Vali Cyber ZeroLock

the zerolock platform addresses the entire linux threat landscape from ransomware to cryptojacking zerolock goes beyond traditional mandatory access control capabilities in contrast to selinux and apparmor, zerolock offers easily configured and universally applied rules and policies that can be deployed across all your linux and cloud environments from a single console prerequisites you need an username and password to authenticate the connector capabilities this connector provides the following capabilities archive endpoints change agent version create user get alert details by id get alert list get alerts by time get alerts per endpoint get endpoint count get endpoint data by id get endpoint uptime get frontend table alert list get number of alerts get summary information about protected endpoints kill alert by id kill alerts and so on notes https //api zerolock com/#/ configurations http basic authentication authenticates using username and password configuration parameters parameter description type required url a url to the target host string required username username string required password password string required verify ssl verify ssl certificate boolean optional http proxy a proxy to route requests through string optional actions archive endpoints archive a list of endpoints by id endpoint url /api/v2/endpoints/archiveendpoints method post input argument name type required description parameters endpointids array required parameters for the archive endpoints action input example {"parameters" {"endpointids" \["string"]}} output parameter type description status code number http status code of the response reason string response reason phrase code number output field code status string status value action string output field action args object output field args args endpointids array unique identifier args limitrefresh string output field args limitrefresh content string response content output example {"status code" 200,"response headers" {"content security policy" "default src 'self';script src 'self' 'sha256 fqwuyyuwk6aywjkizigaxzlfl5tw4udbc5q ","cross origin embedder policy" "require corp","cross origin opener policy" "same origin","cross origin resource policy" "same origin","x frame options" "sameorigin","strict transport security" "max age=15552000; includesubdomains","x content type options" "nosniff","origin agent cluster" "?1","x permitted cross domain policies" "none","referrer po change agent version uninstalls the agent and reinstalls a specified version on an endpoint endpoint url /api/v2/endpoints/changeagentversion method post input argument name type required description parameters endpointids array required parameters for the change agent version action parameters token string required secure token which indicates ownership of installed endpoint parameters version string required parameters for the change agent version action input example {"parameters" {"endpointids" \["string"],"token" "string","version" "string"}} output parameter type description status code number http status code of the response reason string response reason phrase code number output field code status string status value action string output field action args object output field args args endpointids array unique identifier args version string output field args version args token string output field args token args limitrefresh string output field args limitrefresh args query string output field args query content string response content output example {"status code" 200,"response headers" {"content security policy" "default src 'self';script src 'self' 'sha256 fqwuyyuwk6aywjkizigaxzlfl5tw4udbc5q ","cross origin embedder policy" "require corp","cross origin opener policy" "same origin","cross origin resource policy" "same origin","x frame options" "sameorigin","strict transport security" "max age=15552000; includesubdomains","x content type options" "nosniff","origin agent cluster" "?1","x permitted cross domain policies" "none","referrer po create user creates a new user endpoint url /api/v2/users/createuser method post input argument name type required description parameters email string required parameters for the create user action parameters firstname string optional parameters for the create user action parameters lastname string optional parameters for the create user action parameters telephone string optional parameters for the create user action parameters title string optional parameters for the create user action parameters roleid string optional parameters for the create user action parameters sso boolean optional parameters for the create user action parameters tenantid string optional parameters for the create user action input example {"parameters" {"email" "user\@example com","firstname" "example name","lastname" "example name","telephone" "string","title" "string","roleid" "string","sso"\ true,"tenantid" "string"}} output parameter type description status code number http status code of the response reason string response reason phrase code number output field code status string status value action string output field action args object output field args args limitrefresh string output field args limitrefresh content object response content output example {"status code" 200,"response headers" {"content security policy" "default src 'self';script src 'self' 'sha256 fqwuyyuwk6aywjkizigaxzlfl5tw4udbc5q ","cross origin embedder policy" "require corp","cross origin opener policy" "same origin","cross origin resource policy" "same origin","x frame