
Numeric identifier of the program version associated with the patch (if available). Example: 1166 |
vendor_name
|
Name of the vendor associated with the patch. Example: Microsoft |
family_name
|
Name of the program family associated with the patch. Example: Windows |
total_items
|
Total number of retrieved patches. If the Example: 1 |
Retrieve Installed Software
/api/{v1}/accounts/{accountId}/softwareinventory
Retrieves the software installed on the computers on the network.
Path Parameters
When you send a request to this endpoint, you must include these path parameters:
accountId
|
Your WatchGuard Cloud account ID, as shown on the My Account page in WatchGuard Cloud. Example: WGC-1-123abc456 or ACC-1234567 |
Request Parameters
When you send a request to this endpoint, you can include these request parameters:
$top
|
Specifies the number of objects to retrieve. Example: 5 |
$skip
|
Bypasses the specified number of objects in the results returned. For example, if you specify 10, the results start at object 11. Example: 5 |
$count
|
Indicates whether to return a counter that shows the total number of objects in the Example: true |
$filter
|
Specifies a filter to retrieve the software inventory:
Example: Retrieves the software installed on a device named WIN-DESKTOP-3: |
Example Request
This request retrieves the software installed on a device named WIN-DESKTOP-3.
curl -X GET https://api.usa.cloud.watchguard.com/rest/endpoint-security/management/api/v1/accounts/WGC-1-123abc456/softwareinventory?$count=true&$filter=4001%20Eq%20%22WIN-DESKTOP-3%22
-H 'Accept: application/json'
-H 'Content-Type: application/json'
-H 'WatchGuard-API-Key: s9t7El6RZFg8UcmRhYKdwXqBhyuioiWER83Nqd0tL'
-H 'Authorization: Bearer eyJraWQiOiJNWnpabklNK2V6Q3BXUE5mM2FXTHhoSmEza0ltcEFMbnluT05DcFdIT2tZPSIsImFsZyI6IlJTMjU2In0.eyJzdWIiOiJjNDQyMTJlMi05MmI1LTRiOTYtYTRmNS1lYWRlODA4OTM1YjIiLCJjdXN0b206YXBpX2tleXMiOiJwMHM1UmQzUkF2NlR2d0VuWEx5YUphR2x0ZWtieEFVUzcwVGVzOXlGIiwiaXNzIjoiaHR0cHM6XC9cL2NvZ25pdG8taWRwLnVzLXdlc3QtMi5hbWF6b25hd3MuY29tXC91cy13ZXN0LTJfa3hXeFdrTFZ5IiwiY29nbml0bzp1c2VybmFtZSI6IjAyNjk0OWM1OWI2NzIxOGNfcndfaWQiLCJhdWQiOiIzb3AybDBqazkxN3FudXFoZnVoanRvcXRzZyIsImV2ZW50X2lkIjoiODczM2ZmMjktOGNhMC00ODMyLTg0NzgtMDNiNWIxMDI3NmQ3IiwidG9rZW5fdXNlIjoiaWQiLCJhdXRoX3RpbWUiOjE1NjkzNTM0NDEsIm5hbWUiOiIwMjY5NDljNTliNjcyMThjX3J3X2lkIiwiY3VzdG9tOmFjY291bnRfaWQiOiJBQ0MtMTIzNTA2OCIsImV4cCI6MTU2OTM1NzA0MSwiY3VzdG9tOnJvbGUiOiIxIiwiaWF0IjoxNTY5MzUzNDQxfQ.MUAeG6QyM7Zog8mM--WK2uJVevLRwz8z2KPpGhQbUnHK04Hy_JdO4F4wH6IV0WVENGsBrcjp5boxcBZgdJE46123MGnB0HvghN5IoAZUOkfFPm7SAN68posHqYLoo14YNedc5GtvOzCxTmi9YepvE5LhsoC6Tgyc0e3ABn18gEZsyxmJFcMBHXOMei7AssYSWAdDyoI7j6jZslxmhXj7_h6T9PyqjLxLjFEq5S6oK9u4IVDVBlRxbURaRVAGb7ywfHiZEPDgceV-Wnv0AIhDzj5dL28AmiGIkWtWinF0UD-NSMKN4vtszK2sUWUSl8ZfVNGU650heiAaUAy7XmiqbA'
Example Response
The response contains information about each program found on the device:
{
"data": [
{
"site_id": "8b7205bc-60e0-45a0-9956-b17b6a8673f6",
"site_name": "AD360",
"device_id": "18421fc0-285a-41e6-8a67-a8cb400bedd0",
"host_name": "WIN-DESKTOP-3",
"description": null,
"device_type": 1,
"platform_id": 1,
"ip_address": "192.168.0.66",
"domain": "WORKGROUP",
"operating_system": "Windows 10 Pro (Version: 21H1) (Build: 14393.693)",
"custom_group_folder_id": "225b2d1d-3115-428f-951d-1e58992ccd64",
"name": "Mozilla Firefox 36.0.1 (x86 en-GB)",
"publisher": "Mozilla",
"version": "36.0.1",
"size": 85687,
"installation_date": "2022-03-03T15:24:52.202Z",
"is_patch": false
}
],
"total_items": 1
}
This table lists and describes the data returned in the response:
data
|
Array with information about the software installed on the device. |
site_id
|
Identifier for the site. Example: 8b7205bc-60e0-45a0-9956-b17b6a8673f6 |
site_name
|
Name of the site the device belongs to. Example: AD360 |
device_id
|
Identifier for the device. Example: 18421fc0-285a-41e6-8a67-a8cb400bedd0 |
host_name
|
Host name of the device. Example: WIN-DESKTOP-3 |
description
|
Description of the device. |
device_type
|
Type of device. This can be one of these values:
Example: 1 |
platform_id
|
Device platform. This can be one of these values:
Example: 1 |
ip_address
|
IP address of the device. Example: 192.168.0.66 |
domain
|
Domain where your devices belong on Microsoft networks. Example: WORKGROUP |
operating_system
|
Name of the operating system installed on the device. Example: Windows 10 Pro (Version: 21H1) (Build: 14393.693) |
custom_group_folder_id
|
Identifier of the assigned custom group folder. Example: 225b2d1d-3115-428f-951d-1e58992ccd64 |
name
|
Name of the software installed on the device. Example: Mozilla Firefox 36.0.1 (x86 en-GB) |
publisher
|
Software vendor name. Example: Mozilla |
version
|
Version of the software installed on the device. Example: 36.0.1 |
size
|
Size in bytes of the software installed on the device (if available). Example: 85687 |
installation_date
|
Software installation date (if available). Example: 2022-03-03T15:24:52.202Z |
is_patch
|
Indicates whether the software is a patch. Example: false |
total_items
|
Total number of retrieved software programs. If the Example: 1 |
Retrieve BIOS Information
/api/{v1}/accounts/{accountId}/devices/{deviceId}/hardwareinventory
Retrieves the characteristics of a device BIOS.
