diff --git a/malwarebytes/README.md b/malwarebytes/README.md new file mode 100644 index 00000000..cbe66a23 --- /dev/null +++ b/malwarebytes/README.md @@ -0,0 +1,34 @@ +# ThreatDown APIs (1.0.0) + +## Description +ThreatDown OneView APIs provide you resources to remotely manage the + security of your devices from code. It integrates ThreatDown protection into + your workflows and pipelines. The following are some of the actions you can + do with OneView APIs: + + + - Manage the security of your endpoints. + + - Analyze endpoint assets. + + - Perform advance analysis on detections of malware, ransomware, exploits, and other threats by ThreatDown Endpoint Agent. + + - Scan, isolate, remediate, and reboot endpoints. + + - Create new sites. + + - Provision OneView users. + + - Create subscriptions for your customers. + + - Subscribe to security Webhook events to get notified of detections. + +## Authentication +ThreatDown API uses OAuth2 to allow secure authorization in a simple and standard method from web, mobile, and desktop applications. + + + See the [Authentication](#operation/api.oneview.oauth2.token) section for specific information about supported grants. + +```bash +git clone https://github.com/your-username/awesome-project.git +cd awesome-project diff --git a/malwarebytes/threatdown_apis_malwarebytes.yaml b/malwarebytes/threatdown_apis_malwarebytes.yaml new file mode 100644 index 00000000..d592f76e --- /dev/null +++ b/malwarebytes/threatdown_apis_malwarebytes.yaml @@ -0,0 +1,13496 @@ +openapi: 3.0.0 +info: + title: ThreatDown APIs MalwareBytes + description: > + ThreatDown OneView APIs provide you resources to remotely manage the + security of your devices from code. It integrates ThreatDown protection into + your workflows and pipelines. The following are some of the actions you can + do with OneView APIs: + + + - Manage the security of your endpoints. + + - Analyze endpoint assets. + + - Perform advance analysis on detections of malware, ransomware, exploits, and other threats by ThreatDown Endpoint Agent. + + - Scan, isolate, remediate, and reboot endpoints. + + - Create new sites. + + - Provision OneView users. + + - Create subscriptions for your customers. + + - Subscribe to security Webhook events to get notified of detections. + + + # Introduction + + + Access scopes are the permissions applications require for authorization and use. When creating a new application, you can decide the access level the application has to your account's data. This utility allows you to restrict the scope of access to your account's data depending on the application's needs. + + Specifying access scopes gives you control over the access of your data. You can set different scopes a provide the appropriate credentials to your team. The following section displays the available scopes. + + + Refer to the [Authentication](#operation/api.oneview.oauth2.token) endpoint to retrieve an `access_token` using your `client_id` and `client_secret`. + + + After having obtained an `access_token`, you will be able to create [Sites](#tag/Sites) which you will be able to manage through apis. + + + The next step once you have create a customer, is to use the [Subscription](#tag/Subscriptions) APIs to assign a valid subscription for your customer. This will attach an `account_id` property to your [Sites](#tag/Sites) resources that you will be able to use for [Endpoints](#tag/Endpoints), [Detections](#tag/Detections), [Jobs](#tag/Jobs), [Webhooks](#tag/Webhooks) and other APIs for security management. + + + # Access' scopes + + + When creating a new application, you can decide the level of access it has to your account's data. This utility allows you to restrict the scope of access to your account's data depending on the application's needs. For example, if you only need to analyze detections found on your endpoint, the read scope will be enough to prevent that application from modifying data or issuing jobs. + + + Specifying access scopes gives you more control over the access of your data. For example, you may want your company's IT department to be able to isolate infected endpoints, while you may want your analysts to only read data for generating reports. To do so, you can create two applications using different scopes, and provide the right people with the right pair of credentials for programmatic access. + + + See [Authentication](#section/Authentication) for available scopes + + + # Authentication + + + ThreatDown API uses OAuth2 to allow secure authorization in a simple and standard method from web, mobile, and desktop applications. + + + See the [Authentication](#operation/api.oneview.oauth2.token) section for specific information about supported grants. + + + # Rate Limiting + + + ThreatDown API implements a rate-limiting mechanism to prevent abuse. The rate-limiting mechanism is implemented using a leaky bucket algorithm. Once you exceed the available limit, our server will respond with a `429` status code. You can throttle your requests and retry them later. + + + The current limit, which you can see in the table below, has shown to be enough for most use cases. If you encounter `429` error codes, consider taking the following actions to minimize your APIs usage: + + + - Subscribe to webhooks events instead of polling the API for reacting to changes. + + - Throttle the requests you send to the ThreatDown API for not exceeding the limit. + + - Batch requests when possible. + + - Contact us and request to increase the API quota for your application. + + + Currently, the default available quota is `360` requests per minute. + + + # Available catalog codes + + + Protection: + + + - `BUS-CLOUD-IR-01` - ThreatDown Incident Response + + - `BUS-CLOUD-EPP-01` - ThreatDown Endpoint Protection + + - `BUS-CLOUD-EPP-SER-01` - ThreatDown Endpoint Protection for Servers + + - `BUS-CLOUD-EPR-01` - ThreatDown Endpoint Detection and Response + + - `BUS-CLOUD-EDR-SER-01` - ThreatDown Endpoint Detection and Response for Servers + + - `BUS-MBCM-01` - ThreatDown Mobile Security for Business + + + Modules: + + + - `BUS-MBVM-01` - ThreatDown Vulnerability Assessment + + - `BUS-MBVPM-01` - ThreatDown Vulnerability & Patch Management + + - `BUS-MBDNS-01` - ThreatDown DNS Filtering + + - `BUS-MBAB-01` - ThreatDown Application Block + + - `BUS-CLOUD-MDR-FR30-01` - MDR Data Retention - 30 days + + - `BUS-CLOUD-MDR-01` - ThreatDown Managed Detection and Response + version: "1.0.0" + x-logo: https://eml-stg.malwarebytes.com/hermes/td-logo.png + contact: + name: "@Anonymous Shuffle User" + url: https://twitter.com/shuffleio + email: support@shuffler.io +servers: + - url: https://api.malwarebytes.com +host: api.malwarebytes.com +basePath: / +schemes: + - "https:" +paths: + /oneview/oauth2/token: + post: + responses: + default: + description: default + content: + text/plain: + schema: + type: string + example: |- + { + "access_token": "", + "expires_in": 0, + "scope": "", + "token_type": "" + } + summary: Get an access token + operationId: Get_an_access_token + description: > + Use this endpoint to retrieve an authentication token that allows you to + send authenticated requests to all the API endpoints. + + First, you need to get a valid `client_id`, `client_secret` pair to retrieve an authentication token. See notes below for obtaining a credential pair**. + + + Once you have obtained the `access_token`, by adhering to the following specification, you must include it for all the requests to the public APIs along with the `Authorization` header: + + + ``` + + Authorization: Bearer + + ``` + + + ## Request + + + ### Headers + + + Add the following headers to your request. + + + | Name | Description | Type | Required | Default | + + |------|-------------|-------|-----------|----------| + + | Authorization | base64 encoded credential pair* as basic authorization `Basic base64(:)`| string | yes | '' | + + | Content-Type | Set to 'application/x-www-form-urlencoded' | string | yes | '' | + + + *You need to concatenate `client_id` and `client_secret` and encode in base64. + + + Refer to the following Javascript example to get the correct header's value: + + + **In the browser**: + + + ``` + + `Basic ${window.btoa(`${clientId}:${clientSecret}`)}` + + ``` + + + **NodeJS**: + + + ``` + + `Basic ${Buffer.from(`${clientId}:${clientSecret}`).toString('base64')}` + + ``` + + + ### Body + + + Send the following body with the request. + + + | Name | Description | Type | Required | Default | + + |------|-------------|-------|-----------|----------| + + | scope | The scope of the token. Can be ```read write execute create:accounts``` or any subset of those space-separated scopes | string | yes | '' | + + | grant\_type | The grant\_type. Set it to `client_credentials` | string | yes | '' | + + + ## Response + + + If your request successfully processed, our server will respond with a 200 status code and send a JSON body, which will include: + + + | Name | Description | Type | Can be blank | + + |------|-------------|-------|-----------| + + | access_token | The access token. You need this token to access all other API endpoints | string | no | + + | expires_in | Expiry time in seconds of the access\_token | number | no | + + | scope | The scope. Can be `read write execute create:accounts` or a subset of those. Space separate the scope you want to request | string | no | + + | token_type | The type of the token | string | no | + + + You can use the `access_token` to send requests to all the other HTTP endpoints. + + + # Notes + + You can send a raw HTTP request to retrieve the `access_token` following the specification above, but we strongly recommend to using one of the existing `oauth2` libraries. + + Libraries will usually handle refreshing the `access_token`, and generally implements best practices for that authentication protocol. We provide 2 examples as reference: + + + ## Python example + + The following Python examples use the `oauthlib`: + + ```python + + from requests_oauthlib import OAuth2Session + + from oauthlib.oauth2 import BackendApplicationClient + + + CLIENT_ID = "" + + CLIENT_SECRET = "" + + CLIENT_ACCOUNT = "" + + + def NEBULA_URL(path): + return "{NEBULA_URL}{PATH}".format(NEBULA_URL="https://api.malwarebytes.com", PATH=path) + + def get_nebula_client(client_id, client_secret, account_id): + client_scope = ["read", "write"] + headers = {} + + client = BackendApplicationClient(client_id, scope=client_scope) + nebula = OAuth2Session(client=client, scope=client_scope) + nebula.headers.update(headers) + token = nebula.fetch_token( + token_url=NEBULA_URL('/oneview/oauth2/token'), + client_secret=client_secret, scope=" ".join(client_scope)) + return nebula + + resp = get_nebula_client(CLIENT_ID, CLIENT_SECRET, CLIENT_ACCOUNT).get(NEBULA_URL('/oneview/v1/endpoints')) + + + print(resp.json()) + + ``` + + + ## Javascript example + + The following Javascript example uses the `simple-oauth2` module available on `npm`: + + + ```javascript + + const oauth2Module = require('simple-oauth2') + + + const CLIENT_ACCOUNT = '' + + const CLIENT_ID = '' + + const CLIENT_SECRET = '' + + const CLIENT_SCOPE = ['read']; + + const URL = 'https://api.malwarebytes.com' + + const TOKEN_PATH = 'oneview/oauth2/token' + + const credentials = { + client: { + id: CLIENT_ID, + secret: CLIENT_SECRET + }, + auth: { + tokenHost: URL, + tokenPath: TOKEN_PATH + } + }; + + + const tokenConfig = { + scope: CLIENT_SCOPE, + }; + + + const oauth2 = oauth2Module.create(credentials); + + + async function reqToken() { + try { + const result = await oauth2.clientCredentials.getToken(tokenConfig); + return oauth2.accessToken.create(result); + } catch (error) { + throw error; + } + } + + + reqToken() + .then(({ + access_token, + expires_in, + scope, + token_type + }) => console.log( + access_token, + expires_in, + scope, + token_type)) + .catch(e => console.log(e)) + ``` + parameters: + - in: body + name: body + multiline: true + description: Generated by shuffler.io OpenAPI + required: false + example: "" + schema: + type: string + requestBody: + description: Generated by Shuffler.io + required: false + content: + example: + example: "" + /oneview/v1/accounts/groups: + post: + responses: + default: + description: default + content: + text/plain: + schema: + type: string + example: |- + { + "groups": [ + { + "account_id": "", + "child_group_count": 0, + "id": "", + "is_default": false, + "machines_count": 0, + "name": "", + "parent_id": "", + "policy_id": "", + "policy_name": "", + "root_id": "", + "updated_at": "" + } + ], + "next_cursor": "", + "total_count": 0 + } + summary: Filter groups across accounts + operationId: Filter_groups_across_accounts + description: Filter groups across accounts + parameters: + - in: body + name: body + multiline: true + description: Generated by shuffler.io OpenAPI + required: false + example: |- + { + "filter_by_parent_id": "", + "name": "", + "next_cursor": "", + "page_size": 100, + "parent_id": "" + } + schema: + type: string + - in: header + name: authorization + multiline: false + description: Header generated by shuffler.io OpenAPI + required: false + example: undefined + schema: + type: string + requestBody: + description: Generated by Shuffler.io + required: false + content: + example: + example: |- + { + "filter_by_parent_id": "", + "name": "", + "next_cursor": "", + "page_size": 100, + "parent_id": "" + } + /oneview/v1/accounts/schedules: + post: + responses: + default: + description: default + content: + text/plain: + schema: + type: string + example: |- + { + "next_cursor": "", + "schedules": [ + { + "command": "", + "command_data": { + "mac_scan_settings": { + "pup_detection": "", + "remove": false + }, + "scan_settings": { + "ark": false, + "fixed_drive": false, + "no_archive": false, + "pum_detection": "", + "pup_detection": "", + "remove": false, + "scan_memory": true, + "scan_path": "", + "scan_registry": false, + "scan_startup": false, + "type": "" + }, + "schedule_for_mac": false, + "schedule_for_windows": false + }, + "enabled": true, + "etag": "", + "id": "", + "name": "", + "rrule": "" + } + ], + "total_count": 0 + } + summary: Get schedules of multiple accounts + operationId: Get_schedules_of_multiple_accounts + description: Get schedules of multiple accounts + parameters: + - in: body + name: body + multiline: true + description: Generated by shuffler.io OpenAPI + required: false + example: |- + { + "next_cursor": "", + "page_size": 100 + } + schema: + type: string + - in: header + name: authorization + multiline: false + description: Header generated by shuffler.io OpenAPI + required: false + example: undefined + schema: + type: string + requestBody: + description: Generated by Shuffler.io + required: false + content: + example: + example: |- + { + "next_cursor": "", + "page_size": 100 + } + "/oneview/v1/accounts/{account_id}/detections/{id}": + get: + responses: + default: + description: default + content: + text/plain: + schema: + type: string + example: |- + { + "affected_application": "", + "category": "", + "detection_id": "", + "group_id": "", + "group_name": "", + "id": "", + "ip_address": "", + "machine_id": "", + "machine_name": "", + "md5": "", + "path": "", + "policy_id": "", + "policy_name": "", + "port": "", + "process_name": "", + "reported_at": "", + "scan_id": "", + "scanned_at": "", + "scanned_at_local": "", + "status": "", + "threat_name": "", + "url": "" + } + summary: Get detection by ID + operationId: Get_detection_by_ID + description: Get detection and its full information by ID. + parameters: + - in: path + name: id + description: Generated by shuffler.io OpenAPI + required: true + schema: + type: string + - in: path + name: account_id + description: Generated by shuffler.io OpenAPI + required: true + schema: + type: string + - in: header + name: authorization + multiline: false + description: Header generated by shuffler.io OpenAPI + required: false + example: undefined + schema: + type: string + requestBody: + content: {} + "/oneview/v1/accounts/{account_id}/devicecontrol/{id}": + get: + responses: + default: + description: default + content: + text/plain: + schema: + type: string + example: |- + { + "account_id": "", + "affected_application": "", + "category": "", + "child_trace_count": 0, + "cleaned_at": "", + "detection_id": "", + "device_control": { + "block_status": "", + "device_id": "", + "disk_interface": "", + "drive_compressed": false, + "file_system": "", + "manufacturer": "", + "path": "", + "physical_disk_name": "", + "serial_number": "", + "status": "", + "timestamp": "", + "volume_device_path": "", + "volume_name": "", + "volume_serial": "" + }, + "group_id": "", + "id": "", + "is_root_detection": false, + "is_rtp_stream_event": false, + "last_user": "", + "machine_id": "", + "machine_ip": "", + "machine_name": "", + "md5": "", + "path": "", + "process_name": "", + "reported_at": "", + "scan_id": "", + "scanned_at": "", + "scanned_at_offset_seconds": 0, + "sha256": "", + "status": "", + "threat_name": "", + "trace_id": "" + } + summary: Get detection control event by ID + operationId: Get_detection_control_event_by_ID + description: Get device control event and its full information by ID. + parameters: + - in: path + name: id + description: Generated by shuffler.io OpenAPI + required: true + schema: + type: string + - in: path + name: account_id + description: Generated by shuffler.io OpenAPI + required: true + schema: + type: string + - in: header + name: authorization + multiline: false + description: Header generated by shuffler.io OpenAPI + required: false + example: undefined + schema: + type: string + requestBody: + content: {} + "/oneview/v1/accounts/{account_id}/endpoints": + post: + responses: + default: + description: default + content: + text/plain: + schema: + type: string + example: |- + { + "after": "", + "endpoints": [ + { + "agent": { + "account_id": "", + "at": "", + "document_id": "", + "domain_name": "", + "engine_version": "", + "fully_qualified_host_name": "", + "group_id": "", + "has_alerts": false, + "host_name": "", + "is_software_update_available": false, + "last_user": "", + "machine_id": "", + "machine_ip": "", + "nics": [ + { + "description": "", + "mac_address": "" + } + ], + "os_info": { + "os_architecture": "", + "os_platform": "", + "os_release_name": "", + "os_type": "", + "os_version": "" + }, + "plugins": { + "asset_manager": { + "alerts": {}, + "plugin_version": "", + "product_name": "" + }, + "endpoint_detection_and_response": { + "alerts": {}, + "plugin_version": "", + "product_name": "" + }, + "endpoint_protection": { + "alerts": {}, + "component_package_version": "", + "plugin_version": "", + "product_name": "", + "sdk_version": "", + "update_package_version": "" + }, + "incident_response": { + "alerts": {}, + "component_package_version": "", + "plugin_version": "", + "product_name": "", + "update_package_version": "" + } + }, + "policy_etag": "", + "source_location": { + "accuracy_radius": 0, + "anonymous_proxy": false, + "city": "", + "continent": "", + "country": "", + "country_iso": "", + "postal_code": "", + "time_zone": "" + }, + "version": 0 + }, + "display_name": "", + "link": "", + "machine": { + "account_id": "", + "document_id": "", + "group_id": "", + "group_name": "", + "id": "", + "infection_count": 0, + "is_default_group": false, + "is_deleted": false, + "isolated": false, + "last_active": "", + "last_day_seen": "", + "last_scanned_at": "", + "online": false, + "policy_id": "", + "policy_name": "", + "reboot_required": 0, + "root_group_id": "", + "scan_age_days": 0, + "suspicious_activity_count": 0, + "version": 0 + }, + "machineVersion": 0, + "protection_status": "" + } + ], + "next_cursor": "", + "total_count": 0 + } + summary: Search endpoints + operationId: Search_endpoints + description: > + Search endpoints within an account. The search scopes to the account_id + you specify in the URL. Constraints with the suffix `keyword` indicates + an exact match. Constraints without the `keyword` suffix will be + tokenized. + + + ### Examples + + If you want to find endpoints belonging to the `Default group` (the search is case insensitive), use `group_name.keyword` as a constraint. + + ```json + + { + "group_name.keyword": "default group" + } + + ``` + + Alternatively, if you want to find endpoints which group includes `department_one OR department_two`, use `group_name` as a constraint. + + ```json + + { + "group_name": "department_one department_two department_three" + } + + ``` + parameters: + - in: path + name: account_id + description: Generated by shuffler.io OpenAPI + required: false + schema: + type: string + - in: body + name: body + multiline: true + description: Generated by shuffler.io OpenAPI + required: false + example: |- + { + "aggregate_by_account": false, + "alias": "", + "at_after": "", + "at_before": "", + "deleted_at_after": "", + "deleted_at_before": "", + "domain_name": "", + "domain_name.keyword": "", + "engine_version": "", + "engine_version.keyword": "", + "fully_qualified_host_name": "", + "fully_qualified_host_name.keyword": "", + "group_id": "", + "group_name": "", + "group_name.keyword": "", + "has_alerts": false, + "host_name": "", + "host_name.keyword": "", + "infection_found": false, + "is_deleted": false, + "is_isolated": false, + "is_software_update_available": false, + "last_day_seen_after": "", + "last_day_seen_before": "", + "last_scan_after": "", + "last_scan_before": "", + "last_user": "", + "last_user.keyword": "", + "machine_ip": "", + "marked_for_deletion_after": "", + "marked_for_deletion_before": "", + "next_cursor": "", + "nics.description": "", + "nics.ips": "", + "nics.mac_address": "", + "object_guid": "", + "os_info.os_architecture": "", + "os_info.os_platform": "", + "os_info.os_release_name": "", + "os_info.os_type": "", + "os_info.os_version": "", + "page_size": 2000, + "plugins.asset_manager.plugin_version": "", + "plugins.asset_manager.reboot_reason": "", + "plugins.endpoint_detection_and_response.plugin_version": "", + "plugins.endpoint_detection_and_response.reboot_reason": "", + "plugins.endpoint_protection.component_package_version": "", + "plugins.endpoint_protection.plugin_version": "", + "plugins.endpoint_protection.reboot_reason": "", + "plugins.endpoint_protection.sdk_version": "", + "plugins.endpoint_protection.update_package_version": "", + "plugins.incident_response.plugin_version": "", + "plugins.incident_response.reboot_reason": "", + "plugins.siem.plugin_version": "", + "plugins.siem.reboot_reason": "", + "policy_etag": "", + "policy_id": "", + "policy_name": "", + "policy_name.keyword": "", + "populate": { + "account": false, + "default_group": false, + "last_job": false + }, + "protection_status": "", + "reboot_required": false, + "sort_field": "group_id", + "sort_order": "asc", + "source_location.city": "", + "source_location.continent": "", + "source_location.country": "", + "source_location.country_iso": "", + "source_location.is_anonymous_proxy": false, + "source_location.postal_code": "", + "source_location.subdivisions": "", + "source_location.time_zone": "", + "suspicious_activity_found": false + } + schema: + type: string + - in: header + name: authorization + multiline: false + description: Header generated by shuffler.io OpenAPI + required: false + example: undefined + schema: + type: string + requestBody: + description: Generated by Shuffler.io + required: false + content: + example: + example: |- + { + "aggregate_by_account": false, + "alias": "", + "at_after": "", + "at_before": "", + "deleted_at_after": "", + "deleted_at_before": "", + "domain_name": "", + "domain_name.keyword": "", + "engine_version": "", + "engine_version.keyword": "", + "fully_qualified_host_name": "", + "fully_qualified_host_name.keyword": "", + "group_id": "", + "group_name": "", + "group_name.keyword": "", + "has_alerts": false, + "host_name": "", + "host_name.keyword": "", + "infection_found": false, + "is_deleted": false, + "is_isolated": false, + "is_software_update_available": false, + "last_day_seen_after": "", + "last_day_seen_before": "", + "last_scan_after": "", + "last_scan_before": "", + "last_user": "", + "last_user.keyword": "", + "machine_ip": "", + "marked_for_deletion_after": "", + "marked_for_deletion_before": "", + "next_cursor": "", + "nics.description": "", + "nics.ips": "", + "nics.mac_address": "", + "object_guid": "", + "os_info.os_architecture": "", + "os_info.os_platform": "", + "os_info.os_release_name": "", + "os_info.os_type": "", + "os_info.os_version": "", + "page_size": 2000, + "plugins.asset_manager.plugin_version": "", + "plugins.asset_manager.reboot_reason": "", + "plugins.endpoint_detection_and_response.plugin_version": "", + "plugins.endpoint_detection_and_response.reboot_reason": "", + "plugins.endpoint_protection.component_package_version": "", + "plugins.endpoint_protection.plugin_version": "", + "plugins.endpoint_protection.reboot_reason": "", + "plugins.endpoint_protection.sdk_version": "", + "plugins.endpoint_protection.update_package_version": "", + "plugins.incident_response.plugin_version": "", + "plugins.incident_response.reboot_reason": "", + "plugins.siem.plugin_version": "", + "plugins.siem.reboot_reason": "", + "policy_etag": "", + "policy_id": "", + "policy_name": "", + "policy_name.keyword": "", + "populate": { + "account": false, + "default_group": false, + "last_job": false + }, + "protection_status": "", + "reboot_required": false, + "sort_field": "group_id", + "sort_order": "asc", + "source_location.city": "", + "source_location.continent": "", + "source_location.country": "", + "source_location.country_iso": "", + "source_location.is_anonymous_proxy": false, + "source_location.postal_code": "", + "source_location.subdivisions": "", + "source_location.time_zone": "", + "suspicious_activity_found": false + } + "/oneview/v1/accounts/{account_id}/endpoints/{id}": + delete: + responses: + default: + description: default + content: + text/plain: + schema: + type: string + example: "" + summary: Delete a machine + operationId: Delete_a_machine + description: Delete a machine from the console + parameters: + - in: path + name: id + description: Generated by shuffler.io OpenAPI + required: true + schema: + type: string + - in: path + name: account_id + description: Generated by shuffler.io OpenAPI + required: true + schema: + type: string + - in: body + name: body + multiline: true + description: Generated by shuffler.io OpenAPI + required: false + example: "" + schema: + type: string + - in: header + name: authorization + multiline: false + description: Header generated by shuffler.io OpenAPI + required: false + example: undefined + schema: + type: string + requestBody: + description: Generated by Shuffler.io + required: false + content: + example: + example: "" + get: + responses: + default: + description: default + content: + text/plain: + schema: + type: string + example: |- + { + "group_id": "", + "id": "", + "is_deleted": false, + "last_seen_at": "", + "name": "", + "online": false, + "os_architecture": "", + "os_platform": "", + "os_release_name": "", + "policy_id": "" + } + summary: Get endpoint + operationId: Get_endpoint + description: Retrieve a single ID by its universally unique identifier. + parameters: + - in: path + name: id + description: Generated by shuffler.io OpenAPI + required: true + schema: + type: string + - in: path + name: account_id + description: Generated by shuffler.io OpenAPI + required: true + schema: + type: string + - in: header + name: authorization + multiline: false + description: Header generated by shuffler.io OpenAPI + required: false + example: undefined + schema: + type: string + requestBody: + content: {} + "/oneview/v1/accounts/{account_id}/endpoints/{id}/agent_info": + get: + responses: + default: + description: default + content: + text/plain: + schema: + type: string + example: |- + { + "agent_info_last_updated_at": "", + "dhcp_scope_name": "", + "domain_name": "", + "engine_version": "", + "fully_qualified_host_name": "", + "has_alerts": false, + "host_name": "", + "last_seen_at": "", + "last_user": "", + "nics": [ + { + "description": "", + "mac_address": "" + } + ], + "os_info": { + "os_architecture": "", + "os_platform": "", + "os_release_name": "", + "os_type": "", + "os_version": "" + }, + "plugins": [ + { + "alerts": {}, + "component_package_version": "", + "desktop_isolation": "", + "frcore_version": "", + "medrnet_version": "", + "network_isolation": "", + "plugin_version": "", + "process_isolation": "", + "product_name": "", + "reboot_reasons": 0, + "sdk_version": "", + "update_package_version": "" + } + ], + "policy_etag": "", + "source_location": { + "accuracy_radius": 0, + "anonymous_proxy": false, + "city": "", + "continent": "", + "country": "", + "country_iso": "", + "postal_code": "", + "time_zone": "" + } + } + summary: Get endpoint agent info + operationId: Get_endpoint_agent_info + description: Retrieve agent information of a given endpoint. + parameters: + - in: path + name: id + description: Generated by shuffler.io OpenAPI + required: true + schema: + type: string + - in: path + name: account_id + description: Generated by shuffler.io OpenAPI + required: true + schema: + type: string + - in: header + name: authorization + multiline: false + description: Header generated by shuffler.io OpenAPI + required: false + example: undefined + schema: + type: string + requestBody: + content: {} + "/oneview/v1/accounts/{account_id}/endpoints/{id}/assets": + get: + responses: + default: + description: default + content: + text/plain: + schema: + type: string + example: |- + { + "computer_info": { + "manufacturer": "", + "model": "" + }, + "culture": "", + "dhcp_scope_name": "", + "fully_qualified_host_name": "", + "host_name": "", + "nics": [ + { + "description": "", + "mac_address": "" + } + ], + "os_info": { + "os_architecture": "", + "os_platform": "", + "os_release_name": "", + "os_type": "", + "os_version": "" + }, + "plugin_version": "", + "software_installed": [ + { + "product": "", + "vendor": "", + "version": "" + } + ], + "startups": [ + { + "key": "", + "name": "" + } + ], + "time_zone": "", + "updates_installed": [ + { + "title": "" + } + ] + } + summary: Get endpoint assets + operationId: Get_endpoint_assets + description: Retrieve asset information of a given endpoint. + parameters: + - in: path + name: id + description: Generated by shuffler.io OpenAPI + required: true + schema: + type: string + - in: path + name: account_id + description: Generated by shuffler.io OpenAPI + required: true + schema: + type: string + - in: header + name: authorization + multiline: false + description: Header generated by shuffler.io OpenAPI + required: false + example: undefined + schema: + type: string + requestBody: + content: {} + "/oneview/v1/accounts/{account_id}/endpoints/{id}/network": + get: + responses: + default: + description: default + content: + text/plain: + schema: + type: string + example: |- + { + "agent_info_last_updated_at": "", + "fully_qualified_host_name": "", + "host_name": "", + "last_seen_at": "", + "nics": [ + { + "description": "", + "mac_address": "" + } + ] + } + summary: Network information + operationId: Network_information + description: Get network information about an endpoint. + parameters: + - in: path + name: id + description: Generated by shuffler.io OpenAPI + required: true + schema: + type: string + - in: path + name: account_id + description: Generated by shuffler.io OpenAPI + required: true + schema: + type: string + - in: header + name: authorization + multiline: false + description: Header generated by shuffler.io OpenAPI + required: false + example: undefined + schema: + type: string + requestBody: + content: {} + "/oneview/v1/accounts/{account_id}/endpoints/{id}/quarantine": + get: + responses: + default: + description: default + content: + text/plain: + schema: + type: string + example: |- + { + "next_cursor": "", + "quarantined_threats": [ + { + "affected_application": "", + "category": "", + "detection_id": "", + "group_id": "", + "group_name": "", + "id": "", + "ip_address": "", + "machine_id": "", + "machine_name": "", + "md5": "", + "path": "", + "policy_id": "", + "policy_name": "", + "port": "", + "process_name": "", + "reported_at": "", + "scan_id": "", + "scanned_at": "", + "scanned_at_local": "", + "status": "", + "threat_name": "", + "url": "" + } + ], + "total_count": 0 + } + summary: Get quarantined items + operationId: Get_quarantined_items + description: Get quarantined items + parameters: + - in: query + name: next_cursor + description: The pagination cursor for next set of results. For further + documentation, check Pagination section. + required: false + schema: + type: string + - in: query + name: name + description: Search with quarantine threat name. + required: false + schema: + type: string + - in: query + name: category + description: Search with quarantine category. + required: false + schema: + type: string + - in: query + name: type + description: Search with quarantine type + required: false + schema: + type: string + - in: query + name: since + description: Timestamp to filter since quarantine scan times. + required: false + schema: + type: string + - in: query + name: until + description: Timestamp to filter until quarantine scan times. + required: false + schema: + type: string + - in: path + name: id + description: Generated by shuffler.io OpenAPI + required: true + schema: + type: string + - in: path + name: account_id + description: Generated by shuffler.io OpenAPI + required: true + schema: + type: string + - in: header + name: authorization + multiline: false + description: Header generated by shuffler.io OpenAPI + required: false + example: undefined + schema: + type: string + requestBody: + content: {} + "/oneview/v1/accounts/{account_id}/endpoints/{id}/sa": + get: + responses: + default: + description: default + content: + text/plain: + schema: + type: string + example: |- + { + "next_cursor": "", + "sa": [ + { + "account_id": "", + "closed": 0, + "detected_by_count": 0, + "level": 0, + "machine_id": "", + "path": "", + "pc_hostname": "", + "status": "", + "timestamp": "" + } + ], + "total_count": 0 + } + summary: All suspicious activity of an endpoint + operationId: All_suspicious_activity_of_an_endpoint + description: Fetch suspicious activity of an endpoint. + parameters: + - in: query + name: sort_field + description: Sort field + required: false + schema: + type: string + - in: query + name: sort_direction + description: Sort direction + required: false + schema: + type: string + - in: query + name: next_cursor + description: The pagination cursor for next set of results. For further + documentation, check Pagination section. + required: false + schema: + type: string + - in: query + name: since + description: Since (Ex. "2020-03-23T17:23:17.860482Z") + required: false + schema: + type: string + - in: query + name: per_page + description: Items per page + required: false + schema: + type: string + - in: path + name: id + description: Generated by shuffler.io OpenAPI + required: true + schema: + type: string + - in: header + name: authorization + multiline: false + description: Header generated by shuffler.io OpenAPI + required: false + example: undefined + schema: + type: string + requestBody: + content: {} + "/oneview/v1/accounts/{account_id}/endpoints/{id}/sa/{sa_id}/close": + put: + responses: + default: + description: default + content: + text/plain: + schema: + type: string + example: "" + summary: Close suspicious activity of an endpoint + operationId: Close_suspicious_activity_of_an_endpoint + description: Close suspicious activity of an endpoint. + parameters: + - in: path + name: id + description: Generated by shuffler.io OpenAPI + required: true + schema: + type: string + - in: path + name: sa_id + description: Generated by shuffler.io OpenAPI + required: true + schema: + type: string + - in: body + name: body + multiline: true + description: Generated by shuffler.io OpenAPI + required: false + example: "" + schema: + type: string + - in: header + name: authorization + multiline: false + description: Header generated by shuffler.io OpenAPI + required: false + example: undefined + schema: + type: string + requestBody: + description: Generated by Shuffler.io + required: false + content: + example: + example: "" + "/oneview/v1/accounts/{account_id}/endpoints/{id}/sa/{sa_id}/exclusions": + get: + responses: + default: + description: default + content: + text/plain: + schema: + type: string + example: |- + { + "data": [ + { + "command_line": "", + "md5": "", + "path": "" + } + ] + } + summary: Specific suspicious activity of an endpoint + operationId: Specific_suspicious_activity_of_an_endpoint + description: Fetch suspicious activity of an endpoint. + parameters: + - in: path + name: id + description: Generated by shuffler.io OpenAPI + required: true + schema: + type: string + - in: path + name: sa_id + description: Generated by shuffler.io OpenAPI + required: true + schema: + type: string + - in: header + name: authorization + multiline: false + description: Header generated by shuffler.io OpenAPI + required: false + example: undefined + schema: + type: string + requestBody: + content: {} + "/oneview/v1/accounts/{account_id}/endpoints/{id}/sa/{sa_id}/open": + put: + responses: + default: + description: default + content: + text/plain: + schema: + type: string + example: "" + summary: Open suspicious activity of an endpoint + operationId: Open_suspicious_activity_of_an_endpoint + description: Open suspicious activity of an endpoint. + parameters: + - in: path + name: id + description: Generated by shuffler.io OpenAPI + required: true + schema: + type: string + - in: path + name: sa_id + description: Generated by shuffler.io OpenAPI + required: true + schema: + type: string + - in: body + name: body + multiline: true + description: Generated by shuffler.io OpenAPI + required: false + example: "" + schema: + type: string + - in: header + name: authorization + multiline: false + description: Header generated by shuffler.io OpenAPI + required: false + example: undefined + schema: + type: string + requestBody: + description: Generated by Shuffler.io + required: false + content: + example: + example: "" + "/oneview/v1/accounts/{account_id}/endpoints/{id}/sa/{sa_id}/remediate": + post: + responses: + default: + description: default + content: + text/plain: + schema: + type: string + example: "{}" + summary: Remediate suspicious activity of an endpoint + operationId: Remediate_suspicious_activity_of_an_endpoint + description: Remediate suspicious activity of an endpoint. + parameters: + - in: path + name: id + description: Generated by shuffler.io OpenAPI + required: true + schema: + type: string + - in: path + name: sa_id + description: Generated by shuffler.io OpenAPI + required: true + schema: + type: string + - in: body + name: body + multiline: true + description: Generated by shuffler.io OpenAPI + required: false + example: "" + schema: + type: string + - in: header + name: authorization + multiline: false + description: Header generated by shuffler.io OpenAPI + required: false + example: undefined + schema: + type: string + requestBody: + description: Generated by Shuffler.io + required: false + content: + example: + example: "" + "/oneview/v1/accounts/{account_id}/endpoints/{id}/scans": + get: + responses: + default: + description: default + content: + text/plain: + schema: + type: string + example: "" + summary: Get scans of an endpoint + operationId: Get_scans_of_an_endpoint + description: Get a list of scans of an endpoint. + parameters: + - in: query + name: since + description: The Since Schema (Ex. "2020-03-23T17:23:17.860482Z") + required: false + schema: + type: string + - in: query + name: threats_detected + description: Optional parameter to filter out scan results based on whether + threats were found. If omitted defaults to returning all. + required: false + schema: + type: string + - in: query + name: start_index + description: The start index for pagination + required: false + schema: + type: string + - in: query + name: page_size + description: The page size for pagination + required: false + schema: + type: string + - in: query + name: populate + description: Generated by shuffler.io OpenAPI + required: false + schema: + type: string + - in: path + name: id + description: Generated by shuffler.io OpenAPI + required: true + schema: + type: string + - in: path + name: account_id + description: Generated by shuffler.io OpenAPI + required: true + schema: + type: string + - in: header + name: authorization + multiline: false + description: Header generated by shuffler.io OpenAPI + required: false + example: undefined + schema: + type: string + requestBody: + content: {} + "/oneview/v1/accounts/{account_id}/endpoints/{id}/scans/{scan_id}": + get: + responses: + default: + description: default + content: + text/plain: + schema: + type: string + example: |- + { + "deleted_count": 0, + "duration_seconds": 0, + "found_count": 0, + "from_cloud": false, + "id": "", + "machine_id": "", + "machine_name": "", + "metadata": { + "applicationVersion": "", + "componentsUpdatePackageVersion": "", + "cpu": "", + "dbSDKUpdatePackageVersion": "", + "detectionDateTime": "", + "fileSystem": "", + "filesDetected": 0, + "foldersDetected": 0, + "id": "", + "isUserAdmin": false, + "licenseState": "", + "loggedOnUserName": "", + "modulesDetected": 0, + "os": "", + "processesDetected": 0, + "registryKeysDetected": 0, + "registryValuesDetected": 0, + "schemaVersion": 0, + "sourceDetails": { + "objectsScanned": 0, + "scanDurationSecs": 0, + "scanOptions": { + "scanArchives": false, + "scanFileSystem": false, + "scanMemoryObjects": false, + "scanPUMs": false, + "scanPUPs": false, + "scanRootKits": false, + "scanStartupAndRegistry": false, + "scanType": "", + "useHeuristics": false + }, + "scanResult": "", + "type": "" + } + }, + "ondemand": false, + "os_platform": "", + "quarantined_count": 0, + "reported_at": "", + "scan_type": "", + "started_at": "", + "started_at_local": "", + "total_count": 0 + } + summary: Get a scan of an endpoint + operationId: Get_a_scan_of_an_endpoint + description: Get a scan of an endpoint by Id. + parameters: + - in: path + name: account_id + description: Generated by shuffler.io OpenAPI + required: true + schema: + type: string + - in: path + name: id + description: Generated by shuffler.io OpenAPI + required: true + schema: + type: string + - in: path + name: scan_id + description: Generated by shuffler.io OpenAPI + required: true + schema: + type: string + - in: header + name: authorization + multiline: false + description: Header generated by shuffler.io OpenAPI + required: false + example: undefined + schema: + type: string + requestBody: + content: {} + "/oneview/v1/accounts/{account_id}/endpoints/{id}/scans/{scan_id}/detections": + get: + responses: + default: + description: default + content: + text/plain: + schema: + type: string + example: |- + { + "detections": [ + { + "affected_application": "", + "category": "", + "detection_id": "", + "group_id": "", + "id": "", + "ip_address": "", + "machine_id": "", + "machine_name": "", + "md5": "", + "path": "", + "port": "", + "process_name": "", + "reported_at": "", + "scan_id": "", + "scanned_at": "", + "scanned_at_local": "", + "status": "", + "threat_name": "", + "url": "" + } + ], + "next_cursor": "", + "total_count": 0 + } + summary: Get the detections of a scan + operationId: Get_the_detections_of_a_scan + description: Get a list of detections of a scan of an endpoint. + parameters: + - in: query + name: next_cursor + description: The pagination cursor for next set of results. For further + documentation, check Pagination section. + required: false + schema: + type: string + - in: query + name: since + description: The Since Schema (Ex. "2020-03-23T17:23:17.860482Z") + required: false + schema: + type: string + - in: path + name: account_id + description: Generated by shuffler.io OpenAPI + required: false + schema: + type: string + - in: path + name: id + description: Generated by shuffler.io OpenAPI + required: false + schema: + type: string + - in: path + name: scan_id + description: Generated by shuffler.io OpenAPI + required: false + schema: + type: string + - in: header + name: authorization + multiline: false + description: Header generated by shuffler.io OpenAPI + required: false + example: undefined + schema: + type: string + requestBody: + content: {} + "/oneview/v1/accounts/{account_id}/endpoints/{id}/status": + get: + responses: + default: + description: default + content: + text/plain: + schema: + type: string + example: |- + { + "isolation": { + "desktop": false, + "network": false, + "process": false, + "status": false + }, + "reboot_required": { + "job_id": "", + "job_state": 0, + "reasons": 0, + "status": false + }, + "remediation_required": { + "infection_count": 0, + "job_state": 0, + "status": false + }, + "scan_needed": { + "last_scanned_at": "", + "status": false + }, + "suspicious_activity": { + "count": 0, + "status": false + } + } + summary: Endpoint status + operationId: Endpoint_status + description: Get endpoint status + parameters: + - in: path + name: id + description: Generated by shuffler.io OpenAPI + required: true + schema: + type: string + - in: path + name: account_id + description: Generated by shuffler.io OpenAPI + required: true + schema: + type: string + - in: header + name: authorization + multiline: false + description: Header generated by shuffler.io OpenAPI + required: false + example: undefined + schema: + type: string + requestBody: + content: {} + "/oneview/v1/accounts/{account_id}/endpoints/{id}/tags": + put: + responses: + default: + description: default + content: + text/plain: + schema: + type: string + example: |- + { + "created_at": "", + "resource_id": "", + "tags": { + "alias": "" + }, + "updated_at": "" + } + summary: Set endpoint tags + operationId: Set_endpoint_tags + description: Add alias to a machine by its ids. To remove the alias, send an + empty string + parameters: + - in: path + name: id + description: Generated by shuffler.io OpenAPI + required: true + schema: + type: string + - in: path + name: account_id + description: Generated by shuffler.io OpenAPI + required: true + schema: + type: string + - in: body + name: body + multiline: true + description: Generated by shuffler.io OpenAPI + required: false + example: |- + { + "alias": "" + } + schema: + type: string + - in: header + name: authorization + multiline: false + description: Header generated by shuffler.io OpenAPI + required: false + example: undefined + schema: + type: string + - in: header + name: accountid + multiline: false + description: Header generated by shuffler.io OpenAPI + required: false + example: undefined + schema: + type: string + requestBody: + description: Generated by Shuffler.io + required: false + content: + example: + example: |- + { + "alias": "" + } + "/oneview/v1/accounts/{account_id}/events": + get: + responses: + default: + description: default + content: + text/plain: + schema: + type: string + example: |- + { + "events": [ + { + "details": { + "filename": "", + "message": "", + "name": "", + "user_email": "", + "user_name": "", + "user_role": "" + }, + "friendly_type": "", + "id": "", + "machine_id": "", + "severity_name": "", + "source_name": "", + "timestamp": "", + "type_name": "", + "user_id": "" + } + ], + "next_cursor": "", + "total_count": 0 + } + summary: Retrieve events + operationId: Retrieve_events + description: Retrieve events associated with your account. + parameters: + - in: query + name: next_cursor + description: The pagination cursor for next set of results. For further + documentation, check Pagination section. + required: false + schema: + type: string + - in: query + name: search_string + description: Search with events with event string. + required: false + schema: + type: string + - in: query + name: machine_id + description: Search with machine_id + required: false + schema: + type: string + - in: query + name: start + description: Timestamp to filter since event times. + required: false + schema: + type: string + - in: query + name: end + description: Timestamp to filter until event times. + required: false + schema: + type: string + - in: query + name: severity_flags + description: Filter with severity flag + required: false + schema: + type: string + - in: query + name: source + description: Filter by event source + required: false + schema: + type: string + - in: path + name: account_id + description: Generated by shuffler.io OpenAPI + required: true + schema: + type: string + - in: header + name: authorization + multiline: false + description: Header generated by shuffler.io OpenAPI + required: false + example: undefined + schema: + type: string + requestBody: + content: {} + "/oneview/v1/accounts/{account_id}/flight-recorder/chart": + post: + responses: + default: + description: default + content: + text/plain: + schema: + type: string + example: "" + summary: Search occurrence of suspicious activity + operationId: Search_occurrence_of_suspicious_activity + description: Search occurrence of suspicious activity. Wildcards are not supported. + parameters: + - in: path + name: account_id + description: Generated by shuffler.io OpenAPI + required: false + schema: + type: string + - in: body + name: body + multiline: true + description: Generated by shuffler.io OpenAPI + required: false + example: |- + { + "time_range": "7d", + "time_window": { + "gte": "", + "lte": "" + } + } + schema: + type: string + - in: header + name: authorization + multiline: false + description: Header generated by shuffler.io OpenAPI + required: false + example: undefined + schema: + type: string + requestBody: + description: Generated by Shuffler.io + required: false + content: + example: + example: |- + { + "time_range": "7d", + "time_window": { + "gte": "", + "lte": "" + } + } + "/oneview/v1/accounts/{account_id}/flight-recorder/endpoints": + post: + responses: + default: + description: default + content: + text/plain: + schema: + type: string + example: |- + { + "results": [ + { + "event_categories": { + "filesystem": 0, + "network": 0, + "process": 0, + "registry": 0 + }, + "first_timestamp": "", + "last_timestamp": "", + "machine_id": "", + "os_type": "", + "pc_hostname": "" + } + ], + "total": 0 + } + summary: "Search suspicious activity receiving impact information on an endpoint " + operationId: Search_suspicious_activity_receiving_impact_information_on_an_endpoint_ + description: Search suspicious activity receiving impact information on an endpoint. + parameters: + - in: path + name: account_id + description: Generated by shuffler.io OpenAPI + required: false + schema: + type: string + - in: body + name: body + multiline: true + description: Generated by shuffler.io OpenAPI + required: false + example: |- + { + "time_range": "7d", + "time_window": { + "gte": "", + "lte": "" + } + } + schema: + type: string + - in: header + name: authorization + multiline: false + description: Header generated by shuffler.io OpenAPI + required: false + example: undefined + schema: + type: string + requestBody: + description: Generated by Shuffler.io + required: false + content: + example: + example: |- + { + "time_range": "7d", + "time_window": { + "gte": "", + "lte": "" + } + } + "/oneview/v1/accounts/{account_id}/flight-recorder/process_graph": + post: + responses: + default: + description: default + content: + text/plain: + schema: + type: string + example: |- + { + "children": [ + { + "edge_info": { + "command_line": "", + "relation": "", + "timestamp": "" + }, + "id": "", + "name": "", + "node_info": { + "dropped": false, + "main_node": false, + "process_id": "", + "process_path": "" + }, + "node_type": "" + } + ], + "id": "", + "name": "", + "node_type": "" + } + summary: "Search the process graph " + operationId: Search_the_process_graph_ + description: Search the process graph. + parameters: + - in: path + name: account_id + description: Generated by shuffler.io OpenAPI + required: false + schema: + type: string + - in: body + name: body + multiline: true + description: Generated by shuffler.io OpenAPI + required: false + example: |- + { + "account_id": "", + "machine_id": "", + "os_type": "Windows", + "path": "", + "pid": "", + "pid_version": 0, + "time_range": "7d", + "time_window": { + "gte": "", + "lte": "" + } + } + schema: + type: string + - in: header + name: authorization + multiline: false + description: Header generated by shuffler.io OpenAPI + required: false + example: undefined + schema: + type: string + requestBody: + description: Generated by Shuffler.io + required: false + content: + example: + example: |- + { + "account_id": "", + "machine_id": "", + "os_type": "Windows", + "path": "", + "pid": "", + "pid_version": 0, + "time_range": "7d", + "time_window": { + "gte": "", + "lte": "" + } + } + "/oneview/v1/accounts/{account_id}/flight-recorder/processes": + post: + responses: + default: + description: default + content: + text/plain: + schema: + type: string + example: |- + { + "results": [ + { + "event_categories": { + "network": 0, + "other": 0, + "process": 0, + "registry": 0, + "script_activity": 0, + "system_event": 0 + }, + "first_activity": "", + "last_activity": "", + "machine_id": "", + "md5": "", + "pid": "", + "pid_version": "", + "process_path": "", + "sha1": "", + "sha512": "", + "user": "" + } + ], + "total": 0 + } + summary: "Search a list of processes " + operationId: Search_a_list_of_processes_ + description: Retrieve a list of processes matching the search input for the + specified endpoint. + parameters: + - in: path + name: account_id + description: Generated by shuffler.io OpenAPI + required: false + schema: + type: string + - in: body + name: body + multiline: true + description: Generated by shuffler.io OpenAPI + required: false + example: |- + { + "event_category": "process", + "first_activity_gte": "", + "first_activity_lte": "", + "last_activity_gte": "", + "last_activity_lte": "", + "machine_id": "", + "md5": "", + "os_type": "", + "pc_hostname": "", + "pid": "", + "pid_version": "", + "process_name": "", + "process_path": "", + "sha1": "", + "sha256": "", + "sha512": "", + "time_range": "7d", + "time_window": { + "gte": "", + "lte": "" + }, + "user": "" + } + schema: + type: string + - in: header + name: authorization + multiline: false + description: Header generated by shuffler.io OpenAPI + required: false + example: undefined + schema: + type: string + requestBody: + description: Generated by Shuffler.io + required: false + content: + example: + example: |- + { + "event_category": "process", + "first_activity_gte": "", + "first_activity_lte": "", + "last_activity_gte": "", + "last_activity_lte": "", + "machine_id": "", + "md5": "", + "os_type": "", + "pc_hostname": "", + "pid": "", + "pid_version": "", + "process_name": "", + "process_path": "", + "sha1": "", + "sha256": "", + "sha512": "", + "time_range": "7d", + "time_window": { + "gte": "", + "lte": "" + }, + "user": "" + } + "/oneview/v1/accounts/{account_id}/flight-recorder/raw_events": + post: + responses: + default: + description: default + content: + text/plain: + schema: + type: string + example: |- + { + "results": [ + { + "account_id": "", + "amsi_data": "", + "amsi_data_type": "", + "command_line": "", + "create_options": "", + "etw_data": "", + "event_category": "", + "event_type": "", + "evt_log_data": "", + "hostname": "", + "ipv4_local_ip": "", + "ipv4_remote_country_code": "", + "ipv4_remote_ip": "", + "ipv6_local_ip": "", + "ipv6_remote_country_code": "", + "ipv6_remote_ip": "", + "local_port": "", + "machine_id": "", + "new_name": "", + "new_path": "", + "new_process_id": "", + "object_name": "", + "object_path": "", + "process_name": "", + "protocol": "", + "registry_data": "", + "registry_data_type": "", + "registry_key": "", + "registry_value": "", + "remote_port": "", + "sha256": "", + "stream_id": "", + "timestamp": "", + "winlog_event_id": "" + } + ], + "total": 0 + } + summary: "Search a list of raw events " + operationId: Search_a_list_of_raw_events_ + description: Retrieve a list of raw events matching the given filters for the + specified endpoint. + parameters: + - in: path + name: account_id + description: Generated by shuffler.io OpenAPI + required: false + schema: + type: string + - in: body + name: body + multiline: true + description: Generated by shuffler.io OpenAPI + required: false + example: |- + { + "event_type": "ANTIMALWARE_SCAN", + "first_activity": "", + "last_activity": "", + "machine_id": "", + "page": 1, + "page_size": 1, + "path": "", + "pid": "", + "pid_version": "" + } + schema: + type: string + - in: header + name: authorization + multiline: false + description: Header generated by shuffler.io OpenAPI + required: false + example: undefined + schema: + type: string + requestBody: + description: Generated by Shuffler.io + required: false + content: + example: + example: |- + { + "event_type": "ANTIMALWARE_SCAN", + "first_activity": "", + "last_activity": "", + "machine_id": "", + "page": 1, + "page_size": 1, + "path": "", + "pid": "", + "pid_version": "" + } + "/oneview/v1/accounts/{account_id}/flight-recorder/recap": + post: + responses: + default: + description: default + content: + text/plain: + schema: + type: string + example: |- + { + "endpoints": 0, + "first_seen": { + "machine_id": "", + "pc_hostname": "", + "timestamp": "" + }, + "last_seen": { + "machine_id": "", + "pc_hostname": "", + "timestamp": "" + } + } + summary: Search suspicious activity + operationId: Search_suspicious_activity + description: Search suspicious activity. Wildcards are not supported. + parameters: + - in: path + name: account_id + description: Generated by shuffler.io OpenAPI + required: false + schema: + type: string + - in: body + name: body + multiline: true + description: Generated by shuffler.io OpenAPI + required: false + example: |- + { + "time_range": "7d", + "time_window": { + "gte": "", + "lte": "" + } + } + schema: + type: string + - in: header + name: authorization + multiline: false + description: Header generated by shuffler.io OpenAPI + required: false + example: undefined + schema: + type: string + requestBody: + description: Generated by Shuffler.io + required: false + content: + example: + example: |- + { + "time_range": "7d", + "time_window": { + "gte": "", + "lte": "" + } + } + "/oneview/v1/accounts/{account_id}/flight-recorder/search": + post: + responses: + default: + description: default + content: + text/plain: + schema: + type: string + example: |- + { + "results": [ + { + "event_categories": { + "network": 0, + "other": 0, + "process": 0, + "registry": 0, + "script_activity": 0, + "system_event": 0 + }, + "first_activity": "", + "last_activity": "", + "machine_id": "", + "md5": "", + "pid": "", + "pid_version": "", + "process_path": "", + "sha1": "", + "sha512": "", + "user": "" + } + ], + "total": 0 + } + summary: "Search the flight recorder with advanced queries " + operationId: Search_the_flight_recorder_with_advanced_queries_ + description: Search the flight recorder with advanced queries. + parameters: + - in: path + name: account_id + description: Generated by shuffler.io OpenAPI + required: false + schema: + type: string + - in: body + name: body + multiline: true + description: Generated by shuffler.io OpenAPI + required: false + example: |- + { + "event_category": "network", + "pc_hostname": "", + "time_range": "7d", + "time_window": { + "gte": "", + "lte": "" + } + } + schema: + type: string + - in: header + name: authorization + multiline: false + description: Header generated by shuffler.io OpenAPI + required: false + example: undefined + schema: + type: string + requestBody: + description: Generated by Shuffler.io + required: false + content: + example: + example: |- + { + "event_category": "network", + "pc_hostname": "", + "time_range": "7d", + "time_window": { + "gte": "", + "lte": "" + } + } + "/oneview/v1/accounts/{account_id}/groups": + get: + responses: + default: + description: default + content: + text/plain: + schema: + type: string + example: |- + { + "groups": [ + { + "account_id": "", + "child_group_count": 0, + "id": "", + "is_default": false, + "machines_count": 0, + "name": "", + "parent_id": "", + "policy_id": "", + "policy_name": "", + "root_id": "", + "updated_at": "" + } + ], + "next_cursor": "", + "total_count": 0 + } + summary: Get all groups + operationId: Get_all_groups + description: Get all groups in an account. + parameters: + - in: query + name: name + description: Filter by group name + required: false + schema: + type: string + - in: query + name: parent_id + description: For filtering by parent group ID (Ex. + "9256034b-7967-4253-a5d9-260663e4fa4f") + required: false + schema: + type: string + - in: query + name: filter_by_parent_id + description: Set this to 'true' when parent_id has been set. + required: false + schema: + type: string + - in: query + name: next_cursor + description: The pagination cursor for next set of results. For further + documentation, check Pagination section. + required: false + schema: + type: string + - in: path + name: account_id + description: Generated by shuffler.io OpenAPI + required: true + schema: + type: string + - in: header + name: authorization + multiline: false + description: Header generated by shuffler.io OpenAPI + required: false + example: undefined + schema: + type: string + requestBody: + content: {} + post: + responses: + default: + description: default + content: + text/plain: + schema: + type: string + example: |- + { + "account_id": "", + "child_group_count": 0, + "id": "", + "is_default": false, + "machines_count": 0, + "name": "", + "parent_id": "", + "policy_id": "", + "policy_name": "", + "root_id": "", + "updated_at": "" + } + summary: Create group + operationId: Create_group + description: Create group. + parameters: + - in: path + name: account_id + description: Generated by shuffler.io OpenAPI + required: true + schema: + type: string + - in: body + name: body + multiline: true + description: Generated by shuffler.io OpenAPI + required: false + example: |- + { + "name": "", + "parent_id": "", + "policy_id": "" + } + schema: + type: string + - in: header + name: authorization + multiline: false + description: Header generated by shuffler.io OpenAPI + required: false + example: undefined + schema: + type: string + requestBody: + description: Generated by Shuffler.io + required: false + content: + example: + example: |- + { + "name": "", + "parent_id": "", + "policy_id": "" + } + "/oneview/v1/accounts/{account_id}/groups/{id}": + delete: + responses: + default: + description: default + content: + text/plain: + schema: + type: string + example: "" + summary: Delete group by its id + operationId: Delete_group_by_its_id + description: Delete group by its id. + parameters: + - in: path + name: id + description: Generated by shuffler.io OpenAPI + required: true + schema: + type: string + - in: path + name: account_id + description: Generated by shuffler.io OpenAPI + required: true + schema: + type: string + - in: body + name: body + multiline: true + description: Generated by shuffler.io OpenAPI + required: false + example: "" + schema: + type: string + - in: header + name: authorization + multiline: false + description: Header generated by shuffler.io OpenAPI + required: false + example: undefined + schema: + type: string + requestBody: + description: Generated by Shuffler.io + required: false + content: + example: + example: "" + get: + responses: + default: + description: default + content: + text/plain: + schema: + type: string + example: |- + { + "account_id": "", + "child_group_count": 0, + "id": "", + "is_default": false, + "machines_count": 0, + "name": "", + "parent_id": "", + "policy_id": "", + "policy_name": "", + "root_id": "", + "updated_at": "" + } + summary: Get group by id + operationId: Get_group_by_id + description: Get group by id. + parameters: + - in: path + name: id + description: Generated by shuffler.io OpenAPI + required: true + schema: + type: string + - in: path + name: account_id + description: Generated by shuffler.io OpenAPI + required: true + schema: + type: string + - in: header + name: authorization + multiline: false + description: Header generated by shuffler.io OpenAPI + required: false + example: undefined + schema: + type: string + requestBody: + content: {} + put: + responses: + default: + description: default + content: + text/plain: + schema: + type: string + example: |- + { + "account_id": "", + "child_group_count": 0, + "id": "", + "is_default": false, + "machines_count": 0, + "name": "", + "parent_id": "", + "policy_id": "", + "policy_name": "", + "root_id": "", + "updated_at": "" + } + summary: Update group + operationId: Update_group + description: Update group. + parameters: + - in: path + name: id + description: Generated by shuffler.io OpenAPI + required: true + schema: + type: string + - in: path + name: account_id + description: Generated by shuffler.io OpenAPI + required: true + schema: + type: string + - in: body + name: body + multiline: true + description: Generated by shuffler.io OpenAPI + required: false + example: |- + { + "name": "", + "parent_id": "", + "policy_id": "" + } + schema: + type: string + - in: header + name: authorization + multiline: false + description: Header generated by shuffler.io OpenAPI + required: false + example: undefined + schema: + type: string + requestBody: + description: Generated by Shuffler.io + required: false + content: + example: + example: |- + { + "name": "", + "parent_id": "", + "policy_id": "" + } + "/oneview/v1/accounts/{account_id}/installers": + get: + responses: + default: + description: default + content: + text/plain: + schema: + type: string + example: |- + { + "mac_os": { + "link": "", + "md5": "", + "sha256": "", + "url": "", + "version": "" + }, + "win_full": { + "link": "", + "md5": "", + "sha256": "", + "url": "", + "version": "" + }, + "win_msi": { + "link": "", + "md5": "", + "sha256": "", + "url": "", + "version": "" + }, + "win_web": { + "link": "", + "md5": "", + "sha256": "", + "url": "", + "version": "" + }, + "x64_msi": { + "link": "", + "md5": "", + "sha256": "", + "url": "", + "version": "" + } + } + summary: Retrieve installerss links + operationId: Retrieve_installerss_links + description: >- + Endpoint software can be installed in the following ways: + + + - Active Directory (AD) Group Policy + + - System Center Configuration Manager (SCCM) + + - Third-party deployment tools + + - Manually on the endpoints + + - Discovery & Deployment Tool + + - Once the installation is complete, the endpoints display in the Nebula console. + + + To retrieve account-specific installers, use the following API endpoints. The response includes a download URL for all the available installers. These download URLs expire in one hour. + + + The available installers are: + + + | Name | Description | + + |------|-------------| + + | win_msi | This .msi installation package is lightweight. It includes the 32-bit Endpoint Agent, but does not include the .NET framework or other required software.| + + | x64_msi | This .msi installation package is lightweight. It includes the 64-bit Endpoint Agent, but does not include the .NET framework or other required software.| + + | mac_os | macOS 10.11 El Capitan up to macOS 14 Sonoma. This .pkg installer package includes the Endpoint Agent. | + + + Please note: the hash fields remain to not change the response, however they will be empty strings. This is due to a change in installer generation. + + If you require the installer's hash, please consult the installer's download response headers. + + win_full and win_web have been deprecated but will remain in the response. + parameters: + - in: path + name: account_id + description: Generated by shuffler.io OpenAPI + required: true + schema: + type: string + - in: header + name: authorization + multiline: false + description: Header generated by shuffler.io OpenAPI + required: false + example: undefined + schema: + type: string + requestBody: + content: {} + "/oneview/v1/accounts/{account_id}/jobs": + post: + responses: + default: + description: default + content: + text/plain: + schema: + type: string + example: |- + { + "jobs": [ + { + "job_id": "", + "machine_id": "" + } + ], + "total_count": 0 + } + summary: Issue a job + operationId: Issue_a_job + description: > + Use this endpoint to issue a job on one or more of your endpoints within + an account + + + Possible `command`s are: + + + | Name | Description | + + |------|-------------| + + | command.threat.scan | Issue a scan on the target endpoint (machine) | + + | command.asset.reboot | Reboot an endpoint | + + | command.service.restart | Restart the endpoint agent | + + | command.protection.update.now | Check for protection updates | + + | command.machine.update.now | Check for software updates | + + | command.asset.refresh | Refresh asset information about an endpoint | + + | command.edr.isolation | Isolate a machine | + + | command.threat.quarantine.remove | Delete item from quarantine | + + | command.threat.quarantine.restore | Restore item from quarantine | + + | command.bfp.rules.delete | Delete Active Block Rules | + + | command.service.diag | Generate Diagnostic Logs | + + | command.edr.fileupload | File Upload for Analysis | + + | command.edr.unlock.force | Force Remove Endpoint Isolation | + + | command.edr.lock | Isolating Endpoint | + + | command.sequence.remediate | Remediated Endpoint | + + | command.edr.unlock | Remove Endpoint Isolation | + + | command.logging.level.set | Endpoint Logging Level Changed | + + | command.threat.scan.remediate | Remediate Endpoint | + + | command.policy.refresh | Refresh Policy | + + | command.machine.plugin.updateparts | Install Software Updates | + + | command.asset.patch | Install Software Patch | + + | command.asset.updatesoftware | Install Software Update | + + + Jobs are issued asynchronously and processed by endpoint agents when they get online. If you want to get notifications about the progress of a job, create a subscription to the `job_status_change` webhook event. + + + + ## Command specific data + + You can customize each command using specific settings. Supply those command-specific settings in the `data` parameter. + + + ### command.threat.quarantine.restore + + Restore item from quarantine. Specify one or more detection ids + + ```json + + {"restore_items":["7021ebec-b7b8-49b3-8709-f36bf5002c30"]} + + ``` + + + ### command.threat.quarantine.remove + + Delete item from quarantine. Specify one or more detection ids + + ```json + + {"delete_items":["7021ebec-b7b8-49b3-8709-f36bf5002c30"]} + + ``` + + + ### command.threat.scan + + + If you want to just report detections: + + ```json + + {"scan_settings":{"type":"ThreatScan","remove":false}} + + ``` + + + If you want to quarantine detected items: + + ```json + + {"scan_settings":{"type":"ThreatScan","remove":true}} + + ``` + + + ### command.edr.isolation + + Specify the extent of your isolation. Can be any combination of `desktop`, `network`, or `process`. + + ```json + + {"desktop":true,"network":true,"process":true} + + ``` + + + ### command.asset.patch + + Install Software Patch + + ```json + + { + "patches": [ + { + "category": "feature_pack", + "product": "Silverlight", + "severity": "critical", + "title": "Microsoft Silverlight (KB4481252)", + "vendor": "Microsoft Corporation" + } + ] + } + + ``` + + + ### command.asset.updatesoftware + + Install Software Update + + ```json + + { + "application_name": "Chrome", + "current_version": "96.0.4664.45", + "new_version": "97.0.2103.01", + "product": 41, + "vendor": "Google", + "architecture": "x86", + "language": "en-US" + } + + ``` + + ## Important considerations about this endpoint + + For performance reasons, if you supply more than 100 endpoint ids (`machine_ids`), you will not receive the list of job ids in the response. If you need to track the issued jobs, batch endpoints in groups smaller than 100 items. + parameters: + - in: path + name: account_id + description: Generated by shuffler.io OpenAPI + required: false + schema: + type: string + - in: body + name: body + multiline: true + description: Generated by shuffler.io OpenAPI + required: false + example: |- + { + "command": "", + "data": { + "allow_postpone_reboot": false, + "application_name": "", + "architecture": "", + "ark": false, + "current_version": "", + "delay_in_seconds": 0, + "enable_shuriken": false, + "exclusions": [ + { + "exclude_from": {}, + "type": "", + "value": "" + } + ], + "language": "", + "message": "", + "new_version": "", + "no_archive": false, + "no_reboot": false, + "patches": [ + { + "category": "", + "product": "", + "severity": "", + "title": "", + "vendor": "" + } + ], + "product": 0, + "pum_detection": "", + "pup_detection": "", + "reasons": 0, + "reboot_delay": 0, + "reboot_delay_rrule": "", + "reboot_message": "", + "remove": false, + "scan_file_system": false, + "scan_fixed_drives": false, + "scan_memory": false, + "scan_path": "", + "scan_path_from_list_file": false, + "scan_priority": "", + "scan_registry": false, + "scan_settings": { + "type": "" + }, + "scan_startup": false, + "type": "", + "vendor": "" + }, + "relay_state": "", + "requires_connected": false + } + schema: + type: string + - in: header + name: authorization + multiline: false + description: Header generated by shuffler.io OpenAPI + required: false + example: undefined + schema: + type: string + requestBody: + description: Generated by Shuffler.io + required: false + content: + example: + example: |- + { + "command": "", + "data": { + "allow_postpone_reboot": false, + "application_name": "", + "architecture": "", + "ark": false, + "current_version": "", + "delay_in_seconds": 0, + "enable_shuriken": false, + "exclusions": [ + { + "exclude_from": {}, + "type": "", + "value": "" + } + ], + "language": "", + "message": "", + "new_version": "", + "no_archive": false, + "no_reboot": false, + "patches": [ + { + "category": "", + "product": "", + "severity": "", + "title": "", + "vendor": "" + } + ], + "product": 0, + "pum_detection": "", + "pup_detection": "", + "reasons": 0, + "reboot_delay": 0, + "reboot_delay_rrule": "", + "reboot_message": "", + "remove": false, + "scan_file_system": false, + "scan_fixed_drives": false, + "scan_memory": false, + "scan_path": "", + "scan_path_from_list_file": false, + "scan_priority": "", + "scan_registry": false, + "scan_settings": { + "type": "" + }, + "scan_startup": false, + "type": "", + "vendor": "" + }, + "relay_state": "", + "requires_connected": false + } + "/oneview/v1/accounts/{account_id}/jobs/{id}": + get: + responses: + default: + description: default + content: + text/plain: + schema: + type: string + example: |- + { + "command": "", + "expires_at": "", + "id": "", + "issued_at": "", + "issued_by": "", + "issued_by_email": "", + "issued_by_name": "", + "machine_id": "", + "machine_name": "", + "relay_state": "", + "scan_id": "", + "state": "", + "updated_at": "" + } + summary: Get details about a job + operationId: Get_details_about_a_job + description: Get a job and its full information by its ID. + parameters: + - in: path + name: id + description: Generated by shuffler.io OpenAPI + required: true + schema: + type: string + - in: path + name: account_id + description: Generated by shuffler.io OpenAPI + required: true + schema: + type: string + - in: header + name: authorization + multiline: false + description: Header generated by shuffler.io OpenAPI + required: false + example: undefined + schema: + type: string + requestBody: + content: {} + "/oneview/v1/accounts/{account_id}/preferences/notifications": + get: + responses: + default: + description: default + content: + text/plain: + schema: + type: string + example: |- + { + "email": "true", + "slack": "true", + "teams": "true", + "webhook": "true" + } + summary: Get notifications preferences + operationId: Get_notifications_preferences + description: Get notifications delivery preferences + parameters: + - in: path + name: account_id + description: Generated by shuffler.io OpenAPI + required: true + schema: + type: string + - in: header + name: authorization + multiline: false + description: Header generated by shuffler.io OpenAPI + required: false + example: undefined + schema: + type: string + requestBody: + content: {} + put: + responses: + default: + description: default + content: + text/plain: + schema: + type: string + example: |- + { + "email": "true", + "slack": "true", + "teams": "true", + "webhook": "true" + } + summary: Put notifications preferences + operationId: Put_notifications_preferences + description: Put notifications delivery preferences + parameters: + - in: path + name: account_id + description: Generated by shuffler.io OpenAPI + required: true + schema: + type: string + - in: body + name: body + multiline: true + description: Generated by shuffler.io OpenAPI + required: false + example: |- + { + "email": "true", + "slack": "true", + "teams": "true", + "webhook": "true" + } + schema: + type: string + - in: header + name: authorization + multiline: false + description: Header generated by shuffler.io OpenAPI + required: false + example: undefined + schema: + type: string + requestBody: + description: Generated by Shuffler.io + required: false + content: + example: + example: |- + { + "email": "true", + "slack": "true", + "teams": "true", + "webhook": "true" + } + "/oneview/v1/accounts/{account_id}/quarantine": + get: + responses: + default: + description: default + content: + text/plain: + schema: + type: string + example: |- + { + "next_cursor": "", + "quarantined_threats": [ + { + "affected_application": "", + "category": "", + "detection_id": "", + "group_id": "", + "group_name": "", + "id": "", + "ip_address": "", + "machine_id": "", + "machine_name": "", + "md5": "", + "path": "", + "policy_id": "", + "policy_name": "", + "port": "", + "process_name": "", + "reported_at": "", + "scan_id": "", + "scanned_at": "", + "scanned_at_local": "", + "status": "", + "threat_name": "", + "url": "" + } + ], + "total_count": 0 + } + summary: Get quarantines + operationId: Get_quarantines + description: Get all quarantined items scoped by account. Refer to Jobs apis to + restore and delete items from quarantine + parameters: + - in: query + name: next_cursor + description: The pagination cursor for next set of results. For further + documentation, check Pagination section. + required: false + schema: + type: string + - in: query + name: name + description: Search with quarantine threat name. + required: false + schema: + type: string + - in: query + name: category + description: Search with quarantine category. + required: false + schema: + type: string + - in: query + name: type + description: Search with quarantine type + required: false + schema: + type: string + - in: query + name: since + description: Timestamp to filter since quarantine scan times. + required: false + schema: + type: string + - in: query + name: until + description: Timestamp to filter until quarantine scan times. + required: false + schema: + type: string + - in: path + name: account_id + description: Generated by shuffler.io OpenAPI + required: true + schema: + type: string + - in: header + name: authorization + multiline: false + description: Header generated by shuffler.io OpenAPI + required: false + example: undefined + schema: + type: string + requestBody: + content: {} + "/oneview/v1/accounts/{account_id}/quarantine/export": + post: + responses: + default: + description: default + content: + text/plain: + schema: + type: string + example: "" + summary: Export quarantine + operationId: Export_quarantine + description: > + Export quarantined items data. You can export only per one account at a + time. Specify your interested fields and the output format. + + + Supported output formats: csv, xlsx, json. + + + ## Settings + + + | Name | Description | + + |------|-------------| + + | download | If set to true, the server will set the `Content-Disposition` header using the `filename` and `format` | + + | select | Which fields to select, and which field name to map to. See request schema for allowed values | + + | type | Output encoding (for `csv` and `json` format) | + + | filename | Name of the file to be set in `Content-Disposition` header if `download` = true | + + + Currently the export API has a limit of 10000 items. Apply filters to narrow your search and get the desired results. + + + ## Examples + + + ### Download HTML file + + + A request with this body sent by a browser will download a file called `nameofthefile.html`, displaying a table with columns: `Path`, `Name`, `Machine ID`, `Machine Name` for all quarantind items: + + + ```json + { + "format": "html", + "type": "string", + "filename": "nameofthefile", + "download": true, + "select": [{ + "field": "path", + "newField": "Path" + },{ + "field": "threat_name", + "newField": "Name" + }, { + "field": "machine_id", + "newField": "Machine ID" + }, { + "field": "machine_name", + "newField": "Machine Name" + }] + } + ``` + parameters: + - in: query + name: next_cursor + description: The pagination cursor for next set of results. For further + documentation, check Pagination section. + required: false + schema: + type: string + - in: query + name: name + description: Search with quarantine threat name. + required: false + schema: + type: string + - in: query + name: category + description: Search with quarantine category. + required: false + schema: + type: string + - in: query + name: type + description: Search with quarantine type + required: false + schema: + type: string + - in: query + name: since + description: Timestamp to filter since quarantine scan times. + required: false + schema: + type: string + - in: query + name: until + description: Timestamp to filter until quarantine scan times. + required: false + schema: + type: string + - in: path + name: account_id + description: Generated by shuffler.io OpenAPI + required: true + schema: + type: string + - in: body + name: body + multiline: true + description: Generated by shuffler.io OpenAPI + required: false + example: |- + { + "download": false, + "format": "csv", + "select": [ + { + "field": "id", + "newField": "" + } + ], + "type": "string" + } + schema: + type: string + - in: header + name: authorization + multiline: false + description: Header generated by shuffler.io OpenAPI + required: false + example: undefined + schema: + type: string + requestBody: + description: Generated by Shuffler.io + required: false + content: + example: + example: |- + { + "download": false, + "format": "csv", + "select": [ + { + "field": "id", + "newField": "" + } + ], + "type": "string" + } + "/oneview/v1/accounts/{account_id}/quarantine/search": + post: + responses: + default: + description: default + content: + text/plain: + schema: + type: string + example: |- + { + "next_cursor": "", + "quarantine": [ + { + "account_id": "", + "account_name": "", + "category": "", + "cleaned_at": "", + "correlation_hash": "", + "detection_id": "", + "group_id": "", + "group_name": "", + "id": "", + "is_rtp_stream_event": false, + "machine_id": "", + "machine_name": "", + "md5": "", + "parent_account_id": "", + "parent_detection_id": "", + "path": "", + "policy_id": "", + "policy_name": "", + "reported_at": "", + "rule_id": "", + "scan_id": "", + "scanned_at": "", + "scanned_at_offset_seconds": 0, + "sha256": "", + "threat_name": "", + "trace_id": "", + "updated_at": "" + } + ], + "total_count": 0 + } + summary: Search quarantines + operationId: Search_quarantines + description: Search all quarantined items scoped by (parent) account. It's + possible to add some constraints to filter the result + parameters: + - in: path + name: account_id + description: Generated by shuffler.io OpenAPI + required: true + schema: + type: string + - in: body + name: body + multiline: true + description: Generated by shuffler.io OpenAPI + required: false + example: "" + schema: + type: string + - in: header + name: authorization + multiline: false + description: Header generated by shuffler.io OpenAPI + required: false + example: undefined + schema: + type: string + requestBody: + description: Generated by Shuffler.io + required: false + content: + example: + example: "" + "/oneview/v1/accounts/{account_id}/sa": + get: + responses: + default: + description: default + content: + text/plain: + schema: + type: string + example: |- + { + "next_cursor": "", + "sa": [ + { + "account_id": "", + "closed": 0, + "detected_by_count": 0, + "level": 0, + "machine_id": "", + "path": "", + "pc_hostname": "", + "status": "", + "timestamp": "" + } + ], + "total_count": 0 + } + summary: Suspicious activity of the account + operationId: Suspicious_activity_of_the_account + description: Fetch suspicious activity records of the account. + parameters: + - in: query + name: sort_field + description: Sort field + required: false + schema: + type: string + - in: query + name: sort_direction + description: Sort direction + required: false + schema: + type: string + - in: query + name: next_cursor + description: The pagination cursor for next set of results. For further + documentation, check Pagination section. + required: false + schema: + type: string + - in: query + name: since + description: Since (Ex. "2020-03-23T17:23:17.860482Z") + required: false + schema: + type: string + - in: query + name: group_ids + description: Group ID (Ex. "9256034b-7967-4253-a5d9-260663e4fa4f") + required: false + schema: + type: string + - in: query + name: per_page + description: Page size + required: false + schema: + type: string + - in: path + name: account_id + description: Generated by shuffler.io OpenAPI + required: false + schema: + type: string + - in: header + name: authorization + multiline: false + description: Header generated by shuffler.io OpenAPI + required: false + example: undefined + schema: + type: string + requestBody: + content: {} + "/oneview/v1/accounts/{account_id}/sa/details": + post: + responses: + default: + description: default + content: + text/plain: + schema: + type: string + example: |- + { + "list": [], + "pc_hostname": "", + "status": "", + "tot": 0 + } + summary: Suspicious activity details + operationId: Suspicious_activity_details + description: Fetch details of suspicious activity. + parameters: + - in: query + name: next_cursor + description: The pagination cursor for next set of results. For further + documentation, check Pagination section. + required: false + schema: + type: string + - in: path + name: account_id + description: Generated by shuffler.io OpenAPI + required: false + schema: + type: string + - in: body + name: body + multiline: true + description: Generated by shuffler.io OpenAPI + required: false + example: |- + { + "endpoint": "" + } + schema: + type: string + - in: header + name: authorization + multiline: false + description: Header generated by shuffler.io OpenAPI + required: false + example: undefined + schema: + type: string + requestBody: + description: Generated by Shuffler.io + required: false + content: + example: + example: |- + { + "endpoint": "" + } + "/oneview/v1/accounts/{account_id}/sa/{id}/process_graph": + get: + responses: + default: + description: default + content: + text/plain: + schema: + type: string + example: |- + { + "children": [], + "id": "", + "name": "", + "node_type": "" + } + summary: Suspicious activity process graph + operationId: Suspicious_activity_process_graph + description: Fetch process graph of suspicious activity. + parameters: + - in: path + name: account_id + description: Generated by shuffler.io OpenAPI + required: true + schema: + type: string + - in: path + name: id + description: Generated by shuffler.io OpenAPI + required: true + schema: + type: string + - in: header + name: authorization + multiline: false + description: Header generated by shuffler.io OpenAPI + required: false + example: undefined + schema: + type: string + requestBody: + content: {} + "/oneview/v1/accounts/{account_id}/schedules": + get: + responses: + default: + description: default + content: + text/plain: + schema: + type: string + example: |- + { + "next_cursor": "", + "schedules": [ + { + "command": "", + "command_data": { + "mac_scan_settings": { + "pup_detection": "", + "remove": false + }, + "scan_settings": { + "ark": false, + "fixed_drive": false, + "no_archive": false, + "pum_detection": "", + "pup_detection": "", + "remove": false, + "scan_memory": true, + "scan_path": "", + "scan_registry": false, + "scan_startup": false, + "type": "" + }, + "schedule_for_mac": false, + "schedule_for_windows": false + }, + "enabled": true, + "etag": "", + "id": "", + "name": "", + "rrule": "" + } + ], + "total_count": 0 + } + summary: Get schedules + operationId: Get_schedules + description: Get schedules. You must create a separate request "Get schedule by + id" to get assigned groups for a schedule. has to be made. + parameters: + - in: query + name: next_cursor + description: The pagination cursor for next set of results. For further + documentation, check Pagination section. + required: false + schema: + type: string + - in: path + name: account_id + description: Generated by shuffler.io OpenAPI + required: true + schema: + type: string + - in: header + name: authorization + multiline: false + description: Header generated by shuffler.io OpenAPI + required: false + example: undefined + schema: + type: string + requestBody: + content: {} + post: + responses: + default: + description: default + content: + text/plain: + schema: + type: string + example: |- + { + "command": "", + "command_data": { + "mac_scan_settings": { + "pup_detection": "", + "remove": false + }, + "scan_settings": { + "ark": false, + "fixed_drive": false, + "no_archive": false, + "pum_detection": "", + "pup_detection": "", + "remove": false, + "scan_memory": true, + "scan_path": "", + "scan_registry": false, + "scan_startup": false, + "type": "" + }, + "schedule_for_mac": false, + "schedule_for_windows": false + }, + "enabled": true, + "etag": "", + "id": "", + "name": "", + "rrule": "" + } + summary: Create schedule + operationId: Create_schedule + description: Create schedule. you must use "Add groups for schedule" to add a + group route. + parameters: + - in: path + name: account_id + description: Generated by shuffler.io OpenAPI + required: true + schema: + type: string + - in: body + name: body + multiline: true + description: Generated by shuffler.io OpenAPI + required: false + example: |- + { + "command": "", + "command_data": { + "mac_scan_settings": { + "pup_detection": "Detect", + "remove": false + }, + "scan_settings": { + "ark": false, + "fixed_drive": false, + "no_archive": false, + "pum_detection": "Detect", + "pup_detection": "Detect", + "remove": false, + "scan_memory": true, + "scan_path": "", + "scan_registry": false, + "scan_startup": false, + "type": "" + }, + "schedule_for_mac": false, + "schedule_for_windows": false + }, + "enabled": true, + "name": "", + "rrule": "" + } + schema: + type: string + - in: header + name: authorization + multiline: false + description: Header generated by shuffler.io OpenAPI + required: false + example: undefined + schema: + type: string + requestBody: + description: Generated by Shuffler.io + required: false + content: + example: + example: |- + { + "command": "", + "command_data": { + "mac_scan_settings": { + "pup_detection": "Detect", + "remove": false + }, + "scan_settings": { + "ark": false, + "fixed_drive": false, + "no_archive": false, + "pum_detection": "Detect", + "pup_detection": "Detect", + "remove": false, + "scan_memory": true, + "scan_path": "", + "scan_registry": false, + "scan_startup": false, + "type": "" + }, + "schedule_for_mac": false, + "schedule_for_windows": false + }, + "enabled": true, + "name": "", + "rrule": "" + } + "/oneview/v1/accounts/{account_id}/schedules/{id}": + delete: + responses: + default: + description: default + content: + text/plain: + schema: + type: string + example: "" + summary: Delete a schedule + operationId: Delete_a_schedule + description: Delete a schedule by its id. + parameters: + - in: path + name: id + description: Generated by shuffler.io OpenAPI + required: true + schema: + type: string + - in: path + name: account_id + description: Generated by shuffler.io OpenAPI + required: true + schema: + type: string + - in: body + name: body + multiline: true + description: Generated by shuffler.io OpenAPI + required: false + example: "" + schema: + type: string + - in: header + name: authorization + multiline: false + description: Header generated by shuffler.io OpenAPI + required: false + example: undefined + schema: + type: string + requestBody: + description: Generated by Shuffler.io + required: false + content: + example: + example: "" + get: + responses: + default: + description: default + content: + text/plain: + schema: + type: string + example: |- + { + "command": "", + "command_data": { + "mac_scan_settings": { + "pup_detection": "", + "remove": false + }, + "scan_settings": { + "ark": false, + "fixed_drive": false, + "no_archive": false, + "pum_detection": "", + "pup_detection": "", + "remove": false, + "scan_memory": true, + "scan_path": "", + "scan_registry": false, + "scan_startup": false, + "type": "" + }, + "schedule_for_mac": false, + "schedule_for_windows": false + }, + "enabled": true, + "etag": "", + "id": "", + "name": "", + "rrule": "" + } + summary: Get schedule by id + operationId: Get_schedule_by_id + description: Get schedule by id. + parameters: + - in: path + name: id + description: Generated by shuffler.io OpenAPI + required: true + schema: + type: string + - in: path + name: account_id + description: Generated by shuffler.io OpenAPI + required: true + schema: + type: string + - in: header + name: authorization + multiline: false + description: Header generated by shuffler.io OpenAPI + required: false + example: undefined + schema: + type: string + requestBody: + content: {} + put: + responses: + default: + description: default + content: + text/plain: + schema: + type: string + example: |- + { + "command": "", + "command_data": { + "mac_scan_settings": { + "pup_detection": "", + "remove": false + }, + "scan_settings": { + "ark": false, + "fixed_drive": false, + "no_archive": false, + "pum_detection": "", + "pup_detection": "", + "remove": false, + "scan_memory": true, + "scan_path": "", + "scan_registry": false, + "scan_startup": false, + "type": "" + }, + "schedule_for_mac": false, + "schedule_for_windows": false + }, + "enabled": true, + "etag": "", + "id": "", + "name": "", + "rrule": "" + } + summary: Update schedule + operationId: Update_schedule + description: Update schedule. You must use "add groups for schedule" to update + group route. + parameters: + - in: path + name: id + description: Generated by shuffler.io OpenAPI + required: true + schema: + type: string + - in: path + name: account_id + description: Generated by shuffler.io OpenAPI + required: true + schema: + type: string + - in: body + name: body + multiline: true + description: Generated by shuffler.io OpenAPI + required: false + example: |- + { + "command": "", + "command_data": { + "mac_scan_settings": { + "pup_detection": "Detect", + "remove": false + }, + "scan_settings": { + "ark": false, + "fixed_drive": false, + "no_archive": false, + "pum_detection": "Detect", + "pup_detection": "Detect", + "remove": false, + "scan_memory": true, + "scan_path": "", + "scan_registry": false, + "scan_startup": false, + "type": "" + }, + "schedule_for_mac": false, + "schedule_for_windows": false + }, + "enabled": true, + "etag": "", + "name": "", + "rrule": "" + } + schema: + type: string + - in: header + name: authorization + multiline: false + description: Header generated by shuffler.io OpenAPI + required: false + example: undefined + schema: + type: string + requestBody: + description: Generated by Shuffler.io + required: false + content: + example: + example: |- + { + "command": "", + "command_data": { + "mac_scan_settings": { + "pup_detection": "Detect", + "remove": false + }, + "scan_settings": { + "ark": false, + "fixed_drive": false, + "no_archive": false, + "pum_detection": "Detect", + "pup_detection": "Detect", + "remove": false, + "scan_memory": true, + "scan_path": "", + "scan_registry": false, + "scan_startup": false, + "type": "" + }, + "schedule_for_mac": false, + "schedule_for_windows": false + }, + "enabled": true, + "etag": "", + "name": "", + "rrule": "" + } + "/oneview/v1/accounts/{account_id}/schedules/{id}/groups": + put: + responses: + default: + description: default + content: + text/plain: + schema: + type: string + example: |- + { + "command": "", + "command_data": { + "mac_scan_settings": { + "pup_detection": "", + "remove": false + }, + "scan_settings": { + "ark": false, + "fixed_drive": false, + "no_archive": false, + "pum_detection": "", + "pup_detection": "", + "remove": false, + "scan_memory": true, + "scan_path": "", + "scan_registry": false, + "scan_startup": false, + "type": "" + }, + "schedule_for_mac": false, + "schedule_for_windows": false + }, + "enabled": true, + "etag": "", + "id": "", + "name": "", + "rrule": "" + } + summary: Add groups for schedule + operationId: Add_groups_for_schedule + description: Add groups for schedule. + parameters: + - in: path + name: id + description: Generated by shuffler.io OpenAPI + required: true + schema: + type: string + - in: path + name: account_id + description: Generated by shuffler.io OpenAPI + required: true + schema: + type: string + - in: body + name: body + multiline: true + description: Generated by shuffler.io OpenAPI + required: false + example: "{}" + schema: + type: string + - in: header + name: authorization + multiline: false + description: Header generated by shuffler.io OpenAPI + required: false + example: undefined + schema: + type: string + requestBody: + description: Generated by Shuffler.io + required: false + content: + example: + example: "{}" + "/oneview/v1/accounts/{account_id}/usage/changelogs/{machine_id}": + post: + responses: + default: + description: default + content: + text/plain: + schema: + type: string + example: "" + summary: Get entitlement history for an endpoint + operationId: Get_entitlement_history_for_an_endpoint + description: Get entitlement history for an endpoint + parameters: + - in: path + name: account_id + description: Generated by shuffler.io OpenAPI + required: false + schema: + type: string + - in: path + name: machine_id + description: Generated by shuffler.io OpenAPI + required: false + schema: + type: string + - in: body + name: body + multiline: true + description: Generated by shuffler.io OpenAPI + required: false + example: |- + { + "end_date": "", + "start_date": "" + } + schema: + type: string + - in: header + name: authorization + multiline: false + description: Header generated by shuffler.io OpenAPI + required: false + example: undefined + schema: + type: string + requestBody: + description: Generated by Shuffler.io + required: false + content: + example: + example: |- + { + "end_date": "", + "start_date": "" + } + "/oneview/v1/accounts/{account_id}/webhooks/subscriptions": + get: + responses: + default: + description: default + content: + text/plain: + schema: + type: string + example: |- + { + "next_cursor": "", + "records": [ + { + "client_id": "", + "custom_headers": [ + { + "key": "", + "value": "" + } + ], + "description": "", + "enabled": false, + "id": "", + "max_retries": 0, + "secret_token": "", + "url": "" + } + ] + } + summary: Get all subscriptions + operationId: Get_all_subscriptions + description: Retrieve all webhook subscriptions of your account or your managed + accounts. + parameters: + - in: query + name: next_cursor + description: The pagination cursor for next set of results. For further + documentation, check Pagination section. + required: false + schema: + type: string + - in: path + name: account_id + description: Generated by shuffler.io OpenAPI + required: true + schema: + type: string + - in: header + name: authorization + multiline: false + description: Header generated by shuffler.io OpenAPI + required: false + example: undefined + schema: + type: string + requestBody: + content: {} + post: + responses: + default: + description: default + content: + text/plain: + schema: + type: string + example: |- + { + "client_id": "", + "custom_headers": [ + { + "key": "", + "value": "" + } + ], + "description": "", + "enabled": false, + "id": "", + "max_retries": 10, + "secret_token": "", + "url": "" + } + summary: Create subscription + operationId: Create_subscription + description: Use this api endpoint to create a webhook subscription for a given + account. This allows you to receive security events for the provided + account. + parameters: + - in: path + name: account_id + description: Generated by shuffler.io OpenAPI + required: true + schema: + type: string + - in: body + name: body + multiline: true + description: Generated by shuffler.io OpenAPI + required: false + example: |- + { + "custom_headers": [ + { + "key": "", + "value": "" + } + ], + "description": "", + "enabled": false, + "max_retries": 10, + "secret_token": "", + "url": "" + } + schema: + type: string + - in: header + name: authorization + multiline: false + description: Header generated by shuffler.io OpenAPI + required: false + example: undefined + schema: + type: string + requestBody: + description: Generated by Shuffler.io + required: false + content: + example: + example: |- + { + "custom_headers": [ + { + "key": "", + "value": "" + } + ], + "description": "", + "enabled": false, + "max_retries": 10, + "secret_token": "", + "url": "" + } + "/oneview/v1/accounts/{account_id}/webhooks/subscriptions/{id}": + delete: + responses: + default: + description: default + content: + text/plain: + schema: + type: string + example: "" + summary: Delete subscription + operationId: Delete_subscription + description: Delete a webhook subscription if you want to stop receiving + notifications. If you want to temporarily disable notifications, update + the subscription by setting enable to false. + parameters: + - in: path + name: id + description: Generated by shuffler.io OpenAPI + required: true + schema: + type: string + - in: path + name: account_id + description: Generated by shuffler.io OpenAPI + required: true + schema: + type: string + - in: body + name: body + multiline: true + description: Generated by shuffler.io OpenAPI + required: false + example: "" + schema: + type: string + - in: header + name: authorization + multiline: false + description: Header generated by shuffler.io OpenAPI + required: false + example: undefined + schema: + type: string + requestBody: + description: Generated by Shuffler.io + required: false + content: + example: + example: "" + get: + responses: + default: + description: default + content: + text/plain: + schema: + type: string + example: |- + { + "client_id": "", + "custom_headers": [ + { + "key": "", + "value": "" + } + ], + "description": "", + "enabled": false, + "id": "", + "max_retries": 10, + "secret_token": "", + "url": "" + } + summary: Get a subscription + operationId: Get_a_subscription + description: Retrieve a subscription by its unique identifier. + parameters: + - in: path + name: id + description: Generated by shuffler.io OpenAPI + required: true + schema: + type: string + - in: path + name: account_id + description: Generated by shuffler.io OpenAPI + required: true + schema: + type: string + - in: header + name: authorization + multiline: false + description: Header generated by shuffler.io OpenAPI + required: false + example: undefined + schema: + type: string + requestBody: + content: {} + put: + responses: + default: + description: default + content: + text/plain: + schema: + type: string + example: |- + { + "client_id": "", + "custom_headers": [ + { + "key": "", + "value": "" + } + ], + "description": "", + "enabled": false, + "id": "", + "max_retries": 10, + "secret_token": "", + "url": "" + } + summary: Update a subscription + operationId: Update_a_subscription + description: Update a subscription by its unique identifier. + parameters: + - in: path + name: id + description: Generated by shuffler.io OpenAPI + required: true + schema: + type: string + - in: path + name: account_id + description: Generated by shuffler.io OpenAPI + required: true + schema: + type: string + - in: body + name: body + multiline: true + description: Generated by shuffler.io OpenAPI + required: false + example: |- + { + "custom_headers": [ + { + "key": "", + "value": "" + } + ], + "description": "", + "enabled": false, + "max_retries": 10, + "secret_token": "", + "url": "" + } + schema: + type: string + - in: header + name: authorization + multiline: false + description: Header generated by shuffler.io OpenAPI + required: false + example: undefined + schema: + type: string + requestBody: + description: Generated by Shuffler.io + required: false + content: + example: + example: |- + { + "custom_headers": [ + { + "key": "", + "value": "" + } + ], + "description": "", + "enabled": false, + "max_retries": 10, + "secret_token": "", + "url": "" + } + /oneview/v1/cve: + post: + responses: + default: + description: default + content: + text/plain: + schema: + type: string + example: |- + { + "next_cursor": "", + "results": [ + { + "account_id": "", + "alias": "", + "cisa_exploitable": false, + "created_at": "", + "cve_id": "", + "cvss20_score": 0, + "cvss30_score": 0, + "description": "", + "display_installed_version": "", + "display_product": "", + "display_vendor": "", + "fully_qualified_host_name": "", + "group_id": "", + "host_name": "", + "installation_date": "", + "installed_version": "", + "machine_id": "", + "normalized_installed_version": "", + "normalized_product": "", + "normalized_vendor": "", + "parent_account_id": "", + "product": "", + "published_at": "", + "root_group_id": "", + "severity": "", + "severity_score": 0, + "vendor": "" + } + ], + "total_count": 0 + } + summary: Search CVE + operationId: Search_CVE + description: Search CVE across all your managed accounts. The search will be + scoped to the account_ids you specify in the request body. + parameters: + - in: body + name: body + multiline: true + description: Generated by shuffler.io OpenAPI + required: false + example: |- + { + "aggregate_by_account": false + } + schema: + type: string + - in: header + name: authorization + multiline: false + description: Header generated by shuffler.io OpenAPI + required: false + example: undefined + schema: + type: string + requestBody: + description: Generated by Shuffler.io + required: false + content: + example: + example: |- + { + "aggregate_by_account": false + } + /oneview/v1/cve/export: + post: + responses: + default: + description: default + content: + text/plain: + schema: + type: string + example: "" + summary: Export CVE + operationId: Export_CVE + description: >+ + Export CVE data. You can export across multiple accounts. Specify your + interested fields and the output format. + + + Supported output formats: csv, xlsx, json. + + + ## Settings + + + | Name | Description | + + |------|-------------| + + | groups | List of queries. The constraints accepted are the same accepted by the search assets software route. Refer to [Search CVE API](#operation/api.v2.rmm.search.cve) for more information about the constraints accepted. | + + | download | If set to true, the server will set the `Content-Disposition` header using the `filename` and `format` | + + | select | Which fields to select, and which field name to map to. See request schema for allowed values | + + | type | Output encoding (for `csv` and `json` format) | + + | filename | Name of the file to be set in `Content-Disposition` header if `download` = true | + + + ## Examples + + + ### Download HTML file + + + A request with this body sent by a browser will download a file called `nameofthefile.html`, displaying a table with columns: `Path`, `Name`, `Machine ID`, `Machine Name` for all detections on `windows` endpoints within account id `1e14cd0a-2ef3-4db3-b8a4-c89894d9aa34`: + + + ```json + { + "groups": [{ + "account_id": "1e14cd0a-2ef3-4db3-b8a4-c89894d9aa34", + "severity": "critical" + }], + "format": "html", + "type": "string", + "filename": "nameofthefile", + "download": true, + "select": [ + {"field": "account_id", "newField": "account_id"}, + {"field": "group_id", "newField": "groupId"}, + {"field": "vendor", "newField": "vendor"}, + {"field": "product", "newField": "product"}, + {"field": "installation_date", "newField": "installationDate"}, + {"field": "created_at", "newField": "createdAt"} + ] + } + ``` + + parameters: + - in: body + name: body + multiline: true + description: Generated by shuffler.io OpenAPI + required: false + example: "{}" + schema: + type: string + - in: header + name: authorization + multiline: false + description: Header generated by shuffler.io OpenAPI + required: false + example: undefined + schema: + type: string + requestBody: + description: Generated by Shuffler.io + required: false + content: + example: + example: "{}" + /oneview/v1/cve/search-groupby: + post: + responses: + default: + description: default + content: + text/plain: + schema: + type: string + example: |- + { + "next_cursor": "", + "results": [ + { + "account_id": "", + "account_name": "", + "fully_qualified_host_name": "", + "group_name": "", + "host_name": "", + "total": 0, + "value": "" + } + ] + } + summary: Search CVE groupBy + operationId: Search_CVE_groupBy + description: Search CVE grouped by a specific field across all your managed account. + parameters: + - in: body + name: body + multiline: true + description: Generated by shuffler.io OpenAPI + required: false + example: "" + schema: + type: string + - in: header + name: authorization + multiline: false + description: Header generated by shuffler.io OpenAPI + required: false + example: undefined + schema: + type: string + requestBody: + description: Generated by Shuffler.io + required: false + content: + example: + example: "" + "/oneview/v1/cve/{id}": + get: + responses: + default: + description: default + content: + text/plain: + schema: + type: string + example: |- + { + "cve": "", + "cvss_2_0": { + "access_complexity": "", + "access_vector": "", + "authentication": "", + "availability_impact": "", + "confidentiality_impact": "", + "exploitability_score": "", + "impact_score": "", + "integrity_impact": "", + "score": "", + "source": "" + }, + "cvss_3_0": { + "attack_complexity": "", + "attack_vector": "", + "availability_impact": "", + "base_score": "", + "base_severity": "", + "confidentiality_impact": "", + "exploitability_score": "", + "impact_score": "", + "integrity_impact": "", + "opswat_temporal_score": { + "cve_last_modified_epoch": 0, + "exploitability": "", + "generated_on_epoch": 