Bitdefender API

this connector integrates with bitdefender control center the api uses the json rpc protocol asset configuration the bitdefender connector requires an api key to be passed in the username field jsonrpc the apis are exposed using json rpc 2 0 protocol specified here http //www jsonrpc org/specification http //www jsonrpc org/specification here is an example of api call updating the company name inside control center { "id" "91d6430d bfd4 494f 8d4d 4947406d21a7", "jsonrpc" "2 0", "method" "updatecompanydetails", "params" { "name" "my company name" } } for this call, the following response is sent back to the application { "id" "91d6430d bfd4 494f 8d4d 4947406d21a7", "jsonrpc" "2 0", "result" null } each api call targets a method and passes a set of parameters there are two types of parameters required must be always passed to the called method optional has a default value and can be omitted from the parameters list any optional parameter can be skipped, regardless its position in the parameters list api docs https //www bitdefender com/business/support/en/77209 125280 getting started html https //www bitdefender com/business/support/en/77209 125280 getting started html configurations http basic authentication authenticates using username and password configuration parameters parameter description type required url a url to the target host this is the control center api access url string required username username in some cases, the username might be the api key string required verify ssl verify ssl certificate boolean optional http proxy a proxy to route requests through string optional actions add file to quarantine this action creates a new task to add a file to quarantine endpoint url api/v1 0/jsonrpc/quarantine method post input argument name type required description params object optional parameter for add file to quarantine endpointids array required unique identifier filepath string required parameter for add file to quarantine jsonrpc string optional parameter for add file to quarantine method string optional http method to use id string optional unique identifier output parameter type description status code number http status code of the response reason string response reason phrase id string unique identifier jsonrpc string output field jsonrpc result boolean result of the operation example \[ { "status code" 200, "response headers" {}, "reason" "ok", "json body" { "id" "5399c9b5 0b46 45e4 81aa 889952433d86", "jsonrpc" "2 0", "result" true } } ] create empty quarantine this action creates a new task to empty the quarantine endpoint url api/v1 0/jsonrpc/quarantine/{{type}} method post input argument name type required description type string optional type of the resource params object optional parameter for create empty quarantine jsonrpc string optional parameter for create empty quarantine method string optional http method to use id string optional unique identifier output parameter type description id string unique identifier jsonrpc string output field jsonrpc result boolean result of the operation example \[ { "id" "5399c9b5 0b46 45e4 81aa 889952433d86", "jsonrpc" "2 0", "result" true } ] create restore endpoint from isolation task this action creates a task to restore the specified endpoint from isolation endpoint url api/v1 0/jsonrpc/incidents method post input argument name type required description id string required unique identifier jsonrpc string required parameter for create restore endpoint from isolation task method string required http method to use params object required parameter for create restore endpoint from isolation task endpointid string required unique identifier output parameter type description status code number http status code of the response reason string response reason phrase id string unique identifier jsonrpc string output field jsonrpc result boolean result of the operation example \[ { "status code" 200, "response headers" {}, "reason" "ok", "json body" { "id" "0df7568c 59c1 48e0 a31b 18d83e6d9810", "jsonrpc" "2 0", "result" true } } ] create rule method to create a custom rule endpoint url api/v1 0/jsonrpc/incidents method post input argument name type required description params object optional parameter for create rule companyid string optional unique identifier type number optional type of the resource name string required name of the resource description string optional parameter for create rule tags array optional parameter for create rule settings object required parameter for create rule status number optional status value severity number optional parameter for create rule target string optional parameter for create rule criterialist array optional parameter for create rule field string optional parameter for create rule relation string optional parameter for create rule value array optional value for the parameter returnruleid boolean optional unique identifier jsonrpc string optional parameter for create rule method string optional http method to use id string optional unique identifier output parameter type description status code number http status code of the response reason string response reason phrase id string unique identifier jsonrpc string output field jsonrpc result string result of the operation example \[ { "status code" 200, "response headers" {}, "reason" "ok", "json body" { "id" "0df7568c 59c1 48e0 a31b 18d83e6d9810", "jsonrpc" "2 