Retrieves summary and reputation data, and returns a list of objects for the investigation specified.
HTTP Request
PUT /WebApp/OSCE_iES/OsceIes/ApiEntry
Parameters
The HTTP request body must contain all required parameters.
|
Name |
Type |
Description |
|---|---|---|
|
Required Parameters |
||
|
Url |
String |
Specifies the Endpoint Sensor API request to query |
|
TaskType |
Integer |
Type of API request For Endpoint Sensor, the value is always 4. For available values, see Threat Investigation API Task Types. |
|
Payload |
Object |
Payload of the request |
|
agentGuid |
String |
GUID of the target endpoint |
|
scanSummaryGuid |
String |
GUID of the investigation summary to retrieve |
|
serverGuid |
String array |
GUID of the target server |
HTTP Request Example
PUT /WebApp/OSCE_iES/OsceIes/ApiEntry
HTTP Request Body
Specify a JSON object containing the following HTTP request body:
Request body:
{
"Url": "V1/Task/ShowFootPrintTable",
"TaskType": 4,
"Payload": {
"serverGuid": [
"2EBEC86D-3FEB-4666-9CA6-B80AB1E193E6"
],
"agentGuid": "654B1B52-C3C9-4405-B133-48E2353DA13B",
"scanSummaryGuid": "58127b3e-1bde-4c6e-8d86-0d0f89ded601"
}
}
Response
If successful, this method returns an HTTP status code of "200", result code of "0", and a response body with the following structure:
The API response may return empty results if the task specified is still ongoing. To monitor the progress of the task and verify if results are ready, use the taskId from the response to call the ShowContent API.
For details, see ShowContent.
{
"Data": {
"Code": 0,
"CodeType": 1,
"Message": "OK",
"Data": {
"taskId": "E89B0244-691F-4000-BFCB-488F01E0AA5F",
"lastContentId": "[{
\"serverGuid\": \"2EBEC86D-3FEB-4666-9CA6-B80AB1E193E6\",
\"lastContentId\": 30131,
\"hasMore\": false
\"totalProgress\": 0,
\"currentProgress\": 0}]",
"hasMore": false,
"serverName": "SAMPLE_SERVER",
"serverGuid": "2EBEC86D-3FEB-4666-9CA6-B80AB1E193E6",
"content": [
{
"statusCode": 0,
"message": "TMSL_S_SUCCESS",
"content": {
"footprint": [
{
"objectId": "41361",
"parentId": "41244",
"operationType": 1,
"timestamp": 1539930386,
"event": [
{
"eventId": "2",
"metaLinkId": "6552613549544300799",
"objectType": 2,
"operationType": 1,
"objectName": "iCRCService.exe",
"timestamp": 1539930386,
"meta": [
{
"metaHashId": "-2496182079651645963",
"metaType": 104
},
{
"metaHashId": "-5802268642344638556",
"metaType": 105
},
{
"metaHashId": "1005881870920059050",
"metaType": 118
},
{
"metaHashId": "-4529102146130573936",
"metaType": 101
},
{
"metaHashId": "-6177962065641712412",
"metaType": 102
},
{
"metaHashId": "-7935765538101355343",
"metaType": 107
},
{
"metaHashId": "6636",
"metaType": 108
},
{
"metaHashId": "2996153155457079169",
"metaType": 109
},
{
"metaHashId": "6314752325711353153",
"metaType": 300
},
{
"metaHashId": "-5266231795820613969",
"metaType": 302
}
],
"riskLevel": 1,
"rating": {
"score": 1,
"metaType": 101,
"hasInvalidSigner": false
},
"isSymbolEvent": true,
"assessmentValue":
"BDBE92094705F466D8E39783991766B5C2B1E9D1",
"assessmentType": 5,
"nodeImage": 2
}
],
"groupNo": 1
},
{
"objectId": "41362",
"parentId": "41244",
"operationType": 1,
"timestamp": 1539930386,
"event": [
{
"eventId": "3",
"metaLinkId": "-2272764769042133456",
"objectType": 2,
"operationType": 1,
"objectName": "LWCSService.exe",
"timestamp": 1539930386,
"meta": [
{
"metaHashId": "-3086522818343600695",
"metaType": 104
},
{
"metaHashId": "3546988568951304820",
"metaType": 105
},
{
"metaHashId": "-2895303478273136063",
"metaType": 118
},
{
"metaHashId": "2617236305917161076",
"metaType": 101
},
{
"metaHashId": "-5536433289243677264",
"metaType": 102
},
{
"metaHashId": "-7935765538101355343",
"metaType": 107
},
{
"metaHashId": "6688",
"metaType": 108
},
{
"metaHashId": "-8563225389150726767",
"metaType": 109
},
{
"metaHashId": "6314752325711353153",
"metaType": 300
},
{
"metaHashId": "-5266231795820613969",
"metaType": 302
}
],
"riskLevel": 1,
"rating": {
"metaType": 101,
"score": 1,
"hasInvalidSigner": false
},
"isSymbolEvent": true,
"assessmentValue":
"2DE4FF049B0F4D6ED148F411F77D5EC5CFEF2536",
"assessmentType": 5,
"nodeImage": 2
}
],
"groupNo": 1
}
],
"metaProperty": [
{
"metaHashId": "-2496182079651645963",
"metaValue": "C:\\Program Files (x86)
\\Trend Micro
\\OfficeScan\\PCCSRV
\\WSS\\"
},
{
"metaHashId": "-5802268642344638556",
"metaValue": "iCRCService.exe"
},
{
"metaHashId": "1005881870920059050",
"metaValue": "E79618A56858F24F14C4E3
BB6C0B039246FA29AD6065
BFEDA0C31964417BFC47"
},
{
"metaHashId": "-4529102146130573936",
"metaValue": "BDBE92094705F466D8E3978
3991766B5C2B1E9D1"
},
{
"metaHashId": "-6177962065641712412",
"metaValue": "4169C663DB11C7D877AF929
BD1B2595A"
},
{
"metaHashId": "-7935765538101355343",
"metaValue": "Trend Micro, Inc."
