symantec-logo-top
Symantec Integrated Cyber Defense Manager (ICDm): API reference

Symantec Integrated Cyber Defense Manager (ICDm): API reference

1. Concepts

1.1. Components of the API

1.1.1. Required components and sample usage

To customize a REST API call, you use the following required components with a tool such as SoapUI or with a programming language such as PowerShell or Java.

Component

Description

URI

The base Uniform Resource Identifier (URI) is the following:

All APIs exposed by Integrated Cyber Defense Manager carry authentication tokens and other privileged data. To ensure the confidentiality of the data, the REST APIs are only available over a secure connection.

Method

The method that you use to make the call to the API. Which method you use depends on the API and what you want to accomplish with the API. Methods include GET, PUT, POST, and DELETE.

Headers

Integrated Cyber Defense Manager REST API’s require the following HTTP headers:

  • Authorization: Bearer UserToken

  • UserToken represents the token response that the authenticated API returns. The authenticate API itself does not require this header.

  • Content-Type: application/json

Request parameters

The request parameters that are appropriate for the API that you want to use.

2. Symantec Endpoint Security API documentation

2.1. Authentication

2.1.1. >>>Overview and prerequisites

Description: This API is utilized to generate an access token used for subsequent API calls.

You need your Client ID and Client Secret when you request an access token.

To obtain your Client ID and Client Secret:. Login to your Integrated Cyber Defense Manager console.

  1. Press the *Endpoint*tab and access Integration > Client Applications.

  2. Press Add Client Application.

  3. Enter any name for the application and press the Add button. The Client ID appears.

  4. Press the ellipsis to obtain the Client Secret.

2.1.2. >>>API command details

  • Generate new access token (NEW_ACCESS_TOKEN) from the client id and client secret key.

  • *URL:*v1/oauth2/tokens

  • Request Method : POST

  • Request Header :

    Accept: application/json
    Content-Type: application/json
    Authorization: TzJJRC5URVNULWNOX2w0Tk9xUVhHQzR4VDFNNm9kUmcuVEVTVC1pMHRmdy1QWFJfYWkwaTNVSWp
    5MGlRLmNzNjk5ZHV2dmppczkwNDhoMm1xcnQ1cTI5OjFyNzJ1aGE1OHJ2OTBia3JjZHE2b2RlMjNwdGh2ODdqMzU3OQ==

2.1.3. >>>Parameters

Type

Name

Description

Default

Header

Accept

Use value application/json.

application/json

Header

Authorization

Value for the header is of the form Basic «ClientId:ClientSecret» where ClientId:ClientSecret is base64 encoded.

Header

Content-Type

Use value application/x-www-form-urlencoded.

application/x-www-form-urlencoded

Field

Description

Component

id

The ID of the device.

Body

name

The name of the device.

Body

total

The count of all devices in the device group.

Body

Code

Description

204

No Content

400

Bad Input

401

Unauthorized Token

500

Internal server error - unexpected error condition

2.1.4. >>>Examples

  • Request Access Token Example (curl):

    curl -X POST \
    https://api.sep.securitycloud.symantec.com/v1/oauth2/tokens \
    -H 'Accept: application/json' \
    -H 'Authorization: Basic TzJJRC4wWDVuRWxwYlF2dXNCX2x20b2FxYmE1Z2W1oNNlc252' \
    -H 'Content-Type: application/x-www-form-urlencoded' \
    -H 'Host: api.sep.securitycloud.symantec.com'
  • Response Data Example:

    {    "access_token":
    "eyJraWQiOiJMU3FJU1ZLRlF1S3cwdkpoSWRPckhBIiwidHlwIjoiSldUIiwiYWxnIjoiUlMyNTYifQ.
    eyJzdWIiOiJ7XCJkb21haW5faWRcIjpcIlRFU1QtaTB0ZnctUFhSX2FpMGkzVUlqeTBpUVwiLFwib3d
    uZXJfdXJpXCI6XCJcL3YxXC9tZHJcL3VzZXJzXC8ybHdTZEJ2dlRVS2lqUlRyVl9aai1BXCIsXCJzY2
    9wZVwiOlwiXCIsXCJwcml2c1wiOlwidmlld19ldmVudHNcIixcImN1c3RvbWVyX2lkXCI6XCJURVNUL
    WNOX2w0Tk9xUVhHQzR4VDFNNm9kUmdcIixcInVyaVwiOlwiXC9vYXV0aDJcL2NsaWVudHNcL08ySUQu
    VEVTVC1jTl9sNE5PcVFYR0M0eFQxTTZvZFJnLlRFU1QtaTB0ZnctUFhSX2FpMGkzVUlqeTBpUS5jczY
    5OWR1dnZqaXM5MDQ4aDJtcXJ0NXEyOVwiLFwiY2xpZW50X2lkXCI6XCJPMklELlRFU1QtY05fbDROT3
    FRWEdDNHhUMU02b2RSZy5URVNULWkwdGZ3LVBYUl9haTBpM1VJankwaVEuY3M2OTlkdXZ2amlzOTA0O
    GgybXFydDVxMjlcIn0iLCJ2ZXIiOjEsImlzcyI6ImlkZW50aXR5LmNjLXN0YWdlLTEtdXMtZWFzdC0x
    LkNVU19QQVJUMSIsImV4cCI6MTUzMTExODgxMiwiaWF0IjoxNTMxMTE1MjEyLCJqdGkiOiJvMlZRVG9
    FR1FRU24wWHVUcFk3azVnIn0.Q-6E2H3SGoufAGJ3RztdwmHHUQp1VkjlRtlXYhSWwVfTiU8_UT-Pee
    eI7ejJ09L82WGD7K7iC0rrH2EqY5PAWUP5JG-jCQcnB_xqEO5xZwtDFbv4PclUKmPvz3EOcFd9EiSM1
    DhjsfMBJQvs7l3edlBkZag9rDqcuLldUqvEG5aPTzRfwt1EtKQRnfr9a7ptJARbqYG-dve0YFhjB9Tf
    qHwjWBno2gTWzRzCqAK60pobvlXUqpXRlSvxNj5DbQ3f4QLqV-5RcEk5KSuUJDdMfjRNfQu4SwXvLIi
    JaJ0ise2YcyvmDpPIxH3GZ-XRp563v6RqEAf7Qifh29jbQvOS5A",
    
        "token_type": "Bearer",    "expires_in": 3600
    
    }
Note

Use the access token from the response of the above API in any documented Symantec Endpoint Security API.

