Enterprise Recon v1 API
Risk History
PRO This feature is only available in Enterprise Recon PRO Edition. To find out more about upgrading your ER2 license, please contact Ground Labs Licensing. See Subscription License for more information.
Use this set of APIs to get details on the risk trend, risk history, risk summary and risk breakdown across Targets associated with the Master Server. Data will only be available if the Risk Scoring and Labeling feature has been configured.
For more information, see Dashboard - Sensitive Data Risks, Analysis - Risk Scoring and Labeling, and Risk Scoring and Labeling API.
Risk History Summary (Risk Over Time)
Get a summary of the entire risk history across all Targets and match locations. This summary is an aggregated result of the data points available across all Targets.
Results will be returned in terms of Unix time stamp and number of match locations found for each data point for all locations, locations associated with selected risk levels, and/or unmapped locations (depending on the query string).
The results are sorted according to the Unix time stamp, with the most recent data point displayed first.
Request
GET
https://er-master:8339/v1/risk/summary/history
Authorization
Header Parameters
| Parameter | Data Type | Description |
|---|---|---|
| Accept-Encoding |
string enum: gzip deflate |
Specify the compression algorithm to use on the response object.
Compressed content will not be returned for endpoints that return reports as files (e.g. PDF, CSV etc), endpoints that return binary files (e.g. Node Agent installers) or unsuccessful API calls. |
Query Parameters
| Parameter | Data Type | Description |
|---|---|---|
| target_id |
string |
Define this parameter to retrieve Risk History Summary data for a specific Target. If no value is specified, response returns the aggregated data for all available data points collected across all Targets. target_id is the targets->id response item from the /v1/groups/all endpoint. |
| prioritized |
boolean default: false |
If prioritized=true, the API will include the count of match locations only for the highest priority matching risk profile for high / medium / low risk locations (depending on the query parameters). Does not apply to the count of unmapped locations. |
| all |
boolean default: true |
If this parameter is not specified (meaning all=true), the API will include the count of all match locations for each data point in the response body. |
| high |
boolean default: true |
If this parameter is not specified (meaning high=true), the API will include the count of match locations with "high" risk level for each data point in the response body. |
| medium |
boolean default: true |
If this parameter is not specified (meaning medium=true), the API will include the count of match locations with "medium" risk level for each data point in the response body. |
| low |
boolean default: true |
If this parameter is not specified (meaning low=true), the API will include the count of match locations with "low" risk level for each data point in the response body. |
| unmapped |
boolean default: true |
If this parameter is not specified (meaning unmapped=true), the API will include the count of match locations not associated with any risk level for each data point in the response body. |
| offset |
integer default: 0 |
For offset=N, risk history summary data will be fetched from the latest record - N records. If no value is specified or if offset=0, the query retrieves risk history summary data starting from the latest record and continues for the preceding X number of records, as determined by the limit value. |
| limit |
integer <number of risk history summary records> default: 1000 |
Maximum number of records of risk history summary data to retrieve, starting from the Nth record as determined by the offset value. |
Request Samples
Query to retrieve the risk history summary for a specific Target across all match locations with and without associated risk levels.
HTTP
GET /v1/risk/summary/history?target_id=4759598330602895744
Accept: application/json
cURL
curl --request GET 'https://er-master:8339/v1/risk/summary/history?target_id=4759598330602895744' \
--user apiuser:password123 \
--header "Accept: application/json"
Query to retrieve the risk history summary for unmapped match locations, and the highest priority matching risk profile for high, medium and low risk match locations across all Targets.
HTTP
GET /v1/risk/summary/history?prioritized=true&all=false
Accept: application/json
cURL
curl --request GET 'https://er-master:8339/v1/risk/summary/history?prioritized=true&all=false' \
--user apiuser:password123 \
--header "Accept: application/json"
Query to retrieve the risk history summary for up to 365 data points for medium risk match locations across all Targets.
HTTP
GET /v1/risk/summary/history?all=false&high=false&low=false&unmapped=false&offset=0&limit=365
Accept: application/json
cURL
curl --request GET 'https://er-master:8339/v1/risk/summary/history?all=false&high=false&low=false&unmapped=false&offset=0&limit=365' \
--user apiuser:password123 \
--header "Accept: application/json"
Response Schema
200 OK
| Response Item | Data Type | Description |
|---|---|---|
| [risk_history_summary] |
array <objects> |
Array of risk history summary data points. |
| [risk_history_summary]/timestamp |
number |
Timestamp for the risk history summary data point in Unix time format. The most recent data point will be listed first. |
| [risk_history_summary]/all |
string |
Total number of match locations for each data point. Only returned if all=true or the all parameter is not specified in the query string. |
| [risk_history_summary]/high |
string |
Number of match locations that are mapped to the "high" risk level. Results are dependent on the value of the prioritized query parameter. Only returned if high=true or the high parameter is not specified in the query string. |
| [risk_history_summary]/medium |
string |
Number of match locations that are mapped to the "medium" risk level. Results are dependent on the value of the prioritized query parameter. Only returned if medium=true or the medium parameter is not specified in the query string. |
| [risk_history_summary]/low |
string |
Number of match locations that are mapped to the "low" risk level. Results are dependent on the value of the prioritized query parameter. Only returned if low=true or the low parameter is not specified in the query string. |
| [risk_history_summary]/unmapped |
string |
Total number of match locations for each data point that are not associated with any risk level. Only returned if unmapped=true or the unmapped parameter is not specified in the query string. |
Response Samples
200 OK
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: xxx
[
{
"timestamp": 1523894400,
"all": "500",
"high": "1000",
"medium": "500",
"low": "250",
"unmapped": "300"
},
...
{
"timestamp": 1523808000,
"all": "500",
"high": "1000",
"medium": "500",
"low": "250",
"unmapped": "300"
}
]
422 Unprocessable Entity
Returned if an unsupported value or data type format is provided for any of the query parameters.
HTTP/1.1 422 Unprocessable Entity
Content-Type: application/json
Content-Length: xxx
{
"message": "Invalid value for '{parameter}' query parameter."
}
Risk History Summary by Risk Profile
Get a summary of the entire risk history across all Targets and match locations for a specific risk profile. This summary is an aggregated result of the data points available across all Targets.
Results will be returned in terms of Unix time stamp and number of match locations found for each data point for the specific risk profile.
The results are sorted according to the Unix time stamp, with the most recent data point displayed first.
Request
GET
https://er-master:8339/v1/risk/summary/history/<risk_profile_id>
Authorization
Header Parameters
| Parameter | Data Type | Description |
|---|---|---|
| Accept-Encoding |
string enum: gzip deflate |
Specify the compression algorithm to use on the response object.
Compressed content will not be returned for endpoints that return reports as files (e.g. PDF, CSV etc), endpoints that return binary files (e.g. Node Agent installers) or unsuccessful API calls. |
Path Parameters
| Parameter | Data Type | Description |
|---|---|---|
| risk_profile_id |
string |
Specify the ID of risk profile to retrieve the risk history data for. risk_profile_id is the profile_idresponse item from the /v1/risk/profiles endpoint. |
Query Parameters
| Parameter | Data Type | Description |
|---|---|---|
| target_id |
string |
Define this parameter to retrieve Risk History Summary data (for a specific risk profile) for a specific Target. If no value is specified, response returns the aggregated data for all available data points collected across all Targets. target_id is the targets->id response item from the /v1/groups/all endpoint. |
| prioritized |
boolean default: false |
If prioritized=true, the API will include the count of match locations for which the risk_profile_id is the highest priority matching risk profile. |
| offset |
integer default: 0 |
For offset=N, risk history summary data will be fetched from the latest record - N records. If no value is specified or if offset=0, the query retrieves risk history summary data starting from the latest record and continues for the preceding X number of records, as determined by the limit value. |
| limit |
integer <number of risk history summary records> default: 1000 |
Maximum number of records of risk history summary data to retrieve, starting from the Nth record as determined by the offset value. |
Request Samples
Query to retrieve the risk history summary for a specific profile for a specific Target.
