getManagedEndpointDetails
This method returns detailed information, such as: details to identify the endpoint and the security agent, the status of installed protection modules.
Parameters
Parameter | Type | Optional | Description |
|---|---|---|---|
| String | No | The ID of the endpoint for which the details will be returned. |
Return value
This method returns an Object containing the details of the specified endpoint:
id- the ID of managed endpointname- the name of the endpointcompanyId- the ID of the company to which the endpoint belongsoperatingSystem- the operating system of the endpointstate- the power state of the machine:1- online,2- offline,3- suspended,0- unknown.Note
The following states will be returned only for endpoints that are part of an active virtualization integration configured in GravityZone:
2- offline3- suspended
ip- the IP address of the endpointlastSeen- the date of the last synchronization with Control CentermachineType- the type of the machine:1- computer,2- virtual machine,3- EC2 Instance,0- Otheragent- an Object containing the following information about the agent installed on the endpoint:engineVersion, the version of the scanning engineprimaryEngine, the first engine to be used when scanning for malware. It can have one of the following values:1- for Central Scanning (Security Server)2- for Hybrid Scanning (Light Engines)3- for Local Scanning (Full Engines)0- Unknown
fallbackEngine, the engine to be used if the primary engine is unavailable when the task is sent. It can have one of the following values:2- for Hybrid Scanning (Light Engines)3- for Local Scanning (Full Engines)0- Unknown
lastUpdate, the time and date of the last signatures updatelicensed, the license status:0- pending authentication,1- active license,2- expired license,6- there is no license or not applicableproductOutdated, a Boolean specifying whether the agent's version is the latest available or notproductUpdateDisabled, a Boolean specifying if product updates are disabledproductVersion, the version of the agentsignatureOutdated, a Boolean specifying if the antimalware signatures of the endpoint are outdatedsignatureUpdateDisabled, a Boolean specifying if the antimalware signature updates are disabledtype, identifies which type of agent is installed on the endpoint:1- Endpoint Security2- Bitdefender Tools3- BEST
group- an Object pointing to the group to which the endpoint belongs. The object contains the following fields:id, the ID of the groupname, the name of the group
malwareStatus- an Object informing of the status of the endpoint related to malware. The object has the following fields:detection, a Boolean indicating if malware was detected on the endpoint in the last 24 hours,infected, a Boolean informing if the antimalware was able to remove the infection or the endpoint is still infected
policy- an Object informing about the active policy on the endpoint. The object contains:id, the ID of the active policy,name, the name of the policy,applied, a Boolean set to True if the policy is currently applied on the endpoint
modules- an Object informing of the installed modules and their statuses. The fields have Boolean values,True- if the module is enabled, orFalse- if the module is disabled. The available fields are:advancedThreatControlantimalwarecontentControldeviceControlfirewallpowerUserencryptionedrSensorhyperDetectpatchManagementrelaysandboxAnalyzerexchangeadvancedAntiExploitcontainerProtectionnetworkAttackDefenseintegrityMonitoring
label- string, the label set to this endpointmoveState- an integer reflecting the move state of the endpoint:0- no move operation,1- moved out of the company,2- moved into my company.managedWithBest- a Boolean set to True if the agent (BEST) is installed on the endpoint.isContainerHost- a Boolean set to True if the endpoint is a Container Host.managedExchangeServer- a Boolean set to True if the endpoint is an Exchange ServermanagedRelay- a Boolean set to True if the endpoint has Relay rolesecurityServer- a Boolean set to True if the endpoint is a Security ServerriskScore- an Object containing the following information about the endpoint's security risks:value, the endpoint's security risk score value in percentage. It is broken down into misconfigurations and app vulnerabilitiesimpact, the endpoint's security risk impact (Low, Medium, High)misconfigurations, the percentage of misconfigurations in the endpoint's security risk scoreappVulnerabilities, the percentage of app vulnerabilities in the endpoint's security risk scorehumanRisks, the percentage of human risks in the endpoint's security risk score
Example
Request:
{
"params": {
"endpointId" : "54a28b41b1a43d89367b23fd"
},
"jsonrpc": "2.0",
"method": "getManagedEndpointDetails",
"id": "301f7b05-ec02-481b-9ed6-c07b97de2b7b"
} Response:
{
"id":"0df7568c-59c1-48e0-a31b-18d83e6d9810",
"jsonrpc":"2.0",
"result": {
'id': '54a28b41b1a43d89367b23fd',
'name': 'WIN-TGQDU499RS4',
'companyId': '5575a235d2172c65038b454e',
'operatingSystem': 'Windows Server 2008 R2 Datacenter',
'state': 1,
'ip': '10.10.24.154',
'lastSeen': '2015-06-22T13:46:59',
'machineType': 1,
'agent': {
'engineVersion': '7.61184',
'primaryEngine': 1,
'fallbackEngine': 2,
'lastUpdate': '2015-06-22T13:40:06',
'licensed': 1,
'productOutdated': False,
'productUpdateDisabled': False,
'productVersion': '6.2.3.569',
'signatureOutdated': False,
'signatureUpdateDisabled': False,
'type': 3
},
'group': {
'id': '5575a235d2172c65038b456d',
'name': 'Custom Groups'
},
'malwareStatus': {
'detection': False,
'infected': False
},
'modules': {
'advancedThreatControl': False,
'antimalware': True,
'contentControl': False,
'deviceControl': False,
'firewall': False,
'powerUser': False,
'networkAttackDefense': False
'integrityMonitoring: False,
},
'policy': {
'id': '5121da426803fa2d0e000017',
'applied': True,
'name': 'Default policy'
},
"label" : "endpoint label",
"moveState": 1,
"riskScore": {
"value": "81%",
"impact": "High",
"misconfigurations": "70%",
"appVulnerabilities": "11%",
"humanRisks": "19%"
}
}
}