- Configure and Authenticate Cloud Apps
- Add Open API Authentication and Roles
- Accounts API v1
- Authentication
- Objects used with these APIs
- Get all accounts
- Get single account
- Create an account
- Modify an account
- Delete an account
- Reset an account’s history
- Get all accounts’ health statuses
- Get an account’s health status
- Activate an account
- Deactivate an account
- (Deprecated) Activate an account’s endpoint
- (Deprecated) Deactivate an account’s endpoint
- Activate an account’s endpoint
- Deactivate an account’s endpoint
- Test Account Connection
- Get Account Users
- Get Exposed Resources
- Export Account
- Import Account
- Get ConnectorsSyncSettings
- Set ConnectorsSyncSettings
- Accounts API v2
- Monitoring API
- Remediation API
- Settings and Reports API
- SIEM API
- Tenancy API
- Version API
Remediation API
Use the remediation API to execute remediation actions inside the Exabeam cloud apps connector accounts.
Prefix all API URLs with:
https://<your-server-ip>:8443/openapi/api/rest/v1/remediation
Authentication
Only users assigned the remediation-admin role are authorized to use this API. See Add Open API Authentication and Roles.
Objects used with these APIs
RemediationResponse
{
"is-success": boolean,
"status-message": string optional,
}Suspend a User
Supported connectors:
Salesforce
DropBox – Requires an additional members access token with "team member management" permission
ServiceNow
Azure – Requires permission "Microsoft Graph" > "Read and write all users' full profiles"
Office365 – Requires permission "Microsoft Graph" > "Read and write all users' full profiles"
POST /{account-id}/suspend-user
Query Parameters:
userAttributeName – a required string with the user attribute name used to identify the user (should be taken from the suid field in Exabeam Cloud Connectors CEF events)
userAttributeValue – a required string with the user attribute value used to identify the user (should be taken from the suser field in Exabeam Cloud Connectors CEF events)
Response:
200,
RemediationResponse
Unsuspend a User
Supported connectors:
Salesforce
DropBox – Requires an additional members access token with "team member management" permission
ServiceNow
Azure – Requires permission "Microsoft Graph" > "Read and write all users' full profiles"
Office365 – Requires permission "Microsoft Graph" > "Read and write all users' full profiles"
POST /{account-id}/un-suspend-user
Query Parameters:
userAttributeName – A required string with the user attribute name used to identify the user (should be taken from the suid field in SkyFormation CEF events)
userAttributeValue – A required string with the user attribute value used to identify the user
(should be taken from the suser field in SkyFormation CEF events)
Response:
200,
RemediationResponse