Path Parameters
When you send a request to this endpoint, you must include these path parameters:
accountId
|
Your WatchGuard Cloud account ID, as shown on the My Account page in WatchGuard Cloud. Example: WGC-1-123abc456 or ACC-1234567 |
deviceId
|
Identifier of the device. Example: 287324d8-194f-4f5a-a7ad-e2480d5ad1b3 |
Example Request
This request retrieves information about a device BIOS.
curl -X GET https://api.usa.cloud.watchguard.com/rest/endpoint-security/management/api/v1/accounts/WGC-1-123abc456/devices/287324d8-194f-4f5a-a7ad-e2480d5ad1b3/hardwareinventory
-H 'Accept: application/json'
-H 'Content-Type: application/json'
-H 'WatchGuard-API-Key: s9t7El6RZFg8UcmRhYKdwXqBhyuioiWER83Nqd0tL'
-H 'Authorization: Bearer eyJraWQiOiJNWnpabklNK2V6Q3BXUE5mM2FXTHhoSmEza0ltcEFMbnluT05DcFdIT2tZPSIsImFsZyI6IlJTMjU2In0.eyJzdWIiOiJjNDQyMTJlMi05MmI1LTRiOTYtYTRmNS1lYWRlODA4OTM1YjIiLCJjdXN0b206YXBpX2tleXMiOiJwMHM1UmQzUkF2NlR2d0VuWEx5YUphR2x0ZWtieEFVUzcwVGVzOXlGIiwiaXNzIjoiaHR0cHM6XC9cL2NvZ25pdG8taWRwLnVzLXdlc3QtMi5hbWF6b25hd3MuY29tXC91cy13ZXN0LTJfa3hXeFdrTFZ5IiwiY29nbml0bzp1c2VybmFtZSI6IjAyNjk0OWM1OWI2NzIxOGNfcndfaWQiLCJhdWQiOiIzb3AybDBqazkxN3FudXFoZnVoanRvcXRzZyIsImV2ZW50X2lkIjoiODczM2ZmMjktOGNhMC00ODMyLTg0NzgtMDNiNWIxMDI3NmQ3IiwidG9rZW5fdXNlIjoiaWQiLCJhdXRoX3RpbWUiOjE1NjkzNTM0NDEsIm5hbWUiOiIwMjY5NDljNTliNjcyMThjX3J3X2lkIiwiY3VzdG9tOmFjY291bnRfaWQiOiJBQ0MtMTIzNTA2OCIsImV4cCI6MTU2OTM1NzA0MSwiY3VzdG9tOnJvbGUiOiIxIiwiaWF0IjoxNTY5MzUzNDQxfQ.MUAeG6QyM7Zog8mM--WK2uJVevLRwz8z2KPpGhQbUnHK04Hy_JdO4F4wH6IV0WVENGsBrcjp5boxcBZgdJE46123MGnB0HvghN5IoAZUOkfFPm7SAN68posHqYLoo14YNedc5GtvOzCxTmi9YepvE5LhsoC6Tgyc0e3ABn18gEZsyxmJFcMBHXOMei7AssYSWAdDyoI7j6jZslxmhXj7_h6T9PyqjLxLjFEq5S6oK9u4IVDVBlRxbURaRVAGb7ywfHiZEPDgceV-Wnv0AIhDzj5dL28AmiGIkWtWinF0UD-NSMKN4vtszK2sUWUSl8ZfVNGU650heiAaUAy7XmiqbA'
Example Response
The response returns information about the device BIOS vendor, release date, and version:
{
"bios": [
{
"name": "L01 v02.33",
"manufacturer": "Hewlett-Packard",
"version": "HPQOEM - 20140715); L01 v02.33); American Megatrends - 4028E);",
"serial_number": "CZC4462KD8",
"release_date": "2015-05-22T07:11:20.994Z"
}
]
}
This table lists and describes the data returned in the response:
bios
|
Array with the BIOS data. |
name
|
BIOS name. Example: 8b7205bc-60e0-45a0-9956-b17b6a8673f6 |
manufacturer
|
BIOS vendor name. Example: AD360 |
version
|
BIOS software version. Example: 18421fc0-285a-41e6-8a67-a8cb400bedd0 |
serial_number
|
BIOS serial number. Example: WIN-DESKTOP-3 |
release_date
|
BIOS release date (if available). Example: 2015-05-22T07:11:20.994Z |
Retrieve Tasks
/api/v1/accounts/{accountId}/tasks
Retrieves a list of all tasks created.
Path Parameters
When you send a request to this endpoint, you must include these path parameters:
accountId
|
Your WatchGuard Cloud account ID, as shown on the My Account page in WatchGuard Cloud. Example: WGC-1-123abc456 or ACC-1234567 |
Request Parameters
When you send a request to this endpoint, you can include these request parameters:
$top
|
Specifies the number of objects to retrieve. Example: 5 |
$skip
|
Bypasses the specified number of objects in the results returned. For example, if you specify 10, the results start at object 11. Example: 5 |
$count
|
Indicates whether to return a counter that shows the total number of objects in the Example: true |
$filter
|
Specifies a filter to retrieve the task list. You can combine two or more values with the boolean operators %20And%20 and %20Or%20:
Example: Retrieves all immediate tasks: |
Example Request
This request retrieves information about immediate tasks.
