MDR Console (0.0.1)

Download OpenAPI specification:Download

MDR Web Portal Public API description.

Authentication

bearerAuth

Security Scheme Type HTTP
HTTP Authorization Scheme bearer

Assets

Actions with assets

Getting asset count

Getting asset count

Authorizations:
path Parameters
client_id
required
string
Request Body schema:
domain
string <= 100 characters
host_names
Array of strings[ items <= 100 characters ]
is_isolated
boolean
max_first_seen
integer <= 13 characters
max_last_seen
integer <= 13 characters
min_first_seen
integer <= 13 characters
min_last_seen
integer <= 13 characters
network_interface
string <= 10000 characters
os_version
string <= 100 characters
product
string <= 100 characters
related_incidents_ids
Array of strings[ items <= 50 characters ]
string or string
statuses
Array of strings <= 4 characters
Items Enum: "ABSENT" "CRITICAL" "OFFLINE" "OK" "WARNING"
tenants_names
Array of strings[ items <= 1000 characters ]
version
integer
Enum: 1 2

Responses

Request samples

Content type
{
  • "domain": "string",
  • "host_names": [
    ],
  • "is_isolated": true,
  • "max_first_seen": 0,
  • "max_last_seen": 0,
  • "min_first_seen": 0,
  • "min_last_seen": 0,
  • "network_interface": "string",
  • "os_version": "string",
  • "product": "string",
  • "related_incidents_ids": [
    ],
  • "search_phrase": "string",
  • "statuses": [
    ],
  • "tenants_names": [
    ],
  • "version": 1
}

Response samples

Content type
application/json; charset=utf-8
{
  • "count": 0
}

Getting asset details

Getting asset details

Authorizations:
path Parameters
client_id
required
string
Request Body schema:
asset_id
required
string <= 50 characters
fields
Array of strings
Items Enum: "asset_id" "domain" "first_seen" "host_name" "installed_product_info" "isolation" "isolation_task_id" "ksc_host_id" "last_seen" "network_interfaces" "os_version" "product_map" "protection_issues" "protection_issues_integral" "status" "tenant_name"
version
integer
Enum: 1 2

Responses

Request samples

Content type
{
  • "asset_id": "string",
  • "fields": [
    ],
  • "version": 1
}

Response samples

Content type
application/json; charset=utf-8
{
  • "asset_id": "string",
  • "domain": "string",
  • "first_seen": 0,
  • "host_name": "string",
  • "installed_product_info": "string",
  • "isolation": true,
  • "isolation_task_id": "string",
  • "ksc_host_id": "string",
  • "last_seen": 0,
  • "network_interfaces": [
    ],
  • "os_version": "string",
  • "product_map": {
    },
  • "protection_issues": {
    },
  • "protection_issues_integral": {
    },
  • "status": "ABSENT",
  • "tenant_name": "string"
}

Getting asset list

Getting asset list

Authorizations:
path Parameters
client_id
required
string
Request Body schema:
domain
string <= 100 characters
fields
Array of strings
Items Enum: "asset_id" "domain" "first_seen" "host_name" "installed_product_info" "isolation" "isolation_task_id" "ksc_host_id" "last_seen" "network_interfaces" "os_version" "product_map" "protection_issues" "protection_issues_integral" "status" "tenant_name"
host_names
Array of strings <= 100 characters
is_isolated
boolean
max_first_seen
integer <= 13 characters
max_last_seen
integer <= 13 characters
min_first_seen
integer <= 13 characters
min_last_seen
integer <= 13 characters
network_interface
string <= 10000 characters
os_version
string <= 100 characters
page
integer >= 1
page_size
integer [ 1 .. 10000 ]
product
string <= 100 characters
related_incidents_ids
Array of strings <= 50 characters
string or string
sort
string
Enum: "computer_name_domain:asc" "computer_name_domain:desc" "computer_name_hostname:asc" "computer_name_hostname:desc" "computer_os:asc" "computer_os:desc" "first_seen:asc" "first_seen:desc" "last_seen:asc" "last_seen:desc"
statuses
Array of strings <= 4 characters
Items Enum: "ABSENT" "CRITICAL" "OFFLINE" "OK" "WARNING"
tenants_names
Array of strings[ items <= 1000 characters ]
version
integer
Enum: 1 2

