Ransomware Defender Zero Trust API (v2) - Data Security & Threat Level Monitoring
Introduction
The Superna Eyeglass Ransomware Defender Zero Trust API provides external applications with access to data security information and threat levels of production file or object data. It enables integration for decision making or actions based on an active threat. The API allows integration with IDS and IPS systems for multi-vector detection and response automation, and includes capabilities such as locking out IAM users on ECS.
Requirements:
- Release 2.5.8 or later.
- Zero Trust API license key required for critical path and user lockout integrations.
Endpoints
GET /v1/ransomware/rswevents - (this is for Ransomware Defender only)
This endpoint retrieves a list of active RSW (Ransomware Security Workflow) events in Superna Eyeglass.
Description: Get a list of active RSW events.
Parameters:
No parameters required for this endpoint.
Response Codes:
- 200 OK: Returns a list of active RSW events.
- default: Error payload, see response structure below.
Example Response (Success):
[
{
"eventSource": "ISILON_CLUSTER",
"objectBuckets": [
"string"
],
"severity": "string",
"user": "string",
"userName": "string"
}
]
Example Response (Error):
{
"code": 0,
"message": "string"
}
GET /v1/securityevents
This endpoint retrieves a list of active security events, including RSW and EA (Event Analytics) events, in Superna Eyeglass.
Description: Get a list of active security events (RSW, EA).
Parameters:
| Parameter | Value | Description | Parameter Type | Data Type |
|---|---|---|---|---|
| type | all | Event types: [all, rsw, ea] | query | string |
Response Codes:
- 200 OK: Returns a list of active security events.
- default: Error payload, see response structure below.
Example Response (Success):
[
{
"eventSource": "ISILON_CLUSTER",
"objectBuckets": [
"string"
],
"severity": "string",
"user": "string",
"userName": "string"
}
]
Example Response (Error):
{
"code": 0,
"message": "string"
}
GET /v2/ransomware/criticalpaths
This endpoint retrieves all recent critical path snapshot jobs in Superna Eyeglass.
Description: View all recent critical path snapshot jobs with optional filtering for running or completed jobs.
Parameters:
| Parameter | Value | Description | Parameter Type | Data Type |
|---|---|---|---|---|
| state | all | Filter for running or completed jobs [all, running, finished] | query | string |
Response Codes:
- 200 OK: Returns a list of critical path snapshot jobs.
- default: Error payload, see response structure below.
Example Response (Success):
[
{
"childrenDetails": [
{}
],
"finished": 0,
"id": "string",
"info": "string",
"name": "string",
"started": 0,
"state": "string",
"status": "string"
}
]
Example Response (Error):
{
"code": 0,
"message": "string"
}
POST /v2/ransomware/criticalpaths
This endpoint initiates a job to take a snapshot of all critical paths in Superna Eyeglass.
Description: Take a snapshot of all critical paths.
Parameters:
No parameters required for this endpoint.
Response Codes:
- 201 Created: Successfully created the snapshot job.
- default: Error payload, see response structure below.
Example Response (Success):
{
"id": "string"
}
Example Response (Error):
{
"code": 0,
"message": "string"
}
GET /v2/ransomware/criticalpaths/{id}
This endpoint retrieves the details of a recently run snapshot job by its ID in Superna Eyeglass.
Description: Retrieve a recently run snapshot job by providing the job ID.
Parameters:
| Parameter | Value | Description | Parameter Type | Data Type |
|---|---|---|---|---|
| id | (required) | ID of the job to retrieve | path | string |
Response Codes:
- 200 OK: Returns details of the specified snapshot job.
- default: Error payload, see response structure below.
Example Response (Success):
{
"childrenDetails": [
{}
],
"finished": 0,
"id": "string",
"info": "string",
"name": "string",
"started": 0,
"state": "string",
"status": "string"
}
Example Response (Error):
{
"code": 0,
"message": "string"
}
POST /v2/ransomware/lockout/{user}
This endpoint creates a ransomware event and locks out the specified user in Superna Eyeglass.
Description: Creates a ransomware event and locks out a user by their SID or username.
Parameters:
| Parameter | Value | Description | Parameter Type | Data Type |
|---|---|---|---|---|
| user | (required) | SID or username of the user | path | string |
Response Codes:
- 201 Created: Successfully created the ransomware event and locked out the user.
- default: Error payload, see response structure below.
Example Response (Success):
{
"id": "string"
}
Example Response (Error):
{
"code": 0,
"message": "string"
}
POST /v2/ransomware/unlock/{user}
Description: Unlocks a user by providing their username.
Response Content Type: application/json
Parameters:
| Parameter | Value | Description | Parameter Type | Data Type |
|---|---|---|---|---|
| user | required | Username of user | path | string |
Response Messages:
-
201 Created: Creates a job response with the ID of the unlock job.
-
Model Example Value:
{
"id": "string"
}
-
-
default: Error payload
-
Model Example Value:
{
"code": 0,
"message": "string"
}
-