options" "sameorigin","strict transport security" "max age=15552000; includesubdomains","x content type options" "nosniff","origin agent cluster" "?1","x permitted cross domain policies" "none","referrer po get alert details by id return all details for one alert by its id endpoint url /api/v2/alerts/alertdetails method post input argument name type required description parameters id string required parameters for the get alert details by id action input example {"parameters" {"id" "12345678 1234 1234 1234 123456789abc"}} output parameter type description status code number http status code of the response reason string response reason phrase code number output field code status string status value action string output field action args object output field args args id string unique identifier args limitrefresh string output field args limitrefresh content object response content content type string type of the resource content id number unique identifier content endpoint string response content content processid number unique identifier content endpointid number unique identifier content info string response content content status string status value content actiondata object response data content createdat string response content content updatedat string response content content severity string response content content user username object name of the resource content attack type string type of the resource content date number response content content dump file string response content content host string response content output example {"status code" 200,"response headers" {"content security policy" "default src 'self';script src 'self' 'sha256 fqwuyyuwk6aywjkizigaxzlfl5tw4udbc5q ","cross origin embedder policy" "require corp","cross origin opener policy" "same origin","cross origin resource policy" "same origin","x frame options" "sameorigin","strict transport security" "max age=15552000; includesubdomains","x content type options" "nosniff","origin agent cluster" "?1","x permitted cross domain policies" "none","referrer po get alert list return a summary list of alerts this route is useful for displaying top level information in tables endpoint url /api/v2/alerts/openalerts method post input argument name type required description parameters endpointid string optional parameters for the get alert list action input example {"parameters" {"endpointid" "string"}} output parameter type description status code number http status code of the response reason string response reason phrase code number output field code status string status value action string output field action args object output field args args endpointid object unique identifier args limitrefresh string output field args limitrefresh content object response content content rows array response content content rows type string type of the resource content rows time string response content content rows info string response content content rows id number unique identifier content rows status string status value content rows severity string response content output example {"status code" 200,"response headers" {"content security policy" "default src 'self';script src 'self' 'sha256 fqwuyyuwk6aywjkizigaxzlfl5tw4udbc5q ","cross origin embedder policy" "require corp","cross origin opener policy" "same origin","cross origin resource policy" "same origin","x frame options" "sameorigin","strict transport security" "max age=15552000; includesubdomains","x content type options" "nosniff","origin agent cluster" "?1","x permitted cross domain policies" "none","referrer po get alerts by time returns alerts for a given time period endpoint url /api/v2/alerts/alertsbytime method post input argument name type required description parameters from string optional parameters for the get alerts by time action parameters to string optional parameters for the get alerts by time action input example {"parameters" {"from" "string","to" "string"}} output parameter type description status code number http status code of the response reason string response reason phrase code number output field code status string status value action string output field action args object output field args args from string output field args from args to string output field args to args limitrefresh string output field args limitrefresh content object response content content rows array response content content rows id number unique identifier content rows createdat string response content content rows type string type of the resource content rows info string response content content rows status string status value output example {"status code" 200,"response headers" {"content security policy" "default src 'self';script src 'self' 'sha256 fqwuyyuwk6aywjkizigaxzlfl5tw4udbc5q ","cross origin embedder policy" "require corp","cross origin opener policy" "same origin","cross origin resource policy" "same origin","x frame options" "sameorigin","strict transport security" "max age=15552000; includesubdomains","x content type options" "nosniff","origin agent cluster" "?1","x permitted cross domain policies" "none","referrer po get alerts per endpoint returns an ordered list of endpoints from most alerts to least alerts endpoint url /api/v2/alerts/alertsperendpoint method post input argument name type required description parameters limit integer optional parameters for the get alerts per endpoint action input example {"parameters" {"limit" 123}} output parameter type description status code number http status code of the response reason string response reason phrase code number output field code status string status value action string output field action args object output field args args limitrefresh string output field args limitrefresh content object response content content endpoints array response content content endpoints id number unique identifier content endpoints hostname string name of the resource content endpoints alertcount number response content output example {"status code" 200,"response headers" {"content security policy" "default src 'self';script src 'self' 'sha256 fqwuyyuwk6aywjkizigaxzlfl5tw4udbc5q ","cross origin embedder policy" "require corp","cross origin opener policy" "same origin","cross origin resource policy" "same origin","x frame options" "sameorigin","strict transport security" "max age=15552000; includesubdomains","x content type options" "nosniff","origin agent cluster" "?1","x permitted cross domain policies" "none","referrer po get endpoint count returns number of endpoints for each connection status endpoint url /api/v2/endpoints/endpointcount method post output parameter type description status code number http status code of the response reason string response reason phrase code number output field code status string status value action string output field action args object output field args args limitrefresh string output field args limitrefresh content object response content content connected number response content output example {"status code" 200,"response headers" {"content security policy" "default src 'self';script src 'self' 'sha256 fqwuyyuwk6aywjkizigaxzlfl5tw4udbc5q ","cross origin embedder policy" "require corp","cross origin opener policy" "same origin","cross origin resource policy" "same origin","x frame options" "sameorigin","strict transport security" "max age=15552000; includesubdomains","x content type options" "nosniff","origin agent cluster" "?1","x permitted cross domain policies" "none","referrer po get endpoint data by id get a single endpoint data by id endpoint url /api/v2/endpoints/post method post input argument name type required description parameters endpoint string required parameters for the get endpoint data by id action input example {"parameters" {"endpoint" "string"}} output parameter type description status code number http status code of the response reason string response reason phrase code number output field code status string status value action string output field action args object output field args args endpoint string output field args endpoint args limitrefresh string output field args limitrefresh content object response content content id number unique identifier content quarantineactive number response content content collector string response content content ipaddress string response content content profile string response content content hostname string name of the resource content swversion string response content content lastcheckinat string response content content os string response content content details string response content content testing number response content content connected string response content content status string status value content connectionstatus string status value content lastquery string response content content alerts array response content output example {"status code" 200,"response headers" {"content security policy" "default src 'self';script src 'self' 'sha256 fqwuyyuwk6aywjkizigaxzlfl5tw4udbc5q ","cross origin embedder policy" "require corp","cross origin opener policy" "same origin","cross origin resource policy" "same origin","x frame options" "sameorigin","strict transport security" "max age=15552000; includesubdomains","x content type options" "nosniff","origin agent cluster" "?1","x permitted cross domain policies" "none","referrer po get endpoint uptime returns the uptime of each individual endpoint or all endpoints by id endpoint url /api/v2/endpoints/getuptime method post input argument name type required description parameters id string optional parameters for the get endpoint uptime action input example {"parameters" {"id" "12345678 1234 1234 1234 123456789abc"}} output parameter type description status code number http status code of the response reason string response reason phrase code number output field code status string status value action string output field action args object output field args args limitrefresh string output field args limitrefresh content object response content content uptime string response content output example {"status code" 200,"response headers" {"content security policy" "default src 'self';script src 'self' 'sha256 fqwuyyuwk6aywjkizigaxzlfl5tw4udbc5q ","cross origin embedder policy" "require corp","cross origin opener policy" "same origin","cross origin resource policy" "same origin","x frame options" "sameorigin","strict transport security" "max age=15552000; includesubdomains","x content type options" "nosniff","origin agent cluster" "?1","x permitted cross domain policies" "none","referrer po get frontend table alert list return a summary list of alerts for the frontend table endpoint url /api/v2/alerts/summary method post input argument name type required description parameters filters string optional parameters for the get frontend table alert list action parameters sorters string optional parameters for the get frontend table alert list action parameters offset string optional parameters for the get frontend table alert list action parameters limit string optional parameters for the get frontend table alert list action input example {"parameters" {"filters" "string","sorters" "string","offset" "string","limit" "string"}} output parameter type description status code number http status code of the response reason string response reason phrase code number output field code status string status value action string output field action args object output field args args pagelength string output field args pagelength args filters string output field args filters args limitrefresh string output field args limitrefresh content string response content output example {"status code" 200,"response headers" {"content security policy" "default src 'self';script src 'self' 'sha256 fqwuyyuwk6aywjkizigaxzlfl5tw4udbc5q ","cross origin embedder policy" "require corp","cross origin opener policy" "same origin","cross origin resource policy" "same origin","x frame options" "sameorigin","strict transport security" "max age=15552000; includesubdomains","x content type options" "nosniff","origin agent cluster" "?1","x permitted cross domain policies" "none","referrer po get number of alerts returns the number of alerts for a given type endpoint url /api/v2/alerts/numberofalerts method post input argument name type required description parameters type string required parameters for the get number of alerts action input example {"parameters" {"type" "string"}} output parameter type description status code number http status code of the response reason string response reason phrase code number output field code status string status value action string output field action args object output field args args type string type of the resource args limitrefresh string output field args limitrefresh content object response content content count number response content output example {"status code" 200,"response headers" {"content security policy" "default src 'self';script src 'self' 'sha256 fqwuyyuwk6aywjkizigaxzlfl5tw4udbc5q ","cross origin embedder policy" "require corp","cross origin opener policy" "same origin","cross origin resource policy" "same origin","x frame options" "sameorigin","strict transport security" "max age=15552000; includesubdomains","x content type options" "nosniff","origin agent cluster" "?1","x permitted cross domain policies" "none","referrer po get summary information about protected endpoints return summary level information about protected endpoints endpoint url /api/v2/endpoints/summary method post input argument name type required description parameters filters string optional parameters for the get summary information about protected endpoints action parameters sorters string optional parameters for the get summary information about protected endpoints action parameters offset string optional parameters for the get summary information about protected endpoints action parameters limit string optional parameters for the get summary information about protected endpoints action input example {"parameters" {"filters" "string","sorters" "string","offset" "string","limit" "string"}} output parameter type description status code number http status code of the response reason string response reason phrase code number output field code status string status value action string output field action args object output field args args pagelength string output field args pagelength args filters string output field args filters args limitrefresh string output field args limitrefresh content object response content content rows array response content content rows hostname string name of the resource content rows connectionstatus string status value content rows status string status value content rows testing number response content content rows connected string response content content rows quarantineactive number response content content rows ipaddress string response content content rows os string response content content rows profile string response content content rows id number unique identifier content rows swversion string response content content rows collector string response content content rows lastcheckin string response content content rows activealertcount object response content output example {"status code" 200,"response headers" {"content security policy" "default src 'self';script src 'self' 'sha256 fqwuyyuwk6aywjkizigaxzlfl5tw4udbc5q ","cross origin embedder policy" "require corp","cross origin opener policy" "same origin","cross origin resource policy" "same origin","x frame options" "sameorigin","strict transport security" "max age=15552000; includesubdomains","x content type options" "nosniff","origin agent cluster" "?1","x permitted cross domain policies" "none","referrer po kill alert by id kills a threat on an endpoint by alert id endpoint url /api/v2/alerts/killattack method post input argument name type required description parameters id string required parameters for the kill alert by id action input example {"parameters" {"id" "12345678 1234 1234 1234 123456789abc"}} output parameter type description status code number http status code of the response reason string response reason phrase code number output field code status string status value action string output field action args object output field args args id number unique identifier args limitrefresh string output field args limitrefresh content object response content output example {"status code" 200,"response headers" {"content security policy" "default src 'self';script src 'self' 'sha256 fqwuyyuwk6aywjkizigaxzlfl5tw4udbc5q ","cross origin embedder policy" "require corp","cross origin opener policy" "same origin","cross origin resource policy" "same origin","x frame