Remediation

Use this set of APIs to manage remediation actions.

Perform Remedial Action

Perform a remedial action on a given path under a Target.

Request

POST

https://er-master:8339/v1/targets/<target_id>/locations/<location_id>/remediation/<action>

Authorization

Basic Authentication

Path Parameters

Parameter	Data Type	Description
target_id	string	Specify the Target ID for the match object. target_id is the targets->id response item from the /v1/groups/all endpoint.
location_id	string	Specify the location ID for the match object. location_id is the targets->locations->id response item from the /v1/groups/all endpoint.
action	string enum: mask quarantine delete encrypt confirmed remediated_manually test_data false_match undo	Specify remediation action to perform.

Parameter

Data Type

Description

target_id

string

Specify the Target ID for the match object. target_id is the targets->id response item from the /v1/groups/all endpoint.

location_id

string

Specify the location ID for the match object. location_id is the targets->locations->id response item from the /v1/groups/all endpoint.

action

string

enum: mask quarantine delete encrypt confirmed remediated_manually test_data false_match undo

Specify remediation action to perform.

Request Schema

Parameter	Data Type	Description
path	string	Path to the match object. If a ZIP archive contains files with matches, set this path value to the ZIP archive path.
sign_off	string	User signing off on the remediation action.
reason	string	Reason for performing the remediation action.
object_ids	string <array>	Array of object IDs to be remediated. Object IDs for all files within an archive have to be provided when action is delete, encrypt or quarantine. object_id is the id or subpath->id response item from the /v1/targets/<target_id>/matchobjects endpoint.
data_types	string <array>	Data types to be remediated. If this field is not defined, all matched data types in the match objects will be remediated. Refer to the name response item from the /v1/datatypes/builtins endpoint.
password	string	Encryption password. Only required if action=encrypt.
location	string	Quarantine location. Only required if action=quarantine.

Request Samples

Remediate a specific path and object using the encryption method.

HTTP

POST /v1/targets/4759598330602895744/locations/9832457584012239212/remediation/encrypt
Content-Type: application/json
{
  "path": "/usr/share/my_data_files.zip",
  "sign_off": "admin",
  "reason": "Matches to be encrypted.",
  "object_ids": [
    "7710",
    "7709",
    "7708",
    "7707"
  ],
  "data_types": [
    "Mastercard",
    "Visa"
  ],
  "password": "my-password"
}

cURL

curl --request POST 'https://er-master:8339/v1/targets/4759598330602895744/locations/9832457584012239212/remediation/encrypt' \
--user apiuser:password123 \
--header "Content-Type: application/json" \
--data-raw '{
  "path": "/usr/share/my_data_files.zip",
  "sign_off": "admin",
  "reason": "Matches to be encrypted.",
  "object_ids": [
    "7710",
    "7709",
    "7708",
    "7707"
  ],
  "data_types": [
    "Mastercard",
    "Visa"
  ],
  "password": "my-password"
}'

Remediate a specific path and object using the quarantine method.

HTTP

POST /v1/targets/4759598330602895744/locations/9832457584012239212/remediation/quarantine
Content-Type: application/json
{
  "path": "/usr/share/my_data_files.zip",
  "sign_off": "admin",
  "reason": "Matches to be quarantined.",
  "object_ids": [
    "7710",
    "7709",
    "7708",
    "7707"
  ],
  "data_types": [
    "Mastercard",
    "Visa"
  ],
  "location": "quarantine-path"
}

cURL

curl --request POST 'https://er-master:8339/v1/targets/4759598330602895744/locations/9832457584012239212/remediation/quarantine' \
--user apiuser:password123 \
--header "Content-Type: application/json" \
--data-raw '{
  "path": "/usr/share/my_data_files.zip",
  "sign_off": "admin",
  "reason": "Matches to be quarantined.",
  "object_ids": [
    "7710",
    "7709",
    "7708",
    "7707"
  ],
  "data_types": [
    "Mastercard",
    "Visa"
  ],
  "location": "quarantine-path"
}'

Response Schema

202 Accepted

Parameter	Data Type	Description
path	string	Path of the match object that was remediated.
job_id	string	Remediation job ID. This is assigned automatically when a remediation action is performed.

Response Samples

202 Accepted

HTTP/1.1 202 Accepted
Content-Type: application/json
Content-Length: xxx
[
  {
    "path": "\\/usr\\/share\\/my_data_files.zip",
    "job_id": "1528958297"
  }
]

422 Unprocessable Entity

Returned if not all match locations are remediated successfully.

HTTP/1.1 422 Unprocessable Entity
Content-Type: application/json
Content-Length: xxx
[
  "message":{
    "path": "\\/usr\\/share\\/my_data_files.zip",
    "message": "The master server does not have complete location information to mask all matches of match objects. Please use other remediation method",
    "object_ids": [
      "7708",
      "7707"
    ]
  }
]

405 Method Not Allowed

Returned if attempting to perform remedial actions when the Enterprise Recon system license has expired, or the license limit has been exceeded.

HTTP/1.1 405 Method Not Allowed
Content-Type: application/json
Content-Length: xxx
{
  "message": "The HTTP method is not allowed."
}

Stop a Remedial Action

This API has been removed and is no longer available as of Enterprise Recon 2.5.0.

Stop a specific remediation action by remediation job ID.

Request

DELETE

https://er-master:8339/v1/targets/<target_id>/remediation/<job_id>