},
{
"metaHashId": "6636",
"metaValue": "6636"
},
{
"metaHashId": "2996153155457079169",
"metaValue": "\"C:\\Program Files (x86)
\\Trend Micro\\OfficeScan
\\PCCSRV\\WSS
\\iCRCService.exe\""
},
{
"metaHashId": "6314752325711353153",
"metaValue": "SYSTEM"
},
{
"metaHashId": "-5266231795820613969",
"metaValue": "NT AUTHORITY"
},
{
"metaHashId": "-3086522818343600695",
"metaValue": "C:\\Program Files (x86)
\\Trend Micro\\OfficeScan
\\PCCSRV\\LWCS\\"
},
{
"metaHashId": "3546988568951304820",
"metaValue": "LWCSService.exe"
},
{
"metaHashId": "-2895303478273136063",
"metaValue": "69B9FA6E8A2F4C3981EB479
58671F14F70EECDDD0E671A
2F41C79058E9832209"
},
{
"metaHashId": "2617236305917161076",
"metaValue": "2DE4FF049B0F4D6ED148F4
11F77D5EC5CFEF2536"
},
{
"metaHashId": "-5536433289243677264",
"metaValue": "CA42B970294E2B25D88FA90
5E658E632"
},
{
"metaHashId": "6688",
"metaValue": "6688"
},
{
"metaHashId": "-8563225389150726767",
"metaValue": "\"C:\\Program Files (x86)
\\Trend Micro\\OfficeScan
\\PCCSRV\\LWCS
\\LWCSService.exe\""
}
],
"group": [
{
"groupNo": 1,
"timestamp": 1539930320
}
]
}
}
]
},
"TimeZone": 8
},
"Meta": {
"result": 1,
"errorCode": 0,
"errorMessgae": "Success"
},
"PermissionCtrl": {
"permission": "255",
"elements": null
},
"FeatureCtrl": {
"mode": "0"
},
"SystemCtrl": {
"TmcmSoDist_Role": "none"
}
}
The following table describes the response objects specific to this API.
|
Parameter |
Type |
Description |
|---|---|---|
footprint |
Object array |
Container for footprint objects Indicates the relationship between two nodes in the root cause chain. |
footprint[i].objectId |
String |
ID of the child node |
footprint[i].parentId |
String |
ID of the parent node |
footprint[i].operationType |
Integer |
Specifies the type of operation associated with the event For possible values, see Threat Investigation API Operation Types. |
footprint[i].timestamp |
Integer |
Time when event was recorded, in unix timestamp format |
footprint[i].event |
Object array |
Container for event objects |
footprint[i].event[j].eventId |
String |
ID of the event |
footprint[i].event[j].metaLinkId |
Integer |
Group ID for the event metadata |
footprint[i].event[j].objectType |
Integer |
Specifies the type of object For possible values, see Threat Investigation API Node Types. |
footprint[i].event[j].operationType |
Integer |
Specifies the type of operation associated with the event For possible values, see Threat Investigation API Operation Types. |
footprint[i].event[j].objectName |
String |
Name of the object which generated the event |
footprint[i].event[j].timestamp |
Integer |
Time when event was recorded, in unix timestamp format |
footprint[i].event[j].meta |
Object array |
Container for meta objects |
footprint[i].event[j].meta[k].metaHashId |
String |
Unique hash ID assigned to the object |
footprint[i].event[j].meta[k].metaType |
Integer |
Specifies the type of metadata For possible values, see Threat Investigation API Metadata Types. |
footprint[i].event[j].riskLevel |
Integer |
Specifies the risk level of the node For possible values, see Threat Investigation API Risk Levels. |
footprint[i].event[j].rating.score |
Integer |
Rating score from Trend Micro intelligence |
footprint[i].event[j].rating.metaType |
Integer |
Specifies the type of metadata For possible values, see Threat Investigation API Metadata Types. |
footprint[i].event[j].isSymbolEvent |
Boolean |
If isSymbolEvent is true, indicates that the event is a represented node |
footprint[i].event[j].assessmentValue |
String |
Value of the criteria used in the investigation |
footprint[i].event[j].assessmentType |
Integer |
Specifies the type of criteria used in the investigation For possible values, see Threat Investigation API Assessment Criteria Types. |
footprint[i].event[j].nodeImage |
Integer |
Specifies the image type assigned to the node For possible values, see Threat Investigation API Node Image Types. |
footprint[i].groupNo |
Integer |
Indicates the group where the node belongs |
|
footprint[i].event[j].rating.hasInvalidSigner |
Boolean |
Indicates the object has invalid signer. |
metaProperty[m].metaHashId |
String |
Unique hash ID assigned to the object |
metaProperty[m].metaValue |
String |
Value of the specified metaHashId |
group[n].groupNo |
Integer |
Indicates the group where the node belongs |
group[n].timestamp |
Integer |
The event recorded time for a group, in unix timestamp format |
For more information about standard responses and response codes for this API, see the following topics: