topic Harmony Endpoint Management API questions in API / CLI Discussion

Harmony Endpoint Management API questions

esh1 — Wed, 01 Oct 2025 20:06:23 GMT

I have a few questions below, but first i want to outline what i am trying to accomplish:

The goal- Query Harmony EDR API and pull back all vulnerabilities and Asset data -
I currently have asset data coming back via the asset management endpoint.

The vuln data - if I use GET - retrieves nothing- this may be as designed, but the doc is not clear. I was thinking this might pull back all potential vulns as a potential point of correlation, but maybe it only pulls back observed- can someone clarify?

When i try and pull back specific data tied to ComputerID/DeviceID - I am getting a 200 but no data returns - can I assume that this device is without vulns?

Additional Questions:

1. is the ComputerID that is provided as response output for the AssetsManagement endpoint the same as the DeviceID that is required to queriy the vulnerability endpoint for devices? If yes, great! - if not, please let me know where i can find the deviceID.

2. when trying to issue the POST /v1/posture/vulnerability/scan call to set off a scan against my computerIP (or computername or a few other options) - i am consistently getting an error suggesting whitespace or it sees the first character in the data as causing an issue... this is all via the Swagger Hub page

--- Steps to reproduce

----a. generate a post query with this data:

{

"filters": [

{

"columnName": "computerIP",

"filterValues": [

"10.0.0.13"

"filterType": "Contains",

"isJson": true

}

"paging": {

"offset": 0,

"pageSize": 5000

}

----b. Grab the jobid a4facxx9-0205-420c-9777-f3ed7d417995

---- c. Query JobID

{

"status": "FAILED",

"statusCode": 500,

"statusType": 5,

"data": {

"errorId": "ca6a4067",

"typename": "web_mgmt_service_error",

"errorCode": "3500",

"errorFamily": "COMMON",

"description": "Failed to get computers list. Details - Unexpected non-whitespace character after JSON at position 4",

"operation": "externalApiPostureScan",

"frontDescription": "",

"ignorePublishing": false,

"published": false,

"jobError": false,

"isUepm": false,

"uepmTicketNumber": "",

"requestId": "unknown",

"actionId": "a4facdc9-0112-420c-9757-f3ed7d417995"

}

Re: Harmony Endpoint Management API questions

PhoneBoy — Thu, 02 Oct 2025 20:34:16 GMT

Which API endpoints are relevant in the above questions?

Re: Harmony Endpoint Management API questions

esh1 — Tue, 07 Oct 2025 14:51:09 GMT

@PhoneBoy
1. uncertain with respect to getting the vuln data back from an environment. If the only time something returns is when there is an observed vuln etc, then that might be why i always get nothing back. If, however, i should get something back in the form of general vuln data that has with or without asset related data, then I am missing something. I could see having an endpoint that has the various write-ups of vulns( like a cve repo of sorts)t hat another endpoint would reference is something is detected, but was not seeing that.

2. DeviceID/ComputerID question - is based on AssetsManagement endpoint ( /v1/asset-management/computers/filtered) - that was the only asset management one listed in the guide.

3. /v1/posture/vulnerability/scan and the /v1/jobs/jobID endpoints to run a scan and get a job result back - but instead get errors.

thanks in advance!

Re: Harmony Endpoint Management API questions

PhoneBoy — Tue, 07 Oct 2025 19:06:35 GMT

It's not clear the API call you are making to the API is actually valid.
Please try the call with JSON data exactly as specified in the documentation: https://app.swaggerhub.com/apis/Check-Point/web-mgmt-external-api-production/1.9.221#/Posture%20Management%20-%20Vulnerabilities/VulnerabilityScan
If this call returns the same error, open a TAC case.

What specific errors are you getting when you make the other calls?