0", "result" "6372b7a3897aaa77ee021642" } } ] delete rule method to delete a custom rule endpoint url api/v1 0/jsonrpc/incidents method post input argument name type required description params object required parameter for delete rule ruleid string required unique identifier type number required type of the resource jsonrpc string optional parameter for delete rule method string optional http method to use id string optional unique identifier output parameter type description id string unique identifier jsonrpc string output field jsonrpc result boolean result of the operation example \[ { "id" "0df7568c 59c1 48e0 a31b 18d83e6d9810", "jsonrpc" "2 0", "result" true } ] get block list items this action lists all the hashes that are present in the blocklist endpoint url api/v1 0/jsonrpc/incidents method post input argument name type required description params object required parameter for get block list items page number optional parameter for get block list items perpage number optional parameter for get block list items jsonrpc string required parameter for get block list items method string required http method to use id string required unique identifier output parameter type description status code number http status code of the response reason string response reason phrase id string unique identifier jsonrpc string output field jsonrpc result object result of the operation items array output field items companyid string unique identifier hash string output field hash hashtype number type of the resource id string unique identifier source number output field source sourceinfo string output field sourceinfo filename string name of the resource page number output field page pagescount number count value perpage number output field perpage total number output field total example \[ { "status code" 200, "response headers" {}, "reason" "ok", "json body" { "id" "0df7568c 59c1 48e0 a31b 18d83e6d9810", "jsonrpc" "2 0", "result" {} } } ] get quarantine items this action retrieves the list of quarantined items available for a company endpoint url api/v1 0/jsonrpc/quarantine/{{type}} method post input argument name type required description type string required type of the resource params object optional parameter for get quarantine items endpointid string optional unique identifier page number optional parameter for get quarantine items perpage number optional parameter for get quarantine items filters object optional parameter for get quarantine items threatname string optional name of the resource actionstatus number optional status value startdate string optional date value enddate string optional date value filepath string optional parameter for get quarantine items jsonrpc string optional parameter for get quarantine items method string optional http method to use id string optional unique identifier output parameter type description id string unique identifier jsonrpc string output field jsonrpc result object result of the operation total number output field total page number output field page perpage number output field perpage pagescount number count value items array output field items id string unique identifier quarantinedon string output field quarantinedon actionstatus number status value companyid string unique identifier endpointid string unique identifier endpointname string name of the resource endpointip string output field endpointip canberestored boolean output field canberestored canberemoved boolean output field canberemoved threatname string name of the resource details object output field details filepath string output field filepath example \[ { "id" "5399c9b5 0b46 45e4 81aa 889952433d86", "jsonrpc" "2 0", "result" { "total" 2, "page" 2, "perpage" 1, "pagescount" 2, "items" \[] } } ] get rules get custom rules endpoint url api/v1 0/jsonrpc/incidents method post input argument name type required description params object required parameter for get rules companyid string required unique identifier type number required type of the resource page number required parameter for get rules perpage number required parameter for get rules jsonrpc string optional parameter for get rules method string optional http method to use id string optional unique identifier output parameter type description id string unique identifier jsonrpc string output field jsonrpc result object result of the operation total number output field total page number output field page perpage number output field perpage pagescount number count value items array output field items id string unique identifier name string name of the resource ownerid string unique identifier description string output field description companyid string unique identifier status number status value tags array output field tags settings object output field settings status number status value target string output field target criterialist array output field criterialist field string output field field relation string output field relation value array value for the parameter operator string output field operator severity number output field severity example \[ { "id" "0df7568c 59c1 48e0 a31b 18d83e6d9810", "jsonrpc" "2 0", "result" { "total" 1, "page" 1, "perpage" 100, "pagescount" 1, "items" \[] } } ] isolate host this action creates a task to isolate the specified endpoint endpoint url api/v1 0/jsonrpc/incidents method post input argument name type required description id string optional