Use Cases

These use cases describe business scenarios that you can address using the Endpoint Security REST API.

You need to query information about the event alerts generated by virus and malware scans in your environment.

Solutions

  • GET /api/v1/AvAlerts to return a list of all alerts generated in your environment.
    Request URL: http://<host>:<port>/api/v1/AvAlerts

  • GET /api/v1/Endpoints({guid})/AvAlerts to return the alerts generated by a specific endpoint.
    Request URL: http://<host>:<port>/api/v1/Endpoints(<Guid>)/AvAlerts

You need to confirm that endpoints are protected by the AntiVirus module and their definitions are up-to-date.

Solutions

  • GET /api/v1/Modules to return a list of modules installed on endpoints.
    Request URL: http://<host>:<port>/api/v1/Modules

  • GET /api/v1/Endpoints({guid})/EndpointModules to return a list of modules installed on a specific endpoint.
    Request URL:
    http://<host>:<port>/api/v1/Endpoints(<Guid>)/EndpointModules

  • GET /api/v1/Endpoints({guid})/AvDefinition to return information about the AntiVirus definitions file installed on a specific endpoint.
    Request URL:
    http://<host>:<port>/api/v1/Endpoints(<Guid>)/AvDefinition

You need information about the AntiVirus policies in your environment, like when it was created and the number of endpoints, groups and entities assigned to them.

Solutions

  • GET /api/v1/Policies to get information about the AntiVirus policies in your environment.
    Request URL: http://<host>:<port>:43470/api/v1/Policies

  • GET /api/v1/Policies{‘{PolicyType}’} to return a list of AntiVirus policies of a specific type.
    Request URL: http://<host>:<port>/api/v1/Policies(<Policy Type>)

  • GET /api/v1/Endpoints({guid})/AvDefinition to return information about the AntiVirus definitions file installed on a specific endpoint.
    Request URL: http://<host>:<port>/api/v1/Endpoints(<Guid>)/AvDefinition

You need to create, delete and get information about groups, as well as add and remove endpoints from them.

Solutions

  • GET /api/v1/Groups to return a list of all the groups in your environment.
    Request URL: http://<host>:<port>/api/v1/Groups

  • GET /api/v1/Groups({Id}) to return information about a specific group.
    Request URL: http://<host>:<port>/api/v1/Groups(<Id>)

  • GET /api/v1/Groups({id})/Endpoints to return information about the endpoints in a specific group.
    Request URL: http://<host>:<port>/api/v1/Groups(<Id>)/Endpoints

  • DELETE /api/v1/Groups({id})/Endpoints({endpointGuid}) to delete specific endpoints in a specific group.

  • DELETE /api/v1/Groups to delete an existing group.

  • POST /api/v1/Groups to create a new group.

  • POST /api/v1/Groups({id})/Endpoints({endpointGuid}) to add specific endpoints to a specific group.

See the Walkthrough of Endpoints and Groups for information on how to configure a POST request.

You need to know which endpoints require a reboot so your client management system can schedule the reboot to occur at a convenient time.

Solutions

  • GET /api/v1/Modules with an OData filter to get a list of modules where the value of the parameter IsPendingReboot is True.
    Request URL:
    http://<host>:<port>/api/v1/Modules?$filter=IsPendingReboo t eq true

  • GET /api/v1/Endpoints({guid})/EndpointModules to get a list of modules installed on a specific endpoint and information about them. Check the status of the parameter IsPendingReboot for AntiVirus.
    Request URL:
    http://<host>:<port>/api/v1/Endpoints(<Guid>)/EndpointModules

You need to run a daily query of registered endpoints to compare with a master system for inventory purposes.

Solution

  • GET /api/v1/Endpoints to get a list of endpoints in your environment.
    Request URL: http://<host>:<port>/api/v1/Endpoints

You want to update the Display Name in Endpoint Security for an endpoint in your environment.

Solution

  • PUT put /api/v1/Endpoints({guid})/HEAT.RESTAPI.UpdateDisplayName to update the Display Name of the specified endpoint.
    Request URL: http://<host>:<port>/api/v1/Endpoints(<Guid>)/HEAT.RESTAPI.UpdateDisplayName
    JSON body:

    {

    "DisplayName":"<DesiredName>"

    }

You need to verify that endpoints are patched for all critical vulnerabilities before allowing them access to the network.

Solutions

  • GET /api/v1/Endpoints({guid})/Vulnerability to return vulnerabilities for a specific endpoint.
    Request URL: http://<host>:<port>/api/v1/Endpoints(<Guid>)/Vulnerability

  • GET /api/v1/VulnerabilitiesSummary to return a summary of the vulnerabilities patched/not patched in your environment.
    Request URL: http://<host>:<port>/api/v1/VulnerabilitiesSummary

  • GET /api/v1/VulnerabilitiesSummary({EndpointGuid}) to return a summary of the vulnerabilities patched/not patched on a specific endpoint.
    Request URL:
    http://<host>:<port>/api/v1/VulnerabilitiesSummary (<EndpointGuid>)

You need information on DAU scans to ensure they are running and you’re getting accurate and up to date endpoint vulnerability statuses.

Solution

  • GET /api/v1/Endpoints({guid})/Vulnerability to return information about a DAU scan on a specific endpoint.
    Request URL: http://<host>:<port>/api/v1/Endpoints(<Guid>)/Vulnerability