Vali Cyber ZeroLock

90 min

the zerolock platform addresses the entire linux threat landscape from ransomware to cryptojacking zerolock goes beyond traditional mandatory access control capabilities in contrast to selinux and apparmor, zerolock offers easily configured and universally applied rules and policies that can be deployed across all your linux and cloud environments from a single console prerequisites you need an username and password to authenticate the connector capabilities this connector provides the following capabilities archive endpoints change agent version create user get alert details by id get alert list get alerts by time get alerts per endpoint get endpoint count get endpoint data by id get endpoint uptime get frontend table alert list get number of alerts get summary information about protected endpoints kill alert by id kill alerts and so on configurations http basic authentication authenticates using username and password configuration parameters parameter description type required url a url to the target host string required username username string required password password string required verify ssl verify ssl certificate boolean optional http proxy a proxy to route requests through string optional actions archive endpoints archive a list of endpoints by id endpoint url /api/v2/endpoints/archiveendpoints method post input argument name type required description endpointids array required unique identifier output parameter type description status code number http status code of the response reason string response reason phrase code number output field code status string status value action string output field action args object output field args endpointids array unique identifier limitrefresh string output field limitrefresh content string response content example \[ { "status code" 200, "response headers" { "content security policy" "default src 'self';script src 'self' 'sha256 fqwuyyuwk6aywjkizigaxzlfl5tw4udbc5q ", "cross origin embedder policy" "require corp", "cross origin opener policy" "same origin", "cross origin resource policy" "same origin", "x frame options" "sameorigin", "strict transport security" "max age=15552000; includesubdomains", "x content type options" "nosniff", "origin agent cluster" "?1", "x permitted cross domain policies" "none", "referrer policy" "no referrer", "x xss protection" "0", "expires" "1697127810", "set cookie" "authtoken=816afa7afe54817815ccd419426977dd4926aea36cf5243ba2fb93483ee266dde7e83e ", "content type" "application/json; charset=utf 8", "content length" "109" }, "reason" "ok", "json body" { "code" 200, "status" "success", "action" "u\ superuser archived endpoints", "args" {}, "content" "archived endpoints" } } ] change agent version uninstalls the agent and reinstalls a specified version on an endpoint endpoint url /api/v2/endpoints/changeagentversion method post input argument name type required description endpointids array required unique identifier token string required secure token which indicates ownership of installed endpoint version string required parameter for change agent version output parameter type description status code number http status code of the response reason string response reason phrase code number output field code status string status value action string output field action args object output field args endpointids array unique identifier version string output field version token string output field token limitrefresh string output field limitrefresh query string output field query content string response content example \[ { "status code" 200, "response headers" { "content security policy" "default src 'self';script src 'self' 'sha256 fqwuyyuwk6aywjkizigaxzlfl5tw4udbc5q ", "cross origin embedder policy" "require corp", "cross origin opener policy" "same origin", "cross origin resource policy" "same origin", "x frame options" "sameorigin", "strict transport security" "max age=15552000; includesubdomains", "x content type options" "nosniff", "origin agent cluster" "?1", "x permitted cross domain policies" "none", "referrer policy" "no referrer", "x xss protection" "0", "expires" "1697127810", "set cookie" "authtoken=816afa7afe54817815ccd419426977dd4926aea36cf5243ba2fb93483ee266dde7e83e ", "content type" "application/json; charset=utf 8", "content length" "109" }, "reason" "ok", "json body" { "code" 200, "status" "success", "action" "u\ superuser changing endpoint version", "args" {}, "content" "changing endpoint version" } } ] create user creates a new user endpoint url /api/v2/users/createuser method post input argument name type required description email string required parameter for create user firstname string optional name of the resource lastname string optional name of the resource telephone string optional parameter