unique identifier jsonrpc string optional parameter for isolate host method string optional http method to use params object required parameter for isolate host endpointid string required unique identifier output parameter type description id string unique identifier jsonrpc string output field jsonrpc result boolean result of the operation example \[ { "id" "0df7568c 59c1 48e0 a31b 18d83e6d9810", "jsonrpc" "2 0", "result" true } ] quarantine file this action creates a new task to add a file to quarantine endpoint url api/v1 0/jsonrpc/quarantine method post input argument name type required description params object required parameter for quarantine file endpointids array required unique identifier filepath string required parameter for quarantine file jsonrpc string optional parameter for quarantine file method string optional http method to use id string optional unique identifier output parameter type description id string unique identifier jsonrpc string output field jsonrpc result boolean result of the operation example \[ { "id" "5399c9b5 0b46 45e4 81aa 889952433d86", "jsonrpc" "2 0", "result" true } ] remove from block list this action removes an item from the blocklist, identified by its id endpoint url api/v1 0/jsonrpc/incidents method post input argument name type required description params object required parameter for remove from block list hashitemid string required unique identifier jsonrpc string required parameter for remove from block list method string required http method to use id string required unique identifier output parameter type description status code number http status code of the response reason string response reason phrase id string unique identifier jsonrpc string output field jsonrpc result boolean result of the operation example \[ { "status code" 200, "response headers" {}, "reason" "ok", "json body" { "id" "0df7568c 59c1 48e0 a31b 18d83e6d9810", "jsonrpc" "2 0", "result" true } } ] remove quarentine items this action creates a new task to remove items from quarantine endpoint url api/v1 0/jsonrpc/quarantine/{{type}} method post input argument name type required description type string optional type of the resource params object optional parameter for remove quarentine items quarantineitemsids array optional unique identifier jsonrpc string optional parameter for remove quarentine items method string optional http method to use id string optional unique identifier output parameter type description id string unique identifier jsonrpc string output field jsonrpc result boolean result of the operation example \[ { "id" "5399c9b5 0b46 45e4 81aa 889952433d86", "jsonrpc" "2 0", "result" true } ] restore quarantine exchage item this action creates a new task to restore items from the quarantine for exchange servers endpoint url api/v1 0/jsonrpc/quarantine/exchange method post input argument name type required description params object optional parameter for restore quarantine exchage item quarantineitemsids array required unique identifier username string required name of the resource password string required parameter for restore quarantine exchage item jsonrpc string optional parameter for restore quarantine exchage item method string optional http method to use id string optional unique identifier output parameter type description status code number http status code of the response reason string response reason phrase id string unique identifier jsonrpc string output field jsonrpc result boolean result of the operation example \[ { "status code" 200, "response headers" {}, "reason" "ok", "json body" { "id" "5399c9b5 0b46 45e4 81aa 889952433d86", "jsonrpc" "2 0", "result" true } } ] restore quarantine item this action creates a new task to restore items from the quarantine endpoint url api/v1 0/jsonrpc/quarantine/computers method post input argument name type required description params object optional parameter for restore quarantine item quarantineitemsids array optional unique identifier locationtorestore string optional parameter for restore quarantine item addexclusioninpolicy boolean optional parameter for restore quarantine item jsonrpc string optional parameter for restore quarantine item method string optional http method to use id string optional unique identifier output parameter type description status code number http status code of the response reason string response reason phrase id string unique identifier jsonrpc string output field jsonrpc result boolean result of the operation example \[ { "status code" 200, "response headers" {}, "reason" "ok", "json body" { "id" "5399c9b5 0b46 45e4 81aa 889952433d86", "jsonrpc" "2 0", "result" true } } ] update block list use this method to add one or more file hashes to the blocklist endpoint url api/v1 0/jsonrpc/incidents method post input argument name type required description id string optional unique identifier jsonrpc string optional parameter for update block list method string optional http method to use params object required parameter for update block list hashtype number required type of the resource hashlist array required parameter for update block list sourceinfo string required parameter for update block list output parameter type description id string unique identifier jsonrpc string output field jsonrpc result boolean result of the operation example \[ { "id" "0df7568c 59c1 48e0 a31b 18d83e6d9810", "jsonrpc" "2 0", "result" true } ]