curl -X GET https://api.usa.cloud.watchguard.com/rest/endpoint-security/management/api/v1/accounts/WGC-1-123abc456/tasks?$count=true&$filter=41004%20Eq%201
-H 'Accept: application/json'
-H 'Content-Type: application/json'
-H 'WatchGuard-API-Key: s9t7El6RZFg8UcmRhYKdwXqBhyuioiWER83Nqd0tL'
-H 'Authorization: Bearer eyJraWQiOiJNWnpabklNK2V6Q3BXUE5mM2FXTHhoSmEza0ltcEFMbnluT05DcFdIT2tZPSIsImFsZyI6IlJTMjU2In0.eyJzdWIiOiJjNDQyMTJlMi05MmI1LTRiOTYtYTRmNS1lYWRlODA4OTM1YjIiLCJjdXN0b206YXBpX2tleXMiOiJwMHM1UmQzUkF2NlR2d0VuWEx5YUphR2x0ZWtieEFVUzcwVGVzOXlGIiwiaXNzIjoiaHR0cHM6XC9cL2NvZ25pdG8taWRwLnVzLXdlc3QtMi5hbWF6b25hd3MuY29tXC91cy13ZXN0LTJfa3hXeFdrTFZ5IiwiY29nbml0bzp1c2VybmFtZSI6IjAyNjk0OWM1OWI2NzIxOGNfcndfaWQiLCJhdWQiOiIzb3AybDBqazkxN3FudXFoZnVoanRvcXRzZyIsImV2ZW50X2lkIjoiODczM2ZmMjktOGNhMC00ODMyLTg0NzgtMDNiNWIxMDI3NmQ3IiwidG9rZW5fdXNlIjoiaWQiLCJhdXRoX3RpbWUiOjE1NjkzNTM0NDEsIm5hbWUiOiIwMjY5NDljNTliNjcyMThjX3J3X2lkIiwiY3VzdG9tOmFjY291bnRfaWQiOiJBQ0MtMTIzNTA2OCIsImV4cCI6MTU2OTM1NzA0MSwiY3VzdG9tOnJvbGUiOiIxIiwiaWF0IjoxNTY5MzUzNDQxfQ.MUAeG6QyM7Zog8mM--WK2uJVevLRwz8z2KPpGhQbUnHK04Hy_JdO4F4wH6IV0WVENGsBrcjp5boxcBZgdJE46123MGnB0HvghN5IoAZUOkfFPm7SAN68posHqYLoo14YNedc5GtvOzCxTmi9YepvE5LhsoC6Tgyc0e3ABn18gEZsyxmJFcMBHXOMei7AssYSWAdDyoI7j6jZslxmhXj7_h6T9PyqjLxLjFEq5S6oK9u4IVDVBlRxbURaRVAGb7ywfHiZEPDgceV-Wnv0AIhDzj5dL28AmiGIkWtWinF0UD-NSMKN4vtszK2sUWUSl8ZfVNGU650heiAaUAy7XmiqbA'
Example Response
The response returns information about each task found:
{
"data": [
{
"account_id": "cd6c6dd6-r97o-453d-ld8o-a5976dc0596c",
"id": "1530df10-0a9a-46bb-b8ab-aec2d0d8b9a3",
"name": "Test API 01",
"description": "Scan task created from API",
"type": 1,
"status": {
"enabled": true,
"delivery_state": 2,
"last_job_date": null
},
"schedule": {
"type": 1,
"start_date": "12a345a6-a789-0123-a4aa-56a7890a12a3",
"is_local_time": false,
"recurrence": {
"Type": 2,
"Frequency": 1,
"DaysOfWeek": [1, 2, 3, 4, 5]
},
"execution_timeout": null,
"execution_window": 1,
"execution_window_expiration": "600.00:00:00",
"publish_date": "2015-10-19T00:00:00Z"
},
"can_be_deleted": false,
"can_be_copied": true,
"can_access_to_detailed_view": true,
"scope_type": 1
}
],
"total_items": 1
}
This table lists and describes the data returned in the response:
data
|
Array of task data. |
account_id
|
Identifier for the account. Example: cd6c6dd6-r97o-453d-ld8o-a5976dc0596c |
id
|
Identifier of the task. Example: 1530df10-0a9a-46bb-b8ab-aec2d0d8b9a3 |
name
|
Name of the task. Example: Test API 01 |
description
|
Description of the task. Example: Scan task created from API |
type
|
Type of task. This can be one of these values:
Example: 1 |
status
|
Status of the task. |
enabled
|
Indicates whether the task is enabled or not. Example: true |
delivery_state
|
Delivery status of the task. This can be one of these values:
Example: 1 |
last_job_date
|
Date of the last update of a job associated with the task. Example: 2023-06-11T12:00:00Z |
schedule
|
Task schedule details. |
type
|
Type of schedule. This can be one of these values:
Example: 1 |
start_date
|
Start date of the schedule. Example: 2023-06-11T12:00:00Z |
is_local_time
|
Indicates whether the date is local. Example: false |
recurrence
|
Task recurrence pattern. |
type
|
Type of recurrence. This can be one of these values:
Example: 1 |
frequency
|
Number of executions of the scheduled task. Example: 3 |
days_of_week
|
List of days of the week the task is scheduled for. 0=Sunday, 1=Monday, 2=Tuesday, 3=Wednesday, 4=Thursday, 5=Friday, 6=Saturday. Example: [3,6] |
week_of_month
|
Week in the month the task is scheduled for (optional). This can be one of these values:
Example: 1 |
date_of_month
|
Days of the month the task is scheduled for. 1=Day one, 2=Day two..., 30=Day thirty, 31=Day thirty one. Example: [23,25] |
month_of_year
|
Months of the year the task is scheduled for. 0=Every month,1=January...,12=December. Example: 1 |
execution_timeout
|
Specifies how long the task can run from the time it starts. Example: 1.07:06:05 indicates 1 day, 7 hours, 6 minutes, and 5 seconds. |
execution_window
|
Execution window for the scheduled task. This can be one of these values:
Example: 1 |
execution_window_expiration
|
Maximum wait time for the task to start if the target device is not available. Example: 3.07:06:05 indicates 3 days, 7 hours, 6 minutes, and 5 seconds. |
publish_date
|
Publication date for the scheduled task. Example: 2023-06-21T11:00:00Z |
can_be_deleted
|
Indicates whether the task can be deleted. Example: false |
can_be_copied
|
Indicates whether the task can be copied. Example: true |
can_access_to_detailed_view
|
Indicates whether the task can access a detailed view. Example: true |
scope_type
|
Indicates the scope of the task. This can be one of these values:
Example: 1 |
total_items
|
Total number of retrieved tasks. If the Example: 1 |
Retrieve Task Repetitions
/api/v1/accounts/{accountId}/tasks/{type}/{taskId}/jobs
Retrieves task repetitions for a specific task.