Responses

Request samples

Content type
{
  • "domain": "string",
  • "fields": [
    ],
  • "host_names": [
    ],
  • "is_isolated": true,
  • "max_first_seen": 0,
  • "max_last_seen": 0,
  • "min_first_seen": 0,
  • "min_last_seen": 0,
  • "network_interface": "string",
  • "os_version": "string",
  • "page": 1,
  • "page_size": 1,
  • "product": "string",
  • "related_incidents_ids": [
    ],
  • "search_phrase": "string",
  • "sort": "computer_name_domain:asc",
  • "statuses": [
    ],
  • "tenants_names": [
    ],
  • "version": 1
}

Response samples

Content type
application/json; charset=utf-8
[
  • {
    }
]

Attachments

Actions with attachments

Attachment file download

Attachment file download

Authorizations:
path Parameters
client_id
required
string
Request Body schema: application/json
attachment_id
required
string

Responses

Request samples

Content type
application/json
{
  • "attachment_id": "string"
}

Attachments list getting

Attachments list getting

Authorizations:
path Parameters
client_id
required
string
Request Body schema: application/json
fields
Array of strings
Items Enum: "attachment_id" "author_name" "caption" "creation_time" "file_size" "full_name" "hide_in_comments" "link" "origin" "was_read"
incident_id
required
string <= 50 characters
markdown_to_html
boolean

Responses

Request samples

Content type
application/json
{
  • "fields": [
    ],
  • "incident_id": "string",
  • "markdown_to_html": true
}

Response samples

Content type
application/json; charset=utf-8
[
  • {
    }
]

Attachment upload

Attachment upload

Authorizations:
path Parameters
client_id
required
string
Request Body schema: multipart/form-data
file
string <binary>
object

Responses

Response samples

Content type
application/json; charset=utf-8
{
  • "attachment_id": "string",
  • "author_id": "string",
  • "author_name": "string",
  • "caption": "string",
  • "creation_time": 0,
  • "file_size": 0,
  • "full_name": "string"
}

Comments

Actions with incident comments

Comment creation

Comment creation

Authorizations:
path Parameters
client_id
required
string
Request Body schema: application/json
incident_id
required
string <= 50 characters
markdown_to_html
boolean
text
required
string <= 5000 characters

Responses

Request samples

Content type
application/json
{
  • "incident_id": "string",
  • "markdown_to_html": true,
  • "text": "string"
}

Response samples

Content type
application/json; charset=utf-8
{
  • "author_name": "string",
  • "comment_id": "string",
  • "creation_time": 0,
  • "origin": "string",
  • "text": "string",
  • "was_read": true
}

Comment deletion

Comment deletion

Authorizations:
path Parameters
client_id
required
string
Request Body schema: application/json
comment_id
required
string <= 50 characters

Responses

Request samples

Content type
application/json
{
  • "comment_id": "string"
}

Response samples

Content type
application/json; charset=utf-8
{ }

Comments list getting

Comments list getting

Authorizations:
path Parameters
client_id
required
string
Request Body schema: application/json
fields
Array of strings
Items Enum: "author_name" "comment_id" "creation_time" "origin" "text" "was_read"
incident_id
required
string <= 50 characters
markdown_to_html
boolean

Responses

Request samples

Content type
application/json
{
  • "fields": [
    ],
  • "incident_id": "string",
  • "markdown_to_html": true
}

Response samples

Content type
application/json; charset=utf-8
[
  • {
    }
]

