Enterprise Recon v1 API

All Documentation > ER2 v1 API > Target Logs

Target Logs

Use this set of APIs to download inaccessible locations, remediation logs and scan trace logs for a Target.

List Inaccessible Locations for Target

Get information about all or specific locations (e.g. files, folders and drives) on a Target that were inaccessible during a scan.

Request

GET

https://er-master:8339/v1/targets/<target_id>/inaccess

Authorization

Basic Authentication

Path Parameters

Parameter	Data Type	Description
target_id	string	Specify Target to retrieve data for. target_id is the targets->id response item from the /v1/groups/all endpoint.

Query Parameters

Parameter	Data Type	Description
location_id	string	Filter results for a specific Target location. If no value is specified, response returns data for all Target Locations under the given Target. location_id is the targets->locations->id response item from the /v1/groups/all endpoint.
offset	integer default: 0	The first inaccessible location to return data for. For offset=N, data will be fetched starting from the Nth inaccessible location. If no value is specified or offset=0, query will return data from the very first inaccessible location.
limit	integer default: 1000 max: 100000	Maximum number of inaccessible locations to return data for, starting from the first record determined by the offset parameter value.

Parameter

Data Type

Description

location_id

string

Filter results for a specific Target location. If no value is specified, response returns data for all Target Locations under the given Target. location_id is the targets->locations->id response item from the /v1/groups/all endpoint.

offset

integer

default: 0

The first inaccessible location to return data for. For offset=N, data will be fetched starting from the Nth inaccessible location. If no value is specified or offset=0, query will return data from the very first inaccessible location.

limit

integer

default: 1000

max: 100000

Maximum number of inaccessible locations to return data for, starting from the first record determined by the offset parameter value.

Header Parameters

Parameter	Data Type	Description
Accept-Encoding	string enum: gzip deflate	Specify the compression algorithm to use on the response object. Compressed content will not be returned for endpoints that return reports as files (e.g. PDF, CSV etc), endpoints that return binary files (e.g. Node Agent installers) or unsuccessful API calls.

Parameter

Data Type

Description

Accept-Encoding

string

enum: gzip deflate

Specify the compression algorithm to use on the response object.
Compressed content will not be returned for endpoints that return reports as files (e.g. PDF, CSV etc), endpoints that return binary files (e.g. Node Agent installers) or unsuccessful API calls.

Request Samples

HTTP

GET /v1/targets/4759598330602895744/inaccess
Accept: application/json

cURL

curl --request GET 'https://er-master:8339/v1/targets/4759598330602895744/inaccess' \
--user apiuser:password123 \
--header "Accept: application/json"

Response Schema

200 OK

Parameter	Data Type	Description
path	string	Full path or location of the inaccessible location.
severity	string enum: critical error notice intervention	Severity level for the inaccessible location.
description	string	Error message or details about the inaccessible location.
timestamp	number	Timestamp when the inaccessible location was logged in Unix time format.

Response Samples

200 OK

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: xxx
[
  {
    "path": "File path C:\\MyFolder\\MyFile.txt",
    "severity": "error",
    "description": "File may be truncated",
    "timestamp": 1520035200
  },
  {
    "path": "File path C:\\MyFolder\\example.txt",
    "severity": "notice",
    "description": "Access is denied.",
    "timestamp": 1517356800
  },
  {
    "path": "All local files",
    "severity": "critical",
    "description": "Scan stopped on user request",
    "timestamp": 1514715010
  }
]

View or Download Remediation Logs for Target

View or download remediation logs for a specific Target. The remediation log lists all remedial actions that have been taken on a given Target.

Request

GET

https://er-master:8339/v1/targets/<target_id>/remediationlogs

Authorization

Basic Authentication

Path Parameters

Parameter	Data Type	Description
target_id	string	Specify Target to retrieve data for. target_id is the targets->id response item from the /v1/groups/all endpoint.

Query Parameters

Parameter	Data Type	Description
user_id	string	Filter remedial events performed by a particular user account. user_id is the id response item from the /v1/users endpoint.
start_date	string <YYYYMMDD>	Specify a start date for fetching the remediation logs, formatted as YYYYMMDD (e.g. 20180125). Can be used with end_date parameter to specify a date range to retrieve remediation logs data.
end_date	string <YYYYMMDD>	Specify an end date for fetching the remediation logs, formatted as YYYYMMDD (e.g. 20180125). Can be used with start_date parameter to specify a date range to retrieve remediation logs data.
earliest	boolean default: false enum: true false	Set true to display the oldest remediation action first.
offset	integer default: 0	The first remediation log to return data for. For offset=N, data will be fetched starting from the Nth remediation log. If no value is specified or offset=0, query will return data from the very first remediation log.
limit	integer default: 1000 max: 100000	Maximum number of remediation logs to return data for, starting from the first record determined by the offset parameter value.

Header Parameters

Parameter	Data Type	Description
Accept-Encoding	string enum: gzip deflate	Specify the compression algorithm to use on the response object. Compressed content will not be returned for endpoints that return reports as files (e.g. PDF, CSV etc), endpoints that return binary files (e.g. Node Agent installers) or unsuccessful API calls.

Parameter

Data Type

Description

Accept-Encoding

string

enum: gzip deflate

Request Samples

HTTP

GET /v1/targets/4759598330602895744/remediationlogs
Accept: application/json

cURL

curl --request GET 'https://er-master:8339/v1/targets/4759598330602895744/remediationlogs' \
--user apiuser:password123 \
--header "Accept: application/json"

Response Schema

200 OK

Parameter	Data Type	Description
user_id	string	Unique user ID for the user who performed the remediation, access control, or classification action. user_id is the id response item from the /v1/users endpoint.
path	string	Location of the file where remediation, access control, or classification action had been taken.
remediation_status	string	Operation status (e.g. remediation, access control, classification) for the file.
matches	string	Total number of remediated matches for the Target across all data types.
timestamp	number	Time stamp (Unix time format) when the remediation, access control, or classification action was performed.
sign_off	string	Details entered by user in the Sign-off field when remediation, access control, or classification action was taken.
metas	object	Meta data for the remediated file. See Metadata for the list of possible ER2 metadata values.
metas/label	string	Label describing the data type that was remediated.
metas/remediated_count	string	Number of remediated matches for the data type.
reason	string	Details entered by user in the Reason field when remediation, access control, or classification action was taken.

Response Samples

200 OK

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: xxx
[
  {
    "user_id": "332768006779777470",
    "path": "File path /usr/share/all_types.zip->BANK/fileA.dump",
    "remediation_status": "test data",
    "matches": "7",
    "timestamp": "1523860710",
    "sign_off": "<sign off details>",
    "metas": [
      {
        "label": "SWIFT Code",
        "remediated_count": "5"
      },
      {
        "label": "United States Social Security Number (relaxed)",
        "remediated_count": "2"
      }
    ],
    "reason": "<reason>"
  },
  {
    "user_id": "332768006779777470",
    "path": "File path /usr/share/all_types.zip->BANK/fileA.txt",
    "remediation_status": "masked",
    "matches": "0",
    "timestamp": "1523860697",
    "sign_off": "<sign off details>"
  }
]

List Scan Trace Logs for Target

Get a list of all available Scan Trace Logs for a Target. No data will be returned if Scan Trace Capture was not enabled for scans.

Request

GET

https://er-master:8339/v1/targets/<target_id>/scantracelogs

Authorization

Basic Authentication

Path Parameters

Parameter	Data Type	Description
target_id	string	Specify Target to retrieve data for. target_id is the targets->id response item from the /v1/groups/all endpoint.

Query Parameters

Parameter	Data Type	Description
offset	integer default: 0	The first scan trace log to return data for. For offset=N, data will be fetched starting from the Nth scan trace log. If no value is specified or offset=0, query will return data from the very first scan trace log.
limit	integer default: 1000 max: 100000	Maximum number of scan trace logs to return data for, starting from the first record determined by the offset parameter value.

Parameter

Data Type

Description

offset

integer

default: 0

The first scan trace log to return data for. For offset=N, data will be fetched starting from the Nth scan trace log. If no value is specified or offset=0, query will return data from the very first scan trace log.

limit

integer

default: 1000

max: 100000

Maximum number of scan trace logs to return data for, starting from the first record determined by the offset parameter value.

Header Parameters

Parameter	Data Type	Description
Accept-Encoding	string enum: gzip deflate	Specify the compression algorithm to use on the response object. Compressed content will not be returned for endpoints that return reports as files (e.g. PDF, CSV etc), endpoints that return binary files (e.g. Node Agent installers) or unsuccessful API calls.

