API Calls

This chapter describes the Ivanti Neurons for Zero Trust Access (nZTA) entities and the API calls that can be made to them.

• Analytics, see Analytics.
• Applications, see Applications (resources).
• Authentication Servers, see Authentication Server (auth-servers).
• Device Policies, see Device Policies (device-policy/groups).
• Device Policy Rules, see Device Policy Rules (device-policy/rules).
• Gateways, see Gateway (gateways).
• Gateway Settings, see Gateway Settings.
• Gateway Groups, see Gateway Group (groups).
• Hostchecker Levels, see Hostchecker Levels (hostchecker/levels).
• Hostchecker Products, see Hostchecker Products (hostchecker/products).
• Resources, see "Applications" and "User Policies".
• Resource Groups, see Resource Group (resource-groups).
• Role Mapping Rules, see Role Mapping Rules (role-mapping-rules).
• Secure Access Policies, see Secure Access Policy (secure-access-policies).
• Enterprise Integrations Syslog Server Configuration, see Enterprise Integrations Configurations Service (integrations/syslog).
• Users, see Users (users).
• User Rule Groups, see User Rule Groups (user-rule-groups).
• User Policies, see User Policies (resources).
• Lockdown exceptions, see Lockdown Exceptions
• MDM Server, see MDM Server

• User Risk Score, see User Risk Score

For all calls, the following CURL command format uses the DSID cookie to query the REST API server:

curl -v --cookie "DSID=<value>" <api_request_url>

Analytics

The analytics resource provides API calls for components and elements within the Insights analytics pages of the Tenant Admin Portal. Analytics supports the following Network Overview activities:

•Retrieving data for the Summary Ribbon, see Retrieving Analytics Data for the Summary Ribbon.

•Retrieving data for the World Map Gateway Locations view, see Retrieving Analytics Data for the World Map Gateway Location View.

•Retrieving data for the World Map Users view, see Retrieving Analytics Data for the World Map Users View.

•Retrieving data for the Sankey chart view, see Retrieving Analytics Data for the Sankey Chart View.

•Retrieving data for the Top Active Gateways chart, see Retrieving Analytics Data for the Top Active Gateways Chart.

•Retrieving data for the Top Active Applications chart, see Retrieving Analytics Data for the Top Active Applications Chart.

•Retrieving data for the Top Active User Locations chart, see Retrieving Analytics Data for the Top Active User Locations Chart.

•Retrieving data for the Active Anomalies chart, see Retrieving Analytics Data for the Active Anomalies Chart.

•Retrieving data for the Connected Clients Version chart, see Retrieving Analytics Data for the Connected Clients Version Chart.

•Retrieving data for the Non-compliances chart, see Retrieving Analytics Data for the Non-compliances Chart.

•Retrieving data for the Gateways Info-panel, see Retrieving Analytics Data for the Gateways Info-panel.

•Retrieving data for the Users Info-panel, see Retrieving Analytics Data for the Users Info-panel.

•Retrieving data for the Devices Info-panel, see Retrieving Analytics Data for the Devices Info-panel.

•Retrieving data for the Applications Info-panel, see Retrieving Analytics Data for the Applications Info-panel.

•Retrieving data for the Non-compliances Info-panel, see Retrieving Analytics Data for the Non-compliances Info-panel.

•Retrieving data for the Anomalies Info-panel, see Retrieving Analytics Data for the Anomalies Info-panel.

The analytics resource also provides the following Logs activity:

•Retrieving log data, see Retrieving Log Data.

The analytics resource also provides the following Gateways activity:

•Retrieving Gateway metrics, see Retrieving Aggregated Gateway Statistics.

•Retrieving data for the Admin Notifications, see Retrieving Admin Notifications.

•Retrieving data for the Alerts, see Retrieving Alerts.

•Retrieving data for the DDR, see Retrieving DDR Data.

•Retrieving data for the Filter, see Retrieving Filter.

•Retrieving data for the Application Access Summary, see Retrieving Application Access Summary.

•Retrieving data for the Applications by Type, see Retrieving Applications by Type.

•Retrieving data for the Applications by Protocol, see Retrieving Applications by Protocol.

•Retrieving data for the Applications by Policy Name, see Retrieving Applications by Policy Name.

•Retrieving data for the Applications Access Trend, see Retrieving Applications Access Trend.

•Retrieving data for the Applications by App Group, see Retrieving Applications by App Group.

•Retrieving data for the Applications by Location, see Retrieving Applications by Location.

•Retrieving data for the Applications by Device Type, see Retrieving Applications by Device Type.

•Retrieving data for the Applications by Not Reachable, see Retrieving Applications by Not Reachable.

•Retrieving data for the Applications Health Details, see Retrieving Applications Health Details.

•Retrieving data for the Application Access by Device Type, see Retrieving Application Access by Device Type.

•Retrieving data for the Application Access by User Group, see Retrieving Application Access by User Group.

•Retrieving data for the Application Access by User Location, see Retrieving Application Access by User Location.

•Retrieving data for the Application Access Trend, see Retrieving Application Access Trend.

•Retrieving data for the Applications List, see Retrieving Applications List.

•Retrieving data for the Applications Details, see Retrieving Applications Details.

Retrieving Analytics Data for the Summary Ribbon

To retrieve a resource containing Summary Ribbon totals, use the REST API call below:

• Method: POST /api/analytics/summary
• Resource: Path
• JSON Data: JSON data structure representing the CommonFilterObject schema (see Schema) - containing date/time period selection, and optional filter for gateway selection.

Schema

The CommonFilterObject schema entity contains the following fields:

Request

The following is an example request:

POST /api/analytics/summary
Authorization:
Content-Type: application/json
Request Body
{
  "current_time": 1648119483,
  "start_time": 1580515200,
  "time_duration_type": "active",
  "timezone_offset": 330,
  "gateway_type": "zta",
  "global_filter": {
    "gateway_ids": [
      "74h4h3-u43943-4u3o4",
      "84h4h3-u43943-4u3o5"
    ]
  }
}

Response

The following is an example response:

HTTP/1.1 200 OK
Content-Type: application/json
Response Body
{
  [
    {
      "actual_value": 3,
      "description": "Active users",
      "line_graph_color": "green",
      "line_graph_data": [
        0,
        0,
        0,
        0,
        0,
        0,
        0,
        0,
        0,
        0,
        0,
        1,
        3
      ],
      "name": "users",
      "status": 0,
      "total_value": 1000,
      "trend_delta": 3,
      "trend_direction": "up"
    },
    {
      "actual_value": 3,
      "description": "Active devices",
      "line_graph_color": "green",
      "line_graph_data": [
        0,
        0,
        0,
        0,
        0,
        0,
        0,
        0,
        0,
        0,
        0,
        1,
        3
      ],
      "name": "devices",
      "status": 100,
      "total_value": 13,
      "trend_delta": 3,
      "trend_direction": "up"
    },
    {
      "actual_value": 2,
      "description": "Active gateways",
      "line_graph_color": "green",
      "line_graph_data": [
        0,
        0,
        0,
        0,
        0,
        0,
        0,
        0,
        0,
        0,
        0,
        1,
        2
      ],
      "name": "gateways",
      "status": 0,
      "total_value": 6,
      "trend_delta": 2,
      "trend_direction": "up"
    },
    {
      "actual_value": 7,
      "description": "Active applications",
      "line_graph_color": "green",
      "line_graph_data": [
        0,
        0,
        0,
        0,
        0,
        0,
        0,
        0,
        0,
        0,
        0,
        3,
        4
      ],
      "name": "applications",
      "status": 0,
      "total_value": 43,
      "trend_delta": 7,
      "trend_direction": "up"
    },
    {
      "actual_value": 3,
      "description": "Non-compliances",
      "line_graph_color": "red",
      "line_graph_data": [
        0,
        0,
        0,
        0,
        0,
        0,
        0,
        0,
        0,
        0,
        0,
        0,
        0,
        0,
        0,
        0,
        0,
        0,
        0,
        0,
        0,
        0,
        0,
        0,
        3
      ],
      "name": "non_compliance",
      "status": 100,
      "total_value": 3,
      "trend_delta": 3,
      "trend_direction": "up"
    },
    {
      "actual_value": 13,
      "description": "Anomalies count",
      "line_graph_color": "red",
      "line_graph_data": [
        0,
        0,
        0,
        0,
        0,
        0,
        0,
        0,
        0,
        0,
        1,
        0,
        0,
        0,
        0,
        0,
        0,
        5,
        0,
        0,
        0,
        0,
        4,
        2,
        0,
        0,
        0,
        0,
        0,
        1,
        0
      ],
      "name": "anomalies",
      "status": 100,
      "total_value": 13,
      "trend_delta": 0,
      "trend_direction": "flat"
    }
  ]
}
            

Retrieving Analytics Data for the World Map Gateway Location View

To retrieve a resource containing gateway data-points plotted on a map overlay using geographic coordinates, use the REST API call below:

• Method: POST /api/analytics/location_view
• Resource: Path
• JSON Data: JSON data structure containing map overlay coordinates, date/time period selection, and optional filter for gateway selection.

If processed correctly, a JSON body is returned that contains a list of data-points along with summary information and aggregated information. Otherwise, a JSON body containing an error is returned.

Request

The following is an example request:

POST /api/analytics/location_view
Authorization:
Content-Type: application/json
Request Body
{
  "top_left_lat": 23,
  "top_left_long": -12,
  "bottom_right_lat": -34,
  "bottom_right_long": 47,
  "current_time": 1648119483,
  "start_time": 1580515200,
  "time_duration_type": "active",
  "timezone_offset": 330,
  "gateway_type": "zta",
  "global_filter": {
    "gateway_ids": [
      "74h4h3-u43943-4u3o4",
      "84h4h3-u43943-4u3o5"
    ]
  }
}

Response

The following is an example response:

HTTP/1.1 200 OK
Content-Type: application/json
Response Body
{
  "response_type": "string",
  "bubble_items": [
    {
      "status": 73,
      "granularity": "city",
      "city": "Austin",
      "country": "USA",
      "continent": "North America",
      "latitude": 48.5,
      "longitude": 71.923,
      "num_gws_good": 1,
      "num_gws_warning": 1,
      "num_gws_critical": 1,
      "num_gws_offline": 1,
      "active_users": {},
      "active_devices": {},
      "active_gateways": {},
      "active_applications": {},
      "num_deviations": {},
      "non_compliance_count": {},
      "critical_errors": {},
      "id": "austin",
      "user_location_bubble_items": [
        {
          "id": "bengaluru",
          "city": "bengaluru",
          "latitude": 48.5,
          "longitude": 71.923,
          "num_active_users": 10
          "num_non_compliance_users": 0
        }
      ]
    }
  ]
}

Retrieving Analytics Data for the World Map Users View

To retrieve a resource containing user data-points plotted on a map overlay using geographic coordinates, use the REST API call below:

• Method: POST /api/analytics/zta_users_location_view
• Resource: Path
• JSON Data: JSON data structure containing date/time period selection, and optional filter for gateway selection

If processed correctly, a JSON body is returned that contains a list of data-points along with summary information. Otherwise, a JSON body containing an error is returned.

Request

The following is an example request:

POST /api/analytics/location_view
Authorization:
Content-Type: application/json
Request Body
{
  "current_time": 1580515200,
  "start_time": 1580515200,
  "time_duration_type": "day",
  "timezone_offset": 330,
  "gateway_type": "pcs",
  "overlay_filter_type": "non_compliance_users",
  "global_filter": {
    "gateway_ids": [
      "74h4h3-u43943-4u3o4",
      "84h4h3-u43943-4u3o5"
    ]
  }
}

Response

The following is an example response:

HTTP/1.1 200 OK
Content-Type: application/json
Response Body
{
  "count": 10,
  "bubble_items": [
    {
      "granularity": "city",
      "city": "Austin",
      "country": "USA",
      "continent": "North America",
      "bubble_color": "Green",
      "latitude": 48.5,
      "longitude": 71.923,
      "avg_risk_score": {
        "count": 9,
        "color": "Green"
      },
      "num_active_users": 176,
      "num_high_risk_users": 21,
      "num_moderate_risk_users": 9,
      "num_low_risk_users": 3,
      "num_no_risk_users": 0
    }
  ]
}

Retrieving Analytics Data for the Sankey Chart View

To retrieve a resource containing data-points for plotting a Sankey chart of data flow between user groups, devices, Gateways, and applications, use the REST API call below:

• Method: POST /api/analytics/sankey_chart
• Resource: Path
• JSON Data: JSON data structure representing the CommonFilterObject schema (see Schema) - containing date/time period selection, and optional filter for gateway selection.

If processed correctly, a JSON body is returned that contains a list of data-points for plotting a Sankey chart. Otherwise, a JSON body containing an error is returned.