  • Success Response Body:

    {
      "access_token": "eyJraWQiOiJNdXVysdfdsdfsdfsdfsdfsdfsdsdfsdfsfsdfsdfsdfsdfsdfsdfsdfssdfsfsatEUL1SShDv5XLkUo9OL64w",
      "token_type": "Bearer",
      "expires_in": 3600
    }
  • Error Response Body

    {
       "message": "some_error_message_that_will_help_caller"
    }
    *

2.2. Device Information

2.2.1. Device Groups

2.2.2. >>>Overview and prerequisites

Description: This API lets you retrieve a list of your device groups.

2.2.3. >>>API command details

URL: /v1/device-groups

Request Method: GET

Request Header:

Content-type: application/json
Accept: application/json
Authorization: Bearer <access_token>

2.2.4. >>> Response Attributes and Codes

Field

Description

Component

id

The ID of the device group.

Body

name

The name of the device group.

Body

description

The description of the device group.

Body

created

The created date and time of the device group.

Body

modified

The modified date and time of the device group.

Body

parent_ID

The ID of the parent device group.

Body

Code

Description

200

Successful operation.

400

Invalid operation.

The body of the response contains information about the error.

401

Authentication is required. Make sure that you use a correct account ID and valid security token.

403

Access to the requested URL is forbidden.

500

Server error.

Please try again later, and if the problem persists, contact Symantec Support.

2.2.5. >>>Examples

Request Data Example (curl):

curl -X GET \
https://api.sep.securitycloud.symantec.com/v1/device-groups \
-H 'Authorization: Bearer eyJraWQiOiI3b2UxgqZUkmfS0AFcZ3aZfZYdJK1daeXVW8mNIpVyAfh1HUaPym3bprwxz580FHFljk1I0Cry-YLaIbVKWuefshMfmuGzq4hoU8KCr6Um2UcpYH-f3MaAlzIRcJfkdirLPSDL6JNlqPy2h8Wy1GB5fsR01xvvjecDKQlrJVeIhp4fLT41ZspggPw' \
-H 'Content-Type: application/json'

Success Response Body:

{
"device_groups": [{
"id": "0Yj6LUmWShKTNMuJdw6yaA",
"name": "Group l3",
"description": "df test asset group",
"created": "2019-07-24T04:16:29.615Z",
"modified": "2019-07-24T04:16:29.615Z",
"parent_id": "someparentidsome1",
}, {
"id": "4lpOFFYiTV6e5SOx6S509g",
"name": "Group 14",
"description": "dsdfd",
"created": "2019-07-17T09:37:26.127Z",
"modified": "2019-07-17T09:37:26.127Z",
"parent_id": "someparentid",
}],
"total": 2
}

Error Response Body

{
   "message": "some_error_message_that_will_help_caller"
}

2.2.6. Device Groups by ID

2.2.7. >>>Overview and prerequisites

Description: This API lets you retrieve the details for a device group by using its ID.

2.2.8. >>>API command details

URL: /v1/device-groups/{device_group_id}

Request Method: GET

Request Header:

Content-type: application/json
Accept: application/json
Authorization: Bearer <access_token>

2.2.9. >>>Response Attributes and Codes

Field

Description

Component

id

The ID of the device group.

Body

name

The name of the device group.

Body

description

The description of the device group.

Body

created

The created date and time of the device group.

Body

modified

The modified date and time of the device group.

Body

parent_ID

The ID of the parent device group.

Body

Code

Description

200

Successful operation.

400

Invalid operation.

The body of the response contains information about the error.

401

Authentication is required. Make sure that you use a correct account ID and valid security token.

403

Access to the requested URL is forbidden.

500

Server error.

Please try again later, and if the problem persists, contact Symantec Support.

2.2.10. >>>Examples

Request Data Example (curl):

curl -X GET \
https://api.sep.securitycloud.symantec.com/v1/device-groups/Fhmuk6ehCAg \
-H 'Authorization: Bearer eyJraWQiOiI3b2UxNHBTM01BIiwiaZfZYdJK1daeXVW8mNIpVyAfh1HUaPym3bprwxz580FHFljk1I0Cry-YLaIbVKWuefshMfmuGzq4hoU8KCr6Um2UcpYH-f3MaAlzIRcJfkdirLPSDL6JNlqPy2h8Wy1GB5fsR01xvvjecDKQlrJVeIhp4fLT41ZspggPw' \
-H 'Content-Type: application/json'

Success Response Body:

{
"id": "0Yj6LUmWShKTNMuJdw6yaA",
"name": "AG l3",
"description": "df asset group",
"created": "2019-07-24T04:16:29.615Z",
"modified": "2019-07-24T04:16:29.615Z",
"parent_id": "someparentid3",
}

Error Response Body

{
   "message": "some_error_message_that_will_help_caller"
}

2.2.11. Devices by group

2.2.12. >>>Overview and prerequisites

Description: This API lets you retrieve a list of devices that are members of a device group.

2.2.13. >>>API command details

URL: /v1/device-groups/{device_group_id}/devices

Request Method: GET

Request Header:

Content-type: application/json
Accept: application/json
Authorization: Bearer <access_token>

2.2.14. >>>Parameters and Response Codes

Field

Description

Component

device_group_id

This defines which device group that member devices are listed from.

Header

Field

Description

Component

id

The ID of the device.

Body

name

The name of the device.

Body

total

The count of all devices in the device group.

Body

Code

Description

200

Successful operation.

400

Invalid operation.

The body of the response contains information about the error.

401

Authentication is required. Make sure that you use a correct account ID and valid security token.

403

Access to the requested URL is forbidden.

500

Server error.

Please try again later, and if the problem persists, contact Symantec Support.

2.2.15. >>>Examples

Request Data Example (curl):

curl -X GET \
https://api.sep.securitycloud.symantec.com/v1/device-groups/Z5KOxbzHw/devices \
-H 'Authorization: Bearer eyJraWQiOiI3b2UxNHBKZVRZU0dqcmJULWgh8Wy1GB5fsR01xvvjecDKQlrJVeIhp4fLT41ZspggPw' \
-H 'Content-Type: application/json'

Success Response Body:

{
"devices": [{
"id": "test-asset-id1",
"name": "test-asset1",
}, {
"id": "test-asset-id2",
"name": "test-asset2",
}, {
"id": "test-asset-id3",
"name": "test-asset3",
}],
"total": 3
}

Error Response Body

{
   "message": "some_error_message_that_will_help_caller"
}

2.2.16. Devices Details

2.2.17. >>>Overview and prerequisites

Description: This API lets you retrieve the device details for a device.

2.2.18. >>>API command details

URL: /v1/devices/{device_id}

Request Method: GET

Request Header:

Content-type: application/json
Accept: application/json
Authorization: Bearer <access_token>

2.2.19. >>>Parameters and Response Codes

Field

Description

Component

device_id

Defines which device to retrieve device details from.

Header

Field

Description

Component

id

The ID of the device.

Body

name

The name of the device.

Body

os.name

The name of the operating system of the device.

Body

os.version

The name of the operating system version of the device.

Body

adapters.ipv4Address

The IP address (IPv4) of the device.

Body

adapters.ipv6Address

The IP address (IPv6) of the device.

Body

mask

The subnet mask of the device.

Body

device_status

The status of the device.

Body

is_virtual

The virtual machine status of the device.

Body

dns_names

The dns names of the device.

Body

Code

Description

200

Successful operation.

400

Invalid operation.

The body of the response contains information about the error.

401

Authentication is required. Make sure that you use a correct account ID and valid security token.

403

Access to the requested URL is forbidden.

500

Server error.

Please try again later, and if the problem persists, contact Symantec Support.

2.2.20. >>>Examples

Request Data Example (curl):

curl -X GET \
https://api.sep.securitycloud.symantec.com/v1/devices/K-M4LLZBakQ \
-H 'Authorization: Bearer eyJraWQiOiI3b2UxNHBKZVRZU0dqcmxz580FHFljk1I0Cry-YLaIbVKWuefshMfmuGzq4hoU8KCr6Um2UcpYH-f3MaAlzIRcgPw' \
-H 'Content-Type: application/json' \
-H 'Host: api.sep.securitycloud.symantec.com'

Success Response Body:

{
"id": "u3UUf3dcQH2NFMdV70HY1g",
"name": "DESKTOP-HKCKF8L",
"description": "Test desktop for lab",
"host": "DESKTOP-HKCKF8L",
"domain": "WORKGROUP",
"is_virtual": false,
"created": "2019-06-18T06:00:01.139Z",
"modified": "2019-06-19T07:23:40.822Z",
"adapters": [{
"ipv6_prefix": 64,
"ipv6Address": "FE80:0000:0000:0000:36A:14:A1:729",
"ipv4_prefix": 21,
"ipv4Address": "101.21.121.11",
"addr": "00:50:56:89:69:75",
"mask": "255.255.248.0"
}],
"device_status": "UNKNOWN",
"dns_names": ["110.21.121.11", "FEC0:0000:0000:FF:0000:0000:0000:0001"],
"parent_id": "p6HTjtMv1kn3vh8WVg"
}

Error Response Body

{
   "message": "some_error_message_that_will_help_caller"
}

2.3. Device Commands

2.3.1. Device Unquarantine

2.3.2. >>>Overview and prerequisites

Description: This API lets you unquarantine devices managed by your Integrate Cyber Defense Manager.

2.3.3. >>>API command details

URL:/v1/commands/allow

Request Method: POST

Request Header:

Content-Type:application/json
Authorization:{{ext_api_oauth_token}}

Request Body:

{
    "device_ids": [
        "ehH_9sDfTeOH-vG5g6mqo1"
    ]
}

2.3.4. >>>Parameters and Response Codes

Field

Description

Component

Content-Type

Use value application/json.

Header

Authorization

Bearer <security token received from the /login API>.

Header

Code

Description

200

Successful operation.

400

Invalid operation.

The body of the response contains information about the error.

401

Authentication is required. Make sure that you use a correct account ID and valid security token.

500

Server error.

Please try again later, and if the problem persists, contact Symantec Support.

2.3.5. Device Quarantine

2.3.6. >>>Overview and prerequisites

Description: This API lets you quarantine devices managed by your Integrate Cyber Defense Manager.

2.3.7. >>>API command details

URL: /v1/commands/contain

Request Method: POST

Request Header:

Content-Type:application/json
Authorization:{{ext_api_oauth_token}}

Request Body:

{
    "device_ids": [
        "ehH_9sDfTeOH-vG5g6mqo1",
        "ehH_9sDfTeOH-vG5g6mqo2"
    ],
    "org_unit_ids": [
        "jC9gVcA-QI2JxN6UbDllEw",
        "jC9gVcA-QI2JxN6UbDllEz"
    ],
    "is_recursive": false
}

2.3.8. >>>Parameters and Response Codes

Field

Description

Component

Content-Type

Use value application/json.

Header

Authorization

Bearer <security token received from the /login API>.

Header

Code

Description

200

Successful operation.

400

Invalid operation.

The body of the response contains information about the error.

401

Authentication is required. Make sure that you use a correct account ID and valid security token.

500

Server error.

Please try again later, and if the problem persists, contact Symantec Support.

2.3.9. Device Restart

2.3.10. >>>Overview and prerequisites

Description: This API lets you reboot devices that are managed by your Integrated Cyber Defense Manager (ICDm).

2.3.11. >>>API command details

URL: /v1/commands/restart

Request Method: POST

Request Header:

Content-Type:application/json
Authorization:{{ext_api_oauth_token}}

Request Body:

{
    "device_ids": [
        "w_PhhaRwRXe2ox-4jySc3A"
    ],
    "payload": {
        "prompt_type": "prompt",
        "schedule_type": "later",
        "reason_type": "remediation",
        "message": "This is a restart test"
    }
}

2.3.12. >>>Parameters and Response Codes

Field

Description

Component

Content-Type

Use value application/json.

Header

Authorization

Bearer <security token received from the /login API>.

Header

Code

Description

200

Successful operation.

400

Invalid operation.

The body of the response contains information about the error.

401

Authentication required. Make sure that you use a correct account ID and security token.

500

Server error.

Please try again later, and if the problem persists, contact Symantec Support.

2.3.13. >>>Examples

Success Response Body:

{
  "status" : 200,
  "status_text" : "200 OK",
  "results" : {
    "data" : [ {
      "command_state_ref" : "lLFOduA0Q2ORJAOBgj0FZA",
      "device_id" : "w_PhhaRwRXe2ox-4jySc3A"
    } ]
  }
}

Error Response Body

{
  "status": 401,
  "status_text": "Unauthorized",
  "results": {
    "data": []
  }
}

2.3.14. Device Scans

Scan (quick)

2.3.15. >>>Overview and prerequisites

Description: This API lets you initiate a quick scan on devices managed by your Integrated Cyber Defense Manager.

2.3.16. >>>API command details

URL:/v1/commands/scans/quick

Request Method: POST

Request Header:

Content-Type:application/json
Authorization:{{ext_api_oauth_token}}

Request Body:

{
    "device_ids": [
        "w_PhhaRwRXe2ox-4jySc3A"
    ],
    "org_unit_ids": [
        "jC9gVcA-QI2JxN6UbDllEw"
    ],
    "is_recursive": false
}

2.3.17. >>>Parameters and Response Codes

Field

Description

Component

Content-Type

Use value application/json.

Header

Authorization

Bearer <security token received from the /login API>.

Header

Code

Description

200

Successful operation.

400

Invalid operation.

The body of the response contains information about the error.

401

Authentication is required. Make sure that you use a correct account ID and valid security token.

500

Server error.

Please try again later, and if the problem persists, contact Symantec Support.

2.3.18. >>>Example

Success Response Body:

{
  "status" : 200,
  "status_text" : "200 OK",
  "results" : {
    "data" : [ {
      "command_state_ref" : "-CCS-CMD-BWqAsGY0S7GkTOZxvhD3QA",
      "device_id" : "w_PhhaRwRXe2ox-4jySc3A"
    }, {
      "command_state_ref" : "-CCS-CMD-xZbjjYgLRqCqV9lUeZL7Kw",
      "device_id" : "Ffx_Ri9iTBa98cUhitD_6w"
    } ]
  }
}
Scan (full)

2.3.19. >>>Overview and prerequisites

Description: This API lets you initiate a full scan on devices managed by your Integrated Cyber Defense Manager.

2.3.20. >>>API command details

URL:/v1/commands/scans/full

Request Method: POST

Request Header:

Content-Type:application/json
Authorization:{{ext_api_oauth_token}}

Request Body:

{
    "device_ids": [
        "w_PhhaRwRXe2ox-4jySc3A"
    ],
    "org_unit_ids": [
        "jC9gVcA-QI2JxN6UbDllEw"
    ],
    "is_recursive": false
}

2.3.21. >>>Parameters and Response Codes

Field

Description

Component

Content-Type

Use value application/json.

Header

Authorization

Bearer <security token received from the /login API>.

Header

Code

Description

200

Successful operation.

400

Invalid operation.

The body of the response contains information about the error.

401

Authentication is required. Make sure that you use a correct account ID and valid security token.

500

Server error.

Please try again later, and if the problem persists, contact Symantec Support.

2.3.22. >>>Example

Success Response Body:

{
  "status" : 200,
  "status_text" : "200 OK",
  "results" : {
    "data" : [ {
      "command_state_ref" : "-CCS-CMD-BWqAsGY0S7GkTOZxvhD3QA",
      "device_id" : "w_PhhaRwRXe2ox-4jySc3A"
    }, {
      "command_state_ref" : "-CCS-CMD-xZbjjYgLRqCqV9lUeZL7Kw",
      "device_id" : "Ffx_Ri9iTBa98cUhitD_6w"
    } ]
  }
}
Scan (custom)

2.3.23. >>>Overview and prerequisites

Description: This API lets you initiate a custom scan on devices managed by your Integrated Cyber Defense Manager.

2.3.24. >>>API command details

URL:/v1/commands/scans/custom

Request Method: POST

Request Header:

Content-Type:application/json
Authorization:{{ext_api_oauth_token}}

Request Body:

{
    "device_ids": [
        "w_PhhaRwRXe2ox-4jySc3A"
    ],
    "org_unit_ids": [
        "jC9gVcA-QI2JxN6UbDllEw"
    ],
    "is_recursive": false
}

2.3.25. >>>Parameters and Response Codes

Field

Description

Component

Content-Type

Use value application/json.

Header

Authorization

Bearer <security token received from the /login API>.

Header

Code

Description

200

Successful operation.

400

Invalid operation.

The body of the response contains information about the error.

401

Authentication is required. Make sure that you use a correct account ID and valid security token.

500

Server error.

Please try again later, and if the problem persists, contact Symantec Support.

2.3.26. >>>Example

Success Response Body:

{
  "status" : 200,
  "status_text" : "200 OK",
  "results" : {
    "data" : [ {
      "command_state_ref" : "-CCS-CMD-BWqAsGY0S7GkTOZxvhD3QA",
      "device_id" : "w_PhhaRwRXe2ox-4jySc3A"
    }, {
      "command_state_ref" : "-CCS-CMD-xZbjjYgLRqCqV9lUeZL7Kw",
      "device_id" : "Ffx_Ri9iTBa98cUhitD_6w"
    } ]
  }
}

2.3.27. Device Content Update

2.3.28. >>>Overview and prerequisites

Description: This API lets you update security definitions and content of devices managed by your Integrated Cyber Defense Manager.

2.3.29. >>>API command details

URL:/v1/commands/update_content

Request Method: POST

Request Header:

Content-Type:application/json
Authorization:{{ext_api_oauth_token}}

Request Body:

{
    "device_ids": [
        "w_PhhaRwRXe2ox-4jySc3A"
    ],
    "org_unit_ids": [
        "jC9gVcA-QI2JxN6UbDllEw"
    ],
    "is_recursive": false
}

2.3.30. >>>Parameters and Response Codes

Field

Description

Component

Content-Type

Use value application/json.

Header

Authorization

Bearer <security token received from the /login API>.

Header

Code

Description

200

Successful operation.

400

Invalid operation.

The body of the response contains information about the error.

401

Authentication is required. Make sure that you use a correct account ID and valid security token.

500

Server error.

Please try again later, and if the problem persists, contact Symantec Support.

2.3.31. >>>Examples

Success Response Body:

{
  "status" : 200,
  "status_text" : "200 OK",
  "results" : {
    "data" : [ {
      "command_state_ref" : "BwCmtndcS8KFBma_vKQH2w",
      "device_id" : "w_PhhaRwRXe2ox-4jySc3A"
    }, {
      "command_state_ref" : "TY_eZJpORr6MVcJRVj11Ug",
      "device_id" : "Ffx_Ri9iTBa98cUhitD_6w"
    } ]
  }
}

Error Response Body (when an invalid device_id or group_id are passed).

{
  "status" : 400,
  "status_text" : "Found zero agents to receive command",
  "results" : {
    "data" : [ ]
  }
}

2.4. Events

2.4.2. >>>Overview

Description: This API lets you retrieve up to ten thousand events. To retrieve more events, reduce your search criteria.

