Airlock Digital

this connector integrates airlock digital with swimlane turbine prerequisites to set up the asset, you need the following url api key capabilities this connector provides the following capabilities add hash to application add hash to blocklist agent find lookup hash move agent to group remove hash from all applications remove hash from all blocklists remove hash from application by id remove hash from blocklist by id retrieve execution history logs retrieve execution history with filters retrieve otp retrieve policy of group revoke otp notes https //www airlockdigital com/ configurations api key authentication authenticates using an api key configuration parameters parameter description type required url a url to the target host string required x apikey api key string required verify ssl verify ssl certificate boolean optional http proxy a proxy to route requests through string optional actions add hash to application add a hash value into an application capture the hash value must already exist within the airlock repository, only sha256 hashes are supported endpoint url /v1/hash/application/add method post input argument name type required description applicationid string optional unique identifier hashes array optional parameter for add hash to application input example {"json body" {"applicationid" "1567080520","hashes" \["a0ecd6e9d2430cbcb9aaff4d93953d13ad9dd0b16c113f49be02ae6542d7a0ce","152bb373088a420532fb38851084b984040f9d42e5504cd9772ecf6f125575f3"]}} output parameter type description status code number http status code of the response reason string response reason phrase error string error message if any output example {"status code" 200,"response headers" {"content type" "application/json","date" "sat, 02 sep 2023 04 05 44 gmt","content length" "51"},"reason" "ok","json body" {"error" "success"}} add hash to blocklist adds a single or multiple hashes to a blocklist id endpoint url /v1/hash/blocklist/add method post input argument name type required description blocklistid string optional unique identifier hashes array optional parameter for add hash to blocklist input example {"json body" {"blocklistid" "1567080520","hashes" \["a0ecd6e9d2430cbcb9aaff4d93953d13ad9dd0b16c113f49be02ae6542d7a0ce","152bb373088a420532fb38851084b984040f9d42e5504cd9772ecf6f125575f3"]}} output parameter type description status code number http status code of the response reason string response reason phrase error string error message if any output example {"status code" 200,"response headers" {"content type" "application/json","date" "sat, 02 sep 2023 04 05 44 gmt","content length" "51"},"reason" "ok","json body" {"error" "success"}} agent find returns a listing of computers and their details within airlock endpoint url /v1/agent/find method post input argument name type required description hostname string optional name of the resource agentid string optional unique identifier username string optional name of the resource domain string optional parameter for agent find groupid string optional unique identifier ip string optional parameter for agent find os string optional parameter for agent find status number optional status value input example {"hostname" "example name","agentid" "string","username" "example name","domain" "string","groupid" "string","ip" "string","os" "string","status" 123} output parameter type description status code number http status code of the response reason string response reason phrase error string error message if any response object output field response response agents object output field response agents response agents agentid string unique identifier response agents hostname string name of the resource response agents username string name of the resource response agents domain string output field response agents domain response agents groupid string unique identifier response agents lastcheckin string output field response agents lastcheckin response agents ip string output field response agents ip response agents os string output field response agents os response agents status number status value response agents freespace string output field response agents freespace response agents clientversion string output field response agents clientversion response agents policyversion string output field response agents policyversion output example {"status code" 200,"response headers" {"content type" "application/json","date" "sat, 02 sep 2023 04 05 44 gmt","content length" "51"},"reason" "ok","json body" {"error" "success","response" {"agents" {}}}} lookup hash query the airlock file repository by specifying the hash value(s) you would like to lookup endpoint url /v1/hash/query method post input argument name type required description hashes array optional parameter for lookup hash input example {"json body" {"hashes" \["1f15e65e742c2f93c0bc4a765621c37f1a82837b74e35ffff051765a1f8657d3","41526aff3hfa2f93c0bc4a765621c34941jh1231j4e35ff222kan1029418aj05"]}} output parameter type description status code number http status code of the response reason string response reason phrase error string error message if any output example {"status code" 200,"response headers" {"content type" "application/json","date" "sat, 02 sep 2023 04 05 44 gmt","content length" "51"},"reason" "ok","json body" {"error" "success"}} move agent to group move an agent within airlock by specifying the 'agentid' you wish to move and the destination 'groupid' unique 'groupid' parameters can be obtained from the /group endpoint and unique 'agentid' parameters can be obtained from the /agent/find endpoint endpoint url /v1/agent/move method post input argument name type required description agentid string optional unique identifier groupid string optional unique identifier input example {"json body" {"agentid" "5a57f007 214c 4604 960e 1706f3bf10cd","groupid" "a2d3b733 1261 4449 b91e 33f6fa59abbe"}} output parameter type description status code number http status code of the response reason string response reason phrase error string error message if any output example {"status code" 200,"response headers" {"content type" "application/json","date" "sat, 02 sep 2023 04 05 44 gmt","content length" "51"},"reason" "ok","json body" {"error" "success"}} remove hash from all applications remove the specified hashes from all application captures, without specifying a specific application id endpoint url /v1/hash/application/remove/all method post input argument name type required description hashes array optional parameter for remove hash from all applications input example {"json body" {"hashes" \["a0ecd6e9d2430cbcb9aaff4d93953d13ad9dd0b16c113f49be02ae6542d7a0ce","152bb373088a420532fb38851084b984040f9d42e5504cd9772ecf6f125575f3"]}} output parameter type description status code number http status code of the response reason string response reason phrase error string error message if any output example {"status code" 200,"response headers" {"content type" "application/json","date" "sat, 02 sep 2023 04 05 44 gmt","content length" "51"},"reason" "ok","json body" {"error" "success"}} remove hash from all blocklists remove the specified hashes from all blocklists, without specifying a specific blocklist id endpoint url /v1/hash/blocklist/remove/all method post input argument name type required description hashes array optional parameter for remove hash from all blocklists input example {"json body" {"hashes" \["a0ecd6e9d2430cbcb9aaff4d93953d13ad9dd0b16c113f49be02ae6542d7a0ce","152bb373088a420532fb38851084b984040f9d42e5504cd9772ecf6f125575f3"]}} output parameter type description status code number http status code of the response reason string response reason phrase error string error message if any output example {"status code" 200,"response headers" {"content type" "application/json","date" "sat, 02 sep 2023 04 05 44 gmt","content length" "51"},"reason" "ok","json body" {"error" "success"}} remove hash from application by id remove a hash value from an application capture the hash value must already exist within the airlock repository, only sha256 hashes are supported endpoint url /v1/hash/application/remove method post input argument name type required description applicationid string optional unique identifier hashes array optional parameter for remove hash from application by id input example {"json body" {"applicationid" "1567080520","hashes" \["a0ecd6e9d2430cbcb9aaff4d93953d13ad9dd0b16c113f49be02ae6542d7a0ce","152bb373088a420532fb38851084b984040f9d42e5504cd9772ecf6f125575f3"]}} output parameter type description status code number http status code of the response reason string response reason phrase error string error message if any output example {"status code" 200,"response headers" {"content type" "application/json","date" "sat, 02 sep 2023 04 05 44 gmt","content length" "51"},"reason" "ok","json body" {"error" "success"}} remove hash from blocklist by id remove a single or multiple hashes from blocklist using id endpoint url /v1/hash/blocklist/remove method post input argument name type required description blocklistid string optional unique identifier hashes array optional parameter for remove hash from blocklist by id input example {"json body" {"blocklistid" "1567080520","hashes" \["a0ecd6e9d2430cbcb9aaff4d93953d13ad9dd0b16c113f49be02ae6542d7a0ce","152bb373088a420532fb38851084b984040f9d42e5504cd9772ecf6f125575f3"]}} output parameter type description status code number http status code of the response reason string response reason phrase error string error message if any output example {"status code" 200,"response headers" {"content type" "application/json","date" "sat, 02 sep 2023 04 05 44 gmt","content length" "51"},"reason" "ok","json body" {"error" "success"}} retrieve execution history logs retrieves execution history logs endpoint url /v1/logging/exechistories method post input argument name type required description type array optional type of the resource checkpoint string optional parameter for retrieve execution history logs policy array optional parameter for retrieve execution history logs input example {"json body" {"type" \[2,3,5,8],"checkpoint" "601d275487bacb01e3470713","policy" \["workstations adelaide","servers london"]}} output parameter type description status code number http status code of the response reason string response reason phrase error string error message if any response object output field response response exechistories array output field response exechistories response exechistories checkpoint string output field response exechistories checkpoint response exechistories type number type of the resource response exechistories username string name of the resource response exechistories hostname string name of the resource response exechistories netdomain string output field response exechistories netdomain response exechistories filename string name of the resource response exechistories ppolicy string output field response exechistories ppolicy response exechistories policyname string name of the resource response exechistories policyver string output field response exechistories policyver response exechistories commandline string output field response exechistories commandline response exechistories publisher string output field response exechistories publisher response exechistories pprocess string output field response exechistories pprocess response exechistories sha256 string output field response exechistories sha256 response exechistories datetime string time value output example {"status code" 200,"reason" "ok","response headers" {},"json body" {"error" "success","response" {"exechistories" \[]}}} retrieve execution history with filters returns execution history with filters endpoint url /v1/getexechistory method post input argument name type required description category string optional parameter for retrieve execution history with filters datefrom string optional parameter for retrieve execution history with filters dateto string optional parameter for retrieve execution history with filters hostname string optional name of the resource contains array optional parameter for retrieve execution history with filters username string optional name of the resource netdomain string optional parameter for retrieve execution history with filters filename string optional name of the resource ppolicy string optional parameter for retrieve execution history with filters policyname string optional name of the resource policyver string optional parameter for retrieve execution history with filters commandline string optional parameter for retrieve execution history with filters publisher string optional parameter for retrieve execution history with filters pprocess string optional parameter for retrieve execution history with filters sha256 string optional parameter for retrieve execution history with filters limit string optional parameter for retrieve execution history with filters input example {"json body" {"category" "blocked","datefrom" "2019 10 05","dateto" "2019 10 14","hostname" "desktop g3g","contains" \["hostname"],"username" "string","netdomain" "","filename" "","ppolicy" "","policyname" "","policyver" "","commandline" "","publisher" "","pprocess" "","sha256" "","limit" ""}} output parameter type description status code number http status code of the response reason string response reason phrase hostname string name of the resource username string name of the resource netdomain string output field netdomain filename string name of the resource ppolicy string output field ppolicy datetime string time value type string type of the resource policyname string name of the resource policyver string output field policyver commandline string output field commandline publisher string output field publisher pprocess string output field pprocess sha256 string output field sha256 output example {"status code" 200,"response headers" {"content type" "application/json","date" "sat, 02 sep 2023 04 05 44 gmt","content length" "51"},"reason" "ok","json body" {"hostname" "desktop g3gjo5s","username" "admin","netdomain" "desktop g3gjo5s","filename" "c \\\users\\\admin\\\downloads\\\hellovbs vbs","ppolicy" "canada","datetime" "2019 10 08 15 58 55 +0000 utc","type" "blocked","policyname" "workstation audit","policyver" "v22","commandline" "","publisher" "not signed","pprocess" "cmd exe","sha256" "3c retrieve otp retrieve an otp code for a particular computer (agent) within airlock you must specify the otp 'duration' and unique 'agentid' to retrieve the code unique 'agentid' parameters can be obtained from the /agent/find endpoint endpoint url /v1/otp/retrieve method post input argument name type required description duration string optional parameter for retrieve otp agentid string optional unique identifier purpose string optional parameter for retrieve otp input example {"json body" {"duration" "15m","agentid" "5a57f007 214c 4604 960e 1706f3bf10cd","purpose" "testing"}} output parameter type description status code number http status code of the response reason string response reason phrase error string error message if any response object output field response response otpcode string output field response otpcode response otpid string unique identifier output example {"status code" 200,"response headers" {"content type" "application/json","date" "sat, 02 sep 2023 04 05 44 gmt","content length" "51"},"reason" "ok","json body" {"error" "success","response" {"otpcode" "12847518751","otpid" "1622521647"}}} retrieve policy of group retrieve the policy applied to a group by specifying target 'groupid' unique 'groupid' parameters can be obtained from the /group endpoint endpoint url /v1/group/policies method post input argument name type required description groupid string optional unique identifier input example {"json body" {"groupid" "a2d3b733 1261 4449 b91e 33f6fa59abbe"}} output parameter type description status code number http status code of the response reason string response reason phrase error string error message if any response object output field response response groupid string unique identifier response name string name of the resource response policyver string output field response policyver response parent string output field response parent response hashdb ver string output field response hashdb ver response agentstopcode string output field response agentstopcode response auditmode number output field response auditmode response enable notifications number output field response enable notifications response notification message string response message response poll time number time value response trusted upload number output field response trusted upload response pslockdown number output field response pslockdown response script enabled number output field response script enabled response modreload number output field response modreload response reflection number output field response reflection response batch number output field response batch response powershell number output field response powershell response command number output field response command response vbscript number output field response vbscript response javascript number output field response javascript response windowsinstaller number output field response windowsinstaller output example {"error" "string","response" {"groupid" "string","name" "example name","policyver" "string","parent" "string","hashdb ver" "string","agentstopcode" "string","auditmode" 123,"enable notifications" 123,"notification message" "string","poll time" 123,"trusted upload" 123,"pslockdown" 123,"script enabled" 123,"modreload" 123,"reflection" 123}} revoke otp revoke an active otp code by specifying the otp id endpoint url /v1/otp/revoke method post input argument name type required description otpid string optional unique identifier input example {"json body" {"otpid" "1622521647"}} output parameter type description status code number http status code of the response reason string response reason phrase error string error message if any output example {"status code" 200,"response headers" {"content type" "application/json","date" "sat, 02 sep 2023 04 05 44 gmt","content length" "51"},"reason" "ok","json body" {"error" "success"}} response headers header description example content length the length of the response body in bytes 51 content type the media type of the resource application/json date the date and time at which the message was originated sat, 02 sep 2023 04 05 44 gmt