Parameters

• max_items_per_pillar: (integer - in: query)

  When this value <= 0, all items in each pillar will be returned. Otherwise, only specified maximum number of items per pillar will be returned in response. Default: -1.

• apps_details: (string - in: query)

  Flag capturing whether to return all apps or discovered apps details. Available values : all (default), discovered, non_discovered, default_gateway.

Request

The following is an example request:

POST /api/analytics/sankey_chart?max_items_per_pillar=-1&apps_details=all
Authorization:
Content-Type: application/json
Request Body
{
  "current_time": 1648119483,
  "start_time": 1580515200,
  "time_duration_type": "active",
  "timezone_offset": 330,
  "gateway_type": "zta",
  "global_filter": {
    "gateway_ids": [
      "74h4h3-u43943-4u3o4",
      "84h4h3-u43943-4u3o5"
    ]
  }
}

Response

The following is an example response:

HTTP/1.1 200 OK
Content-Type: application/json
Response Body
{
  "applications_list": [],
  "device_types_to_gateway_names": [
    {
      "source": "Windows",
      "target": "blackthorn-bng-2",
      "value": 12
    },
    {
      "source": "Windows",
      "target": "az-bkthrn-eastus",
      "value": 4
    }
  ],
  "gateway_names_to_application_names": [
    {
      "source": "blackthorn-bng-2",
      "target": "amazon",
      "value": 4
    },
    {
      "source": "blackthorn-bng-2",
      "target": "atlassian",
      "value": 3
    },
    {
      "source": "blackthorn-bng-2",
      "target": "bngvc.bnglab.psecure.net",
      "value": 3
    },
    {
      "source": "az-bkthrn-eastus",
      "target": "juniper.net",
      "value": 3
    },
    {
      "source": "blackthorn-bng-2",
      "target": "rdp",
      "value": 1
    },
    {
      "source": "blackthorn-bng-2",
      "target": "telnetresource ip",
      "value": 1
    },
    {
      "source": "az-bkthrn-eastus",
      "target": "community.juniper.net",
      "value": 1
    }
  ],
  "user_groups_to_device_types": [
    {
      "source": "bng group",
      "target": "Windows",
      "value": 12
    },
    {
      "source": "sj group",
      "target": "Windows",
      "value": 4
    }
  ]
}

Retrieving Analytics Data for the Top Active Gateways Chart

To retrieve a resource containing data used to create the top Active Gateways chart, use the REST API call below:

• Method: POST /api/analytics/widgets/top_gateways
• Resource: Path
• JSON Data: JSON data structure based on the FilterObject schema (see Schema) - containing date/time period selection and optional filter for gateway selection.

Schema

The FilterObject schema entity contains the following fields:

Parameters

• num_gateways: (integer - in: query)

  The maximum number of Gateways for which data is returned. Default: 10.

Request

The following is an example request:

POST /api/analytics/widgets/top_gateways?num_gateways=10
Authorization:
Content-Type: application/json
Request Body
{
  "current_time": 1648119483,
  "start_time": 1580515200,
  "time_duration_type": "active",
  "timezone_offset": 330,
  "gateway_type": "zta",
  "global_filter": {
    "gateway_ids": [
      "74h4h3-u43943-4u3o4",
      "84h4h3-u43943-4u3o5"
    ]
  }
}

Response

The following is an example response:

HTTP/1.1 200 OK
Content-Type: application/json
Response Body
{
  "gateways": [
    {
      "name": "blackthorn-bng-2",
      "value": 2
    },
    {
      "name": "az-bkthrn-eastus",
      "value": 1
    }
  ],
  "title": "TOP GATEWAYS"
}

Retrieving Analytics Data for the Top Active Applications Chart

To retrieve a resource containing data used to create the top Active Applications chart, use the REST API call below:

• Method: POST /api/analytics/widgets/top_applications
• Resource: Path
• JSON Data: JSON data structure based on the FilterObject schema (see Schema) - containing date/time period selection and optional filter for gateway selection.

If processed correctly, a JSON body is returned that contains a list of data-points for plotting the Top Active Applications chart. Otherwise, a JSON body containing an error is returned.

Parameters

• num_applications: (integer - in: query)

  The maximum number of applications for which data is returned. Default: 10.

Request

The following is an example request:

POST /api/analytics/widgets/top_applications?num_applications=10
Authorization:
Content-Type: application/json
Request Body
{
  "current_time": 1648119483,
  "start_time": 1580515200,
  "time_duration_type": "active",
  "timezone_offset": 330,
  "gateway_type": "zta",
  "global_filter": {
    "gateway_ids": [
      "74h4h3-u43943-4u3o4",
      "84h4h3-u43943-4u3o5"
    ]
  }
}

Response

The following is an example response:

HTTP/1.1 200 OK
Content-Type: application/json
Response Body
{
  "applications": [
    {
      "name": "amazon",
      "value": 1
    },
    {
      "name": "atlassian",
      "value": 1
    },
    {
      "name": "bngvc.bnglab.psecure.net",
      "value": 1
    },
    {
      "name": "juniper.net",
      "value": 1
    },
    {
      "name": "community.juniper.net",
      "value": 1
    },
    {
      "name": "rdp",
      "value": 1
    },
    {
      "name": "telnetresource ip",
      "value": 1
    }
  ],
  "title": "TOP APPLICATIONS"
}

Retrieving Analytics Data for the Top Active User Locations Chart

To retrieve a resource containing data used to create the Top Active User Locations chart, use the REST API call below:

• Method: POST /api/analytics/widgets/top_user_access_locations
• Resource: Path
• JSON Data: JSON data structure based on the FilterObject schema (see Schema) - containing date/time period selection and optional filter for gateway selection.

If processed correctly, a JSON body is returned that contains a list of data-points for plotting the Top Active User Locations chart. Otherwise, a JSON body containing an error is returned.

Parameters

• granularity: (string - in: query)

  The level of granularity for location identification. Available values : city (default), country, continent.

• num_locations: (integer - in: query)

  The maximum number of locations for which data is returned. Default: 10.

Request

The following is an example request:

POST /api/analytics/widgets/top_user_access_locations?granularity=city&num_locations=10
Authorization:
Content-Type: application/json
Request Body
{
  "current_time": 1648119483,
  "start_time": 1580515200,
  "time_duration_type": "active",
  "timezone_offset": 330,
  "gateway_type": "zta",
  "global_filter": {
    "gateway_ids": [
      "74h4h3-u43943-4u3o4",
      "84h4h3-u43943-4u3o5"
    ]
  }
}

Response

The following is an example response:

HTTP/1.1 200 OK
Content-Type: application/json
Response Body
{
  "title": "TOP USER ACCESS LOCATIONS",
  "user_access_locations": [
    {
      "name": "bengaluru",
      "value": 2
    },
    {
      "name": "united states",
      "value": 1
    }
  ]
}

Retrieving Analytics Data for the Active Anomalies Chart

To retrieve a resource containing data used to create the Active Anomalies chart, use the REST API call below:

• Method: POST /api/analytics/widgets/anomalies
• Resource: Path
• JSON Data: JSON data structure based on the FilterObject schema (see Schema) containing date/time period selection and optional filter for gateway selection.

If processed correctly, a JSON body is returned that contains a list of data-points for plotting the Active Anomalies chart. Otherwise, a JSON body containing an error is returned.

Request

The following is an example request:

POST /api/analytics/widgets/anomalies
Authorization:
Content-Type: application/json
Request Body
{
  "current_time": 1648119483,
  "start_time": 1580515200,
  "time_duration_type": "active",
  "timezone_offset": 330,
  "gateway_type": "zta",
  "global_filter": {
    "gateway_ids": [
      "74h4h3-u43943-4u3o4",
      "84h4h3-u43943-4u3o5"
    ]
  }
}

Response

The following is an example response:

HTTP/1.1 200 OK
Content-Type: application/json
Response Body
{
  "buckets": [
    {
      "name": "Business Hours",
      "value": 8
    },
    {
      "name": "Geolocation",
      "value": 5
    }
  ],
  "chart_timestamp": 1648119483,
  "title": "Anomalies"
}

Retrieving Analytics Data for the Connected Clients Version Chart

To retrieve a resource containing data used to create the Connected Clients Version chart, use the REST API call below:

• Method: POST /api/analytics/devices/connected_clients
• Resource: Path
• JSON Data: JSON data structure based on the FilterObject schema (see Schema) - containing date/time period selection and optional filter for gateway selection.

If processed correctly, a JSON body is returned that contains a list of data-points for plotting the Connected Clients Version chart. Otherwise, a JSON body containing an error is returned.

Parameters

• count: (integer - in: query)

  Default: 5.

Request

The following is an example request:

POST /api/analytics/devices/connected_clients?count=5
Authorization:
Content-Type: application/json
Request Body
{
  "current_time": 1648119483,
  "start_time": 1580515200,
  "time_duration_type": "active",
  "timezone_offset": 330,
  "users": "active",
  "gateway_type": "zta",
  "global_filter": {
    "gateway_ids": [
      "74h4h3-u43943-4u3o4",
      "84h4h3-u43943-4u3o5"
    ]
  }
}

Response

The following is an example response:

HTTP/1.1 200 OK
Content-Type: application/json
Response Body
{
  "chart_timestamp": 1648119483,
  "connected_devices": [
    {
      "type": "Windows",
      "values": [
        {
          "count": 2,
          "name": "9.1.14.14887"
        },
        {
          "count": 1,
          "name": "9.1.12.8219"
        }
      ]
    }
  ],
  "title": "Pulse Client Versions"
}

Retrieving Analytics Data for the Non-compliances Chart

To retrieve a resource containing data used to create the Non-compliances chart, use the REST API call below:

• Method: POST /api/analytics/users/top_non_compliance
• Resource: Path
• JSON Data: JSON data structure based on the FilterObject schema (see Schema) - containing date/time period selection and optional filter for gateway selection.

If processed correctly, a JSON body is returned that contains a list of data-points for plotting the Non-compliances chart. Otherwise, a JSON body containing an error is returned.

Parameters

• count: (integer - in: query)

  The number of Top Compliance policies for which data is needed based on the number of failures of the corresponding policy. A value of "-1" returns data for all Compliance policies. Default: 8.

• page_level: (string - in: query)

  The Insights UI page level/depth for which non-compliance data is to be provided. Available values : L1, L2, L3, L4.

Request

The following is an example request:

POST /api/analytics/users/top_non_compliance?count=8&page_level=L1
Authorization:
Content-Type: application/json
Request Body
{
  "current_time": 1648119483,
  "start_time": 1580515200,
  "time_duration_type": "active",
  "timezone_offset": 330,
  "gateway_type": "zta",
  "page_level": "L1"
  "global_filter": {
    "gateway_ids": [
      "74h4h3-u43943-4u3o4",
      "84h4h3-u43943-4u3o5"
    ]
  }
}

Response

The following is an example response:

HTTP/1.1 200 OK
Content-Type: application/json
Response Body
{
  "chart_timestamp": 1648119483,
  "non_compliance_policies": [
    {
      "name": "antivirus",
      "value": 1
    },
    {
      "name": "commonpolicy",
      "value": 1
    },
    {
      "name": "symantecavlow",
      "value": 1
    }
  ],
  "title": "Non-compliance"
}

Retrieving Analytics Data for the Gateways Info-panel

To retrieve a resource containing data used to populate the Gateways Info-panel, use the REST API call below:

• Method: POST /api/analytics/widgets/top_gateways/panel
• Resource: Path
• JSON Data: JSON data structure based on the FilterObject schema (see Schema) - containing date/time period selection and optional filter for gateway selection.

If processed correctly, a JSON body is returned that contains data used to populate the Gateways Info-panel. Otherwise, a JSON body containing an error is returned.

Parameters

• max_panel_items: (integer - in: query)

  The maximum number of items to be returned in the panel output. Default: 500.

• sort_order: (string - in: query)

  The sort order to apply. Available values: asc, desc (default).

• sort_field: (string - in: query)

  The field to sort by. Available values: active_users_count (default), active_applications_count, non_compliance_count, active_devices_count, active_sessions_count, number_of_issues, gateway_name, city_name.

• city_name: (string - in: query)

  The selected city name.

• search_string: (string - in: query)

  The search string to apply.

• status: (string - in: query)

  Return all Gateways or only those Gateways with this specified status. Available values : all (default), active, offline, online, unregistered.