Path Parameters
When you send a request to this endpoint, you must include these path parameters:
accountId
|
Your WatchGuard Cloud account ID, as shown on the My Account page in WatchGuard Cloud. Example: WGC-1-123abc456 or ACC-1234567 |
type
|
Type of task. This can be one of these values:
Example: 1 |
taskId
|
Task unique identifier. Example: 287324d8-194f-4f5a-a7ad-e2480d5ad1b |
Example Request
This request retrieves information about antimalware task repetitions for a specific task.
curl -X GET https://api.usa.cloud.watchguard.com/rest/endpoint-security/management/api/v1/accounts/WGC-1-123abc456/tasks/1/68ce953a-b590-44d0-a9fa-34d224c9b5e7/jobs
-H 'Accept: application/json'
-H 'Content-Type: application/json'
-H 'WatchGuard-API-Key: s9t7El6RZFg8UcmRhYKdwXqBhyuioiWER83Nqd0tL'
-H 'Authorization: Bearer eyJraWQiOiJNWnpabklNK2V6Q3BXUE5mM2FXTHhoSmEza0ltcEFMbnluT05DcFdIT2tZPSIsImFsZyI6IlJTMjU2In0.eyJzdWIiOiJjNDQyMTJlMi05MmI1LTRiOTYtYTRmNS1lYWRlODA4OTM1YjIiLCJjdXN0b206YXBpX2tleXMiOiJwMHM1UmQzUkF2NlR2d0VuWEx5YUphR2x0ZWtieEFVUzcwVGVzOXlGIiwiaXNzIjoiaHR0cHM6XC9cL2NvZ25pdG8taWRwLnVzLXdlc3QtMi5hbWF6b25hd3MuY29tXC91cy13ZXN0LTJfa3hXeFdrTFZ5IiwiY29nbml0bzp1c2VybmFtZSI6IjAyNjk0OWM1OWI2NzIxOGNfcndfaWQiLCJhdWQiOiIzb3AybDBqazkxN3FudXFoZnVoanRvcXRzZyIsImV2ZW50X2lkIjoiODczM2ZmMjktOGNhMC00ODMyLTg0NzgtMDNiNWIxMDI3NmQ3IiwidG9rZW5fdXNlIjoiaWQiLCJhdXRoX3RpbWUiOjE1NjkzNTM0NDEsIm5hbWUiOiIwMjY5NDljNTliNjcyMThjX3J3X2lkIiwiY3VzdG9tOmFjY291bnRfaWQiOiJBQ0MtMTIzNTA2OCIsImV4cCI6MTU2OTM1NzA0MSwiY3VzdG9tOnJvbGUiOiIxIiwiaWF0IjoxNTY5MzUzNDQxfQ.MUAeG6QyM7Zog8mM--WK2uJVevLRwz8z2KPpGhQbUnHK04Hy_JdO4F4wH6IV0WVENGsBrcjp5boxcBZgdJE46123MGnB0HvghN5IoAZUOkfFPm7SAN68posHqYLoo14YNedc5GtvOzCxTmi9YepvE5LhsoC6Tgyc0e3ABn18gEZsyxmJFcMBHXOMei7AssYSWAdDyoI7j6jZslxmhXj7_h6T9PyqjLxLjFEq5S6oK9u4IVDVBlRxbURaRVAGb7ywfHiZEPDgceV-Wnv0AIhDzj5dL28AmiGIkWtWinF0UD-NSMKN4vtszK2sUWUSl8ZfVNGU650heiAaUAy7XmiqbA'
Example Response
The response includes details of the task repetitions:
[
{
"id": "20230517153644",
"date": "2023-05-17T15:36:44Z",
"affected_items": 0,
"is_local_time": false
}
]
This table lists and describes the data returned in the response:
array
|
Array of task repetition data. |
id
|
Identifier of the task repetition. Example: 20230517153644 |
date
|
Task repetition date. Example: 2023-05-17T15:36:44Z |
affected_items
|
Number of items affected by the repeated task. Example: 0 |
is_local_time
|
Indicates whether the repetition date is local. Example: Scan task created from API |
Retrieve Task Status
/api/v1/accounts/{accountId}/tasks/{type}/{taskId}/jobs/{jobId}/status
Retrieves the status of task repetitions for a specific task.
Path Parameters
When you send a request to this endpoint, you must include these path parameters:
accountId
|
Your WatchGuard Cloud account ID, as shown on the My Account page in WatchGuard Cloud. Example: WGC-1-123abc456 or ACC-1234567 |
type
|
Type of task. This can be one of these values:
Example: 1 |
taskId
|
Unique identifier of the task. Example: 287324d8-194f-4f5a-a7ad-e2480d5ad1b |
jobId
|
Identifier of the task specific repetition. Example : 20230615000000 |
Request Parameters
When you send a request to this endpoint, you can include these request parameters:
$top
|
Specifies the number of objects to retrieve. Example: 5 |
$skip
|
Bypasses the specified number of objects in the results returned. For example, if you specify 10, the results start at object 11. Example: 5 |
$count
|
Indicates whether to return a counter that shows the total number of objects in the Example: true |
$filter
|
Specifies a filter to retrieve the status of task repetitions for a specific task. You can combine two or more values with the boolean operators %20And%20 and %20Or%20:
Example: Retrieves repetitions in Pending status: |
Example Request
This request retrieves information about repetitions in Pending status for a specific task.
