Enterprise Recon v1 API
Target Logs
Use this set of APIs to download inaccessible locations, remediation logs and scan trace logs for a Target.
List Inaccessible Locations for Target
Get information about all or specific locations (e.g. files, folders and drives) on a Target that were inaccessible during a scan.
Request
GET
https://er-master:8339/v1/targets/<target_id>/inaccess
Authorization
Path Parameters
Parameter | Data Type | Description |
---|---|---|
target_id |
string |
Specify Target to retrieve data for. target_id is the targets->id response item from the /v1/groups/all endpoint. |
Query Parameters
Parameter | Data Type | Description |
---|---|---|
location_id |
string |
Filter results for a specific Target location. If no value is specified, response returns data for all Target Locations under the given Target. location_id is the targets->locations->id response item from the /v1/groups/all endpoint. |
offset |
integer default: 0 |
The first inaccessible location to return data for. For offset=N, data will be fetched starting from the Nth inaccessible location. If no value is specified or offset=0, query will return data from the very first inaccessible location. |
limit |
integer default: 1000 max: 100000 |
Maximum number of inaccessible locations to return data for, starting from the first record determined by the offset parameter value. |
Header Parameters
Parameter | Data Type | Description |
---|---|---|
Accept-Encoding |
string enum: gzip deflate |
Specify the compression algorithm to use on the response object.
Compressed content will not be returned for endpoints that return reports as files (e.g. PDF, CSV etc), endpoints that return binary files (e.g. Node Agent installers) or unsuccessful API calls. |
Request Samples
HTTP
GET /v1/targets/4759598330602895744/inaccess
Accept: application/json
cURL
curl --request GET 'https://er-master:8339/v1/targets/4759598330602895744/inaccess' \
--user apiuser:password123 \
--header "Accept: application/json"
Response Schema
200 OK
Parameter | Data Type | Description |
---|---|---|
path |
string |
Full path or location of the inaccessible location. |
severity |
string enum: critical error notice intervention |
Severity level for the inaccessible location. |
description |
string |
Error message or details about the inaccessible location. |
timestamp |
number |
Timestamp when the inaccessible location was logged in Unix time format. |
Response Samples
200 OK
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: xxx
[
{
"path": "File path C:\\MyFolder\\MyFile.txt",
"severity": "error",
"description": "File may be truncated",
"timestamp": 1520035200
},
{
"path": "File path C:\\MyFolder\\example.txt",
"severity": "notice",
"description": "Access is denied.",
"timestamp": 1517356800
},
{
"path": "All local files",
"severity": "critical",
"description": "Scan stopped on user request",
"timestamp": 1514715010
}
]
View or Download Remediation Logs for Target
View or download remediation logs for a specific Target. The remediation log lists all remedial actions that have been taken on a given Target.
Request
GET
https://er-master:8339/v1/targets/<target_id>/remediationlogs
Authorization
Path Parameters
Parameter | Data Type | Description |
---|---|---|
target_id |
string |
Specify Target to retrieve data for. target_id is the targets->id response item from the /v1/groups/all endpoint. |
Query Parameters
Parameter | Data Type | Description |
---|---|---|
user_id |
string |
Filter remedial events performed by a particular user account. user_id is the id response item from the /v1/users endpoint. |
start_date |
string <YYYYMMDD> |
Specify a start date for fetching the remediation logs, formatted as YYYYMMDD (e.g. 20180125). Can be used with end_date parameter to specify a date range to retrieve remediation logs data. |
end_date |
string <YYYYMMDD> |
Specify an end date for fetching the remediation logs, formatted as YYYYMMDD (e.g. 20180125). Can be used with start_date parameter to specify a date range to retrieve remediation logs data. |
earliest |
boolean default: false enum: true false |
Set true to display the oldest remediation action first. |
offset |
integer default: 0 |
The first remediation log to return data for. For offset=N, data will be fetched starting from the Nth remediation log. If no value is specified or offset=0, query will return data from the very first remediation log. |
limit |
integer default: 1000 max: 100000 |
Maximum number of remediation logs to return data for, starting from the first record determined by the offset parameter value. |
Header Parameters
Parameter | Data Type | Description |
---|---|---|
Accept-Encoding |
string enum: gzip deflate |
Specify the compression algorithm to use on the response object.
Compressed content will not be returned for endpoints that return reports as files (e.g. PDF, CSV etc), endpoints that return binary files (e.g. Node Agent installers) or unsuccessful API calls. |
Request Samples
HTTP
GET /v1/targets/4759598330602895744/remediationlogs
Accept: application/json
cURL
curl --request GET 'https://er-master:8339/v1/targets/4759598330602895744/remediationlogs' \
--user apiuser:password123 \
--header "Accept: application/json"
Response Schema
200 OK
Parameter | Data Type | Description |
---|---|---|
user_id |
string |
Unique user ID for the user who performed the remediation, access control, or classification action. user_id is the id response item from the /v1/users endpoint. |
path |
string |
Location of the file where remediation, access control, or classification action had been taken. |
remediation_status |
string |
Operation status (e.g. remediation, access control, classification) for the file. |
matches |
string |
Total number of remediated matches for the Target across all data types. |
timestamp |
number |
Time stamp (Unix time format) when the remediation, access control, or classification action was performed. |
sign_off |
string |
Details entered by user in the Sign-off field when remediation, access control, or classification action was taken. |
metas |
object |
Meta data for the remediated file. See Metadata for the list of possible ER2 metadata values. |
metas/label |
string |
Label describing the data type that was remediated. |
metas/remediated_count |
string |
Number of remediated matches for the data type. |
reason |
string |
Details entered by user in the Reason field when remediation, access control, or classification action was taken. |
Response Samples
200 OK
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: xxx
[
{
"user_id": "332768006779777470",
"path": "File path /usr/share/all_types.zip->BANK/fileA.dump",
"remediation_status": "test data",
"matches": "7",
"timestamp": "1523860710",
"sign_off": "<sign off details>",
"metas": [
{
"label": "SWIFT Code",
"remediated_count": "5"
},
{
"label": "United States Social Security Number (relaxed)",
"remediated_count": "2"
}
],
"reason": "<reason>"
},
{
"user_id": "332768006779777470",
"path": "File path /usr/share/all_types.zip->BANK/fileA.txt",
"remediation_status": "masked",
"matches": "0",
"timestamp": "1523860697",
"sign_off": "<sign off details>"
}
]
List Scan Trace Logs for Target
Get a list of all available Scan Trace Logs for a Target. No data will be returned if Scan Trace Capture was not enabled for scans.
Request
GET
https://er-master:8339/v1/targets/<target_id>/scantracelogs
Authorization
Path Parameters
Parameter | Data Type | Description |
---|---|---|
target_id |
string |
Specify Target to retrieve data for. target_id is the targets->id response item from the /v1/groups/all endpoint. |
Query Parameters
Parameter | Data Type | Description |
---|---|---|
offset |
integer default: 0 |
The first scan trace log to return data for. For offset=N, data will be fetched starting from the Nth scan trace log. If no value is specified or offset=0, query will return data from the very first scan trace log. |
limit |
integer default: 1000 max: 100000 |
Maximum number of scan trace logs to return data for, starting from the first record determined by the offset parameter value. |
Header Parameters
Parameter | Data Type | Description |
---|---|---|
Accept-Encoding |
string enum: gzip deflate |
Specify the compression algorithm to use on the response object.
Compressed content will not be returned for endpoints that return reports as files (e.g. PDF, CSV etc), endpoints that return binary files (e.g. Node Agent installers) or unsuccessful API calls. |
Request Samples
HTTP
GET /v1/targets/4759598330602895744/scantracelogs
Accept: application/json
cURL
curl --request GET 'https://er-master:8339/v1/targets/4759598330602895744/scantracelogs' \
--user apiuser:password123 \
--header "Accept: application/json"
Response Schema
200 OK
Parameter | Data Type | Description |
---|---|---|
scan_id |
string |
Unique scan ID. |
timestamp |
number |
Time stamp when the scan was started in Unix time format. |
schedule_label |
string |
Descriptive label for the scan schedule. |
target_name |
string |
Name of the scanned Target. |
Response Samples
200 OK
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: xxx
[
{
"scan_id": "450715635612859580",
"timestamp": 1523605565,
"schedule_label": "CENTOS APR13-1546",
"target_name": "CENTOS"
},
{
"scan_id": "1120921025123069988",
"timestamp": 1523609565,
"schedule_label": "CENTOS APR13-1585",
"target_name": "CENTOS"
}
]
View or Download Target Scan Trace Logs by ID
View or download a specific Scan Trace Log for a Target.
Request
GET
https://er-master:8339/v1/targets/<target_id>/scantracelogs/<scan_id>-<timestamp>
Authorization
Path Parameters
Parameter | Data Type | Description |
---|---|---|
target_id |
string |
Specify Target to retrieve data for. target_id is the targets->id response item from the /v1/groups/all endpoint. |
<scan_id>-<timestamp> |
string |
Specify the Scan Trace Log to view / download by scan ID and time stamp of the scan.
scan_id and timestamp are the response items from the
/v1/targets/<target_id>/scantracelogs endpoint.
Example: If target_id=4759598330602895744, scan_id=450715635612859580 and timestamp=1523605568, the request URL would be /v1/targets/4759598330602895744/scantracelogs/450715635612859580-1523605568. |
Query Parameters
Parameter | Data Type | Description |
---|---|---|
offset |
integer default: 0 |
The first scan trace log to return data for. For offset=N, data will be fetched starting from the Nth scan trace log. If no value is specified or offset=0, query will return data from the very first scan trace log. |
limit |
integer default: 1000 max: 100000 |
Maximum number of scan trace logs to return data for, starting from the first record determined by the offset parameter value. |
Header Parameters
Parameter | Data Type | Description |
---|---|---|
Accept |
string |
Response media format. Set to text/csv to download the Scan Trace Log file. offset and limit parameters are not applicable to CSV media response format. |
Request Samples
HTTP
GET /v1/targets/4759598330602895744/scantracelogs/450715635612859580-1523605568
Accept: text/csv
cURL
curl --request GET 'https://er-master:8339/v1/targets/4759598330602895744/scantracelogs/450715635612859580-1523605568' \
--user apiuser:password123 \
--header "Accept: text/csv"
Response Schema
200 OK
Parameter | Data Type | Description |
---|---|---|
timestamp |
number |
Time stamp (Unix time format) for each action that happened on a path or location during a scan. |
action |
string enum: source opening opened parsing decoding decoded completed scanning |
Action performed on a path or location during a scan. |
agent_name |
string |
Name of the Agent that performed the scan. |
path |
string |
Full path where the action happened. |
Response Samples
200 OK
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: xxx
[
{
"timestamp": "1523605568",
"action": "source",
"agent_name": "CENTOS",
"path": "All local files"
},
{
"timestamp": "1523605568",
"action": "opening",
"agent_name": "CENTOS",
"path": "File path /"
},
{
"timestamp": "1523605568",
"action": "diagnostic-skip\tlink:/bin->usr/bin",
"agent_name": "CENTOS",
"path": "File path /"
},
{
"timestamp": "1523605568",
"action": "opening",
"agent_name": "CENTOS",
"path": "File path /boot"
},
{
"timestamp": "1523605568",
"action": "decoding\tUNIX ELF Object",
"agent_name": "CENTOS",
"path": "File path /boot/grub2/i386-pc/acpi.mod"
}
]