2.4.3. >>>API command details

URL: /v1/event-search

Request Method: POST

Request Header:

Content-type: application/json
Accept: application/json
Authorization: Bearer <access_token>

Request Body:

{
    "feature_name": "ALL",
    "start_date": "2019-06-12T00:00:00.000+05:30",
    "end_date": "2019-07-12T00:00:00.000+05:30",
    "product": "SAEP"
}

2.4.4. >>>Parameters and Response Codes

Field

Description

Component

feature_name

Filters events based on a product feature.

[NOTE] ==== You can add a comma separated list of feature_name values (i.e. Agent Framework, Deception, Firewall) to define a unique set of events to search. ====

* All

* Agent Framework

* App Control

* App Control Lite

* App Control Whitelist

* App Isolation

* Behavioral Analysis

* Compliance

* Data Protection

* Deception

* Detection Monitoring

* Detection Response

* Device Control

* Exploit Protection

* Firewall

* Location Management

* Malware Protection

* Network Integrity

* Network IPS

* Policy Manager

* Roaming Client

* Tamper Protection

* Telemetry

* TDAD Protect

* VR Assessment

* VR Remediation

* Web Security

Header

product

The value is SAEP.

This represents Symantec Endpoint Security events.

[NOTE] ==== SAEP is the only available product value. ====

Header

start_date

This value identifies the beginning date to filter events.

Header

end_date

This value identifies the ending date to filter events.

Header

next

This value represents the starting index of the record in a given set.

This is used for pagination.

Header

limit

This value identifies batch size.

This is also used for pagination.

Header

Field

Description

Component

events

This is the list of event objects.

Body

total

This represents the total number of events.

Body

next

This is the index of the first record in the next batch.

Body

Code

Description

200

Successful operation.

400

Invalid operation.

The body of the response contains information about the error.

401

Authentication required. Make sure that you use a correct account ID and security token.

403

Access to the requested URL is forbidden.

500

Server error.

Please try again later, and if the problem persists, contact Symantec Support.

2.4.5. >>>Example

Request Event Data Example (curl):

curl -X POST \
https://api.sep.securitycloud.symantec.com/v1/event-search \
-H 'Authorization: Bearer eyJraWQiOiI3b2UxNHBKZVRZU0dqcmJULWVTM01q_ukQWY0GlhINH9A8-0VV-caeDsxBGZuXgqZUkmfy2h8Wy1GB5fsR01xvvjecDKQlrJVeIhp4fLT41ZspggPw' \
-H 'Content-Type: application/json' \
-H 'Host: api.sep.securitycloud.symantec.com' \
-d '{
"feature_name": "ALL",
"start_date": "2019-09-01T00:00:00.000+05:30",
"end_date": "2019-09-23T00:00:00.000+05:30",
"product": "SAEP",
"limit":10
}
'
'

Success Response Body:

{
 "events":
  [
     {
       "customer_uid": "TEST-Gso92keIRcuGEl-_pVWoOQ",
       "timezone": 0
       "user_name": "System",
       "es.mapping.id": "uuid",
       "feature_uid": "A81DD59E-B41C-8823-2BE7-FD062B482174",
       "seq_num": 1,
       "uuid": "21:11c53030-b1ea-11e9-e939-000001401968",
       "subfeature_name": "common policy",
       "category_id": 4,
       "indexHash": 3,
       "id": 1,
       "product_uid": "31B0C880-0229-49E8-94C5-48D56B1BD7B9",
       "device_time": 1564395449011,
       "feature_name": "Policy Manager",
       "log_name": "event_service_3_2019-07-29",
       "type_id": 21,
       "count": 1,
       "message": "Created policy Default Adobe Acrobat Policy, from version 96 of Symantec Adobe Acrobat Policy",
       "version": "1.0.0",
       "log_time": "2019-07-29T10:17:31.112Z",
       "epmp_session_id": "botdev16c3d3b8950",
       "domain_uid": "TEST-HOeC-Gt3TTmvnpeZcee04Q",
       "indexDate": "2019-07-29",
       "severity_id": 1,
       "time": "2019-07-29T10:17:29.011Z",
       "entity": {
       "uid": "9be95622-b987-4504-9692-426c6962304a",
       "name": "Default Adobe Acrobat Policy",
       "type": "policy",
       "version": 1
       },
       "user_uid": "System"
     },
     {
       "customer_uid": "TEST-Gso92keIRcuGEl-_pVWoOQ",
       "timezone": 0,
       "user_name": "System",
       "es.mapping.id": "uuid",
       "feature_uid": "A81DD59E-B41C-8823-2BE7-FD062B482174",
       "seq_num": 1,
       "uuid": "21:11d0f000-b1ea-11e9-eeb4-00000140196e",
       "subfeature_name": "common policy",
       "category_id": 4,
       "indexHash": 3,
       "id": 1,
       "product_uid": "31B0C880-0229-49E8-94C5-48D56B1BD7B9",
       "device_time": 1564395449088,
       "feature_name": "Policy Manager",
       "log_name": "event_service_3_2019-07-29",
       "type_id": 21,
       "count": 1,
       "message": "Created policy Default Adobe Acrobat Policy Monitoring Mode, from version 96 of Symantec Adobe Acrobat Policy",
       "version": "1.0.0",
       "log_time": "2019-07-29T10:17:31.123Z",
       "epmp_session_id": "botdev16c3d3b8950",
       "domain_uid": "TEST-HOeC-Gt3TTmvnpeZcee04Q",
       "indexDate": "2019-07-29",
       "severity_id": 1,
       "time": "2019-07-29T10:17:29.088Z",
       "entity": {
       "uid": "95d946f3-1d1e-4483-8439-b99bc2bd1240",
       "name": "Default Adobe Acrobat Policy Monitoring Mode",
       "type": "policy",
       "version": 1
       },
       "user_uid": "System"
      }
  ],

 "next": 100,
 "total": 752905
}

Error Response Body

{
   "message": "some_error_message_that_will_help_caller"
}

2.4.6. Event Export (deprecated)

Note

As of 30th June , 2020, this Event Export command is deprecated. For more information,

2.4.7. >>>Overview

Description: This API lets you query the events that are generated by devices in your environment.

You need your *Customer ID*and Domain ID when requesting event data using the Events API.

To obtain your Customer ID and Domain ID:. Login to your Integrated Cyber Defense Manager console.

  1. Access Integration > Client Applications.

2.4.8. >>>API command details

URL: /sccs/v1/events/export

Request Method: POST

Request Header:

content-type: application/json
Authorization: <NEW_ACCESS_TOKEN>
x-epmp-customer-id: <customer-id>
x-epmp-domain-id: <domain-id>
x-epmp-product:SAEP

Request Body:

{
"batchSize": "10000",
"type":"APP ISOLATION",
"startDate": "2018-05-22T00:01:01.67Z",
"endDate": "2018-05-24T09:48:50.707Z"
}

2.4.9. >>>Parameters and Response Codes

Field

Description

Component

Customer ID

This value is a unique identifier of the customer. The field name is*x-epmp-customer-id.* .

Header

Domain ID

This value identifies the relevant domain for a customer. The field name is x-epmp-domain-id.

Header

Product

This value identifies the relevant product.

The field name is x-epmp-product.

Header

batchSize

This value identifies the batch size in which events are be fetched. The field name is*batchSize*.

Body

type

This value identifies the event type. The field name is type.

* App Isolation

* Exploit Protection

* Firewall

* Malware Protection

* Network IPS

* Behavioral Analysis

* App Control

* Deception

Body

startDate

This value identifies the start date of the event. The field name is startDate.

Body

endDate

This value identifies the end date of the event. The field name is endDate

Body

Note

You continually invoke the Events API command until an empty set is returned. You use the same parameters. To increase the amount of data returned from a single command, change the value of the batchSize parameter.

Code

Description

200

Successful operation.

400

Invalid operation.

The body of the response contains information about the error.

401

Authentication required. Make sure that you use a correct account ID and security token.

500

Server error.

Please try again later, and if the problem persists, contact Symantec Support.

2.4.10. >>>Examples

Request Event Data Example (curl):

curl -X POST \
  https://usea1.r3.securitycloud.symantec.com/r3_epmp_i/sccs/v1/events/export \
  -H 'Accept: application/json' \
  -H 'Authorization: Bearer eyJraWQiOiI3b2UxNHBKZVRZU0dqcmJULWVTM01BIiwidHlwIjoiSldUI
iwiYWxnIjoiUlMyNTYifQ.eyJzdWIiOiJ7XCJkb21haW5faWRcIjpcIklUdHZmOTl2VGplcEVjUFpLT0cxdUFcIix
cIm93bmVyX3VyaVwiOlwiXC92MVwvbWRyXC91c2Vyc1wvT0dpU2hhZ21RbnVhdWFNTGUxNk9YUVwiLFwic2NvcGVc
IjpcImRvbWFpbiBvYXV0aFwiLFwicHJpdnNcIjpcInZpZXdfZXZlbnRzXCIsXCJjdXN0b21lcl9pZFwiOlwiTjVOd
28tLXdSaktBR2dSZGVtTVZwQVwiLFwidXJpXCI6XCJcL29hdXRoMlwvY2xpZW50c1wvTzJJRC5ONU53by0td1JqS0F
HZ1JkZW1NVnBBLklUdHZmOTl2VGplcEVjUFpLT0cxdUEuODlxOTdoM2g4cnY5Ym5iN3BiamRsdXRvcTZcIixcImNsa
WVudF9pZFwiOlwiTzJJRC5ONU53by0td1JqS0FHZ1JkZW1NVnBBLklUdHZmOTl2VGplcEVjUFpLT0cxdUEuODlxOTd
oM2g4cnY5Ym5iN3BiamRsdXRvcTZcIn0iLCJ2ZXIiOjEsImlzcyI6ImlkZW50aXR5LmNjLXByb2QtMS11cy1lYXN0L
TEuQ1VTX1BBUlQxIiwidHR5IjoiYWNjZXNzIiwiZXhwIjoxNTU3ODU2MDg4LCJpYXQiOjE1NTc4NTI0ODgsImp0aSI
6IjE3N2d2U0E4VER1XzFyeVpfSWhsU1EifQ.ENPwkd8W8TWfNhFQQbFgBW8TmcwC4_RsPJ6uiW26quq5PV1tCR6JUR
sBa7Hk3ZPAQeyBmGn08VPkAoGnULwIp54uou9vZ2QwvCIvUl-JIi-0xVJplJQZPY2AiBiEPuVPGjddRug8p7ffHYsh
F6V-V546-rgmlQQLsgi1qJoritYLD8cevhjZfG60VOkgeIXMROTttrYzLelKA8FYF_N3-U7nYYo-Q7pMNYCyyplC4c
kjDpwNHNYfi2H4JYhsRieBS1tJG1lbHUf9OhVBd46_a3VNB1kwQ-bg7AnQqm6VY3brX97DEXJ1mMaPRQhjLHpmTWcM
eOgRN2VBLh0S0jVbPQ' \
  -H 'Content-Type: application/json' \
  -H 'x-epmp-customer-id: N5Nwo--wRjKAGgRdemMVpA' \    //Optional
  -H 'x-epmp-domain-id: ITtvf99vTjepEcPZKOG1uA' \      //Optional
  -H 'x-epmp-product: SAEP' \
  -d '{"startDate": "2019-05-01T00:00:01.67Z","endDate": "2019-05-13T09:48:50.707Z",
"batchSize": "500","type":"MALWARE PROTECTION"}'

Response Event Data Example

[{
 "device_os_type_id": 100,
 "dc_log_time": "2018-05-24T09:18:40.520Z",
 "customer_uid": "TEST-Ltasz8IARTal2HZSeCqHWQ",
 "timezone": 330,
 "is_user_present": false,
 "status_os": -1,
 "device_type": "Desktop",
 "feature_uid": "96C1FB7A-0898-4210-A6E7-66F9DD2BE770",
 "type": "PPRC",
 "seq_num": 248,
 "requested_permissions": [
 1,
 2,
 3,
 4,
 5,
 6,
 7,
 8,
 9,
 10,
 11,
 12,
 13
 ],
 "uuid": "8027:7295f080-5f33-11e8-ee8b-00000008a1c2",
 "ref_uid": null,
 "product_ver": "",
 "open_mode": true,
 "device_name": "WINDOWS7CLIENT2",
 "category_id": 1,
 "feature_ver": "",
 "activity_id": 0,
 "id": 1,
 "product_uid": "31B0C880-0229-49E8-94C5-48D56B1BD7B9",
 "device_time": 1527153880465,
 "policy": {
 "uid": "69d0911e-1b92-4ae0-876e-9db5b07b20fd",
 "rule_name": "PAPPDATARULO:m3:r0",
 "type_id": 2,
 "name": "Default Google Chrome Policy",
 "state_ids": [
 17,
 25,
 5
 ],
 "rule_uid": "e.",
 "version": "1"
 },
 "process": {
 "file": {
 "path": "C:\\\\PROGRAM FILES (X86)\\\\GOOGLE\\\\UPDATE\\\\1.3.33.17\\\\
		GOOGLEUPDATEBROKER.EXE",
 "sha2": "ac09be376a7a765e9c4d87f88ca52f98d4c3f052bc737ba327727362e0135296",
 "signature_value": 8487943,
 "name": "GOOGLEUPDATEBROKER.EXE",
 "signature_company_name": "Google Inc"
 },
 "pid": "3392",
 "sandbox_name": "chrome_ps"
 },
 "feature_name": "APP_ISOLATION",
 "status_os_src": 1,
 "log_name": "epmp_events-2018-05-24/8027",
 "type_id": 8027,
 "csp_sys_state": "QYR",
 "device_group": "My Company",
 "count": 1,
 "message": "Process Modification Denied for 'SVCHOST.EXE' on ('GOOGLEUPDATEBROKER.EXE')",
 "version": "1.0",
 "product_name": "SAEP",
 "log_time": "2018-05-24T09:18:40.520Z",
 "target": {
 "path": "C:\\\\PROGRAM FILES (X86)\\\\GOOGLE\\\\UPDATE\\\\1.3.33.17\\\\
		GOOGLEUPDATEBROKER.EXE",
 "name": "GOOGLEUPDATEBROKER.EXE"
 },
 "device_ip": "172.16.10.159",
 "actor": {
 "app_uid": "e5d83973550530a03b184a466c6f62be8ef44f6709f944ec4b97e3e3cf110e40",
 "app_name": "Google Chrome",
 "file": {
 "path": "C:\\\\WINDOWS\\\\SYSTEM32\\\\SVCHOST.EXE",
 "sha2": "93b2ed4004ed5f7f3039dd7ecbd22c7e4e24b6373b4d9ef8d6e45a179b13a5e8",
 "signature_value": 234551,
 "name": "SVCHOST.EXE",
 "product_name": "Google Chrome"
 },
 "session": {
 "id": 0
 },
 "module": {
 "path": "C:\\\\WINDOWS\\\\SYSTEM32\\\\RPCSS.DLL",
 "name": "RPCSS.DLL",
 "signature_types": 234551
 },
 "pid": 880,
 "sandbox_name": "win_os_ps",
 "tid": 4416
 },
 "device_uid": "75BaH4ncRH2-TceZuqYv5Q",
 "org_unit_uid": "3smwMNUGRt6RbrZ9hXnoaw",
 "actual_permissions": [
 5,
 11,
 13
 ],
 "domain_uid": "TEST-9d7RHs1_SS-mpaDuNw6VeQ",
 "severity_id": 4,
 "time": "2018-05-24T09:18:40.520Z"
}]

2.4.11. Event Export

2.4.12. >>>Overview

Description: This API lets you query and stream the events that are generated by devices in your environment.

Note

You can add a comma separated list of feature_name values (i.e. Agent Framework, Deception, Firewall) to define a unique set of events to search. You can use ALL to stream events from all features.

You need your *Customer ID*and Domain ID when requesting event data using the Events API.

To obtain your Customer ID and Domain ID:. Login to your Integrated Cyber Defense Manager console.

  1. Access Integration > Client Applications.

2.4.13. >>>API command details

URL: /v1/event-export

Request Method: POST

Request Header:

content-type: application/json
Authorization: <NEW_ACCESS_TOKEN>
x-epmp-customer-id: <customer-id>
x-epmp-domain-id: <domain-id>
x-epmp-product:SAEP

Request Body:

{
  "feature_name" : "COMPLIANCE, MALWARE PROTECTION",
  "product" : "SAEP",
  "limit" : 1000,
  "next": [1580774400646,17] .
 }

2.4.14. >>>Parameters and Response Codes

Field

Description

Component

feature_name

This supports a comma separated list of values t

The values list is the same as documented for the Event Search API

Header

product

SAEP is the only available product value.

Header

limit

Optional: The number of records fetched in a given request .

[NOTE] ==== The maximum number of records supported per request is 1000. ====

Header

next

Optional

When this field is not present, it returns the first page of the default search time range, last 6hrs. • Array of integers • Client needs to pass "next" value from last response

Body

Note

You continually invoke the Events API command until an empty set is returned. You use the same parameters. To increase the amount of data returned from a single command, change the value of the batchSize parameter.

Code

Description

200

Successful operation.

400

Invalid operation.

The body of the response contains information about the error.

401

Authentication required. Make sure that you use a correct account ID and security token.

500

Server error.

Please try again later, and if the problem persists, contact Symantec Support.

2.4.15. >>>Examples

Request Event Data Example (curl):

curl -X POST \
  https://usea1.r3.securitycloud.symantec.com/r3_epmp_i/sccs/v1/events/export \
  -H 'Accept: application/json' \
  -H 'Authorization: Bearer eyJraWQiOiI3b2UxNHBKZVRZU0dqcmJULWVTM01BIiwidHlwIjoiSldUI
iwiYWxnIjoiUlMyNTYifQ.eyJzdWIiOiJ7XCJkb21haW5faWRcIjpcIklUdHZmOTl2VGplcEVjUFpLT0cxdUFcIix
cIm93bmVyX3VyaVwiOlwiXC92MVwvbWRyXC91c2Vyc1wvT0dpU2hhZ21RbnVhdWFNTGUxNk9YUVwiLFwic2NvcGVc
IjpcImRvbWFpbiBvYXV0aFwiLFwicHJpdnNcIjpcInZpZXdfZXZlbnRzXCIsXCJjdXN0b21lcl9pZFwiOlwiTjVOd
28tLXdSaktBR2dSZGVtTVZwQVwiLFwidXJpXCI6XCJcL29hdXRoMlwvY2xpZW50c1wvTzJJRC5ONU53by0td1JqS0F
HZ1JkZW1NVnBBLklUdHZmOTl2VGplcEVjUFpLT0cxdUEuODlxOTdoM2g4cnY5Ym5iN3BiamRsdXRvcTZcIixcImNsa
WVudF9pZFwiOlwiTzJJRC5ONU53by0td1JqS0FHZ1JkZW1NVnBBLklUdHZmOTl2VGplcEVjUFpLT0cxdUEuODlxOTd
oM2g4cnY5Ym5iN3BiamRsdXRvcTZcIn0iLCJ2ZXIiOjEsImlzcyI6ImlkZW50aXR5LmNjLXByb2QtMS11cy1lYXN0L
TEuQ1VTX1BBUlQxIiwidHR5IjoiYWNjZXNzIiwiZXhwIjoxNTU3ODU2MDg4LCJpYXQiOjE1NTc4NTI0ODgsImp0aSI
6IjE3N2d2U0E4VER1XzFyeVpfSWhsU1EifQ.ENPwkd8W8TWfNhFQQbFgBW8TmcwC4_RsPJ6uiW26quq5PV1tCR6JUR
sBa7Hk3ZPAQeyBmGn08VPkAoGnULwIp54uou9vZ2QwvCIvUl-JIi-0xVJplJQZPY2AiBiEPuVPGjddRug8p7ffHYsh
F6V-V546-rgmlQQLsgi1qJoritYLD8cevhjZfG60VOkgeIXMROTttrYzLelKA8FYF_N3-U7nYYo-Q7pMNYCyyplC4c
kjDpwNHNYfi2H4JYhsRieBS1tJG1lbHUf9OhVBd46_a3VNB1kwQ-bg7AnQqm6VY3brX97DEXJ1mMaPRQhjLHpmTWcM
eOgRN2VBLh0S0jVbPQ' \
  -H 'Content-Type: application/json' \
  -H 'x-epmp-customer-id: N5Nwo--wRjKAGgRdemMVpA' \    //Optional
  -H 'x-epmp-domain-id: ITtvf99vTjepEcPZKOG1uA' \      //Optional
  -H 'x-epmp-product: SAEP' \
  -d '{"startDate": "2019-05-01T00:00:01.67Z","endDate": "2019-05-13T09:48:50.707Z",
"batchSize": "500","type":"MALWARE PROTECTION"}'

