Creates a scheduled investigation.
HTTP Request
POST /WebApp/OSCE_iES/OsceIes/ApiEntry
Parameters
The HTTP request body must contain all required parameters.
|
Name |
Type |
Description |
|---|---|---|
|
Required Parameters |
||
|
Url |
String |
Specifies the Endpoint Sensor API request to query |
|
TaskType |
Integer |
Type of API request For Endpoint Sensor, the value is always 4. For available values, see Threat Investigation API Task Types. |
|
Payload |
Object |
Payload of the request |
|
name |
String |
Name of the scheduled investigation |
|
scanType |
Integer |
Method used for the investigation Only the following values are supported:
|
|
timeRange.rangeType |
String |
Period to be investigated
|
|
agentGuid |
Object |
GUID of the agent The value of agentGuid is a object of key-value pairs. The key is the serverGuid, and the value is a list of agentGuid strings of the endpoints managed by the target server. It uses the following format: { serverGuid : [ agentGuid ] } If both agentGuid and serverGuid contain an empty array, the request targets all agents. |
|
serverGuid |
String array |
GUID of servers which manage the endpoints specified in agentGuid If both agentGuid and serverGuid contain an empty array, the request targets all agents. |
|
userTimezone |
String |
Local timezone of user, in UTC format |
|
scheduleCriteria.startDate |
String |
Start date of the scheduled investigation Specify the value in ISO date format: YYYY-MM-DD |
|
scheduleCriteria.endDate |
String |
End date of the scheduled investigation Specify the value in ISO date format: YYYY-MM-DD |
|
scheduleCriteria.repeatType |
Integer |
Indicates how often the schedule should repeat
|
|
scheduleCriteria.repeatValue |
String |
Exact time when the schedule runs, specified in the following format:
|
|
fileContentCriteria.criteriaHashId |
String |
Criteria encoded in SHA1 hash format Use the IoC bucket hash ID if created by the Apex Central IoC bucket (for IoC and YARA). |
|
fileContentCriteria.base64EncodedContent |
String |
Criteria encoded in base64 format |
|
fileContentCriteria.fileName |
String |
File name of the OpenIOC and YARA file Specify an empty value for other criteria types. |
|
selectAll |
Object array |
Specify a blank value to return all results To include only results that match certain filters, specify values for selectAll[i].type and selectAll[i].value For more information, see Threat Investigation API "selectAll" Types and Values. |
|
Optional Parameters |
||
|
selectAll[i].type |
Integer |
Return only the results that match the specified filter For more information, see Threat Investigation API Filter Values. |
|
selectAll[i].value |
Integer |
Value of the filter type For more information, see Threat Investigation API "selectAll" Types and Values. |
HTTP Request Example
POST /WebApp/OSCE_iES/OsceIes/ApiEntry
HTTP Request Body
Specify a JSON object containing the following HTTP request body:
Request body:
{
"Url": "V1/Task/CreateScanSchedule",
"TaskType": 4,
"Payload": {
"name": "test",
"scanType": 6,
"timeRange": {
"rangeType": "ANY"
},
"agentGuid": {
"2EBEC86D-3FEB-4666-9CA6-B80AB1E193E6": [
"654b1b52-c3c9-4405-b133-48e2353da13b"
]
},
"serverGuid": [
"2EBEC86D-3FEB-4666-9CA6-B80AB1E193E6"
],
"userTimezone": "8",
"scheduleCriteria": {
"startDate": "2018-10-25",
"endDate": "2018-11-25",
"repeatType": 3,
"repeatValue": "08:00:00"
},
"fileContentCriteria": {
"criteriaHashId":
"24c268bee95b7fb4097dcc4c0aee10df431ad46e",
"base64EncodedContent":
"PD94bWwgdmVyc2lvbj0nMS4wJyBlbmNvZGluZz0nVVRG...",
"fileName": "DD IOC.ioc"
},
"selectAll": []
}
}
Response
If successful, this method returns an HTTP status code of "200", result code of "0", and a response body with the following structure:
{
"Data": {
"Code": 0,
"CodeType": 1,
"Message": "OK",
"Data": {
"taskId": "",
"lastContentId": "",
"hasMore": false,
"serverGuid": "",
"serverName": "",
"content": [
{
"statusCode": 0,
"message": "Success",
"content": {
"scanScheduleId": 5,
"scanScheduleGuid":
"32350675-1457-475c-8890-c725bb2fd9f6",
"name": "test",
"userTimezone": 8,
"status": 1,
"repeatType": 3,
"repeatValue": "08:00:00",
"endpointType": 1,
"startDate": 1540396800,
"endDate": 1543161599,
"scanType": 6
}
}
]
},
"TimeZone": 8
},
"Meta": {
"result": 1,
"errorCode": 0,
"errorMessgae": "Success"
},
"PermissionCtrl": {
"permission": "255",
"elements": null
},
"FeatureCtrl": {
"mode": "0"
},
"SystemCtrl": {
"TmcmSoDist_Role": "none"
}
}
The following table describes the response objects specific to this API.
|
Name |
Type |
Description |
|---|---|---|
|
scanScheduleId |
Integer |
ID of the scheduled investigation |
|
scanScheduleGuid |
String |
GUID of the scheduled investigation |
|
name |
String |
Name of the scheduled investigation |
|
userTimezone |
String |
Local timezone of user, in UTC format |
|
status |
Integer |
Status of the scheduled investigation
|
|
repeatType |
Integer |
Indicates how often the schedule should repeat
|
|
repeatValue |
String |
Exact time when the schedule runs, specified in the following format:
|
|
endpointType |
Integer |
Type of selection for target endpoints
Value is always 0 if agentGuid is empty. |
|
startDate |
Integer |
Start date of the scheduled investigation |
|
endDate |
Integer |
End date of the scheduled investigation |
|
scanType |
Integer |
Method used by the investigation
|
For more information about standard responses and response codes for this API, see the following topics: