Fidelis EDR

the fidelis edr connector enables streamlined integration of fidelis' endpoint detection and response capabilities into swimlane's automated workflows fidelis edr is a comprehensive endpoint detection and response platform that provides advanced threat hunting and incident response capabilities across various operating systems by integrating with swimlane turbine, users can automate and orchestrate complex security workflows, leveraging fidelis edr's rich telemetry and robust action set for enhanced threat remediation this connector enables streamlined incident management, rapid threat containment, and seamless playbook execution, significantly reducing response times and operational overhead for security teams asset setup or prerequisites to effectively utilize the fidelis edr connector within swimlane turbine, ensure you have the following prerequisites http basic authentication with the following parameters url the base url for the fidelis edr api endpoint username your fidelis edr account username password your fidelis edr account password capabilities the fidelis edr connector has the following capabilities add endpoint id by endpoint name add or execute a task add or execute script package by script package id get alerts get endpoints get endpoint by name get playbooks get playbook and scripts get playbook or script info get playbook details get script packages get script package for file get script package by type get script job notes more information on fidelis edr can be found https //fidelissecurity com/solutions/endpoint detection and response edr solution/ additional notes in the case of using get script package by type action, the type input parameter can be one of the manifest, metadata or template configurations fidelis edr http basic authentication authenticates using username and password configuration parameters parameter description type required url a url to the target host string required username username string required password password string required verify ssl verify ssl certificate boolean optional http proxy a proxy to route requests through string optional actions add endpoint id by endpoint name associates an endpoint id with a given endpoint name in fidelis edr, facilitating targeted security actions endpoint url /endpoint/api/endpoints/endpointidsbyname method post output parameter type description status code number http status code of the response reason string response reason phrase success boolean whether the operation was successful error object error message if any data array response data output example {"status code" 200,"response headers" {"content length" "140","content type" "application/json","date" "mon, 19 feb 2023 20 37 23 gmt"},"reason" "ok","json body" {"success"\ true,"error"\ null,"data" \["6b568599 de9b 41aa b47a a9eb04b198b9","0a8aff62 324b 4478 83cb a9ea040fb682"]}} add or execute a task creates or executes a task in fidelis edr using either a package id or script id as specified in the json body endpoint url /endpoint/api/jobs/createtask method post input argument name type required description packageid string optional unique identifier endpoints array optional parameter for add or execute a task isplaybook boolean optional parameter for add or execute a task taskoptions array optional parameter for add or execute a task taskoptions scriptid string optional unique identifier taskoptions questions array optional parameter for add or execute a task taskoptions questions paramnumber number optional parameter for add or execute a task taskoptions questions answer object optional parameter for add or execute a task taskoptions timeoutinseconds number optional parameter for add or execute a task taskoptions queueexpirationinhours object optional parameter for add or execute a task input example {"json body" {"packageid" "8d379688 dde1 451d 8fa2 4f29c84baf97","endpoints" \["0d065003 7df5 47c8 98eb aaaa04e0eb59","c80dbb3b 4a8f 4bb9 8e9f aaaa04d838cd"],"isplaybook"\ false,"taskoptions" \[{"scriptid" "8d379688 dde1 451d 8fa2 4f29c84baf97","questions" \[{"paramnumber" 1,"answer"\ null}],"timeoutinseconds" 300,"queueexpirationinhours"\ null}]}} output parameter type description status code number http status code of the response reason string response reason phrase success boolean whether the operation was successful error object error message if any data string response data output example {"status code" 200,"response headers" {"content length" "140","content type" "application/json","date" "mon, 19 feb 2023 20 37 23 gmt"},"reason" "ok","json body" {"success"\ true,"error"\ null,"data" "0a900967 0460 4203 91f1 aab20345c841"}} add or execute script package by package id adds or executes a script package in fidelis edr using the specified script package id provided in path parameters endpoint url /endpoint/api/packages/{{scriptpackageid}}/execute method post input argument name type required description path parameters scriptpackageid string required parameters for the add or execute script package by package id action timeoutinseconds number optional parameter for add or execute script package by package id scriptpackageid string optional unique identifier hosts array optional parameter for add or execute script package by package id integrationoutputs array optional parameter for add or execute script package by package id questions object optional parameter for add or execute script package by package id input example {"json body" {"timeoutinseconds" 300,"scriptpackageid" "18e8ce99 c0b7 43ae 9a21 b1a0648e9824","hosts" \["10 92 105 92"],"integrationoutputs" \["cefoutput","leefoutput"],"questions" {}},"path parameters" {"scriptpackageid" "18e8ce99 c0b7 43ae 9a21 b1a0648e9824"}} output parameter type description status code number http status code of the response reason string response reason phrase success boolean whether the operation was successful error object error message if any data object response data data jobid string response data data jobresultid string response data output example {"status code" 200,"response