Incidents

Actions with incidents

Incident closing

Incident closing

Authorizations:
path Parameters
client_id
required
string
Request Body schema: application/json
incident_id
required
string <= 50 characters
resolution_status
required
string
Enum: "FALSE_POSITIVE" "TRUE_POSITIVE"
summary
required
string <= 1000 characters

Responses

Request samples

Content type
application/json
{
  • "incident_id": "string",
  • "resolution_status": "FALSE_POSITIVE",
  • "summary": "string"
}

Response samples

Content type
application/json; charset=utf-8
{ }

Incidents count getting

Incidents count getting

Authorizations:
path Parameters
client_id
required
string
Request Body schema:
affected_hosts
Array of strings[ items <= 100 characters ]
asset_ids
Array of strings[ items <= 100 characters ]
detection_technologies
Array of strings
Items Enum: "KATA" "KES"
max_creation_time
integer <= 13 characters
max_update_time
integer <= 13 characters
min_creation_time
integer <= 13 characters
min_update_time
integer <= 13 characters
mitre_tactics
Array of strings
Items Enum: "Collection" "Command and control" "Credential access" "Defense evasion" "Discovery" "Execution" "Exfiltration" "Impact" "Initial access" "Lateral movement" "Persistence" "Privilege escalation"
mitre_techniques
Array of strings[ items <= 100 characters ]
priorities
Array of strings
Items Enum: "HIGH" "LOW" "NORMAL"
resolutions
Array of strings
Items Enum: "False positive" "Other" "True positive"
response_statuses
Array of strings
Items Enum: "Confirmed" "Declined" "New"
response_types
Array of strings
string or string
statuses
Array of strings
Items Enum: "Closed" "On hold" "Open" "Resolved"
tenants_names
Array of strings[ items <= 1000 characters ]

Responses

Request samples

Content type
{
  • "affected_hosts": [
    ],
  • "asset_ids": [
    ],
  • "detection_technologies": [
    ],
  • "max_creation_time": 0,
  • "max_update_time": 0,
  • "min_creation_time": 0,
  • "min_update_time": 0,
  • "mitre_tactics": [
    ],
  • "mitre_techniques": [
    ],
  • "priorities": [
    ],
  • "resolutions": [
    ],
  • "response_statuses": [
    ],
  • "response_types": [
    ],
  • "search_phrase": "string",
  • "statuses": [
    ],
  • "tenants_names": [
    ]
}

Response samples

Content type
application/json; charset=utf-8
{
  • "count": 0
}

Incident creating

Incident creating

Authorizations:
path Parameters
client_id
required
string
Request Body schema: application/json
affected_hosts
required
Array of strings non-empty [ items [ 1 .. 100 ] characters ]
client_description
required
string <= 50000 characters
markdown_to_html
boolean
no_sla_flag
boolean
priority
string
Enum: "HIGH" "LOW" "NORMAL"
summary
required
string <= 1000 characters
tenant_id
string <= 1000 characters

Responses

Request samples

Content type
application/json
{
  • "affected_hosts": [
    ],
  • "client_description": "string",
  • "markdown_to_html": true,
  • "no_sla_flag": true,
  • "priority": "HIGH",
  • "summary": "string",
  • "tenant_id": "string"
}

Response samples

Content type
application/json; charset=utf-8
{
  • "affected_hosts": [
    ],
  • "affected_hosts_mappings": [
    ],
  • "attachments": [
    ],
  • "attack_stage": "string",
  • "client_description": "string",
  • "comments": [
    ],
  • "creation_time": 0,
  • "description": "string",
  • "detection_technology": "",
  • "host_based_iocs": [ ],
  • "incident_id": "string",
  • "incident_number": 0,
  • "iocs": [
    ],
  • "mitre_tactics": [
    ],
  • "mitre_techniques": [ ],
  • "network_based_iocs": [ ],
  • "origin": "Client",
  • "priority": "HIGH",
  • "resolution": "string",
  • "responses": [
    ],
  • "status": "Closed",
  • "status_description": "string",
  • "summary": "string",
  • "tenant_name": "string",
  • "update_time": 0,
  • "was_read": true
}

