Threat Investigation Automation APIs

Apex Central supports the following Threat Investigation Automation APIs.

Action	Description
ShowFootPrintChain	Retrieves summary and reputation data, and returns a list of objects included in the root cause chain of the investigation specified.
ShowFootPrintTable	Retrieves summary and reputation data, and returns a list of objects for the investigation specified.
ShowFootPrintCsv	Retrieves data of a root cause analysis table view as a CSV file.
CreateQuickScan	Creates a new preliminary investigation by specifying criteria with a search operator (AND, OR) and a match condition (IS, CONTAINS). The investigation targets all endpoints and is performed on server metadata.
ShowScanSummaryList	Retrieves a collection of investigation tasks. This API is used to display investigation tasks in the One-Time Investigation tab of the web console.
ShowScanListByScanSummaryGuid	Retrieves investigation details, filtered by investigation status (All, Matched, No match, Pending or Unsuccessful), and contains detailed investigation results for each endpoint.
ShowAgentList	Displays all the agents. Results can be filtered by endpoint name, endpoint type and IP range.
CreateScan (Custom Criteria)	Creates a new investigation using custom criteria.
CreateScan (OpenIOC and YARA Files)	Creates a new investigation using OpenIOC and YARA files.
CreateScan (Registry)	Creates a new investigation on the registry.
CreateProcessTermination	Terminates the suspicious processes specified, if they are running on the endpoints.
CreateScanSchedule	Creates a scheduled investigation.
ShowContent	Retrieves results based on the specified `taskId`. Since the investigation may take some time to complete, call the `ShowContent` API at regular intervals until the API responds with the results of the specified `TaskId`.

Parent topic

Supported Threat Investigation Automation APIs