headers" {"content length" "140","content type" "application/json","date" "mon, 19 feb 2023 20 37 23 gmt"},"reason" "ok","json body" {"success"\ true,"error"\ null,"data" {"jobid" "e173d4e6 5553 486c b788 5ba1257560d4","jobresultid" "d25b19e5 cfea 4fdc b3ab a74e029b92a9"}}} get alerts retrieves detailed information about alerts from fidelis edr, including status, severity, and classification endpoint url /endpoint/api/alerts/getalertsv2 method get input argument name type required description parameters skip number optional parameters for the get alerts action parameters take number optional parameters for the get alerts action parameters sort string optional parameters for the get alerts action parameters facetsearch string optional parameters for the get alerts action parameters startdate string optional parameters for the get alerts action parameters enddate string optional parameters for the get alerts action input example {"parameters" {"skip" 0,"take" 100,"sort" "createddate descending","facetsearch" "","startdate" "2019 11 15t16 42 58 400z","enddate" "2019 11 22t16 37 58 701z"}} output parameter type description status code number http status code of the response reason string response reason phrase success boolean whether the operation was successful error object error message if any data object response data data entities array response data data entities id number response data data entities createdate string response data data entities endpointname string response data data entities endpointid string response data data entities name string response data data entities description string response data data entities artifactname string response data data entities source string response data data entities sourcetype number response data data entities severity number response data data entities intelid string response data data entities intelname string response data data entities validateddate object response data data entities actionstaken string response data data entities eventid string response data data entities eventtime string response data data entities parenteventid string response data data entities eventtype number response data data entities eventindex number response data output example {"status code" 200,"response headers" {"content length" "140","content type" "application/json","date" "mon, 19 feb 2023 20 37 23 gmt"},"reason" "ok","json body" {"success"\ true,"error"\ null,"data" {"entities" \[]}}} get endpoints retrieve details on endpoints, including sorting and pagination, using startindex, count, and sort parameters endpoint url /endpoint/api/endpoints/v2/{{startindex}}/{{count}}/{{sort}} method get input argument name type required description path parameters startindex number required parameters for the get endpoints action path parameters count number required parameters for the get endpoints action path parameters sort string required parameters for the get endpoints action input example {"path parameters" {"startindex" 0,"count" 10,"sort" "hostname"}} output parameter type description status code number http status code of the response reason string response reason phrase success boolean whether the operation was successful error object error message if any data object response data data endpoints array response data data endpoints id string response data data endpoints hostname string response data data endpoints ipaddress string response data data endpoints description object response data data endpoints lastcontactdate string response data data endpoints agentinstalled boolean response data data endpoints agentversion string response data data endpoints os string response data data endpoints macaddress string response data data endpoints av enabled boolean response data data endpoints eventsstopped boolean response data data endpoints locality object response data data endpoints grouplist object response data data endpoints isgroupmember boolean response data data endpoints agentconnected boolean response data data endpoints isolated boolean response data data endpoints ostype number response data data endpoints osarch number response data data endpoints agenttag object response data output example {"status code" 200,"response headers" {"content length" "140","content type" "application/json","date" "mon, 19 feb 2023 20 37 23 gmt"},"reason" "ok","json body" {"success"\ true,"error"\ null,"data" {"endpoints" \[],"totalcount" 1}}} get playbook details by id fetches the details of a specified playbook from fidelis edr using its unique identifier (id) endpoint url /endpoint/api/playbooks/playbookdetail method get input argument name type required description parameters id string required parameters for the get playbook details by id action input example {"parameters" {"id" "791ca8b8 2386 4f24 90c3 f8e99a66bac1"}} output parameter type description status code number http status code of the response reason string response reason phrase success boolean whether the operation was successful error object error message if any data object response data data scripts array response data data scripts executionorder number response data data scripts scriptid string response data data scripts scriptname string response data data scripts questions array response data data scripts questions paramnumber number response data data scripts questions question string response data data scripts questions answer object response data data scripts questions isoptional boolean response data data scripts questions inputtype string input data for the action data scripts details object response data data scripts details id string response data data scripts details name string response data data scripts details platforms object response data data scripts details platforms windows32 boolean response data data scripts details platforms windows64 boolean response data data scripts details platforms linux32 boolean response data data scripts details platforms linux64 boolean response data data scripts details platforms solaris boolean response data data scripts details platforms