Enterprise Recon v1 API
System
Get Master Server System Information
Get system information for the Master Server host machine.
Request
GET
https://er-master:8339/v1/server
Authorization
Query Parameters
| Parameter | Data Type | Description |
|---|---|---|
| start_time |
number |
User can specify a start time (in Unix time format) for fetching the System load information. Use with end_time parameter to specify a date range to retrieve System load information. |
| end_time |
number |
User can specify a end time (in Unix time format) for fetching the System load information. Use with start_time parameter to specify a date range to retrieve System load information. |
Header Parameters
| Parameter | Data Type | Description |
|---|---|---|
| Accept-Encoding |
string enum: gzip deflate |
Specify the compression algorithm to use on the response object.
Compressed content will not be returned for endpoints that return reports as files (e.g. PDF, CSV etc), endpoints that return binary files (e.g. Node Agent installers) or unsuccessful API calls. |
Request Samples
HTTP
GET /v1/server
Accept: application/json
cURL
curl --request GET 'https://er-master:8339/v1/server' \
--user apiuser:password123 \
--header "Accept: application/json"
Response Schema
200 OK
| Response Item | Data Type | Description |
|---|---|---|
| host_name |
string |
Enterprise Recon Master Server host name. |
| timestamp |
number |
Current server time in Unix time format. |
| version |
string example: 2.2 |
Enterprise Recon Master Server version. |
| public_key |
string |
Master Server public key. |
| loads |
object |
System load information. |
| loads/timestamp |
number |
Time stamp for system load information in Unix time format. |
| loads/cpu |
number <float> |
CPU load percentage. CPU usage refers to your computer's processor and how much work it is doing. A high reading means your computer is running at the maximum level or above normal level for the number of applications running. |
| loads/stolen_cpu |
number <float> |
Stolen CPU usage percentage. |
| loads/disk |
number <float> |
Percentage of disk space in use on the Master Server. |
| loads/memory |
number <float> |
Percentage of memory used to run the processes on the Master Server. |
| loads/io |
number <float> |
I/O load percentage. Any operation, program, or device that transfers data to or from a computer. |
Response Samples
200 OK
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: xxx
{
"host_name": "er-master",
"timestamp": 1523893675,
"version": "2.2",
"public_key": "ABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789ABCDEFGHIJKLMNOPQR1234567890",
"loads": [
{
"timestamp": 1523591640,
"cpu": 4.67503,
"stolen_cpu": 0,
"disk": 26.02994,
"memory": 25.730106,
"io": 0.083951
},
{
"timestamp": 1523595245,
"cpu": 0.453858,
"stolen_cpu": 0,
"disk": 26.012383,
"memory": 19.018785,
"io": 0.054201
},
{
"timestamp": 1523598847,
"cpu": 0.967801,
"stolen_cpu": 0,
"disk": 26.885811,
"memory": 27.018625,
"io": 0.140427
}
]
}
Download Master Server System Load Statistics
Get detailed system load information for the Master Server for all activities to-date. Statistics data output is in CSV format.
Request
GET
https://er-master:8339/v1/server/statistics
Authorization
Request Samples
HTTP
GET /v1/server/statistics
Accept: text/csv
cURL
curl --request GET 'https://er-master:8339/v1/server/statistics' \
--user apiuser:password123 \
--header "Accept: text/csv"
Response Schema
200 OK
| Response Item | Data Type | Description |
|---|---|---|
| Timestamp |
number |
Time stamp for system load information. |
| CPU Usage Percentage |
number <float> |
CPU load percentage. CPU usage refers to your computer's processor and how much work it is doing. A high reading means your computer is running at the maximum level or above normal level for the number of applications running. |
| Stolen CPU Percentage |
number <float> |
Stolen CPU usage percentage. |
| Memory Usage Percentage |
number <float> |
Percentage of memory used to run the processes on the Master Server. |
| Disk Usage Percentage |
number <float> |
Percentage of disk space in use on the Master Server. |
| Disk I/O Percentage |
number <float> |
I/O load percentage. Any operation, program, or device that transfers data to or from a computer. |
Response Samples
200 OK
HTTP/1.1 200 OK
Content-Type: text/csv
Content-Length: xxx
Timestamp,CPU Usage Percent,Stolen CPU Percentage,Memory Usage Percent,Disk Usage Percent,Disk I/O Percentage
2019-03-12 02:30:15Z,0.612186,0.000000,2.679741,21.943724,0.000000
2019-03-12 03:30:15Z,0.299910,0.000000,3.230416,22.015896,0.000000
2019-03-12 04:30:17Z,0.269049,0.000000,3.281231,22.029154,0.000000
2019-03-12 05:30:19Z,0.681250,0.000000,3.199821,22.009195,0.000000
2019-03-12 06:30:22Z,0.528674,0.000000,3.626811,22.096506,0.000000
List Activity Logs
Get history of all system events and activities. Results can be returned for a specific time frame or filtered by module, event name, or even user that triggered the event.
Request
GET
https://er-master:8339/v1/activitylogs
Authorization
Query Parameters
| Parameter | Data Type | Description |
|---|---|---|
| level |
string enum: user application system |
Filter events by level. If no value is specified, results will be returned for all user level, application level and system level events. |
| user_id |
string |
Filter activities performed by a specific user using the User ID. user_id is the id response item from the /v1/users endpoint. |
| module |
string |
Filter activity logs by event module. See ER2 Event Modules for the full list of supported Enterprise Recon event modules. |
| event |
string |
Filter activity logs by event class. See ER2 Event Classes for the full list of supported ER2 event classes. |
| start_date |
string <YYYYMMDD> |
Specify a start date for fetching the activity logs, formatted as YYYYMMDD (e.g. 20180125). Can be used with end_date parameter to specify a date range to retrieve activity logs data. |
| end_date |
string <YYYYMMDD> |
Specify an end date for fetching the activity logs, formatted as YYYYMMDD (e.g. 20180125). Can be used with start_date parameter to specify a date range to retrieve activity logs data. |
| earliest |
boolean default: false enum: true false |
By default, the most recent activity log is displayed first. Set offset=true to display the oldest activity log first. |
| offset |
integer default: 0 |
The first activity log to return data for. For offset=N, activity log data will be fetched starting from Nth record. If no value is specified or offset=0, query will return data from the very first activity log. The first activity log (index 0) record is dependent on the earliest parameter setting. |
| limit |
integer default: 1000 |
Maximum number of activity log records to return data for, starting from the first record determined by the offset and earliest value. |
| realm |
string |
Filter activity logs by access realm (e.g. global, group, target, credential, role and user). See Access Realms for the full list of supported Enterprise Recon access realms. |
| event_target |
string |
Filter activity logs by Group ID / Target ID / role ID / credential ID / user ID.
Must be used with the realm parameter. For example,
1. To filter the activity logs for a specific Group, set realm=group and event_target=<group_id>. 2. To filter the activity logs for a specific Target, set realm=target and event_target=<target_id>. |
Header Parameters
| Parameter | Data Type | Description |
|---|---|---|
| Accept-Encoding |
string enum: gzip deflate |
Specify the compression algorithm to use on the response object.
Compressed content will not be returned for endpoints that return reports as files (e.g. PDF, CSV etc), endpoints that return binary files (e.g. Node Agent installers) or unsuccessful API calls. |
Request Samples
HTTP
GET /v1/activitylogs
Accept: application/json
cURL
curl --request GET 'https://er-master:8339/v1/activitylogs' \
--user apiuser:password123 \
--header "Accept: application/json"
Response Schema
200 OK
| Response Item | Data Type | Description |
|---|---|---|
| timestamp |
number |
Time when the event was triggered, in Unix time format. |
| user_id |
string |
User ID of the user that triggered the event. Not returned for system and application level events. |
| module |
string |
Event module. See ER2 Event Modules for the full list of supported Enterprise Recon event modules. |
| event |
string |
Event class. See ER2 Event Classes for the full list of supported ER2 event classes. |
| event_target |
object |
Returns the element that triggered the event. Value will not be returned for global realm events. |
| event_target/realm |
string |
Returns the access realm ID for the event target (e.g. Group, Target, credential, role or user). |
| event_target/id |
string |
Returns the unique Group, Target, credential, role or user ID that triggered the event, depending on the event realm. |
| description |
string |
Details describing the event. |
Response Samples
200 OK
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: xxx
[
{
"timestamp": "1524204191",
"module": "datastore",
"event": "agent error",
"description": "Rejected connection from agent at 10.52.100.101. Agent key already in use at 10.52.100.102."
},
{
"timestamp": "1524725626",
"module": "report",
"event": "search started",
"event_target": {
"realm": "target",
"id": "11831561494313687476"
},
"description": "Scan started on 'Web page (depth=2)'"
},
{
"timestamp": "1524197044",
"user_id": "332768006779777470",
"module": "ui",
"event": "group changed",
"description": "Remove group RPM_GROUP",
"event_target": {
"realm": "group",
"id": "12547079427234799482"
}
}
]
200 OK
Filter: realm=role&event_target=8211329127068321466
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: xxx
[
{
"timestamp": "1523604884",
"user_id": "332768006779777470",
"module": "ui",
"event": "role changed",
"event_target": {
"realm": "role",
"id": "8211329127068321466"
},
"description": "Modify role Role_Mgr"
}
]