This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
esh1
Explorer
Wednesday

Harmony Endpoint Management API questions


I have a few questions below, but first i want to outline what i am trying to accomplish:


The goal- Query Harmony EDR API and pull back all vulnerabilities and Asset data - 
I currently have asset data coming back via the asset management endpoint.

The vuln data - if I use GET - retrieves nothing- this may be as designed, but the doc is not clear. I was thinking this might pull back all potential vulns as a potential point of correlation, but maybe it only pulls back observed- can someone clarify?

When i try and pull back specific data tied to ComputerID/DeviceID - I am getting a 200 but no data returns - can I assume that this device is without vulns?

 

Additional Questions:

 

1.  is the ComputerID that is provided as response output for the AssetsManagement endpoint the same as the DeviceID that is required to queriy the vulnerability endpoint for devices?  If yes, great!  - if not, please let me know where i can find the deviceID.

2. when trying to issue the POST /v1/posture/vulnerability/scan call to set off a scan against my computerIP (or computername or a few other options) - i am consistently getting an error suggesting whitespace or it sees the first character in the data as causing an issue... this is all via the Swagger Hub page

  --- Steps to reproduce

----a. generate a post query with this data:

             {

            "filters": [

              {

              "columnName": "computerIP",

              "filterValues": [

               "10.0.0.13"

                       ],

                  "filterType": "Contains",

                "isJson": true

                 }

              ],

           "paging": {

           "offset": 0,

            "pageSize": 5000

               }

             }

----b. Grab the jobid a4facxx9-0205-420c-9777-f3ed7d417995

---- c. Query JobID

 

{

  "status": "FAILED",

  "statusCode": 500,

  "statusType": 5,

  "data": {

    "errorId": "ca6a4067",

    "typename": "web_mgmt_service_error",

    "errorCode": "3500",

    "errorFamily": "COMMON",

    "description": "Failed to get computers list. Details - Unexpected non-whitespace character after JSON at position 4",

    "operation": "externalApiPostureScan",

    "frontDescription": "",

    "ignorePublishing": false,

    "published": false,

    "jobError": false,

    "isUepm": false,

    "uepmTicketNumber": "",

    "requestId": "unknown",

    "actionId": "a4facdc9-0112-420c-9757-f3ed7d417995"

  }

}

 

 

 

0 Kudos
1 Reply
PhoneBoy
Admin
Admin
Thursday

Which API endpoints are relevant in the above questions?

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events