for create user title string optional parameter for create user roleid string optional unique identifier sso boolean optional parameter for create user tenantid string optional unique identifier output parameter type description status code number http status code of the response reason string response reason phrase code number output field code status string status value action string output field action args object output field args limitrefresh string output field limitrefresh content object response content example \[ { "status code" 200, "response headers" { "content security policy" "default src 'self';script src 'self' 'sha256 fqwuyyuwk6aywjkizigaxzlfl5tw4udbc5q ", "cross origin embedder policy" "require corp", "cross origin opener policy" "same origin", "cross origin resource policy" "same origin", "x frame options" "sameorigin", "strict transport security" "max age=15552000; includesubdomains", "x content type options" "nosniff", "origin agent cluster" "?1", "x permitted cross domain policies" "none", "referrer policy" "no referrer", "x xss protection" "0", "expires" "1697127810", "set cookie" "authtoken=816afa7afe54817815ccd419426977dd4926aea36cf5243ba2fb93483ee266dde7e83e ", "content type" "application/json; charset=utf 8", "content length" "109" }, "reason" "ok", "json body" { "code" 200, "status" "success", "action" "u\ superuser superuser logged out", "args" {}, "content" null } } ] get alert details by id return all details for one alert by its id endpoint url /api/v2/alerts/alertdetails method post input argument name type required description id string required unique identifier output parameter type description status code number http status code of the response reason string response reason phrase code number output field code status string status value action string output field action args object output field args id string unique identifier limitrefresh string output field limitrefresh content object response content type string type of the resource id number unique identifier endpoint string output field endpoint processid number unique identifier endpointid number unique identifier info string output field info status string status value actiondata object response data createdat string output field createdat updatedat string output field updatedat severity string output field severity user username object name of the resource attack type string type of the resource date number date value dump file string output field dump file host string output field host example \[ { "status code" 200, "response headers" { "content security policy" "default src 'self';script src 'self' 'sha256 fqwuyyuwk6aywjkizigaxzlfl5tw4udbc5q ", "cross origin embedder policy" "require corp", "cross origin opener policy" "same origin", "cross origin resource policy" "same origin", "x frame options" "sameorigin", "strict transport security" "max age=15552000; includesubdomains", "x content type options" "nosniff", "origin agent cluster" "?1", "x permitted cross domain policies" "none", "referrer policy" "no referrer", "x xss protection" "0", "expires" "1697127810", "set cookie" "authtoken=816afa7afe54817815ccd419426977dd4926aea36cf5243ba2fb93483ee266dde7e83e ", "content type" "application/json; charset=utf 8", "content length" "109" }, "reason" "ok", "json body" { "code" 200, "status" "success", "action" "u\ superuser gathered specific alert details", "args" {}, "content" {} } } ] get alert list return a summary list of alerts this route is useful for displaying top level information in tables endpoint url /api/v2/alerts/openalerts method post input argument name type required description endpointid string optional unique identifier output parameter type description status code number http status code of the response reason string response reason phrase code number output field code status string status value action string output field action args object output field args endpointid object unique identifier limitrefresh string output field limitrefresh content object response content rows array output field rows type string type of the resource time string time value info string output field info id number unique identifier status string status value severity string output field severity example \[ { "status code" 200, "response headers" { "content security policy" "default src 'self';script src 'self' 'sha256 fqwuyyuwk6aywjkizigaxzlfl5tw4udbc5q ", "cross origin embedder policy" "require corp", "cross origin opener policy" "same origin", "cross origin resource policy" "same origin", "x frame options" "sameorigin", "strict transport security" "max age=15552000; includesubdomains", "x content type options" "nosniff", "origin agent cluster" "?1", "x permitted cross domain policies" "none", "referrer policy" "no referrer", "x xss