HTTP
GET /v1/risk/summary/history/455572488728221120?target_id=4759598330602895744
Accept: application/json
cURL
curl --request GET 'https://er-master:8339/v1/risk/summary/history/455572488728221120?target_id=4759598330602895744' \
--user apiuser:password123 \
--header "Accept: application/json"
Query to retrieve the risk history summary for up to 365 data points for match locations for which the selected risk profile is the highest priority matching risk profile across all Targets.
HTTP
GET /v1/risk/summary/history/455572488728221120?prioritized=true&offset=0&limit=365
Accept: application/json
cURL
curl --request GET 'https://er-master:8339/v1/risk/summary/history/455572488728221120?prioritized=true&offset=0&limit=365' \
--user apiuser:password123 \
--header "Accept: application/json"
Response Schema
200 OK
| Response Item | Data Type | Description |
|---|---|---|
| [risk_history_summary_by_profile] |
array <objects> |
Array of risk history summary data points for a specific risk profile. |
| [risk_history_summary_by_profile]/timestamp |
number |
Timestamp for the risk history summary data point in Unix time format. The most recent data point will be listed first. |
| count |
string |
Number of match locations that are mapped to the risk profile for each data point. Results are dependent on the value of the prioritized query parameter. |
Response Samples
404 Not Found
Returned if an invalid risk_profile_id is provided in the request.
HTTP/1.1 404 Not Found
Content-Type: application/json
Content-Length: xxx
{
"message": "Specified 'risk profile' does not exist."
}
422 Unprocessable Entity
Returned if an unsupported value or data type format is provided for any of the query parameters.
HTTP/1.1 422 Unprocessable Entity
Content-Type: application/json
Content-Length: xxx
{
"message": "Invalid value for '{parameter}' query parameter."
}
Risk History Summary by Risk Level
Get a summary of the current count of match locations that are (i) mapped to high / medium / low risk levels, and (ii) unmapped locations.
Request
GET
https://er-master:8339/v1/risk/summary/levels
Authorization
Header Parameters
| Parameter | Data Type | Description |
|---|---|---|
| Accept-Encoding |
string enum: gzip deflate |
Specify the compression algorithm to use on the response object.
Compressed content will not be returned for endpoints that return reports as files (e.g. PDF, CSV etc), endpoints that return binary files (e.g. Node Agent installers) or unsuccessful API calls. |
Query Parameters
| Parameter | Data Type | Description |
|---|---|---|
| prioritized |
boolean default: false |
If prioritized=true, the API will include the count of match locations only for the highest priority matching risk profile for high / medium / low risk locations (depending on the query parameters). Does not apply to the count of unmapped locations. |
Request Samples
HTTP
GET /v1/risk/summary/level
Accept: application/json
cURL
curl --request GET 'https://er-master:8339/v1/risk/summary/level' \
--user apiuser:password123 \
--header "Accept: application/json"
Response Schema
200 OK
| Response Item | Data Type | Description |
|---|---|---|
| high |
string |
Number of match locations that are mapped to the "high" risk level. Results are dependent on the value of the prioritized query parameter. |
| medium |
string |
Number of match locations that are mapped to the "medium" risk level. Results are dependent on the value of the prioritized query parameter. |
| low |
string |
Number of match locations that are mapped to the "low" risk level. Results are dependent on the value of the prioritized query parameter. |
| unmapped |
string |
Total number of match locations for each data point that are not associated with any risk level. |
Response Samples
200 OK
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: xxx
{
"high": "300",
"medium": "200",
"low": "100",
"unmapped": "400"
}
422 Unprocessable Entity
Returned if an unsupported value or data type format is provided for any of the query parameters.
HTTP/1.1 422 Unprocessable Entity
Content-Type: application/json
Content-Length: xxx
{
"message": "Invalid value for '{parameter}' query parameter."
