getManagedEndpointDetails

The getManagedEndpointDetails method retrieves comprehensive information about a specific endpoint managed in GravityZone.

Services

This method requires you to place the {service} name in the API URL. The allowed services are:

computers, for "Computers and Virtual Machines"
virtualmachines, for "Virtual Machines"

For example, the request URL for the virtual machines service is:

https://YOUR-HOSTNAME/api/v1.0/jsonrpc/network/virtualmachines

Parameters

Parameter	Description	Included in request	Type	Values
`endpointId`	The ID of the endpoint for which the details will be returned.	Mandatory	String	Must be a valid ID, belonging to a managed endpoint. Tip You can use the getEndpointsList method to get a list of managed endpoints by including the isManaged parameter and setting it to `true`. Example "endpointId" : "54a28b41b1a43d89367b23fd"

Return value

This method returns an Object containing the details of the specified endpoint:

id - the ID of managed endpoint
name - the name of the endpoint
companyId - the ID of the company to which the endpoint belongs
operatingSystem - the operating system of the endpoint
state - the power state of the machine: 1 - online, 2 - offline, 3 - suspended, 0 - unknown.
Note
The following states will be returned only for endpoints that are part of an active virtualization integration configured in GravityZone:
- 2 - offline
- 3 - suspended
ip - the IP address of the endpoint
lastSeen - the date of the last synchronization with Control Center
machineType - the type of the machine: 1 - computer, 2 - virtual machine, 3 - EC2 Instance, 0 - Other
agent - an Object containing the following information about the agent installed on the endpoint:
- engineVersion, the version of the scanning engine
- primaryEngine, the first engine to be used when scanning for malware. It can have one of the following values:
  - 1 - for Central Scanning (Security Server)
  - 2 - for Hybrid Scanning (Light Engines)
  - 3 - for Local Scanning (Full Engines)
  - 0 - Unknown
- fallbackEngine, the engine to be used if the primary engine is unavailable when the task is sent. It can have one of the following values:
  - 2 - for Hybrid Scanning (Light Engines)
  - 3 - for Local Scanning (Full Engines)
  - 0 - Unknown
- lastUpdate, the time and date of the last signatures update
- licensed, the license status: 0 - pending authentication, 1 - active license, 2 - expired license, 6 - there is no license or not applicable
- productOutdated, a Boolean specifying whether the agent's version is the latest available or not
- productUpdateDisabled, a Boolean specifying if product updates are disabled
- productVersion, the version of the agent
- signatureOutdated, a Boolean specifying if the antimalware signatures of the endpoint are outdated
- signatureUpdateDisabled, a Boolean specifying if the antimalware signature updates are disabled
- type, identifies which type of agent is installed on the endpoint:
  - 1 - Endpoint Security
  - 2 - Bitdefender Tools
  - 3 - BEST
group - an Object pointing to the group to which the endpoint belongs. The object contains the following fields:
- id, the ID of the group
- name, the name of the group
malwareStatus - an Object informing of the status of the endpoint related to malware. The object has the following fields:
- detection, a Boolean indicating if malware was detected on the endpoint in the last 24 hours,
- infected, a Boolean informing if the antimalware was able to remove the infection or the endpoint is still infected
policy - an Object informing about the active policy on the endpoint. The object contains:
- id, the ID of the active policy,
- name, the name of the policy,
- applied, a Boolean set to True if the policy is currently applied on the endpoint
modules - an Object informing of the installed modules and their statuses. The fields have Boolean values, true - if the module is enabled, or false - if the module is disabled. The available fields are:
- advancedThreatControl
- antimalware
- contentControl
- deviceControl
- firewall
- powerUser
- encryption
- edrSensor
- hyperDetect
- patchManagement
- relay
- sandboxAnalyzer
- exchange
- advancedAntiExploit
- containerProtection
- networkAttackDefense
label - string, the label set to this endpoint
managedWithBest - a Boolean set to True if the agent (BEST) is installed on the endpoint.
isContainerHost - a Boolean set to True if the endpoint is a Container Host.
managedExchangeServer - a Boolean set to True if the endpoint is an Exchange Server
managedRelay - a Boolean set to True if the endpoint has Relay role
securityServer - a Boolean set to True if the endpoint is a Security Server
managedWithNsx - a Boolean set to True if the endpoint is in a protected VMware NSX data center
managedWithVShield - a Boolean set to True if the endpoint is in a protected VMware vShield environment