aix boolean response data output example {"status code" 200,"response headers" {"content length" "140","content type" "application/json","date" "mon, 19 feb 2023 20 37 23 gmt"},"reason" "ok","json body" {"success"\ true,"error"\ null,"data" {"scripts" \[],"id" "791ca8b8 2386 4f24 90c3 f8e99a66bac1","name" "test","description" "let's see how this goes","createdbyname"\ null,"createdbyid" 0,"createddate" "0001 01 01t00 00 00","scriptcount" 1,"tags"\ null}}} get playbook or script info by id retrieves detailed information for a specified playbook or script in fidelis edr using its unique id endpoint url /endpoint/api/playbooks/playbookorscriptinfo method get input argument name type required description parameters id string required parameters for the get playbook or script info by id action input example {"parameters" {"id" "29ccc291 74b6 4e9c b5bb 3932051a750a"}} output parameter type description status code number http status code of the response reason string response reason phrase success boolean whether the operation was successful error object error message if any data object response data data id string response data data name string response data data description string response data data createdbyname string response data data createdbyid number response data data createddate string response data data tags string response data data platforms object response data data platforms windows32 boolean response data data platforms windows64 boolean response data data platforms linux32 boolean response data data platforms linux64 boolean response data data platforms solaris boolean response data data platforms aix boolean response data data platforms osx boolean response data data platformsstringlist string response data data packagetype number response data output example {"status code" 200,"response headers" {"content length" "140","content type" "application/json","date" "mon, 19 feb 2023 20 37 23 gmt"},"reason" "ok","json body" {"success"\ true,"error"\ null,"data" {"id" "29ccc291 74b6 4e9c b5bb 3932051a750a","name" "system state","description" "a series of scripts that capture the state of a system","createdbyname" "endpoint apiuser","createdbyid" 1001,"createddate" "2019 08 22t17 17 00 9479806","tags" "system management,investigation","platforms" {},"platforms get playbooks retrieves a comprehensive list of all playbooks available in fidelis edr endpoint url /endpoint/api/playbooks/playbooks method get input argument name type required description parameters take number optional parameters for the get playbooks action input example {"parameters" {"take" 100}} output parameter type description status code number http status code of the response reason string response reason phrase success boolean whether the operation was successful error object error message if any data object response data data id string response data data name string response data data description string response data data createdbyname string response data data createdbyid number response data data createddate string response data data tags string response data data platforms object response data data platforms windows32 boolean response data data platforms windows64 boolean response data data platforms linux32 boolean response data data platforms linux64 boolean response data data platforms solaris boolean response data data platforms aix boolean response data data platforms osx boolean response data data platformsstringlist string response data data packagetype number response data output example {"status code" 200,"response headers" {"content length" "140","content type" "application/json","date" "mon, 19 feb 2023 20 37 23 gmt"},"reason" "ok","json body" {"success"\ true,"error"\ null,"data" {"id" "29ccc291 74b6 4e9c b5bb 3932051a750a","name" "system state","description" "a series of scripts that capture the state of a system","createdbyname" "endpoint apiuser","createdbyid" 1001,"createddate" "2019 08 22t17 17 00 9479806","tags" "system management,investigation","platforms" {},"platforms get playbooks and scripts fetches the list of available playbooks and scripts from fidelis edr for orchestration and automation purposes endpoint url /endpoint/api/playbooks/playbooksandscripts method get input argument name type required description parameters filtertype number optional parameters for the get playbooks and scripts action parameters platformfilter number optional parameters for the get playbooks and scripts action parameters ismanagementrequest boolean optional parameters for the get playbooks and scripts action parameters search object optional parameters for the get playbooks and scripts action parameters search searchany array optional parameters for the get playbooks and scripts action parameters search searchany value string optional parameters for the get playbooks and scripts action parameters search searchany operator number optional parameters for the get playbooks and scripts action parameters sort string optional parameters for the get playbooks and scripts action parameters skip number optional parameters for the get playbooks and scripts action parameters take number optional parameters for the get playbooks and scripts action input example {"parameters" {"filtertype" 0,"platformfilter" 1,"ismanagementrequest"\ true,"search" {"searchany" \[{"value" "file+collection","operator" 7}]},"sort" "descending","skip" 0,"take" 100}} output parameter type description status code number http status code of the response reason string response reason phrase success boolean whether the operation was successful error object error message if any data object response data data entities array response data data entities id string response data data entities name string response data data entities description string response data data entities createdbyname string response data data entities createdbyid number response data data entities createddate string response data data entities tags string response data data entities platforms object response data data entities platforms windows32 boolean response