options" "sameorigin","strict transport security" "max age=15552000; includesubdomains","x content type options" "nosniff","origin agent cluster" "?1","x permitted cross domain policies" "none","referrer po kill alerts accepts a list of alert ids and sends commands to their respective endpoints to kill threats endpoint url /api/v2/alerts/killattacks method post input argument name type required description parameters attackids array required parameters for the kill alerts action input example {"parameters" {"attackids" \["string"]}} output parameter type description status code number http status code of the response reason string response reason phrase code number output field code status string status value action string output field action args object output field args args attackids array unique identifier args limitrefresh string output field args limitrefresh args id number unique identifier content object response content output example {"status code" 200,"response headers" {"content security policy" "default src 'self';script src 'self' 'sha256 fqwuyyuwk6aywjkizigaxzlfl5tw4udbc5q ","cross origin embedder policy" "require corp","cross origin opener policy" "same origin","cross origin resource policy" "same origin","x frame options" "sameorigin","strict transport security" "max age=15552000; includesubdomains","x content type options" "nosniff","origin agent cluster" "?1","x permitted cross domain policies" "none","referrer po reinstall agent version uninstalls and reinstalls the same agent version on an endpoint endpoint url /api/v2/endpoints/reinstallagentversion method post input argument name type required description parameters endpointids array required parameters for the reinstall agent version action parameters token string optional secure token which indicates ownership of installed endpoint input example {"parameters" {"endpointids" \["string"],"token" "string"}} output parameter type description status code number http status code of the response reason string response reason phrase code number output field code status string status value action string output field action args object output field args args endpointids array unique identifier args token string output field args token args limitrefresh string output field args limitrefresh args query string output field args query content string response content output example {"status code" 200,"response headers" {"content security policy" "default src 'self';script src 'self' 'sha256 fqwuyyuwk6aywjkizigaxzlfl5tw4udbc5q ","cross origin embedder policy" "require corp","cross origin opener policy" "same origin","cross origin resource policy" "same origin","x frame options" "sameorigin","strict transport security" "max age=15552000; includesubdomains","x content type options" "nosniff","origin agent cluster" "?1","x permitted cross domain policies" "none","referrer po release alerts accepts a list of alert ids and sends commands to their respective endpoints to release threats endpoint url /api/v2/alerts/releaseattacks method post input argument name type required description parameters attackids array required parameters for the release alerts action input example {"parameters" {"attackids" \["string"]}} output parameter type description status code number http status code of the response reason string response reason phrase code number output field code status string status value action string output field action args object output field args args attackids array unique identifier args limitrefresh string output field args limitrefresh args id number unique identifier content object response content output example {"status code" 200,"response headers" {"content security policy" "default src 'self';script src 'self' 'sha256 fqwuyyuwk6aywjkizigaxzlfl5tw4udbc5q ","cross origin embedder policy" "require corp","cross origin opener policy" "same origin","cross origin resource policy" "same origin","x frame options" "sameorigin","strict transport security" "max age=15552000; includesubdomains","x content type options" "nosniff","origin agent cluster" "?1","x permitted cross domain policies" "none","referrer po remediate alerts accepts a list of alert ids and sends commands to their respective endpoints to remediate threats endpoint url /api/v2/alerts/remediateattacks method post input argument name type required description parameters attackids array required parameters for the remediate alerts action input example {"parameters" {"attackids" \["string"]}} output parameter type description status code number http status code of the response reason string response reason phrase code number output field code status string status value action string output field action args object output field args args attackids array unique identifier args limitrefresh string output field args limitrefresh args id number unique identifier content object response content output example {"status code" 200,"response headers" {"content security policy" "default src 'self';script src 'self' 'sha256 fqwuyyuwk6aywjkizigaxzlfl5tw4udbc5q ","cross origin embedder policy" "require corp","cross origin opener policy" "same origin","cross origin resource policy" "same origin","x frame options" "sameorigin","strict transport security" "max age=15552000; includesubdomains","x content type options" "nosniff","origin agent cluster" "?1","x permitted cross domain policies" "none","referrer po remediate attack by id remediates a threat on an endpoint by alert id endpoint url /api/v2/alerts/remediateattack method post input argument name type required description parameters id string required parameters for the remediate attack by id action input example {"parameters" {"id" "12345678 1234 1234 1234 123456789abc"}} output parameter type description status code number http status code of the response reason string response reason phrase code number output field code status string status value action string output field action args object output field args args id number unique identifier args limitrefresh string output field args limitrefresh content object response content output example {"status code" 200,"response headers" {"content security policy" "default src 'self';script src 'self' 'sha256 fqwuyyuwk6aywjkizigaxzlfl5tw4udbc5q ","cross origin embedder policy" "require corp","cross origin opener policy" "same origin","cross origin resource policy" "same origin","x frame options" "sameorigin","strict transport security" "max age=15552000; includesubdomains","x content type options" "nosniff","origin agent cluster" "?1","x permitted cross domain policies" "none","referrer po send endpoint query send a direct query to endpoints endpoint url /api/v2/endpoints/sendquery method post input argument name type required description parameters endpointids array required parameters for the send endpoint query action parameters query string required parameters for the send endpoint query action input example {"parameters" {"endpointids" \["string"],"query" "string"}} output parameter type description status code number http status code of the response reason string response reason phrase code number output field code status string status value action string output field action args object output field args args endpointids array unique identifier args query string output field args query args limitrefresh string output field args limitrefresh content string response content output example {"status code" 200,"response headers" {"content security policy" "default src 'self';script src 'self' 'sha256 fqwuyyuwk6aywjkizigaxzlfl5tw4udbc5q ","cross origin embedder policy" "require corp","cross origin opener policy" "same origin","cross origin resource policy" "same origin","x frame options" "sameorigin","strict transport security" "max age=15552000; includesubdomains","x content type options" "nosniff","origin agent cluster" "?1","x permitted cross domain policies" "none","referrer po test endpoint send a testing mesage to the endpoint to confirm it is connected endpoint url /api/v2/endpoints/testendpoint method post input argument name type required description parameters endpointids array required parameters for the test endpoint action input example {"parameters" {"endpointids" \["string"]}} output parameter type description status code number http status code of the response reason string response reason phrase code number output field code status string status value action string output field action args object output field args args endpointids array unique identifier args limitrefresh string output field args limitrefresh content string response content output example {"status code" 200,"response headers" {"content security policy" "default src 'self';script src 'self' 'sha256 fqwuyyuwk6aywjkizigaxzlfl5tw4udbc5q ","cross origin embedder policy" "require corp","cross origin opener policy" "same origin","cross origin resource policy" "same origin","x frame options" "sameorigin","strict transport security" "max age=15552000; includesubdomains","x content type options" "nosniff","origin agent cluster" "?1","x permitted cross domain policies" "none","referrer po response headers header description example connection http response header connection keep alive content length the length of the response body in bytes 109 content security policy http response header content security policy default src 'self';script src 'self' 'sha256 fqwuyyuwk6aywjkizigaxzlfl5tw4udbc5qviyfpjjs=';style src 'self' 'unsafe inline';font src 'self' data ;upgrade insecure requests;base uri 'self';form action 'self';frame ancestors 'self';img src 'self' data ;object src 'none';script src attr 'none' content type the media type of the resource application/json; charset=utf 8 cross origin embedder policy http response header cross origin embedder policy require corp cross origin opener policy http response header cross origin opener policy same origin cross origin resource policy http response header cross origin resource policy same origin date the date and time at which the message was originated thu, 12 oct 2023 16 08 30 gmt etag an identifier for a specific version of a resource w/"6d ihmnyfuba8qevxed2uxq2dqisyi" expires the date/time after which the response is considered stale 1697127810 keep alive http response header keep alive timeout=5 origin agent cluster http response header origin agent cluster ?1 referrer policy http response header referrer policy no referrer set cookie http response header set cookie authtoken=816afa7afe54817815ccd419426977dd4926aea36cf5243ba2fb93483ee266dde7e83eb8fcf182bf35467421fd915732ac144a1aeb3fec835249d7d37ad73902e4804704b1424f05348dd24b12b24985eff13348f6f06b107ec1e48d0b49a26b2678c4e154ee54c8b1a274122552c63cbfa488e77f0dee84c78f9c882641be7c; path=/; httponly; secure strict transport security http response header strict transport security max age=15552000; includesubdomains x content type options http response header x content type options nosniff x frame options http response header x frame options sameorigin x permitted cross domain policies http response header x permitted cross domain policies none x xss protection http response header x xss protection 0