Enterprise Recon v1 API
Add, Probe and Scan a SharePoint Server Target
This example describes the workflow and sequence of requests to make to add, probe and scan a SharePoint Server database Target using the Enterprise Recon API.
- Step 1 - Add Credentials
- Step 2 - Get the Agent ID
- Step 3 - Get the Target ID
- Step 4 - Add SharePoint Server Target Location
- Step 5 - Get Data Type Profile ID
- (Optional) Step 6 - Probe the SharePoint Server Target Location
- Step 7 - Scan the SharePoint Server
Defaults and Assumptions
This example uses the following default values and makes the following assumptions:
- "My-SharePoint-Server" is the host name of the SharePoint Server.
-
"My-SharePoint-Server" has been added as a Target to the Master Server.
- A suitable Windows proxy agent has been installed on the same host ("My-SharePoint-Server") as the SharePoint Server database and is connected to the Master Server.
Step 1 - Add Credentials
POST
https://er-master:8339/v1/credentials
Start by adding a new credential set for the SharePoint Server database Target, where:
- label is a descriptive label for the SharePoint Server credential set,
- username is a domain user name or user name for the database server (depending on the authentication mode),
- password is password for the corresponding username, and
- type is Server.
Sample Request
cURL
curl --request POST 'https://er-master:8339/v1/credentials' \
--user apiuser:password123 \
--header "Content-Type: application/json" \
--data-raw '{
"label": "My-SharePoint-Server Credentials",
"username": "sp-user-A",
"password": "sp-user-A-password",
"type": "Server"
}'
Expected Response
201 Created
HTTP/1.1 201 Created
Content-Type: application/json
Content-Length: xxx
{
"id": "15792178316638465022"
}
The credential id (15792178316638465022) created from this request will be required when adding the SharePoint Server as a Target Location in Step 4.
Step 2 - Get the Agent ID
GET
https://er-master:8339/v1/agents
Next, get the agent ID of a suitable Windows proxy agent that will be used to scan the SharePoint Server database Target.
Sample Request
cURL
curl --request GET 'https://er-master:8339/v1/agents?agent_name=My-SharePoint-Server' \
--user apiuser:password123 \
--header "Accept: application/json"
Expected Response
200 OK
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: xxx
[
{
"id": "3519591954114186070",
"name": "My-SharePoint-Server",
"type": "node",
"version": "2.5",
"platform": "Microsoft Windows Server 2012 R2 Standard Edition 64-bit",
"platform_compatibility": "Windows Server 2012 R2",
"verified": true,
"connected": true,
"proxy": true,
...
}
]
The agent id (3519591954114186070) returned in this request will be required when adding the SharePoint Server as a Target Location in Step 4.
Step 3 - Get the Target ID
GET
https://er-master:8339/v1/targets
Next, get the Target ID for the SharePoint Server host machine, "My-SharePoint-Server" which has already been added as a Target to the Master Server.
Sample Request
cURL
curl --request GET 'https://er-master:8339/v1/targets?target_name=My-SharePoint-Server' \
--user apiuser:password123 \
--header "Accept: application/json"
Expected Response
200 OK
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: xxx
[
{
"id": "4759598330602895744",
"name": "My-SharePoint-Server",
"comments": "",
"search_time": 0,
"search_status": "none",
"errors": {
"notice": 0,
"error": 0,
"critical": 0
},
"matches": {
"test": "0",
"match": "0",
"prohibited": "0"
},
"platform": "Windows Server 2012 R2"
}
]
The Target id (4759598330602895744) and platform (Windows Server 2012 R2) returned in this request will be required when adding or probing the SharePoint Server Target Location in Step 4 and Step 6.
Step 4 - Add SharePoint Server Target Location
POST
https://er-master:8339/v1/targets/<target_id>/locations
After completing Step 1 to Step 3, you will have all the information required to add the SharePoint Server as a Target Location, where:
- path is the URL of the SharePoint web application to scan,
- protocol is spdb,
- credential_id is the credential id created in Step 1, and
- proxy_id is the agent id returned in Step 2.