data data entities platforms windows64 boolean response data data entities platforms linux32 boolean response data data entities platforms linux64 boolean response data data entities platforms solaris boolean response data data entities platforms aix boolean response data data entities platforms osx boolean response data data entities platformsstringlist string response data data entities packagetype number response data data totalcount number response data output example {"status code" 200,"response headers" {"content length" "140","content type" "application/json","date" "mon, 19 feb 2023 20 37 23 gmt"},"reason" "ok","json body" {"success"\ true,"error"\ null,"data" {"entities" \[],"totalcount" 2}}} get script job by job result id retrieve the results of a script job from fidelis edr using the specified job result id endpoint url /endpoint/api/jobresults/{{jobresultid}} method get input argument name type required description path parameters jobresultid string required parameters for the get script job by job result id action parameters search object optional parameters for the get script job by job result id action parameters search searchfields array optional parameters for the get script job by job result id action parameters search searchfields fieldname string optional parameters for the get script job by job result id action parameters search searchfields values array optional parameters for the get script job by job result id action parameters search searchfields values value string optional parameters for the get script job by job result id action input example {"parameters" {"search" {"searchfields" \[{"fieldname" "endpointname","values" \[{"value" "t19 win10 e 1903x3"}]}]}},"path parameters" {"jobresultid" "514a7c74 513d 4847 a010 ab4204129857"}} output parameter type description status code number http status code of the response reason string response reason phrase success boolean whether the operation was successful error object error message if any data object response data data hits object response data data hits total number response data data hits hits array response data data hits hits source object response data data hits hits source user string response data data hits hits source row string response data data hits hits source endpointid string response data data hits hits source endpointname string response data data hits hits source groupid string response data data hits hits source matches number response data data hits hits id string response data data hits hits tags array response data data hits hits tags file name string response data data hits hits tags file string response data data hits hits paramnumber number response data data hits usenondeterministicpaging boolean response data data hits nondeterministicpaginginfo object response data data columns array response data output example {"status code" 200,"response headers" {},"reason" "ok","json body" {"success"\ true,"error"\ null,"data" {"hits" {},"columns" \[]}}} get script package by type retrieves a specific script package type from fidelis edr using the provided script package id and type parameter endpoint url /endpoint/api/packages/{{scriptpackageid}} method get input argument name type required description path parameters scriptpackageid string required parameters for the get script package by type action parameters type string required parameters for the get script package by type action input example {"parameters" {"type" "template"},"path parameters" {"scriptpackageid" "f989574d ec25 490b bfca 59963910c2dc"}} output parameter type description status code number http status code of the response reason string response reason phrase success boolean whether the operation was successful error object error message if any data object response data output example {"status code" 200,"response headers" {"content length" "140","content type" "application/json","date" "mon, 19 feb 2023 20 37 23 gmt"},"reason" "ok","json body" {"success"\ true,"error"\ null,"data" {}}} get script package for file retrieves a specific script package for file analysis from fidelis edr using the scriptpackageid and type parameters endpoint url /endpoint/api/packages/{{scriptpackageid}} method get input argument name type required description path parameters scriptpackageid string required parameters for the get script package for file action parameters type string required parameters for the get script package for file action input example {"parameters" {"type" "file"},"path parameters" {"scriptpackageid" "8d379688 dde1 451d 8fa2 4f29c84baf97"}} output parameter type description status code number http status code of the response reason string response reason phrase file array output field file file file name string name of the resource file file string output field file file output example {"status code" 200,"response headers" {"content length" "140","content type" "application/json","date" "tue, 19 dec 2023 20 37 23 gmt"},"reason" "ok","file" \[]} get script packages retrieves all available script packages from fidelis edr for further use in automation playbooks endpoint url /endpoint/api/packages method get output parameter type description status code number http status code of the response reason string response reason phrase success boolean whether the operation was successful error object error message if any data object response data data scripts array response data data scripts id string response data data scripts name string response data data scripts description string response data data totalcount number response data output example {"status code" 200,"response headers" {"content length" "140","content type" "application/json","date" "mon, 19 feb 2023 20 37 23 gmt"},"reason" "ok","json body" {"success"\ true,"error"\ null,"data" {"scripts" \[],"totalcount" 2}}} response headers header description example content length the length of the response body in bytes 140 content type the media type of the resource application/json date the date and time at which the message was originated tue, 19 dec 2023 20 37 23 gmt