Airlock Digital

this connector integrates airlock digital with swimlane turbine prerequisites to set up the asset, you need the following url api key capabilities this connector provides the following capabilities add hash to application add hash to blocklist agent find lookup hash move agent to group remove hash from all applications remove hash from all blocklists remove hash from application by id remove hash from blocklist by id retrieve execution history logs retrieve execution history with filters retrieve otp retrieve policy of group revoke otp configurations api key authentication authenticates using an api key configuration parameters parameter description type required url a url to the target host string required x apikey api key string required verify ssl verify ssl certificate boolean optional http proxy a proxy to route requests through string optional actions add hash to application add a hash value into an application capture the hash value must already exist within the airlock repository, only sha256 hashes are supported endpoint url /v1/hash/application/add method post input argument name type required description applicationid string required unique identifier hashes array required parameter for add hash to application output parameter type description status code number http status code of the response reason string response reason phrase error string error message if any example \[ { "status code" 200, "response headers" { "content type" "application/json", "date" "sat, 02 sep 2023 04 05 44 gmt", "content length" "51" }, "reason" "ok", "json body" { "error" "success" } } ] add hash to blocklist adds a single or multiple hashes to a blocklist id endpoint url /v1/hash/blocklist/add method post input argument name type required description blocklistid string required unique identifier hashes array required parameter for add hash to blocklist output parameter type description status code number http status code of the response reason string response reason phrase error string error message if any example \[ { "status code" 200, "response headers" { "content type" "application/json", "date" "sat, 02 sep 2023 04 05 44 gmt", "content length" "51" }, "reason" "ok", "json body" { "error" "success" } } ] agent find returns a listing of computers and their details within airlock endpoint url /v1/agent/find method post input argument name type required description hostname string optional name of the resource agentid string optional unique identifier username string optional name of the resource domain string optional parameter for agent find groupid string optional unique identifier ip string optional parameter for agent find os string optional parameter for agent find status number optional status value output parameter type description status code number http status code of the response reason string response reason phrase error string error message if any response object output field response agents object output field agents agentid string unique identifier hostname string name of the resource username string name of the resource domain string output field domain groupid string unique identifier lastcheckin string output field lastcheckin ip string output field ip os string output field os status number status value freespace string output field freespace clientversion string output field clientversion policyversion string output field policyversion example \[ { "status code" 200, "response headers" { "content type" "application/json", "date" "sat, 02 sep 2023 04 05 44 gmt", "content length" "51" }, "reason" "ok", "json body" { "error" "success", "response" {} } } ] lookup hash query the airlock file repository by specifying the hash value(s) you would like to lookup endpoint url /v1/hash/query method post input argument name type required description hashes array required parameter for lookup hash output parameter type description status code number http status code of the response reason string response reason phrase error string error message if any example \[ { "status code" 200, "response headers" { "content type" "application/json", "date" "sat, 02 sep 2023 04 05 44 gmt", "content length" "51" }, "reason" "ok", "json body" { "error" "success" } } ] move agent to group move an agent within airlock by specifying the 'agentid' you wish to move and the destination 'groupid' unique 'groupid' parameters can be obtained from the /group endpoint and unique 'agentid' parameters can be obtained from the /agent/find endpoint endpoint url /v1/agent/move method post input argument name type required description agentid string required unique identifier groupid string required unique identifier output parameter type description status code number http status code of the response reason string response reason phrase error string error message if any example \[ { "status code" 200, "response headers" { "content type" "application/json", "date" "sat, 02 sep 2023 04 05 44 gmt", "content length" "51" }, "reason" "ok", "json body" { "error" "success" } } ] remove hash from all applications remove the specified hashes from all application captures, without specifying a specific application id endpoint url /v1/hash/application/remove/all method post input argument name type required description hashes array required parameter for remove hash from all applications output parameter type description status code number http status code of the response reason string response reason phrase error string error message if any example \[ { "status code" 200, "response headers" { "content type" "application/json", "date" "sat, 02 sep 2023 04 05 44 gmt", "content length" "51" }, "reason" "ok", "json body" { "error" "success" } } ] remove hash from all blocklists remove the specified hashes from all blocklists, without specifying a specific blocklist id endpoint url /v1/hash/blocklist/remove/all method post input argument name type required description hashes array required parameter for remove hash from all blocklists output parameter type description status code number http status code of the response reason string response reason phrase error string error message if any example \[ { "status code" 200, "response headers" { "content type" "application/json", "date" "sat, 02 sep 2023 04 05 44 gmt", "content length" "51" }, "reason" "ok", "json body" { "error" "success" } } ] remove hash from application by id remove a hash value from an application capture the hash value must already exist within the airlock repository, only sha256 hashes are supported endpoint url /v1/hash/application/remove method post input argument name type required description applicationid string required unique identifier hashes array required parameter for remove hash from application by id output parameter type description status code number http status code of the response reason string response reason phrase error string error message if any example \[ { "status code" 200, "response headers" { "content type" "application/json", "date" "sat, 02 sep 2023 04 05 44 gmt", "content length" "51" }, "reason" "ok", "json body" { "error" "success" } } ] remove hash from blocklist by id remove a single or multiple hashes from blocklist using id endpoint url /v1/hash/blocklist/remove method post input argument name type required description blocklistid string required unique identifier hashes array required parameter for remove hash from blocklist by id output parameter