Sample Request
cURL
curl --request POST 'https://er-master:8339/v1/targets/4759598330602895744/locations' \
--user apiuser:password123 \
--header "Content-Type: application/json" \
--data-raw '{
"path": "",
"protocol": "spdb",
"credential_id": "15792178316638465022",
"proxy_id": "3519591954114186070"
}'
Expected Response
201 Created
HTTP/1.1 201 Created
Content-Type: application/json
Content-Length: xxx
{
"id": "9832457584012239212"
}
The Target Location id (15792178316638465022) created from this request will be required to set up scan schedules for the SharePoint Server in Step 7.
Step 5 - Get Data Type Profile ID
GET
https://er-master:8339/v1/datatypes/profiles
Next, get the data type profile ID of the data type profiles to enable when scanning the SharePoint Server database Target.
Sample Request
cURL
curl --request GET 'https://er-master:8339/v1/datatypes/profiles' \
--user apiuser:password123 \
--header "Accept: application/json"
Expected Response
200 OK
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: xxx
[
{
"id": "1",
"label": "PCI Compliance",
"version": 1,
"owner": "0",
"modified": 1632129035,
"default": true,
"disabled": false,
"global": true,
"sealed": true
},
{
"id": "2",
"label": "All Cardholder Data",
"version": 1,
"owner": "0",
"modified": 1632129035,
"default": true,
"disabled": false,
"global": true,
"sealed": true
},
...
{
"id": "14",
"label": "USA Protected Health Information (PHI)",
"version": 1,
"owner": "0",
"modified": 1632129035,
"default": true,
"disabled": false,
"global": true,
"sealed": true
}
]
The data type profile id(s) returned in this request will be required when setting up scan schedules for the SharePoint Server database Target in Step 7.
(Optional) Step 6 - Probe the SharePoint Server Target Location
POST
https://er-master:8339/v1/targets/probing
Once you have added the SharePoint Server database as a Target Location, you can probe the Target Location to view the resources in the SharePoint Server, where:
- target_name is My-SharePoint-Server,
- path can be left blank,
- protocol is spdb,
- credential_id is the credential id created in Step 1,
- proxy_id is the agent id returned in Step 2, and
- platform is the platform returned in Step 3.
Sample Request
cURL
curl --request POST 'https://er-master:8339/v1/targets/probing' \
--user apiuser:password123 \
--header "Content-Type: application/json" \
--data-raw '{
"target_name": "My-SharePoint-Server",
"path": "",
"protocol": "spdb",
"credential_id": "4759598330602895744",
"proxy_id": "4759598330602895744",
"platform": "Windows Server 2012 R2"
}'
Expected Response
200 OK
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: xxx
[
{
"path": "https://sharepoint.example.com/:site",
"type": "folder"
},
{
"path": "https://sharepoint.example.com/operations/:site",
"type": "folder"
},
{
"path": "https://sharepoint.example.com/sites/sitecollection/:site",
"type": "folder"
}
]
The path(s) returned in this request can be used to scan specific URLs when setting up scan schedules for the SharePoint Server in Step 7.
Step 7 - Scan the SharePoint Server
POST
https://er-master:8339/v1/schedules
Schedule a scan for the newly added SharePoint Server database Target, where:
- label is a descriptive label for the scan,
- targets.id is the Target id returned in Step 3,
- targets.locations.id is the Target Location id created in Step 4,
- targets.locations.subpath is the path(s) returned in Step 6, and
- profiles is the data type profile id(s) returned in Step 5.
Sample Request
cURL
curl --request POST 'https://er-master:8339/v1/schedules' \
--user apiuser:password123 \
--header "Content-Type: application/json" \
--data-raw '{
"label": "SharePoint Server API scan",
"targets": {
"id": "4759598330602895744",
"locations": [
{
"id": "9832457584012239212",
"subpath": "https://sharepoint.example.com/"
},
{
"id": "9832457584012239212",
"subpath": "https://sharepoint.example.com/sites/sitecollection"
}
]
},
"profiles": [
"1",
"2",
"3"
],
"cpu": "low",
"throughput": 0,
"memory": 0,
"capture": true,
"trace": false,
"match_detail": "balanced"
}'
Expected Response
201 Created
HTTP/1.1 201 Created
Content-Type: application/json
Content-Length: xxx
{
"id": "102"
}
You can check the status and progress of the scan using the scan schedule id (102) created in this request.