Skip to main content

getManagedEndpointDetails

The getManagedEndpointDetails method retrieves comprehensive information about a specific endpoint managed in GravityZone.

Parameters

Parameter

Description

Included in request

Type

Values

endpointId

The ID of the endpoint for which the details will be returned.

Mandatory

String

Must be a valid ID, belonging to a managed endpoint.

Tip

You can use the getEndpointsList method to get a list of managed endpoints by including the isManaged parameter and setting it to true.

options

A set of options that control what information is present in the response.

Optional

Object

For more information on this object, refer to options.

Objects

options

You can use the options parameter to customize what information is included in the API response. Options are structured in sections and subsections, described hereinafter.

These are the available options:

Section

Description

includeScanLogs

Boolean. If true, the lastSuccessfulScan attribute is included in the API response. Default value: false.

Return value

This method returns an Object containing the details of the specified endpoint:

  • id - the ID of managed endpoint

  • name - the name of the endpoint

  • companyId - the ID of the company to which the endpoint belongs

  • operatingSystem - the operating system of the endpoint

  • state - the power state of the machine: 1 - online, 2 - offline, 3 - suspended, 0 - unknown.

    Note

    The following states will be returned only for endpoints that are part of an active virtualization integration configured in GravityZone:

    • 2 - offline

    • 3 - suspended

  • ip - the IP address of the endpoint

  • lastSeen - the date of the last synchronization with Control Center

  • machineType - the type of the machine: 1 - computer, 2 - virtual machine, 3 - EC2 Instance, 0 - Other

  • agent - an Object containing the following information about the agent installed on the endpoint:

    • engineVersion, the version of the scanning engine

    • primaryEngine, the first engine to be used when scanning for malware. It can have one of the following values:

      • 1 - for Central Scanning (Security Server)

      • 2 - for Hybrid Scanning (Light Engines)

      • 3 - for Local Scanning (Full Engines)

      • 0 - Unknown

    • fallbackEngine, the engine to be used if the primary engine is unavailable when the task is sent. It can have one of the following values:

      • 2 - for Hybrid Scanning (Light Engines)

      • 3 - for Local Scanning (Full Engines)

      • 0 - Unknown

    • lastUpdate, the time and date of the last signatures update

    • licensed, the license status: 0 - pending authentication, 1 - active license, 2 - expired license, 6 - there is no license or not applicable

    • productOutdated, a Boolean specifying whether the agent's version is the latest available or not

    • productUpdateDisabled, a Boolean specifying if product updates are disabled

    • productVersion, the version of the agent

    • signatureOutdated, a Boolean specifying if the antimalware signatures of the endpoint are outdated

    • signatureUpdateDisabled, a Boolean specifying if the antimalware signature updates are disabled

    • type, identifies which type of agent is installed on the endpoint:

      • 1 - Endpoint Security

      • 2 - Bitdefender Tools

      • 3 - BEST

  • group - an Object pointing to the group to which the endpoint belongs. The object contains the following fields:

    • id, the ID of the group

    • name, the name of the group

  • malwareStatus - an Object informing of the status of the endpoint related to malware. The object has the following fields:

    • detection, a Boolean indicating if malware was detected on the endpoint in the last 24 hours,

    • infected, a Boolean informing if the antimalware was able to remove the infection or the endpoint is still infected

  • policy - an Object informing about the active policy on the endpoint. The object contains:

    • id, the ID of the active policy,

    • name, the name of the policy,

    • applied, a Boolean set to True if the policy is currently applied on the endpoint

  • modules - an Object informing of the installed modules and their statuses. The fields have Boolean values, True - if the module is enabled, or False - if the module is disabled. The available fields are:

    • advancedThreatControl

    • antimalware

    • contentControl

    • deviceControl

    • firewall

    • powerUser

    • encryption

    • edrSensor

    • hyperDetect

    • patchManagement

    • relay

    • sandboxAnalyzer

    • exchange

    • advancedAntiExploit

    • containerProtection

    • networkAttackDefense

    • integrityMonitoring

  • label - string, the label set to this endpoint

  • moveState - an integer reflecting the move state of the endpoint: 0 - no move operation, 1 - moved out of the company, 2 - moved into my company.

  • managedWithBest - a Boolean set to True if the agent (BEST) is installed on the endpoint.

  • isContainerHost - a Boolean set to True if the endpoint is a Container Host.

  • managedExchangeServer - a Boolean set to True if the endpoint is an Exchange Server

  • managedRelay - a Boolean set to True if the endpoint has Relay role

  • securityServer - a Boolean set to True if the endpoint is a Security Server

  • riskScore - an Object containing the following information about the endpoint's security risks:

    • value, the endpoint's security risk score value in percentage. It is broken down into misconfigurations and app vulnerabilities

    • impact, the endpoint's security risk impact (Low, Medium, High)

    • misconfigurations, the percentage of misconfigurations in the endpoint's security risk score

    • appVulnerabilities, the percentage of app vulnerabilities in the endpoint's security risk score

    • humanRisks, the percentage of human risks in the endpoint's security risk score

  • lastSuccessfulScan, object. Includes the following details:

    • name - the name of the scan.

    • date - the date on which the scan was performed.

Example

Request:

  {
       "params": {
           "endpointId" : "54a28b41b1a43d89367b23fd",
           "options": {
               "includeScanLogs": true  
            }
       },
       "jsonrpc": "2.0",
       "method": "getManagedEndpointDetails",
       "id": "301f7b05-ec02-481b-9ed6-c07b97de2b7b"
  }

Response:

  {
      "id":"0df7568c-59c1-48e0-a31b-18d83e6d9810",
      "jsonrpc":"2.0",
      "result": {
          'id': '54a28b41b1a43d89367b23fd',
          'name': 'WIN-TGQDU499RS4',
          'companyId': '5575a235d2172c65038b454e',
          'operatingSystem': 'Windows Server 2008 R2 Datacenter',
          'state': 1,
          'ip': '10.10.24.154',
          'lastSeen': '2015-06-22T13:46:59',
          'machineType': 1,
          'agent': {
               'engineVersion': '7.61184',
               'primaryEngine': 1,
               'fallbackEngine': 2,
               'lastUpdate': '2015-06-22T13:40:06',
               'licensed': 1,
               'productOutdated': False,
               'productUpdateDisabled': False,
               'productVersion': '6.2.3.569',
               'signatureOutdated': False,
               'signatureUpdateDisabled': False,
               'type': 3
           },
          'group': {
               'id': '5575a235d2172c65038b456d',
               'name': 'Custom Groups'
           },
          'malwareStatus': {
               'detection': False,
               'infected': False
           },
          'modules': {
               'advancedThreatControl': False,
               'antimalware': True,
               'contentControl': False,
               'deviceControl': False,
               'firewall': False,
               'powerUser': False,
               'networkAttackDefense': False
               'integrityMonitoring: False,
           },
          'policy': {
               'id': '5121da426803fa2d0e000017',
               'applied': True,
               'name': 'Default policy'
           },
           "label" : "endpoint label",
           "moveState": 1,
           "riskScore": {
                "value": "81%",
                "impact": "High",
                "misconfigurations": "70%",
                "appVulnerabilities": "11%",
                "humanRisks": "19%"
           },
        "lastSuccessfulScan": {
                "name": "72OHI5dnIH",
                "date": "2023-07-19T04:09:29+00:00"
           },

      }
  }
In this section: