Fidelis EDR

the fidelis edr connector enables streamlined integration of fidelis' endpoint detection and response capabilities into swimlane's automated workflows fidelis edr is a comprehensive endpoint detection and response platform that provides advanced threat hunting and incident response capabilities across various operating systems by integrating with swimlane turbine, users can automate and orchestrate complex security workflows, leveraging fidelis edr's rich telemetry and robust action set for enhanced threat remediation this connector enables streamlined incident management, rapid threat containment, and seamless playbook execution, significantly reducing response times and operational overhead for security teams asset setup or prerequisites to effectively utilize the fidelis edr connector within swimlane turbine, ensure you have the following prerequisites http basic authentication with the following parameters url the base url for the fidelis edr api endpoint username your fidelis edr account username password your fidelis edr account password capabilities the fidelis edr connector has the following capabilities add endpoint id by endpoint name add or execute a task add or execute script package by script package id get alerts get endpoints get endpoint by name get playbooks get playbook and scripts get playbook or script info get playbook details get script packages get script package for file get script package by type get script job additional notes in the case of using get script package by type action, the type input parameter can be one of the manifest, metadata or template configurations fidelis edr http basic authentication authenticates using username and password configuration parameters parameter description type required url a url to the target host string required username username string required password password string required verify ssl verify ssl certificate boolean optional http proxy a proxy to route requests through string optional actions add endpoint id by endpoint name associates an endpoint id with a given endpoint name in fidelis edr, facilitating targeted security actions endpoint url /endpoint/api/endpoints/endpointidsbyname method post input argument name type required description input argument name type required description output parameter type description output parameter type description status code number http status code of the response reason string response reason phrase success boolean whether the operation was successful error object error message if any data array response data example \[ { "status code" 200, "response headers" { "content length" "140", "content type" "application/json", "date" "mon, 19 feb 2023 20 37 23 gmt" }, "reason" "ok", "json body" { "success" true, "error" null, "data" \[] } } ] add or execute a task creates or executes a task in fidelis edr using either a package id or script id as specified in the json body endpoint url /endpoint/api/jobs/createtask method post input argument name type required description input argument name type required description packageid string optional unique identifier endpoints array optional parameter for add or execute a task isplaybook boolean optional parameter for add or execute a task taskoptions array optional parameter for add or execute a task scriptid string optional unique identifier questions array optional parameter for add or execute a task paramnumber number optional parameter for add or execute a task answer object optional parameter for add or execute a task timeoutinseconds number optional parameter for add or execute a task queueexpirationinhours object optional parameter for add or execute a task output parameter type description output parameter type description status code number http status code of the response reason string response reason phrase success boolean whether the operation was successful error object error message if any data string response data example \[ { "status code" 200, "response headers" { "content length" "140", "content type" "application/json", "date" "mon, 19 feb 2023 20 37 23 gmt" }, "reason" "ok", "json body" { "success" true, "error" null, "data" "0a900967 0460 4203 91f1 aab20345c841" } } ] add or execute script package by package id adds or executes a script package in fidelis edr using the specified script package id provided in path parameters endpoint url /endpoint/api/packages/{{scriptpackageid}}/execute method post input argument name type required description input argument name type required description scriptpackageid string required unique identifier timeoutinseconds number optional parameter for add or execute script package by package id scriptpackageid string optional unique identifier hosts array optional parameter for add or execute script package by package id integrationoutputs array optional parameter for add or execute script package by package id questions object optional parameter for add or execute script package by package id output parameter type description output parameter type description status code number http status code of the response reason string response reason phrase success boolean whether the operation was successful error object error message if any data object response data jobid string unique identifier jobresultid string unique identifier example \[ { "status code" 200, "response headers" { "content length" "140", "content type" "application/json", "date" "mon, 19 feb 2023 20 37 23 gmt" }, "reason" "ok", "json body" { "success" true, "error" null, "data" {} } } ] get alerts retrieves detailed information about alerts from fidelis edr, including status, severity, and classification endpoint url /endpoint/api/alerts/getalertsv2 method get input argument name type required description input argument name type required description skip number optional parameter for get alerts take number optional parameter for get alerts sort string optional parameter for get alerts facetsearch string optional parameter for get alerts startdate string optional date value enddate string optional date value output parameter type description parameter type description status code number http status code of the response reason string response reason phrase success boolean whether the operation was successful error object error message if any data object response data entities array output field entities id number unique identifier createdate string date value endpointname string name of the resource endpointid string unique identifier name string name of the resource description string output field description artifactname string name of the resource source string output field source sourcetype number type of the resource severity number output field severity intelid string unique identifier intelname string name of the resource validateddate object unique identifier actionstaken string output field actionstaken eventid string unique identifier eventtime string time value parenteventid string unique identifier eventtype number type of the resource example \[ { "status code" 200, "response headers" { "content length" "140", "content type" "application/json", "date" "mon, 19 feb 2023 20 37 23 gmt" }, "reason" "ok", "json body" { "success" true, "error" null, "data" {} } } ] get endpoints retrieve details on endpoints, including sorting and pagination, using startindex, count, and sort parameters endpoint url /endpoint/api/endpoints/v2/{{startindex}}/{{count}}/{{sort}} method get input argument name type required description input argument name type required description startindex number required parameter for get endpoints count number required count value sort string required parameter for get endpoints output parameter type description parameter type description status code number http status code of the response reason string response reason phrase success boolean whether the operation was successful error object error message if any data object response data endpoints array output field endpoints id string unique identifier hostname string name of the resource ipaddress string output field ipaddress description object output field description lastcontactdate string date value agentinstalled boolean output field agentinstalled agentversion string output field agentversion os string output field os macaddress string output field macaddress av enabled boolean output field av enabled eventsstopped boolean output field eventsstopped locality object output field locality grouplist object output field grouplist isgroupmember boolean output field isgroupmember agentconnected boolean output field agentconnected isolated boolean output field isolated ostype number type of the resource osarch number output field osarch example \[ { "status code" 200, "response headers" { "content length" "140", "content type" "application/json", "date" "mon, 19 feb 2023 20 37 23 gmt" }, "reason" "ok", "json body" { "success" true, "error" null, "data" {} } } ] get playbook details by id fetches the details of a specified playbook from fidelis edr using its unique identifier (id) endpoint url /endpoint/api/playbooks/playbookdetail method get input argument name type required description input argument name type required description id string required unique identifier output parameter type description parameter type description status code number http status code of the response reason string response reason phrase success boolean whether the operation was successful error object error message if any data object response data scripts array output field scripts executionorder number output field executionorder scriptid string unique identifier scriptname string name of the resource questions array output field questions paramnumber number output field paramnumber question string output field question answer object output field answer isoptional boolean output field isoptional inputtype string input data for the action details object output field details id string unique identifier name string name of the resource platforms object output field platforms windows32 boolean output field windows32 windows64 boolean output field windows64 linux32 boolean output field linux32 linux64 boolean output field linux64 solaris boolean output field solaris example \[ { "status code" 200, "response headers" { "content length" "140", "content type" "application/json", "date" "mon, 19 feb 2023 20 37 23 gmt" }, "reason" "ok", "json body" { "success" true, "error" null, "data" {} } } ] get playbook or script info by id retrieves detailed information for a specified playbook or script in fidelis edr using its unique id endpoint url /endpoint/api/playbooks/playbookorscriptinfo method get input argument name type required description input argument name type required description id string required unique identifier output parameter type description output parameter type description status code number http status code of the response reason string response reason phrase success boolean whether the operation was successful error object error message if any data object response data id string unique identifier name string name of the resource description string output field description createdbyname string name of the resource createdbyid number unique identifier createddate string date value tags string output field tags platforms object output field platforms windows32 boolean output field windows32 windows64 boolean output field windows64 linux32 boolean output field linux32 linux64 boolean output field linux64 solaris boolean output field solaris aix boolean output field aix osx boolean output field osx platformsstringlist string output field platformsstringlist packagetype number type of the resource example \[ { "status code" 200, "response headers" { "content length" "140", "content type" "application/json", "date" "mon, 19 feb 2023 20 37 23 gmt" }, "reason" "ok", "json body" { "success" true, "error" null, "data" {} } } ] get playbooks retrieves a comprehensive list of all playbooks available in fidelis edr endpoint url /endpoint/api/playbooks/playbooks method get input argument name type required description input argument name type required description take number optional parameter for get playbooks output parameter type description output parameter type description status code number http status code of the response reason string response reason phrase success boolean whether the operation was successful error object error message if any data object response data id string unique identifier name string name of the resource description string output field description createdbyname string name of the resource createdbyid number unique identifier createddate string date value tags string output field tags platforms object output field platforms windows32 boolean output field windows32 windows64 boolean output field windows64 linux32 boolean output field linux32 linux64 boolean output field linux64 solaris boolean output field solaris aix boolean output field aix osx boolean output field osx platformsstringlist string output field platformsstringlist packagetype number type of the resource example \[ { "status code" 200, "response headers" { "content length" "140", "content type" "application/json", "date" "mon, 19 feb 2023 20 37 23 gmt" }, "reason" "ok", "json body" { "success" true, "error" null, "data" {} } } ] get playbooks and scripts fetches