Getting incident details

Getting incident details

Authorizations:
path Parameters
client_id
required
string
Request Body schema:
fields
Array of strings
Items Enum: "affected_hosts" "affected_hosts_mappings" "attachments" "attack_stage" "client_description" "comments" "creation_time" "description" "detection_technology" "host_based_iocs" "incident_id" "incident_number" "iocs" "mitre_tactics" "mitre_techniques" "network_based_iocs" "origin" "priority" "resolution" "responses" "status" "status_description" "summary" "tenant_name" "update_time"
incident_id
required
string <= 50 characters
markdown_to_html
boolean

Responses

Request samples

Content type
{
  • "fields": [
    ],
  • "incident_id": "string",
  • "markdown_to_html": true
}

Response samples

Content type
application/json; charset=utf-8
{
  • "affected_hosts": [
    ],
  • "affected_hosts_mappings": [
    ],
  • "attachments": [
    ],
  • "attack_stage": "string",
  • "client_description": "string",
  • "comments": [
    ],
  • "creation_time": 0,
  • "description": "string",
  • "detection_technology": "",
  • "host_based_iocs": [ ],
  • "incident_id": "string",
  • "incident_number": 0,
  • "iocs": [
    ],
  • "mitre_tactics": [
    ],
  • "mitre_techniques": [ ],
  • "network_based_iocs": [ ],
  • "origin": "Client",
  • "priority": "HIGH",
  • "resolution": "string",
  • "responses": [
    ],
  • "status": "Closed",
  • "status_description": "string",
  • "summary": "string",
  • "tenant_name": "string",
  • "update_time": 0,
  • "was_read": true
}

Incident history getting

Incident history getting

Authorizations:
path Parameters
client_id
required
string
Request Body schema: application/json
entity_type_page_size
integer [ 1 .. 10000 ]
ignore_self
boolean
incident_id
string <= 50 characters
max_record_time
integer [ 1 .. 9999999999999 ]
min_record_time
integer [ 1 .. 9999999999999 ]
page
integer >= 1

Responses

Request samples

Content type
application/json
{
  • "entity_type_page_size": 1,
  • "ignore_self": true,
  • "incident_id": "string",
  • "max_record_time": 1,
  • "min_record_time": 1,
  • "page": 1
}

Response samples

Content type
application/json; charset=utf-8
[
  • {
    }
]

Getting incident list

Getting incident list

Authorizations:
path Parameters
client_id
required
string
Request Body schema:
affected_hosts
Array of strings[ items <= 100 characters ]
asset_ids
Array of strings[ items <= 100 characters ]
detection_technologies
Array of strings
Items Enum: "KATA" "KES"
fields
Array of strings
Items Enum: "affected_hosts" "affected_hosts_mappings" "attachments" "attack_stage" "client_description" "comments" "creation_time" "description" "detection_technology" "host_based_iocs" "incident_id" "incident_number" "iocs" "mitre_tactics" "mitre_techniques" "network_based_iocs" "origin" "priority" "resolution" "responses" "status" "status_description" "summary" "tenant_name" "update_time" "was_read"
markdown_to_html
boolean
max_creation_time
integer <= 13 characters
max_update_time
integer <= 13 characters
min_creation_time
integer <= 13 characters
min_update_time
integer <= 13 characters
mitre_tactics
Array of strings
Items Enum: "Collection" "Command and control" "Credential access" "Defense evasion" "Discovery" "Execution" "Exfiltration" "Impact" "Initial access" "Lateral movement" "Persistence" "Privilege escalation"
mitre_techniques
Array of strings[ items <= 100 characters ]
page
integer >= 1
page_size
integer [ 1 .. 100 ]
priorities
Array of strings
Items Enum: "HIGH" "LOW" "NORMAL"
resolutions
Array of strings
Items Enum: "False positive" "Other" "True positive"
response_statuses
Array of strings
Items Enum: "Confirmed" "Declined" "New"
response_types
Array of strings
string or string
sort
string
Enum: "creation_time:asc" "creation_time:desc" "incident_number:asc" "incident_number:desc" "priority:asc" "priority:desc" "resolution:asc" "resolution:desc" "status:asc" "status:desc" "tenant_name:asc" "tenant_name:desc" "update_time:asc" "update_time:desc"
statuses
Array of strings
Items Enum: "Closed" "On hold" "Open" "Resolved"
tenants_names
Array of strings[ items <= 1000 characters ]

Responses

Request samples

Content type
{
  • "affected_hosts": [
    ],
  • "asset_ids": [
    ],
  • "detection_technologies": [
    ],
  • "fields": [
    ],
  • "markdown_to_html": true,
  • "max_creation_time": 0,
  • "max_update_time": 0,
  • "min_creation_time": 0,
  • "min_update_time": 0,
  • "mitre_tactics": [
    ],
  • "mitre_techniques": [
    ],
  • "page": 1,
  • "page_size": 1,
  • "priorities": [
    ],
  • "resolutions": [
    ],
  • "response_statuses": [
    ],
  • "response_types": [
    ],
  • "search_phrase": "string",
  • "sort": "creation_time:asc",
  • "statuses": [
    ],
  • "tenants_names": [
    ]
}

Response samples

Content type
application/json; charset=utf-8
[
  • {
    }
]

Responses

Actions with incident responses

Response script download

Response script download

Authorizations:
path Parameters
client_id
required
string
Request Body schema: application/json
response_id
required
string <= 50 characters

Responses

Request samples

Content type
application/json
{
  • "response_id": "string"
}

Response update

Response update

Authorizations:
path Parameters
client_id
required
string
Request Body schema:
comment
required
string <= 5000 characters
response_id
required
string <= 50 characters
status
required
string
Enum: "Confirmed" "Declined"

Responses

Request samples

Content type
{
  • "comment": "string",
  • "response_id": "string",
  • "status": "Confirmed"
}

Response samples

Content type
application/json; charset=utf-8
{ }

Getting response list

Getting response list

Authorizations:
path Parameters
client_id
required
string
Request Body schema:
fields
Array of strings
Items Enum: "asset_id" "comment" "creation_time" "description" "details" "parameters" "response_id" "status" "type" "update_time" "was_read"
incident_id
required
string <= 50 characters
page
integer >= 1
page_size
integer [ 1 .. 100 ]

Responses

Request samples

Content type
{
  • "fields": [
    ],
  • "incident_id": "string",
  • "page": 1,
  • "page_size": 1
}

Response samples

Content type
application/json; charset=utf-8
[
  • {
    }
]

Responses update

Responses update

Authorizations:
path Parameters
client_id
required
string
Request Body schema:
comment
required
string <= 5000 characters
responses_ids
required
Array of strings[ items <= 50 characters ]
status
required
string
Enum: "Confirmed" "Declined"

Responses

Request samples

Content type
{
  • "comment": "string",
  • "responses_ids": [
    ],
  • "status": "Confirmed"
}

Response samples

Content type
{ }

Session

Actions with session

Start session

Start session

path Parameters
client_id
required
string
Request Body schema: application/json
refresh_token
required
string [ 1 .. 4096 ] characters

Responses

Request samples

Content type
application/json
{
  • "refresh_token": "string"
}

Response samples

Content type
application/json; charset=utf-8
{
  • "access_token": "string",
  • "refresh_token": "string"
}

Tenants

Actions with tenants

Tenants list getting

Tenants list getting

Authorizations:
path Parameters
client_id
required
string
Request Body schema: application/json
fields
Array of strings
Items Enum: "assets_count" "description" "is_active" "license_end_date" "license_start_date" "tenant_id" "tenant_name" "update_time"

Responses

Request samples

Content type
application/json
{
  • "fields": [
    ]
}

Response samples

Content type
application/json; charset=utf-8
[
  • {
    }
]