type description status code number http status code of the response reason string response reason phrase error string error message if any example \[ { "status code" 200, "response headers" { "content type" "application/json", "date" "sat, 02 sep 2023 04 05 44 gmt", "content length" "51" }, "reason" "ok", "json body" { "error" "success" } } ] retrieve execution history logs retrieves execution history logs endpoint url /v1/logging/exechistories method post input argument name type required description type array required type of the resource checkpoint string optional parameter for retrieve execution history logs policy array optional parameter for retrieve execution history logs output parameter type description status code number http status code of the response reason string response reason phrase error string error message if any response object output field response exechistories array output field exechistories checkpoint string output field checkpoint type number type of the resource username string name of the resource hostname string name of the resource netdomain string output field netdomain filename string name of the resource ppolicy string output field ppolicy policyname string name of the resource policyver string output field policyver commandline string output field commandline publisher string output field publisher pprocess string output field pprocess sha256 string output field sha256 datetime string time value example \[ { "status code" 200, "reason" "ok", "response headers" {}, "json body" { "error" "success", "response" {} } } ] retrieve execution history with filters returns execution history with filters endpoint url /v1/getexechistory method post input argument name type required description category string optional parameter for retrieve execution history with filters datefrom string optional parameter for retrieve execution history with filters dateto string optional parameter for retrieve execution history with filters hostname string optional name of the resource contains array optional parameter for retrieve execution history with filters username string optional name of the resource netdomain string optional parameter for retrieve execution history with filters filename string optional name of the resource ppolicy string optional parameter for retrieve execution history with filters policyname string optional name of the resource policyver string optional parameter for retrieve execution history with filters commandline string optional parameter for retrieve execution history with filters publisher string optional parameter for retrieve execution history with filters pprocess string optional parameter for retrieve execution history with filters sha256 string optional parameter for retrieve execution history with filters limit string optional parameter for retrieve execution history with filters output parameter type description status code number http status code of the response reason string response reason phrase hostname string name of the resource username string name of the resource netdomain string output field netdomain filename string name of the resource ppolicy string output field ppolicy datetime string time value type string type of the resource policyname string name of the resource policyver string output field policyver commandline string output field commandline publisher string output field publisher pprocess string output field pprocess sha256 string output field sha256 example \[ { "status code" 200, "response headers" { "content type" "application/json", "date" "sat, 02 sep 2023 04 05 44 gmt", "content length" "51" }, "reason" "ok", "json body" { "hostname" "desktop g3gjo5s", "username" "admin", "netdomain" "desktop g3gjo5s", "filename" "c \\\users\\\admin\\\downloads\\\hellovbs vbs", "ppolicy" "canada", "datetime" "2019 10 08 15 58 55 +0000 utc", "type" "blocked", "policyname" "workstation audit", "policyver" "v22", "commandline" "", "publisher" "not signed", "pprocess" "cmd exe", "sha256" "3c15dae0b32e21568b105dc011739edebda746e6ca0de3d4a1052ec9307d1e43" } } ] retrieve otp retrieve an otp code for a particular computer (agent) within airlock you must specify the otp 'duration' and unique 'agentid' to retrieve the code unique 'agentid' parameters can be obtained from the /agent/find endpoint endpoint url /v1/otp/retrieve method post input argument name type required description duration string required parameter for retrieve otp agentid string required unique identifier purpose string required parameter for retrieve otp output parameter type description status code number http status code of the response reason string response reason phrase error string error message if any response object output field response otpcode string output field otpcode otpid string unique identifier example \[ { "status code" 200, "response headers" { "content type" "application/json", "date" "sat, 02 sep 2023 04 05 44 gmt", "content length" "51" }, "reason" "ok", "json body" { "error" "success", "response" {} } } ] retrieve policy of group retrieve the policy applied to a group by specifying target 'groupid' unique 'groupid' parameters can be obtained from the /group endpoint endpoint url /v1/group/policies method post input argument name type required description groupid string required unique identifier output parameter type description status code number http status code of the response reason string response reason phrase error string error message if any response object output field response groupid string unique identifier name string name of the resource policyver string output field policyver parent string output field parent hashdb ver string output field hashdb ver agentstopcode string output field agentstopcode auditmode number output field auditmode enable notifications number output field enable notifications notification message string response message poll time number time value trusted upload number output field trusted upload pslockdown number output field pslockdown script enabled number output field script enabled modreload number output field modreload reflection number output field reflection batch number output field batch powershell number output field powershell command number output field command vbscript number output field vbscript javascript number output field javascript windowsinstaller number output field windowsinstaller example \[ { "status code" 200, "response headers" { "content type" "application/json", "date" "thu, 01 jan 2024 00 00 00 gmt" }, "reason" "ok", "json body" { "error" "string", "response" {} } } ] revoke otp revoke an active otp code by specifying the otp id endpoint url /v1/otp/revoke method post input argument name type required description otpid string required unique identifier output parameter type description status code number http status code of the response reason string response reason phrase error string error message if any example \[ { "status code" 200, "response headers" { "content type" "application/json", "date" "sat, 02 sep 2023 04 05 44 gmt", "content length" "51" }, "reason" "ok", "json body" { "error" "success" } } ] response headers header description example content length the length of the response body in bytes 51 content type the media type of the resource application/json date the date and time at which the message was originated sat, 02 sep 2023 04 05 44 gmt notes airlock digital homepage https //www airlockdigital com/