curl -X GET https://api.usa.cloud.watchguard.com/rest/endpoint-security/management/api/v1/accounts/WGC-1-123abc456/tasks/1/68ce953a-b590-44d0-a9fa-34d224c9b5e7/jobs/20230227000000/status?$count=true
-H 'Accept: application/json'
-H 'Content-Type: application/json'
-H 'WatchGuard-API-Key: s9t7El6RZFg8UcmRhYKdwXqBhyuioiWER83Nqd0tL'
-H 'Authorization: Bearer eyJraWQiOiJNWnpabklNK2V6Q3BXUE5mM2FXTHhoSmEza0ltcEFMbnluT05DcFdIT2tZPSIsImFsZyI6IlJTMjU2In0.eyJzdWIiOiJjNDQyMTJlMi05MmI1LTRiOTYtYTRmNS1lYWRlODA4OTM1YjIiLCJjdXN0b206YXBpX2tleXMiOiJwMHM1UmQzUkF2NlR2d0VuWEx5YUphR2x0ZWtieEFVUzcwVGVzOXlGIiwiaXNzIjoiaHR0cHM6XC9cL2NvZ25pdG8taWRwLnVzLXdlc3QtMi5hbWF6b25hd3MuY29tXC91cy13ZXN0LTJfa3hXeFdrTFZ5IiwiY29nbml0bzp1c2VybmFtZSI6IjAyNjk0OWM1OWI2NzIxOGNfcndfaWQiLCJhdWQiOiIzb3AybDBqazkxN3FudXFoZnVoanRvcXRzZyIsImV2ZW50X2lkIjoiODczM2ZmMjktOGNhMC00ODMyLTg0NzgtMDNiNWIxMDI3NmQ3IiwidG9rZW5fdXNlIjoiaWQiLCJhdXRoX3RpbWUiOjE1NjkzNTM0NDEsIm5hbWUiOiIwMjY5NDljNTliNjcyMThjX3J3X2lkIiwiY3VzdG9tOmFjY291bnRfaWQiOiJBQ0MtMTIzNTA2OCIsImV4cCI6MTU2OTM1NzA0MSwiY3VzdG9tOnJvbGUiOiIxIiwiaWF0IjoxNTY5MzUzNDQxfQ.MUAeG6QyM7Zog8mM--WK2uJVevLRwz8z2KPpGhQbUnHK04Hy_JdO4F4wH6IV0WVENGsBrcjp5boxcBZgdJE46123MGnB0HvghN5IoAZUOkfFPm7SAN68posHqYLoo14YNedc5GtvOzCxTmi9YepvE5LhsoC6Tgyc0e3ABn18gEZsyxmJFcMBHXOMei7AssYSWAdDyoI7j6jZslxmhXj7_h6T9PyqjLxLjFEq5S6oK9u4IVDVBlRxbURaRVAGb7ywfHiZEPDgceV-Wnv0AIhDzj5dL28AmiGIkWtWinF0UD-NSMKN4vtszK2sUWUSl8ZfVNGU650heiAaUAy7XmiqbA'
Example Response
The response returns information about each repetition found:
{
"data": [
{
"site_id": "8b7205bc-60e0-45a0-9956-b17b6a8673f6",
"site_name": "AD360",
"device_id": "18421fc0-285a-41e6-8a67-a8cb400bedd0",
"host_name": "WIN-DESKTOP-3",
"device_type": 3,
"ip_address": "192.168.0.66",
"status": 2,
"affected_items": 3,
"start_time": "2023-02-27T00:03:06Z",
"finish_time": "2023-02-27T00:05:11Z" }
],
"total_items": 1
}
This table lists and describes the data returned in the response:
data
|
Array of repetition data. |
site_id
|
Identifier for the site. Example: 8b7205bc-60e0-45a0-9956-b17b6a8673f6 |
site_name
|
Name of the site the device belongs to. Example: AD360 |
device_id
|
Identifier for the device. Example: 18421fc0-285a-41e6-8a67-a8cb400bedd0 |
host_name
|
Host name of the device. Example: WIN-DESKTOP-3 |
device_type
|
Type of device. This can be one of these values:
Example: 1 |
ip_address
|
IP address of the device. Example: 192.168.0.66 |
status
|
Status of the task repetition. This can be one of these values.
Example: 2 |
affected_items
|
Number of items affected by the repeated task. Example: 3 |
start_time
|
Start date for the repeated task. Example: 2023-06-15T12:00:00Z |
finish_time
|
End date for the repeated task. Example: 2023-06-16T18:00:00Z |
total_items
|
Total number of retrieved repetitions. If the Example: 1 |
Retrieve Task Results
/api/v1/accounts/{accountId}/tasks/{type}/{taskId}/jobs/{jobId}/results
Retrieves the results of a specific task repetition.
Path Parameters
When you send a request to this endpoint, you must include these path parameters:
accountId
|
Your WatchGuard Cloud account ID, as shown on the My Account page in WatchGuard Cloud. Example: WGC-1-123abc456 or ACC-1234567 |
type
|
Type of task. This can be one of these values:
Example: 1 |
taskId
|
Unique identifier of the task. Example: 287324d8-194f-4f5a-a7ad-e2480d5ad1b |
jobId
|
Identifier of the specific task repetition. Example : 20230615000000 |
Request Parameters
When you send a request to this endpoint, you can include these request parameters:
$top
|
Specifies the number of objects to retrieve. Example: 5 |
$skip
|
Bypasses the specified number of objects in the results returned. For example, if you specify 10, the results start at object 11. Example: 5 |
Example Request
This request retrieves the results of a specific task repetition.