Request

The following is an example request:

POST /api/analytics/widgets/top_gateways/panel?max_panel_items=500&sort_order=desc&sort_field=active_users_count&city_name=bangalore&search_string=gateway1&status=all
Authorization:
Content-Type: application/json
Request Body
{
  "current_time": 1648532792,
  "start_time": 1580515200,
  "time_duration_type": "active",
  "timezone_offset": 330,
  "gateway_type": "zta",
  "global_filter": {
    "gateway_ids": [
      "74h4h3-u43943-4u3o4",
      "84h4h3-u43943-4u3o5"
    ]
  }
}

Response

The following is an example response:

HTTP/1.1 200 OK
Content-Type: application/json
Response Body
{
  "info_panel_items": [
    {
      "id": "feicie-cneineoic-nfeie-32he",
      "gateway_name": "eng-mkn-gw-1",
      "city_name": "bangalore",
      "overall_color": "green",
      "gateway_status": "active",
      "number_of_issues": 10,
      "cpu_line_graph_data": "string",
      "memory_line_graph_data": "string",
      "disk_used_line_graph_data": "string",
      "active_users_count": 10,
      "active_devices_count": 10,
      "active_sessions_count": 10,
      "active_applications_count": 10,
      "non_compliance_count": 10,
      "issues_highest_severity": "CRITICAL",
      "issues_details": [
        {
          "message_id": "NTP12456",
          "raw_message": "NTP server is not reachable",
          "issue_timestamp": 3848462926,
          "number_of_issues": 23
        }
      ],
      "system_uptime": 10748,
      "last_config_update_timestamp": 1063264,
      "ssl_sessions_count": 10,
      "auth_only_sessions_count": 10,
      "active_sync_device_count": 10,
      "is_node_part_of_cluster": true,
      "cluster_properties": {
        "cluster_id": "9ccf22b9fe9ccf22b9fe",
        "cluster_name": "CoaGroup",
        "cluster_type": "Active/Active",
        "cluster_node_type": "active",
        "cluster_member_type": "leader",
        "is_vip_owner": false,
        "is_node_reachable": true,
        "is_node_enabled": false
      }
    }
  ],
  "count": 10,
  "all_gateway_count": 10,
  "active_gateway_count": 5,
  "offline_gateway_count": 5,
  "online_gateway_count": 5,
  "unregistered_gateway_count": 5
}

Retrieving Analytics Data for the Users Info-panel

To retrieve a resource containing data used to populate the Users Info-panel, use the REST API call below:

• Method: POST /api/analytics/widgets/top_risky_users/panel
• Resource: Path
• JSON Data: JSON data structure based on the FilterObject schema (see Schema) - containing date/time period selection and optional filter for gateway selection.

If processed correctly, a JSON body is returned that contains data used to populate the Users Info-panel. Otherwise, a JSON body containing an error is returned.

Parameters

• offset: (integer - in: query)

  The offset from which to fetch panel items. Default: 0.

• limit: (integer - in: query)

  The maximum number of panel items to return. Default: 20.

• sort_order: (string - in: query)

  The sort order to apply. Available values: asc, desc (default).

• sort_field: (string - in: query)

  The field to sort by. Available values: user_risk_score (default), user_name.

• city_name: (string - in: query)

  The selected city name.

• search_string: (string - in: query)

The search string to apply.

Request

The following is an example request:

POST /api/analytics/widgets/top_risky_users/panel?offset=0&limit=20&sort_order=desc&sort_field=user_risk_score&city_name=bangalore&search_string=user1&status=all
Authorization:
Content-Type: application/json
Request Body
{
  "current_time": 1648532792,
  "start_time": 1580515200,
  "time_duration_type": "active",
  "timezone_offset": 330,
  "gateway_type": "zta",
  "global_filter": {
    "gateway_ids": [
      "74h4h3-u43943-4u3o4",
      "84h4h3-u43943-4u3o5"
    ]
  }
}

Response

The following is an example response:

HTTP/1.1 200 OK
Content-Type: application/json
Response Body
{
  "info_panel_items": [
    {
      "user_name": "user1",
      "timestamp": 1580515200,
      "user_risk_score": 256,
      "non_compliance_count": 25,
      "anomalies_count": 50,
      "activity_deviation_count": 25,
      "user_icon_color": "red",
      "device_location_city": "Austin"
    }
  ],
  "count": 10,
  "total": 20
}

Retrieving Analytics Data for the Devices Info-panel

To retrieve a resource containing data used to populate the Devices Info-panel, use the REST API call below:

• Method: POST /api/analytics/widgets/top_device_types/panel
• Resource: Path
• JSON Data: JSON data structure based on the FilterObject schema (see Schema) - containing date/time period selection and optional filter for gateway selection.

If processed correctly, a JSON body is returned that contains data used to populate the Devices Info-panel. Otherwise, a JSON body containing an error is returned.

Parameters

• max_panel_items: (integer - in: query)

  The maximum number of items to be returned in the panel output. Default: 500.

• sort_order: (string - in: query)

  The sort order to apply. Available values: asc, desc (default).

• sort_field: (string - in: query)

  The field to sort by. Available values: active_users_count (default), active_applications_count, non_compliance_count, deviations_count, devices_count.

• search_string: (string - in: query)

  The search string to apply.

Request

The following is an example request:

POST /api/analytics/widgets/top_device_types/panel?max_panel_items=500&sort_order=desc&sort_field=active_users_count&search_string=Windows
Authorization:
Content-Type: application/json
Request Body
{
  "current_time": 1648532792,
  "start_time": 1580515200,
  "time_duration_type": "active",
  "timezone_offset": 330,
  "gateway_type": "zta",
  "global_filter": {
    "gateway_ids": [
      "74h4h3-u43943-4u3o4",
      "84h4h3-u43943-4u3o5"
    ]
  }
}

Response

The following is an example response:

HTTP/1.1 200 OK
Content-Type: application/json
Response Body
{
  "info_panel_items": [
    {
      "nvt_items": [
        {
          "name": "active_users_count",
          "trend": "Flat",
          "value": 2
        },
        {
          "name": "active_applications_count",
          "trend": "Flat",
          "value": 7
        },
        {
          "name": "devices_count",
          "trend": "Flat",
          "value": 2
        },
        {
          "name": "non_compliance_count",
          "trend": "Flat",
          "value": 3
        },
        {
          "name": "deviations_count",
          "trend": "Flat",
          "value": 0
        }
      ],
      "status": 100,
      "sub_title": "",
      "title": "windows"
    }
  ]
}

Retrieving Analytics Data for the Applications Info-panel

To retrieve a resource containing data used to populate the Applications Info-panel, use the REST API call below:

• Method: POST /api/analytics/widgets/top_applications/panel
• Resource: Path
• JSON Data: JSON data structure based on the FilterObject schema (see Schema) - containing date/time period selection and optional filter for gateway selection.

If processed correctly, a JSON body is returned that contains data used to populate the Applications Info-panel. Otherwise, a JSON body containing an error is returned.

Parameters

• max_panel_items: (integer - in: query)

  The maximum number of items to be returned in the panel output. Default: 500.

• sort_order: (string - in: query)

  The sort order to apply. Available values: asc, desc (default).

• sort_field: (string - in: query)

  The field to sort by. Available values: active_users_count (default), active_applications_count, non_compliance_count, deviations_count, devices_count.

• search_string: (string - in: query)

  The search string to apply.

Request

The following is an example request:

POST /api/analytics/widgets/top_applications/panel?max_panel_items=500&sort_order=desc&sort_field=active_users_count&search_string=
Authorization:
Content-Type: application/json
Request Body
{
  "current_time": 1648532792,
  "start_time": 1580515200,
  "time_duration_type": "active",
  "timezone_offset": 330,
  "gateway_type": "zta",
  "global_filter": {
    "gateway_ids": [
      "74h4h3-u43943-4u3o4",
      "84h4h3-u43943-4u3o5"
    ]
  }
}

Response

The following is an example response:

HTTP/1.1 200 OK
Content-Type: application/json
Response Body
{
  "info_panel_items": [
    {
      "nvt_items": [
        {
          "name": "active_users_count",
          "trend": "Flat",
          "value": 1
        },
        {
          "name": "active_applications_count",
          "trend": "Flat",
          "value": 1
        },
        {
          "name": "devices_count",
          "trend": "Flat",
          "value": 1
        },
        {
          "name": "application_type",
          "trend": "Flat",
          "value": 0
        },
        {
          "name": "application_port",
          "trend": "Flat",
          "value": 443
        },
        {
          "name": "non_compliance_count",
          "trend": "Flat",
          "value": 0
        },
        {
          "name": "deviations_count",
          "trend": "Flat",
          "value": 0
        }
      ],
      "status": 0,
      "sub_title": "",
      "title": "pulsesecure.net"
    },
    {
      "nvt_items": [
        {
          "name": "active_users_count",
          "trend": "Flat",
          "value": 1
        },
        {
          "name": "active_applications_count",
          "trend": "Flat",
          "value": 1
        },
        {
          "name": "devices_count",
          "trend": "Flat",
          "value": 1
        },
        {
          "name": "application_type",
          "trend": "Flat",
          "value": 0
        },
        {
          "name": "application_port",
          "trend": "Flat",
          "value": 443
        },
        {
          "name": "non_compliance_count",
          "trend": "Flat",
          "value": 0
        },
        {
          "name": "deviations_count",
          "trend": "Flat",
          "value": 0
        }
      ],
      "status": 0,
      "sub_title": "",
      "title": "community.juniper.net"
    },
  ]
}

Retrieving Analytics Data for the Non-compliances Info-panel

To retrieve a resource containing data used to populate the Non-compliances Info-panel, use the REST API call below:

• Method: POST /api/analytics/widgets/non_compliance/panel
• Resource: Path
• JSON Data: JSON data structure based on the FilterObject schema (see Schema) - containing date/time period selection and optional filter for gateway selection.

If processed correctly, a JSON body is returned that contains data used to populate the Non-compliances Info-panel. Otherwise, a JSON body containing an error is returned.

Parameters

• offset: (integer - in: query)

  The offset from which to fetch panel items. Default: 0.

• limit: (integer - in: query)

  The maximum number of panel items to return. Default: 20.

• sort_order: (string - in: query)

  The sort order to apply. Available values: asc, desc (default).

• sort_field: (string - in: query)

  The field to sort by. Available values: timestamp (default), user_name.

• search_string: (string - in: query)

  The search string to apply.

Request

The following is an example request:

POST /api/analytics/widgets/non_compliance/panel?offset=0&limit=20&sort_order=desc&sort_field=timestamp&search_string=
Authorization:
Content-Type: application/json
Request Body
{
  "current_time": 1648532792,
  "start_time": 1580515200,
  "time_duration_type": "active",
  "timezone_offset": 330,
  "gateway_type": "zta",
  "global_filter": {
    "gateway_ids": [
      "74h4h3-u43943-4u3o4",
      "84h4h3-u43943-4u3o5"
    ]
  }
}

Response

The following is an example response:

HTTP/1.1 200 OK
Content-Type: application/json
Response Body
{
  "count": 3,
  "info_panel_items": [
    {
      "application_name": "Zendesk",
      "device_id": "b71af79efc6c43b2b7e9da58071a23da",
      "device_type": "Windows",
      "non_compliance_policy_name": "NetworkPolicy",
      "non_compliance_policy_types_list": [
        "Network"
      ],
      "timestamp": 1648532547,
      "user_name": "cambridgetest1"
    },
    {
      "application_name": "Salesforce",
      "device_id": "a1ee1dc5ee5e4263abaf91599f9dc595",
      "device_type": "Windows",
      "non_compliance_policy_name": "SymantecAVHigh",
      "non_compliance_policy_types_list": [
        "HC"
      ],
      "timestamp": 1648532503,
      "user_name": "sjtest1"
    },
    {
      "application_name": "Box",
      "device_id": "a1ee1dc5ee5e4263abaf91599f9dc595",
      "device_type": "Windows",
      "non_compliance_policy_name": "CommonPolicy",
      "non_compliance_policy_types_list": [
        "Network",
        "HC"
      ],
      "timestamp": 1648532497,
      "user_name": "sjtest1"
    }
  ],
  "total": 3
}

Retrieving Analytics Data for the Anomalies Info-panel

To retrieve a resource containing data used to populate the Anomalies Info-panel, use the REST API call below:

• Method: POST /api/analytics/widgets/anomalies/panel
• Resource: Path
• JSON Data: JSON data structure representing the AnomaliesPanelFilterObject schema (see Schema) - containing date/time period selection, and optional filter for gateway selection.

Schema

The AnomaliesPanelFilterObject schema entity contains the following fields:

acknowledged_status string default: All example: Acknowledged Acknowledged status of anomalies to be filtered Enum: [ All, Acknowledged, Open ]

Parameters

• offset: (integer - in: query)

  The offset from which to fetch panel items. Default: 0.

• limit: (integer - in: query)

  The maximum number of panel items to return. Default: 20.

• sort_order: (string - in: query)

  The sort order to apply. Available values: asc, desc (default).

• sort_field: (string - in: query)

  The field to sort by. Available values: timestamp (default), user_name, acknowledged.

• search_string: (string - in: query)

  The search string to apply.

Request

The following is an example request:

POST /api/analytics/widgets/anomalies/panel?offset=0&limit=20&sort_order=desc&sort_field=timestamp&search_string=user1
Authorization:
Content-Type: application/json
Request Body
{
  "acknowledged_status": "Acknowledged"
}

Response

The following is an example response:

HTTP/1.1 200 OK
Content-Type: application/json
Response Body
{
  "info_panel_items": [
    {
      "anomaly_type": "GeoNewLocation",
      "user_name": "John Smith",
      "timestamp": 1587972453,
      "device_id": "27178d97948d46c09c205d30e9cf2afe",
      "session_id": "9ccf22b9fe",
      "device_type": "Windows",
      "anomaly_reason": "Non-familiar user location.",
      "anomaly_id": "e4abbb38ce8d4619891e561cedb7c807",
      "acknowledged": true,
      "active_session": true,
      "browser": "Google Chrome",
      "locations_history": [
        {
          "location_name": "Bangalore",
          "timestamp": 1580515200
        }
      ],
      "current_location": "Bangalore"
    },
    {},
    {
      "anomaly_type": "GeoNewLocation",
      "user_name": "John Smith",
      "timestamp": 1587972453,
      "device_id": "27178d97948d46c09c205d30e9cf2afe",
      "session_id": "9ccf22b9fe",
      "device_type": "Windows",
      "anomaly_reason": "Non-familiar user location.",
      "anomaly_id": "e4abbb38ce8d4619891e561cedb7c807",
      "acknowledged": true,
      "active_session": true,
      "browser": "Google Chrome",
      "application_names": [
        "Microsoft",
        "Facebook"
      ],
      "details": "Normal access hours range of user is between 9 a.m. to 5 p.m."
    }
  ],
  "count": 20,
  "total": 20
}

Retrieving Log Data

To retrieve a resource containing log data, use the REST API call below:

• Method: POST /api/analytics/logs/search
• Resource: Path
• JSON Data: JSON data structure representing the LogRequestEntity schema (see Schema), containing log selection criteria.

Schema

The LogRequestEntity schema entity contains the following fields:

Request

The following is an example request:

POST /api/analytics/logs/search
Authorization:
Content-Type: application/json
Request Body
{
  "name": "Filter1",
  "start_time_es": 1576533928,
  "end_time_es": 1576533928,
  "current_time": 1576533928,
  "timezone_offset": 330,
  "offset": 0,
  "limit": 100,
  "search_string": "ZTA",
  "search_string_columns": [
    "application_configured_name"
  ],
  "sort_by": "timestamp",
  "sort_group_by": "application_name",
  "group_by": "application_name",
  "order": "desc",
  "log_type": "access",
  "gateway_type": "zta",
  "columns": [
    "timestamp",
    "message_id",
    "severity",
    "session_id",
    "raw_message"
  ],
  "group_by_columns": [
    "unique_gateway_names_count",
    "unique_user_names_count",
    "unique_application_names_count",
    "summary_device_types",
    "summary_message_types",
    "unique_device_ids_count",
    "unique_session_ids_count"
  ],
  "filters": [
    {
      "filter_by": "message_ids",
      "operator": "IS",
      "value": "ZTAGateway"
    }
  ]
}

Response

The following is an example response:

HTTP/1.1 200 OK
Content-Type: application/json
Response Body
{
  "total": 1000,
  "count": 10,
  "offset": 0,
  "log_lines": [
    {
      "timestamp": 1576533928,
      "message_id": "ADM24682",
      "gateway_id": "123e4567-e89b-12d3-a456-426655440000",
      "gateway_name": "Azure-Gateway_1",
      "severity": "INFO",
      "source_ip": "127.0.0.1",
      "raw_message": "Primary authentication successful for admindb/SDP Admin Auth from\n172.21.8.171\n",
      "user_name": "testuser1",
      "user_group": "testgroup1",
      "session_id": "fa0726e89c",
      "device_id": "965C34BA98C94F4EAE6F2D8564E6CEAC",
      "application_name": "Jira.abc.com",
      "application_group_names": [
        [
          "group-1",
          "group-2"
        ]
      ],
      "application_protocol": "HTTPS",
      "application_protocol_display_name": "Web",
      "application_discovered": false,
      "application_type": "url",
      "application_status": "Green",
      "application_connection_broker": "auto.pcs.com",
      "application_desktop_protocol": "ssh",
      "application_host": "auto.pcs.com",
      "application_ip": "1.2.3.4",
      "application_url": "www.gmail.com",
      "application_location_city": "Bengaluru",
      "application_bookmark_type": "Admin defined",
      "non_compliance_policy_name": "Jira_access_policy",
      "non_compliance_policy_types_list": [
        [
          "Location",
          "HC"
        ]
      ],
      "message_type": "Anomaly",
      "sub_message_type": "Anomaly",
      "pulse_client_version": "2021.12.1",
      "device_type": "Windows",
      "device_os_type": "Windows 10 Pro",
      "device_location_city": "mumbai",
      "user_risk_score": 10.23,
      "user_risk_score_category": "High",
      "user_alerts_count": 13,
      "user_anomalies_count": 10,
      "user_activity_deviations_count": 5,
      "acknowledged": true,
      "session_type": "local",
      "adaptive_auth_reason": "new_location",
      "controller": true,
      "is_session_active": true,
      "session_duration": "2:20:00",
      "bandwidth_consumed": 1024,
      "bandwidth_consumed_str": "1.00 Kb",
      "connected_time": "2:10:30",
      "role_names": [
        [
          "role-1",
          "role-2"
        ]
      ],
      "session_created_timestamp": 1576533928,
      "browser": "Google Chrome",
      "gateway_status": "online",
      "gateway_version": "21.x Build 1",
      "esap_version": "21.x Build 1",
      "cpu": 26.75,
      "physical_memory": 18.25,
      "swap_memory": 20.9,
      "disk_used_percentage": 34.5,
      "throughput_value": 67,
      "avg_cpu": 26.75,
      "avg_memory": 18.25,
      "avg_disk": 34.5,
      "avg_throughput": 67,
      "max_concurrent_user_licenses_consumed": 200
    }
  ]
}

Retrieving Aggregated Gateway Statistics

To retrieve aggregated usage statistics for a list of Gateways, use the REST API call below:

• Method: GET /api/analytics/apm/appstats
• Resource: Path
• JSON Data: None

If processed correctly, a JSON body containing a MetricsResponseEntity resource is returned. Otherwise, a JSON body containing an error is returned.

Parameters

• metric: ( array[ string ] - in: query)

  A list of the required metrics. Available values: cpu, file_hits, web_hits, swap_memory, physical_memory, ssl_connections, in_in_throughput_bps, in_out_throughput_bps, ext_in_throughput_bps, ext_out_throughput_bps, mul_in_throughput_bps, mul_out_throughput_bps, concurrent_users_sessions, concurrent_users_vpn_sessions, disk_used_percentage, ALL.

• start_time_es: (integer - in: query)

  Start time of aggregation since epoch in seconds.

• end_time_es: (integer - in: query)

  End time of aggregation since epoch in seconds.

• bucket_size: (string - in: query)

  Aggregation based on bucketing. Available values: 5minutes, hours, days.

• gateway_ids: (array[ string ] - in: query)

  A list of the Gateway ID(s) for which data is required. To request data for all Gateways, use the value 'ALL'.

• agg_type: (string - in: query)

  The type of aggregation. Available values: SUM, AVG, MAX.

• location: (string - in: query)

  The Gateway location to use.

Request

The following is an example request:

GET /api/analytics/apm/appstats?metric=cpu&start_time_es=1574973734&end_time_es=1574973777&bucket_size=5minutes&gateway_ids=74h4h3-u43943-4u3o4&agg_type=SUM&location=Bangalore
Authorization:
Content-Type: application/json

Response

The following is an example response:

HTTP/1.1 200 OK
Content-Type: application/json
Response Body
{
  "status": {
    "data_points": 0,
    "offset": 0,
    "agg_type": "SUM",
    "gateway_ids": [
      "string"
    ]
  },
  "chart_data": [
    {
      "cpu": 23,
      "file_hits": 32,
      "web_hits": 13,
      "swap_memory": 33,
      "physical_memory": 56,
      "ssl_connections": 3423,
      "in_in_throughput_bps": 1334,
      "in_out_throughput_bps": 423423,
      "ext_in_throughput_bps": 423423,
      "ext_out_throughput_bps": 423423,
      "mul_in_throughput_bps": 423423,
      "mul_out_throughput_bps": 423423,
      "concurrent_users_sessions": 4213,
      "concurrent_users_vpn_sessions": 4213,
      "disk_used_percentage": 56,
      "timestamp_es": 0
    }
  ]
}

Retrieving Admin Notifications

To retrieve admin notifications, use the REST API call below:

• Method: GET api/v1/analytics/admin_notifications
• Resource: Path
• JSON Data: None

If processed correctly, a JSON body containing a admin notifications resource is returned. Otherwise, a JSON body containing an error is returned.

Parameters

• current_time: (integer - in: query)

  current time of aggregation since epoch in seconds.

• gateway__type: (string - in: query)

  Type of the gateway.

Request

The following is an example request:

curl -X 'GET' \
  'api/v1/analytics/admin_notifications/list?current_time=1576535635&gateway_type=zta' \
  -H 'accept: application/json'

Response

The following is an example response:

{
  "admin_name": "John",
  "last_login_time": 1576533928,
  "all_notifications": [
    {
      "day_timestamp": 1576533928,
      "day_notifications": [
        {
          "config_element_type": "User Role",
          "config_element_name": "Engineering Role",
          "config_element_operation": "MODIFIED",
          "number_of_gateways": 3
        }
      ]
    }
  ]
}

Retrieving Alerts

To retrieve alerts, use the REST API call below:

• Method: GET /api/v1/analytics/alerts
• Resource: Path
• JSON Data: None

If processed correctly, a JSON body containing a alerts resource is returned. Otherwise, a JSON body containing an error is returned.

Parameters

• start_time_es: (integer - in: query)

  Start time of aggregation since epoch in seconds.

• end_time_es: (integer - in: query)

  End time of aggregation since epoch in seconds.

• current_time: (integer - in: query)

  current time of aggregation since epoch in seconds.

• time_duration_type: (string - in: query)

  Details of what unit of time duration need to be considered for the data.

  Available values : last_1_day, last_7_days, last_15_days, last_30_days

• offset: (integer - in: query)

  Start offsets for alerts, default is 0.

• limit: (integer - in: query)

  Number of alerts to be returned by the query.

• source_type: (string - in: query)

  Field used for filtering by source_type.

• sort_by: (string - in: query)

  Field used for sorting logs. By default time stamp.

• order: (string - in: query)

  Oder of sorting specified by sortby field.

• severities: (string - in: query)

  severity filter for selecting alerts based on severity.

• types: (array[ string ] - in: query)

  Types filter for selecting alerts based on type(s).

• columns: (array[ string ] - in: query)

  Selects columns to be returned by query response.

Request

The following is an example request:

curl -X 'GET' \
  'api/v1/analytics/alerts/list?start_time_es=1576533928&end_time_es=1576535635&current_time=1576535635&time_duration_type=last_1_day&offset=0&limit=100&source_type=pzt_gateway&sort_by=timestamp&order=desc&severities=information&types=Gateway%20upgrade&columns=severity&columns=timestamp&columns=type&columns=target&columns=message_type&columns=source_name' \
  -H 'accept: application/json'

Response

The following is an example response:

{
  "total": 0,
  "items": [
    {
      "severity": "string",
      "timestamp": 1576533928,
      "type": "Gateway upgrade",
      "target": "PZTGateway",
      "source_name": "my-pcs-gateway",
      "message_type": "The gateway upgrade completed"
    }
  ]
}

Retrieving DDR Data

To retrieve DDR data, use the REST API call below:

• Method: GET api/v1/analytics/ddr
• Resource: Path
• JSON Data: None

If processed correctly, a JSON body containing a ddr resource is returned. Otherwise, a JSON body containing an error is returned.

Parameters

• offset: (integer - in: query)

  Start offsets for devices, default is 0.

• limit: (integer - in: query)

  Number of devices to be returned by the query, default is 100.

• sort_by: (string - in: query)

  Field used for sorting device details. By default last_seen.

• order: (string - in: query)

  Oder of sorting specified by sort by field.

Request

The following is an example request:

curl -X 'GET' \
  'api/v1/analytics/ddr/table?offset=0&limit=100&sort_by=last_seen&order=desc' \
  -H 'accept: application/json'

Response

The following is an example response:

{
  "total": 1000,
  "count": 10,
  "offset": 0,
  "device_details": 0
}

Retrieving Filter

To retrieve list of values of the requested type satisfying the requested search, use the REST API call below:

• Method: GET /api/v1/analytics/filter_suggestions
• Resource: Path
• JSON Data: None

If processed correctly, a JSON body containing a filter_suggestions resource is returned. Otherwise, a JSON body containing an error is returned.