0, + "remediation_level": "", + "report_confidence": "", + "temporal_score": "" + }, + "privileges_required": "", + "revision": "", + "scope": "", + "user_interaction": "", + "vector_string": "" + }, + "cwe": "", + "description": "", + "is_cisa_exploitable": true, + "last_modified_epoch": 0, + "published_epoch": 0, + "severity": "", + "severity_index": 0 + } + summary: Get CVE details by id + operationId: Get_CVE_details_by_id + description: Get CVE details by id + parameters: + - in: path + name: id + description: Generated by shuffler.io OpenAPI + required: false + schema: + type: string + - in: header + name: authorization + multiline: false + description: Header generated by shuffler.io OpenAPI + required: false + example: undefined + schema: + type: string + requestBody: + content: {} + /oneview/v1/detections: + post: + responses: + default: + description: default + content: + text/plain: + schema: + type: string + example: |- + { + "detections": [ + { + "account_id": "", + "affected_application": "", + "category": "", + "child_trace_count": 0, + "cleaned_at": "", + "detection_id": "", + "device_control": { + "block_status": "", + "device_id": "", + "disk_interface": "", + "drive_compressed": false, + "file_system": "", + "manufacturer": "", + "physical_disk_name": "", + "pnp_device_id": "", + "scanned_at": "", + "serial_number": "", + "timestamp": "", + "volume_device_path": "", + "volume_name": "", + "volume_serial": "" + }, + "group_id": "", + "id": "", + "is_root_detection": false, + "is_rtp_stream_event": false, + "last_user": "", + "machine_id": "", + "machine_ip": "", + "machine_name": "", + "md5": "", + "path": "", + "process_name": "", + "reported_at": "", + "rid_details": { + "attack_user": "", + "attempts": 0, + "create_time": "", + "deleted": false, + "document_id": "", + "duration": 0, + "expire_time": "", + "ip": "", + "port": 0, + "protocol": "", + "rule_id": "", + "version": 0 + }, + "scan_id": "", + "scan_result": { + "account_id": "", + "deleted_count": 0, + "device": { + "block_status": "", + "device_id": "", + "disk_interface": "", + "drive_compressed": false, + "file_system": "", + "manufacturer": "", + "physical_disk_name": "", + "pnp_device_id": "", + "scanned_at": "", + "serial_number": "", + "timestamp": "", + "volume_device_path": "", + "volume_name": "", + "volume_serial": "" + }, + "found_count": 0, + "job_id": "", + "machine_id": "", + "quarantined_count": 0, + "reported_at": "", + "scan_id": "", + "scan_type": "", + "schedule_etag": "", + "schedule_id": "", + "started_at": "", + "started_at_offset_seconds": 0 + }, + "scanned_at": "", + "scanned_at_offset_seconds": 0, + "sha256": "", + "status": "", + "threat_name": "", + "trace_id": "" + } + ], + "next_cursor": "", + "total_count": 0 + } + summary: Search detections across accounts + operationId: Search_detections_across_accounts + description: Search detections across all your managed account. The search will + be scoped to the account_ids you specify in the request body. + parameters: + - in: body + name: body + multiline: true + description: Generated by shuffler.io OpenAPI + required: false + example: |- + { + "affected_application": "", + "affected_application.keyword": "", + "aggregate_by_account": false, + "at_after": "", + "at_before": "", + "category": "", + "cleaned_at_after": "", + "cleaned_at_before": "", + "correlation_hash": "", + "detection_id": "", + "device_control.physical_disk_name": "", + "device_control.physical_disk_name.keyword": "", + "domain_name": "", + "domain_name.keyword": "", + "end_date": "", + "engine_version": "", + "engine_version.keyword": "", + "fully_qualified_host_name": "", + "fully_qualified_host_name.keyword": "", + "group_id": "", + "host_name": "", + "host_name.keyword": "", + "is_root_detection": false, + "is_rtp_stream_event": false, + "job_id": "", + "last_user": "", + "last_user.keyword": "", + "machine_id": "", + "machine_name": "", + "machine_name.keyword": "", + "md5": "", + "next_cursor": "", + "nics.description": "", + "nics.ips": "", + "nics.mac_address": "", + "not.category": "", + "not.device_control.physical_disk_name": "", + "not.device_control.physical_disk_name.keyword": "", + "not.type": "", + "object_guid": "", + "os_info.os_architecture": "", + "os_info.os_platform": "", + "os_info.os_release_name": "", + "os_info.os_type": "", + "os_info.os_version": "", + "page_size": 2000, + "parent_detection_id": "", + "path": "", + "path.keyword": "", + "plugins.asset_manager.plugin_version": "", + "plugins.asset_manager.reboot_reason": "", + "plugins.endpoint_detection_and_response.plugin_version": "", + "plugins.endpoint_detection_and_response.reboot_reason": "", + "plugins.endpoint_protection.component_package_version": "", + "plugins.endpoint_protection.plugin_version": "", + "plugins.endpoint_protection.reboot_reason": "", + "plugins.endpoint_protection.sdk_version": "", + "plugins.endpoint_protection.update_package_version": "", + "plugins.incident_response.plugin_version": "", + "plugins.incident_response.reboot_reason": "", + "plugins.siem.plugin_version": "", + "plugins.siem.reboot_reason": "", + "populate": { + "endpoint": false, + "group": false, + "scan_result": false + }, + "process_name": "", + "process_name.keyword": "", + "protection_status": "", + "reported_at_after": "", + "reported_at_before": "", + "scan_id": "", + "scan_type": "", + "scanned_at_after": "", + "scanned_at_before": "", + "schedule_etag": "", + "schedule_id": "", + "sha256": "", + "sort_field": "trace_id", + "sort_order": "asc", + "start_date": "", + "status": "", + "threat_name": "", + "threat_name.keyword": "", + "trace_id": "", + "type": "" + } + schema: + type: string + - in: header + name: authorization + multiline: false + description: Header generated by shuffler.io OpenAPI + required: false + example: undefined + schema: + type: string + requestBody: + description: Generated by Shuffler.io + required: false + content: + example: + example: |- + { + "affected_application": "", + "affected_application.keyword": "", + "aggregate_by_account": false, + "at_after": "", + "at_before": "", + "category": "", + "cleaned_at_after": "", + "cleaned_at_before": "", + "correlation_hash": "", + "detection_id": "", + "device_control.physical_disk_name": "", + "device_control.physical_disk_name.keyword": "", + "domain_name": "", + "domain_name.keyword": "", + "end_date": "", + "engine_version": "", + "engine_version.keyword": "", + "fully_qualified_host_name": "", + "fully_qualified_host_name.keyword": "", + "group_id": "", + "host_name": "", + "host_name.keyword": "", + "is_root_detection": false, + "is_rtp_stream_event": false, + "job_id": "", + "last_user": "", + "last_user.keyword": "", + "machine_id": "", + "machine_name": "", + "machine_name.keyword": "", + "md5": "", + "next_cursor": "", + "nics.description": "", + "nics.ips": "", + "nics.mac_address": "", + "not.category": "", + "not.device_control.physical_disk_name": "", + "not.device_control.physical_disk_name.keyword": "", + "not.type": "", + "object_guid": "", + "os_info.os_architecture": "", + "os_info.os_platform": "", + "os_info.os_release_name": "", + "os_info.os_type": "", + "os_info.os_version": "", + "page_size": 2000, + "parent_detection_id": "", + "path": "", + "path.keyword": "", + "plugins.asset_manager.plugin_version": "", + "plugins.asset_manager.reboot_reason": "", + "plugins.endpoint_detection_and_response.plugin_version": "", + "plugins.endpoint_detection_and_response.reboot_reason": "", + "plugins.endpoint_protection.component_package_version": "", + "plugins.endpoint_protection.plugin_version": "", + "plugins.endpoint_protection.reboot_reason": "", + "plugins.endpoint_protection.sdk_version": "", + "plugins.endpoint_protection.update_package_version": "", + "plugins.incident_response.plugin_version": "", + "plugins.incident_response.reboot_reason": "", + "plugins.siem.plugin_version": "", + "plugins.siem.reboot_reason": "", + "populate": { + "endpoint": false, + "group": false, + "scan_result": false + }, + "process_name": "", + "process_name.keyword": "", + "protection_status": "", + "reported_at_after": "", + "reported_at_before": "", + "scan_id": "", + "scan_type": "", + "scanned_at_after": "", + "scanned_at_before": "", + "schedule_etag": "", + "schedule_id": "", + "sha256": "", + "sort_field": "trace_id", + "sort_order": "asc", + "start_date": "", + "status": "", + "threat_name": "", + "threat_name.keyword": "", + "trace_id": "", + "type": "" + } + /oneview/v1/detections/export: + post: + responses: + default: + description: default + content: + text/plain: + schema: + type: string + example: "" + summary: Export detections + operationId: Export_detections + description: >+ + Export detections data. You can export across multiple accounts. Specify + your interested fields and the output format. + + + Supported output formats: csv, xlsx, json. + + + ## Settings + + + | Name | Description | + + |------|-------------| + + | groups | List of queries. The constraints accepted are the same accepted by the search detections route. Refer to [Search detections API](#operation/api.v2.rmm.search.detections) for more information about the constraints accepted. | + + | download | If set to true, the server will set the `Content-Disposition` header using the `filename` and `format` | + + | select | Which fields to select, and which field name to map to. See request schema for allowed values | + + | type | Output encoding (for `csv` and `json` format) | + + | filename | Name of the file to be set in `Content-Disposition` header if `download` = true | + + + ## Examples + + + ### Download HTML file + + + A request with this body sent by a browser will download a file called `nameofthefile.html`, displaying a table with columns: `Path`, `Name`, `Machine ID`, `Machine Name` for all detections on `windows` endpoints within account id `1e14cd0a-2ef3-4db3-b8a4-c89894d9aa34`: + + + ```json + { + "groups": [{ + "account_ids": ["1e14cd0a-2ef3-4db3-b8a4-c89894d9aa34"], + "os_info.os_platform": "windows" + }], + "format": "html", + "type": "string", + "filename": "nameofthefile", + "download": true, + "select": [{ + "field": "path", + "newField": "Path" + },{ + "field": "threat_name", + "newField": "Name" + }, { + "field": "machine_id", + "newField": "Machine ID" + }, { + "field": "machine_name", + "newField": "Machine Name" + }] + } + ``` + + + ### Download xlsx file + + + A request with this body sent by a browser will download a file called `report.html`, displaying a table with columns: `Path`, `Name`, `Machine ID`, `Machine Name` for all `windows` endpoints within account id `1e14cd0a-2ef3-4db3-b8a4-c89894d9aa34` and the endpoint with id `211a4cfc-557e-4ba7-a96f-70685a07c29e`: + + + ```json + { + "groups": [{ + "account_ids": ["1e14cd0a-2ef3-4db3-b8a4-c89894d9aa34"], + "os_info.os_platform": "windows" + }], + "populate": { "account": true, "last_job": true }, + "format": "xlsx", + "type": "base64", + "filename": "report", + "download": true, + "select": [{ + "field": "path", + "newField": "Path" + },{ + "field": "threat_name", + "newField": "Name" + }, { + "field": "machine_id", + "newField": "Machine ID" + }, { + "field": "machine_name", + "newField": "Machine Name" + }] + } + ``` + + + parameters: + - in: body + name: body + multiline: true + description: Generated by shuffler.io OpenAPI + required: false + example: |- + { + "download": false, + "format": "csv", + "groups": [ + {} + ], + "select": [ + { + "field": "type", + "newField": "" + } + ], + "type": "string" + } + schema: + type: string + - in: header + name: authorization + multiline: false + description: Header generated by shuffler.io OpenAPI + required: false + example: undefined + schema: + type: string + requestBody: + description: Generated by Shuffler.io + required: false + content: + example: + example: |- + { + "download": false, + "format": "csv", + "groups": [ + {} + ], + "select": [ + { + "field": "type", + "newField": "" + } + ], + "type": "string" + } + /oneview/v1/devicecontrol: + post: + responses: + default: + description: default + content: + text/plain: + schema: + type: string + example: |- + { + "detections": [ + { + "account_id": "", + "affected_application": "", + "category": "", + "child_trace_count": 0, + "cleaned_at": "", + "detection_id": "", + "device_control": { + "block_status": "", + "device_id": "", + "disk_interface": "", + "drive_compressed": false, + "file_system": "", + "manufacturer": "", + "path": "", + "physical_disk_name": "", + "serial_number": "", + "status": "", + "timestamp": "", + "volume_device_path": "", + "volume_name": "", + "volume_serial": "" + }, + "group_id": "", + "id": "", + "is_root_detection": false, + "is_rtp_stream_event": false, + "last_user": "", + "machine_id": "", + "machine_ip": "", + "machine_name": "", + "md5": "", + "path": "", + "process_name": "", + "reported_at": "", + "scan_id": "", + "scanned_at": "", + "scanned_at_offset_seconds": 0, + "sha256": "", + "status": "", + "threat_name": "", + "trace_id": "" + } + ], + "next_cursor": "", + "total_count": 0 + } + summary: Search device control events across accounts + operationId: Search_device_control_events_across_accounts + description: Search device control events across all your managed account. The + search will be scoped to the account_ids you specify in the request + body. + parameters: + - in: body + name: body + multiline: true + description: Generated by shuffler.io OpenAPI + required: false + example: |- + { + "affected_application": "", + "affected_application.keyword": "", + "aggregate_by_account": false, + "at_after": "", + "at_before": "", + "category": "", + "cleaned_at_after": "", + "cleaned_at_before": "", + "correlation_hash": "", + "detection_id": "", + "device_control.block_status": "", + "device_control.block_status.keyword": "", + "device_control.device_id": "", + "device_control.device_id.keyword": "", + "device_control.disk_interface": "", + "device_control.disk_interface.keyword": "", + "device_control.drive_compressed": false, + "device_control.file_system": "", + "device_control.file_system.keyword": "", + "device_control.manufacturer": "", + "device_control.manufacturer.keyword": "", + "device_control.physical_disk_name": "", + "device_control.physical_disk_name.keyword": "", + "device_control.pnp_device_id": "", + "device_control.pnp_device_id.keyword": "", + "device_control.serial_number": "", + "device_control.serial_number.keyword": "", + "device_control.timestamp_after": "", + "device_control.timestamp_before": "", + "device_control.volume_device_path": "", + "device_control.volume_device_path.keyword": "", + "device_control.volume_name": "", + "device_control.volume_name.keyword": "", + "device_control.volume_serial": "", + "device_control.volume_serial.keyword": "", + "domain_name": "", + "domain_name.keyword": "", + "end_date": "", + "engine_version": "", + "engine_version.keyword": "", + "fully_qualified_host_name": "", + "fully_qualified_host_name.keyword": "", + "group_id": "", + "host_name": "", + "host_name.keyword": "", + "is_root_detection": false, + "is_rtp_stream_event": false, + "job_id": "", + "last_user": "", + "last_user.keyword": "", + "machine_id": "", + "machine_name": "", + "machine_name.keyword": "", + "md5": "", + "next_cursor": "", + "nics.description": "", + "nics.ips": "", + "nics.mac_address": "", + "not.device_control.block_status": "", + "not.device_control.block_status.keyword": "", + "not.device_control.device_id": "", + "not.device_control.device_id.keyword": "", + "not.device_control.disk_interface": "", + "not.device_control.disk_interface.keyword": "", + "not.device_control.file_system": "", + "not.device_control.file_system.keyword": "", + "not.device_control.manufacturer": "", + "not.device_control.manufacturer.keyword": "", + "not.device_control.physical_disk_name": "", + "not.device_control.physical_disk_name.keyword": "", + "not.device_control.pnp_device_id": "", + "not.device_control.pnp_device_id.keyword": "", + "not.device_control.serial_number": "", + "not.device_control.serial_number.keyword": "", + "not.device_control.volume_device_path": "", + "not.device_control.volume_device_path.keyword": "", + "not.device_control.volume_name": "", + "not.device_control.volume_name.keyword": "", + "not.device_control.volume_serial": "", + "not.device_control.volume_serial.keyword": "", + "object_guid": "", + "os_info.os_architecture": "", + "os_info.os_platform": "", + "os_info.os_release_name": "", + "os_info.os_type": "", + "os_info.os_version": "", + "page_size": 2000, + "parent_detection_id": "", + "path": "", + "path.keyword": "", + "plugins.asset_manager.plugin_version": "", + "plugins.asset_manager.reboot_reason": "", + "plugins.endpoint_detection_and_response.plugin_version": "", + "plugins.endpoint_detection_and_response.reboot_reason": "", + "plugins.endpoint_protection.component_package_version": "", + "plugins.endpoint_protection.plugin_version": "", + "plugins.endpoint_protection.reboot_reason": "", + "plugins.endpoint_protection.sdk_version": "", + "plugins.endpoint_protection.update_package_version": "", + "plugins.incident_response.plugin_version": "", + "plugins.incident_response.reboot_reason": "", + "plugins.siem.plugin_version": "", + "plugins.siem.reboot_reason": "", + "populate": { + "endpoint": false, + "group": false, + "scan_result": false + }, + "process_name": "", + "process_name.keyword": "", + "protection_status": "", + "reported_at_after": "", + "reported_at_before": "", + "scan_id": "", + "scan_type": "", + "scanned_at_after": "", + "scanned_at_before": "", + "schedule_etag": "", + "schedule_id": "", + "sha256": "", + "sort_field": "trace_id", + "sort_order": "asc", + "start_date": "", + "status": "", + "threat_name": "", + "threat_name.keyword": "", + "trace_id": "", + "type": "" + } + schema: + type: string + - in: header + name: authorization + multiline: false + description: Header generated by shuffler.io OpenAPI + required: false + example: undefined + schema: + type: string + requestBody: + description: Generated by Shuffler.io + required: false + content: + example: + example: |- + { + "affected_application": "", + "affected_application.keyword": "", + "aggregate_by_account": false, + "at_after": "", + "at_before": "", + "category": "", + "cleaned_at_after": "", + "cleaned_at_before": "", + "correlation_hash": "", + "detection_id": "", + "device_control.block_status": "", + "device_control.block_status.keyword": "", + "device_control.device_id": "", + "device_control.device_id.keyword": "", + "device_control.disk_interface": "", + "device_control.disk_interface.keyword": "", + "device_control.drive_compressed": false, + "device_control.file_system": "", + "device_control.file_system.keyword": "", + "device_control.manufacturer": "", + "device_control.manufacturer.keyword": "", + "device_control.physical_disk_name": "", + "device_control.physical_disk_name.keyword": "", + "device_control.pnp_device_id": "", + "device_control.pnp_device_id.keyword": "", + "device_control.serial_number": "", + "device_control.serial_number.keyword": "", + "device_control.timestamp_after": "", + "device_control.timestamp_before": "", + "device_control.volume_device_path": "", + "device_control.volume_device_path.keyword": "", + "device_control.volume_name": "", + "device_control.volume_name.keyword": "", + "device_control.volume_serial": "", + "device_control.volume_serial.keyword": "", + "domain_name": "", + "domain_name.keyword": "", + "end_date": "", + "engine_version": "", + "engine_version.keyword": "", + "fully_qualified_host_name": "", + "fully_qualified_host_name.keyword": "", + "group_id": "", + "host_name": "", + "host_name.keyword": "", + "is_root_detection": false, + "is_rtp_stream_event": false, + "job_id": "", + "last_user": "", + "last_user.keyword": "", + "machine_id": "", + "machine_name": "", + "machine_name.keyword": "", + "md5": "", + "next_cursor": "", + "nics.description": "", + "nics.ips": "", + "nics.mac_address": "", + "not.device_control.block_status": "", + "not.device_control.block_status.keyword": "", + "not.device_control.device_id": "", + "not.device_control.device_id.keyword": "", + "not.device_control.disk_interface": "", + "not.device_control.disk_interface.keyword": "", + "not.device_control.file_system": "", + "not.device_control.file_system.keyword": "", + "not.device_control.manufacturer": "", + "not.device_control.manufacturer.keyword": "", + "not.device_control.physical_disk_name": "", + "not.device_control.physical_disk_name.keyword": "", + "not.device_control.pnp_device_id": "", + "not.device_control.pnp_device_id.keyword": "", + "not.device_control.serial_number": "", + "not.device_control.serial_number.keyword": "", + "not.device_control.volume_device_path": "", + "not.device_control.volume_device_path.keyword": "", + "not.device_control.volume_name": "", + "not.device_control.volume_name.keyword": "", + "not.device_control.volume_serial": "", + "not.device_control.volume_serial.keyword": "", + "object_guid": "", + "os_info.os_architecture": "", + "os_info.os_platform": "", + "os_info.os_release_name": "", + "os_info.os_type": "", + "os_info.os_version": "", + "page_size": 2000, + "parent_detection_id": "", + "path": "", + "path.keyword": "", + "plugins.asset_manager.plugin_version": "", + "plugins.asset_manager.reboot_reason": "", + "plugins.endpoint_detection_and_response.plugin_version": "", + "plugins.endpoint_detection_and_response.reboot_reason": "", + "plugins.endpoint_protection.component_package_version": "", + "plugins.endpoint_protection.plugin_version": "", + "plugins.endpoint_protection.reboot_reason": "", + "plugins.endpoint_protection.sdk_version": "", + "plugins.endpoint_protection.update_package_version": "", + "plugins.incident_response.plugin_version": "", + "plugins.incident_response.reboot_reason": "", + "plugins.siem.plugin_version": "", + "plugins.siem.reboot_reason": "", + "populate": { + "endpoint": false, + "group": false, + "scan_result": false + }, + "process_name": "", + "process_name.keyword": "", + "protection_status": "", + "reported_at_after": "", + "reported_at_before": "", + "scan_id": "", + "scan_type": "", + "scanned_at_after": "", + "scanned_at_before": "", + "schedule_etag": "", + "schedule_id": "", + "sha256": "", + "sort_field": "trace_id", + "sort_order": "asc", + "start_date": "", + "status": "", + "threat_name": "", + "threat_name.keyword": "", + "trace_id": "", + "type": "" + } + /oneview/v1/devicecontrol/export: + post: + responses: + default: + description: default + content: + text/plain: + schema: + type: string + example: "" + summary: Export device control events + operationId: Export_device_control_events + description: >+ + Export Device Control events. You can export across multiple accounts. + Specify your interested fields and the output format. + + + Supported output formats: csv, xlsx, json. + + + ## Settings + + + | Name | Description | + + |------|-------------| + + | groups | List of queries. The constraints accepted are the same accepted by the search device control event route. Refer to [Search Device Control Events API](#operation/api.v2.rmm.search.devicecontrol) for more information about the constraints accepted. | + + | download | If set to true, the server will set the `Content-Disposition` header using the `filename` and `format` | + + | select | Which fields to select, and which field name to map to. See request schema for allowed values | + + | type | Output encoding (for `csv` and `json` format) | + + | filename | Name of the file to be set in `Content-Disposition` header if `download` = true | + + + ## Examples + + + ### Download CSV file + + + A request with this body sent by a browser will download a file called `nameofthefile.csv`, displaying a table with columns: `Date`, `Action Taken`, `Device`, `Machine Name` for all events with `Blocked` status, starting from `2022/02/01` within account id `1e14cd0a-2ef3-4db3-b8a4-c89894d9aa34`: + + + ```json + { + "download":true, + "format":"csv", + "groups":[ + { + "status":"blocked", + "account_ids":[ + "1e14cd0a-2ef3-4db3-b8a4-c89894d9aa34" + ], + "start_date":"2022-02-01T00:00:00-00:00" + } + ], + "populate":{ + "account":true, + "endpoint":true, + "group":true + }, + "select":[ + { + "field":"scanned_at", + "newField":"Date" + }, + { + "field":"status", + "newField":"Action taken" + }, + { + "field":"device_control.physical_disk_name", + "newField":"Device" + }, + { + "field":"machine_name", + "newField":"Endpoint" + } + ], + "type":"string" + } + + ``` + + + parameters: + - in: body + name: body + multiline: true + description: Generated by shuffler.io OpenAPI + required: false + example: |- + { + "download": false, + "format": "csv", + "groups": [ + {} + ], + "select": [ + { + "field": "type", + "newField": "" + } + ], + "type": "string" + } + schema: + type: string + - in: header + name: authorization + multiline: false + description: Header generated by shuffler.io OpenAPI + required: false + example: undefined + schema: + type: string + requestBody: + description: Generated by Shuffler.io + required: false + content: + example: + example: |- + { + "download": false, + "format": "csv", + "groups": [ + {} + ], + "select": [ + { + "field": "type", + "newField": "" + } + ], + "type": "string" + } + /oneview/v1/devicecontrol/search-groupby: + post: + responses: + default: + description: default + content: + text/plain: + schema: + type: string + example: |- + { + "next_cursor": "", + "results": [ + { + "account_name": "", + "name": "", + "total": 0, + "value": "" + } + ] + } + summary: Group device control events across accounts + operationId: Group_device_control_events_across_accounts + description: Group device control events across all your managed account. The + search will be scoped to the account_ids you specify in the request + body. + parameters: + - in: body + name: body + multiline: true + description: Generated by shuffler.io OpenAPI + required: false + example: |- + { + "group_by": "account_id", + "next_cursor": "", + "page_size": 2000 + } + schema: + type: string + - in: header + name: authorization + multiline: false + description: Header generated by shuffler.io OpenAPI + required: false + example: undefined + schema: + type: string + requestBody: + description: Generated by Shuffler.io + required: false + content: + example: + example: |- + { + "group_by": "account_id", + "next_cursor": "", + "page_size": 2000 + } + /oneview/v1/dns: + post: + responses: + default: + description: default + content: + text/plain: + schema: + type: string + example: |- + { + "next_cursor": "", + "results": [ + { + "@timestamp": "", + "account_id": "", + "action": "", + "group_id": "", + "group_name": "", + "id": "", + "machine_id": "", + "parent_account_id": "", + "policy_id": "", + "policy_name": "", + "rule_id": "", + "rule_name": "" + } + ], + "total_count": 0 + } + summary: Search DNS Logs + operationId: Search_DNS_Logs + description: Search DNS Logs across all your managed accounts. The search will + be scoped to the account_ids you specify in the request body. + parameters: + - in: body + name: body + multiline: true + description: Generated by shuffler.io OpenAPI + required: false + example: "" + schema: + type: string + - in: header + name: authorization + multiline: false + description: Header generated by shuffler.io OpenAPI + required: false + example: undefined + schema: + type: string + requestBody: + description: Generated by Shuffler.io + required: false + content: + example: + example: "" + /oneview/v1/dns/export: + post: + responses: + default: + description: default + content: + text/plain: + schema: + type: string + example: "" + summary: Export OS Patches + operationId: Export_OS_Patches + description: > + Export DNS data. You can export across multiple accounts. Specify your + interested fields and the output format. + + + Supported output formats: csv, xlsx, json. + + + ## Settings + + + | Name | Description | + + |------|-------------| + + | groups | List of queries. The constraints accepted are the same accepted by the search assets software route. Refer to [Search DNS API](#operation/api.nebula.search.dns) for more information about the constraints accepted. | + + | download | If set to true, the server will set the `Content-Disposition` header using the `filename` and `format` | + + | select | Which fields to select, and which field name to map to. See request schema for allowed values | + + | type | Output encoding (for `csv` and `json` format) | + + | filename | Name of the file to be set in `Content-Disposition` header if `download` = true | + + + ## Examples + + + ### Download CSV file + + + A request with this body sent by a browser will download a file called `nameofthefile.cvs`, displaying a table with columns: `accountId`, `groupId`, `groupName`, `Domain`, `IP_address` for all the dns logs of machine_id `1514cd0a-2ef3-4db3-b8a4-c89894d9aa34`: + + + ```json + + { + "groups": [ + { "machine_id": "1514cd0a-2ef3-4db3-b8a4-c89894d9aa34" } + ], + "format": "csv", + "type": "string", + "filename": "nameofthefile", + "download": true, + "select": [ + {"field": "account_id", "newField": "accountId"}, + {"field": "group_id", "newField": "groupId"}, + {"field": "group_name", "newField": "groupName"}, + {"field": "log.query_name", "newField": "Domain"}, + {"field": "log.dst_ip", "newField": "IP_address"} + ] + } + + ``` + parameters: + - in: body + name: body + multiline: true + description: Generated by shuffler.io OpenAPI + required: false + example: "{}" + schema: + type: string + - in: header + name: authorization + multiline: false + description: Header generated by shuffler.io OpenAPI + required: false + example: undefined + schema: + type: string + requestBody: + description: Generated by Shuffler.io + required: false + content: + example: + example: "{}" + /oneview/v1/dns/search-groupby: + post: + responses: + default: + description: default + content: + text/plain: + schema: + type: string + example: |- + { + "next_cursor": "" + } + summary: Search DNS Logs groupBy + operationId: Search_DNS_Logs_groupBy + description: Search DNS Logs grouped by a specific field across all your managed + account. + parameters: + - in: body + name: body + multiline: true + description: Generated by shuffler.io OpenAPI + required: false + example: "" + schema: + type: string + - in: header + name: authorization + multiline: false + description: Header generated by shuffler.io OpenAPI + required: false + example: undefined + schema: + type: string + requestBody: + description: Generated by Shuffler.io + required: false + content: + example: + example: "" + /oneview/v1/endpoints: + delete: + responses: + default: + description: default + content: + text/plain: + schema: + type: string + example: |- + { + "errors": [ + { + "account_id": "", + "id": "" + } + ] + } + summary: Delete multiple machines across accounts + operationId: Delete_multiple_machines_across_accounts + description: > + Use this endpoint to mark machines as deleted. + + This API endpoint allows you to specify queries instead of explicitly specifying endpoint ids. See example for more details. + + + > **Be extremely cautious**: If you don't specify any constraint, all your machines will match the search and be deleted. For example, the following payload: + + ```json + "groups": [{ + "account_ids": ["", ""] + }] + ``` + + will select all the machines in the two accounts. Always test the result of your query using the [Search endpoints APIs](#operation/api.v2.rmm.post.endpoints) + + + + + If you want to mark all of your `Mac Os` endpoints as deleted across two of your manages sites, and on all your endpoints for a certain account with policy matching the string `serious policy`, do the following: + + + ```json + "groups": [{ + "account_ids": ["", ""], + "os_info.os_platform": "Mac Os" + }, { + "account_ids": [""], + "policy_name": "serious policy" + }] + ``` + + The constraints accepted are the same accepted by the search endpoints route. Refer to `POST -> /endpoints` for more information about the constraints accepted. + + + You can also send a mix of explicit endpoint ids and queries in the same request: + + ```json + "endpoints": [{ "id": "", "account_id": "" }], + "groups": [{ + "account_ids": ["", ""], + "os_info.os_platform": "Mac Os" + }, { + "account_ids": [""], + "policy_name": "serious policy" + }] + ``` + parameters: + - in: body + name: body + multiline: true + description: Generated by shuffler.io OpenAPI + required: false + example: |- + { + "endpoints": [ + { + "account_id": "", + "id": "" + } + ] + } + schema: + type: string + - in: header + name: authorization + multiline: false + description: Header generated by shuffler.io OpenAPI + required: false + example: undefined + schema: + type: string + requestBody: + description: Generated by Shuffler.io + required: false + content: + example: + example: |- + { + "endpoints": [ + { + "account_id": "", + "id": "" + } + ] + } + post: + responses: + default: + description: default + content: + text/plain: + schema: + type: string + example: |- + { + "after": "", + "endpoints": [ + { + "agent": { + "account_id": "", + "at": "", + "document_id": "", + "domain_name": "", + "engine_version": "", + "fully_qualified_host_name": "", + "group_id": "", + "has_alerts": false, + "host_name": "", + "is_software_update_available": false, + "last_user": "", + "machine_id": "", + "machine_ip": "", + "nics": [ + { + "description": "", + "mac_address": "" + } + ], + "object_guid": "", + "os_info": { + "os_architecture": "", + "os_platform": "", + "os_release_name": "", + "os_type": "", + "os_version": "" + }, + "plugins": { + "asset_manager": { + "alerts": {}, + "plugin_version": "", + "product_name": "" + }, + "endpoint_detection_and_response": { + "alerts": {}, + "plugin_version": "", + "product_name": "" + }, + "endpoint_protection": { + "alerts": {}, + "component_package_version": "", + "plugin_version": "", + "product_name": "", + "sdk_version": "", + "update_package_version": "" + }, + "incident_response": { + "alerts": {}, + "component_package_version": "", + "plugin_version": "", + "product_name": "", + "update_package_version": "" + } + }, + "policy_etag": "", + "serial_number": "", + "source_location": { + "accuracy_radius": 0, + "anonymous_proxy": false, + "city": "", + "continent": "", + "country": "", + "country_iso": "", + "postal_code": "", + "time_zone": "" + }, + "version": 0 + }, + "display_name": "", + "link": "", + "machine": { + "account_id": "", + "created_at": "", + "document_id": "", + "group_id": "", + "group_name": "", + "id": "", + "infection_count": 0, + "is_deleted": false, + "isolated": false, + "last_active": "", + "last_day_seen": "", + "last_scanned_at": "", + "online": false, + "policy_id": "", + "policy_name": "", + "reboot_required": 0, + "root_group_id": "", + "scan_age_days": 0, + "suspicious_activity_count": 0, + "version": 0 + }, + "machineVersion": 0, + "protection_status": "" + } + ], + "next_cursor": "", + "total_count": 0 + } + summary: Search endpoints across accounts + operationId: Search_endpoints_across_accounts + description: > + Search endpoints across all your managed accounts. The search will be + scoped to the account_ids you specify in the request body. Constraints + with the suffix `keyword` indicates an exact match. Constraints without + the `keyword` suffix will be tokenized. + + + ### Examples + + If you want to find endpoints belonging to the `Default group` (the search is case insensitive), use `group_name.keyword` as a constraint. + + ```json + + { + "account_ids": [""], + "group_name.keyword": "default group" + } + + ``` + + Alternatively, if you want to find endpoints which group includes `department_one OR department_two`, use `group_name` as a constraint. + + ```json + + { + "account_ids": [""], + "group_name": "department_one department_two department_three" + } + + ``` + parameters: + - in: body + name: body + multiline: true + description: Generated by shuffler.io OpenAPI + required: false + example: |- + { + "aggregate_by_account": false, + "alerts.codes": "", + "alias": "", + "at_after": "", + "at_before": "", + "created_at_after": "", + "created_at_before": "", + "deleted_at_after": "", + "deleted_at_before": "", + "domain_name": "", + "domain_name.keyword": "", + "engine_version": "", + "engine_version.keyword": "", + "engine_version_gt": "", + "engine_version_gte": "", + "engine_version_lt": "", + "engine_version_lte": "", + "fully_qualified_host_name": "", + "fully_qualified_host_name.keyword": "", + "group_id": "", + "group_name": "", + "group_name.keyword": "", + "has_alerts": false, + "host_name": "", + "host_name.keyword": "", + "infection_found": false, + "is_deleted": false, + "is_isolated": false, + "is_software_update_available": false, + "last_assets_scan_at_after": "", + "last_assets_scan_at_before": "", + "last_day_seen_after": "", + "last_day_seen_before": "", + "last_scan_after": "", + "last_scan_before": "", + "last_user": "", + "last_user.keyword": "", + "machine_ip": "", + "marked_for_deletion_after": "", + "marked_for_deletion_before": "", + "multi_sort": [ + { + "direction": "asc", + "field": "at", + "missing": "_first" + } + ], + "name_multi_search": "", + "next_cursor": "", + "nics.description": "", + "nics.ips": "", + "nics.mac_address": "", + "object_guid": "", + "os_info.os_architecture": "", + "os_info.os_platform": "", + "os_info.os_release_name": "", + "os_info.os_release_name.keyword": "", + "os_info.os_type": "", + "os_info.os_version": "", + "page_size": 2000, + "plugins.asset_manager.alerts.codes": "", + "plugins.asset_manager.plugin_version": "", + "plugins.asset_manager.reboot_reason": "", + "plugins.endpoint_detection_and_response.alerts.codes": "", + "plugins.endpoint_detection_and_response.plugin_version": "", + "plugins.endpoint_detection_and_response.reboot_reason": "", + "plugins.endpoint_protection.alerts.codes": "", + "plugins.endpoint_protection.component_package_version": "", + "plugins.endpoint_protection.plugin_version": "", + "plugins.endpoint_protection.reboot_reason": "", + "plugins.endpoint_protection.sdk_version": "", + "plugins.endpoint_protection.update_package_version": "", + "plugins.incident_response.alerts.codes": "", + "plugins.incident_response.plugin_version": "", + "plugins.incident_response.reboot_reason": "", + "plugins.siem.alerts.codes": "", + "plugins.siem.plugin_version": "", + "plugins.siem.reboot_reason": "", + "policy_etag": "", + "policy_id": "", + "policy_name": "", + "policy_name.keyword": "", + "populate": { + "account": false, + "last_job": false, + "platform": false + }, + "protection_status": "", + "reboot_required": false, + "serial_number": "", + "serial_number.keyword": "", + "sort_field": "at", + "sort_order": "asc", + "source_location.city": "", + "source_location.continent": "", + "source_location.country": "", + "source_location.country_iso": "", + "source_location.is_anonymous_proxy": false, + "source_location.postal_code": "", + "source_location.subdivisions": "", + "source_location.time_zone": "", + "suspicious_activity_found": false, + "vulnerabilities_found_total_gt": 0, + "vulnerabilities_found_total_gte": 0, + "vulnerabilities_found_total_lt": 0, + "vulnerabilities_found_total_lte": 0 + } + schema: + type: string + - in: header + name: authorization + multiline: false + description: Header generated by shuffler.io OpenAPI + required: false + example: undefined + schema: + type: string + requestBody: + description: Generated by Shuffler.io + required: false + content: + example: + example: |- + { + "aggregate_by_account": false, + "alerts.codes": "", + "alias": "", + "at_after": "", + "at_before": "", + "created_at_after": "", + "created_at_before": "", + "deleted_at_after": "", + "deleted_at_before": "", + "domain_name": "", + "domain_name.keyword": "", + "engine_version": "", + "engine_version.keyword": "", + "engine_version_gt": "", + "engine_version_gte": "", + "engine_version_lt": "", + "engine_version_lte": "", + "fully_qualified_host_name": "", + "fully_qualified_host_name.keyword": "", + "group_id": "", + "group_name": "", + "group_name.keyword": "", + "has_alerts": false, + "host_name": "", + "host_name.keyword": "", + "infection_found": false, + "is_deleted": false, + "is_isolated": false, + "is_software_update_available": false, + "last_assets_scan_at_after": "", + "last_assets_scan_at_before": "", + "last_day_seen_after": "", + "last_day_seen_before": "", + "last_scan_after": "", + "last_scan_before": "", + "last_user": "", + "last_user.keyword": "", + "machine_ip": "", + "marked_for_deletion_after": "", + "marked_for_deletion_before": "", + "multi_sort": [ + { + "direction": "asc", + "field": "at", + "missing": "_first" + } + ], + "name_multi_search": "", + "next_cursor": "", + "nics.description": "", + "nics.ips": "", + "nics.mac_address": "", + "object_guid": "", + "os_info.os_architecture": "", + "os_info.os_platform": "", + "os_info.os_release_name": "", + "os_info.os_release_name.keyword": "", + "os_info.os_type": "", + "os_info.os_version": "", + "page_size": 2000, + "plugins.asset_manager.alerts.codes": "", + "plugins.asset_manager.plugin_version": "", + "plugins.asset_manager.reboot_reason": "", + "plugins.endpoint_detection_and_response.alerts.codes": "", + "plugins.endpoint_detection_and_response.plugin_version": "", + "plugins.endpoint_detection_and_response.reboot_reason": "", + "plugins.endpoint_protection.alerts.codes": "", + "plugins.endpoint_protection.component_package_version": "", + "plugins.endpoint_protection.plugin_version": "", + "plugins.endpoint_protection.reboot_reason": "", + "plugins.endpoint_protection.sdk_version": "", + "plugins.endpoint_protection.update_package_version": "", + "plugins.incident_response.alerts.codes": "", + "plugins.incident_response.plugin_version": "", + "plugins.incident_response.reboot_reason": "", + "plugins.siem.alerts.codes": "", + "plugins.siem.plugin_version": "", + "plugins.siem.reboot_reason": "", + "policy_etag": "", + "policy_id": "", + "policy_name": "", + "policy_name.keyword": "", + "populate": { + "account": false, + "last_job": false, + "platform": false + }, + "protection_status": "", + "reboot_required": false, + "serial_number": "", + "serial_number.keyword": "", + "sort_field": "at", + "sort_order": "asc", + "source_location.city": "", + "source_location.continent": "", + "source_location.country": "", + "source_location.country_iso": "", + "source_location.is_anonymous_proxy": false, + "source_location.postal_code": "", + "source_location.subdivisions": "", + "source_location.time_zone": "", + "suspicious_activity_found": false, + "vulnerabilities_found_total_gt": 0, + "vulnerabilities_found_total_gte": 0, + "vulnerabilities_found_total_lt": 0, + "vulnerabilities_found_total_lte": 0 + } + /oneview/v1/endpoints/export: + post: + responses: + default: + description: default + content: + text/plain: + schema: + type: string + example: "" + summary: Export endpoints Bulk across accounts + operationId: Export_endpoints_Bulk_across_accounts + description: >+ + Export endpoint data. You can export across multiple accounts. Specify + your interested fields and the output format. + + + Supported output formats: csv, xlsx, json. + + + ## Settings + + + | Name | Description | + + |------|-------------| + + | groups | List of queries. The constraints accepted are the same accepted by the search endpoints route. Refer to `POST -> /endpoints` for more information about the constraints accepted. | + + | endpoints | List of explicit endpoint ids. Accounts ids are required along with the endpoint ids | + + | populate | Whether to populate the response with additional data. Currently supported `account` and `last_job` | + + | download | If set to true, the server will set the `Content-Disposition` header using the `filename` and `format` | + + | select | Which fields to select, and which field name to map to. See request schema for allowed values | + + | type | Output encoding (for `csv` and `json` format) | + + | filename | Name of the file to be set in `Content-Disposition` header if `download` = true | + + + ## Examples + + + ### Download HTML file + + + A request with this body sent by a browser will download a file called `nameofthefile.html`, displaying a table with columns: `Deleted`, `Task`, `ID`, `Name` for all `windows` endpoints within account id `1e14cd0a-2ef3-4db3-b8a4-c89894d9aa34` and the endpoint with id `211a4cfc-557e-4ba7-a96f-70685a07c29e`: + + + ```json + { + "groups": [{ + "account_ids": ["1e14cd0a-2ef3-4db3-b8a4-c89894d9aa34"], + "os_info.os_platform": "windows" + }], + "endpoints": [{ "id": "211a4cfc-557e-4ba7-a96f-70685a07c29e", "account_id": "1e14cd0a-2ef3-4db3-b8a4-c89894d9aa34"}], + "populate": { "account": true, "last_job": true }, + "format": "html", + "type": "string", + "filename": "nameofthefile", + "download": true, + "select": [{ + "field": "machine.is_deleted", + "newField": "Deleted" + },{ + "field": "machine.job.status", + "newField": "Task" + }, { + "field": "machine.id", + "newField": "ID" + }, { + "field": "machine.account.name", + "newField": "Name" + }] + } + ``` + + + ### Download xlsx file + + + A request with this body sent by a browser will download a file called `report.html`, displaying a table with columns: `Deleted`, `Task`, `ID`, `Name` for all `windows` endpoints within account id `1e14cd0a-2ef3-4db3-b8a4-c89894d9aa34` and the endpoint with id `211a4cfc-557e-4ba7-a96f-70685a07c29e`: + + + ```json + { + "groups": [{ + "account_ids": ["1e14cd0a-2ef3-4db3-b8a4-c89894d9aa34"], + "os_info.os_platform": "windows" + }], + "endpoints": [{ "id": "211a4cfc-557e-4ba7-a96f-70685a07c29e", "account_id": "1e14cd0a-2ef3-4db3-b8a4-c89894d9aa34"}], + "populate": { "account": true, "last_job": true }, + "format": "xlsx", + "type": "base64", + "filename": "report", + "download": true, + "select": [{ + "field": "machine.is_deleted", + "newField": "Deleted" + },{ + "field": "machine.job.status", + "newField": "Task" + }, { + "field": "machine.id", + "newField": "ID" + }, { + "field": "machine.account.name", + "newField": "Name" + }] + } + ``` + + + ### Get JSON with all ids for programmatic usage + + + A request with the following body sent by a browser will respond with a json body containing an array of objects with the following properties: `Deleted`, `Task`, `ID`, `Name` for all `windows` endpoints within account id `1e14cd0a-2ef3-4db3-b8a4-c89894d9aa34` and the endpoint with id `211a4cfc-557e-4ba7-a96f-70685a07c29e`: + + + ```json + { + "groups": [{ + "account_ids": ["1e14cd0a-2ef3-4db3-b8a4-c89894d9aa34"], + "os_info.os_platform": "windows" + }], + "endpoints": [{ "id": "211a4cfc-557e-4ba7-a96f-70685a07c29e", "account_id": "1e14cd0a-2ef3-4db3-b8a4-c89894d9aa34"}], + "populate": { "account": true, "last_job": true }, + "format": "json", + "type": "string", + "select": [{ + "field": "machine.is_deleted", + "newField": "Deleted" + },{ + "field": "machine.job.status", + "newField": "Task" + }, { + "field": "machine.id", + "newField": "ID" + }, { + "field": "machine.account.name", + "newField": "Name" + }] + } + ``` + + + *Example response* + + ``` + + [ + { + "Deleted": false, + "Task": "PENDING", + "ID": "211a4cfc-557e-4ba7-a96f-70685a07c29e", + "Name": "Postman Test Account2040c322-c98a-4e98-bb67-9d3f94ff1867" + }, + { + "Deleted": false, + "Task": "PENDING", + "ID": "211a4cfc-557e-4ba7-a96f-70685a07c29e", + "Name": "Postman Test Account2040c322-c98a-4e98-bb67-9d3f94ff1867" + }, + { + "Deleted": false, + "Task": "PENDING", + "ID": "49a92495-ff82-433d-b1ec-6e49376ddf06", + "Name": "Postman Test Account2040c322-c98a-4e98-bb67-9d3f94ff1867" + }, + { + "Deleted": false, + "ID": "cb35a2a2-e391-4fb5-b0d2-11693797c648", + "Name": "Postman Test Account2040c322-c98a-4e98-bb67-9d3f94ff1867" + }, + { + "Deleted": false, + "ID": "df974ca9-229c-40f2-93fe-a29bde6f77c8", + "Name": "Postman Test Account2040c322-c98a-4e98-bb67-9d3f94ff1867" + }, + { + "Deleted": false, + "ID": "e7093336-cd45-4492-bb0f-8bebc62db0c3", + "Name": "Postman Test Account2040c322-c98a-4e98-bb67-9d3f94ff1867" + } + ] + + ``` + + + parameters: + - in: body + name: body + multiline: true + description: Generated by shuffler.io OpenAPI + required: false + example: |- + { + "download": false, + "endpoints": [ + { + "account_id": "", + "id": "" + } + ], + "format": "csv", + "select": [ + { + "field": "machine.is_deleted", + "newField": "" + } + ], + "type": "string" + } + schema: + type: string + - in: header + name: authorization + multiline: false + description: Header generated by shuffler.io OpenAPI + required: false + example: undefined + schema: + type: string + requestBody: + description: Generated by Shuffler.io + required: false + content: + example: + example: |- + { + "download": false, + "endpoints": [ + { + "account_id": "", + "id": "" + } + ], + "format": "csv", + "select": [ + { + "field": "machine.is_deleted", + "newField": "" + } + ], + "type": "string" + } + /oneview/v1/endpoints/search-groupby: + post: + responses: + default: + description: default + content: + text/plain: + schema: + type: string + example: |- + { + "next_cursor": "", + "results": [ + { + "name": "", + "total": 0 + } + ] + } + summary: Search grouped endpoints + operationId: Search_grouped_endpoints + description: Search grouped endpoints + parameters: + - in: body + name: body + multiline: true + description: Generated by shuffler.io OpenAPI + required: false + example: |- + { + "account_cardinality": false, + "group_by": "os_info.os_platform", + "page_size": 2000 + } + schema: + type: string + - in: header + name: authorization + multiline: false + description: Header generated by shuffler.io OpenAPI + required: false + example: undefined + schema: + type: string + requestBody: + description: Generated by Shuffler.io + required: false + content: + example: + example: |- + { + "account_cardinality": false, + "group_by": "os_info.os_platform", + "page_size": 2000 + } + /oneview/v1/exclusions: + get: + responses: + default: + description: default + content: + text/plain: + schema: + type: string + example: |- + { + "exclusions": [ + { + "account_level": true, + "comment": "", + "created_at": "", + "created_by": "", + "created_by_fullname": "", + "enabled": false, + "etag": "", + "exclusion_id": "", + "exclusion_type": 1, + "exclusion_value": "", + "exploit_protection": false, + "malware_protection": false, + "ransomware_protection": false, + "suspicious_activity": false, + "updated_at": "", + "updated_by": "", + "updated_by_fullname": "", + "website_protection": false + } + ] + } + summary: Get all exclusions + operationId: Get_all_exclusions + description: Get all exclusions + parameters: + - in: header + name: authorization + multiline: false + description: Header generated by shuffler.io OpenAPI + required: false + example: undefined + schema: + type: string + requestBody: + content: {} + post: + responses: + default: + description: default + content: + text/plain: + schema: + type: string + example: |- + { + "account_level": true, + "comment": "", + "created_at": "", + "created_by": "", + "created_by_fullname": "", + "enabled": false, + "etag": "", + "exclusion_id": "", + "exclusion_type": 1, + "exclusion_value": "", + "exploit_protection": false, + "malware_protection": false, + "ransomware_protection": false, + "suspicious_activity": false, + "updated_at": "", + "updated_by": "", + "updated_by_fullname": "", + "website_protection": false + } + summary: Create exclusion + operationId: Create_exclusion + description: > + Use this API endpoint to add exclusions. + + + ## Validation rules + + + - type must be a number from the following list: 1, 2, 3, 4, 5, 6, 7, 8, 13 + + - exploit_protection can only be true if type is 13 + + - ransomware_protection can only be true if type is 1 or 2 + + - malware_protection can only be true if type is 1, 2, 4, or 5 + + - website_protection can only be true if type is 6, 7, or 8 + + - bruteforce_protection can only be true if type is 7 + + - if type is 14, only suspicious_activity can and must be true + + - if account_level is false, then policy_ids must be an array of UUID(s) + + - value must be a valid domain or website (domain with protocol prefix) if type is 6 + + - value must be a valid IP address if type is 7 + parameters: + - in: body + name: body + multiline: true + description: Generated by shuffler.io OpenAPI + required: false + example: |- + { + "account_level": true, + "comment": "", + "enabled": false, + "etag": "", + "exclusion_type": 1, + "exclusion_value": "", + "exploit_protection": false, + "malware_protection": false, + "ransomware_protection": false, + "suspicious_activity": false, + "website_protection": false + } + schema: + type: string + - in: header + name: authorization + multiline: false + description: Header generated by shuffler.io OpenAPI + required: false + example: undefined + schema: + type: string + requestBody: + description: Generated by Shuffler.io + required: false + content: + example: + example: |- + { + "account_level": true, + "comment": "", + "enabled": false, + "etag": "", + "exclusion_type": 1, + "exclusion_value": "", + "exploit_protection": false, + "malware_protection": false, + "ransomware_protection": false, + "suspicious_activity": false, + "website_protection": false + } + "/oneview/v1/exclusions/{id}": + delete: + responses: + default: + description: default + content: + text/plain: + schema: + type: string + example: "" + summary: Delete exclusion + operationId: Delete_exclusion + description: Delete exclusion by id. + parameters: + - in: path + name: id + description: Generated by shuffler.io OpenAPI + required: false + schema: + type: string + - in: body + name: body + multiline: true + description: Generated by shuffler.io OpenAPI + required: false + example: "" + schema: + type: string + - in: header + name: authorization + multiline: false + description: Header generated by shuffler.io OpenAPI + required: false + example: undefined + schema: + type: string + requestBody: + description: Generated by Shuffler.io + required: false + content: + example: + example: "" + get: + responses: + default: + description: default + content: + text/plain: + schema: + type: string + example: |- + { + "account_level": true, + "comment": "", + "created_at": "", + "created_by": "", + "created_by_fullname": "", + "enabled": false, + "etag": "", + "exclusion_id": "", + "exclusion_type": 1, + "exclusion_value": "", + "exploit_protection": false, + "malware_protection": false, + "ransomware_protection": false, + "suspicious_activity": false, + "updated_at": "", + "updated_by": "", + "updated_by_fullname": "", + "website_protection": false + } + summary: Get one exclusions + operationId: Get_one_exclusions + description: Get one exclusion by its id + parameters: + - in: path + name: id + description: Generated by shuffler.io OpenAPI + required: false + schema: + type: string + - in: header + name: authorization + multiline: false + description: Header generated by shuffler.io OpenAPI + required: false + example: undefined + schema: + type: string + requestBody: + content: {} + put: + responses: + default: + description: default + content: + text/plain: + schema: + type: string + example: |- + { + "account_level": true, + "comment": "", + "created_at": "", + "created_by": "", + "created_by_fullname": "", + "enabled": false, + "etag": "", + "exclusion_id": "", + "exclusion_type": 1, + "exclusion_value": "", + "exploit_protection": false, + "malware_protection": false, + "ransomware_protection": false, + "suspicious_activity": false, + "updated_at": "", + "updated_by": "", + "updated_by_fullname": "", + "website_protection": false + } + summary: Update one exclusions + operationId: Update_one_exclusions + description: Update one exclusion by its id + parameters: + - in: path + name: id + description: Generated by shuffler.io OpenAPI + required: false + schema: + type: string + - in: body + name: body + multiline: true + description: Generated by shuffler.io OpenAPI + required: false + example: |- + { + "account_level": true, + "comment": "", + "enabled": false, + "etag": "", + "exclusion_type": 1, + "exclusion_value": "", + "exploit_protection": false, + "malware_protection": false, + "ransomware_protection": false, + "suspicious_activity": false, + "website_protection": false + } + schema: + type: string + - in: header + name: authorization + multiline: false + description: Header generated by shuffler.io OpenAPI + required: false + example: undefined + schema: + type: string + requestBody: + description: Generated by Shuffler.io + required: false + content: + example: + example: |- + { + "account_level": true, + "comment": "", + "enabled": false, + "etag": "", + "exclusion_type": 1, + "exclusion_value": "", + "exploit_protection": false, + "malware_protection": false, + "ransomware_protection": false, + "suspicious_activity": false, + "website_protection": false + } + "/oneview/v1/groups/{id}/machines": + post: + responses: + default: + description: default + content: + text/plain: + schema: + type: string + example: |- + { + "errors": [ + { + "account_id": "", + "id": "" + } + ] + } + summary: Assign endpoints to a group across accounts + operationId: Assign_endpoints_to_a_group_across_accounts + description: > + Use this endpoint to move machines in a group. + + This API endpoint allows you to specify queries instead of explicitly specifying endpoint ids. See example for more details. + + + To assign all your `Mac Os` endpoints across two of your manages sites to a group, and on all your endpoints for a certain account with policy matching the string `serious policy`, use the following body: + + + ```json + "groups": [{ + "account_ids": ["", ""], + "os_info.os_platform": "Mac Os" + }, { + "account_ids": [""], + "policy_name": "serious policy" + }] + ``` + + The constraints accepted are the same accepted by the search endpoints route. Refer to `POST -> /endpoints` for more information about the constraints accepted. + + + You can also send a mix of explicit endpoint ids and queries in the same request: + + ```json + "endpoints": [{ "id": "", "account_id": "" }], + "groups": [{ + "account_ids": ["", ""], + "os_info.os_platform": "Mac Os" + }, { + "account_ids": [""], + "policy_name": "serious policy" + }] + ``` + parameters: + - in: path + name: id + description: Generated by shuffler.io OpenAPI + required: true + schema: + type: string + - in: body + name: body + multiline: true + description: Generated by shuffler.io OpenAPI + required: false + example: |- + { + "endpoints": [ + { + "account_id": "", + "id": "" + } + ] + } + schema: + type: string + - in: header + name: authorization + multiline: false + description: Header generated by shuffler.io OpenAPI + required: false + example: undefined + schema: + type: string + requestBody: + description: Generated by Shuffler.io + required: false + content: + example: + example: |- + { + "endpoints": [ + { + "account_id": "", + "id": "" + } + ] + } + /oneview/v1/info/account: + get: + responses: + default: + description: default + content: + text/plain: + schema: + type: string + example: |- + { + "account_id": "", + "nebula_parent_account_id": "" + } + summary: Account info + operationId: Account_info + description: Get account id associated to the requesting client + parameters: + - in: header + name: authorization + multiline: false + description: Header generated by shuffler.io OpenAPI + required: false + example: undefined + schema: + type: string + requestBody: + content: {} + /oneview/v1/installation-token: + post: + responses: + default: + description: default + content: + text/plain: + schema: + type: string + example: |- + { + "installation_tokens": [ + { + "account_id": "", + "created_at": "", + "created_by": "", + "expires_at": "", + "id": "", + "token": "" + } + ], + "total_count": 0 + } + summary: Get installation tokens across multiple accounts + operationId: Get_installation_tokens_across_multiple_accounts + description: List the installation tokens generated or used across multiple accounts + parameters: + - in: body + name: body + multiline: true + description: Generated by shuffler.io OpenAPI + required: false + example: "" + schema: + type: string + - in: header + name: authorization + multiline: false + description: Header generated by shuffler.io OpenAPI + required: false + example: undefined + schema: + type: string + requestBody: + description: Generated by Shuffler.io + required: false + content: + example: + example: "" + "/oneview/v1/installation-token/{account_id}": + post: + responses: + default: + description: default + content: + text/plain: + schema: + type: string + example: |- + { + "account_id": "", + "created_at": "", + "created_by": "", + "expires_at": "", + "id": "", + "token": "" + } + summary: Generate an installation token + operationId: Generate_an_installation_token + description: Generate an installation token to be used. The token will be only + visible during this operation. + parameters: + - in: path + name: account_id + description: Generated by shuffler.io OpenAPI + required: true + schema: + type: string + - in: body + name: body + multiline: true + description: Generated by shuffler.io OpenAPI + required: false + example: "" + schema: + type: string + - in: header + name: authorization + multiline: false + description: Header generated by shuffler.io OpenAPI + required: false + example: undefined + schema: + type: string + requestBody: + description: Generated by Shuffler.io + required: false + content: + example: + example: "" + "/oneview/v1/installation-token/{account_id}/send": + post: + responses: + default: + description: default + content: + text/plain: + schema: + type: string + example: |- + { + "account_id": "", + "created_at": "", + "created_by": "", + "expires_at": "", + "id": "", + "token": "" + } + summary: Send installation tokens + operationId: Send_installation_tokens + description: Send installation tokens to batches of emails + parameters: + - in: path + name: account_id + description: Generated by shuffler.io OpenAPI + required: true + schema: + type: string + - in: body + name: body + multiline: true + description: Generated by shuffler.io OpenAPI + required: false + example: "{}" + schema: + type: string + - in: header + name: authorization + multiline: false + description: Header generated by shuffler.io OpenAPI + required: false + example: undefined + schema: + type: string + requestBody: + description: Generated by Shuffler.io + required: false + content: + example: + example: "{}" + "/oneview/v1/installation-token/{account_id}/{token}": + delete: + responses: + default: + description: default + content: + text/plain: + schema: + type: string + example: |- + { + "account_id": "", + "created_at": "", + "created_by": "", + "expires_at": "", + "id": "", + "token": "" + } + summary: Revoke installation token + operationId: Revoke_installation_token + description: Revoke an installation token that has not been used yet. + parameters: + - in: path + name: account_id + description: Generated by shuffler.io OpenAPI + required: false + schema: + type: string + - in: path + name: token + description: Generated by shuffler.io OpenAPI + required: false + schema: + type: string + - in: body + name: body + multiline: true + description: Generated by shuffler.io OpenAPI + required: false + example: "" + schema: + type: string + - in: header + name: authorization + multiline: false + description: Header generated by shuffler.io OpenAPI + required: false + example: undefined + schema: + type: string + requestBody: + description: Generated by Shuffler.io + required: false + content: + example: + example: "" + /oneview/v1/jobs/bulk: + delete: + responses: + default: + description: default + content: + text/plain: + schema: + type: string + example: "" + summary: Cancel pending jobs across accounts + operationId: Cancel_pending_jobs_across_accounts + description: Cancel pending jobs across accounts + parameters: + - in: body + name: body + multiline: true + description: Generated by shuffler.io OpenAPI + required: false + example: "{}" + schema: + type: string + - in: header + name: authorization + multiline: false + description: Header generated by shuffler.io OpenAPI + required: false + example: undefined + schema: + type: string + requestBody: + description: Generated by Shuffler.io + required: false + content: + example: + example: "{}" + post: + responses: + default: + description: default + content: + text/plain: + schema: + type: string + example: |- + { + "errors": [ + { + "account_id": "", + "id": "" + } + ], + "jobs": [ + { + "job_id": "", + "machine_id": "" + } + ], + "total_count": 0 + } + summary: Bulk issue jobs across accounts + operationId: Bulk_issue_jobs_across_accounts + description: > + Use this endpoint to issue a job across multiple accounts you manage. + + This API endpoint allows you to specify queries instead of explicitly specifying endpoint ids. See example for more details. + + + See `Issue a job` for the commands list + + + Jobs are issued asynchronously and processed by endpoint agents when they get online. If you want to get notifications about the progress of a job, create a subscription to the `job_status_change` webhook event. + + + + ## Command specific data + + You can customize each command using specific settings. Supply those command-specific settings in the `data` parameter. + + + ### command.threat.quarantine.restore + + Restore item from quarantine. Specify one or more detection ids + + ```json + + {"restore_items":["7021ebec-b7b8-49b3-8709-f36bf5002c30"]} + + ``` + + + ### command.threat.quarantine.remove + + Delete item from quarantine. Specify one or more detection ids + + ```json + + {"delete_items":["7021ebec-b7b8-49b3-8709-f36bf5002c30"]} + + ``` + + + ### command.threat.scan + + + If you want to just report detections: + + ```json + + {"scan_settings":{"type":"ThreatScan","remove":false}} + + ``` + + + If you want to quarantine detected items: + + ```json + + {"scan_settings":{"type":"ThreatScan","remove":true}} + + ``` + + + ### command.edr.isolation + + Specify the extent of your isolation. Can be any combination of `desktop`, `network`, or `process`. + + ```json + + {"desktop":true,"network":true,"process":true} + + ``` + + + ## examples + + ```json + + { + "endpoints": [{ "id": "", "account_id": "" }] + } + + ``` + + If you want to issue a job on all your `Mac Os` endpoints across two of your manages sites, and on all your endpoints for a certain account with policy matching the string `serious policy`, do the following: + + + ```json + "groups": [{ + "account_ids": ["", ""], + "os_info.os_platform": "Mac Os" + }, { + "account_ids": [""], + "policy_name": "serious policy" + }] + ``` + + The constraints accepted are the same accepted by the search endpoints route. Refer to `POST -> /endpoints` for more information about the constraints accepted. + + + You can also send a mix of explicit endpoint ids and queries in the same request: + + ```json + "endpoints": [{ "id": "", "account_id": "" }], + "groups": [{ + "account_ids": ["", ""], + "os_info.os_platform": "Mac Os" + }, { + "account_ids": [""], + "policy_name": "serious policy" + }] + ``` + + The response includes the explicit ids on which the job was issued. + parameters: + - in: body + name: body + multiline: true + description: Generated by shuffler.io OpenAPI + required: false + example: |- + { + "command": "", + "data": { + "allow_postpone_reboot": false, + "application_name": "", + "architecture": "", + "ark": false, + "current_version": "", + "delay_in_seconds": 0, + "enable_shuriken": false, + "exclusions": [ + { + "exclude_from": {}, + "type": "", + "value": "" + } + ], + "language": "", + "message": "", + "new_version": "", + "no_archive": false, + "no_reboot": false, + "patches": [ + { + "category": "", + "product": "", + "severity": "", + "title": "", + "vendor": "" + } + ], + "product": 0, + "pum_detection": "", + "pup_detection": "", + "reasons": 0, + "reboot_delay": 0, + "reboot_delay_rrule": "", + "reboot_message": "", + "remove": false, + "scan_file_system": false, + "scan_fixed_drives": false, + "scan_memory": false, + "scan_path": "", + "scan_path_from_list_file": false, + "scan_priority": "", + "scan_registry": false, + "scan_settings": { + "remove": false, + "type": "" + }, + "scan_startup": false, + "type": "", + "vendor": "" + }, + "endpoints": [ + { + "account_id": "", + "id": "" + } + ], + "relay_state": "", + "requires_connected": false + } + schema: + type: string + - in: header + name: authorization + multiline: false + description: Header generated by shuffler.io OpenAPI + required: false + example: undefined + schema: + type: string + requestBody: + description: Generated by Shuffler.io + required: false + content: + example: + example: |- + { + "command": "", + "data": { + "allow_postpone_reboot": false, + "application_name": "", + "architecture": "", + "ark": false, + "current_version": "", + "delay_in_seconds": 0, + "enable_shuriken": false, + "exclusions": [ + { + "exclude_from": {}, + "type": "", + "value": "" + } + ], + "language": "", + "message": "", + "new_version": "", + "no_archive": false, + "no_reboot": false, + "patches": [ + { + "category": "", + "product": "", + "severity": "", + "title": "", + "vendor": "" + } + ], + "product": 0, + "pum_detection": "", + "pup_detection": "", + "reasons": 0, + "reboot_delay": 0, + "reboot_delay_rrule": "", + "reboot_message": "", + "remove": false, + "scan_file_system": false, + "scan_fixed_drives": false, + "scan_memory": false, + "scan_path": "", + "scan_path_from_list_file": false, + "scan_priority": "", + "scan_registry": false, + "scan_settings": { + "remove": false, + "type": "" + }, + "scan_startup": false, + "type": "", + "vendor": "" + }, + "endpoints": [ + { + "account_id": "", + "id": "" + } + ], + "relay_state": "", + "requires_connected": false + } + /oneview/v1/jobs/export: + post: + responses: + default: + description: default + content: + text/plain: + schema: + type: string + example: "" + summary: Export jobs + operationId: Export_jobs + description: >+ + Export jobs data. You can export across multiple accounts. Specify your + interested fields and the output format. + + + Supported output formats: csv, xlsx, json. + + + ## Settings + + + | Name | Description | + + |------|-------------| + + | groups | List of queries. The constraints accepted are the same accepted by the search jobs route. Refer to `POST -> /jobs/search` for more information about the constraints accepted. | + + | download | If set to true, the server will set the `Content-Disposition` header using the `filename` and `format` | + + | select | Which fields to select, and which field name to map to. See request schema for allowed values | + + | type | Output encoding (for `csv` and `json` format) | + + | filename | Name of the file to be set in `Content-Disposition` header if `download` = true | + + + + parameters: + - in: body + name: body + multiline: true + description: Generated by shuffler.io OpenAPI + required: false + example: "{}" + schema: + type: string + - in: header + name: authorization + multiline: false + description: Header generated by shuffler.io OpenAPI + required: false + example: undefined + schema: + type: string + requestBody: + description: Generated by Shuffler.io + required: false + content: + example: + example: "{}" + /oneview/v1/jobs/search: + post: + responses: + default: + description: default + content: + text/plain: + schema: + type: string + example: |- + { + "jobs": [ + { + "account_id": "", + "account_name": "", + "cancelled_by": "", + "cancelled_by_email": "", + "cancelled_by_name": "", + "command": "", + "data": "", + "expires_at": "", + "id": "", + "issued_at": "", + "issued_by": "", + "issued_by_email": "", + "issued_by_name": "", + "machine_id": "", + "machine_name": "", + "reason": "", + "relay_state": "", + "status": 0, + "tags": { + "alias": "" + }, + "updated_at": "" + } + ], + "next_cursor": "", + "total_count": 0 + } + summary: Search jobs + operationId: Search_jobs + description: Search jobs across all your managed account. The search will be + scoped to the account_ids you specify in the request body. + parameters: + - in: body + name: body + multiline: true + description: Generated by shuffler.io OpenAPI + required: false + example: "" + schema: + type: string + - in: header + name: authorization + multiline: false + description: Header generated by shuffler.io OpenAPI + required: false + example: undefined + schema: + type: string + requestBody: + description: Generated by Shuffler.io + required: false + content: + example: + example: "" + /oneview/v1/jobs/search-groupby: + post: + responses: + default: + description: default + content: + text/plain: + schema: + type: string + example: |- + { + "next_cursor": "", + "results": [ + { + "account_name": "", + "issued_by_email": "", + "issued_by_name": "", + "machine_name": "", + "total": 0 + } + ] + } + summary: Search jobs groupBy + operationId: Search_jobs_groupBy + description: Search jobs grouped by a specific field across all your managed account. + parameters: + - in: body + name: body + multiline: true + description: Generated by shuffler.io OpenAPI + required: false + example: "" + schema: + type: string + - in: header + name: authorization + multiline: false + description: Header generated by shuffler.io OpenAPI + required: false + example: undefined + schema: + type: string + requestBody: + description: Generated by Shuffler.io + required: false + content: + example: + example: "" + /oneview/v1/notifications/subscriptions: + get: + responses: + default: + description: default + content: + text/plain: + schema: + type: string + example: |- + { + "next_cursor": "" + } + summary: "Get all notifications " + operationId: Get_all_notifications_ + description: Get all notification subscriptions. + parameters: + - in: query + name: owner + description: the identifier of the owner of the subscription, in the scope of + the client + required: false + schema: + type: string + - in: query + name: next_cursor + description: The pagination cursor for next set of results. For further + documentation, check Pagination section. + required: false + schema: + type: string + - in: header + name: authorization + multiline: false + description: Header generated by shuffler.io OpenAPI + required: false + example: undefined + schema: + type: string + requestBody: + content: {} + post: + responses: + default: + description: default + content: + text/plain: + schema: + type: string + example: "" + summary: "Create notification " + operationId: Create_notification_ + description: Create notification subscription. + parameters: + - in: body + name: body + multiline: true + description: Generated by shuffler.io OpenAPI + required: false + example: |- + { + "description": "" + } + schema: + type: string + - in: header + name: authorization + multiline: false + description: Header generated by shuffler.io OpenAPI + required: false + example: undefined + schema: + type: string + requestBody: + description: Generated by Shuffler.io + required: false + content: + example: + example: |- + { + "description": "" + } + /oneview/v1/notifications/subscriptions/bulk: + delete: + responses: + default: + description: default + content: + text/plain: + schema: + type: string + example: "" + summary: "Delete notification bulk " + operationId: Delete_notification_bulk_ + description: Delete bulk notification subscription. + parameters: + - in: body + name: body + multiline: true + description: Generated by shuffler.io OpenAPI + required: false + example: |- + { + "subscriptions": [ + { + "id": "", + "owner": "" + } + ] + } + schema: + type: string + - in: header + name: authorization + multiline: false + description: Header generated by shuffler.io OpenAPI + required: false + example: undefined + schema: + type: string + requestBody: + description: Generated by Shuffler.io + required: false + content: + example: + example: |- + { + "subscriptions": [ + { + "id": "", + "owner": "" + } + ] + } + put: + responses: + default: + description: default + content: + text/plain: + schema: + type: string + example: "" + summary: "Update notification bulk " + operationId: Update_notification_bulk_ + description: Update bulk notification subscription. + parameters: + - in: body + name: body + multiline: true + description: Generated by shuffler.io OpenAPI + required: false + example: "{}" + schema: + type: string + - in: header + name: authorization + multiline: false + description: Header generated by shuffler.io OpenAPI + required: false + example: undefined + schema: + type: string + requestBody: + description: Generated by Shuffler.io + required: false + content: + example: + example: "{}" + "/oneview/v1/notifications/subscriptions/{id}": + delete: + responses: + default: + description: default + content: + text/plain: + schema: + type: string + example: "" + summary: "Delete notification " + operationId: Delete_notification_ + description: Delete notification subscription. + parameters: + - in: path + name: id + description: Generated by shuffler.io OpenAPI + required: false + schema: + type: string + - in: body + name: body + multiline: true + description: Generated by shuffler.io OpenAPI + required: false + example: "" + schema: + type: string + - in: header + name: authorization + multiline: false + description: Header generated by shuffler.io OpenAPI + required: false + example: undefined + schema: + type: string + requestBody: + description: Generated by Shuffler.io + required: false + content: + example: + example: "" + get: + responses: + default: + description: default + content: + text/plain: + schema: + type: string + example: |- + { + "description": "" + } + summary: "Get notification " + operationId: Get_notification_ + description: Get notification subscription. + parameters: + - in: path + name: id + description: Generated by shuffler.io OpenAPI + required: false + schema: + type: string + - in: header + name: authorization + multiline: false + description: Header generated by shuffler.io OpenAPI + required: false + example: undefined + schema: + type: string + requestBody: + content: {} + put: + responses: + default: + description: default + content: + text/plain: + schema: + type: string + example: "" + summary: "Update notification " + operationId: Update_notification_ + description: Update notification subscription. + parameters: + - in: path + name: id + description: Generated by shuffler.io OpenAPI + required: false + schema: + type: string + - in: body + name: body + multiline: true + description: Generated by shuffler.io OpenAPI + required: false + example: |- + { + "description": "" + } + schema: + type: string + - in: header + name: authorization + multiline: false + description: Header generated by shuffler.io OpenAPI + required: false + example: undefined + schema: + type: string + requestBody: + description: Generated by Shuffler.io + required: false + content: + example: + example: |- + { + "description": "" + } + /oneview/v1/os-patches: + post: + responses: + default: + description: default + content: + text/plain: + schema: + type: string + example: |- + { + "next_cursor": "", + "results": [ + { + "account_id": "", + "category": "", + "created_at": "", + "description": "", + "display_name": "", + "fully_qualified_host_name": "", + "group_id": "", + "host_name": "", + "machine_id": "", + "object_guid": "", + "parent_account_id": "", + "patch_id": "", + "product": "", + "reboot_required": false, + "released_at": "", + "root_group_id": "", + "security_update_id": "", + "severity": "", + "size": 0, + "title": "", + "vendor": "" + } + ], + "total_count": 0 + } + summary: Search OS Patches + operationId: Search_OS_Patches + description: Search OS Patches. + parameters: + - in: body + name: body + multiline: true + description: Generated by shuffler.io OpenAPI + required: false + example: |- + { + "account_name": "", + "account_name.keyword": "", + "category": "", + "category.keyword": "", + "created_at_after": "", + "created_at_before": "", + "description": "", + "description.keyword": "", + "display_name": "", + "display_name.keyword": "", + "fully_qualified_host_name": "", + "fully_qualified_host_name.keyword": "", + "group_id": "", + "group_id.keyword": "", + "host_name": "", + "host_name.keyword": "", + "machine_id": "", + "machine_id.keyword": "", + "next_cursor": "", + "not.account_name": "", + "not.account_name.keyword": "", + "not.category": "", + "not.category.keyword": "", + "not.description": "", + "not.description.keyword": "", + "not.display_name": "", + "not.display_name.keyword": "", + "not.fully_qualified_host_name": "", + "not.fully_qualified_host_name.keyword": "", + "not.group_id": "", + "not.group_id.keyword": "", + "not.host_name": "", + "not.host_name.keyword": "", + "not.machine_id": "", + "not.machine_id.keyword": "", + "not.object_guid": "", + "not.object_guid.keyword": "", + "not.os_info.os_architecture": "", + "not.os_info.os_architecture.keyword": "", + "not.os_info.os_platform": "", + "not.os_info.os_platform.keyword": "", + "not.os_info.os_release_name": "", + "not.os_info.os_release_name.keyword": "", + "not.os_info.os_type": "", + "not.os_info.os_type.keyword": "", + "not.os_info.os_version": "", + "not.os_info.os_version.keyword": "", + "not.parent_account_id": "", + "not.parent_account_id.keyword": "", + "not.patch_id": "", + "not.patch_id.keyword": "", + "not.product": "", + "not.product.keyword": "", + "not.root_group_id": "", + "not.root_group_id.keyword": "", + "not.security_update_id": "", + "not.security_update_id.keyword": "", + "not.severity": "", + "not.severity.keyword": "", + "not.title": "", + "not.title.keyword": "", + "not.vendor": "", + "not.vendor.keyword": "", + "object_guid": "", + "object_guid.keyword": "", + "os_info.os_architecture": "", + "os_info.os_architecture.keyword": "", + "os_info.os_platform": "", + "os_info.os_platform.keyword": "", + "os_info.os_release_name": "", + "os_info.os_release_name.keyword": "", + "os_info.os_type": "", + "os_info.os_type.keyword": "", + "os_info.os_version": "", + "os_info.os_version.keyword": "", + "page_size": 50, + "parent_account_id": "", + "parent_account_id.keyword": "", + "patch_id": "", + "patch_id.keyword": "", + "populate": { + "endpoint": false, + "group": false + }, + "product": "", + "product.keyword": "", + "reboot_required": false, + "released_at_after": "", + "released_at_before": "", + "root_group_id": "", + "root_group_id.keyword": "", + "security_update_id": "", + "security_update_id.keyword": "", + "severity": "", + "severity.keyword": "", + "size": 0, + "size_gt": 0, + "size_gte": 0, + "size_lt": 0, + "size_lte": 0, + "sort_field": "account_id", + "sort_order": "asc", + "title": "", + "title.keyword": "", + "vendor": "", + "vendor.keyword": "" + } + schema: + type: string + - in: header + name: authorization + multiline: false + description: Header generated by shuffler.io OpenAPI + required: false + example: undefined + schema: + type: string + requestBody: + description: Generated by Shuffler.io + required: false + content: + example: + example: |- + { + "account_name": "", + "account_name.keyword": "", + "category": "", + "category.keyword": "", + "created_at_after": "", + "created_at_before": "", + "description": "", + "description.keyword": "", + "display_name": "", + "display_name.keyword": "", + "fully_qualified_host_name": "", + "fully_qualified_host_name.keyword": "", + "group_id": "", + "group_id.keyword": "", + "host_name": "", + "host_name.keyword": "", + "machine_id": "", + "machine_id.keyword": "", + "next_cursor": "", + "not.account_name": "", + "not.account_name.keyword": "", + "not.category": "", + "not.category.keyword": "", + "not.description": "", + "not.description.keyword": "", + "not.display_name": "", + "not.display_name.keyword": "", + "not.fully_qualified_host_name": "", + "not.fully_qualified_host_name.keyword": "", + "not.group_id": "", + "not.group_id.keyword": "", + "not.host_name": "", + "not.host_name.keyword": "", + "not.machine_id": "", + "not.machine_id.keyword": "", + "not.object_guid": "", + "not.object_guid.keyword": "", + "not.os_info.os_architecture": "", + "not.os_info.os_architecture.keyword": "", + "not.os_info.os_platform": "", + "not.os_info.os_platform.keyword": "", + "not.os_info.os_release_name": "", + "not.os_info.os_release_name.keyword": "", + "not.os_info.os_type": "", + "not.os_info.os_type.keyword": "", + "not.os_info.os_version": "", + "not.os_info.os_version.keyword": "", + "not.parent_account_id": "", + "not.parent_account_id.keyword": "", + "not.patch_id": "", + "not.patch_id.keyword": "", + "not.product": "", + "not.product.keyword": "", + "not.root_group_id": "", + "not.root_group_id.keyword": "", + "not.security_update_id": "", + "not.security_update_id.keyword": "", + "not.severity": "", + "not.severity.keyword": "", + "not.title": "", + "not.title.keyword": "", + "not.vendor": "", + "not.vendor.keyword": "", + "object_guid": "", + "object_guid.keyword": "", + "os_info.os_architecture": "", + "os_info.os_architecture.keyword": "", + "os_info.os_platform": "", + "os_info.os_platform.keyword": "", + "os_info.os_release_name": "", + "os_info.os_release_name.keyword": "", + "os_info.os_type": "", + "os_info.os_type.keyword": "", + "os_info.os_version": "", + "os_info.os_version.keyword": "", + "page_size": 50, + "parent_account_id": "", + "parent_account_id.keyword": "", + "patch_id": "", + "patch_id.keyword": "", + "populate": { + "endpoint": false, + "group": false + }, + "product": "", + "product.keyword": "", + "reboot_required": false, + "released_at_after": "", + "released_at_before": "", + "root_group_id": "", + "root_group_id.keyword": "", + "security_update_id": "", + "security_update_id.keyword": "", + "severity": "", + "severity.keyword": "", + "size": 0, + "size_gt": 0, + "size_gte": 0, + "size_lt": 0, + "size_lte": 0, + "sort_field": "account_id", + "sort_order": "asc", + "title": "", + "title.keyword": "", + "vendor": "", + "vendor.keyword": "" + } + /oneview/v1/os-patches/export: + post: + responses: + default: + description: default + content: + text/plain: + schema: + type: string + example: "" + summary: Export OS Patches + operationId: Export_OS_Patches + description: >+ + Export OS Patch data. You can export across multiple accounts. Specify + your interested fields and the output format. + + + Supported output formats: csv, xlsx, json. + + + ## Settings + + + | Name | Description | + + |------|-------------| + + | groups | List of queries. The constraints accepted are the same accepted by the search os patches route. Refer to [Search OS Patches API](#operation/api.v2.rmm.search.os-patches) for more information about the constraints accepted. | + + | download | If set to true, the server will set the `Content-Disposition` header using the `filename` and `format` | + + | select | Which fields to select, and which field name to map to. See request schema for allowed values | + + | type | Output encoding (for `csv` and `json` format) | + + | filename | Name of the file to be set in `Content-Disposition` header if `download` = true | + + + ## Examples + + + ### Download HTML file + + + A request with this body sent by a browser will download a file called `nameofthefile.html`, displaying a table with columns: `KB Id`, `Category`, `Description` for all detections on `windows` endpoints: + + + ```json + { + "groups": [{ + "os_info.os_platform": "Windows" + }], + "format": "html", + "type": "string", + "filename": "nameofthefile", + "download": true, + "select": [ + {"field": "patch_id", "newField": "KB Id"}, + {"field": "category", "newField": "Category"}, + {"field": "description", "newField": "Description"} + ] + } + ``` + + + parameters: + - in: body + name: body + multiline: true + description: Generated by shuffler.io OpenAPI + required: false + example: |- + { + "download": false, + "format": "csv", + "select": [ + { + "field": "account_id", + "newField": "" + } + ], + "type": "string" + } + schema: + type: string + - in: header + name: authorization + multiline: false + description: Header generated by shuffler.io OpenAPI + required: false + example: undefined + schema: + type: string + requestBody: + description: Generated by Shuffler.io + required: false + content: + example: + example: |- + { + "download": false, + "format": "csv", + "select": [ + { + "field": "account_id", + "newField": "" + } + ], + "type": "string" + } + /oneview/v1/os-patches/search-groupby: + post: + responses: + default: + description: default + content: + text/plain: + schema: + type: string + example: |- + { + "next_cursor": "", + "results": [ + { + "account_id": "", + "account_name": "", + "fully_qualified_host_name": "", + "group_name": "", + "host_name": "", + "title": "", + "total": 0 + } + ] + } + summary: Search OS Patches groupBy + operationId: Search_OS_Patches_groupBy + description: Search OS Patches grouped by a specific field. + parameters: + - in: body + name: body + multiline: true + description: Generated by shuffler.io OpenAPI + required: false + example: |- + { + "group_by": "account_id" + } + schema: + type: string + - in: header + name: authorization + multiline: false + description: Header generated by shuffler.io OpenAPI + required: false + example: undefined + schema: + type: string + requestBody: + description: Generated by Shuffler.io + required: false + content: + example: + example: |- + { + "group_by": "account_id" + } + /oneview/v1/policies: + get: + responses: + default: + description: default + content: + text/plain: + schema: + type: string + example: >- + { + "policies": [ + { + "as_auto_service_updates": true, + "as_delay_protection_updates": 0, + "as_enable_restart": false, + "as_pause_software_updates": false, + "as_postpone_reboot": false, + "as_reboot_delay": { + "frequency": "", + "interval": 0 + }, + "as_reboot_message": "", + "as_scan_rootkits": false, + "as_service_process_protection": true, + "as_uninstall_password": "", + "created_at": "", + "deny_edit": false, + "eio_show_tray_icon": false, + "etag": "", + "exclusions": [ + { + "account_level": true, + "comment": "", + "created_at": "", + "created_by": "", + "created_by_fullname": "", + "enabled": false, + "etag": "", + "exclusion_id": "", + "exclusion_type": 1, + "exclusion_value": "", + "exploit_protection": false, + "malware_protection": false, + "ransomware_protection": false, + "suspicious_activity": false, + "updated_at": "", + "updated_by": "", + "updated_by_fullname": "", + "website_protection": false + } + ], + "expire_endpoints": 0, + "is_default": false, + "policy_id": "", + "policy_name": "", + "rdp_settings": { + "action": "", + "allowed_failed_attempts": 0, + "exclude_private_networks": false, + "minutes_between_failed_attempts": 0, + "minutes_to_block": 0, + "protected_protocols": [ + { + "enabled": false, + "name": "" + } + ] + }, + "rtp_behavior_protection": false, + "rtp_exploit_protection": false, + "rtp_malware_protection": false, + "rtp_web_protection": false, + "sam_allow_behavioral_monitoring": false, + "sam_allow_for_rollback_of_files": false, + "sam_isolation_message": "", + "sam_isolation_title": "", + "sam_lock_unlock_endpoint": false, + "sam_rollback_file_size": "", + "sam_rollback_file_size_server": "", + "sam_rollback_quota": 30, + "sam_rollback_timeframe": 0, + "so_detect_signature_less_anomalous_files": false, + "so_scan_contents_of_compressed_folders": false, + "so_scan_priority": "high", + "so_treat_potentially_unwanted_modifications_as_malware": false, + "so_treat_potentially_unwanted_programs_as_malware": false, + "update_at": "", + "win_action_center": "default" + } + ] + } + summary: Get all policies + operationId: Get_all_policies + description: Get all policies + parameters: + - in: header + name: authorization + multiline: false + description: Header generated by shuffler.io OpenAPI + required: false + example: undefined + schema: + type: string + requestBody: + content: {} + post: + responses: + default: + description: default + content: + text/plain: + schema: + type: string + example: >- + { + "as_auto_service_updates": true, + "as_delay_protection_updates": 0, + "as_enable_restart": false, + "as_pause_software_updates": false, + "as_postpone_reboot": false, + "as_reboot_delay": { + "frequency": "", + "interval": 0 + }, + "as_reboot_message": "", + "as_scan_rootkits": false, + "as_service_process_protection": true, + "as_uninstall_password": "", + "created_at": "", + "deny_edit": false, + "eio_show_tray_icon": false, + "etag": "", + "exclusions": [ + { + "account_level": true, + "comment": "", + "created_at": "", + "created_by": "", + "created_by_fullname": "", + "enabled": false, + "etag": "", + "exclusion_id": "", + "exclusion_type": 1, + "exclusion_value": "", + "exploit_protection": false, + "malware_protection": false, + "ransomware_protection": false, + "suspicious_activity": false, + "updated_at": "", + "updated_by": "", + "updated_by_fullname": "", + "website_protection": false + } + ], + "expire_endpoints": 0, + "is_default": false, + "policy_id": "", + "policy_name": "", + "rdp_settings": { + "action": "", + "allowed_failed_attempts": 0, + "exclude_private_networks": false, + "minutes_between_failed_attempts": 0, + "minutes_to_block": 0, + "protected_protocols": [ + { + "enabled": false, + "name": "" + } + ] + }, + "rtp_behavior_protection": false, + "rtp_exploit_protection": false, + "rtp_malware_protection": false, + "rtp_web_protection": false, + "sam_allow_behavioral_monitoring": false, + "sam_allow_for_rollback_of_files": false, + "sam_isolation_message": "", + "sam_isolation_title": "", + "sam_lock_unlock_endpoint": false, + "sam_rollback_file_size": "", + "sam_rollback_file_size_server": "", + "sam_rollback_quota": 30, + "sam_rollback_timeframe": 0, + "so_detect_signature_less_anomalous_files": false, + "so_scan_contents_of_compressed_folders": false, + "so_scan_priority": "high", + "so_treat_potentially_unwanted_modifications_as_malware": false, + "so_treat_potentially_unwanted_programs_as_malware": false, + "update_at": "", + "win_action_center": "default" + } + summary: Create new policy + operationId: Create_new_policy + description: Create new Policy + parameters: + - in: body + name: body + multiline: true + description: Generated by shuffler.io OpenAPI + required: false + example: |- + { + "as_auto_service_updates": true, + "as_delay_protection_updates": 0, + "as_enable_restart": false, + "as_pause_software_updates": false, + "as_postpone_reboot": false, + "as_reboot_delay": { + "frequency": "", + "interval": "" + }, + "as_reboot_message": "", + "as_scan_rootkits": false, + "as_service_process_protection": true, + "as_uninstall_password": "", + "deny_edit": false, + "eio_allow_run_threat_scan": true, + "eio_display_rtp_events": true, + "eio_limit_endpoint_agent_control": false, + "eio_show_threat_scan_shortcuts": false, + "eio_show_tray_icon": true, + "eio_show_windows_contextmenu": true, + "etag": "", + "expire_endpoints": 0, + "is_default": false, + "monitoring_options": { + "enabled": false + }, + "policy_name": "", + "rdp_settings": { + "action": "", + "allowed_failed_attempts": 0, + "exclude_private_networks": false, + "minutes_between_failed_attempts": 0, + "minutes_to_block": 0, + "protected_protocols": [ + { + "enabled": false, + "name": "RDP" + } + ] + }, + "rtp_behavior_protection": false, + "rtp_exploit_protection": false, + "rtp_malware_protection": false, + "rtp_web_protection": false, + "sam_allow_behavioral_monitoring": false, + "sam_allow_for_rollback_of_files": false, + "sam_isolation_message": "", + "sam_isolation_title": "", + "sam_lock_unlock_endpoint": false, + "sam_rollback_file_size": "", + "sam_rollback_file_size_server": "", + "sam_rollback_quota": 30, + "sam_rollback_timeframe": 0, + "so_detect_signature_less_anomalous_files": false, + "so_scan_contents_of_compressed_folders": false, + "so_scan_priority": "high", + "so_treat_potentially_unwanted_modifications_as_malware": false, + "so_treat_potentially_unwanted_programs_as_malware": false, + "win_action_center": "default" + } + schema: + type: string + - in: header + name: authorization + multiline: false + description: Header generated by shuffler.io OpenAPI + required: false + example: undefined + schema: + type: string + requestBody: + description: Generated by Shuffler.io + required: false + content: + example: + example: |- + { + "as_auto_service_updates": true, + "as_delay_protection_updates": 0, + "as_enable_restart": false, + "as_pause_software_updates": false, + "as_postpone_reboot": false, + "as_reboot_delay": { + "frequency": "", + "interval": "" + }, + "as_reboot_message": "", + "as_scan_rootkits": false, + "as_service_process_protection": true, + "as_uninstall_password": "", + "deny_edit": false, + "eio_allow_run_threat_scan": true, + "eio_display_rtp_events": true, + "eio_limit_endpoint_agent_control": false, + "eio_show_threat_scan_shortcuts": false, + "eio_show_tray_icon": true, + "eio_show_windows_contextmenu": true, + "etag": "", + "expire_endpoints": 0, + "is_default": false, + "monitoring_options": { + "enabled": false + }, + "policy_name": "", + "rdp_settings": { + "action": "", + "allowed_failed_attempts": 0, + "exclude_private_networks": false, + "minutes_between_failed_attempts": 0, + "minutes_to_block": 0, + "protected_protocols": [ + { + "enabled": false, + "name": "RDP" + } + ] + }, + "rtp_behavior_protection": false, + "rtp_exploit_protection": false, + "rtp_malware_protection": false, + "rtp_web_protection": false, + "sam_allow_behavioral_monitoring": false, + "sam_allow_for_rollback_of_files": false, + "sam_isolation_message": "", + "sam_isolation_title": "", + "sam_lock_unlock_endpoint": false, + "sam_rollback_file_size": "", + "sam_rollback_file_size_server": "", + "sam_rollback_quota": 30, + "sam_rollback_timeframe": 0, + "so_detect_signature_less_anomalous_files": false, + "so_scan_contents_of_compressed_folders": false, + "so_scan_priority": "high", + "so_treat_potentially_unwanted_modifications_as_malware": false, + "so_treat_potentially_unwanted_programs_as_malware": false, + "win_action_center": "default" + } + "/oneview/v1/policies/{id}": + delete: + responses: + default: + description: default + content: + text/plain: + schema: + type: string + example: "" + summary: Delete policy + operationId: Delete_policy + description: Delete policy. by its id + parameters: + - in: path + name: id + description: Generated by shuffler.io OpenAPI + required: false + schema: + type: string + - in: body + name: body + multiline: true + description: Generated by shuffler.io OpenAPI + required: false + example: "" + schema: + type: string + - in: header + name: authorization + multiline: false + description: Header generated by shuffler.io OpenAPI + required: false + example: undefined + schema: + type: string + requestBody: + description: Generated by Shuffler.io + required: false + content: + example: + example: "" + get: + responses: + default: + description: default + content: + text/plain: + schema: + type: string + example: >- + { + "as_auto_service_updates": true, + "as_delay_protection_updates": 0, + "as_enable_restart": false, + "as_pause_software_updates": false, + "as_postpone_reboot": false, + "as_reboot_delay": { + "frequency": "", + "interval": 0 + }, + "as_reboot_message": "", + "as_scan_rootkits": false, + "as_service_process_protection": true, + "as_uninstall_password": "", + "created_at": "", + "deny_edit": false, + "eio_show_tray_icon": false, + "etag": "", + "exclusions": [ + { + "account_level": true, + "comment": "", + "created_at": "", + "created_by": "", + "created_by_fullname": "", + "enabled": false, + "etag": "", + "exclusion_id": "", + "exclusion_type": 1, + "exclusion_value": "", + "exploit_protection": false, + "malware_protection": false, + "ransomware_protection": false, + "suspicious_activity": false, + "updated_at": "", + "updated_by": "", + "updated_by_fullname": "", + "website_protection": false + } + ], + "expire_endpoints": 0, + "is_default": false, + "policy_id": "", + "policy_name": "", + "rdp_settings": { + "action": "", + "allowed_failed_attempts": 0, + "exclude_private_networks": false, + "minutes_between_failed_attempts": 0, + "minutes_to_block": 0, + "protected_protocols": [ + { + "enabled": false, + "name": "" + } + ] + }, + "rtp_behavior_protection": false, + "rtp_exploit_protection": false, + "rtp_malware_protection": false, + "rtp_web_protection": false, + "sam_allow_behavioral_monitoring": false, + "sam_allow_for_rollback_of_files": false, + "sam_isolation_message": "", + "sam_isolation_title": "", + "sam_lock_unlock_endpoint": false, + "sam_rollback_file_size": "", + "sam_rollback_file_size_server": "", + "sam_rollback_quota": 30, + "sam_rollback_timeframe": 0, + "so_detect_signature_less_anomalous_files": false, + "so_scan_contents_of_compressed_folders": false, + "so_scan_priority": "high", + "so_treat_potentially_unwanted_modifications_as_malware": false, + "so_treat_potentially_unwanted_programs_as_malware": false, + "update_at": "", + "win_action_center": "default" + } + summary: Get policy + operationId: Get_policy + description: Get one policy by its id + parameters: + - in: path + name: id + description: Generated by shuffler.io OpenAPI + required: false + schema: + type: string + - in: header + name: authorization + multiline: false + description: Header generated by shuffler.io OpenAPI + required: false + example: undefined + schema: + type: string + requestBody: + content: {} + put: + responses: + default: + description: default + content: + text/plain: + schema: + type: string + example: >- + { + "as_auto_service_updates": true, + "as_delay_protection_updates": 0, + "as_enable_restart": false, + "as_pause_software_updates": false, + "as_postpone_reboot": false, + "as_reboot_delay": { + "frequency": "", + "interval": 0 + }, + "as_reboot_message": "", + "as_scan_rootkits": false, + "as_service_process_protection": true, + "as_uninstall_password": "", + "created_at": "", + "deny_edit": false, + "eio_show_tray_icon": false, + "etag": "", + "exclusions": [ + { + "account_level": true, + "comment": "", + "created_at": "", + "created_by": "", + "created_by_fullname": "", + "enabled": false, + "etag": "", + "exclusion_id": "", + "exclusion_type": 1, + "exclusion_value": "", + "exploit_protection": false, + "malware_protection": false, + "ransomware_protection": false, + "suspicious_activity": false, + "updated_at": "", + "updated_by": "", + "updated_by_fullname": "", + "website_protection": false + } + ], + "expire_endpoints": 0, + "is_default": false, + "policy_id": "", + "policy_name": "", + "rdp_settings": { + "action": "", + "allowed_failed_attempts": 0, + "exclude_private_networks": false, + "minutes_between_failed_attempts": 0, + "minutes_to_block": 0, + "protected_protocols": [ + { + "enabled": false, + "name": "" + } + ] + }, + "rtp_behavior_protection": false, + "rtp_exploit_protection": false, + "rtp_malware_protection": false, + "rtp_web_protection": false, + "sam_allow_behavioral_monitoring": false, + "sam_allow_for_rollback_of_files": false, + "sam_isolation_message": "", + "sam_isolation_title": "", + "sam_lock_unlock_endpoint": false, + "sam_rollback_file_size": "", + "sam_rollback_file_size_server": "", + "sam_rollback_quota": 30, + "sam_rollback_timeframe": 0, + "so_detect_signature_less_anomalous_files": false, + "so_scan_contents_of_compressed_folders": false, + "so_scan_priority": "high", + "so_treat_potentially_unwanted_modifications_as_malware": false, + "so_treat_potentially_unwanted_programs_as_malware": false, + "update_at": "", + "win_action_center": "default" + } + summary: Update policy + operationId: Update_policy + description: Update policy. by its id + parameters: + - in: path + name: id + description: Generated by shuffler.io OpenAPI + required: false + schema: + type: string + - in: body + name: body + multiline: true + description: Generated by shuffler.io OpenAPI + required: false + example: |- + { + "as_auto_service_updates": true, + "as_delay_protection_updates": 0, + "as_enable_restart": false, + "as_pause_software_updates": false, + "as_postpone_reboot": false, + "as_reboot_delay": { + "frequency": "", + "interval": "" + }, + "as_reboot_message": "", + "as_scan_rootkits": false, + "as_service_process_protection": true, + "as_uninstall_password": "", + "deny_edit": false, + "eio_allow_run_threat_scan": true, + "eio_display_rtp_events": true, + "eio_limit_endpoint_agent_control": false, + "eio_show_threat_scan_shortcuts": false, + "eio_show_tray_icon": true, + "eio_show_windows_contextmenu": true, + "etag": "", + "expire_endpoints": 0, + "is_default": false, + "monitoring_options": { + "enabled": false + }, + "policy_name": "", + "rdp_settings": { + "action": "", + "allowed_failed_attempts": 0, + "exclude_private_networks": false, + "minutes_between_failed_attempts": 0, + "minutes_to_block": 0, + "protected_protocols": [ + { + "enabled": false, + "name": "RDP" + } + ] + }, + "rtp_behavior_protection": false, + "rtp_exploit_protection": false, + "rtp_malware_protection": false, + "rtp_web_protection": false, + "sam_allow_behavioral_monitoring": false, + "sam_allow_for_rollback_of_files": false, + "sam_isolation_message": "", + "sam_isolation_title": "", + "sam_lock_unlock_endpoint": false, + "sam_rollback_file_size": "", + "sam_rollback_file_size_server": "", + "sam_rollback_quota": 30, + "sam_rollback_timeframe": 0, + "so_detect_signature_less_anomalous_files": false, + "so_scan_contents_of_compressed_folders": false, + "so_scan_priority": "high", + "so_treat_potentially_unwanted_modifications_as_malware": false, + "so_treat_potentially_unwanted_programs_as_malware": false, + "win_action_center": "default" + } + schema: + type: string + - in: header + name: authorization + multiline: false + description: Header generated by shuffler.io OpenAPI + required: false + example: undefined + schema: + type: string + requestBody: + description: Generated by Shuffler.io + required: false + content: + example: + example: |- + { + "as_auto_service_updates": true, + "as_delay_protection_updates": 0, + "as_enable_restart": false, + "as_pause_software_updates": false, + "as_postpone_reboot": false, + "as_reboot_delay": { + "frequency": "", + "interval": "" + }, + "as_reboot_message": "", + "as_scan_rootkits": false, + "as_service_process_protection": true, + "as_uninstall_password": "", + "deny_edit": false, + "eio_allow_run_threat_scan": true, + "eio_display_rtp_events": true, + "eio_limit_endpoint_agent_control": false, + "eio_show_threat_scan_shortcuts": false, + "eio_show_tray_icon": true, + "eio_show_windows_contextmenu": true, + "etag": "", + "expire_endpoints": 0, + "is_default": false, + "monitoring_options": { + "enabled": false + }, + "policy_name": "", + "rdp_settings": { + "action": "", + "allowed_failed_attempts": 0, + "exclude_private_networks": false, + "minutes_between_failed_attempts": 0, + "minutes_to_block": 0, + "protected_protocols": [ + { + "enabled": false, + "name": "RDP" + } + ] + }, + "rtp_behavior_protection": false, + "rtp_exploit_protection": false, + "rtp_malware_protection": false, + "rtp_web_protection": false, + "sam_allow_behavioral_monitoring": false, + "sam_allow_for_rollback_of_files": false, + "sam_isolation_message": "", + "sam_isolation_title": "", + "sam_lock_unlock_endpoint": false, + "sam_rollback_file_size": "", + "sam_rollback_file_size_server": "", + "sam_rollback_quota": 30, + "sam_rollback_timeframe": 0, + "so_detect_signature_less_anomalous_files": false, + "so_scan_contents_of_compressed_folders": false, + "so_scan_priority": "high", + "so_treat_potentially_unwanted_modifications_as_malware": false, + "so_treat_potentially_unwanted_programs_as_malware": false, + "win_action_center": "default" + } + "/oneview/v1/policies/{id}/default": + put: + responses: + default: + description: default + content: + text/plain: + schema: + type: string + example: >- + { + "as_auto_service_updates": true, + "as_delay_protection_updates": 0, + "as_enable_restart": false, + "as_pause_software_updates": false, + "as_postpone_reboot": false, + "as_reboot_delay": { + "frequency": "", + "interval": 0 + }, + "as_reboot_message": "", + "as_scan_rootkits": false, + "as_service_process_protection": true, + "as_uninstall_password": "", + "created_at": "", + "deny_edit": false, + "eio_show_tray_icon": false, + "etag": "", + "exclusions": [ + { + "account_level": true, + "comment": "", + "created_at": "", + "created_by": "", + "created_by_fullname": "", + "enabled": false, + "etag": "", + "exclusion_id": "", + "exclusion_type": 1, + "exclusion_value": "", + "exploit_protection": false, + "malware_protection": false, + "ransomware_protection": false, + "suspicious_activity": false, + "updated_at": "", + "updated_by": "", + "updated_by_fullname": "", + "website_protection": false + } + ], + "expire_endpoints": 0, + "is_default": false, + "policy_id": "", + "policy_name": "", + "rdp_settings": { + "action": "", + "allowed_failed_attempts": 0, + "exclude_private_networks": false, + "minutes_between_failed_attempts": 0, + "minutes_to_block": 0, + "protected_protocols": [ + { + "enabled": false, + "name": "" + } + ] + }, + "rtp_behavior_protection": false, + "rtp_exploit_protection": false, + "rtp_malware_protection": false, + "rtp_web_protection": false, + "sam_allow_behavioral_monitoring": false, + "sam_allow_for_rollback_of_files": false, + "sam_isolation_message": "", + "sam_isolation_title": "", + "sam_lock_unlock_endpoint": false, + "sam_rollback_file_size": "", + "sam_rollback_file_size_server": "", + "sam_rollback_quota": 30, + "sam_rollback_timeframe": 0, + "so_detect_signature_less_anomalous_files": false, + "so_scan_contents_of_compressed_folders": false, + "so_scan_priority": "high", + "so_treat_potentially_unwanted_modifications_as_malware": false, + "so_treat_potentially_unwanted_programs_as_malware": false, + "update_at": "", + "win_action_center": "default" + } + summary: Set default + operationId: Set_default + description: Mark policy as default + parameters: + - in: path + name: id + description: Generated by shuffler.io OpenAPI + required: false + schema: + type: string + - in: body + name: body + multiline: true + description: Generated by shuffler.io OpenAPI + required: false + example: "" + schema: + type: string + - in: header + name: authorization + multiline: false + description: Header generated by shuffler.io OpenAPI + required: false + example: undefined + schema: + type: string + requestBody: + description: Generated by Shuffler.io + required: false + content: + example: + example: "" + "/oneview/v1/policies/{id}/promote": + put: + responses: + default: + description: default + content: + text/plain: + schema: + type: string + example: >- + { + "as_auto_service_updates": true, + "as_delay_protection_updates": 0, + "as_enable_restart": false, + "as_pause_software_updates": false, + "as_postpone_reboot": false, + "as_reboot_delay": { + "frequency": "", + "interval": 0 + }, + "as_reboot_message": "", + "as_scan_rootkits": false, + "as_service_process_protection": true, + "as_uninstall_password": "", + "created_at": "", + "deny_edit": false, + "eio_show_tray_icon": false, + "etag": "", + "exclusions": [ + { + "account_level": true, + "comment": "", + "created_at": "", + "created_by": "", + "created_by_fullname": "", + "enabled": false, + "etag": "", + "exclusion_id": "", + "exclusion_type": 1, + "exclusion_value": "", + "exploit_protection": false, + "malware_protection": false, + "ransomware_protection": false, + "suspicious_activity": false, + "updated_at": "", + "updated_by": "", + "updated_by_fullname": "", + "website_protection": false + } + ], + "expire_endpoints": 0, + "is_default": false, + "policy_id": "", + "policy_name": "", + "rdp_settings": { + "action": "", + "allowed_failed_attempts": 0, + "exclude_private_networks": false, + "minutes_between_failed_attempts": 0, + "minutes_to_block": 0, + "protected_protocols": [ + { + "enabled": false, + "name": "" + } + ] + }, + "rtp_behavior_protection": false, + "rtp_exploit_protection": false, + "rtp_malware_protection": false, + "rtp_web_protection": false, + "sam_allow_behavioral_monitoring": false, + "sam_allow_for_rollback_of_files": false, + "sam_isolation_message": "", + "sam_isolation_title": "", + "sam_lock_unlock_endpoint": false, + "sam_rollback_file_size": "", + "sam_rollback_file_size_server": "", + "sam_rollback_quota": 30, + "sam_rollback_timeframe": 0, + "so_detect_signature_less_anomalous_files": false, + "so_scan_contents_of_compressed_folders": false, + "so_scan_priority": "high", + "so_treat_potentially_unwanted_modifications_as_malware": false, + "so_treat_potentially_unwanted_programs_as_malware": false, + "update_at": "", + "win_action_center": "default" + } + summary: Assign to accounts + operationId: Assign_to_accounts + description: Assign policies to site accounts + parameters: + - in: path + name: id + description: Generated by shuffler.io OpenAPI + required: false + schema: + type: string + - in: body + name: body + multiline: true + description: Generated by shuffler.io OpenAPI + required: false + example: "{}" + schema: + type: string + - in: header + name: authorization + multiline: false + description: Header generated by shuffler.io OpenAPI + required: false + example: undefined + schema: + type: string + requestBody: + description: Generated by Shuffler.io + required: false + content: + example: + example: "{}" + "/oneview/v1/policies/{id}/secret": + get: + responses: + default: + description: default + content: + text/plain: + schema: + type: string + example: |- + { + "secret": "" + } + summary: Get policy tamper protection password + operationId: Get_policy_tamper_protection_password + description: Get policy tamper protection password + parameters: + - in: path + name: id + description: Generated by shuffler.io OpenAPI + required: true + schema: + type: string + - in: header + name: authorization + multiline: false + description: Header generated by shuffler.io OpenAPI + required: false + example: undefined + schema: + type: string + requestBody: + content: {} + post: + responses: + default: + description: default + content: + text/plain: + schema: + type: string + example: |- + { + "secret": "" + } + summary: Set policy tamper protection password + operationId: Set_policy_tamper_protection_password + description: Set policy tamper protection password + parameters: + - in: path + name: id + description: Generated by shuffler.io OpenAPI + required: true + schema: + type: string + - in: body + name: body + multiline: true + description: Generated by shuffler.io OpenAPI + required: false + example: |- + { + "name": "" + } + schema: + type: string + - in: header + name: authorization + multiline: false + description: Header generated by shuffler.io OpenAPI + required: false + example: undefined + schema: + type: string + requestBody: + description: Generated by Shuffler.io + required: false + content: + example: + example: |- + { + "name": "" + } + /oneview/v1/rid/rules: + post: + responses: + default: + description: default + content: + text/plain: + schema: + type: string + example: |- + { + "next_cursor": "", + "total_count": 0 + } + summary: Search RID rules + operationId: Search_RID_rules + description: Search RID rules + parameters: + - in: body + name: body + multiline: true + description: Generated by shuffler.io OpenAPI + required: false + example: >- + { + "account_name": "", + "account_name.keyword": "", + "attack_user": "", + "attack_user.keyword": "", + "create_time_after": "", + "create_time_before": "", + "deleted": false, + "destination_location.city": "", + "destination_location.city.keyword": "", + "destination_location.continent": "", + "destination_location.continent.keyword": "", + "destination_location.country": "", + "destination_location.country.keyword": "", + "destination_location.country_iso": "", + "destination_location.country_iso.keyword": "", + "destination_location.postal_code": "", + "destination_location.postal_code.keyword": "", + "destination_location.subdivisions": "", + "destination_location.subdivisions.keyword": "", + "destination_location.time_zone": "", + "destination_location.time_zone.keyword": "", + "domain_name": "", + "domain_name.keyword": "", + "engine_version": "", + "engine_version.keyword": "", + "expire_time_after": "", + "expire_time_before": "", + "fully_qualified_host_name": "", + "fully_qualified_host_name.keyword": "", + "group_id": "", + "group_id.keyword": "", + "group_name": "", + "group_name.keyword": "", + "host_name": "", + "host_name.keyword": "", + "id": "", + "id.keyword": "", + "ip": "", + "last_user": "", + "last_user.keyword": "", + "machine_id": "", + "machine_id.keyword": "", + "machine_ip": "", + "machine_name": "", + "machine_name.keyword": "", + "next_cursor": "", + "nics.description": "", + "nics.description.keyword": "", + "nics.mac_address": "", + "nics.mac_address.keyword": "", + "not.account_name": "", + "not.account_name.keyword": "", + "not.attack_user": "", + "not.attack_user.keyword": "", + "not.destination_location.city": "", + "not.destination_location.city.keyword": "", + "not.destination_location.continent": "", + "not.destination_location.continent.keyword": "", + "not.destination_location.country": "", + "not.destination_location.country.keyword": "", + "not.destination_location.country_iso": "", + "not.destination_location.country_iso.keyword": "", + "not.destination_location.postal_code": "", + "not.destination_location.postal_code.keyword": "", + "not.destination_location.subdivisions": "", + "not.destination_location.subdivisions.keyword": "", + "not.destination_location.time_zone": "", + "not.destination_location.time_zone.keyword": "", + "not.domain_name": "", + "not.domain_name.keyword": "", + "not.engine_version": "", + "not.engine_version.keyword": "", + "not.fully_qualified_host_name": "", + "not.fully_qualified_host_name.keyword": "", + "not.group_id": "", + "not.group_id.keyword": "", + "not.group_name": "", + "not.group_name.keyword": "", + "not.host_name": "", + "not.host_name.keyword": "", + "not.id": "", + "not.id.keyword": "", + "not.ip": "", + "not.last_user": "", + "not.last_user.keyword": "", + "not.machine_id": "", + "not.machine_id.keyword": "", + "not.machine_ip": "", + "not.machine_name": "", + "not.machine_name.keyword": "", + "not.nics.description": "", + "not.nics.description.keyword": "", + "not.nics.mac_address": "", + "not.nics.mac_address.keyword": "", + "not.origin_id": "", + "not.origin_id.keyword": "", + "not.os_info.os_architecture": "", + "not.os_info.os_architecture.keyword": "", + "not.os_info.os_platform": "", + "not.os_info.os_platform.keyword": "", + "not.os_info.os_release_name": "", + "not.os_info.os_release_name.keyword": "", + "not.os_info.os_type": "", + "not.os_info.os_type.keyword": "", + "not.os_info.os_version": "", + "not.os_info.os_version.keyword": "", + "not.parent_id": "", + "not.parent_id.keyword": "", + "not.plugins.asset_manager.plugin_version": "", + "not.plugins.asset_manager.plugin_version.keyword": "", + "not.plugins.asset_manager.reboot_reasons": "", + "not.plugins.asset_manager.reboot_reasons.keyword": "", + "not.plugins.endpoint_detection_and_response.plugin_version": "", + "not.plugins.endpoint_detection_and_response.plugin_version.keyword": "", + "not.plugins.endpoint_detection_and_response.reboot_reasons": "", + "not.plugins.endpoint_detection_and_response.reboot_reasons.keyword": "", + "not.plugins.endpoint_protection.component_package_version": "", + "not.plugins.endpoint_protection.component_package_version.keyword": "", + "not.plugins.endpoint_protection.plugin_version": "", + "not.plugins.endpoint_protection.plugin_version.keyword": "", + "not.plugins.endpoint_protection.reboot_reasons": "", + "not.plugins.endpoint_protection.reboot_reasons.keyword": "", + "not.plugins.endpoint_protection.sdk_version": "", + "not.plugins.endpoint_protection.sdk_version.keyword": "", + "not.plugins.endpoint_protection.update_package_version": "", + "not.plugins.endpoint_protection.update_package_version.keyword": "", + "not.plugins.incident_response.plugin_version": "", + "not.plugins.incident_response.plugin_version.keyword": "", + "not.plugins.incident_response.reboot_reasons": "", + "not.plugins.incident_response.reboot_reasons.keyword": "", + "not.plugins.siem.plugin_version": "", + "not.plugins.siem.plugin_version.keyword": "", + "not.plugins.siem.reboot_reasons": "", + "not.plugins.siem.reboot_reasons.keyword": "", + "not.policy_etag": "", + "not.policy_etag.keyword": "", + "not.policy_id": "", + "not.policy_id.keyword": "", + "not.policy_name": "", + "not.policy_name.keyword": "", + "not.protocol": "", + "not.protocol.keyword": "", + "not.root_group_id": "", + "not.root_group_id.keyword": "", + "not.rule_id": "", + "not.rule_id.keyword": "", + "not.source_location.city": "", + "not.source_location.city.keyword": "", + "not.source_location.continent": "", + "not.source_location.continent.keyword": "", + "not.source_location.country": "", + "not.source_location.country.keyword": "", + "not.source_location.country_iso": "", + "not.source_location.country_iso.keyword": "", + "not.source_location.postal_code": "", + "not.source_location.postal_code.keyword": "", + "not.source_location.subdivisions": "", + "not.source_location.subdivisions.keyword": "", + "not.source_location.time_zone": "", + "not.source_location.time_zone.keyword": "", + "origin_id": "", + "origin_id.keyword": "", + "os_info.os_architecture": "", + "os_info.os_architecture.keyword": "", + "os_info.os_platform": "", + "os_info.os_platform.keyword": "", + "os_info.os_release_name": "", + "os_info.os_release_name.keyword": "", + "os_info.os_type": "", + "os_info.os_type.keyword": "", + "os_info.os_version": "", + "os_info.os_version.keyword": "", + "page_size": 50, + "parent_id": "", + "parent_id.keyword": "", + "plugins.asset_manager.plugin_version": "", + "plugins.asset_manager.plugin_version.keyword": "", + "plugins.asset_manager.reboot_reasons": "", + "plugins.asset_manager.reboot_reasons.keyword": "", + "plugins.endpoint_detection_and_response.plugin_version": "", + "plugins.endpoint_detection_and_response.plugin_version.keyword": "", + "plugins.endpoint_detection_and_response.reboot_reasons": "", + "plugins.endpoint_detection_and_response.reboot_reasons.keyword": "", + "plugins.endpoint_protection.component_package_version": "", + "plugins.endpoint_protection.component_package_version.keyword": "", + "plugins.endpoint_protection.plugin_version": "", + "plugins.endpoint_protection.plugin_version.keyword": "", + "plugins.endpoint_protection.reboot_reasons": "", + "plugins.endpoint_protection.reboot_reasons.keyword": "", + "plugins.endpoint_protection.sdk_version": "", + "plugins.endpoint_protection.sdk_version.keyword": "", + "plugins.endpoint_protection.update_package_version": "", + "plugins.endpoint_protection.update_package_version.keyword": "", + "plugins.incident_response.plugin_version": "", + "plugins.incident_response.plugin_version.keyword": "", + "plugins.incident_response.reboot_reasons": "", + "plugins.incident_response.reboot_reasons.keyword": "", + "plugins.siem.plugin_version": "", + "plugins.siem.plugin_version.keyword": "", + "plugins.siem.reboot_reasons": "", + "plugins.siem.reboot_reasons.keyword": "", + "policy_etag": "", + "policy_etag.keyword": "", + "policy_id": "", + "policy_id.keyword": "", + "policy_name": "", + "policy_name.keyword": "", + "protocol": "", + "protocol.keyword": "", + "root_group_id": "", + "root_group_id.keyword": "", + "rule_id": "", + "rule_id.keyword": "", + "sort_field": "id", + "sort_order": "asc", + "source_location.city": "", + "source_location.city.keyword": "", + "source_location.continent": "", + "source_location.continent.keyword": "", + "source_location.country": "", + "source_location.country.keyword": "", + "source_location.country_iso": "", + "source_location.country_iso.keyword": "", + "source_location.postal_code": "", + "source_location.postal_code.keyword": "", + "source_location.subdivisions": "", + "source_location.subdivisions.keyword": "", + "source_location.time_zone": "", + "source_location.time_zone.keyword": "" + } + schema: + type: string + - in: header + name: authorization + multiline: false + description: Header generated by shuffler.io OpenAPI + required: false + example: undefined + schema: + type: string + requestBody: + description: Generated by Shuffler.io + required: false + content: + example: + example: >- + { + "account_name": "", + "account_name.keyword": "", + "attack_user": "", + "attack_user.keyword": "", + "create_time_after": "", + "create_time_before": "", + "deleted": false, + "destination_location.city": "", + "destination_location.city.keyword": "", + "destination_location.continent": "", + "destination_location.continent.keyword": "", + "destination_location.country": "", + "destination_location.country.keyword": "", + "destination_location.country_iso": "", + "destination_location.country_iso.keyword": "", + "destination_location.postal_code": "", + "destination_location.postal_code.keyword": "", + "destination_location.subdivisions": "", + "destination_location.subdivisions.keyword": "", + "destination_location.time_zone": "", + "destination_location.time_zone.keyword": "", + "domain_name": "", + "domain_name.keyword": "", + "engine_version": "", + "engine_version.keyword": "", + "expire_time_after": "", + "expire_time_before": "", + "fully_qualified_host_name": "", + "fully_qualified_host_name.keyword": "", + "group_id": "", + "group_id.keyword": "", + "group_name": "", + "group_name.keyword": "", + "host_name": "", + "host_name.keyword": "", + "id": "", + "id.keyword": "", + "ip": "", + "last_user": "", + "last_user.keyword": "", + "machine_id": "", + "machine_id.keyword": "", + "machine_ip": "", + "machine_name": "", + "machine_name.keyword": "", + "next_cursor": "", + "nics.description": "", + "nics.description.keyword": "", + "nics.mac_address": "", + "nics.mac_address.keyword": "", + "not.account_name": "", + "not.account_name.keyword": "", + "not.attack_user": "", + "not.attack_user.keyword": "", + "not.destination_location.city": "", + "not.destination_location.city.keyword": "", + "not.destination_location.continent": "", + "not.destination_location.continent.keyword": "", + "not.destination_location.country": "", + "not.destination_location.country.keyword": "", + "not.destination_location.country_iso": "", + "not.destination_location.country_iso.keyword": "", + "not.destination_location.postal_code": "", + "not.destination_location.postal_code.keyword": "", + "not.destination_location.subdivisions": "", + "not.destination_location.subdivisions.keyword": "", + "not.destination_location.time_zone": "", + "not.destination_location.time_zone.keyword": "", + "not.domain_name": "", + "not.domain_name.keyword": "", + "not.engine_version": "", + "not.engine_version.keyword": "", + "not.fully_qualified_host_name": "", + "not.fully_qualified_host_name.keyword": "", + "not.group_id": "", + "not.group_id.keyword": "", + "not.group_name": "", + "not.group_name.keyword": "", + "not.host_name": "", + "not.host_name.keyword": "", + "not.id": "", + "not.id.keyword": "", + "not.ip": "", + "not.last_user": "", + "not.last_user.keyword": "", + "not.machine_id": "", + "not.machine_id.keyword": "", + "not.machine_ip": "", + "not.machine_name": "", + "not.machine_name.keyword": "", + "not.nics.description": "", + "not.nics.description.keyword": "", + "not.nics.mac_address": "", + "not.nics.mac_address.keyword": "", + "not.origin_id": "", + "not.origin_id.keyword": "", + "not.os_info.os_architecture": "", + "not.os_info.os_architecture.keyword": "", + "not.os_info.os_platform": "", + "not.os_info.os_platform.keyword": "", + "not.os_info.os_release_name": "", + "not.os_info.os_release_name.keyword": "", + "not.os_info.os_type": "", + "not.os_info.os_type.keyword": "", + "not.os_info.os_version": "", + "not.os_info.os_version.keyword": "", + "not.parent_id": "", + "not.parent_id.keyword": "", + "not.plugins.asset_manager.plugin_version": "", + "not.plugins.asset_manager.plugin_version.keyword": "", + "not.plugins.asset_manager.reboot_reasons": "", + "not.plugins.asset_manager.reboot_reasons.keyword": "", + "not.plugins.endpoint_detection_and_response.plugin_version": "", + "not.plugins.endpoint_detection_and_response.plugin_version.keyword": "", + "not.plugins.endpoint_detection_and_response.reboot_reasons": "", + "not.plugins.endpoint_detection_and_response.reboot_reasons.keyword": "", + "not.plugins.endpoint_protection.component_package_version": "", + "not.plugins.endpoint_protection.component_package_version.keyword": "", + "not.plugins.endpoint_protection.plugin_version": "", + "not.plugins.endpoint_protection.plugin_version.keyword": "", + "not.plugins.endpoint_protection.reboot_reasons": "", + "not.plugins.endpoint_protection.reboot_reasons.keyword": "", + "not.plugins.endpoint_protection.sdk_version": "", + "not.plugins.endpoint_protection.sdk_version.keyword": "", + "not.plugins.endpoint_protection.update_package_version": "", + "not.plugins.endpoint_protection.update_package_version.keyword": "", + "not.plugins.incident_response.plugin_version": "", + "not.plugins.incident_response.plugin_version.keyword": "", + "not.plugins.incident_response.reboot_reasons": "", + "not.plugins.incident_response.reboot_reasons.keyword": "", + "not.plugins.siem.plugin_version": "", + "not.plugins.siem.plugin_version.keyword": "", + "not.plugins.siem.reboot_reasons": "", + "not.plugins.siem.reboot_reasons.keyword": "", + "not.policy_etag": "", + "not.policy_etag.keyword": "", + "not.policy_id": "", + "not.policy_id.keyword": "", + "not.policy_name": "", + "not.policy_name.keyword": "", + "not.protocol": "", + "not.protocol.keyword": "", + "not.root_group_id": "", + "not.root_group_id.keyword": "", + "not.rule_id": "", + "not.rule_id.keyword": "", + "not.source_location.city": "", + "not.source_location.city.keyword": "", + "not.source_location.continent": "", + "not.source_location.continent.keyword": "", + "not.source_location.country": "", + "not.source_location.country.keyword": "", + "not.source_location.country_iso": "", + "not.source_location.country_iso.keyword": "", + "not.source_location.postal_code": "", + "not.source_location.postal_code.keyword": "", + "not.source_location.subdivisions": "", + "not.source_location.subdivisions.keyword": "", + "not.source_location.time_zone": "", + "not.source_location.time_zone.keyword": "", + "origin_id": "", + "origin_id.keyword": "", + "os_info.os_architecture": "", + "os_info.os_architecture.keyword": "", + "os_info.os_platform": "", + "os_info.os_platform.keyword": "", + "os_info.os_release_name": "", + "os_info.os_release_name.keyword": "", + "os_info.os_type": "", + "os_info.os_type.keyword": "", + "os_info.os_version": "", + "os_info.os_version.keyword": "", + "page_size": 50, + "parent_id": "", + "parent_id.keyword": "", + "plugins.asset_manager.plugin_version": "", + "plugins.asset_manager.plugin_version.keyword": "", + "plugins.asset_manager.reboot_reasons": "", + "plugins.asset_manager.reboot_reasons.keyword": "", + "plugins.endpoint_detection_and_response.plugin_version": "", + "plugins.endpoint_detection_and_response.plugin_version.keyword": "", + "plugins.endpoint_detection_and_response.reboot_reasons": "", + "plugins.endpoint_detection_and_response.reboot_reasons.keyword": "", + "plugins.endpoint_protection.component_package_version": "", + "plugins.endpoint_protection.component_package_version.keyword": "", + "plugins.endpoint_protection.plugin_version": "", + "plugins.endpoint_protection.plugin_version.keyword": "", + "plugins.endpoint_protection.reboot_reasons": "", + "plugins.endpoint_protection.reboot_reasons.keyword": "", + "plugins.endpoint_protection.sdk_version": "", + "plugins.endpoint_protection.sdk_version.keyword": "", + "plugins.endpoint_protection.update_package_version": "", + "plugins.endpoint_protection.update_package_version.keyword": "", + "plugins.incident_response.plugin_version": "", + "plugins.incident_response.plugin_version.keyword": "", + "plugins.incident_response.reboot_reasons": "", + "plugins.incident_response.reboot_reasons.keyword": "", + "plugins.siem.plugin_version": "", + "plugins.siem.plugin_version.keyword": "", + "plugins.siem.reboot_reasons": "", + "plugins.siem.reboot_reasons.keyword": "", + "policy_etag": "", + "policy_etag.keyword": "", + "policy_id": "", + "policy_id.keyword": "", + "policy_name": "", + "policy_name.keyword": "", + "protocol": "", + "protocol.keyword": "", + "root_group_id": "", + "root_group_id.keyword": "", + "rule_id": "", + "rule_id.keyword": "", + "sort_field": "id", + "sort_order": "asc", + "source_location.city": "", + "source_location.city.keyword": "", + "source_location.continent": "", + "source_location.continent.keyword": "", + "source_location.country": "", + "source_location.country.keyword": "", + "source_location.country_iso": "", + "source_location.country_iso.keyword": "", + "source_location.postal_code": "", + "source_location.postal_code.keyword": "", + "source_location.subdivisions": "", + "source_location.subdivisions.keyword": "", + "source_location.time_zone": "", + "source_location.time_zone.keyword": "" + } + /oneview/v1/rid/rules/export: + post: + responses: + default: + description: default + content: + text/plain: + schema: + type: string + example: "" + summary: Export RID rules + operationId: Export_RID_rules + description: Export RID rules + parameters: + - in: body + name: body + multiline: true + description: Generated by shuffler.io OpenAPI + required: false + example: |- + { + "download": false, + "format": "csv", + "select": [ + { + "field": "", + "newField": "" + } + ], + "type": "string" + } + schema: + type: string + - in: header + name: authorization + multiline: false + description: Header generated by shuffler.io OpenAPI + required: false + example: undefined + schema: + type: string + requestBody: + description: Generated by Shuffler.io + required: false + content: + example: + example: |- + { + "download": false, + "format": "csv", + "select": [ + { + "field": "", + "newField": "" + } + ], + "type": "string" + } + /oneview/v1/rid/rules/search-groupby: + post: + responses: + default: + description: default + content: + text/plain: + schema: + type: string + example: |- + { + "next_cursor": "", + "results": [ + { + "account_name": "", + "fully_qualified_host_name": "", + "host_name": "", + "total": 0, + "value": "" + } + ] + } + summary: Search grouped RID + operationId: Search_grouped_RID + description: Search grouped RID + parameters: + - in: body + name: body + multiline: true + description: Generated by shuffler.io OpenAPI + required: false + example: |- + { + "group_by": "origin_id" + } + schema: + type: string + - in: header + name: authorization + multiline: false + description: Header generated by shuffler.io OpenAPI + required: false + example: undefined + schema: + type: string + requestBody: + description: Generated by Shuffler.io + required: false + content: + example: + example: |- + { + "group_by": "origin_id" + } + /oneview/v1/sites: + get: + responses: + default: + description: default + content: + text/plain: + schema: + type: string + example: |- + { + "sites": [ + { + "account_id": "", + "account_owner": [ + { + "email": "", + "firstname": "", + "id": "", + "lastname": "", + "roles": [] + } + ], + "account_status": "", + "cloud_evaluation": "", + "company_name": "", + "email": "", + "firstname": "", + "id": "", + "lastname": "", + "site_end_date": "" + } + ] + } + summary: Get all site + operationId: Get_all_site + description: Get a list of all your managed site + parameters: + - in: query + name: id + description: Generated by shuffler.io OpenAPI + required: false + schema: + type: string + - in: query + name: company_name + description: Generated by shuffler.io OpenAPI + required: false + schema: + type: string + - in: header + name: authorization + multiline: false + description: Header generated by shuffler.io OpenAPI + required: false + example: undefined + schema: + type: string + requestBody: + content: {} + post: + responses: + default: + description: default + content: + text/plain: + schema: + type: string + example: |- + { + "company_name": "", + "email": "", + "firstname": "", + "id": "", + "lastname": "", + "site_end_date": "" + } + summary: Create new site + operationId: Create_new_site + description: Create a new OneView site + parameters: + - in: body + name: body + multiline: true + description: Generated by shuffler.io OpenAPI + required: false + example: |- + { + "company_name": "", + "email": "", + "firstname": "", + "lastname": "", + "site_end_date": "" + } + schema: + type: string + - in: header + name: authorization + multiline: false + description: Header generated by shuffler.io OpenAPI + required: false + example: undefined + schema: + type: string + requestBody: + description: Generated by Shuffler.io + required: false + content: + example: + example: |- + { + "company_name": "", + "email": "", + "firstname": "", + "lastname": "", + "site_end_date": "" + } + "/oneview/v1/sites/nebula-accounts/{id}": + get: + responses: + default: + description: default + content: + text/plain: + schema: + type: string + example: |- + { + "account_id": "", + "account_owner": [ + { + "email": "", + "firstname": "", + "id": "", + "lastname": "", + "roles": [] + } + ], + "account_status": "", + "cloud_evaluation": "", + "company_name": "", + "email": "", + "firstname": "", + "id": "", + "lastname": "", + "site_end_date": "" + } + summary: Get site by nebula account ID + operationId: Get_site_by_nebula_account_ID + description: Get one site by the unique field nebula account_id + parameters: + - in: path + name: id + description: Generated by shuffler.io OpenAPI + required: true + schema: + type: string + - in: header + name: authorization + multiline: false + description: Header generated by shuffler.io OpenAPI + required: false + example: undefined + schema: + type: string + requestBody: + content: {} + "/oneview/v1/sites/{id}": + delete: + responses: + default: + description: default + content: + text/plain: + schema: + type: string + example: |- + { + "deleted": "", + "id": "" + } + summary: Delete site + operationId: Delete_site + description: Delete a OneView site + parameters: + - in: path + name: id + description: Generated by shuffler.io OpenAPI + required: true + schema: + type: string + - in: body + name: body + multiline: true + description: Generated by shuffler.io OpenAPI + required: false + example: "" + schema: + type: string + - in: header + name: authorization + multiline: false + description: Header generated by shuffler.io OpenAPI + required: false + example: undefined + schema: + type: string + requestBody: + description: Generated by Shuffler.io + required: false + content: + example: + example: "" + get: + responses: + default: + description: default + content: + text/plain: + schema: + type: string + example: |- + { + "account_id": "", + "account_owner": [ + { + "email": "", + "firstname": "", + "id": "", + "lastname": "", + "roles": [] + } + ], + "account_status": "", + "cloud_evaluation": "", + "company_name": "", + "email": "", + "firstname": "", + "id": "", + "lastname": "", + "site_end_date": "" + } + summary: Get site by ID + operationId: Get_site_by_ID + description: Get one site by its unique identifier + parameters: + - in: path + name: id + description: Generated by shuffler.io OpenAPI + required: true + schema: + type: string + - in: header + name: authorization + multiline: false + description: Header generated by shuffler.io OpenAPI + required: false + example: undefined + schema: + type: string + requestBody: + content: {} + put: + responses: + default: + description: default + content: + text/plain: + schema: + type: string + example: |- + { + "company_name": "", + "email": "", + "firstname": "", + "id": "", + "lastname": "", + "site_end_date": "" + } + summary: Update site + operationId: Update_site + description: Update a OneView site + parameters: + - in: path + name: id + description: Generated by shuffler.io OpenAPI + required: true + schema: + type: string + - in: body + name: body + multiline: true + description: Generated by shuffler.io OpenAPI + required: false + example: |- + { + "company_name": "", + "email": "", + "firstname": "", + "lastname": "", + "site_end_date": "" + } + schema: + type: string + - in: header + name: authorization + multiline: false + description: Header generated by shuffler.io OpenAPI + required: false + example: undefined + schema: + type: string + requestBody: + description: Generated by Shuffler.io + required: false + content: + example: + example: |- + { + "company_name": "", + "email": "", + "firstname": "", + "lastname": "", + "site_end_date": "" + } + "/oneview/v1/sites/{id}/subscriptions": + delete: + responses: + default: + description: default + content: + text/plain: + schema: + type: string + example: |- + { + "deleted": "", + "id": "" + } + summary: Delete a subscription + operationId: Delete_a_subscription + description: Delete your site subscriptions. This will mark the subscription as + expired + parameters: + - in: path + name: id + description: Generated by shuffler.io OpenAPI + required: true + schema: + type: string + - in: body + name: body + multiline: true + description: Generated by shuffler.io OpenAPI + required: false + example: "" + schema: + type: string + - in: header + name: authorization + multiline: false + description: Header generated by shuffler.io OpenAPI + required: false + example: undefined + schema: + type: string + requestBody: + description: Generated by Shuffler.io + required: false + content: + example: + example: "" + get: + responses: + default: + description: default + content: + text/plain: + schema: + type: string + example: |- + { + "billing_date": 0, + "catalog_code": "", + "catalog_name": "", + "original_start_date": "", + "reset_count": "", + "status": "", + "term_ends_on": "", + "term_length": 0, + "term_type": "utility", + "version": "", + "volume_purchased": 0, + "volume_used": 0 + } + summary: Get subscription + operationId: Get_subscription + description: Get subscription data by site id. + parameters: + - in: path + name: id + description: Generated by shuffler.io OpenAPI + required: true + schema: + type: string + - in: header + name: authorization + multiline: false + description: Header generated by shuffler.io OpenAPI + required: false + example: undefined + schema: + type: string + requestBody: + content: {} + post: + responses: + default: + description: default + content: + text/plain: + schema: + type: string + example: |- + { + "billing_date": 0, + "catalog_code": "", + "catalog_name": "", + "original_start_date": "", + "reset_count": "", + "status": "", + "term_ends_on": "", + "term_length": 0, + "term_type": "utility", + "version": "", + "volume_purchased": 0, + "volume_used": 0 + } + summary: Create subscription + operationId: Create_subscription + description: > + Use this endpoint to create a subscription for one of your manages site. + After creating one subscription, your customer's data will be populated + with an `account_id` field that you can use for security's management + apis, like detections, endpoints and jobs. + + + ## Available catalog codes + + + | Catalog Code | Description | + + | ---------------- | ------------------------------------------- | + + | BUS-CLOUD-IR-01 | ThreatDown Incident Response | + + | BUS-CLOUD-EPP-01 | ThreatDown Endpoint Protection | + + | BUS-CLOUD-EPR-01 | ThreatDown Endpoint Protection And Response | + parameters: + - in: path + name: id + description: Generated by shuffler.io OpenAPI + required: true + schema: + type: string + - in: body + name: body + multiline: true + description: Generated by shuffler.io OpenAPI + required: false + example: |- + { + "billing_date": 0, + "billing_duration": "monthly", + "catalog_code": "BUS-CLOUD-EPP-01", + "term_length": 0, + "term_type": "utility", + "volume_purchased": 0 + } + schema: + type: string + - in: header + name: authorization + multiline: false + description: Header generated by shuffler.io OpenAPI + required: false + example: undefined + schema: + type: string + requestBody: + description: Generated by Shuffler.io + required: false + content: + example: + example: |- + { + "billing_date": 0, + "billing_duration": "monthly", + "catalog_code": "BUS-CLOUD-EPP-01", + "term_length": 0, + "term_type": "utility", + "volume_purchased": 0 + } + put: + responses: + default: + description: default + content: + text/plain: + schema: + type: string + example: |- + { + "billing_date": 0, + "catalog_code": "", + "catalog_name": "", + "original_start_date": "", + "reset_count": "", + "status": "", + "term_ends_on": "", + "term_length": 0, + "term_type": "utility", + "version": "", + "volume_purchased": 0, + "volume_used": 0 + } + summary: Update a subscription + operationId: Update_a_subscription + description: Use this endpoint to upgrade/downgrade or change term types or seats + parameters: + - in: path + name: id + description: Generated by shuffler.io OpenAPI + required: true + schema: + type: string + - in: body + name: body + multiline: true + description: Generated by shuffler.io OpenAPI + required: false + example: |- + { + "billing_date": 0, + "billing_duration": "monthly", + "catalog_code": "BUS-CLOUD-EPP-01", + "term_length": 0, + "term_type": "utility", + "volume_purchased": 0 + } + schema: + type: string + - in: header + name: authorization + multiline: false + description: Header generated by shuffler.io OpenAPI + required: false + example: undefined + schema: + type: string + requestBody: + description: Generated by Shuffler.io + required: false + content: + example: + example: |- + { + "billing_date": 0, + "billing_duration": "monthly", + "catalog_code": "BUS-CLOUD-EPP-01", + "term_length": 0, + "term_type": "utility", + "volume_purchased": 0 + } + "/oneview/v1/sites/{id}/subscriptions/all": + get: + responses: + default: + description: default + content: + text/plain: + schema: + type: string + example: |- + { + "entitlements": [ + { + "billing_date": 0, + "catalog_code": "BUS-CLOUD-EPP-01", + "catalog_name": "", + "original_start_date": "", + "reset_count": "", + "status": "", + "term_ends_on": "", + "term_length": 0, + "term_type": "utility", + "volume_purchased": 0, + "volume_used": 0 + } + ], + "version": "" + } + summary: Get all subscriptions + operationId: Get_all_subscriptions + description: Get all subscriptions data by site id. + parameters: + - in: path + name: id + description: Generated by shuffler.io OpenAPI + required: true + schema: + type: string + - in: header + name: authorization + multiline: false + description: Header generated by shuffler.io OpenAPI + required: false + example: undefined + schema: + type: string + requestBody: + content: {} + /oneview/v1/subscriptions: + get: + responses: + default: + description: default + content: + text/plain: + schema: + type: string + example: |- + { + "entitlements": [ + { + "billing_date": 0, + "catalog_code": "", + "catalog_name": "", + "original_start_date": "", + "reset_count": "", + "status": "", + "term_ends_on": "", + "term_length": 0, + "term_type": "utility", + "version": "", + "volume_purchased": 0, + "volume_used": 0 + } + ] + } + summary: Get entitlements + operationId: Get_entitlements + description: Get all entitlements + parameters: + - in: header + name: authorization + multiline: false + description: Header generated by shuffler.io OpenAPI + required: false + example: undefined + schema: + type: string + requestBody: + content: {} + /oneview/v1/subscriptions/quantity: + get: + responses: + default: + description: default + content: + text/plain: + schema: + type: string + example: |- + { + "entitlements": [ + { + "catalog_code": "", + "catalog_name": "", + "code": "", + "name": "", + "volume_allocated": 0, + "volume_available": 0, + "volume_purchased": 0, + "volume_used": 0 + } + ], + "seats_data": {}, + "timestamp": "" + } + summary: Get usage + operationId: Get_usage + description: Get infos about the usage of sites + parameters: + - in: header + name: authorization + multiline: false + description: Header generated by shuffler.io OpenAPI + required: false + example: undefined + schema: + type: string + requestBody: + content: {} + /oneview/v1/subscriptions/report: + get: + responses: + default: + description: default + content: + text/plain: + schema: + type: string + example: |- + { + "timestamp": "" + } + summary: Get report about your customer subscriptions + operationId: Get_report_about_your_customer_subscriptions + description: Get information about your customer subscriptions + parameters: + - in: header + name: authorization + multiline: false + description: Header generated by shuffler.io OpenAPI + required: false + example: undefined + schema: + type: string + requestBody: + content: {} + /oneview/v1/usage/histogram: + post: + responses: + default: + description: default + content: + text/plain: + schema: + type: string + example: |- + { + "BUS-CLOUD-EDR-SER-01": { + "entitlement_id": "", + "usage": 0 + }, + "BUS-CLOUD-EPP-01": { + "entitlement_id": "", + "usage": 0 + }, + "BUS-CLOUD-EPP-SER-01": { + "entitlement_id": "", + "usage": 0 + }, + "BUS-CLOUD-EPR-01": { + "entitlement_id": "", + "usage": 0 + }, + "BUS-CLOUD-IR-01": { + "entitlement_id": "", + "usage": 0 + } + } + summary: Search usage histogram + operationId: Search_usage_histogram + description: Search usage histogram + parameters: + - in: body + name: body + multiline: true + description: Generated by shuffler.io OpenAPI + required: false + example: "{}" + schema: + type: string + - in: header + name: authorization + multiline: false + description: Header generated by shuffler.io OpenAPI + required: false + example: undefined + schema: + type: string + requestBody: + description: Generated by Shuffler.io + required: false + content: + example: + example: "{}" + /oneview/v1/usage/logs: + post: + responses: + default: + description: default + content: + text/plain: + schema: + type: string + example: |- + { + "results": [ + { + "account_id": "", + "billable_catalog_code": "", + "billable_combo_code": "", + "billable_entitlement_id": "", + "billable_term_type": "", + "catalog_code": "", + "combo_code": "", + "created_at": "", + "endpoint_name": "", + "entitlement_id": "", + "group_id": "", + "id": 0, + "license_term_type": "", + "machine_id": "", + "os_platform": 0, + "os_type": 0, + "parent_account_id": "", + "policy_id": "", + "policy_name": "", + "product_code": "", + "site_name": "" + } + ] + } + summary: Search logs of usage + operationId: Search_logs_of_usage + description: Search logs of usage + parameters: + - in: body + name: body + multiline: true + description: Generated by shuffler.io OpenAPI + required: false + example: |- + { + "end_date": "", + "next_cursor": 0, + "page_size": 0, + "populate": { + "deleted_status": false + }, + "start_date": "" + } + schema: + type: string + - in: header + name: authorization + multiline: false + description: Header generated by shuffler.io OpenAPI + required: false + example: undefined + schema: + type: string + requestBody: + description: Generated by Shuffler.io + required: false + content: + example: + example: |- + { + "end_date": "", + "next_cursor": 0, + "page_size": 0, + "populate": { + "deleted_status": false + }, + "start_date": "" + } + /oneview/v1/usage/logs/summary: + post: + responses: + default: + description: default + content: + text/plain: + schema: + type: string + example: "" + summary: Search summary of usage + operationId: Search_summary_of_usage + description: Search summary of usage + parameters: + - in: body + name: body + multiline: true + description: Generated by shuffler.io OpenAPI + required: false + example: |- + { + "end_date": "", + "start_date": "" + } + schema: + type: string + - in: header + name: authorization + multiline: false + description: Header generated by shuffler.io OpenAPI + required: false + example: undefined + schema: + type: string + requestBody: + description: Generated by Shuffler.io + required: false + content: + example: + example: |- + { + "end_date": "", + "start_date": "" + } + /oneview/v1/usage/logs/summary/export: + post: + responses: + default: + description: default + content: + text/plain: + schema: + type: string + example: "" + summary: Export usage data + operationId: Export_usage_data + description: Export usage data + parameters: + - in: body + name: body + multiline: true + description: Generated by shuffler.io OpenAPI + required: false + example: |- + { + "download": false, + "end_date": "", + "format": "csv", + "select": [ + { + "field": "site", + "newField": "" + } + ], + "start_date": "", + "type": "string" + } + schema: + type: string + - in: header + name: authorization + multiline: false + description: Header generated by shuffler.io OpenAPI + required: false + example: undefined + schema: + type: string + requestBody: + description: Generated by Shuffler.io + required: false + content: + example: + example: |- + { + "download": false, + "end_date": "", + "format": "csv", + "select": [ + { + "field": "site", + "newField": "" + } + ], + "start_date": "", + "type": "string" + } + /oneview/v1/usage/two-tier/logs/summary/export: + post: + responses: + default: + description: default + content: + text/plain: + schema: + type: string + example: "" + summary: Two tier usage summary export + operationId: Two_tier_usage_summary_export + description: Two tier usage summary export + parameters: + - in: body + name: body + multiline: true + description: Generated by shuffler.io OpenAPI + required: false + example: |- + { + "details": [ + { + "account_status": "", + "license_key": "", + "license_type": "", + "msp_account_id": "", + "msp_company_name": "", + "nebula_account_id": "", + "site_count": 0, + "test_account": false, + "user_count": 0, + "users": [ + { + "user_email": "", + "user_firstname": "", + "user_id": "", + "user_lastname": "", + "user_status": "" + } + ] + } + ], + "download": false, + "end_date": "", + "format": "csv", + "select": [ + { + "field": "account_name", + "newField": "" + } + ], + "start_date": "", + "type": "string" + } + schema: + type: string + - in: header + name: authorization + multiline: false + description: Header generated by shuffler.io OpenAPI + required: false + example: undefined + schema: + type: string + requestBody: + description: Generated by Shuffler.io + required: false + content: + example: + example: |- + { + "details": [ + { + "account_status": "", + "license_key": "", + "license_type": "", + "msp_account_id": "", + "msp_company_name": "", + "nebula_account_id": "", + "site_count": 0, + "test_account": false, + "user_count": 0, + "users": [ + { + "user_email": "", + "user_firstname": "", + "user_id": "", + "user_lastname": "", + "user_status": "" + } + ] + } + ], + "download": false, + "end_date": "", + "format": "csv", + "select": [ + { + "field": "account_name", + "newField": "" + } + ], + "start_date": "", + "type": "string" + } + /oneview/v1/users: + get: + responses: + default: + description: default + content: + text/plain: + schema: + type: string + example: |- + { + "next_cursor": "", + "total_count": 0, + "users": [ + { + "email": "", + "firstname": "", + "id": "", + "lastname": "", + "phone": "" + } + ] + } + summary: Get all users + operationId: Get_all_users + description: Get all users + parameters: + - in: query + name: next_cursor + description: The pagination cursor for next set of results. For further + documentation, check Pagination section. + required: false + schema: + type: string + - in: query + name: page_size + description: The size of the page + required: false + schema: + type: string + - in: header + name: authorization + multiline: false + description: Header generated by shuffler.io OpenAPI + required: false + example: undefined + schema: + type: string + requestBody: + content: {} + post: + responses: + default: + description: default + content: + text/plain: + schema: + type: string + example: |- + { + "email": "", + "firstname": "", + "id": "", + "lastname": "", + "phone": "" + } + summary: Create new user + operationId: Create_new_user + description: create a new OneView User + parameters: + - in: body + name: body + multiline: true + description: Generated by shuffler.io OpenAPI + required: false + example: |- + { + "email": "", + "firstname": "", + "lastname": "", + "phone": "" + } + schema: + type: string + - in: header + name: authorization + multiline: false + description: Header generated by shuffler.io OpenAPI + required: false + example: undefined + schema: + type: string + requestBody: + description: Generated by Shuffler.io + required: false + content: + example: + example: |- + { + "email": "", + "firstname": "", + "lastname": "", + "phone": "" + } + "/oneview/v1/users/{id}": + delete: + responses: + default: + description: default + content: + text/plain: + schema: + type: string + example: |- + { + "deleted": "", + "id": "" + } + summary: Delete user + operationId: Delete_user + description: Delete one user by its id + parameters: + - in: path + name: id + description: Generated by shuffler.io OpenAPI + required: true + schema: + type: string + - in: body + name: body + multiline: true + description: Generated by shuffler.io OpenAPI + required: false + example: "" + schema: + type: string + - in: header + name: authorization + multiline: false + description: Header generated by shuffler.io OpenAPI + required: false + example: undefined + schema: + type: string + requestBody: + description: Generated by Shuffler.io + required: false + content: + example: + example: "" + put: + responses: + default: + description: default + content: + text/plain: + schema: + type: string + example: |- + { + "email": "", + "firstname": "", + "id": "", + "lastname": "", + "phone": "" + } + summary: Update user + operationId: Update_user + description: Update data about a user + parameters: + - in: path + name: id + description: Generated by shuffler.io OpenAPI + required: true + schema: + type: string + - in: body + name: body + multiline: true + description: Generated by shuffler.io OpenAPI + required: false + example: |- + { + "email": "", + "firstname": "", + "lastname": "", + "phone": "" + } + schema: + type: string + - in: header + name: authorization + multiline: false + description: Header generated by shuffler.io OpenAPI + required: false + example: undefined + schema: + type: string + requestBody: + description: Generated by Shuffler.io + required: false + content: + example: + example: |- + { + "email": "", + "firstname": "", + "lastname": "", + "phone": "" + } + /oneview/v2/sites/subscriptions/availability: + get: + responses: + default: + description: default + content: + text/plain: + schema: + type: string + example: |- + { + "add_ons": [ + { + "is_paid_only": false, + "is_trial_only": false, + "max_allocation": 0, + "product": "" + } + ], + "is_nfr_allowed": false, + "products": [ + { + "is_paid_only": false, + "is_server_allowed": false, + "is_trial_only": false, + "is_workstation_allowed": false, + "max_server_allocation": 0, + "max_workstation_allocation": 0, + "product": "" + } + ] + } + summary: v2 la carte Get account available subscriptions + operationId: v2___la_carte_Get_account_available_subscriptions + description: > + Use this endpoint to retrieve the available subscriptions for a given + MSP account + + + ## Field descriptions + + ### products + + | Field name | Data type or example | Description | + + |----------------------------|----------------------------|---------------------------------------------------------------------------------------------------------------------------| + + | product | `ir`, `ep`, `edr` or `mob` | Contains a list of product objects that an MSP is allowed to create or add to each site | + + | max_workstation_allocation | Integer | This indicates the number of maximum workstation allocation (`ir`, `ep`, `edr` or `mob`) allowed for the specific product | + + | max_server_allocation | Integer | This indicates the number of maximum server allocation allowed (`eps` or `edrs`) for the specific product | + + | is_workstation_allowed | Boolean | This indicated if a user may use `ws` as a `machine_type` when creating a subscription | + + | is_server_allowed | Boolean | This indicated if a user may use `ws-ser` as a `machine_type` when creating a subscription | + + | is_trial_only | Boolean | This indicated if a user may use `trial` only as a `term_type` when creating a subscription | + + | is_paid_only | Boolean | This indicated if a user may use `paid` only as a `term_type` when creating a subscription | + + + + ### add_ons + + Contains a list of add-on objects that an MSP is able to add to their site subscriptions + + * add-ons require an active product subscription to be added to a site + + + | Field name | Data type or example | Description | + + |-----------------|-----------------------------------------------|----------------------------------------------------------------------------------------| + + | product | `BUS-MBVPM-01`, `BUS-MBDNS-01`, `BUS-MBVM-01` | The add-on name the user will need to send when adding the module | + + | max_allocation | Integer | This indicates the number of maximum add-on allocation allowed for the specific module | + + | is_trial_only | Boolean | This indicated if a user may use `trial` only as a `term_type` | + + | is_paid_only | Boolean | This indicated if a user may use `paid` only as a `term_type` | + + + ### is_nfr_allowed + + This field indicates if an MSP is allowed to add an NFR subscription to a site + + * this field will automatically return false if there is already an active site with NFR subscription + + + ## Response payload examples: + + In this example, the MSP is eligible to the add the following subscription to a site + + * Endpoint Protection + * workstation + * server + * Endpoint Detection and Response + * workstation + * server + * Add-ons + * Vulnerability and Patch Management + * Vulnerability Assessment + * NFR + * The MSP is eligible to create a subscription with NFR `term_type` + + The MSP is **NOT** eligible to the following subscriptions to a site: + + * Incident Response + * workstation + * Mobile Security + + * Add-ons + * ThreatDown Application Block + * ThreatDown Managed Detection and Response + * ThreatDown DNS Filtering + + Since the allocations are `-1` for all the products, we can determine that the current MSP is a `Usage` billed MSP + + ``` + + { + "products": + [ + { + "product": "ep", + "max_workstation_allocation": -1, + "max_server_allocation": -1, + "is_workstation_allowed": true, + "is_server_allowed": true, + "is_trial_only": false, + "is_paid_only": false + }, + { + "product": "edr", + "max_workstation_allocation": -1, + "max_server_allocation": -1, + "is_workstation_allowed": true, + "is_server_allowed": true, + "is_trial_only": false, + "is_paid_only": false + } + ], + "add_ons": + [ + { + "product": "BUS-MBVPM-01", + "max_allocation": -1, + "is_trial_only": false, + "is_paid_only": true + }, + { + "product": "BUS-MBVM-01", + "max_allocation": -1, + "is_trial_only": false, + "is_paid_only": true + } + ], + "is_nfr_allowed": true + } + + ``` + parameters: + - in: header + name: authorization + multiline: false + description: Header generated by shuffler.io OpenAPI + required: false + example: undefined + schema: + type: string + requestBody: + content: {} + "/oneview/v2/sites/{id}/addOns": + get: + responses: + default: + description: default + content: + text/plain: + schema: + type: string + example: "" + summary: v2 la carte Get sites addon subscriptions + operationId: v2___la_carte_Get_sites_addon_subscriptions + description: Get active add-ons for an existing site + parameters: + - in: path + name: id + description: Generated by shuffler.io OpenAPI + required: true + schema: + type: string + - in: header + name: authorization + multiline: false + description: Header generated by shuffler.io OpenAPI + required: false + example: undefined + schema: + type: string + requestBody: + content: {} + put: + responses: + default: + description: default + content: + text/plain: + schema: + type: string + example: "" + summary: v2 la carte Update a sites current addon subscription + operationId: v2___la_carte_Update_a_sites_current_addon_subscription + description: > + Use this endpoint to add or modify a current site's add-on subscription + + * Please note the product values are not static + + * The product values are provided in the `availability` API under `add_ons` field + + * If the user would like to update the seat count, simply increase the values here + + + ## Request payload examples: + + Update a subscription with + + * ThreatDown DNS Filtering and 5 seats + + ``` + + [ + { + "product": "BUS-MBDNS-01", + "term_type": "paid", + "term_length": 0, + "add_on_allocation": 5 + } + ] + + ``` + + Increase allocation of the previous DNS subscription from 5 to 20 + + * ThreatDown DNS Filtering and 20 seats + + ``` + + [ + { + "product": "BUS-MBDNS-01", + "term_type": "paid", + "term_length": 0, + "add_on_allocation": 20 + } + ] + + ``` + + Update a subscription with + + * ThreatDown DNS Filtering and 20 seats + + * ThreatDown Application Block and 15 seats + + ``` + + [ + { + "product": "BUS-MBDNS-01", + "term_type": "paid", + "term_length": 0, + "add_on_allocation": 20 + }, + { + "product": "BUS-MBAB-01", + "term_type": "paid", + "term_length": 0, + "add_on_allocation": 15 + } + ] + + ``` + + To remove all add-on modules of a site, simply send an empty list + + ``` + + [] + + ``` + parameters: + - in: path + name: id + description: Generated by shuffler.io OpenAPI + required: true + schema: + type: string + - in: body + name: body + multiline: true + description: Generated by shuffler.io OpenAPI + required: false + example: "" + schema: + type: string + - in: header + name: authorization + multiline: false + description: Header generated by shuffler.io OpenAPI + required: false + example: undefined + schema: + type: string + requestBody: + description: Generated by Shuffler.io + required: false + content: + example: + example: "" + "/oneview/v2/sites/{id}/extend/{product}": + put: + responses: + default: + description: default + content: + text/plain: + schema: + type: string + example: "" + summary: v2 la carte Extend a trial for a site + operationId: v2___la_carte_Extend_a_trial_for_a_site + description: Extend a trial for an existing site. + parameters: + - in: path + name: id + description: Generated by shuffler.io OpenAPI + required: true + schema: + type: string + - in: body + name: body + multiline: true + description: Generated by shuffler.io OpenAPI + required: false + example: "" + schema: + type: string + - in: header + name: authorization + multiline: false + description: Header generated by shuffler.io OpenAPI + required: false + example: undefined + schema: + type: string + requestBody: + description: Generated by Shuffler.io + required: false + content: + example: + example: "" + "/oneview/v2/sites/{id}/subscriptions": + get: + responses: + default: + description: default + content: + text/plain: + schema: + type: string + example: "" + summary: v2 la carte Get a site subscription + operationId: v2___la_carte_Get_a_site_subscription + description: Get active subscriptions for an existing site. + parameters: + - in: path + name: id + description: Generated by shuffler.io OpenAPI + required: true + schema: + type: string + - in: header + name: authorization + multiline: false + description: Header generated by shuffler.io OpenAPI + required: false + example: undefined + schema: + type: string + requestBody: + content: {} + post: + responses: + default: + description: default + content: + text/plain: + schema: + type: string + example: "" + summary: v2 la carte Create a new subscription for a site + operationId: v2___la_carte_Create_a_new_subscription_for_a_site + description: > + Use this endpoint to create a subscription for one of your managed site. + + + After creating one subscription, your customer's data will be populated with an `account_id` field that you can use for security's management apis, like detections, endpoints and jobs. + + + - This api can only be used when it does not have a current subscription + + - If a site was created through the OneView console, it will likely have a subscription already + + - If site has an active subscription, use the update subscription api + + - For adding add-on modules, see add-ons api + + + Available options will be provided by another api + + + - https://oneview.malwarebytes.com/oauth/documentation/msp#operation/api.v2.oneview.availability.subscriptionv2.id + + + ## Acceptable values for each field + + + ### product + + + Determines the product for the subscription + + + | Value | Description | + + | ----- | ------------------------------------------ | + + | ir | ThreatDown Incident Response | + + | ep | ThreatDown Endpoint Endpoint Protection | + + | edr | ThreatDown Endpoint Detection And Response | + + | mob | ThreatDown Mobile Security for Business | + + + ### machine_type + + + Determines the machine type of the subscription + + + - field not required for mobile entitlements + + + | Value | Description | + + | ------ | ---------------------- | + + | ws | Workstation only | + + | ws-ser | Workstation and Server | + + + ### term_type + + + Determines whether the subscription is paid or trial + + + | Value | Description | Billable | + + | ----- | ------------------ | -------- | + + | paid | Paid subscription | yes | + + | trial | Trial subscription | no | + + + ### term_length + + + Determines the term length of a subscription, most notable for trial subscriptions + + + | Value | Description | + + | ----- | ------------------------------- | + + | 0 | set to 0 for paid subscriptions | + + | 15 | set to 15 for 15 day trial | + + | 30 | set to 30 for 30 daytrial | + + + ### allocations + + + Determines the seat count allocated for a certain product subscription + + + - If MSP is on Upfront billing + - **Required field** + - Allocations here are limited by the seats purchased + - If MSP is on Usage billing + - **Not Required** + - allocation here does not reflect as billable + + | Value | Description | + + | ----- | ----------------------------- | + + | ir | allocation for IR | + + | ep | allocation for EP | + + | edr | allocation for EDR | + + | eps | allocation for EP for Server | + + | edrs | allocation for EDR for Server | + + | mob | allocation for Mobile | + + + ## Request payload examples: + + + **Create a subscription with ThreatDown Endpoint Protection** + + + ``` + + { + "product": "ep", + "machine_type": "ws", + "term_type": "paid", + "term_length": 0, + "allocations": { + "ep": 10 + } + } + + ``` + + + **Create a subscription with ThreatDown Endpoint Protection and Server** + + + ``` + + { + "product": "ep", + "machine_type": "ws-ser", + "term_type": "paid", + "term_length": 0, + "allocations": { + "ep": 15, + "eps": 20 + } + } + + ``` + + + **Create a subscription with ThreatDown Mobile Security** + + + ``` + + { + "product": "mob", + "term_type": "paid", + "term_length": 0, + "allocations": { + "mob": 5 + } + } + + ``` + + + **Create an NFR subscription with ThreatDown Endpoint Protection and Server** + + + ``` + + { + "product": "ep", + "machine_type": "ws-ser", + "term_type": "nfr", + "term_length": 0, + "allocations": { + "ep": 15, + "eps": 20 + } + } + + ``` + parameters: + - in: path + name: id + description: Generated by shuffler.io OpenAPI + required: true + schema: + type: string + - in: body + name: body + multiline: true + description: Generated by shuffler.io OpenAPI + required: false + example: |- + { + "allocations": { + "edr": 0, + "edrs": 0, + "ep": 0, + "eps": 0, + "ir": 0, + "mob": 0 + }, + "auto_convert_trial_to_paid": false, + "machine_type": "", + "product": "", + "term_length": "", + "term_type": "" + } + schema: + type: string + - in: header + name: authorization + multiline: false + description: Header generated by shuffler.io OpenAPI + required: false + example: undefined + schema: + type: string + requestBody: + description: Generated by Shuffler.io + required: false + content: + example: + example: |- + { + "allocations": { + "edr": 0, + "edrs": 0, + "ep": 0, + "eps": 0, + "ir": 0, + "mob": 0 + }, + "auto_convert_trial_to_paid": false, + "machine_type": "", + "product": "", + "term_length": "", + "term_type": "" + } + put: + responses: + default: + description: default + content: + text/plain: + schema: + type: string + example: "" + summary: v2 la carte Update a sites current subscription + operationId: v2___la_carte_Update_a_sites_current_subscription + description: > + Use this endpoint to add or modify a current site subscription + + * The user may add or remove a trial through this api + *

The user will not be able to re-add a trial once it has been removed

+ * Trials are limited to 100 seats + * The user may only trial a higher tier product to an existing Paid subscription + * If the user has a paid EP subscription, the user may add an EDR trial (assuming the MSP is entitled to EDR) + * If the user has a paid EDR subscription, the user may only add mobile as a trial + + + ## Request payload examples: + + **Update a subscription with** + + * paid EP workstation and server + + * trial EDR workstation and server + + * trial Mobile Security + + + ``` + + [ + { + "product": "ep", + "machine_type": "ws-ser", + "term_type": "paid", + "term_length": 0, + "allocations": { + "ep": 1, + "eps": 0 + } + }, + { + "product": "edr", + "machine_type": "ws-ser", + "term_type": "trial", + "term_length": 0, + "allocations": { + "edr": 10, + "edrs": 20 + } + }, + { + "product": "mob", + "term_type": "trial", + "term_length": 0, + "allocations": { + "mob": 30 + } + } + ] + + ``` + + + **Update a subscription with the following subscription** + + * paid EDR workstation and server + + * paid Mobile Security for Business + + + ``` + + [ + { + "product": "edr", + "machine_type": "ws-ser", + "term_type": "paid", + "term_length": 0, + "allocations": { + "ep": 1, + "eps": 0 + } + }, + { + "product": "mob", + "term_type": "paid", + "term_length": 0, + "allocations": { + "mob": 10 + } + } + ] + + ``` + + + **Remove all current subscriptions of a site, simply send an empty list** + + *

WARNING: Removing all subscriptions will also remove all add-on modules

+ + + ``` + + [] + + ``` + parameters: + - in: path + name: id + description: Generated by shuffler.io OpenAPI + required: true + schema: + type: string + - in: body + name: body + multiline: true + description: Generated by shuffler.io OpenAPI + required: false + example: "" + schema: + type: string + - in: header + name: authorization + multiline: false + description: Header generated by shuffler.io OpenAPI + required: false + example: undefined + schema: + type: string + requestBody: + description: Generated by Shuffler.io + required: false + content: + example: + example: "" + /oneview/v3/sites/subscriptions/availability: + get: + responses: + default: + description: default + content: + text/plain: + schema: + type: string + example: |- + { + "advanced": { + "mobile": 0, + "server": 0, + "workstation": 0 + }, + "core": { + "mobile": 0, + "server": 0, + "workstation": 0 + }, + "elite": { + "mobile": 0, + "server": 0, + "workstation": 0 + }, + "is_nfr_allowed": false, + "ultimate": { + "mobile": 0, + "server": 0, + "workstation": 0 + } + } + summary: v3 Bundles Get accounts available bundle subscriptions + operationId: v3__Bundles_Get_accounts_available_bundle_subscriptions + description: > + Use this endpoint to retrieve the available **Bundle** subscriptions for + a given MSP account + + + ## Field descriptions + + ## Bundles + + | Field name | Data type or example | Description | + + |------------|----------------------|------------------------------------------------------------| + + | core | Allocation Object | Available seat allocation for `core` bundle per device | + + | advanced | Allocation Object | Available seat allocation for `advanced` bundle per device | + + | elite | Allocation Object | Available seat allocation for `elite` bundle per device | + + | ultimate | Allocation Object | Available seat allocation for `ultimate` bundle per device | + + + ## Allocation Object + + + | Field name | Data type or example | Description | + + |-------------|----------------------|------------------------------------------------------------| + + | workstation | Integer | Available `workstation` seat allocation for a given bundle | + + | server | Integer | Available `server` seat allocation for a given bundle | + + | mobile | Integer | Available `mobile` seat allocation for a given bundle | + + + + ### is_nfr_allowed + + This field indicates if an MSP is allowed to add an NFR subscription to a site + + * this field will automatically return false if there is already an active site with NFR subscription + + + ## Response payload examples: + + In this example, the MSP is eligible to add one of the following bundle subscriptions + + * Core bundle + + * Elite bundle + + * Ultimate + + + With term_type `paid`, `trial` or `nfr` + + + The MSP is **NOT** eligible to the following subscriptions to a site: + + * Core Bundle Server - server allocation count is 0 + + * Advanced Bundle - not listed in the response + + + ``` + + { + "is_nfr_allowed": true, + "core": + { + "workstation": 995, + "server": 0, + "mobile": 998 + }, + "elite": + { + "workstation": 777, + "server": 784, + "mobile": 998 + }, + "ultimate": + { + "workstation": 441, + "server": 415, + "mobile": 998 + } + } + + ``` + parameters: + - in: header + name: authorization + multiline: false + description: Header generated by shuffler.io OpenAPI + required: false + example: undefined + schema: + type: string + requestBody: + content: {} + "/oneview/v3/sites/{id}/subscriptions": + get: + responses: + default: + description: default + content: + text/plain: + schema: + type: string + example: |- + { + "auto_convert_trial_to_paid": false, + "bundle": "", + "devices": [ + { + "seat_allocation": 0, + "seat_used": 0, + "status": "", + "term_ends_on": "", + "term_type": "", + "type": "" + } + ] + } + summary: v3 Bundles Get sites bundle subscription + operationId: v3__Bundles_Get_sites_bundle_subscription + description: >+ + Use this endpoint to fetch the subscription for one of your managed + site. + + + ### bundle + + + Determines the bundle for the subscription + + + | value | Description | + + |----------|-----------------------------------| + + | core | Apply `core` bundle to a site | + + | advanced | Apply `advanced` bundle to a site | + + | elite | Apply `elite` bundle to a site | + + | ultimate | Apply `ultimate` bundle to a site | + + + ### auto_convert_trial_to_paid + + + Determines if a trial subscription will auto convert to paid. Set to `false` on paid subscriptions + + + ### devices + + + A list of device object containing the device type, number of seats and term type (paid, trial or nfr) + + + #### Device Object fields + + | Field name | Data type or example | Acceptable Values | + + |-----------------|----------------------|--------------------------------------------| + + | type | String | `workstation`, `server` and `mobile` | + + | seats_allocated | Integer | Seat allocated on subscribe | + + | seat_used | Integer | Seat being utilized by installed endpoints | + + | term_type | String | `paid`, `trial` or `nfr` | + + | status | String | `active` or `expired` for trials | + + | term_ends_on | String | Site subscription expires on this date | + + + + ## Response payload examples: + + + **A site with trial of ThreatDown Advanced Bundle with 14 workstation seat allocation that will auto convert to paid on 2024-03-27** + + + ``` + + { + "bundle": "advanced", + "auto_convert_trial_to_paid": true, + "devices": [ + { + "type": "workstation", + "seat_allocation": 14, + "seat_used": 0, + "term_type": "trial", + "status": "active", + "term_ends_on": "2024-03-27T23:59:59+00:00" + } + ] + } + + ``` + + parameters: + - in: path + name: id + description: Generated by shuffler.io OpenAPI + required: true + schema: + type: string + - in: header + name: authorization + multiline: false + description: Header generated by shuffler.io OpenAPI + required: false + example: undefined + schema: + type: string + requestBody: + content: {} + post: + responses: + default: + description: default + content: + text/plain: + schema: + type: string + example: |- + { + "auto_convert_trial_to_paid": false, + "bundle": "", + "devices": [ + { + "seat_allocation": 0, + "seat_used": 0, + "status": "", + "term_ends_on": "", + "term_type": "", + "type": "" + } + ] + } + summary: v3 Bundles Create or update a sites bundle subscriptions + operationId: v3__Bundles_Create_or_update_a_sites_bundle_subscriptions + description: > + Use this endpoint to create a subscription for one of your managed site. + + + After creating one subscription, your customer's data will be populated with an `account_id` field that you can use for security's management apis, like detections, endpoints and jobs. + + + - This api can be used to both create a subscription and update a subscription + + - If a site was created through the OneView console, it will likely have a subscription already + + + Available options will be provided by another api + + + - https://oneview.malwarebytes.com/oauth/documentation/msp#operation/api.v2.oneview.availability.subscriptionv3.id + + + ## Acceptable values for each field + + + ### bundle + + + Determines the bundle for the subscription + + + | value | Description | + + |----------|-----------------------------------| + + | core | Apply `core` bundle to a site | + + | advanced | Apply `advanced` bundle to a site | + + | elite | Apply `elite` bundle to a site | + + | ultimate | Apply `ultimate` bundle to a site | + + + ### auto_convert_trial_to_paid + + + Determines if a trial subscription will auto convert to paid. Set to `false` on paid subscriptions + + + ### devices + + + A list of device object containing the device type, number of seats and term type (paid, trial or nfr) + + + #### Device Object fields + + | Field name | Data type or example | Acceptable Values | + + |-----------------|----------------------|--------------------------------------| + + | type | String | `workstation`, `server` and `mobile` | + + | seat_allocation | Integer | Any integer limited by availability | + + | term_type | String | `paid`, `trial` or `nfr` | + + + + ## Request payload examples: + + + **Create a Paid ThreatDown Core Bundle with 511 workstation allocation and 2 mobile allocation** + + + ``` + + { + "bundle": "core", + "auto_convert_trial_to_paid": false, + "devices": + [ + { + "type": "workstation", + "seat_allocation": 511, + "term_type": "paid" + }, + { + "type": "mobile", + "seat_allocation": 2, + "term_type": "paid" + } + ] + } + + ``` + + + **Create a Trial ThreatDown Elite Bundle with 10 workstation allocation and 10 server allocation with auto conversion to paid at the end of trial period** + + + ``` + + { + "bundle": "elite", + "auto_convert_trial_to_paid": true, + "devices": + [ + { + "type": "workstation", + "seat_allocation": 10, + "term_type": "trial" + }, + { + "type": "server", + "seat_allocation": 10, + "term_type": "trial" + } + ] + } + + ``` + + + **Remove site bundle subscription** + + + ``` + + { + "bundle": "core", + "auto_convert_trial_to_paid": false, + "devices": [] + } + + ``` + parameters: + - in: path + name: id + description: Generated by shuffler.io OpenAPI + required: true + schema: + type: string + - in: body + name: body + multiline: true + description: Generated by shuffler.io OpenAPI + required: false + example: |- + { + "auto_convert_trial_to_paid": false, + "bundle": "", + "devices": [ + { + "seat_allocation": 0, + "term_type": "", + "type": "" + } + ] + } + schema: + type: string + - in: header + name: authorization + multiline: false + description: Header generated by shuffler.io OpenAPI + required: false + example: undefined + schema: + type: string + requestBody: + description: Generated by Shuffler.io + required: false + content: + example: + example: |- + { + "auto_convert_trial_to_paid": false, + "bundle": "", + "devices": [ + { + "seat_allocation": 0, + "term_type": "", + "type": "" + } + ] + } +components: + securitySchemes: + Oauth2: + type: oauth2 + description: Oauth2.0 authorizationCode authentication + flow: + authorizationCode: + authorizationUrl: "" + tokenUrl: https://api.malwarebytes.com/oneview/oauth2/token + refreshUrl: "" + scopes: + - read + - write + - execute + x-grant-type: client_credentials +tags: + - name: Users + - name: Sites + - name: Subscriptions + - name: Endpoints + - name: Webhooks + - name: Pagination + - name: Notifications