- Configure and Authenticate Cloud Apps
- Add Open API Authentication and Roles
- Accounts API v1
- Authentication
- Objects used with these APIs
- Get all accounts
- Get single account
- Create an account
- Modify an account
- Delete an account
- Reset an account’s history
- Get all accounts’ health statuses
- Get an account’s health status
- Activate an account
- Deactivate an account
- (Deprecated) Activate an account’s endpoint
- (Deprecated) Deactivate an account’s endpoint
- Activate an account’s endpoint
- Deactivate an account’s endpoint
- Test Account Connection
- Get Account Users
- Get Exposed Resources
- Export Account
- Import Account
- Get ConnectorsSyncSettings
- Set ConnectorsSyncSettings
- Accounts API v2
- Monitoring API
- Remediation API
- Settings and Reports API
- SIEM API
- Tenancy API
- Version API
Accounts API v1
Note
v2 of this API supersedes some of the v1 APIs. v2 is only new additions, so an API not present in v2 can still be used in v1.
Prefix all v1 API URLs with:
https://<your-server-ip>:8443/openapi/api/rest/v1/accounts
Authentication
Objects used with these APIs
AccountConfiguration
{
"id":"string",
"name":"string", # max of 64 characters
"description":"string",
"application":"string",
"tenant":{
"id":"string",
"name":"string"
},
"authn-data":{
"type":"BASIC",
"fields":[
{
"name":"string",
"value":"string"
},
"..."
]
}
}AccountStatus
{
"id":"string", # unique id of account
"tenant":{
"id":"string",
"name":"string"
},
"name":"string", # name given to account during onboard. e.g. MyAWS E
"application":"string", # name of service. e.g. AWS
"status":"StatusSummary", # "worst active endpoint"
"is-active":"boolean", # true when the account is in "RUNNING" status; false otherwise
"endpoint-status":"Array<EndpointStatus>"
}ExportedAccountPackage
{
"account":{
"src-tenant-id":"string", # tenant ID from which the account was exported
"src-tenant-name":"string", # tenant name from which the account was exported
"src-account-id":"string", # account ID in the SkyFormation server from which it was exported
"name":"string", # account name
"service":"string", # service name
"description":"string", # optional
"active":"boolean", # account activation state
"dlp-active":"boolean", # account DLP activation state
"malware-active":"boolean", # account malware activation state
"identity-reconciliation-rule":"JSON object", # identity reconciliation rule, optional
"account-settings":"JSON object" # account settings
"authn-data":"JSON object" # account authentication data
},
"mng-data":"JSON object" # account latest runtime information from the Exabeam Cloud Connector server from which it was exported"
}EndpointStatus
{
"name":"string", # Unique name of endpoint
"health-status":"StatusSummary",
"is-active":"boolean",
"last-successful-sync":"SyncResult",
"latest-syncs":"List<SyncResult>" # up to last 3 syncs, successful and errornous, sorted by update time, desc.
}SyncResult
{
"result-size": long, number of events retreived,
"total-sync-time": long, sec of duration, e.g. 60.000000,
"sync-date": double, sec since epoch, e.g. 1500207395.152,
"earliest-retrieved": long, sec since epoch, e.g. 1500194885, date of earliest event retrieved in the sync result,
"latest-retrieved": long, sec since epoch, e.g. 1500194885, date of latest event retreived in the sync result,
"earliest-requested": long, sec since epoch, e.g. 1500194885, date of earliest event requested to be synced,
"latest-requested": long, sec since epoch, e.g. 1500194885, date of latest event requested to be synced,
"result": StatusSummary
}StatusSummary
{
"state":"enum string", # "OK|WARN|ERROR"
"cause":"string", # optional, present when WARN or ERROR, describes the reason for the state
"locked-until":"number", # optional, present when in ERROR due to account lock, describes future unlock time; since 2.2.4; e.g. 1516195097.449
}User
{
"id":"string",
"full-name":"string", # display name of the user
"username":"string",
"email":"string",
"last-login":"string", # optional
"status":"enum string", # "locked_out|suspended|dormant|active"
}
ConnectorsSyncSettings
{
"user-identity-assignment": JSON object, when user reconciliation is configured, defines the LDAP/AD user property to be sent accross all events as a user identifier (null by default),
"failover-enabled": boolean, enable/disable account recovery machanism (true by default),
"global-sync-target": string, ["siem" | "local-bus"], decides whether events synced from all accounts, accross all endpoints, would be sent to a local event bus ("local-bus") or be sent directly to the configured SIEM. If defined it overrides the configured sync target at the level of each of endpoints (null by default)
}ExposedResource
{
"scope": enum string, public|public_authenticated,
"path": string,
"content-modified-time": date, time in epoch milli
"last-modified-time": date, time in epoch milli
"content-type": string,
"creation-time": date, time in epoch milli
"owner": {
"type": string, email|user name
"value": string
},
"expiration-time": date, time in epoch milli
"name": string,
"resource-type": string, file|folder
"is-container": boolean,
"size": long, size in bytes
"classification": string, data classification type for sensitive data
"shared-with-users": Array of user details that the file was shared with
[
{
"type": string, email|user name,
"value": string
},
{
"type": string, email|user name,
"value": string
}
...
],
"app-specific-property-bag" : {
"key" : "value",
...
