Use Cases
These use cases describe business scenarios that you can address using the Endpoint Security REST API.
See the Walkthrough of Endpoints and Groups for information on how to configure a POST request.
Authentication
Before you can start using v2 of the REST API, you need to have to obtain an access token (JWT) using a valid Endpoint Security username and password.
Solutions
-
POST/api/v2/Authentication/Login to return a JWT to access the API.
Request URL:
http://<host>:<port>/api/v2/Authentication/Login
Agent Policy Sets
Import, export or update Agent Policy Sets
You need to import, export, update agent policy sets between systems..
Solutions
-
GET /api/v2/AgentPolicySets/HEAT.RESTAPI.Export() to export the agent policy sets to an XML file.
Request URL:
http://<host>:<port>/api/v2/AgentPolicySets/HEAT.RESTAPI.Export() -
POST/api/v2/AgentPolicySets/HEAT.RESTAPI.Import to read a previously exported XML file and import the policies into IES.
Request URL:
http://<host>:<port>/api/v2/AgentPolicySets/HEAT.RESTAPI.Import
AntiVirus
View AntiVirus event alerts
You need to query information about the event alerts generated by virus and malware scans in your environment.
Solutions
-
GET /api/v2/AvAlerts to return a list of all alerts generated in your environment.
Request URL:
http://<host>:<port>/api/v2/AvAlerts -
GET /api/v2/Endpoints({guid})/AvAlerts to return the alerts generated by a specific endpoint.
Request URL:
http://<host>:<port>/api/v2/Endpoints(<Guid>)/AvAlerts
Check the status of the AntiVirus module
You need to confirm that endpoints are protected by the AntiVirus module and their definitions are up-to-date.
Solutions
-
GET /api/v2/Modules to return a list of modules installed on endpoints.
Request URL:
http://<host>:<port>/api/v2/Modules -
GET /api/v2/Endpoints({guid})/EndpointModules to return a list of modules installed on a specific endpoint.
Request URL:
http://<host>:<port>/api/v2/Endpoints(<Guid>)/EndpointModules -
GET /api/v2/Endpoints({guid})/AvDefinition to return information about the AntiVirus definitions file installed on a specific endpoint.
Request URL:
http://<host>:<port>/api/v2/Endpoints(<Guid>)/AvDefinition
View information about AntiVirus policies
You need information about the AntiVirus policies in your environment, like when it was created and the number of endpoints, groups and entities assigned to them.
Solutions
-
GET /api/v2/Policies to get information about the AntiVirus policies in your environment.
Request URL:
http://<host>:<port>/api/v2/Policies -
GET /api/v2/Policies{‘{PolicyType}’} to return a list of AntiVirus policies of a specific type.
Request URL:
http://<host>:<port>/api/v2/Policies(<Policy Type>) -
GET /api/v2/Endpoints({guid})/AvDefinition to return information about the AntiVirus definitions file installed on a specific endpoint.
Request URL:
http://<host>:<port>/api/v2/Endpoints(<Guid>)/AvDefinition
Application Control Policies
Import or export Application Control Policies
You need to import or export Application Control Policies between systems.
Solutions
-
GET /api/v2/Policies/HEAT.RESTAPI.AcPoliciesExport() to export the Application Control Policies to an XML file.
Request URL:
http://<host>:<port>/api/v2/Policies/HEAT.RESTAPI.AcPoliciesExport() -
POST/api/v2/Policies/HEAT.RESTAPI.AcPoliciesImport to read a previously exported XML file and import the policies into IES.
Request URL:
http://<host>:<port>/api/v2/Policies/HEAT.RESTAPI.AcPoliciesImport
Discover, install and uninstall agents
Create Jobs to discover, install and uninstall agents
You need to discover, install and uninstall agents. Each of these is done by creating a job.
Solutions
-
POST/api/v2/Jobs to create a job.
Request URL: http://<host>:<port>/api/v2/Jobs
Custom Patch Lists
Manage Custom Patch Lists
You need to query, create and delete Custom Patch Lists, and add content to them.
Solutions
-
GET/api/v2/CustomPatchLists to return a list of all custom patch lists in your environment.
Request URL:
http://<host>:<port>/api/v2/CustomPatchLists -
GET/api/v2/CustomPatchLists({id})/Bulletins to return the contents of a specified custom patch list.
Request URL:
http://<host>:<port>/api/v2/CustomPatchLists(<Id>)/Bulletins -
POST/api/v2/CustomPatchLists to create a new, empty custom patch list.
-
PUT/api/v2/CustomPatchLists({Id})/Bulletins to add bulletins to a custom patch list.
Request URL:
http://<host>:<port>/api/v2/CustomPatchLists(<Id>)/Bulletins -
DELETE/api/v2/CustomPatchLists({Id}) to delete a specified custom patch list.
-
DELETE/api/v2/CustomPatchLists({Id})/Bulletins to delete specified bulletins from a specified custom patch list.
Create a deployment based on a Custom Patch List
You need to deploy a Custom Patch Lists and add content to them.
Solutions
-
GET/api/v2/DeploymentGroup to return a list of all deployment groups in your environment.
Request URL:
http://<host>:<port>/api/v2/DeploymentGroup -
POST/api/v2/DeploymentGroup to create the deployment of a custom patch list to a deployment group.
Query the status of deployment tasks and deployment targets
You want to query deployment tasks and targets.
Solutions
-
GET/api/v2/DeploymentGroup({Id})/DeploymentTasks to return all deployment tasks of a specified deployment group.
Request URL:
http://<host>:<port>/api/v2/DeploymentGroup({Id})/DeploymentTasks -
GET/api/v2/DeploymentGroup({Id})/DeploymentTasks({guid})/DeploymentTargets to get the deployment targets for a deployment task.
Groups
Manage groups and the endpoints within them
You need to create, delete and get information about groups, as well as add and remove endpoints from them.
Solutions
-
GET /api/v2/Groups to return a list of all the groups in your environment.
Request URL:
http://<host>:<port>/api/v2/Groups -
GET /api/v2/Groups({Id}) to return information about a specific group.
Request URL:
http://<host>:<port>/api/v2/Groups(<Id>) -
GET /api/v2/Groups({id})/Endpoints to return information about the endpoints in a specific group.
Request URL:
http://<host>:<port>/api/v2/Groups(<Id>)/Endpoints -
POST /api/v2/Groups to create a new group.
-
POST /api/v2/Groups({id})/Endpoints({endpointGuid}) to add specific endpoints to a specific group.
-
DELETE /api/v2/Groups to delete an existing group.
-
DELETE /api/v2/Groups({id})/Endpoints({endpointGuid}) to delete specific endpoints in a specific group.
Endpoints
Identify endpoints requiring reboot
You need to know which endpoints require a reboot so your client management system can schedule the reboot to occur at a convenient time.
Solutions
-
GET /api/v2/Modules with an OData filter to get a list of modules where the value of the parameter IsPendingReboot is True.
Request URL:
http://<host>:<port>/api/v2/Modules?$filter=IsPendingReboo t eq true -
GET /api/v2/Endpoints({guid})/EndpointModules to get a list of modules installed on a specific endpoint and information about them. Check the status of the parameter IsPendingReboot for AntiVirus.
Request URL:
http://<host>:<port>/api/v2/Endpoints(<Guid>)/EndpointModules
System Synchronization
You need to run a daily query of registered endpoints to compare with a master system for inventory purposes.
Solution
-
GET /api/v2/Endpoints to get a list of endpoints in your environment.
Request URL:
http://<host>:<port>/api/v2/Endpoints
Update the Display name for an Endpoint
You want to update the Display Name in Endpoint Security for an endpoint in your environment.
Solution
-
PUT put /api/v2/Endpoints({guid})/HEAT.RESTAPI.UpdateDisplayName to update the Display Name of the specified endpoint.
Request URL:
http://<host>:<port>/api/v2/Endpoints(<Guid>)/HEAT.RESTAPI.UpdateDisplayName
Check the vulnerability status of endpoints
You need to verify that endpoints are patched for all critical vulnerabilities before allowing them access to the network.
Solutions
-
GET /api/v2/Endpoints({guid})/Vulnerability to return vulnerabilities for a specific endpoint.
Request URL:
http://<host>:<port>/api/v2/Endpoints(<Guid>)/Vulnerability -
GET /api/v2/VulnerabilitiesSummary to return a summary of the vulnerabilities patched/not patched in your environment.
Request URL:
http://<host>:<port>/api/v2/VulnerabilitiesSummary
-
GET /api/v2/VulnerabilitiesSummary({EndpointGuid}) to return a summary of the vulnerabilities patched/not patched on a specific endpoint.
Request URL:
http://<host>:<port>/api/v2/VulnerabilitiesSummary(<EndpointGuid>)
Mandatory Baselines
Manage the content of mandatory baselines for groups.
You need to manage the mandatory baseline to ensure these are up to date and contain all relevant elements.
Solution
-
GET /api/v2/Groups({Id})/MandatoryBaselines to return the content of the mandatory baseline for a specified group.
Request URL:
http://<host>:<port>/api/v2/Groups(<Id>)/MandatoryBaselines -
POST/api/v2/Groups({Id})/MandatoryBaselines to add content to the mandatory baseline for a specified group.
Request URL:
http://<host>:<port>/api/v2/Groups(<Id>)/MandatoryBaselines -
DELETE/api/v2/Groups({Id})/MandatoryBaselines to delete content from the mandatory baseline for a specified group.
Request URL:
http://<host>:<port>/api/v2/Groups(<Id>)/MandatoryBaselines
DAU Scans
Report on Discover Applicable Updates (DAU) scans
You need information on DAU scans to ensure they are running and you’re getting accurate and up to date endpoint vulnerability statuses.
Solution
-
GET /api/v2/Endpoints({guid})/Vulnerability to return information about a DAU scan on a specific endpoint.
Request URL:
http://<host>:<port>/api/v2/Endpoints(<Guid>)/Vulnerability -
POST/api/v2/DiscoverApplicableUpdates/HEAT.RESTAPI.ScanNow to schedule a DAU scan to be performed as soon as possible on specified agents and/or groups.
Request URL:
http://<host>:<port>/api/v2/DiscoverApplicableUpdates/HEAT.RESTAPI.ScanNow