Parameters

• search: (string - in: query)

  Search to filter the list of filter values.

• filter_type: (string - in: query)

  Type of values desired.

Request

The following is an example request:

curl -X 'GET' \
  'api/v1/analytics/filter_suggestions/list?search=Al&filter_type=user_group' \
  -H 'accept: application/json'

Response

The following is an example response:

[
  [
    "Alice",
    "Bob"
  ]
]

Retrieving Application Access Summary

To retrieve table summary details of applications accessed, use the REST API call below:

• Method: GET api/v1/analytics/applications/summary_table
• Resource: Path
• JSON Data: None

If processed correctly, a JSON body containing a summary table resource is returned. Otherwise, a JSON body containing an error is returned.

Parameters

• start_time_es: (integer - in: query)

  Start time of aggregation since epoch in seconds.

• end_time_es: (integer - in: query)

  End time of aggregation since epoch in seconds.

• current_time: (integer - in: query)

  current time of aggregation since epoch in seconds.

• time_duration_type: (string - in: query)

  Details of what unit of time duration need to be considered for the data.

• offset: (integer - in: query)

  Start offsets for alerts, default is 0.

• limit: (integer - in: query)

  Number of alerts to be returned by the query.

• sort_by: (string - in: query)

  Field used for sorting logs. By default time stamp.

• order: (string - in: query)

  Oder of sorting specified by sortby field.

• application_names: (array[ string ]- in: query)

  application name filter, for selecting logs based on application_name(s).

• gateway_names: (array[ string ]- in: query)

  gateway name filter, for selecting logs based on gateway_name(s).

• user_names: (array[ string ] - in: query)

  user name filter, for selecting logs based on user_name(s).

• user_locations: (array[ string ] - in: query)

  user location based filter, for selecting logs based on user location(s).

• device_ids: (array[ string ] - in: query)

  device_id based filter, for selecting logs based on device_id(s).

• device_types: (array[ string ] - in: query)

  device_type based filter, for selecting logs based on device_type(s).

• non_compliance_policy_names: (array[ string ] - in: query)

  name of the policy which marked the access as non-compliance.

• user_groups: (array[ string ] - in: query)

  user group filter, for selecting logs based on user_group(s).

• columns: (array[ string ] - in: query)

  Selects columns to be returned by query response.

Request

The following is an example request:

curl -X 'GET' \
  'api/v1/analytics/applications/summary_table?start_time_es=1576533928&end_time_es=1576535635&current_time=1576535635&offset=0&limit=100&sort_by=application_name&order=asc&application_names=salesforce&gateway_names=PZTGateway&user_names=system&user_locations=Bangalore&device_ids=965C34BA98C94F4EAE6F2D8564E6CEAC&device_types=Windows&non_compliance_policy_names=Symantec%20AV%20policy&user_groups=Engineering&columns=application_id&columns=application_name&columns=application_port&columns=application_type&columns=application_protocol&columns=application_protocol_display_name&columns=gateway_name&columns=users_count&columns=devices_count&columns=locations_count&columns=access_count&columns=non_compliance_count' \
  -H 'accept: application/json'

Response

The following is an example response:

{
  "total": 0,
  "items": [
    {
      "application_id": "1e089202204743639b68864584d5af8a",
      "application_name": "Salesforce",
      "application_port": 80,
      "application_type": "FQDN",
      "application_protocol": "HTTPS",
      "application_protocol_display_name": "Web",
      "gateway_name": "PZTGateway",
      "users_count": 5,
      "devices_count": 10,
      "locations_count": 8,
      "access_count": 20,
      "non_compliance_count": 4,
      "application_discovered": false
    }
  ]
}

Retrieving Applications by Type

To retrieve count for Application Type chart using filters object as input, use the REST API call below:

• Method: POST api/v1/analytics/applications/applications_by_type
• Resource: Path
• JSON Data: None

If processed correctly, a JSON body containing a applications_by_type resource is returned. Otherwise, a JSON body containing an error is returned.

Parameters

• apps_details: (string - in: query)

  Flag capturing whether to return all apps or discovered apps details.

Request

The following is an example request:

curl -X 'POST' \
  'api/v1/analytics/applications/applications_by_type?apps_details=all' \
  -H 'accept: application/json' \
  -H 'Content-Type: application/json' \
  -d '"string"'

Response

The following is an example response:

List of datapoints to be shown in Application Type chart.

Retrieving Applications by Protocol

To retrieve count for Application Protocol chart using filters object as input, use the REST API call below:

• Method: POST https://editor.swagger.io/api/v1/analytics/applications/applications_by_protocol
• Resource: Path
• JSON Data: None

If processed correctly, a JSON body containing a applications_by_protocol resource is returned. Otherwise, a JSON body containing an error is returned.

Parameters

• count: (integer - in: query)

  Number of top application protocol access counts for which data is needed. Passing '-1' will return data for all application protocol access details.

• apps_details: (string - in: query)

  Flag capturing whether to return all apps or discovered apps details..

Request

The following is an example request:

curl -X 'POST' \
  'api/v1/analytics/applications/applications_by_protocol?count=8&apps_details=all' \
  -H 'accept: application/json' \
  -H 'Content-Type: application/json' \
  -d '"string"'

Response

The following is an example response:

List of datapoints to be shown in Application Protocol chart.

Retrieving Applications by Policy Name

To retrieve count for Application Policy Name chart using filters object as input, use the REST API call below:

• Method: POST api/v1/analytics/applications/applications_by_policy_name
• Resource: Path
• JSON Data: None

• If processed correctly, a JSON body containing a applications_by_policy_name resource is returned. Otherwise, a JSON body containing an error is returned.

Parameters

• count: (integer - in: query)

  Number of top application policy names counts for which data is needed. Passing '-1' will return data for all application policy names details.

• apps_details: (string - in: query)

  Flag capturing whether to return all apps or discovered apps details..

Request

The following is an example request:

curl -X 'POST' \
  'api/v1/analytics/applications/applications_by_policy_name?count=8&apps_details=all' \
  -H 'accept: application/json' \
  -H 'Content-Type: application/json' \
  -d '"string"'

Response

The following is an example response:

List of datapoints to be shown in Application Policy Name chart.

Retrieving Applications Access Trend

To retrieve top n number of applications access trend using filters object as input, use the REST API call below:

• Method: POST api/v1/analytics/applications/applications_access_trend
• Resource: Path
• JSON Data: None

• If processed correctly, a JSON body containing a applications_access_trend resource is returned. Otherwise, a JSON body containing an error is returned.

Parameters

• count: (integer - in: query)

  Number of applications to be considered for returning access trend. Passing '-1' will return data for all applications access trend.

• bar_graph: (query)

  Type of bar graph to be shown in Access Trend chart.

• apps_details: (string - in: query)

  Flag capturing whether to return all apps or discovered apps details..

Request

The following is an example request:

curl -X 'POST' \
  'api/v1/analytics/applications/applications_access_trend?count=10&apps_details=all' \
  -H 'accept: application/json' \
  -H 'Content-Type: application/json' \
  -d '"string"'

Response

The following is an example response:

Data points to be shown in Access Trend chart.

Retrieving Applications by App Group

To retrieve counts for Applications by App Group chart using filters object as input, use the REST API call below:

• Method: POST api/v1/analytics/applications/applications_access_trend
• Resource: Path
• JSON Data: None

• If processed correctly, a JSON body containing a applications_access_trend resource is returned. Otherwise, a JSON body containing an error is returned.

Parameters

• count: (integer - in: query)

  Number of top application accessed by app group for which data is needed. Passing '-1' will return data for all applications accessed by app group details.

• apps_details: (string - in: query)

  Flag capturing whether to return all apps or discovered apps details..

Request

The following is an example request:

curl -X 'POST' \
  'api/v1/analytics/applications/applications_by_app_group?count=8&apps_details=all' \
  -H 'accept: application/json' \
  -H 'Content-Type: application/json' \
  -d '"string"'

Response

The following is an example response:

List of datapoints to be shown in Applications by app group chart.

Retrieving Applications by Location

To retrieve counts for Applications by location chart using filters object as input, use the REST API call below:

• Method: POST api/v1/analytics/applications/applications_by_location
• Resource: Path
• JSON Data: None

• If processed correctly, a JSON body containing a applications_by_location resource is returned. Otherwise, a JSON body containing an error is returned.

Parameters

• count: (integer - in: query)

  Number of top application accessed by location for which data is needed. Passing '-1' will return data for all applications accessed by location details.

• apps_details: (string - in: query)

  Flag capturing whether to return all apps or discovered apps details..

Request

The following is an example request:

curl -X 'POST' \
  'api/v1/analytics/applications/applications_by_location?count=8&apps_details=all' \
  -H 'accept: application/json' \
  -H 'Content-Type: application/json' \
  -d '"string"'

Response

The following is an example response:

List of datapoints to be shown in Applications by location chart.

Retrieving Applications by Device Type

To retrieve counts for Applications by Device Type chart using filters object as input, use the REST API call below:

• Method: POSTapi/v1/analytics/applications/applications_by_device_type
• Resource: Path
• JSON Data: None

• If processed correctly, a JSON body containing a applications__by_device_type resource is returned. Otherwise, a JSON body containing an error is returned.

Parameters

• count: (integer - in: query)

  Number of top application accessed by device type for which data is needed. Passing '-1' will return data for all applications accessed by device type details.

• apps_details: (string - in: query)

  Flag capturing whether to return all apps or discovered apps details..

Request

The following is an example request:

curl -X 'POST' \
  'api/v1/analytics/applications/applications_by_device_type?count=8&apps_details=all' \
  -H 'accept: application/json' \
  -H 'Content-Type: application/json' \
  -d '"string"'

Response

The following is an example response:

List of datapoints to be shown in Applications by Device Type chart.

Retrieving Applications by Not Reachable

To retrieve counts for Applications by Not Reachable chart using filters object as input, use the REST API call below:

• Method: POSTapi/v1/analytics/applications/applications_by_not_reachable
• Resource: Path
• JSON Data: None

• If processed correctly, a JSON body containing a applications_by_not_reachable resource is returned. Otherwise, a JSON body containing an error is returned.

Parameters

• count: (integer - in: query)

  Number of top not reachable applications for which data is needed. Passing '-1' will return data for all not reachable applications.

• apps_details: (string - in: query)

  Flag capturing whether to return all apps or discovered apps details.

Request

The following is an example request:

curl -X 'POST' \
  'api/v1/analytics/applications/applications_by_not_reachable?count=8&apps_details=all' \
  -H 'accept: application/json' \
  -H 'Content-Type: application/json' \
  -d '"string"'

Response

The following is an example response:

List of datapoints to be shown in Not Reachable Applications chart.

Retrieving Applications Health Details

To retrieve health details of the applications, use the REST API call below:

• Method: GET api/v1/analytics/applications/health_details
• Resource: Path
• JSON Data: None

• If processed correctly, a JSON body containing a health_details resource is returned. Otherwise, a JSON body containing an error is returned.

Parameters

• application_ids: (string - in: query)

  App Ids.

Request

The following is an example request:

curl -X 'GET' \
  'api/v1/analytics/applications/health_details' \
  -H 'accept: application/json'

Response

The following is an example response:

{
  "count": 1,
  "details": [
    {
      "application_id": "1e089202204743639b68864584d5af8a",
      "application_name": "ZTAApplication",
      "health_status": "grey",
      "messages": [
        "application is reachable",
        "application is not reachable"
      ]
    }
  ]
}

Retrieving Application Access by Device Type

To retrieve counts for Application Access by Device Type chart on application L3 page using filters object as input (including Application Name), use the REST API call below:

• Method: POST api/v1/analytics/applications/application_access_by_device_type
• Resource: Path
• JSON Data: None

• If processed correctly, a JSON body containing a application_access_by_device_type resource is returned. Otherwise, a JSON body containing an error is returned.

Parameters

• count: (integer - in: query)

  Number of top application accessed by device type for which data is needed. Passing '-1' will return data for all applications accessed by device type details.

Request

The following is an example request:

curl -X 'POST' \
  'api/v1/analytics/applications/application_access_by_device_type?count=10' \
  -H 'accept: application/json' \
  -H 'Content-Type: application/json' \
  -d '"string"'

Response

The following is an example response:

List of datapoints to be shown in Applications Accesses by Device Type chart.

Retrieving Application Access by User Group

To retrieve counts for Application Access by User Group chart using filters object as input (including Application Name), use the REST API call below:

• Method: POST api/v1/analytics/applications/application_access_by_user
• Resource: Path
• JSON Data: None

• If processed correctly, a JSON body containing a application_access_by_user resource is returned. Otherwise, a JSON body containing an error is returned.

Request

The following is an example request:

curl -X 'POST' \
  'api/v1/analytics/applications/application_access_by_user' \
  -H 'accept: application/json' \
  -H 'Content-Type: application/json' \
  -d '"string"'

Response

The following is an example response:

List of datapoints to be shown in Applications Accesses by User Group chart.

Retrieving Application Access by User Location

To retrieve counts for Application Access by User Location chart using filters object as input (including Application Name), use the REST API call below:

• Method: POST api/v1/analytics/applications/application_access_by_user_location
• Resource: Path
• JSON Data: None

• If processed correctly, a JSON body containing a application_access_by_user_location resource is returned. Otherwise, a JSON body containing an error is returned.

Request

The following is an example request:

curl -X 'POST' \
  'api/v1/analytics/applications/application_access_by_user_location' \
  -H 'accept: application/json' \
  -H 'Content-Type: application/json' \
  -d '"string"'

Response

The following is an example response:

List of datapoints to be shown in Applications Accesses by User Location chart.

Retrieving Application Access Trend

To retrieve application access trend using filters object as input (including Application Name), use the REST API call below:

• Method: POST api/v1/analytics/applications/application_access_trend
• Resource: Path
• JSON Data: None

• If processed correctly, a JSON body containing a application_access_trend resource is returned. Otherwise, a JSON body containing an error is returned.

Request

The following is an example request:

curl -X 'POST' \
  'api/v1/analytics/applications/application_access_trend' \
  -H 'accept: application/json' \
  -H 'Content-Type: application/json' \
  -d '"string"'

Response

The following is an example response:

{
  "chart_timestamp": 1580515200,
  "title": "Application Access Trend",
  "access_chart_data": [
    "string"
  ]
}

Retrieving Applications List

To retrieve list of applications, whose name starts with the given prefix, use the REST API call below:

• Method: GET api/v1/analytics/applications/applications_list
• Resource: Path
• JSON Data: None

• If processed correctly, a JSON body containing a applications_list resource is returned. Otherwise, a JSON body containing an error is returned.

Parameters

• prefix: (string - in: query)

  Prefix of the application name.

Request

The following is an example request:

curl -X 'GET' \
  'api/v1/analytics/applications/applications_list?prefix=mkn' \
  -H 'accept: application/json'

Response

The following is an example response:

{
  "applications_list": [
    [
      "app1",
      "app2",
      "app3"
    ]
  ]
}

Retrieving Applications Details

To retrieve details of user for given application name, use the REST API call below:

• Method: GET api/v1/analytics/applications/application_details
• Resource: Path
• JSON Data: None

• If processed correctly, a JSON body containing a application_details resource is returned. Otherwise, a JSON body containing an error is returned.

Parameters

• name: (string - in: query)

  Name of the application.

Request

The following is an example request:

curl -X 'GET' \
  'api/v1/analytics/applications/application_details?name=Salesforce' \
  -H 'accept: application/json'

Response

The following is an example response:

{
  "name": "ZTA-Application-"
}

Applications (resources)

An application is a type of resources entity that represents a nZTA application. Applications support the following activities:

• Retrieving all applications, see Retrieving an Application.
• Editing an application, see Editing an Application.

Retrieving an Application

To retrieve all application (resources) entities, use the REST API call below:

• Method: GET /api/v1/policies/resources
• Resource: Path
• JSON Data: JSON dictionary representing a resources type of "application".

If processed correctly, a JSON body containing a list of all application resources is returned. Otherwise, a JSON body containing an error is returned.

Request

The following is an example request:

GET /api/v1/policies/resources
Authorization:
Content-Type: application/json
Request Body
{
   "type": "application"
}

Response

The following is an example response:

HTTP/1.1 200 OK
Content-Type: application/json
Response Body
{
   "type": "application",
   "name": "app1",
   "description": "app1",
   "app_config": {
      "access_type": "saml",
      "name": "app1",
      "resource": "https://www.example.com",
      "resource_type": "url",
      "bookmark_config": {
         "name": "app1",
         "type": "web",
         "description": "app1",
         "launch_window": True,
         "url": "https://www.example.com",
         "icon": "/admin/static/media/filename.svg"
      },
      "saml_config": {
         "sp_metadata": "string"
      }
   }
}

Editing an Application

To edit an application resources entity, use the REST API call below:

• Method: PUT /api/v1/policies/resources/{resource_id}
• Resource: Path
• JSON Data: JSON dictionary representing changed properties for an application resources entity.

If processed correctly, a JSON body containing the updated application resources entity is returned. Otherwise, a JSON body containing an error is returned.

Request

The following is an example request:

PUT /api/v1/policies/resources/{resource_id}
Authorization:
Content-Type: application/json
Request Body
{
   "type": "application",
   "name": "app1",
   "description": "app1",
   "app_config": {
      "access_type": "saml",
      "name": "app1",
      "resource": "https://www.example.com",
      "resource_type": "url",
      "bookmark_config": {
         "name": "app1",
         "type": "web",
         "description": "app1",
         "launch_window": True,
         "url": "https://www.intuit.com",
         "icon": "/admin/static/media/filename.svg"
      },
      "saml_config": {
         "sp_metadata": "string"
      }
   }
}

Response

The following is an example response:

HTTP/1.1 200 OK
Content-Type: application/json
Response Body
{
   "type": "application",
   "name": "app1",
   "description": "app1",
   "app_config": {
      "access_type": "saml",
      "name": "app1",
      "resource": "https://www.example.com",
      "resource_type": "url",
      "bookmark_config": {
         "name": "app1",
         "type": "web",
         "description": "app1",
         "launch_window": True,
         "url": "https://www.example.com",
         "icon": "/admin/static/media/filename.svg"
      },
      "saml_config": {
         "sp_metadata": "string"
      }
   }
}

Authentication Server (auth-servers)

The auth-servers entity represents a nZTA authentication server. Authentication servers support the following activities:

Retrieving All Authentication Servers

To retrieve all auth-servers entities, use the REST API call below:

• Method: GET /api/v1/policies/auth-servers
• Resource: Path
• JSON Data: No JSON is required for this request.

If processed correctly, a JSON body containing a list of all auth-servers is returned. Otherwise, a JSON body containing an error is returned.

Request

This REST API command always retrieves all auth-servers entities.

The following is an example request:

GET /api/v1/policies/auth-servers
Authorization:
Content-Type: application/json

Response

The following is an example response:

HTTP/1.1 200 OK
Content-Type: application/json
Response Body
{
  "total": 0,
  "auth_servers": [
    {
      "id": "3fa85f64-5717-4562-b3fc-2c963f66afa6",
      "type": "Local",
      "name": "string"
    },
    {
      "id": "2c963f64-5717-4562-b3fc-2c963f66afa6",
      "type": "Local",
      "name": "string"
    },
    {
      "id": "66afa664-5717-4562-b3fc-2c963f66afa6",
      "type": "Local",
      "name": "string"
    },
    {
      "id": "63f66a64-5717-4562-b3fc-2c963f66afa6",
      "type": "Local",
      "name": "string"
    }
  ]
}

Creating a Local Authentication Server

To create a local authentication server:

• Method: POST /api/v1/policies/auth-servers
• Resource: Path
• JSON Data: JSON dictionary representing a new local auth-servers entity.

If processed correctly, a JSON body containing the new local auth-servers entity is returned. Otherwise, a JSON body containing an error is returned.

Request

The following is an example request:

POST /api/v1/policies/auth-servers
Authorization:
Request Body
{
  "type": "Local",
  "name": "string",
  "cert_config": {
    "user_name_template": "string"
  },
  "local_config": {
    "users": [
      {
        "name": "string",
        "full_name": "string",
        "password": "string",
        "password_change_required": true
      }
    ]
  },
  "samlsp_config": {
    "metadata_config_type": "url",
    "metadata_config_url": "string",
    "idp_type": "Azure AD",
    "idp_metadata_xml": "string"
  }
}

Response

The following is an example response:

HTTP/1.1 200 OK
Content-Type: application/json
Response Body
{
  "id": "3fa85f64-5717-4562-b3fc-2c963f66afa6",
  "type": "Local",
  "name": "string",
  "cert_config": {
    "user_name_template": "string"
   },
  "samlsp_config": {
    "metadata_config_type": "url",
    "metadata_config_url": "string",
    "idp_type": "Azure AD",
    "idp_metadata_xml": "string"
  }
}

Creating a SAML Authentication Server

To create a remote SAML authentication server:

• Method: POST /api/v1/policies/auth-servers
• Resource: Path
• JSON Data: JSON dictionary representing a new SAML auth-servers entity.

If processed correctly, a JSON body containing the new SAML auth-servers entity is returned. Otherwise, a JSON body containing an error is returned.

Request

The following is an example request:

POST /api/v1/policies/auth-servers
Authorization:
Request Body
{
  "type": "SAML (Azure AD)",
  "name": "auth_server_1",
  "samlsp_config": {
    "idp_metadata_xml": "string"
    "idp_type": "Azure AD",
    "metadata_config_type": "file",
    "metadata_config_url": "string",
  }
}

Response

The following is an example response:

HTTP/1.1 200 OK
Content-Type: application/json
Response Body
{
  "id": "ab45c43278b42312f00fab4321af54c0543b",
  "type": "SAML (Azure AD)",
  "name": "auth_server_1",
  "samlsp_config": {
    "idp_metadata_xml": "string"
    "idp_type": "Azure AD",
    "metadata_config_type": "file",
    "metadata_config_url": "string",
  }
}

Device Policies (device-policy/groups)

The device-policy/groups entity represents a nZTA device policy configuration.

Device policies support the following activities:

Retrieving all Device Policies

To retrieve all device-policy/groups entities, use the REST API call below:

• Method: GET /api/v1/policies/device-policies/device-policy/groups
• Resource: Path

If processed correctly, a JSON body containing a list of all device-policy/groups entities is returned. Otherwise, a JSON body containing an error is returned.

Request

The following is an example request:

GET /api/v1/policies/device-policies/device-policy/groups
Authorization:
Content-Type: application/json

Response

The following is an example response:

HTTP/1.1 200 OK
Content-Type: application/json
Response Body
{
  "items": [
    {
      "id": "3fa85f64-5717-4562-b3fc-2c963f66afa6",
      "name": "string",
      "description": "string",
      "is_default": true,
      "rules": [
        {
          "id": "3fa85f64-5717-4562-b3fc-2c963f66afa6",
          "name": "string",
          "description": "string",
          "type": "browser",
          "label": "high",
          "browser_config": {
            "user_agent": "string",
            "mode": "allow"
          },
          "network_config": {
            "ip_address": "string",
            "netmask": "string",
            "mode": "allow"
          },
          "hostchecker_config": {
            "name": "string",
            "type": "predefined",
            "predefined_rule": {
              "type": "antivirus",
              "hostchecker_level_id": "3fa85f64-5717-4562-b3fc-2c963f66afa6",
              "hostchecker_product_list_id": "3fa85f64-5717-4562-b3fc-2c963f66afa6",
              "hostchecker_level_name": "string",
              "hostchecker_product_list": {
                "windows": {
                  "products": [
                    "string"
                  ],
                  "vendors": [
                    "string"
                  ]
                },
                "mac": {
                  "products": [
                    "string"
                  ],
                  "vendors": [
                    "string"
                  ]
                }
              },
              "user_settings": {
                "hdd_encryption_settings": {
                  "encrypt_drives": [
                    "string"
                  ]
                }
              }
            },
            "custom_rule": {
              "platform": "windows",
              "type": "process",
              "registry": {
                "root_key": "HKEY_LOCAL_MACHINE",
                "sub_key": "string",
                "type": "string",
                "key": "string",
                "value": "string",
                "is_64_bit": true,
                "remediate": true,
                "monitor": true
              },
              "process": {
                "process_name": "string",
                "md5_checksum": "string",
                "sha256_checksum": "string",
                "monitor": true,
                "action": "allow"
              },
              "mobile_os_check": {
                "os_version": "string",
                "rule_separator": "above"
              },
              "desktop_os_check": [
                {
                  "os_version": "string",
                  "service_pack_version": "string"
                }
              ],
              "file": {
                "file_name": "string",
                "md5_checksum": "string",
                "sha256_checksum": "string",
                "monitor": true,
                "action": "allow"
              },
              "cve_check": {
                "check_all": true,
                "cve_list": [
                  "string"
                ]
              },
              "mobile_jail_break_root_check_enabled": true,
              "netbios": {
                "allow": true,
                "names": [
                  "string"
                ]
              },
              "mac_address": {
                "allow": true,
                "address": [
                  "string"
                ]
              }
            }
          },
          "allow_delete": true,
          "is_default": true
        }
      ]
    }
  ]
}

Retrieving a Specific Device Policy

To retrieve a single device-policy/groups entity, use the REST API call below:

• Method: GET /api/v1/policies/device-policies/device-policy/groups/{id}
• Resource: Path

If processed correctly, a JSON body containing the device-policy/groups entity is returned. Otherwise, a JSON body containing an error is returned.

