This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
esh1
Explorer
‎2025-10-01 01:06 PM

Harmony Endpoint Management API questions


I have a few questions below, but first i want to outline what i am trying to accomplish:


The goal- Query Harmony EDR API and pull back all vulnerabilities and Asset data - 
I currently have asset data coming back via the asset management endpoint.

The vuln data - if I use GET - retrieves nothing- this may be as designed, but the doc is not clear. I was thinking this might pull back all potential vulns as a potential point of correlation, but maybe it only pulls back observed- can someone clarify?

When i try and pull back specific data tied to ComputerID/DeviceID - I am getting a 200 but no data returns - can I assume that this device is without vulns?

 

Additional Questions:

 

1.  is the ComputerID that is provided as response output for the AssetsManagement endpoint the same as the DeviceID that is required to queriy the vulnerability endpoint for devices?  If yes, great!  - if not, please let me know where i can find the deviceID.

2. when trying to issue the POST /v1/posture/vulnerability/scan call to set off a scan against my computerIP (or computername or a few other options) - i am consistently getting an error suggesting whitespace or it sees the first character in the data as causing an issue... this is all via the Swagger Hub page

  --- Steps to reproduce

----a. generate a post query with this data:

             {

            "filters": [

              {

              "columnName": "computerIP",

              "filterValues": [

               "10.0.0.13"

                       ],

                  "filterType": "Contains",

                "isJson": true

                 }

              ],

           "paging": {

           "offset": 0,

            "pageSize": 5000

               }

             }

----b. Grab the jobid a4facxx9-0205-420c-9777-f3ed7d417995

---- c. Query JobID

 

{

  "status": "FAILED",

  "statusCode": 500,

  "statusType": 5,

  "data": {

    "errorId": "ca6a4067",

    "typename": "web_mgmt_service_error",

    "errorCode": "3500",

    "errorFamily": "COMMON",

    "description": "Failed to get computers list. Details - Unexpected non-whitespace character after JSON at position 4",

    "operation": "externalApiPostureScan",

    "frontDescription": "",

    "ignorePublishing": false,

    "published": false,

    "jobError": false,

    "isUepm": false,

    "uepmTicketNumber": "",

    "requestId": "unknown",

    "actionId": "a4facdc9-0112-420c-9757-f3ed7d417995"

  }

}

 

 

 

0 Kudos
3 Replies
PhoneBoy
Admin
Admin
‎2025-10-02 01:34 PM

Which API endpoints are relevant in the above questions?

0 Kudos
esh1
Explorer
a month ago
In response to PhoneBoy

@PhoneBoy 
1. uncertain with respect to getting the vuln data back from an environment.  If the only time something returns is when there is an observed vuln etc, then that might be why i always get nothing back.  If, however, i should get something back in the form of general vuln data that has with or without asset related data, then I am missing something.     I could see having an endpoint that has the various write-ups of vulns( like a cve repo of sorts)t hat another endpoint would reference is something is detected, but was not seeing that.

2. DeviceID/ComputerID question - is based on AssetsManagement endpoint ( /v1/asset-management/computers/filtered) - that was the only asset management one listed in the guide.

3. /v1/posture/vulnerability/scan  and the /v1/jobs/jobID endpoints to run a scan and get a job result back - but instead get errors.

 

 

thanks in advance!

 

0 Kudos
PhoneBoy
Admin
Admin
a month ago
In response to esh1

It's not clear the API call you are making to the API is actually valid.
Please try the call with JSON data exactly as specified in the documentation: https://app.swaggerhub.com/apis/Check-Point/web-mgmt-external-api-production/1.9.221#/Posture%20Mana... 
If this call returns the same error, open a TAC case.

What specific errors are you getting when you make the other calls?

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events