curl -X GET https://api.usa.cloud.watchguard.com/rest/endpoint-security/management/api/v1/accounts/WGC-1-123abc456/tasks/1/68ce953a-b590-44d0-a9fa-34d224c9b5e7/jobs/20230227000000/results
-H 'Accept: application/json'
-H 'Content-Type: application/json'
-H 'WatchGuard-API-Key: s9t7El6RZFg8UcmRhYKdwXqBhyuioiWER83Nqd0tL'
-H 'Authorization: Bearer eyJraWQiOiJNWnpabklNK2V6Q3BXUE5mM2FXTHhoSmEza0ltcEFMbnluT05DcFdIT2tZPSIsImFsZyI6IlJTMjU2In0.eyJzdWIiOiJjNDQyMTJlMi05MmI1LTRiOTYtYTRmNS1lYWRlODA4OTM1YjIiLCJjdXN0b206YXBpX2tleXMiOiJwMHM1UmQzUkF2NlR2d0VuWEx5YUphR2x0ZWtieEFVUzcwVGVzOXlGIiwiaXNzIjoiaHR0cHM6XC9cL2NvZ25pdG8taWRwLnVzLXdlc3QtMi5hbWF6b25hd3MuY29tXC91cy13ZXN0LTJfa3hXeFdrTFZ5IiwiY29nbml0bzp1c2VybmFtZSI6IjAyNjk0OWM1OWI2NzIxOGNfcndfaWQiLCJhdWQiOiIzb3AybDBqazkxN3FudXFoZnVoanRvcXRzZyIsImV2ZW50X2lkIjoiODczM2ZmMjktOGNhMC00ODMyLTg0NzgtMDNiNWIxMDI3NmQ3IiwidG9rZW5fdXNlIjoiaWQiLCJhdXRoX3RpbWUiOjE1NjkzNTM0NDEsIm5hbWUiOiIwMjY5NDljNTliNjcyMThjX3J3X2lkIiwiY3VzdG9tOmFjY291bnRfaWQiOiJBQ0MtMTIzNTA2OCIsImV4cCI6MTU2OTM1NzA0MSwiY3VzdG9tOnJvbGUiOiIxIiwiaWF0IjoxNTY5MzUzNDQxfQ.MUAeG6QyM7Zog8mM--WK2uJVevLRwz8z2KPpGhQbUnHK04Hy_JdO4F4wH6IV0WVENGsBrcjp5boxcBZgdJE46123MGnB0HvghN5IoAZUOkfFPm7SAN68posHqYLoo14YNedc5GtvOzCxTmi9YepvE5LhsoC6Tgyc0e3ABn18gEZsyxmJFcMBHXOMei7AssYSWAdDyoI7j6jZslxmhXj7_h6T9PyqjLxLjFEq5S6oK9u4IVDVBlRxbURaRVAGb7ywfHiZEPDgceV-Wnv0AIhDzj5dL28AmiGIkWtWinF0UD-NSMKN4vtszK2sUWUSl8ZfVNGU650heiAaUAy7XmiqbA'
Example Response
The response returns information about the task repetition:
{
"data": [
{
"device_id": "18421fc0-285a-41e6-8a67-a8cb400bedd0",
"host_name": "WIN-DESKTOP-3",
"device_type": 3,
"ip_address": "192.168.0.66",
"date": "2023-06-25T12:00:00Z",
"malware_info": {
"malware_category": 2,
"path": "C:\\Documents\\AAABC_dc9354c9H.zip",
"number_of_occurrences": 1
}
"patch_info": null,
"ioc_info": null
}
],
"total_items": 1
}
This table lists and describes the data returned in the response:
data
|
Array with information about the repeated task. |
device_id
|
Identifier for the device. Example: 18421fc0-285a-41e6-8a67-a8cb400bedd0 |
host_name
|
Host name of the device. Example: WIN-DESKTOP-3 |
device_type
|
Type of device. This can be one of these values:
Example: 1 |
ip_address
|
IP address of the device. Example: 192.168.0.66 |
date
|
Task results date. Example: 2023-06-25T12:00:00Z |
malware_info
|
Additional information for antimalware scan tasks and malware disinfection tasks. |
malware_category
|
Malware category in antivirus detections. This can be one of these values:
Example: 4 |
path
|
Path where the malware was detected. Example: C:\\Documents\\AAABC_dc9354c9H.zip |
number_of_occurrences
|
Number of occurrences in antivirus detections. Example: 1 |
patch_info
|
Additional information for patch installation tasks and patch uninstallation tasks. |
patch_name
|
Name of the patch. Example: Quality Rollup for .NET Framework 4.6, 4.6.1, 4.6.2, and 4.7 for Windows 7 SP1, Windows Server 2008 R2 SP1 and Windows Server 2008 SP2 |
product_name
|
Name of the product associated with the patch. Example: .NET Framework 4.7 (x64) |
product_version
|
Version of the product associated with the patch Example: 4.7 |
criticality
|
Patch severity. This can be one of these values:
Example: 301 |
installation_date
|
Date when the patch was installed. Example: 2023-06-25T12:00:00Z |
result
|
Result of the patch operation performed. This can be one of these values:
Example: 1 |
ioc_info
|
Additional information for IOC search tasks. |
ioc_name
|
Name of the IOC associated with the result of the task. Example: Search based on domain |
ioc_description
|
Description of the IOC associated with the result of the task. Example: Approved: Domain rule description |
total_items
|
Count is not supported. Currently, null is always displayed in this field. Example: null |
Retrieve Task Details
/api/v1/accounts/{accountId}/taskdetails/{type}/{taskId}
Retrieves the details of a specific task.
Path Parameters
When you send a request to this endpoint, you must include these path parameters:
accountId
|
Your WatchGuard Cloud account ID, as shown on the My Account page in WatchGuard Cloud. Example: WGC-1-123abc456 or ACC-1234567 |
type
|
Type of task. This can be one of these values:
Example: 1 |
taskId
|
Unique identifier of the task. Example: 287324d8-194f-4f5a-a7ad-e2480d5ad1b |
Example Request
This request retrieves information about a specific task.