Request

The following is an example request:

GET /api/v1/policies/device-policies/device-policy/groups/{id}
Authorization:
Content-Type: application/json

Response

The following is an example response:

HTTP/1.1 200 OK
Content-Type: application/json
Response Body
{
  "id": "3fa85f64-5717-4562-b3fc-2c963f66afa6",
  "name": "string",
  "description": "string",
  "is_default": true,
  "rules": [
    {
      "id": "3fa85f64-5717-4562-b3fc-2c963f66afa6",
      "name": "string",
      "description": "string",
      "type": "browser",
      "label": "high",
      "browser_config": {
        "user_agent": "string",
        "mode": "allow"
      },
      "network_config": {
        "ip_address": "string",
        "netmask": "string",
        "mode": "allow"
      },
      "hostchecker_config": {
        "name": "string",
        "type": "predefined",
        "predefined_rule": {
          "type": "antivirus",
          "hostchecker_level_id": "3fa85f64-5717-4562-b3fc-2c963f66afa6",
          "hostchecker_product_list_id": "3fa85f64-5717-4562-b3fc-2c963f66afa6",
          "hostchecker_level_name": "string",
          "hostchecker_product_list": {
            "windows": {
              "products": [
                "string"
              ],
              "vendors": [
                "string"
              ]
            },
            "mac": {
              "products": [
                "string"
              ],
              "vendors": [
                "string"
              ]
            }
          },
          "user_settings": {
            "hdd_encryption_settings": {
              "encrypt_drives": [
                "string"
              ]
            }
          }
        },
        "custom_rule": {
          "platform": "windows",
          "type": "process",
          "registry": {
            "root_key": "HKEY_LOCAL_MACHINE",
            "sub_key": "string",
            "type": "string",
            "key": "string",
            "value": "string",
            "is_64_bit": true,
            "remediate": true,
            "monitor": true
          },
          "process": {
            "process_name": "string",
            "md5_checksum": "string",
            "sha256_checksum": "string",
            "monitor": true,
            "action": "allow"
          },
          "mobile_os_check": {
            "os_version": "string",
            "rule_separator": "above"
          },
          "desktop_os_check": [
            {
              "os_version": "string",
              "service_pack_version": "string"
            }
          ],
          "file": {
            "file_name": "string",
            "md5_checksum": "string",
            "sha256_checksum": "string",
            "monitor": true,
            "action": "allow"
          },
          "cve_check": {
            "check_all": true,
            "cve_list": [
              "string"
            ]
          },
          "mobile_jail_break_root_check_enabled": true,
          "netbios": {
            "allow": true,
            "names": [
              "string"
            ]
          },
          "mac_address": {
            "allow": true,
            "address": [
              "string"
            ]
          }
        }
      },
      "allow_delete": true,
      "is_default": true
    }
  ]
}

Creating a Device Policy

To create a device-policy/groups entity, use the REST API call below:

• Method: POST /api/v1/policies/device-policies/device-policy/groups
• Resource: Path
• JSON Data: JSON dictionary representing a new device-policy/groups entity.

If processed correctly, a JSON body containing the new device-policy/groups entity is returned. Otherwise, a JSON body containing an error is returned.

Request

The following is an example request:

POST /api/v1/policies/device-policies/device-policy/groups
Authorization:
Content-Type: application/json
Request Body
{  
     "name": "string",
        "description": "string",
        "is_default": true,
        "rules": [
        {
        "additionalProp1": {}
        }
        ],
        "rule_requirements": [
        {
        "id": "3fa85f64-5717-4562-b3fc-2c963f66afa6",
        "device_policy_id": "3fa85f64-5717-4562-b3fc-2c963f66afa6",
        "all_of_the_above": "string",
        "any_of_the_above": "string",
        "custom_expression_enabled": true,
        "custom_expression": "string",
        "platform": "windows"
        }
        ],
        "remediation": {
        "additionalProp1": {}
        },
        "enable_custom_instructions": true,
        "custom_instructions": "string"
        }

Response

The following is an example response:

HTTP/1.1 200 OK
Content-Type: application/json
Response Body
{
    "id": "3fa85f64-5717-4562-b3fc-2c963f66afa6",
    "name": "string",
    "description": "string",
    "is_default": true,
    "rule_names": [
    "string"
    ],
    "rules": [
    {
    "additionalProp1": {}
    }
    ],
    "rule_requirements": [
    {
    "id": "3fa85f64-5717-4562-b3fc-2c963f66afa6",
    "device_policy_id": "3fa85f64-5717-4562-b3fc-2c963f66afa6",
    "all_of_the_above": "string",
    "any_of_the_above": "string",
    "custom_expression_enabled": true,
    "custom_expression": "string",
    "platform": "windows"
    }
    ],
    "remediation": {
    "additionalProp1": {}
    },
    "enable_custom_instructions": true,
    "custom_instructions": "string"
}
 

Editing a Device Policy

To edit a device-policy/groups entity, use the REST API call below:

• Method: PUT /api/v1/policies/device-policies/device-policy/groups/{id}
• Resource: Path
• JSON Data: JSON dictionary representing changed properties for a device-policy/groups entity.

If processed correctly, a JSON body containing the updated device-policy/groups entity is returned. Otherwise, a JSON body containing an error is returned.

Request

The following is an example request:

PUT /api/v1/policies/device-policies/device-policy/groups/{id}
Authorization:
Content-Type: application/json
Request Body
{
  "name": "string",
  "description": "string"
}

Response

The following is an example response:

HTTP/1.1 200 OK
Content-Type: application/json
Response Body
{
  "id": "3fa85f64-5717-4562-b3fc-2c963f66afa6",
  "name": "string",
  "description": "string",
  "is_default": true,
  "rules": [
    {
      "id": "3fa85f64-5717-4562-b3fc-2c963f66afa6",
      "name": "string",
      "description": "string",
      "type": "browser",
      "label": "high",
      "browser_config": {
        "user_agent": "string",
        "mode": "allow"
      },
      "network_config": {
        "ip_address": "string",
        "netmask": "string",
        "mode": "allow"
      },
      "hostchecker_config": {
        "name": "string",
        "type": "predefined",
        "predefined_rule": {
          "type": "antivirus",
          "hostchecker_level_id": "3fa85f64-5717-4562-b3fc-2c963f66afa6",
          "hostchecker_product_list_id": "3fa85f64-5717-4562-b3fc-2c963f66afa6",
          "hostchecker_level_name": "string",
          "hostchecker_product_list": {
            "windows": {
              "products": [
                "string"
              ],
              "vendors": [
                "string"
              ]
            },
            "mac": {
              "products": [
                "string"
              ],
              "vendors": [
                "string"
              ]
            }
          },
          "user_settings": {
            "hdd_encryption_settings": {
              "encrypt_drives": [
                "string"
              ]
            }
          }
        },
        "custom_rule": {
          "platform": "windows",
          "type": "process",
          "registry": {
            "root_key": "HKEY_LOCAL_MACHINE",
            "sub_key": "string",
            "type": "string",
            "key": "string",
            "value": "string",
            "is_64_bit": true,
            "remediate": true,
            "monitor": true
          },
          "process": {
            "process_name": "string",
            "md5_checksum": "string",
            "sha256_checksum": "string",
            "monitor": true,
            "action": "allow"
          },
          "mobile_os_check": {
            "os_version": "string",
            "rule_separator": "above"
          },
          "desktop_os_check": [
            {
              "os_version": "string",
              "service_pack_version": "string"
            }
          ],
          "file": {
            "file_name": "string",
            "md5_checksum": "string",
            "sha256_checksum": "string",
            "monitor": true,
            "action": "allow"
          },
          "cve_check": {
            "check_all": true,
            "cve_list": [
              "string"
            ]
          },
          "mobile_jail_break_root_check_enabled": true,
          "netbios": {
            "allow": true,
            "names": [
              "string"
            ]
          },
          "mac_address": {
            "allow": true,
            "address": [
              "string"
            ]
          }
        }
      },
      "allow_delete": true,
      "is_default": true
    }
  ]
}

Deleting a Device Policy

To delete a device-policy/groups entity, use the REST API call below:

• Method: DELETE /api/v1/policies/device-policies/device-policy/groups/{id}
• Resource: Path

If processed correctly, a confirmation is returned. Otherwise, an error is returned.

Request

The following is an example request:

DELETE /api/v1/policies/device-policies/device-policy/groups/{id}
Authorization:
Content-Type: application/json

Response

The following is an example response:

HTTP/1.1 204 Device-policy/groups deleted successfully
Content-Type: application/json

Device Policy Rules (device-policy/rules)

The device-policy/rules entity represents a nZTA policy rule configuration. Device policy rules support the following activities:

• Retrieving all device policy rules, see Retrieving all device policy rules.
• Retrieving a specific device policy rule, see Retrieving a specific device policy rule.
• Creating a device policy rule, see Creating a device policy rule.
• Editing a device policy rule, see Editing a device policy rule.
• Deleting a device policy rule, see Deleting a device policy rule.
• Adding a device policy rule to a device policy, see Adding a device policy rule to a device policy.
• Removing a device policy rule from a device policy, see Removing a device policy rule from a device policy.

Retrieving all Device Policy Rules

To retrieve all device-policy/rules entities, use the REST API call below:

• Method: GET /api/v1/policies/device-policies/device-policy/rules
• Resource: Path

If processed correctly, a JSON body containing a list of all device-policy/rules entities is returned. Otherwise, a JSON body containing an error is returned.

Request

The following is an example request:

GET /api/v1/policies/device-policies/device-policy/rules
Authorization:
Content-Type: application/json

Response

The following is an example response:

HTTP/1.1 200 OK
Content-Type: application/json
Response Body
{
  "items": [
    {
      "id": "3fa85f64-5717-4562-b3fc-2c963f66afa6",
      "name": "string",
      "description": "string",
      "type": "browser",
      "label": "high",
      "browser_config": {
        "user_agent": "string",
        "mode": "allow"
      },
      "network_config": {
        "ip_address": "string",
        "netmask": "string",
        "mode": "allow"
      },
      "hostchecker_config": {
        "name": "string",
        "type": "predefined",
        "predefined_rule": {
          "type": "antivirus",
          "hostchecker_level_id": "3fa85f64-5717-4562-b3fc-2c963f66afa6",
          "hostchecker_product_list_id": "3fa85f64-5717-4562-b3fc-2c963f66afa6",
          "hostchecker_level_name": "string",
          "hostchecker_product_list": {
            "windows": {
              "products": [
                "string"
              ],
              "vendors": [
                "string"
              ]
            },
            "mac": {
              "products": [
                "string"
              ],
              "vendors": [
                "string"
              ]
            }
          },
          "user_settings": {
            "hdd_encryption_settings": {
              "encrypt_drives": [
                "string"
              ]
            }
          }
        },
        "custom_rule": {
          "platform": "windows",
          "type": "process",
          "registry": {
            "root_key": "HKEY_LOCAL_MACHINE",
            "sub_key": "string",
            "type": "string",
            "key": "string",
            "value": "string",
            "is_64_bit": true,
            "remediate": true,
            "monitor": true
          },
          "process": {
            "process_name": "string",
            "md5_checksum": "string",
            "sha256_checksum": "string",
            "monitor": true,
            "action": "allow"
          },
          "mobile_os_check": {
            "os_version": "string",
            "rule_separator": "above"
          },
          "desktop_os_check": [
            {
              "os_version": "string",
              "service_pack_version": "string"
            }
          ],
          "file": {
            "file_name": "string",
            "md5_checksum": "string",
            "sha256_checksum": "string",
            "monitor": true,
            "action": "allow"
          },
          "cve_check": {
            "check_all": true,
            "cve_list": [
              "string"
            ]
          },
          "mobile_jail_break_root_check_enabled": true,
          "netbios": {
            "allow": true,
            "names": [
              "string"
            ]
          },
          "mac_address": {
            "allow": true,
            "address": [
              "string"
            ]
          }
        }
      },
      "allow_delete": true,
      "is_default": true
    }
  ]
}

Retrieving a Specific Device Policy Rule

To retrieve a single device-policy/rules entity, use the REST API call below:

• Method: GET /api/v1/policies/device-policies/device-policy/rules/{id}
• Resource: Path

If processed correctly, a JSON body containing the device-policy/rules entity is returned. Otherwise, a JSON body containing an error is returned.