the list of available playbooks and scripts from fidelis edr for orchestration and automation purposes endpoint url /endpoint/api/playbooks/playbooksandscripts method get input argument name type required description input argument name type required description filtertype number optional type of the resource platformfilter number optional parameter for get playbooks and scripts ismanagementrequest boolean optional parameter for get playbooks and scripts search object optional parameter for get playbooks and scripts searchany array optional parameter for get playbooks and scripts value string optional value for the parameter operator number optional parameter for get playbooks and scripts sort string optional parameter for get playbooks and scripts skip number optional parameter for get playbooks and scripts take number optional parameter for get playbooks and scripts output parameter type description output parameter type description status code number http status code of the response reason string response reason phrase success boolean whether the operation was successful error object error message if any data object response data entities array output field entities id string unique identifier name string name of the resource description string output field description createdbyname string name of the resource createdbyid number unique identifier createddate string date value tags string output field tags platforms object output field platforms windows32 boolean output field windows32 windows64 boolean output field windows64 linux32 boolean output field linux32 linux64 boolean output field linux64 solaris boolean output field solaris aix boolean output field aix osx boolean output field osx platformsstringlist string output field platformsstringlist packagetype number type of the resource totalcount number count value example \[ { "status code" 200, "response headers" { "content length" "140", "content type" "application/json", "date" "mon, 19 feb 2023 20 37 23 gmt" }, "reason" "ok", "json body" { "success" true, "error" null, "data" {} } } ] get script job by job result id retrieve the results of a script job from fidelis edr using the specified job result id endpoint url /endpoint/api/jobresults/{{jobresultid}} method get input argument name type required description input argument name type required description jobresultid string required unique identifier search object optional parameter for get script job by job result id searchfields array optional parameter for get script job by job result id fieldname string optional name of the resource values array optional value for the parameter value string optional value for the parameter output parameter type description output parameter type description status code number http status code of the response reason string response reason phrase success boolean whether the operation was successful error object error message if any data object response data hits object output field hits total number output field total hits array output field hits source object output field source user string output field user row string output field row endpointid string unique identifier endpointname string name of the resource groupid string unique identifier matches number output field matches id string unique identifier tags array output field tags file name string name of the resource file string output field file paramnumber number output field paramnumber usenondeterministicpaging boolean output field usenondeterministicpaging nondeterministicpaginginfo object output field nondeterministicpaginginfo columns array output field columns example \[ { "status code" 200, "response headers" {}, "reason" "ok", "json body" { "success" true, "error" null, "data" {} } } ] get script package by type retrieves a specific script package type from fidelis edr using the provided script package id and type parameter endpoint url /endpoint/api/packages/{{scriptpackageid}} method get input argument name type required description input argument name type required description scriptpackageid string required unique identifier type string required type of the resource output parameter type description output parameter type description status code number http status code of the response reason string response reason phrase success boolean whether the operation was successful error object error message if any data object response data example \[ { "status code" 200, "response headers" { "content length" "140", "content type" "application/json", "date" "mon, 19 feb 2023 20 37 23 gmt" }, "reason" "ok", "json body" { "success" true, "error" null, "data" {} } } ] get script package for file retrieves a specific script package for file analysis from fidelis edr using the scriptpackageid and type parameters endpoint url /endpoint/api/packages/{{scriptpackageid}} method get input argument name type required description input argument name type required description scriptpackageid string required unique identifier type string required type of the resource output parameter type description output parameter type description status code number http status code of the response reason string response reason phrase file array output field file file name string name of the resource file string output field file example \[ { "status code" 200, "response headers" { "content length" "140", "content type" "application/json", "date" "tue, 19 dec 2023 20 37 23 gmt" }, "reason" "ok", "file" \[] } ] get script packages retrieves all available script packages from fidelis edr for further use in automation playbooks endpoint url /endpoint/api/packages method get output parameter type description output parameter type description status code number http status code of the response reason string response reason phrase success boolean whether the operation was successful error object error message if any data object response data scripts array output field scripts id string unique identifier name string name of the resource description string output field description totalcount number count value example \[ { "status code" 200, "response headers" { "content length" "140", "content type" "application/json", "date" "mon, 19 feb 2023 20 37 23 gmt" }, "reason" "ok", "json body" { "success" true, "error" null, "data" {} } } ] response headers header description example content length the length of the response body in bytes 140 content type the media type of the resource application/json date the date and time at which the message was originated mon, 19 feb 2023 20 37 23 gmt notes more information on fidelis edr can be found here https //fidelissecurity com/solutions/endpoint detection and response edr solution/