}
Risk History Summary by Target
Get a summary of the current count of match locations that are (i) mapped to high / medium / low risk levels, and (ii) unmapped locations for all Targets on the Master Server.
Request
GET
https://er-master:8339/v1/risk/summary/targets
Authorization
Header Parameters
| Parameter | Data Type | Description |
|---|---|---|
| Accept-Encoding |
string enum: gzip deflate |
Specify the compression algorithm to use on the response object.
Compressed content will not be returned for endpoints that return reports as files (e.g. PDF, CSV etc), endpoints that return binary files (e.g. Node Agent installers) or unsuccessful API calls. |
Query Parameters
| Parameter | Data Type | Description |
|---|---|---|
| prioritized |
boolean default: false |
If prioritized=true, the API will include the count of match locations only for the highest priority matching risk profile for high / medium / low risk locations (depending on the query parameters). Does not apply to the count of unmapped locations. |
| sort |
string default: high |
Sort the returned Target records according to the count of high / medium / low risk match locations, in descending order. The Target with the highest match count location will be returned first. If there are Targets with the same number of high / medium / low risk match locations, results will be sorted by Target name in ascending alphabetical order. |
| offset |
integer default: 0 |
For offset=N, fetch the current count of match locations mapped to high / medium / low risk levels and unmapped locations starting from the Nth Target. If no value is specified or if offset=0, the query retrieves data for all Targets (as determined by the limit parameter) in the sequence defined by the sort query parameter. |
| limit |
integer <number of risk history summary records> default: 1000 |
Maximum number of Target records to retrieve the risk summary data for, starting from the Nth record as determined by the offset value. |
Request Samples
Query to retrieve the current count of match locations that are mapped to (prioritized) high / medium / low risk levels, and unmapped locations, for the top 10 Targets. Results will be sorted using the default sort order (count of high risk match locations by Target).
HTTP
GET /v1/risk/summary/targets?prioritized=true&limit=10
Accept: application/json
cURL
curl --request GET 'https://er-master:8339/v1/risk/summary/targets?prioritized=true&limit=10' \
--user apiuser:password123 \
--header "Accept: application/json"
Response Schema
200 OK
| Response Item | Data Type | Description |
|---|---|---|
| [risk_history_summary_by_target] |
array <objects> |
Array of risk history summary data points. |
| [risk_history_summary_by_target]/id |
string |
Unique Target ID. This ID is unique 20 digit number. |
| [risk_history_summary_by_target]/name |
string |
Target name. |
| [risk_history_summary_by_target]/high |
string |
Number of match locations that are mapped to the "high" risk level. Results are dependent on the value of the prioritized query parameter. |
| [risk_history_summary_by_target]/medium |
string |
Number of match locations that are mapped to the "medium" risk level. Results are dependent on the value of the prioritized query parameter. |
| [risk_history_summary_by_target]/low |
string |
Number of match locations that are mapped to the "low" risk level. Results are dependent on the value of the prioritized query parameter. |
| [risk_history_summary_by_target]/unmapped |
string |
Total number of match locations for each data point that are not associated with any risk level. |
Response Samples
200 OK
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: xxx
[
{
"id": "2486556466149932561",
"name": "EXAMPLE.COM",
"high": "1000000",
"medium": "1000000",
"low": "7896",
"unmapped": "300"
},
{
"id": "5776191921548943090",
"name": "MY-LINUX-SERVER",
"high": "1000000",
"medium": "900000",
"low": "210000",
"unmapped": "200"
},
...
{
"id": "1563630061562709112",
"name": "GAPPS:EXAMPLEDOMAIN.COM",
"high": "10000",
"medium": "10000",
"low": "10000",
"unmapped": "500"
}
]
422 Unprocessable Entity
Returned if an unsupported value or data type format is provided for any of the query parameters.
HTTP/1.1 422 Unprocessable Entity
Content-Type: application/json
Content-Length: xxx
{
"message": "Invalid value for '{parameter}' query parameter."
}