Request

The following is an example request:

GET /api/v1/policies/device-policies/device-policy/rules/{id}
Authorization:
Content-Type: application/json

Response

The following is an example response:

HTTP/1.1 200 OK
Content-Type: application/json
Response Body
{
  "id": "3fa85f64-5717-4562-b3fc-2c963f66afa6",
  "name": "string",
  "description": "string",
  "type": "browser",
  "label": "high",
  "browser_config": {
    "user_agent": "string",
    "mode": "allow"
  },
  "network_config": {
    "ip_address": "string",
    "netmask": "string",
    "mode": "allow"
  },
  "hostchecker_config": {
    "name": "string",
    "type": "predefined",
    "predefined_rule": {
      "type": "antivirus",
      "hostchecker_level_id": "3fa85f64-5717-4562-b3fc-2c963f66afa6",
      "hostchecker_product_list_id": "3fa85f64-5717-4562-b3fc-2c963f66afa6",
      "hostchecker_level_name": "string",
      "hostchecker_product_list": {
        "windows": {
          "products": [
            "string"
          ],
          "vendors": [
            "string"
          ]
        },
        "mac": {
          "products": [
            "string"
          ],
          "vendors": [
            "string"
          ]
        }
      },
      "user_settings": {
        "hdd_encryption_settings": {
          "encrypt_drives": [
            "string"
          ]
        }
      }
    },
    "custom_rule": {
      "platform": "windows",
      "type": "process",
      "registry": {
        "root_key": "HKEY_LOCAL_MACHINE",
        "sub_key": "string",
        "type": "string",
        "key": "string",
        "value": "string",
        "is_64_bit": true,
        "remediate": true,
        "monitor": true
      },
      "process": {
        "process_name": "string",
        "md5_checksum": "string",
        "sha256_checksum": "string",
        "monitor": true,
        "action": "allow"
      },
      "mobile_os_check": {
        "os_version": "string",
        "rule_separator": "above"
      },
      "desktop_os_check": [
        {
          "os_version": "string",
          "service_pack_version": "string"
        }
      ],
      "file": {
        "file_name": "string",
        "md5_checksum": "string",
        "sha256_checksum": "string",
        "monitor": true,
        "action": "allow"
      },
      "cve_check": {
        "check_all": true,
        "cve_list": [
          "string"
        ]
      },
      "mobile_jail_break_root_check_enabled": true,
      "netbios": {
        "allow": true,
        "names": [
          "string"
        ]
      },
      "mac_address": {
        "allow": true,
        "address": [
          "string"
        ]
      }
    }
  },
  "allow_delete": true,
  "is_default": true
}

Creating a Device Policy Rule

You can create rules for the following rule types:

• antispyware
• cve_check
• firewall
• hdd_encryption
• mac_address
• netbios
• patch_management
• process
• network
• registry
• file
• antivirus
• os
• jail_break_root

To create a device-policy/rules entity, use the REST API call below:

• Method: POST /api/v1/policies/device-policies/device-policy/rules
• Resource: Path
• JSON Data: JSON dictionary representing a new device-policy/rules entity.

If processed correctly, a JSON body containing the new device-policy/rules entity is returned. Otherwise, a JSON body containing an error is returned.

Request

The following is an example request:

POST /api/v1/policies/device-policies/device-policy/rules
Authorization:
Content-Type: application/json
Request Body
{
  "name": "string",
  "description": "string",
  "type": "browser",
  "label": "high",
  "browser_config": {
    "user_agent": "string",
    "mode": "allow"
  },
  "network_config": {
    "ip_address": "string",
    "netmask": "string",
    "mode": "allow"
  },
  "hostchecker_config": {
    "name": "string",
    "type": "predefined",
    "predefined_rule": {
      "type": "antivirus",
      "hostchecker_level_id": "3fa85f64-5717-4562-b3fc-2c963f66afa6",
      "hostchecker_product_list_id": "3fa85f64-5717-4562-b3fc-2c963f66afa6",
      "user_settings": {
        "hdd_encryption_settings": {
          "encrypt_drives": [
            "string"
          ]
        }
      },
      "hostchecker_level_name": "string",
      "hostchecker_product_list": {
        "products": [
          "string"
        ],
        "vendors": [
          "string"
        ]
      },
      "platform": "windows"
    },
    "custom_rule": {
      "platform": "windows",
      "type": "process",
      "registry": {
        "root_key": "HKEY_LOCAL_MACHINE",
        "sub_key": "string",
        "type": "string",
        "key": "string",
        "value": "string",
        "is_64_bit": true,
        "remediate": true,
        "monitor": true
      },
      "process": {
        "process_name": "string",
        "md5_checksum": "string",
        "sha256_checksum": "string",
        "monitor": true,
        "action": "allow"
      },
      "mobile_os_check": {
        "os_version": "string",
        "rule_separator": "above"
      },
      "desktop_os_check": [
        {
          "os_version": "string",
          "service_pack_version": "string"
        }
      ],
      "file": {
        "file_name": "string",
        "md5_checksum": "string",
        "sha256_checksum": "string",
        "monitor": true,
        "action": "allow"
      },
      "cve_check": {
        "check_all": true,
        "cve_list": [
          "string"
        ]
      },
      "mobile_jail_break_root_check_enabled": true,
      "netbios": {
        "allow": true,
        "names": [
          "string"
        ]
      },
      "mac_address": {
        "allow": true,
        "address": [
          "string"
        ]
      }
    }
  }
}

Response

The following is an example response:

HTTP/1.1 200 OK
Content-Type: application/json
Response Body
{
  "id": "3fa85f64-5717-4562-b3fc-2c963f66afa6",
  "name": "string",
  "description": "string",
  "type": "browser",
  "label": "high",
  "browser_config": {
    "user_agent": "string",
    "mode": "allow"
  },
  "network_config": {
    "ip_address": "string",
    "netmask": "string",
    "mode": "allow"
  },
  "hostchecker_config": {
    "name": "string",
    "type": "predefined",
    "predefined_rule": {
      "type": "antivirus",
      "hostchecker_level_id": "3fa85f64-5717-4562-b3fc-2c963f66afa6",
      "hostchecker_product_list_id": "3fa85f64-5717-4562-b3fc-2c963f66afa6",
      "hostchecker_level_name": "string",
      "hostchecker_product_list": {
        "windows": {
          "products": [
            "string"
          ],
          "vendors": [
            "string"
          ]
        },
        "mac": {
          "products": [
            "string"
          ],
          "vendors": [
            "string"
          ]
        }
      },
      "user_settings": {
        "hdd_encryption_settings": {
          "encrypt_drives": [
            "string"
          ]
        }
      }
    },
    "custom_rule": {
      "platform": "windows",
      "type": "process",
      "registry": {
        "root_key": "HKEY_LOCAL_MACHINE",
        "sub_key": "string",
        "type": "string",
        "key": "string",
        "value": "string",
        "is_64_bit": true,
        "remediate": true,
        "monitor": true
      },
      "process": {
        "process_name": "string",
        "md5_checksum": "string",
        "sha256_checksum": "string",
        "monitor": true,
        "action": "allow"
      },
      "mobile_os_check": {
        "os_version": "string",
        "rule_separator": "above"
      },
      "desktop_os_check": [
        {
          "os_version": "string",
          "service_pack_version": "string"
        }
      ],
      "file": {
        "file_name": "string",
        "md5_checksum": "string",
        "sha256_checksum": "string",
        "monitor": true,
        "action": "allow"
      },
      "cve_check": {
        "check_all": true,
        "cve_list": [
          "string"
        ]
      },
      "mobile_jail_break_root_check_enabled": true,
      "netbios": {
        "allow": true,
        "names": [
          "string"
        ]
      },
      "mac_address": {
        "allow": true,
        "address": [
          "string"
        ]
      }
    }
  },
  "allow_delete": true,
  "is_default": true
}

Editing a Device Policy Rule

To edit a device-policy/rules entity, use the REST API call below:

• Method: PUT /api/v1/policies/device-policies/device-policy/rules/{id}
• Resource: Path
• JSON Data: JSON dictionary representing changed properties for a device-policy/rules entity.

If processed correctly, a JSON body containing the updated device-policy/rules entity is returned. Otherwise, a JSON body containing an error is returned.

Request

The following is an example request:

PUT /api/v1/policies/device-policies/device-policy/rules/{id}
Authorization:
Content-Type: application/json
Request Body
{
  "name": "string",
  "description": "string",
  "type": "browser",
  "label": "high",
  "browser_config": {
    "user_agent": "string",
    "mode": "allow"
  },
  "network_config": {
    "ip_address": "string",
    "netmask": "string",
    "mode": "allow"
  },
  "hostchecker_config": {
    "name": "string",
    "type": "predefined",
    "predefined_rule": {
      "type": "antivirus",
      "hostchecker_level_id": "3fa85f64-5717-4562-b3fc-2c963f66afa6",
      "hostchecker_product_list_id": "3fa85f64-5717-4562-b3fc-2c963f66afa6",
      "user_settings": {
        "hdd_encryption_settings": {
          "encrypt_drives": [
            "string"
          ]
        }
      },
      "hostchecker_level_name": "string",
      "hostchecker_product_list": {
        "products": [
          "string"
        ],
        "vendors": [
          "string"
        ]
      },
      "platform": "windows"
    },
    "custom_rule": {
      "platform": "windows",
      "type": "process",
      "registry": {
        "root_key": "HKEY_LOCAL_MACHINE",
        "sub_key": "string",
        "type": "string",
        "key": "string",
        "value": "string",
        "is_64_bit": true,
        "remediate": true,
        "monitor": true
      },
      "process": {
        "process_name": "string",
        "md5_checksum": "string",
        "sha256_checksum": "string",
        "monitor": true,
        "action": "allow"
      },
      "mobile_os_check": {
        "os_version": "string",
        "rule_separator": "above"
      },
      "desktop_os_check": [
        {
          "os_version": "string",
          "service_pack_version": "string"
        }
      ],
      "file": {
        "file_name": "string",
        "md5_checksum": "string",
        "sha256_checksum": "string",
        "monitor": true,
        "action": "allow"
      },
      "cve_check": {
        "check_all": true,
        "cve_list": [
          "string"
        ]
      },
      "mobile_jail_break_root_check_enabled": true,
      "netbios": {
        "allow": true,
        "names": [
          "string"
        ]
      },
      "mac_address": {
        "allow": true,
        "address": [
          "string"
        ]
      }
    }
  }
}

Response

The following is an example response:

HTTP/1.1 200 OK
Content-Type: application/json
Response Body
{
  "id": "3fa85f64-5717-4562-b3fc-2c963f66afa6",
  "name": "string",
  "description": "string",
  "type": "browser",
  "label": "high",
  "browser_config": {
    "user_agent": "string",
    "mode": "allow"
  },
  "network_config": {
    "ip_address": "string",
    "netmask": "string",
    "mode": "allow"
  },
  "hostchecker_config": {
    "name": "string",
    "type": "predefined",
    "predefined_rule": {
      "type": "antivirus",
      "hostchecker_level_id": "3fa85f64-5717-4562-b3fc-2c963f66afa6",
      "hostchecker_product_list_id": "3fa85f64-5717-4562-b3fc-2c963f66afa6",
      "hostchecker_level_name": "string",
      "hostchecker_product_list": {
        "windows": {
          "products": [
            "string"
          ],
          "vendors": [
            "string"
          ]
        },
        "mac": {
          "products": [
            "string"
          ],
          "vendors": [
            "string"
          ]
        }
      },
      "user_settings": {
        "hdd_encryption_settings": {
          "encrypt_drives": [
            "string"
          ]
        }
      }
    },
    "custom_rule": {
      "platform": "windows",
      "type": "process",
      "registry": {
        "root_key": "HKEY_LOCAL_MACHINE",
        "sub_key": "string",
        "type": "string",
        "key": "string",
        "value": "string",
        "is_64_bit": true,
        "remediate": true,
        "monitor": true
      },
      "process": {
        "process_name": "string",
        "md5_checksum": "string",
        "sha256_checksum": "string",
        "monitor": true,
        "action": "allow"
      },
      "mobile_os_check": {
        "os_version": "string",
        "rule_separator": "above"
      },
      "desktop_os_check": [
        {
          "os_version": "string",
          "service_pack_version": "string"
        }
      ],
      "file": {
        "file_name": "string",
        "md5_checksum": "string",
        "sha256_checksum": "string",
        "monitor": true,
        "action": "allow"
      },
      "cve_check": {
        "check_all": true,
        "cve_list": [
          "string"
        ]
      },
      "mobile_jail_break_root_check_enabled": true,
      "netbios": {
        "allow": true,
        "names": [
          "string"
        ]
      },
      "mac_address": {
        "allow": true,
        "address": [
          "string"
        ]
      }
    }
  },
  "allow_delete": true,
  "is_default": true
}