protection" "0", "expires" "1697127810", "set cookie" "authtoken=816afa7afe54817815ccd419426977dd4926aea36cf5243ba2fb93483ee266dde7e83e ", "content type" "application/json; charset=utf 8", "content length" "109" }, "reason" "ok", "json body" { "code" 200, "status" "success", "action" "u\ superuser gathered open alerts", "args" {}, "content" {} } } ] get alerts by time returns alerts for a given time period endpoint url /api/v2/alerts/alertsbytime method post input argument name type required description from string optional parameter for get alerts by time to string optional parameter for get alerts by time output parameter type description status code number http status code of the response reason string response reason phrase code number output field code status string status value action string output field action args object output field args from string output field from to string output field to limitrefresh string output field limitrefresh content object response content rows array output field rows id number unique identifier createdat string output field createdat type string type of the resource info string output field info status string status value example \[ { "status code" 200, "response headers" { "content security policy" "default src 'self';script src 'self' 'sha256 fqwuyyuwk6aywjkizigaxzlfl5tw4udbc5q ", "cross origin embedder policy" "require corp", "cross origin opener policy" "same origin", "cross origin resource policy" "same origin", "x frame options" "sameorigin", "strict transport security" "max age=15552000; includesubdomains", "x content type options" "nosniff", "origin agent cluster" "?1", "x permitted cross domain policies" "none", "referrer policy" "no referrer", "x xss protection" "0", "expires" "1697127810", "set cookie" "authtoken=816afa7afe54817815ccd419426977dd4926aea36cf5243ba2fb93483ee266dde7e83e ", "content type" "application/json; charset=utf 8", "content length" "109" }, "reason" "ok", "json body" { "code" 200, "status" "success", "action" "u\ superuser gathered alerts by time", "args" {}, "content" {} } } ] get alerts per endpoint returns an ordered list of endpoints from most alerts to least alerts endpoint url /api/v2/alerts/alertsperendpoint method post input argument name type required description limit integer optional parameter for get alerts per endpoint output parameter type description status code number http status code of the response reason string response reason phrase code number output field code status string status value action string output field action args object output field args limitrefresh string output field limitrefresh content object response content endpoints array output field endpoints id number unique identifier hostname string name of the resource alertcount number count value example \[ { "status code" 200, "response headers" { "content security policy" "default src 'self';script src 'self' 'sha256 fqwuyyuwk6aywjkizigaxzlfl5tw4udbc5q ", "cross origin embedder policy" "require corp", "cross origin opener policy" "same origin", "cross origin resource policy" "same origin", "x frame options" "sameorigin", "strict transport security" "max age=15552000; includesubdomains", "x content type options" "nosniff", "origin agent cluster" "?1", "x permitted cross domain policies" "none", "referrer policy" "no referrer", "x xss protection" "0", "expires" "1697127810", "set cookie" "authtoken=816afa7afe54817815ccd419426977dd4926aea36cf5243ba2fb93483ee266dde7e83e ", "content type" "application/json; charset=utf 8", "content length" "109" }, "reason" "ok", "json body" { "code" 200, "status" "success", "action" "u\ superuser gathered endpoints by alert amount", "args" {}, "content" {} } } ] get endpoint count returns number of endpoints for each connection status endpoint url /api/v2/endpoints/endpointcount method post output parameter type description status code number http status code of the response reason string response reason phrase code number output field code status string status value action string output field action args object output field args limitrefresh string output field limitrefresh content object response content connected number output field connected example \[ { "status code" 200, "response headers" { "content security policy" "default src 'self';script src 'self' 'sha256 fqwuyyuwk6aywjkizigaxzlfl5tw4udbc5q ", "cross origin embedder policy" "require corp", "cross origin opener policy" "same origin", "cross origin resource policy" "same origin", "x frame options" "sameorigin", "strict transport security" "max age=15552000; includesubdomains", "x content type options" "nosniff", "origin agent cluster" "?1", "x permitted cross domain policies" "none", "referrer policy" "no referrer", "x xss protection" "0", "expires" "1697127810", "set