Parameter

Data Type

Description

Accept-Encoding

string

enum: gzip deflate

Request Samples

HTTP

GET /v1/targets/4759598330602895744/scantracelogs
Accept: application/json

cURL

curl --request GET 'https://er-master:8339/v1/targets/4759598330602895744/scantracelogs' \
--user apiuser:password123 \
--header "Accept: application/json"

Response Schema

200 OK

Parameter	Data Type	Description
scan_id	string	Unique scan ID.
timestamp	number	Time stamp when the scan was started in Unix time format.
schedule_label	string	Descriptive label for the scan schedule.
target_name	string	Name of the scanned Target.

Response Samples

200 OK

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: xxx
[
  {
    "scan_id": "450715635612859580",
    "timestamp": 1523605565,
    "schedule_label": "CENTOS APR13-1546",
    "target_name": "CENTOS"
  },
  {
    "scan_id": "1120921025123069988",
    "timestamp": 1523609565,
    "schedule_label": "CENTOS APR13-1585",
    "target_name": "CENTOS"
  }
]

View or Download Target Scan Trace Logs by ID

View or download a specific Scan Trace Log for a Target.

Request

GET

https://er-master:8339/v1/targets/<target_id>/scantracelogs/<scan_id>-<timestamp>

Authorization

Basic Authentication

Path Parameters

Parameter	Data Type	Description
target_id	string	Specify Target to retrieve data for. target_id is the targets->id response item from the /v1/groups/all endpoint.
<scan_id>-<timestamp>	string	Specify the Scan Trace Log to view / download by scan ID and time stamp of the scan. scan_id and timestamp are the response items from the /v1/targets/<target_id>/scantracelogs endpoint. Example: If target_id=4759598330602895744, scan_id=450715635612859580 and timestamp=1523605568, the request URL would be /v1/targets/4759598330602895744/scantracelogs/450715635612859580-1523605568.

Query Parameters

Parameter	Data Type	Description
offset	integer default: 0	The first scan trace log to return data for. For offset=N, data will be fetched starting from the Nth scan trace log. If no value is specified or offset=0, query will return data from the very first scan trace log.
limit	integer default: 1000 max: 100000	Maximum number of scan trace logs to return data for, starting from the first record determined by the offset parameter value.

Parameter

Data Type

Description

offset

integer

default: 0

limit

integer

default: 1000

max: 100000

Maximum number of scan trace logs to return data for, starting from the first record determined by the offset parameter value.

Header Parameters

Parameter	Data Type	Description
Accept	string	Response media format. Set to text/csv to download the Scan Trace Log file. offset and limit parameters are not applicable to CSV media response format.

Request Samples

HTTP

GET /v1/targets/4759598330602895744/scantracelogs/450715635612859580-1523605568
Accept: text/csv

cURL

curl --request GET 'https://er-master:8339/v1/targets/4759598330602895744/scantracelogs/450715635612859580-1523605568' \
--user apiuser:password123 \
--header "Accept: text/csv"

Response Schema

200 OK

Parameter	Data Type	Description
timestamp	number	Time stamp (Unix time format) for each action that happened on a path or location during a scan.
action	string enum: source opening opened parsing decoding decoded completed scanning	Action performed on a path or location during a scan.
agent_name	string	Name of the Agent that performed the scan.
path	string	Full path where the action happened.

Response Samples

200 OK

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: xxx
[
  {
    "timestamp": "1523605568",
    "action": "source",
    "agent_name": "CENTOS",
    "path": "All local files"
  },
  {
    "timestamp": "1523605568",
    "action": "opening",
    "agent_name": "CENTOS",
    "path": "File path /"
  },
  {
    "timestamp": "1523605568",
    "action": "diagnostic-skip\tlink:/bin->usr/bin",
    "agent_name": "CENTOS",
    "path": "File path /"
  },
  {
    "timestamp": "1523605568",
    "action": "opening",
    "agent_name": "CENTOS",
    "path": "File path /boot"
  },
  {
    "timestamp": "1523605568",
    "action": "decoding\tUNIX ELF Object",
    "agent_name": "CENTOS",
    "path": "File path /boot/grub2/i386-pc/acpi.mod"
  }
]