Example

Request:

{
  "params": {
    "endpointId": "54a28b41b1a43d89367b23fd"
  },
  "jsonrpc": "2.0",
  "method": "getManagedEndpointDetails",
  "id": "301f7b05-ec02-481b-9ed6-c07b97de2b7b"
}

Response:

{
  "id": "0df7568c-59c1-48e0-a31b-18d83e6d9810",
  "jsonrpc": "2.0",
  "result": {
    "id": "54a28b41b1a43d89367b23fd",
    "name": "WIN-TGQDU499RS4",
    "companyId": "5575a235d2172c65038b454e",
    "operatingSystem": "Windows Server 2008 R2 Datacenter",
    "state": 1,
    "ip": "10.10.24.154",
    "lastSeen": "2015-06-22T13: 46: 59",
    "machineType": 1,
    "agent": {
      "engineVersion": "7.61184",
      "primaryEngine": 1,
      "fallbackEngine": 2,
      "lastUpdate": "2015-06-22T13: 40: 06",
      "licensed": 1,
      "productOutdated": false,
      "productUpdateDisabled": false,
      "productVersion": "6.2.3.569",
      "signatureOutdated": false,
      "signatureUpdateDisabled": false,
      "type": 3
    },
    "group": {
      "id": "5575a235d2172c65038b456d",
      "name": "Custom Groups"
    },
    "malwareStatus": {
      "detection": false,
      "infected": false
    },
    "modules": {
      "advancedThreatControl": false,
      "antimalware": true,
      "contentControl": false,
      "deviceControl": false,
      "firewall": false,
      "powerUser": false,
      "networkAttackDefense": false
    },
    "policy": {
      "id": "5121da426803fa2d0e000017",
      "applied": true,
      "name": "Default policy"
    },
    "label": "endpoint label"
    }
  }
}

{
  "id": "0df7568c-59c1-48e0-a31b-18d83e6d9810",
  "jsonrpc": "2.0",
  "result": {
    "id": "54a28b41b1a43d89367b23fd",
    "name": "WIN-TGQDU499RS4",
    "companyId": "5575a235d2172c65038b454e",
    "operatingSystem": "Windows Server 2008 R2 Datacenter",
    "state": 1,
    "ip": "10.10.24.154",
    "lastSeen": "2015-06-22T13: 46: 59",
    "machineType": 1,
    "agent": {
      "engineVersion": "7.61184",
      "primaryEngine": 1,
      "fallbackEngine": 2,
      "lastUpdate": "2015-06-22T13: 40: 06",
      "licensed": 1,
      "productOutdated": false,
      "productUpdateDisabled": false,
      "productVersion": "6.2.3.569",
      "signatureOutdated": false,
      "signatureUpdateDisabled": false,
      "type": 3
    },
    "group": {
      "id": "5575a235d2172c65038b456d",
      "name": "Custom Groups"
    },
    "malwareStatus": {
      "detection": false,
      "infected": false
    },
    "modules": {
      "advancedThreatControl": false,
      "antimalware": true,
      "contentControl": false,
      "deviceControl": false,
      "firewall": false,
      "powerUser": false,
      "networkAttackDefense": false,
      "integrityMonitoring": false
    },
    "policy": {
      "id": "5121da426803fa2d0e000017",
      "applied": true,
      "name": "Default policy"
    },
    "label": "endpoint label",
    "moveState": 1,
    "riskScore": {
      "value": "81%",
      "impact": "High",
      "misconfigurations": "70%",
      "appVulnerabilities": "11%",
      "humanRisks": "19%"
    },
    "lastSuccessfulScan": {
      "name": "72OHI5dnIH",
      "date": "2023-07-19T04:09:29+00:00"
    },
    "lastLoggedUsers": [
      "Administrador@serverpan.local",
      "contabilidad01@serverpan.local"
    ]
  }
}

In this section: