ON PREMISES SOLUTIONS

getManagedEndpointDetails

This method returns detailed information, such as: details to identify the endpoint and the security agent, the status of installed protection modules.

Services

This method requires you to place the {service} name in the API URL. The allowed services are:

  • computers, for "Computers and Virtual Machines"

  • virtualmachines, for "Virtual Machines"

For example, the request URL for the virtual machines service is:

https://YOUR-HOSTNAME/api/v1.0/jsonrpc/network/virtualmachines

Parameters

Parameter

Type

Optional

Description

endpointId

String

No

The ID of the endpoint for which the details will be returned.

Return value

This method returns an Object containing the details of the specified endpoint:

  • id - the ID of managed endpoint

  • name - the name of the endpoint

  • companyId - the ID of the company to which the endpoint belongs

  • operatingSystem - the operating system of the endpoint

  • state - the power state of the machine: 1 - online, 2 - offline, 3 - suspended, 0 - unknown.

    Note

    The following states will be returned only for endpoints that are part of an active virtualization integration configured in GravityZone:

    • 2 - offline

    • 3 - suspended

  • ip - the IP address of the endpoint

  • lastSeen - the date of the last synchronization with Control Center

  • machineType - the type of the machine: 1 - computer, 2 - virtual machine, 3 - EC2 Instance, 0 - Other

  • agent - an Object containing the following information about the agent installed on the endpoint:

    • engineVersion, the version of the scanning engine

    • primaryEngine, the first engine to be used when scanning for malware. It can have one of the following values:

      • 1 - for Central Scanning (Security Server)

      • 2 - for Hybrid Scanning (Light Engines)

      • 3 - for Local Scanning (Full Engines)

      • 0 - Unknown

    • fallbackEngine, the engine to be used if the primary engine is unavailable when the task is sent. It can have one of the following values:

      • 2 - for Hybrid Scanning (Light Engines)

      • 3 - for Local Scanning (Full Engines)

      • 0 - Unknown

    • lastUpdate, the time and date of the last signatures update

    • licensed, the license status: 0 - pending authentication, 1 - active license, 2 - expired license, 6 - there is no license or not applicable

    • productOutdated, a Boolean specifying whether the agent's version is the latest available or not

    • productUpdateDisabled, a Boolean specifying if product updates are disabled

    • productVersion, the version of the agent

    • signatureOutdated, a Boolean specifying if the antimalware signatures of the endpoint are outdated

    • signatureUpdateDisabled, a Boolean specifying if the antimalware signature updates are disabled

    • type, identifies which type of agent is installed on the endpoint:

      • 1 - Endpoint Security

      • 2 - Bitdefender Tools

      • 3 - BEST

  • group - an Object pointing to the group to which the endpoint belongs. The object contains the following fields:

    • id, the ID of the group

    • name, the name of the group

  • malwareStatus - an Object informing of the status of the endpoint related to malware. The object has the following fields:

    • detection, a Boolean indicating if malware was detected on the endpoint in the last 24 hours,

    • infected, a Boolean informing if the antimalware was able to remove the infection or the endpoint is still infected

  • policy - an Object informing about the active policy on the endpoint. The object contains:

    • id, the ID of the active policy,

    • name, the name of the policy,

    • applied, a Boolean set to True if the policy is currently applied on the endpoint

  • hypervisorMemoryIntrospection - an Object providing the status and configuration of Bitdefender HVI. This object appears only if the endpoint is protected by HVI. Object description:

    • status, a Boolean set to True if HVI is enabled

    • activeModules, an Object containing two Boolean fields that show the status of the HVI modules: userMode and kernelMode. If True, then the module is active.

    • securityServer, an Object that contains the details about the Security Server which protects the endpoint. It contains name, string, the name of the security server, ip, string, the IP of the security server and Label, string, the label associated with the server

    • isLicensed, boolean, specifies if the endpoint is licensed for Hypervisor memory introspection

  • modules - an Object informing of the installed modules and their statuses. The fields have Boolean values, True - if the module is enabled, or False - if the module is disabled. The available fields are:

    • advancedThreatControl

    • antimalware

    • contentControl

    • deviceControl

    • firewall

    • powerUser

    • encryption

    • edrSensor

    • hyperDetect

    • patchManagement

    • relay

    • sandboxAnalyzer

    • exchange

    • advancedAntiExploit

    • containerProtection

    • networkAttackDefense

  • label - string, the label set to this endpoint

  • managedWithBest - a Boolean set to True if the agent (BEST) is installed on the endpoint.

  • isContainerHost - a Boolean set to True if the endpoint is a Container Host.

  • managedExchangeServer - a Boolean set to True if the endpoint is an Exchange Server

  • managedRelay - a Boolean set to True if the endpoint has Relay role

  • securityServer - a Boolean set to True if the endpoint is a Security Server

  • managedWithNsx - a Boolean set to True if the endpoint is in a protected VMware NSX data center

  • managedWithVShield - a Boolean set to True if the endpoint is in a protected VMware vShield environment

  • managedWithHvi - a Boolean set to True if the endpoint si protected by Bitdefender HVI

  • hviProtectionType - informs how HVI protection is delivered: 1 - via Security Server, 2 - via agent (BEST)

Example

Request:

  {
       "params": {
           "endpointId" : "54a28b41b1a43d89367b23fd"
       },
       "jsonrpc": "2.0",
       "method": "getManagedEndpointDetails",
       "id": "301f7b05-ec02-481b-9ed6-c07b97de2b7b"
  }

Response:

  {
      "id":"0df7568c-59c1-48e0-a31b-18d83e6d9810",
      "jsonrpc":"2.0",
      "result": {
          'id': '54a28b41b1a43d89367b23fd',
          'name': 'WIN-TGQDU499RS4',
          'companyId': '5575a235d2172c65038b454e',
          'operatingSystem': 'Windows Server 2008 R2 Datacenter',
          'state': 1,
          'ip': '10.10.24.154',
          'lastSeen': '2015-06-22T13:46:59',
          'machineType': 1,
          'agent': {
               'engineVersion': '7.61184',
               'primaryEngine': 1,
               'fallbackEngine': 2,
               'lastUpdate': '2015-06-22T13:40:06',
               'licensed': 1,
               'productOutdated': False,
               'productUpdateDisabled': False,
               'productVersion': '6.2.3.569',
               'signatureOutdated': False,
               'signatureUpdateDisabled': False,
               'type': 3
           },
          'group': {
               'id': '5575a235d2172c65038b456d',
               'name': 'Custom Groups'
           },
          'malwareStatus': {
               'detection': False,
               'infected': False
           },
          'modules': {
               'advancedThreatControl': False,
               'antimalware': True,
               'contentControl': False,
               'deviceControl': False,
               'firewall': False,
               'powerUser': False,
               'networkAttackDefense': False
           },
          'policy': {
               'id': '5121da426803fa2d0e000017',
               'applied': True,
               'name': 'Default policy'
           },
           "label" : "endpoint label",
           "managedWithHvi": true,
           "hviProtectionType": 1,
           "managedWithBest": true
           
      }
  }
In this section: