Bitdefender API

this connector integrates with bitdefender control center the api uses the json rpc protocol asset configuration the bitdefender connector requires an api key to be passed in the username field jsonrpc the apis are exposed using json rpc 2 0 protocol specified here http //www jsonrpc org/specification here is an example of api call updating the company name inside control center { "id" "91d6430d bfd4 494f 8d4d 4947406d21a7", "jsonrpc" "2 0", "method" "updatecompanydetails", "params" { "name" "my company name" } } for this call, the following response is sent back to the application { "id" "91d6430d bfd4 494f 8d4d 4947406d21a7", "jsonrpc" "2 0", "result" null } each api call targets a method and passes a set of parameters there are two types of parameters required must be always passed to the called method optional has a default value and can be omitted from the parameters list any optional parameter can be skipped, regardless its position in the parameters list api docs https //www bitdefender com/business/support/en/77209 125280 getting started html configurations http basic authentication authenticates using username and password configuration parameters parameter description type required url a url to the target host this is the control center api access url string required username username in some cases, the username might be the api key string required verify ssl verify ssl certificate boolean optional http proxy a proxy to route requests through string optional actions add file to quarantine this action creates a new task to add a file to quarantine endpoint url api/v1 0/jsonrpc/quarantine method post input argument name type required description params object optional parameter for add file to quarantine params endpointids array required unique identifier params filepath string required parameter for add file to quarantine jsonrpc string optional parameter for add file to quarantine method string optional http method to use id string optional unique identifier input example {"json body" {"params" {"endpointids" \["63896b87b7894d0f367b23c6","65896b87b7894d0f367b23c6"],"filepath" "z \\\path\\\to\\\file"},"jsonrpc" "2 0","method" "createaddfiletoquarantinetask","id" "5399c9b5 0b46 45e4 81aa 889952433d86"}} output parameter type description status code number http status code of the response reason string response reason phrase id string unique identifier jsonrpc string output field jsonrpc result boolean result of the operation output example {"status code" 200,"response headers" {},"reason" "ok","json body" {"id" "5399c9b5 0b46 45e4 81aa 889952433d86","jsonrpc" "2 0","result"\ true}} create empty quarantine this action creates a new task to empty the quarantine endpoint url api/v1 0/jsonrpc/quarantine/{{type}} method post input argument name type required description path parameters type string optional parameters for the create empty quarantine action params object optional parameter for create empty quarantine jsonrpc string optional parameter for create empty quarantine method string optional http method to use id string optional unique identifier input example {"json body" {"params" {},"jsonrpc" "2 0","method" "createemptyquarantinetask","id" "5399c9b5 0b46 45e4 81aa 889952433d86"},"path parameters" {"type" "computers"}} output parameter type description id string unique identifier jsonrpc string output field jsonrpc result boolean result of the operation output example {"id" "5399c9b5 0b46 45e4 81aa 889952433d86","jsonrpc" "2 0","result"\ true} create restore endpoint from isolation task this action creates a task to restore the specified endpoint from isolation endpoint url api/v1 0/jsonrpc/incidents method post input argument name type required description id string optional unique identifier jsonrpc string optional parameter for create restore endpoint from isolation task method string optional http method to use params object optional parameter for create restore endpoint from isolation task params endpointid string required unique identifier input example {"json body" {"id" "0df7568c 59c1 48e0 a31b 18d83e6d9810","jsonrpc" "2 0","method" "createrestoreendpointfromisolationtask","params" {"endpointid" "5b680f6fb1a43d860a7b23c1"}}} output parameter type description status code number http status code of the response reason string response reason phrase id string unique identifier jsonrpc string output field jsonrpc result boolean result of the operation output example {"status code" 200,"response headers" {},"reason" "ok","json body" {"id" "0df7568c 59c1 48e0 a31b 18d83e6d9810","jsonrpc" "2 0","result"\ true}} create rule method to create a custom rule endpoint url api/v1 0/jsonrpc/incidents method post input argument name type required description params object optional parameter for create rule params companyid string optional unique identifier params type number optional type of the resource params name string required name of the resource params description string optional parameter for create rule params tags array optional parameter for create rule params settings object required parameter for create rule params settings status number optional status value params settings severity number optional parameter for create rule params settings target string optional parameter for create rule params settings criterialist array optional parameter for create rule params settings