}
} AccountResetFilter
Formal JSON Schema
{
"$schema": "http://json-schema.org/draft-07/schema#",
"definitions": {
"AccountResetFilter": {
"properties": {
"type": {
"enum": [
"all",
"some"
],
"type": "string"
}
},
"type": "object"
},
"AccountResetFilterUnion": {
"anyOf": [
{
"$ref": "#/definitions/Some"
},
{
"$ref": "#/definitions/All"
}
]
},
"All": {
"properties": {
"type": {
"enum": [
"all"
],
"type": "string"
}
},
"type": "object"
},
"EndpointCondition": {
"properties": {
"type": {
"enum": [
"exact",
"starts-with"
],
"type": "string"
}
},
"type": "object"
},
"EndpointConditionUnion": {
"anyOf": [
{
"$ref": "#/definitions/Exact"
},
{
"$ref": "#/definitions/StartsWith"
}
]
},
"Exact": {
"properties": {
"name": {
"type": "string"
},
"type": {
"enum": [
"exact"
],
"type": "string"
}
},
"type": "object"
},
"Some": {
"properties": {
"endpoint-conditions": {
"items": {
"anyOf": [
{
"$ref": "#/definitions/Exact"
},
{
"$ref": "#/definitions/StartsWith"
}
]
},
"type": "array"
},
"type": {
"enum": [
"some"
],
"type": "string"
}
},
"type": "object"
},
"StartsWith": {
"properties": {
"name": {
"type": "string"
},
"type": {
"enum": [
"starts-with"
],
"type": "string"
}
},
"type": "object"
}
}
}Examples:
Reset all of an account’s endpoints:
{
"type": "all"
}Reset some of an account’s endpoints: Will reset the endpoint "my-endpoint" as well as all endpoint that start-with "my-other-endp" , e.g. "my-other-endpoint-1" and "my-other-endp"
{
"type": "some",
"endpoint-conditions": [
{
"type": "exact",
"name": "my-endpoint"
},
{
"type": "starts-with",
"name": "my-other-endp"
}
]
}AccountResetResponse
A list (array) of endpoint names that were successfully reset. e.g.
[
"endpoint-1", "endpoint-2"
]Get all accounts
GET /
Response:
200,
List<AccountConfiguration>
Get single account
GET /{account-id}
Response:
200,
AccountConfiguration
Create an account
Refer to required authentication fields to detailed list of what each application type requires for authentication
POST /
Body:
AccountConfiguration w/o id.
Response:
200,
AccountConfiguration w/ id.
Modify an account
Refer to required authentication fields to detailed list of what each application type requires for authentication
PUT /{account-id}
Body:
AccountConfiguration
Response:
200,
AccountConfiguration
Delete an account
DELETE /{account-id}
Response:
200
Reset an account’s history
Reset the account’s sync history; as if it were just on-boarded.
An AccountResetFilter allows to filer/select which endpoint(s) to reset
POST /{tenant-id}/{account-id}/{reset-history}
Body:
Response:
200,
Get all accounts’ health statuses
GET /status
Response:
200,
List<AccountStatus>
Get an account’s health status
GET /status/{account-id}
Response:
200,
AccountStatus
Activate an account
PUT /{account-id}/activate
Response:
200
Deactivate an account
PUT /{account-id}/deactivate
Response:
200
(Deprecated) Activate an account’s endpoint
A list of endpoint names for each account is in its AccountStatus response.
DEPRECATED since 2.1.25. Use Activate an account’s endpoint instead
PUT /{account-id}/{endpoint-name}/activate
Response:
200
(Deprecated) Deactivate an account’s endpoint
A list of endpoint names for each account is in its AccountStatus response.
DEPRECATED since 2.1.25. Use Deactivate an account’s endpoint instead
PUT /{account-id}/{endpoint-name}/deactivate
Response:
200
Activate an account’s endpoint
A list of endpoint names for each account is in its AccountStatus response.
PUT /{account-id}/endpoint/activate?endpoint={endpoint-name}
Response:
200
Deactivate an account’s endpoint
A list of endpoint names for each account is in its AccountStatus response.
PUT /{account-id}/endpoint/deactivate?endpoint={endpoint-name}
Response:
200
Test Account Connection
GET /{account-id}/test-connection
Response:
200, OK
404 - account with given ID not found
412 - incomplete data (missing application name, incomplete authN data)
500
{
"status": int, an http-style status code, i.e. 200, 400,
"success": boolean,
"msg": string, 'N/A' | message returned from connector
}Get Account Users
GET /{account-id}/users
Response:
200, OK
List<User>
Get Exposed Resources
Refer to required authentication fields to detailed list of what each application type requires for authentication
POST /{account-id}/exposed-resources?type=file|folder&exposure-level=public|public_authenticaded
Body: Empty on the first call, Next (JsonObject) on subsequent callse (retrieved from ExposedResourcesResult of the previous response.
Response:
200, OK
ExposedResourcesResult
Export Account
Available from 2.3.51, supported for inactive accounts only
POST /{tenant-id}/{account-id}/export
Body: Empty
Response:
200, OK
ExportedAccountPackage with account.authn-data set to null
Import Account
Available from 2.3.51, supported for inactive accounts only
POST /{tenant-id}/import
Body: ExportedAccountPackage with account.authn-data set
Response:
200, OK
String - the generated account ID
Get ConnectorsSyncSettings
Available from 2.3.106
GET /{tenant-id}/sync-settings
Response:
200, OK
ConnectorsSyncSettings
Set ConnectorsSyncSettings
Available from 2.3.106
PUT /{tenant-id}/sync-settings``Body: ConnectorsSyncSettings
Response:
204, No Content