cookie" "authtoken=816afa7afe54817815ccd419426977dd4926aea36cf5243ba2fb93483ee266dde7e83e ", "content type" "application/json; charset=utf 8", "content length" "109" }, "reason" "ok", "json body" { "code" 200, "status" "success", "action" "u\ superuser gathered summary view of endpoints", "args" {}, "content" {} } } ] get endpoint data by id get a single endpoint data by id endpoint url /api/v2/endpoints/post method post input argument name type required description endpoint string required parameter for get endpoint data by id output parameter type description status code number http status code of the response reason string response reason phrase code number output field code status string status value action string output field action args object output field args endpoint string output field endpoint limitrefresh string output field limitrefresh content object response content id number unique identifier quarantineactive number output field quarantineactive collector string output field collector ipaddress string output field ipaddress profile string output field profile hostname string name of the resource swversion string output field swversion lastcheckinat string output field lastcheckinat os string output field os details string output field details testing number output field testing connected string output field connected status string status value connectionstatus string status value lastquery string output field lastquery alerts array output field alerts example \[ { "status code" 200, "response headers" { "content security policy" "default src 'self';script src 'self' 'sha256 fqwuyyuwk6aywjkizigaxzlfl5tw4udbc5q ", "cross origin embedder policy" "require corp", "cross origin opener policy" "same origin", "cross origin resource policy" "same origin", "x frame options" "sameorigin", "strict transport security" "max age=15552000; includesubdomains", "x content type options" "nosniff", "origin agent cluster" "?1", "x permitted cross domain policies" "none", "referrer policy" "no referrer", "x xss protection" "0", "expires" "1697127810", "set cookie" "authtoken=816afa7afe54817815ccd419426977dd4926aea36cf5243ba2fb93483ee266dde7e83e ", "content type" "application/json; charset=utf 8", "content length" "109" }, "reason" "ok", "json body" { "code" 200, "status" "success", "action" "u\ superuser gathered endpoint", "args" {}, "content" {} } } ] get endpoint uptime returns the uptime of each individual endpoint or all endpoints by id endpoint url /api/v2/endpoints/getuptime method post input argument name type required description id string optional unique identifier output parameter type description status code number http status code of the response reason string response reason phrase code number output field code status string status value action string output field action args object output field args limitrefresh string output field limitrefresh content object response content uptime string time value example \[ { "status code" 200, "response headers" { "content security policy" "default src 'self';script src 'self' 'sha256 fqwuyyuwk6aywjkizigaxzlfl5tw4udbc5q ", "cross origin embedder policy" "require corp", "cross origin opener policy" "same origin", "cross origin resource policy" "same origin", "x frame options" "sameorigin", "strict transport security" "max age=15552000; includesubdomains", "x content type options" "nosniff", "origin agent cluster" "?1", "x permitted cross domain policies" "none", "referrer policy" "no referrer", "x xss protection" "0", "expires" "1697127810", "set cookie" "authtoken=816afa7afe54817815ccd419426977dd4926aea36cf5243ba2fb93483ee266dde7e83e ", "content type" "application/json; charset=utf 8", "content length" "109" }, "reason" "ok", "json body" { "code" 200, "status" "success", "action" "u\ superuser gathered uptimes of endpoints", "args" {}, "content" {} } } ] get frontend table alert list return a summary list of alerts for the frontend table endpoint url /api/v2/alerts/summary method post input argument name type required description filters string optional parameter for get frontend table alert list sorters string optional parameter for get frontend table alert list offset string optional parameter for get frontend table alert list limit string optional parameter for get frontend table alert list output parameter type description status code number http status code of the response reason string response reason phrase code number output field code status string status value action string output field action args object output field args pagelength string output field pagelength filters string output field filters limitrefresh string output field limitrefresh content string response content example \[ { "status code" 200, "response headers" { "content security policy" "default src 'self';script src 'self' 'sha256 fqwuyyuwk6aywjkizigaxzlfl5tw4udbc5q ", "cross origin embedder policy" "require corp", "cross origin opener policy" "same origin", "cross origin resource policy" "same origin", "x frame options" "sameorigin", "strict transport security" "max age=15552000; includesubdomains", "x content type options" "nosniff", "origin agent cluster" "?1", "x permitted cross domain policies" "none", "referrer policy" "no referrer", "x xss protection" "0", "expires" "1697127810", "set cookie" "authtoken=816afa7afe54817815ccd419426977dd4926aea36cf5243ba2fb93483ee266dde7e83e ", "content type" "application/json; charset=utf 8", "content length" "109" }, "reason" "ok", "json body" { "code" 200, "status" "success", "action" "u\ superuser gathered summary view of alerts", "args" {}, "content" "gathered summary view of alerts" } } ] get number of alerts returns the number of alerts for a given type endpoint url /api/v2/alerts/numberofalerts method post input argument name type required description type string required type of the resource output parameter type description status code number http status code of the response reason string response reason phrase code number output field code status string status value action string output field action args object output field args type string type of the resource limitrefresh string output field limitrefresh content object response content count number count value example \[ { "status code" 200, "response headers" { "content security policy" "default src 'self';script src 'self' 'sha256 fqwuyyuwk6aywjkizigaxzlfl5tw4udbc5q ", "cross origin embedder policy" "require corp", "cross origin opener policy" "same origin", "cross origin resource policy" "same origin", "x frame options" "sameorigin", "strict transport security" "max age=15552000; includesubdomains", "x content type options" "nosniff", "origin agent cluster" "?1", "x permitted cross domain policies" "none", "referrer policy" "no referrer", "x xss protection" "0", "expires" "1697127810", "set cookie" "authtoken=816afa7afe54817815ccd419426977dd4926aea36cf5243ba2fb93483ee266dde7e83e ", "content type" "application/json; charset=utf 8", "content length" "109" }, "reason" "ok", "json body" { "code" 200, "status" "success", "action" "u\ superuser gathered number tampering of alerts", "args" {}, "content" {} } } ] get summary information about protected endpoints return summary level information about protected endpoints endpoint url /api/v2/endpoints/summary method post input argument name type required description filters string optional parameter for get summary information about protected endpoints sorters string optional parameter for get summary information about protected endpoints offset string optional parameter for get summary information about protected endpoints limit string optional parameter for get summary information about protected endpoints output parameter type description status code number http status code of the response reason string response reason phrase code number output field code status string status value action string output field action args object output field args pagelength string output field pagelength filters string output field filters limitrefresh string output field limitrefresh content object response content rows array output field rows hostname string name of the resource connectionstatus string status value status string status value testing number output field testing connected string output field connected quarantineactive number output field quarantineactive ipaddress string output field ipaddress os string output field os profile string output field profile id number unique identifier swversion string output field swversion collector string output field collector lastcheckin string output field lastcheckin activealertcount object count value example \[ { "status code" 200, "response headers" { "content security policy" "default src 'self';script src 'self' 'sha256 fqwuyyuwk6aywjkizigaxzlfl5tw4udbc5q ", "cross origin embedder policy" "require corp", "cross origin opener policy" "same origin", "cross origin resource policy" "same origin", "x frame options" "sameorigin", "strict transport security" "max age=15552000; includesubdomains", "x content type options" "nosniff", "origin agent cluster" "?1", "x permitted cross domain policies" "none", "referrer policy" "no referrer", "x xss protection" "0", "expires" "1697127810", "set cookie" "authtoken=816afa7afe54817815ccd419426977dd4926aea36cf5243ba2fb93483ee266dde7e83e ", "content type" "application/json; charset=utf 8", "content length" "109" }, "reason" "ok", "json body" { "code" 200, "status" "success", "action" "u\ superuser gathered summary view of endpoints", "args" {}, "content" {} } } ] kill alert by id kills a threat on an endpoint by alert id endpoint url /api/v2/alerts/killattack method post input argument name type required description id string required unique identifier output parameter type description status code number http status code of the response reason string response reason phrase code number output field code status string status value action string output field action args object output field args id number unique identifier limitrefresh string output field limitrefresh content object response content example \[ { "status code" 200, "response headers" { "content security policy" "default src 'self';script src 'self' 'sha256 fqwuyyuwk6aywjkizigaxzlfl5tw4udbc5q ", "cross origin embedder policy" "require corp", "cross origin opener policy" "same origin", "cross origin resource policy" "same origin", "x frame options" "sameorigin", "strict transport security" "max age=15552000; includesubdomains", "x content type options" "nosniff", "origin agent cluster" "?1", "x permitted cross domain policies" "none", "referrer policy" "no referrer", "x xss protection" "0", "expires" "1697127810", "set cookie" "authtoken=816afa7afe54817815ccd419426977dd4926aea36cf5243ba2fb93483ee266dde7e83e ", "content type" "application/json; charset=utf 8", "content length" "109" }, "reason" "ok", "json body" { "code" 200, "status" "success", "action" "u\ superuser sent request to kill process", "args" {}, "content" {} } } ] kill alerts accepts a list of alert ids and sends commands to their respective endpoints to kill threats endpoint url /api/v2/alerts/killattacks method post input argument name type required description attackids array required unique identifier output parameter type description status code number http status code of the response reason string response reason phrase code number output field code status string status value action string output field action args object output field args attackids array unique identifier limitrefresh string output field limitrefresh id number unique identifier content object response content example \[ { "status code" 200, "response headers" { "content security policy" "default src 'self';script src 'self' 'sha256 fqwuyyuwk6aywjkizigaxzlfl5tw4udbc5q ", "cross origin embedder policy" "require corp", "cross origin opener policy" "same origin", "cross origin resource policy" "same origin", "x frame options" "sameorigin", "strict transport security" "max age=15552000; includesubdomains", "x content type options" "nosniff", "origin agent cluster" "?1", "x permitted cross domain policies" "none", "referrer policy" "no referrer", "x xss protection" "0", "expires" "1697127810", "set cookie" "authtoken=816afa7afe54817815ccd419426977dd4926aea36cf5243ba2fb93483ee266dde7e83e ", "content type" "application/json; charset=utf 8", "content length" "109" }, "reason" "ok", "json body" { "code" 200, "status" "success", "action" "u\ superuser sent request to kill processes", "args" {}, "content" {} } } ] reinstall agent version uninstalls and reinstalls the same agent version on an endpoint endpoint url /api/v2/endpoints/reinstallagentversion method post input argument name type required description endpointids array required unique identifier token string optional secure token which indicates ownership of installed endpoint output parameter type description status code number http status code of the response reason string response reason phrase code number output field code status string status value action string output field action args object output field args endpointids array unique identifier token string output field token limitrefresh string output field limitrefresh query string output field query content string response content example \[ { "status code" 200, "response headers" { "content security policy" "default src 'self';script src 'self' 'sha256 fqwuyyuwk6aywjkizigaxzlfl5tw4udbc5q ", "cross origin embedder policy" "require corp", "cross origin opener policy" "same origin", "cross origin resource policy" "same origin", "x frame options" "sameorigin", "strict transport security" "max age=15552000; includesubdomains", "x content type options" "nosniff", "origin agent cluster" "?1", "x permitted cross domain policies" "none", "referrer policy" "no referrer", "x xss protection" "0", "expires" "1697127810", "set cookie" "authtoken=816afa7afe54817815ccd419426977dd4926aea36cf5243ba2fb93483ee266dde7e83e ", "content type" "application/json; charset=utf 8", "content length" "109" }, "reason" "ok", "json body" { "code" 200, "status" "success", "action" "u\ superuser reinstalling endpoint versions", "args" {}, "content" "reinstalling endpoint versions" } } ] release alerts accepts a list of alert ids and sends commands to their respective endpoints to release threats endpoint url /api/v2/alerts/releaseattacks method post input argument name type required description attackids array required unique identifier output parameter type description status code number http status code of the response reason string response reason phrase code number output field code status string status value action string output field action args object output field args attackids array unique identifier limitrefresh string output field limitrefresh id number unique identifier content object response content example \[ { "status code" 200, "response headers" { "content security policy" "default src 'self';script src 'self' 'sha256 fqwuyyuwk6aywjkizigaxzlfl5tw4udbc5q ", "cross origin embedder policy" "require corp", "cross origin opener policy" "same origin", "cross origin resource policy" "same origin", "x frame options" "sameorigin", "strict transport security" "max age=15552000; includesubdomains", "x content type options" "nosniff", "origin agent cluster" "?1", "x permitted cross domain policies" "none", "referrer policy" "no referrer", "x xss protection" "0", "expires" "1697127810", "set cookie" "authtoken=816afa7afe54817815ccd419426977dd4926aea36cf5243ba2fb93483ee266dde7e83e ", "content type" "application/json; charset=utf 8", "content length" "109" }, "reason" "ok", "json body" { "code" 200, "status" "success", "action" "u\ superuser sent request to release processes", "args" {}, "content" {} } } ] remediate alerts accepts a list of alert ids and sends commands to their respective endpoints to remediate threats endpoint url /api/v2/alerts/remediateattacks method post input argument name type required description attackids array required unique identifier output parameter type description status code number http status code of the response reason string response reason phrase code number output field code status string status value action string output field action args object output field args attackids array unique identifier limitrefresh string output field limitrefresh id number unique identifier content object response content example \[ { "status code" 200, "response headers" { "content security policy" "default src 'self';script src 'self' 'sha256 fqwuyyuwk6aywjkizigaxzlfl5tw4udbc5q ", "cross origin embedder policy" "require corp", "cross origin opener policy" "same origin", "cross origin resource policy" "same origin", "x frame options" "sameorigin", "strict transport security" "max age=15552000; includesubdomains", "x content type options" "nosniff", "origin agent cluster" "?1", "x permitted cross domain policies" "none", "referrer policy" "no referrer", "x xss protection" "0", "expires" "1697127810", "set cookie" "authtoken=816afa7afe54817815ccd419426977dd4926aea36cf5243ba2fb93483ee266dde7e83e ", "content type" "application/json; charset=utf 8", "content length" "109" }, "reason" "ok", "json body" { "code" 200, "status" "success", "action" "u\ superuser sent request to remediated processes", "args" {}, "content" {} } } ] remediate attack by id remediates a threat on an endpoint by alert id endpoint url /api/v2/alerts/remediateattack method post input argument name type required description id string required unique identifier output parameter type description status code number http status code of the response reason string response reason phrase code number output field code status string status value action string output field action args object output field args id number unique identifier limitrefresh string output field limitrefresh content object response content example \[ { "status code" 200, "response headers" { "content security policy" "default src 'self';script src 'self' 'sha256 fqwuyyuwk6aywjkizigaxzlfl5tw4udbc5q ", "cross origin embedder policy" "require corp", "cross origin opener policy" "same origin", "cross origin resource policy" "same origin", "x frame options" "sameorigin", "strict transport security" "max age=15552000; includesubdomains", "x content type options" "nosniff", "origin agent cluster" "?1", "x permitted cross domain policies" "none", "referrer policy" "no referrer", "x xss protection" "0", "expires" "1697127810", "set cookie" "authtoken=816afa7afe54817815ccd419426977dd4926aea36cf5243ba2fb93483ee266dde7e83e ", "content type" "application/json; charset=utf 8", "content length" "109" }, "reason" "ok", "json body" { "code" 200, "status" "success", "action" "u\ superuser sent request to remediate process", "args" {}, "content" {} } } ] send endpoint query send a direct query to endpoints endpoint url /api/v2/endpoints/sendquery method post input argument name type required description endpointids array required unique identifier query string required parameter for send endpoint query output parameter type description status code number http status code of the response reason string response reason phrase code number output field code status string status value action string output field action args object output field args endpointids array unique identifier query string output field query limitrefresh string output field limitrefresh content string response content example \[ { "status code" 200, "response headers" { "content security policy" "default src 'self';script src 'self' 'sha256 fqwuyyuwk6aywjkizigaxzlfl5tw4udbc5q ", "cross origin embedder policy" "require corp", "cross origin opener policy" "same origin", "cross origin resource policy" "same origin", "x frame options" "sameorigin", "strict transport security" "max age=15552000; includesubdomains", "x content type options" "nosniff", "origin agent cluster" "?1", "x permitted cross domain policies" "none", "referrer policy" "no referrer", "x xss protection" "0", "expires" "1697127810", "set cookie" "authtoken=816afa7afe54817815ccd419426977dd4926aea36cf5243ba2fb93483ee266dde7e83e ", "content type" "application/json; charset=utf 8", "content length" "109" }, "reason" "ok", "json body" { "code" 200, "status" "success", "action" "u\ superuser sent query \\"get\\" to endpoint", "args" {}, "content" "sent query \\"get\\" to endpoint" } } ] test endpoint send a testing mesage to the endpoint to confirm it is connected endpoint url /api/v2/endpoints/testendpoint method post input argument name type required description endpointids array required unique identifier output parameter type description status code number http status code of the response reason string response reason phrase code number output field code status string status value action string output field action args object output field args endpointids array unique identifier limitrefresh string output field limitrefresh content string response content example \[ { "status code" 200, "response headers" { "content security policy" "default src 'self';script src 'self' 'sha256 fqwuyyuwk6aywjkizigaxzlfl5tw4udbc5q ", "cross origin embedder policy" "require corp", "cross origin opener policy" "same origin", "cross origin resource policy" "same origin", "x frame options" "sameorigin", "strict transport security" "max age=15552000; includesubdomains", "x content type options" "nosniff", "origin agent cluster" "?1", "x permitted cross domain policies" "none", "referrer policy" "no referrer", "x xss protection" "0", "expires" "1697127810", "set cookie" "authtoken=816afa7afe54817815ccd419426977dd4926aea36cf5243ba2fb93483ee266dde7e83e ", "content type" "application/json; charset=utf 8", "content length" "109" }, "reason" "ok", "json body" { "code" 200, "status" "success", "action" "u\ superuser sent test query to endpoints", "args" {}, "content" "sent test query to endpoints" } } ] response headers header description example connection http response header connection keep alive content length the length of the response body in bytes 109 content security policy http response header content security policy default src 'self';script src 'self' 'sha256 fqwuyyuwk6aywjkizigaxzlfl5tw4udbc5qviyfpjjs=';style src 'self' 'unsafe inline';font src 'self' data ;upgrade insecure requests;base uri 'self';form action 'self';frame ancestors 'self';img src 'self' data ;object src 'none';script src attr 'none' content type the media type of the resource application/json; charset=utf 8 cross origin embedder policy http response header cross origin embedder policy require corp cross origin opener policy http response header cross origin opener policy same origin cross origin resource policy http response header cross origin resource policy same origin date the date and time at which the message was originated thu, 12 oct 2023 16 08 30 gmt etag an identifier for a specific version of a resource w/"6d ihmnyfuba8qevxed2uxq2dqisyi" expires the date/time after which the response is considered stale 1697127810 keep alive http response header keep alive timeout=5 origin agent cluster http response header origin agent cluster ?1 referrer policy http response header referrer policy no referrer set cookie http response header set cookie authtoken=816afa7afe54817815ccd419426977dd4926aea36cf5243ba2fb93483ee266dde7e83eb8fcf182bf35467421fd915732ac144a1aeb3fec835249d7d37ad73902e4804704b1424f05348dd24b12b24985eff13348f6f06b107ec1e48d0b49a26b2678c4e154ee54c8b1a274122552c63cbfa488e77f0dee84c78f9c882641be7c; path=/; httponly; secure strict transport security http response header strict transport security max age=15552000; includesubdomains x content type options http response header x content type options nosniff x frame options http response header x frame options sameorigin x permitted cross domain policies http response header x permitted cross domain policies none x xss protection http response header x xss protection 0 notes api documentation https //api zerolock com/#/