Response Event Data Example

[{
 "device_os_type_id": 100,
 "dc_log_time": "2018-05-24T09:18:40.520Z",
 "customer_uid": "TEST-Ltasz8IARTal2HZSeCqHWQ",
 "timezone": 330,
 "is_user_present": false,
 "status_os": -1,
 "device_type": "Desktop",
 "feature_uid": "96C1FB7A-0898-4210-A6E7-66F9DD2BE770",
 "type": "PPRC",
 "seq_num": 248,
 "requested_permissions": [
 1,
 2,
 3,
 4,
 5,
 6,
 7,
 8,
 9,
 10,
 11,
 12,
 13
 ],
 "uuid": "8027:7295f080-5f33-11e8-ee8b-00000008a1c2",
 "ref_uid": null,
 "product_ver": "",
 "open_mode": true,
 "device_name": "WINDOWS7CLIENT2",
 "category_id": 1,
 "feature_ver": "",
 "activity_id": 0,
 "id": 1,
 "product_uid": "31B0C880-0229-49E8-94C5-48D56B1BD7B9",
 "device_time": 1527153880465,
 "policy": {
 "uid": "69d0911e-1b92-4ae0-876e-9db5b07b20fd",
 "rule_name": "PAPPDATARULO:m3:r0",
 "type_id": 2,
 "name": "Default Google Chrome Policy",
 "state_ids": [
 17,
 25,
 5
 ],
 "rule_uid": "e.",
 "version": "1"
 },
 "process": {
 "file": {
 "path": "C:\\\\PROGRAM FILES (X86)\\\\GOOGLE\\\\UPDATE\\\\1.3.33.17\\\\
		GOOGLEUPDATEBROKER.EXE",
 "sha2": "ac09be376a7a765e9c4d87f88ca52f98d4c3f052bc737ba327727362e0135296",
 "signature_value": 8487943,
 "name": "GOOGLEUPDATEBROKER.EXE",
 "signature_company_name": "Google Inc"
 },
 "pid": "3392",
 "sandbox_name": "chrome_ps"
 },
 "feature_name": "APP_ISOLATION",
 "status_os_src": 1,
 "log_name": "epmp_events-2018-05-24/8027",
 "type_id": 8027,
 "csp_sys_state": "QYR",
 "device_group": "My Company",
 "count": 1,
 "message": "Process Modification Denied for 'SVCHOST.EXE' on ('GOOGLEUPDATEBROKER.EXE')",
 "version": "1.0",
 "product_name": "SAEP",
 "log_time": "2018-05-24T09:18:40.520Z",
 "target": {
 "path": "C:\\\\PROGRAM FILES (X86)\\\\GOOGLE\\\\UPDATE\\\\1.3.33.17\\\\
		GOOGLEUPDATEBROKER.EXE",
 "name": "GOOGLEUPDATEBROKER.EXE"
 },
 "device_ip": "172.16.10.159",
 "actor": {
 "app_uid": "e5d83973550530a03b184a466c6f62be8ef44f6709f944ec4b97e3e3cf110e40",
 "app_name": "Google Chrome",
 "file": {
 "path": "C:\\\\WINDOWS\\\\SYSTEM32\\\\SVCHOST.EXE",
 "sha2": "93b2ed4004ed5f7f3039dd7ecbd22c7e4e24b6373b4d9ef8d6e45a179b13a5e8",
 "signature_value": 234551,
 "name": "SVCHOST.EXE",
 "product_name": "Google Chrome"
 },
 "session": {
 "id": 0
 },
 "module": {
 "path": "C:\\\\WINDOWS\\\\SYSTEM32\\\\RPCSS.DLL",
 "name": "RPCSS.DLL",
 "signature_types": 234551
 },
 "pid": 880,
 "sandbox_name": "win_os_ps",
 "tid": 4416
 },
 "device_uid": "75BaH4ncRH2-TceZuqYv5Q",
 "org_unit_uid": "3smwMNUGRt6RbrZ9hXnoaw",
 "actual_permissions": [
 5,
 11,
 13
 ],
 "domain_uid": "TEST-9d7RHs1_SS-mpaDuNw6VeQ",
 "severity_id": 4,
 "time": "2018-05-24T09:18:40.520Z"
}]

2.5. Deprecated components

2.5.1. Deprecated components and sample usage

Component

Description

URI

The base Uniform Resource Identifier (URI) is the following:

  • Host:https://usea1.r3.securitycloud.symantec.com

  • Base path: /r3_epmp_i/

All APIs exposed by Integrated Cyber Defense Manager carry authentication tokens and other privileged data. To ensure the confidentiality of the data, the REST APIs are only available over a secure connection.

Method

The method that you use to make the call to the API. Which method you use depends on the API and what you want to accomplish with the API. Methods include GET, PUT, POST, and DELETE.

Headers

Integrated Cyber Defense Manager REST API’s require the following HTTP headers:

  • Authorization: Bearer UserToken

  • UserToken represents the token response that the authenticated API returns. The authenticate API itself does not require this header.

  • Content-Type: application/json

Request parameters

The request parameters that are appropriate for the API that you want to use.