criterialist field string optional parameter for create rule params settings criterialist relation string optional parameter for create rule params settings criterialist value array optional value for the parameter params returnruleid boolean optional unique identifier jsonrpc string optional parameter for create rule method string optional http method to use id string optional unique identifier input example {"json body" {"params" {"companyid" "61827b8036492c2fc0718722","type" 1,"name" "detection rule via api","description" "description test api","tags" \["test","api","demo"],"settings" {"status" 0,"severity" 1,"target" "connection","criterialist" \[{"field" "connection destinationport","relation" "is","value" \["25691"]},{"field" "connection process name","relation" "contains","value" " /network1"},{"field" "connection sourceport","relation" "any","value" \["22","23","24"]}]},"returnruleid"\ true},"jsonrpc" "2 0","method" "createcustomrule","id" "0df7568c 59c1 48e0 a31b 18d83e6d9810"}} output parameter type description status code number http status code of the response reason string response reason phrase id string unique identifier jsonrpc string output field jsonrpc result string result of the operation output example {"status code" 200,"response headers" {},"reason" "ok","json body" {"id" "0df7568c 59c1 48e0 a31b 18d83e6d9810","jsonrpc" "2 0","result" "6372b7a3897aaa77ee021642"}} delete rule method to delete a custom rule endpoint url api/v1 0/jsonrpc/incidents method post input argument name type required description params object optional parameter for delete rule params ruleid string required unique identifier params type number required type of the resource jsonrpc string optional parameter for delete rule method string optional http method to use id string optional unique identifier input example {"json body" {"params" {"ruleid" "6182a7e26f59d3072a1e8fc5","type" 1},"jsonrpc" "2 0","method" "deletecustomrule","id" "0df7568c 59c1 48e0 a31b 18d83e6d9810"}} output parameter type description id string unique identifier jsonrpc string output field jsonrpc result boolean result of the operation output example {"id" "0df7568c 59c1 48e0 a31b 18d83e6d9810","jsonrpc" "2 0","result"\ true} get block list items this action lists all the hashes that are present in the blocklist endpoint url api/v1 0/jsonrpc/incidents method post input argument name type required description params object optional parameter for get block list items params page number optional parameter for get block list items params perpage number optional parameter for get block list items jsonrpc string optional parameter for get block list items method string optional http method to use id string optional unique identifier input example {"json body" {"params" {"page" 1,"perpage" 30},"jsonrpc" "2 0","method" "getblocklistitems","id" "0df7568c 59c1 48e0 a31b 18d83e6d9810"}} output parameter type description status code number http status code of the response reason string response reason phrase id string unique identifier jsonrpc string output field jsonrpc result object result of the operation result items array result of the operation result items companyid string unique identifier result items hash string result of the operation result items hashtype number type of the resource result items id string unique identifier result items source number result of the operation result items sourceinfo string result of the operation result items filename string name of the resource result page number result of the operation result pagescount number result of the operation result perpage number result of the operation result total number result of the operation output example {"status code" 200,"response headers" {},"reason" "ok","json body" {"id" "0df7568c 59c1 48e0 a31b 18d83e6d9810","jsonrpc" "2 0","result" {"items" \[],"page" 1,"pagescount" 1,"perpage" 30,"total" 2}}} get quarantine items this action retrieves the list of quarantined items available for a company endpoint url api/v1 0/jsonrpc/quarantine/{{type}} method post input argument name type required description path parameters type string required parameters for the get quarantine items action params object optional parameter for get quarantine items params endpointid string optional unique identifier params page number optional parameter for get quarantine items params perpage number optional parameter for get quarantine items params filters object optional parameter for get quarantine items params filters threatname string optional name of the resource params filters actionstatus number optional status value params filters startdate string optional date value params filters enddate string optional date value params filters filepath string optional parameter for get quarantine items jsonrpc string optional parameter for get quarantine items method string optional http method to use id string optional unique identifier input example {"json body" {"params" {"endpointid" "5d36c255f23f730fa91944e2","page" 2,"perpage" 1,"filters" {"threatname" "virus 0","actionstatus" 1,"startdate" "2019 07 28t11 31 28","enddate" "2019 08 16t11 31 16","filepath" "c \\\virus0\\\virus0 exe"}},"jsonrpc" "2 0","method" "getquarantineitemslist","id" "5399c9b5 0b46 45e4 81aa 889952433d86"},"path parameters" {"type" "computers"}} output parameter type description id string unique identifier jsonrpc string output field jsonrpc result object result of the operation result total number result of the operation result page number result of the operation result perpage number result of the operation result pagescount number result of the operation result items array result of the operation result items id string unique identifier result items quarantinedon string result of the operation result items actionstatus number status value result items companyid string unique identifier result items endpointid string unique identifier result items endpointname string name of the resource result items endpointip string result of the operation result items canberestored boolean result of the operation result items canberemoved boolean result of the operation result items threatname string name of the resource result items details object result of the operation result items details filepath string result of the operation output example {"id" "5399c9b5 0b46 45e4 81aa 889952433d86","jsonrpc" "2 0","result" {"total" 2,"page" 2,"perpage" 1,"pagescount" 2,"items" \[{}]}} get rules get custom rules endpoint url api/v1 0/jsonrpc/incidents method post input argument name type required description params object optional parameter for get rules params companyid string required unique identifier params type number required type of the resource params page number required parameter for get rules params perpage number required parameter for get rules jsonrpc string optional parameter for get rules method string optional http method to use id string optional unique identifier input example {"json body" {"params" {"companyid" "61827b8036492c2fc0718722","type" 1,"page" 1,"perpage" 100},"jsonrpc" "2 0","method" "getcustomruleslist","id" "0df7568c 59c1 48e0 a31b 18d83e6d9810"}} output parameter type description id string unique identifier jsonrpc string output field jsonrpc result object result of the operation result total number result of the operation result page number result of the operation result perpage number result of the operation result pagescount number result of the operation result items array result of the operation result items id string unique identifier result items name string name of the resource result items ownerid string unique identifier result items description string result of the operation result items companyid string unique identifier result items status number status value result items tags array result of the operation result items settings object result of the operation result items settings status number status value result items settings target string result of the operation result items settings criterialist array result of the operation result items settings criterialist field string result of the operation result items settings criterialist relation string result of the operation result items settings criterialist value array value for the parameter result items settings criterialist operator string result of the operation result items settings severity number result of the operation output example {"id" "0df7568c 59c1 48e0 a31b 18d83e6d9810","jsonrpc" "2 0","result" {"total" 1,"page" 1,"perpage" 100,"pagescount" 1,"items" \[{}]}} isolate host this action creates a task to isolate the specified endpoint endpoint url api/v1 0/jsonrpc/incidents method post input argument name type required description id string optional unique identifier jsonrpc string optional parameter for isolate host method string optional http method to use params object optional parameter for isolate host params endpointid string required unique identifier input example {"json body" {"id" "0df7568c 59c1 48e0 a31b 18d83e6d9810","jsonrpc" "2 0","method" "createisolateendpointtask","params" {"endpointid" "5b680f6fb1a43d860a7b23c1"}}} output parameter type description id string unique identifier jsonrpc string output field jsonrpc result boolean result of the operation output example {"id" "0df7568c 59c1 48e0 a31b 18d83e6d9810","jsonrpc" "2 0","result"\ true} quarantine file this action creates a new task to add a file to quarantine endpoint url api/v1 0/jsonrpc/quarantine method post input argument name type required description params object optional parameter for quarantine file params endpointids array required unique identifier params filepath string required parameter for quarantine file jsonrpc string optional parameter for quarantine file method string optional http method to use id string optional unique identifier input example {"json body" {"params" {"endpointids" \["63896b87b7894d0f367b23c6","65896b87b7894d0f367b23c6"],"filepath" "z \\\path\\\to\\\file"},"jsonrpc" "2 0","method" "createaddfiletoquarantinetask","id" "5399c9b5 0b46 45e4 81aa 889952433d86"}} output parameter type description id string unique identifier jsonrpc string output field jsonrpc result boolean result of the operation output example {"id" "5399c9b5 0b46 45e4 81aa 889952433d86","jsonrpc" "2 0","result"\ true} remove from block list this action removes an item from the blocklist, identified by its id endpoint url api/v1 0/jsonrpc/incidents method post input argument name type required description params object optional parameter for remove from block list params hashitemid string required unique identifier jsonrpc string optional parameter for remove from block list method string optional http method to use id string optional unique identifier input example {"json body" {"params" {"hashitemid" "hashitemid"},"jsonrpc" "2 0","method" "removefromblocklist","id" "0df7568c 59c1 48e0 a31b 18d83e6d9810"}} output parameter type description status code number http status code of the response reason string response reason phrase id string unique identifier jsonrpc string output field jsonrpc result boolean result of the operation output example {"status code" 200,"response headers" {},"reason" "ok","json body" {"id" "0df7568c 59c1 48e0 a31b 18d83e6d9810","jsonrpc" "2 0","result"\ true}} remove quarentine items this action creates a new task to remove items from quarantine endpoint url api/v1 0/jsonrpc/quarantine/{{type}} method post input argument name type required description path parameters type string optional parameters for the remove quarentine items action params object optional parameter for remove quarentine items params quarantineitemsids array optional unique identifier jsonrpc string optional parameter for remove quarentine items method string optional http method to use id string optional unique identifier input example {"json body" {"params" {"quarantineitemsids" \["63896b87b7894d0f367b23c6","65896b87b7894d0f367b23c6"]},"jsonrpc" "2 0","method" "createremovequarantineitemtask","id" "5399c9b5 0b46 45e4 81aa 889952433d86"},"path parameters" {"type" "computers"}} output parameter type description id string unique identifier jsonrpc string output field jsonrpc result boolean result of the operation output example {"id" "5399c9b5 0b46 45e4 81aa 889952433d86","jsonrpc" "2 0","result"\ true} restore quarantine exchage item this action creates a new task to restore items from the quarantine for exchange servers endpoint url api/v1 0/jsonrpc/quarantine/exchange method post input argument name type required description params object optional parameter for restore quarantine exchage item params quarantineitemsids array required unique identifier params username string required name of the resource params password string required parameter for restore quarantine exchage item jsonrpc string optional parameter for restore quarantine exchage item method string optional http method to use id string optional unique identifier input example {"json body" {"params" {"quarantineitemsids" \["63896b87b7894d0f367b23c6","65896b87b7894d0f367b23c6"],"username" "user\@domain","password" "userpassword"},"jsonrpc" "2 0","method" "createrestorequarantineexchangeitemtask","id" "5399c9b5 0b46 45e4 81aa 889952433d86"}} output parameter type description status code number http status code of the response reason string response reason phrase id string unique identifier jsonrpc string output field jsonrpc result boolean result of the operation output example {"status code" 200,"response headers" {},"reason" "ok","json body" {"id" "5399c9b5 0b46 45e4 81aa 889952433d86","jsonrpc" "2 0","result"\ true}} restore quarantine item this action creates a new task to restore items from the quarantine endpoint url api/v1 0/jsonrpc/quarantine/computers method post input argument name type required description params object optional parameter for restore quarantine item params quarantineitemsids array optional unique identifier params locationtorestore string optional parameter for restore quarantine item params addexclusioninpolicy boolean optional parameter for restore quarantine item jsonrpc string optional parameter for restore quarantine item method string optional http method to use id string optional unique identifier input example {"json body" {"params" {"quarantineitemsids" \["63896b87b7894d0f367b23c6","65896b87b7894d0f367b23c6"],"locationtorestore" "c \\\restoredirectory","addexclusioninpolicy"\ true},"jsonrpc" "2 0","method" "createrestorequarantineitemtask","id" "5399c9b5 0b46 45e4 81aa 889952433d86"}} output parameter type description status code number http status code of the response reason string response reason phrase id string unique identifier jsonrpc string output field jsonrpc result boolean result of the operation output example {"status code" 200,"response headers" {},"reason" "ok","json body" {"id" "5399c9b5 0b46 45e4 81aa 889952433d86","jsonrpc" "2 0","result"\ true}} update block list use this method to add one or more file hashes to the blocklist endpoint url api/v1 0/jsonrpc/incidents method post input argument name type required description id string optional unique identifier jsonrpc string optional parameter for update block list method string optional http method to use params object optional parameter for update block list params hashtype number required type of the resource params hashlist array required parameter for update block list params sourceinfo string required parameter for update block list input example {"json body" {"id" "0df7568c 59c1 48e0 a31b 18d83e6d9810","jsonrpc" "2 0","method" "addtoblocklist","params" {"hashtype" 2,"hashlist" \["5b7ac19bb1a43dfb107b23c6","f696282aa4cd4f614aa995190cf442fe"],"sourceinfo" "added from public api"}}} output parameter type description id string unique identifier jsonrpc string output field jsonrpc result boolean result of the operation output example {"id" "0df7568c 59c1 48e0 a31b 18d83e6d9810","jsonrpc" "2 0","result"\ true} response headers header description example content type the media type of the resource application/json date the date and time at which the message was originated thu, 01 jan 2024 00 00 00 gmt