curl -X GET https://api.usa.cloud.watchguard.com/rest/endpoint-security/management/api/v1/accounts/WGC-1-123abc456/taskdetails/1/75541a26-729b-4d54-ab80-262339ffbaa7
-H 'Accept: application/json'
-H 'Content-Type: application/json'
-H 'WatchGuard-API-Key: s9t7El6RZFg8UcmRhYKdwXqBhyuioiWER83Nqd0tL'
-H 'Authorization: Bearer eyJraWQiOiJNWnpabklNK2V6Q3BXUE5mM2FXTHhoSmEza0ltcEFMbnluT05DcFdIT2tZPSIsImFsZyI6IlJTMjU2In0.eyJzdWIiOiJjNDQyMTJlMi05MmI1LTRiOTYtYTRmNS1lYWRlODA4OTM1YjIiLCJjdXN0b206YXBpX2tleXMiOiJwMHM1UmQzUkF2NlR2d0VuWEx5YUphR2x0ZWtieEFVUzcwVGVzOXlGIiwiaXNzIjoiaHR0cHM6XC9cL2NvZ25pdG8taWRwLnVzLXdlc3QtMi5hbWF6b25hd3MuY29tXC91cy13ZXN0LTJfa3hXeFdrTFZ5IiwiY29nbml0bzp1c2VybmFtZSI6IjAyNjk0OWM1OWI2NzIxOGNfcndfaWQiLCJhdWQiOiIzb3AybDBqazkxN3FudXFoZnVoanRvcXRzZyIsImV2ZW50X2lkIjoiODczM2ZmMjktOGNhMC00ODMyLTg0NzgtMDNiNWIxMDI3NmQ3IiwidG9rZW5fdXNlIjoiaWQiLCJhdXRoX3RpbWUiOjE1NjkzNTM0NDEsIm5hbWUiOiIwMjY5NDljNTliNjcyMThjX3J3X2lkIiwiY3VzdG9tOmFjY291bnRfaWQiOiJBQ0MtMTIzNTA2OCIsImV4cCI6MTU2OTM1NzA0MSwiY3VzdG9tOnJvbGUiOiIxIiwiaWF0IjoxNTY5MzUzNDQxfQ.MUAeG6QyM7Zog8mM--WK2uJVevLRwz8z2KPpGhQbUnHK04Hy_JdO4F4wH6IV0WVENGsBrcjp5boxcBZgdJE46123MGnB0HvghN5IoAZUOkfFPm7SAN68posHqYLoo14YNedc5GtvOzCxTmi9YepvE5LhsoC6Tgyc0e3ABn18gEZsyxmJFcMBHXOMei7AssYSWAdDyoI7j6jZslxmhXj7_h6T9PyqjLxLjFEq5S6oK9u4IVDVBlRxbURaRVAGb7ywfHiZEPDgceV-Wnv0AIhDzj5dL28AmiGIkWtWinF0UD-NSMKN4vtszK2sUWUSl8ZfVNGU650heiAaUAy7XmiqbA'
Example Response
The response contains the task details.
{
"account_id": "cd6c6dd6-r97o-453d-ld8o-a5976dc0596c",
"id": "1530df10-0a9a-46bb-b8ab-aec2d0d8b9a3",
"name": "Test API 01",
"description": "Scan task created from API",
"type": 6,
"status": {
"enabled": true,
"delivery_state": 2,
"last_job_date": "2023-02-27T00:08:28.184Z"
},
"schedule": {
"type": 2,
"start_date": "2023-06-11T12:00:00Z",
"is_local_time": true,
"recurrence": {
"Type": 2,
"Frequency": 1,
"DaysOfWeek": [1, 2, 3, 4, 5]
},
"execution_timeout": "02:00:00",
"execution_window": 1,
"execution_window_expiration": "02:00:00",
"publish_date": "2015-10-19T00:00:00Z"
},
"scope_type": 1,
"can_be_deleted": true,
"can_be_copied": true,
"can_access_to_detailed_view": true,
"antimalware_scan_task_action": {
"targets": {
"type": 2,
"items": [
"c:\\mw"
],
"compressed_files": true
},
"malware_to_detect": {
"viruses": true,
"hacking_tools_and_pups": true,
"suspicious": false
},
"exclusions": {
"apply_exclusions_of_resident_protection": true,
"extensions": [
".xls"
],
"folders": [],
"files": []
}
},
"patch_installation_task_action": null,
"patch_uninstallation_task_action": null,
"ioc_definition_scan_task_action": null,
"recipients": {
"devices": [
{
"device_id": "9b86334c-57ca-4440-9d71-0fb967bf873f"
},
{
"device_id": "95a6d34c-5585-415c-9603-891576e0bfaa"
}
],
"custom_group_folders": ["287324d8-194f-4f5a-a7ad-e2480d5ad1b2"]
"device_types": [
1,
2,
3,
4
]
}
}
This table lists and describes the data returned in the response:
account_id
|
Identifier for the account. Example: 8b7205bc-60e0-45a0-9956-b17b6a8673f6 |
id
|
Identifier of the task. Example: 1530df10-0a9a-46bb-b8ab-aec2d0d8b9a3 |
name
|
Name of the task. Example: Test API 01 |
description
|
Description of the task. Example: WIN-DESKTOP-3 |
type
|
Type of task. This can be one of these values:
Example: 1 |
status
|
Status of the task. |
enabled
|
Indicates whether the task is enabled or not. Example: true |
delivery_state
|
Delivery status of the task. This can be one of these values:
|
last_job_date
|
Date of the last update of a repetition associated with the task. Example: 2023-06-11T12:00:00Z |
schedule
|
Task schedule details. |
type
|
Type of schedule. This can be one of these values:
Example: 3 |
start_date
|
Start date of the schedule. Example: 2023-06-11T12:00:00Z |
is_local_time
|
Indicates whether the date is local. Example: false |
recurrence
|
Task recurrence pattern. |
type
|
Type of recurrence. This can be one of these values:
Example: 1 |
frequency
|
Number of executions of the scheduled task. Example: 3 |
days_of_week
|
List of days of the week the task is scheduled for. 0=Sunday, 1=Monday, 2=Tuesday, 3=Wednesday, 4=Thursday, 5=Friday, 6=Saturday. Example: [3,6] |
week_of_month
|
Week in the month the task is scheduled for (optional). This can be one of these values:
Example: 3 |
date_of_month
|
Days of the month the task is scheduled for. 1=Day one, 2=Day two..., 30=Day thirty, 31=Day thirty one. Example: [1,11, 15, 16] |
month_of_year
|
Months of the year the task is scheduled for. 0=Every month,1=January...,12=December. Example: [1, 4, 11] |
execution_timeout
|
Specifies how long the task can run from the time it starts. Example: 1.07:06:05 (indicates 1 day, 7 hours, 6 minutes, and 5 seconds). |
execution_window
|
Execution window for the scheduled task. This can be one of these values:
Example: 1 |
execution_window_expiration
|
Maximum wait time for the task to start if the target device is not available. Example: 3.07:06:05 (indicates 3 days, 7 hours, 6 minutes, and 5 seconds). |
publish_date
|
Publication date for the scheduled task. Example: 2023-06-21T11:00:00Z |
scope_type
|
Indicates the scope of the task. This can be one of these values:
Example: 1 |
can_be_deleted
|
Indicates whether the task can be deleted. Example: false |
can_be_copied
|
Indicates whether the task can be copied. Example: true |
can_access_to_detailed_view
|
Indicates whether the task can access a detailed view. Example: true |
antimalware_scan_task_action
|
Additional information for antimalware scan tasks. |
targets
|
Specifies the items to scan on the device. |
type
|
Scope of the scan task. This can be one of these values:
Example: 0 |
items
|
List of specific locations or items to scan. All folders and files in the specified locations are scanned. Works only when scan_scope is 2. Example: ['c:\downloads','c:\program files'] |
compressed_files
|
Indicates whether to scan compressed files. When set to true, this decompresses compressed files and scans their contents. Example: true |
malware_to_detect
|
Indicates the type of threat to scan for. |
viruses
|
Indicates whether to scan for viruses. Example: true |
hacking_tools_and_pups
|
Indicates whether to scan for hacking tools and PUPs. Example: true |
suspicious
|
Indicates whether to scan for suspicious items. Example: true |
exclusions
|
Indicates the items to exclude from the scan. |
apply_exclusions_of_resident_protection
|
Indicates whether the permanent protection excludes items from the scan. Example: true |
extensions
|
List of file extensions to exclude from the scan. Example: ['.bat','.pif'] |
folders
|
List of folders to exclude from the scan. Example: ['c:\downloads','c:\program files'] |
files
|
List of file names to exclude from the scan. Example: ['virus.exe','spam.exe'] |
patch_installation_task_action
|
Additional information for patch installation tasks. |
platforms
|
List of platforms for patch installation (1=Windows, 2=macOS, 3=Linux) Example: [1,2] |
patch_installation_configuration
|
Patch installation task configuration detailed information. |
patches_to_install
|
List of patch identifiers associated with the task. Example: [00012594-0000-0000-0000-000000000000] |
criticality_configuration
|
Specifies the severity of the patches to install on devices. |
update_security_patches
|
Specifies the severity of the security patches to install. |
critical
|
Indicates whether to scan for critical severity patches. Example: true |
important
|
Indicates whether to scan for important severity patches. Example: true |
moderate
|
Indicates whether to scan for moderate severity patches. Example: true |
low
|
Indicates whether to scan for low severity patches. Example: true |
not_classified
|
Indicates whether to scan for unspecified severity patches. Example: true |
update_non_security_patches
|
Specifies the severity of the non-security patches to install. |
critical
|
Indicates whether to scan for critical severity patches. Example: true |
important
|
Indicates whether to scan for important severity patches. Example: true |
moderate
|
Indicates whether to scan for moderate severity patches. Example: true |
low
|
Indicates whether to scan for low severity patches. Example: true |
not_classified
|
Indicates whether to scan for unspecified severity patches. Example: true |
update_service_packs
|
Indicates whether to scan for Service Packs. Example: true |
vendors_configuration
|
Indicates the software (vendor, family, or product) to patch. |
use_selected_vendors_to_apply_patches
|
Indicates whether you want to use the vendor/family/product configuration selected for Windows platforms to apply the patches in the task. Example: true |
selected_vendors_ids
|
List of vendor identifiers associated with the task. Example: [9, 8, 82, 183] |
selected_vendor_families_ids
|
List of software family identifiers associated with the task. Example: [53, 54, 199, 56, 63, 239] |
selected_vendor_versions_ids
|
List of software version identifiers associated with the task. Example: [79, 80, 81, 83, 87, 1174] |
vendors_configuration_for_linux
|
Indicates the Linux software (vendor, family, or product) to patch. |
use_selected_vendors_to_apply_patches
|
Indicates whether you want to use the vendor/family/product configuration selected for Linux platforms to apply the patches in the task. Example: true |
install_patches_requiring_forced_reboot
|
Indicates whether you want to install patches that require a forced reboot of the target device. Currently, this parameter applies to macOS computers only. Example: true |
selected_vendor_names
|
List of vendor name identifiers to use in the task. Example: ["Gimp.org"], |
selected_vendor_family_names
|
List of software family name identifiers to use in the task. Example: ["Gimp.org/Gimp", "Gimp.org/gimp-data-extras", "Gimp.org/gimp-help"] |
vendors_configuration_for_mac
|
Indicates the macOS software (vendor, family, or product) to patch. |
use_selected_vendors_to_apply_patches
|
Indicates whether you want to use the vendor/family/product configuration selected for macOS platforms to apply the patches in the task. Example: true |
install_patches_requiring_forced_reboot
|
Indicates whether you want to install patches that require a forced reboot of the target device. Example: true |
selected_vendor_names
|
List of vendor name identifiers to use in the task. Example: ["Opera"] |
selected_vendor_family_names
|
List of software family name identifiers to use in the task. Example: ["Opera Software ASA/Opera"], |
patch_uninstallation_task_action
|
Additional information for patch uninstallation tasks. |
patch_uninstallation_configuration
|
Patch uninstallation task configuration detailed information. |
patches_to_uninstall
|
List of patch identifiers associated with the task. Example: [00012594-0000-0000-0000-000000000000] |
ioc_definition_scan_task_action
|
Additional information for IOC search tasks. |
ioc_definition_scan_task_configuration
|
IOC search task configuration detailed information. |
ioc_definition_ids
|
List of IOCs associated with the task. |
details
|
Details of the IOC |
id
|
Identifier of the IOC. Example: 6b7205bc-60e0-45a0-9956-b17b6a8673f3 |
name
|
Name of the IOC. Example: Search based on domain |
stix_bundle
|
STIX content associated with the IOC search task. Example: <?xml version=\"1.0\"?><bundle><type>bundle</type><id>bundle--5928e8d2-ebac-493d-b912-b24221ecdf28</id><objects></objects></bundle> |
recipients
|
Specifies the task recipients. |
devices
|
Specifies the task recipients (devices). |
device_id
|
Identifier for the device associated with the task. Example: 5b7205bc-60e0-45a0-9956-b17b6a8673f1 |
custom_group_folders
|
Specifies task recipients of the custom group type. |
device_id
|
Identifier for the custom group folder associated with the task. Example: 6b7205bc-60e0-45a0-9956-b17b6a8673f2 |
device_types
|
Specifies task recipients based on the type of device where the task is run. |
device_id
|
Identifier for the device type associated with the task. Example: 7b7205bc-60e0-45a0-9956-b17b6a8673f3 |